false, 'message' => 'Critical DB Error.']); exit; } if (isset($_POST['field_id'])){ $id = intval($_POST['field_id']); } else { echo json_encode(['success' => false, 'message' => 'Invalid Input.']); exit; } $editor_id = $_SESSION['passcodewk_leitung_id']; $plain = trim($_POST['password'] ?? ''); if (!$plain) { echo json_encode(['success' => false, 'message' => 'Invalid Input.']); exit; } $username = htmlspecialchars(trim($_POST['username'] ?? '')); if (!$username) { echo json_encode(['success' => false, 'message' => 'Invalid Input.']); exit; } $freigaben = $_POST['freigaben'] ?? []; $freigabenTrainer = $_POST['freigabenTrainer'] ?? []; $freigabenKampfrichter = $_POST['freigabenKampfrichter'] ?? []; if (!is_array($freigaben)) { $freigaben = []; } if (!is_array($freigabenTrainer)) { $freigabenTrainer = []; } if (!is_array($freigabenKampfrichter)) { $freigabenKampfrichter = []; } $array = [ 'types' => $freigaben, 'freigabenTrainer' => $freigabenTrainer, 'freigabenKampfrichter' => $freigabenKampfrichter ]; // Store as proper JSON string $freigabe_store = json_encode($array); // Hash for login $hash = password_hash($plain, PASSWORD_ARGON2ID); require $baseDir . '/../composer/vendor/autoload.php'; $envFile = realpath($baseDir . '/../config/.env.pw-encryption-key'); if ($envFile === false) { http_response_code(500); echo json_encode([ 'success' => false, 'message' => "Environment file not found" ]); exit; } try { $envDir = dirname($envFile); $dotenv = Dotenv::createImmutable($envDir, '.env.pw-encryption-key'); $dotenv->load(); } catch (Throwable $e) { http_response_code(500); echo json_encode([ 'success' => false, 'message' => "Dotenv error" ]); } // Encrypt for display $iv_length = openssl_cipher_iv_length('aes-256-cbc'); $iv = random_bytes($iv_length); $encrypted = openssl_encrypt($plain, 'aes-256-cbc', $_ENV['PW_ENCRYPTION_KEY'], 0, $iv); $cipher_store = base64_encode($iv . $encrypted); if ($id > 0) { $updated = db_update($mysqli, $tableInternUsers, [ 'password_hash' => $hash, 'password_cipher' => $cipher_store, 'username' => $username, 'freigabe' => $freigabe_store, 'updated_at' => date('Y-m-d H:i:s'), 'edited_by' => $editor_id ], ['id' => $id]); } else { $stmt = $mysqli->prepare( "INSERT INTO {$tableInternUsers} (username, password_hash, password_cipher, freigabe, created_at, updated_at, edited_by) VALUES (?, ?, ?, ?, ?, ?, ?)" ); $stmt->bind_param( "ssssssi", $username, $hash, $cipher_store, $freigabe_store, $created_at, $updated_at, $editor_id ); $created_at = date('Y-m-d H:i:s'); $updated_at = $created_at; $updated = $stmt->execute(); } if ($updated !== false) { if ($id == 0) { // new user $new_id = $mysqli->insert_id; echo json_encode(['success' => true, 'message' => $username.' wurde erfolgreich erstellt.', 'id' => $new_id]); } else { echo json_encode(['success' => true, 'message' => $username.' wurde erfolgreich aktualisiert.']); } } else { echo json_encode(['success' => false, 'message' => 'DB Error']); }