From bb603f4977bb75c142f42a1df600c596287846dc Mon Sep 17 00:00:00 2001
From: marko <marko@cwsvJudo>
Date: Mon, 13 Dec 2021 05:23:20 +0100
Subject: [PATCH] added password management

---
 homepage/participo/css/participo.css  |  11 ++
 homepage/participo/images/account.svg |  66 ++++++++
 homepage/participo/index.php          |   6 +-
 homepage/participo/lib/api.php        | 226 ++++++++++++++------------
 homepage/participo/lib/db.php         |  10 ++
 homepage/participo/markdown           |   1 +
 homepage/participo/shared/imports.php |   8 +
 homepage/participo/user.php           | 197 +++++++++++++++++-----
 8 files changed, 372 insertions(+), 153 deletions(-)
 create mode 100644 homepage/participo/css/participo.css
 create mode 100644 homepage/participo/images/account.svg
 create mode 120000 homepage/participo/markdown
 create mode 100644 homepage/participo/shared/imports.php

diff --git a/homepage/participo/css/participo.css b/homepage/participo/css/participo.css
new file mode 100644
index 0000000..abe6b04
--- /dev/null
+++ b/homepage/participo/css/participo.css
@@ -0,0 +1,11 @@
+/*
+on large screens add a padding on the left for the fixed sidnav
+*/
+header, main, footer {
+	padding-left: 300px;
+	}
+@media only screen and (max-width : 992px) {
+	header, main, footer {
+		padding-left: 0;
+	}
+}
diff --git a/homepage/participo/images/account.svg b/homepage/participo/images/account.svg
new file mode 100644
index 0000000..db6c35d
--- /dev/null
+++ b/homepage/participo/images/account.svg
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   version="1.1"
+   id="svg2"
+   xml:space="preserve"
+   width="6666.6665"
+   height="6666.6665"
+   viewBox="0 0 6666.6665 6666.6665"
+   sodipodi:docname="account.svg"
+   inkscape:version="0.92.4 (5da689c313, 2019-01-14)"><metadata
+     id="metadata8"><rdf:RDF><cc:Work
+         rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title></dc:title></cc:Work></rdf:RDF></metadata><defs
+     id="defs6"><clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath18"><path
+         d="M 0,5000 H 5000 V 0 H 0 Z"
+         id="path16"
+         inkscape:connector-curvature="0" /></clipPath></defs><sodipodi:namedview
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1"
+     objecttolerance="10"
+     gridtolerance="10"
+     guidetolerance="10"
+     inkscape:pageopacity="0"
+     inkscape:pageshadow="2"
+     inkscape:window-width="640"
+     inkscape:window-height="480"
+     id="namedview4"
+     showgrid="false"
+     inkscape:zoom="0.035400001"
+     inkscape:cx="3333.3333"
+     inkscape:cy="3333.3333"
+     inkscape:window-x="288"
+     inkscape:window-y="113"
+     inkscape:window-maximized="0"
+     inkscape:current-layer="g10" /><g
+     id="g10"
+     inkscape:groupmode="layer"
+     inkscape:label="account-6491185"
+     transform="matrix(1.3333333,0,0,-1.3333333,0,6666.6667)"><g
+       id="g12"><g
+         id="g14"
+         clip-path="url(#clipPath18)"><g
+           id="g20"
+           transform="translate(3839.9414,1190.9668)"><path
+             d="m 0,0 c -368.75,292.187 -832.91,468.994 -1339.941,468.994 -507.056,0 -971.192,-176.807 -1339.917,-468.994 -330.494,338.232 -535.083,799.951 -535.083,1309.033 0,1033.887 841.113,1875 1875,1875 1033.886,0 1875,-841.113 1875,-1875 C 535.059,799.951 330.469,338.232 0,0 m -1339.941,-565.967 c -386.89,0 -746.729,117.871 -1045.655,319.483 294.532,213.183 655.078,340.478 1045.655,340.478 390.576,0 751.123,-127.246 1045.703,-340.478 -298.975,-201.612 -658.789,-319.483 -1045.703,-319.483 m 0,4125 c -1242.627,0 -2250,-1007.348 -2250,-2250 0,-1242.627 1007.373,-2250 2250,-2250 1242.627,0 2250,1007.373 2250,2250 0,1242.652 -1007.373,2250 -2250,2250"
+             style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path22"
+             inkscape:connector-curvature="0" /></g><g
+           id="g24"
+           transform="translate(2500,2125)"><path
+             d="M 0,0 C -310.156,0 -562.5,252.344 -562.5,562.5 -562.5,872.656 -310.156,1125 0,1125 310.156,1125 562.5,872.656 562.5,562.5 562.5,252.344 310.156,0 0,0 M 0,1500 C -517.773,1500 -937.5,1080.273 -937.5,562.5 -937.5,44.727 -517.773,-375 0,-375 517.773,-375 937.5,44.727 937.5,562.5 937.5,1080.273 517.773,1500 0,1500"
+             style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path26"
+             inkscape:connector-curvature="0" /></g></g></g></g></svg>
\ No newline at end of file
diff --git a/homepage/participo/index.php b/homepage/participo/index.php
index a31aed3..f1e92e3 100644
--- a/homepage/participo/index.php
+++ b/homepage/participo/index.php
@@ -118,13 +118,13 @@ if($_SESSION['login']){
 			<div class="row" id="Configs">
 				<div style="padding:1%;" class="col s12 m6">
 					<div style="margin:1%;" class="card blue-grey darken-1">
-						<a href="http://cwsvjudo.bplaced.net/pages/desktop/wkParticipo/userInfo.php"><div class="card-content white-text">
+						<a href="./user"><div class="card-content white-text">
 							<span class="card-title">User-Infos</span>
-							<img style="max-height:10vh;" class="responsive-img" src="images/obi.svg" />
+							<img style="max-height:10vh;" class="responsive-img" src="images/account.svg" />
 							<p>Einstellungen zum Benutzer</p>
 						</div><a>
 						<div class="card-action">
-							<a href="http://cwsvjudo.bplaced.net/pages/desktop/wkParticipo/userInfo.php">Einstellungen</a>
+							<a href="./user">Einstellungen</a>
 						</div>
 					</div>
 				</div>
diff --git a/homepage/participo/lib/api.php b/homepage/participo/lib/api.php
index 72f2ae7..b455d83 100644
--- a/homepage/participo/lib/api.php
+++ b/homepage/participo/lib/api.php
@@ -1,116 +1,35 @@
 <?php
 
 function processPostData($db, $post, $redirectLocation = "."){
+	sleep(1);
 	if($post['action']){
-		if($post['action']=="giveUserAnAchievement"){
-			giveUserAnAchievement(
-				$db,
-				$post['userId'],
-				$post['achievementId']
-			);
-			$u = getUserData($db, $post['userId']);
-			$a = getAchievement($db, $post['achievementId']);
-			sendEmail(
-				"cwsvjudo@arcor.de", 
-				"kwT", 
-				$u['vorname']." ".$u['name']." got achievement ".$a[0]['name']
-			);
-		}
-		if($post['action']=="addAchievement"){
-			addAchievement(
-				$db,
-				$post['name'],
-				$post['rootId'],
-				$post['achievementGroupId'],
-				$post['level'],
-				$post['description'], 
-				$post['imgUrl']
-			);
-		}
-
-		if($post['action']=="addAchievementGroup"){
-			addAchievementGroup(
-				$db,
-				$post['name'],
-				$post['rootId'],
-				$post['unlockingAchievementId'],
-				$post['imgUrl']
-			);
-		}
-
-		if($post['action']=="autoAddAchievements"){
-			$g=new achievementGroup;
-			$g->setDbConnection($db);
-			$g->loadAchievementGroupFromDb($post['achievementGroupId']);
-			$g->autoAddAchievements(
-				$post['messageTemplate'],
-				$post['from'],
-				$post['to'],
-				$post['step']
-			);
-		}
-
-		if($post['action']=="updateAchievement"){
-			updateAchievement(
-				$db, 
-				$post['achievementId'], 
-				$post['name'],
-				$post['rootId'],
-				$post['achievementGroupId'],
-				$post['level'],
-				$post['description'], 
-				$post['imgUrl']
-			);
-		}
-
-		if($post['action']=="updateAchievementGroup"){
-			updateAchievement(
-				$db, 
-				$post['achievementGroupId'], 
-				$post['name'],
-				$post['rootId'],
-				$post['unlockingAchievementId'],
-				$post['imgUrl']
-			);
-		}
-
-		if($post['action']=="setBday"){
-			setBday(
-				$db, 
-				$post['userId'], 
-				$post['bday'] 
-			);
-		}
-		if($post['action']=="setRecord"){
-			$u = getUserData($db, $post['userId']);
-			$g = new achievementGroup;
-			$g->setDbConnection($db);
-			$g->loadAchievementGroupFromDb($post['achievementGroupId']);
-			sendEmail(
-				"cwsvjudo@arcor.de", 
-				$u['vorname']." ".$u['name']." got ".$post['value']." in ".$g->getName(),
-				"[machs] Rekord eingetragen"
-			);
-			setRecord(
-				$db, 
-				$post['userId'], 
-				$post['achievementGroupId'], 
-				$post['value']
-			);
-		}
-		if($post['action']=="reportRecord"){
-#			$u = getUserData($db, $post['userId']);
-#			$ag = new achievementGroup;
-#			achievementGroup::setDbConnection($db);
-#			$ag->loadAchievementGroupFromDb($post['achievementGroupId']);
-			$m = $post['userId']." hat in ".$post['achievementGroupId']." ".$post['value']." geschafft!";
-#			$m = $u['vorname']." ".$u['name']." hat in ".$ag->getName()." ".$post['value']." geschafft!";
-			sendEmail("cwsvjudo@arcor.de", $m, "[machs] Rekordmeldung");
-		}
-		if($post['redirectLocation'])
+		// if there is a redirectlocation, set it
+		if($post['redirectLocation']){
 			$redirectLocation = $post['redirectLocation'];
-	header("Location: ".$redirectLocation);
-	}
+		}
+		
+		// change a users password
+		if($post['action']=="changePassword"){
+			$success = changePassword(
+				$db,
+				$post['changerId'],
+				$post['changeeId'],
+				$post['changerPassword'],
+				$post['newPassword'],
+				$post['newPasswordAgain']
+			);
+			// append success to the redirectlocation
+			if($success){
+				$redirectLocation .= "?changePasswordSuccess=true";
+			}
+			else{
+				$redirectLocation .= "?changePasswordSuccess=false";
+			}
+		}// end changePassword
+		
+		// redirect to the redirectlocation
+		header("Location: ".$redirectLocation);
+	}// end processing action
 return;
 }
 
@@ -163,4 +82,95 @@ function attendancesAssocArray2mdList($attendancesAssocArray, $date=null){
 	}
 return $ret;
 }
+
+//! Checks if multiple keys exist in an array
+//!
+//! @param array $array array to check for key
+//! @param array|string $keys keys to check for
+//!
+//! @return bool true, if *all* keys are set in the array
+function array_keys_exist( array $array, $keys ) {
+	if ( ! is_array( $keys ) ) {
+		$keys = func_get_args();
+		array_shift( $keys );
+	}
+	$count = 0;
+	foreach ( $keys as $key ) {
+		if ( isset( $array[$key] ) || array_key_exists( $key, $array ) ) {
+			$count++;
+		}
+	}
+
+	return count( $keys ) === $count;
+}
+
+/// updates users password without checking any rights
+/// params:
+/// - $db : pdoDbConnection to use
+/// - $userId : id of the user with the password to change
+/// - $password : the password to set
+function updateUserPassword($db, $userId, $password){
+	// we don't save the actual password but it's hash
+	if($password != ""){
+		$password = password_hash( $password, PASSWORD_DEFAULT);
+	}
+	else{
+		$password = NULL;
+	}
+	
+	$query = "UPDATE `cwsvjudo`.`wkParticipo_Users` SET `pwHash`=:val WHERE `id`=:id;";
+	$params = array(
+		':val' => array('value'=>$password, 'data_type'=>PDO::PARAM_STR), 
+		':id'  => array('value'=>$userId,   'data_type'=>PDO::PARAM_INT) 
+	);
+	dbQuery($db, $query, $params);
+	
+	return;
+}
+
+/// Change a users password (apiFunction)
+/// params:
+/// - $db: dbConnection to use
+/// - $changerId: userId who changes the password
+/// - $changeeId: userId whose password should be changed
+/// - $ownPassword: password of the user who changes the password
+/// - $newPasword: the new password
+/// - $newPasswordAgain: controllInput of the new password
+function changePassword($db, $changerId, $changeeId, $changerPassword, $newPassword, $newPasswordAgain){
+	// we need a dbConnection
+	if( !$db ){
+//		echo("No DB!");
+		return false;
+	}
+	
+	$changerInfo = getUserData($db, $changerId);
+	
+	// check the password of the changer
+	if( !password_verify( $changerPassword, $changerInfo['pwHash']) ){
+//		echo("Wrong changerPasswod");
+		return false;
+	}
+	
+	// check if the changer is allowed to change the changees password
+	if ( $changerId != $changeeId ){
+		$changersKidsIds = getUsersKidsIds($db, $changerId);
+		
+//		if( !in_array($changeeId, $changersKidsIds) ){
+		if( !isUserInKidIds($changeeId, $changersKidsIds) ){
+//			echo("not your child: ".$changeeId." not in "); var_dump($changersKidsIds);
+			return false;
+		}
+	}
+	
+	// check if the two inputs are the same
+	if( $newPassword != $newPasswordAgain ){
+//		echo("new pw missmatch");
+		return false;
+	}
+	
+	updateUserPassword($db, $changeeId, $newPassword);
+	
+	return true;
+}
+
 ?>
diff --git a/homepage/participo/lib/db.php b/homepage/participo/lib/db.php
index 059ce33..ba94771 100644
--- a/homepage/participo/lib/db.php
+++ b/homepage/participo/lib/db.php
@@ -193,6 +193,16 @@ SQL;
 return $result;
 }
 
+function isUserInKidIds($uId, $idList){
+	foreach($idList as $id){
+		if($id['kidId'] == $uId)
+			return true;
+	}
+	return false;
+}
+
+
+// @todo: Achtung, als id ist die id der Vormundschaft gespeichert. Unter kidId die des Kindes.
 function getUsersKids($db, $userId){
 	$query = <<<SQL
 SELECT * 
diff --git a/homepage/participo/markdown b/homepage/participo/markdown
new file mode 120000
index 0000000..6e27b25
--- /dev/null
+++ b/homepage/participo/markdown
@@ -0,0 +1 @@
+../../DieJudoGürtelprüfung/markdown/
\ No newline at end of file
diff --git a/homepage/participo/shared/imports.php b/homepage/participo/shared/imports.php
new file mode 100644
index 0000000..0243b8c
--- /dev/null
+++ b/homepage/participo/shared/imports.php
@@ -0,0 +1,8 @@
+<!-- Compiled and minified CSS -->
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@materializecss/materialize@1.1.0-alpha/dist/css/materialize.min.css">
+<!-- Compiled and minified JavaScript -->
+<script src="https://cdn.jsdelivr.net/npm/@materializecss/materialize@1.1.0-alpha/dist/js/materialize.min.js"></script>
+<!--Import Google Icon Font-->
+<link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons">
+<!-- participo specific style adjustments -->
+<link rel="stylesheet" href="css/participo.css">
diff --git a/homepage/participo/user.php b/homepage/participo/user.php
index 15f78d9..d3fa7e5 100644
--- a/homepage/participo/user.php
+++ b/homepage/participo/user.php
@@ -12,6 +12,19 @@ setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');
 
 	require_once($config['basePath']."/config/cwsvJudo.config.php");
 	require_once($config['basePath']."/config/phpcount.config.php");
+	
+	$dbConnection = getPdoDbConnection(
+		$cwsvJudoConfig["db"]["host"], 
+		$cwsvJudoConfig["db"]["name"], 
+		$cwsvJudoConfig["db"]["user"],
+		$cwsvJudoConfig["db"]["password"]
+	);
+	
+	$userData = getUserData($dbConnection, $_SESSION['user']['userId']);
+	$usersKids = getUsersKids($dbConnection, $_SESSION['user']['userId']);
+
+	processPostData($dbConnection, $_POST);
+
 ?>
 <!DOCTYPE html>
 <html>
@@ -20,7 +33,7 @@ setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');
 		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
 
 <?php
-        include("./shared/imports.php");
+		readfile("./shared/imports.php");
 ?>
 		<!-- inits for the materializeCss -->
 		<script>
@@ -65,65 +78,165 @@ setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');
 if($_SESSION['login']){
 ?>
 		<main>
-			<!-- List of Mitmach-Apps -->
-			<div class="row" id="AppList">
+			<h1>Benutzer-Einstellungen</h1>
+			<p>
+<?php
+		if( array_key_exists('changePasswordSuccess', $_GET) ){
+			if($_GET['changePasswordSuccess'] == "true"){
+				echo("<div>Password geändert</div>");
+			}else{
+				echo("<div>Fehler während setzens des Passwortes.</div>");
+			}
+		}
+?>
+			</p>
+			<h2>Benutzer-Info</h2>
+			<p>Informationen zum eigenen Benutzerkonto</p>
+			<div id="userInfo" class="row">
+
 				<div style="padding:1%;" class="col s12 m6">
 					<div style="margin:1%;" class="card blue-grey darken-1">
-						<a href="kyu"><div class="card-content white-text">
-							<span class="card-title">Kyu</span>
-							<img style="max-height:10vh;" class="responsive-img" src="images/obi.svg" />
-							<p>Die Prüfungsprogamme der einzelnen Gürtelstufen in Bild Ton und Text.</p>
-						</div><a>
-						<div class="card-action">
-							<a href="kyu">Kuy-Programme</a>
+						<div class="card-content white-text">
+							<span class="card-title"><?php echo($userData['name']);?>, <?php echo($userData['vorname']); ?></span>
+							<img style="max-height:10vh;" class="responsive-img" src="images/account.svg" />
+							<dl>
+								<dt>Name</dt><dd><?php echo($userData['name']); ?></dd>
+								<dt>Vorname</dt><dd><?php echo($userData['vorname']); ?></dd>
+								<dt>Email</dt><dd><?php echo($userData['gebDatum']); ?></dd>
+							</dl>
 						</div>
 					</div>
-				</div>
-				<div style="padding:1%;" class="col s12 m6">
-					<div class="card blue-grey darken-1">
-						<a href="/machs"><div class="card-content white-text">
-							<span class="card-title">Mein Achievement System</span>
-							<img style="max-height:10vh;" class="responsive-img" src="images/mountain-climber.svg" />
-							<p>Ein kleines Achievementsystem für die tägliche Herausforderung</p>
-						</div><a>
-						<div class="card-action">
-							<a href="/machs">mAchS</a>
-						</div>
+					<div class="card-action">
+<!--
+						<a href="">kommt bald</a>
+-->
 					</div>
 				</div>
+
 				<div style="padding:1%;" class="col s12 m6">
-						<div class="card blue-grey darken-1">
-							<a href="/pages/desktop/wkParticipo"><div class="card-content white-text">
-								<span class="card-title">Event-Planer</span>
-								<img style="max-height:10vh;" class="responsive-img" src="/ressourcen/graphiken/icons/terminKalender.svg" />
-								<p>Organisieren der Teilnahmen (und nicht-Teilnahmen) an Wettkämpfen, Sondertrainingseinheiten, Feiern etc.</p>
-							</div><a>
-							<div class="card-action">
-								<a href="/pages/desktop/wkParticipo">Planer</a>
-							</div>
+					<div style="margin:1%;" class="card blue-grey darken-1">
+						<div class="card-content white-text">
+							<span class="card-title">Passwort setzen</span>
+							Im folgenden Formular kann das Passwort geändert werden. Man sollte darauf achten, dass man beim <a href="https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/Passwoerter/Umgang/umgang_node.html">Umgang mit Passwörtern</a> die nötige Vorsicht walten lässt.
+							<form action="./user" method="post">
+								<input name="action" type="hidden" value="changePassword" />
+								<input name="redirectLocation" type="hidden" value="./user" />
+								<input name="changerId" type="hidden" value="<?php echo($userData['id']); ?>" />
+								<input name="changeeId" type="hidden" value="<?php echo($userData['id']); ?>" />
+								<fieldset>
+									<legend>Neues Passwort vergeben</legend>
+									<div>
+										<label for="changerPassword">Eigenes Passwort</label>
+										<input type="password" name="changerPassword" id="changerPassword" />
+									</div>
+									<div>
+										<label for="newPassword">Neues Passwort</label>
+										<input type="password" name="newPassword" id="newPassword" />
+									</div>
+									<div>
+										<label for="newPasswordAgain">Neues Passwort wiederholen</label>
+										<input type="password" name="newPasswordAgain" id="newPasswordAgain" />
+									</div>
+								</fieldset>
+								<fieldset>
+									<div><button type="submit">Passwort neu setzen</button></div>
+								</fieldset>
+							</form>
 						</div>
 					</div>
+					<div class="card-action">
+<!--
+						<a href="">kommt bald</a>
+-->
+					</div>
 				</div>
 			</div>
+
+			<h2>Berechtigungen</h2>
 			
-			<div class="divider"></div>
-
-			<!-- List of ConfigStuff -->
-			<div class="row" id="Configs">
+			<p>Liste der User, für die man meldeberechtigt ist (bzw. Änderungen vornehmen darf). In der Regel ist das das eigene Kind (bei Eltern) oder man selber (bei Volljährigen).</p>
+			<div class="row" id="kidsList">
+<?php
+	foreach($usersKids as $kid){ ?>
 				<div style="padding:1%;" class="col s12 m6">
 					<div style="margin:1%;" class="card blue-grey darken-1">
-						<a href="http://cwsvjudo.bplaced.net/pages/desktop/wkParticipo/userInfo.php"><div class="card-content white-text">
-							<span class="card-title">User-Infos</span>
-							<img style="max-height:10vh;" class="responsive-img" src="images/obi.svg" />
-							<p>Einstellungen zum Benutzer</p>
-						</div><a>
+						<div class="card-content white-text">
+							<span class="card-title"><?php echo($kid['name']);?>, <?php echo($kid['vorname']); ?></span>
+							<img style="max-height:10vh;" class="responsive-img" src="images/account.svg" />
+							<dl>
+								<dt>Name</dt><dd><?php echo($kid['name']); ?></dd>
+								<dt>Vorname</dt><dd><?php echo($kid['vorname']); ?></dd>
+								<dt>Geb.datum</dt><dd><?php echo($kid['gebDatum']); ?></dd>
+							</dl>
+						</div>
+
+						<span class="card-title">Passwort</span>
+						<p>Im folgenden Formular kann das Passwort des Kindes gesetzt werden. Das eigene Passwort muss dabei noch einmal zur Kontrolle eingegeben werden. Das neue Passwort muss zweimal blind eingegeben.</p>
+						<p>
+<?php
+						if( ($kid['pwHash'] == "") || ($kid['pwHash']) == NULL ){
+							echo("<p>Derzeit ist kein Passwort gesetzt!</p>");
+						}
+						else{
+							echo("<p>Es ist derzeit ein Passwort gesetzt!</p>");
+?>
+						<p>Es besteht auch die Möglickeit, das Passwort ganz zu entfernen. Man kann sich dann nicht mehr mit diesem Konto einloggen. Das eigene Passwort muss dabei noch einmal zur Kontrolle eingegeben werden.</p>
+						<form action="./user" method="post">
+							<input name="action" type="hidden" value="changePassword" />
+							<input name="redirectLocation" type="hidden" value="./user" />
+							<input name="changerId"   type="hidden" value="<?php echo($userData['id']); ?>" />
+							<input name="changeeId"   type="hidden" value="<?php echo($kid['kidId']); ?>" />
+							<input name="newPassword" type="hidden" value="" />
+							<input name="newPasswordAgain" type="hidden" value="" />
+							<fieldset>
+								<div>
+									<label for="changerPassword">Eigenes Passwort</label>
+									<input type="password" name="changerPassword" id="changerPassword" />
+								</div>
+							</fieldset>
+							<fieldset>
+								<div><button type="submit">Passwort entfernen</button></div>
+							</fieldset>
+						</form>
+<?php
+						}
+?>
+						</p>
+						<form action="./user" method="post">
+							<input name="action" type="hidden" value="changePassword" />
+							<input name="redirectLocation" type="hidden" value="./user" />
+							<input name="changerId" type="hidden" value="<?php echo($userData['id']); ?>" />
+							<input name="changeeId" type="hidden" value="<?php echo($kid['kidId']); ?>" />
+							<fieldset>
+								<legend>Neues Passwort vergeben</legend>
+								<div>
+									<label for="changerPassword">Eigenes Passwort</label>
+									<input type="password" name="changerPassword" id="changerPassword" />
+								</div>
+								<div>
+									<label for="newPassword">Neues Passwort des Kindes</label>
+									<input type="password" name="newPassword" id="newPassword" />
+								</div>
+								<div>
+									<label for="newPasswordAgain">Neues Passwort wiederholen</label>
+									<input type="password" name="newPasswordAgain" id="newPasswordAgain" />
+								</div>
+							</fieldset>
+							<fieldset>
+								<div><button type="submit">Passwort neu setzen</button></div>
+							</fieldset>
+						</form>
+						
 						<div class="card-action">
-							<a href="http://cwsvjudo.bplaced.net/pages/desktop/wkParticipo/userInfo.php">Einstellungen</a>
+<!--
+							<a href="">kommt bald</a>
+-->
 						</div>
 					</div>
 				</div>
-			</div>
-
+<?php
+	}
+?>
 		</main>
 <?php
 }