WKVS_gitea/WKVS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Überarbeitete Version der 1. Version. Es bestehen noch grosse Feher in einzelnen Skripten.

Browse Source
This commit is contained in:
Fabio Herzig
2026-04-18 23:45:17 +02:00
parent a51fd9dbeb
commit 3731183654
85 changed files with 2965 additions and 3371 deletions
Download Patch File Download Diff File Expand all files Collapse all files

264
scripts/trainer/post-handler.php
View File

@@ -1,16 +1,12 @@
<?php
require $baseDir . '/../composer/vendor/autoload.php';
use Shuchkin\SimpleXLSX;
if (isset($_POST['apply_bulk_action']) ) {
if (!verify_csrf()) {
$_SESSION['form_message'] = 'Sicherheitsüberprüfung fehlgeschlagen.';
$_SESSION['form_message_type'] = 0;
} elseif ( empty($_POST['turnerin_ids']) || !is_array($_POST['turnerin_ids']) ) {
verify_csrf();
if ( empty($_POST['turnerin_ids']) || !is_array($_POST['turnerin_ids']) ) {
$_SESSION['form_message'] = 'Keine Turnerinnen für die Aktion ausgewählt.';
$_SESSION['form_message_type'] = 0;
} elseif (!isset($_POST['bulk_action_programm']) && !isset($_POST['bulk_action_bezahlt'])) {
@@ -93,7 +89,8 @@ if (isset($_POST['apply_bulk_action']) ) {
exit;
}
if (isset($_POST['delete_id']) && verify_csrf()) {
if (isset($_POST['delete_id'])) {
verify_csrf();
$delete_id = intval($_POST['delete_id']);
$stmt = $mysqli->prepare("DELETE FROM $tableTurnerinnen where id = ?");
@@ -113,6 +110,7 @@ if (isset($_POST['delete_id']) && verify_csrf()) {
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['xlsx_file'])) {
verify_csrf();
if ($_FILES['xlsx_file']['error'] === UPLOAD_ERR_OK) {
@@ -240,54 +238,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['xlsx_file'])) {
}
if (!empty($_FILES['music_file']['name']) && isset($_POST['music_id'])) {
echo 'ja';
$edit_id = (int) $_POST['music_id'];
$uploadedFile = $_FILES['music_file'];
// Validate actual MIME type
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mimeType = finfo_file($finfo, $uploadedFile['tmp_name']);
finfo_close($finfo);
$allowedTypes = ['audio/mpeg', 'audio/wav', 'audio/ogg'];
if (!in_array($mimeType, $allowedTypes, true)) {
die('Invalid file type.');
}
// Fetch and remove old file
$stmt = $mysqli->prepare("SELECT bodenmusik FROM $tableTurnerinnen WHERE id = ?");
$stmt->bind_param("i", $edit_id);
$stmt->execute();
$stmt->bind_result($oldurl);
$stmt->fetch();
$stmt->close();
if (!empty($oldurl) && is_file($oldurl)) unlink($oldurl);
// Ensure upload directory exists
$uploadDir = $baseDir . '/wk-musik-boden/';
if (!is_dir($uploadDir)) mkdir($uploadDir, 0755, true);
// Clean file name
$cleanName = preg_replace("/[^a-zA-Z0-9-_\.]/", "_", $uploadedFile['name']);
$filename = uniqid('music_', true) . '_' . $cleanName;
$targetPath = $uploadDir . $filename;
if (move_uploaded_file($uploadedFile['tmp_name'], $targetPath)) {
$stmt = $mysqli->prepare("UPDATE $tableTurnerinnen SET bodenmusik = ? WHERE id = ?");
$stmt->bind_param("si", $targetPath, $edit_id);
if (!$stmt->execute()) echo 'DB error: ' . $stmt->error;
$stmt->close();
} else {
die('Failed to move uploaded file.');
}
header('Location: ' . $_SERVER['REQUEST_URI']);
exit;
}
$edit_row = null;
if ($access_granted_trainer && isset($_GET['edit_id']) && is_numeric($_GET['edit_id']) && !isset($_POST['submit_turnerinnen_form'])) {
$edit_id = intval($_GET['edit_id']);
@@ -319,121 +269,117 @@ if ($access_granted_trainer && isset($_GET['edit_id']) && is_numeric($_GET['edit
// === INSERT/UPDATE Handler ===
if ( $access_granted_trainer && isset($_POST['submit_turnerinnen_form']) ) {
// Check nonce
if ( !verify_csrf() ) {
$_SESSION['form_message'] = 'Sicherheitsproblem: Ungültige Formularübermittlung.';
verify_csrf();
$name = htmlspecialchars( $_POST['nachname'] );
$vorname = htmlspecialchars( $_POST['vorname'] );
$geburtsdatum = trim($_POST['geburtsdatum'] );
$programm = htmlspecialchars( $_POST['programm'] );
if ($selectedverein !== 'admin'){
$verein = $selectedverein;
} else {$verein = htmlspecialchars( $_POST['verein'] ); $bezahlt = htmlspecialchars( $_POST['bezahlt'] ); }
if ( empty($name) || empty($vorname) || empty($geburtsdatum) || empty($programm)) {
$_SESSION['form_message'] = 'Bitte füllen Sie alle erforderlichen Felder aus.';
$_SESSION['form_message_type'] = 0;
} else {
$name = htmlspecialchars( $_POST['nachname'] );
$vorname = htmlspecialchars( $_POST['vorname'] );
$geburtsdatum = trim($_POST['geburtsdatum'] );
$programm = htmlspecialchars( $_POST['programm'] );
if ($selectedverein !== 'admin'){
$verein = $selectedverein;
} else {$verein = htmlspecialchars( $_POST['verein'] ); $bezahlt = htmlspecialchars( $_POST['bezahlt'] ); }
if ( empty($name) || empty($vorname) || empty($geburtsdatum) || empty($programm)) {
$_SESSION['form_message'] = 'Bitte füllen Sie alle erforderlichen Felder aus.';
$_SESSION['form_message_type'] = 0;
$data_to_insert = [];
$data_to_insert = array(
'name' => $name,
'vorname' => $vorname,
'geburtsdatum' => $geburtsdatum,
'programm' => $programm,
'verein' => $verein,
);
$data_formats = array('%s', '%s', '%s', '%s', '%s');
if ($selectedverein === 'admin') {
$data_to_insert['bezahltoverride'] = $bezahlt;
$data_formats[] = '%d';
}
print_r($data_to_insert);
// Check if we are editing an existing entry
$is_editing = isset($_POST['edit_id']) && is_numeric($_POST['edit_id']) && $_POST['edit_id'] > 0;
if ($is_editing) {
$edit_id = intval($_POST['edit_id']);
$entries = db_select($mysqli, $tableTurnerinnen, '*', 'id = ?', [$edit_id], 'rang ASC');
$entry = $entries[0]; // since you're fetching by ID, this should return exactly one row
$columns = array_keys($data_to_insert);
$set = implode(
', ',
array_map(fn($col) => "$col = ?", $columns)
);
$sql = "UPDATE $tableTurnerinnen SET $set WHERE id = ?";
var_dump($sql);
$stmt = $mysqli->prepare($sql);
$types = str_repeat('s', count($data_to_insert)) . 'i';
$values = array_values($data_to_insert);
$values[] = $edit_id;
$stmt->bind_param($types, ...$values);
$updated = $stmt->execute();
$stmt->close();
if ($updated === false) {
error_log('DB Update Error: ' . $wpdb->last_error);
$_SESSION['form_message'] = 'Fehler beim Aktualisieren des Eintrags.';
$_SESSION['form_message_type'] = 0;
} else if ($updated === 0) {
$_SESSION['form_message'] = 'Keine Änderungen vorgenommen.';
$_SESSION['form_message_type'] = 0;
} else {
$_SESSION['form_message'] = 'Eintrag erfolgreich aktualisiert!';
$_SESSION['form_message_type'] = 1;
$_POST = [];
header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?'));
exit;
}
} else {
$data_to_insert = [];
$data_to_insert = array(
'name' => $name,
'vorname' => $vorname,
'geburtsdatum' => $geburtsdatum,
'programm' => $programm,
'verein' => $verein,
$columns = array_keys($data_to_insert);
$set = implode(
', ',
array_map(fn($col) => "$col = ?", $columns)
);
$data_formats = array('%s', '%s', '%s', '%s', '%s');
$sql = "INSERT INTO $tableTurnerinnen SET $set";
if ($selectedverein === 'admin') {
$data_to_insert['bezahltoverride'] = $bezahlt;
$data_formats[] = '%d';
}
$stmt = $mysqli->prepare($sql);
print_r($data_to_insert);
$types = str_repeat('s', count($data_to_insert));
$values = array_values($data_to_insert);
$stmt->bind_param($types, ...$values);
$inserted = $stmt->execute();
$stmt->close();
// Check if we are editing an existing entry
$is_editing = isset($_POST['edit_id']) && is_numeric($_POST['edit_id']) && $_POST['edit_id'] > 0;
if ($is_editing) {
$edit_id = intval($_POST['edit_id']);
$entries = db_select($mysqli, $tableTurnerinnen, '*', 'id = ?', [$edit_id], 'rang ASC');
$entry = $entries[0]; // since you're fetching by ID, this should return exactly one row
$columns = array_keys($data_to_insert);
$set = implode(
', ',
array_map(fn($col) => "$col = ?", $columns)
);
$sql = "UPDATE $tableTurnerinnen SET $set WHERE id = ?";
var_dump($sql);
$stmt = $mysqli->prepare($sql);
$types = str_repeat('s', count($data_to_insert)) . 'i';
$values = array_values($data_to_insert);
$values[] = $edit_id;
$stmt->bind_param($types, ...$values);
$updated = $stmt->execute();
$stmt->close();
if ($updated === false) {
error_log('DB Update Error: ' . $wpdb->last_error);
$_SESSION['form_message'] = 'Fehler beim Aktualisieren des Eintrags.';
$_SESSION['form_message_type'] = 0;
} else if ($updated === 0) {
$_SESSION['form_message'] = 'Keine Änderungen vorgenommen.';
$_SESSION['form_message_type'] = 0;
} else {
$_SESSION['form_message'] = 'Eintrag erfolgreich aktualisiert!';
$_SESSION['form_message_type'] = 1;
$_POST = [];
header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?'));
exit;
}
if ( $inserted ) {
$_SESSION['form_message'] = 'Daten erfolgreich gespeichert!';
$_SESSION['form_message_type'] = 1;
header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?'));
exit;
} else {
$columns = array_keys($data_to_insert);
$set = implode(
', ',
array_map(fn($col) => "$col = ?", $columns)
);
$sql = "INSERT INTO $tableTurnerinnen SET $set";
$stmt = $mysqli->prepare($sql);
$types = str_repeat('s', count($data_to_insert));
$values = array_values($data_to_insert);
$stmt->bind_param($types, ...$values);
$inserted = $stmt->execute();
$stmt->close();
if ( $inserted ) {
$_SESSION['form_message'] = 'Daten erfolgreich gespeichert!';
$_SESSION['form_message_type'] = 1;
header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?'));
exit;
} else {
$_SESSION['form_message'] = 'Fehler beim Speichern der Daten. Bitte versuchen Sie es später erneut.';
$_SESSION['form_message_type'] = 0;
}
$_SESSION['form_message'] = 'Fehler beim Speichern der Daten. Bitte versuchen Sie es später erneut.';
$_SESSION['form_message_type'] = 0;
}
}
}