Überarbeitete Version der 1. Version. Es bestehen noch grosse Feher in einzelnen Skripten.

www/intern/scripts/ajax-create-ws-token.php

@@ -1,15 +1,18 @@
 <?php
 
-if (session_status() !== PHP_SESSION_ACTIVE) session_start();
-
-if (
-    !((isset($_SESSION['access_granted_wk_leitung']) && $_SESSION['access_granted_wk_leitung'] === true) ||
-    (isset($_SESSION['access_granted_kampfrichter']) && $_SESSION['access_granted_kampfrichter'] === true))
-) {
-    http_response_code(403);
-    exit;
+if (!isset($baseDir)) {
+	$baseDir = $_SERVER['DOCUMENT_ROOT'];
 }
 
+require_once $baseDir . '/../scripts/session_functions.php';
+
+ini_wkvs_session();
+
+verify_csrf();
+
+check_multiple_allowed_permissions(['kampfrichter', 'wk_leitung']);
+
+
 if (!isset($_POST['access'])) {
     http_response_code(400);
     exit;
@@ -17,8 +20,6 @@ if (!isset($_POST['access'])) {
 
 $access = preg_replace("/[\W]/", "", trim($_POST['access']));
 
-$baseDir = $_SERVER['DOCUMENT_ROOT'];
-
 require $baseDir . "/../scripts/websocket/ws-create-token.php";
 
 $token = generateWSToken($access);