Überarbeitete Version der 1. Version. Es bestehen noch grosse Feher in einzelnen Skripten.

2026-04-18 23:45:17 +02:00
parent a51fd9dbeb
commit 3731183654
85 changed files with 2965 additions and 3371 deletions
--- a/www/intern/scripts/einstellungen/ajax-upload-image.php
+++ b/www/intern/scripts/einstellungen/ajax-upload-image.php
@@ -20,16 +20,17 @@ $baseDir = $_SERVER['DOCUMENT_ROOT'];

 header('Content-Type: application/json');

-session_start();
-
-
-if (empty($_SESSION['access_granted_wk_leitung']) || $_SESSION['access_granted_wk_leitung'] !== true || empty($_SESSION['passcodewk_leitung_id']) || intval($_SESSION['passcodewk_leitung_id']) < 0 ) {
-    http_response_code(403);
-    exit;
+if (!isset($baseDir)) {
+	$baseDir = $_SERVER['DOCUMENT_ROOT'];
 }

+require_once $baseDir . '/../scripts/session_functions.php';

-$baseDir = $_SERVER['DOCUMENT_ROOT'];
+ini_wkvs_session();
+
+check_user_permission('wk_leitung');
+
+verify_csrf();


 // Only accept POST