Überarbeitete Version der 1. Version. Es bestehen noch grosse Feher in einzelnen Skripten.
This commit is contained in:
Fabio Herzig
@@ -1,20 +1,23 @@
|
||||
<?php
|
||||
header('Content-Type: application/json');
|
||||
|
||||
session_start();
|
||||
|
||||
if (empty($_SESSION['access_granted_kampfrichter']) || $_SESSION['access_granted_kampfrichter'] !== true || empty($_SESSION['passcodekampfrichter_id']) || $_SESSION['passcodekampfrichter_id'] < 1) {
|
||||
http_response_code(403);
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($baseDir)) {
|
||||
$baseDir = $_SERVER['DOCUMENT_ROOT'];
|
||||
$baseDir = $_SERVER['DOCUMENT_ROOT'];
|
||||
}
|
||||
|
||||
require_once $baseDir . '/../scripts/session_functions.php';
|
||||
|
||||
ini_wkvs_session();
|
||||
|
||||
check_user_permission('kampfrichter');
|
||||
|
||||
verify_csrf();
|
||||
|
||||
// ---------- Get and sanitize input ----------
|
||||
$id = intval($_POST['personId']) ?? 0;
|
||||
$run = intval($_POST['run']) ?? 0;
|
||||
$geraetId = intval($_POST['geraetId']) ?? 0;
|
||||
$dataType = intval($_POST['dataType']) ?? 0;
|
||||
$jahr = isset($_POST['jahr']) ? preg_replace('/[^0-9]/', '', $_POST['jahr']) : '';
|
||||
$anfrageType = $_POST['type'] ?? '';
|
||||
|
||||
@@ -123,20 +126,28 @@ switch ($anfrageType) {
|
||||
$jsonData = json_encode($data);
|
||||
break;
|
||||
case "start":
|
||||
if (array_key_exists("start", $oldjson)) {
|
||||
$oldjson["start"] = true;
|
||||
|
||||
$jsonData = json_encode($oldjson);
|
||||
} else {
|
||||
echo json_encode(['success' => false, 'message' => 'Turnerin nicht auf Display '.json_encode($oldjson).'; '.$jsonString]);
|
||||
if (!array_key_exists("id", $oldjson) || intval($oldjson["id"]) !== $id || !array_key_exists("start", $oldjson)) {
|
||||
echo json_encode(['success' => false, 'message' => 'Person nicht auf Display!']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$oldjson["start"] = (bool) $dataType;
|
||||
|
||||
$jsonData = json_encode($oldjson);
|
||||
break;
|
||||
case "result":
|
||||
// 1. Get IDs and filter out empty values
|
||||
$noteLinksId = db_get_var($mysqli, "SELECT `value` FROM $tableVar WHERE `name` = ?", ['displayIdNoteL']);
|
||||
$noteRechtsId = db_get_var($mysqli, "SELECT `value` FROM $tableVar WHERE `name` = ?", ['displayIdNoteR']);
|
||||
|
||||
$stmt = $mysqli->prepare("UPDATE $tableNoten SET `is_public` = 1, `public_value` = `value` WHERE `person_id` = ? AND `jahr` = ? AND `geraet_id` = ? AND `run_number` = ?");
|
||||
|
||||
$stmt->bind_param("ssss", $id, $jahr, $geraetId, $run);
|
||||
|
||||
$stmt->execute();
|
||||
|
||||
$stmt->close();
|
||||
|
||||
// Create an array of IDs that actually exist
|
||||
$validIds = array_filter([$noteLinksId, $noteRechtsId]);
|
||||
|
||||
@@ -148,12 +159,12 @@ switch ($anfrageType) {
|
||||
$placeholders = implode(',', array_fill(0, count($validIds), '?'));
|
||||
|
||||
$sqlNoten = "SELECT `value`, `note_bezeichnung_id` FROM $tableNoten
|
||||
WHERE person_id = ? AND `jahr` = ? AND `geraet_id` = ?
|
||||
WHERE person_id = ? AND `jahr` = ? AND `geraet_id` = ? AND run_number = ?
|
||||
AND `note_bezeichnung_id` IN ($placeholders)";
|
||||
|
||||
$stmt = $mysqli->prepare($sqlNoten);
|
||||
// Combine standard params with our dynamic ID list
|
||||
$params = array_merge([$id, $jahr, $geraetId], $validIds);
|
||||
$params = array_merge([$id, $jahr, $geraetId, $run], $validIds);
|
||||
$types = str_repeat('s', count($params));
|
||||
$stmt->bind_param($types, ...$params);
|
||||
$stmt->execute();
|
||||
|
||||
Reference in New Issue
Block a user