Überarbeitete Version der 1. Version. Es bestehen noch grosse Feher in einzelnen Skripten.

www/intern/scripts/logindata/ajax-neu_programm.php

@@ -1,24 +1,18 @@
 <?php
 header('Content-Type: application/json');
 
-if (session_status() !== PHP_SESSION_ACTIVE) session_start();
-
-if (empty($_SESSION['access_granted_wk_leitung']) || $_SESSION['access_granted_wk_leitung'] !== true || empty($_SESSION['passcodewk_leitung_id']) || intval($_SESSION['passcodewk_leitung_id']) < 0 ) {
-    http_response_code(403);
-    exit;
-}
-
-$token = isset($_GET['token']) ? $_GET['token'] : '';
-
-if ($token !== 'sWZ4GxbsoVhUPk5zhjH0uU9hets3zV2KsV8CZUvAWCCRk4uuuDr9vfFVgxWqr5FtDttbtm50EdWK9YxuMPswGZBQZFHAUAET1aG1'){
-	echo json_encode(['success' => false, 'message' => '500 Error - Critical Server Error']);
-    exit;
-}
-
 if (!isset($baseDir)) {
 	$baseDir = $_SERVER['DOCUMENT_ROOT'];
 }
 
+require_once $baseDir . '/../scripts/session_functions.php';
+
+ini_wkvs_session();
+
+check_user_permission('wk_leitung');
+
+verify_csrf();
+
 $type = 'wkl';
 
 $data = include $baseDir . '/../scripts/db/db-verbindung-script.php';
@@ -30,7 +24,7 @@ if ($data['success'] === false){
 
 require $baseDir . '/../scripts/db/db-tables.php';
 
-$value = isset($_GET['value']) ? preg_replace('/[^a-zA-Z0-9\s\-"]/u', '', $_GET['value']) : '';
+$value = isset($_POST['value']) ? preg_replace('/[^a-zA-Z0-9\s\-"]/u', '', $_POST['value']) : '';
 
 if (!$value || $value === ''){
     echo json_encode(['success' => false, 'message' => 'No input']);