Überarbeitete Version der 1. Version. Es bestehen noch grosse Feher in einzelnen Skripten.

www/intern/scripts/logindata/ajax-remove_programm.php

@@ -5,24 +5,18 @@ ini_set('display_errors', 1);
 ini_set('display_startup_errors', 1);
 error_reporting(E_ALL);
 
-if (session_status() !== PHP_SESSION_ACTIVE) session_start();
-
-if (empty($_SESSION['access_granted_wk_leitung']) || $_SESSION['access_granted_wk_leitung'] !== true || empty($_SESSION['passcodewk_leitung_id']) || intval($_SESSION['passcodewk_leitung_id']) < 0 ) {
-    http_response_code(403);
-    exit;
-}
-
-$token = isset($_GET['token']) ? $_GET['token'] : '';
-
-if ($token !== 'bKqBAPjwojZdarJaE7jwvRrIEf2WzJUlFlufQadfLJ98qJcrWZK5pRlGoUQOHp1L06urGRbEdE9v5oIRirPiUCjm93wATghO4qx'){
-	echo json_encode(['success' => false, 'message' => '500 Error - Critical Server Error']);
-    exit;
-}
-
 if (!isset($baseDir)) {
 	$baseDir = $_SERVER['DOCUMENT_ROOT'];
 }
 
+require_once $baseDir . '/../scripts/session_functions.php';
+
+ini_wkvs_session();
+
+check_user_permission('wk_leitung');
+
+verify_csrf();
+
 $type = 'wkl';
 
 $data = include $baseDir . '/../scripts/db/db-verbindung-script.php';
@@ -34,7 +28,7 @@ if ($data['success'] === false){
 
 require $baseDir . '/../scripts/db/db-tables.php';
 
-$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
+$id = isset($_POST['id']) ? intval($_POST['id']) : 0;
 
 if ($id <= 0) {
     echo json_encode(['success' => false, 'message' => 'Invalid ID']);