Überarbeitete Version der 1. Version. Es bestehen noch grosse Feher in einzelnen Skripten.

2026-04-18 23:45:17 +02:00
parent a51fd9dbeb
commit 3731183654
85 changed files with 2965 additions and 3371 deletions
--- a/www/intern/scripts/logindata/ajax-update-user-information.php
+++ b/www/intern/scripts/logindata/ajax-update-user-information.php
@@ -4,21 +4,20 @@ use Dotenv\Dotenv;

 header('Content-Type: application/json');

-if (session_status() !== PHP_SESSION_ACTIVE) session_start();
-
-if (empty($_SESSION['access_granted_wk_leitung']) || $_SESSION['access_granted_wk_leitung'] !== true || empty($_SESSION['passcodewk_leitung_id']) || intval($_SESSION['passcodewk_leitung_id']) < 1 ) {
-    http_response_code(403);
-    exit;
-}
-
 if (!isset($baseDir)) {
-    $baseDir = $_SERVER['DOCUMENT_ROOT'];
+	$baseDir = $_SERVER['DOCUMENT_ROOT'];
 }

+require_once $baseDir . '/../scripts/session_functions.php';
+
+ini_wkvs_session();
+
+check_user_permission('wk_leitung');
+
+verify_csrf();
+
 require $baseDir . '/../scripts/db/db-functions.php';
 require $baseDir . '/../scripts/db/db-tables.php';
-require $baseDir . '/../scripts/csrf_functions.php';
-

 $type = 'wkl';

@@ -36,7 +35,7 @@ if (isset($_POST['field_id'])){
    exit;
 }

-$editor_id = $_SESSION['passcodewk_leitung_id'];
+$editor_id = $_SESSION['user_id_wk_leitung'];
 $plain = trim($_POST['password'] ?? '');

 if (!$plain) {
@@ -51,6 +50,7 @@ if (!$username) {
    exit;
 }

+$namePerson = htmlspecialchars(trim($_POST['namePerson'] ?? ''));

 $freigaben = $_POST['freigaben'] ?? [];
 $freigabenTrainer = $_POST['freigabenTrainer'] ?? [];
@@ -118,6 +118,7 @@ if ($id > 0) {
        'password_hash' => $hash, 
        'password_cipher' => $cipher_store,
        'username' => $username,
+        'name_person' => $namePerson,
        'freigabe' => $freigabe_store,
        'updated_at' => date('Y-m-d H:i:s'),
        'edited_by' => $editor_id
@@ -125,19 +126,23 @@ if ($id > 0) {
 } else {
    $stmt = $mysqli->prepare(
        "INSERT INTO {$tableInternUsers}
-        (username, password_hash, password_cipher, freigabe, created_at, updated_at, edited_by)
-        VALUES (?, ?, ?, ?, ?, ?, ?)"
+        (username, name_person, password_hash, password_cipher, freigabe, created_at, updated_at, edited_by, login_active)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)"
    );

+    $loginActive = 1;
+
    $stmt->bind_param(
-        "ssssssi",
+        "sssssssis",
        $username,
+        $namePerson,
        $hash,
        $cipher_store,
        $freigabe_store,
        $created_at,
        $updated_at,
-        $editor_id
+        $editor_id,
+        $loginActive
    );

    $created_at = date('Y-m-d H:i:s');