Überarbeitete Version der 1. Version. Es bestehen noch grosse Feher in einzelnen Skripten.

www/intern/scripts/logindata/ajax-update_programm_aktiv.php

@@ -1,25 +1,18 @@
 <?php
 header('Content-Type: application/json');
 
-if (session_status() !== PHP_SESSION_ACTIVE) session_start();
-
-if (empty($_SESSION['access_granted_wk_leitung']) || $_SESSION['access_granted_wk_leitung'] !== true || empty($_SESSION['passcodewk_leitung_id']) || intval($_SESSION['passcodewk_leitung_id']) < 1 ) {
-    http_response_code(403);
-    exit;
-}
-
-
-$token = isset($_GET['token']) ? $_GET['token'] : '';
-
-if ($token !== '0UgBVHutbxTRTYsB04ujFKMjMRA8GgdqRJjVh3DKU1LRJfwtcDfrpDc7jpMxcrg9rYurAEwYPy5gu15R77MsgKsDMkFZEykx0A67'){
-	echo json_encode(['success' => false, 'message' => '500 Error - Critical Server Error']);
-    exit;
-}
-
 if (!isset($baseDir)) {
 	$baseDir = $_SERVER['DOCUMENT_ROOT'];
 }
 
+require_once $baseDir . '/../scripts/session_functions.php';
+
+ini_wkvs_session();
+
+check_user_permission('wk_leitung');
+
+verify_csrf();
+
 $type = 'wkl';
 
 $data = include $baseDir . '/../scripts/db/db-verbindung-script.php';
@@ -32,8 +25,8 @@ if ($data['success'] === false){
 require $baseDir . '/../scripts/db/db-tables.php';
 
 // ---------- Get and sanitize input ----------
-$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
-$value = isset($_GET['value']) ? floatval($_GET['value']) : 0;
+$id = isset($_POST['id']) ? intval($_POST['id']) : 0;
+$value = isset($_POST['value']) ? floatval($_POST['value']) : 0;
 
 
 if ($id < 0) {