Überarbeitete Version der 1. Version. Es bestehen noch grosse Feher in einzelnen Skripten.

www/intern/scripts/riegeneinteilung/ajax_update_start_indexes.php

@@ -1,19 +1,20 @@
 <?php
 
-if (session_status() !== PHP_SESSION_ACTIVE) session_start();
-
-if (empty($_SESSION['access_granted_wk_leitung']) || $_SESSION['access_granted_wk_leitung'] !== true || empty($_SESSION['passcodewk_leitung_id']) || intval($_SESSION['passcodewk_leitung_id']) < 0 ) {
-    http_response_code(403);
-	exit;
-}
-
 if (!isset($baseDir)) {
-    $baseDir = $_SERVER['DOCUMENT_ROOT'];
+	$baseDir = $_SERVER['DOCUMENT_ROOT'];
 }
 
+require_once $baseDir . '/../scripts/session_functions.php';
+
+ini_wkvs_session();
+
+check_user_permission('wk_leitung');
+
+verify_csrf();
+
+
 $type = 'wkl';
 
-
 $dbconnection = require $baseDir . '/../scripts/db/db-verbindung-script.php';
 
 if ($dbconnection['success'] !== true){
@@ -23,7 +24,7 @@ if ($dbconnection['success'] !== true){
 
 require $baseDir . '/../scripts/db/db-tables.php';
 
-$input = json_decode(file_get_contents('php://input'), true);
+$input = $_POST;
 
 if (!$input || !isset($input['new'])) {
   http_response_code(400);