WKVS_gitea/WKVS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Überarbeitete Version der 1. Version. Es bestehen noch grosse Feher in einzelnen Skripten.

Browse Source
This commit is contained in:
Fabio Herzig
2026-04-18 23:45:17 +02:00
parent a51fd9dbeb
commit 3731183654
85 changed files with 2965 additions and 3371 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
www/intern/scripts/trainer/ajax-add_entry_fees_to_basket.php
View File

@@ -1,14 +1,15 @@
<?php
if (session_status() !== PHP_SESSION_ACTIVE) session_start();
if ( empty($_SESSION['access_granted_trainer']) || $_SESSION['access_granted_trainer'] !== true || empty($_SESSION['passcodetrainer_id']) || intval($_SESSION['passcodetrainer_id']) < 1 ) {
http_response_code(403);
exit;
}
if (!isset($baseDir)) $baseDir = $_SERVER['DOCUMENT_ROOT'];
require_once $baseDir . '/../scripts/session_functions.php';
ini_wkvs_session();
check_user_permission('trainer');
verify_csrf();
$type = 'tr';
$data = include $baseDir . '/../scripts/db/db-verbindung-script.php';
@@ -20,8 +21,8 @@ if ($data['success'] === false){
require $baseDir . '/../scripts/db/db-tables.php';
$ids = isset($_GET['ids']) ? htmlspecialchars(strip_tags(trim($_GET['ids'])), ENT_QUOTES) : '';
$user = intval($_SESSION['passcodetrainer_id']);
$ids = isset($_POST['ids']) ? htmlspecialchars(strip_tags(trim($_POST['ids'])), ENT_QUOTES) : '';
$user = intval($_SESSION['user_id_trainer']);
$arrayids = array_filter(array_map('trim', explode(',', $ids)));

0
www/intern/scripts/trainer/ajax-create_otlurl.php
View File

23
www/intern/scripts/trainer/ajax-fetch_temp_order.php
View File

@@ -1,21 +1,18 @@
<?php
header('Content-Type: application/json');
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
if (session_status() !== PHP_SESSION_ACTIVE) session_start();
if (empty($_SESSION['access_granted_trainer']) || $_SESSION['access_granted_trainer'] !== true || empty($_SESSION['passcodetrainer_id']) || intval($_SESSION['passcodetrainer_id']) < 1 ) {
http_response_code(403);
exit;
}
$userId = $_SESSION['passcodetrainer_id'];
if (!isset($baseDir)) $baseDir = $_SERVER['DOCUMENT_ROOT'];
require_once $baseDir . '/../scripts/session_functions.php';
ini_wkvs_session();
check_user_permission('trainer');
verify_csrf();
$userId = $_SESSION['user_id_trainer'];
$type = 'tr';
$data = include $baseDir . '/../scripts/db/db-verbindung-script.php';

22
www/intern/scripts/trainer/ajax-neu_temp_order.php
View File

@@ -5,21 +5,17 @@ ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
if (session_status() !== PHP_SESSION_ACTIVE) session_start();
if (!isset($baseDir)) $baseDir = $_SERVER['DOCUMENT_ROOT'];
$token = isset($_GET['token']) ? $_GET['token'] : '';
require_once $baseDir . '/../scripts/session_functions.php';
/*if ($token !== 'OOlhSGI8CraW6BFmJbj6JFy4sxrYyZ0UxzzbASLhY1sWm0IgqmBXjqqwtqKSvpVFBSBgOFrXHuQLGQj1pxlxj3rlTt1r7kAAWX67dcP'){
echo json_encode(['success' => false, 'message' => '500 Error - Critical Server Error']);
exit;
}*/
ini_wkvs_session();
if (empty($_SESSION['access_granted_trainer']) || $_SESSION['access_granted_trainer'] !== true || empty($_SESSION['passcodetrainer_id']) || intval($_SESSION['passcodetrainer_id']) < 1 ) {
http_response_code(403);
exit;
}
check_user_permission('trainer');
function generateInvoiceNumber(): int {
verify_csrf();
function generateInvoiceNumber() : int {
return random_int(10000000, 99999999);
}
@@ -59,9 +55,7 @@ function createInvoice(mysqli $conn, $tableOrders, $orderType , $preis, $userId,
throw new RuntimeException('Failed to generate unique invoice number');
}
$userId = $_SESSION['passcodetrainer_id'];
if (!isset($baseDir)) $baseDir = $_SERVER['DOCUMENT_ROOT'];
$userId = $_SESSION['user_id_trainer'];
$type = 'tr';

19
www/intern/scripts/trainer/ajax-remove_basket_item.php
View File

@@ -1,16 +1,17 @@
<?php
header('Content-Type: application/json');
if (session_status() !== PHP_SESSION_ACTIVE) session_start();
if ( empty($_SESSION['access_granted_trainer']) || $_SESSION['access_granted_trainer'] !== true || empty($_SESSION['passcodetrainer_id']) || intval($_SESSION['passcodetrainer_id']) < 1 ) {
http_response_code(403);
exit;
}
if (!isset($baseDir)) $baseDir = $_SERVER['DOCUMENT_ROOT'];
require_once $baseDir . '/../scripts/session_functions.php';
ini_wkvs_session();
check_user_permission('trainer');
verify_csrf();
$type = 'tr';
$data = include $baseDir . '/../scripts/db/db-verbindung-script.php';
@@ -24,7 +25,7 @@ require $baseDir . '/../scripts/db/db-tables.php';
// --- Get input ---
$id = isset($_POST['id']) ? intval($_POST['id']) : 0;
$userId = intval($_SESSION['passcodetrainer_id']);
$userId = intval($_SESSION['user_id_trainer']);
// --- Validate inputs ---
if ($id < 1) {

19
www/intern/scripts/trainer/ajax_link_bodenmusik.php
View File

@@ -2,18 +2,15 @@
header('Content-Type: application/json');
if (session_status() !== PHP_SESSION_ACTIVE) session_start();
if (!isset($baseDir)) $baseDir = $_SERVER['DOCUMENT_ROOT'];
$isTrainer =
isset($_SESSION['access_granted_trainer'], $_SESSION['passcodetrainer_id']) &&
$_SESSION['access_granted_trainer'] === true &&
(int)$_SESSION['passcodetrainer_id'] > 0;
require_once $baseDir . '/../scripts/session_functions.php';
if (!$isTrainer) {
echo json_encode(['success' => false]);
http_response_code(403);
exit;
}
ini_wkvs_session();
check_user_permission('trainer');
verify_csrf();
if (!isset($_POST['musicId']) || !isset($_POST['turnerinId']) || intval($_POST['musicId']) < 1 || intval($_POST['turnerinId']) < 1) {
echo json_encode(['success' => false]);
@@ -21,8 +18,6 @@ if (!isset($_POST['musicId']) || !isset($_POST['turnerinId']) || intval($_POST['
exit;
}
if (!isset($baseDir)) $baseDir = $_SERVER['DOCUMENT_ROOT'];
$type = 'tr';
$data = include $baseDir . '/../scripts/db/db-verbindung-script.php';

19
www/intern/scripts/trainer/ajax_unlink_delete_bodenmusik.php
View File

@@ -1,17 +1,14 @@
<?php
if (session_status() !== PHP_SESSION_ACTIVE) session_start();
if (!isset($baseDir)) $baseDir = $_SERVER['DOCUMENT_ROOT'];
$isTrainer =
isset($_SESSION['access_granted_trainer'], $_SESSION['passcodetrainer_id']) &&
$_SESSION['access_granted_trainer'] === true &&
(int)$_SESSION['passcodetrainer_id'] > 0;
require_once $baseDir . '/../scripts/session_functions.php';
if (!$isTrainer) {
echo json_encode(['success' => false]);
http_response_code(403);
exit;
}
ini_wkvs_session();
check_user_permission('trainer');
verify_csrf();
if (!isset($_POST['oldMusicId'])) {
echo json_encode(['success' => false]);
@@ -27,8 +24,6 @@ if ($oldMusicId < 1) {
exit;
}
if (!isset($baseDir)) $baseDir = $_SERVER['DOCUMENT_ROOT'];
$type = 'tr';
$data = include $baseDir . '/../scripts/db/db-verbindung-script.php';

2
www/intern/scripts/trainer/rechnung/ajax-neu_qr_rechnung.php
View File

@@ -2,7 +2,7 @@
if (session_status() !== PHP_SESSION_ACTIVE) session_start();
if (empty($_SESSION['access_granted_trainer']) || $_SESSION['access_granted_trainer'] !== true || empty($_SESSION['passcodetrainer_id']) || $_SESSION['passcodetrainer_id'] < 1) {
if (empty($_SESSION['access_granted_trainer']) || $_SESSION['access_granted_trainer'] !== true || empty($_SESSION['user_id_trainer']) || $_SESSION['user_id_trainer'] < 1) {
http_response_code(403);
exit;
}

24
www/intern/scripts/trainer/rechnung/rechnung-pdf.php
View File

@@ -4,11 +4,6 @@ use Sprain\SwissQrBill\PaymentPart\Output\DisplayOptions;
use Sprain\SwissQrBill\PaymentPart\Output\TcPdfOutput\TcPdfOutput;
use TCPDF;
if (!isset($baseDir)) $baseDir = $_SERVER['DOCUMENT_ROOT'];
require $baseDir . '/../composer/vendor/autoload.php';
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
// Show all errors except deprecation notices (these come from vendor libraries
@@ -18,10 +13,20 @@ error_reporting(E_ALL & ~E_DEPRECATED & ~E_USER_DEPRECATED);
// Add a higher memory limit
ini_set('memory_limit', '256M'); // Start with 256M, increase if needed
session_start();
if (!isset($baseDir)) $baseDir = $_SERVER['DOCUMENT_ROOT'];
require_once $baseDir . '/../scripts/session_functions.php';
ini_wkvs_session();
check_user_permission('trainer');
verify_csrf();
require $baseDir . '/../composer/vendor/autoload.php';
if (empty($_SESSION['access_granted_trainer']) || $_SESSION['access_granted_trainer'] !== true || empty($_SESSION['passcodetrainer_id']) || $_SESSION['passcodetrainer_id'] < 1) {
if (empty($_SESSION['access_granted_trainer']) || $_SESSION['access_granted_trainer'] !== true || empty($_SESSION['user_id_trainer']) || $_SESSION['user_id_trainer'] < 1) {
http_response_code(403);
header("Location: /intern/trainer");
exit;
@@ -338,7 +343,6 @@ if (isset($_POST['postversand'])) {
}
*/
if ($totalPreis !== 0) {
require __DIR__ . '/ajax-neu_qr_rechnung.php';
}
@@ -350,7 +354,7 @@ $pdf->SetX($columns['name']['max_width'] + $columns['programm']['max_width'] + $
$pdf->Cell($columns['preis']['max_width'], 10, 'CHF ' . number_format($totalPreis, 2), 0, 1, 'C');
$pdf->SetFont('GoogleSansFlex-Regular', '', 10);
if ($totalPreis !== 0) {
if ($totalPreis === 0) {
$pdf->Ln(10);
$pdf->SetTextColor(90, 103, 39);
$pdf->MultiCell(0, 8, 'Diese Rechnung wurde als bezahlt eigetragen, da der Betrag 0 CHF beträgt', 0, 'L');
@@ -410,7 +414,7 @@ $stmt->execute();
$stmt->close();
// 2. DELETE basket items
db_delete($mysqli, $tableBasketItems, ['user_id' => intval($_SESSION['passcodetrainer_id'])]);
db_delete($mysqli, $tableBasketItems, ['user_id' => intval($_SESSION['user_id_trainer'])]);
$mysqli->close();