Überarbeitete Version der 1. Version. Es bestehen noch grosse Feher in einzelnen Skripten.

www/intern/scripts/trainer/ajax-remove_basket_item.php

@@ -1,16 +1,17 @@
 <?php
 header('Content-Type: application/json');
 
-if (session_status() !== PHP_SESSION_ACTIVE) session_start();
-
-if ( empty($_SESSION['access_granted_trainer']) || $_SESSION['access_granted_trainer'] !== true || empty($_SESSION['passcodetrainer_id']) || intval($_SESSION['passcodetrainer_id']) < 1 ) {
-    http_response_code(403);
-    exit;
-}
-
-
 if (!isset($baseDir)) $baseDir = $_SERVER['DOCUMENT_ROOT'];
 
+require_once $baseDir . '/../scripts/session_functions.php';
+
+ini_wkvs_session();
+
+check_user_permission('trainer');
+
+verify_csrf();
+
+
 $type = 'tr';
 
 $data = include $baseDir . '/../scripts/db/db-verbindung-script.php';
@@ -24,7 +25,7 @@ require $baseDir . '/../scripts/db/db-tables.php';
 
 // --- Get input ---
 $id  = isset($_POST['id']) ? intval($_POST['id']) : 0;
-$userId = intval($_SESSION['passcodetrainer_id']);
+$userId = intval($_SESSION['user_id_trainer']);
 
 // --- Validate inputs ---
 if ($id < 1) {