Überarbeitete Version der 1. Version. Es bestehen noch grosse Feher in einzelnen Skripten.

2026-04-18 23:45:17 +02:00
parent a51fd9dbeb
commit 3731183654
85 changed files with 2965 additions and 3371 deletions
--- a/www/intern/scripts/trainer/ajax_unlink_delete_bodenmusik.php
+++ b/www/intern/scripts/trainer/ajax_unlink_delete_bodenmusik.php
@@ -1,17 +1,14 @@
 <?php

-if (session_status() !== PHP_SESSION_ACTIVE) session_start();
+if (!isset($baseDir)) $baseDir = $_SERVER['DOCUMENT_ROOT'];

-$isTrainer =
-    isset($_SESSION['access_granted_trainer'], $_SESSION['passcodetrainer_id']) &&
-    $_SESSION['access_granted_trainer'] === true &&
-    (int)$_SESSION['passcodetrainer_id'] > 0;
+require_once $baseDir . '/../scripts/session_functions.php';

-if (!$isTrainer) {
-    echo json_encode(['success' => false]);
-    http_response_code(403);
-    exit;
-}
+ini_wkvs_session();
+
+check_user_permission('trainer');
+
+verify_csrf();

 if (!isset($_POST['oldMusicId'])) {
    echo json_encode(['success' => false]);
@@ -27,8 +24,6 @@ if ($oldMusicId < 1) {
    exit;
 }

-if (!isset($baseDir)) $baseDir = $_SERVER['DOCUMENT_ROOT'];
-
 $type = 'tr';

 $data = include $baseDir . '/../scripts/db/db-verbindung-script.php';