WKVS_gitea/WKVS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Überarbeitete Version der 1. Version. Es bestehen noch grosse Feher in einzelnen Skripten.

Browse Source
This commit is contained in:
Fabio Herzig
2026-04-18 23:45:17 +02:00
parent a51fd9dbeb
commit 3731183654
85 changed files with 2965 additions and 3371 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
www/intern/trainer.php
View File

@@ -11,9 +11,6 @@ if (!isset($baseDir)) {
$baseDir = $_SERVER['DOCUMENT_ROOT'];
}
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
?>
<!DOCTYPE html>
<html lang="de">
@@ -38,7 +35,14 @@ if (session_status() !== PHP_SESSION_ACTIVE) {
</head>
<body>
<?php
$access_granted_trainer = $_SESSION['access_granted_trainer'] ?? false;
require_once $baseDir . '/../scripts/session_functions.php';
ini_wkvs_session(true);
$csrf_token = $_SESSION['csrf_token'] ?? '';
$access_granted_trainer = check_user_permission('trainer', true) ?? false;
if ( ! $access_granted_trainer ) :
@@ -50,19 +54,9 @@ if (session_status() !== PHP_SESSION_ACTIVE) {
else :
if (isset($_POST['abmelden'])) {
$_SESSION['access_granted_trainer'] = false;
$_SESSION['passcodetrainer_id'] = '';
$_SESSION['passcodetrainer_message'] = '';
$_SESSION['logoDisplay'] = true;
header("Location: " . $_SERVER['PHP_SELF']);
exit;
}
require $baseDir . '/../scripts/db/db-functions.php';
require $baseDir . '/../scripts/db/db-tables.php';
require $baseDir . '/../scripts/csrf_functions.php';
$type = 'tr';
@@ -111,7 +105,7 @@ if (session_status() !== PHP_SESSION_ACTIVE) {
$programmes[] = $prog['programm'];
}
$userid = intval($_SESSION['passcodetrainer_id'] ?? 0);
$userid = intval($_SESSION['user_id_trainer'] ?? 0);
$arrayfreigaben = [];
@@ -159,7 +153,7 @@ if (session_status() !== PHP_SESSION_ACTIVE) {
<?php
$iduser = $_SESSION['passcodetrainer_id'];
$iduser = $_SESSION['user_id_trainer'];
$result = $mysqli->query("SELECT * FROM `$tableOrders` WHERE user_id = $iduser AND order_status = 0");
@@ -408,7 +402,7 @@ if (session_status() !== PHP_SESSION_ACTIVE) {
<div class="editContainerDivInner">
<form action="" method="post">
<input type="hidden" name="csrf_token" id="new_turnerin_nonce" value="<?= csrf_token()?>">
<input type="hidden" name="csrf_token" value="<?= $csrf_token ?>">
<?php if ( isset($_POST['edit_id']) ) { ?>
<input type="hidden" name="edit_id" value="<?= intval($_POST['edit_id']) ?>">
@@ -469,6 +463,7 @@ if (session_status() !== PHP_SESSION_ACTIVE) {
</form>
<form class="form_excel" action="" method="post" enctype="multipart/form-data">
<input type="hidden" name="csrf_token" value="<?= $csrf_token ?>">
<h4>Excel Tabelle hochladen</h4>
<a href="https://wkvs.ch/files/WKVS_Vorlage_Upload_Turnerinnen.xlsx" download>
<button type="button">Vorlage Herunterladen</button>
@@ -556,7 +551,7 @@ if (session_status() !== PHP_SESSION_ACTIVE) {
if (!empty($grouped)) : ?>
<form action="" method="post" id="bulk-action-form">
<?= '<input type="hidden" name="csrf_token" id="bulk_update_nonce" value="'.csrf_token().'">' ?>
<input type="hidden" name="csrf_token" id="bulc_nonce" value="<?= $csrf_token ?>">
<div>
<p class="labelBulkSelect">Bulk Select:</p>
<div style="display: flex; align-items: center; gap: 10px; margin-bottom: 15px;">
@@ -751,7 +746,7 @@ if (session_status() !== PHP_SESSION_ACTIVE) {
<div class="msgDiv"></div>
<form id="global-delete-form" method="post" style="display:none;">
<input type="hidden" name="delete_id" id="global-delete-id">
<input type="hidden" name="csrf_token" value="<?= csrf_token() ?>">
<input type="hidden" name="csrf_token" value="<?= $csrf_token ?>">
</form>
</section>
<div id="musicDiv"><audio controls><source id="sorceAudioPreview" src="" type="audio/mp3"></audio></div>
@@ -803,6 +798,7 @@ if (session_status() !== PHP_SESSION_ACTIVE) {
</label> */ ?>
<input type="hidden" name="order_id" value="">
<input type="hidden" name="preis" value="">
<input type="hidden" name="csrf_token" value="<?= $csrf_token ?>">
<div>
<button type="submit" class="newBtn">
<span>Rechnung erstellen</span>
@@ -828,6 +824,8 @@ if (session_status() !== PHP_SESSION_ACTIVE) {
<script>
const csrf_token = "<?= $csrf_token ?>";
(function () {
let lastWrite = 0;
const interval = 200;
@@ -860,6 +858,7 @@ function uploadFile(input) {
const formData = new FormData();
formData.append('music_file', input.files[0]);
formData.append('turnerinId', idTurnerin);
formdata.append('csrf_token', csrf_token);
fetch('/intern/scripts/audiofiles-uploads/ajax_audiofile_upload.php', {
method: 'POST',
@@ -1014,31 +1013,7 @@ document.addEventListener('DOMContentLoaded', function () {
<?php
}
?>
console.log('<?php if (isset($_SESSION['form_message'])) echo $_SESSION['form_message']; ?>');
// Single add-to-cart (unchanged)
document.querySelectorAll('.add-to-cart-ajax').forEach(button => {
button.addEventListener('click', function (e) {
e.preventDefault();
const productId = this.getAttribute('data-product-id');
fetch('', {
method: 'POST',
headers: {'Content-Type': 'application/x-www-form-urlencoded'},
body: new URLSearchParams({
action: 'ajax_add_to_cart',
product_id: productId
})
})
.then(response => response.json())
.then(data => {
if (data.success) {
alert('Produkt wurde dem Warenkorb hinzugefügt!');
location.reload();
} else {
alert('Fehler beim Hinzufügen zum Warenkorb.');
}
});
});
});
<?php if (isset($_SESSION['form_message'])) echo "console.log(" . $_SESSION['form_message'] . ")"; ?>
// BULK ADD-TO-CART via the main bulk form
const bulkForm = document.getElementById('bulk-action-form');
@@ -1056,13 +1031,17 @@ document.addEventListener('DOMContentLoaded', function () {
}
const ids = checked.map(input => input.value);
const url = "/intern/scripts/trainer/ajax-add_entry_fees_to_basket.php" +
`?ids=${ids}`+
`&user=<?php echo $userid; ?>`+
"&token=6OLSZVVxBrSrmbpKrQ2uD8f6ylziCJHgs5kXKGEE7a0L5FkPz9EXpbec1i5jkOkHjfyAHJlvulO3HA6QImWykM";
console.log(url);
const url = "/intern/scripts/trainer/ajax-add_entry_fees_to_basket.php";
fetch(url)
fetch(url,{
method: 'POST',
headers: {'Content-Type': 'application/x-www-form-urlencoded'},
body: new URLSearchParams({
csrf_token,
ids,
user: <?php echo $userid; ?>
})
})
.then(res => res.json())
.then(response => {
if (response.success) {
@@ -1094,39 +1073,6 @@ document.addEventListener('DOMContentLoaded', function () {
});
});
});
<?php
if (count($arrayfreigaben) > 1) {
?>
/*document.getElementById('freigabe-select').addEventListener('change', function() {
const freigabe = this.value;
const user_id = document.getElementById('user_id').value;
const nonce = document.getElementById('freigabe_nonce').value;
const type = document.getElementById('type_freigabe').value;
const params = new URLSearchParams();
params.append('freigabe', freigabe);
params.append('user_id', user_id);
params.append('type', 'trainer');
fetch('/intern/scripts/kampfrichter/ajax/ajax-update_selected_kampfrichter.php', {
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
body: params
})
.then(res => res.json())
.then(data => {
if (data.success) {
window.location.reload(); // reload page to reflect changes
} else {
alert('Error: ' + data.data);
}
})
.catch(err => {
console.error(err);
alert('AJAX request failed');
});
});*/
<?php } ?>
});
let menuTriggerdGebueren = false;
@@ -1174,10 +1120,16 @@ jQuery(function($) {
const id = el.data('id');
// Build the URL with GET parameters safely
const url = `/intern/scripts/trainer/ajax-add_entry_fees_to_basket.php` +
`?ids=${id}`
const url = `/intern/scripts/trainer/ajax-add_entry_fees_to_basket.php`;
fetch(url)
fetch(url,{
method: 'POST',
headers: {'Content-Type': 'application/x-www-form-urlencoded'},
body: new URLSearchParams({
csrf_token,
ids: id
})
})
.then(res => {
// 200299
if (res.ok) {
@@ -1317,13 +1269,25 @@ jQuery(function($) {
// Build the URL with GET parameters safely
const url = `/intern/scripts/trainer/ajax-neu_temp_order.php`;
fetch(url)
fetch(url,{
method: 'POST',
headers: {'Content-Type': 'application/x-www-form-urlencoded'},
body: new URLSearchParams({
csrf_token
})
})
.then(res => res.json())
.then(response => {
if (response.success) {
// Fetch the order_id and preis
return fetch(`/intern/scripts/trainer/ajax-fetch_temp_order.php`)
return fetch(`/intern/scripts/trainer/ajax-fetch_temp_order.php` , {
method: 'POST',
headers: {'Content-Type': 'application/x-www-form-urlencoded'},
body: new URLSearchParams({
csrf_token
})
})
.then(res2 => res2.json())
.then(orderData => {
if (orderData.success && orderData.result) {
@@ -1420,7 +1384,8 @@ jQuery(function($) {
method: 'POST',
headers: {'Content-Type': 'application/x-www-form-urlencoded'},
body: new URLSearchParams({
id: id
id: id,
csrf_token
})
})
.then(response => {
@@ -1461,13 +1426,7 @@ jQuery(function($) {
altFormat: "d. F Y",
allowInput: true,
disableMobile: "true",
// Enables the dropdown for months
// monthSelectorType: "static",
// Configuration for Year Selection
// This allows the user to type or use arrows,
// but the key is providing a logical range.
minDate: "1920-01-01",
maxDate: "today"
});