First version, for githup; UNSTABLE, DO NOT USE!

www/intern/scripts/logindata/ajax-vereine-handler.php

@@ -0,0 +1,67 @@
+<?php
+
+header('Content-Type: application/json');
+
+if (session_status() !== PHP_SESSION_ACTIVE) session_start();
+
+if (empty($_SESSION['access_granted_wk_leitung']) || $_SESSION['access_granted_wk_leitung'] !== true || empty($_SESSION['passcodewk_leitung_id']) || intval($_SESSION['passcodewk_leitung_id']) < 1 ) {
+    http_response_code(403);
+    exit;
+}
+
+if (!isset($baseDir)) {
+    $baseDir = $_SERVER['DOCUMENT_ROOT'];
+}
+
+require $baseDir . '/../scripts/db/db-functions.php';
+require $baseDir . '/../scripts/db/db-tables.php';
+require $baseDir . '/../scripts/csrf_functions.php';
+
+
+$type = 'wkl';
+
+$dbconnection = require $baseDir . '/../scripts/db/db-verbindung-script.php';
+
+if ($dbconnection['success'] !== true){
+    echo json_encode(['success' => false, 'message' => 'Critical DB Error.']);
+    exit;
+}
+
+$id = intval($_POST['field_id']) ?? '';
+$verein = htmlspecialchars(trim($_POST['verein'] ?? ''));
+
+if (!isset($id) || !is_int($id) || !isset($verein)){
+    echo json_encode(['success' => false, 'message' => 'Invalid Input.']);
+    exit;
+}
+
+if ($id > 0) {
+    $updated = db_update($mysqli, $tableVereine, [
+        'verein' => $verein,
+    ], ['id' => $id]);
+} else {
+    $stmt = $mysqli->prepare(
+        "INSERT INTO {$tableVereine}
+        (verein)
+        VALUES (?)"
+    );
+
+    $stmt->bind_param(
+        "s",
+        $verein
+    );
+
+    $updated = $stmt->execute();
+}
+
+if ($updated !== false) {
+    if ($id == 0) { // new user
+        $new_id = $mysqli->insert_id;
+
+        echo json_encode(['success' => true, 'message' =>  $verein.' wurde erfolgreich erstellt.', 'id' => $new_id]);
+    } else {
+        echo json_encode(['success' => true, 'message' =>  $verein.' wurde erfolgreich aktualisiert.']);
+    }
+} else {
+    echo json_encode(['success' => false, 'message' =>  'DB Error']);
+}