clemens/praxis-creutzburg-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Abgleich mit Live-Daten

Browse Source
This commit is contained in:
Clemens Creutzburg
2026-03-24 14:45:06 +01:00
parent 00077aa09a
commit 211ce11e06
116 changed files with 16602 additions and 16612 deletions
Download Patch File Download Diff File Expand all files Collapse all files
zeiterfassung/deleteVacation.php
+38 -38
View File
@@ -1,38 +1,38 @@
<?php
session_start();
require_once('inc/config.inc.php');
require_once('inc/functions.inc.php');
$user = check_user();
if ($_SERVER['REQUEST_METHOD'] !== 'POST' || !isset($_POST['id'])) {
http_response_code(400);
die('Bad request');
}
$id = (int)$_POST['id'];
$referer = $_POST['referer'] ?? 'urlaubsantrag.php';
// Fetch vacation to verify ownership
$stmt = $pdo->prepare("SELECT user_id, status FROM vacations WHERE id = ?");
$stmt->execute([$id]);
$vac = $stmt->fetch();
if (!$vac) {
die('Urlaubseintrag nicht gefunden.');
}
$isAdmin = is_admin_user();
if (!$isAdmin && $vac['user_id'] != $_SESSION['userid']) {
die('Zugriff verweigert.');
}
// Allow deletion for admins or owner
$del = $pdo->prepare("DELETE FROM vacations WHERE id = ?");
$del->execute([$id]);
header('Location: ' . $referer);
exit();
?>
<?php
session_start();
require_once('inc/config.inc.php');
require_once('inc/functions.inc.php');
$user = check_user();
if ($_SERVER['REQUEST_METHOD'] !== 'POST' || !isset($_POST['id'])) {
http_response_code(400);
die('Bad request');
}
$id = (int)$_POST['id'];
$referer = $_POST['referer'] ?? 'urlaubsantrag.php';
// Fetch vacation to verify ownership
$stmt = $pdo->prepare("SELECT user_id, status FROM vacations WHERE id = ?");
$stmt->execute([$id]);
$vac = $stmt->fetch();
if (!$vac) {
die('Urlaubseintrag nicht gefunden.');
}
$isAdmin = is_admin_user();
if (!$isAdmin && $vac['user_id'] != $_SESSION['userid']) {
die('Zugriff verweigert.');
}
// Allow deletion for admins or owner
$del = $pdo->prepare("DELETE FROM vacations WHERE id = ?");
$del->execute([$id]);
header('Location: ' . $referer);
exit();
?>