clemens/praxis-creutzburg-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
211ce11e06cc6aa01557cc3d6a55a0b20200a9e7
praxis-creutzburg-web/zeiterfassung/deleteVacation.php
T
clemens 211ce11e06 Abgleich mit Live-Daten
2026-03-24 14:45:06 +01:00

39 lines
874 B
PHP
Raw Blame History

<?php
session_start();
require_once('inc/config.inc.php');
require_once('inc/functions.inc.php');
$user = check_user();
if ($_SERVER['REQUEST_METHOD'] !== 'POST' || !isset($_POST['id'])) {
http_response_code(400);
die('Bad request');
}
$id = (int)$_POST['id'];
$referer = $_POST['referer'] ?? 'urlaubsantrag.php';
// Fetch vacation to verify ownership
$stmt = $pdo->prepare("SELECT user_id, status FROM vacations WHERE id = ?");
$stmt->execute([$id]);
$vac = $stmt->fetch();
if (!$vac) {
die('Urlaubseintrag nicht gefunden.');
}
$isAdmin = is_admin_user();
if (!$isAdmin && $vac['user_id'] != $_SESSION['userid']) {
die('Zugriff verweigert.');
}
// Allow deletion for admins or owner
$del = $pdo->prepare("DELETE FROM vacations WHERE id = ?");
$del->execute([$id]);
header('Location: ' . $referer);
exit();
?>
Reference in New Issue View Git Blame Copy Permalink