prettier-run for code-formatting
This commit is contained in:
@@ -4,7 +4,11 @@ declare(strict_types=1);
|
||||
/* ========= Session & Bootstrap ========= */
|
||||
$secure = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off');
|
||||
session_set_cookie_params([
|
||||
'lifetime'=>0,'path'=>'/','secure'=>$secure,'httponly'=>true,'samesite'=>'Lax',
|
||||
'lifetime' => 0,
|
||||
'path' => '/',
|
||||
'secure' => $secure,
|
||||
'httponly' => true,
|
||||
'samesite' => 'Lax',
|
||||
]);
|
||||
session_name('WLISTSESSID');
|
||||
session_start();
|
||||
@@ -14,44 +18,62 @@ require_once __DIR__ . '/config/config.php';
|
||||
|
||||
/* ===== Debug Toggle (wie item.php) ===== */
|
||||
if (!empty($app_debug)) {
|
||||
ini_set('display_errors','1'); ini_set('display_startup_errors','1'); ini_set('log_errors','1');
|
||||
if (!is_dir(__DIR__.'/logs')) { @mkdir(__DIR__.'/logs',0750,true); }
|
||||
ini_set('error_log', __DIR__.'/logs/php-error.log'); error_reporting(E_ALL);
|
||||
ini_set('display_errors', '1');
|
||||
ini_set('display_startup_errors', '1');
|
||||
ini_set('log_errors', '1');
|
||||
if (!is_dir(__DIR__ . '/logs')) {
|
||||
@mkdir(__DIR__ . '/logs', 0750, true);
|
||||
}
|
||||
ini_set('error_log', __DIR__ . '/logs/php-error.log');
|
||||
error_reporting(E_ALL);
|
||||
} else {
|
||||
ini_set('display_errors','0'); ini_set('display_startup_errors','0'); ini_set('log_errors','1');
|
||||
if (!is_dir(__DIR__.'/logs')) { @mkdir(__DIR__.'/logs',0750,true); }
|
||||
ini_set('error_log', __DIR__.'/logs/php-error.log'); error_reporting(E_ALL);
|
||||
ini_set('display_errors', '0');
|
||||
ini_set('display_startup_errors', '0');
|
||||
ini_set('log_errors', '1');
|
||||
if (!is_dir(__DIR__ . '/logs')) {
|
||||
@mkdir(__DIR__ . '/logs', 0750, true);
|
||||
}
|
||||
ini_set('error_log', __DIR__ . '/logs/php-error.log');
|
||||
error_reporting(E_ALL);
|
||||
}
|
||||
|
||||
/* ============= Helpers ============= */
|
||||
function fail(string $msg, int $code=400): void {
|
||||
function fail(string $msg, int $code = 400): void
|
||||
{
|
||||
http_response_code($code);
|
||||
// kleine Flash-Message für index.php
|
||||
$_SESSION['flash'] = ['msg'=>$msg,'type'=> ($code>=400?'danger':'success')];
|
||||
$_SESSION['flash'] = ['msg' => $msg, 'type' => ($code >= 400 ? 'danger' : 'success')];
|
||||
safe_redirect_back();
|
||||
}
|
||||
function db(): mysqli {
|
||||
function db(): mysqli
|
||||
{
|
||||
global $servername, $username, $password, $db;
|
||||
$conn = new mysqli($servername, $username, $password, $db);
|
||||
if ($conn->connect_error) fail('Interner Fehler (DB)', 500);
|
||||
if ($conn->connect_error)
|
||||
fail('Interner Fehler (DB)', 500);
|
||||
$conn->set_charset('utf8mb4');
|
||||
return $conn;
|
||||
}
|
||||
function require_csrf(): void {
|
||||
$t = (string)($_POST['csrf'] ?? '');
|
||||
function require_csrf(): void
|
||||
{
|
||||
$t = (string) ($_POST['csrf'] ?? '');
|
||||
if (empty($_SESSION['csrf']) || !hash_equals($_SESSION['csrf'], $t)) {
|
||||
fail('Ungültiges CSRF-Token', 403);
|
||||
}
|
||||
}
|
||||
function e(string $s): string { return htmlspecialchars($s, ENT_QUOTES|ENT_SUBSTITUTE, 'UTF-8'); }
|
||||
function safe_redirect_back(): void {
|
||||
$ref = (string)($_SERVER['HTTP_REFERER'] ?? '');
|
||||
function e(string $s): string
|
||||
{
|
||||
return htmlspecialchars($s, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
|
||||
}
|
||||
function safe_redirect_back(): void
|
||||
{
|
||||
$ref = (string) ($_SERVER['HTTP_REFERER'] ?? '');
|
||||
if ($ref === '' || stripos($ref, 'http') !== 0) {
|
||||
$host = $_SERVER['HTTP_HOST'] ?? '';
|
||||
$scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
|
||||
header('Location: '.$scheme.'://'.$host.'/', true, 303);
|
||||
header('Location: ' . $scheme . '://' . $host . '/', true, 303);
|
||||
} else {
|
||||
header('Location: '.$ref, true, 303);
|
||||
header('Location: ' . $ref, true, 303);
|
||||
}
|
||||
exit;
|
||||
}
|
||||
@@ -63,12 +85,14 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||||
}
|
||||
require_csrf();
|
||||
|
||||
$wishId = (int)($_POST['wishid'] ?? -1);
|
||||
$pw = (string)($_POST['WishPassword'] ?? '');
|
||||
$reservedstat = (int)($_POST['reservedstat'] ?? 0); // 0 = setzen, 1 = aufheben
|
||||
$wishId = (int) ($_POST['wishid'] ?? -1);
|
||||
$pw = (string) ($_POST['WishPassword'] ?? '');
|
||||
$reservedstat = (int) ($_POST['reservedstat'] ?? 0); // 0 = setzen, 1 = aufheben
|
||||
|
||||
if ($wishId <= 0) fail('Ungültige Wunsch-ID', 400);
|
||||
if ($pw === '') fail('Passwort erforderlich', 400);
|
||||
if ($wishId <= 0)
|
||||
fail('Ungültige Wunsch-ID', 400);
|
||||
if ($pw === '')
|
||||
fail('Passwort erforderlich', 400);
|
||||
|
||||
$conn = db();
|
||||
|
||||
@@ -79,18 +103,21 @@ $stmt->bind_param('i', $wishId);
|
||||
$stmt->execute();
|
||||
$res = $stmt->get_result();
|
||||
if (!$res || !($row = $res->fetch_assoc())) {
|
||||
$stmt->close(); $conn->close(); fail('Wunsch nicht gefunden', 404);
|
||||
$stmt->close();
|
||||
$conn->close();
|
||||
fail('Wunsch nicht gefunden', 404);
|
||||
}
|
||||
$qty = max(1, (int)$row['qty']);
|
||||
$qty = max(1, (int) $row['qty']);
|
||||
$stmt->close();
|
||||
|
||||
/* Existierende Reservierungen zählen */
|
||||
$cnt = 0;
|
||||
$stmt = $conn->prepare('SELECT COUNT(*) AS c FROM wishes_reservations WHERE wish_id = ?');
|
||||
$stmt->bind_param('i',$wishId);
|
||||
$stmt->bind_param('i', $wishId);
|
||||
$stmt->execute();
|
||||
$res = $stmt->get_result();
|
||||
if ($res && ($row = $res->fetch_assoc())) $cnt = (int)$row['c'];
|
||||
if ($res && ($row = $res->fetch_assoc()))
|
||||
$cnt = (int) $row['c'];
|
||||
$stmt->close();
|
||||
|
||||
/* --- Operationen --- */
|
||||
@@ -104,25 +131,26 @@ if ($reservedstat === 0) {
|
||||
$ins = $conn->prepare('INSERT INTO wishes_reservations (wish_id, pass_hash, created_at) VALUES (?, ?, NOW())');
|
||||
$ins->bind_param('is', $wishId, $hash);
|
||||
if (!$ins->execute()) {
|
||||
$ins->close(); $conn->close();
|
||||
$ins->close();
|
||||
$conn->close();
|
||||
fail('Reservierung fehlgeschlagen', 500);
|
||||
}
|
||||
$ins->close();
|
||||
$conn->close();
|
||||
$_SESSION['flash'] = ['msg'=>'Reservierung eingetragen','type'=>'success'];
|
||||
$_SESSION['flash'] = ['msg' => 'Reservierung eingetragen', 'type' => 'success'];
|
||||
safe_redirect_back();
|
||||
|
||||
} else {
|
||||
// aufheben: passenden Hash suchen und genau einen Eintrag löschen
|
||||
$sel = $conn->prepare('SELECT id, pass_hash FROM wishes_reservations WHERE wish_id = ?');
|
||||
$sel->bind_param('i',$wishId);
|
||||
$sel->bind_param('i', $wishId);
|
||||
$sel->execute();
|
||||
$res = $sel->get_result();
|
||||
|
||||
$deleted = false;
|
||||
while ($row = $res->fetch_assoc()) {
|
||||
$rid = (int)$row['id'];
|
||||
$rhash= (string)$row['pass_hash'];
|
||||
$rid = (int) $row['id'];
|
||||
$rhash = (string) $row['pass_hash'];
|
||||
if (password_verify($pw, $rhash)) {
|
||||
$del = $conn->prepare('DELETE FROM wishes_reservations WHERE id = ? LIMIT 1');
|
||||
$del->bind_param('i', $rid);
|
||||
@@ -135,9 +163,9 @@ if ($reservedstat === 0) {
|
||||
$conn->close();
|
||||
|
||||
if ($deleted) {
|
||||
$_SESSION['flash'] = ['msg'=>'Reservierung aufgehoben','type'=>'success'];
|
||||
$_SESSION['flash'] = ['msg' => 'Reservierung aufgehoben', 'type' => 'success'];
|
||||
} else {
|
||||
$_SESSION['flash'] = ['msg'=>'Kein passender Reservierungseintrag gefunden (Passwort korrekt?)','type'=>'warning'];
|
||||
$_SESSION['flash'] = ['msg' => 'Kein passender Reservierungseintrag gefunden (Passwort korrekt?)', 'type' => 'warning'];
|
||||
}
|
||||
safe_redirect_back();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user