Home Verkennen Help
Inloggen
Medowar
/
psa-orderform
1
0
Vork 0

2 Commits 97924f949c ... c5e5b1b7f7

Auteur SHA1 Bericht Datum
  Medowar c5e5b1b7f7 unifying to ' instead of " 1 maand geleden
  Medowar 1f1e3d1fda Add error handling for save operations and improve logout security 1 maand geleden
15 gewijzigde bestanden met toevoegingen van 372 en 277 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 75 58
      admin/admins.php
  2. 45 32
      admin/categories.php
  3. 12 8
      admin/faq.php
  4. 4 1
      admin/index.php
  5. 32 16
      admin/login.php
  6. 18 18
      admin/orders.php
  7. 50 37
      admin/organizations.php
  8. 51 37
      admin/products.php
  9. 15 11
      admin/settings.php
  10. 4 4
      cart.php
  11. 14 14
      checkout.php
  12. 10 0
      config.sample.php
  13. 36 35
      includes/functions.php
  14. 2 2
      index.php
  15. 4 4
      product.php

+ 75 - 58
admin/admins.php
Bestand weergeven 

@@ -3,7 +3,7 @@ require_once __DIR__ . "/../config.php";
 
 require_once __DIR__ . "/../includes/functions.php";
 
 
 // Check admin login
 
-if (!isset($_SESSION["admin_logged_in"]) || !$_SESSION["admin_logged_in"]) {
 
+if (!isset($_SESSION['admin_logged_in']) || !$_SESSION['admin_logged_in']) {
 
     header("Location: login.php");
 
     exit();
 
 }
 
@@ -24,20 +24,20 @@ function isValidAdminEmailInput($email)
 
     return isValidAdminEmail($email);
 
 }
 
 
-if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
+if ($_SERVER['REQUEST_METHOD'] === "POST") {
 
     // Validate CSRF token
 
-    if (!validateCsrfToken($_POST["csrf_token"] ?? "")) {
 
+    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
 
         $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
 
         $messageType = "error";
 
     } else {
 
-        if (isset($_POST["add_admin"])) {
 
-            $username = normalizeAdminUsername($_POST["username"] ?? "");
 
+        if (isset($_POST['add_admin'])) {
 
+            $username = normalizeAdminUsername($_POST['username'] ?? "");
 
             $description = normalizeAdminDescription(
 
-                $_POST["description"] ?? "",
 
+                $_POST['description'] ?? "",
 
             );
 
-            $email = normalizeAdminEmail($_POST["email"] ?? "");
 
-            $password = $_POST["password"] ?? "";
 
-            $passwordConfirm = $_POST["password_confirm"] ?? "";
 
+            $email = normalizeAdminEmail($_POST['email'] ?? "");
 
+            $password = $_POST['password'] ?? "";
 
+            $passwordConfirm = $_POST['password_confirm'] ?? "";
 
 
             if (!isValidAdminUsername($username)) {
 
                 $message =
 
@@ -67,24 +67,28 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
                     "description" => $description,
 
                     "email" => $email,
 
                 ];
 
-                saveAdminAccounts($adminAccounts);
 
-                logAccess("Admin added admin account", [
 
-                    "username" => $username,
 
-                    "description" => $description,
 
-                ]);
 
-                $message = "Admin wurde erfolgreich angelegt.";
 
-                $messageType = "success";
 
+                if (saveAdminAccounts($adminAccounts)) {
 
+                    logAccess("Admin added admin account", [
 
+                        "username" => $username,
 
+                        "description" => $description,
 
+                    ]);
 
+                    $message = "Admin wurde erfolgreich angelegt.";
 
+                    $messageType = "success";
 
+                } else {
 
+                    $message = "Admin konnte nicht gespeichert werden.";
 
+                    $messageType = "error";
 
+                }
 
             }
 
         }
 
 
-        if (isset($_POST["update_description"])) {
 
+        if (isset($_POST['update_description'])) {
 
             $targetUsername = normalizeAdminUsername(
 
-                $_POST["target_username"] ?? "",
 
+                $_POST['target_username'] ?? "",
 
             );
 
             $description = normalizeAdminDescription(
 
-                $_POST["description"] ?? "",
 
+                $_POST['description'] ?? "",
 
             );
 
-            $email = normalizeAdminEmail($_POST["email"] ?? "");
 
+            $email = normalizeAdminEmail($_POST['email'] ?? "");
 
 
             if (!isset($adminAccounts[$targetUsername])) {
 
                 $message = "Admin nicht gefunden.";
 
@@ -98,21 +102,25 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
             } else {
 
                 $adminAccounts[$targetUsername]["description"] = $description;
 
                 $adminAccounts[$targetUsername]["email"] = $email;
 
-                saveAdminAccounts($adminAccounts);
 
-                logAccess("Admin updated admin description", [
 
-                    "username" => $targetUsername,
 
-                ]);
 
-                $message = "Beschreibung und E-Mail wurden aktualisiert.";
 
-                $messageType = "success";
 
+                if (saveAdminAccounts($adminAccounts)) {
 
+                    logAccess("Admin updated admin description", [
 
+                        "username" => $targetUsername,
 
+                    ]);
 
+                    $message = "Beschreibung und E-Mail wurden aktualisiert.";
 
+                    $messageType = "success";
 
+                } else {
 
+                    $message = "Änderungen konnten nicht gespeichert werden.";
 
+                    $messageType = "error";
 
+                }
 
             }
 
         }
 
 
-        if (isset($_POST["change_password"])) {
 
+        if (isset($_POST['change_password'])) {
 
             $targetUsername = normalizeAdminUsername(
 
-                $_POST["target_username"] ?? "",
 
+                $_POST['target_username'] ?? "",
 
             );
 
-            $newPassword = $_POST["new_password"] ?? "";
 
-            $newPasswordConfirm = $_POST["new_password_confirm"] ?? "";
 
+            $newPassword = $_POST['new_password'] ?? "";
 
+            $newPasswordConfirm = $_POST['new_password_confirm'] ?? "";
 
 
             if (!isset($adminAccounts[$targetUsername])) {
 
                 $message = "Admin nicht gefunden.";
 
@@ -127,18 +135,22 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
                 $adminAccounts[$targetUsername][
 
                     "password_hash"
 
                 ] = password_hash($newPassword, PASSWORD_BCRYPT);
 
-                saveAdminAccounts($adminAccounts);
 
-                logAccess("Admin changed admin password", [
 
-                    "username" => $targetUsername,
 
-                ]);
 
-                $message = "Passwort wurde aktualisiert.";
 
-                $messageType = "success";
 
+                if (saveAdminAccounts($adminAccounts)) {
 
+                    logAccess("Admin changed admin password", [
 
+                        "username" => $targetUsername,
 
+                    ]);
 
+                    $message = "Passwort wurde aktualisiert.";
 
+                    $messageType = "success";
 
+                } else {
 
+                    $message = "Passwort konnte nicht gespeichert werden.";
 
+                    $messageType = "error";
 
+                }
 
             }
 
         }
 
 
-        if (isset($_POST["delete_admin"])) {
 
+        if (isset($_POST['delete_admin'])) {
 
             $targetUsername = normalizeAdminUsername(
 
-                $_POST["target_username"] ?? "",
 
+                $_POST['target_username'] ?? "",
 
             );
 
 
             if (!isset($adminAccounts[$targetUsername])) {
 
@@ -146,24 +158,29 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
                 $messageType = "error";
 
             } else {
 
                 unset($adminAccounts[$targetUsername]);
 
-                saveAdminAccounts($adminAccounts);
 
-                logAccess("Admin deleted admin account", [
 
-                    "username" => $targetUsername,
 
-                ]);
 
+                if (!saveAdminAccounts($adminAccounts)) {
 
+                    $message = "Admin konnte nicht gelöscht werden.";
 
+                    $messageType = "error";
 
+                    $adminAccounts = getAdminAccounts();
 
+                } else {
 
+                    logAccess("Admin deleted admin account", [
 
+                        "username" => $targetUsername,
 
+                    ]);
 
 
-                if (
 
-                    isset($_SESSION["admin_username"]) &&
 
-                    $_SESSION["admin_username"] === $targetUsername
 
-                ) {
 
-                    $_SESSION["admin_logged_in"] = false;
 
-                    unset($_SESSION["admin_username"]);
 
-                    session_destroy();
 
-                    header("Location: login.php");
 
-                    exit();
 
-                }
 
+                    if (
 
+                        isset($_SESSION['admin_username']) &&
 
+                        $_SESSION['admin_username'] === $targetUsername
 
+                    ) {
 
+                        $_SESSION['admin_logged_in'] = false;
 
+                        unset($_SESSION['admin_username']);
 
+                        session_destroy();
 
+                        header("Location: login.php");
 
+                        exit();
 
+                    }
 
 
-                $message = "Admin wurde gelöscht.";
 
-                $messageType = "success";
 
+                    $message = "Admin wurde gelöscht.";
 
+                    $messageType = "success";
 
+                }
 
             }
 
         }
 
 
@@ -171,13 +188,13 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
     }
 
 }
 
 
-$currentAdmin = isset($_SESSION["admin_username"])
 
-    ? normalizeAdminUsername($_SESSION["admin_username"])
 
+$currentAdmin = isset($_SESSION['admin_username'])
 
+    ? normalizeAdminUsername($_SESSION['admin_username'])
 
     : "";
 
-$changeUsername = normalizeAdminUsername($_GET["change"] ?? "");
 
+$changeUsername = normalizeAdminUsername($_GET['change'] ?? "");
 
 $selectedChangeUser = null;
 
 $editDescriptionUsername = normalizeAdminUsername(
 
-    $_GET["edit_description"] ?? "",
 
+    $_GET['edit_description'] ?? "",
 
 );
 
 $selectedDescriptionUser = null;

+ 45 - 32
admin/categories.php
Bestand weergeven 

@@ -3,7 +3,7 @@ require_once __DIR__ . "/../config.php";
 
 require_once __DIR__ . "/../includes/functions.php";
 
 
 // Check admin login
 
-if (!isset($_SESSION["admin_logged_in"]) || !$_SESSION["admin_logged_in"]) {
 
+if (!isset($_SESSION['admin_logged_in']) || !$_SESSION['admin_logged_in']) {
 
     header("Location: login.php");
 
     exit();
 
 }
 
@@ -14,14 +14,14 @@ $messageType = "";
 
 $categories = getCategories();
 
 $products = getProducts();
 
 
-if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
+if ($_SERVER['REQUEST_METHOD'] === "POST") {
 
     // Validate CSRF token
 
-    if (!validateCsrfToken($_POST["csrf_token"] ?? "")) {
 
+    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
 
         $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
 
         $messageType = "error";
 
     } else {
 
-        if (isset($_POST["add_category"])) {
 
-            $label = normalizeCategoryLabel($_POST["label"] ?? "");
 
+        if (isset($_POST['add_category'])) {
 
+            $label = normalizeCategoryLabel($_POST['label'] ?? "");
 
 
             if (!isValidCategoryLabel($label)) {
 
                 $message =
 
@@ -33,19 +33,23 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
                     "id" => $categoryId,
 
                     "label" => $label,
 
                 ];
 
-                saveCategories($categories);
 
-                logAccess("Admin added category", [
 
-                    "category_id" => $categoryId,
 
-                    "label" => $label,
 
-                ]);
 
-                $message = "Kategorie wurde erfolgreich angelegt.";
 
-                $messageType = "success";
 
+                if (saveCategories($categories)) {
 
+                    logAccess("Admin added category", [
 
+                        "category_id" => $categoryId,
 
+                        "label" => $label,
 
+                    ]);
 
+                    $message = "Kategorie wurde erfolgreich angelegt.";
 
+                    $messageType = "success";
 
+                } else {
 
+                    $message = "Kategorie konnte nicht gespeichert werden.";
 
+                    $messageType = "error";
 
+                }
 
             }
 
         }
 
 
-        if (isset($_POST["update_category"])) {
 
-            $categoryId = normalizeCategoryId($_POST["category_id"] ?? "");
 
-            $label = normalizeCategoryLabel($_POST["label"] ?? "");
 
+        if (isset($_POST['update_category'])) {
 
+            $categoryId = normalizeCategoryId($_POST['category_id'] ?? "");
 
+            $label = normalizeCategoryLabel($_POST['label'] ?? "");
 
             $found = false;
 
 
             if (!isValidCategoryLabel($label)) {
 
@@ -66,19 +70,24 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
                     $message = "Kategorie nicht gefunden.";
 
                     $messageType = "error";
 
                 } else {
 
-                    saveCategories($categories);
 
-                    logAccess("Admin updated category", [
 
-                        "category_id" => $categoryId,
 
-                        "label" => $label,
 
-                    ]);
 
-                    $message = "Kategorie wurde erfolgreich aktualisiert.";
 
-                    $messageType = "success";
 
+                    if (saveCategories($categories)) {
 
+                        logAccess("Admin updated category", [
 
+                            "category_id" => $categoryId,
 
+                            "label" => $label,
 
+                        ]);
 
+                        $message = "Kategorie wurde erfolgreich aktualisiert.";
 
+                        $messageType = "success";
 
+                    } else {
 
+                        $message =
 
+                            "Kategorie konnte nicht gespeichert werden.";
 
+                        $messageType = "error";
 
+                    }
 
                 }
 
             }
 
         }
 
 
-        if (isset($_POST["delete_category"])) {
 
-            $categoryId = normalizeCategoryId($_POST["category_id"] ?? "");
 
+        if (isset($_POST['delete_category'])) {
 
+            $categoryId = normalizeCategoryId($_POST['category_id'] ?? "");
 
             $label = "";
 
             $found = false;
 
 
@@ -106,13 +115,17 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
                     $message = "Kategorie nicht gefunden.";
 
                     $messageType = "error";
 
                 } else {
 
-                    saveCategories($categories);
 
-                    logAccess("Admin deleted category", [
 
-                        "category_id" => $categoryId,
 
-                        "label" => $label,
 
-                    ]);
 
-                    $message = "Kategorie wurde gelöscht.";
 
-                    $messageType = "success";
 
+                    if (saveCategories($categories)) {
 
+                        logAccess("Admin deleted category", [
 
+                            "category_id" => $categoryId,
 
+                            "label" => $label,
 
+                        ]);
 
+                        $message = "Kategorie wurde gelöscht.";
 
+                        $messageType = "success";
 
+                    } else {
 
+                        $message = "Kategorie konnte nicht gelöscht werden.";
 
+                        $messageType = "error";
 
+                    }
 
                 }
 
             }
 
         }
 
@@ -122,7 +135,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
     }
 
 }
 
 
-$editCategoryId = normalizeCategoryId($_GET["edit"] ?? "");
 
+$editCategoryId = normalizeCategoryId($_GET['edit'] ?? "");
 
 $editingCategory = null;
 
 if ($editCategoryId !== "") {
 
     $editingCategory = getCategoryById($editCategoryId);

+ 12 - 8
admin/faq.php
Bestand weergeven 

@@ -3,7 +3,7 @@ require_once __DIR__ . "/../config.php";
 
 require_once __DIR__ . "/../includes/functions.php";
 
 
 // Check admin login
 
-if (!isset($_SESSION["admin_logged_in"]) || !$_SESSION["admin_logged_in"]) {
 
+if (!isset($_SESSION['admin_logged_in']) || !$_SESSION['admin_logged_in']) {
 
     header("Location: login.php");
 
     exit();
 
 }
 
@@ -12,17 +12,21 @@ $pageTitle = "FAQ bearbeiten";
 
 $message = "";
 
 $messageType = "";
 
 
-if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["save_faq"])) {
 
+if ($_SERVER['REQUEST_METHOD'] === "POST" && isset($_POST['save_faq'])) {
 
     // Validate CSRF token
 
-    if (!validateCsrfToken($_POST["csrf_token"] ?? "")) {
 
+    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
 
         $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
 
         $messageType = "error";
 
     } else {
 
-        $content = isset($_POST["content"]) ? (string) $_POST["content"] : "";
 
-        saveFaqContent($content);
 
-        logAccess("Admin updated FAQ content");
 
-        $message = "FAQ-Inhalt wurde gespeichert.";
 
-        $messageType = "success";
 
+        $content = isset($_POST['content']) ? (string) $_POST['content'] : "";
 
+        if (saveFaqContent($content)) {
 
+            logAccess("Admin updated FAQ content");
 
+            $message = "FAQ-Inhalt wurde gespeichert.";
 
+            $messageType = "success";
 
+        } else {
 
+            $message = "FAQ-Inhalt konnte nicht gespeichert werden.";
 
+            $messageType = "error";
 
+        }
 
     }
 
 }

+ 4 - 1
admin/index.php
Bestand weergeven 

@@ -61,7 +61,10 @@ include __DIR__ . '/../includes/header.php';
 
                 <a href="settings.php">Einstellungen</a>
 
                 <a href="faq.php">FAQ bearbeiten</a>
 
                 <a href="admins.php">Admins verwalten</a>
 
-                <a href="login.php?logout=1">Abmelden</a>
 
+                <form method="POST" action="login.php" class="inline-form">
 
+                    <?php echo csrfField(); ?>
 
+                    <button type="submit" name="logout" class="btn btn-secondary btn-small">Abmelden</button>
 
+                </form>
 
             </div>
 
         </details>
 
     </div>

+ 32 - 16
admin/login.php
Bestand weergeven 

@@ -2,32 +2,48 @@
 
 require_once __DIR__ . "/../config.php";
 
 require_once __DIR__ . "/../includes/functions.php";
 
 
-// Handle logout
 
-if (isset($_GET["logout"])) {
 
-    $_SESSION["admin_logged_in"] = false;
 
-    unset($_SESSION["admin_username"]);
 
-    session_destroy();
 
-    header("Location: login.php");
 
-    exit();
 
-}
 
-
 
 $error = "";
 
 
-if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
+// Handle logout via POST + CSRF
 
+if ($_SERVER['REQUEST_METHOD'] === "POST" && isset($_POST['logout'])) {
 
+    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
 
+        $error = "Ungültiges Token. Bitte versuchen Sie es erneut.";
 
+    } else {
 
+        $_SESSION = [];
 
+        if (ini_get("session.use_cookies")) {
 
+            $params = session_get_cookie_params();
 
+            setcookie(
 
+                session_name(),
 
+                "",
 
+                time() - 42000,
 
+                $params["path"],
 
+                $params["domain"],
 
+                $params["secure"],
 
+                $params["httponly"],
 
+            );
 
+        }
 
+        session_destroy();
 
+        header("Location: login.php");
 
+        exit();
 
+    }
 
+}
 
+
 
+if ($_SERVER['REQUEST_METHOD'] === "POST") {
 
     // Validate CSRF token
 
-    if (!validateCsrfToken($_POST["csrf_token"] ?? "")) {
 
+    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
 
         $error = "Ungültiges Token. Bitte versuchen Sie es erneut.";
 
     } else {
 
-        $username = normalizeAdminUsername($_POST["username"] ?? "");
 
-        $password = $_POST["password"] ?? "";
 
+        $username = normalizeAdminUsername($_POST['username'] ?? "");
 
+        $password = $_POST['password'] ?? "";
 
 
         $users = getAdminUsers();
 
         if (
 
             isset($users[$username]) &&
 
             password_verify($password, $users[$username])
 
         ) {
 
-            $_SESSION["admin_logged_in"] = true;
 
-            $_SESSION["admin_username"] = $username;
 
+            session_regenerate_id(true);
 
+            $_SESSION['admin_logged_in'] = true;
 
+            $_SESSION['admin_username'] = $username;
 
             logAccess("Admin login successful", ["username" => $username]);
 
             header("Location: index.php");
 
             exit();
 
@@ -39,7 +55,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
 }
 
 
 // Redirect if already logged in
 
-if (isset($_SESSION["admin_logged_in"]) && $_SESSION["admin_logged_in"]) {
 
+if (isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in']) {
 
     header("Location: index.php");
 
     exit();
 
 }

+ 18 - 18
admin/orders.php
Bestand weergeven 

@@ -2,7 +2,7 @@
 
 require_once __DIR__ . "/../config.php";
 
 require_once __DIR__ . "/../includes/functions.php";
 
 
-if (empty($_SESSION["admin_logged_in"])) {
 
+if (empty($_SESSION['admin_logged_in'])) {
 
     header("Location: login.php");
 
     exit();
 
 }
 
@@ -14,17 +14,17 @@ $message = "";
 
 $messageType = "";
 
 
 if (
 
-    $_SERVER["REQUEST_METHOD"] === "POST" &&
 
-    isset($_POST["toggle_item_processed"])
 
+    $_SERVER['REQUEST_METHOD'] === "POST" &&
 
+    isset($_POST['toggle_item_processed'])
 
 ) {
 
     // Validate CSRF token
 
-    if (!validateCsrfToken($_POST["csrf_token"] ?? "")) {
 
+    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
 
         $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
 
         $messageType = "error";
 
     } else {
 
         $result = toggleOrderItemProcessed(
 
-            $_POST["order_id"] ?? "",
 
-            (int) ($_POST["item_index"] ?? -1),
 
+            $_POST['order_id'] ?? "",
 
+            (int) ($_POST['item_index'] ?? -1),
 
         );
 
         $message = $result["success"]
 
             ? "Position wurde aktualisiert."
 
@@ -33,25 +33,25 @@ if (
 
 
         if ($result["success"]) {
 
             logAccess("Admin toggled order item", [
 
-                "admin" => $_SESSION["admin_username"] ?? "unknown",
 
-                "order_id" => $_POST["order_id"] ?? "",
 
-                "item_index" => $_POST["item_index"] ?? -1,
 
+                "admin" => $_SESSION['admin_username'] ?? "unknown",
 
+                "order_id" => $_POST['order_id'] ?? "",
 
+                "item_index" => $_POST['item_index'] ?? -1,
 
             ]);
 
         }
 
     }
 
 }
 
 
-if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["cancel_order"])) {
 
+if ($_SERVER['REQUEST_METHOD'] === "POST" && isset($_POST['cancel_order'])) {
 
     // Validate CSRF token
 
-    if (!validateCsrfToken($_POST["csrf_token"] ?? "")) {
 
+    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
 
         $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
 
         $messageType = "error";
 
     } else {
 
-        $adminUsername = $_SESSION["admin_username"] ?? "";
 
+        $adminUsername = $_SESSION['admin_username'] ?? "";
 
         $result = cancelOrder(
 
-            $_POST["order_id"] ?? "",
 
+            $_POST['order_id'] ?? "",
 
             $adminUsername,
 
-            $_POST["cancellation_reason"] ?? "",
 
+            $_POST['cancellation_reason'] ?? "",
 
         );
 
         $message = $result["success"]
 
             ? "Bestellung wurde storniert."
 
@@ -61,7 +61,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["cancel_order"])) {
 
         if ($result["success"]) {
 
             logAccess("Admin cancelled order", [
 
                 "admin" => $adminUsername,
 
-                "order_id" => $_POST["order_id"] ?? "",
 
+                "order_id" => $_POST['order_id'] ?? "",
 
             ]);
 
         }
 
     }
 
@@ -72,9 +72,9 @@ usort($orders, function ($left, $right) {
 
     return strcmp($right["created_at"], $left["created_at"]);
 
 });
 
 
-$filter = trim((string) ($_GET["filter"] ?? "all"));
 
-$searchOrderId = trim((string) ($_GET["order_id"] ?? ""));
 
-$selectedOrderId = trim((string) ($_GET["details"] ?? $searchOrderId));
 
+$filter = trim((string) ($_GET['filter'] ?? "all"));
 
+$searchOrderId = trim((string) ($_GET['order_id'] ?? ""));
 
+$selectedOrderId = trim((string) ($_GET['details'] ?? $searchOrderId));
 
 
 if ($searchOrderId !== "") {
 
     $orders = array_values(

+ 50 - 37
admin/organizations.php
Bestand weergeven 

@@ -2,7 +2,7 @@
 
 require_once __DIR__ . "/../config.php";
 
 require_once __DIR__ . "/../includes/functions.php";
 
 
-if (empty($_SESSION["admin_logged_in"])) {
 
+if (empty($_SESSION['admin_logged_in'])) {
 
     header("Location: login.php");
 
     exit();
 
 }
 
@@ -12,16 +12,16 @@ $message = "";
 
 $messageType = "";
 
 $organizations = getOrganizations(false);
 
 
-if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
+if ($_SERVER['REQUEST_METHOD'] === "POST") {
 
     // Validate CSRF token
 
-    if (!validateCsrfToken($_POST["csrf_token"] ?? "")) {
 
+    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
 
         $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
 
         $messageType = "error";
 
     } else {
 
-        if (isset($_POST["add_organization"])) {
 
-            $label = normalizeOrganizationLabel($_POST["label"] ?? "");
 
-            $sortOrder = (int) ($_POST["sort_order"] ?? 0);
 
-            $active = isset($_POST["active"]);
 
+        if (isset($_POST['add_organization'])) {
 
+            $label = normalizeOrganizationLabel($_POST['label'] ?? "");
 
+            $sortOrder = (int) ($_POST['sort_order'] ?? 0);
 
+            $active = isset($_POST['active']);
 
 
             if (!isValidOrganizationLabel($label)) {
 
                 $message =
 
@@ -38,23 +38,27 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
                     "sort_order" => $sortOrder,
 
                     "active" => $active,
 
                 ];
 
-                saveOrganizations($organizations);
 
-                logAccess("Admin added organization", [
 
-                    "org_id" => $orgId,
 
-                    "label" => $label,
 
-                ]);
 
-                $message = "Organisation wurde angelegt.";
 
-                $messageType = "success";
 
+                if (saveOrganizations($organizations)) {
 
+                    logAccess("Admin added organization", [
 
+                        "org_id" => $orgId,
 
+                        "label" => $label,
 
+                    ]);
 
+                    $message = "Organisation wurde angelegt.";
 
+                    $messageType = "success";
 
+                } else {
 
+                    $message = "Organisation konnte nicht gespeichert werden.";
 
+                    $messageType = "error";
 
+                }
 
             }
 
         }
 
 
-        if (isset($_POST["update_organization"])) {
 
+        if (isset($_POST['update_organization'])) {
 
             $organizationId = normalizeOrganizationId(
 
-                $_POST["organization_id"] ?? "",
 
+                $_POST['organization_id'] ?? "",
 
             );
 
-            $label = normalizeOrganizationLabel($_POST["label"] ?? "");
 
-            $sortOrder = (int) ($_POST["sort_order"] ?? 0);
 
-            $active = isset($_POST["active"]);
 
+            $label = normalizeOrganizationLabel($_POST['label'] ?? "");
 
+            $sortOrder = (int) ($_POST['sort_order'] ?? 0);
 
+            $active = isset($_POST['active']);
 
             $updated = false;
 
 
             if (!isValidOrganizationLabel($label)) {
 
@@ -76,13 +80,18 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
                 unset($organization);
 
 
                 if ($updated) {
 
-                    saveOrganizations($organizations);
 
-                    logAccess("Admin updated organization", [
 
-                        "org_id" => $organizationId,
 
-                        "label" => $label,
 
-                    ]);
 
-                    $message = "Organisation wurde aktualisiert.";
 
-                    $messageType = "success";
 
+                    if (saveOrganizations($organizations)) {
 
+                        logAccess("Admin updated organization", [
 
+                            "org_id" => $organizationId,
 
+                            "label" => $label,
 
+                        ]);
 
+                        $message = "Organisation wurde aktualisiert.";
 
+                        $messageType = "success";
 
+                    } else {
 
+                        $message =
 
+                            "Organisation konnte nicht gespeichert werden.";
 
+                        $messageType = "error";
 
+                    }
 
                 } else {
 
                     $message = "Organisation nicht gefunden.";
 
                     $messageType = "error";
 
@@ -90,9 +99,9 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
             }
 
         }
 
 
-        if (isset($_POST["delete_organization"])) {
 
+        if (isset($_POST['delete_organization'])) {
 
             $organizationId = normalizeOrganizationId(
 
-                $_POST["organization_id"] ?? "",
 
+                $_POST['organization_id'] ?? "",
 
             );
 
             $orgLabel = "";
 
             $found = false;
 
@@ -109,21 +118,25 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
                     return $organization["id"] !== $organizationId;
 
                 }),
 
             );
 
-            saveOrganizations($organizations);
 
-            logAccess("Admin deleted organization", [
 
-                "org_id" => $organizationId,
 
-                "label" => $orgLabel,
 
-            ]);
 
-            $message = "Organisation wurde gelöscht.";
 
-            $messageType = "success";
 
+            if (saveOrganizations($organizations)) {
 
+                logAccess("Admin deleted organization", [
 
+                    "org_id" => $organizationId,
 
+                    "label" => $orgLabel,
 
+                ]);
 
+                $message = "Organisation wurde gelöscht.";
 
+                $messageType = "success";
 
+            } else {
 
+                $message = "Organisation konnte nicht gelöscht werden.";
 
+                $messageType = "error";
 
+            }
 
         }
 
 
         $organizations = getOrganizations(false);
 
     }
 
 }
 
 
-$editingOrganization = isset($_GET["edit"])
 
-    ? getOrganizationById($_GET["edit"])
 
+$editingOrganization = isset($_GET['edit'])
 
+    ? getOrganizationById($_GET['edit'])
 
     : null;
 
 
 $bodyClass = "admin-page";

+ 51 - 37
admin/products.php
Bestand weergeven 

@@ -2,7 +2,7 @@
 
 require_once __DIR__ . "/../config.php";
 
 require_once __DIR__ . "/../includes/functions.php";
 
 
-if (empty($_SESSION["admin_logged_in"])) {
 
+if (empty($_SESSION['admin_logged_in'])) {
 
     header("Location: login.php");
 
     exit();
 
 }
 
@@ -142,9 +142,9 @@ function getSubmittedProductCategoryIds($submittedValues)
 
     return $validCategoryIds;
 
 }
 
 
-if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
+if ($_SERVER['REQUEST_METHOD'] === "POST") {
 
     // Validate CSRF token
 
-    if (!validateCsrfToken($_POST["csrf_token"] ?? "")) {
 
+    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
 
         $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
 
         $messageType = "error";
 
     } else {
 
@@ -154,8 +154,8 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
             $message = "Bitte zuerst mindestens eine Kategorie anlegen.";
 
             $messageType = "error";
 
         } elseif (
 
-            isset($_POST["add_product"]) ||
 
-            isset($_POST["update_product"])
 
+            isset($_POST['add_product']) ||
 
+            isset($_POST['update_product'])
 
         ) {
 
             $uploadResult = handleImageUpload();
 
             if (!$uploadResult["success"]) {
 
@@ -164,8 +164,8 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
             } else {
 
                 $categoryIds = getSubmittedProductCategoryIds($_POST);
 
                 $existingLabels = [];
 
-                $productId = isset($_POST["product_id"])
 
-                    ? (int) $_POST["product_id"]
 
+                $productId = isset($_POST['product_id'])
 
+                    ? (int) $_POST['product_id']
 
                     : 0;
 
                 foreach ($products as $product) {
 
                     if ((int) $product["id"] === $productId) {
 
@@ -175,7 +175,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
                 }
 
 
                 $sizeData = buildProductAvailabilityFields(
 
-                    $_POST["sizes"] ?? "",
 
+                    $_POST['sizes'] ?? "",
 
                     $_POST,
 
                     $existingLabels,
 
                 );
 
@@ -186,15 +186,15 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
                     $messageType = "error";
 
                 } else {
 
                     $record = [
 
-                        "name" => sanitize($_POST["name"] ?? ""),
 
+                        "name" => sanitize($_POST['name'] ?? ""),
 
                         "description" => trim(
 
-                            (string) ($_POST["description"] ?? ""),
 
+                            (string) ($_POST['description'] ?? ""),
 
                         ),
 
                         "categories" => $categoryIds,
 
                         "image" =>
 
                             $uploadResult["filename"] !== null
 
                                 ? $uploadResult["filename"]
 
-                                : trim((string) ($_POST["image"] ?? "")),
 
+                                : trim((string) ($_POST['image'] ?? "")),
 
                         "sizes" => $sizeData["sizes"],
 
                         "availability_labels" =>
 
                             $sizeData["availability_labels"],
 
@@ -203,7 +203,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
                     if ($record["name"] === "") {
 
                         $message = "Bitte einen Produktnamen eingeben.";
 
                         $messageType = "error";
 
-                    } elseif (isset($_POST["add_product"])) {
 
+                    } elseif (isset($_POST['add_product'])) {
 
                         $newId = empty($products)
 
                             ? 1
 
                             : max(
 
@@ -213,13 +213,18 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
                                 ) + 1;
 
                         $record["id"] = $newId;
 
                         $products[] = $record;
 
-                        saveProducts($products);
 
-                        logAccess("Admin added product", [
 
-                            "product_id" => $newId,
 
-                            "product_name" => $record["name"],
 
-                        ]);
 
-                        $message = "Produkt wurde angelegt.";
 
-                        $messageType = "success";
 
+                        if (saveProducts($products)) {
 
+                            logAccess("Admin added product", [
 
+                                "product_id" => $newId,
 
+                                "product_name" => $record["name"],
 
+                            ]);
 
+                            $message = "Produkt wurde angelegt.";
 
+                            $messageType = "success";
 
+                        } else {
 
+                            $message =
 
+                                "Produkt konnte nicht gespeichert werden.";
 
+                            $messageType = "error";
 
+                        }
 
                     } else {
 
                         $updated = false;
 
                         foreach ($products as &$product) {
 
@@ -233,13 +238,18 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
                         unset($product);
 
 
                         if ($updated) {
 
-                            saveProducts($products);
 
-                            logAccess("Admin updated product", [
 
-                                "product_id" => $productId,
 
-                                "product_name" => $record["name"],
 
-                            ]);
 
-                            $message = "Produkt wurde aktualisiert.";
 
-                            $messageType = "success";
 
+                            if (saveProducts($products)) {
 
+                                logAccess("Admin updated product", [
 
+                                    "product_id" => $productId,
 
+                                    "product_name" => $record["name"],
 
+                                ]);
 
+                                $message = "Produkt wurde aktualisiert.";
 
+                                $messageType = "success";
 
+                            } else {
 
+                                $message =
 
+                                    "Produkt konnte nicht gespeichert werden.";
 
+                                $messageType = "error";
 
+                            }
 
                         } else {
 
                             $message = "Produkt nicht gefunden.";
 
                             $messageType = "error";
 
@@ -249,8 +259,8 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
             }
 
         }
 
 
-        if (isset($_POST["delete_product"])) {
 
-            $productId = (int) ($_POST["product_id"] ?? 0);
 
+        if (isset($_POST['delete_product'])) {
 
+            $productId = (int) ($_POST['product_id'] ?? 0);
 
             $productName = "";
 
             foreach ($products as $product) {
 
                 if ((int) $product["id"] === $productId) {
 
@@ -263,20 +273,24 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 
                     return (int) $product["id"] !== $productId;
 
                 }),
 
             );
 
-            saveProducts($products);
 
-            logAccess("Admin deleted product", [
 
-                "product_id" => $productId,
 
-                "product_name" => $productName,
 
-            ]);
 
-            $message = "Produkt wurde gelöscht.";
 
-            $messageType = "success";
 
+            if (saveProducts($products)) {
 
+                logAccess("Admin deleted product", [
 
+                    "product_id" => $productId,
 
+                    "product_name" => $productName,
 
+                ]);
 
+                $message = "Produkt wurde gelöscht.";
 
+                $messageType = "success";
 
+            } else {
 
+                $message = "Produkt konnte nicht gelöscht werden.";
 
+                $messageType = "error";
 
+            }
 
         }
 
     }
 
 }
 
 
 $products = getProducts();
 
-$editingProduct = isset($_GET["edit"])
 
-    ? getProductById((int) $_GET["edit"])
 
+$editingProduct = isset($_GET['edit'])
 
+    ? getProductById((int) $_GET['edit'])
 
     : null;
 
 
 $bodyClass = "admin-page";

+ 15 - 11
admin/settings.php
Bestand weergeven 

@@ -2,7 +2,7 @@
 
 require_once __DIR__ . "/../config.php";
 
 require_once __DIR__ . "/../includes/functions.php";
 
 
-if (empty($_SESSION["admin_logged_in"])) {
 
+if (empty($_SESSION['admin_logged_in'])) {
 
     header("Location: login.php");
 
     exit();
 
 }
 
@@ -11,28 +11,32 @@ $pageTitle = "Einstellungen";
 
 $message = "";
 
 $messageType = "";
 
 
-if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["save_settings"])) {
 
+if ($_SERVER['REQUEST_METHOD'] === "POST" && isset($_POST['save_settings'])) {
 
     // Validate CSRF token
 
-    if (!validateCsrfToken($_POST["csrf_token"] ?? "")) {
 
+    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
 
         $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
 
         $messageType = "error";
 
     } else {
 
         $settings = [
 
-            "order_recipient_email" => $_POST["order_recipient_email"] ?? "",
 
+            "order_recipient_email" => $_POST['order_recipient_email'] ?? "",
 
             "order_confirmation_required" => isset(
 
-                $_POST["order_confirmation_required"],
 
+                $_POST['order_confirmation_required'],
 
             ),
 
             "order_confirmation_expiry_days" =>
 
-                (int) ($_POST["order_confirmation_expiry_days"] ?? 7),
 
+                (int) ($_POST['order_confirmation_expiry_days'] ?? 7),
 
             "attach_order_pdf_to_admin_email" => isset(
 
-                $_POST["attach_order_pdf_to_admin_email"],
 
+                $_POST['attach_order_pdf_to_admin_email'],
 
             ),
 
         ];
 
 
-        saveSystemSettings($settings);
 
-        logAccess("Admin updated system settings");
 
-        $message = "Einstellungen wurden gespeichert.";
 
-        $messageType = "success";
 
+        if (saveSystemSettings($settings)) {
 
+            logAccess("Admin updated system settings");
 
+            $message = "Einstellungen wurden gespeichert.";
 
+            $messageType = "success";
 
+        } else {
 
+            $message = "Einstellungen konnten nicht gespeichert werden.";
 
+            $messageType = "error";
 
+        }
 
     }
 
 }

+ 4 - 4
cart.php
Bestand weergeven 

@@ -5,12 +5,12 @@ require_once __DIR__ . "/includes/functions.php";
 
 $pageTitle = "Warenkorb";
 
 
 if (
 
-    $_SERVER["REQUEST_METHOD"] === "POST" &&
 
-    isset($_POST["remove_item_index"])
 
+    $_SERVER['REQUEST_METHOD'] === "POST" &&
 
+    isset($_POST['remove_item_index'])
 
 ) {
 
     // Validate CSRF token
 
-    if (validateCsrfToken($_POST["csrf_token"] ?? "")) {
 
-        removeCartItemByIndex((int) $_POST["remove_item_index"]);
 
+    if (validateCsrfToken($_POST['csrf_token'] ?? "")) {
 
+        removeCartItemByIndex((int) $_POST['remove_item_index']);
 
     }
 
 }

+ 14 - 14
checkout.php
Bestand weergeven 

@@ -12,9 +12,9 @@ if (empty($cartItems)) {
 
     exit();
 
 }
 
 
-if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["create_order"])) {
 
+if ($_SERVER['REQUEST_METHOD'] === "POST" && isset($_POST['create_order'])) {
 
     // Validate CSRF token
 
-    if (!validateCsrfToken($_POST["csrf_token"] ?? "")) {
 
+    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
 
         $errors[] = "Ungültiges Token. Bitte versuchen Sie es erneut.";
 
     } else {
 
         $validator = new Validator($_POST);
 
@@ -30,7 +30,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["create_order"])) {
 
             ->maxLength("comment", 1000, "Kommentar");
 
 
         // Validate organization exists
 
-        $organizationId = $_POST["organization_id"] ?? "";
 
+        $organizationId = $_POST['organization_id'] ?? "";
 
         $organizations = getOrganizations(true);
 
         $validOrgIds = array_column($organizations, "id");
 
 
@@ -41,9 +41,9 @@ if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["create_order"])) {
 
         if (!$validator->isValid()) {
 
             $errors = array_merge($errors, $validator->getErrors());
 
         } else {
 
-            $customerName = trim($_POST["customer_name"]);
 
-            $customerEmail = trim(strtolower($_POST["customer_email"]));
 
-            $comment = trim($_POST["comment"] ?? "");
 
+            $customerName = trim($_POST['customer_name']);
 
+            $customerEmail = trim(strtolower($_POST['customer_email']));
 
+            $comment = trim($_POST['comment'] ?? "");
 
 
             $result = createOrder(
 
                 $customerName,
 
@@ -113,18 +113,18 @@ include __DIR__ . "/includes/header.php";
 
             <div class="form-group">
 
                 <label for="customer_name">Name *</label>
 
                 <input type="text" id="customer_name" name="customer_name" required value="<?php echo isset(
 
-                    $_POST["customer_name"],
 
+                    $_POST['customer_name'],
 
                 )
 
-                    ? escape($_POST["customer_name"])
 
+                    ? escape($_POST['customer_name'])
 
                     : ""; ?>">
 
             </div>
 
 
             <div class="form-group">
 
                 <label for="customer_email">E-Mail-Adresse *</label>
 
                 <input type="email" id="customer_email" name="customer_email" required value="<?php echo isset(
 
-                    $_POST["customer_email"],
 
+                    $_POST['customer_email'],
 
                 )
 
-                    ? escape($_POST["customer_email"])
 
+                    ? escape($_POST['customer_email'])
 
                     : ""; ?>">
 
             </div>
 
 
@@ -135,8 +135,8 @@ include __DIR__ . "/includes/header.php";
 
                     <?php foreach ($organizations as $organization): ?>
 
                         <option value="<?php echo escape(
 
                             $organization["id"],
 
-                        ); ?>" <?php echo isset($_POST["organization_id"]) &&
 
-$_POST["organization_id"] === $organization["id"]
 
+                        ); ?>" <?php echo isset($_POST['organization_id']) &&
 
+$_POST['organization_id'] === $organization["id"]
 
     ? "selected"
 
     : ""; ?>>
 
                             <?php echo escape($organization["label"]); ?>
 
@@ -148,9 +148,9 @@ $_POST["organization_id"] === $organization["id"]
 
             <div class="form-group">
 
                 <label for="comment">Kommentar</label>
 
                 <textarea id="comment" name="comment" rows="5"><?php echo isset(
 
-                    $_POST["comment"],
 
+                    $_POST['comment'],
 
                 )
 
-                    ? escape($_POST["comment"])
 
+                    ? escape($_POST['comment'])
 
                     : ""; ?></textarea>
 
             </div>

+ 10 - 0
config.sample.php
Bestand weergeven 

@@ -46,5 +46,15 @@ define('UPLOADS_URL', SITE_URL . '/data/uploads');
 
 
 // Session settings
 
 if (session_status() === PHP_SESSION_NONE) {
 
+    $isHttps =
 
+        (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== "off") ||
 
+        (isset($_SERVER['SERVER_PORT']) &&
 
+            (int) $_SERVER['SERVER_PORT'] === 443);
 
+
 
+    ini_set("session.use_strict_mode", "1");
 
+    ini_set("session.cookie_httponly", "1");
 
+    ini_set("session.cookie_secure", $isHttps ? "1" : "0");
 
+    ini_set("session.cookie_samesite", "Lax");
 
+
 
     session_start();
 
 }

+ 36 - 35
includes/functions.php
Bestand weergeven 

@@ -69,18 +69,18 @@ function escape($value)
 
  */
 
 function generateCsrfToken()
 
 {
 
-    if (empty($_SESSION["csrf_token"])) {
 
-        $_SESSION["csrf_token"] = bin2hex(random_bytes(32));
 
+    if (empty($_SESSION['csrf_token'])) {
 
+        $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
 
     }
 
-    return $_SESSION["csrf_token"];
 
+    return $_SESSION['csrf_token'];
 
 }
 
 
 function validateCsrfToken($token)
 
 {
 
-    if (empty($_SESSION["csrf_token"])) {
 
+    if (empty($_SESSION['csrf_token'])) {
 
         return false;
 
     }
 
-    return hash_equals($_SESSION["csrf_token"], $token);
 
+    return hash_equals($_SESSION['csrf_token'], $token);
 
 }
 
 
 function csrfField()
 
@@ -130,7 +130,7 @@ function setFlashMessage($key, $type, $message)
 
         return;
 
     }
 
 
-    $_SESSION["flash_messages"][$key] = [
 
+    $_SESSION['flash_messages'][$key] = [
 
         "type" => $type,
 
         "message" => $message,
 
     ];
 
@@ -143,7 +143,7 @@ function consumeFlashMessage($key)
 
         return null;
 
     }
 
 
-    $messages = $_SESSION["flash_messages"] ?? [];
 
+    $messages = $_SESSION['flash_messages'] ?? [];
 
     if (
 
         !is_array($messages) ||
 
         !isset($messages[$key]) ||
 
@@ -153,7 +153,7 @@ function consumeFlashMessage($key)
 
     }
 
 
     $message = $messages[$key];
 
-    unset($_SESSION["flash_messages"][$key]);
 
+    unset($_SESSION['flash_messages'][$key]);
 
 
     $type = trim((string) ($message["type"] ?? ""));
 
     $text = trim((string) ($message["message"] ?? ""));
 
@@ -325,7 +325,7 @@ function saveAdminAccounts($accounts)
 
     }
 
 
     ksort($result);
 
-    writeJsonFile(ADMINS_FILE, ["admins" => $result]);
 
+    return writeJsonFile(ADMINS_FILE, ["admins" => $result]);
 
 }
 
 
 function getDefaultCategories()
 
@@ -413,7 +413,7 @@ function getCategories()
 
 
 function saveCategories($categories)
 
 {
 
-    writeJsonFile(CATEGORIES_FILE, [
 
+    return writeJsonFile(CATEGORIES_FILE, [
 
         "categories" => normalizeCategories($categories),
 
     ]);
 
 }
 
@@ -658,7 +658,7 @@ function saveProducts($products)
 
         }
 
     }
 
 
-    writeJsonFile(PRODUCTS_FILE, ["products" => array_values($normalized)]);
 
+    return writeJsonFile(PRODUCTS_FILE, ["products" => array_values($normalized)]);
 
 }
 
 
 function getFaqFilePath(): string
 
@@ -694,9 +694,9 @@ function getFaqContent(): string
 
     return $data["content"];
 
 }
 
 
-function saveFaqContent(string $markdown): void
 
+function saveFaqContent(string $markdown): bool
 
 {
 
-    writeJsonFile(getFaqFilePath(), ["content" => (string) $markdown]);
 
+    return writeJsonFile(getFaqFilePath(), ["content" => (string) $markdown]);
 
 }
 
 
 function renderFaqInlineMarkdown(string $text): string
 
@@ -904,7 +904,7 @@ function getOrganizations($onlyActive = false)
 
 
 function saveOrganizations($organizations)
 
 {
 
-    writeJsonFile(ORGANIZATIONS_FILE, [
 
+    return writeJsonFile(ORGANIZATIONS_FILE, [
 
         "organizations" => normalizeOrganizations($organizations),
 
     ]);
 
 }
 
@@ -1006,7 +1006,7 @@ function getSystemSettings()
 
 
 function saveSystemSettings($settings)
 
 {
 
-    writeJsonFile(SETTINGS_FILE, [
 
+    return writeJsonFile(SETTINGS_FILE, [
 
         "settings" => normalizeSystemSettings($settings),
 
     ]);
 
 }
 
@@ -1137,6 +1137,7 @@ function saveOrders($orders)
 
             "order_count" => count($normalized),
 
         ]);
 
     }
 
+    return (bool) $result;
 
 }
 
 
 function generateOrderId()
 
@@ -1349,7 +1350,7 @@ function buildAbsoluteUrl($path)
 
     }
 
 
     $scheme = isHttpsRequest() ? "https" : "http";
 
-    $host = $_SERVER["HTTP_HOST"] ?? "";
 
+    $host = $_SERVER['HTTP_HOST'] ?? "";
 
     if ($host === "") {
 
         return $path;
 
     }
 
@@ -1360,20 +1361,20 @@ function buildAbsoluteUrl($path)
 
 function isHttpsRequest(): bool
 
 {
 
     if (
 
-        !empty($_SERVER["HTTPS"]) &&
 
-        strtolower((string) $_SERVER["HTTPS"]) !== "off"
 
+        !empty($_SERVER['HTTPS']) &&
 
+        strtolower((string) $_SERVER['HTTPS']) !== "off"
 
     ) {
 
         return true;
 
     }
 
     if (
 
-        !empty($_SERVER["HTTP_X_FORWARDED_PROTO"]) &&
 
-        strtolower((string) $_SERVER["HTTP_X_FORWARDED_PROTO"]) === "https"
 
+        !empty($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
 
+        strtolower((string) $_SERVER['HTTP_X_FORWARDED_PROTO']) === "https"
 
     ) {
 
         return true;
 
     }
 
     if (
 
-        !empty($_SERVER["SERVER_PORT"]) &&
 
-        (int) $_SERVER["SERVER_PORT"] === 443
 
+        !empty($_SERVER['SERVER_PORT']) &&
 
+        (int) $_SERVER['SERVER_PORT'] === 443
 
     ) {
 
         return true;
 
     }
 
@@ -1707,7 +1708,7 @@ function formatDate($dateString)
 
 
 function getCart()
 
 {
 
-    $cart = $_SESSION["cart"] ?? [];
 
+    $cart = $_SESSION['cart'] ?? [];
 
     if (!is_array($cart)) {
 
         $cart = [];
 
     }
 
@@ -1741,8 +1742,8 @@ function getCart()
 
         ];
 
     }
 
 
-    $_SESSION["cart"] = array_values($normalized);
 
-    return $_SESSION["cart"];
 
+    $_SESSION['cart'] = array_values($normalized);
 
+    return $_SESSION['cart'];
 
 }
 
 
 function addCartItem($productId, $size = "")
 
@@ -1785,7 +1786,7 @@ function addCartItem($productId, $size = "")
 
         }
 
 
         $cart[$index]["size"] = $size;
 
-        $_SESSION["cart"] = array_values($cart);
 
+        $_SESSION['cart'] = array_values($cart);
 
 
         return [
 
             "success" => true,
 
@@ -1800,7 +1801,7 @@ function addCartItem($productId, $size = "")
 
         "size" => $size,
 
     ];
 
 
-    $_SESSION["cart"] = array_values($cart);
 
+    $_SESSION['cart'] = array_values($cart);
 
     return [
 
         "success" => true,
 
         "status" => "added",
 
@@ -1813,13 +1814,13 @@ function removeCartItemByIndex($index)
 
     $cart = getCart();
 
     if (isset($cart[$index])) {
 
         unset($cart[$index]);
 
-        $_SESSION["cart"] = array_values($cart);
 
+        $_SESSION['cart'] = array_values($cart);
 
     }
 
 }
 
 
 function clearCart()
 
 {
 
-    $_SESSION["cart"] = [];
 
+    $_SESSION['cart'] = [];
 
 }
 
 
 function getCartItemsDetailed()
 
@@ -2340,9 +2341,9 @@ function logError($message, $context = [], $level = "ERROR")
 
         "level" => $level,
 
         "message" => $message,
 
         "context" => $context,
 
-        "ip" => $_SERVER["REMOTE_ADDR"] ?? "unknown",
 
-        "user_agent" => $_SERVER["HTTP_USER_AGENT"] ?? "unknown",
 
-        "request_uri" => $_SERVER["REQUEST_URI"] ?? "unknown",
 
+        "ip" => $_SERVER['REMOTE_ADDR'] ?? "unknown",
 
+        "user_agent" => $_SERVER['HTTP_USER_AGENT'] ?? "unknown",
 
+        "request_uri" => $_SERVER['REQUEST_URI'] ?? "unknown",
 
         "session_id" => session_id()
 
             ? substr(session_id(), 0, 8) . "..."
 
             : "none",
 
@@ -2367,9 +2368,9 @@ function logAccess($message, $context = [])
 
         "timestamp" => date("Y-m-d H:i:s.u"),
 
         "message" => $message,
 
         "context" => $context,
 
-        "ip" => $_SERVER["REMOTE_ADDR"] ?? "unknown",
 
-        "request_method" => $_SERVER["REQUEST_METHOD"] ?? "unknown",
 
-        "request_uri" => $_SERVER["REQUEST_URI"] ?? "unknown",
 
+        "ip" => $_SERVER['REMOTE_ADDR'] ?? "unknown",
 
+        "request_method" => $_SERVER['REQUEST_METHOD'] ?? "unknown",
 
+        "request_uri" => $_SERVER['REQUEST_URI'] ?? "unknown",
 
     ];
 
 
     $logLine = json_encode($entry, JSON_UNESCAPED_UNICODE) . PHP_EOL;

+ 2 - 2
index.php
Bestand weergeven 

@@ -6,8 +6,8 @@ $pageTitle = "Startseite";
 
 $products = getProducts();
 
 $categories = getCategories();
 
 
-$category = isset($_GET["category"])
 
-    ? normalizeCategoryId($_GET["category"])
 
+$category = isset($_GET['category'])
 
+    ? normalizeCategoryId($_GET['category'])
 
     : "";
 
 if ($category !== "" && getCategoryById($category) !== null) {
 
     $products = array_values(

+ 4 - 4
product.php
Bestand weergeven 

@@ -2,7 +2,7 @@
 
 require_once __DIR__ . "/config.php";
 
 require_once __DIR__ . "/includes/functions.php";
 
 
-$productId = isset($_GET["id"]) ? (int) $_GET["id"] : 0;
 
+$productId = isset($_GET['id']) ? (int) $_GET['id'] : 0;
 
 $product = getProductById($productId);
 
 
 if ($product === null) {
 
@@ -13,12 +13,12 @@ if ($product === null) {
 
 $pageTitle = $product["name"];
 
 $sizes = getProductSizes($product);
 
 
-if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["add_to_cart"])) {
 
+if ($_SERVER['REQUEST_METHOD'] === "POST" && isset($_POST['add_to_cart'])) {
 
     // Validate CSRF token
 
-    if (!validateCsrfToken($_POST["csrf_token"] ?? "")) {
 
+    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
 
         $error = "Ungültiges Token. Bitte versuchen Sie es erneut.";
 
     } else {
 
-        $size = trim((string) ($_POST["size"] ?? ""));
 
+        $size = trim((string) ($_POST['size'] ?? ""));
 
 
         if (
 
             !empty($sizes) &&