mirror/Wallos
1
0
Fork 0
mirror of https://github.com/ellite/Wallos.git synced 2026-05-24 22:38:44 -05:00
Code Issues Packages Projects Releases Wiki Activity

csrf on settings / budget

Browse Source
This commit is contained in:
Miguel Ribeiro
2025-10-18 14:33:12 +02:00
parent d6418eeadb
commit 7e05dc02e4
2 changed files with 30 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files
endpoints/user/budget.php
+22 -31
View File
@@ -3,38 +3,29 @@
require_once '../../includes/connect_endpoint.php';
require_once '../../includes/inputvalidation.php';
if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
die(json_encode([
$postData = file_get_contents("php://input");
$data = json_decode($postData, true);
$budget = $data["budget"];
$sql = "UPDATE user SET budget = :budget WHERE id = :userId";
$stmt = $db->prepare($sql);
$stmt->bindValue(':budget', $budget, SQLITE3_TEXT);
$stmt->bindValue(':userId', $userId, SQLITE3_TEXT);
$result = $stmt->execute();
if ($result) {
$response = [
"success" => true,
"message" => translate('user_details_saved', $i18n)
];
echo json_encode($response);
} else {
$response = [
"success" => false,
"message" => translate('session_expired', $i18n)
]));
}
if ($_SERVER["REQUEST_METHOD"] === "POST") {
$postData = file_get_contents("php://input");
$data = json_decode($postData, true);
$budget = $data["budget"];
$sql = "UPDATE user SET budget = :budget WHERE id = :userId";
$stmt = $db->prepare($sql);
$stmt->bindValue(':budget', $budget, SQLITE3_TEXT);
$stmt->bindValue(':userId', $userId, SQLITE3_TEXT);
$result = $stmt->execute();
if ($result) {
$response = [
"success" => true,
"message" => translate('user_details_saved', $i18n)
];
echo json_encode($response);
} else {
$response = [
"success" => false,
"message" => translate('error_updating_user_data', $i18n)
];
echo json_encode($response);
}
"message" => translate('error_updating_user_data', $i18n)
];
echo json_encode($response);
}
scripts/settings.js
+8 -3
View File
@@ -29,7 +29,10 @@ function saveBudget() {
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({ budget: budget })
body: JSON.stringify({
budget: budget,
csrf_token: window.csrfToken,
}),
})
.then(response => response.json())
.then(data => {
@@ -38,15 +41,17 @@ function saveBudget() {
} else {
showErrorMessage(data.message);
}
button.disabled = false;
})
.catch(error => {
console.error(error);
showErrorMessage(translate('unknown_error'));
})
.finally(() => {
button.disabled = false;
});
}
function addMemberButton(memberId) {
document.getElementById("addMember").disabled = true;
const url = 'endpoints/household/household.php?action=add';