hasRight('bericht', 'write')) bericht_ajax_fail('Permission denied', 403); $pageid = (int) ($_POST['pageid'] ?? 0); $slot = (int) ($_POST['slot'] ?? 0); $relpath = (string) ($_POST['relpath'] ?? ''); if (!$pageid || $slot < 0 || empty($relpath)) bericht_ajax_fail('Parameter fehlen'); $full = bericht_resolve_data_path($relpath); if (!$full || !file_exists($full)) bericht_ajax_fail('Datei nicht gefunden', 404); // Page laden $page_obj = null; $pages_res = $db->query("SELECT rowid, fk_bericht, layout FROM ".$db->prefix()."bericht_page WHERE rowid = ".((int) $pageid)); if (!$pages_res || !($row = $db->fetch_object($pages_res))) bericht_ajax_fail('Seite nicht gefunden', 404); $p = new BerichtPage($db); $p->id = $row->rowid; $p->fk_bericht = $row->fk_bericht; $p->layout = $row->layout; if ($p->setSlotImage($slot, $relpath, 0) > 0) { bericht_ajax_ok(); } bericht_ajax_fail('DB-Fehler');