Fix Bugs && Continue Opfer Page + API

api/opfer/add.php

@@ -1,4 +1,38 @@
 <?php
 require "../api.php";
 
-$api = new spamhasiApi()
+$api = new spamhasiApi();
+
+if (!$api->checkAuth()) {
+    header("Location: /index.html?status=500&error=Unauthorized");
+    exit;
+}
+
+if (!isset($_POST["name"]) || !isset($_POST["mail"]) || !isset($_POST["number"])) {
+    die('{"status":500, "error":"Missing fields"}');
+}
+
+$name = htmlspecialchars($_POST["name"]);
+$mail = htmlspecialchars($_POST["mail"]);
+$number = intval(htmlspecialchars($_POST["number"]));
+if (isset($_POST["enabled"])) {
+    $enabled = 1;
+}else{
+    $enabled = 0;
+}
+
+$db = $api->getDB();
+
+$sql = "INSERT INTO opfer (name, mail, number, status) VALUES (:name, :mail, :number, :status)";
+
+$stmt = $db->prepare($sql);
+
+$sql_exec = $stmt->execute([':name' => $name, ':mail' => $mail, ':number' => $number, ':status' => $enabled]);
+
+if ($sql_exec) {
+    header("Location: /index.html?status=200");
+}else{
+    header("Location: /index.html?status=500&error=SQL Error");
+}
+exit;
+?>