Finish Opfer Page

api/opfer/edit.php

@@ -0,0 +1,44 @@
+<?php
+require "../api.php";
+
+ini_set("display_errors", 1);
+ini_set("display_startup_errors", 1);
+error_reporting(E_ALL);
+
+$api = new spamhasiApi();
+
+if (!$api->checkAuth()) {
+    header("Location: /index.html?status=500&error=Unauthorized");
+    exit;
+}
+
+if (!isset($_POST["id"]) || !isset($_POST["name"]) || !isset($_POST["mail"]) || !isset($_POST["number"])) {
+    die('{"status":500, "error":"Missing fields"}');
+}
+
+$name = htmlspecialchars($_POST["name"]);
+$mail = htmlspecialchars($_POST["mail"]);
+$number = intval(htmlspecialchars($_POST["number"]));
+echo $number;
+$id = intval(htmlspecialchars($_POST["id"]));
+if (isset($_POST["enabled2"])) {
+    $enabled = 1;
+}else{
+    $enabled = 0;
+}
+
+$db = $api->getDB();
+
+$sql = "UPDATE opfer SET name = :name, mail = :mail, number = :number, status = :status WHERE id = :id";
+
+$stmt = $db->prepare($sql);
+
+$sql_exec = $stmt->execute([':name' => $name, ':mail' => $mail, ':number' => $number, ':status' => $enabled, ':id' => $id]);
+
+if ($sql_exec) {
+    header("Location: /index.html?status=200");
+}else{
+    header("Location: /index.html?status=500&error=SQL Error");
+}
+exit;
+?>