<?php
require "../api.php";

$api = new spamhasiApi();

if (!$api->checkAuth()) {
    header("Location: /index.html?status=500&error=Unauthorized");
    exit;
}

if (!isset($_POST["id"])) {
    die('{"status":500, "error":"Missing fields"}');
}

$id = intval($_POST["id"]);

$db = $api->getDB();

$sql = "DELETE FROM opfer WHERE id = :id";
$stmt = $db->prepare($sql);

$sql_exec = $stmt->execute([':id' => $id]);

if ($sql_exec) {
    header("Location: /index.html?status=200");
}else{
    header("Location: /index.html?status=500&error=SQL Error");
}
exit;
?>