38 lines
925 B
PHP
38 lines
925 B
PHP
<?php
|
|
require "../api.php";
|
|
|
|
$api = new spamhasiApi();
|
|
|
|
if (!$api->checkAuth()) {
|
|
header("Location: /index.html?status=500&error=Unauthorized");
|
|
exit;
|
|
}
|
|
|
|
if (!isset($_POST["name"]) || !isset($_POST["mail"]) || !isset($_POST["number"])) {
|
|
die('{"status":500, "error":"Missing fields"}');
|
|
}
|
|
|
|
$name = htmlspecialchars($_POST["name"]);
|
|
$mail = htmlspecialchars($_POST["mail"]);
|
|
$number = intval(htmlspecialchars($_POST["number"]));
|
|
if (isset($_POST["enabled"])) {
|
|
$enabled = 1;
|
|
}else{
|
|
$enabled = 0;
|
|
}
|
|
|
|
$db = $api->getDB();
|
|
|
|
$sql = "INSERT INTO opfer (name, mail, number, status) VALUES (:name, :mail, :number, :status)";
|
|
|
|
$stmt = $db->prepare($sql);
|
|
|
|
$sql_exec = $stmt->execute([':name' => $name, ':mail' => $mail, ':number' => $number, ':status' => $enabled]);
|
|
|
|
if ($sql_exec) {
|
|
header("Location: /index.html?status=200");
|
|
}else{
|
|
header("Location: /index.html?status=500&error=SQL Error");
|
|
}
|
|
exit;
|
|
?>
|