<?php

if ( ! isset($_GET["page"]) || $_GET["page"] != "action" ){
	header($_SERVER["SERVER_PROTOCOL"] . " 404 Not Found");
	exit;
}

if ( ! isset($_GET["task"]) || $_GET["task"] == "" ){
	header($_SERVER["SERVER_PROTOCOL"] . "400 Wrong Request");
	header("Location: /?page=index");
}

switch($_GET["task"]){
	case("login"):
		if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){
			header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed");
			echo "Method not allowed";
			exit;
		}
		if ( ! isset($_POST["name"]) || $_POST["name"] == "" || ! isset($_POST["password"]) || $_POST["password"] == "" ){
			failure("not enough information", "400 Bad Request");
		}
		if ( $jg->login($_POST["name"], $_POST["password"]) ){
			header($_SERVER["SERVER_PROTCOL"] . " 302 Moved");
			header("Location: /?page=" . $_GET["goto"]);
			exit;
		}
		break;

	case("update"):
		if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){
			header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed");
			echo "Method not allowed";
			exit;
		}
		if ( ! isset($_GET["id"]) || $_GET["id"] == 0 || $_GET["id"] == "" ){
			exit;
		}
		$sql = $db->prepare("UPDATE " . DBPREFIX . "member SET name = %s AND adresse = %s AND telefonnummer = %s AND handynummer = %s AND email = %s AND geburtstag = %s WHERE id = %d;", 
			$_POST["name"], $_POST["adresse"], $_POST["telefonnummer"], $_POST["handynummer"], $_POST["email"], $_POST["geburtstag"], $_GET["id"]
		);
		if ( ! $sql )
			exit;
		if ( $result = $db->doQuery($sql) ){
			header($_SERVER["SERVER_PROTCOL"] . " 302 Moved");
			header("Location: /?page=" . $_GET["goto"]);
		}
		exit;
		break;

	case("add"):
		if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){
			header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed");
			echo "Method not allowed";
			exit;
		}
		$sql = $db->prepare("INSERT INTO " . DBPREFIX . "member (id, name, adresse, telefonnummer, handynummer, email, geburtstag) VALUES (NULL, %s, %s, %s, %s, %s, %s);", 
			 $_POST["name"], $_POST["adresse"], $_POST["telefonnummer"], $_POST["handynummer"], $_POST["email"], $_POST["geburtstag"]
		);
		if ( ! $sql )
			exit;
		if ( $result = $db->doQuery($sql) ){
			header($_SERVER["SERVER_PROTCOL"] . " 302 Moved");
			header("Location: /?page=" . $_GET["goto"]);
		}
		exit;
}