<?php session_start();
$db_link = mysqli_connect('localhost', 'web_b-3', 'een7Ao6s', 'bibliothek_candle', '3306');
 
   function runSQL($sql){
    global $db_link;
    $db_res = mysqli_query($db_link, $sql);
    if(!$db_res){
        header("Location: 404.html");
        exit;
    }
    return $db_res;
}

if(isset($_POST['submit'])){
    $kartenid = $_POST['karten-id'];
    $passwort = $_POST['password'];

    $existiert = runSQL("SELECT COUNT(*) FROM `benutzer` WHERE `KartenID` = '$kartenid' and `Passwort` = '$passwort'");
    $row = mysqli_fetch_array($existiert);
    $karteexistiert = runSQL("SELECT COUNT(*) FROM `benutzer` WHERE `KartenID` = '$kartenid'");
    $zeile = mysqli_fetch_array($karteexistiert);
    if($row['COUNT(*)'] > 0){

        $_SESSION['eingeloggt'] = 1;
        if(!isset($_SESSION['userID'])){
            $sql = $db_link->prepare("SELECT benutzer.BenutzerID FROM benutzer WHERE benutzer.KartenID = ?;");
            $sql->bind_param("i", $kartenid);
            $sql->execute();
            $result = $sql->get_result();
            if (mysqli_num_rows($result) > 0) {
                while ($row = mysqli_fetch_assoc($result)) {
                    $_SESSION['userID'] = $row['BenutzerID'];
                }
            }
        }
        header("Location: reservierung.php");
    }else if($zeile['COUNT(*)'] > 0){
        header("Location: passwort_stimmt_nicht.php");
    }else{
        header("Location: benutzer_existiert_nicht.php");
    }

}else{
    header("Location: 404.html");
}

?>