--- /dev/null
+<?php
+$form_flight_id = filter_input(INPUT_POST, "flight_id", FILTER_SANITIZE_STRING);
+$form_class_name = filter_input(INPUT_POST, "class_name", FILTER_SANITIZE_STRING);
+$form_place_price = filter_input(INPUT_POST, "place_price", FILTER_VALIDATE_FLOAT);
+$form_nb_place = filter_input(INPUT_POST, "nb_place", FILTER_VALIDATE_INT);
+$form_return_flight = filter_input(INPUT_POST, "return_flight", FILTER_VALIDATE_BOOLEAN);
+
+global $is_logged_in;
+if (!$is_logged_in) {
+ echo "Please login first.";
+ redirect("index.php?page=login", 2);
+}
+
+$input_failure = false;
+
+if (!$form_place_price) {
+ echo "Prix invalide. <br>";
+ $input_failure = true;
+}
+
+if (!$form_nb_place) {
+ echo "Nombre de place(s) invalide. <br>";
+ $input_failure = true;
+}
+
+if (!$form_return_flight) {
+ echo "Vol retour invalide. <br>";
+ $input_failure = true;
+}
+
+if (!$input_failure && !empty($form_nb_place) && !empty($form_class_name)) {
+ global $connection;
+ $client_id = get_client_id($_SESSION['email']);
+ $nb_booked = nb_booked($client_id, $form_flight_id);
+ if (!empty($nb_booked)) {
+ echo "Vous avez déjà réservé ce vol, vous allez être redirigé vers la liste de vos réservations dans 2 secondes. <br>";
+ redirect("index.php?page=reservations", 2);
+ }
+ $sql_pquery = "insert into RESERVATIONS (NumCl, NumVol, Classe, NbPlaces)
+ values (?, ?, ?, ?)";
+ $connection->prepare_query($sql_pquery);
+ $connection->prepared_query_bind_param("issi", array($client_id, $form_flight_id, $form_class_name, $form_nb_place));
+ $connection->run_prepared_query();
+ $connection->close_prepared_query();
+ $sql_pquery = "select VilleD, DateD, VilleA, DateA from VOLS, DEFCLASSES
+ where DEFCLASSES.NumVol = VOLS.NumVol and
+ VOLS.NumVol = ? and Classe = ?";
+ $connection->prepare_query($sql_pquery);
+ $connection->prepared_query_bind_param("ss", array($form_flight_id, $form_class_name));
+ $connection->run_prepared_query();
+ $connection->get_pquery_result();
+ $rows = $connection->get_result_array();
+ $connection->close_prepared_query();
+ foreach ($rows as $row) {
+ echo "Vous avez réservé et payé " . $form_nb_place . " place(s) sur le vol " .$form_flight_id .
+ " au départ de " . $row['VilleD']. " à " . $row['DateD'] . " arrivant à " . $row['VilleA'] . " à " . $row['DateA'] .
+ " pour un montant de " . $form_place_price * $form_nb_place . "€. <br>";
+ }
+ if ($form_return_flight) {
+ redirect("index.php?page=search", 3);
+ $_SESSION['current_flight_id'] = $form_flight_id;
+ $_SESSION['return_flight'] = $form_return_flight;
+ } else {
+ redirect("index.php?page=reservations", 3);
+ }
+}
+
+?>