Proper handling of authenticated state on important pages.

[Project_webapp.git] / includes / formbooking.php

diff --git a/includes/formbooking.php b/includes/formbooking.php
index f1a5fe90f778f688c32d1841a7cc1552568d91b5..8df025e9fb5a29f4f3b99db5d5de1db83695a96a 100644 (file)
--- a/includes/formbooking.php
+++ b/includes/formbooking.php
@@ -28,7 +28,7 @@ if (!$form_return_flight) {
     $input_failure = true;
 }
 
-if (!$input_failure && !empty($form_nb_place) && !empty($form_class_name)) {
+if (!$input_failure && $is_logged_in && !empty($form_nb_place) && !empty($form_class_name)) {
     global $connection;
     $client_id = get_client_id($_SESSION['email']);
     $nb_booked = nb_booked($client_id, $form_flight_id);
@@ -52,7 +52,7 @@ if (!$input_failure && !empty($form_nb_place) && !empty($form_class_name)) {
     $rows = $connection->get_result_array();
     $connection->close_prepared_query();
     foreach ($rows as $row) {
-        echo "(Simulation de paiement d'une re&#769;servation) <br>"
+        echo "(Simulation de paiement d'une re&#769;servation) <br>";
         echo "Vous avez re&#769;serve&#769; et paye&#769; " . $form_nb_place . " place(s) sur le vol " .$form_flight_id .
              " au de&#769;part de " . $row['VilleD'].  " a&#768; " . $row['DateD'] . " arrivant a&#768; " . $row['VilleA'] . " a&#768; " . $row['DateA'] .
              " pour un montant de " . $form_place_price * $form_nb_place . "&euro;. <br>";
@@ -64,6 +64,8 @@ if (!$input_failure && !empty($form_nb_place) && !empty($form_class_name)) {
     } else {
         redirect("index.php?page=reservations", 3);
     }
+} else {
+    echo "Make an error message. <br>";
 }
 
 ?>