<?php
session_start();

// If the user is not logged in as admin, do nothing.
if (!isset($_SESSION['user']) || $_SESSION['user'] !== 'admin') {
    header('HTTP/1.1 403 Forbidden');
    exit;
}

if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['id'])) {
    require_once 'db/config.php';
    try {
        $pdo = db();
        $stmt = $pdo->prepare('DELETE FROM attendees WHERE id = :id');
        $stmt->bindParam(':id', $_POST['id'], PDO::PARAM_INT);
        $stmt->execute();
    } catch (PDOException $e) {
        // In a real app, you'd log this error.
        // For this example, we'll just stop execution.
        die("Database error: " . $e->getMessage());
    }
}

// Redirect back to the admin page
header('Location: admin.php');
exit;