default: redirect($g["abs_url"] . '/error/invalid-page'); } } else { redirect($g["abs_url"] . '/error/invalid-page'); } break; case 'bag': if (isset($action_command)) { switch ($action_command) { case 'new': create_bag(post('name')); exit; break; case 'save': edit_bag(post('bagid'), post('name')); //print_r($_POST); exit; break; default: redirect($g["abs_url"] . '/error/invalid-page'); } } else { redirect($g["abs_url"] . '/error/invalid-page'); } break; default: redirect($g["abs_url"] . '/error/invalid-page'); } } else { redirect($g["abs_url"] . '/error/invalid-page');
$output .= ' </div>'; $action = isset($_GET["action"]) ? $_GET["action"] : "coupons"; $coupon_id = isset($_GET["coupon_id"]) ? $_GET["coupon_id"] : 0; $bag_id = isset($_GET["bag_id"]) ? $_GET["bag_id"] : 0; $raffle_id = isset($_GET["raffle_id"]) ? $_GET["raffle_id"] : 0; // prevent injection if (!is_numeric($coupon_id) || !is_numeric($bag_id) || !is_numeric($raffle_id)) { error(lang("global", "err_invalid_input")); } if ($action == "coupons") { coupons(); } elseif ($action == "redeem_coupon") { redeem_coupon(); } elseif ($action == "do_redeem") { do_redeem(); } elseif ($action == "raffles") { raffles(); } elseif ($action == "view_raffle") { view_raffle(); } elseif ($action == "do_purchase") { do_purchase(); } elseif ($action == "contests") { contests(); } elseif ($action == "view_bag") { view_bag(); } elseif ($action == "edit_bag") { edit_bag(); } unset($action_permission); require_once "footer.php";