<?php switch ($_GET['action']) { /** VIEW SUGGESTION */ case 'view': if (!ab_to(array('suggestions' => 'view'))) { die; } $csrf = \site\utils::str_random(10); echo '<div class="title"> <h2>' . $LANG['suggestions_view_title'] . '</h2> <div style="float:right; margin: 0 2px 0 0;">'; if (isset($_GET['id']) && ($sugestion_exists = admin_query::suggestion_exists($_GET['id']))) { $ab_edt = ab_to(array('suggestions' => 'edit')); $ab_del = ab_to(array('suggestions' => 'delete')); if ($ab_edt || $ab_del) { echo '<div class="options"> <a href="#" class="btn">' . $LANG['options'] . '</a> <ul>'; if ($ab_del) { echo '<li><a href="?route=suggestions.php&action=delete&id=' . $_GET['id'] . '&token=' . $csrf . '" data-delete-msg="' . $LANG['delete_msg'] . '">' . $LANG['delete'] . '</a></li>'; } if ($ab_edt) { echo '<li><a href="?route=suggestions.php&action=list&type=unread&id=' . $_GET['id'] . '&token=' . $csrf . '">' . $LANG['set_as_unread'] . '</a></li>'; } echo '</ul> </div>'; } }