function create_reward_request($id = 0, $post = array()) { global $LANG; /* This is not protected to CSRF attacks, just protect it where you use it */ $form = ''; if (!empty($id) || $_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['Reward-ID'])) { $form = '<div class="other_form">'; $id = empty($id) ? (int) $_POST['Reward-ID'] : $id; $post = empty($post) ? isset($_POST['Reward'][$id]) ? (array) $_POST['Reward'][$id] : '' : $post; try { \user\main::get_reward($id, $post); $form .= '<div class="success">' . $LANG['claim_reward_success'] . '</div>'; unset($_POST); } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } $form .= '</div>'; } return $form; }