die; } echo '<div class="title"> <h2>' . $LANG['reviews_add_title'] . '</h2> <div style="float:right; margin: 0 2px 0 0;"> <a href="?route=reviews.php&action=list" class="btn">' . $LANG['reviews_view'] . '</a> </div>'; if (!empty($LANG['reviews_add_subtitle'])) { echo '<span>' . $LANG['reviews_add_subtitle'] . '</span>'; } echo '</div>'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'reviews_csrf')) { if (isset($_POST['store']) && isset($_POST['user']) && isset($_POST['stars']) && isset($_POST['text'])) { if (actions::add_review(array('user' => $_POST['user'], 'store' => $_POST['store'], 'text' => $_POST['text'], 'stars' => $_POST['stars'], 'publish' => isset($_POST['publish']) ? 1 : 0))) { echo '<div class="a-success">' . $LANG['msg_added'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } $csrf = $_SESSION['reviews_csrf'] = \site\utils::str_random(10); echo '<div class="form-table"> <form action="#" method="POST" autocomplete="off"> <div class="row"><span>' . $LANG['form_store_id'] . ':</span><div data-search="store"><input type="text" name="store" value="' . (isset($_POST['store']) ? (int) $_POST['store'] : (!empty($_GET['store']) ? (int) $_GET['store'] : '')) . '" required /><a href="#">S</a></div></div> <div class="row"><span>' . $LANG['form_user_id'] . ':</span><div data-search="user"><input type="text" name="user" value="' . (isset($_POST['user']) ? (int) $_POST['user'] : (!empty($_GET['user']) ? (int) $_GET['user'] : $GLOBALS['me']->ID)) . '" required /><a href="#">S</a></div></div> <div class="row"><span>' . $LANG['form_stars'] . ':</span>