} } } else { if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'payments_csrf')) { if ($_GET['action'] == 'delete') { if (isset($_GET['id'])) { if (actions::delete_payment($_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } else { if (in_array($_GET['type'], array('paid', 'unpaid', 'delivered', 'undelivered'))) { if (isset($_GET['id'])) { if (actions::action_payment($_GET['type'], $_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } } $csrf = $_SESSION['payments_csrf'] = \site\utils::str_random(10); echo '<div class="page-toolbar"> <form action="#" method="GET" autocomplete="off"> <input type="hidden" name="route" value="payments.php" /> <input type="hidden" name="action" value="list" />