function write_review_form($id = 0)
{
global $GET, $LANG;
if (isset($GET['id'])) {
$id = $GET['id'];
}
if ($GLOBALS['me'] && !empty($id)) {
if (!(bool) \query\main::get_option('allow_reviews')) {
return '<div class="info_form">' . $LANG['review_not_allowed'] . '</div>';
}
$form = '<div class="write_review_form other_form">';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['write_review_form']) && \site\utils::check_csrf($_POST['write_review_form']['csrf'], 'write_review_form_csrf')) {
$pd = \site\utils::validate_user_data($_POST['write_review_form']);
try {
\user\main::write_review($id, $GLOBALS['me']->ID, $pd);
$form .= '<div class="success">' . $LANG['review_sent'] . '</div>';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['write_review_form_csrf'] = \site\utils::str_random(12);
$form .= '<form method="POST" action="#">
<div class="form_field"><label for="write_review_form[stars]">' . $LANG['form_stars'] . ':</label> <div><select name="write_review_form[stars]" id="write_review_form[stars]">
<option value="5">5</option>
<option value="4">4</option>
<option value="3">3</option>
<option value="2">2</option>
<option value="1">1</option>
</select></div></div>
<div class="form_field"><label for="write_review_form[text]">' . $LANG['form_text'] . ':</label> <div><textarea name="write_review_form[text]" id="write_review_form[text]" required></textarea></div></div>
<input type="hidden" name="write_review_form[csrf]" value="' . $csrf . '" />
<button>' . $LANG['post_review'] . '</button>
</form>
</div>';
return $form;
} else {
return '<div class="info_form">' . $LANG['unavailable_form'] . '</div>';
}
}
