<?php
session_start();

if (isset($_GET['code'])) {
    $code = strtoupper($_GET['code']);
    
    // simple security check
$allowed = ['INR', 'USD', 'SAR', 'EUR', 'PKR']; // Added/
    
    if (in_array($code, $allowed)) {
        $_SESSION['currency'] = $code;
    }
}

// Redirect back to the page they came from
if(isset($_SERVER['HTTP_REFERER'])) {
    header("Location: " . $_SERVER['HTTP_REFERER']);
} else {
    header("Location: index.php");
}
exit();
?>