if (!defined('LACONICA')) { exit(1); }
class SubscribeAction extends Action {
+
function handle($args) {
parent::handle($args);
if (!common_logged_in()) {
- common_user_error(_t('Not logged in.'));
+ common_user_error(_('Not logged in.'));
return;
}
- $other_nickname = $this->arg('subscribeto');
-
- $other = User::staticGet('nickname', $other_nickname);
+ $user = common_current_user();
- if (!$other) {
- common_user_error(_t('No such user.'));
+ if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+ common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname)));
return;
}
- $user = common_current_user();
+ # CSRF protection
- if ($user->isSubscribed($other)) {
- common_user_error(_t('Already subscribed!.'));
+ $token = $this->trimmed('token');
+
+ if (!$token || $token != common_session_token()) {
+ $this->client_error(_('There was a problem with your session token. Try again, please.'));
return;
}
- $sub = new Subscription();
- $sub->subscriber = $user->id;
- $sub->subscribed = $other->id;
-
- $sub->created = DB_DataObject_Cast::dateTime(); # current time
+ $other_nickname = $this->arg('subscribeto');
- if (!$sub->insert()) {
- common_server_error(_t('Couldn\'t create subscription.'));
+ $result=subs_subscribe_user($user, $other_nickname);
+ if($result != true) {
+ common_user_error($result);
return;
}
-
+
common_redirect(common_local_url('subscriptions', array('nickname' =>
$user->nickname)));
}
+
}
\ No newline at end of file