Completely refactored noticesearch list, now using subclassing for highlighting....

[quix0rs-gnu-social.git] / actions / subscribe.php
diff --git a/actions/subscribe.php b/actions/subscribe.php

index 1ca57a43ba0ccdff6e5a0e1bd75a5ff939d98391..f761992de40f6fd7401f77ebae0a5b024642a20d 100644 (file)
--- a/actions/subscribe.php
+++ b/actions/subscribe.php
@@ -19,51 +19,63 @@
  
  if (!defined('LACONICA')) { exit(1); }
  
-class SubscribeAction extends Action {
-       function handle($args) {
-               parent::handle($args);
+class SubscribeAction extends Action
+{
  
-               if (!common_logged_in()) {
-                       common_user_error(_t('Not logged in.'));
-                       return;
-               }
+    function handle($args)
+    {
+        parent::handle($args);
  
-               $other_nickname = $this->arg('subscribeto');
+        if (!common_logged_in()) {
+            $this->clientError(_('Not logged in.'));
+            return;
+        }
  
-               $other = User::staticGet('nickname', $other_nickname);
+        $user = common_current_user();
  
-               if (!$other) {
-                       common_user_error(_t('No such user.'));
-                       return;
-               }
+        if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+            common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname)));
+            return;
+        }
  
-               $user = common_current_user();
+        # CSRF protection
  
-               if ($user->isSubscribed($other)) {
-                       common_user_error(_t('Already subscribed!.'));
-                       return;
-               }
+        $token = $this->trimmed('token');
  
-               $sub = new Subscription();
-               $sub->subscriber = $user->id;
-               $sub->subscribed = $other->id;
+        if (!$token || $token != common_session_token()) {
+            $this->clientError(_('There was a problem with your session token. Try again, please.'));
+            return;
+        }
  
-               $sub->created = DB_DataObject_Cast::dateTime(); # current time
+        $other_id = $this->arg('subscribeto');
  
-               $val = $sub->validate();
+        $other = User::staticGet('id', $other_id);
  
-               if ($val !== TRUE) {
-                       # XXX: give some error notice
-                       common_server_error(_t('Subscription did not validate.'));
-                       return;
-               }
+        if (!$other) {
+            $this->clientError(_('Not a local user.'));
+            return;
+        }
  
-               if (!$sub->insert()) {
-                       common_server_error(_t('Couldn\'t create subscription.'));
-                       return;
-               }
+        $result = subs_subscribe_to($user, $other);
  
-               common_redirect(common_local_url('all', array('nickname' =>
-                                                                                                         $user->nickname)));
-       }
-}
-\ No newline at end of file
+        if($result != true) {
+            $this->clientError($result);
+            return;
+        }
+
+        if ($this->boolean('ajax')) {
+            $this->startHTML('text/xml;charset=utf-8');
+            $this->elementStart('head');
+            $this->element('title', null, _('Subscribed'));
+            $this->elementEnd('head');
+            $this->elementStart('body');
+            $unsubscribe = new UnsubscribeForm($this, $other->getProfile());
+            $unsubscribe->show();
+            $this->elementEnd('body');
+            $this->elementEnd('html');
+        } else {
+            common_redirect(common_local_url('subscriptions', array('nickname' =>
+                                                                $user->nickname)));
+        }
+    }
+}