Profile block base style

[quix0rs-gnu-social.git] / actions / unsubscribe.php
diff --git a/actions/unsubscribe.php b/actions/unsubscribe.php

index 1bf95fb612b16bb69d8cfbab0b954e0e435b8ded..08b3ae57d8210e8f822f48a9ab00b2280b6662de 100644 (file)
--- a/actions/unsubscribe.php
+++ b/actions/unsubscribe.php
@@ -18,46 +18,63 @@
   */
  
  class UnsubscribeAction extends Action {
+
         function handle($args) {
                 parent::handle($args);
                 if (!common_logged_in()) {
-                       common_user_error(_t('Not logged in.'));
+                       common_user_error(_('Not logged in.'));
                         return;
                 }
-               
+
                 $user = common_current_user();
  
                 if ($_SERVER['REQUEST_METHOD'] != 'POST') {
                         common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname)));
                         return;
                 }
-               
-               $other_nickname = $this->arg('unsubscribeto');
-               $other = User::staticGet('nickname', $other_nickname);
-               if (!$other) {
-                       common_user_error(_t('No such user.'));
+
+               # CSRF protection
+
+               $token = $this->trimmed('token');
+
+               if (!$token || $token != common_session_token()) {
+                       $this->client_error(_('There was a problem with your session token. Try again, please.'));
                         return;
                 }
  
-               if (!$user->isSubscribed($other)) {
-                       common_server_error(_t('Not subscribed!.'));
-               }
+               $other_id = $this->arg('unsubscribeto');
+
+        if (!$other_id) {
+            $this->client_error(_('No profile id in request.'));
+            return;
+        }
+
+        $other = Profile::staticGet('id', $other_id);
  
-               $sub = DB_DataObject::factory('subscription');
-               
-               $sub->subscriber = $user->id;
-               $sub->subscribed = $other->id;
+        if (!$other_id) {
+            $this->client_error(_('No profile with that id.'));
+            return;
+        }
  
-               $sub->find(true);
+               $result = subs_unsubscribe_to($user, $other);
  
-               // note we checked for existence above
-               
-               if (!$sub->delete()) {
-                       common_server_error(_t('Couldn\'t delete subscription.'));
+               if ($result != true) {
+                       common_user_error($result);
                         return;
                 }
  
-               common_redirect(common_local_url('subscriptions', array('nickname' =>
-                                                                                                                               $user->nickname)));
+               if ($this->boolean('ajax')) {
+                       common_start_html('text/xml');
+                       common_element_start('head');
+                       common_element('title', null, _('Unsubscribed'));
+                       common_element_end('head');
+                       common_element_start('body');
+                       common_subscribe_form($other);
+                       common_element_end('body');
+                       common_element_end('html');
+               } else {
+               common_redirect(common_local_url('subscriptions', array('nickname' =>
+                                                                                                                               $user->nickname)));
+        }
         }
  }