*/
class UnsubscribeAction extends Action {
+
function handle($args) {
parent::handle($args);
if (!common_logged_in()) {
- common_user_error(_t('Not logged in.'));
+ common_user_error(_('Not logged in.'));
return;
}
- $other_nickname = $this->arg('unsubscribeto');
- $other = User::staticGet('nickname', $other_nickname);
- if (!$other) {
- common_user_error(_t('No such user.'));
+
+ $user = common_current_user();
+
+ if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+ common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname)));
return;
}
- $user = common_current_user();
+ # CSRF protection
+
+ $token = $this->trimmed('token');
- if (!$user->isSubscribed($other)) {
- common_server_error(_t('Not subscribed!.'));
+ if (!$token || $token != common_session_token()) {
+ $this->client_error(_('There was a problem with your session token. Try again, please.'));
+ return;
}
- $sub = new Subscription();
- $sub->subscriber = $user->id;
- $sub->subscribed = $other->id;
+ $other_id = $this->arg('unsubscribeto');
+
+ if (!$other_id) {
+ $this->client_error(_('No profile id in request.'));
+ return;
+ }
+
+ $other = Profile::staticGet('id', $other_id);
+
+ if (!$other_id) {
+ $this->client_error(_('No profile with that id.'));
+ return;
+ }
+
+ $result = subs_unsubscribe_to($user, $other);
- if (!$sub->delete()) {
- common_server_error(_t('Couldn\'t delete subscription.'));
+ if ($result != true) {
+ common_user_error($result);
return;
}
- common_redirect(common_local_url('all', array('nickname' =>
- $user->nickname)));
+ if ($this->boolean('ajax')) {
+ common_start_html('text/xml');
+ common_element_start('head');
+ common_element('title', null, _('Unsubscribed'));
+ common_element_end('head');
+ common_element_start('body');
+ common_subscribe_form($other);
+ common_element_end('body');
+ common_element_end('html');
+ } else {
+ common_redirect(common_local_url('subscriptions', array('nickname' =>
+ $user->nickname)));
+ }
}
}