*/
class UnsubscribeAction extends Action {
+
function handle($args) {
parent::handle($args);
if (!common_logged_in()) {
- common_user_error(_t('Not logged in.'));
- return;
- }
- $other_nickname = $this->arg('unsubscribeto');
- $other = User::staticGet('nickname', $other_nickname);
- if (!$other) {
- common_user_error(_t('No such user.'));
+ common_user_error(_('Not logged in.'));
return;
}
$user = common_current_user();
- if (!$user->isSubscribed($other)) {
- common_server_error(_t('Not subscribed!.'));
+ if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+ common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname)));
+ return;
}
- $sub = new Subscription();
- $sub->subscriber = $user->id;
- $sub->subscribed = $other->id;
+ # CSRF protection
- if (!$sub->delete()) {
- common_server_error(_t('Couldn\'t delete subscription.'));
+ $token = $this->trimmed('token');
+
+ if (!$token || $token != common_session_token()) {
+ $this->client_error(_('There was a problem with your session token. Try again, please.'));
+ return;
+ }
+
+ $other_nickname = $this->arg('unsubscribeto');
+ $result=subs_unsubscribe_user($user,$other_nickname);
+ if($result!=true) {
+ common_user_error($result);
return;
}
- common_redirect(common_local_url('all', array('nickname' =>
- $user->nickname)));
+ common_redirect(common_local_url('subscriptions', array('nickname' =>
+ $user->nickname)));
}
}