X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fsubscribe.php;h=20c258923bb0b2b33fed38d1d156e27e8cbe155a;hb=31d5b61ca7daf72a847aed50eb65b672b52766f5;hp=522c315935a1ca46e184e82a3c8171b64c5768d7;hpb=b791a835929c659d8dcf174553f7786fb45cf978;p=quix0rs-gnu-social.git

diff --git a/actions/subscribe.php b/actions/subscribe.php
index 522c315935..20c258923b 100644
--- a/actions/subscribe.php
+++ b/actions/subscribe.php
@@ -20,41 +20,40 @@
 if (!defined('LACONICA')) { exit(1); }
 
 class SubscribeAction extends Action {
+	
 	function handle($args) {
 		parent::handle($args);
 
 		if (!common_logged_in()) {
-			common_user_error(_t('Not logged in.'));
+			common_user_error(_('Not logged in.'));
 			return;
 		}
 
-		$other_nickname = $this->arg('subscribeto');
-
-		$other = User::staticGet('nickname', $other_nickname);
+		$user = common_current_user();
 
-		if (!$other) {
-			common_user_error(_t('No such user.'));
+		if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+			common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname)));
 			return;
 		}
 
-		$user = common_current_user();
+		# CSRF protection
 
-		if ($user->isSubscribed($other)) {
-			common_user_error(_t('Already subscribed!.'));
+		$token = $this->trimmed('token');
+		
+		if (!$token || $token != common_session_token()) {
+			$this->client_error(_('There was a problem with your session token. Try again, please.'));
 			return;
 		}
 
-		$sub = new Subscription();
-		$sub->subscriber = $user->id;
-		$sub->subscribed = $other->id;
-
-		$sub->created = DB_DataObject_Cast::dateTime(); # current time
+		$other_nickname = $this->arg('subscribeto');
 
-		if (!$sub->insert()) {
-			common_server_error(_t('Couldn\'t create subscription.'));
+		$result=subs_subscribe_user($user, $other_nickname);
+		
+		if($result != true) {
+			common_user_error($result);
 			return;
 		}
-
+		
 		common_redirect(common_local_url('subscriptions', array('nickname' =>
 																$user->nickname)));
 	}