X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fsubscribe.php;h=8d04934b7d3fb8b6bd7be3b5d499a577d2f40439;hb=f7865b1d410e303bb5dc2549d12823f37149b8e5;hp=35961d05170181cccbcfbadf9f01cdadeeecc9fe;hpb=67a347bafb875be60e7554f308d80d7f0a1d2747;p=quix0rs-gnu-social.git

diff --git a/actions/subscribe.php b/actions/subscribe.php
index 35961d0517..8d04934b7d 100644
--- a/actions/subscribe.php
+++ b/actions/subscribe.php
@@ -1,42 +1,60 @@
 <?php
+/*
+ * Laconica - a distributed open-source microblogging tool
+ * Copyright (C) 2008, Controlez-Vous, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+if (!defined('LACONICA')) { exit(1); }
 
 class SubscribeAction extends Action {
+	
 	function handle($args) {
 		parent::handle($args);
-		
+
 		if (!common_logged_in()) {
-			common_user_error(_t('Not logged in.'));
+			common_user_error(_('Not logged in.'));
 			return;
 		}
-		
-		$other_nickname = $this->arg('subscribeto');
 
-		$other = User::staticGet('nickname', $other_nickname);
-		
-		if (!$other) {
-			common_user_error(_t('No such user.'));
-			return;
-		}
-		
 		$user = common_current_user();
 
-		if ($user->isSubscribed($other)) {
-			common_user_error(_t('Already subscribed!.'));
+		if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+			common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname)));
 			return;
 		}
+
+		# CSRF protection
+
+		$token = $this->trimmed('token');
 		
-		$sub = new Subscription();
-		$sub->subscriber = $user->id;
-		$sub->subscribed = $other->id;
-		
-		$sub->created = time();
-		
-		if (!$sub->insert()) {
-			common_server_error(_t('Couldn\'t create subscription.'));
+		if (!$token || $token != common_session_token()) {
+			$this->client_error(_('There was a problem with your session token. Try again, please.'));
+			return;
+		}
+
+		$other_nickname = $this->arg('subscribeto');
+
+		$result=subs_subscribe_user($user, $other_nickname);
+		if($result != true) {
+			common_user_error($result);
 			return;
 		}
 		
-		common_redirect(common_local_url('all', array('nickname' =>
-													  $user->nickname)));
+		common_redirect(common_local_url('subscriptions', array('nickname' =>
+																$user->nickname)));
 	}
+
 }
\ No newline at end of file