X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fsubscribe.php;h=b6f03f0f133c70ae2beba9384ab793680c9c4699;hb=bc15d027a804e60e76bdaf6fd47e69d41b395e7e;hp=1ca57a43ba0ccdff6e5a0e1bd75a5ff939d98391;hpb=52600ce0b063e68e622b19699841e41b5ddbf2d1;p=quix0rs-gnu-social.git

diff --git a/actions/subscribe.php b/actions/subscribe.php
index 1ca57a43ba..b6f03f0f13 100644
--- a/actions/subscribe.php
+++ b/actions/subscribe.php
@@ -19,51 +19,62 @@
 
 if (!defined('LACONICA')) { exit(1); }
 
-class SubscribeAction extends Action {
-	function handle($args) {
-		parent::handle($args);
+class SubscribeAction extends Action
+{
 
-		if (!common_logged_in()) {
-			common_user_error(_t('Not logged in.'));
-			return;
-		}
+    function handle($args)
+    {
+        parent::handle($args);
 
-		$other_nickname = $this->arg('subscribeto');
+        if (!common_logged_in()) {
+            $this->clientError(_('Not logged in.'));
+            return;
+        }
 
-		$other = User::staticGet('nickname', $other_nickname);
+        $user = common_current_user();
 
-		if (!$other) {
-			common_user_error(_t('No such user.'));
-			return;
-		}
+        if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+            common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname)));
+            return;
+        }
 
-		$user = common_current_user();
+        # CSRF protection
 
-		if ($user->isSubscribed($other)) {
-			common_user_error(_t('Already subscribed!.'));
-			return;
-		}
+        $token = $this->trimmed('token');
 
-		$sub = new Subscription();
-		$sub->subscriber = $user->id;
-		$sub->subscribed = $other->id;
+        if (!$token || $token != common_session_token()) {
+            $this->clientError(_('There was a problem with your session token. Try again, please.'));
+            return;
+        }
 
-		$sub->created = DB_DataObject_Cast::dateTime(); # current time
+        $other_id = $this->arg('subscribeto');
 
-		$val = $sub->validate();
+        $other = User::staticGet('id', $other_id);
 
-		if ($val !== TRUE) {
-			# XXX: give some error notice
-			common_server_error(_t('Subscription did not validate.'));
-			return;
-		}
+        if (!$other) {
+            $this->clientError(_('Not a local user.'));
+            return;
+        }
 
-		if (!$sub->insert()) {
-			common_server_error(_t('Couldn\'t create subscription.'));
-			return;
-		}
+        $result = subs_subscribe_to($user, $other);
 
-		common_redirect(common_local_url('all', array('nickname' =>
-													  $user->nickname)));
-	}
-}
\ No newline at end of file
+        if($result != true) {
+            $this->clientError($result);
+            return;
+        }
+
+        if ($this->boolean('ajax')) {
+            common_start_html('text/xml;charset=utf-8', true);
+            $this->elementStart('head');
+            $this->element('title', null, _('Subscribed'));
+            $this->elementEnd('head');
+            $this->elementStart('body');
+            common_unsubscribe_form($other->getProfile());
+            $this->elementEnd('body');
+            $this->elementEnd('html');
+        } else {
+            common_redirect(common_local_url('subscriptions', array('nickname' =>
+                                                                $user->nickname)));
+        }
+    }
+}