<?php // interests page // check login $logged = user::is_logged(); if (!$logged) { redirect("?p=connect&error=2"); die; } if (isset($_GET['action'])) { // handle actions $action = $_GET['action']; if ($action == 'add') { if (!empty($_POST['name']) && !empty($_POST['csrf_token']) && isset($_POST['description'])) { $token = $_POST['csrf_token']; $valid = csrf::check_signed_token($token); if ($valid) { $result = interest::add_and_bind_user($_POST['name'], $_POST['description'], $_SESSION['user']['id']); if ($result === false) { echo '<p>Impossible to add a new interest!</p>'; } else { echo '<p>Interest has been created!</p>'; } } else { echo '<p style="color:red;">Wrong CSRF token!</p>'; } } } elseif ($action == 'remove') { if (!empty($_GET['id'])) { $result = interest::unbind_user($_GET['id'], $_SESSION['user']['id']); if (!$result) {