<?php
// interests page
// check login
$logged = user::is_logged();
if (!$logged) {
redirect("?p=connect&error=2");
die;
}
if (isset($_GET['action'])) {
// handle actions
$action = $_GET['action'];
if ($action == 'add') {
if (!empty($_POST['name']) && !empty($_POST['csrf_token']) && isset($_POST['description'])) {
$token = $_POST['csrf_token'];
$valid = csrf::check_signed_token($token);
if ($valid) {
$result = interest::add_and_bind_user($_POST['name'], $_POST['description'], $_SESSION['user']['id']);
if ($result === false) {
echo '<p>Impossible to add a new interest!</p>';
} else {
echo '<p>Interest has been created!</p>';
}
} else {
echo '<p style="color:red;">Wrong CSRF token!</p>';
}
}
} elseif ($action == 'remove') {
if (!empty($_GET['id'])) {
$result = interest::unbind_user($_GET['id'], $_SESSION['user']['id']);
if (!$result) {
