function _wpr_new_broadcast_post_handler() { //security check if (!check_admin_referer("new_broadcast_form")) { header('HTTP/1.0 404 Not Found'); exit; } $errors = array(); $newsletter = intval($_POST['newsletter']); $newsletter_obj = _wpr_get_newsletter($newsletter); //ensure that this newsleter exists. if (false == $newsletter_obj) { $errors[] = __("The selected newsletter doesn't exist."); //then again.. what are the odds of the newsletter not existing.. } $subject = wpr_sanitize($_POST['subject']); $content = wpr_sanitize($_POST['content'], false); $textbody = wpr_sanitize($_POST['textbody']); $send = $_POST['send']; if ("later" == $send) { $date = wpr_sanitize($_POST['send_date']); $date_parts = explode("/"); try { if (3 != count($date_parts)) { throw new Exception(__("The date is entered in an invalid format. Please enter a valid date in MM/DD/YYYY format.")); } foreach ($date_parts as $index => $parts) { $date_parts[$index] = intval($parts); } if (in_array(0, $date_parts)) { throw new Exception(__("The date is entered in an invalid format. Please enter a valid date in MM/DD/YYYY format.")); } list($month, $date, $year) = split("/", $date); if (!checkdate($month, $date, $year)) { throw new Exception(__("The date entered in the date field is invalid. Please enter a valid date.")); } $send_hour = intval($_POST['send_hour']); $send_minutes = intval($_POST['send_minute']); //what follows is the most questionable piece of code i ever wrote. don't ask why, just run with it. //get the timezone offset in seconds $timezone = $_POST['timezone']; list($timezone_offset_hour, $timezone_offset_minute) = split(":", $timezone); $whetherToAddTimezoneOffset = strstr($timezone, "+"); $timezoneOffsetInSeconds = abs($timezone_offset_hour) * 3600 + abs($timezone_offset_minute) * 60; $timezoneOffsetInSeconds = !$whetherToAddTimezoneOffset ? $whetherToAddTimezoneOffset : -$whetherToAddTimezoneOffset; $epoch_of_scheduled_time = mktime($send_hour, $send_minutes, 0, $month, $date, $year); if (false === $epoch_of_scheduled_time) { throw new Exception("The date and time combination you have selected is invalid. Please enter a valid date-time."); } $epoch_of_scheduled_time += $timezoneOffsetInSeconds; $epochNow = time(); if ($epochNow >= $epoch_of_scheduled_time) { throw new Exception("The date and time combination you have provided is in the past. Please specify a dispatch time in the future."); } } catch (Exception $e) { $errors[] = $e->getMessage(); } } if (empty($content) && empty($textbody)) { $errors[] = __("Both the HTML and text body of the broadcast are empty. Atleast one of them must be filled to send a broadcast."); } if (count($errors) == 0) { //go to step two. } }
// wp_credits(); // throws an fatal error ?! exit; } /* * Used to validate an email address */ $success = (bool) (isset($_POST['newsletter']) && isset($_POST['name']) && isset($_POST['email'])); if ($success) { $name = wpr_sanitize($_POST['name']); $email = strtolower(wpr_sanitize($_POST['email'])); $followup = wpr_sanitize($_POST['followup']); $newsletter = (int) wpr_sanitize($_POST['newsletter']); $bsubscription = wpr_sanitize($_POST['blogsubscription']); $responder = (int) wpr_sanitize($_POST['responder']); $bcategory = (int) wpr_sanitize($_POST['cat']); $return_url = wpr_sanitize($_POST['return_url']); $commentfield = $_POST['comment']; if (!empty($commentfield)) { //stupid spambot spamming my subscription forms. damn the bot! exit; } do_action("_wpr_subscriptionform_prevalidate"); $skiplist = array("name", "email", "followup", "blogsubscription", "cat", "return_url", "responder"); $query = $wpdb->prepare("SELECT count(*) number_of FROM {$wpdb->prefix}wpr_newsletters where id=%d", $newsletter); $results = $wpdb->get_results($query); $count = $results[0]->number_of; if ($count == 0) { error("The newsletter to which you are trying to subscribe doesn't exist in our records."); } $fid = (int) $_POST['fid']; if (!empty($followup) && !in_array($followup, array("autoresponder", "postseries"))) {