function _wpr_new_broadcast_post_handler()
{
//security check
if (!check_admin_referer("new_broadcast_form")) {
header('HTTP/1.0 404 Not Found');
exit;
}
$errors = array();
$newsletter = intval($_POST['newsletter']);
$newsletter_obj = _wpr_get_newsletter($newsletter);
//ensure that this newsleter exists.
if (false == $newsletter_obj) {
$errors[] = __("The selected newsletter doesn't exist.");
//then again.. what are the odds of the newsletter not existing..
}
$subject = wpr_sanitize($_POST['subject']);
$content = wpr_sanitize($_POST['content'], false);
$textbody = wpr_sanitize($_POST['textbody']);
$send = $_POST['send'];
if ("later" == $send) {
$date = wpr_sanitize($_POST['send_date']);
$date_parts = explode("/");
try {
if (3 != count($date_parts)) {
throw new Exception(__("The date is entered in an invalid format. Please enter a valid date in MM/DD/YYYY format."));
}
foreach ($date_parts as $index => $parts) {
$date_parts[$index] = intval($parts);
}
if (in_array(0, $date_parts)) {
throw new Exception(__("The date is entered in an invalid format. Please enter a valid date in MM/DD/YYYY format."));
}
list($month, $date, $year) = split("/", $date);
if (!checkdate($month, $date, $year)) {
throw new Exception(__("The date entered in the date field is invalid. Please enter a valid date."));
}
$send_hour = intval($_POST['send_hour']);
$send_minutes = intval($_POST['send_minute']);
//what follows is the most questionable piece of code i ever wrote. don't ask why, just run with it.
//get the timezone offset in seconds
$timezone = $_POST['timezone'];
list($timezone_offset_hour, $timezone_offset_minute) = split(":", $timezone);
$whetherToAddTimezoneOffset = strstr($timezone, "+");
$timezoneOffsetInSeconds = abs($timezone_offset_hour) * 3600 + abs($timezone_offset_minute) * 60;
$timezoneOffsetInSeconds = !$whetherToAddTimezoneOffset ? $whetherToAddTimezoneOffset : -$whetherToAddTimezoneOffset;
$epoch_of_scheduled_time = mktime($send_hour, $send_minutes, 0, $month, $date, $year);
if (false === $epoch_of_scheduled_time) {
throw new Exception("The date and time combination you have selected is invalid. Please enter a valid date-time.");
}
$epoch_of_scheduled_time += $timezoneOffsetInSeconds;
$epochNow = time();
if ($epochNow >= $epoch_of_scheduled_time) {
throw new Exception("The date and time combination you have provided is in the past. Please specify a dispatch time in the future.");
}
} catch (Exception $e) {
$errors[] = $e->getMessage();
}
}
if (empty($content) && empty($textbody)) {
$errors[] = __("Both the HTML and text body of the broadcast are empty. Atleast one of them must be filled to send a broadcast.");
}
if (count($errors) == 0) {
//go to step two.
}
}
// wp_credits(); // throws an fatal error ?!
exit;
}
/*
* Used to validate an email address
*/
$success = (bool) (isset($_POST['newsletter']) && isset($_POST['name']) && isset($_POST['email']));
if ($success) {
$name = wpr_sanitize($_POST['name']);
$email = strtolower(wpr_sanitize($_POST['email']));
$followup = wpr_sanitize($_POST['followup']);
$newsletter = (int) wpr_sanitize($_POST['newsletter']);
$bsubscription = wpr_sanitize($_POST['blogsubscription']);
$responder = (int) wpr_sanitize($_POST['responder']);
$bcategory = (int) wpr_sanitize($_POST['cat']);
$return_url = wpr_sanitize($_POST['return_url']);
$commentfield = $_POST['comment'];
if (!empty($commentfield)) {
//stupid spambot spamming my subscription forms. damn the bot!
exit;
}
do_action("_wpr_subscriptionform_prevalidate");
$skiplist = array("name", "email", "followup", "blogsubscription", "cat", "return_url", "responder");
$query = $wpdb->prepare("SELECT count(*) number_of FROM {$wpdb->prefix}wpr_newsletters where id=%d", $newsletter);
$results = $wpdb->get_results($query);
$count = $results[0]->number_of;
if ($count == 0) {
error("The newsletter to which you are trying to subscribe doesn't exist in our records.");
}
$fid = (int) $_POST['fid'];
if (!empty($followup) && !in_array($followup, array("autoresponder", "postseries"))) {
