diff --git a/action.php b/action.php index f8607fc..d75d0ba 100644 --- a/action.php +++ b/action.php @@ -9,6 +9,9 @@ */ require_once __DIR__ . "/required.php"; +use PHPMailer\PHPMailer\PHPMailer; +use PHPMailer\PHPMailer\Exception; + if ($VARS['action'] !== "signout") { dieifnotloggedin(); } @@ -31,7 +34,97 @@ function returnToSender($msg, $arg = "") { switch ($VARS['action']) { case "sendpub": - die("not implemented yet."); + try { + ini_set('max_execution_time', 60 * 5); + + // Setup mailer + $mail = new PHPMailer(true); + $mail->isSMTP(); + $mail->Host = SMTP_HOST; + $mail->SMTPAuth = SMTP_AUTH; + if (SMTP_AUTH) { + $mail->Username = SMTP_USERNAME; + $mail->Password = SMTP_PASSWORD; + } + if (SMTP_SECURITY != "none") { + $mail->SMTPSecure = SMTP_SECURITY; + } + $mail->Port = SMTP_PORT; + $mail->isHTML(false); + $mail->setFrom(SMTP_FROMADDRESS, SMTP_FROMNAME); + + + // Get addresses + $addresses = []; + if ($database->has('mail_lists', ['listid' => $VARS['list']])) { + $addresses = $database->select("addresses", 'email', ['listid' => $VARS['list']]); + } else { + returnToSender("invalid_listid"); + } + + + // Split address list into batches + $segmented = []; + $s = 0; + for ($i = 0; $i < count($addresses); $i++) { + $segmented[$s][] = $addresses[$i]; + if (count($segmented[$s]) >= SMTP_BATCH_SIZE) { + $s++; + } + } + + + // Build message content + if (empty($VARS['subject']) || trim($VARS['subject']) == "") { + returnToSender("invalid_parameters"); + } + if (empty($VARS['pubid']) || !$database->has("publications", ['pubid' => $VARS['pubid']])) { + returnToSender("invalid_pubid"); + } + + $mail->Subject = $VARS['subject']; + + $parsedown = new Parsedown(); + $parsedown->setSafeMode(true); + $html = $parsedown->text($VARS['message']); + + if (strpos(URL, "https://") === 0 || strpos(URL, "http://") === 0) { + $url = URL; + } else { + // Don't trust the URL setting, it's not an absolute URL + $url = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]"; + $path = explode("/", $_SERVER["REQUEST_URI"]); + array_pop($path); + $url .= implode("/", $path); + } + $url = $url . (substr($url, -1) == '/' ? '' : '/'); + $puburl = $url . "view.php?id=" . $VARS['pubid']; + $unsuburl = $url . "unsubscribe.php"; + + $link = "$puburl\n"; + $footer = "
Enter your email address below to unsubscribe:
+ +