Location: PHPKode > projects > Andy's PHP Knowledgebase > aphpkb/saa.php
<?php // Submit Authored Article
$adfl = FALSE; 
include_once ('config/config.php');
include_once ('functions.php');
include_once ('config/dbsettings.php');

$title = "Submit Article";
//$aid = mifi($_REQUEST['aid']);
$aid = $_REQUEST['aid'];
$ans = mifi($_REQUEST['a']);

if (isset($_SESSION['first_name'])) { $enum=TRUE;   }



 	$message = NULL;  
 
// sanitise user input
	
	$titlee = escdata(xss_clean($_POST['title']) ); 
	$keywordse = escdata(xss_clean($_POST['keywords']) ); 
	$productide = escdata(xss_clean($_POST['productid']) ); 
	$articledatae = escdata(xss_clean($_POST['article']) );	
	$savestatus = xss_clean($_POST['savestatus']);
	$descriptione = escdata(xss_clean($_POST['description']) );
if(isset($_POST['submit'])) {  
// Form Validation
 
	// Check for Title. 
	if (strlen($titlee) > 0) { $title = TRUE; 
	} else { 
	$title = FALSE; 
	$message .= 'You need to include a title for the article.  '; 
	} 
 
	// Check for Article. 
	if (strlen($articledatae) > 0) { $article = TRUE; 
	} else { 
	$article = FALSE; 
	$message .= 'You need to include the article.  '; 
	} 
 
	// Check for Keywords. 
	if (strlen($keywordse) > 0) { $keywords = TRUE; 
	} else { 
	$keywords = FALSE; 
	$message .= 'You need to include keywords for the article  '; 
	} 
 
	if ($title && $article && $keywords) { 
	
// If everythings okay.
	
        if($savestatus=='save') 
		{ 
		$aquery = "INSERT into articles 
		(Title, AuthorID, Articledata, Keyw, Approved) 
		VALUES 
		('$titlee','$aid', '$articledatae' , '$keywordse', 'S')"; 
		
		$title = "Your article has been saved for future editing and submission";
		
		} else {
		
		$aquery = "INSERT into articles 
		(Title, AuthorID, Articledata, Keyw) 
		VALUES 
		('$titlee','$aid', '$articledatae' , '$keywordse')"; 
	
		$title = "Your article has been submitted for approval";
		
		}

	$result = mysql_query($aquery); 
	$fileid = mysql_insert_id(); // FileID

	if (mysql_errno())	{
			   echo "MySQL error ".mysql_errno().": ".mysql_error()."\n<br />When executing:<br />\n$query\n<br>";
				} 
	} else { 
	
// if not okay	
 
	$title = 'Submission Failed - <a href="' . $_SERVER['HTTP_REFERER'] . '">Please try again</a><br /><br />'; 
	}
	
	if(proscribedfiletypes($_FILES['upload']['type'])=='FALSE'){
	
	
	

	
	// Add the attachment record to the database.
	$uquery = "INSERT INTO uploads (AuthorID, FileID, FileName, FileType, FileDescription, UploadDate) VALUES ('$aid' , '$fileid',  '{$_FILES['upload']['name']}' , '{$_FILES['upload']['type']}', '$descriptione', NOW())";
	$result = @mysql_query ($uquery);

	if ($result) {
		
		// Create the file name.
		$uid = mysql_insert_id(); // UploadID
		$filename = $uid . '-' . $aid . '-' . $fileid . '-' . $_FILES['upload']['name'];
		
		// Move the file over.
		if (move_uploaded_file($_FILES['upload']['tmp_name'], "./attach/$filename")) {
			$attachmessage = '<p>Attachment file has been processed!</p>';
		} else {
			//$attachmessage = '<p><font color="red">The file could not be moved.</font></p>';

			// Remove the record from the database.
			$dquery = "DELETE FROM uploads WHERE UploadID = $uid";
			$result = @mysql_query ($dquery);
		}
		
	} else { // If the query did not run OK.
		$attachmessage .= '<p><font color="red">Attachment could not be processed due to a system error.  We apologize for any inconvenience.</font></p>'; 
	}
	}

head_page($title);
menu_options($title, $vnum, $viewop, $pid, $keys, $adfl);
contentinit($title);

$articledata = stripslashes($articledatae);

echo '<p>Article Details</p>';
if($titlee) { echo "<p>Title:  $titlee</p>"; }
echo "<p>Article:<br />$articledata</p>";
if($keywordse) { echo "<p>Keywords:  $keywordse</p>"; }
echo "$attachmessage
<br />";

if($ans){

$ansquery = "UPDATE articles SET ParentID='$fileid', Approved='A' WHERE FileID='$ans'";
echo "Q & A Updated.";
		
		

	$result = mysql_query($ansquery); 


	if (mysql_errno())	{
			   echo "MySQL error ".mysql_errno().": ".mysql_error()."\n<br />When executing:<br />\n$query\n<br>";
				} 

}
exit();
	
} // end of if submit

if($ans){
$qquery = "SELECT ArticleData FROM articles WHERE FileID='$ans' LIMIT 1";
	$qresult = mysql_query($qquery); 
while ($row = mysql_fetch_array ($qresult, MYSQL_ASSOC)) {	 
$question = $row['ArticleData'];
}
$questionbox = 'Question : <font color="red">' . $question . '</font><br /><br />';
}
// Set the page title and include the HTML header. 
$title = 'Submit Article';

head_page($title);
menu_options($title, $vnum, $viewop, $pid, $keys, $adfl);
contentinit($title);

// Print the error message if there is one. 
 
    if (isset($message)) { 
    	echo '<font color="red">', $message, '</font>'; 
    } 
    echo $questionbox;
?>

<form form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" name="articleform"> 

<p>Title:<br /> 
<input type="text" name="title" size="60" maxlength="60" value="<?php if (isset($_POST['title'])) echo $_POST['title']; ?>" /></p> 

<p>Article:<br /> <?php
$textareaname = 'article';

if (isset($articledatae)) {
	$textareacontent = $articledatae;
	} else { $textareacontent=''; }

if(PLUGINHTML=='1') { 
	include('./plugins/whizzywig/plugin-textarea.php'); 
	} else { 
	include('./textarea.php'); 
	}
	?>
</p> 
 <p>Article Keywords:<br /> 
<input type="text" name="keywords" size="60" maxlength="120" value="<?php if (isset($_POST['keywords'])) echo $_POST['keywords']; ?>" /></p> 

<?php  
if($aid!=0){ // if this is a guest submission, we will not include attachments.  Fairly sure it wouldn't work.

echo "
<input type=\"hidden\" name=\"aid\" value=\"$aid\">
<p>File:  <font color=\"green\"><i>(Optional)</i></font><br /><input type=\"file\" size=\"35\" name=\"upload\" /></p>
<p>Description: <font color=\"green\"><i>(Only required if uploading a file above)</i></font> <br /> <textarea name=\"description\" cols=\"40\" rows=\"5\"></textarea></p>
";

echo '<p>
 <input type="checkbox" name="savestatus" value="save" />Save Only (article is saved for later submission)
<br />
 <input type="hidden" name="aid" value="' . $aid . '" />
 <input type="hidden" name="a" value=="' . $ans . '" /> ';

if(PLUGINMAA == '1') {
	include('./plugins/multiaa/multiauthor.php');
	} 
 echo '</p>'; 

$submitvalue='Submit/Save';
} else {
$submitvalue='Submit';
}
 ?> 
 

 
<p> 
<input type="submit" name="submit" value="<?php echo $submitvalue; ?>" /><input type="reset" Value="Clear All" /></p> 
</form> 
</td>
<?php footer($title);?> 
Return current item: Andy's PHP Knowledgebase