<?php
session_start();
$metatitle = "Submit a New Article - ";
include('../config.php');
include('security.php');
// Initial DB Connect (Can't use header)
$query = 'select * from authors '
."where username ='".$_SESSION['valid_user']."'";
$result = mysql_query($query,$connection) or die(mysql_error());
//Create user data variables
$info = mysql_fetch_array($result);
$id = $info['id'];
$status = $info['status'];
$username = $info['username'];
$password = $info['password'];
$mailopt = $info['mailopt']; //0 == checked
// Does admin accept email submissions?
$query = "select * from settings";
$result = mysql_query($query,$connection) or die(mysql_error());
$emailinfo = mysql_fetch_array($result);
$adminopt = $info['emailopt'];
// get admin's email address
$query = "select * from admins";
$result = mysql_query($query,$connection) or die(mysql_error());
$admininfo = mysql_fetch_array($result);
$adminemail = $admininfo['email'];
$sitequery = 'select * from settings;';
$siteresult = mysql_query($sitequery,$connection) or die(mysql_error());
$siteinfo = mysql_fetch_array($siteresult);
$sitetitle = $siteinfo['title'];
$siteurl = $siteinfo['url'];
$skipqueue = $siteinfo['skipqueue'];
if(isset($_POST['update'])) {
if(get_magic_quotes_gpc()) {
$title = $_POST['title'];
$body = $_POST['body'];
$resource = $_POST['resource'];
} else {
$title = mysql_real_escape_string($_POST['title']);
$body = mysql_real_escape_string($_POST['body']);
$resource = mysql_real_escape_string($_POST['resource']);
}
$catid = $_POST['category'];
$mysqldate = date( 'Y-m-d H:i:s' );
//Get the category's parent id
$catquery = "select * from categories where id =".$catid;
$catresult = mysql_query($catquery,$connection) or die(mysql_error());
$catinfo = mysql_fetch_array($catresult);
$parentid = $catinfo['parentid'];
if (!$parentid) {
$parentid = "NULL";
}
if ($skipqueue){
$sql = "INSERT INTO `articles` VALUES ( NULL, 0, ".$id.", '".$mysqldate."', '".$title."',
".$catid.", ".$parentid.", '".$body."', '".$resource."', NULL);";
} else {
$sql = "INSERT INTO `articles` VALUES ( NULL, 1, ".$id.", '".$mysqldate."', '".$title."',
".$catid.", ".$parentid.", '".$body."', '".$resource."', NULL);";
}
$query = mysql_query($sql);
$artid = mysql_insert_id();
if ($adminopt == 0) {
// send e-mail to ...
$to=$adminemail;
// Your subject
$subject="Article Submission at ".$sitetitle;
// From
$header="from: Admin <".$adminemail.">";
// Your message
$messages ="A new article titled '".$title."' has been submitted to ".$sitetitle." \r\n\n";
if ($skipqueue){
$messages.="Per your settings, this article was made live immediately. \r\n";
} else {
$messages.="This article must be approved before it goes live. To approve this article, visit: \r\n\r\n";
$messages.= $siteurl."/admin/articlereview.php \r\n";
}
$messages.="QUICK DELETE: ".$siteurl."/admin/articlereview.php?deleteid=".$artid." \r\n(Clicking the above link will immediately delete the article - this cannot be undone)";
$messages.="\r\n \r\nNOTE: you can disable these notifications from the Site Settings area of your admin panel. \r\n";
// send email
$sentmail = mail($to,$subject,$messages,$header);
}
header('Location: articles.php?newarticle=true');
exit();
}
include('header.php');
?>
<!-- LEFT SIDEBAR -->
<?php include('../sidebar.php');
// Call the top area of the author template
$authortop = new Template("../templates/".$template."/author-top.tpl");
// Outputs the page template!
echo $authortop->output();
?>
<!-- Check If Banned -->
<?php
if($status == 1){
echo "<br/><div class=\"alert\"><b>This account has been banned from submitting articles. Please contact the admin for more information</b></div>";
} else {
?>
<h1 style="padding-left: 15px;"> Submit a New Article</h1>
<!-- VALIDATE SUBMISSION -->
<?PHP
echo '<script type="text/javascript">
function validateForm()
{
var x=document.forms["submission"]["title"].value
if (x==null || x=="") {
alert("Title cannot be blank");
return false;
}
var ed = tinymce.activeEditor;
var wordCount = Number(document.getElementById(\'body-word-count\').innerHTML);
if (wordCount < '.$minwords.' || wordCount > '.$maxwords.') {
alert("Body must be between '.$minwords.' - '.$maxwords.' words");
return false;
}
var resource = tinyMCE.get(\'resource\').getContent();
if (resource==null || resource=="") {
alert("Resource cannot be blank");
return false;
}
}
</script>';
?>
<form style="padding-left: 15px;" name="submission" method="post" action="submit.php" onsubmit="return validateForm()" >
<p><b>Enter the article title:</b></p>
<input type="text" name="title" style="width:400px;">
<br/><br/><p><b>Select a Category:</b></p>
<select name="category">
<?php
// Populates the Dropdown list with all categories and subcats
$query = "select * from categories where parentid is null order by name;";
$result = mysql_query($query,$connection) or die(mysql_error());
$num_results = mysql_num_rows($result);
for ($i=0; $i <$num_results; $i++) {
$row = mysql_fetch_assoc($result);
echo "<option value=\"".$row['id']."\">".$row['name']."</option><br/>";
$query = "select * from categories where parentid =".$row['id']." order by name;";
$sub_result = mysql_query($query,$connection) or die(mysql_error());
$sub_num_results = mysql_num_rows($sub_result);
for ($x=0; $x <$sub_num_results; $x++) {
$subrow = mysql_fetch_assoc($sub_result);
echo "<option value=\"".$subrow['id']."\"> -- ".$subrow['name']."</option><br/>";
}
}
?>
</select>
<br/><br/><p><b>Enter the article body:</b></p>
</h3><textarea id="body" name="body" style="width:615px; height: 320px;"></textarea>
<br/><br/><p><b>Enter your author resource box:</b></p>
</h3><textarea id="resource" name="resource" style="width:615px; height: 140px;"></textarea>
<br />
<center><input type="submit" id="submitstyle" name="save" value="Submit Article »" /></center>
<input name="update" type="hidden" id="update" />
</form>
<?php } // closing the check if banned ?>
<br/><br/>
<?php
// Call the bottom area of the author template
$authorbottom = new Template("../templates/".$template."/author-bottom.tpl");
// Outputs the page template!
echo $authorbottom->output();
include('../obinclude.php'); ?>