Location: PHPKode > projects > ArticleSetup > ArticleSetup-v1-1/upload/author/update.php
<?php 
session_start();

$metatitle = "Update an Article - ";
include('../config.php');
include('security.php');

$articleid = $_GET['id'];

if (!$_GET['id']) { // If directed to update.php without an article ID - Shouldn't ever happen
	header('Location: articles.php');
}

// Initial DB Connect (Can't use header)
	$query = "select * from authors where username ='".$_SESSION['valid_user']."'";
	 
	$result = mysql_query($query,$connection) or die(mysql_error());
	
	//Create user data variables		
	$info = mysql_fetch_array($result);
	$id = $info['id'];
	$status = $info['status'];
	$username = $info['username'];
	$password = $info['password'];
	$mailopt = $info['mailopt']; //0 == checked/true
	$catid = 1;


	// Does admin accept email submissions? 
	$query = "select * from settings";
	$result = mysql_query($query,$connection) or die(mysql_error());
	$emailinfo = mysql_fetch_array($result);
	$adminopt = $info['emailopt'];
	
	// get admin's email address
	$query = "select * from admins";
	$result = mysql_query($query,$connection) or die(mysql_error());
	$admininfo = mysql_fetch_array($result);
	$adminemail = $admininfo['email'];
	
	
	$sitequery = 'select * from settings;';
	$siteresult = mysql_query($sitequery,$connection) or die(mysql_error());
	
	//Create site settings variables		
	$siteinfo = mysql_fetch_array($siteresult);
	$sitetitle = $siteinfo['title'];
	$siteurl = $siteinfo['url'];
	$skipqueue = $siteinfo['skipqueue'];


// A query to get this article's information 
	$query = "select * from articles where authorid =".$id." and id=".$articleid.";";
				 
	$result = mysql_query($query,$connection) or die(mysql_error());
	$info = mysql_fetch_array($result);
	
	$title = htmlspecialchars($info['title']);
	$body = $info['body'];
	$resource = $info['resource'];
	$category = $info['categoryid'];
	$articleauthor = $info['authorid'];
	


// Prevents users from editing articles they don't own!
	if($id != $articleauthor) { 
		header('Location: articles.php');
	} else {

		if(isset($_POST['reupdate'])) { 
		
			if(get_magic_quotes_gpc()) {
				$newtitle = $_POST['title'];
				$newbody = $_POST['body'];
				$newresource = $_POST['resource'];
			} else {
				$newtitle = mysql_real_escape_string($_POST['title']);
				$newbody = mysql_real_escape_string($_POST['body']);
				$newresource = mysql_real_escape_string($_POST['resource']);
			}

		$catid = $_POST['category'];
		
//Get the category's parent id	
		$catquery = "select * from categories where id =".$catid;
		$catresult = mysql_query($catquery,$connection) or die(mysql_error());
		$catinfo = mysql_fetch_array($catresult);
		$parentid = $catinfo['parentid'];
		if (!$parentid) {
			$parentid = "NULL";
		}
		
		if ($skipqueue){
			$sql = "UPDATE articles SET status=0, title='".$newtitle."', categoryid='".$catid."', parentid='".$parentid."', 
					body='".$newbody."', resource='".$newresource."' WHERE `id`=".$articleid."";
		} else {
			$sql = "UPDATE articles SET status=1, title='".$newtitle."', categoryid='".$catid."', parentid='".$parentid."', 
					body='".$newbody."', resource='".$newresource."' WHERE `id`=".$articleid."";
		}
				$query = mysql_query($sql);
				
				
	if ($adminopt == 0 && $skipqueue == 0) {		
		// send e-mail to ...
		$to=$adminemail; 

		// Your subject 
		$subject="Article Updated at ".$sitetitle; 

		// From 
		$header="from: Admin <".$adminemail.">"; 

		// Your message 
		$messages ="An article titled '".$title."' has been updated and re-submitted to ".$sitetitle." \r\n\n";
		$messages.="This article must be approved before it goes live. To approve this article, visit: \r\n";
		$messages.= $siteurl."/admin/articlereview.php \r\n\r\n";
		$messages.="QUICK DELETE: ".$siteurl."/admin/articlereview.php?deleteid=".$articleid." \r\n(Clicking the above link will immediately delete the article - this cannot be undone)";
		$messages.="\r\n \r\nNOTE: you can disable these notifications from the Site Settings area of your admin panel. \r\n";

		// send email 
		$sentmail = mail($to,$subject,$messages,$header);
	}


				header('Location: articles.php?updatearticle=true');
				exit();
	}
}
	include('header.php');
?>


<!-- LEFT SIDEBAR -->
<?php include('../sidebar.php'); 

// Call the top area of the author template
	$authortop = new Template("../templates/".$template."/author-top.tpl");
	// Outputs the page template!
	echo $authortop->output();

?>


<!-- Check If Banned -->
<?php 
if($status == 1){

echo "<br/><div class=\"alert\"><b>This account has been banned from submitting articles. Please contact the admin for more information</b></div>";

} else {
?>

<!-- VALIDATE SUBMISSION -->
<?PHP
echo '<script type="text/javascript">
	function validateForm()
{

var x=document.forms["submission"]["title"].value
if (x==null || x=="")   {
  alert("Title cannot be blank");
  return false;
  }

var ed = tinymce.activeEditor;
var wordCount = Number(document.getElementById(\'body-word-count\').innerHTML);
if (wordCount < '.$minwords.' || wordCount > '.$maxwords.')   {
  alert("Body must be between '.$minwords.' - '.$maxwords.' words");
  return false;
  }

  
 var resource = tinyMCE.get(\'resource\').getContent();
if (resource==null || resource=="")   {
  alert("Resource cannot be blank");
  return false;
  }

}
</script>';
?>



<h1 style="padding-left: 15px;">Update Article: '<?php echo $title;?>'</h1>

<?php if ($skipqueue == 0){ ?>
<div style="width:615px; background: #ffffee; border: 1px solid #e0dea2; padding: 3px; margin: 10px 0 10px 15px; color: #666; font-size: .9em;"><b><center>NOTE: Re-Submitting this article will take it offline. It will be returned to the editorial queue for approval.</center></b></div> <?php } ?>


<form style="padding-left: 15px;" name="submission" method="post" action="update.php?id=<?php echo $articleid?>" onsubmit="return validateForm()">

	<p><b>Enter the article title:</b></p>
	<input type="text" name="title" style="width:500px;" value="<?php echo $title;?>">
	
	<br/><br/><p><b>Select a Category:</b></p>
	<select name="category">
<?php 
// Function to determine which <option> is selected
	function selected ($categoryid, $rowid) { 
		if ($categoryid == $rowid) {
		return 'SELECTED';
		}
	}
	
// Populates the Dropdown list with all categories and subcats
	$query = "select * from categories where parentid is null;"; 
	$result = mysql_query($query,$connection) or die(mysql_error());
	$num_results = mysql_num_rows($result);
		
	for ($i=0; $i <$num_results; $i++) { 
		$row = mysql_fetch_assoc($result); 
		echo "<option ".selected($category, $row['id'])." value=\"".$row['id']."\">".$row['name']."</option><br/>"; 
			$query = "select * from categories where parentid =".$row['id'].";"; 
			$sub_result = mysql_query($query,$connection) or die(mysql_error());
			$sub_num_results = mysql_num_rows($sub_result);
			for ($x=0; $x <$sub_num_results; $x++) { 
				$subrow = mysql_fetch_assoc($sub_result); 
				echo "<option ".selected($category, $subrow['id'])." value=\"".$subrow['id']."\"> -- ".$subrow['name']."</option><br/>";
			}	

	}
?>
</select>

	<br/><br/><p><b>Enter the article body:</b></p>
	</h3><textarea id="body" name="body" style="width:615px; height: 340px;"><?php echo $body;?></textarea>

	<br/><br/><p><b>Enter your author resource box:</b></p>
	</h3><textarea id="resource" name="resource" style="width:615px; height: 140px;"><?php echo $resource;?></textarea>

	<br />

	<center><input type="submit" id="submitstyle" name="save" value="Re-Submit" /></center>
	<input name="reupdate" type="hidden" id="reupdate" />

</form>
<?php } // closing the check if banned


// Call the bottom area of the author template
	$authorbottom = new Template("../templates/".$template."/author-bottom.tpl");
	// Outputs the page template!
	echo $authorbottom->output();

 include('../obinclude.php'); ?>
Return current item: ArticleSetup