help with validation-PLEASE
5 views
Skip to first unread message
Bikr
Aug 10, 2011, 1:05:31 AM8/10/11
to reCAPTCHA
Someone please help me- really-here is the file where I placed the
widget. It shows up just fine. (Look towards the bottom of the
code...around line 250 or so?). My question is...do I create a
view.php using some of the code in this file (this is the form
validation, I think?) or do I just somehow work the view.php code into
this form? PLEASE HELP!!
<?php
session_start();
$metatitle = "Submit a New Article - ";
include('../config.php');
include('security.php');
// Initial DB Connect (Can't use header)
$query = 'select * from authors '
."where username ='".
$_SESSION['valid_user']."'";
$result = mysql_query($query,$connection) or
die(mysql_error());
//Create user data variables
$info = mysql_fetch_array($result);
$id = $info['id'];
$status = $info['status'];
$username = $info['username'];
$password = $info['password'];
$mailopt = $info['mailopt']; //0 == checked
// Does admin accept email submissions?
$query = "select * from settings";
$result = mysql_query($query,$connection) or
die(mysql_error());
$emailinfo = mysql_fetch_array($result);
$adminopt = $info['emailopt'];
// get admin's email address
$query = "select * from admins";
$result = mysql_query($query,$connection) or
die(mysql_error());
$admininfo = mysql_fetch_array($result);
$adminemail = $admininfo['email'];
$sitequery = 'select * from settings;';
$siteresult = mysql_query($sitequery,$connection) or
die(mysql_error());
$siteinfo = mysql_fetch_array($siteresult);
$sitetitle = $siteinfo['title'];
$siteurl = $siteinfo['url'];
$skipqueue = $siteinfo['skipqueue'];
if(isset($_POST['update'])) {
if(get_magic_quotes_gpc()) {
$title = $_POST['title'];
$description = $_POST['description'];
$keyword = $_POST['keyword'];
$body = $_POST['body'];
$resource = $_POST['resource'];
} else {
$title = mysql_real_escape_string($_POST['title']);
$description =
mysql_real_escape_string($_POST['description']);
$keyword =
mysql_real_escape_string($_POST['keyword']);
$body = mysql_real_escape_string($_POST['body']);
$resource =
mysql_real_escape_string($_POST['resource']);
}
$catid = $_POST['category'];
$mysqldate = date( 'Y-m-d H:i:s' );
//Get the category's parent id
$catquery = "select * from categories where id =".
$catid;
$catresult = mysql_query($catquery,$connection) or
die(mysql_error());
$catinfo = mysql_fetch_array($catresult);
$parentid = $catinfo['parentid'];
if (!$parentid) {
$parentid = "NULL";
}
if ($skipqueue){
$sql = "INSERT INTO `articles` VALUES ( NULL, 0, ".
$id.", '".
$mysqldate."', '".$title."', '".$description."', '".$keyword."'
".$catid.", ".$parentid.", '".
$body."', '".$resource."', NULL);";
} else {
$sql = "INSERT INTO `articles` VALUES ( NULL, 1, ".
$id.", '".
$mysqldate."', '".$title."', '".$description."', '".$keyword."',
".$catid.", ".$parentid.", '".
$body."', '".$resource."', NULL);";
}
$query = mysql_query($sql);
if ($adminopt == 0) {
// send e-mail to ...
$to=$adminemail;
// Your subject
$subject="Article Submission at ".$sitetitle;
// From
$header="from: Admin <".$adminemail.">";
// Your message
$messages ="A new article titled '".$title."' has been
submitted to
".$sitetitle." \r\n\n";
if ($skipqueue){
$messages.="Per your settings, this article
was made live
immediately. \r\n";
} else {
$messages.="This article must be approved
before it goes live. To
approve this article, visit: \r\n\r\n";
$messages.= $siteurl."/admin/articlereview.php
\r\n";
}
$messages.="QUICK DELETE: ".$siteurl."/admin/
articlereview.php?
deleteid=".$artid." \r\n(Clicking the above link will immediately
delete the article - this cannot be undone)";
$messages.="\r\n \r\nNOTE: you can disable these
notifications from
the Site Settings area of your admin panel. \r\n";
// send email
$sentmail = mail($to,$subject,$messages,$header);
}
header('Location: articles.php?
newarticle=true');
exit();
}
include('header.php');
?>
<!-- LEFT SIDEBAR -->
<?php include('../sidebar.php');
// Call the top area of the author template
$authortop = new Template("../templates/".$template."/author-
top.tpl");
// Outputs the page template!
echo $authortop->output();
?>
<!-- Check If Banned -->
<?php
if($status == 1){
echo "<br/><div class=\"alert\"><b>This account has been banned from
submitting articles. Please contact the admin for more information</
b></div>";
} else {
?>
<h1 style="padding-left: 15px;"> Submit a New Article</h1>
<!-- VALIDATE SUBMISSION -->
<?PHP
echo '<script type="text/javascript">
function validateForm()
{
var x=document.forms["submission"]["title"].value
if (x==null || x=="") {
alert("Title cannot be blank");
return false;
}
var x=document.forms["submission"]["description"].value
if (x==null || x=="") {
alert("description cannot be blank");
return false;
}
var x=document.forms["submission"]["keyword"].value
if (x==null || x=="") {
alert("keyword cannot be blank");
return false;
}
var ed = tinymce.activeEditor;
var wordCount = Number(document.getElementById(\'body-word-count
\').innerHTML);
if (wordCount < '.$minwords.' || wordCount > '.$maxwords.') {
alert("Body must be between '.$minwords.' - '.$maxwords.' words");
return false;
}
var resource = tinyMCE.get(\'resource\').getContent();
if (resource==null || resource=="") {
alert("Resource cannot be blank");
return false;
}
}
</script>';
?>
<form style="padding-left: 15px;" name="submission" method="post"
action="submit.php" onsubmit="return validateForm()" >
<p><b>Enter the article title:</b></p>
<input type="text" name="title" style="width:400px;">
<br/><br/<p><b>Enter the article description:</b></p>
<font color=#3B5998><p><b>Html is not allowed in article
description</b></p></font>
<textarea class="mceNoEditor" name="description" style="width:
400px;
height: 150px;"></textarea>
<br/><br/><p><b>Select a Category:</b></p>
<select name="category">
<?php
// Populates the Dropdown list with all categories and subcats
$query = "select * from categories where parentid is null
order by
name;";
$result = mysql_query($query,$connection) or
die(mysql_error());
$num_results = mysql_num_rows($result);
for ($i=0; $i <$num_results; $i++) {
$row = mysql_fetch_assoc($result);
echo "<option value=\"".$row['id']."\">".
$row['name']."</option><br/
>";
$query = "select * from categories where
parentid =".$row['id']."
order by name;";
$sub_result = mysql_query($query,$connection)
or
die(mysql_error());
$sub_num_results =
mysql_num_rows($sub_result);
for ($x=0; $x <$sub_num_results; $x++) {
$subrow =
mysql_fetch_assoc($sub_result);
echo "<option value=\"".
$subrow['id']."\"> -- ".$subrow['name']."</
option><br/>";
}
}
?>
</select>
<br/><br/><p><b>Enter the article body:</b></p>
<font color=#3B5998><p><b>If you are pasting an article, press "Enter"
after the end of the Article or Word Count Limit will be always Zero</
b></p></font>
</h3><textarea id="body" name="body" style="width:615px;
height:
320px;"></textarea>
<br/><br/><p><b>Enter your author bio (you may include up to
three
links here.):</b></p>
<font color=#3B5998><p><b>If you are pasting an article, press
"Enter" after the end of the Article or Word Count Limit will be
always Zero</b></p></font>
</h3><textarea id="resource" name="resource" style="width:
615px;
height: 140px;"></textarea>
<br/><br/><p><b>Enter the article keywords separated by a comma:</b></
p>
<input type="text" name="keyword" style="width:600px;">
<br /><br />
<?php
require_once('recaptchalib.php');
$publickey = "6Ldn88YSAAAAAOSStnNU0UARXbK9U5WdDJB_uDNn"; //
you got this from the signup page
echo recaptcha_get_html($publickey);
?>
<br><input type="submit" id="submitstyle" name="save"
value="Submit Article »"/>
</form>
<?php } // closing the check if banned ?>
<br/><br/>
<?php
// Call the bottom area of the author template
$authorbottom = new Template("../templates/".$template."/
author-
bottom.tpl");
// Outputs the page template!
echo $authorbottom->output();
include('../obinclude.php'); ?>
widget. It shows up just fine. (Look towards the bottom of the
code...around line 250 or so?). My question is...do I create a
view.php using some of the code in this file (this is the form
validation, I think?) or do I just somehow work the view.php code into
this form? PLEASE HELP!!
<?php
session_start();
$metatitle = "Submit a New Article - ";
include('../config.php');
include('security.php');
// Initial DB Connect (Can't use header)
$query = 'select * from authors '
."where username ='".
$_SESSION['valid_user']."'";
$result = mysql_query($query,$connection) or
die(mysql_error());
//Create user data variables
$info = mysql_fetch_array($result);
$id = $info['id'];
$status = $info['status'];
$username = $info['username'];
$password = $info['password'];
$mailopt = $info['mailopt']; //0 == checked
// Does admin accept email submissions?
$query = "select * from settings";
$result = mysql_query($query,$connection) or
die(mysql_error());
$emailinfo = mysql_fetch_array($result);
$adminopt = $info['emailopt'];
// get admin's email address
$query = "select * from admins";
$result = mysql_query($query,$connection) or
die(mysql_error());
$admininfo = mysql_fetch_array($result);
$adminemail = $admininfo['email'];
$sitequery = 'select * from settings;';
$siteresult = mysql_query($sitequery,$connection) or
die(mysql_error());
$siteinfo = mysql_fetch_array($siteresult);
$sitetitle = $siteinfo['title'];
$siteurl = $siteinfo['url'];
$skipqueue = $siteinfo['skipqueue'];
if(isset($_POST['update'])) {
if(get_magic_quotes_gpc()) {
$title = $_POST['title'];
$description = $_POST['description'];
$keyword = $_POST['keyword'];
$body = $_POST['body'];
$resource = $_POST['resource'];
} else {
$title = mysql_real_escape_string($_POST['title']);
$description =
mysql_real_escape_string($_POST['description']);
$keyword =
mysql_real_escape_string($_POST['keyword']);
$body = mysql_real_escape_string($_POST['body']);
$resource =
mysql_real_escape_string($_POST['resource']);
}
$catid = $_POST['category'];
$mysqldate = date( 'Y-m-d H:i:s' );
//Get the category's parent id
$catquery = "select * from categories where id =".
$catid;
$catresult = mysql_query($catquery,$connection) or
die(mysql_error());
$catinfo = mysql_fetch_array($catresult);
$parentid = $catinfo['parentid'];
if (!$parentid) {
$parentid = "NULL";
}
if ($skipqueue){
$sql = "INSERT INTO `articles` VALUES ( NULL, 0, ".
$id.", '".
$mysqldate."', '".$title."', '".$description."', '".$keyword."'
".$catid.", ".$parentid.", '".
$body."', '".$resource."', NULL);";
} else {
$sql = "INSERT INTO `articles` VALUES ( NULL, 1, ".
$id.", '".
$mysqldate."', '".$title."', '".$description."', '".$keyword."',
".$catid.", ".$parentid.", '".
$body."', '".$resource."', NULL);";
}
$query = mysql_query($sql);
if ($adminopt == 0) {
// send e-mail to ...
$to=$adminemail;
// Your subject
$subject="Article Submission at ".$sitetitle;
// From
$header="from: Admin <".$adminemail.">";
// Your message
$messages ="A new article titled '".$title."' has been
submitted to
".$sitetitle." \r\n\n";
if ($skipqueue){
$messages.="Per your settings, this article
was made live
immediately. \r\n";
} else {
$messages.="This article must be approved
before it goes live. To
approve this article, visit: \r\n\r\n";
$messages.= $siteurl."/admin/articlereview.php
\r\n";
}
$messages.="QUICK DELETE: ".$siteurl."/admin/
articlereview.php?
deleteid=".$artid." \r\n(Clicking the above link will immediately
delete the article - this cannot be undone)";
$messages.="\r\n \r\nNOTE: you can disable these
notifications from
the Site Settings area of your admin panel. \r\n";
// send email
$sentmail = mail($to,$subject,$messages,$header);
}
header('Location: articles.php?
newarticle=true');
exit();
}
include('header.php');
?>
<!-- LEFT SIDEBAR -->
<?php include('../sidebar.php');
// Call the top area of the author template
$authortop = new Template("../templates/".$template."/author-
top.tpl");
// Outputs the page template!
echo $authortop->output();
?>
<!-- Check If Banned -->
<?php
if($status == 1){
echo "<br/><div class=\"alert\"><b>This account has been banned from
submitting articles. Please contact the admin for more information</
b></div>";
} else {
?>
<h1 style="padding-left: 15px;"> Submit a New Article</h1>
<!-- VALIDATE SUBMISSION -->
<?PHP
echo '<script type="text/javascript">
function validateForm()
{
var x=document.forms["submission"]["title"].value
if (x==null || x=="") {
alert("Title cannot be blank");
return false;
}
var x=document.forms["submission"]["description"].value
if (x==null || x=="") {
alert("description cannot be blank");
return false;
}
var x=document.forms["submission"]["keyword"].value
if (x==null || x=="") {
alert("keyword cannot be blank");
return false;
}
var ed = tinymce.activeEditor;
var wordCount = Number(document.getElementById(\'body-word-count
\').innerHTML);
if (wordCount < '.$minwords.' || wordCount > '.$maxwords.') {
alert("Body must be between '.$minwords.' - '.$maxwords.' words");
return false;
}
var resource = tinyMCE.get(\'resource\').getContent();
if (resource==null || resource=="") {
alert("Resource cannot be blank");
return false;
}
}
</script>';
?>
<form style="padding-left: 15px;" name="submission" method="post"
action="submit.php" onsubmit="return validateForm()" >
<p><b>Enter the article title:</b></p>
<input type="text" name="title" style="width:400px;">
<br/><br/<p><b>Enter the article description:</b></p>
<font color=#3B5998><p><b>Html is not allowed in article
description</b></p></font>
<textarea class="mceNoEditor" name="description" style="width:
400px;
height: 150px;"></textarea>
<br/><br/><p><b>Select a Category:</b></p>
<select name="category">
<?php
// Populates the Dropdown list with all categories and subcats
$query = "select * from categories where parentid is null
order by
name;";
$result = mysql_query($query,$connection) or
die(mysql_error());
$num_results = mysql_num_rows($result);
for ($i=0; $i <$num_results; $i++) {
$row = mysql_fetch_assoc($result);
echo "<option value=\"".$row['id']."\">".
$row['name']."</option><br/
>";
$query = "select * from categories where
parentid =".$row['id']."
order by name;";
$sub_result = mysql_query($query,$connection)
or
die(mysql_error());
$sub_num_results =
mysql_num_rows($sub_result);
for ($x=0; $x <$sub_num_results; $x++) {
$subrow =
mysql_fetch_assoc($sub_result);
echo "<option value=\"".
$subrow['id']."\"> -- ".$subrow['name']."</
option><br/>";
}
}
?>
</select>
<br/><br/><p><b>Enter the article body:</b></p>
<font color=#3B5998><p><b>If you are pasting an article, press "Enter"
after the end of the Article or Word Count Limit will be always Zero</
b></p></font>
</h3><textarea id="body" name="body" style="width:615px;
height:
320px;"></textarea>
<br/><br/><p><b>Enter your author bio (you may include up to
three
links here.):</b></p>
<font color=#3B5998><p><b>If you are pasting an article, press
"Enter" after the end of the Article or Word Count Limit will be
always Zero</b></p></font>
</h3><textarea id="resource" name="resource" style="width:
615px;
height: 140px;"></textarea>
<br/><br/><p><b>Enter the article keywords separated by a comma:</b></
p>
<input type="text" name="keyword" style="width:600px;">
<br /><br />
<?php
require_once('recaptchalib.php');
$publickey = "6Ldn88YSAAAAAOSStnNU0UARXbK9U5WdDJB_uDNn"; //
you got this from the signup page
echo recaptcha_get_html($publickey);
?>
<br><input type="submit" id="submitstyle" name="save"
value="Submit Article »"/>
</form>
<?php } // closing the check if banned ?>
<br/><br/>
<?php
// Call the bottom area of the author template
$authorbottom = new Template("../templates/".$template."/
author-
bottom.tpl");
// Outputs the page template!
echo $authorbottom->output();
include('../obinclude.php'); ?>
Reply all
Reply to author
Forward
0 new messages