|
||
|
$link = mysql_connect($dbhost, $dbuser, $dbpasswd) or die ("Could not connect to MySQL"); mysql_select_db ($dbname) or die ("Could not select database $dbname"); if (!$_POST){echo " You do not have authority to view this page! ";echo " This information has been logged and an email sent to this sites AF administrator ";echo " Your IP: ".$_SERVER['REMOTE_ADDR']." ";echo " Your Browser Info: ".$_SERVER['HTTP_USER_AGENT']." ";echo " Your Browser Language: ".$_SERVER['HTTP_ACCEPT_LANGUAGE']." ";echo " ".$_SERVER['HTTP_REFERER']." ";echo " Unathorized Page Accessed: ".$_SERVER['REQUEST_URI']." ";echo " ".$_SERVER['REMOTE_IDENT']." ";echo " Date Of Unathorized Access: ".date("d/M/Y:H:i:s O")." ";echo ("Article Friendly Article Publishing Script");die;}
if(isset($_POST['author'])){ if($result=mysql_query("SELECT intId FROM tblcountry WHERE varCountry LIKE '".$_POST['country']."'")) { $country=mysql_fetch_assoc($result); $country_id=$country['intId']; } else{ $country_id=4; } $e_mail = trim($_POST['email']); $check_user = "SELECT * FROM tblauthor WHERE '$e_mail' = varEmail"; $verify_user = mysql_query($check_user); //$num_rows = mysql_fetch_array($verify_user); If ($verify_user == $e_mail) { die(); }else{ if(isset($_POST['penname'])) {$penname1 = $_POST['penname'];$pen = explode(" ",$penname1);$fname = $pen[0];$lname = $pen[1];}else{$fname = $_POST['first_name'];$lname = $POST['last_name']; } if($fname == "" && $lname == ""){ die();} mysql_query("INSERT INTO tblauthor(varEmail, varPassword, varFirstName, varlastName, varAddress1, varAddress2, varZip, varCity, varState, intCountry, varPhone, varFax, intIsTerms, intStatus, dtRegisteredDate, varIPNUM, varBio, website) VALUES('{$_POST['email']}', '{$_POST['password']}', '$fname', '$lname', '{$_POST['address1']}', '{$_POST['address2']}', '{$_POST['zip_code']}', '{$_POST['city']}', '{$_POST['state']}', '".$country_id."', 'Phone', 'Fax', '1', '1', '".date("Y-m-d G:i:s")."', '{$_POST['IP_NUM']}', '{$_POST['bio']}', '{$_POST['web']}')")or die("Article Friendly"); } }
if(isset($_POST['articles'])) {
$dupe_test = mysql_query("SELECT varArticleTitle FROM tblarticles WHERE ".$_POST['title']." = varArticleTitle"); If($dupe_test) { die(); } $cat1 = $_POST['category']; $result=mysql_query("SELECT intID FROM tblcategories WHERE varCategory = '$cat1' LIMIT 1"); $id=mysql_fetch_assoc($result); if($result){ $category_id=$id['intID']; }else{ die(); } $results = mysql_query("SELECT intId FROM tblauthor WHERE '".$_POST['email']."' = varEmail AND txtBAN = 'No' AND intId > 0 LIMIT 1"); if($results){ $verified=mysql_fetch_assoc($results); $user_id = $verified['intId']; $title = safeEscapeString($_POST['title']); $article = safeEscapeString($_POST['article']); $summary = safeEscapeString($_POST['description']); $keywords = safeEscapeString($_POST['keywords']); $resources = safeEscapeString($_POST['resource_box']); mysql_query("INSERT INTO tblarticles(intAuthorId, intCategory, varArticleTitle, textArticleText, intStatus, textSummary, varKeywords, textResource, ttSubmitDate, word_count) VALUES('$user_id', '$category_id', '$title', '$article', '1', '$summary','$keywords', '$resources', '".date("Y-m-d G:i:s")."', '{$_POST['wordcount']}')")or die("articlefriendly.com"); mysql_query("DELETE FROM tblarticles WHERE intAuthorId = 0"); echo ("Article Friendly Article Publishing Script" ); }else{ die(); } }?>
|
|
|