Código PHP:
<?php
include_once('db_fns.php'); //iniciamos coneccion
include_once('admin/user_auth_fns.php'); //iniciamos secion
session_start(); //mantenemos secion
$handle = db_connect();
if (isset($_REQUEST['enviar'])){
$headline = $_REQUEST['headline'];
$page = isset($_REQUEST['post']);
$time = time();
if ( (isset($_FILES['html']['name']) &&
(dirname($_FILES['html']['type']) == 'text') &&
is_uploaded_file($_FILES['html']['tmp_name'])))
{
$story_text = file_get_contents($_FILES['html']['tmp_name']);
}
else
{
$story_text = $_REQUEST['story_text'];
}
$story_text = addslashes($story_text);
if (isset($_REQUEST['story']) && $_REQUEST['story']!='')
{ // It's an update
$query = "insert into stories
(headline, story_text, page, writer, created, modified)
values
('$headline', '$story_text', '$page', '".
$_SESSION['auth_user']."', $time, $time)";
}
else
{ // It's a new
$story = $_REQUEST['story'];
$query = "update stories
set headline = '$headline',
story_text = '$story_text',
page = '$page',
modified = $time
where id = $story";
}
$result = $handle->query($query);
echo 'enviado';
if (!$result)
{
echo "There was a database error when executing <pre>$query</pre>";
echo mysqli_error();
exit;
}
}
include_once('header.php');
if (isset($_REQUEST['post']))
{
?>
<div class=post>
<form action="post.php?enviar" method="post" enctype="multipart/form-data">
<input type="hidden" name="story" value="<?php echo $_REQUEST['post'];?>">
<input type="hidden" name="destination"
value="<?php echo $_SERVER['HTTP_REFERER'];?>">
<table>
<tr>
<td>Titular<td>
</tr>
<tr>
<td><input size="80" name="headline"></td>
</tr>
<tr>
<td>Titular<td>
</tr>
<tr>
<td><input size="80" name="post" value="<?php isset($_REQUEST['post']) ?>"></td>
</tr>
<tr>
<td>Texto de la historia (puede contener etiquetas HTML)</td>
</tr>
<tr>
<td><textarea cols="80" rows="7" name="story_text"
wrap="virtual"></textarea>
</td>
</tr>
<tr>
<td align="center"><input type="submit" value="Enviar"></td>
</tr>
</table>
</form>
</div>
<?php
}
include_once('footer.php');
?> 
saludos 
