Loosing session vars when posting data with an apostrophe
Moderator: General Moderators
Loosing session vars when posting data with an apostrophe
I am using a wysiwyg so that users can enter and format text and images to update pages on a website.
I am having a problem when pasting text from word. If there is an apostrophe in the text and then I try to save I loose my session variables. I am using sessions for security.
I can retreive the posted string with the apostrophe in it with no problem and dispaly on the page but I can't retreive my session variables.
Any help would be greatly apprecited.
I am having a problem when pasting text from word. If there is an apostrophe in the text and then I try to save I loose my session variables. I am using sessions for security.
I can retreive the posted string with the apostrophe in it with no problem and dispaly on the page but I can't retreive my session variables.
Any help would be greatly apprecited.
here is the code. When I post the form with an apostrophe in the textarea I can't retreive the session vars.
thanks,
feyd | Please use
thanks,
Code: Select all
<?php
session_start();
require_once('Connections/rcu.php');
mysql_select_db($database_rcu, $rcu);
if (isset($_POST['logout']))
{
session_start(session_id());
session_unset();
session_destroy();
};
//if login has been clicked then authenticate the user
if (isset($_POST['login']))
{
$query = "select username from users where username='".$_POST['username']."' and password=aes_encrypt('".$_POST['pass']."', 'key');";
$result = mysql_query($query, $rcu) or die(mysql_error());
if (mysql_num_rows($result) > 0)
{
session_start();
$_SESSION["pwd"] = $_POST['pass'];
$_SESSION['user'] = $_POST['username'];
} else {
echo "<script> alert('Incorrect Username or Password!'); </script>";
};
};
//if user is already logged in then proceed
if (isset($_SESSION['pwd']))
{
session_start(session_id());
$query = "select username from users where password=aes_encrypt('".$_SESSION['pwd']."', 'webber');";
$result = mysql_query($query, $rcu) or die("Fatal Error!");
if (mysql_num_rows($result) > 0)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Rochdale Credit Union Website Content Management Console</title>
<script language="Javascript1.2"><!-- // load htmlarea
_editor_url = "htmlarea/"; // URL to htmlarea files
var win_ie_ver = parseFloat(navigator.appVersion.split("MSIE")[1]);
if (navigator.userAgent.indexOf('Mac') >= 0) { win_ie_ver = 0; }
if (navigator.userAgent.indexOf('Windows CE') >= 0) { win_ie_ver = 0; }
if (navigator.userAgent.indexOf('Opera') >= 0) { win_ie_ver = 0; }
if (win_ie_ver >= 5.5) {
document.write('<scr' + 'ipt src="' +_editor_url+ 'editor.js"');
document.write(' language="Javascript1.2"></scr' + 'ipt>');
} else { document.write('<scr'+'ipt>function editor_generate() { return false; }</scr'+'ipt>'); }
// --></script>
<link href="CSS/default.css" rel="stylesheet" type="text/css">
</head>
<?php
//if a file is being uploaded then process the file
if (isset($_POST['upFile']))
{
$uploaddir = 'images/';
$uploadfile = $uploaddir . basename($_FILES['picture']['name']);
if (move_uploaded_file($_FILES['picture']['tmp_name'], $uploadfile)) {
echo "<script> alert('Image Uploaded Successfully');</script>";
} else {
echo "<script>alert('Image not uploaded.'); </script>";
};
};
//if a save has been submitted then save changes to database
if (isset($_POST['subChanges']))
{
$query = "update content set content='".$_POST['pagecontent']."' where page_name='".$_POST['pageName']."'";
mysql_query($query) or die(mysql_error());
//let the user know that changes were saved
echo "<script language='javascript'>alert('Changes Saved Successfully');</script>";
};
if (isset($_POST['prevChanges']))
{
$query = "update preview set content='".$_POST['pagecontent']."' where page_name='".$_POST['pageName']."'";
mysql_query($query) or die(mysql_error());
echo "<script language='javascript'> window.open('prevPage.php?page=".$_POST['pageName']."', '','menubar=no, toolbar=no, scrollbars=yes, width=600, height=400');</script>";
};
?>
<body>
<form method="POST" enctype="multipart/form-data">
<table width="750px" align="center" border="2" bordercolor="#000000" cellspacing="0" cellpadding="0">
<tr>
<td>
<table border="0" width="100%" bordercolor="#000000" cellpadding="0" cellspacing="0">
<tr>
<td align="center"><img src="images/contentMgrHdr.jpg" width="231" height="62" align="center">
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table bgcolor="#666699" valign="middle" width="100%" border="0">
<tr>
<td colspan="3" align="right" bgcolor="#666699">
<font color="#FFFFFF">You are logged in as : <strong><?php echo $_SESSION['user']; ?></strong> <input type="submit" value="Log Out" name="logout" class="SubButton"></font>
</td>
</tr>
<tr>
<td bgcolor="#666699" valign="middle" align="left" colspan="3">
<input type="hidden" name="MAX_FILE_SIZE" value="30000">
<input type="file" name="picture" size="20" class="fFile">
<input type="submit" value="Upload Image" name="upFile" class="SubButton">
</td>
</tr>
<tr>
<td bgcolor="#666699" valign="middle" colspan="2">
<select name="pageName">
<?php
$query_pages = "SELECT content.page_name FROM content";
$pages = mysql_query($query_pages, $rcu) or die(mysql_error());
$totalRows_pages = mysql_num_rows($pages);
while ($row_pages = mysql_fetch_assoc($pages))
{
if (isset($_POST['pageName']))
{
if ($row_pages['page_name'] == $_POST['pageName'])
{
?>
<option value="<?php echo $row_pages['page_name']?>" selected><?php echo $row_pages['page_name']?></option>
<?php
}
else
{
?>
<option value="<?php echo $row_pages['page_name']?>"><?php echo $row_pages['page_name']?></option>
<?php
};
}
else
{
?>
<option value="<?php echo $row_pages['page_name']?>"><?php echo $row_pages['page_name']?></option>
<?php
};
};
$rows = mysql_num_rows($pages);
if($rows > 0)
{
mysql_data_seek($pages, 0);
$row_pages = mysql_fetch_assoc($pages);
};
?>
</select>
<input type="submit" name="subPage" value="Go" class="SubButton">
<td bgcolor="#666699" align="right" nowrap>
<input name="prevChanges" class="SubButton" type="submit" id="prevChanges" value="PREVIEW">
<input name="subChanges" class="SubButton" type="submit" id="subChanges" value="PUBLISH">
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table width="100%" bgcolor="#666699" cellpadding="0" cellspacing="0">
<tr>
<td>
<?php
if (isset($_POST['subPage']))
{
$pageName = $_POST['pageName'];
}
elseif (isset($_POST['subChanges']))
{
$pageName = $_POST['pageName'];
}
else
{
$pageName = "";
};
?>
<textarea name="pagecontent" id="pagecontent" style="width:100%; height:200">
<?php
if ((isset($_POST['prevChanges'])) or (isset($_POST['upFile'])))
{
echo stripslashes(htmlentities($_POST['pagecontent']));
}
else
{
if (isset($_POST['subPage']))
{
mysql_select_db($database_rcu, $rcu);
$query_pageContent = "SELECT content FROM content WHERE page_name = '".$_POST['pageName']."'";
$pageContent = mysql_query($query_pageContent) or die(mysql_error());
$row_pageContent = mysql_fetch_array($pageContent);
echo htmlentities($row_pageContent['content']);
}
else
{
if (isset($_POST['pageName']))
{
mysql_select_db($database_rcu, $rcu);
$query_pageContent = "SELECT content FROM content WHERE page_name = '".$_POST['pageName']."'";
$pageContent = mysql_query($query_pageContent) or die(mysql_error());
$row_pageContent = mysql_fetch_array($pageContent);
echo htmlentities($row_pageContent['content']);
};
};
};
?>
</textarea>
</td>
</tr>
</table>
</tr>
</table>
</form>
<p><br>
<script language="javascript1.2">
var config = new Object(); // create new config object
config.width = "100%";
config.height = "350px";
config.bodyStyle = 'background-color: white; font-family: "Verdana"; font-size: x-small;';
config.debug = 0;
// NOTE: You can remove any of these blocks and use the default config!
config.toolbar = [
// ['fontname'],
['fontsize'],
// ['fontstyle'],
['linebreak'],
['bold','italic','underline','separator'],
// ['strikethrough','subscript','superscript','separator'],
['justifyleft','justifycenter','justifyright','separator'],
['OrderedList','UnOrderedList','Outdent','Indent','separator'],
['forecolor','separator'],
['HorizontalRule','Createlink','InsertImage', 'InsertTable','htmlmode','separator'],
// ['about','help','popupeditor'],
];
//config.fontnames = {
// "Arial": "arial, helvetica, sans-serif",
// "Courier New": "courier new, courier, mono",
// "Georgia": "Georgia, Times New Roman, Times, Serif",
// "Tahoma": "Tahoma, Arial, Helvetica, sans-serif",
// "Times New Roman": "times new roman, times, serif",
// "Verdana": "Verdana, Arial, Helvetica, sans-serif",
// "impact": "impact",
// "WingDings": "WingDings"
//};
config.fontsizes = {
"1 (8 pt)": "1",
"2 (10 pt)": "2",
"3 (12 pt)": "3",
"4 (14 pt)": "4",
"5 (18 pt)": "5",
"6 (24 pt)": "6",
"7 (36 pt)": "7"
};
//config.stylesheet = "http://www.domain.com/sample.css";
//config.fontstyles = [ // make sure classNames are defined in the page the content is being display as well in or they won't work!
// { name: "headline", className: "headline", classStyle: "font-family: arial black, arial; font-size: 28px; letter-spacing: -2px;" },
// { name: "arial red", className: "headline2", classStyle: "font-family: arial black, arial; font-size: 12px; letter-spacing: -2px; color:red" },
// { name: "verdana blue", className: "headline4", classStyle: "font-family: verdana; font-size: 18px; letter-spacing: -2px; color:blue" }
// leave classStyle blank if it's defined in config.stylesheet (above), like this:
// { name: "verdana blue", className: "headline4", classStyle: "" }
//];
editor_generate('pagecontent', config);
</script>
</p>
<p> </p>
</body>
</html>
<?php
}
else
{
//before we do anything we must authenticate the user
//before we do anything we must authenticate the user
echo "<link href='CSS/default.css' rel='stylesheet' type='text/css'>";
echo "<br><br><br><br>";
echo "<form method='POST' action=''>";
echo "<table align='center' width='25%' border='0' cellpadding='0' cellspacing='0'>";
echo "<tr>";
echo "<td colspan='2' align='center'><img src='images/contentMgrHdr.jpg'></td>";
echo "</tr>";
echo "<tr>";
echo "<td align='left'>";
echo "<font><strong>User Name:</strong></font>";
echo "<td align='right'>";
echo "<input type='text' size='20' name='username'>";
echo "</tr>";
echo "<tr>";
echo "<td align='left'>";
echo "<font><strong>Password1:</strong></font>";
echo "<td align='right'>";
echo "<input type='password' size='20' name='pass'>";
echo "</tr>";
echo "<tr>";
echo "<td colspan='2' align='right'>";
echo "<input type='submit' name='login' value='LOGIN' class='SubButton'>";
echo "</tr>";
echo "</table>";
echo "</form>";
};
}
else
{
//before we do anything we must authenticate the user
echo "<link href='CSS/default.css' rel='stylesheet' type='text/css'>";
echo "<br><br><br><br>";
echo "<form method='POST' action=''>";
echo "<table align='center' width='25%' border='0' cellpadding='0' cellspacing='0'>";
echo "<tr>";
echo "<td colspan='2' align='center'><img src='images/contentMgrHdr.jpg'></td>";
echo "</tr>";
echo "<tr>";
echo "<td align='left'>";
echo "<font><strong>User Name:</strong></font>";
echo "<td align='right'>";
echo "<input type='text' size='20' name='username'>";
echo "</tr>";
echo "<tr>";
echo "<td align='left'>";
echo "<font><strong>Password:</strong></font>";
echo "<td align='right'>";
echo "<input type='password' size='20' name='pass'>";
echo "</tr>";
echo "<tr>";
echo "<td colspan='2' align='right'>";
echo "<input type='submit' name='login' value='LOGIN' class='SubButton'>";
echo "</tr>";
echo "</table>";
echo "</form>";
};
mysql_close();
?>feyd | Please use
Code: Select all
andCode: Select all
tags where approriate when posting code. Read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]Thank's for the tip on sql injection. I have fixed my user validation by sanitzing before I authenticate by stripping out all non alpha numeric characters.
I am still having the problem with losing my session vars though.
My update queries are working fine. Could you please elaborate on why you think they don't work?
thanks
I am still having the problem with losing my session vars though.
My update queries are working fine. Could you please elaborate on why you think they don't work?
thanks
I apologize for that. It was a typo when I posted the code. The query works fine and when user logs in the session vars are registered successfully. The problem occurs when the user posts data from the textarea that has an apostrophe (pasted from Word) in it. When this happens I cannot pick up the session vars again so the user session is lost.
thanks,
thanks,
It is failing on line 29.
I have tested this thoroughly. If I paste text from Word containing an apostrophe and then try to preview or publish the session is lost. If I remove the apostrophe from the text I can publish or preview with no problems without losing the session.
If I type in any input directly to the textarea there is no problem. It is only when I am pasting from a rich text editor like Word.
thanks for your help and patience,
I have tested this thoroughly. If I paste text from Word containing an apostrophe and then try to preview or publish the session is lost. If I remove the apostrophe from the text I can publish or preview with no problems without losing the session.
If I type in any input directly to the textarea there is no problem. It is only when I am pasting from a rich text editor like Word.
thanks for your help and patience,
Code: Select all
<?php
session_start();
require_once('Connections/rcu.php');
mysql_select_db($database_rcu, $rcu);
if (isset($_POST['logout']))
{
session_start(session_id());
session_unset();
session_destroy();
};
//if login has been clicked then authenticate the user
if (isset($_POST['login']))
{
$query = "select username from users where username='".ereg_replace("[^A-Za-z0-9]", "", $_POST['username'])."' and password=aes_encrypt('".ereg_replace("[^A-Za-z0-9]", "", $_POST['pass'])."', 'webber');";
echo $query;
$result = mysql_query($query, $rcu) or die(mysql_error());
if (mysql_num_rows($result) > 0)
{
session_start();
$_SESSION["pwd"] = $_POST['pass'];
$_SESSION['user'] = $_POST['username'];
} else {
echo "<script> alert('Incorrect Username or Password!'); </script>";
};
};
//if user is already logged in then proceed
if (isset($_SESSION['pwd']))
{
session_start(session_id());
$query = "select username from users where password=aes_encrypt('".ereg_replace("[^A-Za-z0-9]", "", $_SESSION['pwd'])."', 'webber');";
$result = mysql_query($query, $rcu) or die("Fatal Error!");
if (mysql_num_rows($result) > 0)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Rochdale Credit Union Website Content Management Console</title>
<script language="Javascript1.2"><!-- // load htmlarea
_editor_url = "htmlarea/"; // URL to htmlarea files
var win_ie_ver = parseFloat(navigator.appVersion.split("MSIE")[1]);
if (navigator.userAgent.indexOf('Mac') >= 0) { win_ie_ver = 0; }
if (navigator.userAgent.indexOf('Windows CE') >= 0) { win_ie_ver = 0; }
if (navigator.userAgent.indexOf('Opera') >= 0) { win_ie_ver = 0; }
if (win_ie_ver >= 5.5) {
document.write('<scr' + 'ipt src="' +_editor_url+ 'editor.js"');
document.write(' language="Javascript1.2"></scr' + 'ipt>');
} else { document.write('<scr'+'ipt>function editor_generate() { return false; }</scr'+'ipt>'); }
// --></script>
<link href="CSS/default.css" rel="stylesheet" type="text/css">
</head>
<?php
//if a file is being uploaded then process the file
if (isset($_POST['upFile']))
{
$uploaddir = 'images/';
$uploadfile = $uploaddir . basename($_FILES['picture']['name']);
if (move_uploaded_file($_FILES['picture']['tmp_name'], $uploadfile)) {
echo "<script> alert('Image Uploaded Successfully');</script>";
} else {
echo "<script>alert('Image not uploaded.'); </script>";
};
};
//if a save has been submitted then save changes to database
if (isset($_POST['subChanges']))
{
$query = "update content set content='".$_POST['pagecontent']."' where page_name='".$_POST['pageName']."'";
mysql_query($query) or die(mysql_error());
//let the user know that changes were saved
echo "<script language='javascript'>alert('Changes Saved Successfully');</script>";
};
if (isset($_POST['prevChanges']))
{
$query = "update preview set content='".$_POST['pagecontent']."' where page_name='".$_POST['pageName']."'";
mysql_query($query) or die(mysql_error());
echo "<script language='javascript'> window.open('prevPage.php?page=".$_POST['pageName']."', '','menubar=no, toolbar=no, scrollbars=yes, width=600, height=400');</script>";
};
?>
<body>
<form method="POST" enctype="multipart/form-data">
<table width="750px" align="center" border="2" bordercolor="#000000" cellspacing="0" cellpadding="0">
<tr>
<td>
<table border="0" width="100%" bordercolor="#000000" cellpadding="0" cellspacing="0">
<tr>
<td align="center"><img src="images/contentMgrHdr.jpg" width="231" height="62" align="center">
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table bgcolor="#666699" valign="middle" width="100%" border="0">
<tr>
<td colspan="3" align="right" bgcolor="#666699">
<font color="#FFFFFF">You are logged in as : <strong><?php echo $_SESSION['user']; ?></strong> <input type="submit" value="Log Out" name="logout" class="SubButton"></font>
</td>
</tr>
<tr>
<td bgcolor="#666699" valign="middle" align="left" colspan="3">
<input type="hidden" name="MAX_FILE_SIZE" value="30000">
<input type="file" name="picture" size="20" class="fFile">
<input type="submit" value="Upload Image" name="upFile" class="SubButton">
</td>
</tr>
<tr>
<td bgcolor="#666699" valign="middle" colspan="2">
<select name="pageName">
<?php
$query_pages = "SELECT content.page_name FROM content";
$pages = mysql_query($query_pages, $rcu) or die(mysql_error());
$totalRows_pages = mysql_num_rows($pages);
while ($row_pages = mysql_fetch_assoc($pages))
{
if (isset($_POST['pageName']))
{
if ($row_pages['page_name'] == $_POST['pageName'])
{
?>
<option value="<?php echo $row_pages['page_name']?>" selected><?php echo $row_pages['page_name']?></option>
<?php
}
else
{
?>
<option value="<?php echo $row_pages['page_name']?>"><?php echo $row_pages['page_name']?></option>
<?php
};
}
else
{
?>
<option value="<?php echo $row_pages['page_name']?>"><?php echo $row_pages['page_name']?></option>
<?php
};
};
$rows = mysql_num_rows($pages);
if($rows > 0)
{
mysql_data_seek($pages, 0);
$row_pages = mysql_fetch_assoc($pages);
};
?>
</select>
<input type="submit" name="subPage" value="Go" class="SubButton">
<td bgcolor="#666699" align="right" nowrap>
<input name="prevChanges" class="SubButton" type="submit" id="prevChanges" value="PREVIEW">
<input name="subChanges" class="SubButton" type="submit" id="subChanges" value="PUBLISH">
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table width="100%" bgcolor="#666699" cellpadding="0" cellspacing="0">
<tr>
<td>
<?php
if (isset($_POST['subPage']))
{
$pageName = $_POST['pageName'];
}
elseif (isset($_POST['subChanges']))
{
$pageName = $_POST['pageName'];
}
else
{
$pageName = "";
};
?>
<textarea name="pagecontent" id="pagecontent" style="width:100%; height:200">
<?php
if ((isset($_POST['prevChanges'])) or (isset($_POST['upFile'])))
{
echo stripslashes(htmlentities($_POST['pagecontent']));
}
else
{
if (isset($_POST['subPage']))
{
mysql_select_db($database_rcu, $rcu);
$query_pageContent = "SELECT content FROM content WHERE page_name = '".$_POST['pageName']."'";
$pageContent = mysql_query($query_pageContent) or die(mysql_error());
$row_pageContent = mysql_fetch_array($pageContent);
echo htmlentities($row_pageContent['content']);
}
else
{
if (isset($_POST['pageName']))
{
mysql_select_db($database_rcu, $rcu);
$query_pageContent = "SELECT content FROM content WHERE page_name = '".$_POST['pageName']."'";
$pageContent = mysql_query($query_pageContent) or die(mysql_error());
$row_pageContent = mysql_fetch_array($pageContent);
echo htmlentities($row_pageContent['content']);
};
};
};
?>
</textarea>
</td>
</tr>
</table>
</tr>
</table>
</form>
<p><br>
<script language="javascript1.2">
var config = new Object(); // create new config object
config.width = "100%";
config.height = "350px";
config.bodyStyle = 'background-color: white; font-family: "Verdana"; font-size: x-small;';
config.debug = 0;
// NOTE: You can remove any of these blocks and use the default config!
config.toolbar = [
// ['fontname'],
['fontsize'],
// ['fontstyle'],
['linebreak'],
['bold','italic','underline','separator'],
// ['strikethrough','subscript','superscript','separator'],
['justifyleft','justifycenter','justifyright','separator'],
['OrderedList','UnOrderedList','Outdent','Indent','separator'],
['forecolor','separator'],
['HorizontalRule','Createlink','InsertImage', 'InsertTable','htmlmode','separator'],
// ['about','help','popupeditor'],
];
//config.fontnames = {
// "Arial": "arial, helvetica, sans-serif",
// "Courier New": "courier new, courier, mono",
// "Georgia": "Georgia, Times New Roman, Times, Serif",
// "Tahoma": "Tahoma, Arial, Helvetica, sans-serif",
// "Times New Roman": "times new roman, times, serif",
// "Verdana": "Verdana, Arial, Helvetica, sans-serif",
// "impact": "impact",
// "WingDings": "WingDings"
//};
config.fontsizes = {
"1 (8 pt)": "1",
"2 (10 pt)": "2",
"3 (12 pt)": "3",
"4 (14 pt)": "4",
"5 (18 pt)": "5",
"6 (24 pt)": "6",
"7 (36 pt)": "7"
};
//config.stylesheet = "http://www.domain.com/sample.css";
//config.fontstyles = [ // make sure classNames are defined in the page the content is being display as well in or they won't work!
// { name: "headline", className: "headline", classStyle: "font-family: arial black, arial; font-size: 28px; letter-spacing: -2px;" },
// { name: "arial red", className: "headline2", classStyle: "font-family: arial black, arial; font-size: 12px; letter-spacing: -2px; color:red" },
// { name: "verdana blue", className: "headline4", classStyle: "font-family: verdana; font-size: 18px; letter-spacing: -2px; color:blue" }
// leave classStyle blank if it's defined in config.stylesheet (above), like this:
// { name: "verdana blue", className: "headline4", classStyle: "" }
//];
editor_generate('pagecontent', config);
</script>
</p>
<p> </p>
</body>
</html>
<?php
}
else
{
//before we do anything we must authenticate the user
//before we do anything we must authenticate the user
echo "<link href='CSS/default.css' rel='stylesheet' type='text/css'>";
echo "<br><br><br><br>";
echo "<form method='POST' action=''>";
echo "<table align='center' width='25%' border='0' cellpadding='0' cellspacing='0'>";
echo "<tr>";
echo "<td colspan='2' align='center'><img src='images/contentMgrHdr.jpg'></td>";
echo "</tr>";
echo "<tr>";
echo "<td align='left'>";
echo "<font><strong>User Name:</strong></font>";
echo "<td align='right'>";
echo "<input type='text' size='20' name='username'>";
echo "</tr>";
echo "<tr>";
echo "<td align='left'>";
echo "<font><strong>Password:</strong></font>";
echo "<td align='right'>";
echo "<input type='password' size='20' name='pass'>";
echo "</tr>";
echo "<tr>";
echo "<td colspan='2' align='right'>";
echo "<input type='submit' name='login' value='LOGIN' class='SubButton'>";
echo "</tr>";
echo "</table>";
echo "</form>";
};
}
else
{
//before we do anything we must authenticate the user
echo "<link href='CSS/default.css' rel='stylesheet' type='text/css'>";
echo "<br><br><br><br>";
echo "<form method='POST' action=''>";
echo "<table align='center' width='25%' border='0' cellpadding='0' cellspacing='0'>";
echo "<tr>";
echo "<td colspan='2' align='center'><img src='images/contentMgrHdr.jpg'></td>";
echo "</tr>";
echo "<tr>";
echo "<td align='left'>";
echo "<font><strong>User Name:</strong></font>";
echo "<td align='right'>";
echo "<input type='text' size='20' name='username'>";
echo "</tr>";
echo "<tr>";
echo "<td align='left'>";
echo "<font><strong>Password:</strong></font>";
echo "<td align='right'>";
echo "<input type='password' size='20' name='pass'>";
echo "</tr>";
echo "<tr>";
echo "<td colspan='2' align='right'>";
echo "<input type='submit' name='login' value='LOGIN' class='SubButton'>";
echo "</tr>";
echo "</table>";
echo "</form>";
};
mysql_close();
?>