It is failing on line 29.
I have tested this thoroughly. If I paste text from Word containing an apostrophe and then try to preview or publish the session is lost. If I remove the apostrophe from the text I can publish or preview with no problems without losing the session.
If I type in any input directly to the textarea there is no problem. It is only when I am pasting from a rich text editor like Word.
Code: Select all
<?php
session_start();
require_once('Connections/rcu.php');
mysql_select_db($database_rcu, $rcu);
if (isset($_POST['logout']))
{
session_start(session_id());
session_unset();
session_destroy();
};
//if login has been clicked then authenticate the user
if (isset($_POST['login']))
{
$query = "select username from users where username='".ereg_replace("[^A-Za-z0-9]", "", $_POST['username'])."' and password=aes_encrypt('".ereg_replace("[^A-Za-z0-9]", "", $_POST['pass'])."', 'webber');";
echo $query;
$result = mysql_query($query, $rcu) or die(mysql_error());
if (mysql_num_rows($result) > 0)
{
session_start();
$_SESSION["pwd"] = $_POST['pass'];
$_SESSION['user'] = $_POST['username'];
} else {
echo "<script> alert('Incorrect Username or Password!'); </script>";
};
};
//if user is already logged in then proceed
if (isset($_SESSION['pwd']))
{
session_start(session_id());
$query = "select username from users where password=aes_encrypt('".ereg_replace("[^A-Za-z0-9]", "", $_SESSION['pwd'])."', 'webber');";
$result = mysql_query($query, $rcu) or die("Fatal Error!");
if (mysql_num_rows($result) > 0)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Rochdale Credit Union Website Content Management Console</title>
<script language="Javascript1.2"><!-- // load htmlarea
_editor_url = "htmlarea/"; // URL to htmlarea files
var win_ie_ver = parseFloat(navigator.appVersion.split("MSIE")[1]);
if (navigator.userAgent.indexOf('Mac') >= 0) { win_ie_ver = 0; }
if (navigator.userAgent.indexOf('Windows CE') >= 0) { win_ie_ver = 0; }
if (navigator.userAgent.indexOf('Opera') >= 0) { win_ie_ver = 0; }
if (win_ie_ver >= 5.5) {
document.write('<scr' + 'ipt src="' +_editor_url+ 'editor.js"');
document.write(' language="Javascript1.2"></scr' + 'ipt>');
} else { document.write('<scr'+'ipt>function editor_generate() { return false; }</scr'+'ipt>'); }
// --></script>
<link href="CSS/default.css" rel="stylesheet" type="text/css">
</head>
<?php
//if a file is being uploaded then process the file
if (isset($_POST['upFile']))
{
$uploaddir = 'images/';
$uploadfile = $uploaddir . basename($_FILES['picture']['name']);
if (move_uploaded_file($_FILES['picture']['tmp_name'], $uploadfile)) {
echo "<script> alert('Image Uploaded Successfully');</script>";
} else {
echo "<script>alert('Image not uploaded.'); </script>";
};
};
//if a save has been submitted then save changes to database
if (isset($_POST['subChanges']))
{
$query = "update content set content='".$_POST['pagecontent']."' where page_name='".$_POST['pageName']."'";
mysql_query($query) or die(mysql_error());
//let the user know that changes were saved
echo "<script language='javascript'>alert('Changes Saved Successfully');</script>";
};
if (isset($_POST['prevChanges']))
{
$query = "update preview set content='".$_POST['pagecontent']."' where page_name='".$_POST['pageName']."'";
mysql_query($query) or die(mysql_error());
echo "<script language='javascript'> window.open('prevPage.php?page=".$_POST['pageName']."', '','menubar=no, toolbar=no, scrollbars=yes, width=600, height=400');</script>";
};
?>
<body>
<form method="POST" enctype="multipart/form-data">
<table width="750px" align="center" border="2" bordercolor="#000000" cellspacing="0" cellpadding="0">
<tr>
<td>
<table border="0" width="100%" bordercolor="#000000" cellpadding="0" cellspacing="0">
<tr>
<td align="center"><img src="images/contentMgrHdr.jpg" width="231" height="62" align="center">
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table bgcolor="#666699" valign="middle" width="100%" border="0">
<tr>
<td colspan="3" align="right" bgcolor="#666699">
<font color="#FFFFFF">You are logged in as : <strong><?php echo $_SESSION['user']; ?></strong> <input type="submit" value="Log Out" name="logout" class="SubButton"></font>
</td>
</tr>
<tr>
<td bgcolor="#666699" valign="middle" align="left" colspan="3">
<input type="hidden" name="MAX_FILE_SIZE" value="30000">
<input type="file" name="picture" size="20" class="fFile">
<input type="submit" value="Upload Image" name="upFile" class="SubButton">
</td>
</tr>
<tr>
<td bgcolor="#666699" valign="middle" colspan="2">
<select name="pageName">
<?php
$query_pages = "SELECT content.page_name FROM content";
$pages = mysql_query($query_pages, $rcu) or die(mysql_error());
$totalRows_pages = mysql_num_rows($pages);
while ($row_pages = mysql_fetch_assoc($pages))
{
if (isset($_POST['pageName']))
{
if ($row_pages['page_name'] == $_POST['pageName'])
{
?>
<option value="<?php echo $row_pages['page_name']?>" selected><?php echo $row_pages['page_name']?></option>
<?php
}
else
{
?>
<option value="<?php echo $row_pages['page_name']?>"><?php echo $row_pages['page_name']?></option>
<?php
};
}
else
{
?>
<option value="<?php echo $row_pages['page_name']?>"><?php echo $row_pages['page_name']?></option>
<?php
};
};
$rows = mysql_num_rows($pages);
if($rows > 0)
{
mysql_data_seek($pages, 0);
$row_pages = mysql_fetch_assoc($pages);
};
?>
</select>
<input type="submit" name="subPage" value="Go" class="SubButton">
<td bgcolor="#666699" align="right" nowrap>
<input name="prevChanges" class="SubButton" type="submit" id="prevChanges" value="PREVIEW">
<input name="subChanges" class="SubButton" type="submit" id="subChanges" value="PUBLISH">
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table width="100%" bgcolor="#666699" cellpadding="0" cellspacing="0">
<tr>
<td>
<?php
if (isset($_POST['subPage']))
{
$pageName = $_POST['pageName'];
}
elseif (isset($_POST['subChanges']))
{
$pageName = $_POST['pageName'];
}
else
{
$pageName = "";
};
?>
<textarea name="pagecontent" id="pagecontent" style="width:100%; height:200">
<?php
if ((isset($_POST['prevChanges'])) or (isset($_POST['upFile'])))
{
echo stripslashes(htmlentities($_POST['pagecontent']));
}
else
{
if (isset($_POST['subPage']))
{
mysql_select_db($database_rcu, $rcu);
$query_pageContent = "SELECT content FROM content WHERE page_name = '".$_POST['pageName']."'";
$pageContent = mysql_query($query_pageContent) or die(mysql_error());
$row_pageContent = mysql_fetch_array($pageContent);
echo htmlentities($row_pageContent['content']);
}
else
{
if (isset($_POST['pageName']))
{
mysql_select_db($database_rcu, $rcu);
$query_pageContent = "SELECT content FROM content WHERE page_name = '".$_POST['pageName']."'";
$pageContent = mysql_query($query_pageContent) or die(mysql_error());
$row_pageContent = mysql_fetch_array($pageContent);
echo htmlentities($row_pageContent['content']);
};
};
};
?>
</textarea>
</td>
</tr>
</table>
</tr>
</table>
</form>
<p><br>
<script language="javascript1.2">
var config = new Object(); // create new config object
config.width = "100%";
config.height = "350px";
config.bodyStyle = 'background-color: white; font-family: "Verdana"; font-size: x-small;';
config.debug = 0;
// NOTE: You can remove any of these blocks and use the default config!
config.toolbar = [
// ['fontname'],
['fontsize'],
// ['fontstyle'],
['linebreak'],
['bold','italic','underline','separator'],
// ['strikethrough','subscript','superscript','separator'],
['justifyleft','justifycenter','justifyright','separator'],
['OrderedList','UnOrderedList','Outdent','Indent','separator'],
['forecolor','separator'],
['HorizontalRule','Createlink','InsertImage', 'InsertTable','htmlmode','separator'],
// ['about','help','popupeditor'],
];
//config.fontnames = {
// "Arial": "arial, helvetica, sans-serif",
// "Courier New": "courier new, courier, mono",
// "Georgia": "Georgia, Times New Roman, Times, Serif",
// "Tahoma": "Tahoma, Arial, Helvetica, sans-serif",
// "Times New Roman": "times new roman, times, serif",
// "Verdana": "Verdana, Arial, Helvetica, sans-serif",
// "impact": "impact",
// "WingDings": "WingDings"
//};
config.fontsizes = {
"1 (8 pt)": "1",
"2 (10 pt)": "2",
"3 (12 pt)": "3",
"4 (14 pt)": "4",
"5 (18 pt)": "5",
"6 (24 pt)": "6",
"7 (36 pt)": "7"
};
//config.stylesheet = "http://www.domain.com/sample.css";
//config.fontstyles = [ // make sure classNames are defined in the page the content is being display as well in or they won't work!
// { name: "headline", className: "headline", classStyle: "font-family: arial black, arial; font-size: 28px; letter-spacing: -2px;" },
// { name: "arial red", className: "headline2", classStyle: "font-family: arial black, arial; font-size: 12px; letter-spacing: -2px; color:red" },
// { name: "verdana blue", className: "headline4", classStyle: "font-family: verdana; font-size: 18px; letter-spacing: -2px; color:blue" }
// leave classStyle blank if it's defined in config.stylesheet (above), like this:
// { name: "verdana blue", className: "headline4", classStyle: "" }
//];
editor_generate('pagecontent', config);
</script>
</p>
<p> </p>
</body>
</html>
<?php
}
else
{
//before we do anything we must authenticate the user
//before we do anything we must authenticate the user
echo "<link href='CSS/default.css' rel='stylesheet' type='text/css'>";
echo "<br><br><br><br>";
echo "<form method='POST' action=''>";
echo "<table align='center' width='25%' border='0' cellpadding='0' cellspacing='0'>";
echo "<tr>";
echo "<td colspan='2' align='center'><img src='images/contentMgrHdr.jpg'></td>";
echo "</tr>";
echo "<tr>";
echo "<td align='left'>";
echo "<font><strong>User Name:</strong></font>";
echo "<td align='right'>";
echo "<input type='text' size='20' name='username'>";
echo "</tr>";
echo "<tr>";
echo "<td align='left'>";
echo "<font><strong>Password:</strong></font>";
echo "<td align='right'>";
echo "<input type='password' size='20' name='pass'>";
echo "</tr>";
echo "<tr>";
echo "<td colspan='2' align='right'>";
echo "<input type='submit' name='login' value='LOGIN' class='SubButton'>";
echo "</tr>";
echo "</table>";
echo "</form>";
};
}
else
{
//before we do anything we must authenticate the user
echo "<link href='CSS/default.css' rel='stylesheet' type='text/css'>";
echo "<br><br><br><br>";
echo "<form method='POST' action=''>";
echo "<table align='center' width='25%' border='0' cellpadding='0' cellspacing='0'>";
echo "<tr>";
echo "<td colspan='2' align='center'><img src='images/contentMgrHdr.jpg'></td>";
echo "</tr>";
echo "<tr>";
echo "<td align='left'>";
echo "<font><strong>User Name:</strong></font>";
echo "<td align='right'>";
echo "<input type='text' size='20' name='username'>";
echo "</tr>";
echo "<tr>";
echo "<td align='left'>";
echo "<font><strong>Password:</strong></font>";
echo "<td align='right'>";
echo "<input type='password' size='20' name='pass'>";
echo "</tr>";
echo "<tr>";
echo "<td colspan='2' align='right'>";
echo "<input type='submit' name='login' value='LOGIN' class='SubButton'>";
echo "</tr>";
echo "</table>";
echo "</form>";
};
mysql_close();
?>