Page 1 of 1

Loosing session vars when posting data with an apostrophe

Posted: Fri Mar 11, 2005 10:35 am
by jfarkas
I am using a wysiwyg so that users can enter and format text and images to update pages on a website.
I am having a problem when pasting text from word. If there is an apostrophe in the text and then I try to save I loose my session variables. I am using sessions for security.
I can retreive the posted string with the apostrophe in it with no problem and dispaly on the page but I can't retreive my session variables.
Any help would be greatly apprecited.

Posted: Fri Mar 11, 2005 10:54 am
by feyd
code?

Posted: Fri Mar 11, 2005 11:05 am
by jfarkas
here is the code. When I post the form with an apostrophe in the textarea I can't retreive the session vars.

thanks,

Code: Select all

<?php
	
	session_start();			
	require_once('Connections/rcu.php'); 
	mysql_select_db($database_rcu, $rcu);
	if (isset($_POST['logout']))
	{
		session_start(session_id());
		session_unset();
		session_destroy();		
	};
	//if login has been clicked then authenticate the user
	if (isset($_POST['login']))
	{
		$query = "select username from users where username='".$_POST['username']."' and password=aes_encrypt('".$_POST['pass']."', 'key');";
		
		$result = mysql_query($query, $rcu) or die(mysql_error());
		if (mysql_num_rows($result) > 0)
		{
			session_start();
			$_SESSION["pwd"] = $_POST['pass'];	
			$_SESSION['user'] = $_POST['username'];
			
		} else {		
			echo "<script> alert('Incorrect Username or Password!'); </script>";
		};
	};		
	//if user is already logged in then proceed
	if (isset($_SESSION['pwd']))
	{		
		session_start(session_id());
		$query = "select username from users where password=aes_encrypt('".$_SESSION['pwd']."', 'webber');";
		$result = mysql_query($query, $rcu) or die("Fatal Error!");
		if (mysql_num_rows($result) > 0)	
		{			
?>
			<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
			<html>
			<head>
			<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
			<title>Rochdale Credit Union Website Content Management Console</title>
			
			<script language="Javascript1.2"><!-- // load htmlarea
			_editor_url = "htmlarea/";                     // URL to htmlarea files
			var win_ie_ver = parseFloat(navigator.appVersion.split("MSIE")[1]);
			if (navigator.userAgent.indexOf('Mac')        >= 0) { win_ie_ver = 0; }
			if (navigator.userAgent.indexOf('Windows CE') >= 0) { win_ie_ver = 0; }
			if (navigator.userAgent.indexOf('Opera')      >= 0) { win_ie_ver = 0; }
			if (win_ie_ver >= 5.5) {
			  document.write('<scr' + 'ipt src="' +_editor_url+ 'editor.js"');
			  document.write(' language="Javascript1.2"></scr' + 'ipt>');  
			} else { document.write('<scr'+'ipt>function editor_generate() { return false; }</scr'+'ipt>'); }
			// --></script>
			<link href="CSS/default.css" rel="stylesheet" type="text/css">			
			</head>
			<?php 			
			//if a file is being uploaded then process the file
			if (isset($_POST['upFile']))
			{
				$uploaddir = 'images/';
				$uploadfile = $uploaddir . basename($_FILES['picture']['name']);
				if (move_uploaded_file($_FILES['picture']['tmp_name'], $uploadfile)) {
				   echo "<script> alert('Image Uploaded Successfully');</script>";
				} else {
				   echo "<script>alert('Image not uploaded.'); </script>";
				};			
			};
			//if a save has been submitted then save changes to database
			if (isset($_POST['subChanges']))
			{
				$query = "update content set content='".$_POST['pagecontent']."' where page_name='".$_POST['pageName']."'";
				mysql_query($query) or die(mysql_error());
				//let the user know that changes were saved
				echo "<script language='javascript'>alert('Changes Saved Successfully');</script>";
			};
			if (isset($_POST['prevChanges']))
			{
				$query = "update preview set content='".$_POST['pagecontent']."' where page_name='".$_POST['pageName']."'";
				mysql_query($query) or die(mysql_error());
				echo "<script language='javascript'> window.open('prevPage.php?page=".$_POST['pageName']."', '','menubar=no, toolbar=no, scrollbars=yes, width=600, height=400');</script>";
			};			
			?>		
			
	
			<body>
			<form method="POST" enctype="multipart/form-data">
			<table width="750px" align="center" border="2" bordercolor="#000000" cellspacing="0" cellpadding="0">
			  <tr>
				<td>
					<table border="0" width="100%" bordercolor="#000000" cellpadding="0" cellspacing="0">
						<tr>
							<td align="center"><img src="images/contentMgrHdr.jpg" width="231" height="62" align="center">
						</tr>						
					</table>					
				</td>
			  </tr>
			  <tr>			      
				<td>
						<table bgcolor="#666699" valign="middle" width="100%" border="0">
							<tr>
								<td colspan="3" align="right" bgcolor="#666699">
									<font color="#FFFFFF">You are logged in as :&nbsp; <strong><?php echo $_SESSION['user']; ?></strong>&nbsp;<input type="submit" value="Log Out" name="logout" class="SubButton"></font>
								</td>
							</tr>							
							<tr>								
								<td bgcolor="#666699" valign="middle" align="left" colspan="3">	
										<input type="hidden" name="MAX_FILE_SIZE" value="30000">	
										<input type="file" name="picture" size="20" class="fFile">	&nbsp;							
										<input type="submit" value="Upload Image" name="upFile" class="SubButton">	
								</td>								
							</tr>
							<tr>
								<td bgcolor="#666699" valign="middle" colspan="2">
									  <select name="pageName">
										<?php
										$query_pages = "SELECT content.page_name FROM content";
										$pages = mysql_query($query_pages, $rcu) or die(mysql_error());
										$totalRows_pages = mysql_num_rows($pages);
										while ($row_pages = mysql_fetch_assoc($pages)) 
										{
											if (isset($_POST['pageName']))
											{
												if ($row_pages['page_name'] == $_POST['pageName'])
												{		
													?>
													<option value="<?php echo $row_pages['page_name']?>" selected><?php echo $row_pages['page_name']?></option>
													<?php
												}
												else
												{
													?>
													<option value="<?php echo $row_pages['page_name']?>"><?php echo $row_pages['page_name']?></option>
													<?php
												};
											}		
											else
											{
													?>
													<option value="<?php echo $row_pages['page_name']?>"><?php echo $row_pages['page_name']?></option>
													<?php
											};
					 
									    }; 
										$rows = mysql_num_rows($pages);
										if($rows > 0) 
										{
											mysql_data_seek($pages, 0);
											$row_pages = mysql_fetch_assoc($pages);
										};
													?>
				  					  </select>									  
				  					  <input type="submit" name="subPage" value="Go" class="SubButton">				 						
								<td bgcolor="#666699" align="right" nowrap>
									<input name="prevChanges" class="SubButton" type="submit" id="prevChanges" value="PREVIEW">
									&nbsp;<input name="subChanges" class="SubButton" type="submit" id="subChanges" value="PUBLISH">    
							</td>					
			  				</tr>			  											
				  </table>									
				</td>				  
			  </tr>				  
			  <tr>
			  	<td>							
					<table width="100%" bgcolor="#666699" cellpadding="0" cellspacing="0">
						<tr>			  	
							<td>
				  			<?php
								if (isset($_POST['subPage'])) 
								{ 
									$pageName = $_POST['pageName']; 
								}
								elseif (isset($_POST['subChanges']))
								{
									$pageName = $_POST['pageName'];
								}
								else
								{
									$pageName = "";
								};
							?>     
				  				<textarea name="pagecontent" id="pagecontent" style="width:100%; height:200">
							<?php 
								if ((isset($_POST['prevChanges'])) or (isset($_POST['upFile'])))
								{
									echo stripslashes(htmlentities($_POST['pagecontent']));
								}
								else
								{
									if (isset($_POST['subPage']))
									{
										mysql_select_db($database_rcu, $rcu);
										$query_pageContent = "SELECT content FROM content WHERE page_name = '".$_POST['pageName']."'";
										$pageContent = mysql_query($query_pageContent) or die(mysql_error());
										$row_pageContent = mysql_fetch_array($pageContent);
										echo htmlentities($row_pageContent['content']);			
									}
									else
									{
										if (isset($_POST['pageName']))
										{
											mysql_select_db($database_rcu, $rcu);
											$query_pageContent = "SELECT content FROM content WHERE page_name = '".$_POST['pageName']."'";
											$pageContent = mysql_query($query_pageContent) or die(mysql_error());
											$row_pageContent = mysql_fetch_array($pageContent);
											echo htmlentities($row_pageContent['content']);	
										};
									};
								};
							?> 
								</textarea>      
			    			</td>
						</tr>						
					</table>					
			  </tr>			  
			</table>
			</form>
			<p><br>
			<script language="javascript1.2">
			var config = new Object();    // create new config object
			
			config.width = "100%";
			config.height = "350px";
			config.bodyStyle = 'background-color: white; font-family: "Verdana"; font-size: x-small;';
			config.debug = 0;
			
			// NOTE:  You can remove any of these blocks and use the default config!
			
			config.toolbar = [
			 //   ['fontname'],
				['fontsize'],
			 //   ['fontstyle'],
				['linebreak'],
				['bold','italic','underline','separator'],
			//  ['strikethrough','subscript','superscript','separator'],
				['justifyleft','justifycenter','justifyright','separator'],
				['OrderedList','UnOrderedList','Outdent','Indent','separator'],
				['forecolor','separator'],
				['HorizontalRule','Createlink','InsertImage', 'InsertTable','htmlmode','separator'],
			//    ['about','help','popupeditor'],
			];
			
			//config.fontnames = {
			//    "Arial":           "arial, helvetica, sans-serif",
			//    "Courier New":     "courier new, courier, mono",
			//    "Georgia":         "Georgia, Times New Roman, Times, Serif",
			//    "Tahoma":          "Tahoma, Arial, Helvetica, sans-serif",
			//    "Times New Roman": "times new roman, times, serif",
			//    "Verdana":         "Verdana, Arial, Helvetica, sans-serif",
			//    "impact":          "impact",
			//    "WingDings":       "WingDings"
			//};
			config.fontsizes = {
				"1 (8 pt)":  "1",
				"2 (10 pt)": "2",
				"3 (12 pt)": "3",
				"4 (14 pt)": "4",
				"5 (18 pt)": "5",
				"6 (24 pt)": "6",
				"7 (36 pt)": "7"
			  };
			
			//config.stylesheet = "http://www.domain.com/sample.css";
			  
			//config.fontstyles = [   // make sure classNames are defined in the page the content is being display as well in or they won't work!
			//  { name: "headline",     className: "headline",  classStyle: "font-family: arial black, arial; font-size: 28px; letter-spacing: -2px;" },
			//  { name: "arial red",    className: "headline2", classStyle: "font-family: arial black, arial; font-size: 12px; letter-spacing: -2px; color:red" },
			//  { name: "verdana blue", className: "headline4", classStyle: "font-family: verdana; font-size: 18px; letter-spacing: -2px; color:blue" }
			
			// leave classStyle blank if it's defined in config.stylesheet (above), like this:
			//  { name: "verdana blue", className: "headline4", classStyle: "" }  
			//];
			
				editor_generate('pagecontent', config);
			</script>
			</p>
			<p>&nbsp;</p>
			</body>
			</html>
<?php
		}
		else
		{
			//before we do anything we must authenticate the user
			//before we do anything we must authenticate the user
			echo "<link href='CSS/default.css' rel='stylesheet' type='text/css'>";
			  echo "<br><br><br><br>";
				echo "<form method='POST' action=''>";
				echo "<table align='center' width='25%' border='0' cellpadding='0' cellspacing='0'>";
					echo "<tr>";
						echo "<td colspan='2' align='center'><img src='images/contentMgrHdr.jpg'></td>";
					echo "</tr>";				
					echo "<tr>";
						echo "<td align='left'>";
							echo "<font><strong>User Name:</strong></font>";
						echo "<td align='right'>";
							echo "<input type='text' size='20' name='username'>";
					echo "</tr>";
					echo "<tr>";
						echo "<td align='left'>";
							echo "<font><strong>Password1:</strong></font>";
						echo "<td align='right'>";
							echo "<input type='password' size='20' name='pass'>";
					echo "</tr>";
					echo "<tr>";
						echo "<td colspan='2' align='right'>";
							echo "<input type='submit' name='login' value='LOGIN' class='SubButton'>";
					echo "</tr>";
				echo "</table>";	
				echo "</form>";
		};
	}
	else 
	{
		//before we do anything we must authenticate the user
		echo "<link href='CSS/default.css' rel='stylesheet' type='text/css'>";
		  echo "<br><br><br><br>";
		  	echo "<form method='POST' action=''>";
			echo "<table align='center' width='25%' border='0' cellpadding='0' cellspacing='0'>";
				echo "<tr>";
					echo "<td colspan='2' align='center'><img src='images/contentMgrHdr.jpg'></td>";
				echo "</tr>";				
				echo "<tr>";
					echo "<td align='left'>";
						echo "<font><strong>User Name:</strong></font>";
					echo "<td align='right'>";
						echo "<input type='text' size='20' name='username'>";
				echo "</tr>";
				echo "<tr>";
					echo "<td align='left'>";
						echo "<font><strong>Password:</strong></font>";
					echo "<td align='right'>";
						echo "<input type='password' size='20' name='pass'>";
				echo "</tr>";
				echo "<tr>";
					echo "<td colspan='2' align='right'>";
						echo "<input type='submit' name='login' value='LOGIN' class='SubButton'>";
				echo "</tr>";
			echo "</table>";	
		  	echo "</form>";
};
mysql_close();
?>

feyd | Please use

Code: Select all

and

Code: Select all

tags where approriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]

Posted: Fri Mar 11, 2005 11:23 am
by feyd
your code does not sanitize the inputs. not only do the insert/update's not work correct, you have SQL injection possible very very easily.

Posted: Fri Mar 11, 2005 12:19 pm
by jfarkas
Thank's for the tip on sql injection. I have fixed my user validation by sanitzing before I authenticate by stripping out all non alpha numeric characters.

I am still having the problem with losing my session vars though.

My update queries are working fine. Could you please elaborate on why you think they don't work?

thanks

Posted: Fri Mar 11, 2005 1:00 pm
by feyd
echo the query before you send it to the database. Is there a reson why you pass 'key' then 'webber' to aes?

Posted: Fri Mar 11, 2005 1:26 pm
by jfarkas
I apologize for that. It was a typo when I posted the code. The query works fine and when user logs in the session vars are registered successfully. The problem occurs when the user posts data from the textarea that has an apostrophe (pasted from Word) in it. When this happens I cannot pick up the session vars again so the user session is lost.

thanks,

Posted: Fri Mar 11, 2005 1:40 pm
by feyd
which line(s) is it failing on? Because I don't see anything that'd affect the session involving the posted content. All I see so far is SQL injection possibilities in the submitted data. Which apparently you took care of.. :?

Posted: Fri Mar 11, 2005 2:00 pm
by jfarkas
It is failing on line 29.

I have tested this thoroughly. If I paste text from Word containing an apostrophe and then try to preview or publish the session is lost. If I remove the apostrophe from the text I can publish or preview with no problems without losing the session.
If I type in any input directly to the textarea there is no problem. It is only when I am pasting from a rich text editor like Word.

thanks for your help and patience,

Code: Select all

<?php
	
	session_start();			
	require_once('Connections/rcu.php'); 
	mysql_select_db($database_rcu, $rcu);
	if (isset($_POST['logout']))
	{
		session_start(session_id());
		session_unset();
		session_destroy();		
	};
	//if login has been clicked then authenticate the user
	if (isset($_POST['login']))
	{
		$query = "select username from users where username='".ereg_replace("[^A-Za-z0-9]", "", $_POST['username'])."' and password=aes_encrypt('".ereg_replace("[^A-Za-z0-9]", "", $_POST['pass'])."', 'webber');";
		echo $query;
		$result = mysql_query($query, $rcu) or die(mysql_error());
		if (mysql_num_rows($result) > 0)
		{
			session_start();
			$_SESSION["pwd"] = $_POST['pass'];	
			$_SESSION['user'] = $_POST['username'];
			
		} else {		
			echo "<script> alert('Incorrect Username or Password!'); </script>";
		};
	};		
	//if user is already logged in then proceed
	if (isset($_SESSION['pwd']))
	{		
		session_start(session_id());
		$query = "select username from users where password=aes_encrypt('".ereg_replace("[^A-Za-z0-9]", "", $_SESSION['pwd'])."', 'webber');";
		$result = mysql_query($query, $rcu) or die("Fatal Error!");
		if (mysql_num_rows($result) > 0)	
		{			
?>
			<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
			<html>
			<head>
			<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
			<title>Rochdale Credit Union Website Content Management Console</title>
			
			<script language="Javascript1.2"><!-- // load htmlarea
			_editor_url = "htmlarea/";                     // URL to htmlarea files
			var win_ie_ver = parseFloat(navigator.appVersion.split("MSIE")[1]);
			if (navigator.userAgent.indexOf('Mac')        >= 0) { win_ie_ver = 0; }
			if (navigator.userAgent.indexOf('Windows CE') >= 0) { win_ie_ver = 0; }
			if (navigator.userAgent.indexOf('Opera')      >= 0) { win_ie_ver = 0; }
			if (win_ie_ver >= 5.5) {
			  document.write('<scr' + 'ipt src="' +_editor_url+ 'editor.js"');
			  document.write(' language="Javascript1.2"></scr' + 'ipt>');  
			} else { document.write('<scr'+'ipt>function editor_generate() { return false; }</scr'+'ipt>'); }
			// --></script>
			<link href="CSS/default.css" rel="stylesheet" type="text/css">			
			</head>
			<?php 			
			//if a file is being uploaded then process the file
			if (isset($_POST['upFile']))
			{
				$uploaddir = 'images/';
				$uploadfile = $uploaddir . basename($_FILES['picture']['name']);
				if (move_uploaded_file($_FILES['picture']['tmp_name'], $uploadfile)) {
				   echo "<script> alert('Image Uploaded Successfully');</script>";
				} else {
				   echo "<script>alert('Image not uploaded.'); </script>";
				};			
			};
			//if a save has been submitted then save changes to database
			if (isset($_POST['subChanges']))
			{
				$query = "update content set content='".$_POST['pagecontent']."' where page_name='".$_POST['pageName']."'";
				mysql_query($query) or die(mysql_error());
				//let the user know that changes were saved
				echo "<script language='javascript'>alert('Changes Saved Successfully');</script>";
			};
			if (isset($_POST['prevChanges']))
			{
				$query = "update preview set content='".$_POST['pagecontent']."' where page_name='".$_POST['pageName']."'";
				mysql_query($query) or die(mysql_error());
				echo "<script language='javascript'> window.open('prevPage.php?page=".$_POST['pageName']."', '','menubar=no, toolbar=no, scrollbars=yes, width=600, height=400');</script>";
			};			
			?>		
			
	
			<body>
			<form method="POST" enctype="multipart/form-data">
			<table width="750px" align="center" border="2" bordercolor="#000000" cellspacing="0" cellpadding="0">
			  <tr>
				<td>
					<table border="0" width="100%" bordercolor="#000000" cellpadding="0" cellspacing="0">
						<tr>
							<td align="center"><img src="images/contentMgrHdr.jpg" width="231" height="62" align="center">
						</tr>						
					</table>					
				</td>
			  </tr>
			  <tr>			      
				<td>
						<table bgcolor="#666699" valign="middle" width="100%" border="0">
							<tr>
								<td colspan="3" align="right" bgcolor="#666699">
									<font color="#FFFFFF">You are logged in as :&nbsp; <strong><?php echo $_SESSION['user']; ?></strong>&nbsp;<input type="submit" value="Log Out" name="logout" class="SubButton"></font>
								</td>
							</tr>							
							<tr>								
								<td bgcolor="#666699" valign="middle" align="left" colspan="3">	
										<input type="hidden" name="MAX_FILE_SIZE" value="30000">	
										<input type="file" name="picture" size="20" class="fFile">	&nbsp;							
										<input type="submit" value="Upload Image" name="upFile" class="SubButton">	
								</td>								
							</tr>
							<tr>
								<td bgcolor="#666699" valign="middle" colspan="2">
									  <select name="pageName">
										<?php
										$query_pages = "SELECT content.page_name FROM content";
										$pages = mysql_query($query_pages, $rcu) or die(mysql_error());
										$totalRows_pages = mysql_num_rows($pages);
										while ($row_pages = mysql_fetch_assoc($pages)) 
										{
											if (isset($_POST['pageName']))
											{
												if ($row_pages['page_name'] == $_POST['pageName'])
												{		
													?>
													<option value="<?php echo $row_pages['page_name']?>" selected><?php echo $row_pages['page_name']?></option>
													<?php
												}
												else
												{
													?>
													<option value="<?php echo $row_pages['page_name']?>"><?php echo $row_pages['page_name']?></option>
													<?php
												};
											}		
											else
											{
													?>
													<option value="<?php echo $row_pages['page_name']?>"><?php echo $row_pages['page_name']?></option>
													<?php
											};
					 
									    }; 
										$rows = mysql_num_rows($pages);
										if($rows > 0) 
										{
											mysql_data_seek($pages, 0);
											$row_pages = mysql_fetch_assoc($pages);
										};
													?>
				  					  </select>									  
				  					  <input type="submit" name="subPage" value="Go" class="SubButton">				 						
								<td bgcolor="#666699" align="right" nowrap>
									<input name="prevChanges" class="SubButton" type="submit" id="prevChanges" value="PREVIEW">
									&nbsp;<input name="subChanges" class="SubButton" type="submit" id="subChanges" value="PUBLISH">    
							</td>					
			  				</tr>			  											
				  </table>									
				</td>				  
			  </tr>				  
			  <tr>
			  	<td>							
					<table width="100%" bgcolor="#666699" cellpadding="0" cellspacing="0">
						<tr>			  	
							<td>
				  			<?php
								if (isset($_POST['subPage'])) 
								{ 
									$pageName = $_POST['pageName']; 
								}
								elseif (isset($_POST['subChanges']))
								{
									$pageName = $_POST['pageName'];
								}
								else
								{
									$pageName = "";
								};
							?>     
				  				<textarea name="pagecontent" id="pagecontent" style="width:100%; height:200">
							<?php 
								if ((isset($_POST['prevChanges'])) or (isset($_POST['upFile'])))
								{
									echo stripslashes(htmlentities($_POST['pagecontent']));
								}
								else
								{
									if (isset($_POST['subPage']))
									{
										mysql_select_db($database_rcu, $rcu);
										$query_pageContent = "SELECT content FROM content WHERE page_name = '".$_POST['pageName']."'";
										$pageContent = mysql_query($query_pageContent) or die(mysql_error());
										$row_pageContent = mysql_fetch_array($pageContent);
										echo htmlentities($row_pageContent['content']);			
									}
									else
									{
										if (isset($_POST['pageName']))
										{
											mysql_select_db($database_rcu, $rcu);
											$query_pageContent = "SELECT content FROM content WHERE page_name = '".$_POST['pageName']."'";
											$pageContent = mysql_query($query_pageContent) or die(mysql_error());
											$row_pageContent = mysql_fetch_array($pageContent);
											echo htmlentities($row_pageContent['content']);	
										};
									};
								};
							?> 
								</textarea>      
			    			</td>
						</tr>						
					</table>					
			  </tr>			  
			</table>
			</form>
			<p><br>
			<script language="javascript1.2">
			var config = new Object();    // create new config object
			
			config.width = "100%";
			config.height = "350px";
			config.bodyStyle = 'background-color: white; font-family: "Verdana"; font-size: x-small;';
			config.debug = 0;
			
			// NOTE:  You can remove any of these blocks and use the default config!
			
			config.toolbar = [
			 //   ['fontname'],
				['fontsize'],
			 //   ['fontstyle'],
				['linebreak'],
				['bold','italic','underline','separator'],
			//  ['strikethrough','subscript','superscript','separator'],
				['justifyleft','justifycenter','justifyright','separator'],
				['OrderedList','UnOrderedList','Outdent','Indent','separator'],
				['forecolor','separator'],
				['HorizontalRule','Createlink','InsertImage', 'InsertTable','htmlmode','separator'],
			//    ['about','help','popupeditor'],
			];
			
			//config.fontnames = {
			//    "Arial":           "arial, helvetica, sans-serif",
			//    "Courier New":     "courier new, courier, mono",
			//    "Georgia":         "Georgia, Times New Roman, Times, Serif",
			//    "Tahoma":          "Tahoma, Arial, Helvetica, sans-serif",
			//    "Times New Roman": "times new roman, times, serif",
			//    "Verdana":         "Verdana, Arial, Helvetica, sans-serif",
			//    "impact":          "impact",
			//    "WingDings":       "WingDings"
			//};
			config.fontsizes = {
				"1 (8 pt)":  "1",
				"2 (10 pt)": "2",
				"3 (12 pt)": "3",
				"4 (14 pt)": "4",
				"5 (18 pt)": "5",
				"6 (24 pt)": "6",
				"7 (36 pt)": "7"
			  };
			
			//config.stylesheet = "http://www.domain.com/sample.css";
			  
			//config.fontstyles = [   // make sure classNames are defined in the page the content is being display as well in or they won't work!
			//  { name: "headline",     className: "headline",  classStyle: "font-family: arial black, arial; font-size: 28px; letter-spacing: -2px;" },
			//  { name: "arial red",    className: "headline2", classStyle: "font-family: arial black, arial; font-size: 12px; letter-spacing: -2px; color:red" },
			//  { name: "verdana blue", className: "headline4", classStyle: "font-family: verdana; font-size: 18px; letter-spacing: -2px; color:blue" }
			
			// leave classStyle blank if it's defined in config.stylesheet (above), like this:
			//  { name: "verdana blue", className: "headline4", classStyle: "" }  
			//];
			
				editor_generate('pagecontent', config);
			</script>
			</p>
			<p>&nbsp;</p>
			</body>
			</html>
<?php
		}
		else
		{
			//before we do anything we must authenticate the user
			//before we do anything we must authenticate the user
			echo "<link href='CSS/default.css' rel='stylesheet' type='text/css'>";
			  echo "<br><br><br><br>";
				echo "<form method='POST' action=''>";
				echo "<table align='center' width='25%' border='0' cellpadding='0' cellspacing='0'>";
					echo "<tr>";
						echo "<td colspan='2' align='center'><img src='images/contentMgrHdr.jpg'></td>";
					echo "</tr>";				
					echo "<tr>";
						echo "<td align='left'>";
							echo "<font><strong>User Name:</strong></font>";
						echo "<td align='right'>";
							echo "<input type='text' size='20' name='username'>";
					echo "</tr>";
					echo "<tr>";
						echo "<td align='left'>";
							echo "<font><strong>Password:</strong></font>";
						echo "<td align='right'>";
							echo "<input type='password' size='20' name='pass'>";
					echo "</tr>";
					echo "<tr>";
						echo "<td colspan='2' align='right'>";
							echo "<input type='submit' name='login' value='LOGIN' class='SubButton'>";
					echo "</tr>";
				echo "</table>";	
				echo "</form>";
		};
	}
	else 
	{
		//before we do anything we must authenticate the user
		echo "<link href='CSS/default.css' rel='stylesheet' type='text/css'>";
		  echo "<br><br><br><br>";
		  	echo "<form method='POST' action=''>";
			echo "<table align='center' width='25%' border='0' cellpadding='0' cellspacing='0'>";
				echo "<tr>";
					echo "<td colspan='2' align='center'><img src='images/contentMgrHdr.jpg'></td>";
				echo "</tr>";				
				echo "<tr>";
					echo "<td align='left'>";
						echo "<font><strong>User Name:</strong></font>";
					echo "<td align='right'>";
						echo "<input type='text' size='20' name='username'>";
				echo "</tr>";
				echo "<tr>";
					echo "<td align='left'>";
						echo "<font><strong>Password:</strong></font>";
					echo "<td align='right'>";
						echo "<input type='password' size='20' name='pass'>";
				echo "</tr>";
				echo "<tr>";
					echo "<td colspan='2' align='right'>";
						echo "<input type='submit' name='login' value='LOGIN' class='SubButton'>";
				echo "</tr>";
			echo "</table>";	
		  	echo "</form>";
};
mysql_close();
?>

Posted: Fri Mar 11, 2005 2:10 pm
by feyd
that doesn't make any sense, given where it breaks. Do you have a live version of this somewhere? Obviously we'll need a username and password to test this under..

Posted: Fri Mar 11, 2005 2:21 pm
by jfarkas
I have PM'd you the details.

thanks,