I have a site with an admin section which is password protected. In the admin section, I have a form that copies an image to the images folder within the admin section, but just places the image path into the database. On the site itself, I have a page which pulls the information from the database, but the image it shows comes from the images folder in the admin section. Considering that the admin section is password protected, when the user tries to access the page on the site where info from the db is pulled, it asks for the username and password because it is trying to display images that have been copied to the images folder in the admin section. Is there any way around this? Here is my code:
admin section page:
<?php
$db_host = "localhost";
$db_user = "usr";
$db_pwd = "pwd";
$db_name = "dbname";
$connect = mysql_connect($db_host, $db_user, $db_pwd)
or die("Could not connect to mySQL");
$selected = mysql_select_db($db_name,$connect)
or die("Could not select database $db_name");
$maxsize=228480; //set the max upload size in bytes
$status="<p>Use the form below to add containers that you have for sale to the purchase page of your website.</><br /><br /><p>*All fields are required</p>";
if($HTTP_POST_VARS['submit']){
$image = ("images/" . $HTTP_POST_FILES['picture']['name']);
$title= $_POST["title"];
$description = $_POST["description"];
if($title == ""){
$status = "<span class = 'error'>Please enter a title for your container.</span>";
}
else if($description == ""){
$status = "<span class = 'error'>Please enter a description for your container.</span>";
}
else if(!is_uploaded_file($HTTP_POST_FILES['picture']['tmp_name'])){
$status = "<span class = 'error'>You must choose a file to upload!</span>";
}
else if($HTTP_POST_FILES['picture']['size'] > $maxsize) {
$status = "<span class = 'error'>The picture must be less than 228KB.</span>";
}
else if($HTTP_POST_FILES['picture']['type'] != "image/pjpeg" AND $HTTP_POST_FILES['picture']['type'] !="image/jpeg"){
$status = "<span class='error'>You may only upload files with the extension .jpg</span>";
}
else{
copy($HTTP_POST_FILES['picture']['tmp_name'],"../images/".$HTTP_POST_FILES['picture']['name']);
$query = "INSERT INTO `purchase` ( `pid` , `img` , `title` , `description` ) VALUES ( 'null' , '$image' , '$title' , '$description')";
$result = mysql_query($query) or die("Can't Perform Query");
$status = "<p>Success! Your container has been uploaded successfully.<br /><br /><p>";
mysql_close();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Rent-A-Shed :: Portable Storage Containers</title>
<link href="styles.css" rel="stylesheet" type="text/css" />
<script src="../Scripts/AC_RunActiveContent.js" type="text/javascript"></script>
</head>
<body>
<div id="container"><img src="../images/logo.png" alt="Rent-A-Shed" width="190" height="45" border="0" class="logo" />
<div id="left">
<h1>Website Purchase Page</h1>
<?php echo $status; ?>
<form action=<?php echo $PHP_SELF; ?> method="post" name="purchase" enctype="multipart/form-data">
<p>Enter a title:</p>
<input name="title" type="text" class="inputs" id="title" />
<br /><br />
<p>Enter a description:</p>
<textarea name="description" cols="" rows="" id="description"></textarea><br /><br />
<p>Click browse to choose an image to upload:</p> <span class="reminder">* Images must be .jpg format and no larger than 640x480</span>
<input name="picture" type="file" class="picture" />
<br /><br />
<input name="submit" type="submit" class="submit" id="submit" value="Submit" />
</form><br /><br />
</div><img src="images/admin.jpg" alt="admin" width="159" height="133" border="0" usemap="#Map" class="edit" />
<map name="Map" id="Map"><area shape="rect" coords="110,106,150,125" href="edit.php" /></map>
<div id="footer"><p>© 2007 BJ Equipment, Inc All Rights Reserved</p></div>
</div>
</body>
</html>
The code from the page on the site, which pulls from the db and admin section images folder:
<?php
$db_host = "localhost";
$db_user = "usr";
$db_pwd = "pwd";
$db_name = "dbname";
$connect = mysql_connect($db_host, $db_user, $db_pwd)
or die("Could not connect to mySQL");
$selected = mysql_select_db($db_name,$connect)
or die("Could not select database $db_name");
$query = mysql_query("SELECT * FROM purchase ORDER BY pid");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Rent-A-Shed :: Portable Storage Containers</title>
<link href="styles.css" rel="stylesheet" type="text/css" />
<script src="Scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script src="Scripts/validate.js"></script>
</head>
<body>
<div id="container"><a href="index.php"><img src="images/logo.png" alt="Rent-A-Shed" width="190" height="45" border="0" class="logo" /></a><img src="images/navbar.png" width="434" height="30" border="0" usemap="#Map" class="navbar" />
<map name="Map" id="Map"><area shape="rect" coords="1,0,79,29" href="about.php" alt="about" />
<area shape="rect" coords="78,1,169,36" href="containers.php" alt="containers" />
<area shape="rect" coords="168,2,247,29" href="purchase.php" alt="purchase" />
<area shape="rect" coords="246,1,342,29" href="quote.php" alt="quote" />
<area shape="rect" coords="341,1,442,32" href="contact.php" alt="contact us" />
</map><?php
if(isset($_POST['signup'])){
$username = "usr";
$password = "pwd";
$hostname = "localhost";
$dbh = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
$selected = mysql_select_db("db",$dbh)
or die("Could not select database");
$email = $_POST['email'];
$sql = "INSERT INTO `email` (`id`, `email`) VALUES (NULL, '$email');";
mysql_query($sql);
mysql_close();
echo "<span class='mlistthankyou'>Your email address has been registerd. Thank you for signing up.</span>";
}else{
?>
<form action=<?php echo $PHP_SELF; ?> method="post" name="mlistform" class="mlistform" onsubmit="javascript:return validateMlist()"><img src="images/envelope.png" width="27" height="15" class="envelope" /><span class="signup"> Sign Up for Our Mailing List!</span> <input name="email" type="text" class="mlistfield" /> <input type="submit" class="signupbutton" name="signup" value="Sign Up!" /><span class="mlistcaption">sign up for our mailing list to receive updates regarding our products and services.</span></form>
<?php } ?>
<div id="main"><div id="left"><h1>Purchase</h1><p>Below is a display of units that we presently have for sale. If you are interested in purchasing one of these units please call 1.800.367.8265.</p><br />
<?php
while ($r=mysql_fetch_array($query)){
$image=$r["img"];
$image_title=$r["title"];
$image_description=$r["description"];
?>
<div id="purchasecontainer"><img src="<?php echo "admin/".$image; ?>" align="left" width="150" height="150"/></div><div id="purchasecontent"><h2><?php echo $image_title; ?></h2><p><?php echo $image_description; ?></p><span class="callforprice">CALL FOR PRICE</span></div>
<?php
}
?>
</div></div>
<div id="footer"><p>© 2007 BJ Equipment, Inc All Rights Reserved</p><img src="images/footer_tag.png" class="footertag" /></div>
</div>
</body>
<?php mysql_close; ?>
</html>
