requinix

<br/> (note where the slash goes) is XHTML-compliant. XHTML is a combination of HTML and XML and requires that documents are valid XML. Writing <br> implies that there must be a closing </br> later on, but that is not valid HTML. Thus the self-closing <br/>. Nobody cares about XHTML anymore. Don't write self-closing tags - use <br> instead of <br/>, <img> instead of <img/>, <link> instead of <link/>, etc.

Now is a good time to learn. You do what I said: forget the $_SESSION and use $_GET instead, like it's almost doing now. But to use $_GET you'll have to make sure there actually is a value there in the query string for it to read from. The code I posted is most of the work - all you have to do is figure out what variables it should use. Didn't you already say you were going to password-protect it?

You don't have to stop the timer. All you have to do is make sure that it doesn't do anything. Have the timer code check the value of document.hidden to decide whether the timer should do what it would normally do (document.hidden is false) or whether it should not do anything (document.hidden is true). Or put another way, at the beginning of your timer function, if the document is hidden then return; so nothing else runs. It will continue ticking every second. That's okay.

Do you understand what document.hidden is? Because it looks a lot like you just copied and pasted a bunch of code. You won't learn what things actually mean if you do that. The timer runs every second. If the page is hidden then don't do anything with it.

The session is not a magical place where you can store whatever you want and get it back from anywhere else. Do not use it as a way to transfer data from one script to the next. Do use it to share data across the entire website. Does the image name need to be shared across the entire website? No. It needs to be transferred from whatever original script to fetcher.php. And to transfer data like that you need to use query strings, as in $query = http_build_query(["image" => $img]); echo '<img class="resimg" src="../Images/fetcher.php?', $query, '"><br><br>'; Then fetcher.php grabs the image name from $_GET. Which it almost does now, except it completely ignores that value and goes with the one in $_SESSION instead. Anyone can see that URL and anyone can change it to be whatever they want. To address that, fetcher.php should get the basename of the image, then look to see if that file exists in the subfolder. For the Content-Type, I specifically said that the value changes for different images. Here is a list.

Some of that is covered by document.hidden and the visibility API.

What do you mean by when the webpage is not "in focus"? You can tell if the page is not the active tab (document.hidden), but there's no way you can tell if the user pushed the window aside or simply got up from the computer to take a bathroom break while they waited.

It's time for some real details. What is the URL to the images (the ones that will be in a password-protected directory) and to the script for outputting the images? What is the code for that script? Where are the include files and whatever that you need to use in that script?

The first thing I would have to see is the code (in text form) of displayCart. What does the 0 mean? Can it add products to the cart? Another thing is the PHP script you have for adding products to the cart. Is that ready to use? What POST data do you need to send? A simple change to make now would be to add the quantity input next to the button. For how many to add to the cart.

Can you use .htaccess files? Or does the host provide a way to do URL rewriting?

I'm not sure about the "giving" images thing, but If you don't want someone to access a file directly then you don't make it a file they can access directly. Put the image files somewhere not accessible by typing in a URL (meaning they don't go in your public_html or www or whatever directory where your website files go), then create a PHP script that shows the image instead - but only after it runs some other code to make sure it actually should display the image. Basically, <?php // include your common header file or session_start or whatever // figure out what image was requested // ex: /script.php?image=whatever.jpg then $_GET["image"] $image = $_GET["image"]; // look up whether the user can see the image // if they can't then show a "not allowed" image instead (or maybe do something else) if (!$user_can_see_image) { $image = "notallowed.jpg"; } $file = "/path/to/your/images/" . $image; // output the image header("Content-Type: image/jpeg"); // this changes for different types of images! header("Content-Length: " . filesize($file)); readfile($file); After that's in place you can worry about things like making the URL look prettier (maybe /image/whatever.jpg) or enabling caching to save you bandwidth.

This is a forum for posting problems and getting answers. It's not good for soliciting individual and personalized help from a single person. You're much more likely to get help by posting your code and asking specific questions instead of hoping someone will come along and decide that they want to do a video chat with a complete stranger. Ready to do that? If all you have left is this thing with a loop and table then this should be pretty quick and easy.

But the page still exists. Not showing the user the page isn't good enough: you need to make sure the user can't run the page either.

You didn't put the username input inside the form. Where is the security to restrict this form to only administrators? Is there anything to stop someone from sending a POST request to this page with whatever information they want?

So you want the SUM(inc_due) minus the SUM(inc_amount) WHERE inctype_id=11?

A responder sends a response.

So the result you're trying to get for those 5 rows of data is one row with cust_id=126 inc_due=0? Does the inc_amount matter? Do you have a larger example?

No. You will not.

Fortunately it looks like you know that you need strtotime(), although you went for date() as well. Unfortunately it looks like you threw them together into some mismash thinking it might work. strtotime() takes a date string and converts it into a number. Numbers are nice for comparisons. date() takes a number and converts it into a date string. Strings aren't nice for comparison. Since numbers will be better than strings, what you need is to get a number for the publication date and a number for what was a month ago, then to compare the two.

If you want to display more than one thing then you're going to need a loop: fetch a row from the result, display the row, fetch another row, display it, and so on until you run out of rows.

Could be, sure. WP does have more than its fair share of problems. Wouldn't be surprised.

They're checking your website for vulnerabilities they can exploit. Make sure yours doesn't, then you can more or less ignore it.

You're using a library to manage the carousel. Check if your browser is reporting any Javascript errors that would explain why it isn't working.

If you know that AJAX is a weakness of yours then why not try to do something about it? Can't keep running away from it forever. It's not actually that difficult - not nearly as difficult as it was 10 years ago. From the Javascript side you can use a library (if you have one already) or not, and on the PHP side you do pretty much the same stuff you would always do.

Standard practice in this situation is to use AJAX to send the login information in the background, keeping the dialog open, and if the login failed then present the error message immediately. The user never has to leave the page (until they log in successfully). Your PHP script looks mostly the same except it returns JSON that includes whether the login worked or an error message if it did not, instead of redirecting or outputting HTML. Your Javascript receives that JSON and acts accordingly.