requinix

Ah okay, that makes sense.

I'm still kinda skeptical but okay. What you want is AJAX. fetch() can do that for you. Make a PHP script that gets the time from the database and outputs it. Or if you're feeling up to it, put that code into some existing file where you feel it makes sense. Either way you need to end up with a URL that you can visit (in your browser) to see the time value. No HTML or anything. Just the value. Then play around with the fetch() examples and whatever else about it you want to read. If you fetch() that URL with the time then you'll get the time. Then you do stuff with Javascript. I don't know what because you've been pretty vague about everything.

I don't understand what the database has to do with this. Is the time constantly changing? It's one value when you load the page and the potentially another value sometime later?

CSS cannot target something that happened earlier in the document. If you have a div + h2 and you want to style the div during h2:hover, that won't work. You either have to use :hover of the parent element, or move the two around so it's h2 + div, or restructure your markup in some other way.

Most common programming languages use ^ for exclusive or. In PHP's case, ** is actually a relatively recent addition.

Take a look at the logic here. 1. if the "login" button (?) was clicked, 2. Else if $ret>0 or userlvl is 1, 3. Else if $ret>0 or userlvl is 2, 4. Else Do those all make sense together? Not really. What you want is 1. If the "login" button was clicked and that's it. The stuff about $ret and userlvl happens inside the if. Which means you need another if.

See those red arrows? They point out the different pieces of your if statement. See how they aren't all indented the same way? Fix the indentation so that they all line up. That makes it much easier to see that they're all related. See the red circles? They show the {s and }s that you're using in the if. Every { used in the if statement needs to match up with a } used in another branch (else if or else) of the if statement. Your second screenshot shows that you're counting the braces, which is good, but you're not thinking about what each "opening" and "closing" means. You see how #2 opens and closes before #3? And how #3 opens and closes before #4?

Can you post a screenshot of what your editor looks like with the code in it? Your post has all the code on one line and I can only assume it looks better in the editor.

It took me about 10 seconds to see it. I'm not going to tell you where the problem is. I'm trying to teach you how to find the problem on your own. What editor or IDE are you using to write code?

Make sure the code in your editor is correctly indented. Pay attention to where your {s and }s are.

<br/> (note where the slash goes) is XHTML-compliant. XHTML is a combination of HTML and XML and requires that documents are valid XML. Writing <br> implies that there must be a closing </br> later on, but that is not valid HTML. Thus the self-closing <br/>. Nobody cares about XHTML anymore. Don't write self-closing tags - use <br> instead of <br/>, <img> instead of <img/>, <link> instead of <link/>, etc.

Now is a good time to learn. You do what I said: forget the $_SESSION and use $_GET instead, like it's almost doing now. But to use $_GET you'll have to make sure there actually is a value there in the query string for it to read from. The code I posted is most of the work - all you have to do is figure out what variables it should use. Didn't you already say you were going to password-protect it?

You don't have to stop the timer. All you have to do is make sure that it doesn't do anything. Have the timer code check the value of document.hidden to decide whether the timer should do what it would normally do (document.hidden is false) or whether it should not do anything (document.hidden is true). Or put another way, at the beginning of your timer function, if the document is hidden then return; so nothing else runs. It will continue ticking every second. That's okay.

Do you understand what document.hidden is? Because it looks a lot like you just copied and pasted a bunch of code. You won't learn what things actually mean if you do that. The timer runs every second. If the page is hidden then don't do anything with it.

The session is not a magical place where you can store whatever you want and get it back from anywhere else. Do not use it as a way to transfer data from one script to the next. Do use it to share data across the entire website. Does the image name need to be shared across the entire website? No. It needs to be transferred from whatever original script to fetcher.php. And to transfer data like that you need to use query strings, as in $query = http_build_query(["image" => $img]); echo '<img class="resimg" src="../Images/fetcher.php?', $query, '"><br><br>'; Then fetcher.php grabs the image name from $_GET. Which it almost does now, except it completely ignores that value and goes with the one in $_SESSION instead. Anyone can see that URL and anyone can change it to be whatever they want. To address that, fetcher.php should get the basename of the image, then look to see if that file exists in the subfolder. For the Content-Type, I specifically said that the value changes for different images. Here is a list.

Some of that is covered by document.hidden and the visibility API.

What do you mean by when the webpage is not "in focus"? You can tell if the page is not the active tab (document.hidden), but there's no way you can tell if the user pushed the window aside or simply got up from the computer to take a bathroom break while they waited.

It's time for some real details. What is the URL to the images (the ones that will be in a password-protected directory) and to the script for outputting the images? What is the code for that script? Where are the include files and whatever that you need to use in that script?

The first thing I would have to see is the code (in text form) of displayCart. What does the 0 mean? Can it add products to the cart? Another thing is the PHP script you have for adding products to the cart. Is that ready to use? What POST data do you need to send? A simple change to make now would be to add the quantity input next to the button. For how many to add to the cart.

Can you use .htaccess files? Or does the host provide a way to do URL rewriting?

I'm not sure about the "giving" images thing, but If you don't want someone to access a file directly then you don't make it a file they can access directly. Put the image files somewhere not accessible by typing in a URL (meaning they don't go in your public_html or www or whatever directory where your website files go), then create a PHP script that shows the image instead - but only after it runs some other code to make sure it actually should display the image. Basically, <?php // include your common header file or session_start or whatever // figure out what image was requested // ex: /script.php?image=whatever.jpg then $_GET["image"] $image = $_GET["image"]; // look up whether the user can see the image // if they can't then show a "not allowed" image instead (or maybe do something else) if (!$user_can_see_image) { $image = "notallowed.jpg"; } $file = "/path/to/your/images/" . $image; // output the image header("Content-Type: image/jpeg"); // this changes for different types of images! header("Content-Length: " . filesize($file)); readfile($file); After that's in place you can worry about things like making the URL look prettier (maybe /image/whatever.jpg) or enabling caching to save you bandwidth.

This is a forum for posting problems and getting answers. It's not good for soliciting individual and personalized help from a single person. You're much more likely to get help by posting your code and asking specific questions instead of hoping someone will come along and decide that they want to do a video chat with a complete stranger. Ready to do that? If all you have left is this thing with a loop and table then this should be pretty quick and easy.

But the page still exists. Not showing the user the page isn't good enough: you need to make sure the user can't run the page either.

You didn't put the username input inside the form. Where is the security to restrict this form to only administrators? Is there anything to stop someone from sending a POST request to this page with whatever information they want?

So you want the SUM(inc_due) minus the SUM(inc_amount) WHERE inctype_id=11?