requinix

What version of PHP are you running?

As far as security goes, a simple link is not going to be secure. You can't verify identity, only that the person has access to the email account. Are you sure that's sufficient? If so then your hands are basically tied: create a single-use (probably) token/random identifier and embed it into the link. You can also audit the use of the link, eg. not just by logging the usage but also whether the usage happened with a logged-in account. For indicating the action to perform, there isn't a whole lot of difference whether the token identifier includes the action to perform or not. However, if it's not part of the token (and is in the URL) then you'll probably want validation that the user is requesting an action authorized by the token, and at that point you already have sufficient information from the token itself (given that it's designed to be used for one purpose) that you probably don't need to put it into the link anymore. So the token will inherently be identifying both the user and the action.

MySQL can do this more easily than PHP with its TIME_TO_SEC function.

There's a website people sign into, right? Can't you use that? Have the link take them to whatever URL and use the regular website authentication to verify identity?

Also note that PHP errors do not show up in your browser's developer console*. They will be outputted as messages right into the page, or they'll show up in a log file, or they'll not show up at all, depending on how your PHP is set up. It's confusing to me to need to say this because you clearly saw the Undefined Index notices earlier. Are you using some PHP extension to get errors into the console? Does it support doing that with fatal errors too? (* edit: unless you have one of those PHP+browser extensions that lets you do that, but those are rarely used anymore)

Overloading as in multiple methods with the same name but different signatures (argument lists)? Checking because we're mostly PHP here and PHP does not have overloading.

There are two other problems, but they should be giving you error messages. Do you see any error messages?

$_POST["userid"] and $_POST["password"] will only exist after the form has been submitted. The first time you load the page, obviously it won't have been, but that code there is still trying to run. That thing you commented out? //if($_SERVER["REQUEST_METHOD"] == "POST"){ That detects whether the form was submitted. You need it.

No, for a couple reasons: 1. Regular assignment (=) assigns values. $username gets the value of $confirm_password - it's not literally saying "$username is the same thing as $confirm_password". 2. Technically, $a = $b = $c does not say $b=$c; $a=$b but actually $b=$c; $a=$c. It's a minor point that basically never matters. So the statement is really more like $confirm_password = ""; $username = "".

Not getting errors is a good thing. How about you try describing your problem? What is supposed to happen and what is actually happening?

Don't use IE? Really. Microsoft doesn't even want people to use IE anymore. I don't think they even install it in Windows anymore. But if you insist, how about a screenshot?

You've been given the answer: "yes, but you have to write code to do it". Even if it's just tracking you, the process is still the same. PHP won't do all this for you. However, if it's just you then maybe you don't need the session. Maybe just logging the information is enough and you can look through the logs?

You cannot track the user back through every page they visited. You can track them as they browse your website and you can sometimes (not always!) see what page they were on immediately before the current one. The answer is what gw1500se said: if you want to know what someone does after they click a button then track what they do after the click the button. Store each page in an array in the session, and when they get to the page you care about you can pull that array out. This is commonly referred to as "conversion tracking" or something similar. It's common for virtually every website that has some ecommerce or monetary aspect to it in order to see what drives people to the "goal" (them spending money) and what does not. So if you want to know more about the concept, there's some keywords for you to research.

Often those two conditions can be combined into one actual rewrite: move to https://www if the request is http or it's not www. Like for Apache, a RewriteCond with [OR] plus another RewriteCond.

www versus no-www matters. http vs https should not. Canonicalize everything and redirect appropriately.

Post the code you tried so we can see what the problem is.

Then the code you posted isn't wrong. Something else is.

What's the markup for the button?

If it doesn't function then it isn't correct. But it does need quotes.

Agreed. I would rather work with them in UTC and alter how they're displayed to the user by literally altering how they're displayed to the user. So the first one. Play it safe: 1. Make sure your database abstraction can handle DateTime objects and will translate them to UTC before serializing for storage, then use DateTime instances everywhere 2. Give yourself one or more functions that can display dates to the user that will adjust the timezone as needed. This is a great way to ensure you display dates uniformly across the site, too. Note that if you're working with Immutables, you can do $userEventTime->setTimezone(new DateTimeZone(...))->format(...) But only if they're immutable. So it might be better to clone instead: (clone $userEventTime)->setTimezone(new DateTimeZone(...))->format(...)

If you didn't have a constant named "green" then PHP was converting that to a string for you. But as of PHP 8, that will no longer happen and your script will die. PHP raised a warning when it did that. If you didn't see the warning then your PHP is not set up correctly for development.

gettext is a hook. What you want is the __ function. https://developer.wordpress.org/reference/functions/__/ Call it with the words to translate and stick the results into your $time_string.

That happens automatically. A lot of how webpages work for folks like us is declarative, meaning that you tell the browser what you want and it will deal with the how. Give the browser a standard web form, built correctly using the right information for the different pieces (eg, the form inputs will need the names "var1" and "var2"), and it will turn the form data that a user enters into the correct URL. A skeleton of the form's HTML markup is <form action="/" method="get"> <input type="text" name="var1"> <input type="text" name="var2"> <button type="submit">Submit</button> </form> That contains the absolute bare minimum information to get the behavior you want: entering "FOO" and "BAR" into the two fields and clicking the button will instruct the browser to go to "/?var1=FOO&var2=BAR".

Don't use PHP 8 yet? It was just released.

My version would be to JOIN the table to itself once or twice in order to pair up consecutive records, then DATEDIFF()-1 the end of the first with the start of the second, then SUM the results.