Strider64

I have a PHP book by Larry Ullman and I don't ever remember teaching spaghetti-code code? I would be very surprised if Larry was doing that.....

If the date is coming from a form most people use post for it's more secure, so it would be better to use $_POST['time_input']. Though to be honest I have I'm still a little confused on the original poster's post and this in what the OP means set the time in the form? Does it want to be incremented one hour before being made a selection in the form (giving the user an option) or be already set?

You could manipulate the css with javascript, but why would you? Answer: You basically wouldn't unless you wouldn't, but there are small exceptions to the rule (Like developing an online quiz). It also cumbersome to use JavaScript to modify the css, when it can be directly changed in css and I would bet most developers add/remove css classes (or ids) than manipulate the css directly in javascript.

I been using Netbeans since I was mainly a PC user, but I switched over to the iMac and found it even easier to setup. The one downfall that I found writing PHP under Windows is that Windows isn't unix based thus setting up Netbeans (more like the local server in setting it up) takes a little bit of workarounds and/or knowing a little bit of DOS (Something I knew since DOS 3.1 LOL ). However, once you get it setup there should be no problems and things become second nature; however, I found setting up a website on a remote server sometimes a little baffling until I remember I design/developed on a Windows based computer.

If you want to figure out duration of time you need actually timestamps like already stated or the Date and Time. Look into the DateTime class at php.net for it has a lot of built in functions that can be used, so you don't have to reinvent the wheel. Here's an example -> <?php date_default_timezone_set("America/Detroit"); $start = '2016-09-11 12:45:00'; $end = '2016-09-13 12:59:52'; $date1 = new \DateTime($start); echo $date1->format("F d, Y"); $date2 = new \DateTime($end); $diff = $date1->diff($date2); echo "<pre>" . print_r($diff, 1) . "</pre>";

or just use label after the input statement and it perfectly HTML $attr_input .= '<label for="tracker">' . $entry_instructions . '</label>';

You might want to check this out -> https://github.com/js-cookie/js-cookie

What happens if someone disables Javascript? Can they bypass the checks? I personally do the validation checks using PHP that way I know nothing gets bypassed. Then if I wanted to add I can add Javascript/JQuery validation after I get the php validation working.

You should be posting a password....leave it blank or put ***** as a replacement.

I personally would use true instead of false for I find it easier to comprehend and it might be helpful just to have a security access level that grants permissions to the user to do certain things based on their security level. For example this is my login script for my website(s): $db = DB::getInstance(); $pdo = $db->getConnection(); /* Setup the Query for reading in login data from database table */ $this->query = 'SELECT id, username, password, security_level, first_name, last_name, email, home_phone, cell_phone, gender, birthday FROM users WHERE username=:username'; try { $this->stmt = $pdo->prepare($this->query); // Prepare the query: $this->stmt->execute([':username' => $data['username']]); // Execute the query with the supplied user's parameter(s): } catch (Exception $ex) { die("Failed to run query: " . $ex->getMessage()); // Do Not Use in Production Website - Log error or email error to admin: } $this->stmt->setFetchMode(PDO::FETCH_OBJ); $this->user = $this->stmt->fetch(); if ($this->user) { $this->loginStatus = password_verify($data['password'], $this->user->password); // Check the user's entry to the stored password: unset($data['password'], $this->user->password); // Password(s) not needed then unset the password(s)!: } else { return FALSE; } if ($this->loginStatus) { $_SESSION['user'] = $this->user; // Set the session variable of user: return TRUE; } else { return FALSE; } If the user's credentials check out then I simple put $_SESSION['user'] in my configuration file like this: /* Use $user for sessions variable */ $user = isset($_SESSION['user']) ? $_SESSION['user'] : NULL; Then I can simple do this I want to grant access to a certain security level like this: if ( $user && $user->security_level === 'member") { /* Write code here for user with the security level here */ } The possibilities are endless another example: if ( $user && $user_security_level !== 'member' ) { header('Location: index.php'); // Sorry none members not allowed: exit(); }

You can download the password_hash/password_verify for PHP 5.3.7 and PHP 5.4 https://github.com/ircmaxell/password_compat

I would just like to add never store a password in a session ($_SESSION)!

Even on smaller projects once you have a library of classes built up it easier to either transfer the classes or have a centralized library of the classes. Thus saving you time and probably money if you're doing it for a client.

or you could do this: /* Get the current page */ $phpSelf = filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_URL); $path_parts = pathinfo($phpSelf); $basename = $path_parts['basename']; // Use this variable for action='': $pageName = ucfirst($path_parts['filename']); <td width="50%" align="left"><a href="<?php echo $basename . "?month=". $prev_month . "&year=" . $prev_year; ?>" style="color:#FFFFFF">Previous</a></td>

First I would recommend not using static functions. I would also suggest maybe just pulling and displaying the data directly from the database table? For example this is what I did for a small blog/forum that I did for my own website: public function read($category = "sysop") { $this->sql = 'SELECT id, creator_id, category, sticky, title, content, date_updated, date_added FROM pages WHERE category=:category ORDER BY date_added DESC'; try { $this->stmt = $this->pdo->prepare($this->sql); $this->stmt->execute([':category' => $category]); $this->stmt->setFetchMode(PDO::FETCH_OBJ); return $this->stmt; } catch (Exception $ex) { print $ex->getMessage(); } } Then I just use a view page that I called posts.php <?php while ($row = $stmt->fetch()) { $dateAdded = new DateTime($row->date_added, new DateTimeZone('America/Detroit')); $dateUpdated = new DateTime($row->date_updated, new DateTimeZone('America/Detroit')); ?> <article class="blogArticle"> <header> <h1><?php echo $row->title; ?></h1> <p class="author">by <?php echo $blog->getUsername($row->creator_id); ?> created on <?php echo $dateAdded->format("F j, Y g:i A"); ?> updated on <?php echo $dateUpdated->format("F j, Y g:i A") ?></p> </header> <hr> <p class="blogParagraph"><?php echo nl2br(html_escape($row->content)); ?></p> <hr> <footer> <?php if ($user && ( $user->id === $row->creator_id || $user->security_level === 'sysop')) { ?> <a class="edit" href="edit.php?edit=<?php echo urlencode($row->id); ?>">Edit</a><a class="delete" href="delete.php?delete=<?php echo urlencode($row->id); ?>" onclick="return confirm('Are you sure you want to delete this thread?');">Delete</a> <?php } ?> </footer> </article> <?php } that I use for my index.php page or what have you like so $stmt = $blog->read(); require_once 'lib/includes/header.inc.php'; ?> <div class="container mainPage"> <?php include 'lib/views/posts.php'; ?> <?php require_once 'lib/includes/footer.inc.php'; You can alway build an array as you go about displaying if you have other plans for it. Just a suggestion.

If you don't use a template engine you can always use a function in you configuration file that you use to make it a little less cumbersome, for example function html_escape($raw_input) { // important! don't forget to specify ENT_QUOTES and the correct encoding return htmlspecialchars($raw_input, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8'); } then call it like <p class="blogParagraph"><?php echo nl2br(html_escape($row->content)); ?></p> I believe I got this small script from a tutorial I got from a different forum written by Jacques! awhile back.

// Autoload classes from "classes" directory: function class_loader($class) { require("lib/classes/" . $class . ".php"); } spl_autoload_register("class_loader"); Very help link http://php.net/manual/en/function.spl-autoload-register.php

First of all I 99 percent of the time just use regular varchar, but I fool around with enum every once in a while and came up with this method of getting the categories or what have you from an enum type: /* Grab the categories and put it into a category array */ public function getCategories() { /* Set up the query to fetch only the category column which is an enumerated type */ $this->sql = "SHOW COLUMNS FROM pages LIKE 'category' "; $this->category = $this->pdo->query($this->sql); /* set it up as an object */ $this->category->setFetchMode(\PDO::FETCH_OBJ); /* Fetch all the rows in that particular column as objects */ $this->enum = $this->category->fetchAll(); $this->type = $this->enum[0]->Type; // Grab only the Type column: preg_match('/enum\((.*)\)$/', $this->type, $this->matches); // Strip enum() away from the string: $this->vals = explode(',', $this->matches[1]); // Convert it to an array: /* Trim the ' away from the individual values and put it in categories array */ foreach ( $this->vals as $value) { $this->categories[] = trim($value, "'"); } return $this->categories; // Return the array with the proper categories: } but like already stated it is easier to use a different type and not all databases support enum. I also think it's best to have your logic (can't find a the right word) in PHP than MySQL. Sorry for going kind of going off topic....returning to regular broadcasting.....Though I think you could modify you table to have three columns to achieve what you want (I think)

What I would do is creating a configuration file and called it config.php or utilities.inc.php (This is what I call mine) then stick it at the top of every page. Then you can simply have scripts/sessions configured and you don't have to keep typing it every time - here's my utilities.inc.php file as an example: <?php if ($_SERVER["SERVER_NAME"] != "localhost") { if ($_SERVER["HTTPS"] != "on") { // Redirect to a secure website ( https ) header("Location: https://www.pepster.com"); exit(); } } /* Turn on error reporting */ ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(-1); /* * Pepster's Place : Web Design & Development * John R Pepp * Date: July 21, 2015 * Version: 1.0 alpha */ date_default_timezone_set('America/Detroit'); // Set the Default Time Zone: /* Autoloads classes using namespaces */ require_once "lib/website_project/website_project.inc.php"; use website_project\database\ConnectPDO as Connect; use website_project\users\Members as Login; use website_project\blog\Blog as Journal; include 'connect/connect.php'; // Connection Variables: header("Content-Type: text/html; charset=utf-8"); header('X-Frame-Options: SAMEORIGIN'); // Prevent Clickjacking: header('X-Content-Type-Options: nosniff'); header('x-xss-protection: 1; mode=block'); header('Strict-Transport-Security: max-age=31536000; includeSubDomains'); header("content-security-policy: default-src 'self'; report-uri /csp_report_parser"); header("content-security-policy: script-src 'self' https://apis.google.com"); header('X-Permitted-Cross-Domain-Policies: master-only'); /* Set length of sessions and start sessions */ $seconds = 60; $minutes = 60; $hours = 24; $days = 14; session_set_cookie_params($seconds * $minutes * $hours * $days, ""); session_start(); /* Use $user for sessions variable */ $user = isset($_SESSION['user']) ? $_SESSION['user'] : NULL; /* Get the current page */ $phpSelf = filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_URL); $path_parts = pathinfo($phpSelf); $basename = $path_parts['basename']; // Use this variable for action='': $pageName = ucfirst($path_parts['filename']); /* PDO Connection */ $db = new Connect; $pdo = $db->getDatabase(); $user_login = new Login($db); $blog = new Journal($db); function html_escape($raw_input) { // important! don't forget to specify ENT_QUOTES and the correct encoding return htmlspecialchars($raw_input, ENT_QUOTES | ENT_HTML5, 'UTF-8'); }

First, let me make a comment of people supposedly stealing "HTML" markup that say they are stealing their code by just changing the design/style around and moving this there and that there. It would be stealing if all they did was change the color theme and the font then called it their own, but if the actually changed the design I don't see how you can call it stealing? There is even a website to help people learn CSS http://www.csszengarden.com/ As for php, it would be stealing if someone simply grab the php from a person website by hacking by various hacking means. However, I have been stumped in the past and used a script or two in order to get that particular page working the way I want it to, but people post tutorials all over the web (some good or some bad) just for that purpose. You still 99 percent of the time have to modify the code to fit your needs for that particular website. Just my .02 cents.

I use unorder lists and the anchor tag for the calendar I created: protected function currentMonth($date) { $this->isHoliday = new Holiday; /* Grab the current month DateTime */ $this->current = new DateTime($date); $this->days = $this->current->format('t'); // Days in the current month: /* Generate each day of the week's date */ for ($x = 1; $x <= $this->days; $x++) { if ($x < 10) { $this->urlDate = $this->current->format('Y') . '-' . $this->current->format('m') . '-0' . $x; } else { $this->urlDate = $this->current->format('Y') . '-' . $this->current->format('m') . '-' . $x; } $this->memo = $this->checkForEntry(); if ($this->isHoliday->checkForHoliday($this->urlDate)) { /* Grab the important date(s) of the month and put it into an array */ $this->highlightHoliday = 'highlightHoliday'; } else { $this->highlightHoliday = \NULL; } $this->sendDate = new DateTime($this->urlDate); /* Figure out if the month's day is today and highlight if it is */ if ($this->today->format('Y-m-d') === ($this->urlDate)) { $this->highlightToday = 'highlightToday'; } else { $this->highlightToday = \NULL; } /* The Actual Link of the day of the week for the current month */ $this->calendar[] = '<li class="calday ' . $this->highlightHoliday . ' ' . $this->memo . '"><a class="mark ' . $this->highlightToday . '" href="calendar.php?urlDate=' . htmlspecialchars($this->sendDate->format('Y-m-d')) . '&page=' . htmlspecialchars($_SESSION['page']) . '">' . $x . '</a></li>' . "\n"; } } I actually find it using the get statement for the statement and the post statement (using a form) for the booking portion of the calendar. See my signature for the website with my calendar on it (you'll have to be logged in (registered) to use the scheduling portion of the calendar).

Here's something that might help you out or get you going in the right direction - I can't guarantee that it'll work for the might be bugs (errors) that I have overlooked. <?php require('/includes/functions.php'); require('/includes/connect.php'); error_reporting(E_ALL | E_NOTICE); session_start(); // I would put this in the connect.php or a configuration file that goes at on every page (Best Option): if ($_SERVER['REQUEST_METHOD'] == "POST") { $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if (empty(trim($username)) || empty(trim($password))) { die("You must enter your <b>username</b> and <b>password</b>"); } /* Setup the Query for reading in login data from database table */ $query= 'SELECT username, password, rank, active FROM users WHERE username=:username'; try { $stmt = $handler->prepare($query); // Prepare the query: $stmt->execute([':username' => $data['username']]); // Execute the query with the supplied user's parameter(s): } catch (Exception $ex) { die("Failed to run query: " . $ex->getMessage()); // Do Not Use in Production Website - Log error or email error to admin: } $stmt->setFetchMode(PDO::FETCH_OBJ); // Fetch data as object(s): $user = $stmt->fetch(); // Fetch the data: /* If username is in database table then it is TRUE */ if ($user) { $loginStatus = password_verify($password, $user->password); // Check the user's entry to the stored password: unset($password, $user->password); // Password(s) not needed then unset the password(s)!: } else { return FALSE; // Return if no user is found in database table: } /* * If passwords matches and user is active then set user's account into sessions * then in a configuration file of some sore you can do something like * $user = isset($_SESSION['user']) ? $_SESSION['user'] : NULL; * that way all you have to do to access a user who is logged in is * $user->username for example (accessing the object(s)) */ if ($loginStatus && $user->active === 1) { $_SESSION['user'] = $user; // Set the session variable of user: return TRUE; // Everything is OK (Passwords match && user is active): } else { return FALSE; // Invalid password was entered: } }

Also I think it would be easier to assemble the array (or output) first then use json_encode, for example: $output = json_encode($myArray); output($output); /* If there is an error then change the error to the proper code and output the */ /* error message via Ajax /JQuery. */ function error($output, $code = 500) { http_response_code($code); echo $output; } /* If everything validates OK then send success message to Ajax/jQuery */ function output($output) { http_response_code(200); echo $output; }

You can always force the action="" to have something in it by doing something like this : $phpSelf = filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_URL); $path_parts = pathinfo($phpSelf); $basename = $path_parts['basename']; // Use this variable for action='': $pageName = ucfirst($path_parts['filename']); <form id="calendarLogin" class="container" action="<?php echo $basename; ?>" method="post"> now back to the OP original problem.

I personally when find doing this when debugging - echo "<pre>" . print_r($context, 1) . "<pre>\n"; for it gives a nicer readable output.