I am trying to secure a folder within my site by forcing an HTTPS connection when anything in this folder is run (the folder contains a series of scripts that process registrations, password resets, etc). What's the easiest way to accomplish this?

Actually figured it out, seems I was having a bad day.... :yawn:

I'm trying to figure out the best way to accomplish the computation of weighted averages for my site. Here's the PHP that pulls down the results --

[CODE]$SQL = "SELECT a.*, b.CName, c.Description FROM humidor a
LEFT JOIN cigar b on a.CigarID = b.CigarID
LEFT JOIN cd_manufacturer c on b.Manufacturer = c.Code
WHERE UserID = $UserID AND DisplayCD = 1 AND Quantity > 0
GROUP BY CigarID
ORDER BY c.Description, b.CName ASC";
$Result = mysql_query($SQL); }[/CODE]

Then it goes into a WHILE loop --

[CODE]while ($row = mysql_fetch_row($Result)) {
$convertpurchasedate = strtotime($row[3]);
echo("<tr style=\"vertical-align:middle\"><td><a href=\"../cigar?id=$row[2]\">$row[12] $row[11]</a></td><td>".date('F d, Y', $convertpurchasedate)."</td><td>$row[4]</td><td>$ $row[5]</td>
<td><input id=\"e$row[2]\" type=\"submit\" value=\"Edit\" name=\"edit\" style=\"width:47px;font-size: x-small\" onclick=\"return UpdateRecord(this.parentNode.parentNode.childNodes[2].innerHTML,this.id.substr(1));\" /><input id=\"d$row[2]\" type=\"submit\" value=\"Delete\" name=\"delete\" style=\"width:47px;font-size: x-small\" onclick=\"return DeleteRecord(this.id.substr(1));\" /><br /><input id=\"u$row[2]\" type=\"submit\" value=\"Smoke One\" name=\"use\" style=\"width:95px;font-size: x-small\" onclick=\"return UseCigar(this.parentNode.parentNode.childNodes[2].innerHTML,this.id.substr(1),'$row[2]','$row[9] $row[8]');\" /></td></tr>");}[/CODE]

What I'm trying to do is two-fold --

(1) I want to calculate a weighted average based on the number of cigars in inventory currently. I've figured out how to calculate it (I'm going to use something like: $TotalPrice / COUNT($Quantity) ). The issue with this is I'm not sure how to do this within the loop.
(2) Similar to #1, I want to group the cigars by CigarID such that only the most recent date added displays (I'm sure this is simple using the (MAX) function).

I figure this is probably something straightforward, it's just been one of those days and I am having a mental block.... :-/

[QUOTE=vibhadevit;1595651]What i understood, Your calculation is giving 2.33 not 1.73.

(10 1.00) + (20 2.00) + (30 * 3.00)

SUM(Quantity)

=> 140 / 60
=> 2.33

Check this query.
[CODE]
SELECT sum( (
Quantity Price
) ) , sum( Quantity ) , sum( (
Quantity
Price
) ) / sum( Quantity )
FROM cigar
[/CODE][/QUOTE]

Whoops, good catch. Perhaps I should try to do math at this time of night! :|

Does this account for the fact that some cigars might have 1, 2, 3, or some other number entries?

I am trying to figure out the best way to figure out "age" of a particular item. I currently have fields in a mySQL databases that are stored as datetime formats and I need to display (in PHP) the relative age of those dates in terms of years, months, and day. Any suggestions?

No, mySQL workbench is just a GUI tool that helps primarily in database design and also, in some cases, as an external editor. I use it primarily to design and layout a given database and then use another 3rd party GUI for interfacing with the database. But, in no means, is it required to run PHP or apps on the server.

I personally find it easier to assign roles by using a RoleCD in the user table and then assigning different capabilities based on that RoleCD. That will prevent you from needing two separate tables while still ensuring that only Administrators/Supervisors are seeing the appropriate functions.

Just my 2 cents....;)

[QUOTE=mgt;1595633]I'm trying to create a simple members only section. With the following code, I'm able to log in and get redirected to a page (that simply says: "hello") if the login is correct. If I then copy the URL from the page to which I was redirected, open up IE, and then paste the copied URL into the browser window, I'm told to log in. I would like to add a full web page of HTML (so that I can take advantage of CSS functionality and because I'm not that adept at PHP) to the redirected page, keeping it as a .php file, of course. Can someone help?

The current code is:

[B]EXAMPLE_SESSION_FUNCTIONS.php[/B]

[CODE]
<?php
ini_set( 'session.name', 's' );
/ the URL to the login page/
define( 'URL_LOGIN_PAGE', 'EXAMPLE_LOGIN.php' );

// start the session...
session_start();

/ check for valid user /
if( !defined('LOGGING_IN') )
{
verify_if_valid_user();
}

function match_user_in_db( $user, $pass )
{
$host="localhost"; // Host name
$username="a"; // Mysql username
$password="b"; // Mysql password
$db_name="c"; // Database name
$tbl_name="d"; // Table name

// Connect to server and select databse.
$conn = mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['username'];
$mypassword=$_POST['password'];

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT username FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

if( mysql_num_rows($result)==1 )
{
$_SESSION['valid_user'] = mysql_result( $result, 0, 0 );

Echo "<a href=http://www.myURL.com/EXAMPLE_TEST_PAGE.php</a>" ;

}
else
{
Echo "Invalid login";
Echo "<a href=http://www.myURL.com/EXAMPLE_LOGIN.php>Login again!</a>" ; ...

So I am in the process of putting some finishing touches on a new section of my website which allows users to keep track of their cigars in an online inventory (or humidor) type system. I'm kind of stuck; however, on what the best way to capture and process data when being displayed. So right now, a user adds a record for a particular cigar, a new row is created with information relevant to that entry (price per cigar, date purchased, quantity purchased, and the particular cigar purchased). So what ends up happening is let's say I purchased the same cigar on 3 different dates for 3 different amounts, I would have 3 different, unique entries.

When a user visits their page which lists this inventory, I want all the data combined based on CigarID (which identifies the unique cigar) and I need it to SUM the quantities and compute an average; however, the average needs to be based on the quantity not the number in the price paid field. to give you an example, let's say I add the following three cigars -

[CODE][B]CigarID | Quantity | Price Paid (Per Cigar) | Date Purchased[/B]
1 | 10 | 1.00 | 06/01/2011
1 | 20 | 2.00 | 06/02/2011
1 | 30 | 3.00 | 06/03/2011[/CODE]

So, based on this data set, if I was to use the AVG function, it would return a value of $2.00 (or (1+2+3) / 3). However, the real average, accounting for the quantity should ...

[QUOTE=ardav;1594352]AFAIK, mysql_real_escape_string (mres) doesn't put a backslash in the DB, it's only used to make safe input. If a backslash already exists in the string, it is kept under mres. So, like I said, I don't understand the concern.

Just ensure magic quotes are turned off.[/QUOTE]

That was my misunderstanding then, I thought MRES escaped all special types of characters which I assumed, incorrectly it appears, would include backslashes. Thanks for the help :cool:

[QUOTE=ardav;1594310]You realise we're talking about backslashes and not forward slashes right? I've never seen backslashes in normal sentences.[/QUOTE]

You raise a valid point and while I certainly understand (and agree) with your point, i'm just trying to prevent an issue where someone uses the wrong slash only to have it stripped.

[QUOTE=ardav;1594305]Why do you want to do this? You might break SQL. mysql_real_escape_string() escapes the string, but when you recover it and pass it back to html, they are invisible.

I really, really can't see the value of what you're trying to do. Do you expect a backslash in the input?[/QUOTE]

The type of input people are putting in the forms are long reviews of products and locations. It's entirely possibly that someone could use a slash in their entry. In fact, there are some names of locations and products that have a slash in them. Right now, I'm going in manually on the DB and correcting this display issue which as the site has grown has become quite a task. I'm trying to figure out if there is a systemic way to deal with this issue.

I understand that stripslashes would work for the apostrophe issue (which, by far, is more prevalent on my site) but I think it could effect readability if all slashes were stripped when they were entered into a review field.

[QUOTE=Insensus;1594244][b]mysql_query[/b] returns a boolean false when the query fails so if you fix the query (to which the second error applies) the first will disappear also.

As for the second error: it's probably something to do with [b]$UserID[/b] as the rest looks alright.
Maybe you could show us what the query looks like when it's executed? (echo $SQL)[/QUOTE]

That was it, I forgot to bring over the $UserID variable - doh! :|

Thanks for the help!

I guess replace wasn't the best term ;-)

So with the escape function, apostrophes return as \' instead of ' so wanted the slashes to be removed but leaving in tact any slashes that the user entered. So, for example, lets say the user inputs the following:

[CODE]This store isn't that great/good[/CODE]

I would want that to return (or be inserted as) it's written, with slashes and apostrophes in tact). Does that make it a bit clearer?

I also forgot to mention that [B]stipslashes[/B] isn't an option as some of the input could have legitimate slashes and my understanding is that stripslashes removes every slash whether it was replaced by mysql_real_escape_string or by the user inputting it?

I'm trying to figure out the best way to replace apostrophes in various user input which is all formatted first using [B]mysql_real_escape_string[/B]. Of course this replacement should take place after all input has been sanitized and anything funny removed. :)

Any help would be awesome!

So I'm getting this error message from MYSQL when I load this page. The first message is what's it displaying on the PHP code, the 2nd message is the result of mysql_error().

ICODE Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in [I][redacted][/I] on line 19

(2) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND CigarID = 334 AND DATE_SUB(CURDATE(),INTERVAL 15 DAY) <= DateAdded' at line 1[/ICODE]

When I run the query in mySQL it returns a result, as it should. So I'm not sure what's going on here. I've check to make sure the variable wasn't recycled and it's not. Any ideas what's going on here? Here's the offending code --

[CODE]//Check User's Last Review
$SQL = "SELECT COUNT(CigarID) FROM reviews_cigar WHERE UserID = $UserID AND CigarID = $CigarID AND DATE_SUB(CURDATE(),INTERVAL 15 DAY) <= DateAdded";
$Result = mysql_query($SQL);
$row = mysql_fetch_array($Result) or die(mysql_error());
if( $row[0] > 0 ){
$errormsg = "Sorry but you have submitted a review for this Cigar in the past 15 days";[/CODE]

I am in the process of trying to customize my site's URLs and I'm running into an issue with my htaccess file, specifically the newest one I am trying to add. Here's the file --

[CODE]RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.)$ $1.php [L,QSA]
RewriteRule ^/retail/(.
)$ retail.php?id=$1[/CODE]

The first condition removes the extensions from the site so that I can go to index instead of index.php. This is working great with no issues. It's the next one down that's causing problems. it's basically not working at all. So when I visit my site and go to domain.com/retail/100, it's displaying a 500 Error.

I'm not as familiar with apache and customizing it through the htaccess file so if you all could tell me what I'm doing wrong it would be much appreciated! Thanks! :)

From what you've posted, the javascript your executing isn't calling the SQL queries to actually perform the update. You need to include something in your javascript to call those queries (or PHP file). It should look something like this:

[CODE]xmlhttp.open("GET","updatefile.php",true);
xmlhttp.send();[/CODE]

Actually got it figured out, maybe I'm not as bad as loops as I thought... :scared:

Any chance the wonderful people here on daniweb could help me again with a loop? My apologies, loops are not my thing :| Basically what I'm trying to do is add a condition where on the last tweet (that is where the loop = $nooftweets), that tweet gets a different <span> class. Here's the function --

[CODE]function get_tweets($twitter_id,
$nooftweets=3,
$dateFormat="m/d/y",
$includeReplies=false,
$dateTimeZone="America/New_York",
$beforeTweetsHtml="<ul>",
$tweetStartHtml="<li><p>",
$tweetMiddleHtml="  <small>",
$tweetEndHtml="</small></p></li>",
$afterTweetsHtml="</ul>") {

date_default_timezone_set($dateTimeZone);
if ( $twitter_xml = twitter_status($twitter_id) ) {
    $result = $beforeTweetsHtml;
    foreach ($twitter_xml->status as $key => $status) {
        if ($includeReplies == true |
                substr_count($status->text,"@") == 0 |
                strpos($status->text,"@") != 0) {
            $message = processLinks($status->text);
            $result.=$tweetStartHtml.$message.$tweetMiddleHtml.
                        date($dateFormat,strtotime($status->created_at)).$tweetEndHtml;
            ++$i;
            if ($i == $nooftweets) break;
            }
        }
        $result.=$afterTweetsHtml;
}
else {
    $result.= $beforeTweetsHtml.
                "<li id='tweet'>Twitter seems to be unavailable at the moment</li>".
                $afterTweetsHtml;
}
echo $result;

}
[/CODE]

Thank you all for your help, I went ahead and tested out pritaeas's code and it fixed the issue. I didn't realize that using '../' or '/' will only recurse into the root regardless of how many you use. Sorry for the confusion :$

[QUOTE=pritaeas;1591526]Not quite sure now what you are trying to achieve.
[code]
<a href="/index.php">Home</a>
[/code]
The above will not solve your problem, because ?[/QUOTE]

Maybe I am missing something but is that not going to generate errors on the root since it's trying to go into a recursive directory? :-/

[QUOTE=pritaeas;1591391]In this case Home should point to /index.php and not to index.php[/QUOTE]

Right, but the issue is how do you define that when using one central navigation file. So if I say in the navigation include file

<a href="index.php">Home</a>

Then it will work for part of the site but as soon as you go into another directory it won't go to the correct place.

[QUOTE=jrotunda85;1591371]That is what I'm doing however there are a few files which have includes within another include. So it's causing an issue linking back to the correct place. I've found the answer though, instead of using relative paths, I'm going to use absolute paths (e.g. /home/user/public_html/etc) this is working perfectly! Thanks everyone for the help :)[/QUOTE]

Actually here's another sort of related question, so using the absolute paths is great for the includes but they don't work obviously in a standard link. So, going on my previous example, let's say I was on index.php (in the root) and click on page 2. That takes me /page2/index.php. Now when I click on home in this directory it takes me back to /page/index.php.

Is there a way to make these nav links where they are always poitining to the correct directory?

[QUOTE=pritaeas;1591363]Can't you just use:
[code]
include '/include/navigation.php';
[/code][/QUOTE]

That is what I'm doing however there are a few files which have includes within another include. So it's causing an issue linking back to the correct place. I've found the answer though, instead of using relative paths, I'm going to use absolute paths (e.g. /home/user/public_html/etc) this is working perfectly! Thanks everyone for the help :)

[QUOTE=vibhadevit;1590984][CODE]
<? define('SITE_ROOT_PATH',$_SERVER['DOCUMENT_ROOT'].'testproject/')
include(SITE_ROOT_PATH.'config.php');
?>
[/CODE]
You can add above code in any file of any directory of testproject.[/QUOTE]

vibhadevit, thanks for the response. This code; however, won't work for what I'm trying to do since it's going to the root of whatever directory its currently in. Let me give you an example that may be a little better than the earlier one. I have the following files:

index.php
newdirectory/index.php
include/navigation.php

So I want to be able to use the navigation.php on [B]both[/B] the index.php in the root as well as the one in 'newdirectory' So you're code works for the former but not for the latter since it's looking for the navigation file in 'newdirectory' as opposed to the root of the site. Does that make sense?

I've fixed the issue! :)

So I'm trying to figure out the best way (if possible) to combine these two stored procedures. Basically these are the same, the only difference is one is looking at a 'Spot' table, the other is looking at the 'Retail' table. However, in both cases the column count is the same and most of the column names are even the same (with the exception of RetailID vs SpotID and RName vs SName). Any help would be much appreciated!

[CODE]/ Procedure structure for procedure EventsNear1 /

/!50003 DROP PROCEDURE IF EXISTS EventsNear1 /;

DELIMITER $$

/!50003 CREATE DEFINER=root@localhost PROCEDURE EventsNear1(Lat1 float,Long1 float,distance float)
BEGIN
SELECT a.RetailID, a.RName, a.Addr_Street, a.Addr_City, b.Description, a.Addr_Zip, a.PhoneNbr, a.WebAddr, ROUND(DistanceBetween(Lat1,Long1,a.latitude,a.longitude),2) as 'Distance(Miles)' from retail a LEFT JOIN cd_states b on a.Addr_State = b.Code where DistanceBetween(Lat1,Long1,a.latitude,a.longitude)<distance order by DistanceBetween(Lat1,Long1,a.latitude,a.longitude);
END
/$$
DELIMITER ;

/ Procedure structure for procedure EventsNear2 /

/!50003 DROP PROCEDURE IF EXISTS EventsNear2 /;

DELIMITER $$

/!50003 CREATE DEFINER=root@localhost PROCEDURE EventsNear2(Lat1 FLOAT,Long1 FLOAT,distance FLOAT)
BEGIN
SELECT a.SpotID, a.SName, a.Addr_Street, a.Addr_City, b.Description, a.Addr_Zip, a.PhoneNbr, a.WebAddr, ROUND(DistanceBetween(Lat1,Long1,a.latitude,a.longitude),2) AS 'Distance(Miles)' FROM spot a LEFT JOIN cd_states b on a.Addr_State = b.Code WHERE DistanceBetween(Lat1,Long1,a.latitude,a.longitude)<distance ORDER BY DistanceBetween(Lat1,Long1,a.latitude,a.longitude);
END
/$$
DELIMITER ;[/CODE]

So I'm trying to create one central file for my navigation which is used across my site; however, some of the pages are in different directories. So, for example , let's say I have the following directories --

domain.com/
domain.com/dir1/
domain.com/dir2/

If I wanted to use the same include between all three of these options, is there a way for it to figure out how many "../" need to be included based on where it is?