Local date and time

When I store the present date and time on the server what is stored is the server's (in Hong Kong, California, ...) local date and time.

However, I want the user to see the local date and time where he is located when the data is extracted from the server's database.

With javascript one may find the local offset. To feed that information back into a php file can be done as shown below.

A page is called with $arg arguments, if the local offset has not been already calculated (if (!isset($p_offset))) then write a javascript that will run and call the page itself (location.href = ...) with the arguments as before plus one more argument called offset.
















To try the code, click http://iwantyourquestion.com/test.php?abc=2&def=cat

The seond part takes place when you extract datetime information from the server stored in its local time.














To try the code, click http://iwantyourquestion.com/test2.php

Cool tooltips

The day started with J-Walk pointing to A Periodic Table which led to overLIB as I wanted to know how the tooltips were made.

flickr.com has a different approach it seems.















I posted a question to the overLIB group.

Untill that is answered, I will follow a simplified version of the flickr approach. It looks like this:

How naiive I am!

I wanted to title this piece "How naiive I have been!", but I rather play it safe. :)

I am creating a web site using mysql, php, and javascript at http://iwantyourquestion.com.

For easy and fast validation I require the user to have javascript turned on, and testing seemed to indicate that everything was well.

Then a thought struck me. What if the user decided to be mean?

Let me explain. On a page I have a link like .../ask_main.php?id=24&statusid=3 where id is the question id and statusid indicated if the question has been asked, answered, or closed. Instead of clicking the link, the user may copy it to the address bar and edit the parameters!

What if he changed the id to 25? Well, he might then see a question that was not his. What if he changed the statusid to 2. Then he might reply to an answer that has not been given creating nonsense.

The remedy. When the user goes to the page, in the intended or unintended fashion, I test if the question id belongs to the current user. If it does not I say 'Access denied.' I removed the statusid parameter and read it from the tables instead after the user clicked. That way it can not be manipulated.

That was a problem with a direct link with parameters. Now let's look at what happens when forms are submitted. Well, if they are submitted the normal way, by clicking the submit button, my javascript code does the validation. But what if the user types in the address bar a call to the page given in the code action=... in the form tag?

Remedy. I did this server validation:

// check that all parameters are sent
if (!isset($p_subject) or !isset($p_question) or !isset($p_why) or !isset($p_tried) or !isset($p_timetriedid)) {die('Access denied.');}

// check that all parameters are not empty
if ($p_subject=='' or $p_question=='' or $p_why=='' or $p_tried=='' or $p_timetriedid=='') {die('Access denied.');}

That way, at least the mysql queries won't produce errors. I could have taken the step to send the user back to the form page, in case his Javascript is off, but for now I request it to be on and tell the user if it is not.

As a further example of my ignorance I have to add that I did not know that php had error catching facilities and that not using them might produce a security risk.

I used the function is_int() in my code, but forgot the fist part of the function name and wrote only int(). That produced this runtime error:

Fatal error: Call to undefined function: int() in /xxx/yyy/zzz-... on line 15

It reveals where the home folder is, my username on the server, and the domain. All food for hackers.

http://www.devpapers.com/article/270 and http://www.phpbuilder.com/columns/starkey20020930.php3?print_mode=1 gave me some advice I am following now.

Conclusion: If it doesn't work the first time, you must be a programmer.

Borders that are not borders are the borders I like

The other day I was surprised to see that the border that looked nice in Firefox 2, looked awful in IE6, and created havoc in IE7.

Firefox:

IE6:

IE7: (The Add buttons are partially hidden.)

What to do? Create different css tags for different browsers? No way!

I found some nice borders at Sure Support:

It took me quite a while to find out how they created the border. It looked nice in Firefox and in IE!

The border around every cell is created in a sneaky way:

1. Set the table background to gray.
2. Set every cell background to white.
3. Set table cell spacing to "1" and border to "0"

Code: