PunBB Resource

Your ultimate PunBB resource!

Keywords:

    (Extended)

You are not logged in.

#351 2007-06-14 16:30:19

alana
Member
From: Maine, USA
Registered: 2007-05-30
Posts: 45
Website

Re: Calendar 2.0

didn't change anything.. so maybe the long lines aren't effected by percent widths, or else i am looking at the wrong place in the code..

Offline

 

#352 2007-06-14 16:43:31

Koos
Administrator
Registered: 2007-01-14
Posts: 524
Website

Re: Calendar 2.0

alana wrote:

Thank you so much, Koos! I really really appreciate your help. I am a PHP-tarded graphic designer, haha.

No problem. I also found it useful to add an 'Username' column to the Edit Event table so that you can easily see who entered what event before editing.

Here is the way to do it, after adding the above code:


Code:

#
#---------[ 1. OPEN ]-----------------------------------------------------------
#

calendar.php


#
#---------[ 2. FIND (line: 952) ]-----------------------------------------------
#

                    <td colspan="4">


#
#---------[ 3. REPLACE WITH ]--------------------------------------------------
#

                    <td colspan="5">

    
#
#---------[ 4. FIND (line: 944) ]-----------------------------------------------
#

                    <td style="width:85px"><?php echo $date ?></td>


#
#---------[ 5. AFTER, ADD ]--------------------------------------------------
#

                    <?php if ($pun_user['g_id'] == "1") {echo "<td>".$displayname."</td>";} ?>


#
#---------[ 6. FIND (line: 937) ]-----------------------------------------------
#

                $date = date_str( mktime(0,0,0,$date_part['1'],$date_part['2'],$date_year));


#
#---------[ 7. AFTER, ADD ]--------------------------------------------------
#

                $preid = $event_list['user_id'];
                $result_view = $db->query('SELECT id, username FROM '.$db->prefix.'users WHERE id = '.$preid);
                $result_get = $db->fetch_assoc($result_view);
                $displayname = $result_get ['username'];


#
#---------[ 8. FIND (line: 924) ]-----------------------------------------------
#

                    <th><?php echo $lang_calendar['Date']?></th>


#
#---------[ 9. AFTER, ADD ]--------------------------------------------------
#

                    <?php if ($pun_user['g_id'] == "1") {echo "<th>".$lang_common['Username']."</th>";} ?>


#
#---------[ 10. SAVE/UPLOAD ]-------------------------------------------------
#

Upload file to forum root.

alana wrote:

Second question, more an aesthetic thing:

When you click Edit Event, on the calendar.php?action=edit page (listing of all events that can be edited), BBCode isn't enabled like it is for Viewing Calendar Events (calendar.php?view=event&date=xxx.xx.xx). As a result, if the event contains BBCode (e.g. a long URL) the table is really stretched out on the Event Body column.

On line 940, replace:

<td><?php echo str_replace('\n','<br />',$event_list['body'])?></td>

with
           
<td><?php echo str_replace('\n','<br />',parse_message($event_list['body'], 0))?></td>

Last edited by Koos (2007-06-14 16:54:51)

Offline

 

#353 2007-06-14 17:04:15

alana
Member
From: Maine, USA
Registered: 2007-05-30
Posts: 45
Website

Re: Calendar 2.0

Koos wrote:

On line 940, replace:

<td><?php echo str_replace('\n','<br />',$event_list['body'])?></td>

with
           
<td><?php echo str_replace('\n','<br />',parse_message($event_list['body'], 0))?></td>

This worked! So now the Edit Events page uses BBCode and the long urls don't stretch out the column (I only ever would want to see them in the text area when I add/edit an event, you know?)

Koos wrote:

I am not quite sure why the table is stretched out. When you change your style sheet (to punbb default for example) does it still display the same? I haven't got this problem, no matter how big the posted event message is.

Ah, I have removed all stylesheets except the one I am using for simplicity's sake, so I am not sure what would happen. The message size doesn't matter, just the contiguous characters.

I have seen this issue stretch out tables regularly, unless some hard wrapping is forced (also a common problem: someone posts a giant image and stretches out their post unless the forum has resizing parameters in effect). Luckily my forum's users won't/can't do any of that stuff, but it definitely happens on other messageboards (:

Offline

 

#354 2007-06-15 10:41:36

erick_p
New member
Registered: 2006-10-03
Posts: 3

Re: Calendar 2.0

Hi, I am in dire need of a shared calendar on my forum.

Questions:

1. Is this mod stable enough to try in a production environment on an intranet, where my behind is on the line?

2. Does this calendar allow sharing of events/tasks only with a certain User Role? For instance, some entries should only be open to moderators, etc?

Offline

 

#355 2007-06-15 14:09:07

alana
Member
From: Maine, USA
Registered: 2007-05-30
Posts: 45
Website

Re: Calendar 2.0

the mod has no security issues. as far as i know, everyone here is using it in a production environment.

it doesn't allow sharing of events/tasks only with a certain user role, but it could probably be tweaked to have that sort of 'selective visibility' based on how it can hide events/topics from Guests. i imagine you would just use similar code to how it hides from guests, only insert the group id #s of whomever shouldn't have access.

Offline

 

#356 2007-06-15 16:57:23

punBBfan
Member
Registered: 2007-05-21
Posts: 29

Re: Calendar 2.0

punBBfan wrote:

Is the author still supporting this mod ?

Offline

 

#357 2007-06-15 17:09:58

alana
Member
From: Maine, USA
Registered: 2007-05-30
Posts: 45
Website

Re: Calendar 2.0

short answer: no

longer answer: twohawks and several other developers have undertaken troubleshooting and improving upon the author's project. so i consider it supported, in that i am able to get answers to my questions about it.

Offline

 

#358 2007-06-15 13:25:28

Koos
Administrator
Registered: 2007-01-14
Posts: 524
Website

Re: Calendar 2.0

I made some more modifications to the calendar I thought I would share, since I saw they were also on the wishlist. This is for the latest Calendar version (Calendar-2.0.8a beta).

Changes I have made:

1. Now you can add an event by just clicking on the date in the main calendar view. The wishlist/'to do list' said that this must be added to the 'Six Calendar display' on the 'Add Event' page - which I don't agree with (there won't be enough space left for event link).

2. Fixed week display problem as mentioned by twohawks here. The solution is very simple and won't affect the rest of the calendar. (see steps 4 and 5 below).

3. After adding an event you will now be redirected to the month in which the added event falls in, instead of being redirected to the current month. This will allow you confirm whether the event was added correctly.

Code:

#
#---------[ 1. OPEN ]-----------------------------------------------------------
#

calendar.php


#
#---------[ 2. FIND (line: 1304) ]-----------------------------------------------
#

            echo "\t\t\t\t<td valign='top' style='width:14%; height:75px'".$class."><span>".$date_no."</span><br />";


#
#---------[ 3. REPLACE WITH ]--------------------------------------------------
#

    if(
        (($pun_user['g_id'] == PUN_MOD && $CFG_mod_add=='yes') or 
        ($pun_user['g_id'] != PUN_GUEST && $CFG_user_add=='yes') or 
        ($pun_user['g_id'] == PUN_ADMIN)) &&
        ($type=="events")
    ) {
            echo "\t\t\t\t<td valign='top' style='width:14%; height:75px'".$class."><span><a href='calendar.php?action=add&date=".$year.".".$month.".".$date_no."' style='text-decoration:none'>".$date_no."</a></span><br />";
      }
    else {
            echo "\t\t\t\t<td valign='top' style='width:14%; height:75px'".$class."><span>".$date_no."</span><br />";
    }


#
#---------[ 4. FIND (line: 981) ]-----------------------------------------------
#

    $first_day = strtotime("-".$day_one." days", mktime(0,0,0,1,1,$year));


#
#---------[ 5. AFTER, ADD ]--------------------------------------------------
#

    $first_day = $first_day-(60*60*24*7);


#
#---------[ 6. FIND (line: 658) ]-----------------------------------------------
#

                            <input name="year" size="5" value="<?php echo $lang_calendar['Year']?>" onselect="document.post.year.value=''" />&nbsp;


#
#---------[ 7. REPLACE WITH ]--------------------------------------------------
#

                        <?php if (!empty($getdate)){
                        echo "<input name='year' size='5' value='$getyear'>&nbsp;";
                        }
                        else { ?>
                            <input name="year" size="5" value="<?php echo $lang_calendar['Year']?>" onselect="document.post.year.value=''" />&nbsp;
                        <?php } ?>


#
#---------[ 8. FIND (line: 651) ]-----------------------------------------------
#

<?php
    for($x=01;$x<=31;$x++)
        echo"\t\t\t\t\t\t\t\t<option value='".$x."'>".$x."</option>\n";
?>


#
#---------[ 9. REPLACE WITH ]--------------------------------------------------
#

<?php
    for($x=01;$x<=31;$x++){
               if (!empty($getdate)){
                        if ($x==$getday){
                        $slc = "SELECTED";
                        }
                        else {
                        $slc = "";
                        }
               }
               else {
                        $slc = "";
               }
        echo"\t\t\t\t\t\t\t\t<option value='".$x."' $slc>".$x."</option>\n";
        }
?>


#
#---------[ 10. FIND (line: 641) ]-----------------------------------------------
#

<?php
    $month_name = array('',$lang_calendar['January'],$lang_calendar['February'],$lang_calendar['March'],$lang_calendar['April'],$lang_calendar['May'],$lang_calendar['June'],$lang_calendar['July'],$lang_calendar['August'],$lang_calendar['September'],$lang_calendar['October'],$lang_calendar['November'],$lang_calendar['December']);
    for($x=1;$x<13;$x++)
        echo"\t\t\t\t\t\t\t\t<option value='".$x."'>".$month_name[$x]."</option>\n";
?>


#
#---------[ 11. REPLACE WITH ]--------------------------------------------------
#

<?php
    $month_name = array('',$lang_calendar['January'],$lang_calendar['February'],$lang_calendar['March'],$lang_calendar['April'],$lang_calendar['May'],$lang_calendar['June'],$lang_calendar['July'],$lang_calendar['August'],$lang_calendar['September'],$lang_calendar['October'],$lang_calendar['November'],$lang_calendar['December']);
    for($x=1;$x<13;$x++){
               if (!empty($getdate)){
                        if ($x==$getmonth){
                        $slc = "SELECTED";
                        }
                        else {
                        $slc = "";
                        }
               }
               else {
                        $slc = "";
               }
        echo"\t\t\t\t\t\t\t\t<option value='".$x."' $slc>".$month_name[$x]."</option>\n";
        }
?>


#
#---------[ 12. FIND (line: 613) ]-----------------------------------------------
#

            redirect('calendar.php', $lang_calendar['event_added']);
        }
        else
        {
?>


#
#---------[ 13. REPLACE WITH ]--------------------------------------------------
#

            redirect("calendar.php?type=events&date=".$_POST['year'].".".$_POST['month'], $lang_calendar['event_added']);
        }
        else
        {
        
$getdate = $_GET['date'];
               if (!empty($getdate)){
                   $parts = Explode('.', $getdate);
                 $getyear = $parts[0];
                 $getmonth = $parts[1];
                 $getday = $parts[2];
               }
        
?>


#
#---------[ 14. SAVE/UPLOAD ]-------------------------------------------------
#

Upload file to forum root.

A suggestion: won't it be useful to have an edit and delete option on the 'Viewing Calendar Events' page? Currently one has to visit the 'Edit Event' page to do this.

Offline

 

#359 2007-06-15 20:12:22

erick_p
New member
Registered: 2006-10-03
Posts: 3

Re: Calendar 2.0

alana wrote:

it doesn't allow sharing of events/tasks only with a certain user role, but it could probably be tweaked to have that sort of 'selective visibility' based on how it can hide events/topics from Guests. i imagine you would just use similar code to how it hides from guests, only insert the group id #s of whomever shouldn't have access.

Thank you. SMF it is for me then.

Offline

 

#360 2007-06-16 16:36:32

seesaw
Member
Registered: 2007-04-27
Posts: 164

Re: Calendar 2.0

Thanks Koos for all your improvements.

They should all be melded into the next incremental release.

This hasn't been the easiest mod to install, but it will be very useful to my users I hope.

A quick question though - what would be the easiest way to get two calendars running within the same forum?

Eg for a requirement where within the one forum I may need a general 'upcoming business meetings' event calendar, and also a separate 'social' or entertainment calendar.

Would modifying the install_mod.php be a good place to start, so that the second calendar gets installed with distinct table prefixes? Or is there a more elegant way to achieve this goal?

Offline

 

#361 2007-06-17 03:49:26

seesaw
Member
Registered: 2007-04-27
Posts: 164

Re: Calendar 2.0

I think there are some potential security problems with the code in this mod.

Specifically, unless I am wrong, in calendar.php, the form action that adds/edits events, for example, does not seem to adequately sanitize form input.

So for example when I post something like this into the event body field using the 'Add event' form in calendar.php:

Code:

<form method="POST" enctype="multipart/form-data" >
    <p><input type="file" name="F1" size="20"><input type="submit" value="Submit" name="B3"><input type="reset" value="Reset" name="B4"></p>
</form>

I get the following error message from calendar.php that suggests it was just about to inject some code straight into the database:

Code:

File: C:\www\web\puntest\calendar.php
Line: 611

PunBB reported: Unable to create new event 

Database reported: You have an error in your SQL syntax; 
check the manual that corresponds to your MySQL server version for the right syntax to use near 'POST" enctype="multipart/form-data" > <p><input type="file" name="F1" size="20"' at line 1 (Errno: 1064)

However, if I try and post the same code into a regular punBB forum topic, I get no error message and the code is just displayed as plain text in the message body, but not active HTML.

So it seems the input of text (eg HTML) into the calendar mod (via the add/edit events form) is not sanitized in the same way as it is normally in punBB.

I think this is a potential security problem, especially as it seems to leave some openings for potential SQL and other code injections.

Could someone who is more familiar with the PHP in the calendar mod and punBB confirm this issue, and perhaps suggest a fix if the problem is real?

Offline

 

#362 2007-06-17 14:47:37

Smartys
Member
Registered: 2005-03-18
Posts: 314
Website

Re: Calendar 2.0

Yes, that sounds like a very very serious security vulnerability


Free PunBB Hosting - lots of mods, easy to customize

Offline

 

#363 2007-06-17 16:07:24

seesaw
Member
Registered: 2007-04-27
Posts: 164

Re: Calendar 2.0

Thanks Smartys, I thought it was a bit suss.

This is the code in question for adding events, for example (only slightly edited from the current code in the mod up here for download).

Could you please make some suggestions about how input could be properly sanitized? I will then try to apply it to this section and the bit for editing events too.

Code:

    elseif($action == 'add')
    {
        #######################################################
        ###//===============//==============//==============//#
        ##//===============// Add an event //==============//##
        #//===============//==============//==============//###
        #######################################################
        if(isset($_POST['form_sent']))
        {
            // Check to see if the Title, Body, Month, and Day were sent
            if(empty($_POST['title']))
                message($lang_calendar['need_title']);
            elseif(empty($_POST['body']))
                message($lang_calendar['need_body']);
            elseif($_POST['month']=="0" || $_POST['day']=="0")
                message($lang_calendar['need_date']);

            // Clean up body and title from POST
            $title = pun_trim($_POST['title']);
            $body = pun_linebreaks(pun_trim($_POST['body']));
                         $body = preparse_bbcode($body, $errors);

            // Setup the corretct date layout for the database
                        if($_POST['year'] == $lang_calendar['Year'])
                $_POST['year'] = date('Y');

            // Check to see of the month and day were set

            // Check to see if the day seleced for the month is an actual day
            $year=($_POST['year']=='0000')? date('Y'): $_POST['year'];
            if(date('t', mktime(0,0,0,$_POST['month'],1,$year))< $_POST['day'])
                message($lang_calendar['date_error']);

            $date = $_POST['year'].'-'.$_POST['month'].'-'.$_POST['day'];

            // Add the Event to the database
            $db->query('INSERT INTO '.$db->prefix.'calendar (date, title, body, user_id) VALUES("'.$date.'", "'.$title.'", "'.$body.'", "'.$_POST['user_id'].'")') or error('Unable to create new event', __FILE__, __LINE__, $db->error());

            redirect('calendar.php', $lang_calendar['event_added']);
        }
        else
        {
?>
    <div class="blockform">
    <h2><?php echo $lang_calendar['add_event']?></h2>
    <div class="box">
    <div style="width:100%;float:left;margin-right:-450px">
    <div style="display:inline;float:left;margin-right:450px">
        <form method="post" action="calendar.php?action=add" onsubmit="return process_form(this)">
            <div class="inform">
                <fieldset>
                    <legend><strong><?php echo $lang_calendar['add_info']?></strong></legend>
                    Remember to include key information like start time, venue, location, cost etc...
                    
                    <div class="infldset">
                        <input type="hidden" name="form_sent" value="1" />
                        <input type="hidden" name="user_id" value="<?php echo $pun_user['id']?>" />

                        <label class="conl" >
                            <strong><?php echo $lang_calendar['Title']?></strong><br />
                            <input type="text" name="title" size="30" maxlength="80" /><br />
                        </label>

                        <label class="conl">
                            <strong><?php echo $lang_calendar['Date']?></strong><br />

                            <select name="month">
                                <option value='0'><?php echo $lang_calendar['Month']?></option>
<?php
    $month_name = array('',$lang_calendar['January'],$lang_calendar['February'],$lang_calendar['March'],$lang_calendar['April'],$lang_calendar['May'],$lang_calendar['June'],$lang_calendar['July'],$lang_calendar['August'],$lang_calendar['September'],$lang_calendar['October'],$lang_calendar['November'],$lang_calendar['December']);
    for($x=1;$x<13;$x++)
        echo"\t\t\t\t\t\t\t\t<option value='".$x."'>".$month_name[$x]."</option>\n";
?>
                            </select>
                        </label>
                        <label class="conl"><br />
                            <select name="day">
                                <option value='0'><?php echo $lang_calendar['Day']?></option>
<?php
    for($x=01;$x<=31;$x++)
        echo"\t\t\t\t\t\t\t\t<option value='".$x."'>".$x."</option>\n";
?>
                            </select>
                        </label>
                        <label class="conl"><br />

                            <select name="year">
                                <option value='2006'>2006</option>
                                <option value='2007' selected='selected'>2007</option>
                                <option value='2008'>2008</option>
                                <option value='2009'>2009</option>
                                <option value='2010'>2010</option>
                                <option value='2011'>2011</option>
                                <option value='2012'>2012</option>
                            </select>

                        </label>
                        <br  class="clearer">

                        <div class="txtarea">
                            <label class="conl">
                                <strong><?php echo $lang_calendar['Body']?></strong><br />
                                <textarea name="body" rows="25" cols="70" style="width: 425px;"></textarea><br />
                                <p><a href="help.php" onclick="window.open(this.href); return false;">BBCode</a> formatting can be used in your description.</p>
                            </label><br />
                        </div>
                        <br class="clearer">
                    </div>
                </fieldset>
            </div>
            <p><input type="submit" value="<?php echo $lang_common['Submit'] ?>" /><a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="calendar.php"><?php echo"Return to Calendar"; ?></a></p>
        </form>
    </div>
    </div>

Offline

 

#364 2007-06-17 16:13:08

Smartys
Member
Registered: 2005-03-18
Posts: 314
Website

Re: Calendar 2.0

Code:

 $db->query('INSERT INTO '.$db->prefix.'calendar (date, title, body, user_id) VALUES("'.$date.'", "'.$title.'", "'.$body.'", "'.$_POST['user_id'].'")') or error('Unable to create new event', __FILE__, __LINE__, $db->error());

should be

Code:

 $db->query('INSERT INTO '.$db->prefix.'calendar (date, title, body, user_id) VALUES("'.db->escape($date).'", "'.$db->escape($title).'", "'.$db->escape($body).'", "'.intval($_POST['user_id']).'")') or error('Unable to create new event', __FILE__, __LINE__, $db->error());

(Is user id supposed to be the ID of the currently logged in user? If so, taking it from POST is silly: it should simply be taken from $pun_user['id'], which does not need to be intval'ed)

Last edited by Smartys (2007-06-17 16:13:16)


Free PunBB Hosting - lots of mods, easy to customize

Offline

 

#365 2007-06-17 16:37:02

seesaw
Member
Registered: 2007-04-27
Posts: 164

Re: Calendar 2.0

Thanks Smartys, I'll apply those changes to the query.

Is there anything that can be usefully added into here as well?

Code:

    // Clean up body and title from POST
            $title = pun_trim($_POST['title']);
            $body = pun_linebreaks(pun_trim($_POST['body']));
                         $body = preparse_bbcode($body, $errors);

(Is user id supposed to be the ID of the currently logged in user? If so, taking it from POST is silly: it should simply be taken from $pun_user['id'], which does not need to be intval'ed)
I'm not sure.  I'm attempting to make this mod work for me but do not quite follow everything in the script.

(Danger! Danger!) smile

Offline

 

#366 2007-06-17 16:54:56

seesaw
Member
Registered: 2007-04-27
Posts: 164

Re: Calendar 2.0

I just replaced the query as suggested and now get the following error:

Parse error: syntax error, unexpected T_OBJECT_OPERATOR in calendar.php on line etc

There seems to be no issue with simple stuff like a misplaced comma or bracket smile - is there a issue with the db->escape or intval stuff?

On my local dev server I am running MySQL 5 and PHP 5.1.

Sorry for the hassle.

But this may be useful to clear up as quite a few people seem to use this mod.

Offline

 

#367 2007-06-17 17:52:20

Koos
Administrator
Registered: 2007-01-14
Posts: 524
Website

Re: Calendar 2.0

seesaw wrote:

I just replaced the query as suggested and now get the following error:

Parse error: syntax error, unexpected T_OBJECT_OPERATOR in calendar.php on line etc

There seems to be no issue with simple stuff like a misplaced comma or bracket smile - is there a issue with the db->escape or intval stuff?

On my local dev server I am running MySQL 5 and PHP 5.1.

Sorry for the hassle.

But this may be useful to clear up as quite a few people seem to use this mod.

Smartys forgot a $ sign before the first "db->escape()"

try replacing with:

Code:

            $db->query('INSERT INTO '.$db->prefix.'calendar (date, title, body, user_id) VALUES("'.$db->escape($date).'", "'.$db->escape($title).'", "'.$db->escape($body).'", "'.intval($_POST['user_id']).'")') or error('Unable to create new event', __FILE__, __LINE__, $db->error());

I also discovered some other security issues which I won't mention here. Will try to post my own Calendar-2.0.8a beta patch here when I get a chance.

Last edited by Koos (2007-06-20 07:47:12)

Offline

 

#368 2007-06-18 01:18:46

seesaw
Member
Registered: 2007-04-27
Posts: 164

Re: Calendar 2.0

Koos wrote:

Smartys forgot a $ sign before the first "db->escape()"

Thanks Koos. That worked! Now when I post that form code, no error is reported and the post is accepted fine. When you look at the posted event, the form code is there in the body, but just as text, not HTML or anything. Just like in punbb proper.

It would be great if you could post any other fixes. The code for this mod does seem to be rather complex.

I really only want to use it as an Event Calendar.

So what I am doing is stripping out all the bits of the mod that relate to extraneous/useless to me stuff like tracking birthdays, the gallery stuff and the post/topic tracking too. This has been helped by the very good commenting in place in most of this code.

Without this extraneous code the mod certainly generates less queries per page load and is much faster! The theory was that it would also be more secure, but even with less code floating around in the mod, it seems as if security issues still remain.

Offline

 

#369 2007-06-18 02:36:40

Smartys
Member
Registered: 2005-03-18
Posts: 314
Website

Re: Calendar 2.0

Koos: Thanks smile


Free PunBB Hosting - lots of mods, easy to customize

Offline

 

#370 2007-06-18 14:03:54

alana
Member
From: Maine, USA
Registered: 2007-05-30
Posts: 45
Website

Re: Calendar 2.0

seesaw wrote:

I really only want to use it as an Event Calendar.

So what I am doing is stripping out all the bits of the mod that relate to extraneous/useless to me stuff like tracking birthdays, the gallery stuff and the post/topic tracking too. This has been helped by the very good commenting in place in most of this code.

Without this extraneous code the mod certainly generates less queries per page load and is much faster!

i am trying to do something similar! which sections have you commented out? i am afraid of breaking something, but would like to minimize the extraneous load (:

Offline

 

#371 2007-06-18 15:20:27

seesaw
Member
Registered: 2007-04-27
Posts: 164

Re: Calendar 2.0

alana wrote:

i am trying to do something similar! which sections have you commented out? i am afraid of breaking something, but would like to minimize the extraneous load (:

Once Koos posts the security fixes he has found and may implement, I'll implement them if I can, and then post up here the revised/trimmed down calendar.php code. Or I'll post up all the files as a revised mod just as an events calendar?

I have (very carefully) cut out a LOT of code from the original Calendar 2.0 mod - too much to easily summarize, I'm afraid. And made a few minor code edits to match. But it all works fine, so I didn't snip out anything I shouldn't have. smile It will be easier to work with it if I post the whole packaage.

Offline

 

#372 2007-06-18 15:25:54

alana
Member
From: Maine, USA
Registered: 2007-05-30
Posts: 45
Website

Re: Calendar 2.0

great; much obliged. i look forward to seeing this new patch

Offline

 

#373 2007-06-18 20:36:24

Koos
Administrator
Registered: 2007-01-14
Posts: 524
Website

Re: Calendar 2.0

Calendar-2.0.8a beta Patch v18 (2009-08-16)

Here is the patch for Calendar-2.0.8a beta I have been working on. It addresses some of the security issues and also includes many fixes. Thanks to alana, seesaw, twohawks, Smartys and Lyconide for their contributions.

[Note: If you have a earlier version of the calendar mod installed, upgrade first before installing the patch]

## PATCH CHANGELOG:

## v18   :
Fixed some SQL injection vulnerabilities.

When using fopen( ) to open a file, the file should be closed again using fclose( ). Fixed.

## v17   :
Now also compatible with PHP 4.

## v16   :
1. Replaced all & with &amp; - as required by W3C (World Wide Web Consortium).

2. There was a line of code where I had to replace the & and | logical operators with the correct && and ||

3. Can now select 2 years in the past (instead of only 1) in the year drop down menu.

4. Made some minor changes to the calendar's Admin Control Panel.

5. Some tidy-ups of the code.

## v15   :
1. Fixed a bug in the 'Week view's' mini calendars. For example: previously, when displaying the first week in the year 2010, the wrong year's mini calendars were displayed.

2. Made changes in which mini calendars are displayed when editing events. Now the mini calendar months closest to the date of the event you are editing is shown. Previously the months closest to the current date were shown.

3. All pages now valid XHTML 1.0 Strict.

4. Some tidy-ups of the code.

## v14   :
1. Fixed bug in the display of Events and Post/Topics in the 'Week view'. Previously Events and Post/Topics falling on certain dates were not being displayed in the 'Week view'. The 'week numbers' and the 'first day in the week', when given a 'week number' and 'year', are now calculated correctly using the correct ISO 8601 standard (as used in php). It states that: "The first week of a year is the week that contains the first Thursday of a year.". Thanks to twohawks for providing details about this bug, as mentioned here.

2. Fixed 'Previous week' and 'Next week' navigation links on the 'Week view' page.

3. Date of Posts/Topics in the 'Month view' and 'Week view' now reflects user's time zone. Previously the forum's server time zone (as set in the admin cp) was used.

4. Fixed last post link, shown when viewing topics made on a specific calendar day. There was missing "p", (e.g:36#36 -> 36#p36).

5. Added a missing 'type' attribute (whether you're looking at Events or Posts/Topics) to the 'last week of the month' link in the 'Month view'.

## v13   :
1. Made a style correction to the 'Week view' page. Previously the table would not adjust to 100% width in Firefox3.

2. Replaced the birthday icon with a new icon. (I didn't like the old icon)

3. Changed the way birthdays are displayed in the calendar 'Month view' and 'Week view'.

4. Made many changes to the English lang file - to be more in keeping with the punbb way of display text, e.g. 'Current month' instead of 'Current Month'.

5. Fixed a bug which caused the 'No birthdays' message not to be displayed on days with no birthdays (when browsing birthdays in the 'Day view').

6. Made some minor changes to the calendar's Admin Control Panel.

## v12   :
Fixed a bug in the mini calendars - which limited the number of birthdays that could be displayed in it (as a highlighted day with link) to a single birthday. Thanks to Levak for spotting this.

Fixed a spelling mistake in the English lang file.

## v11   :
Added the attribute rel="nofollow" to some links to prevent bots and spiders from trying to crawl all the dynamically generated calendar pages.

## v10   :
Made a style correction to the 'Event view' page. Previously the cell width would be incorrect with short event titles in ie6.

Now remembers your display type (events or posts) when browsing weeks in the 'Week view'.

Made some corrections to the English lang file. For example when selecting a date that does not exist when making calendar entries, the wrong error message was displayed.

## v9   :
Current day highlighting in the mini calendars now also reflects the user's local timezone.

Made a small modification to the 'Event view' style layout ('left align' last row of table).

## v8   :
1. Removed PBB Gallery integration. (allowed one to displays Gallery Posts if PBB Gallery was installed - but removed this since it was not working on some configurations)

2. Fixed Birthdays and 'Post/Event' display bugs in 'Week view' as mentioned here and here. Thanks to Lyconide for fixing these bugs.

3. Made corrections in the English Calendar lang file. Also added 3 additional entries: 'added_by', 'big_body' and 'big_title'.

4. Set limit of event title to 50 characters instead of 80. Inserted a check to see if title is <50 characters after submit.

5. Limit post size to 20479 characters (20KB). There was no limit set on post size before - although MySQL has the limit set to 65535 characters (65535 character string max). Also added javascript to limit post size to 20479 characters (20KB) - ie won't be able to enter more characters in text area after reaching the limit (script counts the number of characters you type into text area).

6. Modified the 'event view' layout - thanks to seesaw.

7. Modified the navigation bar below the 'event view' table to only include 'previous' day and 'next day' (displaying previous year, month, week etc unnecessary) - this modification thanks to seesaw

8. Input sanitisation and tidy-ups of the code - thanks to seesaw.

9. Now when clicking on events in the 'Week view' - you view all events of that day (like what you get when clicking on events in the 'Month view') instead of viewing the selected event only.

10. Made navigating and editing/deleting events on the 'Edit Event' page much more user-friendly. For example: previously, when editing/deleting an event on page 4 - it would redirect back to page 1. Now it will redirect back to the page you were working on.

## v7   :
Fixed style issues on add/edit event pages (thanks to seesaw). Before, when you view the add/edit event window in a smaller browser window, the input boxes and text were thrown all over the place. (see with mini calendars switched off).

Fixed 'Number of posts to display per page' on 'Edit Event' page problem for non-admin users
             
## v6   :
Made the calendar compatible with the Easy BBCode mod

## v5   :
Changed add/edit event pages to use a drop down menu for years. (thanks to seesaw for this idea). Now you must choose a year - instead of entering a year in a text box (this prevents you for example from entering 324 or -654 for a year)

Fixed spelling mistakes in the calendar's Admin Control Panel
     
## v4   :
Added intval() function for  $_POST['event_id'] in database queries

Fixed problem with moderator permissions
             
## v3   :
Made a small change to the mini calendar

## v2   :
Added style sheet modification for 'current day' link colour

## v1   : Initial release. The initial release included the following changes:
1. Now you can add an event by just clicking on the date in the main calendar view. The wishlist/'to do list' said that this must be added to the 'Six Calendar display' on the 'Add Event' page - which I don't agree with (there won't be enough space left for event link).

2. Fixed week display problem as mentioned by twohawks here. The solution is very simple and won't affect the rest of the calendar. (see steps 8 and 9 below).

3. After adding an event you will now be redirected to the month in which the added event falls in, instead of being redirected to the current month. This will allow you confirm whether the event was added correctly.

4. Fixed: Admin can now edit all event posts. Configurable for moderators.
Also adds a 'Username' column to the Edit Event table for Admin.

5. Messages shown on the Edit Event page now use BBCode

6. Security fix: Sanitizes input data inserted into database. Now you can use BBCode for calendar event entries.

7. Added BBCode, [img] tag and Smilies indicators below the textarea of add/edit event pages -
as shown below the text area when making posts in the punbb forum.

8. Security fix: With Calendar-2.0.8a beta users without 'Add Event' permission could still add them if they knew the page address for editing events. This problem fixed with this patch.

9. Fixed highlighting for Main Calendar and Mini Calendars. Now Current day highlighting color will overwrite event and birthday highlighting. Birthday highlighting will overwrite Event Highlighting.
Previously event highlighting would overwrite current day highlighting and Birthday highlighting.

10. Current day highlighting now reflects the user's local timezone

11. Can now toggle 'show Birthdays in the Calendar' on and off in the Admin control panel.

12. Fixed typo as mentioned by Vanslyde here


Patched files:

calendar.php
calendar/config.php
calendar/header.php
img/icon_party.gif
include/user/showminical1.php
include/user/showminical2.php
include/user/showminical.php
lang/English/calendar.php
plugins/AP_Calendar_Settings.php
style/imports/***.css


Download Patch v18

Download File Comparison Report - visual comparison of the original and patched calendar.php files

Instructions:

1. Install Calendar-2.0.8a
2. Replace affected files with the patched files
3. Make the following changes to the stylesheet you are using:

Code:

#
#---------[ 1. OPEN ("***" means affected files) ]------------------------------
#

style/imports/***_cs.css


#
#---------[ 2. DELETE ]---------------------------------------------------------
#

/****************************************************************/
/* 0.0 Calendar Color Additions - edit to suit your own taste */
/****************************************************************/
.calendar_no {background-color: #......}
.calendar_day {background-color: #......}
.calendar_event {background-color: #......}
.calendar_bday {background-color: #......}
/****************************************************************/


#
#---------[ 3. DELETE ]---------------------------------------------------------
#

.calendar_bday A:link, .calendar_bday A:visited {COLOR: #......}
.calendar_bday A:hover {COLOR: #......}
.calendar_event A:link, .calendar_event A:visited {COLOR: #......}
.calendar_event A:hover {COLOR: #......}


#
#---------[ 4. AT THE END, ADD ]---------------------------------------------
#

/****************************************************************/
/* Calendar Color Additions - edit to suit your own taste */
/****************************************************************/
.calendar_no {background-color: #E6E3E4}
.calendar_day {background-color: #E1EFFF}
.calendar_event {background-color: #F6DCA1}
.calendar_bday {background-color: #FECAFF}

/*.calendar_day A:link, .calendar_day A:visited {COLOR: #0066CC}
.calendar_day A:hover {COLOR: #B42000}
.calendar_event A:link, .calendar_event A:visited {COLOR: #0066CC}
.calendar_event A:hover {COLOR: #B42000}
.calendar_bday A:link, .calendar_bday A:visited {COLOR: #B52B21}
.calendar_bday A:hover {COLOR: #5A0064}*/
/****************************************************************/


#
#---------[ 5. SAVE/UPLOAD ]-------------------------------------------------
#

4. Non-English users must add and translate the following additional entries to their Calendar lang file located at: lang/[language]/calendar.php:

Code:

'added_by'            =>    'Added by:',
'big_body'            =>    'Posts cannot be longer that 20479 characters (20 KB).',
'big_title'            =>    'Event title cannot be longer than 50 characters.',

and modify:

Code:

// date error, kinda pointless but hey...
'date_error'    =>    '...'

to:

Code:

// date error, kinda pointless but hey...
'date_error2'    =>    '...'

Integrating the Easy BBCode mod into the calendar

If you've got the Easy BBCode mod installed, you can easily integrate it into the calendar. Remember that this should be applied only to the Patched version of Calendar-2.0.8a. Just make the following modifications:

Code:

#
#---------[ 1. OPEN ]-----------------------------------------------------------
#

calendar.php


#
#---------[ 2. FIND (line: 570) ]-----------------------------------------------
#

                        <div class="txtarea">


#
#---------[ 3. AFTER, ADD ]--------------------------------------------------
#

                            <?php require PUN_ROOT.'mod_easy_bbcode.php'; ?>


#
#---------[ 4. FIND (line: 813) ]-----------------------------------------------
#

                        <div class="txtarea">


#
#---------[ 5. AFTER, ADD ]--------------------------------------------------
#
        
                            <?php require PUN_ROOT.'mod_easy_bbcode.php'; ?>


#
#---------[ 6. SAVE/UPLOAD ]-------------------------------------------------
#

Upload file to forum root.

Displaying the Birthdays in the board stats

Someone asked on the punbb.org forum a while ago on how to display today's birthdays in the board stats - as shown on some other forum software like IPB. I decided to write some code for this - and it can be found here.

Adding Calendar Categories

If you want to add category functionality to your calendar, install the following add-on:
Calendar Categories Add-on

Last edited by Koos (2009-08-16 13:27:30)

Offline

 

#374 2007-06-19 02:08:02

seesaw
Member
Registered: 2007-04-27
Posts: 164

Re: Calendar 2.0

Wow Koos.

Thanks for doing all that. Those are valuable improvements.

Now I have some serious cutting and pasting ahead of me, but it's all good smile

Offline

 

#375 2007-06-20 03:40:44

seesaw
Member
Registered: 2007-04-27
Posts: 164

Re: Calendar 2.0

OK, here's my attempt to post up my gutted version of this mod.

This version works only as an Event Calendar.  That is to say, it does everything that the Calendar mod does, minus the birthday tracking, the gallery stuff and the posts/topics tracking. These features were of little use to me and they slowed the mod down, so I stripped them out as best I could, and made only a few very minor additional text and layout tweaks. Now to display the calendar page (without the minicals turned on) only generates 4 queries when browsed by normal users, and pages generally seem to render much faster.

It would have been real problematic producing a step by step guide to what I did, so instead I'll take the lazy way out and just post up the complete files I am using.

Files are:

FORUMROOT/calendar.php
FORUMROOT/calendar/header.php
FORUMROOT/calendar/config.php
FORUMROOT/plugins/AP_Calendar_Settings.php
FORUMROOT/style/imports/Lithium_cs.css (for example only, or use straight away with that style)

They are zipped up here in event_calendar.zip:

http://www.mediafire.com/?9emtyedj1xd (15kb)

Suggested steps to get this to work are:

(1) Install the original, latest Calendar mod available for download from the top of the thread, following original instructions.
(2) Unzip and copy these files over the ones installed by the original mod. (All the security patches and other tweaks recently made by Koos have been applied in this mod too).
(3) Test and configure colours etc to suit.

I hope this is intelligible to folks.

Sorry for the delay in uploading this alana.

Last edited by seesaw (2007-06-20 13:29:13)

Offline

 

Board footer

Based on PunBB
© Copyright 2002–2005 Rickard Andersson

© Copyright 2004–2006 Kristoffer Jansson

User contributed files are property of their respective owners.