Basic PHP Scripts Support Site

Re: Unable to select database

mevin — Mon, 02 Apr 2012 11:01:33 -0700

Well, at minimum, you're going to also need the username. If you're using WAMP the username is usually "root" and you can leave the password blank. But most systems also require a password.

What kind of development evironment are you using? Is this a WAMP, or MAMP setup on your personal computer? Or are you signed up with a host that offers a full Linux package?

Mark

Unable to select database

goravgorg — Mon, 02 Apr 2012 08:45:46 -0700

I setup these :-

// Database info

// Your MySQL host
$dbhost='localhost';

//Your MySQL username
$dbuser='';

//Your MySQL password
$dbpass='';

//Your MySQL database name
$dbname='dbname';

//Maximum number of displayed events
$maxnum='10';

And create database of name "dbname" with no tables in it, but it is showing unable to select database.

Re: RSS Feed

mevin — Tue, 28 Feb 2012 11:58:24 -0700

Sorry, but there is no RSS feed in the current version. I will add that feature to the list of things I may add to the next incarnation.

Thanks,

Mark

RSS Feed

Riverwell — Tue, 28 Feb 2012 11:50:41 -0700

Hello, I have just started using Events Lister and very happy. I searched the help documents and the forum, but didn't find any reference of where to find the RSS Feed. I set it up during initial setup, then confirmed it as the Admin in the Edit SEMConfig. All looked good, but I can't find the feed anywhere in the calendar folder or any subfolders. What am I missing?

Re: Feature Requests

diggles1972 — Thu, 16 Feb 2012 18:25:09 -0700

It would be exceptionally useful, especially as an adminstration reporting tool, if a year planner could be produced from the active events to quickly identify if there are any conflicting events.

This script is absolutely fantastic, easy to install and simple to operate. Also, with a limited php knowledge, it is also easy to configure additional features such as embedding google map code to provide a map of the event location as we have done. We would recommend it to anyone.

Outstanding work Mervin.

Re: Required Location field

mevin — Thu, 06 Oct 2011 12:38:15 -0700

Crap! Of course that won't work. I forgot to close out the previous echo statement.

Change:

if ($location) { echo "Location: $location 
"; }

To this:

";
if ($location) { echo "Location: $location 
"; }

Re: Required Location field

cjswebservices — Thu, 06 Oct 2011 11:27:43 -0700

Great, that took care of the error checking however. I am getting this error on the index.php page

Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /remaining removed for security

Re: Required Location field

mevin — Thu, 06 Oct 2011 10:51:09 -0700

Hi, sorry this took me so long to answer this, but I've been insanely busy.

In validate.js, in the admin folder, just comment out, or delete the following code:


	if (form1.ud_location.value == "")
	{
		alert("Please enter a location");
		form1.ud_location.focus();
		return (false);
	}

Then go into your display file(s) (index.php and event.php) and change this:

Location: $location 
";

To this:

if ($location) { echo "Location: $location 
"; }

That's it. I hope that helps and I wasn't too late.

Mark

Required Location field

cjswebservices — Fri, 30 Sep 2011 13:16:34 -0700

Thanks for the great script.
I am using it for a restaurant so the location is almost always the same. What is needed to remove the required error checking for the location field? I do not want to remove it completely because there could be a event outside of the restaurant.

Re: Filter events

mevin — Wed, 03 Aug 2011 08:54:50 -0700

Sure. Just add an "and" clause to your query. Something like this:

$query="SELECT * FROM events WHERE 
(event = 'name of event') AND
(year >= $current_year AND month > $current_month) 
OR (year >= $current_year AND month = $current_month AND day >= $current_day) 
OR (year_end >= $current_year AND month_end = $current_month AND day_end >= $current_day) 
OR (year > $current_year) 

OR (year_show >= $current_year AND month_show > $current_month)
OR (year_show >= $current_year AND month_show = $current_month AND day_show >= $current_day) 
OR (year_show > $current_year) 
ORDER BY year, month, day LIMIT 0, $maxnum";

Filter events

Tiberian — Wed, 03 Aug 2011 05:41:34 -0700

Hi,

Is it possible to only show events that are using the same name?

For example:
index.php > show all events
page2.php > only show events named 'event2'

Thanks in advance.

Re: Hacked

mevin — Mon, 01 Aug 2011 08:36:32 -0700

Hummm, Have you changed your MySQL password?

Also, any chance I could get access to your server, via FTP? You can send the login to info@mevin.com.

Mark

Re: Hacked

zanteian — Sun, 31 Jul 2011 23:57:35 -0700

A little more information. The hacker changed the dates on many of our events, mostly back to 01/01/2011. There are some times & dates where text has been entered, specifically OT, sometimes followed by other random characters. As time & dates are entered by selection from list, this makes me think that the hacker injected sql into one of the php pages. He certianly managed to insert a script, see the above post.

We got a lot more rubbish in the database since changing the php as you suggested. Looking at the access logs, I could only see my own IP address. I am guessing that the insertions came from within i.e. script in the database. I have been through the database again and removed what I see as rubbish, but there are still some dates with OTxx. Have not acessed the admin for 2 days, only checked the database via MySQL Admin. No more new entries. Maybe the hacker does not work weekends. His IP suggests he is in Azerbajan, part of the old Soviet Union.

Also done a compare of php files on the server against the original download and cannot see any variation apart from my changes to date format.

Re: Hacked

zanteian — Sat, 30 Jul 2011 01:57:48 -0700

Found some more of the hackers work. When viewing all events got a popup with 6 digit number, data entry box and OK & cancel buttons. Looking in the MySQL database found many events with the following (or similar) data

'"()&%1

I am not a programmer, so not sure exactly what this is doing.

Also many records of rubbish seem to have been entered in the db. Also the data and some other fields of existing records has been changed. It looks like a database update has been used as there are so many records and exactly the same text. Would it be possible to inject a database update via an event update?

Re: Hacked

zanteian — Fri, 29 Jul 2011 11:34:49 -0700

Sorry for the confusion. 6 users before patching. No more to date.

Thanks

Ian

Re: Hacked

mevin — Fri, 29 Jul 2011 10:41:58 -0700

So the 6 new users were created after you just patched the file, or before that?

BTW, add_user is a legacy file that you can delete.

Mark

Re: Hacked

zanteian — Fri, 29 Jul 2011 10:10:45 -0700

Thanks for your rapid response.

I just looked at the add_user.php and the code you are telling me to add is already there. I went to this file on my website & I can create a user.
Then I found there are 2 files add_user & user_add. Now fixed user_add & that seems to cure the problem. Have to wait a day or 2 to see if the hacker can get back in.

I have just received the access logs from my host and seems like that is how they got in. Just checked and there are 6 more users that I did not create.

Re: Hacked

mevin — Fri, 29 Jul 2011 08:38:43 -0700

Hi zanteian,

I believe the cause is the user_add.php file in the admin section. I wasn't properly validating that the person adding a user was logged in correctly.

Add this code before the first closing php tag (about line 20) in the user_add.php file:

require_once('common.php');
checkUser();

Let me know if that doesn't fix the problem and sorry about the hassle.

Mark

Hacked

zanteian — Thu, 28 Jul 2011 04:09:20 -0700

Our events page has been hacked. Did not record any details as we wanted to get back up quickly. I did see that the hacker had created a username, which I deleted directly from the database via MySQL Admin. The hacker appeared to have overwritten most of the current events with a hack notice on a black background.

I will install the new reset.php in the hope that that limits the hackers options.

Any other advice about security would be welcome.

Re: time order issue

derwood — Mon, 27 Jun 2011 20:42:00 -0700

On its way. And no problem. Believe me I understand about being busy.

Re: time order issue

mevin — Fri, 24 Jun 2011 13:58:05 -0700

Hi derwood,

Sorry it took me so long to get back to you. Been crazy busy lately.

I can't duplicate your problem for some reason. Can you email me a zipped version of your file set, so I can take a look?

You can send it to info@mevin.com

Thanks,

Mark

Change Date Format from US to UK

Valace — Fri, 24 Jun 2011 03:10:39 -0700

Greetings All,

If your wondering how to change the date format from America to United Kingdom (m/d/yyyy to /d/m/yyyy) here the code

Open /event/Index.php
Search for:

if (($hour_end =='') && ($minute_end =='') && ($ampm_end =='')) { $end_time ='';}
else { $end_time= " - $hour_end:$minute_end $ampm_end"; }

if (($month_end =='') && ($day_end =='') && ($year_end =='')) { $end_date ='';}
else { $end_date= "- $month_end/$day_end/$year_end"; }

// Here is where we actually print out the events.  
echo "
$event

Location: $location 

Date: $month/$day/$year $end_date 


"; 
$i++;
}

Replace with:

if (($hour_end =='') && ($minute_end =='') && ($ampm_end =='')) { $end_time ='';}
else { $end_time= " - $hour_end:$minute_end $ampm_end"; }

if (($day_end =='') && ($month_end =='') && ($year_end =='')) { $end_date ='';}
else { $end_date= "- $day_end/$month_end/$year_end"; }

// Here is where we actually print out the events.  Date: $month/$day/$year $end_date 

echo "
$event

Location: $location 

Date: $day/$month/$year $end_date 


"; 
$i++;
}

NOTE: May sure you create a backup file before trying this - Also this will only change the output display for users view and not the admin area.

Hope it helps :)

time order issue

derwood — Tue, 21 Jun 2011 23:03:28 -0700

I know this is nit-picky but I've tried figuring it out and can't.
Events that are on the same date, but start at 12pm show up after dates that start at 7pm. Is there an easy way to change that order without having to use a 24 hour clock?

Any thoughts or ideas would be appreciated.

I've also modified the index.php a bit. Here's what I have:

$query="SELECT * FROM events WHERE
(year >= $current_year AND month > $current_month)
OR (year >= $current_year AND month = $current_month AND day >= $current_day)
OR (year_end >= $current_year AND month_end = $current_month AND day_end >= $current_day)
OR (year > $current_year)

OR (year_show >= $current_year AND month_show > $current_month)
OR (year_show >= $current_year AND month_show = $current_month AND day_show >= $current_day)
OR (year_show > $current_year)
ORDER BY year, month, day, ampm, hour LIMIT 0, $maxnum";

and

//replaces carriage returns with html line breaks
if ($html =="0") {
$description=preg_replace("/\n/","
", ($description));
}

// removes the first zero from the hour.  We need the zero at first, to keep the numbering in order.
//Of course the number ten needs the zero left in.
if ($hour !="10") {
$hour=preg_replace("/0/","", ($hour));
}

if ($hour_end !="10") {
$hour_end=preg_replace("/0/","", ($hour_end));
}

if (($hour_end =='') && ($minute_end =='') && ($ampm_end =='')) { $end_time ='';}
else { $end_time= " to $hour_end:$minute_end $ampm_end"; }

if (($month_end =='') && ($day_end =='') && ($year_end =='')) { $end_date ='';}
else { $end_date= "to $month_end/$day_end/$year_end"; }

// Here is where we actually print out the events.
$date_string = "$month/$day/$year";
$weekday = date('l', strtotime($date_string));
echo "

$weekday
$month/$day/$year

$hour:$minute $ampm $end_time
$event
$location
$phone
$description
$link_name
";
// looks for the next event id and if it exists, prints it out.
$i++;
}
echo "";

Re: Feature Requests

deerpathco — Wed, 25 May 2011 13:34:30 -0700

I love your script and have used it in several websites.

One valuable and practical feature would be to add a simple "FCK" type editor that would allow users to add and edit text formatting without having to use HTML markup in the text entry itself.
paiac requested something similar (WYSIWYG editor) awhile back.

Also, recurring events function to avoid repetitive entry.

Thanks again for a great script!

Re: Overall Security

mevin — Tue, 03 May 2011 15:53:14 -0700

Well I certainly can't guarantee that your won't get hacked through my script. But I have taken precautions to thwart cross site scripting attacks, SQL injection and other common ways that people gain unauthorized access. In addition passwords are stored with a salted MD5 encryption hash.

One thing that I will be changing in the future is the location of the admin area. New versions will have the ability to specify an admin directory that is not named "admin". In fact, I might make this mandatory. Every hacker in the world looks for the admin directory first, so it's a good idea to change it to something obscure.

In short, the script is reasonably secure, but if you're really worried about your competitors trying to hack your site, I would seriously consider hiring someone build you a custom script. Because, admittedly, a fundamental problem with open source software is that it's, well, OPEN. Therefore anyone can easily dissect the code and hunt for vulnerabilities. I don't say that to scare anyone, only to make people aware of the very real possibilities.

Overall Security

BusyElf — Tue, 03 May 2011 08:17:53 -0700

I am in the process of having my website updated and to include an event scheduler for the internet radio station I work for.
You will be pleased to note that yours was the most suitable for our needs, albeit with modifications to the basic code.
My colleague has installed an adapted copy of your Event Scheduler and continues to work on some of the features it offers, so that it suits our purposes more adequately.
However. he is a little concerned about the overall security of the scheduler,
Can you tell me what measures are in place to protect the data of events, user names and passwords etc.
I'm sure you are aware that Internet radio is becoming more and more popular, as is it's competitiveness therefore security is a high priority in this field.
if you wish to view my website and the scheduler, partly in action, visit [www.busyelf.net]

Re: Partial Description or Excerpts on Page

acorn — Tue, 19 Apr 2011 18:49:00 -0700

Thanks. Though "index" works just fine for my needs sometimes it's nice to have a teaser. I'll stay tuned.

Re: Add Event error

deerpathco — Tue, 19 Apr 2011 13:21:39 -0700

Thanks, that fixed it.

Re: Partial Description or Excerpts on Page

mevin — Tue, 19 Apr 2011 13:10:42 -0700

FYI, I'm working on a way to provide a summary, but in a smart way, so sentences don't get cut off in the middle. I used to have a similar function that worked on another web site a few years back. But when I try to use it on the events lister, it throws an error. Not sure exactly why yet. I'll let you know...

Mark

Re: Add Event error

mevin — Tue, 19 Apr 2011 13:08:21 -0700

Just remove the following line:

if (strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])>7 || !strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST']))
die("Error! Bad Referer ");

It doesn't provide the level of security it once did and it sometimes causes problems, such as in your case.

Thanks,

Mark