1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. To combat forum spam, new accounts will need to make at least one (valid) post.
    Otherwise, we will periodically purge all users without posts or that haven't confirmed their account.

Re-written code, works w/ security ON

Discussion in 'General Support' started by revoemag, Dec 11, 2003.

Thread Status:
Not open for further replies.
  1. I have re-written various parts of the code and would like permission to either post it here or give a URL to the updated code.

    I have re-coded certain small parts to allow for register_globals to be OFF and short_open_tags to be OFF.

    Some changes include:
    * $PHP_SELF changed to $_SERVER['PHP_SELF']
    * variables properly initialized prior to use
    * If...else statements using undeclared variables re-written using the ternary ( ? : ) operator. IMHO, this allows for shorter, safer, and easier to understand portions of code.
    * All <? changed to <?php
    * "Command-line" variables initialized from $_GET global array.

    These are all small but significant changes. That should allow this code to work on most (if not all) configurations out-of-the-box.

    Perhaps v4.3 will have these features, but this should hold anyone over until then.

    Some thing I would like to see or add myself is the use of more functions. Certain portions of the code would be better served in a function.

    revoemag4@msn.com
  2. Brian

    Brian EPC Developer Staff Member

    Please see this post regarding the changes in Version 4.3:

    http://calendar.esscripts.com/changeLog.htm

    It will be released very soon and should address the globals problem that occurs with the more secure PHP installations.

    $PHP_SELF is no longer used in Version 4.3.

    Thanks for the suggestion about the <?php in lieu of <?. Although I haven't heard of anyone having a problem with this it would be best for everyone if it's included.

    I'll look into the suggestion about the if...else statements. I've never considered using that syntax before.

    What portions of the code would you make into functions?

    Again, thank you for your suggestions. I look forward to your response. :)
  3. I made the following function (condensed from the event file read in)
    Code:
    /**
     * @return void
     * @param unknown $filename
     * @desc Get events for current month from comma-delimited file
    */
    <?php
    function readEventFile($filename) {
       global $es;
       global $ee;
       global $eTitle;
    
       $es = "";
       $ee = "";
       $eTitle = "";
    
       if (file_exists($filename)) {
          $fp = fopen ($filename,"r");
          while ($datas = fgetcsv($fp, 1000, ",")) {
             $es .= "$datas[0]x";
             $ee .= @$datas[1] ? $datas[1] . "x" : $datas[0] . "x";
             $eTitle .= eregi_replace("\"", "''", @$datas[2]) . "||";
          }
          fclose ($fp);
       }
    } // end readEventFile() function
    ?>
    
    This takes the file you want to process as an argument but sets the global variables $es, $ee, and $eTitle. Also shortens some lines. The same can be done with reading from the db. You would pass it $dbHost, $dbUserLogin, $dbPassword, $dbName instead of reading it from a file. That way the same code can be used for multiple db connections without having to include a different file for each connection.

    Also, I am re-writing the actual display code into a function. I have replaced all of the "echo" statements with "$calDisplay .= ". I can then return the $calDisplay function and "echo" it when I want. This gives me the ability to place the calendar anywhere on the page I like.

    The JavaScript code (for the pop-up event) I broke into a function and echo that in the head of my document. That way the script stays in the head and the calendar stays in the body.



    Also,

    I condensed the following code:
    Code:
          if (!$et[$start]) {$et[$start] = $eTitle[$i];}
       else {$et[$start] = ">> Multiple Events <<";}
    
    to:
    Code:
          $et[$start] = @$et[$start] ? ">> Multiple Events <<" : $eTitle[$i];
    
    I think that this way is a little more understandable and much easier on the eyes.


    Please let me know if I can be of more assistance. I would not mind assisting with the development of the code either. I can help make it object-oriented if you'd like (as a 2nd project) so that people would have an option of using linear or OO.

    After looking for calendar code all over the net, this is some of the best that I've found.

    rev
Thread Status:
Not open for further replies.

Share This Page