[IDEA] Create Calendar Events

[drilonb]

Hello Processwire forum,

A like to know its possible to make something like calendar event for ProcessWire i create one but i need to put Data from other side not from processwire back end,

i am using this code to add it,

This is index.php where data is print demo http://arcadis.sherbimeonline.com/

<?php
mysql_connect("localhost", "root", "password") or die (mysql_error());
echo "Connected to Mysql<br/><hr/>";
mysql_select_db("database_event") or die (mysql_error());
echo"Connected to Database<br/><hr>";
?>
<html>
<head>
<script>
function goLastMonth(month, year){
if(month == 1) {
--year;
month = 13;
}
--month
var monthstring= ""+month+"";
var monthlength = monthstring.length;
if(monthlength <=1){
monthstring = "0" + monthstring;
}
document.location.href ="<?php $_SERVER['PHP_SELF'];?>?month="+monthstring+"&year="+year;
}
function goNextMonth(month, year){
if(month == 12) {
++year;
month = 0;
}
++month
var monthstring= ""+month+"";
var monthlength = monthstring.length;
if(monthlength <=1){
monthstring = "0" + monthstring;
}
document.location.href ="<?php $_SERVER['PHP_SELF'];?>?month="+monthstring+"&year="+year;
}
</script>
<style>
.today{
background-color: #00ff00;
}
.event{
background-color: #FF8080;
}
</style>
</head>
<body>
<?php
if (isset($_GET['day'])){
$day = $_GET['day'];
} else {
$day = date("j");
}
if(isset($_GET['month'])){
$month = $_GET['month'];
} else {
$month = date("n");
}
if(isset($_GET['year'])){
$year = $_GET['year'];
}else{
$year = date("Y");
}
$currentTimeStamp = strtotime( "$day-$month-$year");
$monthName = date("F", $currentTimeStamp);
$numDays = date("t", $currentTimeStamp);
$counter = 0;
?>
<?php
if(isset($_GET['add'])){
$title =$_POST['txttitle'];
$detail =$_POST['txtdetail'];
$eventdate = $month."/".$day."/".$year;
$sqlinsert = "INSERT into eventcalendar(Title,Detail,eventDate,dateAdded) values ('".$title."','".$detail."','".$eventdate."',now())";
$resultinginsert = mysql_query($sqlinsert);
if($resultinginsert ){
echo "Event was successfully Added...";
}else{
echo "Event Failed to be Added....";
}
}
?>

<table border='0'>
<tr>
<td><input style='width:50px;' type='button' value='<'name='previousbutton' onclick ="goLastMonth(<?php echo $month.",".$year?>)"></td>
<td colspan='5'><?php echo $monthName.", ".$year; ?></td>
<td><input style='width:50px;' type='button' value='>'name='nextbutton' onclick ="goNextMonth(<?php echo $month.",".$year?>)"></td>
</tr>
<tr>
<td width='50px'>Sun</td>
<td width='50px'>Mon</td>
<td width='50px'>Tue</td>
<td width='50px'>Wed</td>
<td width='50px'>Thu</td>
<td width='50px'>Fri</td>
<td width='50px'>Sat</td>
</tr>
<?php
echo "<tr>";
for($i = 1; $i < $numDays+1; $i++, $counter++){
$timeStamp = strtotime("$year-$month-$i");
if($i == 1) {
$firstDay = date("w", $timeStamp);
for($j = 0; $j < $firstDay; $j++, $counter++) {
echo "<td> </td>";
}
}
if($counter % 7 == 0) {
echo"</tr><tr>";
}
$monthstring = $month;
$monthlength = strlen($monthstring);
$daystring = $i;
$daylength = strlen($daystring);
if($monthlength <= 1){
$monthstring = "0".$monthstring;
}
if($daylength <=1){
$daystring = "0".$daystring;
}
$todaysDate = date("m/d/Y");
$dateToCompare = $monthstring. '/' . $daystring. '/' . $year;
echo "<td align='center' ";
if ($todaysDate == $dateToCompare){
echo "class ='today'";
} else{
$sqlCount = "select * from eventcalendar where eventDate='".$dateToCompare."'";
$noOfEvent = mysql_num_rows(mysql_query($sqlCount));
if($noOfEvent >= 1){
echo "class='event'";
}
}
echo "><a href='".$_SERVER['PHP_SELF']."?month=".$monthstring."&day=".$daystring."&year=".$year."&v=true'>".$i."</a></td>";
}
echo "</tr>";
?>
</table>
<?php
if(isset($_GET['v'])) {
echo "<hr>";
echo "<a href='".$_SERVER['PHP_SELF']."?month=".$month."&day=".$day."&year=".$year."&v=true&f=true'>Add Event</a>";
if(isset($_GET['f'])) {
include("eventform.php");
}
$sqlEvent = "select * FROM eventcalendar where eventDate='".$month."/".$day."/".$year."'";
$resultEvents = mysql_query($sqlEvent);
echo "<hr>";
while ($events = mysql_fetch_array($resultEvents)){
echo "Title: ".$events['Title']."<br>";
echo "Detail: ".$events['Detail']."<br>";
}
}
?>
</body>
</html> 

This is Form to add event

<form name='eventform' method='POST' action="<?php $_SERVER['PHP_SELF']; ?>?month=<?php echo $month;?>&day=<?php echo $day;?>&year=<?php echo $year; ?>&v=true&add=true">
<table width='400px' border='0'>
<tr>
<td width='150px'>Title</td>
<td width='250px'><input type='text' name='txttitle'</td>
</tr>
<tr>
<td width='150px'>Detail</td>
<td width='250px'><textarea name='txtdetail'></textarea></td>
</tr>
<tr>
<td colspan='2' align='center'><input type='submit' name='btnadd' value='Add Event'></td>
</tr>
</table>
</form>

and this is Mysql table

SQL database table
CREATE TABLE `eventcalendar` (
`ID` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,

`Title` VARCHAR( 65 ) NOT NULL ,

`Detail` VARCHAR( 255 ) NOT NULL ,

`eventDate` VARCHAR( 10 ) NOT NULL ,

`dateAdded` DATE NOT NULL
) ENGINE = MYISAM ;

its possible to integrate something like this in processwire or i need to use it manually from other site,

[ryan]

If I had to create a calendar like this, I would just create an 'event' template and give it title, detail and date fields. It would certainly be simpler to develop this in PW than without it. But if I'm understanding you correctly, you don't have that option and you need to work with this existing code and database. Given that, I think you should be able to just copy all this code and paste it into a PW template file (after fixing the security issues). Not sure if this is necessary, but since PW already has a DB connection going on, you probably want to keep a copy of your own DB connection and use it in your calls:

<?php
$mydb = mysql_connect(...); 
/// And then use that in your DB calls, i.e. 
mysql_select_db("database_event", $mydb); 
mysql_query("SELECT ...", $mydb); 

With regard to the security issues, there are both XSS and SQL injection problems here.

XSS in a giant can of worms and you want to keep it closed. You need to make sure that any input from the user is routed through htmlentities() or htmlspecialchars() before it is output, unless you have specifically typecast it as something (like an integer). This includes $_SERVER['PHP_SELF'] which can be considered tainted, and needs to be sanitized in the same way. Though you probably don't need to use PHP_SELF at all, so I would just avoid using it.

To protect against SQL query injection, you need to sanitize and validate your data. If you are expecting something to be an integer, then typecast it to an integer as soon as you get it from GPC (get, post or cookie), i.e.

<?php
if(isset($_GET['month'])){
  $month = (int) $_GET['month']; 
  if($month < 1 || $month > 12) die("Invalid month"); 
} else $month = 1; 

If you are getting a string from GPC (get, post, cookie) input, then there's more to consider. If there is a group of expected values, then make sure the string is literally one of those expected values before using it. i.e.

<?php
$valid = array('Jan', 'Feb', 'Mar', ...); 
$key = array_search($_POST['month'], $valid, true); 
if($key === false) die("Invalid month"); 
$month = $valid[$key]; 

If you are dealing with unknown text, then you'll want to sanitize it as much as possible:  

<?php
$title = substr(strip_tags($_POST['txttitle']), 0, 128); // strip HTML and limit to 128 characters
$title = htmlentities($title, ENT_QUOTES, "UTF-8"); // may or may not want this here, see below
$title = mysql_real_escape_string($title); // sanitize for database query

After the above, SQL injection is not going to be a problem with your $title.

You may or may not want the htmlentities() there. If you don't have it there, then you'll need to know that you may be inserting XSS tainted data into your database, and any time you output that data, it will need to be entity encoded.

I think in your situation it may be a good idea to run the htmlentities() before insertion, but I generally prefer not to keep entity encoded data in the database just because it takes up more space, prevents legitimate HTML, and interferes with fulltext indexing. ProcessWire does not store entity encoded data. But it does take a little more discipline to always treat data in your DB as possibly XSS tainted.

To recap, look at all the $_GET, $_POST and $_SERVER vars in your code and consider them tainted. Do what's necessary to make them safe for database insertion and/or output, depending on the context. And once it's secure, try using this in a PW template.

[drilonb]

Thanks Ryan for correction and alerting for SQL injection. but i am not using it now, i like to know best whey to create calendar event i don't like to use 2 DB i will use only PW DB for this i create a 'event' template and 'fields' before but only the problem is to show calendar format and dates in the page when i have any event to make date hover and when i click on it to send me to the event, this is my problem for now ,

if is not possible or need time to make it, it's not a problem you can leave it i will found any solution for this or i will try to fix it other whey.

thanks for all support and i m sorry for taking your time.

[ryan]

I misunderstood before that you actually want to re-create this in PW. I think that makes sense to do it, and it should be straightforward to setup your event template and add fields to it. I would keep all your events under the same parent and just set the default sort to be reverse chronological on your date field, and select from them based on that same date field. For example, to retrieve all events in July, 2011 you'd so something like the following. We'll assume you have a field called 'date' that hold's the events date:

<?php
$start = strtotime("2011-07-01 00:00:00"); 
$end = strtotime("2011-08-01 00:00:00"); 
$events = $pages->find("template=event, date>=$start, date<$end, sort=date"); 

You'll also want to draw a calendar using an HTML table. To do this, you'll need to know the number of days in the month. There's a lot of examples out there on how you might do this with PHP. So I won't attempt to redo it here, but will say that as you are drawing those rows and columns for the days, you'll want to check if any of them matches the date you found in your $events for the month (like above), so that you can highlight the individual cell as having an event in it.