1
culex
I finished Onair Module 1.0 (i hope finished)
  • 2009/6/6 16:18

  • culex

  • Module Developer

  • Posts: 711

  • Since: 2004/9/23


Hey there all..

I have just finished my update of the first module (an so far only) module I wrote for Xoops.

Previously I called it Culex Dj Rotator, but I renamed it "onair" - my fingers got tired to write the long name.

Still I know I am no expert in programming so my code is probably not worldclass but as far as I can see they work.

Here is the info as I just quick wrote on my website about the module

Quote:
An updated version of my first script Culex Dj rotator, now named only Onair. I have cleaned up my code and most are rewritten to match the XOOPS standards. This module is originally written to use with radio, to show who is online (picture, start & end, name, title of show & what song is playing) & who is on next with same details. Use this as a banner rotator, to show your schedule, movies in tv or what ever you want to show on your frontpage on a timed basis. Also I added the ability to link on to a more detailed description of the event as well as the ability to add dated playlists.


However I havent released it yet as I wanted to see what you'd thought about it, any major mistakes or something else I skipped

Download the zipp here


Keeping my fingers crossed :) :)
Programming is like sex:
One mistake and you have to support it for the rest of your life.

2
trabis
Re: I finished Onair Module 1.0 (i hope finished)
  • 2009/6/6 21:23

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


Hi culex, thanks for this module.
I downloaded it, I did not installed it but I took a quick look at the code and I noticed some things:

- functions are not prefixed, you should prefix functions with he module name to avoid namespace collisions and consecutive blank pages. Example: function showextinfo($oa_id) should be function onair_showextinfo($oa_id) or even function onair_showExtInfo($oa_id)

- you are using input from users directly into sql statements. This will get any site using this module vulnerable to exploitation with SQL injection.
this is a bad pratice:
$oa_id $_GET['oa_id'];
    
$query 'SELECT * FROM '.$xoopsDB->prefix('oa_program').' WHERE oa_id='.$oa_id.'';


Use $xoopsDB->quoteString(), intval() or $myts->addSlashes() to clean/addslashes/quote values used is sql queries

$oa_id $_GET['oa_id'];
    
$query 'SELECT * FROM '.$xoopsDB->prefix('oa_program').' WHERE oa_id='.intval($oa_id).'';


$myts =& MyTextSanitizer::getInstance();
$query 'SELECT * FROM '.$xoopsDB->prefix('oa_program').' WHERE oa_name LIKE '.$myts->addSlashes("%{$oa_name}%").'' ORDER BY oa_day,oa_start ASC';


Note: this code boxes above are not displaying correctly \' :(

3
culex
Re: I finished Onair Module 1.0 (i hope finished)
  • 2009/6/6 21:34

  • culex

  • Module Developer

  • Posts: 711

  • Since: 2004/9/23


Ah yes, of course your right... All these number one on my todo list as well as the commenting etc etc..

:)
Programming is like sex:
One mistake and you have to support it for the rest of your life.

4
culex
Re: I finished Onair Module 1.0 (i hope finished)
  • 2009/6/7 13:24

  • culex

  • Module Developer

  • Posts: 711

  • Since: 2004/9/23


I have now reprefixed all my functions and sanitized my functions more apropiatly :)

Zip file is updated with the changes + a changelog file
Programming is like sex:
One mistake and you have to support it for the rest of your life.

Login

Who's Online

604 user(s) are online (487 user(s) are browsing Support Forums)


Members: 0


Guests: 604


more...

Donat-O-Meter

Stats
Goal: $15.00
Due Date: Oct 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $15.00
Make donations with PayPal!

Latest GitHub Commits