Jscalender module come with Jstools package in drupal 5 you can download drupal jstools package from the drupal.org site.Jscalender uses the jsCalendar javascript library, like using a special CSS class called via #attribute in the form element array to convert textfields into jcalendar enabled.

The jcalendar module uses hook_form_alter() to look for textfields with the add-jcalendar class, I had to use something different than jcalendar which is used later on the generated form elements by the jQuery code.

This is a sample of how to enable jcalendar from one of your textfields once you’ve installed the module:

To include a jscalendar popup with a textfield, just add the class ‘jscalendar’:(from readme.txt)

$form['date'] = array(
‘#type’ => ‘textfield’,
‘#attributes’ => array(‘class’ => ‘jscalendar’),
);

To change the default display and functionality of the calendar, set startup
parameters by adding selectors to your element. The three configurable options
are ‘ifFormat’ (the format of the date/time written to the text field),
‘showsTime’ (boolean: should time be displayed on the calendar), and
‘timeFormat’ (values of ’12′ for 12-hour clock, which is the default, or ’24′
for 24-hour clock).

Example:
$form['date'] = array(
‘#type’ => ‘textfield’,
‘#attributes’ => array(‘class’ => ‘jscalendar’),
// Use only year, month, and day in textfield.
‘#jscalendar_ifFormat’ => ‘%Y-%m-%d’,
// Don’t show time.
‘#jscalendar_showsTime’ => ‘false’,
// Show 24-hour clock.
‘#jscalendar_timeFormat’ => ’24′,
);

$form['firstdate'] = array(
‘#type’ => ‘textfield’,
‘#title’ => ‘The first date’,
‘#default_value’ => ’2007-09-29′,
‘#weight’ => -20,
‘#attributes’ => array(‘class’ => ‘add-jscalendar’),
‘#description’ => t(‘YYYY-MM-DD’),
);

The #jcalendar_year_range custom property allows you to provide a range of years, look at the associative array $years, to show in the calendar. If the property is not passed jcalendar.module defaults to the current year plus 20.

#jcalendar_plot_dates, which is not working yet, should allow passing an array of dates to the calendar to plot. I’m not sure if this should be the job of the Drupal module or jCalendar’s jQuery code.

This first version of jcalendar.module works, it converts your textfield to three select boxes, day, month, year, and a nice table based date picker, easy to theme via CSS, and once you have the right date you can do whatever you want with it. The original textfield is removed later so your form validation and processing functions should consider if jcalendar is enabled (a simple if (module_exists(‘jcalendar’))) to handle form elements in a different way.

Tags: Hacking, Javascript, Jquery, Programming, Scripting by Inder Singh
No Comments »

A Mysql injection is attack tried by site visitors/users to get/damage data in databases by taking benefit from poor programming of websites.An injection attack occurs when a visitor to your site types something into a form input with the purpose of changing the outcome of your MySQL query. For example, at a login screen someone may try this type of attack to gain access to a secure area of the website.

If your query to check the username and password entered by the user was this:

“SELECT * FROM users WHERE username = ‘”.$_POST['username'].”‘ AND password = ‘”.$_POST['password'].”‘”

Someone could login by using any username and for the password they would type ‘ OR ”=” which would be placed into your MySQL query changing it to be:

“SELECT * FROM users WHERE username = ‘anyuser’ AND password = ” OR ”=””

As you can see, MySQL injection attacks can be pretty serious depending on the information the person has access to once they are logged in. It is very important for you to secure your site against injection attacks. Luckily, PHP can aid you in preventing injection attacks.

MySQL will then return all the rows in the table and then, depending on your script’s logic, you will probably log them in because there was a match. Now, in most cases, people have magic_quotes_gpc turned on (it’s the PHP default) which will add backslashes to escape all ‘ (single-quote), ” (double quote), (backslash) and NULL characters. This is not foolproof though because there are other characters that should be escaped to be safe.

Preventing Mysql/PHP injections:-

There are php mysql functions to prevent such type of things:
into your queries. One of The function is mysql_real_escape_string().

use Like :- $value = "'" . mysql_real_escape_string($value) . "'";

For integer values dont forgot to use intval() function

Tags: CMS(Content management System), Drupal, Hacking, Linux, Mysql, Mysql injection, PHP, Programming, Programming Technologies, RDBMS/DBMS SQL, Web technologies by Inder Singh
No Comments »