Jump to content

Community

Recommended Posts

I'll see what I can reproduce using the same settings, not sure of an ETA though.

Stuart


I have improved the problem myself with the help of my coder. You have some problems with your php coding style: there are 3 files instead of 1 with the floatVal.

To fix this problem and all future problems you may include (I give you free of cost permission.) the following changes to your code.

Files:

/admin/applications_addon/other/membermap/modules_public/membermap/map.php
/admin/applications_addon/other/membermap/modules_public/membermap/facebook.php
/admin/applications_addon/other/membermap/modules_admin/membermap/cmarkers.php

In all this files you should find:

  private function _floatVal($floatString)
    {
        $floatString = floatval($floatString);

        if($floatString)
        {
            $localeInfo = localeconv();
            $floatString = str_replace($localeInfo["thousands_sep"], "", $floatString);
            $floatString = str_replace($localeInfo["decimal_point"], ".", $floatString);
        }
        return $floatString;
    }
	
And replace with:

private function _floatVal($floatString)
    {
        if($floatString)
        {
            $localeInfo = localeconv();
            $floatString = str_replace($localeInfo["mon_thousands_sep"], "", $floatString);
            $floatString = str_replace($localeInfo["mon_decimal_point"], ".", $floatString);
            $floatString = str_replace($localeInfo["thousands_sep"], "", $floatString);
            $floatString = str_replace($localeInfo["decimal_point"], ".", $floatString);
            $floatString = str_replace(' ', "", $floatString);
            $floatString = str_replace('`', "", $floatString);
            $floatString = str_replace(',', ".", $floatString);
        }

        return $floatString;
    }
Recommendations:

It is better to keep lat and lng in the database in float and format this data during the output. There is function nuber_format which more appropriate for this situations.

PS That is why you can not win Russian still :smile:
Link to post
Share on other sites
  • Replies 3.1k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

That is correct. I have thought about making this a paid app many times before, both for the 4.4 and 4.3 version. And the price I'm placing on this now is the same I planned to put on it back then. (I

Days or a week. I've re-structured the main javascript code, so that needs a bit of testing. Unfortunately none of you can beta test this, as I think that would make it impossible for you to purc

I'm sure you are able to export an entire folder as a KML or KMZ file. Most of the files I've tested with contains thousands of markers.  Yes. But I'll have to make quite a few changes in order

Posted Images

Why? Have you looked at the open source alternatives?

In an app I'm developing for a client I threw Google Maps out and rewrote it to LeafletJS. Took me less than an hour to convert it all.

You may ask why you should do that?

1. Open Source.

2. You're not relying on MS.

3. Your code will be lighter.

4. Houndreds or thousands of map providers. The most common ones can be easily added using this plugin.

5. Looks better, IMO.

6. The markercluster implementation is superawesome!

Tried OpenLayers first, but it was way too heavy for my use, and certainly will for this.

Looks good, I'll take a better look at that at some point, What happens with geocoding data though? I didn't see anything straight away that relates to that.

I have improved the problem myself with the help of my coder. You have some problems with your php coding style: there are 3 files instead of 1 with the floatVal.

To fix this problem and all future problems you may include (I give you free of cost permission.) the following changes to your code.

Files:

/admin/applications_addon/other/membermap/modules_public/membermap/map.php
/admin/applications_addon/other/membermap/modules_public/membermap/facebook.php
/admin/applications_addon/other/membermap/modules_admin/membermap/cmarkers.php

In all this files you should find:

  private function _floatVal($floatString)
    {
        $floatString = floatval($floatString);

        if($floatString)
        {
            $localeInfo = localeconv();
            $floatString = str_replace($localeInfo["thousands_sep"], "", $floatString);
            $floatString = str_replace($localeInfo["decimal_point"], ".", $floatString);
        }
        return $floatString;
    }
	
And replace with:

private function _floatVal($floatString)
    {
        if($floatString)
        {
            $localeInfo = localeconv();
            $floatString = str_replace($localeInfo["mon_thousands_sep"], "", $floatString);
            $floatString = str_replace($localeInfo["mon_decimal_point"], ".", $floatString);
            $floatString = str_replace($localeInfo["thousands_sep"], "", $floatString);
            $floatString = str_replace($localeInfo["decimal_point"], ".", $floatString);
            $floatString = str_replace(' ', "", $floatString);
            $floatString = str_replace('`', "", $floatString);
            $floatString = str_replace(',', ".", $floatString);
        }

        return $floatString;
    }
Recommendations:

It is better to keep lat and lng in the database in float and format this data during the output. There is function nuber_format which more appropriate for this situations.

PS That is why you can not win Russian still :smile:

The data isn't being formatted for output, it's being formatted for input. MySQL will truncate data for float columns if it's not in the expected format, which is why you end up with xx.00000 values in the database.

Your code has completely removed the security aspect of the method, to make sure that the value is a floated value. It is the stock floatval() that adds the locale specific seperators, so in removing that it would appear to you that it's fixed but it will increase the chance that your database can be exploited via SQL injection.

p.s. the reason there's more than one definition is that the code was being moved to a centralised place, the old (private) methods just haven't been removed yet.

New bug:

If there is media tag in the custom marker description, all other new added markers will not be displayed on the map.
Example:

 
pJ5kQ.jpg

I'm not greatly suprised that it doesn't work, There is a fix in the code to try and solve these issues (it's due to escaping characters before they're inserted into Javascript), the new way of loading markers in 2.0 should eliminate this.

The project has a bug tracker for tracking bug reports: http://ipb.silvesterwebdesigns.com/tracker/project-2-member-map/

Thanks

Stuart

Link to post
Share on other sites

Looks good, I'll take a better look at that at some point, What happens with geocoding data though? I didn't see anything straight away that relates to that.

If you're thinking about geosearch lookup, there's a plugin for that. https://github.com/smeijer/L.GeoSearch

I haven't tried it, but if it uses the regular Google Geocode API I wouldn't use it. Had to switch to Google Places API to get more (and more accurate) results.

var autocomplete = new google.maps.places.Autocomplete( document.getElementById( 'freesearch' ), { types: ['establishment', 'geocode'] } );
			
			google.maps.event.addListener( autocomplete, 'place_changed', function() 
			{
				item = autocomplete.getPlace();
				
				$( '#freesearch_lat' ).val( item.geometry.location.lat() );
				$( '#freesearch_lng' ).val( item.geometry.location.lng() );
				$( '#freesearch' ).val( item.formatted_address );
			});
Link to post
Share on other sites

Your code has completely removed the security aspect of the method, to make sure that the value is a floated value. It is the stock floatval() that adds the locale specific seperators, so in removing that it would appear to you that it's fixed but it will increase the chance that your database can be exploited via SQL injection.


You should better learn the class "public function compileInsertString( $data )" to be sure that there is no posibility of the sql injection in our fix of your bug.

You are calling:
$this->dB->insert('member_map', array('member_id' => $this->memberData['member_id'],
                                                        'lat' => $this->_floatVal($this->request['lat']),
                                                        'lon' => $this->_floatVal($this->request['lon'])));
There is function call during the insert:

$this->compileInsertString(

in which there is:

 if ( $add_slashes )
   {
    $v = $this->addSlashes( $v );
   }
And addSlashes is called in mysql_real_escape_string which is preventing the sql injection.


You are calling:

$this->dB->insert('member_map', array('member_id' => $this->memberData['member_id'],
                                                        'lat' => $this->_floatVal($this->request['lat']),
                                                        'lon' => $this->_floatVal($this->request['lon'])));

in classDbMySql.php prepeare data:

public function insert( $table, $set, $shutdown=false )
 {
     //-----------------------------------------
     // Form query
     //-----------------------------------------

     $dba   = $this->compileInsertString( $set );
Go to classDb.php and you can see:


foreach( $data as $k => $v )
  {
   $add_slashes = 1;
   
   if ( $this->manual_addslashes )
   {
    $add_slashes = 0;
   }
   
   if ( !empty($this->no_escape_fields[ $k ]) )
   {
    $add_slashes = 0;
   }
   
   if ( $add_slashes )
   {
    $v = $this->addSlashes( $v );
}

Go to classDbMysqlClient.php and you can see:

Return ValuesReturns the escaped string, or FALSE on error.


So where do you see the posibility of SQL injection?!




About mysql data types:Mysql has many types for store digits. You should use DECIMAL(11, 8) to store lat & lng.


PS. Russians are still better ;)

Link to post
Share on other sites

The project has a bug tracker for tracking bug reports: http://ipb.silvesterwebdesigns.com/tracker/project-2-member-map/


I am pretty sure that I do not have time to develop your project by visiting your resource. I am sure you can copy/paste bug reports to your site from here and then do the same for the bug fixes.

Anyway thank you for your addon. I am using it.

Link to post
Share on other sites
  • 2 weeks later...
  • 2 weeks later...

Hi Everyone,

Just installed this fab plugin - I have 11,00 members with 80% populating the "location" field in their profile, i'm a little surprised that this plugin doesn't first of all look at the location field in the users profile to map all my members, is this something that can be configured?

I have ran similar member maps before on other CMS systems that have allowed me to import users and thus giving me a populated map as opposed to something that looks a little bare :(

Thanks for any assistance.

Pete

Link to post
Share on other sites

Hi Everyone,

Just installed this fab plugin - I have 11,00 members with 80% populating the "location" field in their profile, i'm a little surprised that this plugin doesn't first of all look at the location field in the users profile to map all my members, is this something that can be configured?

I have ran similar member maps before on other CMS systems that have allowed me to import users and thus giving me a populated map as opposed to something that looks a little bare :sad:

Thanks for any assistance.
Pete


It's probably quite a good job that doesn't happen, if you had that many markers on the current implementation it wouldn't work at all.

The next release should alleviate a lot of this by doing any needed processing when the user saves their location.

Converting your location data into co-ordinates will take a long time, most geocoding services will throttle the amount of requests you can make per day.(Google 2,500 - Bing 30,000 ( according to some information ))
Link to post
Share on other sites

Hi there, yea I ran the previous solutions in batches, it did take a few days but I don't have a problem with that :)

I presume I wouldn't have to rely on each using saving their location field and there would be a method of converting the location data in batch on their behalf ?

Many thanks for the response, do you have an ETA on when the next version will be available for testing?

Many thanks.

Pete

Link to post
Share on other sites

Hi there, yea I ran the previous solutions in batches, it did take a few days but I don't have a problem with that :smile:

I presume I wouldn't have to rely on each using saving their location field and there would be a method of converting the location data in batch on their behalf ?

Many thanks for the response, do you have an ETA on when the next version will be available for testing?

Many thanks.

Pete


Hopefully something will be out there before November, but I can't promise it.
Link to post
Share on other sites

I ran into an error.

http://prntscr.com/1xtp2v

https://developers.google.com/maps/signup?csw=1

V2 is deprecated now and I can't generate an API key for that. Is there a workaround? Thanks.

Are you sure about this? I just installed this a few days ago...at first I installed v3 but then I got that error too--then I disabled v3, enabled v2 and regenerated a new key and now it works on my site.

To the developer,

Thank you for a wonderful application! My members love it! Does it cost money for a Bing API though? BING look more fluid in its map from what I've seen.

Ryan

Link to post
Share on other sites

I ran into an error.

http://prntscr.com/1xtp2v

https://developers.google.com/maps/signup?csw=1

V2 is deprecated now and I can't generate an API key for that. Is there a workaround? Thanks.

The V2 API has been deprecated for about 3 years now, the V2 api will change into a V2/V3 hybrid in November.

I'll recap as although it's been mentioned on many pages in this topic this information has slipped back out of view. API Keys are available via the console. https://code.google.com/apis/console


Are you sure about this? I just installed this a few days ago...at first I installed v3 but then I got that error too--then I disabled v3, enabled v2 and regenerated a new key and now it works on my site.




To the developer,

Thank you for a wonderful application! My members love it! Does it cost money for a Bing API though? BING look more fluid in its map from what I've seen.


Ryan

You do require a Bing account to use the API, but they do have a free level that's pretty much the same (if not better) than the free Google Maps offering.
Link to post
Share on other sites

Are you sure about this? I just installed this a few days ago...at first I installed v3 but then I got that error too--then I disabled v3, enabled v2 and regenerated a new key and now it works on my site.

To the developer,

Thank you for a wonderful application! My members love it! Does it cost money for a Bing API though? BING look more fluid in its map from what I've seen.

Ryan

How did you enable v2 and what's the exact name of it? I wasn't able to locate it on the Google API site.

The V2 API has been deprecated for about 3 years now, the V2 api will change into a V2/V3 hybrid in November.

I'll recap as although it's been mentioned on many pages in this topic this information has slipped back out of view. API Keys are available via the console. https://code.google.com/apis/console


You do require a Bing account to use the API, but they do have a free level that's pretty much the same (if not better) than the free Google Maps offering.

Yes, that's where I generated the key for the v3. I clicked on "Services", there is no Google Maps API v2 API there. Refer to screenshot below.

http://prntscr.com/1ygz9m

Much appreciated.

Link to post
Share on other sites

I find it hard to believe it could have changed like a day after I installed it and got it working but maybe that is the case....I see what you are talking about-- https://code.google.com/apis/console/

When I did this like a week ago there was a "Google Maps API v2" that I enabled....you may have to wait for this application to work with Google Maps API v3 unfortunately.

I don't know this or if the thing with Google Maps API v2 is completely true or not; someone with more knowledge on this may be able fill you in on that.

Link to post
Share on other sites
Hello,
I have a big problem for 3 days! I try 300 Tips ... I still have no errors:

Google has disabled use of the Maps API for this application. See the Terms of Service for more information: http://www.google.com/help/terms_maps.htm

or :

Google has disabled use of the Maps API for this application. The provided key is not a valid Google API Key, or it is not authorized for the Google Maps Javascript API v2 on this site. If you are the owner of this application, you can learn about obtaining a valid key here:

http://code.google.com/apis/maps/documentation/javascript/v2/introduction.html#Obtaining_Key

Thank you very much for your help
Link to post
Share on other sites
  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy