Crystaldawn.net

Version 2.0.0
****************** New Street Level Geocoding ********************

Geocoder - Google: *** ALL OF EUROPE!! *** This is big news and it really helps us out a lot!
Geocoder - Google *** Hong Kong ***
Geocoder - Google *** Singapore ***
Geocoder - Google *** Taiwan *** (Use Chinesse Keyboard to get precise street level accuracy, may or may not work. I cant test it.)
Geocoder - Google *** India ***
Geocoder - Google *** Ireland! ***
Geocoder - Google *** Brazil ***
Geocoder - Google *** Hungary ***
Geocoder - Google *** Poland ***
Geocoder - Google *** Czech Republic ***
Geocoder - Google *** Italy ***

****************** New Features ********************

New Feature: Tables are COMPLETELY gone and CSS HAS ARRIVED! I finally had time to break up each piece of the results page and give them a css class that can now be used for easy hide/displaying of certain things in the results page. This stems from many people wanting to only show parts of the address. This also means you can easily hide the “Powered By” message as well, without ruining my SEO. If you want to remove the powered by stuff, please just set the “display: none” value. That way your users never know its there, but google’s search engine can see it. It helps my rankings in the google search engine for keywords on “store locator” and other things. The more links back to my site, the higher my rankings get. So therefore, the more people using my app, the more noticable I become in google. The powered by message is no longer encrypted as well. The new stylesheet is phpGoogleStoreLocator-css-stylesheet.css (real hard to figure that one out eh lol). I have not yet styled the administration panel and have no current plans to do so since it is not something regular users see anyways. I’ve not gotten much request for it anyways.

New Feature: You can now manually enter the longitude/latitude by hand in the edit location section.

New Feature: The installation method can now detect whether allow_url_fopen is on or off and whether or not curl is installed or not. Because of this we now have the option of using either allow_url_fopen or curl to get webpages. So if allow_url_fopen is set to off but curl exists, all calls to get a website (from the geocoders) will be run through curl. This has been a large problem for many users who did not have access to set the allow_url_fopen in the php.ini file because of their hosting service. If neither of these exist, we simply quit and tell the person that they cannot install the app since their server is not up to snuff for our application. You can also force it to use one or the other as well. If you set use_curl to 1 in the settings DB, it will force the app to use curl. If you set it to anything other than 1, it’ll use allow_url_fopen.

New Feature: A couple bug fixes and changes have resulted in speed enhancements. This version is inherently faster than previous versions and so I consider that a new feature ;)

New Feature: There is a new feature that will display at the bottom of the results page called “Execution Time” This is a useful item to tell whether something is slowing down your results or not. I used it to gauge whether curl or allow_url_fopen would be better to use and allow_url_fopen consistantly beat curl by about 3 tenths of a second. But this may vary from server to server depending upon compilation optimizations, etc. So you can use it to figure out if you should be using curl or not on your machine. You can also use it to gauge other changes as well such as mysql query changes, etc. You can turn this feature on/off in the settings table with the show_execution_time by setting it to 1 or 0.

New Feature: There is now a function that can run mysql queries that are located in a file. This is used mainly in the install process but you can use it on your own if you like as well. This helped clean up the install file and also made the queries much more portable since they are now in files that can be used by phpMyAdmin and other mysql administrators.

New Feature: When I added the page that allows the general public to enter locations into the DB, I added a customizable limit to it but I forgot the feature that disables this all together! Duh. Thus you can now turn that page on/off using the settings table. It is OFF by default.

New Feature: Along with the public location adding capability comes the need for allowing the administrator to either approve the listing or have it auto-approved by the user entering the location. You can turn this on/off in the settings admin area with the Allow Public Catorgorization setting. 0 Means you have to authenticate the location before it can be seen in results, 1 means the public can authorize it by giving it a category.

New Feature: Previously if you wanted to modify the words/phrases that were not allowed in comments, you needed to use phpMyAdmin to change the comments_disallowed_phrases setting. I forgot to add the management for that setting in the settings area. You can now modify these with the settings admin area.

New Feature: If you want to add something to the settings table and make it administratable, all you need to do is copy/paste one of the form lines in the settings page and you are done. The app will detect if that setting exists or not and either update it or insert it. I use this mostly for myself when adding new settings but you can use it as well. This stems from the update_setting() function being modified to check to see if the setting exists and if not, it inserts the setting.

New Feature: With some large DB’s the dropdown list in the edit locations and delete locations was so large that it would crash your browser. There is now a limit on the dropdown that can be set in the settings table. It currently allows for 300 listings to be in the dropdown. Once it goes over this limit, the dropdown is removed and replaced with a search box instead.

New Feature: There are some new dropdowns in the edit locations page that organizes the locations according to their status: No coordinates, No Categories, Active, and Expired.

New Feature: Theres a new table on the admin spash page that shows the stats of your DB. Total Active locations, Total Locations, Number of Expired Locations, Number of locations with no Coordinates, and Number of locations without categories. This gives you a quick overview of the health of your Locations table.

New Feature: Upgrade notification. Previously there was no way to tell if there was an upgrade or not. This is something I’ve always meant to add but just never did.. Well now its here. Whenever you open the admin panel, the splash page will check a .txt file on my site and compare its version to the version you are running and if they are different, it will give you a small blurb about whats in the upgrade. You can turn the upgrade notification on/off in the settings area.

New Feature: Capability to “autozoom” into the results location radius based on the furthest locations from the starting point. So if you have 5 results and the furthest one is 8 miles away, the zoom level is set to 6 in order to try to show all your locations in the same window. Autozoom was left out of the previous versions because I was to lazy to calculate the distances required for each level. I think I’ve got it pretty close but it may still require some tweaking. Also, if you change the map window size, it WILL through off the autozoom levels by A LOT because the calculations I did were for the default mapsize. If you change the map size and want to use autozoom, you’re gonna have to play with it yourself in the settings area for a couple hours to get all the zoom levels right. Autozoom can also be disabled in the settings as well.

****************** Bug Fixes ********************

Bug Fix: On the results page, the geocoder was hitting google twice everytime someone did a search. This did not affect anything other than the google key’s number of hits per day. Thus a single search counted as 2 searches rather than 1. This has been fixed. This also speeds up the initial results page by twice as fast since it only goes to google once rather than twice.

Bug Fix: Saving of Address field in the Administration panel did not work. This was due to an inconsistency in that I used a mixture of street and address when I should have used only address. All instances of street have been removed and replaced with address to keep things consistant with the database.

Bug Fix: The UK Geocoder if statements were wrong. It was still using the pre-street level if statements and thus if you had a zipcode in the address, it wouldnt use street level coordinates. This is now fixed and the app now attempts to geocode to street level first and then defaults back to zipcode level as it should have in the first place.

Bug Fix: Add location was not saving the Categories on a new entry. This is was due to a bug in both PHP4 and PHP5 where array_map/addslasshes cannot work on arrays inside arrays. This is fixed with one of the security fixes I did below.

Bug Fix: The enter locations page in the admin was still requiring a zipcode even though it was not needed. This was left over from the zipcode only versions. It is now an optional field.

Bug Fix: Delete locations in the admin panel didnt work at all. This was due to a naming inconsistency and is now fixed.

Bug Fix: If a URL was left as http:// (which is fine) in the admin panel for a location, it would show up in the results pages as http:/// which is not fine. I’ve sanitized it on the output page to not show the http:// I left it with http:// in the field so that if the address ever does have a url, you dont forget to put it in.

Bug Fix: Expiration dates were not in the inradius mysql query and thus locations never actually expired. All of the expiration code is in place and works now.

Bug Fix: When a locations was deleted, it did not delete the comments associated with that location. This is fixed.

Bug Fix: Comments were not using the disallowed word/phrases code. This is now fixed.

Bug Fix: When a category was not selected in the search, the categories list was blank on the results page when it should have reflected ALL the categories.

Bug Fix: Uh, Phone AND Hours were not showing up in the resuls pages. Duh, Fixed.

****************** Changes ********************

Change: I have removed the “notes” from the balloon tooltip in the map. There just isnt enough space in the balloon image to show most notes. You can re-add if it you like and maybe play with the font/font size, but its probably not worth doing.

Change: When an address was updated, it would geocode the address whether it needed to or not. It now only geocodes if there has been a change to the address, city, state, zip, or country. Also, if the coordinates have been manually entered, it will not auto-geocode even if the address fields have changed.

Change: The ordering for the Locations dropdown in the Edit Locations page has changed to a more organized form (Storename) City, State, Country

Change: I commented out the mysql_error() call in the inradius function so that it doesnt mess up any error messages.

Change: The latitude/longitude are no longer returned as a 12.84##-2.89 type of string. They are now objects in the form of $this->lat $this->lon for nice easy reading and comprehensibility.

Change: All split() calls have been changed to explode() to increase performance. Using split is unecessary if not using regex expressions.

Change: phpMyAdmin has been upgrade to 2.10.3

Change: The map width/height are no longer stored in the settings table. Since this is actually part of the look/feel of the site it is on, it’s been moved to the new .css file.

****************** Geocoder Updates ****************

Geocoding Update: The geocoder geo.localsearchmaps.com had changed it’s output method as well as it’s input method thus breaking the UK Street Level geocoding capabilities. We now use the new methods and the UK works once again.

****************** Security Updates ****************

Scale: Minor, Moderate, Major, SEVERE, RED ALERT!!!

Security Update (Status: Minor [Not currently exploitable]): On machines that had magic quotes off, we were not sanitizing things well enough through out the entire application and I noticed this while doing a couple of the updates for this release. I’ve not seen any exploitable areas because of it and have had no reports of any security exploits because of it but none the less, I spotted a possible inconsistency in the security of the app and thus I’ve added array_map calls to sanitize EVERYTHING all at once by modifying the config file. This will protect every single page in the app. Besides, I think it was time to move up from the 1.0.x versions anyways. Because of this new addition, I expect to find some instances of things like \’ \” \\’ or any combination of chars followed by a \ showing up in various parts of the app. Hopefully I get them all, but as always if you find one, just report it in the forums and I’ll fix it up. These are not security bugs and will not harm anything. They are simply cosmetic things that are easily fixed with stripslashes(). Note: array_map/addslasshes does not work so we used our own array_add_slashes() function. Check it out and if you ssee any security bugs, tell me.

Security Update (Status: Major [exploitable but no reports of it being exploited were reported to me]) Comments that were left by public users allowed HTML/JS to be placed in them because I forgot to the strip_tags() function. This is not listed as SEVERE because this could not be used to inject PHP or include files for cross site scripting. This is now fixed.

****************** Known Problems ****************

Bug: None that I know of.