Want your Halloween portal to match your brand of fear? You can go beyond the default themes and create your own custom style. The system supports custom CSS themes that define everything from background gradients to hover animations. To request a custom theme slot, visit the Admin > Theme Manager section (admin only) or contact support. Each theme is a separate `.css` file stored in the `/assets/css/` directory. When defining your theme, follow the standard Bootstrap variable overrides (e.g., `--bs-primary`, `--bs-body-bg`, etc.). You can also customize card transparency, border style, box shadows, fonts, and button colors. Here’s a trick: give your theme a spooky name like 'Witching Hour', 'Bloody Hall', or 'Silent Screams'. Once approved, users will see your theme in the theme selection dropdown. Themes are previewed live and stored in each user’s profile. They apply across sessions and work alongside card transparency and dark mode. If you’re a designer or front-end dev, this is your chance to make the portal yours. Custom themes also make great event branding for haunted attractions or home tours. To keep things clean, all themes are reviewed by an admin before being published.
The scripting engine within the Halloween Control Portal allows you to create custom sequences and automation for your devices. You can write scripts that respond to motion, sound, light, or timed triggers. Each script can control multiple devices such as lights, servos, sound effects, and fog machines. To get started, navigate to the 'Scripts' section under your dashboard. Click 'Create Script' and give your new script a descriptive name. Scripts use a simplified command language with actions like TURN_ON, WAIT, TRIGGER, LOOP, and IF_SENSOR. For example, you could write a script like: IF_SENSOR motion_1 TRIGGER light_1 WAIT 5000 TRIGGER fogger_2 This script turns on light_1 when motion_1 is detected, waits 5 seconds, and then activates fogger_2. You can preview and test scripts from the same interface before assigning them to devices. Each script can be linked to a specific event or scheduled to run automatically at a certain time. Advanced users can group scripts together for complex show control. Be sure to save your scripts regularly, and consider enabling logging for debugging. Scripts give you precise control over your haunted scenes, helping you automate the terror with creativity and efficiency. Whether you’re setting up a timed graveyard sequence or reactive jump-scares, the scripting tool is your control panel to orchestrate fear.
Users can select from spooky, haunted, creepy, and default themes. Preferences are stored in the database and apply site-wide. These can be previewed from the Theme Preferences section under your account settings.
The Halloween Portal offers multiple spooky themes that let you personalize your experience. From 'Haunted' to 'Creepy', you can pick a style that fits your vibe while navigating the dashboard. To change your theme, go to the user settings page. There you’ll see a dropdown list of available themes: Default, Haunted, Creepy, Spooky, and more. When you select a new theme, the page will live-preview the change so you can decide before saving. Your theme preference is stored in your session and database, so it applies across pages and future logins. If you use the 'Remember Me' feature, your theme remains in effect even after a restart. Themes affect the color scheme, background textures, font styles, and hover effects. For example, the 'Spooky' theme uses glowing orange buttons and jagged hover outlines. Want to make your own theme? Contact an admin to request a custom CSS slot, or clone an existing one and tweak it. Advanced users can also propose new theme submissions to be added to the system. Theming makes the portal more immersive. Whether you're managing devices, uploading projects, or moderating content, your chosen style will help set the tone for your haunted experience.
The Halloween Portal allows users and moderators to provide references for facts submitted to the community. These references are often external links that support claims or provide additional reading. However, links sometimes break over time — websites change or pages are removed. To maintain quality, the system includes tools to detect broken references. Each fact has a `valid_ref` flag and a `verified_reference` indicator. Admins or moderators can run a reference checker, which scans each URL to see if it returns a 404 error. If broken, it is marked as invalid. When a reference is missing or broken, a built-in search tool (using Google Custom Search API) can suggest a new link based on the `fact_text`. Admins can then click 'Add to DB' to update the fact with the new reference. Manual verification is also supported. Admins can click 'Verify' on any fact with a good reference, setting the `verified_reference` flag to true. Keeping references current helps ensure facts are trustworthy and the community stays informed. It also improves SEO and user trust. If you find a broken link, you can notify an admin or moderator to replace it using the available tools.
Each device must be registered through the dashboard to obtain a unique ID. Go to Device Management > Register Device, then enter the device name and description. The system will generate a device_id and assign it based on your subscription level.
To connect your Halloween devices to the control portal, each device must first be registered. This process ensures your fog machines, lights, animatronics, or sensors are securely linked to your user account. When a device boots up for the first time, it attempts to connect to the WiFi and register using a unique device ID. You can then visit the 'Device Registration' page under your dashboard to approve and name the device. It's best to label each device descriptively (e.g., 'Graveyard Light', 'Front Porch Fogger') so you can control them easily. Once registered, each device becomes available in the dashboard for triggering manually or as part of automation scripts. If a device fails to connect, make sure it's within WiFi range, powered on, and flashed with the correct firmware. You can also view connection logs to see if your device attempted to register but was rejected or timed out. Advanced users may also choose to assign tags or group devices for zone-based control (e.g., 'Front Yard', 'Grave Room'). This becomes especially powerful when writing conditional scripts or building sequences that trigger based on events. Registering devices is the first step in making your Halloween smart and interactive. Whether you’re controlling sound effects, lighting, or motion props, a properly registered device ensures smooth operation and allows for advanced customization and automation later on.
To connect your Halloween devices to the control portal, each device must first be registered. This process ensures your fog machines, lights, animatronics, or sensors are securely linked to your user account. When a device boots up for the first time, it attempts to connect to the WiFi and register using a unique device ID. You can then visit the 'Device Registration' page under your dashboard to approve and name the device. It's best to label each device descriptively (e.g., 'Graveyard Light', 'Front Porch Fogger') so you can control them easily. Once registered, each device becomes available in the dashboard for triggering manually or as part of automation scripts. If a device fails to connect, make sure it's within WiFi range, powered on, and flashed with the correct firmware. You can also view connection logs to see if your device attempted to register but was rejected or timed out. Advanced users may also choose to assign tags or group devices for zone-based control (e.g., 'Front Yard', 'Grave Room'). This becomes especially powerful when writing conditional scripts or building sequences that trigger based on events. Registering devices is the first step in making your Halloween smart and interactive. Whether you’re controlling sound effects, lighting, or motion props, a properly registered device ensures smooth operation and allows for advanced customization and automation later on.
Every user-submitted project goes through a moderation process to ensure quality and safety. Moderation helps filter out spam, inappropriate content, or incomplete submissions. Once a project is uploaded (title, description, and photo), it is marked as 'pending'. Moderators can review these submissions from the moderator dashboard. Each submission is displayed with an approve or reject button, as well as tools to verify the uploaded content. When a moderator approves a project, it becomes visible on the public gallery. If a project is rejected, it is removed from the moderation queue and may be deleted or archived, depending on settings. Moderators may also check whether references provided are valid or broken. If a project includes external links or factual claims, the moderator can verify the sources and mark them accordingly. All moderation actions are logged, including who approved or rejected each project. This ensures accountability and allows admins to audit decisions. As a submitter, you can increase your chances of approval by providing clear descriptions, high-quality photos, and accurate references. Projects that are detailed and complete are much more likely to be showcased in the public gallery. This process helps ensure the Halloween Portal remains a vibrant and spooky space for high-quality community creativity.
The scripting engine allows simple automation logic using if/then syntax. For example: IF motion_detected THEN activate_relay(1) You can define these scripts per device and they are evaluated server-side. Scripts can also include delays and conditions like sunset or sound triggers.
Contributing a fun or spooky fact to the Halloween Portal is easy! Facts appear throughout the site — on the homepage, in the sidebar, or on the community board. To submit a new fact, go to the 'Fact Manager' section. Enter a title and your fact content, and optionally include a reference link if it's based on history, folklore, or science. Click 'Add Fact' and your submission will appear in the list, marked as unverified. Moderators and admins review submissions to ensure they meet standards. They may check if the reference link is valid, if the fact is unique, and whether it fits the spooky theme. Verified facts are flagged and shown more prominently. We encourage creative entries — jokes, historical tidbits, even pop-culture references (like haunted houses or monster lore) are welcome. Avoid reposting the same fact multiple times or submitting incorrect info. Your fact becomes part of the Halloween knowledge base that other users see as they use the portal. It’s a great way to contribute to the vibe and help keep things creepy, fun, and informative.
Tags and categories help organize the massive collection of Halloween projects uploaded by users. Using tags allows you to filter and find similar projects quickly, whether you're looking for 'fog machines', 'laser eyes', 'jump scares', or 'animated props'. When uploading a new project, you'll be prompted to enter relevant tags. These should be short keywords that describe what your project involves. Tags are community-driven, which means that new tags can be created by any user during project submission. To keep things clean and useful, moderators have the ability to merge similar tags or remove those that are too vague or inappropriate. Categories are a more structured form of classification. For example, all 'Lighting Effects' projects may fall under a category, while tags like 'purple', 'spotlight', and 'RGB' help refine the search. Each project can belong to one category and have unlimited tags. On the gallery page, users can click on a tag or category to instantly filter results. This enhances discoverability and helps users learn from each other's work. Be thoughtful with your tags — the more accurate they are, the more likely your project will be found and appreciated. And if you're browsing and find a useful tag not yet applied to your project, you can always edit and add it!
Devices send heartbeats every 30 seconds. If no heartbeat is received for 2 minutes, the dashboard will mark the device as offline. You can configure alerts based on missed heartbeats in your device settings.
Initially, all device interaction was via REST endpoints like /api/device_commands.php. With WebSocket, commands are now sent in real time, reducing lag and increasing reliability. You can still use REST for polling-style updates.
Timing is everything when it comes to effective scares. That’s why the Halloween Control Portal includes a powerful scheduling feature for device scripts. With it, you can set specific times for your scripts to run — daily, weekly, or even on just one occasion. To create a schedule, go to your script management section and click 'Add Schedule'. You’ll choose the script to run, set the time (in your local time zone), and define the repeat interval. Supported intervals include one-time triggers, daily at a specific time, or on selected days of the week. For example, you might schedule your graveyard lighting to fade in at 6:30 PM every night leading up to Halloween. Or you could trigger your front porch fogger on Halloween night from 7:00 PM to 10:00 PM every 30 minutes. The system supports both absolute time and sunrise/sunset offset triggers, making it ideal for lighting. You can chain scheduled scripts together for full scene control. All scheduled actions are logged so you can confirm whether they executed successfully. And if you ever need to pause automation (e.g., due to weather or maintenance), you can toggle scripts on or off without deleting them. Smart scheduling makes your haunt look alive without constant manual intervention.
Two-Factor Authentication (2FA) adds an extra layer of protection to your account. When 2FA is enabled, you’ll be asked to enter a temporary verification code sent to your email after your password is accepted. This ensures that even if someone has your password, they can’t access your account without also having access to your email. To enable 2FA, go to your account settings page and click 'Enable 2FA'. Once enabled, the system will send you a code during login and also for any high-privilege actions like accessing admin tools or submitting SQL queries. 2FA codes are valid for a short window — usually five minutes. Each time a code is sent, it is stored temporarily and must match exactly what you enter. If the code expires, simply request a new one by refreshing or re-submitting your login. If you lose access to your email, contact the administrator to recover your account. We do not recommend enabling 2FA with temporary or disposable email addresses. Enabling 2FA drastically improves the security of your Halloween Control Portal account. It ensures your settings, devices, and automation scripts can only be accessed and edited by you, and prevents unauthorized control of your Halloween experience. Protect your haunted domain — enable 2FA today!
Two-Factor Authentication (2FA) adds an extra layer of protection to your account. When 2FA is enabled, you’ll be asked to enter a temporary verification code sent to your email after your password is accepted. This ensures that even if someone has your password, they can’t access your account without also having access to your email. To enable 2FA, go to your account settings page and click 'Enable 2FA'. Once enabled, the system will send you a code during login and also for any high-privilege actions like accessing admin tools or submitting SQL queries. 2FA codes are valid for a short window — usually five minutes. Each time a code is sent, it is stored temporarily and must match exactly what you enter. If the code expires, simply request a new one by refreshing or re-submitting your login. If you lose access to your email, contact the administrator to recover your account. We do not recommend enabling 2FA with temporary or disposable email addresses. Enabling 2FA drastically improves the security of your Halloween Control Portal account. It ensures your settings, devices, and automation scripts can only be accessed and edited by you, and prevents unauthorized control of your Halloween experience. Protect your haunted domain — enable 2FA today!
Join Mode lets your Arduino act as a WiFi hotspot for configuration. Hold the setup button on your device for 5 seconds and connect to the device WiFi. Then visit 192.168.4.1 in your browser to configure the target WiFi.
The device dashboard is the central control panel for managing all your connected props, sensors, and effects. When you register a new device, it will appear here — listed by name, type, and connection status. Each device card shows vital details: last ping (heartbeat), uptime, battery level (if applicable), signal strength, and whether it’s currently responding. You can rename devices, group them by zone (e.g., Front Yard, Haunted Hall), or temporarily disable them without deleting. From the dashboard, you can trigger actions (like turning on a relay or light), test scripts, and view recent activity. Each device also has a log of its interactions — perfect for debugging sensor triggers or script behavior. If a device shows as 'offline', it hasn’t reported in recently. This may mean it lost WiFi, was powered off, or had a firmware issue. Clicking on a device will give you troubleshooting tips and allow you to reset it. You can also assign tags to devices and set default behaviors, like 'Turn off after 5 minutes'. Power users may define sensor thresholds or trigger chains based on input (e.g., 'when motion is detected AND light is below 10'). The device dashboard is designed to keep everything visible, functional, and flexible — giving you control over every scare.
The Halloween Control Portal uses a role-based access control system to manage what different users can see and do. There are three primary roles: User, Moderator, and Admin. **Users** are everyday participants. They can register, log in, manage their preferences (like theme and opacity), register devices, and submit Halloween projects. Users can also view public projects, upload images, and browse community facts. **Moderators** have all user permissions plus the ability to review, approve, or reject submitted projects. They can also flag inappropriate content and verify references for facts submitted to the system. Moderators help keep the community content accurate and engaging. **Admins** have full system access. In addition to moderator functions, they can manage user accounts, execute SQL statements with 2FA, view system logs, adjust global settings, and maintain platform security. Permissions are enforced on every page using session-based role checks. If a user attempts to access a page above their role, they are redirected or shown an error. By using roles, the platform stays secure while empowering different levels of user interaction. If you are unsure about your current role or believe you should have elevated access (e.g., for moderation), contact the platform administrator.
Images and videos bring your Halloween projects to life. When you submit a project, you’ll be asked to upload one or more media files. These help illustrate your prop in action, your scene layout, or the impact of your automation. Supported formats include JPG, PNG, and GIF for images, and MP4 for video (if enabled). There is a size limit (e.g., 5MB per image) to ensure the portal loads quickly and stores data efficiently. Media files are stored in `/uploads/projects/` and are linked to your project entry. You can view them directly from your project page and edit them later via the dashboard. If you want to update a photo (e.g., replace a blurry image), just click 'Edit Project' and upload a new one. The old image will be archived for 24 hours before deletion in case of mistakes. All media is screened by moderators to ensure it is Halloween-relevant and appropriate. Do not upload copyrighted content or personal images you wouldn’t want public. Want to show off your haunt at night? Try uploading a timelapse or fog-filled clip. Your media makes your project real — so be creative, bold, and spooky!
Limit switches act as binary triggers. They can be attached to doors, props, or pressure pads. Scripts can use: IF switch_1_triggered THEN ...
The SQL Admin Tool gives admin users the ability to execute raw SQL queries inside the Halloween Portal — but with guardrails. It is protected by role-based access, and requires 2FA verification before any queries can be run. To use the tool, navigate to `admin_sql_exec.php`. Enter a valid SQL statement (e.g., `SELECT * FROM users LIMIT 5`) and your current 2FA code. You must click 'Send 2FA Code to Email' to receive the one-time token. Once verified, you can execute up to 10 queries per 24-hour window. All queries are logged, including user, timestamp, IP, and SQL content, to `sql_exec.log`. Sensitive columns like `password_hash` and `email` are automatically masked in the output. Only SELECT, UPDATE, DELETE, and INSERT statements are allowed. Dangerous operations like `DROP`, `TRUNCATE`, or altering system tables are blocked. Use this tool with caution. If you're unsure about a query's impact, test it locally or ask another admin. Never expose results publicly that contain private data. The SQL Admin Tool is a powerful utility for managing your database in emergencies or for advanced insights — but use it wisely and log every action.
Vision AI sensors can detect humans, faces, and movement patterns. Integration with these sensors requires a Level 3 or higher subscription. Data is sent through the WebSocket and can be logged or used in scripts.
The 'Remember Me' feature provides a way for you to stay logged in between visits without having to re-enter your username and password every time. When you check this option on the login page, a secure token is stored in your browser as a cookie. This token is linked to your account and allows the server to recognize your session, even if you've closed your browser. Unlike simple sessions that expire quickly, Remember Me is designed to persist — but safely. The token is long, randomly generated, and stored securely in the database. Additionally, your IP address and browser user agent are checked to ensure the token hasn’t been stolen or reused elsewhere. We recommend using 'Remember Me' only on private, trusted devices. On shared or public computers, it’s best to leave it unchecked to prevent others from accessing your account. For extra security, the Remember Me token has an expiration date, typically 30 days from creation. You can revoke all active tokens at any time by logging out or changing your password. If you're using 2FA, you may still need to re-authenticate occasionally, especially when performing high-privilege actions. Remember Me is designed to balance convenience and security, allowing you to focus on creating spooky experiences without the hassle of frequent logins.
The 'Remember Me' feature provides a way for you to stay logged in between visits without having to re-enter your username and password every time. When you check this option on the login page, a secure token is stored in your browser as a cookie. This token is linked to your account and allows the server to recognize your session, even if you've closed your browser. Unlike simple sessions that expire quickly, Remember Me is designed to persist — but safely. The token is long, randomly generated, and stored securely in the database. Additionally, your IP address and browser user agent are checked to ensure the token hasn’t been stolen or reused elsewhere. We recommend using 'Remember Me' only on private, trusted devices. On shared or public computers, it’s best to leave it unchecked to prevent others from accessing your account. For extra security, the Remember Me token has an expiration date, typically 30 days from creation. You can revoke all active tokens at any time by logging out or changing your password. If you're using 2FA, you may still need to re-authenticate occasionally, especially when performing high-privilege actions. Remember Me is designed to balance convenience and security, allowing you to focus on creating spooky experiences without the hassle of frequent logins.