ICM Web Final: Food Logging site!
December 16, 2009Nutritio.us was created out of laziness. I went to a nutritionist a few weeks back and she suggested I write down what I ate every single day, in order to find out how I interact with my food. I know that I’m bad at small daily tasks, but I’m much better with reminders. I decided to create a website that would do it for me. After mentioning it to multiple people, I learned that other people would love to use the site as well. So, I started to create an entire login system. After logging in you could enter the daily report or check out the stastics of your meals, ie-how often you eat at various restaurants, figure out your caloric intake. This would involve PHP & SQL. Meanwhile, a cron job would run, sending you e-mails that you should login to your site and write down your daily meals.
Creating the databases was fairly easy. My hosting didn’t allow me to create databases in PHPMyAdmin, instead they have a SQL Databases section where you set them up and create the username and passwords. This was not discovered without a bit of difficulty.
I initially went off of a login system tutorial that I found on nettuts.com, and I proceeded to write code for a login, forgot password, register, activate, and logoff page. This took up an obscene amount of time. I decided to only use the login page for the sake of deadlines and showing the proof of concept. There was one issue: the tutorial was unfinished. The code didn’t work and I didn’t know how to login into the database. I went through and realized my hosting plan adds a prefix to my login. But the code wasn’t working. I met up with Rune and I learned a bunch.
1.The initial code I went through had all of the table names with single quotes. There didn’t need to be any quotes at all.
2.The echo’s that were placed through all the login to state the errors were impeding the ability to login. Apparently the login can’t have echo interruptions. Rune showed me that I could create an empty variable with double quotation marks and that would act the same as an echo,
Example Code: $message = “”; and then call it later, $message = “The password you supplied did not match the username.”;
Huzzah! The next step was to learn Google Visualization!
I chose Google Visualization on the recommendation of my classmate Sebastian. I went through the website and they had fairly straightforward code, however, for the multiple variations on chart styles, they each have their own code. You also need to sign up for an API key, which is fine, I’ll be sure to use it later for…something. I started initially working with a barchart and then…doubt. What if my Time data wouldn’t work? I decided it would be smarter, just to have a simple table show my breakfast preferences and show the frequency in which I ate at those restaurants.
Well, it didn’t work. So I debugged. This is when I Literally discovered the GV code has different code for each type of chart. So I went through and cleaned it up. Then I couldn’t get it to show the frequency. I worked on the code and then scoured the web for answers. There, I learned about the COUNT function that will add up the frequency of a table and then you can rename it
Example Code: SELECT break_where, COUNT(break_where) AS frequency FROM foodreports GROUP BY break_where.
I needed to create a Cron Job. After learning my hosting doesn’t allow for cron functions through Terminal(after spending a day getting Terminal opened up), I figured out they have a cron job section on the hosting that is not intuitive, but doable.
There was another issue with the tutorial: it had my username and password into my website contained on the login page and not on a secure page.
I know this because my site got hacked. Not just the one site, but every single index page and js page in my hosting. I host 13 sites. I’m still going through and cleaning all the sites. The hackbot added a section of code at the bottom of each of those pages that seems to send a call to xtube-com.blogger.com.pornorama-com.bluejackmusic.ru
I know, awesome, right?
But a good learning experience. I took my final down as soon as I realized it was in every single js file, which I did not figure out initially.
So, there you have it. I have lost my adoration of hackers (technically, it probably a hackbot) and I will be next learning about PHP/SQL security…in my spare time.
Since I had to take down the site, I will simply provide screenshots.
This entry was posted in Comp Media for the Web. Bookmark the permalink. ← Comm Lab – After Effects PComp Final: UnPlug →
Interesting – Now I understand what you meant when you said you got hacked. All very instructional