racken Posted August 8, 2015 Share Posted August 8, 2015 I'm building a weightlifting workout tracker, I have added some sample data but feel free to add your own http://weightroom.uk/ http://weightroom.uk/phpfreaks.txt To login use username: test password: test123 Looking for feedback as well as any bugs Thanks all 6 Link to comment https://forums.phpfreaks.com/topic/297692-test-my-workout-tracker/ Share on other sites More sharing options...
ignace Posted August 8, 2015 Share Posted August 8, 2015 The UI is not intuitive. I had no idea how to add a new workout. Also the formatting help returned nothing. Not everything has a weight like push-up or sit-up (which is not equal to your bodyweight) unless you would use a weighted vest. 1 Link to comment https://forums.phpfreaks.com/topic/297692-test-my-workout-tracker/#findComment-1518286 Share on other sites More sharing options...
racken Posted August 8, 2015 Author Share Posted August 8, 2015 The UI is not intuitive. I had no idea how to add a new workout. Also the formatting help returned nothing. Not everything has a weight like push-up or sit-up (which is not equal to your bodyweight) unless you would use a weighted vest. Cheers for having a look, I have fixed the formatting help button and rewritten to show how you can add bodyweight exercises and in terms of usability was it only adding a log you have trouble with or where there other issues with it? I really want to try and get usability down as that was pretty much the point of the site Im going to add a track button which would take you directly to adding a workout and write up some help files Link to comment https://forums.phpfreaks.com/topic/297692-test-my-workout-tracker/#findComment-1518301 Share on other sites More sharing options...
ignace Posted August 8, 2015 Share Posted August 8, 2015 Also what is the Volume meant to do? It shows 4800kg, so can I now lift my car? I did 4 sets of 20 push-ups with a weighted vest of 60kg? Also how do I specify when I have no weight? 0x20x4 is kinda a problem Link to comment https://forums.phpfreaks.com/topic/297692-test-my-workout-tracker/#findComment-1518307 Share on other sites More sharing options...
racken Posted August 8, 2015 Author Share Posted August 8, 2015 Haha yeah I guess thats not too clear, volume is total volume of weight moved during that session or for the exercise 4*20*60 = 4800 for bodyweight moves you can use BWx20x4 and for using a weighted vest it would be BW+60x20x4 Link to comment https://forums.phpfreaks.com/topic/297692-test-my-workout-tracker/#findComment-1518312 Share on other sites More sharing options...
ignace Posted August 9, 2015 Share Posted August 9, 2015 (edited) I also wouldn't show the overlap in the middle calendar. I confused the 8 and 9 in july with the one in august. Maybe also increase the number of reps you can compare with. Currently it is set to max. 10 while people who train on strength go for much higher reps. And is this tool meant to log what you did on a day or is this to plan your week/month too? EDIT: I noticed I can't log out nor can I manage my account? Also why don't you ask for gender, bodyweight, waist, fat percentage on registration? You need gender for most calculators like Wilks and Sinclair. The bodyweight is useful so you don't have to ask it on every log entry. Edited August 9, 2015 by ignace Link to comment https://forums.phpfreaks.com/topic/297692-test-my-workout-tracker/#findComment-1518345 Share on other sites More sharing options...
ajoo Posted August 17, 2015 Share Posted August 17, 2015 Hi, I liked the interface but did not check it for functionality or any such thing. However I did not see a logout button anywhere when I wanted to logout. Thanks. Link to comment https://forums.phpfreaks.com/topic/297692-test-my-workout-tracker/#findComment-1519074 Share on other sites More sharing options...
racken Posted August 24, 2015 Author Share Posted August 24, 2015 Cheers for having another look Each log is just a log of a single day. I have made changes based on your feedback, hopefully I'm starting to go in the right direction When I have time I am going to write up a intro guide that will shown to every after they first register that will cover the super basics. If anyone else has any more feedback or idea on how to improve it I would really appreciate it. Link to comment https://forums.phpfreaks.com/topic/297692-test-my-workout-tracker/#findComment-1519574 Share on other sites More sharing options...
benanamen Posted September 25, 2015 Share Posted September 25, 2015 You have a few server security issues. 1. Your site is vulnerable to Click Jacking. 2. You are advertising your PHP version (PHP/5.3.29) 3. Your PHP version is out of date. Current Stable PHP 5.6.13 4. You allow directory browsing. http://weightroom.uk/css/ & http://weightroom.uk/img/ 5. You are vulnerable to cross-domain Javascript inclusion (Host your JS on your server instead of linking to someone else's server.) 6. Auto Complete is not disabled for your login fields. Link to comment https://forums.phpfreaks.com/topic/297692-test-my-workout-tracker/#findComment-1521496 Share on other sites More sharing options...
anthonygallina Posted October 7, 2015 Share Posted October 7, 2015 I like it looks like it will be a great asset to those in weight training. You could expand on how to use it. I liked the bug racker also, maybe a FAQ too? Keep up the good work. Link to comment https://forums.phpfreaks.com/topic/297692-test-my-workout-tracker/#findComment-1522541 Share on other sites More sharing options...
teynon Posted November 27, 2015 Share Posted November 27, 2015 You should consider using prepared statements. It's easy to tell your database is vulnerable to sql injection by trying to sign in with a username or password of something like test' OR 1 = 1; Link to comment https://forums.phpfreaks.com/topic/297692-test-my-workout-tracker/#findComment-1527229 Share on other sites More sharing options...
racken Posted January 16, 2017 Author Share Posted January 16, 2017 I have done a fair amount of work on it since posting would appreciate if you could fine any other bugs. Thanks all Link to comment https://forums.phpfreaks.com/topic/297692-test-my-workout-tracker/#findComment-1541431 Share on other sites More sharing options...
benanamen Posted January 16, 2017 Share Posted January 16, 2017 You are advertising the server type and version (nginx/1.11.5) There are 87 Code errors most of which are the same ones repeated in each page. #5 and #6 from post 9 have not been addressed Link to comment https://forums.phpfreaks.com/topic/297692-test-my-workout-tracker/#findComment-1541464 Share on other sites More sharing options...
teynon Posted January 17, 2017 Share Posted January 17, 2017 It appears you have switched to Laravel. That framework should take care of a lot of security vulnerabilities automatically for you as long as you don't circumvent their procedures. You can of course make your own security vulnerabilities with code, so you should still be mindful of that. I would argue that #5 and #6 of Master Coder's points are arguably not necessary to change. CDN's are pretty widely used and you are using some reasonably trustworthy sites. The one I might move into your domain specifically is bootstrap.min.js, although it's not a big deal either way. The point of #6 is to prevent other users from logging into their account while using that users computer. While this may be a security vulnerability, it is also a choice by the user. You should not be overriding the users preferences unless you have a very good reason to do so. If you were protecting sensitive information such as credit cards, bank account information, SSN's, etc, then maybe consider preventing that, but even in that case, this is a user preference and you are counteracting features built into a browser. That's just my 2 cents there. This link (http://stackoverflow.com/questions/2530/how-do-you-disable-browser-autocomplete-on-web-form-field-input-tag) has some useful information on stopping autocomplete. Although you'll notice that Firefox partially ignores the rules of the autocomplete="off" tag and asks the user if they want to autofill. With that, I will say you should make your own custom 500 page and put your Laravel installation into production mode / prevent error messages outputting to the user. Your 404 page could use some navigation back to the homepage as well. Link to comment https://forums.phpfreaks.com/topic/297692-test-my-workout-tracker/#findComment-1541472 Share on other sites More sharing options...
Recommended Posts