Jump to content


Photo

Test my workout tracker


  • This topic is locked This topic is locked
13 replies to this topic

#1 racken

racken
  • Members
  • PipPip
  • Member
  • 15 posts

Posted 08 August 2015 - 12:20 PM

I'm building a weightlifting workout tracker, I have added some sample data but feel free to add your own

 

http://weightroom.uk/

http://weightroom.uk/phpfreaks.txt

 

To login use

username: test

password: test123

 

Looking for feedback as well as any bugs

 

Thanks all



#2 ignace

ignace
  • Moderators
  • Now mod flavored
  • 6,411 posts
  • LocationBelgium

Posted 08 August 2015 - 12:53 PM

The UI is not intuitive. I had no idea how to add a new workout. Also the formatting help returned nothing.

Not everything has a weight like push-up or sit-up (which is not equal to your bodyweight) unless you would use a weighted vest.

#3 racken

racken
  • Members
  • PipPip
  • Member
  • 15 posts

Posted 08 August 2015 - 03:13 PM

The UI is not intuitive. I had no idea how to add a new workout. Also the formatting help returned nothing.

Not everything has a weight like push-up or sit-up (which is not equal to your bodyweight) unless you would use a weighted vest.

 

Cheers for having a look, I have fixed the formatting help button and rewritten to show how you can add bodyweight exercises

and in terms of usability was it only adding a log you have trouble with or where there other issues with it?

I really want to try and get usability down as that was pretty much the point of the site

 

Im going to add a track button which would take you directly to adding a workout and write up some help files



#4 ignace

ignace
  • Moderators
  • Now mod flavored
  • 6,411 posts
  • LocationBelgium

Posted 08 August 2015 - 03:29 PM

Also what is the Volume meant to do? It shows 4800kg, so can I now lift my car? I did 4 sets of 20 push-ups with a weighted vest of 60kg? Also how do I specify when I have no weight? 0x20x4 is kinda a problem :)

#5 racken

racken
  • Members
  • PipPip
  • Member
  • 15 posts

Posted 08 August 2015 - 04:44 PM

Haha yeah I guess thats not too clear, volume is total volume of weight moved during that session or for the exercise 4*20*60 = 4800 for bodyweight moves you can use

BWx20x4 and for using a weighted vest it would be BW+60x20x4



#6 ignace

ignace
  • Moderators
  • Now mod flavored
  • 6,411 posts
  • LocationBelgium

Posted 09 August 2015 - 07:12 AM

I also wouldn't show the overlap in the middle calendar. I confused the 8 and 9 in july with the one in august.

Maybe also increase the number of reps you can compare with. Currently it is set to max. 10 while people who train on strength go for much higher reps.

And is this tool meant to log what you did on a day or is this to plan your week/month too?

EDIT:
I noticed I can't log out nor can I manage my account?
Also why don't you ask for gender, bodyweight, waist, fat percentage on registration? You need gender for most calculators like Wilks and Sinclair. The bodyweight is useful so you don't have to ask it on every log entry.

Edited by ignace, 09 August 2015 - 07:31 AM.


#7 ajoo

ajoo
  • Members
  • PipPipPip
  • Advanced Member
  • 529 posts

Posted 17 August 2015 - 10:38 AM

Hi, I liked the interface but did not check it for functionality or any such thing. However I did not see a logout button anywhere when I wanted to logout. 

 

Thanks.



#8 racken

racken
  • Members
  • PipPip
  • Member
  • 15 posts

Posted 24 August 2015 - 08:17 PM

Cheers for having another look

 

Each log is just a log of a single day.

 

I have made changes based on your feedback, hopefully I'm starting to go in the right direction :)

When I have time I am going to write up a intro guide that will shown to every after they first register that will cover the super basics.

 

If anyone else has any more feedback or idea on how to improve it I would really appreciate it. 



#9 benanamen

benanamen
  • Members
  • PipPipPip
  • Master Coder
  • 1,380 posts

Posted 25 September 2015 - 12:34 AM

You have a few server security issues. 

 

1. Your site is vulnerable to Click Jacking.

2. You are advertising your PHP version (PHP/5.3.29)

3. Your PHP version is out of date. Current Stable PHP 5.6.13

4. You allow directory browsing. http://weightroom.uk/css/ & http://weightroom.uk/img/

5. You are vulnerable to cross-domain Javascript inclusion (Host your JS on your server instead of linking to someone else's server.)

6. Auto Complete is not disabled for your login fields.


To save time, let's just assume I am never wrong.

The XY Problem
The XY problem is asking about your attempted solution (X) rather than your actual problem (Y). This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.


Make A Donation https://www.paypal.me/KevinRubio

 

"This text has been encoded with ROT26. If you can read this you must have found a backdoor. Congratulations!"


#10 anthonygallina

anthonygallina
  • Members
  • PipPip
  • Member
  • 24 posts

Posted 07 October 2015 - 06:15 AM

I like it looks like it will be a great asset to those in weight training. You could expand on how to use it. I liked the bug racker also, maybe a FAQ too?  Keep up the good work.



#11 teynon

teynon
  • Members
  • PipPipPip
  • Advanced Member
  • 898 posts

Posted 27 November 2015 - 04:42 AM

You should consider using prepared statements. It's easy to tell your database is vulnerable to sql injection by trying to sign in with a username or password of something like 

test' OR 1 = 1;

Support my Kickstarter Project!
http://www.kickstart...7618755/antroid

http://www.thomaseynon.com

Vulnerabilities: http://cwe.mitre.org...x.html#Guidance - MySQL.com hacked with SQL Injection - If it happened to them, it can happen to you.


#12 racken

racken
  • Members
  • PipPip
  • Member
  • 15 posts

Posted 16 January 2017 - 10:27 AM

I have done a fair amount of work on it since posting would appreciate if you could fine any other bugs. Thanks all :)



#13 benanamen

benanamen
  • Members
  • PipPipPip
  • Master Coder
  • 1,380 posts

Posted 16 January 2017 - 08:33 PM

You are advertising the server type and version (nginx/1.11.5)
 
There are 87 Code errors most of which are the same ones repeated in each page.
 
#5 and #6 from post 9 have not been addressed

To save time, let's just assume I am never wrong.

The XY Problem
The XY problem is asking about your attempted solution (X) rather than your actual problem (Y). This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.


Make A Donation https://www.paypal.me/KevinRubio

 

"This text has been encoded with ROT26. If you can read this you must have found a backdoor. Congratulations!"


#14 teynon

teynon
  • Members
  • PipPipPip
  • Advanced Member
  • 898 posts

Posted 17 January 2017 - 03:30 AM

It appears you have switched to Laravel. That framework should take care of a lot of security vulnerabilities automatically for you as long as you don't circumvent their procedures. You can of course make your own security vulnerabilities with code, so you should still be mindful of that.

 

I would argue that #5 and #6 of Master Coder's points are arguably not necessary to change. CDN's are pretty widely used and you are using some reasonably trustworthy sites. The one I might move into your domain specifically is bootstrap.min.js, although it's not a big deal either way.

 

The point of #6 is to prevent other users from logging into their account while using that users computer. While this may be a security vulnerability, it is also a choice by the user. You should not be overriding the users preferences unless you have a very good reason to do so. If you were protecting sensitive information such as credit cards, bank account information, SSN's, etc, then maybe consider preventing that, but even in that case, this is a user preference and you are counteracting features built into a browser. That's just my 2 cents there. This link (http://stackoverflow...field-input-tag) has some useful information on stopping autocomplete. Although you'll notice that Firefox partially ignores the rules of the autocomplete="off" tag and asks the user if they want to autofill.

 

With that, I will say you should make your own custom 500 page and put your Laravel installation into production mode / prevent error messages outputting to the user. Your 404 page could use some navigation back to the homepage as well.


Support my Kickstarter Project!
http://www.kickstart...7618755/antroid

http://www.thomaseynon.com

Vulnerabilities: http://cwe.mitre.org...x.html#Guidance - MySQL.com hacked with SQL Injection - If it happened to them, it can happen to you.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users