UKC

First website

New Topic
This topic has been archived, and won't accept reply postings.
 lowersharpnose 16 Nov 2014
I have been asking a few computing questions over the last year or so as I wanted to get some up to date skills. To that end I started a project to find the best deals at supermarkets which has ended up as a website. It is a searchable database of current & historic prices for all products on the supermarket shelves. I am now testing it, squashing data bugs and improving how it works. It is woefully lacking in user help, which is my job for next week.

A couple of price search links:
My MIL likes Oyster Bay Merlot and bought some today for £6.29 as opposed to their stated full price of £11.19.
http://www.ispyprices.com/search/q%3D+oyster+bay+merlot

I am more Kronenbourg than merlot:
http://www.ispyprices.com/search/q%3D+kronenbourg

I have learned loads so far, and plan to carry on with it and see what happens.

Any opinions welcome...

lsn

 elsewhere 16 Nov 2014
In reply to lowersharpnose:
Nice! Dead simple to use.

I didn't know what the yellow and green dots meant.

moet et chandon got 2 results
moet got loads of results, mainly moet & chandon

Consider displaying alternative search results for individual words or hints such as 'view moet search for 50 more results'

Are you scraping results (they might not like that) or do the supermarkets have API's?
In reply to elsewhere:

Three green dots = best price we have seen since...
Two dots = close to best ever
One best in show

Orange dot = a volatile price.

Fixed the Moet &/et. Either should get all the results now.

Thanks.



 Brass Nipples 16 Nov 2014
In reply to lowersharpnose:

Tapped on link that came up and price did not match what your website says.
In reply to Orgsm:

What was it?

I may be a day out of date.
 jasonC abroad 16 Nov 2014
In reply to lowersharpnose:

I like the idea, thought about doing something similar myself but never got round to it, nice to see that somebody can be bothered. I like the idea of being able to check up supermarket's half price offers and see if they ever where at the full price.

Like some others I was confused by what the dots mean, some sort of key would be good, also the same for the bright green dot which means all supermarkets. I'd replace the images with background images and add text in the links which I'd hide with css, its useful. It might be a good idea to look into image sprites, where you aggregate images into one big image to save downloads.

http://css-tricks.com/css-sprites/

I see you've made it responsive, which is good, but I think you could do with increasing the font size when the window size get smaller the text becomes too small to read.

Over all very good.

Jason
 Mike-W-99 16 Nov 2014
In reply to lowersharpnose:
I'd check your parsing of the input data and read up on sql injection. Not that you are vulnerable but a quite check with the usual suspect inputs got some unusual responses.

Like the site though.
Post edited at 21:14
 Brass Nipples 16 Nov 2014
In reply to lowersharpnose:


The oyster bay Merlot example link you gave.
In reply to Orgsm:

Ah. My price is correct. There is a double discount, which may not be clear from the Tesco website.

The wine normally is £11.19, but is reduced by 25% to £8.39 a bottle.

On top of this, there is a further discount of 25% if you buy four or more bottles --> £6.19

Stock up, if you like the stuff.
In reply to prog99:

Thanks, I will.
 Brass Nipples 16 Nov 2014
In reply to lowersharpnose:

Ah in which case it'd be good if your site gave the qty to get the duscount
interdit 16 Nov 2014
In reply to lowersharpnose:

You are sending usernames and passwords in plain text.
Here is a line I picked up on wifi from one computer whilst logging in with fake details on another machine.

csrf_token=20141116221041%23%237571710a70f50185bd0c2503c78e9ed5c1e3d940&username=zzzzzzzzzzzzzzzzzzzzz&password=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyy&submit=Sign+In

Very bad news.

Also.
You need to sanitize your form inputs

eg.

http ://www.ispyprices.com/search/q%3D+%25%25+%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%2555

breaks your website -


Something went wrong
This website is hosted by PythonAnywhere ...
Error code: Unhandled Exception
In reply to interdit:

I am using Python/Flask/WTForms. I though that would handle the passwords securely, clearly not. I will have to fix that.

I have a had a first pass sanitizing the searchstrings & can now withstand what you did.

Thanks very much.
 Brass Nipples 16 Nov 2014
In reply to lowersharpnose:



Something went wrong

This website is hosted by PythonAnywhere, an online hosting environment. Something went wrong while trying to load it; please try again later.

If this is your PythonAnywhere-hosted site, there may be a bug in your code. Check your site's server and error logs for any messages — you can view them from the Web tab inside PythonAnywhere.

You'll find a series of tips on how to debug problems, and solutions to common issues on our Help pages

If you get completely stuck, then drop us a line at support@pythonanywhere.com, in the forums, or using the "Send feedback" link on the site, quoting the error code below.

Error code: Unhandled Exception
In reply to Orgsm:

Thanks. I think I have that one now.

I appreciate everyone's help at giving this a good kicking.

I have done some more input cleaning.
 ByEek 17 Nov 2014
In reply to lowersharpnose:

Very impressive. However the results for things like Baked Beans are very confusing. A superb start but much work still todo.
New Topic
This topic has been archived, and won't accept reply postings.
Loading Notifications...