Random-Recept was the first project I ever built with the intention of putting it online and hopefully growing it into something successful. I started working on it in my first year of my software engineering degree, seeing it as a great way to learn. And I was right, though not in the way I expected.

The project was built as a PHP application with HTML and CSS, along with mySQL database. At the time, I had not yet learned JavaScript and learning it was still a scary though for me since the curriculum so far only covered HTML/CSS/PHP and Python. I also didn’t knew of the existence of any frameworks like Laravel or others that could have made the whole process easier.

Despite the limitations, I quickly realized that I enjoyed working with CSS and spent most of my time learning about it through trial and error. Slowly but surely, the website started to take shape, and I began to feel proud of what I was creating. Everything from the Logo to the layout and animations were painstakingly put together.

Main call to action

Even though SQL was and is not my cup of tea I still managed to use it in such a way that it made the website from something static to something that could give you dynamic information.

What did the website do

It was a simple concept that evolved over time since I didn’t have a straightforward plan. The main call to action on the website was a button that allowed users to search for a random recipe, eliminating the need for users to decide what they wanted to eat. In the beginning, all the recipes were added by hand, either recipes I had prepared myself or ones I had copied from other websites. (In hindsight, I regret copying recipes from other sites.)

In a later revision, I added a completely self-built account system. Users could register, upload recipes, and view analytics showing how many people had viewed, commented or liked a recipe.

Security

Adding all these functions came with there own risk so it pushed me to learn a lot about web security. I learned about prepared statements, why hashing and salting passwords is importend and implemented it myself in a basic way. Even though this approach is a little outdated it has brought me some knowledge I wouldn’t have had If I had used a framework were everything was abstracted away.

/* Please do not use this code it is outdated and not secure any more */
function createAccount($username, $email, $password) {

    $link = connect();
    
    if (gettype($link) == 'string')
        return null;
    
    $salt = str_shuffle(hash('sha256', str_shuffle(microtime())));

    $activecode = md5(rand(0,1000));

    activeCode($email, $activecode, $username);
    
    $password = password_hash($password . $salt, PASSWORD_DEFAULT);
    
    $stmt = $link->prepare("INSERT INTO `account` (`username`, `email`, `hash`, `salt`, `activecode`) VALUES (?, ?, ?, ?, ?)");
    
    if (!$stmt)
        die("Prepare failed: (" . $link->errno . ") " . $link->error);
   
    $stmt->bind_param('sssss', $username, $email, $password, $salt, $activecode);
    
    $stmt->execute();
    
    $result = $stmt->get_result();

    if (gettype($result) != 'object')
        return null;
    
    return true;
}

Let’s take a closer look at the code block above, where I created user accounts. As you can see, I generated a salt for the password and a random activation code, which was then sent to the user’s email. I also hashed the password with the salt and inserted everything into the database using prepared statements. Please keep in mind that there was no error handling or logging in place to address potential issues.

Unfortunately, at one point, I experienced a security incident. Upon analyzing my analytics, I noticed traffic coming from a domain that wasn’t mine. This was my first security incident and was quickly resolved by adding security headers, which my website lacked. After implementing these headers and adding more security settings to my .htaccess file, the website of the attacker stopped functioning, and everything went back to normal.

Conclusion

All in all, I’m still proud of the website I built with the little knowledge that I had at the time. I won’t say that the code is good or clean by any means, but I was able to build something from scratch and bring it to the public. However, the story does not have a happy ending. Remember when I said I copied recipes from other websites? Well, those websites were not happy about it and saw it as me stealing their intellectual property. I received some pretty nasty emails from them, and I ultimately decided to remove all of their recipes from my site. This put a damper on my enthusiasm, and I lost the appetite (get it ;)) to continue working on the site since I was just gaining traction and receiving more and more visitors. But they were right, and I learned a valuable lesson about intellectual property and copyright law.

Maybe someday in the future, I’ll bring the website back online for nostalgic purposes and do a deep dive into the code to examine the good and bad points. For now, you can view the homepage via the Wayback Machine. Random-Recept may not have been a smashing success, but it was a valuable learning experience, and it helped me grow as a software engineer.

Visit the website

https://web.archive.org/web/20171001063716/https://random-recept.nielsvanbrakel.nl/