Tuesday 5 August 2014

Tagore Hostel : Room Allocation started

Tagore Room Allocation

The 81 days long Summer Vacation is now coming to an end. 21st August, 2014 is the Registration Day. Happy, that boring holidays are getting over. Angry, that our Batch has been alloted the same Hostel, Tagore (rumours or truth, vo to abhi pata nahi). With the Fine(st) facilities and the Best Mess, Tagore Hostel is one of the worst places to reside. So, what could could be more intimidating than the fear to spend another year in Tagore...
I guess, Starting an Online Room Allocation Website and ditching the rumours aside would be a cool prank.

Developing the Site

I needed something for students to trust the site, 'Office of Registrar, Pantnagar' anyone??...To make students believe, I had to imitate the front-end very closely. Saving the entire webpage through chrome isn't difficult.
Here's the difficult part. Developing the back-end with PHP and MySQL. Actually, it wasn't tough either. What annoyed me the most, was to think of an idea to make sure that every guy allocates a room only once, given I had no way to check if he has already done that (there was no way for me to identify unique visitors). The Solution was an obfuscated use of Cookies and Databases. I won't go into detail, but the code had loopholes. And I could only hide them by making the users trust the site, or else the plan fails.

Plan

is simple. Gain user trust at the first page, request their IDs and Passwords, albeit passwords had no importance. Even if you entered an invalid one, there was no way for me to check. The IDs were required to make sure students allocate room only once. Besides this, there were other loopholes too. One was inadvertent. The user could use the back button of browser and allocate rooms as many times he likes. Fortunately, I figured it out when Neeraj started doing it, and had that resolved.

As I told, there was no way to check the entered passwords, some students figured that out, and the site was soon declared "FARZI". But, still it wasn't clear to most. It was only after Megan Fox and Angelina Jolie Allocated a room for themselves (with Satya, :D), people declared it fake.
I didn't use student IDs to fill the Allocated_Rooms table, Instead I used their names provided (when requested) at Room-selection-page. This idea makes the site more engaging,,,whos-with-whom?? kind of thing.

Result

Awesome, yeah! Pretty Awesome. The site was online for only 4.5 hours (after that it got disabled by the host becoz of the CPU usage limit.

TheQuestion

If we entered the correct passwords at the site, Were they saved in Db?
The answer is : ABSOLUUUUUTELY
But I don't have them anymore, I deleted the table from the Database.You may check (or even change) your passwords if you are skeptical. Besides, the table had a lot invalid IDs (many entered by myself) and invalid passwords too. I won't go all the way through checking what ones are correct.

Sab Simtate hue aur Maff-iya mangte hue

Jis kisi ko, meri taraf se thes pahuchi ho....usse..me...maaffi
.
.
.
.
.
.
.
.
.
.
.
.
bhala kyu maangu?? :P .
I mean I helped you change "SYST", something you don't consider important.

2 comments:

Comment!

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)