During the course of this update the overall functionality and organization of this Website Application became very cluttered and posed greater security risks than before. After the first few features were added, this update took a turn towards more security and client tracking. As of right now, this site does not keep track of where the user is and has no control over what they can and can not access (besides some of the admin pages like new-post. Although it seems harmless, this site is still at risk against database attacks and end-user attacks. In short terms, the user can manipulate the sites files to get access to the database and take control of the site. However, they can not change the site’s files or functionality on the backend, but this does not mean they can access those files and manipulate them for their own use. For now the site has been set to no-index, so it will not show up in any search engine to reduce the risk of attacks while the site is still under development.

End-User Geolocation Functionality
Over the course of the week, a mysterious user joined the site. This is not a bad thing, but it seemed suspicious because this site does not have anything to offer yet (especially since this user was from another country). Again, no harm was done, but to manage our site traffic all users who sign up are automatically tracked via their IP address. Now when a user signs up for this site their IP address is ran through a geolocation protocol provided for free by IPInfoDB. This function saves the end-user’s Country, Region, and IP address to the database when they sign up. It would be convenient to save this info every time a user signs in, but this protocol only allows for 2 geolocation queries per second. For now, this protocol is only used on sign-up, but as this site gains more control over user sessions this tool will be used more often.

More End-User Tracking
Since the use of the geolocation protocol is being limited to sign ups for the time being, this site now uses some built-in php functions to update their last login date and IP address every time they login. This will help track how often users are logging in and what time they last viewed our site. In the future, this can help gauge when the best posting times are.

Dynamic Date Variables
It is more than likely that users will be viewing this site from all over the world, and it would not be convenient to be viewing articles labeled with only EST/EDT timestamps. Now all date variables are stored into the database as UTC (GMT without daylight savings). A new javascript-based function has been added to the site that determines a users timezone based on their networks local time versus UTC. Now, every time a page is loaded, the end-user’s timezone is saved to a session variable and all of the date and time variables on the page are encoded to matched the user’s timezone.

Comments and Likes Functions
Every article now has a likes and comments section at the bottom.  Users can only like posts and leave comments if they are logged in. As of right now the style of these sections are not ideal and their are a few issues with them loading when the page loads. There will be big changes in the next update to fix this. More on this at the bottom.

Check Ticker Widget
In the new-post and edit-post pages is a new ticker checker widget located under the gallery widget. This widget allows you to search trading view for a specific ticker and display it on the screen to double check your post for accuracy. In the near future, this widget will generate a line of ‘short-code’ to be included in the article body. When this line of code is added to the article body, the site will interpret the data and display a real-time chart of the ticker from trading view inside of the article body. The one issue with this widget is the format of tradingview’s ticker names. Instead of typing AAPL for Apple’s ticker, you must type NASDAQ:AAPL. Thankfully, trading view will tell you that their is an error and you can search for the ticker within the widget itself. Another minor issue is that some tickers will not display via this widget as per tradingview’s policies.

More User Features
When a user is logged in, they can now change their display name and password from the profile page. The next step with this is to allow users to change their profile pictures and email addresses via this page as well.

Last notes before the big change
Thankfully, there were little to no bug fixes in this update, so now their are some new fonts and styles being tested. One of the most annoying bugs right now is that functions are not firing in the right order. As an example, the newsfeed image height adjustment sometimes does not happen at the right time so the images are squished to a short line. Another issue is that the comments and likes section doesn’t always load because of the timing of the function, but this will hopefully be fixed in the next update.

Saying Goodbye to BirdPress
The site’s current homemade framework (which is now being called BirdPress) worked great up until more javascript functions were implemented. Functions are not firing at the right times and the sites files are not as secure as they should be. The problem is that the site is not being controlled by the framework, rather it is just running without rhyme or reason. Also, all of the sites template parts and functions are not separated from the user posing a great security and functionality risk. Now, a new framework is in the process of being built for this site (working title the Slalom Framework). Yes, this is another proprietary framework and it will be well worth it to restructure the site. This new framework will separate the user from all of the potentially hackable site elements and it will build each page in an orderly fashion when it is being viewed. The new framework will be derived from two coding principals: DRY (Don’t Repeat Yourself) and MVC (Model View Controller). The one issue with this is that MVC is an OOP (Object Oriented Programming) method of running the site, which will require a complete recode of the entire application, so the new Slalom Framework will use Procedural Processing instead (which is what it is using now. To sum this up, the Slalom framework will be a Classes MVC (non-OOP) that runs the site more similarly to an application. This method will separate the end-user from the rest of the site including all of the template parts and functions ensuring that the database is safe and the framework remains in control of the DOM. This framework is not implemented in the current version of the site, but it will be in the next update along with other new features. More on the specifics of this framework in the next update.