

Show HN: VETS – Volunteer Effort Tracking System - ceeekay
https://github.com/vets/vets

======
ceeekay
About 5 years ago I volunteered to help our local SPCA (Society for the
Prevention of Cruelty to Animals) build a computerized system for tracking
hours that their volunteers spent. This an important part of the volunteer
coordinator's job, as there are hours/year requirements for volunteers, awards
given out annually, etc. Prior to that they were using a paper binder with
sign-in sheets, and adding up everything by hand at the end of the month. With
about 1000 active volunteers, this was no small task, and seemed like a place
computerization would be an amazing help. I wrote up a simple system in Rails
(which I had spent a fair amount of hobby time with) and it's been running
there ever since.

Today, there are about 67,000 "hours" entries in the database, about about
3,000 volunteers (1/3 of them active), and the system is a little slower than
it ought to be (my original testing was with tens of records, since there was
no existing database to import). Rather than try to update and re-learn ruby
and rails, I opted to give a try porting the essential parts of the system to
Python using bottle.py

The result of my work is now up on github and licensed under MIT.

I'm at a point where things are about functionally complete and I'd love to
hear feedback from anyone willing to take the time to take a look at it. It's
a generic enough system that I could see other non-profit organizations (who
often have much/any money available to spend on commercial software that can
track things like this) being interesting in this.

Things I'm not that great at, which are incidentally the main things this
project uses:

* Python

* bottle.py

* SQL

* HTML/CSS

This is a hobby project for me (I'm a C programmer by day) so I am probably
taking a naive approach in most cases, but in some cases I know that when I
re-deploy this version of the system, it's likely to sit for another 5+ years.

(Reposted as link from
[https://news.ycombinator.com/item?id=8179419](https://news.ycombinator.com/item?id=8179419)
as suggested by dang)

~~~
smt88
I'm concerned that the code base is open to SQL injection.

I'm not a Python developer, but it looks to me like you're taking input from
the user and putting it into queries without filtering it.

That said, my nonprofit helps other nonprofits use technology, and ALL of them
want a volunteer-tracking system. This is a very useful, worthwhile project.

~~~
ceeekay
I realize I'm pulling a huge cop-out by expecting that there aren't malicious
users in terms of input (especially since the text fields are entered by an
admin who presumably doesn't want to destroy their database), passwords are
stored in the clear, etc. For this reason all that's in this database is
volunteer names and hours, as the coordinator and I agreed that the less
personal information is present, the better. :)

I'd love to get others involved in the project whose needs are slightly
different and thus might have a motivation for doing a security audit, etc.

