• Log InLog In
  • Register
Liquid`
Team Liquid Liquipedia
EDT 19:54
CEST 01:54
KST 08:54
  • Home
  • Forum
  • Calendar
  • Streams
  • Liquipedia
  • Features
  • Store
  • EPT
  • TL+
  • StarCraft 2
  • Brood War
  • Smash
  • Heroes
  • Counter-Strike
  • Overwatch
  • Liquibet
  • Fantasy StarCraft
  • TLPD
  • StarCraft 2
  • Brood War
  • Blogs
Forum Sidebar
Events/Features
News
Featured News
Serral wins HomeStory Cup 296Serral wins Maestros of the Game 243ByuL, and the Limitations of Standard Play3Team Liquid Map Contest #22: Results and Winners7Code S Season 2 (2026): RO4 and Finals Preview12
Community News
BSL Season 22 Full Overview & Conclusion7BSL Season 22 Full Overview & Conclusion7Weekly Cups (June 29-July 5): Solar Doubles0MC vs IdrA, Boxer vs Nal_rA to be Legacy Matches @ BlizzCon445.0.16 Hotfix (June 30) - Balance + Bug Fixes40
StarCraft 2
General
Serral wins HomeStory Cup 29 Serral wins Maestros of the Game 2 Reynor: GSL Loss Wasn't About Preparation Format 5.0.16 patch for SC2 goes live (8 worker start) What is your PC setup in 2026 for SCBW/SC2 ?
Tourneys
GSL CK #5 Race War WardiTV Summer Cup 2026 RSL Revival: Season 6 - Qualifiers and Main Event HomeStory Cup 29 Vespene Cup #1 — $300+ USD, July 10
Strategy
[G] Having the right mentality to improve
Custom Maps
New Map Maker - Looking for Advice - Love or Hate Work In Progress Melee Maps [D]RTS in all its shapes and glory <3
External Content
The PondCast: SC2 News & Results Mutation # 534 Burning Evacuation Mutation # 533 Die Together Mutation # 532 Nuclear Family
Brood War
General
Pros Debate: Zerg Unfairly Nerfed? (ASL S22 map) BSL Season 22 Full Overview & Conclusion BGH Auto Balance -> http://bghmmr.eu/ BW General Discussion ASL22 General Discussion
Tourneys
[ASL22] Wildcard Qualifier IPSL Spring 2026 Top 4! [Megathread] Daily Proleagues CSLAN 4 is Coming!
Strategy
Fighting Spirit mining rates Simple Questions, Simple Answers Creating a full chart of Zerg builds Relatively freeroll strategies
Other Games
General Games
Stormgate/Frost Giant Megathread General RTS Discussion Thread Path of Exile Summer Games Done Quick 2026! Nintendo Switch Thread
Dota 2
Looking for a Dota Mentor Official 'what is Dota anymore' discussion
League of Legends
Heroes of the Storm
Simple Questions, Simple Answers Heroes of the Storm 2.0
Hearthstone
Deck construction bug
TL Mafia
NeO.D_StephenKing vs This Guy From 1 Million Dance TL Mafia Community Thread TL Mafia Power Rank Vanilla Mini Mafia
Community
General
US Politics Mega-thread Russo-Ukrainian War Thread UK Politics Mega-thread YouTube Thread Canadian Politics Mega-thread
Fan Clubs
The IdrA Fan Club The HerO Fan Club!
Media & Entertainment
Anime Discussion Thread Movie Discussion! Series you have seen recently...
Sports
2024 - 2026 Football Thread McBoner: A hockey love story Tennis[sport] Formula 1 Discussion TeamLiquid Health and Fitness Initiative For 2023
World Cup 2022
Tech Support
Simple Questions Simple Answers FPS when play League Of Legend on laptop How to clean a TTe Thermaltake keyboard?
TL Community
The Automated Ban List
Blogs
Major Shifts in the Gaming I…
TrAiDoS
An Exploration of th…
waywardstrategy
Gauntlet SC2: A Retrospectiv…
Ctone23
ramps on octagon
StaticNine
Funny Nicknames
LUCKY_NOOB
Evil Gacha Games and the…
ffswowsucks
StarCraft improvement
iopq
Customize Sidebar...

Website Feedback

Closed Threads



Active: 7846 users

Life as a Web Developer

Blogs > tofucake
Post a Reply
1 2 3 Next All
tofucake
Profile Blog Joined October 2009
Hyrule19228 Posts
Last Edited: 2010-07-06 21:34:07
July 03 2010 15:33 GMT
#1
So I recently started my new job as a web developer at a company that does auto financing. One of the internal tools they use is a system designed by a guy named Bob. Bob is not good at PHP. Below is an unedited snippet of his code, which is present in almost every single one of about 3000 files (the $message assignment is different on every page, but basically the same). Retarded spacing aside, it's just dumb. Also, the passwords are stored in plaintext.


....and this is just the start. The rest of the code is worse.

$systempath           =  $_SESSION[ 'systempath'         ];
$systemname = $_SESSION[ 'systemname' ];
$systemid = $_SESSION[ 'systemid' ];
$userid = $_SESSION[ 'userid' ];
$userpassword = $_SESSION[ 'userpassword' ];
$username = $_SESSION[ 'username' ];
$systemaccesslevel = $_SESSION[ 'systemaccesslevel' ];
$loginstatus = $_SESSION[ 'loginstatus' ];
$message = $_SESSION[ 'message' ];

$message = 'Perform Loan History Processing';

// set the session variables

$_SESSION[ 'systempath' ] = $systempath;
$_SESSION[ 'systemname' ] = $systemname;
$_SESSION[ 'systemid' ] = $systemid;
$_SESSION[ 'userid' ] = $userid;
$_SESSION[ 'userpassword' ] = $userpassword;
$_SESSION[ 'username' ] = $username;
$_SESSION[ 'systemaccesslevel' ] = $systemaccesslevel;
$_SESSION[ 'loginstatus' ] = $loginstatus;


[Update]
switched quotes to codes. Now you can see the dumb spacing.

*
Liquipediaasante sana squash banana
ilovezil
Profile Blog Joined August 2006
United States4143 Posts
July 03 2010 15:41 GMT
#2
ya, simply terrible!



??
RumZ
Profile Blog Joined March 2010
United States956 Posts
July 03 2010 15:43 GMT
#3
Wow.... that is going to take some time fixing eh?

It could be worse, I am doing some network administration on a server client setup that has not been updated from service pack 0 in 2 years on windows xp, the computers are also running incompatible version of symantec endpoint protection, and not only are they not supported anymore, each client is running a different version of the software.


But, I digress, I think your problem is way more painful if not able to be dealt with systematically.
fabiano
Profile Blog Joined August 2009
Brazil4644 Posts
July 03 2010 15:44 GMT
#4
lol

I guess its a good place to ask, which one is the best programming practice for php: use directly the $_SESSION[] variables or pass its content to a common variable?

eg. use $_SESSION['username'] all over the code or $username = $_SESSION['username'] and use $username for the rest of the code?
"When the geyser died, a probe came out" - SirJolt
Count9
Profile Blog Joined May 2009
China10928 Posts
July 03 2010 15:55 GMT
#5
Well... at least you know he read the PHP in 20 minutes book =) It's usually better when they write horrible code, and then leave you awesome comments with justifications.
tofucake
Profile Blog Joined October 2009
Hyrule19228 Posts
Last Edited: 2010-07-04 13:17:20
July 04 2010 13:09 GMT
#6
You guys haven't see the javascript yet. EVERY SINGLE LINE HAS AN EXPLANATORY COMMENT.

// resets the flag indicating whether the up or down key has been pressed
isKeyUpDownPressed = false;




On July 04 2010 00:41 ilovezil wrote:
ya, simply terrible!



??

He sets some variables, and then without changing any of them (sans $message), he sets them back again. It's a waste of space and processing power.


On July 04 2010 00:44 fabiano wrote:
lol

I guess its a good place to ask, which one is the best programming practice for php: use directly the $_SESSION[] variables or pass its content to a common variable?

eg. use $_SESSION['username'] all over the code or $username = $_SESSION['username'] and use $username for the rest of the code?
Both are acceptable, but only in certain situations. If you're doing processing and only want to display something, using local variables is best. I only use SESSION scope variables for tracking things that rarely or never change (a user ID) or things I don't want to be exposed (redirect after login). Other things he used SESSION scope for are things that should never, ever, for any reason, be stored anyway (plaintext password). Much of what he does could be sped up by using relational databases.
Liquipediaasante sana squash banana
vnlegend
Profile Blog Joined December 2006
United States1389 Posts
July 04 2010 13:56 GMT
#7
I don't really understand what this means but the guy could just be older and not too good with new technology.

** 30 years later **
16-yr old kid looks at tofucake's work: Who the hell wrote this dumb ancient code?

But anyway, looks like a good opportunity to get credit for making improvements.
Marines > everything
thedeadhaji *
Profile Blog Joined January 2006
39489 Posts
July 04 2010 14:17 GMT
#8
btw I like your ID
Count9
Profile Blog Joined May 2009
China10928 Posts
Last Edited: 2010-07-04 14:40:57
July 04 2010 14:39 GMT
#9
Wow, awesome, don't know how I missed this >.> I love thedailywtf, this is just as bad as some of code they got on there. (Of course, I don't have to work with this guy)

Maybe he auto generated some of those javascript things :/
tarpman
Profile Joined February 2009
Canada723 Posts
July 04 2010 16:38 GMT
#10
yeah, this sort of thing smells like copy-paste to me. likely he copy-pasted a bunch of stuff, tweaked it until it sort of worked, and then never touched it again :D
Saving the world, one kilobyte at a time.
QueueQueue
Profile Joined July 2009
Canada1000 Posts
July 04 2010 16:41 GMT
#11
On July 04 2010 22:09 tofucake wrote:
You guys haven't see the javascript yet. EVERY SINGLE LINE HAS AN EXPLANATORY COMMENT.

Show nested quote +
// resets the flag indicating whether the up or down key has been pressed
isKeyUpDownPressed = false;




At least people won't be lost >.<
tofucake
Profile Blog Joined October 2009
Hyrule19228 Posts
July 05 2010 20:54 GMT
#12
I want to submit something to DailyWTF...but I have no clue what to....it's all so bad.
Liquipediaasante sana squash banana
King K. Rool
Profile Blog Joined May 2009
Canada4408 Posts
July 05 2010 22:20 GMT
#13
lololol

Is bob still working there?
haduken
Profile Blog Joined April 2003
Australia8267 Posts
Last Edited: 2010-07-05 22:23:00
July 05 2010 22:22 GMT
#14
I've seen worse. I've worked on a project where the lead developer refused to use any control statements what so ever believing that they have a risk of malfunctioning. So the whole project was done assembly style except... in C#.

I still can't believe why this guy was hired and why he still works there.
Rillanon.au
NoHrt
Profile Blog Joined May 2010
Canada236 Posts
July 05 2010 23:37 GMT
#15
heh,

are you interested in assisting a fellow SC2 with your programming skills ? Im looking for help with a few things.

PM me if interested
l2sc.net | Lead Director | l2sc.tv NoHrt.518
tofucake
Profile Blog Joined October 2009
Hyrule19228 Posts
July 06 2010 00:46 GMT
#16
No...Bob was fired. Actually, about half way through the project he stopped responding to emails and phone calls (he was a contract hire, apparently).

On July 06 2010 07:22 haduken wrote:
I've seen worse. I've worked on a project where the lead developer refused to use any control statements what so ever believing that they have a risk of malfunctioning. So the whole project was done assembly style except... in C#.

I still can't believe why this guy was hired and why he still works there.

That hurts to think about.
Liquipediaasante sana squash banana
michiko
Profile Joined April 2010
United States75 Posts
July 06 2010 15:07 GMT
#17
I like the comment line you showed, rofl.

I mean it is a great practice to comment lines of code often, but E-V-E-R-Y line?

Espcially, ROFL, when the line itself describes what it does

//This resets the is key down flag to not being enabled
isKeyDown=false;

ROFL? What coder couldn't decipher that without the //?
----

And yes, I love that first post you make. In PHP it is very dangerous to store information in the session variables, who knows when it'll get changed or w/e as you navigate through the pages.

It's also a bad idea to store important information in there (like you said, just a session_id variable, user_ids, web cart information).

User names and passwords, any customer information stored in session? Bad News Bears.

Hell, I don't even use the $_[GET], i stick to POST so kiddies can't URL hi-jack my code.

---

Do you have a good source of code for properly storing passwords? I don't use plaintext, but I'm interested to hear your thoughts / methods on how to properly store, check and carry a PW value.

GOOD BLOG! 5/5!

tofucake
Profile Blog Joined October 2009
Hyrule19228 Posts
July 06 2010 15:18 GMT
#18
I'll post the creation bit here, and the whole password shpiel on pastebin. I create and store passwords based on SHA-1, with part of the SHA'd password used as the salt for SHA-ing the password to check it. Win.

function createpasswordhash($user, $raw_pass)
{
// this should ONLY be used to create NEW passwords, as
// the salt is based on the time
$salt = sha1($user . array_sum(explode(' ', microtime())));
$raw = $salt . sha1(sha1($user) . sha1($salt . $raw_pass));

return $raw;
}

The whole thing... http://pastebin.com/0dD00pu0
It makes use of my SQLController class for checking, but that should be easy enough to figure out. I can write up something about that later, though.
Liquipediaasante sana squash banana
michiko
Profile Joined April 2010
United States75 Posts
July 06 2010 15:30 GMT
#19
Awesome, great code. I won't steal - but that for sure helps!

I have one question:

$row = $DB->Fetch($query);

the "->"

I'm not a full-time coder, I do PHP contractually (soon-to-be full time, i hope).


Is that vanilla PHP? Are you using a framework? I recall -> calls being a big part of the Kohana framework.

$DB->Fetch sounds fricken awesome - for sure nicer than raw PHP MySQL queries...
tofucake
Profile Blog Joined October 2009
Hyrule19228 Posts
July 06 2010 15:40 GMT
#20
-> is part of PHP's OOP syntax. Like I said, I'll post my SQLController class later. I don't mind if you use my password stuff, as long as you stick a comment in there attributing it to me.
Liquipediaasante sana squash banana
1 2 3 Next All
Please log in or register to reply.
Live Events Refresh
Next event in 6m
[ Submit Event ]
Live Streams
Refresh
StarCraft 2
FoxeR 73
StarCraft: Brood War
GuemChi 2559
Rain 1382
Stork 297
Purpose 10
Bale 8
Dota 2
monkeys_forever465
NeuroSwarm228
canceldota178
Counter-Strike
summit1g8236
tarik_tv2469
Super Smash Bros
hungrybox150
PPMD55
Other Games
shahzam659
C9.Mang0337
Maynarde119
Organizations
Other Games
gamesdonequick1760
BasetradeTV248
StarCraft 2
Blizzard YouTube
StarCraft: Brood War
BSLTrovo
[ Show 15 non-featured ]
StarCraft 2
• Hupsaiya 109
• davetesta54
• AfreecaTV YouTube
• intothetv
• Kozan
• IndyKCrew
• LaughNgamezSOOP
• Migwel
• sooper7s
StarCraft: Brood War
• Eskiya23 18
• BSLYoutube
• STPLYoutube
• ZZZeroYoutube
Other Games
• imaqtpie1501
• Shiphtur222
Upcoming Events
Replay Cast
6m
CranKy Ducklings26
WardiTV Weekly
11h 6m
The PondCast
1d 10h
Replay Cast
2 days
CrankTV Team League
2 days
Replay Cast
3 days
CrankTV Team League
3 days
Replay Cast
4 days
RSL Revival
4 days
Clem vs Lambo
Scarlett vs Cure
CranKy Ducklings
4 days
[ Show More ]
IPSL
4 days
Dragon vs Hawk
RSL Revival
5 days
Classic vs Trap
herO vs SHIN
Sparkling Tuna Cup
5 days
IPSL
5 days
Bonyth vs Ret
WardiTV Weekly
6 days
Monday Night Weeklies
6 days
Liquipedia Results

Completed

YSL S3
HSC XXIX
Eternal Conflict S2 E2

Ongoing

IPSL Spring 2026
Acropolis #4
CSL 2026 Summer (S21)
RSL Revival: Season 6
CranK Gathers Season 4: BW vs SC2 Team League
SCTL 2026 Spring
XSE Pro League 2026
IEM Cologne Major 2026
Stake Ranked Episode 2
CS Asia Championships 2026
Asian Champions League 2026
IEM Atlanta 2026
PGL Astana 2026
BLAST Rivals Spring 2026

Upcoming

Escore Tournament S3: W3
ASL S22 SEASON OPEN Day 1
Escore Tournament S3: W4
ASL S22 SEASON OPEN Day 2
Escore Tournament S3: W5
CSLAN 4
Blizzard Classic Cup 2026
HSC XXX
SC4ALL II: StarCraft II
Kung Fu Cup 2026 Grand Finals
Light Tournament 2026
Eternal Conflict S2 Finale
Eternal Conflict S2 E3
Logitech G Connect 2026
StarSeries Fall 2026
FISSURE Playground #5
BLAST Open Fall 2026
Esports World Cup 2026
BLAST Bounty Summer 2026
BLAST Bounty Summer Qual
Stake Ranked Episode 3
TLPD

1. ByuN
2. TY
3. Dark
4. Solar
5. Stats
6. Nerchio
7. sOs
8. soO
9. INnoVation
10. Elazer
1. Rain
2. Flash
3. EffOrt
4. Last
5. Bisu
6. Soulkey
7. Mini
8. Sharp
Sidebar Settings...

Advertising | Privacy Policy | Terms Of Use | Contact Us

Original banner artwork: Jim Warren
The contents of this webpage are copyright © 2026 TLnet. All Rights Reserved.