|
|
|
|
|
Wow.... that is going to take some time fixing eh?
It could be worse, I am doing some network administration on a server client setup that has not been updated from service pack 0 in 2 years on windows xp, the computers are also running incompatible version of symantec endpoint protection, and not only are they not supported anymore, each client is running a different version of the software.
But, I digress, I think your problem is way more painful if not able to be dealt with systematically.
|
lol
I guess its a good place to ask, which one is the best programming practice for php: use directly the $_SESSION[] variables or pass its content to a common variable?
eg. use $_SESSION['username'] all over the code or $username = $_SESSION['username'] and use $username for the rest of the code?
|
Well... at least you know he read the PHP in 20 minutes book =) It's usually better when they write horrible code, and then leave you awesome comments with justifications.
|
Hyrule19144 Posts
You guys haven't see the javascript yet. EVERY SINGLE LINE HAS AN EXPLANATORY COMMENT.
// resets the flag indicating whether the up or down key has been pressed
isKeyUpDownPressed = false;
On July 04 2010 00:41 ilovezil wrote:
ya, simply terrible!
??
He sets some variables, and then without changing any of them (sans $message), he sets them back again. It's a waste of space and processing power.
On July 04 2010 00:44 fabiano wrote:
lol
I guess its a good place to ask, which one is the best programming practice for php: use directly the $_SESSION[] variables or pass its content to a common variable?
eg. use $_SESSION['username'] all over the code or $username = $_SESSION['username'] and use $username for the rest of the code? Both are acceptable, but only in certain situations. If you're doing processing and only want to display something, using local variables is best. I only use SESSION scope variables for tracking things that rarely or never change (a user ID) or things I don't want to be exposed (redirect after login). Other things he used SESSION scope for are things that should never, ever, for any reason, be stored anyway (plaintext password). Much of what he does could be sped up by using relational databases.
|
I don't really understand what this means but the guy could just be older and not too good with new technology.
** 30 years later **
16-yr old kid looks at tofucake's work: Who the hell wrote this dumb ancient code?
But anyway, looks like a good opportunity to get credit for making improvements.
|
|
|
Wow, awesome, don't know how I missed this >.> I love thedailywtf, this is just as bad as some of code they got on there. (Of course, I don't have to work with this guy)
Maybe he auto generated some of those javascript things :/
|
yeah, this sort of thing smells like copy-paste to me. likely he copy-pasted a bunch of stuff, tweaked it until it sort of worked, and then never touched it again :D
|
On July 04 2010 22:09 tofucake wrote:You guys haven't see the javascript yet. EVERY SINGLE LINE HAS AN EXPLANATORY COMMENT. Show nested quote + // resets the flag indicating whether the up or down key has been pressed
isKeyUpDownPressed = false;
At least people won't be lost >.<
|
Hyrule19144 Posts
I want to submit something to DailyWTF...but I have no clue what to....it's all so bad.
|
lololol
Is bob still working there?
|
I've seen worse. I've worked on a project where the lead developer refused to use any control statements what so ever believing that they have a risk of malfunctioning. So the whole project was done assembly style except... in C#.
I still can't believe why this guy was hired and why he still works there.
|
heh,
are you interested in assisting a fellow SC2 with your programming skills ?  Im looking for help with a few things.
PM me if interested
|
Hyrule19144 Posts
No...Bob was fired. Actually, about half way through the project he stopped responding to emails and phone calls (he was a contract hire, apparently).
On July 06 2010 07:22 haduken wrote:
I've seen worse. I've worked on a project where the lead developer refused to use any control statements what so ever believing that they have a risk of malfunctioning. So the whole project was done assembly style except... in C#.
I still can't believe why this guy was hired and why he still works there.
That hurts to think about.
|
I like the comment line you showed, rofl.
I mean it is a great practice to comment lines of code often, but E-V-E-R-Y line?
Espcially, ROFL, when the line itself describes what it does
//This resets the is key down flag to not being enabled
isKeyDown=false;
ROFL? What coder couldn't decipher that without the //?
----
And yes, I love that first post you make. In PHP it is very dangerous to store information in the session variables, who knows when it'll get changed or w/e as you navigate through the pages.
It's also a bad idea to store important information in there (like you said, just a session_id variable, user_ids, web cart information).
User names and passwords, any customer information stored in session? Bad News Bears.
Hell, I don't even use the $_[GET], i stick to POST so kiddies can't URL hi-jack my code.
---
Do you have a good source of code for properly storing passwords? I don't use plaintext, but I'm interested to hear your thoughts / methods on how to properly store, check and carry a PW value.
GOOD BLOG! 5/5!
|
Hyrule19144 Posts
I'll post the creation bit here, and the whole password shpiel on pastebin. I create and store passwords based on SHA-1, with part of the SHA'd password used as the salt for SHA-ing the password to check it. Win.
function createpasswordhash($user, $raw_pass)
{
// this should ONLY be used to create NEW passwords, as
// the salt is based on the time
$salt = sha1($user . array_sum(explode(' ', microtime())));
$raw = $salt . sha1(sha1($user) . sha1($salt . $raw_pass));
return $raw;
}
The whole thing... http://pastebin.com/0dD00pu0
It makes use of my SQLController class for checking, but that should be easy enough to figure out. I can write up something about that later, though.
|
Awesome, great code. I won't steal - but that for sure helps!
I have one question:
$row = $DB->Fetch($query);
the "->"
I'm not a full-time coder, I do PHP contractually (soon-to-be full time, i hope).
Is that vanilla PHP? Are you using a framework? I recall -> calls being a big part of the Kohana framework.
$DB->Fetch sounds fricken awesome - for sure nicer than raw PHP MySQL queries...
|
Hyrule19144 Posts
-> is part of PHP's OOP syntax. Like I said, I'll post my SQLController class later. I don't mind if you use my password stuff, as long as you stick a comment in there attributing it to me.
|
|
|
|
|
|
EPT
