|
|
|
|
|
Wow.... that is going to take some time fixing eh?
It could be worse, I am doing some network administration on a server client setup that has not been updated from service pack 0 in 2 years on windows xp, the computers are also running incompatible version of symantec endpoint protection, and not only are they not supported anymore, each client is running a different version of the software.
But, I digress, I think your problem is way more painful if not able to be dealt with systematically.
|
lol
I guess its a good place to ask, which one is the best programming practice for php: use directly the $_SESSION[] variables or pass its content to a common variable?
eg. use $_SESSION['username'] all over the code or $username = $_SESSION['username'] and use $username for the rest of the code?
|
Well... at least you know he read the PHP in 20 minutes book =) It's usually better when they write horrible code, and then leave you awesome comments with justifications.
|
Hyrule19193 Posts
You guys haven't see the javascript yet. EVERY SINGLE LINE HAS AN EXPLANATORY COMMENT.
// resets the flag indicating whether the up or down key has been pressed
isKeyUpDownPressed = false;
On July 04 2010 00:41 ilovezil wrote:
ya, simply terrible!
??
He sets some variables, and then without changing any of them (sans $message), he sets them back again. It's a waste of space and processing power.
On July 04 2010 00:44 fabiano wrote:
lol
I guess its a good place to ask, which one is the best programming practice for php: use directly the $_SESSION[] variables or pass its content to a common variable?
eg. use $_SESSION['username'] all over the code or $username = $_SESSION['username'] and use $username for the rest of the code? Both are acceptable, but only in certain situations. If you're doing processing and only want to display something, using local variables is best. I only use SESSION scope variables for tracking things that rarely or never change (a user ID) or things I don't want to be exposed (redirect after login). Other things he used SESSION scope for are things that should never, ever, for any reason, be stored anyway (plaintext password). Much of what he does could be sped up by using relational databases.
|
I don't really understand what this means but the guy could just be older and not too good with new technology.
** 30 years later **
16-yr old kid looks at tofucake's work: Who the hell wrote this dumb ancient code?
But anyway, looks like a good opportunity to get credit for making improvements.
|
|
|
Wow, awesome, don't know how I missed this >.> I love thedailywtf, this is just as bad as some of code they got on there. (Of course, I don't have to work with this guy)
Maybe he auto generated some of those javascript things :/
|
yeah, this sort of thing smells like copy-paste to me. likely he copy-pasted a bunch of stuff, tweaked it until it sort of worked, and then never touched it again :D
|
On July 04 2010 22:09 tofucake wrote:You guys haven't see the javascript yet. EVERY SINGLE LINE HAS AN EXPLANATORY COMMENT. Show nested quote + // resets the flag indicating whether the up or down key has been pressed
isKeyUpDownPressed = false;
At least people won't be lost >.<
|
Hyrule19193 Posts
I want to submit something to DailyWTF...but I have no clue what to....it's all so bad.
|
lololol
Is bob still working there?
|
I've seen worse. I've worked on a project where the lead developer refused to use any control statements what so ever believing that they have a risk of malfunctioning. So the whole project was done assembly style except... in C#.
I still can't believe why this guy was hired and why he still works there.
|
heh,
are you interested in assisting a fellow SC2 with your programming skills ?  Im looking for help with a few things.
PM me if interested
|
Hyrule19193 Posts
No...Bob was fired. Actually, about half way through the project he stopped responding to emails and phone calls (he was a contract hire, apparently).
On July 06 2010 07:22 haduken wrote:
I've seen worse. I've worked on a project where the lead developer refused to use any control statements what so ever believing that they have a risk of malfunctioning. So the whole project was done assembly style except... in C#.
I still can't believe why this guy was hired and why he still works there.
That hurts to think about.
|
I like the comment line you showed, rofl.
I mean it is a great practice to comment lines of code often, but E-V-E-R-Y line?
Espcially, ROFL, when the line itself describes what it does
//This resets the is key down flag to not being enabled
isKeyDown=false;
ROFL? What coder couldn't decipher that without the //?
----
And yes, I love that first post you make. In PHP it is very dangerous to store information in the session variables, who knows when it'll get changed or w/e as you navigate through the pages.
It's also a bad idea to store important information in there (like you said, just a session_id variable, user_ids, web cart information).
User names and passwords, any customer information stored in session? Bad News Bears.
Hell, I don't even use the $_[GET], i stick to POST so kiddies can't URL hi-jack my code.
---
Do you have a good source of code for properly storing passwords? I don't use plaintext, but I'm interested to hear your thoughts / methods on how to properly store, check and carry a PW value.
GOOD BLOG! 5/5!
|
Hyrule19193 Posts
I'll post the creation bit here, and the whole password shpiel on pastebin. I create and store passwords based on SHA-1, with part of the SHA'd password used as the salt for SHA-ing the password to check it. Win.
function createpasswordhash($user, $raw_pass)
{
// this should ONLY be used to create NEW passwords, as
// the salt is based on the time
$salt = sha1($user . array_sum(explode(' ', microtime())));
$raw = $salt . sha1(sha1($user) . sha1($salt . $raw_pass));
return $raw;
}
The whole thing... http://pastebin.com/0dD00pu0
It makes use of my SQLController class for checking, but that should be easy enough to figure out. I can write up something about that later, though.
|
Awesome, great code. I won't steal - but that for sure helps!
I have one question:
$row = $DB->Fetch($query);
the "->"
I'm not a full-time coder, I do PHP contractually (soon-to-be full time, i hope).
Is that vanilla PHP? Are you using a framework? I recall -> calls being a big part of the Kohana framework.
$DB->Fetch sounds fricken awesome - for sure nicer than raw PHP MySQL queries...
|
Hyrule19193 Posts
-> is part of PHP's OOP syntax. Like I said, I'll post my SQLController class later. I don't mind if you use my password stuff, as long as you stick a comment in there attributing it to me.
|
That man is a genius at coding. He's securing his job for life.
|
|
|
Hyrule19193 Posts
On July 07 2010 03:41 Inori wrote:Show nested quote + function createpasswordhash($user, $raw_pass)
{
// this should ONLY be used to create NEW passwords, as
// the salt is based on the time
$salt = sha1($user . array_sum(explode(' ', microtime())));
$raw = $salt . sha1(sha1($user) . sha1($salt . $raw_pass));
return $raw;
} This is quite common with beginner coders really. Everyone has this period where they feel they need to reinvent everything and are smarter than everyone. I remember wondering why I'm the only one "smart" enough to use sha1(md5(base64_encode())); Except I'm a professional PHP developer ^^
That's code I wrote when I was a beginner, I admit, but it's easy and copypasta is my friend. It's perfectly secure and quicker than using mcrypt. And the SHA'ing of multiple things is just for diversity. A 40 character salt is better than a 20 character salt, after all.
|
|
|
Hyrule19193 Posts
That's only true when the SHA hash is shorter than the source, so unless someone has a 28 character password (and I usually cap length at about 20 anyway), there's no impact on the security.
|
meh...this isn't really bad. just overkill...
but yeah i guess it wastes processing power, not that much though (don't lie to yourself, setting the variable again takes nothing)
comments aren't bad; where i work we have this 'genius' who is amazing at coding but his shit is impossible to decipher. we're lucky because he will just redo it form scratch instead of making it easy to modify so we could just modify it -.-
(I have extensive knowledge of PHP/SQL)
|
Hyrule19193 Posts
This one page I'm working on now was originally 800 lines with 12 SQL queries. I have reduced it to 350 lines and 2 SQL queries, and still managed to add functionality. That's BAD.
|
So how long have you been PHP programming?
My only qualm with PHP is despite it being really easy/fun/extensive to learn and code in...I've heard that PHP coding is pretty entry level as far as a career goes.
A coding friend of mine started OFF in PHP and moved into other languages.
That said...I'm like ultra excited about an upcoming potential opportunity to start coding full-time, from part-time.
Also - and maybe this will help spark more of a debate, especially regarding life as a web developer - how much are we/you being replaced by the really smart coders?
As in - There are a dozen CMS and Web Cart framework applications that business people can purchase...
Why pay someone a pretty decent salary when you can just BUY the framework/CMS/Cart and install it yourself?
==
Just as our individual 'EXP' bars go up as we code, and become veterans from beginners....I feel that the whole industry of programming has that same EXP bar...and it is constantly weeding out the un-needed...Like poor Bob that wrote the silly code in the OP.
==
And Oh Yeah! PDO. I remember that stuff. I don't see why I would incorporate PDO functions into a Project that is going to stay strictly with MySQL. Am I missing something? Does it reduce lines of code that much? I'm by far the infant of the group - so i'll take knowledge spankings -
|
Hyrule19193 Posts
I've been programming in PHP for about 8 years now? Something like that. The best analogy I can think of for PHP is one not many people understand (but all of you will!): It's like StarCraft - easy to get started in and damn hard to master.
And, once again, I'm not using PDO, just OOP.
As for being replaced....I'm one of the really smart coders doing the replacing. I know another 5 programming languages, I know how a CPU works (and can/have built a functioning computer, and I don't mean from parts off Newegg), and I have tons of experience. What I lack, being mostly self taught, is formatted knowledge about things. For instance, I used MVC style coding for 4 years before I knew what MVC style was. I also lack in some areas, but my primary job is getting me experience in those areas. And not to too my own horn, I know I still have a very long way to go before I'd ever even be able to consider maybe thinking about possibly calling myself an expert.
And yes! Networking is important. I've got friends in all kinds of tech jobs (mostly programming), from Northrup Grumman to the Canadian Government. References from those guys go a lot farther than a reference from your boss over at Best Buy.
|
|
|
Dude that's nothing this is what I had to work with when I had to fix up someone's website that was never finished.
//checks what certificate they purchased
function ninjapants($g, $c) {
$co2 = ($c > 0) ? true : false;
$green = ($g > 0) ? true : false;
if($co2 && $green) return 1;
elseif($co2) return 3;
elseif($green) return 2;
else return false;
}
//generates the PDF file
function ninjagloves($type, $one, $two, $three, $four, $total, $five = ''){
$ski = array();
$ski[0] = 'This document confirms that';
$one = stripslashes($one);
$two = stripslashes($two);
$three = stripslashes($three);
$four = stripslashes($four);
$five = stripslashes($five);
$total = stripslashes($total);
$lah = $this->ninjapants($three, $four);
switch($type) {
case 'business':
... you get the idea
These guys still got paid around $10,000 for building a piece of crap that never worked.
Also I can't wait till PHP is replaced with Ruby (not RoR). PHP is the worst language ever (yeah I could write a whole book about it) and there will be less un-qualified script kiddies making websites.
|
Even though the code you snipped is harmless, it is still copyrighted company code, and not something you should be posting on a public forum.
The internet is fun when it is anonymous and it is easy to take these things lightly, but if I was your manager, I would show you the door... something to think about at least.
|
|
|
ninjagloves!
I couldn't stop laughing for 1 minute
|
hahahha shit still laughing about ninjapants and ninjagloves
|
I'm going to name all of my functions and variables arbitrary words, too! BTW, why is there no coding thread here? We've got threads for most other hobbies, and there seems to be quite a couple of coders here. Anyone feel like starting one?
|
i don't understand... is this dumb because white space matters in PHP? so what if he wants to take the extra effort into making it look pretty. i would if i had the time and liked my job.
...or is it dumb because they didnt do it the fancy way
|
On July 07 2010 20:10 wanderer wrote:
i don't understand... is this dumb because white space matters in PHP? so what if he wants to take the extra effort into making it look pretty. i would if i had the time and liked my job.
...or is it dumb because they didnt do it the fancy way
He basically does this:
(pseudo, ofcourse)
a = b
b = a
Except for with all the variables, so the second set is completely unneccesary and does aboslutely nothing, it's equal to doing
a = a
which it obviously is already.
|
Hyrule19193 Posts
On July 07 2010 20:10 wanderer wrote:
i don't understand... is this dumb because white space matters in PHP? so what if he wants to take the extra effort into making it look pretty. i would if i had the time and liked my job.
...or is it dumb because they didnt do it the fancy way
Like the guy said, he did a = b, b = a. The problem with the whitespace is that he aligns EVERYTHING in the file, not just blocks. There's parts where there's 23 (yes, 23) tabs before the start of a line of code. That's already a line wrap on a 1660x900 monitor.
|
Probably been told, by some professor, some time, in the ancient past, that it HAS to be done that way. Poor soul.
|
On the other hand - I think one thing that will save us professionals who aren't fucking (yes, fucking) super gosu at coding...Will be how quickly programming concepts evolve and in some instances forgotten.
+ Show Spoiler +I am a bit jaded by some of the elitist mentality that coders have. Very, very few 'humble' coders out there. With a decently understanding of why; when you figure out a program through writing code it is a really rewarding experience and boosts the; "I r SmART" confidence.
Haha, like the MVC and PDO we discuss above. Both concepts I've studied and wrapped my head around. But BOTH, I certainly couldn't recall on a moment's notice.
Now that is surely attributed to the fact that I don't code in a MVC typically - the PHP I write uses a...I guess I'd call it...a Property Structure, like GETS and SETS. I also don't code all the time, so concepts I browse over are buried in the sands of life as months go by.
Coding mentalities and languages are certainly something you've got to flex and practice often to keep in-shape.
Someone above teases script kiddies - I guess I am slightly offended by that, I'm not sure if what I code could be considered just scripting...But what is wrong with that, even if so? As Tofu exclaims the high up elite coders are doing their best to eliminate script kiddies anyway.
And (this is extreme) i feel like, lol, you describe script kiddies as being like illegal immigrants or something, leeching jobs!
|
Hyrule19193 Posts
Plenty are. My job is one that was previously held by a script kiddie, and I was called in and interviewed over 3 weeks before I was hired (they reallllllly didn't want to get another kiddie). Most script kiddies think they are good programmers because the follow one of the primary tenants of programming: never rewrite code if you don't have to. The problem is...script kiddies don't understand the code they are using, whereas a real programmer will know exactly what's going on in there.
|
Good summary, surely it is far more complex than that, but great way to sum it up.
When you say that only a real programmer will know exactly what's going on in there, it begs the following question:
Why did someone, a proverbial 'real programmer', even ever structure a set of language or syntax rules that could be utilized by a 'script kiddie'.
There must be a marketplace and a demand for 'script kiddies', in which case, we/you should be thankful that there is a definable difference between the two...separating the men from mice so-to-speak.
As you can see, I'd be more fit for a Consulting / Managerial role of programming, rather than the strict science of logic's and syntax memorization required to be a 'real programmer' - lol.
|
Hyrule19193 Posts
Every language is like that. Someone writes some useful piece of software or a helpful script (eg some Perl or BaSH script) and releases, and then it's out there. Script kiddies tend to have a very basic understanding of the tools they use, say...enough to change some parameters in a search or to use a hex editor to change the title of a program. A programmer knows enough about a tool to be able to completely rewrite it if need be.
As for a "demand for script kiddies", it is unfortunately very hard for non-technical people to tell the difference between a script kiddie and a programmer, which stacks the odds against us (since there are far more script kiddies than educated, experienced programmers).
|
|
|
|
|
|
EPT
