• Log InLog In
  • Register
Liquid`
Team Liquid Liquipedia
EDT 17:44
CEST 23:44
KST 06:44
  • Home
  • Forum
  • Calendar
  • Streams
  • Liquipedia
  • Features
  • Store
  • EPT
  • TL+
  • StarCraft 2
  • Brood War
  • Smash
  • Heroes
  • Counter-Strike
  • Overwatch
  • Liquibet
  • Fantasy StarCraft
  • TLPD
  • StarCraft 2
  • Brood War
  • Blogs
Forum Sidebar
Events/Features
News
Featured News
Serral wins HomeStory Cup 2910Serral wins Maestros of the Game 243ByuL, and the Limitations of Standard Play3Team Liquid Map Contest #22: Results and Winners7Code S Season 2 (2026): RO4 and Finals Preview12
Community News
Reynor: GSL Loss Wasn't About Preparation Format3[IPSL] Spring 2026 Grand Finals - This Weekend!0Weekly Cups (July 6 - 12): Protoss strike back3BSL Season 22 Full Overview & Conclusion8BSL Season 22 Full Overview & Conclusion8
StarCraft 2
General
Reynor: GSL Loss Wasn't About Preparation Format Serral wins HomeStory Cup 29 Weekly Cups (July 6 - 12): Protoss strike back Is the larve respawn broken? Serral wins Maestros of the Game 2
Tourneys
GSL CK #5 Race War WardiTV Summer Cup 2026 RSL Revival: Season 6 - Qualifiers and Main Event HomeStory Cup 29 Vespene Cup #1 — $300+ USD, July 10
Strategy
[G] Having the right mentality to improve
Custom Maps
New Map Maker - Looking for Advice - Love or Hate Work In Progress Melee Maps [D]RTS in all its shapes and glory <3
External Content
The PondCast: SC2 News & Results Mutation # 534 Burning Evacuation Mutation # 533 Die Together Mutation # 532 Nuclear Family
Brood War
General
Pros Debate: Zerg Unfairly Nerfed? (ASL S22 map) screpdb: new Starcraft reporting tool BSL Season 22 Full Overview & Conclusion BGH Auto Balance -> http://bghmmr.eu/ ASL 22 Proposed Map Pool
Tourneys
[Megathread] Daily Proleagues [IPSL] Spring 2026 Grand Finals - This Weekend! [ASL22] Wildcard Qualifier IPSL Spring 2026 Top 4!
Strategy
Fighting Spirit mining rates Simple Questions, Simple Answers Creating a full chart of Zerg builds Relatively freeroll strategies
Other Games
General Games
Nintendo Switch Thread General RTS Discussion Thread Stormgate/Frost Giant Megathread Path of Exile Summer Games Done Quick 2026!
Dota 2
Looking for a Dota Mentor Official 'what is Dota anymore' discussion
League of Legends
Heroes of the Storm
Simple Questions, Simple Answers Heroes of the Storm 2.0
Hearthstone
Deck construction bug
TL Mafia
NeO.D_StephenKing vs This Guy From 1 Million Dance TL Mafia Community Thread TL Mafia Power Rank Vanilla Mini Mafia
Community
General
US Politics Mega-thread Russo-Ukrainian War Thread UK Politics Mega-thread YouTube Thread Canadian Politics Mega-thread
Fan Clubs
The IdrA Fan Club The HerO Fan Club!
Media & Entertainment
Anime Discussion Thread [Req][Books] Good Fantasy/SciFi books Movie Discussion! Series you have seen recently...
Sports
2024 - 2026 Football Thread McBoner: A hockey love story Tennis[sport] Formula 1 Discussion TeamLiquid Health and Fitness Initiative For 2023
World Cup 2022
Tech Support
Simple Questions Simple Answers FPS when play League Of Legend on laptop How to clean a TTe Thermaltake keyboard?
TL Community
The Automated Ban List
Blogs
The Experiences We Want and …
TrAiDoS
An Exploration of th…
waywardstrategy
Gauntlet SC2: A Retrospectiv…
Ctone23
ramps on octagon
StaticNine
Funny Nicknames
LUCKY_NOOB
Evil Gacha Games and the…
ffswowsucks
Customize Sidebar...

Website Feedback

Closed Threads



Active: 5132 users

Life as a Web Developer

Blogs > tofucake
Post a Reply
1 2 3 Next All
tofucake
Profile Blog Joined October 2009
Hyrule19228 Posts
Last Edited: 2010-07-06 21:34:07
July 03 2010 15:33 GMT
#1
So I recently started my new job as a web developer at a company that does auto financing. One of the internal tools they use is a system designed by a guy named Bob. Bob is not good at PHP. Below is an unedited snippet of his code, which is present in almost every single one of about 3000 files (the $message assignment is different on every page, but basically the same). Retarded spacing aside, it's just dumb. Also, the passwords are stored in plaintext.


....and this is just the start. The rest of the code is worse.

$systempath           =  $_SESSION[ 'systempath'         ];
$systemname = $_SESSION[ 'systemname' ];
$systemid = $_SESSION[ 'systemid' ];
$userid = $_SESSION[ 'userid' ];
$userpassword = $_SESSION[ 'userpassword' ];
$username = $_SESSION[ 'username' ];
$systemaccesslevel = $_SESSION[ 'systemaccesslevel' ];
$loginstatus = $_SESSION[ 'loginstatus' ];
$message = $_SESSION[ 'message' ];

$message = 'Perform Loan History Processing';

// set the session variables

$_SESSION[ 'systempath' ] = $systempath;
$_SESSION[ 'systemname' ] = $systemname;
$_SESSION[ 'systemid' ] = $systemid;
$_SESSION[ 'userid' ] = $userid;
$_SESSION[ 'userpassword' ] = $userpassword;
$_SESSION[ 'username' ] = $username;
$_SESSION[ 'systemaccesslevel' ] = $systemaccesslevel;
$_SESSION[ 'loginstatus' ] = $loginstatus;


[Update]
switched quotes to codes. Now you can see the dumb spacing.

*
Liquipediaasante sana squash banana
ilovezil
Profile Blog Joined August 2006
United States4143 Posts
July 03 2010 15:41 GMT
#2
ya, simply terrible!



??
RumZ
Profile Blog Joined March 2010
United States956 Posts
July 03 2010 15:43 GMT
#3
Wow.... that is going to take some time fixing eh?

It could be worse, I am doing some network administration on a server client setup that has not been updated from service pack 0 in 2 years on windows xp, the computers are also running incompatible version of symantec endpoint protection, and not only are they not supported anymore, each client is running a different version of the software.


But, I digress, I think your problem is way more painful if not able to be dealt with systematically.
fabiano
Profile Blog Joined August 2009
Brazil4644 Posts
July 03 2010 15:44 GMT
#4
lol

I guess its a good place to ask, which one is the best programming practice for php: use directly the $_SESSION[] variables or pass its content to a common variable?

eg. use $_SESSION['username'] all over the code or $username = $_SESSION['username'] and use $username for the rest of the code?
"When the geyser died, a probe came out" - SirJolt
Count9
Profile Blog Joined May 2009
China10928 Posts
July 03 2010 15:55 GMT
#5
Well... at least you know he read the PHP in 20 minutes book =) It's usually better when they write horrible code, and then leave you awesome comments with justifications.
tofucake
Profile Blog Joined October 2009
Hyrule19228 Posts
Last Edited: 2010-07-04 13:17:20
July 04 2010 13:09 GMT
#6
You guys haven't see the javascript yet. EVERY SINGLE LINE HAS AN EXPLANATORY COMMENT.

// resets the flag indicating whether the up or down key has been pressed
isKeyUpDownPressed = false;




On July 04 2010 00:41 ilovezil wrote:
ya, simply terrible!



??

He sets some variables, and then without changing any of them (sans $message), he sets them back again. It's a waste of space and processing power.


On July 04 2010 00:44 fabiano wrote:
lol

I guess its a good place to ask, which one is the best programming practice for php: use directly the $_SESSION[] variables or pass its content to a common variable?

eg. use $_SESSION['username'] all over the code or $username = $_SESSION['username'] and use $username for the rest of the code?
Both are acceptable, but only in certain situations. If you're doing processing and only want to display something, using local variables is best. I only use SESSION scope variables for tracking things that rarely or never change (a user ID) or things I don't want to be exposed (redirect after login). Other things he used SESSION scope for are things that should never, ever, for any reason, be stored anyway (plaintext password). Much of what he does could be sped up by using relational databases.
Liquipediaasante sana squash banana
vnlegend
Profile Blog Joined December 2006
United States1389 Posts
July 04 2010 13:56 GMT
#7
I don't really understand what this means but the guy could just be older and not too good with new technology.

** 30 years later **
16-yr old kid looks at tofucake's work: Who the hell wrote this dumb ancient code?

But anyway, looks like a good opportunity to get credit for making improvements.
Marines > everything
thedeadhaji *
Profile Blog Joined January 2006
39489 Posts
July 04 2010 14:17 GMT
#8
btw I like your ID
Count9
Profile Blog Joined May 2009
China10928 Posts
Last Edited: 2010-07-04 14:40:57
July 04 2010 14:39 GMT
#9
Wow, awesome, don't know how I missed this >.> I love thedailywtf, this is just as bad as some of code they got on there. (Of course, I don't have to work with this guy)

Maybe he auto generated some of those javascript things :/
tarpman
Profile Joined February 2009
Canada723 Posts
July 04 2010 16:38 GMT
#10
yeah, this sort of thing smells like copy-paste to me. likely he copy-pasted a bunch of stuff, tweaked it until it sort of worked, and then never touched it again :D
Saving the world, one kilobyte at a time.
QueueQueue
Profile Joined July 2009
Canada1000 Posts
July 04 2010 16:41 GMT
#11
On July 04 2010 22:09 tofucake wrote:
You guys haven't see the javascript yet. EVERY SINGLE LINE HAS AN EXPLANATORY COMMENT.

Show nested quote +
// resets the flag indicating whether the up or down key has been pressed
isKeyUpDownPressed = false;




At least people won't be lost >.<
tofucake
Profile Blog Joined October 2009
Hyrule19228 Posts
July 05 2010 20:54 GMT
#12
I want to submit something to DailyWTF...but I have no clue what to....it's all so bad.
Liquipediaasante sana squash banana
King K. Rool
Profile Blog Joined May 2009
Canada4408 Posts
July 05 2010 22:20 GMT
#13
lololol

Is bob still working there?
haduken
Profile Blog Joined April 2003
Australia8267 Posts
Last Edited: 2010-07-05 22:23:00
July 05 2010 22:22 GMT
#14
I've seen worse. I've worked on a project where the lead developer refused to use any control statements what so ever believing that they have a risk of malfunctioning. So the whole project was done assembly style except... in C#.

I still can't believe why this guy was hired and why he still works there.
Rillanon.au
NoHrt
Profile Blog Joined May 2010
Canada236 Posts
July 05 2010 23:37 GMT
#15
heh,

are you interested in assisting a fellow SC2 with your programming skills ? Im looking for help with a few things.

PM me if interested
l2sc.net | Lead Director | l2sc.tv NoHrt.518
tofucake
Profile Blog Joined October 2009
Hyrule19228 Posts
July 06 2010 00:46 GMT
#16
No...Bob was fired. Actually, about half way through the project he stopped responding to emails and phone calls (he was a contract hire, apparently).

On July 06 2010 07:22 haduken wrote:
I've seen worse. I've worked on a project where the lead developer refused to use any control statements what so ever believing that they have a risk of malfunctioning. So the whole project was done assembly style except... in C#.

I still can't believe why this guy was hired and why he still works there.

That hurts to think about.
Liquipediaasante sana squash banana
michiko
Profile Joined April 2010
United States75 Posts
July 06 2010 15:07 GMT
#17
I like the comment line you showed, rofl.

I mean it is a great practice to comment lines of code often, but E-V-E-R-Y line?

Espcially, ROFL, when the line itself describes what it does

//This resets the is key down flag to not being enabled
isKeyDown=false;

ROFL? What coder couldn't decipher that without the //?
----

And yes, I love that first post you make. In PHP it is very dangerous to store information in the session variables, who knows when it'll get changed or w/e as you navigate through the pages.

It's also a bad idea to store important information in there (like you said, just a session_id variable, user_ids, web cart information).

User names and passwords, any customer information stored in session? Bad News Bears.

Hell, I don't even use the $_[GET], i stick to POST so kiddies can't URL hi-jack my code.

---

Do you have a good source of code for properly storing passwords? I don't use plaintext, but I'm interested to hear your thoughts / methods on how to properly store, check and carry a PW value.

GOOD BLOG! 5/5!

tofucake
Profile Blog Joined October 2009
Hyrule19228 Posts
July 06 2010 15:18 GMT
#18
I'll post the creation bit here, and the whole password shpiel on pastebin. I create and store passwords based on SHA-1, with part of the SHA'd password used as the salt for SHA-ing the password to check it. Win.

function createpasswordhash($user, $raw_pass)
{
// this should ONLY be used to create NEW passwords, as
// the salt is based on the time
$salt = sha1($user . array_sum(explode(' ', microtime())));
$raw = $salt . sha1(sha1($user) . sha1($salt . $raw_pass));

return $raw;
}

The whole thing... http://pastebin.com/0dD00pu0
It makes use of my SQLController class for checking, but that should be easy enough to figure out. I can write up something about that later, though.
Liquipediaasante sana squash banana
michiko
Profile Joined April 2010
United States75 Posts
July 06 2010 15:30 GMT
#19
Awesome, great code. I won't steal - but that for sure helps!

I have one question:

$row = $DB->Fetch($query);

the "->"

I'm not a full-time coder, I do PHP contractually (soon-to-be full time, i hope).


Is that vanilla PHP? Are you using a framework? I recall -> calls being a big part of the Kohana framework.

$DB->Fetch sounds fricken awesome - for sure nicer than raw PHP MySQL queries...
tofucake
Profile Blog Joined October 2009
Hyrule19228 Posts
July 06 2010 15:40 GMT
#20
-> is part of PHP's OOP syntax. Like I said, I'll post my SQLController class later. I don't mind if you use my password stuff, as long as you stick a comment in there attributing it to me.
Liquipediaasante sana squash banana
1 2 3 Next All
Please log in or register to reply.
Live Events Refresh
Next event in 2h 16m
[ Submit Event ]
Live Streams
Refresh
StarCraft 2
mouzHeroMarine 654
ViBE129
SpeCial 97
CosmosSc2 29
StarCraft: Brood War
Dewaltoss 132
ZZZero.O 47
Counter-Strike
summit1g5020
minikerr21
Other Games
tarik_tv5972
Grubby4032
shahzam595
C9.Mang0219
Liquid`Hasu164
XaKoH 155
UpATreeSC129
Organizations
Other Games
gamesdonequick2763
BasetradeTV265
StarCraft 2
Blizzard YouTube
StarCraft: Brood War
BSLTrovo
[ Show 14 non-featured ]
StarCraft 2
• StrangeGG 75
• AfreecaTV YouTube
• intothetv
• Kozan
• IndyKCrew
• LaughNgamezSOOP
• Migwel
• sooper7s
StarCraft: Brood War
• BSLYoutube
• STPLYoutube
• ZZZeroYoutube
Dota 2
• masondota21316
• Noizen40
Other Games
• Shiphtur466
Upcoming Events
PiGosaur Cup
2h 16m
The PondCast
12h 16m
Kung Fu Cup
13h 16m
Replay Cast
1d 11h
CrankTV Team League
1d 13h
Replay Cast
2 days
CrankTV Team League
2 days
Replay Cast
3 days
RSL Revival
3 days
Clem vs Lambo
Scarlett vs Cure
CranKy Ducklings
3 days
[ Show More ]
IPSL
3 days
Dragon vs Hawk
RSL Revival
4 days
Classic vs Trap
herO vs SHIN
Sparkling Tuna Cup
4 days
IPSL
4 days
Bonyth vs Ret
WardiTV Weekly
5 days
Monday Night Weeklies
5 days
Liquipedia Results

Completed

YSL S3
HSC XXIX
Eternal Conflict S2 E2

Ongoing

IPSL Spring 2026
Acropolis #4
CSL 2026 Summer (S21)
RSL Revival: Season 6
CranK Gathers Season 4: BW vs SC2 Team League
SCTL 2026 Spring
XSE Pro League 2026
IEM Cologne Major 2026
Stake Ranked Episode 2
CS Asia Championships 2026
Asian Champions League 2026
IEM Atlanta 2026
PGL Astana 2026
BLAST Rivals Spring 2026

Upcoming

Escore Tournament S3: W3
ASL S22 SEASON OPEN Day 1
Escore Tournament S3: W4
ASL S22 SEASON OPEN Day 2
Escore Tournament S3: W5
CSLAN 4
Blizzard Classic Cup 2026
HSC XXX
SC4ALL II: StarCraft II
Kung Fu Cup 2026 Grand Finals
Light Tournament 2026
Eternal Conflict S2 Finale
Eternal Conflict S2 E3
Logitech G Connect 2026
StarSeries Fall 2026
FISSURE Playground #5
BLAST Open Fall 2026
Esports World Cup 2026
BLAST Bounty Summer 2026
BLAST Bounty Summer Qual
Stake Ranked Episode 3
TLPD

1. ByuN
2. TY
3. Dark
4. Solar
5. Stats
6. Nerchio
7. sOs
8. soO
9. INnoVation
10. Elazer
1. Rain
2. Flash
3. EffOrt
4. Last
5. Bisu
6. Soulkey
7. Mini
8. Sharp
Sidebar Settings...

Advertising | Privacy Policy | Terms Of Use | Contact Us

Original banner artwork: Jim Warren
The contents of this webpage are copyright © 2026 TLnet. All Rights Reserved.