October 2004
Mon Tue Wed Thu Fri Sat Sun
<<  <   >  >>
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

Categories

powered by

Valid XHTML 1.0!

10/14/04

09:16:31 pm, Categories: Bad Architecture, 137 words  

That's an ODD piece of code....

Fabel sent in today's WTF. It short, and it definately made me go WTF... trying to figure out what it does. After looking at it, and looking at it a little more, it appears to check if $x is even or odd. Here's what Fabel had to say:

Heh this wasnt written by any of us in house it was from someone elses code that got used in a credit card validation routine, i noticed it one day and literally went WTF i've never seen anyone use this method to see if a number is odd or not. I had to do a double take to realize what it was checking for im used to seeing either a modulus to check or just a if($x & 1) for checking an odd number.


if ($x/2 != floor($x/2)) {
  $digit *= 2;
}

10/05/04

03:06:07 pm, Categories: Bad Architecture, 174 words  

Why use MD5 when you got MD4?

Okay before we get deeper into this craziness I would like to remind people that MD5() has been available since php3. Plus MD5 is way more secure than MD4... so I introduce you to today's PHP WTF.

<?php
  function getMd4Pwd($pwd) {
    $pwd = trim($pwd);
    if (strlen($pwd) <= 0)
      return "";
    unset($arrOut);
    $strCmd = "/usr/local/bin/md4sum ".$pwd;
    exec($strCmd,$arrOut);
    return strtoupper($arrOut[0]);
  }
?>

But wait! It gets worse... not only are they not using md5(), they execute a shell script to get an MD4 hash! Really you can't make this stuff up...

And what is /usr/local/bin/md4sum you may ask? Well let me show you...

#!/usr/bin/perl -w
use Digest::MD4;
use Unicode::String qw( utf8 );
Unicode::String->stringify_as( "utf16" );
$u8 = utf8( shift );
print Digest::MD4->hexhash($u8->byteswap), "\n";

So we have a PHP script that calls a Perl script to generate an obsolete, insecure MD4 hash. Not only that but Perl doesn't even have MD4 by default, you have explicitly install it. Um...WTF?!

09/29/04

12:09:55 pm, Categories: Bad Architecture, 124 words  

Not so Source Control...

There is an interesting post on the The Daily WTF about Source Control, or the lack of it.

I wanted to share this. The previous developers didn't use any source control, they simply did the same thing by renaming the old files and added new ones. The file names have been changed to protect the guilty:

This WTF is completely a human problem. Given a bad situation people (especially bad programmers) will find the ways to make it worse. The problem gets worse when dumb developers start using those old libraries! Now your messy directories have turned into software requirements! This may sound retarded but this has happened, and will happen!

Remember source control is to your code as accounting is to your business.

09/26/04

11:44:32 am, Categories: DB Hoopla, 160 words  

When Newbies Attack!

I think inexperienced web programmers all make common DB WTFs when starting out. Jim Grill sent in a prime example from a project that he inherited. I'm sure we've all seen similar code before and we've all said, "wtf?!", if not "ytf?!"

<?php
$query = 'SELECT * FROM sometable';
$result = mysql_query($query,$connection);
$count = mysql_num_rows($result);
?>

It should be obvious what's wrong in the example. To count the number of rows all data is needlessly requested and the rows counted in PHP. As the table grows these three lines will get slower and slower. Most people take data transfer from the DB server for granted. However we always should be as efficient as possible, since little things can quickly multiply into big problems.

The fix is relatively simple:

<?php
$query = 'SELECT COUNT(*) FROM sometable';
$result = mysql_query($query,$connection);
list($count) = mysql_fetch_array($result);
?>

Using count(*) will return just the number of rows. Much more efficient.

09/21/04

11:31:22 am, Categories: Wonky Code, 130 words  

Probably the worse way to pad a string...

Everyday I find code examples that make me go WTF. This is a prime example of one. It is a function that takes an item's id number and generates a left zero padded string with the id number.

I guess nobody told them about the str_pad() function.


function getVanPic($item_id) {
    $pic_path = "/path/to/pic/dir";
    if ($item_id >= 1000000) {
        $strPicName = $item_id;
    }
    else if ($item_id >= 100000) {
        $strPicName = "0".$item_id;
    }
    else if ($item_id >= 10000) {
        $strPicName = "00".$item_id;
    }
    else if ($item_id >= 1000) {
        $strPicName = "000".$item_id;
    }
    else if ($item_id >= 100) {
        $strPicName = "0000".$item_id;
    }
    else if ($item_id >= 10) {
        $strPicName = "00000".$item_id;
    }
    else {
        $strPicName = "000000".$item_id;
    }
    $strPicName1 = "w".$strPicName.".jpg";
    if (file_exists($pic_path."/".$strPicName1)) {
        return "van/".$strPicName1;
    }
    $strPicName1 = "W".$strPicName.".JPG";
    if (file_exists($pic_path."/".$strPicName1)) {
        return "van/".$strPicName1;
    }
    return "";
}

:: Next Page >>