Random password generator function name
-
Browsing through some of our (older) code, I found the following gem. The script is used to set up web hosting and install applications in it and therefore needs to generate some new passwords:
function randomkeys($length) {
$pattern = "1234567890abcdefghijkmnpqrstuvwxyz";
$key = $pattern{rand(0,35)};
for($i=1;$i<$length;$i++){
$key .= $pattern{rand(0,35)};
}
return $key;
}Not too much of a WTF, but read on:
function randomkeysPassword($length) {
...
}
function randomEmailPass($length) {
...
}
function randomkeysCMSPassword($length) {
...
}
What's in the body of these three functions is left as an exercise to the reader ;)
-
I like how he primes $key before he enters the loop. If it works for pumps why not PHP?
-
@DOA said:
I like how he primes $key before he enters the loop. If it works for pumps why not PHP?
Probably a blonde had been using his computer at some point and white-outted the screen, followed by a brunette who wrote a 1 right where the loop initializes. The later redhead took an axe to the keyboard and knocked off the = key after everything had been coded, so he was forced to pull one iteration out of the loop, because it couldn't be changed to "$i=0" or "$<=$length".
So I guess the real WTF is why the coder couldn't cut 'n paste things around, or scrape off the whiteout.
</runs away and hides>
-
Bonus WTF: $length = 0 won't do what's expected...
-
@dave_v said:
function randomkeys($length)
At first I read this as "randMonkeys", which is appropriate somehow...
-
@shepd said:
Bonus WTF: $length = 0 won't do what's expected...
Who in God's name would call that function expecting an empty string?
-
@morbiuswilters said:
Who in God's name would call that function expecting an empty string?
The kind of person that would write a function that doesn't return one? Think of a user entering the length of random password they need... :D Bah, why not punish the user for their stupidity!
-
@morbiuswilters said:
Who in God's name would call that function expecting an empty string?
Nominated for "Famous Last Words".
-
@morbiuswilters said:
@shepd said:
Bonus WTF: $length = 0 won't do what's expected...
Who in God's name would call that function expecting an empty string?
Maybe it's intentional behaviour in case for whatever reason it's called with a sometimes uninitialised variable, or one that might overflow to negative, or be a float < 0.5, or something like that. And maybe what calls it will bork if it recieves an empty string. So rather than fix the call, the key generating function got kludged.
Maybe.
-
@m0ffx said:
And maybe what calls it will bork if it recieves an empty string. So rather than fix the call, the key generating function got kludged.
Can't tell exacty, but that does look like PHP ($pattern{rand(0,35)}; being a deprecated way of doing per-char addressing in strings). If they wanted to handle default key lengths in case the generator was called without a parameter, PHP lets you define function parameters with defaults: function blah($param = 'somedefault') { ... }. 'course, that won't help any if it's called with a string/float, such as "oh, gimme something, you pick".
-
@m0ffx said:
Maybe it's intentional behaviour in case for whatever reason it's called with a sometimes uninitialised variable, or one that might overflow to negative, or be a float < 0.5, or something like that. And maybe what calls it will bork if it recieves an empty string. So rather than fix the call, the key generating function got kludged.
Maybe.
Calling this function with a negative number, float or string would be just as stupid as calling it with zero. Yeah, it's stupid they "primed" the loop but if you call a random password function expecting an empty string in return, you are an idiot.
