"I do believe this code will last more than humanity in a working status."



  • I've been hired to an edutainment software company. It is college-funded so Pedagogy students can execute their projects and the code is released as open-source when finished. In only 6 months I've seen enough WTFs to affect my sanity.

    First of all, the boss leaves at 5:30PM, so pretty much everyday we don't have to get home early we stay there for a few more hours playing L4D2 on the design workstations. That, along with the free coffee, make me love that job. People don't take nothing seriously, I have no idea how we get anything done, no-one can be fired and there are no deadlines.

    I'm working on a Club Penguin clone where teachers can post homework and students can have blogs. The original project specifications called for a system of permissions that can be infinitely expanded (I have no idea what this means), but there is a simple Administrator -> Teacher -> Student hierarchy wrotten.

    The main page is comprised by a .swf file that barely stands and used to have porn in a hidden layer. Whenever the user enters a house to access the blogs or homework systems, or changes the area he is currently on, the page reloads with a few GET arguments. 

    As for some PHP code snippets, translated wherever needed:

    I saw (and left in its original state) a switch statement where every case followed this pattern:

            case 2:
                return "February";
                break; // These breaks are there just to be sure.

    The comment was in every single case.

     

                case 2:
                    $search1->request("select * from $tabela_forum where $consulta and forum_id = '$forum_id'"); // This request is done to get only the count of how many results are there. There is no protection against SQL injection, and $forum_id comes straight from a GET request.
                    $this->counter = count($pesquisa1->result);
                    $pesquisa1->request("select * from $tabela_forum where $consulta and forum_id = '$forum_id' ORDER BY msg_id ASC LIMIT $pagina,10");

    BTW, this other was in a completely commentless switch statement with 20+ cases.

     

     

     $max_year = 9999999; // I do believe this code will last more than humanity in a working status.

     

    This later checks if some operations don't exceed a max year. It's a shame that even the useless sanity check functions don't get called.

     

     

    if ($internal_list[$i-1] == "\nend_year"){ // DON'T ASK. IT WORKS. GIVE IT A PRINT_R TO SEE.

     

    I did check and it is pretty ingenious. WTF points for using \n in PHP.

     

     

    if (basic SQL injection check that does not work){
        // code
    } else die("an horrible death");

     

    Imagine opening the profile page of a teacher and the only thing that displays in the upper-left corner of your browser is "an horrible death" (sic).

     

    There's an SQL table with an ID field to store uploaded pictures as BLOBs. Instead of relying on the id column, they try to get it via the filename, blog id and whether it was uploaded as homework or as a blog picture. Yes, you can upload two files with the same name to the same blog.

     

    $consulta->request("SELECT * FROM $tabela_arquivos WHERE name = '$name' AND funcionalidade_tipo = '$funcionalidade_tipo' AND funcionalidade_id = '$funcionalidade_id';");
     

     

    This one is self explanatory:

     

    for ($camila_looks_pretty_hot_today=0,$size=count($nomes); $camila_looks_pretty_hot_today<$size; $camila_looks_pretty_hot_today++){ 
     

     

    They're echo'ing though PHP the (constant) URL of the input, Also, who the hell uses <input type="image">?

     

    <img src=<?="../../images/botoes/bt_postagem.png"?> border="0" align="right"/>
     

     

    This one is cute, they're allowing the user to send an SQL query via Javascript.

     

    <?$stringConsulta = "UPDATE $tabela_portfolioProjetos SET emAndamento = 0 WHERE id=$projeto_id";?> 
    <a class="finish" onClick="changeDB('<?=$stringConsulta?>');" href="#">[Finish Project]</a>
     

     

    This one hurt my mind when I tried to comprehend it. Took me a moment to comprehend the codeflow.

     

    $screen_res = resolution($screen_res); // Yes, calling a function that's defined one line under.
        function resolution($screen_res) {
           
            if($screen_res != "") {
                $_SESSION['resolution'] = $screen_res;
            }
               
            if(isset($_SESSION["resolution"])){
                $screen_res = intval($_SESSION["resolution"]);
            }else{
            ?>
                <script language="javascript">
                <!--
                resolution_send();
                function resolution_send(){
                location.href = 'index.php?screen_res='+ screen.width;
                }
                //-->
                </script>
            <?php
            }
            return $screen_res;
        }

     



  • @Husky said:

    WTF points for using \n in PHP.

     

    Yeah, real progammers never look at the HTML excreted by the PHP code so it can as well be all on one line.



  •  Oh dear. When I read Spanish, I thought "geeze, maybe that's code spawned by someone I might actually know!"

    But then I realized it is actually Portugese, as it uses "tabela" instead of "tabla".

    Then I read "pesquisa" and I really do wonder what this code is supposed to be doing. "Pesquiza" means "Sting" (as in "FBI Sting Operation") in Spanish, and I suppose it has the same meaning in Portugese...



  • @danixdefcon5 said:

    Then I read "pesquisa" and I really do wonder what this code is supposed to be doing. "Pesquiza" means "Sting" (as in "FBI Sting Operation") in Spanish, and I suppose it has the same meaning in Portugese...
    Nope, in Portuguese it means "search" (or possibly "research").

    Which means $search1 and $pesquisa1 are either very redundant or a mistranslation by the OP.

    "Consulta" means something like "lookup" in this context, and I assume it is a variable of the same type, as it also has a request() method.



  • @Husky said:

    This one hurt my mind when I tried to comprehend it. Took me a moment to comprehend the codeflow.

     

    $screen_res = resolution($screen_res); // Yes, calling a function that's defined one line under.
        function resolution($screen_res) {
           
            if($screen_res != "") {
                $_SESSION['resolution'] = $screen_res;
            }
               
            if(isset($_SESSION["resolution"])){
                $screen_res = intval($_SESSION["resolution"]);
            }else{
            ?>
                <script language="javascript">
                <!--
                resolution_send();
                function resolution_send(){
                location.href = 'index.php?screen_res='+ screen.width;
                }
                //-->
                </script>
            <?php
            }
            return $screen_res;
        }

     

    I was going to post saying javascript redirects from php are really fucking needlessly complicated. Then it occurred to me that there isn't any other way to get the screen resolution of the client (I think..).

    What is the resolution even used for? I can imagine some ... things, but I just know the reality of it is beyond the capabilities of my feeble mind.



  • @danixdefcon5 said:

     "Pesquiza" means "Sting" (as in "FBI Sting Operation") in Spanish, and I suppose it has the same meaning in Portugese...

    Not in portuguese, and not in spanish either.... unless you mean pesquisa.... and although that word has some police related implication, the purest meaning is the same as search or investigate.

    From the RAE "Información o indagación que se hace de algo para averiguar la realidad de ello o sus circunstancias."

    It can also mean http://bleach.wikia.com/wiki/Pesquisa

     



  • @Mo6eB said:

    I was going to post saying javascript redirects from php are really fucking needlessly complicated. Then it occurred to me that there isn't any other way to get the screen resolution of the client (I think..).

    There's no way to get the screen resolution from the client, at least, not correctly. The super-geniuses at the W3C wrote DOM assuming that a computer can only possibly have one monitor. So, the number coming from the browser is either:

    1) Complete gibberish (surprisingly common)

    2) The size of the main monitor, ignoring all others

    3) The size of the monitor the browser window is on

    4) The size of both monitors, if both monitors are identical in size and thus the area described is a rectangle

    5) The size of both monitors, even if they aren't rectangular, fudging the size into a rectangle anyway

    Most common is 2 or 3.

    Chalk up another victory for the W3C!



  • @Zecc said:

    Which means $search1 and $pesquisa1 are either very redundant or a mistranslation by the OP.

      Very redundant. I wish it was a mistranslation. BTW, it's Portuguese.

     

    @Mo6eB said:

    What is the resolution even used for? I can imagine some ... things, but I just know the reality of it is beyond the capabilities of my feeble mind.

    It's like this: The resolution is taken via JS and stored in a PHP session var. Later on, you see this:

     

    swfobject.embedSWF("interface_alfa.swf", "dinaflash", <?=$_SESSION['resolution']?>, <?=round($_SESSION['resolution']* 3 / 4)?>, "9.0.0","expressInstall.swf", flashvars, param, attributes, FocusOnFlash); 

     

    I'm tempted to comment it out and use screen.width / height there, but I learned the hard way that anything stored in $_SESSION is used elsewhere.

     



  • @serguey123 said:

    Not in portuguese, and not in spanish either.... unless you mean pesquisa.... and although that word has some police related implication, the purest meaning is the same as search or investigate.

    Modern Spanish speakers will rarely use it outside the context of "police investigation" or "searching who embezzled company funds". Yes, the word is Pesquisa but sleep-deprived brain switched the last s for a z. Anyway, it seems that Portuguese still preserves the original roots for that word. I always thought the word had its roots on fishing (pescar) but it seems the origin comes from some other unknown word. From another Spanish dictionary:

    "f. Investigación o indagación encaminadas a descubrir alguna cosa." (Investigation oriented to find out something)

    I thought the $pesquisa1 var was used for something attempting to filter out SQL injections. It turns out to be the very common language mix present everywhere... some of the common ones involve stuff like $dia $mes $year ... the last one used in English because "year" is "año" in Spanish, but code is usually written without accents or tildes, and "ano" means "anus".



  • @danixdefcon5 said:

     From another Spanish dictionary:

    "f. Investigación o indagación encaminadas a descubrir alguna cosa." (Investigation oriented to find out something)

    The RAE is the definite authority regarding the spanish language.

    @danixdefcon5 said:

    I thought the $pesquisa1 var was used for something attempting to filter out SQL injections. It turns out to be the very common language mix present everywhere... some of the common ones involve stuff like $dia $mes $year ... the last one used in English because "year" is "año" in Spanish, but code is usually written without accents or tildes, and "ano" means "anus".

    I usually use anno, (that is year in latin) and by default double the n when there is a ñ to avoid confusion.

    @danixdefcon5 said:

    I always thought the word had its roots on fishing (pescar) but it seems the origin comes from some other unknown word.

    Not that unknow but you are not alone in confusing the etymology of the word.  Like almost everything it comes from latin

     


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.