Comment On Authenticate or Math

"I was recently assigned to work on a project that had been abandoned by its developer," wrote George Z. "After I checked-out the code for the first time, I started sifting through hundreds of lines of bad syntax, and bad practices." [expand full text]
« PrevPage 1 | Page 2 | Page 3Next »

Re: Authenticate or Math

2012-04-04 09:02 • by Pinkie Pie (unregistered)
lol omigosh frist!!11!!

Re: Authenticate or Math

2012-04-04 09:03 • by KattMan
So realyl, it doesn't matter if you are logged in.
The || essentially makign it so if you are logged in you can upload, if you are not logged in, you can upload, because in our reality 2+2 does equal 4.
Why not do away with the check in it's entirety? You will get the same results.

EDIT:
Just thought of a reason for this. It is to prevent anyone using one of those really old pentium processors where 2 might become a float and the math error might make 2+2 != 4.

{shoots pinkie pie with caffine to watch her spontaneously explode}

Re: Authenticate or Math

2012-04-04 09:04 • by Pablo Lerner (unregistered)
I forgot my password, would you clear it?

Re: Authenticate or Math

2012-04-04 09:05 • by jim (unregistered)
378412 in reply to 378410
KattMan:
So realyl, it doesn't matter if you are logged in.
The || essentially makign it so if you are logged in you can upload, if you are not logged in, you can upload, because in our reality 2+2 does equal 4.
Why not do away with the check in it's entirety? You will get the same results.


You don't say.

Re: Authenticate or Math

2012-04-04 09:11 • by emaN ruoY (unregistered)
if frist { postcomment("Frist!!>!@!@12!!"); } else { postcomment("Frist!!>!@!@12!!"); }

Re: Authenticate or Math

2012-04-04 09:12 • by Fake Nagesh (unregistered)
In abadabad code throws you

Re: Authenticate or Math

2012-04-04 09:13 • by Qpirate (unregistered)
I'm just looking at the WTF in the text:
I started sifting throw hundreds
Should it not be
I started sifting through hundreds

Re: Authenticate or Math

2012-04-04 09:14 • by Medinoc
Looks like an "always true" clause added in the condition to force the behavior, probably temporarily for debugging purposes.

TRWTF is the lack of comment/TODO/etc. about it and the fact it was checked in.

Re: Authenticate or Math

2012-04-04 09:18 • by Melnorme
Big Brother had decreed that your conditional expression not evaluate to true.
Can computers doublethink?

Re: Authenticate or Math

2012-04-04 09:18 • by Anketam
normally if you want to force a true you add "|| true" not a math function. Reminds me of the shirt:
2+2=5
For extremely large values of 2

Re: Authenticate or Math

2012-04-04 09:18 • by dkf
378419 in reply to 378416
Medinoc:
Looks like an "always true" clause added in the condition to force the behavior, probably temporarily for debugging purposes.

TRWTF is the lack of comment/TODO/etc. about it and the fact it was checked in.
Maybe the original author saw the technique in the log of some generated SQL and thought to himself “Neat! I'll try that myself…”

Re: Authenticate or Math

2012-04-04 09:19 • by The_Assimilator
378420 in reply to 378415
Qpirate:
I'm just looking at the WTF in the text:
I started sifting throw hundreds
Should it not be
I started sifting through hundreds


You are correct. TDWTF needs to hire some proofreaders, stat.

Re: Authenticate or Math

2012-04-04 09:23 • by Hello (unregistered)
378421 in reply to 378410
KattMan:
So realyl, it doesn't matter if you are logged in.
The || essentially makign it so if you are logged in you can upload, if you are not logged in, you can upload, because in our reality 2+2 does equal 4.
Why not do away with the check in it's entirety? You will get the same results.

EDIT:
Just thought of a reason for this. It is to prevent anyone using one of those really old pentium processors where 2 might become a float and the math error might make 2+2 != 4.

{shoots pinkie pie with caffine to watch her spontaneously explode}


Thanks KattMan for the explanation! Couldn't have done it without you.

Re: Authenticate or Math

2012-04-04 09:25 • by Rob Stark (unregistered)
"I was recently assigned to work on a project that had been abandoned by its developer,"
Since one out of 3 WTFs start this way (in real life, and, typically, here) shouldn't we just have a separate category for them?

Re: Authenticate or Math

2012-04-04 09:25 • by Jason (unregistered)
It's obviously debug code that either the original developer forgot to take out, or was purposely left in to bypass having to constantly log in. Since it was an unfinished project it's likely the latter and the new guy needs to get off his high horse. In my experience many developers when having to take over a new project will trash the work of the previous generation since it's easier to do than actually having to really learn the architecture.

Re: Authenticate or Math

2012-04-04 09:26 • by RogL (unregistered)
Could make sense as a temporary debugging change, to force the login to work while testing.

A distinctive "true" value is easier to remove when testing is done.

When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".

Re: Authenticate or Math

2012-04-04 09:26 • by Chester (unregistered)
if ($this->ion_auto->logged_in() || 2+2==4)
Easy. If you're coming from an alternate universe with slightly different physics, we need to know who you are. From this universe, welcome!

Re: Authenticate or Math

2012-04-04 09:32 • by Chopper (unregistered)
378426 in reply to 378418
Anketam:
normally if you want to force a true you add "|| true" not a math function. Reminds me of the shirt:
2+2=5
For extremely large values of 2


Not if you're a banker!

Re: Authenticate or Math

2012-04-04 09:32 • by Another fake Nagesh (unregistered)
This remine me level of security here in Abadabad.

Re: Authenticate or Math

2012-04-04 09:34 • by Jouva (unregistered)
378428 in reply to 378410
KattMan:
So realyl, it doesn't matter if you are logged in.
The || essentially makign it so if you are logged in you can upload, if you are not logged in, you can upload, because in our reality 2+2 does equal 4.
Why not do away with the check in it's entirety? You will get the same results.

EDIT:
Just thought of a reason for this. It is to prevent anyone using one of those really old pentium processors where 2 might become a float and the math error might make 2+2 != 4.

{shoots pinkie pie with caffine to watch her spontaneously explode}


Thanks so much for explaining this! As a programmer I would NEVER have understood programming language logic and feel that such a joke obvious to the visitors of this website needed a full explanation.

Re: Authenticate or Math

2012-04-04 09:36 • by ThingGuy McGuyThing
378429 in reply to 378424
RogL:
Could make sense as a temporary debugging change, to force the login to work while testing.

A distinctive "true" value is easier to remove when testing is done.

When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".



By golly, I think you've solved it.

Re: Authenticate or Math

2012-04-04 09:37 • by Koko (unregistered)
In my country we frist lern to spel and than we proveread.

Re: Authenticate or Math

2012-04-04 09:37 • by Leo (unregistered)
No good, because what if 2 changes so that 2+2 no longer equals 4? Should be "|| 2+2 == 2+2", so even if 2+2 = 6, it will still evaluate correctly.

Re: Authenticate or Math

2012-04-04 09:41 • by BobB
Cake or death?

Re: Authenticate or Math

2012-04-04 09:44 • by Warlaan (unregistered)
Seriously guys, that's like basic optimization knowledge.

Yes, 2+2==4 is always true, but as it is an expression it is not for free. Now if logged_in() is true, 2+2==4 does not have to be evaluated at all, saving valueable processor time.

Re: Authenticate or Math

2012-04-04 09:46 • by wbrianwhite
It's clearly debug code. I on the other hand actually have "where 1 = 1" code in production. And I don't consider it a WTF. When appending various conditions to dynamic sql it's easier to start with a no-op condition and then append all the other conditions starting with "AND" without keeping track of "is this my first condition? no? then throw in and".

Re: Authenticate or Math

2012-04-04 09:49 • by Nagesh (unregistered)
This is obvious not C-based language. Sometime, developer is taking order-of-opeation for granted. Also, evaluation of OR is not treated seme in all language.

Re: Authenticate or Math

2012-04-04 09:52 • by nonpartisan
378437 in reply to 378412
jim:
KattMan:
So realyl, it doesn't matter if you are logged in.
The || essentially makign it so if you are logged in you can upload, if you are not logged in, you can upload, because in our reality 2+2 does equal 4.
Why not do away with the check in it's entirety? You will get the same results.


You don't say.

I wish he hadn't.

Re: Authenticate or Math

2012-04-04 09:55 • by KattMan
378438 in reply to 378428
Jouva:

Thanks so much for explaining this! As a programmer I would NEVER have understood programming language logic and feel that such a joke obvious to the visitors of this website needed a full explanation.


You are all welcome, I have fulfilled my public service for the year, thanks to all of you that listened.

Re: Authenticate or Math

2012-04-04 09:58 • by Canonymous Oward (unregistered)
Actually, the code might have a pretty legit reason. In some cases you can not just put "true" into "if" condition if there is "else" branch in the code, the compiler will complain about unreachable code.

Seeing this in the production code kind of sucks though.

Re: Authenticate or Math

2012-04-04 10:15 • by jonny_q (unregistered)
378441 in reply to 378418
Anketam:
normally if you want to force a true you add "|| true" not a math function. Reminds me of the shirt:
2+2=5
For extremely large values of 2


If 2+2==4 is his favorite debugging alias for "true" then it's easier to search for to remove later. It's a built-in todo.

Still dumb, but that's the thought process.

I've gotten very good as learning to think like the retard I have to clean up after.

Re: Authenticate or Math

2012-04-04 10:19 • by AB (unregistered)
Its a valid check that users from other dimensions, where Maths is fundamentally different, from accessing the upload functionality.

Re: Authenticate or Math

2012-04-04 10:24 • by iToad (unregistered)

// DEBUG
% DEBUG
REM DEBUG
(* DEBUG *)
/* DEBUG */
; DEBUG
<!-- DEBUG -->
# DEBUG
' DEBUG
{- DEBUG -}
etc...

Using debug code? Pick one from the list above.


Re: Authenticate or Math

2012-04-04 10:26 • by Quicksilver (unregistered)
378444 in reply to 378426
Chopper:
Anketam:
normally if you want to force a true you add "|| true" not a math function. Reminds me of the shirt:
2+2=5
For extremely large values of 2


Not if you're a banker!


Or you are living in Airstrip One!

Re: Authenticate or Math

2012-04-04 10:28 • by Anon') or 1=1 (unregistered)
The very first infinite loop I wrote when I was a noob looked like this:

while(6 != 7)

{
...
}


I thought I was so clever.

Re: Authenticate or Math

2012-04-04 10:34 • by Weps
378446 in reply to 378445
What's in logged_in() ?

A throw perhaps?

Re: Authenticate or Math

2012-04-04 10:47 • by Wintermute (unregistered)
I've got it! If the program is being run in an alternate universe, then 2+2 might not equal 4. If this is a case, THEN we check to see if the user is logged in or not.

Re: Authenticate or Math

2012-04-04 10:51 • by TheCPUWizard
Actually it *MAY* matter... perhaps the latest version throws and exception in the if condition when the user is not logged int.

Re: Authenticate or Math

2012-04-04 10:53 • by 1984 (unregistered)
This is big brother protection.

In case the government decides that 2 + 2 = 5, the code will actually require someone to be logged in.

Re: Authenticate or Math

2012-04-04 11:11 • by Todd Lewis (unregistered)
378450 in reply to 378446
Weps:
What's in logged_in() ?

A throw perhaps?



Which is exactly what's wrong with the whole "try/catch let's pretend we've got objects in our made up computer world" style of programming.

Now get off my nicely block structured lawn.

Re: Authenticate or Math

2012-04-04 11:24 • by np (unregistered)
Big Brother says 2 + 2 = 5.

Re: Authenticate or Math

2012-04-04 11:25 • by np (unregistered)
378452 in reply to 378449
1984:
This is big brother protection.

In case the government decides that 2 + 2 = 5, the code will actually require someone to be logged in.


I had looked through briefly but missed your comment. Serves me right for making coffee instead of reading TDWTF.
Glad someone else had a similar thought.

Re: Authenticate or Math

2012-04-04 11:33 • by Nagesh (unregistered)
#ifdef REQUIRES_LOGIN
#define 4 5
#endif

Re: Authenticate or Math

2012-04-04 11:37 • by Abso (unregistered)
378454 in reply to 378424
RogL:
Could make sense as a temporary debugging change, to force the login to work while testing.

A distinctive "true" value is easier to remove when testing is done.

When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".



" || debug_mode" would be even easier to search for.

Re: Authenticate or Math

2012-04-04 11:41 • by jumentum (unregistered)
378455 in reply to 378454
Abso:
RogL:
Could make sense as a temporary debugging change, to force the login to work while testing.

A distinctive "true" value is easier to remove when testing is done.

When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".



" || debug_mode" would be even easier to search for.


+ only morons commit debug code

Re: Authenticate or Math

2012-04-04 11:45 • by KattMan
378456 in reply to 378454
Abso:
RogL:
Could make sense as a temporary debugging change, to force the login to work while testing.

A distinctive "true" value is easier to remove when testing is done.

When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".



" || debug_mode" would be even easier to search for.

not to mention pre compiler directives can make this a non issue. define it as true for debug builds, but false for production builds.

Re: Authenticate or Math

2012-04-04 11:49 • by Anon (unregistered)
378458 in reply to 378420
The_Assimilator:
Qpirate:
I'm just looking at the WTF in the text:
I started sifting throw hundreds
Should it not be
I started sifting through hundreds


You are correct. TDWTF needs to hire some proofreaders, stat.


proughreaders, surely

Re: Authenticate or Math

2012-04-04 11:50 • by fishdude (unregistered)
378459 in reply to 378434
wbrianwhite:
And I don't consider it a WTF. When appending various conditions to dynamic sql it's easier to start with a no-op condition and then append all the other conditions starting with "AND" without keeping track of "is this my first condition? no? then throw in and".


Since you are dynamically building an SQL statement, I'll assume you are using PHP.

Put all your WHERE clauses into an array, then use `implode()` to join the arrays into a string.

$where[] = "param1 = 'fish'";
$where[] = "param2 = 'slap'";
$sql = "SELECT * FROM table WHERE " . implode(" AND ", $where);

Re: Authenticate or Math

2012-04-04 11:52 • by Silfax
378460 in reply to 378446
Weps:
What's in logged_in() ?

A throw perhaps?



more likely a throw_up();

Re: Authenticate or Math

2012-04-04 11:52 • by LD (unregistered)
378461 in reply to 378424
RogL:
Could make sense as a temporary debugging change, to force the login to work while testing.

A distinctive "true" value is easier to remove when testing is done.

When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".



Not only that, but there are quite a few compilers out there that won't allow you to write conditions that simply evaluates to either true or false, i.e. if(false) { ... }, because that produces unreachable branches. That includes things like if(expression || true) or if(expression && false) and things like that. The work around? ifdef (if there is a preprocessor); comment out the block; use conditionals (1==1, 2+2==4).

By the way, there is no real reason you can't search for "|| true" because the only time you should have boolean literals is when you initialize a variable. "true" or "false" should never appear within a test.

Just my $.02


« PrevPage 1 | Page 2 | Page 3Next »

Add Comment