Comment On Complex Complex Validation

W T F ?!
Was this written by a 4 year old? Even an amateur developer would have snipped from a book or an example online!

Perhaps this is someone's idea of Obfuscation

I'm wondering what will happen if you turn Javascript of in the browser. I wonder if their backend system will let it through.

If so...I'm signing up and getting some of the'Transfer funds' page!

ParkinT:

W T F ?!
Was this written by a 4 year old? Even an amateur developer would have snipped from a book or an example online!

Actually, this WTF is a perfect example of where that kind of copy-paste-adapt-coding leads when it's not accompanied by a sense of when one is doing something wrong and an urge to find a better way. Unfortunately, even professionals (let alone amateurs) often lack these.

ParkinT:

Even an amateur developer would have snipped from a book or an example online!

One who, let's say, got hired after an interview with the secretary ;) ?

From the URL, it's apparent that this form is part of a Notes/Domino database. I recently started doing some Domino work for my company, and pretty much all the code written by Domino consultants we've hired in the past looks like this. I've already chopped a few several-hundred-line functions down to several-line functions.

Oh.
Wow.

It is so obvious, yet someone actually stuck with this disaster until it was finished. You'd think that by the time you reach 'e' you start looking for a better way.

I guess it takes a while before you realize that regular expressions are not for idiots.

Hilarious... WTF

ParkinT:

Unless you are a consultant; billing hours spent on the project.

Or your productivity is measured in LOC

Or unless you are a consultant, using LOC spent on the project to impress your customer (making sure they pay the huge "hours bill" on time).

magetoo:

Oh.
Wow.

It is so obvious, yet someone actually stuck with this disaster until it was finished. You'd think that by the time you reach 'e' you start looking for a better way.

Obviously, they were smart enough to script their own code generator:

$chars = array(

    'a' => 'a',

    'b' => 'b',

    'c' => 'c',

    // snip ...

);

foreach($chars as $k => $char){

   echo <<< EOQ

	for ( x = 0; x < passStr.length; x++ ) {

		x = passStr.indexOf("$char", x );

		if ( x > -1 ) {

			pswdAlpha = pswdAlpha + 1;

		} else {

			break;

		}

	} 

EOQ;

}



$digits = array(

    0 => '0',

    1 => '1',

    2 => '2',

    3 => '3',

    4 => '4',

    5 => '5',

    6 => '6',

    7 => '7',

    8 => '8',

    9 => '9',

);

foreach($digits as $k => $digit){

    echo <<< EOQ

 	var passindex = passStr.indexOf("2");

     if(passindex > -1){

     	pswdNum = pswdNum + 1;

		}

}

EOQ;

Someone You Know:

From the URL, it's apparent that this form is part of a Notes/Domino database. I recently started doing some Domino work for my company, and pretty much all the code written by Domino consultants we've hired in the past looks like this. I've already chopped a few several-hundred-line functions down to several-line functions.

I used to work opposite a couple of "Lotus Certified Professionals" (which presumably means that they have passed some kind of test).
When they were asked to code something, they would post their problem to a message board, wait for someone to reply with the solution, then copy and paste the code.
Here are some of the best comments that I overheard between them:
"What is an 'array subscript error'?"
"How do you test for something 'not equal'?"
"What is the difference between round brackets and square brackets?"

   var passindex = passStr.indexOf("0");  

   if ( passindex > -1)  {

      pswdNum = pswdNum + 1;

        }       



   var passindex = passStr.indexOf("1");

   if(passindex >-1){

           pswdNum = pswdNum + 1;

   }   

    

   var passindex = passStr.indexOf("2");

   if(passindex > -1){

           pswdNum = pswdNum + 1;

   }   

OK, I'm scared by the fact that the indentation is different on the first one. Copy/pasting the same block, then just changing the number is one thing... but this leads me to believe that somebody actually typed it all out by hand.

This is your company on Lotus Notes.

Any questions?

magetoo:

Oh.
Wow.

It is so obvious, yet someone actually stuck with this disaster until it was finished. You'd think that by the time you reach 'e' you start looking for a better way.

You seem to have misunderstood the code.
Clearly, someone wrote it, complained "there must be a better way!" to a co-worker who told him "You could just use indexOf.", which the first someone didn't quite grasp.

These copy-and-paste punks today don't know anything about being a REAL coder. Why, when I was young I used to code 25 miles through snow and freezing rain to finish an assignment. And that was uphill both ways! We didn't have all these fancy things like intellisense and internet forums and IDEs and such, to do the work for us. Nossirree, Bob, we actually had to WORK for a living back then. Text editors and punch cards, and you better get it right the first time, because no so-called "development environment" was going to check it all for you first and tell you where your mistakes were.

Nossir, these pantywaist wet-behind-the-ears kids today don't know nuthin' about being a REAL coder.

Ah, error messages with an exclamation mark on the end: but why not make it ", you idiot!"?

And I love the way it complains when I don't enter my "Electronic Mail Address". Probably a good proportion of their target market won't even know what that means.

Nicd:

I tried it out without running the JavaScript ... it doesn't even check that the two passwords match!

Yes it does: What do these lines mean to you?


if(document.forms[0].NewPasswordConfirm.value != ""){
if(document.forms[0].NewPasswordConfirm.value != document.forms[0].NewPassword.value){
pswdflag = "true";
alert("The password entered in the New password Confirmation field does match the New Password!");
document.forms[0].NewPasswordConfirm.focus()

I loved the hidden white square image with weird address.

Beernutts:

Nicd:

I tried it out without running the JavaScript ... it doesn't even check that the two passwords match!

Yes it does: What do these lines mean to you?


if(document.forms[0].NewPasswordConfirm.value != ""){
if(document.forms[0].NewPasswordConfirm.value != document.forms[0].NewPassword.value){
pswdflag = "true";
alert("The password entered in the New password Confirmation field does match the New Password!");
document.forms[0].NewPasswordConfirm.focus()

That with JavaScript off, it doesn't check if the two passwords match?

Beernutts:

Nicd:

I tried it out without running the JavaScript ... it doesn't even check that the two passwords match!

Yes it does: What do these lines mean to you?


if(document.forms[0].NewPasswordConfirm.value != ""){
if(document.forms[0].NewPasswordConfirm.value != document.forms[0].NewPassword.value){
pswdflag = "true";
alert("The password entered in the New password Confirmation field does match the New Password!");
document.forms[0].NewPasswordConfirm.focus()

What does running without JavaScript mean to you?

SCB:

Someone You Know:

From the URL, it's apparent that this form is part of a Notes/Domino database. I recently started doing some Domino work for my company, and pretty much all the code written by Domino consultants we've hired in the past looks like this. I've already chopped a few several-hundred-line functions down to several-line functions.

I used to work opposite a couple of "Lotus Certified Professionals" (which presumably means that they have passed some kind of test).
When they were asked to code something, they would post their problem to a message board, wait for someone to reply with the solution, then copy and paste the code.
Here are some of the best comments that I overheard between them:
"What is an 'array subscript error'?"
"How do you test for something 'not equal'?"
"What is the difference between round brackets and square brackets?"

Proving that "please email me teh codes" ain't just for Indian outsourcers (outsourcees? outsourcists?) anymore. Unless your story took place in India. In that case, do not read this comment.

Good programme.
Me need too do zame valitation.
Pleaz send my the codz.

ParkinT:

magetoo:

Oh.
Wow.

It is so obvious, yet someone actually stuck with this disaster until it was finished. You'd think that by the time you reach 'e' you start looking for a better way.

Unless you are a consultant; billing hours spent on the project.

If your company hires a consultant for carte-blanche "hourly" billing, you deserve what you get. Whenever possible, you should have a project plan with peer-reviewed estimates, and then manage to that plan. Treat a consultant like any other employee. Companies who pay $200/hr for shoddy work like this are TRWTF - they create the environment for over-paid, under-skilled "consultants" to thrive.

Without javascript turned on, there won't be any server-side checking because the form wouldn't even get submitted. The buttons are not a submit and a reset; they are type=buttons. The form gets submitted by the javascript.
The magic deepens.

Sour-faced Crotchety old Bastard:

These copy-and-paste punks today don't know anything about being a REAL coder. Why, when I was young I used to code 25 miles through snow and freezing rain to finish an assignment. And that was uphill both ways! We didn't have all these fancy things like intellisense and internet forums and IDEs and such, to do the work for us. Nossirree, Bob, we actually had to WORK for a living back then. Text editors and punch cards, and you better get it right the first time, because no so-called "development environment" was going to check it all for you first and tell you where your mistakes were.

Nossir, these pantywaist wet-behind-the-ears kids today don't know nuthin' about being a REAL coder.

I like how you fit that comment under the article which is not about some new fancy, shmacy coding language. Shows you haven't really read it.

It's quite possible the guy was paid according to LoC, so he could have written that on purpose. We must realize that efficient code is only a metric for programmers and not for business types.

Well it was worth a try :)

Zecc:

Obviously, they were smart enough to script their own code generator:
*snip*

If they used perl, it'd be even easier:

#!/usr/bin/perl



@chars = (a..z, A..Z);



foreach(@charsAndNums)

{

    print <<END;

for ( x = 0; x < passStr.length; x++ ) {

  x = passStr.indexOf("$_", x );

  if ( x > -1 ) {

    pswdAlpha = pswdAlpha + 1;

    } else {

    break;

  }

}

END

}

dave:

Zecc:

Obviously, they were smart enough to script their own code generator:
*snip*

If they used perl, it'd be even easier:

#!/usr/bin/perl

@chars = (a..z, A..Z);

foreach(@chars)

{

    print <<END;

for ( x = 0; x < passStr.length; x++ ) {

  x = passStr.indexOf("$_", x );

  if ( x > -1 ) {

    pswdAlpha = pswdAlpha + 1;

    } else {

    break;

  }

}

END

}

Opps. Fixed.

That's gotta be generated code. Not a WTF if so.

somejackass:

That's gotta be generated code. Not a WTF if so.

No, it's still a WTF, just on a whole different level.

Anonymous:

Sour-faced Crotchety old Bastard:

These copy-and-paste punks today don't know anything about being a REAL coder. Why, when I was young I used to code 25 miles through snow and freezing rain to finish an assignment. And that was uphill both ways! We didn't have all these fancy things like intellisense and internet forums and IDEs and such, to do the work for us. Nossirree, Bob, we actually had to WORK for a living back then. Text editors and punch cards, and you better get it right the first time, because no so-called "development environment" was going to check it all for you first and tell you where your mistakes were.

Nossir, these pantywaist wet-behind-the-ears kids today don't know nuthin' about being a REAL coder.

I like how you fit that comment under the article which is not about some new fancy, shmacy coding language. Shows you haven't really read it.

(Using best Darth Vader voice) Your perceptive powers are weak, old man.

Perhaps it is you who have not really read my post.

This kind of incompetence gives lotus domino a bad name.

Domino's built in validation option makes it so easy though.
One line of code wil validate server-side

see for yourself

Eric:

This kind of incompetence gives lotus domino a bad name.

I beg to differ. Lotus Domino worked hard to tarnish their name on their own, and don't need any help in that department from upstart developers who think they know how to develop WTFs!

ParkinT:

magetoo:

Oh.
Wow.

It is so obvious, yet someone actually stuck with this disaster until it was finished. You'd think that by the time you reach 'e' you start looking for a better way.

Unless you are a consultant; billing hours spent on the project.

Oh no, on the contrary. A real enterprisey consultant would have written a code generator to avoid the duplicated effort associated with copy and paste (and the inevitable error of failing to replace the individual character being tested with the correct one).

And of course, the input to the code generator would be XML!

It's obvious what the problem is: it's not enterprisey enough. What if someone wants to use a password with Thai or Arabic characters? You'll need to define at least a PasswordInternationalAlphabeticCharacterIterator class in Javascript, which can check for the letters.

somejackass:

That's gotta be generated code. Not a WTF if so.

Generated by what? A monkey?

The developer could've written a function in some server side language to produce this javascript, which would've probably taken about as little time to write as a javascript regexp function...

ParkinT:

magetoo:

Oh.
Wow.

It is so obvious, yet someone actually stuck with this disaster until it was finished. You'd think that by the time you reach 'e' you start looking for a better way.

Unless you are a consultant; billing hours spent on the project.

Or, y'know, stupid.

So true.

Did you know Lotus Notes is an anagram of 'Shoot me please'?

OK, so I lied..

Some Analyst:

Eric:

This kind of incompetence gives lotus domino a bad name.

I beg to differ. Lotus Domino worked hard to tarnish their name on their own, and don't need any help in that department from upstart developers who think they know how to develop WTFs!

Oh yeah. Blame the tool!(tm) I bet the compilers is of course to blame for all the most of the WTFs on this site. I work on Domino, and personally would love to see more Domino WTFs. But I guess nobody would appreciate them...

Mike5

ParkinT:

magetoo:

Oh.
Wow.

It is so obvious, yet someone actually stuck with this disaster until it was finished. You'd think that by the time you reach 'e' you start looking for a better way.

Unless you are a consultant; billing hours spent on the project.

And that consultant is sitting thousands of miles away in a 'coding farm' in India...

Yea, let's keep outsourcing code development...

Hahahaha...

Looks pretty thorough to me!

anonymous:

Did you know Lotus Notes is an anagram of 'Shoot me please'?

No it's not. It just means the same thing.

ParkinT:

magetoo:

It is so obvious, yet someone actually stuck with this disaster until it was finished. You'd think that by the time you reach 'e' you start looking for a better way.

Unless you are a consultant; billing hours spent on the project.

Two words:

Code generator.

Well, actually, three words:

*bad* code generator.

Bobby is that you?