Comment On One at a Time

Must be one of those subprime lenders...

I really wish someone would invent some sort of a structure that could perform repetative tasks, maybe call it a looping structure, or a loop?

Sadly, I don't know Javascript well enough if there is something like a control array that allows you to do this outside one giant block of code.

I suppose on the other hand you could just validate the entire number in a single text box though.

TRWTF is the text after the link to the bank website.

I come across this type of validation code all the time at work. - once one that validated 150 multiple choice test questions to see that each one had been answered.

Then another batch to mark the test, question by question and update a score.

Over 1000 lines of javascript which I replaced with about 30.

I come across this type of validation code all the time at work. - once one that validated 150 multiple choice test questions to see that each one had been answered.

Then another batch to mark the test, question by question and update a score.

Over 1000 lines of javascript which I replaced with about 30.

It's all about efficiency - unroll those loops - that's why they invented cut-paste-stream edit!

Kev:

I really wish someone would invent some sort of a structure that could perform repetative tasks, maybe call it a looping structure, or a loop?

And open oneself to the possibility of the dreaded infinite loop? No thank you sir!

Cyrus:

Sadly, I don't know Javascript well enough if there is something like a control array that allows you to do this outside one giant block of code.

I suppose on the other hand you could just validate the entire number in a single text box though.

TRWTF is the text after the link to the bank website.

There are several ways to do it.
The most obvious, without getting involved in DOM is:

...
for (i = 1; i< 10; i++)
{
id = "FieldName" + i;
field = document.getElementById(id);
...
//do checking and warnings
}

There's also getElementsByName(),
which would return an array of all elements with the same name field. Use a common name, and unique ids and you just walk over the array spitting out warnings as you see fit.

Your right ... what was I thinking? I think someone spiked my lunch with acid, thats the only way that could seem like a good idea...

I love how they use parseFloat(). I guess your loan number can be:
3.141592 2.71828 0.12345 etc...

Mike5

Look at me! I'm on the internets!:

Cyrus:

Sadly, I don't know Javascript well enough if there is something like a control array that allows you to do this outside one giant block of code.

I suppose on the other hand you could just validate the entire number in a single text box though.

TRWTF is the text after the link to the bank website.

There are several ways to do it.
The most obvious, without getting involved in DOM is:

...
for (i = 1; i< 10; i++)
{
id = "FieldName" + i;
field = document.getElementById(id);
...
//do checking and warnings
}

There's also getElementsByName(),
which would return an array of all elements with the same name field. Use a common name, and unique ids and you just walk over the array spitting out warnings as you see fit.

Yeah but then you couldn't write those nice custom error messages...unless you did something like

string err = "The " +
switch(i) {
case 1 : "First"; break;
case 2 : "Second"; break;
...
}
+ " box should contain a number. Please try it again...")

But then, that would defeat the purpose aye?


and wth is decised??

Everyone is talking about loops, but one can't loop "first", "second", "third", etc. ha! puh!
(yes I know one can)

I quess this page was made by the cheapest contracter they could find: The 10 year old nephew.

maybe store those "first", "second", etc in an array and look them up? Then you can still make a loop.

sobani:

maybe store those "first", "second", etc in an array and look them up? Then you can still make a loop.

Wait - an array of input fields, and now another array of message strings? Stop being a weenie! Come on, we can use xslt to convert 1..n to "first", ... - this is, after all, a web page!

sobani:

Everyone is talking about loops, but one can't loop "first", "second", "third", etc. ha! puh!
(yes I know one can)

I quess this page was made by the cheapest contracter they could find: The 10 year old nephew.

That's all fine and dandy but as a customer, that's not who you want to handle their collections. You might end up with broken kneecaps.

...Or just rephrase it: "Box $BoxNumber must contain a number"

No messy arrays.

And no, I'm not a programmer. You get the idea though.

Well, and then they gave up after the fifth field. You can also see that the programmer became tired after the fourth field already:

var First,Second,Third,Fourth,Fifth,Sixth,Seventh,Eight,Nineth,Tenth
...
Fouth = parseFloat(document.amo.l4.value);

and in the end these variables are never used. Great waste of time.

I don't see any problem with that considering that the entire javascript-section could be scripted and output with an other language for example php?

<?php
$i = 1;
foreach(array("First","Second",..) as $var){
echo '
$var = parseFloat(document.amo.l$i.value);

if ((isNaN(document.amo.l$.value)) || (document.amo.l$i.value=="")) {
alert("The first box should contain a number. Please try it again...")
document.amo.l$i.focus()
return false
}';
$i++;
}
?>

Iznogoud:

I don't see any problem with that considering that the entire javascript-section could be scripted and output with an other language for example php?

<?php
$i = 1;
foreach(array("First","Second",..) as $var){
echo '
$var = parseFloat(document.amo.l$i.value);

if ((isNaN(document.amo.l$.value)) || (document.amo.l$i.value=="")) {
alert("The first box should contain a number. Please try it again...")
document.amo.l$i.focus()
return false
}';
$i++;
}
?>

Are you sure about that?

Umm, as my first post to WTF, I may be missing the point, but aren't you guys discussing what is the best way to validate a dozen text fields when part 1 of the WTF was that it wasn't just using one field in the first place?

ssanchez:

Umm, as my first post to WTF, I may be missing the point, but aren't you guys discussing what is the best way to validate a dozen text fields when part 1 of the WTF was that it wasn't just using one field in the first place?

Yeah, it's more or less custom to work out different ways to achieve something stupid in the comments, as the one solution that'd actually be good is often too obvious to be debated; and if there's nothing to debate, the comments section will contain nothing but "First!"-posts.

snoofle:

Iznogoud:

alert("The first box should contain a number. Please try it again...")
?>

Are you sure about that?

An obvious typo, insert strtolower() where appropriate.

ssanchez:

Umm, as my first post to WTF, I may be missing the point, but aren't you guys discussing what is the best way to validate a dozen text fields when part 1 of the WTF was that it wasn't just using one field in the first place?

You may be correct, but I can't wave my e-penis around by posting:

<input type="text" name="loanNum" size="10">

While you're all whinging about unrolled loops, frankly I'm more concerned about this:

  if((document.amo.l1.value=="3") || (document.amo.l1.value=="0")){

    document.amo.action="javascript:OpenOLBWindow();"

  } else {

    document.amo.action="javascript:doOpen2()"

  }

Anyone care to speculate on why numbers starting with zero or three are so special, and what the difference is between the two functions?

If this client-side validation is symptomatic of the company's web security, Evgeny made the right call by walking away IMHO...

The Real WTF is that they mispelt Frist.

Nientinth Psot!

Anonymous:

While you're all whinging about unrolled loops, frankly I'm more concerned about this:

  if((document.amo.l1.value=="3") || (document.amo.l1.value=="0")){

    document.amo.action="javascript:OpenOLBWindow();"

  } else {

    document.amo.action="javascript:doOpen2()"

  }

Anyone care to speculate on why numbers starting with zero or three are so special, and what the difference is between the two functions?

If this client-side validation is symptomatic of the company's web security, Evgeny made the right call by walking away IMHO...

I've worked at a bunch of financial institutions. In more than one place, account numbers starting with a certain prefix usually indicated a certain type of account. Perhaps in this case, a prefix digit of 0 means type x and a prefix digit of 3 means type y, etc. If that's the case, then opening a different web page to display different types of account data makes sense. If this was supposed to be security, then (all together now): wtf?!

Look at me! I'm on the internets!:

You may be correct, but I can't wave my e-penis around by posting:
<input type="text" name="loanNum" size="10">

maxlength=10!

sobani:

I quess this page was made by the cheapest contracter they could find: The 10 year old nephew.

Quess?

The HTML bit

<input type='text' name='box1' id='box1' title='first field' />

<input type='text' name='box2' id='box3' title='second field' />

The Javascript

function Funder() {

	var errorStr = false;

	// Assume form contains only the box inputs and a submit button

	var n = document.getElementById('formName').getElementsByTagName('input')-1;

	var el;

	for(var i=0; i < n; i++) {

		el = document.getElementById('box'+i);

		if(isNan(el.value)) {

			el.value = '';

			errorStr += "The " + el.title + " must contain a number.\n";

		}

	}



	if(errorStr) {

		errorStr += "Please corrent these errors and try again.";

		alert(errorStr);

		return false;

	}

	return true;

}

which could then be called on the form like onsubmit="return Funder();" and has the advantage of not popping up 1 alert for every with an error, which IMHO was the biggest wtf of the code in question.

Accidentally hit submit on the form without filling any fields and get bombarded with alert boxes >.<

var n = document.getElementById('formName').getElementsByTagName('input').length-1;

even......

That must have been a fun project to manage. Snippet from the daily Scrum:
Programmer: "I wrapped up the code for text boxes seven and eight yesterday. Started on #9 this morning and hope to have #10 partially implemented before lunch."
(sounds of hand-slaps and cheering from the rest of the retards on this project)

Look at me! I'm on the internets!:

There are several ways to do it.
The most obvious, without getting involved in DOM is:

...
for (i = 1; i< 10; i++)
{
id = "FieldName" + i;
field = document.getElementById(id);
...
//do checking and warnings
}

There's also getElementsByName(),...

How do you figure you can use document.getElementById() or document.getElementsByName() "without getting involved in DOM"? You're up to your nipples in DOM already.

So far no one has posted the security wtf of this - which is that since it's made clear that account numbers are 10 digits of only 0-9, it is VERY easy to guess a valid account number.

Hopefully there's further authentication on the next page to actually see account data. But looking at what they've got so far, I wouldn't trust it even if it exists...

"Simply provide your loan number below"

Simply, indeed.

The best part of this super cool interface, is the code behind it.

Not only is it a WTF, but the developer appears quite proud of his/her designs... check out this meta tag in the source.

<meta name="generator" content="hand coded in notepad">

a.) hand coded - thats fine, be prowd
b.) in notepad - OMG, please tell me this is not the case

Anonymous:

While you're all whinging about unrolled loops, frankly I'm more concerned about this:

  if((document.amo.l1.value=="3") || (document.amo.l1.value=="0")){

    document.amo.action="javascript:OpenOLBWindow();"

  } else {

    document.amo.action="javascript:doOpen2()"

  }

Anyone care to speculate on why numbers starting with zero or three are so special, and what the difference is between the two functions?

If this client-side validation is symptomatic of the company's web security, Evgeny made the right call by walking away IMHO...

Did a bit of testing. If I start with 3, I get taken to a login page. If I start with 2, I get a "Sorry, the Loan Service Net is currently unavailable." page.

The login page has a random number to letter mapping,

0 1 2 3
R X Q C ...

so to type in my client code, "123" I would have to type in "XQC"

Aaron Bassett:

The HTML bit

<input type='text' name='box1' id='box1' title='first field' />

<input type='text' name='box2' id='box3' title='second field' />

The Javascript

function Funder() {

	var errorStr = false;

	// Assume form contains only the box inputs and a submit button

	var n = document.getElementById('formName').getElementsByTagName('input')-1;

	var el;

	for(var i=0; i < n; i++) {

		el = document.getElementById('box'+i);

		if(isNan(el.value)) {

			el.value = '';

			errorStr += "The " + el.title + " must contain a number.\n";

		}

	}



	if(errorStr) {

		errorStr += "Please corrent these errors and try again.";

		alert(errorStr);

		return false;

	}

	return true;

}

which could then be called on the form like onsubmit="return Funder();" and has the advantage of not popping up 1 alert for every with an error, which IMHO was the biggest wtf of the code in question.

Accidentally hit submit on the form without filling any fields and get bombarded with alert boxes >.<

Better yet, put in legitimate data and hit the submit button and you get the following error:

Sorry, the Loan Service Net is currently unavailable.





The service is temporarily unavailable.





Normal hours of operation are 6am to midnight (E.S.T.)



Please try again during these times.



Note that the Loan Service Line is also available for your convenience at these times.

I tried this at 10:37 EST.

mrs_helm:

So far no one has posted the security wtf of this - which is that since it's made clear that account numbers are 10 digits of only 0-9, it is VERY easy to guess a valid account number.

Hopefully there's further authentication on the next page to actually see account data. But looking at what they've got so far, I wouldn't trust it even if it exists...

Try it, there is an authentication right after and valid contracts with 5 numbers only are possible. Only fields 1 to 5 are validated. That might be the reason why there is no loop for verification.

Cloak:

That might be the reason why there is no loop for verification.

But that just leaves me thinking that the whole mess is The Real WTF!

I love how people like to get fancy with JS. Bank account numbers shouldn't be verifed on the client side anyway. You've told a wold be hacker how long the account number is now. The more you verify the more details about the account number you give up.

Jack:

That must have been a fun project to manage. Snippet from the daily Scrum:
Programmer: "I wrapped up the code for text boxes seven and eight yesterday. Started on #9 this morning and hope to have #10 partially implemented before lunch."
(sounds of hand-slaps and cheering from the rest of the retards on this project)

As someone who participates in daily stand ups for Scrum for my work... this comment made coffee shoot out of my nose :)

ssprencel:

Sorry, the Loan Service Net is currently unavailable.





The service is temporarily unavailable.





Normal hours of operation are 6am to midnight (E.S.T.)



Please try again during these times.



Note that the Loan Service Line is also available for your convenience at these times.

I tried this at 10:37 EST.

ROTFL. It's the first time I see a online banking website which open only on working hours ...

Now why would they put each one in a separate textbox? Oh, I know, to slow down password guessers rather than having built-in lockout mechanisms. Possible?

Jack:

That must have been a fun project to manage. Snippet from the daily Scrum:
Programmer: "I wrapped up the code for text boxes seven and eight yesterday. Started on #9 this morning and hope to have #10 partially implemented before lunch."
(sounds of hand-slaps and cheering from the rest of the retards on this project)

Nonsense! This is clearly a classic, top-down, flowchart and keypunch shop. You can be sure this programmer consistently earns a bonus for the outstanding number of Lines Of Code produced per day.

fievel:

ROTFL. It's the first time I see a online banking website which open only on working hours ...

My university's website is only available from like 7:00 AM - 10:00 PM. Then they take it completely offline to perform database back ups.

That entire website is one giant WTF. Yes, I go to WTFU.

ssprencel:

The service is temporarily unavailable.

Normal hours of operation are 6am to midnight (E.S.T.)

Please try again during these times.

Note that the Loan Service Line is also available for your convenience at these times.[/code]

I tried this at 10:37 EST.

Why would an _Australian_ company care about EST? Or does it also stand for "EasternAustralia" Standard Time?

ever heard of arrays? and btw, switch is a control statement, not a valid operand - this isn't perl

Clearly not. Only the United States is large enough to have an Eastern time zone.

Look at me! I'm on the internets!:

You may be correct, but I can't wave my e-penis around by posting:

<input type="text" name="loanNum" size="10">

I don't have an e-penis. :( What can I wave around instead??

-- Seejay

John Doe:

Why would an _Australian_ company care about EST? Or does it also stand for "EasternAustralia" Standard Time?

There are three time zones called Eastern Standard Time, in Australia, Brazil, and Canada/US.

Has anyone noticed how NaN this function is getting?

http://worsethanfailure.com/Articles/Pop-up_Potpourri_0x3a__It_0x27_s_Getting_a_Little_NaN_Outside.aspx