Authenticate or Math

« Return to Article
  • Pinkie Pie 2012-04-04 09:02
    lol omigosh frist!!11!!
  • KattMan 2012-04-04 09:03
    So realyl, it doesn't matter if you are logged in.
    The || essentially makign it so if you are logged in you can upload, if you are not logged in, you can upload, because in our reality 2+2 does equal 4.
    Why not do away with the check in it's entirety? You will get the same results.

    EDIT:
    Just thought of a reason for this. It is to prevent anyone using one of those really old pentium processors where 2 might become a float and the math error might make 2+2 != 4.

    {shoots pinkie pie with caffine to watch her spontaneously explode}
  • Pablo Lerner 2012-04-04 09:04
    I forgot my password, would you clear it?
  • jim 2012-04-04 09:05
    KattMan:
    So realyl, it doesn't matter if you are logged in.
    The || essentially makign it so if you are logged in you can upload, if you are not logged in, you can upload, because in our reality 2+2 does equal 4.
    Why not do away with the check in it's entirety? You will get the same results.


    You don't say.
  • emaN ruoY 2012-04-04 09:11
    if frist { postcomment("Frist!!>!@!@12!!"); } else { postcomment("Frist!!>!@!@12!!"); }
  • Fake Nagesh 2012-04-04 09:12
    In abadabad code throws you
  • Qpirate 2012-04-04 09:13
    I'm just looking at the WTF in the text:
    I started sifting throw hundreds
    Should it not be
    I started sifting through hundreds
  • Medinoc 2012-04-04 09:14
    Looks like an "always true" clause added in the condition to force the behavior, probably temporarily for debugging purposes.

    TRWTF is the lack of comment/TODO/etc. about it and the fact it was checked in.
  • Melnorme 2012-04-04 09:18
    Big Brother had decreed that your conditional expression not evaluate to true.
    Can computers doublethink?
  • Anketam 2012-04-04 09:18
    normally if you want to force a true you add "|| true" not a math function. Reminds me of the shirt:
    2+2=5
    For extremely large values of 2
  • dkf 2012-04-04 09:18
    Medinoc:
    Looks like an "always true" clause added in the condition to force the behavior, probably temporarily for debugging purposes.

    TRWTF is the lack of comment/TODO/etc. about it and the fact it was checked in.
    Maybe the original author saw the technique in the log of some generated SQL and thought to himself “Neat! I'll try that myself…”
  • The_Assimilator 2012-04-04 09:19
    Qpirate:
    I'm just looking at the WTF in the text:
    I started sifting throw hundreds
    Should it not be
    I started sifting through hundreds


    You are correct. TDWTF needs to hire some proofreaders, stat.
  • Hello 2012-04-04 09:23
    KattMan:
    So realyl, it doesn't matter if you are logged in.
    The || essentially makign it so if you are logged in you can upload, if you are not logged in, you can upload, because in our reality 2+2 does equal 4.
    Why not do away with the check in it's entirety? You will get the same results.

    EDIT:
    Just thought of a reason for this. It is to prevent anyone using one of those really old pentium processors where 2 might become a float and the math error might make 2+2 != 4.

    {shoots pinkie pie with caffine to watch her spontaneously explode}


    Thanks KattMan for the explanation! Couldn't have done it without you.
  • Rob Stark 2012-04-04 09:25
    "I was recently assigned to work on a project that had been abandoned by its developer,"
    Since one out of 3 WTFs start this way (in real life, and, typically, here) shouldn't we just have a separate category for them?
  • Jason 2012-04-04 09:25
    It's obviously debug code that either the original developer forgot to take out, or was purposely left in to bypass having to constantly log in. Since it was an unfinished project it's likely the latter and the new guy needs to get off his high horse. In my experience many developers when having to take over a new project will trash the work of the previous generation since it's easier to do than actually having to really learn the architecture.
  • RogL 2012-04-04 09:26
    Could make sense as a temporary debugging change, to force the login to work while testing.

    A distinctive "true" value is easier to remove when testing is done.

    When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
    You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".

  • Chester 2012-04-04 09:26
    if ($this->ion_auto->logged_in() || 2+2==4)
    Easy. If you're coming from an alternate universe with slightly different physics, we need to know who you are. From this universe, welcome!
  • Chopper 2012-04-04 09:32
    Anketam:
    normally if you want to force a true you add "|| true" not a math function. Reminds me of the shirt:
    2+2=5
    For extremely large values of 2


    Not if you're a banker!
  • Another fake Nagesh 2012-04-04 09:32
    This remine me level of security here in Abadabad.

  • Jouva 2012-04-04 09:34
    KattMan:
    So realyl, it doesn't matter if you are logged in.
    The || essentially makign it so if you are logged in you can upload, if you are not logged in, you can upload, because in our reality 2+2 does equal 4.
    Why not do away with the check in it's entirety? You will get the same results.

    EDIT:
    Just thought of a reason for this. It is to prevent anyone using one of those really old pentium processors where 2 might become a float and the math error might make 2+2 != 4.

    {shoots pinkie pie with caffine to watch her spontaneously explode}


    Thanks so much for explaining this! As a programmer I would NEVER have understood programming language logic and feel that such a joke obvious to the visitors of this website needed a full explanation.
  • ThingGuy McGuyThing 2012-04-04 09:36
    RogL:
    Could make sense as a temporary debugging change, to force the login to work while testing.

    A distinctive "true" value is easier to remove when testing is done.

    When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
    You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".



    By golly, I think you've solved it.
  • Koko 2012-04-04 09:37
    In my country we frist lern to spel and than we proveread.
  • Leo 2012-04-04 09:37
    No good, because what if 2 changes so that 2+2 no longer equals 4? Should be "|| 2+2 == 2+2", so even if 2+2 = 6, it will still evaluate correctly.
  • BobB 2012-04-04 09:41
    Cake or death?
  • Warlaan 2012-04-04 09:44
    Seriously guys, that's like basic optimization knowledge.

    Yes, 2+2==4 is always true, but as it is an expression it is not for free. Now if logged_in() is true, 2+2==4 does not have to be evaluated at all, saving valueable processor time.
  • wbrianwhite 2012-04-04 09:46
    It's clearly debug code. I on the other hand actually have "where 1 = 1" code in production. And I don't consider it a WTF. When appending various conditions to dynamic sql it's easier to start with a no-op condition and then append all the other conditions starting with "AND" without keeping track of "is this my first condition? no? then throw in and".
  • Nagesh 2012-04-04 09:49
    This is obvious not C-based language. Sometime, developer is taking order-of-opeation for granted. Also, evaluation of OR is not treated seme in all language.
  • nonpartisan 2012-04-04 09:52
    jim:
    KattMan:
    So realyl, it doesn't matter if you are logged in.
    The || essentially makign it so if you are logged in you can upload, if you are not logged in, you can upload, because in our reality 2+2 does equal 4.
    Why not do away with the check in it's entirety? You will get the same results.


    You don't say.

    I wish he hadn't.
  • KattMan 2012-04-04 09:55
    Jouva:

    Thanks so much for explaining this! As a programmer I would NEVER have understood programming language logic and feel that such a joke obvious to the visitors of this website needed a full explanation.


    You are all welcome, I have fulfilled my public service for the year, thanks to all of you that listened.
  • Canonymous Oward 2012-04-04 09:58
    Actually, the code might have a pretty legit reason. In some cases you can not just put "true" into "if" condition if there is "else" branch in the code, the compiler will complain about unreachable code.

    Seeing this in the production code kind of sucks though.
  • jonny_q 2012-04-04 10:15
    Anketam:
    normally if you want to force a true you add "|| true" not a math function. Reminds me of the shirt:
    2+2=5
    For extremely large values of 2


    If 2+2==4 is his favorite debugging alias for "true" then it's easier to search for to remove later. It's a built-in todo.

    Still dumb, but that's the thought process.

    I've gotten very good as learning to think like the retard I have to clean up after.
  • AB 2012-04-04 10:19
    Its a valid check that users from other dimensions, where Maths is fundamentally different, from accessing the upload functionality.
  • iToad 2012-04-04 10:24

    // DEBUG
    % DEBUG
    REM DEBUG
    (* DEBUG *)
    /* DEBUG */
    ; DEBUG
    <!-- DEBUG -->
    # DEBUG
    ' DEBUG
    {- DEBUG -}
    etc...

    Using debug code? Pick one from the list above.


  • Quicksilver 2012-04-04 10:26
    Chopper:
    Anketam:
    normally if you want to force a true you add "|| true" not a math function. Reminds me of the shirt:
    2+2=5
    For extremely large values of 2


    Not if you're a banker!


    Or you are living in Airstrip One!
  • Anon') or 1=1 2012-04-04 10:28
    The very first infinite loop I wrote when I was a noob looked like this:

    while(6 != 7)
    
    {
    ...
    }


    I thought I was so clever.
  • Weps 2012-04-04 10:34
    What's in logged_in() ?

    A throw perhaps?

  • Wintermute 2012-04-04 10:47
    I've got it! If the program is being run in an alternate universe, then 2+2 might not equal 4. If this is a case, THEN we check to see if the user is logged in or not.
  • TheCPUWizard 2012-04-04 10:51
    Actually it *MAY* matter... perhaps the latest version throws and exception in the if condition when the user is not logged int.
  • 1984 2012-04-04 10:53
    This is big brother protection.

    In case the government decides that 2 + 2 = 5, the code will actually require someone to be logged in.
  • Todd Lewis 2012-04-04 11:11
    Weps:
    What's in logged_in() ?

    A throw perhaps?



    Which is exactly what's wrong with the whole "try/catch let's pretend we've got objects in our made up computer world" style of programming.

    Now get off my nicely block structured lawn.
  • np 2012-04-04 11:24
    Big Brother says 2 + 2 = 5.
  • np 2012-04-04 11:25
    1984:
    This is big brother protection.

    In case the government decides that 2 + 2 = 5, the code will actually require someone to be logged in.


    I had looked through briefly but missed your comment. Serves me right for making coffee instead of reading TDWTF.
    Glad someone else had a similar thought.
  • Nagesh 2012-04-04 11:33
    #ifdef REQUIRES_LOGIN
    #define 4 5
    #endif
  • Abso 2012-04-04 11:37
    RogL:
    Could make sense as a temporary debugging change, to force the login to work while testing.

    A distinctive "true" value is easier to remove when testing is done.

    When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
    You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".



    " || debug_mode" would be even easier to search for.
  • jumentum 2012-04-04 11:41
    Abso:
    RogL:
    Could make sense as a temporary debugging change, to force the login to work while testing.

    A distinctive "true" value is easier to remove when testing is done.

    When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
    You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".



    " || debug_mode" would be even easier to search for.


    + only morons commit debug code
  • KattMan 2012-04-04 11:45
    Abso:
    RogL:
    Could make sense as a temporary debugging change, to force the login to work while testing.

    A distinctive "true" value is easier to remove when testing is done.

    When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
    You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".



    " || debug_mode" would be even easier to search for.

    not to mention pre compiler directives can make this a non issue. define it as true for debug builds, but false for production builds.
  • Anon 2012-04-04 11:49
    The_Assimilator:
    Qpirate:
    I'm just looking at the WTF in the text:
    I started sifting throw hundreds
    Should it not be
    I started sifting through hundreds


    You are correct. TDWTF needs to hire some proofreaders, stat.


    proughreaders, surely
  • fishdude 2012-04-04 11:50
    wbrianwhite:
    And I don't consider it a WTF. When appending various conditions to dynamic sql it's easier to start with a no-op condition and then append all the other conditions starting with "AND" without keeping track of "is this my first condition? no? then throw in and".


    Since you are dynamically building an SQL statement, I'll assume you are using PHP.

    Put all your WHERE clauses into an array, then use `implode()` to join the arrays into a string.

    $where[] = "param1 = 'fish'";
    $where[] = "param2 = 'slap'";
    $sql = "SELECT * FROM table WHERE " . implode(" AND ", $where);
  • Silfax 2012-04-04 11:52
    Weps:
    What's in logged_in() ?

    A throw perhaps?



    more likely a throw_up();
  • LD 2012-04-04 11:52
    RogL:
    Could make sense as a temporary debugging change, to force the login to work while testing.

    A distinctive "true" value is easier to remove when testing is done.

    When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
    You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".



    Not only that, but there are quite a few compilers out there that won't allow you to write conditions that simply evaluates to either true or false, i.e. if(false) { ... }, because that produces unreachable branches. That includes things like if(expression || true) or if(expression && false) and things like that. The work around? ifdef (if there is a preprocessor); comment out the block; use conditionals (1==1, 2+2==4).

    By the way, there is no real reason you can't search for "|| true" because the only time you should have boolean literals is when you initialize a variable. "true" or "false" should never appear within a test.

    Just my $.02


  • Greg 2012-04-04 11:58
    Or a Radiohead fan
  • cellocgw 2012-04-04 12:03
    Nagesh:
    #ifdef REQUIRES_LOGIN
    #define 4 5
    #endif

    Then 4 == 4 is still TRUE, sadly. Try

    #ifdef REQUIRES_LOGIN
    # define 4 5 BUT_ONLY on lefthandside
    #endif
  • veggen 2012-04-04 12:09
    Do I get extra credit for recognizing CodeIgniter? ... No? ... Ok...
  • Don L 2012-04-04 12:10
    Nah, it's because 2 is defined as a variable
    The function logged_in() can modify that variable, thus enabling or disabling the following code block....
  • emaN ruoY 2012-04-04 12:14
    Quicksilver:
    Chopper:
    Anketam:
    normally if you want to force a true you add "|| true" not a math function. Reminds me of the shirt:
    2+2=5
    For extremely large values of 2


    Not if you're a banker!


    Or you are living in Airstrip One!


    Then 2+2=3 and you keep the change.
  • dkf 2012-04-04 12:14
    veggen:
    Do I get extra credit for recognizing CodeIgniter? ... No? ... Ok...
    But you do get credit towards your next visit to the psychotherapist.
  • toth 2012-04-04 12:19
    RogL:
    Could make sense as a temporary debugging change, to force the login to work while testing.

    A distinctive "true" value is easier to remove when testing is done.

    When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
    You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".



    On the other hand, you could probably safely remove all "|| true"s.
  • Rfoxmich 2012-04-04 12:20
    It was thrown so it could be caught. Just try and you will understand.

    Qpirate:
    I'm just looking at the WTF in the text:
    I started sifting throw hundreds
    Should it not be I started sifting through hundreds
  • myName 2012-04-04 12:22
    2.4 + 2.4 = 4.8

    If you round those values to the nearest integer you get:

    2 + 2 = 5

  • Rfoxmich 2012-04-04 12:23
    Even that will fail if == has been overloaded so that it no longer tests for equality or modifies the value of two.

    Leo:
    No good, because what if 2 changes so that 2+2 no longer equals 4? Should be "|| 2+2 == 2+2", so even if 2+2 = 6, it will still evaluate correctly.
  • Re: The Gonvert 2012-04-04 12:25
    KattMan:
    So realyl, it doesn't matter if you are logged in.
    The || essentially makign it so if you are logged in you can upload, if you are not logged in, you can upload, because in our reality 2+2 does equal 4.
    Why not do away with the check in it's entirety? You will get the same results.


    Wow, considering the number of replies, this is the best troll ever!
  • tj 2012-04-04 12:34
    lol...pentium math error. good old days.
  • Anketam 2012-04-04 12:37
    His logic is so wrong 2+2 obviously equals 10 (base-4).
  • IV 2012-04-04 12:48
    KattMan:

    EDIT:
    Just thought of a reason for this. It is to prevent anyone using one of those really old pentium processors where 2 might become a float and the math error might make 2+2 != 4.


    I imagined this as authentication code running on a server. So it won't matter what your users are running; it will matter what you are running. And it will always evaluate as true or false for all users (even assuming your theory).
  • Zylon 2012-04-04 12:54
    THERE. ARE. FOUR. INTEGERS!
  • Fred Flintstone 2012-04-04 13:02
    Agreed. I would add code review and any testing from build verification to user acceptance to the TRWTF?
  • Gurth 2012-04-04 13:09
    iToad:

    // DEBUG
    % DEBUG
    REM DEBUG
    (* DEBUG *)
    /* DEBUG */
    ; DEBUG
    <!-- DEBUG -->
    # DEBUG
    ' DEBUG
    {- DEBUG -}
    etc...

    Using debug code? Pick one from the list above.

    >>> if 2+2 == 4: etc...
    
    File "<stdin>", line 1
    if 2+2 == 4: etc...
    ^
    SyntaxError: invalid syntax
  • foo 2012-04-04 13:14
    jonny_q:
    Anketam:
    normally if you want to force a true you add "|| true" not a math function. Reminds me of the shirt:
    2+2=5
    For extremely large values of 2


    If 2+2==4 is his favorite debugging alias for "true" then it's easier to search for to remove later. It's a built-in todo.

    Still dumb, but that's the thought process.

    I've gotten very good as learning to think like the retard I have to clean up after.
    You're still giving him too much credit. More like: "I want this condition to always be true (for a change request, or for debugging, doesn't matter), but I don't want/know to comment it out, or remove it (even if it's a permanent change request, after all I might lose some code, what's source control?), so perhaps I can add something to make it always true, oh yeah, I'm so clever, I'll add || and something that's always true, but what could this be? <think hard> Oh right, remember how in kindergarten I learned 2+2=4, and that's always true, wow, I'm really so clever, look how I can put my kindergarten knowledge to practical use, yeah, this looks great, and it actually works. Problem solved, and took me only 10 minutes."

    TRWRF is so called programmers who don't know shit about Boolean logic, including the dreaded "if foo then return true; else return false;" antipattern, or other lengthy if-else-spaghetti code (or worse, goto) instead of a simple Boolean expression.
  • foo 2012-04-04 13:18
    Zylon:
    THERE. ARE. FOUR. INTEGERS!
    +1
  • foo 2012-04-04 13:19
    toth:
    RogL:
    Could make sense as a temporary debugging change, to force the login to work while testing.

    A distinctive "true" value is easier to remove when testing is done.

    When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
    You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".



    On the other hand, you could probably safely remove all "|| true"s.
    if (foo || true == false)
  • geoffrey, MCP, PMP 2012-04-04 13:41
    It is a commonly accepted practice to place OR logic into a conditional in order to bypass some dependency for testing purposes, or to stub out code that will do an authentication check at some later point, but is OK to leave unauthenticated for now. George Z should tread carefully in this code, lest he introduce a defect into something that is working in production.
  • Steve 2012-04-04 14:04
    Anketam:
    His logic is so wrong 2+2 obviously equals 10 (base-4).


    Or 2+2=11 (base-3). Of course, if the compiler is using base-3 or base-4 arithmetic, then "4" is an undefined value and this expression should generate an error (the same as if it was "2+2=Fred" (unless, of course, Fred is 4)).
  • the beholder 2012-04-04 14:09
    Zylon:
    THERE. ARE. THREE. DOT. NINE. NINE. SEVEN. EIGHT. NINE. SEVEN. FIVE. INTEGERS!

    (ftfy)
  • Boolean Troll 2012-04-04 14:14
    foo:
    if (foo || true == false)


    by both boolean logic (and operator precedence in most programming languages) A || true evaluates to the same as A...

    adding the || true in that case would not change the truthiness of the expression.
  • da Doctah 2012-04-04 14:14
    We all realize, of course, that logged_in() has side effects, and this is a way to ensure that those side effects take place while in effect throwing away the result of the check?
  • Franz Kafka 2012-04-04 14:19
    RogL:
    Could make sense as a temporary debugging change, to force the login to work while testing.

    A distinctive "true" value is easier to remove when testing is done.

    When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
    You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".



    or you could throw in a //BUGBUG and scan for those before releasing
  • Meep 2012-04-04 14:26
    RogL:
    Could make sense as a temporary debugging change, to force the login to work while testing.

    A distinctive "true" value is easier to remove when testing is done.

    When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
    You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".



    Rather than relying on stupid codes, use source control. hg status to see which files you changed, and then revert them. Or if you've committed, hg diff -r with the revision before the changes.
  • Meep 2012-04-04 14:28
    Boolean Troll:
    foo:
    if (foo || true == false)


    by both boolean logic (and operator precedence in most programming languages) A || true evaluates to the same as A...

    adding the || true in that case would not change the truthiness of the expression.


    Nice try Mr. Boolean Troll, but it fails with three-valued logic.
  • ubersoldat 2012-04-04 14:41
    I feel obligated to write this since no one has done it yet. TRWTF is PHP!

    Actually, TRWTF is PHP syntax... who thought about using -> for object access? Really, what's the explanation for using TWO signs (which in es_ES keyboards takes THREE key-strokes) when a dot works perfectly fine in almost every other language in the world?

    If you wanted to fuck up the syntax, why not use \_> which takes 6 key-strokes?
  • Franky 2012-04-04 14:48
    Chopper:
    Anketam:
    normally if you want to force a true you add "|| true" not a math function. Reminds me of the shirt:
    2+2=5
    For extremely large values of 2


    Not if you're a banker!

    exactly, there the calculation is always: 2 + 2 = 3 + 1-for-the-own-pocket :D
  • Edward 2012-04-04 14:52
    Canonymous Oward:
    Actually, the code might have a pretty legit reason. In some cases you can not just put "true" into "if" condition if there is "else" branch in the code, the compiler will complain about unreachable code.

    Seeing this in the production code kind of sucks though.


    There's a good reason why it would complain of unreachable code.

    Because it is.
  • pedantic 2012-04-04 15:04
    fishdude:
    wbrianwhite:
    And I don't consider it a WTF. When appending various conditions to dynamic sql it's easier to start with a no-op condition and then append all the other conditions starting with "AND" without keeping track of "is this my first condition? no? then throw in and".


    Since you are dynamically building an SQL statement, I'll assume you are using PHP.

    Put all your WHERE clauses into an array, then use `implode()` to join the arrays into a string.

    $where[] = "param1 = 'fish'";
    $where[] = "param2 = 'slap'";
    $sql = "SELECT * FROM table WHERE " . implode(" AND ", $where);

    You'd still have to test for an empty $where array, though!
  • dkf 2012-04-04 15:08
    ubersoldat:
    If you wanted to fuck up the syntax, why not use \_> which takes 6 key-strokes?
    They'd be better off using “»»”. Maximizes the annoyance for US Windows users for type-ability reasons and for many others because of charset issues… Fun for all!
  • Re: The Gonvert 2012-04-04 15:21
    ubersoldat:
    I feel obligated to write this since no one has done it yet. TRWTF is PHP!

    Actually, TRWTF is PHP syntax... who thought about using -> for object access? Really, what's the explanation for using TWO signs (which in es_ES keyboards takes THREE key-strokes) when a dot works perfectly fine in almost every other language in the world?

    If you wanted to fuck up the syntax, why not use \_> which takes 6 key-strokes?


    If I remember correctly, from C++, which PHP is written in:

    a.MyValue() if a is a reference
    a->MyValue() if a is a pointer

    -> looks like a pointer, get it?

  • ubersoldat 2012-04-04 15:34
    I can't even find those keys :-)
  • briverymouse 2012-04-04 15:57
    ubersoldat:
    I feel obligated to write this since no one has done it yet. TRWTF is PHP!

    Actually, TRWTF is PHP syntax... who thought about using -> for object access? Really, what's the explanation for using TWO signs (which in es_ES keyboards takes THREE key-strokes) when a dot works perfectly fine in almost every other language in the world?

    If you wanted to fuck up the syntax, why not use \_> which takes 6 key-strokes?


    Maybe consider using a normal keyboard? Seriously, {, [, ], } and \ are all three keystrokes on a Belgian keyboard (which has a retarded design, by the way). If programming languages were supposed to be easy to type on every keyboard in the world, we'd be stuck with letters only. Hurray for END IF.
  • Zylon 2012-04-04 16:11
    Now obligatory--

  • Peter 2012-04-04 16:17
    Anketam:
    Reminds me of the shirt:
    2+2=5
    For extremely large values of 2
    A better version of this is "For sufficiently large values of 2": 2.5 isn't really extremely large.
  • Spencer Ryan 2012-04-04 16:26
    Probably didn't know he could just have made it || 1) if he wanted it to always test true.
  • wbrianwhite 2012-04-04 16:35
    fishdude:
    wbrianwhite:
    And I don't consider it a WTF. When appending various conditions to dynamic sql it's easier to start with a no-op condition and then append all the other conditions starting with "AND" without keeping track of "is this my first condition? no? then throw in and".


    Since you are dynamically building an SQL statement, I'll assume you are using PHP.

    Put all your WHERE clauses into an array, then use `implode()` to join the arrays into a string.

    $where[] = "param1 = 'fish'";
    $where[] = "param2 = 'slap'";
    $sql = "SELECT * FROM table WHERE " . implode(" AND ", $where);


    I am not using PHP, nor am I building the SQL in the front end. This is dynamic sql as in a stored procedure that builds a sql string based on input parameters and uses sp_executesql to execute it. It is more performant in situations where totally different plans will be generated based on whether you need to join to this table or that table and apply this filter or that filter. Amusing that implode is a built in function of PHP.
  • DEEmery 2012-04-04 16:37
    Does this better capture the original programmer's intent:

    if ($this->ion_auto->logged_in() || assert(2 +2==4))

  • default_ex 2012-04-04 16:46
    Warlaan:
    Seriously guys, that's like basic optimization knowledge.

    Yes, 2+2==4 is always true, but as it is an expression it is not for free. Now if logged_in() is true, 2+2==4 does not have to be evaluated at all, saving valueable processor time.


    Basic optimization knowledge? Been a long time since I seen a compiler that doesn't evaluate constant expressions during compile time unless told not to do so with some command line argument or project configuration.
  • Dima 2012-04-04 17:36
    Jason:
    It's obviously debug code that either the original developer forgot to take out, or was purposely left in to bypass having to constantly log in. Since it was an unfinished project it's likely the latter and the new guy needs to get off his high horse. In my experience many developers when having to take over a new project will trash the work of the previous generation since it's easier to do than actually having to really learn the architecture.
    I subscribe to that.

    The actual WTF here is George's lack of experience that prevents him from understanding debugging patterns and enables him to make fun of it.
  • Matt Westwood 2012-04-04 18:02
    Qpirate:
    I'm just looking at the WTF in the text:
    I started sifting throw hundreds
    Should it not be
    I started sifting through hundreds


    Freudian slip. The code made him throw.
  • Matt Westwood 2012-04-04 18:07
    Boolean Troll:
    foo:
    if (foo || true == false)


    by both boolean logic (and operator precedence in most programming languages) A || true evaluates to the same as A...

    adding the || true in that case would not change the truthiness of the expression.


    Kick the fucking stupid cunt to death before the fucker breeds. Too late? Kick its fucking offsping to fucking death too. Burn the dwellings it lived in. Salt the ground it wanked on. Exterminate it from the universe.
  • Mr.'; Drop Database -- 2012-04-04 18:24
    Anon') or 1=1:
    The very first infinite loop I wrote when I was a noob looked like this:
    while(6 != 7)
    
    {
    ...
    }
    I thought I was so clever.
    Alternatively:
    #define EVER ;;
    
    for (EVER) { ... }
  • leeter 2012-04-04 18:32
    Poorly written backdoor?
  • hussan 2012-04-04 18:32
    <script type="text/javascript">

    var count = 2;

    function validate()

    {

    var un = document.myform.username.value;

    var pw = document.myform.pword.value;

    var valid = false;

    var unArray = ["hussan","ayaz","mehmood","faraz"]; //as many as you like = on comma after final entry

    var pwArray = ["password1","password2","password3","password4"]; // the corresponding password;

    for (var i=0; i <unArray.length;i++)

    {

    if ((un == unArray[i]) && (pw == pwArray[i]))

    {
    valid = true;

    break;

    }

    }

    if (valid)

    {

    alert ("login was successful");

    window.location = "http://www.facebook.com";

    return false;

    }

    var t ="tries";

    if (count == 1) {t = "try"}

    if (count >= 1)

    {

    alert ("user name or password to dal pagal admin ajeeb hai?" + count + t + "left");

    document.myform.username.value="";

    document.myform.pword.value="";

    setTimeout("document.myform.username.focus()",2);

    setTimeout(document.myform.username.select()",2);

    count --;

    }

    else

    {

    alert ("still incorrect you have no more tries left!");

    document.myform.username.value = "no more tries allowed";

    document.myform.pword.value = "";

    document.myform.username.disabled = true;

    document.myform.pword.disabled = true;

    return false;

    }

    }

    </script>




    <form>

    <p>

    ENTER USER NAME <input type="text" name="username
    ">

    ENTER PASSWORD <input
    type=password name="pword">


    <input type="button" value="Check In" name="submit" onClick= "validate"()">
    </p>

    </form>











  • aw4 2012-04-04 18:51
    When you're a hacker, old habits die hard...
  • a;sleo 2012-04-04 18:52
    cellocgw:
    Nagesh:
    #ifdef REQUIRES_LOGIN
    #define 4 5
    #endif

    Then 4 == 4 is still TRUE, sadly. Try

    #ifdef REQUIRES_LOGIN
    # define 4 5 BUT_ONLY on lefthandside
    #endif

    but 2 + 2 doesn't equal 5, right? (although I guess we're talking stupid anyways)
  • Dave 2012-04-04 19:39
    As others have said, the || clause is probably left from debug use.

    As to why 2+2==4 rather than 1 or True, none of you seem to allow for humour. No doubt the programmer found it amusing to write it that way.
  • sa 2012-04-04 19:47
    Jason:
    It's obviously debug code that either the original developer forgot to take out, or was purposely left in to bypass having to constantly log in. Since it was an unfinished project it's likely the latter and the new guy needs to get off his high horse. In my experience many developers when having to take over a new project will trash the work of the previous generation since it's easier to do than actually having to really learn the architecture.

    Egzackery....We have a captcha that requires some math, but the devs got sick of entering their details AND the captcha in the dev sandpit so they temproarily hacked it.

    Then the testers wanted same in SIT...

    Not really sure how it made production though. Never mind, the users don't seemed to have worked out they can put any value in our math captcha
  • Veldan 2012-04-04 20:17
    There is also a chance that the getter for the logged_in boolean is overloaded to actually to log in the account if it is not.
    It could also log this activity.

    This means that if an account has its details available but is not logged on or if it is logged on, it will write to the log.

    It will let you upload even if it can't...
  • Dirk 2012-04-05 00:32
    Pinkie Pie:
    lol omigosh frist!!11!!

    And Akismet thinks this is fine??? WTF?
  • Dirk 2012-04-05 00:37
    Leo:
    No good, because what if 2 changes so that 2+2 no longer equals 4? Should be "|| 2+2 == 2+2", so even if 2+2 = 6, it will still evaluate correctly.

    What if the value changes between the evaluation of the left and right hand operands? You're setting yourself up for a race condition there!
  • Dirk 2012-04-05 00:39
    wbrianwhite:
    It's clearly debug code. I on the other hand actually have "where 1 = 1" code in production. And I don't consider it a WTF. When appending various conditions to dynamic sql it's easier to start with a no-op condition and then append all the other conditions starting with "AND" without keeping track of "is this my first condition? no? then throw in and".

    I hate lazy coders.
  • Dirk 2012-04-05 00:44
    After taking down three commenters in quick succession, I'll stop now.

    Peace.
  • Aankhen 2012-04-05 03:53
    da Doctah:
    We all realize, of course, that logged_in() has side effects, and this is a way to ensure that those side effects take place while in effect throwing away the result of the check?

    Too bad function invocation isn’t supported outside conditionals, eh?
  • Will 2012-04-05 04:39
    2+2=5
    For sufficiently large values of 2
    FTFY
  • Canonymous Oward 2012-04-05 05:08
    Edward:
    Canonymous Oward:
    Actually, the code might have a pretty legit reason. In some cases you can not just put "true" into "if" condition if there is "else" branch in the code, the compiler will complain about unreachable code.

    Seeing this in the production code kind of sucks though.


    There's a good reason why it would complain of unreachable code.

    Because it is.


    Which I do not really care about when I'm debugging the code this way. However, I do want the compiler to check that this code is compilable, so I'm not ok with just commenting it out.

    The code is wrong though - it can be reduced by compiler to a constant. The Right Way (tm) in Java is to put something like "".equals("")
  • Parasietje 2012-04-05 05:26
    First rule of bad code: never assume a method is without side-effects!
    Maybe $this->ion_auto->logged_in() also parses the cookie and writes a global $user variable somewhere, which the $this->load->view('') method depends on?

    Captcha: 'mara', ancient old Buddhist mantra meaning 'nothing is without consequence'
  • retard fixer 2012-04-05 06:24
    ubersoldat:
    I feel obligated to write this since no one has done it yet. TRWTF is PHP!

    Actually, TRWTF is PHP syntax... who thought about using -> for object access? Really, what's the explanation for using TWO signs (which in es_ES keyboards takes THREE key-strokes) when a dot works perfectly fine in almost every other language in the world?

    If you wanted to fuck up the syntax, why not use \_> which takes 6 key-strokes?


    yeah thanks for pointing out php sucks again ... that's a really helpful and amusing point
  • QJo 2012-04-05 06:51
    RogL:
    Could make sense as a temporary debugging change, to force the login to work while testing.

    A distinctive "true" value is easier to remove when testing is done.

    When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
    You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".



    Good call.

    But in that case what ought to have been programmed was for the "or" condition to be something like "|| OverrideLogin" which would then be assigned the value "True" somewhere at the start / compile time / whatever level of control you'd need.

    If in Java then you might use the technique of calling it OVERRIDE_LOGIN and declaring it as a public static final boolean.

    You C-monkeys would probably use #Define in a precompiler.
  • DEEmery 2012-04-05 10:16
    And a really good compiler would optimize the whole check out, since it can prove that the right-hand side is always true, so the if condition is always true, regardless of what is returned by the left-hand side.

    Right??
  • backForMore 2012-04-05 12:18
    Jason:
    It's obviously debug code that either the original developer forgot to take out, or was purposely left in to bypass having to constantly log in. Since it was an unfinished project it's likely the latter and the new guy needs to get off his high horse. In my experience many developers when having to take over a new project will trash the work of the previous generation since it's easier to do than actually having to really learn the architecture.


    very 2+2=4
  • Jay 2012-04-05 12:43
    jim:
    KattMan:
    So realyl, it doesn't matter if you are logged in.
    The || essentially makign it so if you are logged in you can upload, if you are not logged in, you can upload, because in our reality 2+2 does equal 4.
    Why not do away with the check in it's entirety? You will get the same results.


    You don't say.


    So wait, why did the chicken cross the road again?
  • Jay 2012-04-05 12:56
    As others have noted, this is pretty obviously debugging code. He did say it was an unfinished project.

    I think I'll submit an hysterically funny WTF along the lines of:

    I found this code in a project under development:

    public BigDecimal calcSalesTax(int receiptNumber)
    {
    // TO DO: Get sales tax calculation in here
    // For now just return a dummy value
    return new BigDecimal("1.00");
    }

    Ha ha! The programmer never really calculates the sales tax! What a moron!
  • Jay 2012-04-05 12:58
    DEEmery:
    And a really good compiler would optimize the whole check out, since it can prove that the right-hand side is always true, so the if condition is always true, regardless of what is returned by the left-hand side.

    Right??


    Depends if the compiler is smart enough to figure out that the function has no side effects. "Optimizing away" functions with side effects is not an entirely good thing.
  • Jay 2012-04-05 12:59
    Dirk:
    Leo:
    No good, because what if 2 changes so that 2+2 no longer equals 4? Should be "|| 2+2 == 2+2", so even if 2+2 = 6, it will still evaluate correctly.

    What if the value changes between the evaluation of the left and right hand operands? You're setting yourself up for a race condition there!


    Or what if the reflexive property of equality ceases to hold? The problem is bigger than you think.
  • C 2012-04-06 12:23
    fishdude:
    wbrianwhite:
    And I don't consider it a WTF. When appending various conditions to dynamic sql it's easier to start with a no-op condition and then append all the other conditions starting with "AND" without keeping track of "is this my first condition? no? then throw in and".


    Since you are dynamically building an SQL statement, I'll assume you are using PHP.

    Put all your WHERE clauses into an array, then use `implode()` to join the arrays into a string.

    $where[] = "param1 = 'fish'";
    $where[] = "param2 = 'slap'";
    $sql = "SELECT * FROM table WHERE " . implode(" AND ", $where);
    DotNet has a similar feature, string.Join(" and ", conditionArray), but what if none of the conditions need to be added? His code still works, yours doesn't.
  • poon 2012-04-07 09:48
    Yeah ^^ TRWTF is posting this article in the first place... it really just amounts to "oh look, someone forgot to take out debug code (and the other code sucked too, trust me)". Takes a shitty coder, and a shitty person, to get excited about that IMO.
  • PiisAWheeL 2012-04-07 11:06
    RogL:
    Could make sense as a temporary debugging change, to force the login to work while testing.

    A distinctive "true" value is easier to remove when testing is done.

    When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
    You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".

    I always replaced it with /**/... in case I ever had to go back (i'm alway paranoid about that and sometimes it pays off). eg replace " || 2+2==4" with "/* || 2+2==4*/" so that it would still be there but it wouldn't evaluate at compile time.

    I've also been told that i'm wierd.
  • bridget99 2012-04-08 09:58
    Medinoc:
    Looks like an "always true" clause added in the condition to force the behavior, probably temporarily for debugging purposes.

    TRWTF is the lack of comment/TODO/etc. about it and the fact it was checked in.


    Exactly.. this is not a WTF, it's just an example of someone forgetting a step, quite possibly because he or she was busy working bug reports / change requests.

  • veggen 2012-04-08 10:17
    dkf:
    veggen:
    Do I get extra credit for recognizing CodeIgniter? ... No? ... Ok...
    But you do get credit towards your next visit to the psychotherapist.

    Psycho the rapist? That's how your mom calls me.
  • Dr Doom 2012-04-13 05:26
    As far as the atrocious standard of 99% of all PHP code goes, this is actually pretty good. The original developer at least had some understanding of functions and OO, two concepts that are normally harder to convey to PHP programmers than teaching your dog calculus.
  • Always Right 2012-04-16 19:10
    What makes you think they're using source control?
  • Always Right 2012-04-16 19:12
    PiisAWheeL:
    RogL:
    Could make sense as a temporary debugging change, to force the login to work while testing.

    A distinctive "true" value is easier to remove when testing is done.

    When it's time to remove the bypass, which would you rather search for: "true" or " || 2+2=4" ?
    You probably don't want to blindly remove all "true" strings but you can safely search&replace " || 2+2=4" with "".

    I always replaced it with /**/... in case I ever had to go back (i'm alway paranoid about that and sometimes it pays off). eg replace " || 2+2==4" with "/* || 2+2==4*/" so that it would still be there but it wouldn't evaluate at compile time.

    I've also been told that i'm wierd.


    Around these parts, we have a function called DevMode() which returns true when it detects that it's running on the dev server.

    So it would look something like:

    if ($this->logged_In() || Devmode())
    ...

    Devmode() returns false in production environments, true on dev/test environments.
  • dave 2012-04-20 18:53
    Obvious leftover 'force this code path' hackery.

    I myself am fond of temporarily removing code with

    #if 6 == 9
    ...
    #endif

    http://en.wikipedia.org/wiki/If_6_Was_9
  • tanus 2012-06-09 16:18
    Your logic is flawless in any universe.