- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
What... The... head explodes
Admin
the days are gone
Editor's note: Fixed
Admin
Mmmmm, cabbage
Admin
I hate needlessly long function names.
Admin
but it's more enterprisey like that!
Admin
the reason "Cabbage" is needed is because strpos can return 0 as well as false, so they prepended a random string to make sure the possible position is larger than zero.
a correct version would be
if( strpos( strtolower( $_SERVER['PHP_SELF'] ) , '/admin' ) !== false )
Admin
"Cabbage" was appended because they didn't know strpos can return 0 (if $_SERVER["PHP_SELF"] begins with "/admin"), and the evaluation will then fail.
would have worked.
Admin
If anyone is wondering why: PHP's strpos() returns `false' when the second string argument does not occur as a substring of the first argument, and returns 0 when the second string argument occurs at position 0 of the first string argument. Thus, strpos( "/admin", "/admin" ) returns 0, but strpos( "Cabbage/admin", "/admin" ) will return a positive integer.
You're supposed to test the return value explicitly: "if( strpos( $a, $b ) !== false )", but it only says that like five times in giant red letters on the manual page (http://us2.php.net/strpos) so it's easy to see how someone could miss it.
Admin
I think is just for incrementing the position with a value of 7. An alternative will be if(position>= 0) instead of if(position). If I'm right is not a WTF but a joke. In the worst case is job protection. Any string containing at least 2 letters will do the trick.
Admin
crap, seems i'm 2mins late...
Captcha: scooter. should've typed as fast as it.
Admin
Admin
Admin
IS_ADMIM. Nice.
Admin
Even the corrected version is a bit of a WTF, consider: http://example.com/foo.php/admin
This is a legal URL and $_SERVER['PHP_SELF'] from foo.php will then include the /admin, even though that's clearly not the intention.
Admin
Three WTFs:
they use PHP. A language where array[''] == array[0] is not for serious work.
a woman named Gabriel??
This textbox is horrendously small on konqueror
Admin
I was wondering what an ADMIM was. That's just asking for trouble, no?
Admin
Admin
PHP sucks LL Ruby
Admin
A fellow Discordian? :D
Admin
Coincidentally enough, just this morning I shredded an entire head of cabbage for dinner tonight. <cue Twilight Zone music>
captcha: Guilty! um I mean "scooter"
Admin
No smart ass comments about cole slaw, cabbage patch kids, or cabbage patching yet? Talk about falling down on the job.
Admin
Many years ago I worked on a set of programs in COBOL that contained the following statement at seemingly random places in the code.
compute xtdfa = xtdfa * 1.0.
several of them were preceeded by comments indicating that the line of code was essential. In those days everything was upper case so the comment didn't particularly stand out.
This was my first programming job and was mystified by the statements. It was a decimal number on a decimal machine so roundoff wasn't the answer.
I asked others working on the code and the universal response was "We don't know. We took it out once and the program stopped working".
Admin
A language where you need to use constructs like boolean_expression !== false in a conditional statement?
Wow. Just. Wow.
Admin
My first thought was to change this: // Beware ! . "Cabbage" is necesarry for the authentication to work corectly. // THIS IS NOT A JOKE ! if ( strpos( strtolower("Cabbage" . $_SERVER["PHP_SELF"]) , "/admin" ) )
to this:
work corectly. // THIS IS NOT A JOKE ! //if ( strpos( strtolower("Cabbage" . $_SERVER["PHP_SELF"]) , "/admin" ) ) //New version uses Corn if ( strpos( strtolower("Corn" . $_SERVER["PHP_SELF"]) , "/admin" ) )
just to mess with the future maintenance programmers. Keeping the old code there and commented out is important to the joke, I think.
Admin
"I was wondering what an ADMIM was. That's just asking for trouble, no?"
A slight bit of security by obscurity, I bet. Wouldn't surprise me if register_globals was enabled on this machine, and they don't want hackers guessing the existence of an IS_ADMIN parameter that can be set to true via query string.
Admin
Maybe they have, but like yesterday they have been expunged from the system by the men in black because we failed to post without our tin foil hats.
Admin
Maybe I am completely wrong here, and it´s also not important, but which nation consider ,,Gabriel,, a girl´s name?
Admin
If you feel the need to comment your code, then your function names are obviously not long enough.
Admin
It also returns a boolean false if it can't find the needle at all.
Admin
As far as strpos() goes in PHP, I think it would be a lot simpler to just return -1 when the substring is not found, and the starting index when it is.
For example:
if(strpos(strtolower($_SERVER["PHP_SELF"]), "/admin") != -1){// Admin page - must have admin priviledes.Then you don't need !== or ===, which I find to be rather annoying operators. This is exactly why I prefer staticly-typed langauges.
(The BBCode is extremely horrible on this site) :(
Admin
http://www.babynamesworld.com/search.php?p=qsearch&s_gender=2&s_copt=2&i_search=gab
Its usually shortened to gabby, but it can go both ways. Most people, the smart ones, go with Gabrielle.
Admin
Funnily enough, I recently implemented a non-WTFy auth system using cryptographic hashes. I had to choose a secret salt to insert in the data before signing to make it harder to crack. Maybe I should choose "Cabbage".
Admin
Or sensible, strongly typed dynamic languages. Not all those beginning with
are evil.
Admin
Ah, but even if register_globals was turned in, it wouldn't stuff a query parameter into the $_SESSION superglobal. All you'd get would be an auto-magically created var called $IS_ADMIN, and this particular code isn't testing for that... not to say that this isn't happening elsewhere in this pile of crap, but it's not happening here.
Admin
It came from nowhere (it says here) to be one of the more popular names in the late '90s (124 per million births). Then it went away again. Seems we have one very precocious young lady here...
I suspect a TV character, though the only reference I can find is to a (male) bisexual drug addict in an British drama series of the mid-90s. This seems to me to be an unlikely reference-point.
Any ideas, pop-pickers?
Admin
No no no...you can't return -1, you have to return FILE_NOT_FOUND
Admin
The funny thing is people do that sort of thing all the time in shell scripting:
Admin
How about Gabriella? Avoids the spelling ambiguity with the terminal LE.
Admin
I'm only afraid of two things, nuclear war and carnies. Circus Folk. Nomads, no doubt. Small hands. Smell like cabbage.
Admin
why, oh why would you intentionally put a lower-casing function around a hard-coded string that had upper-case characters? ARRRGH! How do you put "Cabbage" and not "cabbage"?!!
Admin
Gabrielle was Xena: Warrior Princess's "sidekick" on the popular Saturday afternoon cheese-fest.
Admin
...Why do you pass a hard-coded string into a lower-casing function in the first place?!?!?!?!
Admin
PHP, like this code, is a steaming heap of shit.
Admin
I browsed around a bit, and this seems to be a common (mis?)usage. I like it. I'm going to start using it. I hope I have a job someday where my title is Sizzly Admim.
Admin
Late 90s?
sounds about right for http://en.wikipedia.org/wiki/Gabrielle_%28Xena%29
Captcha: pointer. What this message is.
Admin
so this person really didn't know why it "needed" cabbage?
i'm sure this code is gonna get a lot better in her hands.
Admin
The real WTF is that "Cabbage" was used. Clearly, such a workaround requires a proper word like "fnord", "foo" or "bar". Or, of course "fhtagn" for the Lovecraft fans.
Though personally, I've become used to using preg_match(), which always returns a boolean. True, it isn't as efficient to use the regex engine for a simple string search, but the performance hit is negligible, and it's more fool- and typo-proof than "str_pos()!==false".
Admin
Admin
I was thinking of Gabrielle Reece.
http://en.wikipedia.org/wiki/Gabrielle_Reece
Admin
Admim is obviously the original application administrator, and since there was only one, you only need one session variable to check if it's really him.
All of my applications know me by name, too (IS_JIMMY).