• (cs)

    W T F ?! Was this written by a 4 year old? Even an amateur developer would have snipped from a book or an example online!

    Perhaps this is someone's idea of Obfuscation

  • (cs)

    I'm wondering what will happen if you turn Javascript of in the browser. I wonder if their backend system will let it through.

    If so...I'm signing up and getting some of the'Transfer funds' page!

  • (cs) in reply to ParkinT
    ParkinT:
    W T F ?! Was this written by a 4 year old? Even an amateur developer would have snipped from a book or an example online!
    Actually, this WTF is a perfect example of where that kind of copy-paste-adapt-coding leads when it's not accompanied by a sense of when one is doing something wrong and an urge to find a better way. Unfortunately, even professionals (let alone amateurs) often lack these.
  • s. (unregistered)

    And right at the very end, outside all the conditions:

    document.bgcolor="white";

  • (cs) in reply to ParkinT
    ParkinT:
    Even an amateur developer would have snipped from a book or an example online!

    One who, let's say, got hired after an interview with the secretary ;) ?

  • (cs)

    From the URL, it's apparent that this form is part of a Notes/Domino database. I recently started doing some Domino work for my company, and pretty much all the code written by Domino consultants we've hired in the past looks like this. I've already chopped a few several-hundred-line functions down to several-line functions.

  • Nicd (unregistered)

    I tried it out without running the JavaScript and found out that apparently not only does it NOT do any server-side checking of the password, it doesn't even check that the two passwords match!

  • (cs)

    Oh. Wow.

    It is so obvious, yet someone actually stuck with this disaster until it was finished. You'd think that by the time you reach 'e' you start looking for a better way.

  • (cs) in reply to magetoo
    magetoo:
    Oh. Wow.

    It is so obvious, yet someone actually stuck with this disaster until it was finished. You'd think that by the time you reach 'e' you start looking for a better way.

    Unless you are a consultant; billing hours spent on the project.

  • Cosmin Marginean (unregistered)

    I guess it takes a while before you realize that regular expressions are not for idiots.

  • Rakesh (unregistered)

    Hilarious... WTF

  • Not Dorothy (unregistered) in reply to ParkinT
    ParkinT:
    Unless you are a consultant; billing hours spent on the project.

    Or your productivity is measured in LOC

  • (cs) in reply to ParkinT

    Or unless you are a consultant, using LOC spent on the project to impress your customer (making sure they pay the huge "hours bill" on time).

  • (cs) in reply to magetoo
    magetoo:
    Oh. Wow.

    It is so obvious, yet someone actually stuck with this disaster until it was finished. You'd think that by the time you reach 'e' you start looking for a better way.

    Obviously, they were smart enough to script their own code generator:

    $chars = array(
        'a' => 'a',
        'b' => 'b',
        'c' => 'c',
        // snip ...
    );
    foreach($chars as $k => $char){
       echo <<< EOQ
    	for ( x = 0; x < passStr.length; x++ ) {
    		x = passStr.indexOf("$char", x );
    		if ( x > -1 ) {
    			pswdAlpha = pswdAlpha + 1;
    		} else {
    			break;
    		}
    	} 
    EOQ;
    }
    
    $digits = array(
        0 => '0',
        1 => '1',
        2 => '2',
        3 => '3',
        4 => '4',
        5 => '5',
        6 => '6',
        7 => '7',
        8 => '8',
        9 => '9',
    );
    foreach($digits as $k => $digit){
        echo <<< EOQ
     	var passindex = passStr.indexOf("2");
         if(passindex > -1){
         	pswdNum = pswdNum + 1;
    		}
    }
    EOQ;
    
  • SCB (unregistered) in reply to Someone You Know
    Someone You Know:
    From the URL, it's apparent that this form is part of a Notes/Domino database. I recently started doing some Domino work for my company, and pretty much all the code written by Domino consultants we've hired in the past looks like this. I've already chopped a few several-hundred-line functions down to several-line functions.

    I used to work opposite a couple of "Lotus Certified Professionals" (which presumably means that they have passed some kind of test). When they were asked to code something, they would post their problem to a message board, wait for someone to reply with the solution, then copy and paste the code. Here are some of the best comments that I overheard between them: "What is an 'array subscript error'?" "How do you test for something 'not equal'?" "What is the difference between round brackets and square brackets?"

  • (cs)
       var passindex = passStr.indexOf("0");  
       if ( passindex > -1)  {
          pswdNum = pswdNum + 1;
            }       
    

    var passindex = passStr.indexOf("1"); if(passindex >-1){ pswdNum = pswdNum + 1; }

    var passindex = passStr.indexOf("2"); if(passindex > -1){ pswdNum = pswdNum + 1; }

    OK, I'm scared by the fact that the indentation is different on the first one. Copy/pasting the same block, then just changing the number is one thing... but this leads me to believe that somebody actually typed it all out by hand.

  • (cs) in reply to SCB

    This is your company on Lotus Notes.

    Any questions?

  • someguy (unregistered) in reply to magetoo
    magetoo:
    Oh. Wow.

    It is so obvious, yet someone actually stuck with this disaster until it was finished. You'd think that by the time you reach 'e' you start looking for a better way.

    You seem to have misunderstood the code. Clearly, someone wrote it, complained "there must be a better way!" to a co-worker who told him "You could just use indexOf.", which the first someone didn't quite grasp.

  • Sour-faced Crotchety old Bastard (unregistered)

    These copy-and-paste punks today don't know anything about being a REAL coder. Why, when I was young I used to code 25 miles through snow and freezing rain to finish an assignment. And that was uphill both ways! We didn't have all these fancy things like intellisense and internet forums and IDEs and such, to do the work for us. Nossirree, Bob, we actually had to WORK for a living back then. Text editors and punch cards, and you better get it right the first time, because no so-called "development environment" was going to check it all for you first and tell you where your mistakes were.

    Nossir, these pantywaist wet-behind-the-ears kids today don't know nuthin' about being a REAL coder.

  • Andrew (unregistered)

    Ah, error messages with an exclamation mark on the end: but why not make it ", you idiot!"?

    And I love the way it complains when I don't enter my "Electronic Mail Address". Probably a good proportion of their target market won't even know what that means.

  • Beernutts (unregistered) in reply to Nicd
    Nicd:
    I tried it out without running the JavaScript ... it doesn't even check that the two passwords match!

    Yes it does: What do these lines mean to you?

    if(document.forms[0].NewPasswordConfirm.value != ""){
    	if(document.forms[0].NewPasswordConfirm.value != document.forms[0].NewPassword.value){
    		pswdflag = "true";
    		alert("The password entered in the New password Confirmation field does match the New Password!");
    		document.forms[0].NewPasswordConfirm.focus()
    
  • (cs)
  • (cs) in reply to Beernutts
    Beernutts:
    Nicd:
    I tried it out without running the JavaScript ... it doesn't even check that the two passwords match!

    Yes it does: What do these lines mean to you?

    if(document.forms[0].NewPasswordConfirm.value != ""){
    	if(document.forms[0].NewPasswordConfirm.value != document.forms[0].NewPassword.value){
    		pswdflag = "true";
    		alert("The password entered in the New password Confirmation field does match the New Password!");
    		document.forms[0].NewPasswordConfirm.focus()
    
    That with JavaScript off, it doesn't check if the two passwords match?
  • (cs) in reply to Beernutts
    Beernutts:
    Nicd:
    I tried it out without running the JavaScript ... it doesn't even check that the two passwords match!

    Yes it does: What do these lines mean to you?

    if(document.forms[0].NewPasswordConfirm.value != ""){
    	if(document.forms[0].NewPasswordConfirm.value != document.forms[0].NewPassword.value){
    		pswdflag = "true";
    		alert("The password entered in the New password Confirmation field does match the New Password!");
    		document.forms[0].NewPasswordConfirm.focus()
    
    What does running without JavaScript mean to you?
  • (cs) in reply to SCB
    SCB:
    Someone You Know:
    From the URL, it's apparent that this form is part of a Notes/Domino database. I recently started doing some Domino work for my company, and pretty much all the code written by Domino consultants we've hired in the past looks like this. I've already chopped a few several-hundred-line functions down to several-line functions.

    I used to work opposite a couple of "Lotus Certified Professionals" (which presumably means that they have passed some kind of test). When they were asked to code something, they would post their problem to a message board, wait for someone to reply with the solution, then copy and paste the code. Here are some of the best comments that I overheard between them: "What is an 'array subscript error'?" "How do you test for something 'not equal'?" "What is the difference between round brackets and square brackets?"

    Proving that "please email me teh codes" ain't just for Indian outsourcers (outsourcees? outsourcists?) anymore. Unless your story took place in India. In that case, do not read this comment.

  • (cs)

    Good programme. Me need too do zame valitation. Pleaz send my the codz.

  • (cs) in reply to ParkinT
    ParkinT:
    magetoo:
    Oh. Wow.

    It is so obvious, yet someone actually stuck with this disaster until it was finished. You'd think that by the time you reach 'e' you start looking for a better way.

    Unless you are a consultant; billing hours spent on the project.

    If your company hires a consultant for carte-blanche "hourly" billing, you deserve what you get. Whenever possible, you should have a project plan with peer-reviewed estimates, and then manage to that plan. Treat a consultant like any other employee. Companies who pay $200/hr for shoddy work like this are TRWTF - they create the environment for over-paid, under-skilled "consultants" to thrive.

  • Freddy Bob (unregistered)

    Without javascript turned on, there won't be any server-side checking because the form wouldn't even get submitted. The buttons are not a submit and a reset; they are type=buttons. The form gets submitted by the javascript. The magic deepens.

  • Anonymous (unregistered) in reply to Sour-faced Crotchety old Bastard
    Sour-faced Crotchety old Bastard:
    These copy-and-paste punks today don't know anything about being a REAL coder. Why, when I was young I used to code 25 miles through snow and freezing rain to finish an assignment. And that was uphill both ways! We didn't have all these fancy things like intellisense and internet forums and IDEs and such, to do the work for us. Nossirree, Bob, we actually had to WORK for a living back then. Text editors and punch cards, and you better get it right the first time, because no so-called "development environment" was going to check it all for you first and tell you where your mistakes were.

    Nossir, these pantywaist wet-behind-the-ears kids today don't know nuthin' about being a REAL coder.

    I like how you fit that comment under the article which is not about some new fancy, shmacy coding language. Shows you haven't really read it.

  • Sijin (unregistered)

    It's quite possible the guy was paid according to LoC, so he could have written that on purpose. We must realize that efficient code is only a metric for programmers and not for business types.

  • (cs)

    Well it was worth a try :)

    [image]
  • dave (unregistered) in reply to Zecc
    Zecc:
    Obviously, they were smart enough to script their own code generator: *snip*
    If they used perl, it'd be even easier:
    #!/usr/bin/perl
    
    @chars = (a..z, A..Z);
    
    foreach(@charsAndNums)
    {
        print <<END;
    for ( x = 0; x < passStr.length; x++ ) {
      x = passStr.indexOf("$_", x );
      if ( x > -1 ) {
        pswdAlpha = pswdAlpha + 1;
        } else {
        break;
      }
    }
    END
    }
    
  • dave (unregistered) in reply to dave
    dave:
    Zecc:
    Obviously, they were smart enough to script their own code generator: *snip*
    If they used perl, it'd be even easier:
    #!/usr/bin/perl
    @chars = (a..z, A..Z);
    foreach(@chars)
    {
        print <<END;
    for ( x = 0; x < passStr.length; x++ ) {
      x = passStr.indexOf("$_", x );
      if ( x > -1 ) {
        pswdAlpha = pswdAlpha + 1;
        } else {
        break;
      }
    }
    END
    }
    

    Opps. Fixed.

  • somejackass (unregistered) in reply to ParkinT

    That's gotta be generated code. Not a WTF if so.

  • (cs) in reply to somejackass
    somejackass:
    That's gotta be generated code. Not a WTF if so.

    No, it's still a WTF, just on a whole different level.

  • Sour-faced Crotchety old Bastard (unregistered) in reply to Anonymous
    Anonymous:
    Sour-faced Crotchety old Bastard:
    These copy-and-paste punks today don't know anything about being a REAL coder. Why, when I was young I used to code 25 miles through snow and freezing rain to finish an assignment. And that was uphill both ways! We didn't have all these fancy things like intellisense and internet forums and IDEs and such, to do the work for us. Nossirree, Bob, we actually had to WORK for a living back then. Text editors and punch cards, and you better get it right the first time, because no so-called "development environment" was going to check it all for you first and tell you where your mistakes were.

    Nossir, these pantywaist wet-behind-the-ears kids today don't know nuthin' about being a REAL coder.

    I like how you fit that comment under the article which is not about some new fancy, shmacy coding language. Shows you haven't really read it.
    (Using best Darth Vader voice) Your perceptive powers are weak, old man.

    Perhaps it is you who have not really read my post.

  • Eric (unregistered)

    This kind of incompetence gives lotus domino a bad name.

    Domino's built in validation option makes it so easy though. One line of code wil validate server-side

    see for yourself

  • Some Analyst (unregistered) in reply to Eric
    Eric:
    This kind of incompetence gives lotus domino a bad name.

    I beg to differ. Lotus Domino worked hard to tarnish their name on their own, and don't need any help in that department from upstart developers who think they know how to develop WTFs!

  • Richard Sargent (unregistered) in reply to ParkinT
    ParkinT:
    magetoo:
    Oh. Wow.

    It is so obvious, yet someone actually stuck with this disaster until it was finished. You'd think that by the time you reach 'e' you start looking for a better way.

    Unless you are a consultant; billing hours spent on the project.

    Oh no, on the contrary. A real enterprisey consultant would have written a code generator to avoid the duplicated effort associated with copy and paste (and the inevitable error of failing to replace the individual character being tested with the correct one).

    And of course, the input to the code generator would be XML!

  • John Doe (unregistered)

    It's obvious what the problem is: it's not enterprisey enough. What if someone wants to use a password with Thai or Arabic characters? You'll need to define at least a PasswordInternationalAlphabeticCharacterIterator class in Javascript, which can check for the letters.

  • Matthew (unregistered) in reply to somejackass
    somejackass:
    That's gotta be generated code. Not a WTF if so.

    Generated by what? A monkey?

  • kj (unregistered)

    The developer could've written a function in some server side language to produce this javascript, which would've probably taken about as little time to write as a javascript regexp function...

  • (cs) in reply to ParkinT
    ParkinT:
    magetoo:
    Oh. Wow.

    It is so obvious, yet someone actually stuck with this disaster until it was finished. You'd think that by the time you reach 'e' you start looking for a better way.

    Unless you are a consultant; billing hours spent on the project.

    Or, y'know, stupid.

  • anonymous (unregistered) in reply to clively

    So true.

    Did you know Lotus Notes is an anagram of 'Shoot me please'?

    OK, so I lied..

  • Mike5 (unregistered) in reply to Some Analyst
    Some Analyst:
    Eric:
    This kind of incompetence gives lotus domino a bad name.

    I beg to differ. Lotus Domino worked hard to tarnish their name on their own, and don't need any help in that department from upstart developers who think they know how to develop WTFs!

    Oh yeah. Blame the tool!(tm) I bet the compilers is of course to blame for all the most of the WTFs on this site. I work on Domino, and personally would love to see more Domino WTFs. But I guess nobody would appreciate them...

    Mike5

  • RGupta (unregistered) in reply to ParkinT
    ParkinT:
    magetoo:
    Oh. Wow.

    It is so obvious, yet someone actually stuck with this disaster until it was finished. You'd think that by the time you reach 'e' you start looking for a better way.

    Unless you are a consultant; billing hours spent on the project.

    And that consultant is sitting thousands of miles away in a 'coding farm' in India...

    Yea, let's keep outsourcing code development...

  • pdwalker (unregistered)

    Hahahaha...

    Looks pretty thorough to me!

  • dkf (unregistered) in reply to anonymous
    anonymous:
    Did you know Lotus Notes is an anagram of 'Shoot me please'?
    No it's not. It just means the same thing.
  • John Hardin (unregistered) in reply to ParkinT
    ParkinT:
    magetoo:
    It is so obvious, yet someone actually stuck with this disaster until it was finished. You'd think that by the time you reach 'e' you start looking for a better way.
    Unless you are a consultant; billing hours spent on the project.
    Two words:

    Code generator.

    Well, actually, three words:

    bad code generator.

  • john (unregistered) in reply to Sunday Ironfoot

    Bobby is that you?

Leave a comment on “Complex Complex Validation”

Log In or post as a guest

Replying to comment #:

« Return to Article