- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
W T F ?! Was this written by a 4 year old? Even an amateur developer would have snipped from a book or an example online!
Perhaps this is someone's idea of Obfuscation
Admin
I'm wondering what will happen if you turn Javascript of in the browser. I wonder if their backend system will let it through.
If so...I'm signing up and getting some of the'Transfer funds' page!
Admin
Admin
And right at the very end, outside all the conditions:
document.bgcolor="white";
Admin
One who, let's say, got hired after an interview with the secretary ;) ?
Admin
From the URL, it's apparent that this form is part of a Notes/Domino database. I recently started doing some Domino work for my company, and pretty much all the code written by Domino consultants we've hired in the past looks like this. I've already chopped a few several-hundred-line functions down to several-line functions.
Admin
I tried it out without running the JavaScript and found out that apparently not only does it NOT do any server-side checking of the password, it doesn't even check that the two passwords match!
Admin
Oh. Wow.
It is so obvious, yet someone actually stuck with this disaster until it was finished. You'd think that by the time you reach 'e' you start looking for a better way.
Admin
Admin
I guess it takes a while before you realize that regular expressions are not for idiots.
Admin
Hilarious... WTF
Admin
Or your productivity is measured in LOC
Admin
Or unless you are a consultant, using LOC spent on the project to impress your customer (making sure they pay the huge "hours bill" on time).
Admin
$chars = array( 'a' => 'a', 'b' => 'b', 'c' => 'c', // snip ... ); foreach($chars as $k => $char){ echo <<< EOQ for ( x = 0; x < passStr.length; x++ ) { x = passStr.indexOf("$char", x ); if ( x > -1 ) { pswdAlpha = pswdAlpha + 1; } else { break; } } EOQ; } $digits = array( 0 => '0', 1 => '1', 2 => '2', 3 => '3', 4 => '4', 5 => '5', 6 => '6', 7 => '7', 8 => '8', 9 => '9', ); foreach($digits as $k => $digit){ echo <<< EOQ var passindex = passStr.indexOf("2"); if(passindex > -1){ pswdNum = pswdNum + 1; } } EOQ;Admin
I used to work opposite a couple of "Lotus Certified Professionals" (which presumably means that they have passed some kind of test). When they were asked to code something, they would post their problem to a message board, wait for someone to reply with the solution, then copy and paste the code. Here are some of the best comments that I overheard between them: "What is an 'array subscript error'?" "How do you test for something 'not equal'?" "What is the difference between round brackets and square brackets?"
Admin
OK, I'm scared by the fact that the indentation is different on the first one. Copy/pasting the same block, then just changing the number is one thing... but this leads me to believe that somebody actually typed it all out by hand.
Admin
This is your company on Lotus Notes.
Any questions?
Admin
You seem to have misunderstood the code. Clearly, someone wrote it, complained "there must be a better way!" to a co-worker who told him "You could just use indexOf.", which the first someone didn't quite grasp.
Admin
These copy-and-paste punks today don't know anything about being a REAL coder. Why, when I was young I used to code 25 miles through snow and freezing rain to finish an assignment. And that was uphill both ways! We didn't have all these fancy things like intellisense and internet forums and IDEs and such, to do the work for us. Nossirree, Bob, we actually had to WORK for a living back then. Text editors and punch cards, and you better get it right the first time, because no so-called "development environment" was going to check it all for you first and tell you where your mistakes were.
Nossir, these pantywaist wet-behind-the-ears kids today don't know nuthin' about being a REAL coder.
Admin
Ah, error messages with an exclamation mark on the end: but why not make it ", you idiot!"?
And I love the way it complains when I don't enter my "Electronic Mail Address". Probably a good proportion of their target market won't even know what that means.
Admin
Yes it does: What do these lines mean to you?
Admin
I loved the hidden white square image with weird address.
Admin
Admin
Admin
Proving that "please email me teh codes" ain't just for Indian outsourcers (outsourcees? outsourcists?) anymore. Unless your story took place in India. In that case, do not read this comment.
Admin
Good programme. Me need too do zame valitation. Pleaz send my the codz.
Admin
If your company hires a consultant for carte-blanche "hourly" billing, you deserve what you get. Whenever possible, you should have a project plan with peer-reviewed estimates, and then manage to that plan. Treat a consultant like any other employee. Companies who pay $200/hr for shoddy work like this are TRWTF - they create the environment for over-paid, under-skilled "consultants" to thrive.
Admin
Without javascript turned on, there won't be any server-side checking because the form wouldn't even get submitted. The buttons are not a submit and a reset; they are type=buttons. The form gets submitted by the javascript. The magic deepens.
Admin
Admin
It's quite possible the guy was paid according to LoC, so he could have written that on purpose. We must realize that efficient code is only a metric for programmers and not for business types.
Admin
Well it was worth a try :)
[image]Admin
#!/usr/bin/perl @chars = (a..z, A..Z); foreach(@charsAndNums) { print <<END; for ( x = 0; x < passStr.length; x++ ) { x = passStr.indexOf("$_", x ); if ( x > -1 ) { pswdAlpha = pswdAlpha + 1; } else { break; } } END }Admin
Opps. Fixed.
Admin
That's gotta be generated code. Not a WTF if so.
Admin
No, it's still a WTF, just on a whole different level.
Admin
Perhaps it is you who have not really read my post.
Admin
This kind of incompetence gives lotus domino a bad name.
Domino's built in validation option makes it so easy though. One line of code wil validate server-side
see for yourself
Admin
I beg to differ. Lotus Domino worked hard to tarnish their name on their own, and don't need any help in that department from upstart developers who think they know how to develop WTFs!
Admin
Oh no, on the contrary. A real enterprisey consultant would have written a code generator to avoid the duplicated effort associated with copy and paste (and the inevitable error of failing to replace the individual character being tested with the correct one).
And of course, the input to the code generator would be XML!
Admin
It's obvious what the problem is: it's not enterprisey enough. What if someone wants to use a password with Thai or Arabic characters? You'll need to define at least a PasswordInternationalAlphabeticCharacterIterator class in Javascript, which can check for the letters.
Admin
Generated by what? A monkey?
Admin
The developer could've written a function in some server side language to produce this javascript, which would've probably taken about as little time to write as a javascript regexp function...
Admin
Or, y'know, stupid.
Admin
So true.
Did you know Lotus Notes is an anagram of 'Shoot me please'?
OK, so I lied..
Admin
Oh yeah. Blame the tool!(tm) I bet the compilers is of course to blame for all the most of the WTFs on this site. I work on Domino, and personally would love to see more Domino WTFs. But I guess nobody would appreciate them...
Mike5
Admin
And that consultant is sitting thousands of miles away in a 'coding farm' in India...
Yea, let's keep outsourcing code development...
Admin
Hahahaha...
Looks pretty thorough to me!
Admin
Admin
Code generator.
Well, actually, three words:
bad code generator.
Admin
Bobby is that you?