• (cs) in reply to uniq

    uniq:
    It doesn't work. I thought that at least first 2 images (not cutted) should work.

    Probably done intentionally to avoid any image/copyright/ownership issues...

     

  • aultl (unregistered) in reply to anon

    <font size="2">I have no words to discribe how this post make me feel. This will give me nightmares for many months to come. </font>

  • (cs) in reply to phearlez
    phearlez:
    I can't believe nobody has pointed out that in the midst of being clever, there's no effort to check that the array index is in bounds!

    I guess error checking isn't clever.


    See, you don't understand php. In php there are no "true" arrays, they're all hashtables just pretending. So the only thing you could really do is call array_key_exists(), and make sure the key you're looking for is actually in the array. There really is no "out of bounds" since the keys can be 1,2,3,4,bob,bob[], 5,6,7,etc.

    Php is useful for many things, but it doesn't really support any datastructure outside of a database.
  • jzlondon (unregistered) in reply to Rank Amateur

    Of course, as so often, the real WTF is the number of people on thedailywtf.com defending this...

  • (cs) in reply to Satanicpuppy
    Satanicpuppy:
    Anonymous:
    Satanicpuppy:

     "http://www.stupidprogrammer.com/image.php?image=your_mom_naked.gif"

    where have you got this picture from ?

    Heh. Just an example. Pretty much any site that has images worth swiping has them archived using a sequential identifier, linked to the page through a database. When those images are pulled using get data, you can use any one picture to iterate through their entire catalog, and rip out every single picture.

    I was working for a company, and we were doing a project and needed picture data that belonged to another company that was owned by the same company that owned my company. Theoretically we were supposed to be cooperating, but it boiled down to a permanent pissing contest over resources. I got fed up with it one night, and wrote a scraper to pull every single picture and store it based on data that was easily croppable from their pages. Then I set it to run on our internal corporate network (so their admin's wouldn't notice the bot traffic on their external web address) and in the morning, we magically had all the data that we needed.

    Got the idea from a project a roommate of mine put together...He called it "The Unstoppable Sex Machine" and it basically did the same thing, but with porn sites, and it didn't limit itself to one site. Hence, "your_mom_naked.gif".



    Writing porn scripts/apps really make up for all of the time you spent not getting laid. Here's a tip for you froogle coders: some popular movie formats can be simply cat'ed together. Combine with curl/wget, and a simple pattern on a URL - you're in for a good time.
  • php (unregistered)

    Even if they are doing a bad job of it, I'm glad to see php getting attention.

    Bad attention is better than no attention, right,  ...right?

  • (cs) in reply to php
    Anonymous:
    Even if they are doing a bad job of it, I'm glad to see php getting attention.

    Bad attention is better than no attention, right,  ...right?


    It's crap like this which makes me glad that I can program in Python. =P


  • Unbelievable! (unregistered)

    What is worse than this and other WTF code are the morons that try to justify them. The IT field is contaminated with incompetent, undisciplined, hacking, self-proclaimed programmers (DBAs, Architects, Engineers, etc included) that are an insult to me and other professionals. Unbelievable!

  • (cs) in reply to Unbelievable!
    Anonymous:

    What is worse than this and other WTF code are the morons that try to justify them. The IT field is contaminated with incompetent, undisciplined, hacking, self-proclaimed programmers (DBAs, Architects, Engineers, etc included) that are an insult to me and other professionals. Unbelievable!



    I don't think they're so much trying to justify it, as trying to figure out what the person in question must have been thinking. There is more than one way to solve every problem.
  • (cs) in reply to David
    Anonymous:
    Clearly you can't understand the genius of this design!  The graphics artists can modify images with notepad!  Imagine how much easier that must be on them than opening up something like photoshop. 


    LOL!
  • NN (unregistered) in reply to aakoch

    Well.. could be used if you want to make an easy to share little webpage. You can put allt the code + images in one file..

    then again.. maybe not :P

  • David (unregistered)

    That is a joke. It must be a joke. Please tell me it's a joke.

  • HelluvaEngineer (unregistered) in reply to nobody
    Anonymous:
    Um, displaying images through a filter script like that is a fairly reasonable way to deal with security. Done correctly, the browser can still cache the image, and the performance hit is not that great.


    Why wouldn't you just put the images in a secure directory, then write a script to check permissions, open the appropriate file, set MIME type and stream it to the requestor?  This approach seems bizarre, but about what I would expect from some PHP "developers".  Cough... InfiSt@r!
  • (cs)

    (shiver)

    I shudder to think how much memory and runtime that little script uses by loading up and parsing all those constants into memory every time you want to display an image. Remember folks, php is an interpreted language.

     

     

  • Robert (unregistered) in reply to Satanicpuppy

    Company I worked for (left a while ago) did something similar, with / without justification... :^)

    We had a library (gui.php) and it was used to build common components of sites, a la:

    include( 'gui.php' );

    $g = new GUI();
    echo $g->page_header();

    echo $g->block_header( "This is the thingy..." );
    echo "

    • Hello\n
    • World\n
    \n";
    echo $g->block_footer( $buttons=array('ok', 'cancel') );

    echo $g->page_footer();


    ...or something of the kind.  Point was that "block_header" was a lot more complicated than "

    " and block footer needed support for graphics, buttons, help-text, tooltips, etc, etc.  Each gui.php could be customized per client (ie: ClientFoo used red headers and footers, ClientBar used footer buttons with stretched bars or with extra spacing, without, etc...)  This was before CSS was really useful or widespread, so a solution like this was "needed" to preserve visual integrity across NS4.7, IE, Mac, etc.

    Deal ended up being that they wanted to make a generic "gui.php" that they could drop-ship into self-contained client installations and not have to worry about it.  Having to have a separate gui.php and corner-left|right|bottom|top.gif was a chore, so they ended up including some small (~200 bytes) images that the gui.php could "serve as itself", using a method similar to this WTF describes.

    bar.php uses gui.php
    [table]
    [tr][td][img src=gui.php?img=ul][/td][td] Hello World [/td][td][img src=gui.php?img=ur][/td][/tr]
    ...etc...
    [/table]

    That way they could have a quick turnaround time, nice curves in an era of squares, and not have to worry about any external dependencies when delivering stuff to clients.

    Anyway, doing it all like that (vs. 200 byte images) definitely qualifies as WTF, but if it's part of how the client wants it to operate you've got to know what the requirements were before you fully pass judgement.  :^)

    --Robert

  • (cs)
    Alex Papadimoulis:

    We keep all of our images in images.php, his coworker explained, so just put it in there.

    That one sentence is wrong in so many ways! For starters, naming a file as "images" cries out that you're a dimwit! Secondly, storing images in a dynamic document - wtf? Just "put" it in there <by copying and pasting the text>? There's much, much more efficient ways to store files. Lastly, PHP (need I say more)!?

  • (cs) in reply to Satanicpuppy
    Satanicpuppy:
    phearlez:
    I can't believe nobody has pointed out that in the midst of being clever, there's no effort to check that the array index is in bounds!

    I guess error checking isn't clever.


    See, you don't understand php. In php there are no "true" arrays, they're all hashtables just pretending. So the only thing you could really do is call array_key_exists(), and make sure the key you're looking for is actually in the array. There really is no "out of bounds" since the keys can be 1,2,3,4,bob,bob[], 5,6,7,etc.


    Gimmie a break. You're quibbling over deck chairs on the Titanic. If Zeev can call it an array then I can call it 'out of bounds' when the key doesn't appear in it.

    Depending on the PHP setting for showing notices, using a value <strikeout>out of bounds</strikeout> not in the hash will either spew nothing or a text message, meaning that the result is going to either be the mime type and then a 0-length return or something that will show up at the other end as an invalid GIF since it won't have the obligatory initial header
  • d (unregistered)

    Doesn't this bring to mind the latest window's flaw where virus writers can embed malicious code in image files?!  Maybe this dood's company is a front for an evil gang of haxkors.

  • asshole (unregistered) in reply to retnuh

    <FONT color=#ff0000>[um][um][um][um]</FONT>

  • d (unregistered) in reply to d
    Anonymous:
    Doesn't this bring to mind the latest window's flaw where virus writers can embed malicious code in image files?!  Maybe this dood's company is a front for an evil gang of haxkors.


    Isn't this timely... I just noticed that M$ released the patch for this flaw.  http://windowsupdate.microsoft.com

    It was scheduled to be released on the 10th.   http://it.slashdot.org/article.pl?sid=06/01/05/2027259&tid=172&tid=128&tid=201&tid=218
  • (cs) in reply to Satanicpuppy
    Satanicpuppy:
    Anonymous:
    Even if they are doing a bad job of it, I'm glad to see php getting attention.

    Bad attention is better than no attention, right,  ...right?


    It's crap like this which makes me glad that I can program in Python. =P


    I don't know about that, I could have this working in 5 minutes in any of about two dozen languages, including python. There's something going for it, it's really a very portable solution! ...just too bad http is even more portable.
  • anonymous (unregistered)

    Security? What security? It's an image. If it can be seen in a browser, it can be saved. End of story. At worst, print screen. paste. save. stolen.

    This is a WTF any way you look at it.

  • database guy (unregistered)

    Someone please order many of the special goggles so that we will be able to work again.

  • (cs) in reply to phearlez
    phearlez:
    Satanicpuppy:
    phearlez:
    I can't believe nobody has pointed out that in the midst of being clever, there's no effort to check that the array index is in bounds!

    I guess error checking isn't clever.


    See, you don't understand php. In php there are no "true" arrays, they're all hashtables just pretending. So the only thing you could really do is call array_key_exists(), and make sure the key you're looking for is actually in the array. There really is no "out of bounds" since the keys can be 1,2,3,4,bob,bob[], 5,6,7,etc.


    Gimmie a break. You're quibbling over deck chairs on the Titanic. If Zeev can call it an array then I can call it 'out of bounds' when the key doesn't appear in it.

    Depending on the PHP setting for showing notices, using a value <strikeout>out of bounds</strikeout> not in the hash will either spew nothing or a text message, meaning that the result is going to either be the mime type and then a 0-length return or something that will show up at the other end as an invalid GIF since it won't have the obligatory initial header

    I guess you missed the isset()? You do understand that this is one common way of checking for php hash/array in-bounds?

    If the key is missing, this script just won't output anything at all. (Except pointless headers.)
  • (cs) in reply to d
    Anonymous:

    Isn't this timely... I just noticed that M$ released the patch for this flaw.  http://windowsupdate.microsoft.com

    It was scheduled to be released on the 10th.   http://it.slashdot.org/article.pl?sid=06/01/05/2027259&tid=172&tid=128&tid=201&tid=218

    <font size="5">I</font>t is really interesting to see the effect of competiton, from the "unofficial third-party" patch, has had on Microsoft.  The three blind mice or even headless chickens come to mind.  I'm glad I'm no longer on that bus.
  • (cs) in reply to foxyshadis
    foxyshadis:
    phearlez:
    Satanicpuppy:
    phearlez:
    I can't believe nobody has pointed out that in the midst of being clever, there's no effort to check that the array index is in bounds!

    I guess error checking isn't clever.


    See, you don't understand php. In php there are no "true" arrays, they're all hashtables just pretending. So the only thing you could really do is call array_key_exists(), and make sure the key you're looking for is actually in the array. There really is no "out of bounds" since the keys can be 1,2,3,4,bob,bob[], 5,6,7,etc.


    Gimmie a break. You're quibbling over deck chairs on the Titanic. If Zeev can call it an array then I can call it 'out of bounds' when the key doesn't appear in it.

    Depending on the PHP setting for showing notices, using a value <strikeout>out of bounds</strikeout> not in the hash will either spew nothing or a text message, meaning that the result is going to either be the mime type and then a 0-length return or something that will show up at the other end as an invalid GIF since it won't have the obligatory initial header

    I guess you missed the isset()? You do understand that this is one common way of checking for php hash/array in-bounds?

    If the key is missing, this script just won't output anything at all. (Except pointless headers.)

    He's right. Php won't output anything if you access a key that doesn't exist. Doesn't give a damn if you use a variable that hasn't been initalised either. If you have Display_errors set to "On" it'll tell you those things, but it won't stop operation or anything like that. The only really fatal errors are parse errors.

    That's one of the things about php that give people the heebie jeebies, when you start talking about security.
  • 604 (unregistered) in reply to Skippy

    My next project at work is creating a repository for images for artists and writers.  One management-type person said they wanted the images stored inside a database, another management-type person thinks file locations should be stored in the database and not the actual image.

    I can do it either way, I'm not emotionally attached to either implementation.  I can't see any real overriding reasons to prefer one over the other.   One supervisor said "but if the application is down you can't get to the images" I don't see this as a problem if the app is in production and used it should be easy enough to maintain (at least to get the images in/out) and seems like a trite excuse.  However this seems to highlight an advantage.  If the application is supposed to keep information/history of the images, storing the image inside the database would ensure some integrity keeping people from messing with the files outside of the application.

    So database the images or keep them in a file system?  If it was just a web app and the images were just part of the pages, I think storing them in a DB would be retarded.   In this instance though since the images are the data being managed I'm not sure.

  • (cs) in reply to ellion
    ellion:
    [...]What about a function to vote the most innovative wtf? This one's surely gonna rock :D

    <font size="5">R</font>egistered members can give a rating to each article at the top of the post by using the http://thedailywtf.com/Themes/default/images/ratetopic.gif icon.
  • (cs) in reply to foxyshadis
    foxyshadis:
    Satanicpuppy:
    Anonymous:
    Even if they are doing a bad job of it, I'm glad to see php getting attention.

    Bad attention is better than no attention, right,  ...right?


    It's crap like this which makes me glad that I can program in Python. =P


    I don't know about that, I could have this working in 5 minutes in any of about two dozen languages, including python. There's something going for it, it's really a very portable solution! ...just too bad http is even more portable.

    Oh, it has a certain "brute force" elegance, I admit. I'd be afraid to use the method though, because of the performace hit on any site with multiple pictures...Well, that and the fact that it sucks. I could make a regular folder of pictures work just as well. It doesn't get much more portable than php; install php, unzp the files, and you're done...Unless you moved between windows and unix without thinking about little things like case sensitivity.
  • tim (unregistered)

    hang on, doesn't "." in php mean that you are concatenating the string? So for each line, you're spending heaps of ram (not just twice the size either!) just to build the string, and that's even before you've started serving the data? oh dear...

  • Plonk (unregistered) in reply to Satanicpuppy

    Satanicpuppy:
    Anonymous:
    Satanicpuppy:

     "http://www.stupidprogrammer.com/image.php?image=your_mom_naked.gif"

    where have you got this picture from ?

    Got the idea from a project a roommate of mine put together...He called it "The Unstoppable Sex Machine" and it basically did the same thing, but with porn sites, and it didn't limit itself to one site. Hence, "your_mom_naked.gif".

    A very humerous anecdote.

    Was your flatmate into MS Access and MS SQL Server also?

     

  • Eric (unregistered) in reply to David
    Anonymous:
    That is a joke. It must be a joke. Please tell me it's a joke.


    I would hope this would be some variety of "freak the new guy/make him show he has a brain by squawking" initiation, but the introduction suggests this sort of code is typical.

    Now, feeding binary from a script is not bad when appropriate.  I've build document-download sites where particular documents are restricted to certain users, so I use a script that validates whether someone really is allowed to download a file before spitting it out to them.  (It also records that they've downloaded the file so s/he gets an emailed notification if it's updated later - this company is persnickety about updates.)  But, as people have suggested, it's one thing to stream some images from a file or even a BLOB in a database and quite another to hard-code the data in a script.
  • (cs) in reply to foxyshadis
    foxyshadis:

    I guess you missed the isset()? You do understand that this is one common way of checking for php hash/array in-bounds?

    If the key is missing, this script just won't output anything at all. (Except pointless headers.)
    The isset only seems to be checking for a GET value not its existance in the array ( or hash table ).
    if(isset($_GET["image"]))

  • (cs)

    <FONT face=Georgia>Question: does anybody know what pattern images follow when turned to text files? I'm sure it differs from file type (like gif, jpg, psd, etc.), but does anybody know if there is some sort of rhyme or reason to the conversion? </FONT>

  • (cs) in reply to paranoidgeek
    paranoidgeek:
    foxyshadis:

    I guess you missed the isset()? You do understand that this is one common way of checking for php hash/array in-bounds?

    If the key is missing, this script just won't output anything at all. (Except pointless headers.)
    The isset only seems to be checking for a GET value not its existance in the array ( or hash table ).
    if(isset($_GET["image"]))

    Duh? In this code, the "isset" function checks for the existance of the "image" key into the "$_GET" array (in the retarded PHP meaning of the word), or maybe you're telling us you didn't know that $_GET or $_POST are merely arrays prefilled by the interpreter?

  • tim (unregistered) in reply to BiggBru
    BiggBru:

    <font face="Georgia">Question: does anybody know what pattern images follow when turned to text files? I'm sure it differs from file type (like gif, jpg, psd, etc.), but does anybody know if there is some sort of rhyme or reason to the conversion? </font>



    maybe they want to do something like this:

    http://www.asp101.com/articles/lewis/dynamicgif/default.asp

    I did something like this once (except the gif was in a BLOB to begin with).
  • John (unregistered) in reply to masklinn
    masklinn:
    paranoidgeek:
    foxyshadis:

    I guess you missed the isset()? You do understand that this is one common way of checking for php hash/array in-bounds?

    If the key is missing, this script just won't output anything at all. (Except pointless headers.)
    The isset only seems to be checking for a GET value not its existance in the array ( or hash table ).
    if(isset($_GET["image"]))

    Duh? In this code, the "isset" function checks for the existance of the "image" key into the "$_GET" array (in the retarded PHP meaning of the word), or maybe you're telling us you didn't know that $_GET or $_POST are merely arrays prefilled by the interpreter?



    Duh? Maybe you're telling us that you don't know that images is a hashtable which may or may not contain the key. They should perhaps check if that key exists, don't you think?
  • asdf (unregistered) in reply to Djinn
    Satanicpuppy:
    Got the idea from a project a roommate of mine put together...He called it "The Unstoppable Sex Machine" and it basically did the same thing, but with porn sites, and it didn't limit itself to one site. Hence, "your_mom_naked.gif".


    Ah, the power of porn. I've made a similar PHP script that goes sequentially through a set of images.  For example, if your images are in the format "http://www.somesite.com/images/imgXXXXb.jpg" you have to manually parse it out to be in three parts: "http://www.somesite.com/images/img", the number of digits in the number (in this case, 4), and "b.jpg".  It then outputs all of the images in a range you specify.  It's quite clever, runs fast (since it's simple and runs on my local machine), and saves a lot of time since you don't have to change the URL to get to the next image.


    Djinn:
    Writing porn scripts/apps really make up for all of the time you spent not getting laid. Here's a tip for you froogle coders: some popular movie formats can be simply cat'ed together. Combine with curl/wget, and a simple pattern on a URL - you're in for a good time.


    Good tip, I didn't know that.  May have to look into this more :D

    CAPTCHA: DOOM (rather foreboding, isn't it...)
  • (cs) in reply to John
    Anonymous:
    masklinn:
    Duh? In this code, the "isset" function checks for the existance of the "image" key into the "$_GET" array (in the retarded PHP meaning of the word), or maybe you're telling us you didn't know that $_GET or $_POST are merely arrays prefilled by the interpreter?


    Duh? Maybe you're telling us that you don't know that images is a hashtable which may or may not contain the key. They should perhaps check if that key exists, don't you think?
    If you scroll waaay up to the orignall discussition was whether or not it would output a 0-length string if the image was not avalible. Doing isset($_GET['image']) wont do this. However isset($image[$_GET['image']]) would.

    With foresight i should have written :
    The isset only seems to be checking for a GET 'image' value not its existance in the array ( or hash table ) of the images ( $images ).
  • boxmonkey (unregistered) in reply to mysql101

    I'm shocked that nobody called you out on this. md5 hashes are not even remotely unique. You could end up with 2 images with the same md5 hash, even if the images are very, very different. Your code may end up on this site some day.

  • boxmonkey (unregistered) in reply to mysql101

    My previous post was in response to this:

    Anonymous:
    Personally, I like to generate a md5 hash of the image's contents, and use that as the filename. It helps me not duplicate content, but also renders image1.jpg - image10.jpg issues gone.

  • tim (unregistered) in reply to boxmonkey

    Anonymous:
    I'm shocked that nobody called you out on this. md5 hashes are not even remotely unique. You could end up with 2 images with the same md5 hash, even if the images are very, very different. Your code may end up on this site some day.

    Oh, I didn't know that. I thought that was kind of the point for MD5. So, a) where's the proof (mathematically), and b) what should I be doing if I want to generate a unique sum of a file?

  • imbusy (unregistered)

    Even i didn't think of that. This must be very clever.

  • maht (unregistered)

    What everyone seems to be forgetting is that PHP is compilable.

    So once this sucker's compiled there's not parsing / unbase64encoding to do, just a simple array lookup.

    the WTF is he forgot to add the content-length header required by http !!!

    omg


  • (cs) in reply to tim
    Anonymous:
    where's the proof (mathematically)

    I don't see why you'd need a mathematical proof, collisions are part of the world of hashing period. And even without knowing that, you're mapping an unlimited number of different messages (since you can hash anything) to 128 bits.

    I don't know you, but I find quite obvious that you're going to get collisions (aka same hash for different hashed data) when you're translating the infinity to 340.282.366.920.938.463.463.374.607.431.768.211.456 possible output messages.

    See Wikipedia's articles on Hash Collision and Cryptographic Hash Functions for some more informations.

  • tim (unregistered) in reply to masklinn

    ok, point taken.

  • Iago (unregistered) in reply to tim
    Anonymous:

    Oh, I didn't know that. I thought that was kind of the point for MD5. So, a) where's the proof (mathematically), and b) what should I be doing if I want to generate a unique sum of a file?



    The proof is trivial.  Since all MD5 sums are exactly 128 bits, the number of distinct MD5 sums is very limited compared to the number of possible files, which is large enough to be effectively infinite.  Therefore, there must be an essentially infinite number of possible files which hash to any given MD5 sum.  This is true of any hash algorithm.

    But there's no reason for you to worry, because the chances of any two valid files of a given size having the same MD5 sum is very small.  (In fact, it's rather MORE likely if the images are very, very different.  The closer they are in size and format, the less likely a collision is, because the whole point of MD5 and similar algorithms is to ensure that minor differences in input translate to major differences in output.)
  • (cs) in reply to masklinn
    masklinn:
    Anonymous:
    where's the proof (mathematically)

    I don't see why you'd need a mathematical proof, collisions are part of the world of hashing period. And even without knowing that, you're mapping an unlimited number of different messages (since you can hash anything) to 128 bits.

    I don't know you, but I find quite obvious that you're going to get collisions (aka same hash for different hashed data) when you're translating the infinity to 340.282.366.920.938.463.463.374.607.431.768.211.456 possible output messages.

    See Wikipedia's articles on Hash Collision and Cryptographic Hash Functions for some more informations.



    agreed, but, mathematically - chances anyone? anyone listen in on their probability lectures during highschool?

    im willing to bet that I will never hit a double.
  • Alan Trick (unregistered) in reply to Matt

    Thank actually makes sense and could be a Good Thing, but it must be done correctly using the proper HTTP headers at the right spot so it will cache. It appears you didn't have the expertice to make this work properly in which case your right, axing the functionality would be better than un-cashed images.

    This wtf though, is a shooting offence. It makes a lot more work the the developers, it does not cache, and it provides no benefit.

  • (cs) in reply to sao
    sao:
    masklinn:
    Anonymous:
    where's the proof (mathematically)

    I don't see why you'd need a mathematical proof, collisions are part of the world of hashing period. And even without knowing that, you're mapping an unlimited number of different messages (since you can hash anything) to 128 bits.

    I don't know you, but I find quite obvious that you're going to get collisions (aka same hash for different hashed data) when you're translating the infinity to 340.282.366.920.938.463.463.374.607.431.768.211.456 possible output messages.

    See Wikipedia's articles on Hash Collision and Cryptographic Hash Functions for some more informations.



    agreed, but, mathematically - chances anyone? anyone listen in on their probability lectures during highschool?

    im willing to bet that I will never hit a double.


    There have been relatively few MD5 collisions found. Your chances are essentially nothing.

Leave a comment on “Imaging In Line”

Log In or post as a guest

Replying to comment #:

« Return to Article