- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
theForm.user.value=="frist"
Admin
This has the added benefit of telling every potential user who their fellow users would be after registering!
Admin
Oh holy hell...
Where is the coder who developed that? I won't even begin to describe the potential for spearfishing attacks, but to grab every single user out of the database is grossly inefficent.
Bring me the developer. I must cut off his hands so that they never develop anything like that ever again.
Admin
Everyone knows HTTP requests are more expensive then a single database query...
Admin
I'd poke out their eyes too. Only way to be sure.
Admin
Not only that - the user will also instantly be given access to the whole user list database...
Admin
By a jury of your peers you have been convicted for crimes against Big-O.
Your sentence is to serve out the rest of your days with the social stigmata of being featured on The Daily WTF.
Admin
You guys misspelled "thorough".
Admin
FTFY.
Admin
Admin
It actually stands for the last name of Niles Stanley Thourough, inventor of the algorithm, and lesser known brother of Henry David Thoreau. Since the man was alive in the 1800s, his algorithm preposterously out-of-touch with today's high quality standards.
Admin
You need your sarcasm detector looked at, or maybe your troll-o-meter.
The trailing ellipsis is a clue...
Admin
omg, a gigant 2000+ line if-statement, he should have used a switch-statement instead ;)
Admin
Pretty sure that whatever created that was already a blind automaton that just pounded a keyboard with its gooey stumps until something compiled.
Kill it with fire. It's the only way.
Admin
Admin
The only way to be sure is to nuke the planet from orbit.
Admin
Hell low PERIOD I am than programmer who write that soda. Dew too the fact that you friends in the forums decided to cut off my lands and poke out my ice COMMA I am forced to use Microsoft® Talk-To-Text to code. Eye hope ewe R very flabby with yourselves. COPY PASTE
Admin
Just FYI. I wasn't really the coder.
Admin
So he was a Stalker from the Half-Life series? [image]
Admin
This is like a who's-who of common WTFs. If I were a little less experienced I would think this was a fake, somebody's idea of the "perfect storm" of WTFs (SQL injection vulnerabilities - check; SQL in page source - check; unhomogenous mix of technologies - check; PHP - check and f-ing check!). But I see this shit waaay to often so I don't doubt the veracity of the OP for a second.
Admin
I've seen things...similar to this before. I think it's typically caused by a poor (or absent) understanding of the difference between client-side and server-side code.
I've definitely seen people writing code like this and questions asked in online forums that make it clear they simply don't understand that PHP and JavaScript are not only different languages, but fundamentally different technologies.
Admin
I think I used to work with this guy.
Admin
var foo = theForm.user.value; if (foo=="admin" ||foo=="sjenkins" ||foo=="mdavis" ||foo=="gbivins" ... MASSIVE SNIP ... )
That should run faster!
Admin
Admin
You think that was good? Just wait until you see how he made sure that nobody uses a duplicate password.
Admin
And of course that is the only thing that is wrong with it...
Throw in some VB, and the sheer size of this WTF would cause a rift in the space-time continuum, creating a WTF black hole sucking in all PHP and VB developers (and the slop they call "code" too)...
captcha: abbas => like abba, but many (oh dear god, the humanity!)
Admin
I simply love it. The awesome part is that this kind of things still exists, thanks to php our job is just a big joke. (I like php, but why so many cowboy-style developers choose this language ?)
Admin
This is, sadly, a lot more common than we would hope. I've seen a LOT of codebases that, while not this bad, exhibited the same "I have no idea WTF I'm doing so I'll do the first thing that pops into my head" type developer mentality. In all cases it was because management was breathing down the developer's neck and they didn't have the time to do things properly, so they HAD to throw together some nonsense and never got around to fixing it.
That doesn't excuse the WTFs in this particular article because there's NO excuse for this kind of idiocy, but I guarantee it wasn't just a stupid developer; probably a newbie who had to do the first thing that they thought of due to stupid deadlines from their boss.
Admin
You know what, I'm not a master craftsman, however I tend to get the feeling that "there has GOT to be a better way" when I'm trying to use a piece of jello to hammer in a nail...
We've all been junior devs as one point or another, however this just reaks of lack of common sense. Somewhere deep down, alarm bells should've gone off when they were writing this. Personally, I think that this guy was/is likely to be a darwin award winner...
Admin
They handled security breaches in the terms and conditions:
Now that keeps the riff-raff out! Who needs carefully designed authentication algorithms?Admin
Bad programmer. No WTF for you!
Admin
What? You mean we cut your hands off for nothing? At least we got a laught out of it.
Admin
sounds like a good start to me ...
Admin
So that's why I could't register!
Admin
Just so that nobody posts http://xkcd.com/327/ and thinks it's still funny let me post http://xkcd.com/327/ so that noone else posts http://xkcd.com/327/.
Can we move on now.
Admin
Admin
Can we please stop discussing http://xkcd.com/327/.
Admin
I think our hapless/handless programmer got a requirement to check the availability of usernames - like all those fancy sites do, right? - without requiring a submit/reload cycle. Xmlhttprequest was beyond the pale of knowledge alas.
Admin
I still think it's funny. Totally irrelevant, but funny as hell. I've used it as a citation in documentation, and my boss thought it was funny, too.
Sure. You're the one who brought it up.
captcha: genitus as in 'European' is no genitus, it seems
Admin
Admin
Did you have to start it so much on http://xkcd.com/327/.
captcha: similis, similar to syphilis
Admin
Oh, I see, he should just move it to the server side!
<? $SQL=mysql_query("SELECT * FROM users"); $total=mysql_num_rows($SQL); $i=0; while($validate=mysql_fetch_array($SQL)) { $used[$i]=$validate[user_name]; $i++; } for($x=0;$x<count($used);$x++){ if($_POST['user']===$used[$x]){ die("Username has been already registered, please enter a different username."); } } ?>Admin
Admin
Admin
Fools, how can you deny the genius of query-once-and-done?!
Admin
Admin
Admin
That's "heterogenous".
Admin
That's heterogeneous.
(Heterogenous sounds kind of sexy though.)
Admin
[quote article]entering a password of ********* would log you in[/quote]Does that show as asterisks for you guys? Because I don't think it should be revealing my password like that.