• ray10k (unregistered)

    Pointlessly overengineered (with the unused symbol arrays,) unable to do the one thing it's supposed to do correctly, and lacking any visible comments. A proper WTF entry.

  • BOFH (unregistered)

    The sub can be further simplified to:

    sub randomPIN { return sprintf("%06d", rand(1000000)); }

  • William Sauron (unregistered)

    Well yes, it's clearly over-engineered, but I wouldn't call that an abomination either. At least the path will be obvious when the customer will require that the first digit is not a zero (because, yes, it will happen sooner or later that someone will store the PIN in an Excel sheet, dropping the leading zeroes)

  • RLB (unregistered) in reply to William Sauron

    @Billy, The Dark Lord: this code already assures that. In fact, it will never generate any zeros. @num is filled with 1..9, not 0..9.

  • William Sauron (unregistered) in reply to RLB

    Well, i'll be d.mn.d indeed, I should read the code thoroughly instead of trying to find excuses involving futureproofness through overachievement. My point was that with a little more documentation (and I mean not documenting what the code does, but why it does what it does) it could be acceptable.

  • Tim (unregistered) in reply to William Sauron

    Exactly - after all, ensuring that the first digit is not zero using the simple method would require generating a random number between 100000 and 999999 which I'm not sure is possible in <<insert name of programming language>>

  • P (unregistered)

    Maybe the developer was paid per line of code, redundant lines included :)

  • Bruce Reed (google) in reply to RLB

    An even more subtle bug is that this will RARELY return a 9.

  • Coward (unregistered)

    Bruce Reed, Can you please explain why it would return a 9 any less often than any other number 1-9?

  • Mr. TA (unregistered)

    The real WTF is Perl, Ruby, Python and all these stupid languages.

  • William Sauron (unregistered) in reply to Tim

    random (900000) + 100000 should do the trick... but imho this is less straightforward than generating each digit independantly, each with its own constraints.

  • (nodebb)

    Uhhh...no zeros? Maybe te leap should be: rand(9)+1

  • William Sauron (unregistered) in reply to Bruce Reed

    If indeed the rand function is poorly written (ie does a simple modulo without compensating for the bias in high values) you have a slightly lower probability of getting a 9 than other digits, but (a) with a modulo 10 on a 32 bit random value this should be negligible, and (b) that's a bug in PHP, not in that poor guy's function.

  • (nodebb) in reply to William Sauron

    Solution for Excel sheet:

    Since Excel will treat any six-element digit-string as a number, apply a cell format "000000". This formats in six columns left-filled with zeroes.

  • giammin (unregistered) in reply to Tim


    (new Random()).Next(100000, 999999 )

  • Carl Witthoft (google) in reply to Steve_The_Cynic

    Well, Excel may do some strange things if some creative person has already formatted the target cells as "Text" or some "Custom" abomination. The real problem arises when you try to export your formatted 6-digit string.

  • Deez (unregistered)


    6 { rand 9 1 add } repeat

  • Some Guesty (unregistered)

    Using Java and the Xeger library (so we can use a regex!)

    ... return new Xeger("[0-9]{6}").generate(); ...

  • Gumpy Gus (unregistered)

    Meh, I've seen worse, like a loop to generate some code that gets evalled.

  • Bruce Reed (google)

    I have to hang my head in shame, but not for the reason you think. For the longest time, I had misread the Perl documentation for 'rand'. I had read it as the result would be 0 <= rand(#) <= #, but it's 0 <= rand(#) < #.

    In short, calling int(rand(9)) will NEVER return a 9. This is not because of a bad design or implementation. Notice the use of 'int' to get an integer value. rand returns a fractional value >= 0 and less then the number provided. If the number is omitted, "1" is used.

    So the "right" answer is as BOFH indicated: sub randomPIN { return sprintf("%06d", rand(1000000)); } And to ensure non-leading zero: sub randomPIN { return sprintf("%06d", rand(900000)+100000); }

    Interesting thing I never noticed. format "%##d" will truncate, but "%##.0f" will round (to zero places). I guess I've never used %d format to truncate a number.

    sub randomPIN {

  • Brian Boorman (google) in reply to Bruce Reed

    Returning higher numbers less frequently is an advantage. The higher the digit, the longer it takes the rotary dial to get turned and returned on your old rotary phone.

    Addendum 2018-05-02 13:16: https://www.cnet.com/news/a-mobile-phone-with-a-rotary-dial-retro-cool-or-retro-fool/

  • guest (unregistered)

    Sure, this is overly verbose as is, but it's also much easier to tweak if requirements change. "First digit can't be 0" is one example. What about "first character must be a number, second character must be a letter, third character..."? It'd be trivial to change this code to fit the new requirements and the code would still be easily readable.

    I imagine that's where this code came from - "adapted" from a different generator that could output more complex stuff.

  • not a robot (unregistered)

    "zeros are allowed" are you sure?

  • Vic (unregistered) in reply to Brian Boorman

    Except that the slowest number on the dial phone is 0.

  • Toodlelew (unregistered) in reply to Vic

    Dial telephones use the digits 1 through 10 (with the "0" symbol standing in for ten). Each symbol dialled generates a number of pulses, that the exchange counts; "1" pulses once, "2" pulses twice, etc. Of course, you can't distinguish between the zero pulses from a dialed symbol and the zero pulses from not dialing at all.

  • Vicki (unregistered)

    The specification for DTMF tones includes the letters A-D in addition to the numbers 0-9 and the symbols # and *. Most consumer equipment doesn't use the letters, but if the company's desk phones do, maybe their use would be mandated the same way a password policy often requires certain character classes to be represented.

  • Friedrice the Great (unregistered) in reply to Mr. TA

    Sorry, the real WTF is all computer languages. Real programmers don't need computer languages.

  • Liam (unregistered)

    substr(int(rand(999999) + 1000000), 1);

    But because repeats are allowed. join("",int(rand(9)) x 6);

  • Mr. TA (unregistered) in reply to Friedrice the Great

    There are non WTF languages like C++, C# and Java, and WTF languages, which is everything else. (Not talking about markup/ declaratory languages like HTML obviously)

  • HTML (unregistered) in reply to Mr. TA

    You'd better NOT be talking about me.

  • Brian Boorman (google) in reply to Vic

    Except if you'd looked at the code, or read the previous comments, you would have known that 0 was already excluded from the results and only digits 1 to 9 were returned.

  • Mattie (unregistered)

    My perlish mind immediately wants to one-liner this: return join "", map { int(rand(10)) } (1..5);

  • AnonymousCoward (unregistered)

    TRWTF is the number of commenters here providing "better" implementations which don't behave the same as the original code, possibly led that way by the similarly-flawed example in the article prior to showing the code.

  • (nodebb)

    Using @num to get the length of the array if not a WTF. The rest of the code is, but using $array[int rand @array] for a random array element is fine.

  • Sparky (unregistered) in reply to William Sauron

    Why'd You ever want to store a value as number if You will never do any calculations with it?

  • PerlsOfWIsdom (unregistered) in reply to BOFH

    The sub can be further simplified to: sub randomPIN { return sprintf("%06d", rand(1000000)); }

    There is even more space dust...

    sub randomPIN { sprintf("%06d", rand(1000000)); }

  • jmc (unregistered)

    How is Spring infamous...?

Leave a comment on “A Password Generator”

Log In or post as a guest

Replying to comment #:

« Return to Article