- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
I think your dates might crossed here:
Edit Admin
"A credit card is valid if the expiration year is less than or equal to the current year and the month is less than or equal to the current month" - I think that’s the wrong way round, in which case the code is logically correct, so what’s the explanation for the error?
Also, what C-like language is this where strftime() doesn’t convert a supplied time value to the required format?
Edit Admin
The logic should be
It looks like PHP to me.
strftime()takes a timestamp to format, but it's optional and defaults to the current time.Addendum 2025-03-13 08:43: Getting this wrong is a common beginner mistake. Finding it in code that's been in production for years is a WTF.
Edit Admin
"When I worked for American Express, I worked for the Stored Value Cards department, which was a brand new thing for AmEx. I remember standing in a group around a monitor when we brought new functionality online, holding our collective breath, because no matter how much we tested it in development, the real test was real life. I remember thinking that every other card authorization system in the world probably had its own set of geeks standing around holding their breath. Every time I used a piece of plastic to pay for things that year, I was always surprised when it worked." -- Derick Siddoway
Admin
If you tihnk that's bad, you should see the number of people who try to store credit card numbers in integers (and are then astonished when their checksums fail).
Admin
the firmware in newag trains had a similar bug in the sneaky code that would falsely report a secondary compressor failure after a certain day
Edit Admin
I see the confusion- I was speaking from the perspective of the code, not reality, but that wasn't particularly clear before.
Edit Admin
Time is a two-way street, here in The Twilight Zone
Admin
It's not just a problem of trying to store a credit card number as an integer. The same problem occurs when trying to store a telephone number as an integer.
Edit Admin
Heyho, I think you guys have overlooked something.
The "expiration date" is actually representing a UTC timestamp with day 1/time 0 to which 12 hours are added and this timestamp has to not to be larger than the current UTC time.
So the correct way requires a timestamp conversion.
Addendum 2025-03-13 15:25: Just a pro tip: I worked too long for a bank that I know it is makes little sense to come up with your own validation rules for anything financial related - AT ALL. Just use the official APIs and done. There is so many local laws, exceptions and regulations etc. you will just get it wrong. So it is not unlikely that my 10yr old knowledge is already outdated and rules got more convoluted.
Edit Admin
I find it hard to believe that the credit card validation code would be like that for more than a few months. Certainly someone would be noticing the transaction volume tanking in December with >90% of cards being rejected. (assuming evenly distributed expiration dates, of course)
Edit Admin
I think it's confusing because there are actually four cases:
year < now-year = invalid year = now-year and month < now-month = invalid year = now-year and month >= now-month = valid year > now-year = valid
You can reduce that to 3 with <= or >= with order of checks, but ultimately, it's this 4-way splitting of the pair of values.
Addendum 2025-03-13 18:42: stupid formatting:
year < now-year = invalid /// year = now-year and month < now-month = invalid /// year = now-year and month >= now-month = valid /// year > now-year = valid
Edit Admin
I never had these issues with credit cards, but some times I had to use my own credit card for testing. The bank wasn't happy with hundreds of $0.01 transactions...