Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
I understand some people write:
If Boolean == true
It is more readable for them.
But if true
Else if false
That I cannot understand why... Seriously wtf! -
Meta33346ySo the accounts database gets copied to the frontend to evaluate and passwords are plain text?
Nice. -
@Meta just noticed that lol.
I hope OP did the Todo note I mean better put it in a different file and make it harder for the hacker to find it 🤷🏼♂️ -
CatMDV10466yWby bother with loading users table at all. Just go fuck all and set the cookie value to logged in regardless of what bullshit is entered as username and password
-
taosif711826yIts not any fucking code, Its a piece of art... I'm going to get it framed right now.
-
bahua128016yUsing client-side scripting to handle auth. I mean, why even evaluate the password? The dev world needs to fall the fuck out of love with JavaScript.
-
bahua128016y@MonkeyParade
Because the dev's biggest mistake is the use of JavaScript for this. Handling auth on the client side is inherently insecure. Since all the code is visible to the client, they can just set the auth variable themselves to ignore the evaluation segment entirely. -
@bahua Its not a language issue its a placement issue. The auth implementation should be placed serverside not client side. You could implement it in Node using JS server side if you wanted.
-
Bloody fucking hell, this is a masterpiece.
Take the keyboard away from this "dev" and shove it up his ass.
Edit: had to put dev it quotes. -
devios157016yWhat I especially love is how it loads every user’s username and password into client-side memory.
Anyone with a console could learn every other user’s password. -
OH. MY. GOD.
Beautiful.
EXXXXXXQUISITE!
AJAXing your sql query from frontend as plaintext into backend which i bet just dumbly pipes it right into the database...
YUM.
Bobby Tables approves. -
rant1ng44626yhttp://programmingpolice.com
I own that domain.
reply if anyone wants to develop that idea with me.
code like this needs police
and it needs to be jailed -
devios157016y@rant1ng I say you turn it into a programmer's hall of shame and showcase (anonymously) terrible code that people have encountered in the wild.
Would be great both as a learning tool and just for a laugh! -
rant1ng44626y@devios1 that is a good idea, I want to allow people to submit them, they get voted on, there can be replies and discussion, suggestions on how to fix them, even some roasting
that's just too much and I've got loads on my plate, maybe ill submit a collab, see if someone picks it up
there would be money of course -
devios157016y@rant1ng I think it's a great idea, but I'm the same, quite busy with other stuff atm and not really looking to get heavily involved in a web project, but I'd be interested in actually using such a site and maybe brainstorming some ideas.
-
A-C-E56526y@bahua I agree re: JavaScript. IMO it was designed for enhancing web frontends and should not have been ported to backend. It just seems to encourage laziness and/or confusion problems like in the OP’s screenshot.
Although, full disclosure: I have done some react native development -
sak9625726yWhat a gem you have got.
You can now start course on hacking.
Start with this as introductory video and then make a course on Udemy earn for life 🤑🤑🤑🤑🤑🤑🤑
The following course will be the same as others
- don't store password in plain text
- using metasploit
- hacking XP
- tor
- dark web ...
Oh I missed block-chain and AI. -
Noob64606yIf this is not a fake then it was written by an amateur.
Not only he/she is using 'var', but he actually uses a for loop.
For years now JavaScript has been declarative.
People iterate using methods (especially when using jQuery), or at least a 'for in' or 'for of' loop.
Then there's the different brackets styles, poor logic and the redundant, counter intuitive condition for the False return.
Not even talking by the login algorithm itself. -
@Noob these code will go around the internet for tens of years. So no blaming for var/for loops.
-
@CodesNotHot see it like this: all the code you will write today will be better than this.
-
What in the name of Jesus’ Mexican dicknuggets is this shit?
1. Why is the database copied to the frontend in its entirety on each login
2. Why is the input not validated in any way
3. What the fucking fuck is ‘if (“true” === “true”)’
4. What the fuck is the brace style there
5. Plaintext passwords?!
I have so many questions -
@linuswillner to answer point 3: thats an if statement with a condition that returns true
-
@Codex404 Yes thank you Cpt. Obvious but why the hell is it there? What function does it have?
-
dder22816y@linuswillner maybe it’s checking, whether the ===-Operator is still working...
I mean, you can do wierd stuff in JS... -
dder22816y@linuswillner yup, referring to this crazy „canthiseverevaluatetotrue“-riddle of the recruites it is not at all!
-
rant1ng44626y@rstular I've been telling myself to post a collab for a week now
I should just do that today ... ill do it tonight, no matter what -
@Meta it looks like you can just run queries straight from your browsers console. Lemme just change everyone's login details real quick
-
why even bother with sql injection when you can execute
apiService.sql("drop table users"); -
AL1L30736ySometimes I use `x === false` because x could be 0 and that would return true in `!x` which I don't want
-
@Brosyl this is neither An async nor callback promise. There’s to way to get it work regardless the conditions
i mean wtf
rant
sql skillz
just die already