22
C0D4
5y

I have this project I've inherited, yea I seem to do that a lot, but this damn thing, has to run in php5.4, has deprecated functions for php7 everywhere and a lot of them and there's no classes anywhere beyond some libraries.

Everything is procedural with random scripts being injected left right and center.

I kid you not,

$thisThing = true;
If(x==y)
require "path/to/some/script.php";
else
require "path/to/a/slightly/different/script.php";

If($thisThing === false){
// well it was modified in that small block about 10 different times
}

Those injected scripts then accept data from the parent scope so, looking at file X, you need to have open file A,B, E, and M to understand where variables have been initialised and what there current state could potentially be.

Basically this thing was bandaid after bandaid for feature requests with 0 refactoring.

Here I am trying to implement some basic functionality (should only take an hour or so + a bit of manual testing) but no, I'm literally at the point of hitting the delete button on the entire project and starting again.

Comments
  • 5
    I'll pray for you, this sounds like the worst
  • 3
    @NoMad haha, yea it be a mess - nicely putting it.

    Following the code is hard and I'm glad there's a search feature that works in vsCode or god knows.. actually no, I doubt god knows either, what I would end up breaking.

    This company doesn't enjoy hearing things will take time generally, it's last minute bombs with deadlines that don't make sense unless it's a major project that's changing the way the entire business runs, their a little more cautious on that front.

    There's v2 files and _new files and there's calls to all of them like someone tried to migrate over to a new way of doing something but then left relics with operational code still pointed at the old version.

    The commented out blocks I understand, this project wasn't on git for most of its life, so leaving it there for a quick and dirty rollback makes sense but never removing it, eh ๐Ÿ˜”
  • 1
    @NoMad I don't think you're responsible, unless you were a guy a few years ago ๐Ÿค”

    I mean not totally implausible these days but you know.
  • 2
    @NoMad ๐Ÿค”yes this would have been 5+ years ago when this project was started.

    I want to ask what company, but at the same time... I'm afraid to know.

    Was a common mindset for people coming from php4 to php5 before oop was really a thing.
  • 2
    @NoMad that's ok. I understand.
    I wouldn't be proud of this thing either ๐Ÿ˜‚

    now to go work our how to put this thing on a diet and clip some of the extra trimmings around the sides.
  • 0
    For porting between python 3 and 2 there's the six library, which takes some of the core differences and abstracts them so you dont have to deal with them. Does PHP not have anything like this for 5/7.3 compatibility?
  • 1
    I feel connected to this on a spiritual level since i have to deal with this on a daily basis man
  • 1
    @arcsector i could write wrappers and maintain the functions that way, but no.

    I wouldn't write a mysql_ to pdo wrapper, I wouldn't need to change a lot of $http_raw_post_data over to php://input

    If this thing used any sense of functions to atleast maintain common database queries or atleast seperate concern, it probably would be alright to add a wrapper. But when queries are inline (mixed with JS and HTML output) and serve only their purpose at that explicit moment, that's asking for massive refactoring just to seperate things so a PDO wrapper would be of much use.

    Queries are typically select * instead of select field1, field2 ect and are used with magic numbers for references.
    $row[0] instead of $row['field1]
  • 1
    What about sql injections or xss
  • 1
    @alexbrooklyn there are audits for those.
    not all mysql_ queries are subject to sqli, it's just very easy to get it wrong when data isn't sanitised or escaped, which is why the community moved onto prepared statements so these occur without you doing it.
  • 1
    @C0D4 aha, so altho the codebase is a clusterfuck it does not feature easy security issues?
  • 1
    @alexbrooklyn if it does, someone's been ticking off the wrong boxes๐Ÿค” oh god... don't make me look deeper.
  • 1
    Typical php job, honestly we shouldn t put up with this shit, whenever I see this app shit at a company I'm out. I'd rather work with a new technology than work on dead php code.
  • 1
    @galacticus not all php projects are beyond repair piles of shit, but sadly... there's a lot of them.
  • 1
    @galacticus I work with beuatiful Symfony php 7.4 projects, not all of them are bad
  • 2
    @alexbrooklyn someone likes to live on the edge.

    Is it stable at this point?
  • 1
    @C0D4 the project itself is semi-canceled, but the code works almost perfectly and is 90% tested:

    https://github.com/marsh69/dPlanet/...
  • 0
    Oh boy that sounds like the "main product" I have to work on.. I got hired to improve it and get it from PHP 5.6 to 7 and change it from Zend Framework 1 to Symfony but nope, there is no time to stop bandaiding this pile of shit because there are so many unnecessary "features" to implement lol.. so I quit at the end of October and let them sort out how to continue this shitty "product" ๐Ÿคท๐Ÿผ‍โ™‚๏ธ
Add Comment