Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
hjk10156964yFortunately I never encountered this situation and use strict comparison/typehints wherever possible. However I did not know that PHP always interpreted a number in string as a number.
Would have figured non matching types to do coercion but not matching.
I can imagine people screwing that up, can't say it's there dumb fault though. -
@lamka02sk Ah yes, `if(pass_hash == db_pass_hash) { ... }`, the shittiest code possible
-
Fixed in PHP 5.4.4...
I'm worried?
And yes, in 5.3 (!!!) the simplest workaround would be a string cast + ===
Or strcmp === 0.
There's a reason why many were more than happy that PHP 7 and typing came. -
If you bother to actually learn PHP properly, you know there is nearly no reason to ever use ==. It's simply dangerous.
-
@PrivateGER Fair enough, but you gotta admit this is pretty horrible language design
-
hjk10156964y@PrivateGER Now let's put it in a switch do we can check it against multiple auth systems. Whoops switches are loose comparison's too.
-
@hjk101 Why the fuck would you do that in the first place? How would that design even look?
-
hjk10156964y@PrivateGER I wouldn't in real life as it should be salted and perhaps different algorithms. Should be a plugin system (or strategy pattern whatever).Was just using it to point out that it's not just == that does type coercion, switches do too.
Related Rants
-
zemaitis7My local ISP was saving their database backups in an unprotected folder which was literally domain.com/backups...
-
PonySlaystation8There was a time in Windows 95, where during login, you could just press cancel and you were logged in without...
-
netikras15Colleagues sharing passwords.That was a big fat NO when I was a sysadmin - and for a good reason. But now, sin...
PHP implicitely coercing password hashes to floats in comparisons is always a fun one
http://phpsadness.com/sad/47
rant
wk234