Learn More
Resend Email
4
Worst legacy code experience?
Week 58 Group Rant
pajaja
7y

My last rant with example of usefull PHP function in old inhouse CRM software was somewhat popular, so I decided to post more stuff. This time we look at the login function. Besides obvious problem of SQL injection (that i of course tested) we have two calls to the same 'poslednji_login()' method (translated to english - 'last login') that actually just returns current time, not the last login time... twice...

undefined

wk58

login

php

sql injection
Favorite
Ranter
Comments
  • 0
    7y
    why does it have to be called once before encryption and once after, though?
  • 0
    7y
    No fucking idea, it just returns time
  • 1
    7y
    Also, encryption function doesn't really encrypt anything it just scrambles the string in a predictable way :D
  • 0
    7y
    @pajaja let's hope your database doesn't get into the hands of crackers. also, does that code document how the scrambling is done?
  • 1
    7y
    @asgs No documentation at all. There are sometimes few comments in the code but nothing that is useful.
  • 0
    7y
    @pajaja Latency issues with the server.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment