Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "no php and sql"
-
I was hired as a senior software engineer. During handover I found out I'm actually replacing the CTO.
I queried why he was leaving and got a simple "just want a break from working" which I found odd.
Fast forward and now I also just want a break from work, permanently. This place has followed every bad practise and big no-no out there. Every bit of software is a built in house knockoff janky piece of crap that doesn't work and makes people's jobs 5000 times harder.
The UI looks worse than Windows 3.1, absolutely horrendous code formatting, worst database structure I've ever seen.
The mere mention of using a team communication tool results in being yelled at from the CEO whom communicates purely via email, who then gets annoyed when you don't reply because they sent the email to a client instead of you.
We get handed printed out "tickets" to work instead of the so called "amazing in house ticket system" built using PHP 5 and is literally crammed into an 800x600 IFrame. Yes a F$*#ing IFRAME!
It's not like we have an outdated TFS server that has work items we can use...
Why not push for changes you say. I have, many times, tried to suggest better tools. The only approval I've gotten is using PhpStorm. Everything else is shutdown immediately and you get the silent treatment.
The CEO hired me to do a job, then micromanages like crazy. I can't make UI changes, I can't make database changes, why? They insists they know best, but has admitted multiple times to not knowing SQL and literally uses a drag and drop database table builder.
Every page in the webapps we make are crammed into 800x600 iframes with more iframes inside iframes. And every time it's pointed out we need to do something, be it from internal staff or client suggestions, the CEO goes off about how the UI is industry leading and follows standards.. what in the actual f....
Literally holding on by a thread here. Why hire a CTO under the guise of being a senior developer but then reduce the work that can be done down to the level of a junior?
Sure the paycheck is really nice but no job is worth the stress, harassment and incompetent leadership from the CEO.
They've verbally abused people to the point they resign, best part is that was simply because the CEO made serious legal mistakes, was told about it by the employee then blamed it on others.21 -
I worked in the same building as another division in my organization, and they found out I had created a website for my group. They said, “We have this database that was never finished. Do you think you could fix it?”
I asked, “What was it developed in?”
He replied, “Well what do you know?”
I said, “LAMP stack: PHP, MySQL, etc.” [this was over a decade ago]
He excitedly exclaimed, “Yeah, that’s it! It’s that S-Q-L stuff.”
I’m a little nervous at this point but I was younger than 20 with no degree, entirely self-taught from a book, and figured I’d check it out - no actual job offer here yet or anything.
They logged me on to a Windows 2000 Server and I become aware it’s a web application written in VB / ASP.NET 2.0 with a SQL Server backend. But most of the fixes they wanted were aesthetic (spelling errors in aspx pages, etc.) so I proceeded to fix those. They hired me on the spot and asked when I could start. I was a wizard to them and most of what they needed was quite simple (at first). I kept my mouth shut and immediately went to a bookstore after work that day and bought an ASP.NET book.
I worked there several years and ended up rewriting that app in C# and upgrading the server and ASP.NET framework, etc. It stored passwords in plaintext when I started and much more horrific stuff. It was in much better shape when I left.
That job was pivotal in my career and set the stage for me to be where I am today. I got the job because I used the word “SQL” in a sentence.3 -
Laravel is the worst framework ever.
Everything has to be made convenient and easy. That sounds amazing, because developers want to save time, worry less about boilerplate code, right? No more constructors, no more dependency injection, fuck all the tedious OOP shit... RIGHT?
It does one thing well: Make PHP syntax uniform and concise through easily integrated libraries such as Collection and Carbon. But those are actually not really part of the framework... just commonly integrated and associated with Laravel.
The framework itself is completely derailed: You can define code in a callback in the routes file. You can define a controller in the routes file. You can define middleware as a parameter to the route, as a fluent method to the route, you can stack them up in a service provider. Validators can be made in controllers, Request objects, service providers, etc. You can send mail inline, through Mailable objects, through Notification objects, etc.
Everything is macroable, injectable, and definable in a million different places. Ultimate freedom!
Guess what happens when you give 50 developers of various seniority a swiss army knife?
One hammers in a screw with a nail file, the other clips the head from the screw using scissors, and you end up with an unworkable mess and blunt tools.
And don't get me started about Eloquent, the Active Record ORM. It's cute for the simple blog/article/author/comment queries, but starts choking when you want more selective and performant queries or more complex aggregates, and provides such an opaque apple-esque interface which lets people think everything is OK, when in reality it's forcing the SQL server to slowly commit suicide.50 -
You can't imagine how many lines of pure and utter horseshit, seemingly written in PHP, I had to dig through this whole weekend. (relating to my 2 previous rants)
How is it even possible to write code this unbelievably ugly?
Examples:
- includes within loops
- included files use variables from parent files
- start- and endtags separated to different files
- SQL queries generated by string concatenation, no safety measures at all (injection)
- repeating DB calls within loops
- multiple directories with the same code (~40 files), only different by ~8 lines, copied
- a mixture of <?php echo ... ?> and <?= ... ?>
- a LOT of array accesses and other stuff prefixed with "@" (suppress error messages)
- passwords in cleartext
- random non-RESTful page changes with a mixture of POST and GET
- GET parameters not URL-encoded
- ...
My boss told me it took this guy weeks and weeks of coding to write this tool (he's an "experienced dev", of course WITHOUT Git).
Guess what?
It took me only 20 hours and about 700 lines of code.
I must confess, since this task, I don't hate PHP anymore, I just simply hate this dev to death.
Addendum: It's Monday, 5:30am. Good night. 😉12 -
Intelligence and ability cannot be measured by education.
I have a client who asked a Master in Computer Science to develop a small system, for querying product title and their code. The guy used python, vanilla js, and... Txt file for the "database". Then my client asked me to integrated this in... WordPress.
This was in 2016. And idiot as I'm, I agreed and adapted his code to use php and a database.
April this year, my client said they are still using the python system to add new products all this time, in parallel. And wanted to update the WordPress with the data.
- No problem! - I said. Just send me the SQL file.
So the Master in CS sent me a SQL coded in ANSI. I asked for the SQL again, but with a more appropriate encoding. He took 1 month to reply back, and said it would be better if I get rid of the database and just use the txt file for querying.
This is outrageous.
I really hate people who are educated but completely useless.5 -
Most hated language features?
PL/SQL:
• it exists
XSLT:
• it also exists
PHP:
• it still exists.
VB:
• Significant parentheses: `subName` calls the subroutine, and `subName()` calls the subroutine and gets a return value. If you use the wrong invocation, it yells at you. Why!?
• For reasons unknown, you can only have `sleep` appear once per codebase. (So put it in a function!)
Ruby:
• It’s bloody easy to write code with absolute shit performance, and it kind of feels encouraged because of just how easy Ruby makes everything. Less critical thinking means worse performance, and Ruby’s blissful elegance encourages mental laziness.
• Minor: You cannot pass a hash as the first method parameter without enclosing it in parentheses, ex:`method({key: value})`. This is due to the ambiguous case between passing a hash argument and a (curly) block/proc (`method {|args| code}`). This could be remedied pretty easily with a little bit of look ahead.
• Minor: There is no `elsif` for `unless` (a negated if). Why? No reason given.
Python:
• no block endings, so nested code can be extremely difficult to follow.
Bash:
• The freaking syntax oh god why.
All languages:
• rand vs rand() vs Rand vs Rand() vs rnd vs RND vs random() vs random vs randInt() vs Math.random() vs Math.randInt() vs ...18 -
It's enough. I have to quit my job.
December last year I've started working for a company doing finance. Since it was a serious-sounding field, I tought I'd be better off than with my previous employer. Which was kinda the family-agency where you can do pretty much anything you want without any real concequences, nor structures. I liked it, but the professionalism was missing.
Turns out, they do operate more professionally, but the intern mood and commitment is awful. They all pretty much bash on eachother. And the root cause of this and why it will stay like this is simply the Project Lead.
The plan was that I was positioned as glue between Design/UX and Backend to then make the best Frontend for the situation. Since that is somewhat new and has the most potential to get better. Beside, this is what the customer sees everyday.
After just two months, an retrospective and a hell lot of communication with co-workers, I've decided that there is no other way other than to leave.
I had a weekly productivity of 60h+ (work and private, sometimes up to 80h). I had no problems with that, I was happy to work, but since working in this company, my weekly productivity dropped to 25~30h. Not only can I not work for a whole proper work-week, this time still includes private projects. So in hindsight, I efficiently work less than 20h for my actual job.
The Product lead just wants feature on top of feature, our customers don't want to pay concepts, but also won't give us exact specifications on what they want.
Refactoring is forbidden since we get to many issues/bugs on a daily basis so we won't get time.
An re-design is forbidden because that would mean that all Screens have to be re-designed.
The product should be responsive, but none of the components feel finished on Desktop - don't talk about mobile, it doesn't exist.
The Designer next to me has to make 200+ Screens for Desktop and Mobile JUST so we can change the primary colors for an potential new customer, nothing more. Remember that we don't have responsiveness? Guess what, that should be purposely included on the Designs (and it looks awful).
I may hate PHP, but I can still work with it. But not here, this is worse then any ecommerce. I have to fix legacy backend code that has no test coverage. But I haven't touched php for 4 years, letalone wrote sql (I hate it). There should be no reason whatsoever to let me do this kind of work, as FRONTEND ARCHITECT.
After an (short) analysis of the Frontend, I conclude that it is required to be rewritten to 90%. There have been no performance checks for the Client/UI, therefor not only the components behave badly, but the whole system is slow as FUCK! Back in my days I wrote jQuery, but even that shit was faster than the architecuture of this React Multi-instance app. Nothing is shared, most of the AppState correlate to other instances.
The Backend. Oh boy. Not only do we use an shitty outated open-source project with tons of XSS possibillities as base, no we clone that shit and COPY OUR SOURCES ON TOP. But since these people also don't want to write SQL, they tought using Symfony as base on top of the base would be an good idea.
Generally speaking (and done right), this is true. but not then there will be no time and not properly checked. As I said I'm working on Legacy code. And the more I look into it, the more Bugs I find. Nothing too bad, but it's still a bad sign why the webservices are buggy in general. And therefor, the buggyness has to travel into the frontend.
And now the last goodies:
- Composer itself is commited to the repo (the fucking .phar!)
- Deployments never work and every release is done manually
- We commit an "_TRASH" folder
- There is an secret ongoing refactoring in the root of the Project called "_REFACTORING" (right, no branches)
- I cannot test locally, nor have just the Frontend locally connected to the Staging webservices
- I am required to upload my sources I write to an in-house server that get's shared with the other coworkers
- This is the only Linux server here and all of the permissions are fucked up
- We don't have versions, nor builds, we use the current Date as build number, but nothing simple to read, nonono. It's has to be an german Date, with only numbers and has always to end with "00"
- They take security "super serious" but disable the abillity to unlock your device with your fingerprint sensor ON PURPOSE
My brain hurts, maybe I'll post more on this shit fucking cuntfuck company. Sorry to be rude, but this triggers me sooo much!2 -
Never thought I will be hired by Chinese software/hardware company located in NYC to code in languages I don't know so well. Instead of lying and saying I know everything about C, PHP and SQL, I said that I suck pretty much at everything, but I'm a quick learner and will study day and night to catch up with their practices. Now I see they have no regret about me, but I still suspect them in hiring me because there is another guy who is Russian too and we all communicate well. Our current squad is 17 Chinese, 2 Russians, 1 Americans. Guess what, I learn Mandarin quicker than PHP. Sometimes a small lie is OK, but sometimes honesty is better.3
-
This happend to me around 2 weeks ago. For some reason, I decied to post this now.
I won the lottery, yey! I mean, bot really, but I am <19yo student, "less than junior dev" in my office, but sonce I am the only one who is capable of working with hardware, I was working month back as a sysadmin for a few days. Our last sysadmin was really good working but really, really toxic guy, so he got fired on a spot after argument with some manager or whatever, no big deal, we could have another guy hired in a week. But, our backup server literally was on fire, all data probably dead because bad capacitor or whatever. This was our only backup of everything at the time. Everyone in full fucking panic mode, we had literally no other working HW we could use for backup, but then comes me, intern employed on his first dev job for 3 months. That day I bought some HW for my own personal server at home (Intel NUC with some Celeron, 4GB DDR4 RAM and two 240GB SSDs for RAID 1. My manager asked everyone in the office for sollution how to survive next 4 days before new server arrives. People there had no idea what tk do and no knowedgle about HW, I just came from a break and offered my components for a week, since there was noone else who can work with HW, servers and stuff like this, manager offered me $500+HW cost if I, random intern, can make it work. I installed Debian on that little PC, created RAID1 from both SSDs, installed MySQL server and mirrored GIT server from our last standing server (we had two before one of them went lit 🔥), made simple Python script to copy all data on that RAID, with some help of our database guy copied whole DB from production to this little computer and edited some PHP so every SQL request made on our server will run on that NUC too. Everything after ±2 hours worked perfectly. Untill a fucking PSU burned in our server and took RAID controller with him in sillicon heaven next night, so we could not access any data unltill we got a new one. Thanks to every god out there, I was able to create software RAID from survived HDDs on our production server and copy all data from that NUC on the servers software RAID and make it working at 3 AM in the night before an exam 😂. Without this, we would be next ±40 hours without aerver running and we might loose soke of our data and customers. So my little skill with Linux, Python, MySQL and most importantly my NUC hardware I got that day running as a backup server saved maybe whole company 😂.
Btw, guess who is now employee of the year with $2500 bonus? 😀
Sorry for bragging and log post, but I was so lucky an so happy when everything worked out, good luck to all sysadmins out there! 👍
TL:DR: Random intern saved company and made some money 😂7 -
Them: My company is looking for a junior C++ programmer. You must have 10 years experience with PL, SQL, SQL Server, MySQL, SQL oracle, javascript, HTML, XML, UML, c-sharp, visual basic, java.net, j unit, and win32 api, cutie, gtk, PHP, ASP, Perl, Python, and shell scripting with the windows, linux, and solaris operating systems.
Us: Do i need to know C++?
Them: no
https://youtube.com/watch/...5 -
I sometimes remember the time when I wrote a Email-inbox-exporter-PHP-script-type of application that collects all the emails from an inbox, "copied" it to a database with the attachements and stuff and moves it to a folder..
I just started at the company for like a couple of months, had no privileges to create mailboxes and such and I didn't want to interrupt our programmer to do this for me, so... I decided.. to save time and resources.. to test run it on our global, live 'support' mailbox.. :D Well.. You might guess what happened.. Apparently I mistyped the name of the move-destination folder (because imap-weird-things) that resulted in a completly empty mailbox and an empty database because the inserts failed due to bad encoding and mime-type issues..
The moment I refreshed my Outlook and noticed that all our mails where gone.. I swear, I can't describe that feeling of fear, cold sweat, intense heartbeat... I just stood up, asked if anyone wanted coffee, and just walked out of the office.. When in the hallway, I heard my collegues ask to one another "do you have any issues with outlook, all my mails are gone?". Everyone was stressing out, the chief was stressing out "what happened?!", nobody knew what happened.. :D
They could partially resolve it via one collegue who hadn't refreshed the mailbox and he could forward all the mails back to our support mailbox..
I dropped the project idea and learned to work with dev environments :D A couple of months later, I accidentially forgot a where condition in my SQL UPDATE statement, but that was the last time I seriously f*cked up.. :D Got to learn the hard way I guess.. Now everything I do runs in dev environments, I test everything before publishing,.. When I look back.. I don't even recognize the (inexperienced) guy I was back then ! :D
Ps. No one still knows what happened that day and they blamed it on server issues :Dundefined learned from my mistakes sorry collegues fucked up live testing fml inexperienced empty mailbox3 -
Before 10 years, a WordPress site hacked with sql injection. They had access to site, they modified many php files and installed commands to download random malwares from over the internet.
At first I didn't know that it hacked and I was trying to remove any new file from the server. That was happening every 1-2 days for a week.
Then I decided to compare every WordPress file with the official, it was too many files, and I did it manually notepad side notepad!! :/
Then I found about over 50 infected files with the malware code.
Cleaned and finished my job.
No one else knows that I did a lot of hard job.2 -
Hi,
I'm not a ranty person so I never actually thought I'd post anything here but here it goes.
From the beginning.
We use ancient technologies. PHP 5.2, Symfony 1.2 and a non RFC complient SOAP with NO documentation.
A year ago We've been thrown a new temporary project. An VOIP app for every OS.
That being iOS, Android, MAC, PC, Linux, Windows mobile. With a 3 month deadline. All that thrown at 4 PHP developers. The idea being that They'll take it, sign the delivery protocol, everyone happy. No more updates for the app needed. They get their funds they needed the app for and we get paid.
Fast forward to today...
Our dev team started the year with great news that We'll most likely have to create a new project. Since the amount of new features would be far greater than current feature set, we managed to finally force our boss to use newer technologies (ie. seperate backend symfony4 PHP7+/frontend react, rest api and so on). So we were ecstatic to say the least. With preestimates aimed at a minimum 3 month development period. Since we're comfortable with everything that needs to be done.
Two days later our boss came to me that one of our most annoying clients needs a new feature. Said client uses ancient version written on a napkin because They changed half of the specification 2 weaks before deadline in a software made not by a developer but some sysadmin who didn't know anything. His MVC model was practically VVV model since he even had sql queries in some views. Feature will take 3 days - fixing everything that will break in the meantime - 1-2 months.
F*** it, fine. A little overtime won't kill me.
Yesterday boss comes again... Apparently someone lost a delivery protocol for a project we ended that half a year ago. Whats even better at the time when we asked for hardware to test we never got any. When we asked about any testing enviornment - nothing. The app being SEMI-stable on everything is an overstatement but it was working on the os'es available at the time. Since the client started testing now again, it turns out that both Android app does not work on 8.1/9 and the iOS app does not work on ios12. The client obviously does not want to pay and we can do little with it without the protocol, other than rewriting the apps.
It will take months at least since all of those apps were written by people that didn't know neither the OS'es nor the languages. For example I started writing the iOS one in swift. Only to learn after half of the development time, that swift doesn't like working by C Library rules and I had to use ObjC also. With some C thrown in due to the library. 3 unknown languages, on an unknown platform in 3 months. I never had any apple device in my hand at that time nor do I intend to now. I'm astonished it worked out then. It was a clusterf**k of bad design and sticking everything together with deprecated apis and a gum. So I'll have to basically fully rewrite it.
If boss decides we'll take all those at the same time I'll f***ing jump of a bridge.8 -
If programming languages were countries, which country would each language represent?
Disclaimer: its just a joke
Java: USA -- optimistic, powerful, likes to gloss over inconveniences.
C++: UK -- strong and exacting, but not so good at actually finishing things and tends to get overtaken by Java.
Python: The Netherlands. "Hey no problem, let'sh do it guysh!"
Ruby: France. Powerful, stylish and convinced of its own correctness, but somewhat ignored by everyone else.
Assembly language: India. Massive, deep, vitally important but full of problems.
Cobol: Russia. Once very powerful and written with managers in mind; but has ended up losing out.
SQL and PL/SQL: Germany. A solid, reliable workhorse of a language.
Javascript: Italy. Massively influential and loved by everyone, but breaks down easily.
Scala: Hungary. Technically pure and correct, but suffers from an unworkable obsession with grammar that will limit its future success.
C: Norway. Tough and dynamic, but not very exciting.
PHP: Brazil. A lot of beauty springs from it and it flaunts itself a lot, but it's secretly very conservative.
LISP: Iceland. Incredibly clever and well-organised, but icy and remote.
Perl: China. Able to do apparently almost anything, but rather inscrutable.
Swift: Japan. One minute it's nowhere, the next it's everywhere and your mobile phone relies on it.
C#: Switzerland. Beautiful and well thought-out, but expect to pay a lot if you want to get seriously involved.
R: Liechtenstein. Probably really amazing, especially if you're into big numbers, but no-one knows what it actually does.
Awk: North Korea. Stubbornly resists change, and its users appear to be unnaturally fond of it for reasons we can only speculate on.17 -
I have this great professor who taught us how to be logical human beings (not that I learned much of that haha). He introduced us to web dev. He started with the basic html shit, then proceed with php and sql. His lectures were awesome. He'll then proceed with code exercises. And we'll have mini 'codefights' in his classes! yey! He taught us that in programming, it is much more important to practice logic than master a single language(no hate please). I learned to love programming through his passion. :) I learned to program in his class, now I hope never to stop learning. :D8
-
Sooo I've been working on an ancient php 5.6 project that did not have any documentation and was a homemade "framework" created 7 years ago. The original creator is long gone and no one else knows a lot about this project.
When I first looked into it I almost immediately noticed the security flaws...
Old outdated libraries
a "development" feature to easily turn dev mode on/off
BY A GET PARAMETER!
it spits out full sql queries and php warnings -.-
Oh and did I mention that the site is a webshop.... and has a backdoor password?
AND THAT THE CUSTOMER REQUESTED THAT?3 -
update of after i got fired: after the fuck developers company llc was left with no developers, there was a girl there that i didn't mention earlier because as i said: the story is more complex. she came there with good intentions but after she knew the cruel nature of fuck and shit she became notoriously mad, we're still in contact with her so it's nice to hear from her some of the gags that happen there, one of which my really intelligent ex-boss the wordpress DEVELOPER himself told her to finish one of the projects i was working on, and a friend of mine who is infamous of his coding shenanigans left it in my hands before he left as well a couple of months prior (well he was fed up before us, and when i told him to stay with us he said "dude just listen to the motherfucker's voice, i can't do this anymore", my lovely ex-boss has this equally lovely screechy high pitched voice that caused me tinnitus), it's an asp.net project, uses web forms, and a lot of apis, the database is sql server, standard shit but there's no original creation script and i fucked up the only existing database which was in a local computer he used to like calling a SERVER, now to the point: this girl is not a developer, she was however working as a reporter?? kind of like jaspersoft the human or sap crystal woman and she claims that she's pretty good at it, and she's a genuinely good person who was dragged to hell just because she wanted to be close to her daddy (she was working in a different city with more than double the salary she's given now), but she's rich and her dada convinced her to come. she's currently learning java ee on her own so she'd probably leave in the next two months, in her resume she wrote that she know php, well i know php you know php we all know php (the syntax) kind of like mr. shit who passed the sololearn php CERTIFICATE and couldn't stop telling his boss and his boss a.k.a my ex-boss goes "sweet!". going back to the punchline of this rant: she told us that he came to her and asked her to finish the project with php.12
-
Tl;DR; version:
French designer, Mexican PSD -> HTML converter, Indian VueJS developer, Spanish project manager and a Taiwanese back-end developer. Application was made like an tower of pizza from bullcrap held by boogers and constantly licked by an orangutang to keep it standing.
Longer version:
We had to take a "half-finished" project from one of our clients, received the code for full-stack project. The css/design was so unbearable that it mostly broke on anything that had higher than 720px wide screen, structure was full of tables/divs and no fucking flexbox/grid... Then the fun part - we saw it's conversion to vueJS - a single fucken App.vue file that had shitton of conditions for pages.... yea, not even multi-component/routed app, just conditions!!!! And then... A back-end (in which I mainly specify myself) - it was made by a developer that had to mainly use Java/C# as their daily driver while all being build on php and Laravel. 0 Fucken laravel functions used, 0 of models, logic and so on.... Most of the page was running on RAW sql queries. Names... Oh my god the function names....
`getTheUsersThatHasAtLeastOneSpaceAssignedToThemByGivenCompanyId(int $id)`
And it held an RAW sql that was coming from a model....
All of this was managed by a random spanish manager who couldn't really understand what our client needed and what he actually wanted so from 100% of the site, only 20% was correct in logic....
And yet, according to the whole "package" (team) - they did everything correctly, saw no issues and our client was ungrateful fucker that refused to pay 10x the amount that we asked in order to completely re-do the application....
Morale: Remote teams are great... As long as all of them can work remote in TEAM.5 -
My first rant/story
> 3 years ago company x decides to pay for my software dev degree
> fast forward to today.. x has no idea what I've learned as they never asked..(basically java,php,sql,android)
> x gives me a contract 1 week before my final exams and expects me to work everyday except exam days..
>next day, a dev contacts me - 'oh please brush up on your Vue, Node, angular as well as laravel php framework'
>I've never touched any of those xD fml.. what to do!?8 -
Well on my last full-time job, that ware using cookies for authentication (not something new, eh?). The thing is, you see, the cookies had the 'accountId' which if you change to another number, kaboom you're that account, oh but that was not all, there was an option to mark the account type in there 'accountType', which was kind of obvious in VLE (virtual learning environment), 'Teacher', 'Student', 'Manager' put what of those values and boom you are that role for the session
Thing was open of SQL injection from the login form, from said cookies and form every part you can pass input to it, when I raised the question to my TL he said 'no one is going to know about thatt, I don't see what is the problem', then escalated to higher management 'oh well speak to *tl_guy*'
Oh and bonus points for it being written in ASP CLASSIC in 2014+ (I was supposed to rewrite, but ended up patching ASP code and writing components in PHP)
In 2015-2016, in a private college, charging kind-of big money per year1 -
Hosting a PHP/MySQL application for a really wealthy NGO that must have paid thousands of dollars for the app, and everything works fine but no sanitised inputs and direct SQL statement execution. Just waiting for little Bobby Tables so I can charge them a fortune for recovery 😊5
-
I don't know if I'm being pranked or not, but I work with my boss and he has the strangest way of doing things.
- Only use PHP
- Keep error_reporting off (for development), Site cannot function if they are on.
- 20,000 lines of functions in a single file, 50% of which was unused, mostly repeated code that could have been reduced massively.
- Zero Code Comments
- Inconsistent variable names, function names, file names -- I was literally project searching for months to find things.
- There is nothing close to a normalized SQL Database, column ID names can't even stay consistent.
- Every query is done with a mysqli wrapper to use legacy mysql functions.
- Most used function is to escape stirngs
- Type-hinting is too strict for the code.
- Most files packed with Inline CSS, JavaScript and PHP - we don't want to use an external file otherwise we'd have to open two of them.
- Do not use a package manger composer because he doesn't have it installed.. Though I told him it's easy on any platform and I'll explain it.
- He downloads a few composer packages he likes and drag/drop them into random folder.
- Uses $_GET to set values and pass them around like a message contianer.
- One file is 6000 lines which is a giant if statement with somewhere close to 7 levels deep of recursion.
- Never removes his old code that bloats things.
- Has functions from a decade ago he would like to save to use some day. Just regular, plain old, PHP functions.
- Always wants to build things from scratch, and re-using a lot of his code that is honestly a weird way of doing almost everything.
- Using CodeIntel, Mess Detectors, Error Detectors is not good or useful.
- Would not deploy to production through any tool I setup, though I was told to. Instead he wrote bash scripts that still make me nervous.
- Often tells me to make something modern/great (reinventing a wheel) and then ends up saying, "I think I'd do it this way... Referes to his code 5 years ago".
- Using isset() breaks things.
- Tens of thousands of undefined variables exist because arrays are creates like $this[][][] = 5;
- Understanding the naming of functions required me to write several documents.
- I had to use #region tags to find places in the code quicker since a router was about 2000 lines of if else statements.
- I used Todo Bookmark extensions in VSCode to mark and flag everything that's a bug.
- Gets upset if I add anything to .gitignore; I tried to tell him it ignores files we don't want, he is though it deleted them for a while.
- He would rather explain every line of code in a mammoth project that follows no human known patterns, includes files that overwrite global scope variables and wants has me do the documentation.
- Open to ideas but when I bring them up such as - This is what most standards suggest, here's a literal example of exactly what you want but easier - He will passively decide against it and end up working on tedious things not very necessary for project release dates.
- On another project I try to write code but he wants to go over every single nook and cranny and stay on the phone the entire day as I watch his screen and Im trying to code.
I would like us all to do well but I do not consider him a programmer but a script-whippersnapper. I find myself trying to to debate the most basic of things (you shouldnt 777 every file), and I need all kinds of evidence before he will do something about it. We need "security" and all kinds of buzz words but I'm scared to death of this code. After several months its a nice place to work but I am convinced I'm being pranked or my boss has very little idea what he's doing. I've worked in a lot of disasters but nothing like this.
We are building an API, I could use something open source to help with anything from validations, routing, ACL but he ends up reinventing the wheel. I have never worked so slow, hindered and baffled at how I am supposed to build anything - nothing is stable, tested, and rarely logical. I suggested many things but he would rather have small talk and reason his way into using things he made.
I could fhave this project 50% done i a Node API i two weeks, pretty fast in a PHP or Python one, but we for reasons I have no idea would rather go slow and literally "build a framework". Two knuckleheads are going to build a PHP REST framework and compete with tested, tried and true open source tools by tens of millions?
I just wanted to rant because this drives me crazy. I have so much stress my neck and shoulder seems like a nerve is pinched. I don't understand what any of this means. I've never met someone who was wrong about so many things but believed they were right. I just don't know what to say so often on call I just say, 'uhh..'. It's like nothing anyone or any authority says matters, I don't know why he asks anything he's going to do things one way, a hard way, only that he can decipher. He's an owner, he's not worried about job security.13 -
I had spent the last year working on a online store power by woocommerce with over 100k products from various suppliers. This online store utilized a custom API that would take the various formats that suppliers offer their inventory in and made them consistent. Now everything was going swimmingly initially, but then I began adding more and more products using a plug-in called WP all import. I reached around 100k products and the site would take up to an entire minute to load sometimes timing out. I got desperate so I installed several caching plugins, but to no avail this did not help me. The site was originally only supposed to take three to four months but ended up taking an entire year. Then, just yesterday I found out what went wrong and why this woocommerce website with all of these optimizations was still taking anywhere from 60 to 90 seconds to load, or just timing out entirely. I had initially thought that I needed a beefier server so I moved it to a high CPU digitalocean VM. While this did help a little bit, the site was still very slow and now I had very high CPU usage RAM usage and high disk IO. I was seriously stumped the Apache process was using a high amount of CPU and IO along with MYSQL as well. It wasn't until I started digging deeper into the database that I actually found out what the issue was. As I was loading the site I would run 'show process list' in the SQL terminal, I began to notice a very significant load time for one of the tables, so I went to go and check it out. What I did was I ran a select all query on that particular table just to see how full it was and SQL returned a error saying that I had exceeded the maximum packet size. So I was like okay what the fuck...
So I exited my SQL and re-entered it this time with a higher packet size. I ran a query that would count how many rows were in this particular table and the number came out to being in the millions. I was surprised, and what's worse is that this table belong to a plugin that I had attempted to use early in the development process to cache the site. The plugin was deactivated but apparently it had left PHP files within the wp content directory outside of the actual plugin directory, so it's still executing scripts even though the plugin itself was disabled. Basically every time I would change anything on the site, it would recache the whole thing, and it didn't delete any old records. So 100k+ products caching on saves with no garbage collection... You do the math, it's gonna be a heavy ass database. Not only that but it was serialized data, so when it did pull this metric shit ton of spaghetti from the database, PHP then had to deserialize it. Hence the high ass CPU load. I had caching enabled on the MySQL end of things so that ate the ram. I was really desperate to get this thing running.
Honest to God the main reason why this website took so long was because the load times made it miserable to work on. I just thought that the hardware that I had the site on was inadequate. I had initially started the development on a small Linux VM which apparently wasn't enough, which is why I moved it to digitalocean which also seemed to not be enough, so from there I moved to a dedicated server which still didn't seem to be enough. I was probably a few more 60-second wait times or timeouts from recommending a server cluster to my client who I know would not be willing to purchase it. The client who I promised this site to have completed in 3 months and has waited a year. Seriously, I would tell people the struggles that I would go through with this particular site and they would just tell me to just drop the site; just take the money, just take the loss. I refused to, this was really the only thing that was kicking my ass. I present myself as this high-and-mighty developer like I'm just really good at what I do but then I have this WordPress site that's just beating the shit out of me for a year. It was a very big learning experience and it was also very humbling as well, it made me realize that I really don't know as much as I think I might. It was evidence that there is still so much more to learn out there, I did learn a lot from that experience especially about optimizing websites the different types of methods to do that particular lonely on the server side and I'll be able to utilize this knowledge in the future.
I guess the moral of the story is, never really give up. Ultimately things might get so bad that you're running on hopes and dreams. Those experiences are generally the most humbling. Now I can finally present the site that I am basically a year late on to the client who will be so happy that I did not give up on the project entirely. I'll have experienced this feeling of pure euphoria, and help the small business significantly grow their revenue. Helping others is very fulfilling for me, even at my own expense.
Anyways, gonna stop ranting. Running out of characters. If you're still here... Ty for reading :')7 -
Php code without any class. Every page is a separate php file in project root folder.
Everything is all over the place, code repetition is everywhere.
The worst part? No security. The sql calls are with mysql_ functions and string concatenation. Files are just uploaded without checking.
And I had to repair it.2 -
rant & question
Last year I had to collaborate to a project written by an old man; let's call him Bob. Bob started working in the punch cards era, he worked as a sysadmin for ages and now he is being "recycled" as a web developer. He will retire in 2 years.
The boss (that is not a programmer) loves Bob and trusts him on everything he says.
Here my problems with Bob and his code:
- he refuses learning git (or any other kind of version control system);
- he knows only procedural PHP (not OO);
- he mixes the presentation layer with business logic;
- he writes layout using tables;
- he uses deprecated HTML tags;
- he uses a random indentation;
- most of the code is vulnerable to SQL injection;
- and, of course, there are no tests.
- Ah, yes, he develops directly on the server, through a SSH connection, using vi without syntax highlighting.
In the beginning I tried to be nice, pointing out just the vulnerabilities and insisting on using git, but he ignored all my suggestions.
So, since I would have managed the production server, I decided to cheat: I completely rewrote the whole application, keeping the same UI, and I said the boss that I created a little fork in order to adapt the code to our infrastructure. He doesn't imagine that the 95% of the code is completely different from the original.
Now it's time to do some changes and another colleague is helping. She noticed what I did and said that I've been disrespectful in throwing away the old man clusterfuck, because in any case the code was working. Moreover he will retire in 2 years and I shouldn't force him to learn new things [tbh, he missed at least last 15 years of web development].
What would you have done in my place?10 -
This is a true story. We had this subject, called “Web Design” (really, “design”), where we studied HTML, CSS, JavaScript, PHP and MySQL (confusing, right?). And when we get the PHP (e-)book, it was this old PDF (probably downloaded illegally) teaching the legacy 4.0 version of PHP. Anyway, when we had to develop the final project, the sane professor allowed us to use a newer version of PHP — 5.2, released on 2008. I had to follow the rules, so I developed probably the less secure web application I will ever develop. That means no protection from SQL injection, XSS vulnerable and a bunch of other security holes… And that’s how they liked it developed!3
-
I promised a friend to have a look over his dads website to add a small blog. No big deal, I've got it on my drive, can reuse it just need to adapt it to the environment.
I take a look at what I'm working with and I see the most terrifying piece of "Please, take my data" code I could possibly imagine (And I've seen passwords, in plain text in a script tag). I quote "function queryDB(mode, val) {
var query=" ";
if(mode==="findProd")
query="Select * from Products where ProdNam=" +val;
... (same shit for different cases)
sendQuery(query) ;
}
He literally built the query on the client side sent it to a php script (without validation) and inserted it into the database.
You could literally call window.sendQuery with any sql query and get the result printed into the console.
And other than the plain text passwords guy that wasn't some kid someone knew, this was a "Webdesign" Agency.
Now I took the entire thing offline, called my friends dad, explained it to him and try to sort this out. I would not charge a good friends father but that hack will get a quite hefty bill since my hourly rate just tripled.
And the worst thing : If I publicly name that asshole or warn the people in his portfolio I can, according to Google, be sued. (But, and I assume thats vague enough not to count as bad mouthing, if anyone of you has a customer from Rheinland-Pfalz, Germany with a preexisting page, please have a look at the database interface)
I will call that agency tomorrow, ask for a detailed explanation for why they apparently let trained monkeys write their code and anonymously warn everyone in their portfolio about those flaws...
I don't know if I'm cursed or if there are just that many bad devs but it seems that once a year I have to stumble over some "mistakes" that make me question my sanity.4 -
I'm so fkin happyyyyyy!!
2 months ago a friend hits me up and says "lets make a fkin website"
I had no knowledge of web dev and didn't take it seriously cuz "web dev is for losers who can't code, also they get paid in peanuts" as stated by someone I highly respected back in school.
Fuck him.
It's all changed.
I never thought I'd say this.
But web dev is the best thing I've picked up in 3 years
Been making steady progress in js, php, sql then picked up jquery and made a few dynamic test sites. God it was so fkin satisfactory. Started node- it's intimidating but I'll get the hang of it soon and thinking of starting vue or ember as soon as I'm confident in all the stuff I've picked up. Oh and friend's website?
Fuck that it's a trash concept. I still thanked him for getting me to start web dev and moved on.
I still have my roots in c++ and Python and I'll never forget them but I think this may be the start of a wonderful journey. Be sure to burst my bubble I'm just a noob now10 -
procrastinating by getting drunk since 11:00 AM, and writing specs for my (hypothetical) language/os/platform.
feeling righteous retribution because the client made me be stressed for 3 hours due to an issue that THEY caused but for 3 hours the only info I had was "there's a critical blocker issue and we're convinced YOU caused it"
well... no... i did NOT cause the fact that you UPGRADED PHP DURING THE WEEKEND BEFORE MONDAY'S PRESENTATION TO CLIENT (while waiting for an urgent commit from me).
seriously.
also, germans. i've heard many times from other people that they're... basically racist towards us (slavic nations), thinking of us as untermensch, coal-miner peons, but I didn't realize their passive-aggressive covertly smug demanding attitude is due to this, I just assumed it's a reaction to me being incompetent.
so yesterday when we finished the call (in preparation for which I tried to switch to their "client demonstration" branch since that's where the error was, and I wanted a headstart on fixing it, ended up in a place that my today's whole-day task should be "rebuilding the DB into working condition", because there's about 10 "core" sql scripts in two different folders, which need to be run (in a very specific order, of course, which readme tells you, but what it tells you has been outdated at least for 3 months, of course), and
...THE MAIN CORE SCRIPT THAT IS THE FIRST TO RUN, THAT CREATES THE DB schema, HAS THREE SYNTAX-LEVEL typos which fail it mid-way...
...the joys of continuous deployment via scripts, I guess? I would love to challenge any person from them to screenshare to me, manual deployment of the current version from zero, and I would be willing to give the person 20% of my monthly salary if they would be able to do it within 20 minutes.
but... well...
the point is, i should be doing not entirely bullshit stuff.
but yesterday's 6 hours of being in "at full attention because it seems we fucked up" totally convinced me, that today I'm taking a break.
So I'm gonna go buy another 3 beers and continue writing the specs of my dream language/os/platform.19 -
Never have I been so satisfied as I am right now after having implemented a login and user account system with the ability to update user preferences with databases n' shit in PHP after only knowing PHP for a day.
Speaking of all that, do you guys know of any good place to make sure all my stuff is secure? No SQL injections n' the like.4 -
Since my first post was a success, here's another shameless hack-- in this case, ripping a "closed" database I don't usually have access to and making a copy in MySQL for productivity purposes. That was at a former job as an IT guy at a hardware store, think Lowes/Rona.
We had an old SCO Unix server hosting Informix SQL (curious, anyone here touched iSQL?), which has terminal only forms for the users to handle data, and has keybindings that are strangely vi based (ESC does commit changes. Mindfsck for the users!). To add new price changes to our products, this results to a lengthy procedure inside a terminal form (with ascii borders!) with a few required fields, which makes this rather long. Sadly, only I and a colleague had access to price changes.
Introducing a manager who asks a price change for a brand- not a single product, but the whole product line of a brand we sell. Oh and, those price changes ends later after the weekend (twice the work, back at regular price!)
The usual process is that they send me a price change request Excel document with all the item codes along with the new prices. However, being non technical, those managers write EVERYTHING at hand, cell by cell (code, product name, cost, new price, etc), sometimes just copy pasted from a terminal window
So when the manager asked me to change all those prices, I thought "That's the last time I manually enter all of this sh!t- and so does he". Since I already have a MySQL copy of the items & actual (live) price tables, I wrote a PHP backend to provide a basic API to be consumed to a now VBA enhanced Excel sheet.
This VBA Excel sheet had additional options like calculating a new price based on user provided choices ("Lower price by x $ or x %, but stay above cost by x $ or x %"), so the user could simply write back to back every item codes and the VBA Excel sheet will fetch & display automatically all relevant infos, and calculate a new price if it's a 20% price cut for example.
So when the managers started using that VBA sheet, I had also hidden a button which simply generate all SQL inserts for the prices written in the form, including a "back to regular price" if the user specified an end date, etc.
No more manual form entry for me, no more keyboard pecking for the managers with new prices calculated for them. It was a win/win :)1 -
When I was in my final year of B.Tech.
There we had to do one major project so me and my friend both decided to build QUERA project for college. So as planned we informed to our superior and we got clean chit.
But later on we didn't know what to do??
That time my friend also didn't have programming awareness so days were going on. And the final month came and till then no progress.
My F was suggesting for purchase.
I was little bit worried too.
Then I had decided to build.
So me alone started building without any copying of templates from web(Actually at that time I didn't know that we can copy templates from web) so stupidly I was building templates using HTML and CSS. Parallely I was doing with php and phpmyadmin(SQL queries).
Seriously it was in PHP.
So this was running for approximately 14 days.
And believe me in that 14 days I was just doing project with all this stuff (obviously eating & 5 hrs sleep).
So, here the fun came
I was near to completion of my project but on last day I was not feeling well so I went to medical for some tablets.
And you know what, I was applying CSS in my mind on that tablet cover which was in rectangular shape.
Literally I was applying :D
Finally, I submitted project and got A+ for that.
Happy ending!1 -
!rant
the most popular ecommerce solution in php is a massive (cosmological scale) pile of corporate crap (magento) and the next most popular is an abomination (opencart)
after fucking around with both for a month (the client asked for the project to be using only one of the two) I'm still barely reaching any results, and most of my time is wasted with the stupid bloated spaghetti that is opencart FUCK THIS,
like seriously. who the fuck writes a single line three left joins sql querry with four or five aliases a couple concacts and a bunch sorting fuckeries just to query the categories list, then just query the details of the specific category from a different function,
also why the fuck map each language string manually. or the fucking hardcoded seo urls, or the use of myisam for all tables, and no fucking foreign keys, let that settle for a minute, no foreign keys, the delete method in the model has at least a twenty lines, and then he came with the genius idea of duplicating models, in the front and the backend, accessing the same data, as the same user, but different naming conventions
I'm going to convince him to use something sane like codeigniter/laravel/fuelphp or I'll deny the project8 -
It's been a while DevRant!
Straight back into it with a rant that no doubt many of us have experienced.
I've been in my current job for a year and a half & accepted the role on lower pay than I normally would as it's in my home town, and jobs in development are scarce.
My background is in Full Stack Development & have a wealth of AWS experience, secure SaaS stacks etc.
My current role is a PHP Systems Developer, a step down from a senior role I was in, but a much bigger company, closer to home, with seemingly a lot more career progression.
My job role/descriptions states the following as desired:
PHP, T-SQL, MySQL, HTML, CSS, JavaScript, Jquery, XML
I am also well versed in various JS frameworks, PHP Frameworks, JAVA, C# as well as other things such as:
Xamarin, Unity3D, Vue, React, Ionic, S3, Cognito, ECS, EBS, EC2, RDS, DynamoDB etc etc.
A couple of months in, I took on all of the external web sites/apps, which historically sit with our Marketing department.
This was all over the place, and I brought it into some sort of control. The previous marketing developer hadn't left and AWS access key, so our GitLabs instance was buggered... that's one example of many many many that I had to work out and piece together, above and beyond my job role.
Done with a smile.
Did a handover to the new Marketing Dev, who still avoid certain work, meaning it gets put onto me. I have had a many a conversation with my line manager about how this is above and beyond what I was hired for and he agrees.
For the last 9 months, I have been working on a JAVA application with ML on the back end, completely separate from what the colleagues in my team do daily (tickets, reports, BI, MI etc.) and in a multi-threaded languages doing much more complicated work.
This is a prototype, been in development for 2 years before I go my hands on it. I needed to redo the entire UI, as well as add in soo many new features it was untrue (in 2 years there was no proper requirements gathering).
I was tasked initially with optimising the original code which utilised a single model & controller :o then after the first discussion with the product owner, it was clear they wanted a lot more features adding in, and that no requirement gathering had every been done effectively.
Throughout the last 9 month, arbitrary deadlines have been set, and I have pulled out all the stops, often doing work in my own time without compensation to meet deadlines set by our director (who is under the C-Suite, CEO, CTO etc.)
During this time, it became apparent that they want to take this product to market, and make it as a SaaS solution, so, given my experience, I was excited for this, and have developed quite a robust but high level view of the infrastructure we need, the Lambda / serverless functions/services we would want to set up, how we would use an API gateway and Cognito with custom claims etc etc etc.
Tomorrow, I go to London to speak with a major cloud company (one of the big ones) to discuss potential approaches & ways to stream the data we require etc.
I love this type of work, however, it is 100% so far above my current job role, and the current level (junior/mid level PHP dev at best) of pay we are given is no where near suitable for what I am doing, and have been doing for all this time, proven, consistent work.
Every conversation I have had with my line manager he tells me how I'm his best employee and how he doesn't want to lose me, and how I am worth the pay rise, (carrot dangling maybe?).
Generally I do believe him, as I too have lived in the culture of this company and there is ALOT of technical debt. Especially so with our Director who has no technical background at all.
Appraisal/review time comes around, I put in a request for a pay rise, along with market rates, lots of details, rates sources from multiple places.
As well that, I also had a job offer, and I rejected it despite it being on a lot more money for the same role as my job description (I rejected due to certain things that didn't sit well with me during the interview).
I used this in my review, and stated I had already rejected it as this is where I want to be, but wanted to use this offer as part of my research for market rates for the role I am employed to do, not the one I am doing.
My pay rise, which was only a small one really (5k, we bring in millions) to bring me in line with what is more suitable for my skills in the job I was employed to do alone.
This was rejected due to a period of sickness, despite, having made up ALL that time without compensation as mentioned.
I'm now unsure what to do, as this was rejected by my director, after my line manager agreed it, before it got to the COO etc.
Even though he sits behind me, sees all the work I put in, creates the arbitrary deadlines that I do work without compensation for, because I was sick, I'm not allowed a pay rise (doctors notes etc supplied).
What would you do in this situation?4 -
So... I've been messing arround with my first VPS (with little knowledge of Linux).
First installed lxde to learn how to do it, then back to the terminal. then I started with Apache, watching online tuts ...
Then I changed for nginx... Looks way better.
Installed my sql, php and got stuck. Dropped it for a few days.
Today I restarted, deleted Apache, mysql, reinstalled nginx, my php (with lots of problems because of old instalations). Everything is working now except php.
After going round and arround I changed my focus to relax a bit, and remembered I still have Apache on the firewall...
OK Apache and other stuff that I installed.
Delete everything
New rules only for nginx and reset.
Cant ssh to the server... What?
Oh... Forgot to add rules to OpenSSH...
No matter, I can access the terminal directly on the website....
And it loads to ldxe, with no user set...
Fuckkkk.
Oh BTW I'm in a trial free period with no support...17 -
So I'm finally doing the job I was hired to do 2 years ago, with the promise of working 1.5 years ago, and scheduled to work 1 year ago as the project slips about a 1.25 years.
The project is on it's 3.5th year of a 3 year plan and based on the architecture of the project, the project architect started a degree in software architecture 4 years ago. In Latin. When his first language was Japanese and his second was Indian English while this was a US company. And his entire degree was in Lisp, PHP, and html, this project is in C#, and his professional background is in Fortran.
This is a man who is no longer on the project, not allowed to contribute or talk to us about the project, and what little documentation he left us is in Swahili translated from Korean via Google translate from the second year Korean language major exchange student from Russia who got really into meth and Telenovelas.
It is every version of MV* without the M and with every definition of * including some he made up and some that have only been proven to exist via machine learning algorithm written in SQL statements.
This project represents an implementation of the presentation tier of an n-tier application, yet attempts to reimplement the other n-1 tiers in html5 and the dreams of children.
The new lead is a former engineer that couldn't begin coding until he figured out how to map all of his variables to his former cars and girlfriends inclusively and learned his management skills from the big book of micro managers and that one time everyone else in the office was sick but the intern. Who now has a girlfriend whom he works 200 feet from so he isn't 100% thinking with his largest head. At least from observation.
Yet, I still can't bring myself to go be with the whales/become an accountant. -
just found out a vulnerability in the website of the 3rd best high school in my country.
TL;DR: they had burried in some folders a c99 shell.
i am a begginer html/sql/php guy and really was looking into learning a bit here and there about them because i really like problem solving and found out ctfs mainly focus on this part of programming. i am a c++ programmer which does school contest like programming problems and i really enjoy them.
now back on topic.
with this urge to learn more web programming i said to myself what other method to learn better than real life sites! so i did just that. i first checked my school site. right click. inspect element. it seemed the site was made with wordpress. after looking more into the html code for the site i concluded all the images and files i could see on the site were from a folder on the server named 'wp-content/uploads'. i checked the folder. and here it got interesting. i did a get request on the site. saw the details. then i checked the site. bingo! there are 3 folders named '2017', '2018', '2019'. i said to myself: 'i am god.'
i could literally see all the announcements they have made from 2017-2019. and they were organised by month!!! my curiosity to see everything got me to the final destination.
with this adrenaline i thought about another site. in my city i have the 3rd most acclaimed high school in the country. what about checking their security?
so i typed the web address. looked around. again, right click, inspect element and looked around the source code. this time i was more lucky. this site is handmade!!! i was soooo happy because with my school's site i was restricted with what they have made with wordpress and i don't have much experience with it.
amd so i began looking what request the site made for the logos and other links. it seemed all the other links on the site were with this format: www.site.com/index.php?home. and i was very confused and still am. is this referencing some part of the site in the index.php file? is the whole site written inside the index.php file and with the question mark you just get to a part of the site? i don't really get it.
so nothing interesting inside the networking tab, just some stylesheets for the site's design i guess. i switched to the debugger tab and holy moly!! yes, it had that tree structure. very familiar. just like a project inside codeblocks or something familiar with it. and then it clicked me. there was the index.php file! and there was another folder from which i've seen nothing from the network tab. i finally got a lead!! i returned in the network tab, did a request to see the spgm folder and boooom a site appeared and i saw some files and folders from 2016. there was a spgm.js file and a spgm.php file. there was a contrib, flavors, gal and lang folders. then it once again clicked me! the lang folder was las updated this year in february. so i checked the folder and there were some files named lang with the extension named after their language and these files were last updated in 2016 so i left them alone. but there was this little snitch, this little 650K file named after the name of the school's site with the extension '.php' aaaaand it was last modified this year!!!! i was so excited! i thought i found a secret and different design of the site or something completely else! i clicked it and at first i was scared there was this black/red theme going on my screen and something was a little odd. there were no school announcements or event, nononoooo. this was still a tree structured view. at the top of the site it's written '!c99Shell v. 1.0...'
this was a big nono. i saw i could acces all kinds of folders. then i switched to the normal school website and tried to access a folder i have seen named userfiles and got a 403 forbidden error. wopsie. i then switched to the c99 shell website and tried to access the userfiles folder and my boy showed all of its contents. it was nakeeed naked. like very naked. and in the userfiles folder there were all, but i mean ALL files and folders they have on the server. there were a file with the salary of each job available in the school. some announcements. there was a list with all the students which failed classes. there were folders for contests they held. it was an absolute mess and i couldn't believe it.
i stopped and looked at the monitor. what have i done? just to learn some web programming i just leaked the server of the 3rd most famous high school in my country. image a black hat which would have seriously caused more damage. currently i am writing an email to the school to updrage their security because it is reaaaaly bad.
and the journy didn't end here. i 'hacked' the site 2 days ago and just now i thought about writing an email to the school. after i found i could access the WHOLE server i searched for the real attacker so if you want to knkw how this one went let me know in the comments.
sorry for the long post, but couldn't held it anymore13 -
Once I maintained one of the most used and fucked up codebases on the market with almost 1M+ daily users. (cannot say more, sorry).
It's written in PHP and is absolutely terrifying,
the first time I saw some lines of code I was about to scream and cry.
- spaghetti code
- no indentation
- random SQL query unoptimized
- unused vars
- Code is split among several files with no logical reasoning
- Mixed procedural and oop programming
- Unsanitised user input (yes, you got it right)
No test environment, no backup database, every commit goes straight to production.
It's a real disaster but the company prefers to keep it as it is without refactoring or anything else.
Just to make it clear:
It's not hatred against PHP, it's against the code's current status and the older programmers which used to work on it.5 -
Old old organization makes me feel like I'm stuck in my career. I'm hanging out with boomer programmers when I'm not even 30.
I wouldn't call myself an exceptional programmer. But the way the organization does it's software development makes me cringe sometimes.
1. They use a ready made solution for the main system, which was coded in PL/SQL. The system isn't mobile friendly, looks like crap and cannot be updated via vendor (that you need to pay for anyway) because of so many code customizations being done to it over the years. The only way to update it is to code it yourself, making the paid solutions useless
2. Adding CloudFlare in the middle of everything without knowing how to use it. Resulting in some countries/networks not being able to access systems that are otherwise fine
3. When devs are asked to separate frontend and backend for in house systems, they have no clue about what are those and why should we do it (most are used to PHP spaghetti where everything is in php&html)
4. Too dependent on RDBMS that slows down development time due to having to design ERD and relationships that are often changed when users ask for process revisions anyway
5. Users directly contact programmers, including their personal whatsapp to ask for help/report errors that aren't even errors. They didn't read user guides
6. I have to become programmer-sysadm-helpdesk-product owner kind of thing. And blamed directly when theres one thing wrong (excuse me for getting one thing wrong, I have to do 4 kind of works at one time)
7. Overtime is sort of expected. It is in the culture
If you asked me if these were normal 4 years ago I would say no. But I'm so used to it to the point where this becomes kinda normal. Jack of all trades, master of none, just a young programmer acting like I was born in the era of PASCAL and COBOL9 -
!rant
I'm a rather young developer, self-learned everything and started when I was 13 (now 20) but I still feel like I'm a total beginner since I have not yet mastered the things I am OK at.
Php (laravel, since it makes things much easier), js (jquery, bad at vanilla, have used angular and ember but not mastered), node, linux, html, css, photoshop, illustrator, sql, mongo and windows servers
I know little about many things, can create things that are asked of me but the methods I use are rather bad imo.. ex: I finish coding a section of a site, but when I need to add a new feature I find myself rewriting most of the stuff to add the new feature and in the end still feeling like the code could be optimized further, even though I have no idea how.
TL;DR I write bad code, but things work as long as I am monitoring them. I know little about alot of stuff but mastered none of them.
What should I do? Go to school for programming?8 -
Most of us have scary stories about professors that think that they know about what they are talking about when it comes to teaching comp sci subjects. Shit is so backwards in most parts of the world with teachers showing outdated or completely pointless tech.
A friend called me the other day asking for classic ASP help because it was being used in his web class. Another was asking me about flipping c cgi web scripting. Wtf are schools teaching? Having the drive to LEARN actuall useful topics that are relevant on the market is hard enough as it is...shouldn't schools help at least a little bit? I was lucky, we were thaught Java, Python, cpp, js, sql, html5, css3, php, ruby and we had classes for node (for those interested) and asp.net mvc. Those were RELEVANT and good classes and while some outdated tech was good the rest is just bullshit. Specially since most teachers have 0 market value as develpers...but hey!! Wtf do I know! Of course my word is shit against all them doctorate and master degrees.
Gimme a break. School can be great. But a lot of the leadership there is toxic af for our industry. And while I appreciate the effort in me being thaught modern languages (and thaught is a hard word since I already knew how to program way before going to school) i still remember a teacher taking points away from an assignment for not using switch statements in Python...despite my explaining that there was no such thing (you can go around it by using a lil technique using functions, its pretty cool..pero no mames)
Or what about the time I mentioned to a fellow student how he could use markup for having more control with his windows forms while the very same teacher contradicted me saying that shit was not possible. Or the guy at the school in which I work teaching intro to programming using fucking vba...fk man if you are going the BASIC route at least teach them b4j or something fuuuuck.
I had good teachers, but they were always cast asside by dptmnt heads as if they knew better. I just hate pendejo teachers I really do.
Chinguen a su madre, bola de babosos.rant remembering uni yes asshole gnu linux is a viable alternative i still love coding fuck bad teachers fk the system11 -
No proper normalization and database structure practices seems to continue to be the bane of my fucking existence at work.
One would think that it would be the quirks carried through by the language stacks in question, those are fucking absolutely ridiculously horrible by the way, y'all think you've seen bad Javascript and PHP? these would make you cry, laugh, wonder in amazement and then fucking pity me and eventually buy me a beer NO JOKE.
Y'all think you have seen some obscenely unoptimized SQL code? think of the worst fucking possible output from the shitty-est most error prone boundary checking inefficient ORM out there and multiply it by 10k. Then refer to my other point, and do the same thing for me which culminates in alcoholic consumption.
Worst thing? the developer that wrote most of this is a college level TEACHER rn....i've met the smug piece of shit, he acted severely condescending to everyone around him and I just smiled because I know how much of a piece of shit he is.
The other dude in question (it was two of them that I am talking about) left for another city and currently holds a senior developer position....i-fucking-magine that.
Fuck I hate these mfkers and I really wish they gave me a chance to fucking blow up on them.2 -
I'm a self-taught frontend developer with 1,5 - 2 years of experience in JavaScript / Vue.js development. Pretty cliche in 2023 and I can actually feel this now when it comes to the job market. It's brutal at the moment.I moved to Germany for a specific job but got laid off a few weeks ago due to a lack of projects and actual things to do. And here I am right now: tons of job applications, 4-5 interviews a week, zero success.
I'm thinking about getting some warehouse job or anything for the time being, and start freelancing in my spare time. Instead of this oversaturated JavaScript landscape, I would get into PHP (not as "hip" so less competition, backend, no new tools every 6 months), SQL, or hyper-specialize in CSS - something I like quite a bit but have seemingly zero value to employers.
I actually made a simple website for a small business when I was getting started with frontend, and he was super happy with the end result. I also did some language tutoring, that was quite rewarding as well. So freelancing is definitely fun, I enjoyed it much more than fearing layoffs or trying to force a fake-ambitious attitude on my 30th interview that most probably won't lead me anywhere. :D
Is the frontend job market really this oversaturated? (I know, I know... It's not difficult for competent, skilled, and experienced devs with CS degrees) Is being a CSS specialist, PHP-developer, or SQL-magician on fiverr/upwork/etc. a viable freelancing path? I've heard good and bad about these platforms, the competition there, etc. If not, where should I start?
What do you think? Any input is much appreciated. :)4 -
There have been a few :)
If say it's a videos utter project I initially though was good. Apart from loading a view the controllers didn't do anything - my initial thought was some magic was happening behind the scenes.
However, when I opened up the view things changed.
ALL the business logic happened in the view. Everything. Form processing, consuming an app, file uploads, validation, crud ... You name it, it happened in view. The developer created a raw MySQL connection and build his queries by concatenation g strings, the whole system was wide open to sql injection.
Even more annoying was the "source control" he invented. Every file had several copies. I.e. "User(working).php", "user_v3.php" and even "user(working_no_profile_fields_1.php". It wasn't even like there was any consistency in what file was actually used either. A complete mess. The system had around 69 screens too. No idea how the developer got that gig.2 -
Mf php and mf mysql database. Fuck you for being such a cunt.wasted my whole fucking day to configure the shit i didnt even broke. All i wanted from your ass was a storage for users but no you piece of shit. And a fucking special mention for php bcz that shit is a stinky piece of work.
All this aside i need a db which can store some data and is easy to use and not an sql one for my very small cllge project. Anything that i can use from my java app.8 -
$rant = new Rant('PHPStorm');
When you work with Drupal 8, you tend to become psychotic because this CMS is just a humongous load of crap. But sometimes, it's just PHPStorm that's fucking with you.
This morning, I lost 2 fucking hours because I was editing a temp file instead of my controller file, and spent way too fucking many time trying to find out where it came from until I discovered the tempfile with good ol' sublime text, and realizing the original file wasn't touched since the beginning.
I wish the huge ass SQL error message I saw to no one, not even my worst enemy.
This afternoon, while refactoring a bit of code, PHPStorm suddenly starts to whine that something is either missing or shouldn't be here (gotta love PHP, heh?). So I spent a time I didn't have to copy the whole fucking function to a notepad, then copying it back bit by bit to get where the error came from.
Guess what? Nothing went wrong, everything was ok from the beginning.2 -
Was hired on after my schooling was done as a web dev building a front end site. Finished, made it pretty, and was kept on to help the business build their backend inventory using a CSV file into an online catalogue.
Problem is...don't remember jack shit about PHP/SQL/anything past writing basic JS functions and pretty bullshit.
Running an apache server? No problem. Creating database schema's? Sure. Past that? I have no idea wtf I am doing, have until August to figure it out, am having major imposter syndrome, and can't walk out of this place without getting the project done. Feels very hopeless right now, though I am trying my best to learn.7 -
Background: We switched from just simple old PHP and JS using notepad++ to PHPStorm and its infinite configurables, Symfony 4, Twig, Composer, Doctrine, Yarn, NPM, Bootstrap, ( thank the stars we didn't try to add Docker in with all this ), any other junk I'm missing here? Then upgraded to Symfony 5.
Symfony's autowiring: madness behind the curtains. I get frustrated about when and where I can just magically inject these dependencies or use config variables, you know, like the ones you define in service.yaml. Hmmm, "service".yaml. In a controller you can say getParameter() but in a service you have to inject the parameter, FROM THE "SERVICE".yaml!!! Autowiring drives me nuts. Ok, so we can supply dependencies using the constructor, that's great! Within a controller you never have to instantiate the object you're passing to the constructor (autowiring handles that). That's cool, weird when we you try to trace it for the first few times, but nice I guess. Feels like half-assin' it. What bugs me here is that it only works in controllers... I guess out of the box.. i'm not even sure. To get that feature to work for services you have to make some yaml edits. Right?Maybe? Some of the Symfony tutorials have you code up some junk then trash it. Change config then wipe that out and do X instead... so I have no idea what "out of the box" for Symfony really is.
Found this cool article that describes my frustrations in better terms and seems like a good resource to learn about autowiring. I need to continue my yaml wizardry classes. https://alanstorm.com/symfony-autow...
.....And on to YAMLs, or CSS, or JS or any other friggin' change you make to a file anywhere... Make a change, reload page, nothing... nope you have to do some hidden cheat combo of yarn dostuff -> cache:clear -> cache:warmup -> cache:cache:the:cache ... I really really hate this crap. Maybe I'm too old school for all this junk. It was simple with pure PHP. Edit code, push file, reload page, and oh look it changed! Done. So happy! Ok, Ok. Occasionally the js or css might get cached by the browser and you have to ctrl/f5 or Shift/f5 .. one of those. With this framework there's just so much more that you have to remember to do get some new feature of your site loaded.
Now, I totally get wanting to use some type of entity framework, but I feel like my entire world turned backwards. Designing tables using something like MySQL Workbench made sense. I can see all the columns and datatypes right there as i'm building them. From what I've experienced now with Symfony/Doctrine is you have to make and entity, get a shit-ton of question lobbed at you and if it's a relation field you have to really have a clear idea of the cardinality up front. Then we migrate that to the database. Carefully read through the SQL if you really really just want to use migrations:migrate in Prod. That alter table could cost you some some downtime if your table is large.
Some days man.... -
!rant
Got a Job lately and therefore three Interviews.
In two of them was a question about SQL Injektion and no matter what teck stack you apply for that's the time to mention PHP :P1 -
So, I am in the last stages of development of a really big project and I need to figure out a way to package future patches and updates for the client in order for them to manually update the project on prod server.
For reasons I cannot specify here, they will not use any automated process, and we need to provide regular patches and updates for the next year.
So I was thinking of using git archive to package changed files from our repo for every new commit, or series of commits, and just give them that, along with any database schema updates as sql files (again, no automation can be used).
We are talking about a large PHP + MySQL app, and cannot use automated deployment strategies.
I feel there must be a better way to do this, but this is the best I could come up with so far.
What do you people think?
Any ideeas?