|
|
|
|
Thread title: Poorly written code hurts my soul... |
|
|
|
|
|
Thread tools
Search this thread
Display Modes
|
|
11-09-2007, 08:26 PM
|
#11
|
Status: Geek
Join date: Apr 2006
Location: Denver, CO
Expertise: Software
Software: Chrome, Notepad++
Posts: 6,894
|
I can make a fully secure upload in under 50 lines, the method it was using was just plain inefficient. Trust me, I know about upload security.
|
|
11-09-2007, 08:29 PM
|
#12
|
Status: Senior Member
Join date: Aug 2005
Location: Ohio, USA
Expertise:
Software:
Posts: 931
|
Well, whys it matter what the code looks like if it displays the exact same way? Or better yet, even if it's written sloppy and it reads the exact same and perfect in every other browser, whys it matter? When I go to a website, i read their content/text and their website structure / design. I don't right click and go hmm let's look at the HTML / PHP source just for the hell of it...
|
|
11-09-2007, 08:50 PM
|
#13
|
Status: Geek
Join date: Apr 2006
Location: Denver, CO
Expertise: Software
Software: Chrome, Notepad++
Posts: 6,894
|
It was slow and took its toll on the servers use. Plus it was impossible to make expansions on, I had to rewrite the entire site.
Edit: Not impossible, just far harder them rebuilding it from the grounds up.
|
|
11-09-2007, 08:56 PM
|
#14
|
Status: Community Archaeologist
Join date: Jul 2004
Location: Scotland
Expertise: Software Development
Software: vim, PHP
Posts: 3,820
|
I can write a fully secure upload script in one line of code. Sure, it'd be a long line.
P.S. How on earth is it possible to claim "fully secure upload" just from PHP code? (though this topic probably isn't the place for that discussion)
|
|
11-09-2007, 08:57 PM
|
#15
|
Status: Geek
Join date: Apr 2006
Location: Denver, CO
Expertise: Software
Software: Chrome, Notepad++
Posts: 6,894
|
Nothing is completely totally absolutely secure, I take that as given when I say fully secure.
But if you want to have a go, I made www.imagewasp.com
|
|
11-09-2007, 09:48 PM
|
#16
|
Status: Member
Join date: Mar 2006
Location: t.dot canaada
Expertise:
Software:
Posts: 182
|
^ i just clicked upload without choosing a file, and it just displyaed a white page lol. cmon put a "please select a file" error in
haha
|
|
11-09-2007, 10:27 PM
|
#17
|
Status: Geek
Join date: Apr 2006
Location: Denver, CO
Expertise: Software
Software: Chrome, Notepad++
Posts: 6,894
|
Originally Posted by masfenix
^ i just clicked upload without choosing a file, and it just displyaed a white page lol. cmon put a "please select a file" error in
haha
|
Yeah, we all see who's laughing now.... That makes it so damn insecure, I may as well find a new profession.
Btw. It does kill the application if there is no file posted.
|
|
11-09-2007, 10:42 PM
|
#18
|
Status: Member
Join date: Jun 2006
Location: UK
Expertise:
Software:
Posts: 184
|
Originally Posted by Village Idiot
Nothing is completely totally absolutely secure, I take that as given when I say fully secure.
But if you want to have a go, I made www.imagewasp.com
|
If you hit login as soon as the site loads I get logged in as somebody called Adam.
Surely that's not a good thing?
http://quickimg.com/uploads/6217c469...ca60fdd73c.jpg
|
|
11-09-2007, 10:48 PM
|
#19
|
Status: Geek
Join date: Apr 2006
Location: Denver, CO
Expertise: Software
Software: Chrome, Notepad++
Posts: 6,894
|
Originally Posted by LJR
|
That is not an error, someone is registered under the username Username and the password candyman. That is a default stuff that seb put in, not I. If you login with empty (not the default) fields, it will give you an error.
|
|
11-09-2007, 10:59 PM
|
#20
|
Status: Request a custom title
Join date: Feb 2006
Location: Nottingham
Expertise:
Software:
Posts: 1,648
|
It may not be insecure, but it does result in bad usability having a blank page. Even that improved code you pasted, patrickPaul, I couldn't work with pages and pages full of that - but I have done in the past.
Allman style indentation and variable prefixes to denote data types all the way, I wouldn't use capitalised items for my array keys, either. I'd also name the function something less ambiguous than title(), I mean, there's no way you can tell what the function is doing unless you read its contents. I would do something like:
PHP Code:
function getTitle($szItem)
{
// Why have we set $szItem in the argument?
// Was that an example?
return $aItem['title'];
}
|
|
|
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
|
|