Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!
«1503 »
 
  • Post
  • Reply
Roadie
Jun 30, 2013

rarbatrol posted:

//TODO: validate input

/**
* Nobody actually told me yet where this is supposed to get the individual
* tokens from or where they should be stored, so for now this just makes sure
* it hasn't been used yet. Once I get actual implement info I'll fix this up.
*
* @todo fix this
* @see ticket #88320
*/

* # ? Feb 9, 2017 01:26
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 28, 2024 10:24
  • Quote
The MUMPSorceress
Jan 6, 2012


^SHTPSTS

Gary’s Answer

PT6A posted:

Wordpress is hateful and bad and their database structure makes baby Jesus cry.

For a story of my own: I've been asked to take over a site that relies on "exclusive access codes" to grant access to a signup form because, according to the client, there are a lot of people "guessing" the codes and making invalid signups as a result, so they want to move to longer alphanumeric codes instead of shorter, numeric codes -- makes sense, right?

Well, I looked at the code, and it turns out the issue is that no checking is being done on the code whatsoever except to verify that it's not already been used to process a signup. I haven't tested my theory, but I'm 99% sure you can literally shove any value that doesn't cause a database error into the unique code field, and it will work.

Who designed that and thought that was an acceptable thing to do? I can't even begin to understand the thought process at work. Luckily, it seems like it would be quite easy to improve because literally any solution would be an improvement -- even a simple checksum-based verification or something. gently caress me.

why on earth are these unique access codes not simply a key to a token that is invalidated once registration is complete? that poo poo should be generated when the invite to register is granted and invalidated as soon as it's consumed. that way you could even re-use codes and you don't have to do a bunch of crazy validation to make sure a code wasn't already used.

* # ? Feb 9, 2017 18:19
  • Quote
TooMuchAbstraction
Oct 14, 2012

I spent four years making
Waves of Steel
Hell yes I'm going to turn my avatar into an ad for it.
Fun Shoe

LeftistMuslimObama posted:

why on earth are these unique access codes not simply a key to a token that is invalidated once registration is complete? that poo poo should be generated when the invite to register is granted and invalidated as soon as it's consumed. that way you could even re-use codes and you don't have to do a bunch of crazy validation to make sure a code wasn't already used.

"I don't understand security, but I'm just going to roll my own. How hard can it be?"

* # ? Feb 9, 2017 18:28
  • Quote
The MUMPSorceress
Jan 6, 2012


^SHTPSTS

Gary’s Answer

TooMuchAbstraction posted:

"I don't understand security, but I'm just going to roll my own. How hard can it be?"

i don't understand anything and i thought of that in 5 seconds

* # ? Feb 9, 2017 18:29
  • Quote
PT6A
Jan 5, 2006

Public school teachers are callous dictators who won't lift a finger to stop children from peeing in my plane

LeftistMuslimObama posted:

why on earth are these unique access codes not simply a key to a token that is invalidated once registration is complete? that poo poo should be generated when the invite to register is granted and invalidated as soon as it's consumed. that way you could even re-use codes and you don't have to do a bunch of crazy validation to make sure a code wasn't already used.

I'm just invalidating the codes themselves after they've been used because it seemed slightly easier. It also could allow, in the future, for the client to see if a specific code that was distributed has actually been used, which may or may not be useful.

* # ? Feb 9, 2017 22:27
  • Quote
xtal
Jan 9, 2011

by Fluffdaddy
nm

xtal fucked around with this message at 01:06 on Jun 20, 2018

* # ? Feb 10, 2017 01:48
  • Quote
necrotic
Aug 2, 2005
I owe my brother big time for this!
 I was incredulous at the cvar usage, but the second part made me :vince:

edit: hope you never try and use a threaded server with that cvar thing. Would love to see the bugs from that.

necrotic fucked around with this message at 05:28 on Feb 10, 2017

* # ? Feb 10, 2017 05:26
  • Quote
Munkeymon
Aug 14, 2003

Motherfucker's got an
armor-piercing crowbar! Rigoddamndicu𝜆ous.



 I don't know Rails, but model, view and controller mean pretty much the same thing as they normally would, right?

:ohdear:

* # ? Feb 10, 2017 18:06
  • Quote
Plorkyeran
Mar 22, 2007

To Escape The Shackles Of The Old Forums, We Must Reject The Tribal Negativity He Endorsed
No, Rails significantly misuses the terminology.

* # ? Feb 10, 2017 18:20
  • Quote
xtal
Jan 9, 2011

by Fluffdaddy

Plorkyeran posted:

No, Rails significantly misuses the terminology.

It's true that everyone has their own definition of MVC but I can assure you this is a coding horror under any of them

necrotic posted:

I was incredulous at the cvar usage, but the second part made me :vince:

edit: hope you never try and use a threaded server with that cvar thing. Would love to see the bugs from that.

That already came up once and our solution was to use a different server.

xtal fucked around with this message at 18:38 on Feb 10, 2017

* # ? Feb 10, 2017 18:35
  • Quote
Hammerite
Mar 9, 2007

And you don't remember what I said here, either, but it was pompous and stupid.
Jade Ear Joe
after two hours trying to work out why icons aren't appearing in a dropdown list: lol, gently caress MFC

* # ? Feb 10, 2017 19:05
  • Quote
necrotic
Aug 2, 2005
I owe my brother big time for this!

xtal posted:

It's true that everyone has their own definition of MVC but I can assure you this is a coding horror under any of them


That already came up once and our solution was to use a different server.

yeah just plop in unicorn instead. probably better for production most of the time anyway.

* # ? Feb 10, 2017 20:12
  • Quote
Evil_Greven
Feb 20, 2007

Whadda I got to,
whadda I got to do
to wake ya up?

To shake ya up,
to break the structure up!?
Re: Testing Chat - one of my professors years ago had an interesting perspective... it's best to just show you:
C++ code:
int quicksort_partition(int array[], int top, int bottom) {
	int compare = array[top];
	int i = top - 1;
	int j = bottom + 1;
	do {
		do { j--; } while(compare > array[j]);
		do { i++; } while(compare < array[i]);
		if(i < j) {
			int temp = array[i];
			array[i] = array[j];
			array[j] = temp;
		}
	} while(i < j);
	return j;
}

void quicksort(int array[], int top, int bottom) {
	int middle;
	if(top < bottom) {
		middle = quicksort_partition(array, top, bottom);
		quicksort(array, top, middle);
		quicksort(array, middle + 1, bottom);
	}
}

#if __INCLUDE_LEVEL__ < 1
#include <stdlib.h>
#include <iostream>
#define ARRAY_SIZE 20
#define _assert(test) if (!(test)) std::cout << #test << " failed!" << std::endl;

int main() {
	int numbers[ARRAY_SIZE];
	int i;
	srand(0);
	for(i = 0; i < ARRAY_SIZE; i++) {
		numbers[i] = rand() % 20;
	}
	quicksort(numbers, 0, ARRAY_SIZE);
	for(i = 1; i < ARRAY_SIZE; i++) {
		int a = numbers[i], b = numbers[i-1];
		_assert(a <= b);
	}
}
#endif
In GCC, #if __INCLUDE_LEVEL__ < 1 means the main() chunk only gets included if this .cpp isn't #included by anything; you could copy & paste this chunk in a second file and #include the first file to run it without issue from there as well.

Evil_Greven fucked around with this message at 04:40 on Feb 11, 2017

* # ? Feb 11, 2017 04:37
  • Quote
VikingofRock
Aug 24, 2008

Evil_Greven posted:

Re: Testing Chat - one of my professors years ago had an interesting perspective... it's best to just show you:
C++ code:
int quicksort_partition(int array[], int top, int bottom) {
	int compare = array[top];
	int i = top - 1;
	int j = bottom + 1;
	do {
		do { j--; } while(compare > array[j]);
		do { i++; } while(compare < array[i]);
		if(i < j) {
			int temp = array[i];
			array[i] = array[j];
			array[j] = temp;
		}
	} while(i < j);
	return j;
}

void quicksort(int array[], int top, int bottom) {
	int middle;
	if(top < bottom) {
		middle = quicksort_partition(array, top, bottom);
		quicksort(array, top, middle);
		quicksort(array, middle + 1, bottom);
	}
}

#if __INCLUDE_LEVEL__ < 1
#include <stdlib.h>
#include <iostream>
#define ARRAY_SIZE 20
#define _assert(test) if (!(test)) std::cout << #test << " failed!" << std::endl;

int main() {
	int numbers[ARRAY_SIZE];
	int i;
	srand(0);
	for(i = 0; i < ARRAY_SIZE; i++) {
		numbers[i] = rand() % 20;
	}
	quicksort(numbers, 0, ARRAY_SIZE);
	for(i = 1; i < ARRAY_SIZE; i++) {
		int a = numbers[i], b = numbers[i-1];
		_assert(a <= b);
	}
}
#endif
In GCC, #if __INCLUDE_LEVEL__ < 1 means the main() chunk only gets included if this .cpp isn't #included by anything; you could copy & paste this chunk in a second file and #include the first file to run it without issue from there as well.

This is... kind of genius. Terrible, but genius.

* # ? Feb 11, 2017 05:09
  • Quote
Plorkyeran
Mar 22, 2007

To Escape The Shackles Of The Old Forums, We Must Reject The Tribal Negativity He Endorsed
I'd do it with an explicit define to enable tests, but putting simple unit tests in the same file as the code being tested can be pretty nice.

* # ? Feb 11, 2017 05:31
  • Quote
vOv
Feb 8, 2014

 It's kind of like the `if __name__ == "__main__"` trick from Python, though I don't think I've ever seen anyone use it for putting tests in the same module.

* # ? Feb 11, 2017 05:49
  • Quote
Hughlander
May 11, 2005

VikingofRock posted:

This is... kind of genius. Terrible, but genius.

It remind me of some project from 15 years ago where it was something like:

code:
#include "theenum.h"
#undef ENUMTOSTRING
#include "theenum.h"
Where the first time through it sets an enum with values and the second time through it sets an array with the string literal of the enum values. There was even a reason why you did a #undef instead of #define something else but I can't remember anymore.

* # ? Feb 11, 2017 05:59
  • Quote
pokeyman
Nov 26, 2006

That elephant ate my entire platoon.

Hughlander posted:

It remind me of some project from 15 years ago where it was something like:

code:

#include "theenum.h"
#undef ENUMTOSTRING
#include "theenum.h"

Where the first time through it sets an enum with values and the second time through it sets an array with the string literal of the enum values. There was even a reason why you did a #undef instead of #define something else but I can't remember anymore.

It's like unreadable X-macros!

* # ? Feb 11, 2017 06:36
  • Quote
Soricidus
Oct 21, 2010
freedom-hating statist shill
let us all just be very grateful that there is no way for a cpp macro to itself #define or #include anything

* # ? Feb 11, 2017 12:32
  • Quote
smackfu
Jun 7, 2004

 I'm just grateful more languages don't have macros or a preprocessor.

* # ? Feb 11, 2017 13:58
  • Quote
xtal
Jan 9, 2011

by Fluffdaddy

smackfu posted:

I'm just grateful more languages don't have macros or a preprocessor.

Haskell lets you use the C preprocessor for some reason

* # ? Feb 11, 2017 15:39
  • Quote
Seat Safety Switch
May 27, 2008

MY RELIGION IS THE SMALL BLOCK V8 AND COMMANDMENTS ONE THROUGH TEN ARE NEVER LIFT.

Pillbug

vOv posted:

It's kind of like the `if __name__ == "__main__"` trick from Python, though I don't think I've ever seen anyone use it for putting tests in the same module.

I do that since testing Python for dumb errors that would otherwise be caught at compile time are usually really time consuming.

I've seen my coworkers copy and paste that block without knowing what it does when trying to copy example code I wrote. One file I saw the other day has test blocks from two different examples in it, both of which fail now.

* # ? Feb 11, 2017 16:00
  • Quote
Xarn
Jun 26, 2015

Plorkyeran posted:

I'd do it with an explicit define to enable tests, but putting simple unit tests in the same file as the code being tested can be pretty nice.

I do it surprisingly often for basic unit tests -- the ones I write before/during first iteration :v:

The more comprehensive part of the test suite then gets its separate file(s).

* # ? Feb 11, 2017 16:14
  • Quote
xtal
Jan 9, 2011

by Fluffdaddy
lmao I just found out golang has goto

* # ? Feb 13, 2017 01:35
  • Quote
sarehu
Apr 20, 2007

(call/cc call/cc)
What's so funny about goto?

* # ? Feb 13, 2017 02:16
  • Quote
Bongo Bill
Jan 17, 2012

 Lots of things have goto. C# has goto. Java doesn't even have goto (it reserves the keyword but doesn't use it), but they put it in C#.

* # ? Feb 13, 2017 02:17
  • Quote
Klades
Sep 8, 2011

sarehu posted:

What's so funny about goto?

It's a weird thing to have pop up in a language designed to require minimal competency.

* # ? Feb 13, 2017 02:53
  • Quote
HappyHippo
Nov 19, 2003
Do you have an Air Miles Card?
Goto does have a few good use cases so it's good to keep around. Even awful programmers have absorbed the lesson to not abuse it.

* # ? Feb 13, 2017 03:20
  • Quote
sarehu
Apr 20, 2007

(call/cc call/cc)
It's a great idea to use goto when it's the best option.

* # ? Feb 13, 2017 03:27
  • Quote
Absurd Alhazred
Mar 27, 2010

by Athanatos

sarehu posted:

It's a great idea to use goto when it's the best option.

When is goto the best option?

* # ? Feb 13, 2017 03:29
  • Quote
hobbesmaster
Jan 28, 2008

Absurd Alhazred posted:

When is goto the best option?

When you're implementing a flow control feature not in your language. For example, try/throw in C.

* # ? Feb 13, 2017 03:32
  • Quote
HappyHippo
Nov 19, 2003
Do you have an Air Miles Card?
If your language doesn't have multi-level break for loops, then goto is the best way imo.

* # ? Feb 13, 2017 03:32
  • Quote
b0lt
Apr 29, 2005

Absurd Alhazred posted:

When is goto the best option?

error handling in a language that doesn't have RAII

* # ? Feb 13, 2017 03:33
  • Quote
wide stance
Jan 28, 2011

If there's more than one way to do a job, and one of those ways will result in disaster, then he will do it that way.
Another good use for goto is if a non coder needs to step thru your code to debug something (like a factory technician).

A bit of reach yeah.

* # ? Feb 13, 2017 03:35
  • Quote
Absurd Alhazred
Mar 27, 2010

by Athanatos

hobbesmaster posted:

When you're implementing a flow control feature not in your language. For example, try/throw in C.

At that point flow control is the least of your problems. You're going to have to do stack manipulation, and that means writing assembly code.

* # ? Feb 13, 2017 03:35
  • Quote
vOv
Feb 8, 2014

 I don't write C, but I think the usual idiom for it is something like:

code:
foo* foo = allocate_foo();
if (!do_something()) goto fail_1;
bar* bar = allocate_bar();
if (!do_something_else()) goto fail_2;
...

fail_2:
deallocate_bar(bar);
fail_1:
deallocate_foo(foo);

* # ? Feb 13, 2017 03:40
  • Quote
sarehu
Apr 20, 2007

(call/cc call/cc)

Absurd Alhazred posted:

When is goto the best option?

When you need to break out of a doubly-nested for loop.

When you need to break out of a for loop, but the "reach end of loop" case needs to run an extra statement.

code:
int i = 0;
for ; i < N; i++ {
    if arr[i] == value {
        goto feh
    }
}
arr.append(value)
label feh
// Now arr[i] == value
When you think tail recursion (to the same function) is the best way to express a complicated function but the language doesn't have explicit tail calls. Put a label at the top, the compiler will catch any unhandled cases (that fall off the end of the function).

code:
function find_bst_node(node, key) {
    label top
    if node == null {
        return null
    } else if node->key < key {
        node = node->right
        goto top
    } else if key < node->key {
        node = node->left
        goto top
    } else {
        return node
    }
}
When you want to make a minimal commit in a hairy function, where the commit uses goto. And then refactor the function into something cleaner on the next commit. This makes a better history for git bisect.

A common example of the previous is when you realize the nicest way to make the function handle a specific case is for it to call itself tail-recursively with cleaned up parameters. And then you refactor that into a goto with the label at the top (tail recursion). And then you refactor that into a loop.

* # ? Feb 13, 2017 03:52
  • Quote
Kazinsal
Dec 13, 2011

Absurd Alhazred posted:

At that point flow control is the least of your problems. You're going to have to do stack manipulation, and that means writing assembly code.

Yeah, goto is acceptable when you're in the kind of mess that is low level kernel crap.

* # ? Feb 13, 2017 04:11
  • Quote
Carbon dioxide
Oct 9, 2012

sarehu posted:

When you need to break out of a doubly-nested for loop.

When you need to break out of a for loop, but the "reach end of loop" case needs to run an extra statement.

code:
int i = 0;
for ; i < N; i++ {
    if arr[i] == value {
        goto feh
    }
}
arr.append(value)
label feh
// Now arr[i] == value
When you think tail recursion (to the same function) is the best way to express a complicated function but the language doesn't have explicit tail calls. Put a label at the top, the compiler will catch any unhandled cases (that fall off the end of the function).

code:
function find_bst_node(node, key) {
    label top
    if node == null {
        return null
    } else if node->key < key {
        node = node->right
        goto top
    } else if key < node->key {
        node = node->left
        goto top
    } else {
        return node
    }
}
When you want to make a minimal commit in a hairy function, where the commit uses goto. And then refactor the function into something cleaner on the next commit. This makes a better history for git bisect.

A common example of the previous is when you realize the nicest way to make the function handle a specific case is for it to call itself tail-recursively with cleaned up parameters. And then you refactor that into a goto with the label at the top (tail recursion). And then you refactor that into a loop.

Of course, there are fine solutions for each of your examples in modern languages. In the first, replace goto feh either with whatever it needs to do right there or with a function call. Then put a break statement after it.
In the second, well if you don't have tail calls you can do a regular recursive call on the function - the optimization loss in minimal in most cases on modern systems. If that does cause problems, well every recursive function can be rewritten to not have recursion at all.

You have not convinced me that goto has any uses outside languages such as C and assembly that require/allow you to do low level memory manipulation yourself.

* # ? Feb 13, 2017 08:21
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 28, 2024 10:24
  • Quote
dougdrums
Feb 25, 2005
CLIENT REQUESTED ELECTRONIC FUNDING RECEIPT (FUNDS NOW)
I don't know if go has fall through switch or matching but I could see how using goto to model state machines would be useful in go.

* # ? Feb 13, 2017 09:41
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!
«1503 »