There are certain problems in computing that you generally shouldn�t tackle unless you�re planning to make it your life�s work. Don�t write your own date handling logic. Don�t write your own encryption. If you do, you�ll probably screw it up, so use something developed by someone who knows what they are doing.
Handling passwords is a subset of encryption, in many ways. Samuel sends this to us as a confession- he hopes to unburden himself of his sins. It�s bad enough that he�s passing passwords in the clear, but he goes a step farther:
if(isset($_POST["pass"])){
$r=rand(0,1);
if( ($r==0 && md5($_POST["pass"])=="7e843964cca0fe3c3adc1d3f8605554b") || ($r==1 && sha1($_POST["pass"])=="92f5d9410b62c8a35da15d64cacce9db13d15277") ){
//render successful login content, set cookie
}else{
//render login error
}
}else{
//render "no password" error
}
If the user has supplied a password, this utterly bizarre logic will flip a coin. Based on the flip, it will compare the hash of the input password using either MD5 or SHA�1, and for bonus points, the hashes are hard-coded in, which I guess �solves� the problem of storing them someplace.
One of Samuel�s co-workers spotted this, saw his name on the commit, and asked him, �What were you thinking?�
Samuel could only answer, �I wasn�t.�
[Advertisement] Use NuGet or npm? Check out
ProGet, the easy-to-use package repository that lets you host and manage your own personal or enterprise-wide NuGet feeds and npm repositories. It's got an
impressively-featured free edition, too!
http://thedailywtf.com/articles/confession-the-coin-flip-hash
