Tag Archives: code from hell

Code From Hell

4 Replies

There are a lot of code zealots out there who pretend to think that their chosen language is the best language ever and anyone who uses another language is dumb. I’ve lost count of the PHP vs Java, or ‘language a’ vs ‘language b’ debates I’ve seen. Sometimes it comes down to personal choice, sometimes a certain language is a better option for the task at hand and sometimes it really doesn’t matter. Personally whilst I do like certain languages I have never ruled out other languages simply because I don’t like them. Better is nearly always a matter of opinion.

What does hold universal though is that no matter what language you use there are always people who produce poor code in them. And then there are people who produce code so bad that they give programmers a bad name. As a long time reader of the blog Daily WTF you can find so many examples of bad code in just about any language, and during my career I’ve come across code which could make many an article. Recently however I have been cursed with working on a code base that is so monumentally bad that I feel compelled to share some of the best snippets. Warning: what follows may make you weep!

Has it been obfuscated?

There are functions (but not all) in the code base that simply look like they have been obfuscated, variable names have been replaced with what looks like machine generated names. That is until you look closer and you realise that no obfuscation program could be so inconsistent. Mixed amongst the seemingly generated variable names is the odd variable name that makes sense. Take this example below:

get_page_game() {
  if(isset($_SESSION['auth']['uid'])) {
    $uid=$_SESSION['auth']['uid'];
    $ip=$_SERVER['REMOTE_ADDR'];
    $date=date('Y-m-d');
    if(isset($_POST['gameID'])) {
      $i0l1101=isset($_POST['userID'])? preg_replace('/[^\d]/','',$_POST['userID']) : 0;
      $i0l11010=isset($_POST['gameID'])? preg_replace('/[^\d]/','',$_POST['gameID']) : 0;
      $i0l110101=isset($_POST['highscore'])? preg_replace('/[^\d]/','',$_POST['highscore']) : 0;
      $i0l1101010=isset($_POST['wpm'])? preg_replace('/[^\d]/','',$_POST['wpm']) : 0;
      $i0l11010101=isset($_POST['userStage'])? preg_replace('/[^\d]/','', $_POST['userStage']) : 0;
      $i0l110101010=isset($_POST['userSpeed'])? preg_replace('/[^\d]/','', $_POST['userSpeed']) : 0;
      $i0l1101010101=isset($_POST['userUnlocked'])? preg_replace('/[^\d]/','', $_POST['userUnlocked']) : 0;
      $i0l11010101010=isset($_POST['incrementLevel'])? preg_replace('/[^\d]/','', $_POST['incrementLevel']) : 0;
      $i0l110101010101=isset($_POST['wpmTarget'])? preg_replace('/[^\d]/','', $_POST['wpmTarget']) : 0;
      $il1l1l1010101011=isset($_POST['lettersTyped'])? preg_replace('/[^\d]/','', $_POST['lettersTyped']) : 0;
      $ill00=database::query("SELECT `nickname`,`grpname`,`stage`,`lvldata`,`maximum_score` FROM `ft_account_members` WHERE `uid`='$i0l1101'");
      while($ill001=mysql_fetch_array($ill00)) {
        $i00l1101010101010=$ill001['nickname'];
        $i00l11010101010101=$ill001['grpname'];
        $hlvldata=$ill001['lvldata'];
        $i00l110101010101=$ill001['maximum_score'];
      }
      $i1l01ll0= 'ft_64m3'.$i0l11010;
      $ill0010=database::query("SELECT `highscore` FROM `".$i1l01ll0."` WHERE `nickname`='$i00l1101010101010'");
      if(mysql_num_rows($ill0010)>0) {
        $ill00101=mysql_fetch_array($ill0010);
        if(mysql_error()=='') {
        }
        else { 
          echo mysql_error();
          exit();
        }
        ...
      }
    }
  }
}

Variables look generated, $i, $i1i, $i10 etc but then you look closer and realise some of 1′s are actually l’s, which conceivably could be generated, but then right in the middle is $hlvldata. Huh? either it has been obfuscated and the obfuscater is unbelievable or the variable names have been purposely chosen!

Ever heard of a loop?

So what do you do if you want to assign 32 variable names in ascending numerical order. Why you write it our 32 times of course, and of course you do this in at least 10 functions as well just for good measure.

$mpm->assign('gs0',$mp->get_game0score());
$mpm->assign('gs1',$mp->get_game1score());
$mpm->assign('gs2',$mp->get_game2score());
$mpm->assign('gs3',$mp->get_game3score());
$mpm->assign('gs4',$mp->get_game4score());
$mpm->assign('gs5',$mp->get_game5score());
$mpm->assign('gs6',$mp->get_game6score());
$mpm->assign('gs7',$mp->get_game7score());
$mpm->assign('gs8',$mp->get_game8score());
$mpm->assign('gs9',$mp->get_game9score());
$mpm->assign('gs10',$mp->get_game10score());
$mpm->assign('gs11',$mp->get_game11score());
$mpm->assign('gs12',$mp->get_game12score());
$mpm->assign('gs13',$mp->get_game13score());
$mpm->assign('gs14',$mp->get_game14score());
$mpm->assign('gs15',$mp->get_game15score());
$mpm->assign('gs16',$mp->get_game16score());
$mpm->assign('gs17',$mp->get_game17score());
$mpm->assign('gs18',$mp->get_game18score());
$mpm->assign('gs19',$mp->get_game19score());
$mpm->assign('gs20',$mp->get_game20score());
$mpm->assign('gs21',$mp->get_game21score());
$mpm->assign('gs22',$mp->get_game22score());
$mpm->assign('gs23',$mp->get_game23score());
$mpm->assign('gs24',$mp->get_game24score());
$mpm->assign('gs25',$mp->get_game25score());
$mpm->assign('gs26',$mp->get_game26score());
$mpm->assign('gs27',$mp->get_game27score());
$mpm->assign('gs28',$mp->get_game28score());
$mpm->assign('gs29',$mp->get_game29score());
$mpm->assign('gs30',$mp->get_game30score());
$mpm->assign('gs31',$mp->get_game31score());
$mpm->assign('gs32',$mp->get_game32score());

For the love of Deity man have you never heard of a loop? Perhaps he’d tried it as dynamic method calls and it didn’t work for him, oh wait no he’s already used a dynamic method call in another function, so that can’t be right.

Oh yeah and check out the variable names, no $iiii this time, and unbelievably where this is used multiple times the variable names are different, so it isn’t just a cut and paste jobbie???

Ever heard of date functions?

Damn you MySQL and your weirdly formatted dates, I don’t understand them, if only I could make them more friendly? I know I can split the date up and then change it – how could this be coded?

switch($hMonth) {
  case 1: 
    $hMonth='Jan';
    $hValue=1;
  break;
  case 2: 
    $hMonth='Feb';
    $hValue=2;
  break;
  case 3: 
    $hMonth='March';
    $hValue=3;
  break;
  case 4: 
    $hMonth= 'April';
    $hValue=4;
  break;
  case 5: 
    $hMonth='May';
    $hValue=5;
  break;
  case 6: 
    $hMonth='June';
    $hValue=6; 
  break;
  case 7: 
    $hMonth='July';
    $hValue=7;
  break;
  case 8: 
    $hMonth='Aug';
    $hValue=8;
  break;
  case 9: 
    $hMonth='Sep';
    $hValue=9;
  break;
  case 10: 
    $hMonth='Oct';
    $hValue=10;
  break;
  case 11: 
    $hMonth='Nov';
    $hValue=11;
  break;
  case 12: 
    $hMonth='Dec';
    $hValue=12;
  break;
}

Maybe its because he wanted to be as inconsistent with the date month display as he is with his variable names? There are so many shorter ways of doing this, let MySQL spit the date out in a correct format, use strtotime() coupled with date()? Argghh it hurts its too painful.

Ever heard of a sane data structure?

This last example takes the biscuit though. As far as I can tell what the coder wanted to do was store a set of 3 data points representing level scores. How did he choose to do this? in the date format 1_1.1_2.1_3.2_1.2_2.2_3….. thats right as a ‘.’ separated list with a ‘.’ set separator! How the hell would this be read in and updated… like this:

$a0=array("a00"=>array(
  0=>0,1=>0,2=>0,3=>0,4=>0,5=>0,6=>0,7=>0,8=>0,
  9=>0,10=>0,11=>0,12=>0,13=>0,14=>0,15=>0,16=>0,
  17=>0,18=>0,19=>0,20=>0,21=>0,22=>0,23=>0,24=>0,
  25=>0,26=>0,27=>0,28=>0,29=>0,30=>0,31=>0,32=>0
));
$a1=array("a11"=>array(
  0=>0,1=>0,2=>0,3=>0,4=>0,5=>0,6=>0,7=>0,8=>0,
  9=>0,10=>0,11=>0,12=>0,13=>0,14=>0,15=>0,16=>0,
  17=>0,18=>0,19=>0,20=>0,21=>0,22=>0,23=>0,24=>0,
  25=>0,26=>0,27=>0,28=>0,29=>0,30=>0,31=>0,32=>0
));
$a2=array("a22"=>array(
  0=>0,1=>0,2=>0,3=>0,4=>0,5=>0,6=>0,7=>0,8=>0,
  9=>0,10=>0,11=>0,12=>0,13=>0,14=>0,15=>0,16=>0,
  17=>0,18=>0,19=>0,20=>0,21=>0,22=>0,23=>0,24=>0,
  25=>0,26=>0,27=>0,28=>0,29=>0,30=>0,31=>0,32=>0
));

$hlvldataii=$hlvldata;
$hlvldatatok0=strtok($hlvldataii,".");
$hCntTok0=0;
$hCntTok1=0;

while($hlvldatatok0 !== false) {
  if($hCntTok1==0)$a0["a00"][$hCntTok0]=$hlvldatatok0;
  if($hCntTok1==1)$a1["a11"][$hCntTok0]=$hlvldatatok0;
  if($hCntTok1==2){
    $a2["a22"][$hCntTok0]=$hlvldatatok0;
    $hCntTok0++;
    $hCntTok1=0;
    $hlvldatatok0=strtok(".");
    continue;
  }
  $hlvldatatok0=strtok(".");
  $hCntTok1++;
}

$hlvl=$hCntTok0-1;
$hFlg=0;

for($i=0;$i<$user_stage;$i++) {
  $hlvlSrch.=$a0["a00"][$i].'.'.$a1["a11"][$i].'.'.$a2["a22"][$i].'.';
}

$hlvlSrch .= $user_stage.'.'.$wpm.'.'.$wpm_target;

I don't even know where to begin with this, have a go yourself, of course the variable names have been designed to help legibility. I wanted so badly to re-write it but in the end I opted to leave it as is and grab a beer.

Kill me now!

I could go on, these examples are just insane, the rest of the code is no better, if statements 20 levels deep, the same code repeated in a dozen functions, a single file with over 4000 lines of code. I can honestly say this is some of the worse code I've ever had the misfortune to work on.

Unfortunately I had to inform the client of how bad the code was, embarrassed at the level of incompetence displayed by my profession. Fortunately she was very understanding and guided by me has taken the wise decision to let me throw it away and start again. Hopefully a happy ending!!!