

If (false) - babawere
https://github.com/kdambekalns/flow/blob/fd830e6a62dcdf321409ba2aa4d70a8aaf3da011/Resources/PHP/iSecurity/Security_Randomizer.php#L208

======
sz4kerto
There is nothing to see here, go away please. :) It's just the simplest way of
turning a code fragment on/off. Not pretty, but not the end of the world
either. :)

~~~
xroche
In C, at least, compared to the commented out version or removed (when using
versionning) variant, the code is still present and builds (and will break
upon API change, guaranteeing it to be up-to-date), is present when re-
factoring (not necessarily easy with all version control systems), and has no
impact over performances (might not be true with PHP). So this can be seen as
a feature, actually.

~~~
dz0ny
PHP will parse whole file, before actually optimizing anything. Thats the only
penalty you get.

------
Tepix
So, getRandomInteger() keeps fetching bytes and adding them as 0..255 values
until it reaches the desired value? How silly is that? For a random number
between 0 and 2147483648 it would require 8388608 random bytes.. omg!

~~~
Robin_Message
It's also going to return random numbers with a binomial distribution, which
might be surprising since most generators are uniform.

How is this "improved security"?

~~~
Tepix
Yep. Just awful...

------
chmod775
There's 4,284,794 results for "if(false)" on GitHub:

[https://github.com/search?q=%22if%28false%29%22&type=Code&re...](https://github.com/search?q=%22if%28false%29%22&type=Code&ref=searchresults)

~~~
babawere
Looking more like a trend ... PHP biggest culprit

\- PHP 2,333,198 \- JavaScript 491,084 \- C 306,891 \- C++ 198,900 \- Java
169,748 \- Python 106,708 \- HTML 85,903 \- Ruby 57,830 \- Smalltalk 28,647 \-
C# 24,813

~~~
davidw
I think you just found out that PHP is a very widely used programming
language. To make a more meaningful comparison, divide by the total lines of
code.

------
quchen

      [-][[This reminds me of Brainfuck,
           where a similar hack can be
           used to write comments with
           arbitrary contents -- even 
           containing "]" if you ba-
           lance them right.]

------
eksith
Is most of this even necessary?

Couldn't you get away with:

    
    
      function IV( $size, $ssl = false ) {
      	if ( $ssl && function_exists( 'openssl_random_pseudo_bytes' ) ) {
      		return openssl_random_pseudo_bytes( $size, true );
      	}
      	return mcrypt_create_iv( $size, MCRYPT_DEV_URANDOM );
      }
    

From the docs: [http://it.php.net/manual/en/function.mcrypt-create-
iv.php](http://it.php.net/manual/en/function.mcrypt-create-iv.php)

    
    
      5.3.0 MCRYPT_DEV_RANDOM and MCRYPT_DEV_URANDOM became available on Windows platforms.

------
gohwell
That's one way to comment out code

~~~
filipedeschamps
That's also one way to not use version control.

~~~
mschuster91
I only delete code I know I'm not going to use later.

Refactoring, especially renaming files, WILL make it next to impossible to
find "that one bit of code you know that does the trick", because even with a
rgrep or git blame it will not turn up.

As soon as the commit history is >50 commits, it's also not feasible any more
to scroll through hundreds of pages of diffs.

Side note: find a way to easily store "intentionally dead" code in a file, in
a way that it does not show up in the code, but can be searched at least on
the commandline - easy way to get rich. Devs all over the world will love you.

(I'd imagine replacing a block of code e.g. with /* REMEMBERME _/ , git
detecting this block (and inserting a /_ REMEMBER-ID 12345 */ instead), and
git supporting a command like "git show-dead file.c" which shows all the dead
code, too.)

~~~
spuz
Maybe you are unaware of git pickaxe. See the -S option of git log:
[https://www.kernel.org/pub/software/scm/git/docs/git-
log.htm...](https://www.kernel.org/pub/software/scm/git/docs/git-log.html)

~~~
mschuster91
Indeed I was, yet still this forces me to remember a part of the string of the
code I deleted... which may not be the case if the commit was a month or two
(or more!) ago. I mostly remember just "ah, this was in class XYZ"... open it,
quickly scan the file for the comment blocks and voila, there's my code.

------
Grue3
In Common Lisp there's a special syntax to make the reader ignore an
expression, for example #+feature(code here) is executed only if feature is
present. It's common to see code commented out with "#+(and)(code here)" or
"#-(or)(code here)". In fact there are proponents for either one of these
idioms. I guess in Algol-style languages it's rarer to see code commented out
like that?

------
artumi-richard
I like it when the expression in the "if" is clear.

------
mbq
It is perfectly sane idea for switching code with macros (though for(;0;) is
better) and for making compiler do some tests without polluting the code.

------
piratebroadcast
Someone care to explain this and its implications like I'm 5?

~~~
nzp
I haven't done enough C to need it, but it's a relatively common C idiom (not
sure about PHP though). It's usually used with a goto jump (label inside if
(0)) to clean up after an error. That way during normal execution the label
code never executes. (I hope I remember this correctly.)

------
dz0ny
This will work when there is glitch in the Matrix.

