Hacker News new | comments | show | ask | jobs | submit login

>They're all over the place. People just starting out. It could've been an intern fresh out of college. It could've been someone who just never graduated beyond copy-and-paste-from-StackOverflow. It could've been written by a person who never did web development before and was just told to make it work.

I'm an intern, just moving past S.O. copy-pasta jobs and generally get scared at what the hacker news crowd might say about my code... seeing this caliber of shit get pushed live by a major ISP is almost comical, if an admitted novice such as myself can see that it should be a sign as to the ineptitude of our current crop of ISPs.




The code on your GitHub, for the most part, seems fine.

One thing I can say is don't use exec[1] if you can avoid it:

    $string = 'rm /var/www/Giftest/*.gif';
    exec($string);
While there's nothing * technically* wrong, it's platform specific and I think it would be better to use PHP's unlink[2] function. Also, sorry if this is wrong, I haven't looked at the regex but it seems your parsing YouTube URLs? Have you looked at oEmbed[3] - it may be an easier way to accomplish what your doing? You can use it with json_decode[4] to get an object.

[1] https://github.com/Machtap/GiffyTube/blob/master/download.ph...

[2] http://php.net/manual/en/function.unlink.php

[3] http://apiblog.youtube.com/2009/10/oembed-support.html

[4] http://php.net/manual/en/function.json-decode.php


would you be willing to discuss this further? No contact in your profile.


Sorry for the delay in getting back to you. Check your emails.


The type of programmer who writes code like this never wonders whether their code could be better or not. So don't worry, just by being self-aware enough to ask the question you put yourself on a higher level.


One thing I have learned over the years: It is easy to write "this is crap code" over a lot of production code I have seen. But making it better, writing consistently great code in the usual environment is much harder.

Don't let the macho attitude of HN infect you too much - a lot of people here (and elsewhere) are great in criticizing others.


+1. When you have whole pile of pretty bad code to maintain, it is very difficult to make the fixes significantly better within the time you have to make the fix. Usually significant improvements would require extensive refactoring which is feasible or sensible in surprisingly few cases.

Though, I have to admit, bitching about other peoples' code is fun.


You should be scared... what's with the hardcoded login info exposed on github?

https://github.com/Machtap/_ctv/blob/master/_www/model/commo...


The database doesn't accept external connections, out of curiosity, what is the proper way to pass connection credentials?


at a minimum:

- keep config variables in a separate file that is in your .gitignore and won't get pushed to github.

- keep config file outside of any web accessible directory in case the file renders in plaintext for some reason.

Regardless of db only accepting local connections - an attacker is one step closer to dumping the db.


Hrm, is there really a problem if the test data on my development server were to get dumped? It's not like those credentials or the accounts stored in the db carry over when this gets deployed to production, nor will the changes for production ever come close to my github.

Still very valuable things to be aware of in future situations where the above might not apply, thank you very much.


Keep it up - keep moving up and learning more stuff. Be awesome. Don't worry too much about what other people think of your code, worry just enough that it pushes you to write better code. :)




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: