Okay, so I've not blogged for a while... Here's something to make up for it... - Brian Johnson

Okay, so I've not blogged for a while... Here's something to make up for it...

In my daily work I get to do many things.  I make coffee for myself.  I browse.  I read.  I may even do some work.  It's this last one that usually provides me my day's worth of fun.  I have mentioned many WTFs in the past, and it's with great glee that I can now add a new one to the list.  What's even better is this is from a completely separate set of people from before, so now I know this is a more common occurrence that previously thought (sadly).

The basic story: A certain company "that has proven they have nothing to back up the claims that they can also actually deliver the solution on time and in budget" (we'll call them Vendor X) was "forcibly" inserted into a project by a certain senior manager against the will of the Project Manager.  During the process of weekly status meetings, Vendor X managed to, without messing up (the only time they wouldn't), convince the Project Manager that the project was ahead of time, well within budget, and working like a charm.  In fact, even demo's "proved" this.  It was only 4 weeks before the deadline that we realised that there was actually no solution, just merely "slightly altered screens from the original prototype".  I will cut this story here...

Vendor X's biggest selling point was that they have a "framework", an entire environment for managing and maintaining ASP.NET sites along with security access at page level.  This too was non-existent.  However, since they were now 4 months behind with 1 month to go, I was naturally nominated to "help them sort out their sh*t" (one of the lesser pleasures of contract work).

The first issue of course was that the promised framework, which was critically required to be on ASP.NET 2 so as to align with the proposed technology strategy, was in fact on 1.1 (yes, I even had to install Visual Studio 2003 again).  Having now smelled an entire fish market before me, I thought I'd take a look at said framework, and see how much I could learn from their clearly superior capabilities.  What I was to find shocked me. The realisation that there are companies out there that can maintain a living through lies and deception alone is a very scary thing.  It's worse when the original senior manager claims the reason they were behind was due to the project being managed poorly. There's clearly a financial gain going on here somewhere... But I digress...  back to the fun stuff.

My first worry was the following piece of code strewn across the entire solution (and think about this, considering the site's name):

sRedirect="http://" + sServer + "/WebSite1/correspondence/CreateMail.aspx?sUrl=" + sUrl.Replace("&", "$");
Response.Redirect(sRedirect);

I also loved the manual url encoding.  I thought this was really funny.  Not half as funny as their "forms authentication", the manual way (I remember now, always write your own security):

Session["LoginSuccess"]="true";

They also failed to realise that the web.config needs to be configured for forms authentication.  They just left it as Windows authentication.  Of course, this would not be half as funny save for the fact they rarely check this session variable.  This means that the user can be logged out after a while even though they're busy with pages.  Couple this with the fact that most pages can be accessed without logging in so long as you know the URL.

There are other tidbits of complete incompetence too. But I think I'll leave those out.  There is one other one that I would like to show as an example of why I am beginning to think developer culling may not be as bad an idea as it sounds.  I came across this test to validate that an input is alpha-numeric:

bool bAlphaNumeric=true;
if(sValue!="")
{
 
 char [] sArray = null;
 sArray = sValue.ToCharArray();
 foreach (char s in sArray)
 {
  switch (s.ToString().ToUpper())
  {
   case "A":  bAlphaNumeric=true;
    break;
   case "B":  bAlphaNumeric=true;
    break;
   case "C":  bAlphaNumeric=true;
    break;

   // All others here ...

   case "Z":  bAlphaNumeric=true;
    break;
   case "1":  bAlphaNumeric=true;
    break;
   case "2":  bAlphaNumeric=true;
    break;
   case "3":  bAlphaNumeric=true;
    break;
   case "4":  bAlphaNumeric=true;
    break;
   case "5":  bAlphaNumeric=true;
    break;
   case "6":  bAlphaNumeric=true;
    break;
   case "7":  bAlphaNumeric=true;
    break;
   case "8":  bAlphaNumeric=true;
    break;
   case "9":  bAlphaNumeric=true;
    break;
   case "0":  bAlphaNumeric=true;
    break;
   case " ":  bAlphaNumeric=true;
    break;
   default:   bAlphaNumeric=false;
    break;
  }
  if(bAlphaNumeric==false)
  {
   return bAlphaNumeric;
  }
 }
}
return bAlphaNumeric;

There were 4 other similar functions.  Clearly "regular expressions" never cropped up.  If I had started coding the above, I certainly would have asked myself "there must be a better way?"... 

Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!
Published 13 October 2006 10:41 PM by brian
Filed under:

Comments

# bkelly said on 16 October, 2006 09:20 AM

That certainly deserves a submission to www.TheDailyWTF.com.