Is this legit or just a meme?
Chiru.no mail
Ryan Allen
Other urls found in this thread:
chiru.no
chiru.no
twitter.com
Charles Thompson
I bet it's all stored in plain text.
Aiden Cooper
Someone mspaint/pinta this shit next to the computer science guy meme, what atrocious programming
Bar is already pretty low with PHP but Jesus Christ it's an eyesore.
Hudson Price
> no captcha
weeeew
Alexander Edwards
>"what atrocious programming"
>doesn't point out any flaws
Jack Diaz
>if ( strpos(file_get_contents('hash.txt'), md5(file_get_contents('salt.txt').$_SERVER['REMOTE_ADDR'])."\n") !== false && !isset($_GET['oldpassword']) )
Jordan Williams
Andrew Roberts
The code is fucking simple what are you saying.
Jaxson Parker
oh now he hides it
Connor Cruz
I'll write that in PHP and it will be the most beautiful thing you've ever seen. Don't blame developer incompetence on the language. The barrier to entry for PHP is low, so naturally there are more terrible devs.
Julian Flores
yeah those were ip hashes so you can't register on the same ip twice
my bad
Jace Gonzalez
Look for yourself you fucking retard, if I see md5 functions used for anything except duplicate upload prevention I'll fire your ass, not to mention salting it with a predictable fucking ip address!
Add some more elseifs while you're at it.
Chase Howard
If you have any concerns or feedback please contact us at the address: [email protected] :^)
Hunter Gomez
Oh Jesus Christ are you kidding, the hash was web exposed?
Fucking retard, use phps inbuilt hash verify function not your own md5 predictable pos
Asher Gray
don't email it, it creates mustard gas
Cameron Thompson
>form uses GET instead of POST
I need chemotherapy now.
Nicholas Nelson
>the hash was web exposed?
S/hash/salt
Ryder Green
>DURR HURR ILL FIRE UUUUUU
retarded argument
> not to mention salting it with a predictable fucking ip address!
what the fuck are you talking about?
he *should* use a slow key derivation function like PBKDF2 and a unique salt for each password. The salt.txt and hash.txt were both exposed which made it trivial to crack and find everyones IP. He owned up to the mistake and fixed it by making hash.txt 403.
> md5 predictable pos
literally what the fuck are you talking about? I think somebody has mistaught you cryptography.
Evan Russell
JESUS
FIX THIS
David Butler
You're right, it doesn't matter for the hash. I have no excuse there. I was thinking of seeding the rng
Doesnt excuse using md5 when as you said there are better functions out there
Adam Wright
Fucking nerd.
Jaxson Powell
This is amazing. I've used this email for my university stuff and other transactions. Simple and fast as opposed to gmx