Well, it’s 12:43am on Wednesday, February 14 (… happy Valentine’s Day?) and I feel like a coding badass.
Why? Well, two reasons.
The first is that I was working on Tuesday and someone had a ticket open with me that was complaining that one of our plugins was forcing use of the http protocol, rather than the https protocol. And I’m like “pfft, no way,” so he sends me a video and shows me and I’m like… “whaaaat?”
So I went digging around on GitHub in the code.
Sure enough, in the abstract class file (which, in case you’re unaware, serves as a template, if you will), there was a reference to a variable for a base URL… which had http hardcoded as the protocol to use.
Now, that might not seem like a big deal, because so much of the web is insecure and has no real need to be secure. But we deal with ecommerce sites, so HTTPS is, more often than not, in use on these sites. So why on earth didn’t the developers use // as a protocol agnostic prefix to the base URL? No idea. Literally, no idea.
Of course, this was coming from me, with my whole entire 80 hours of PHP under my belt, so although that’s what it looked like to me, I wasn’t certain. I flagged it to a developer who took a look and said “great sleuthing!” and she pushed some changes which made it into the release that’s going out this week. I was so surprised that:
a) I was right
b) This code existed in the first place!
I mean, I haven’t done any secure sites ever, but I learned at my last workplace that one needs to account for whether or not the client will be using an SSL certificate, so you should always use // instead of specifying http or https. Makes sense. I checked the history and it appears that the two lines with http in them had been there since, oh, the start of the plugin. hahaha.
So, that’s one reason I feel like a coding badass.
It took me longer than I’d like to admit, but I finally got it to work. The main issue was that I’d accidentally written newTime=newtime.settime(newvalue) instead of just newtime.settime(newvalue). ¯\_(ツ)_/¯ The secondary issue was that my universaltime variable wasn’t going to GMT/UTC, for some reason, which ended up being “Julie, you’re stupid and altering the wrong variable before passing it back.”
Just six more classes (including Thursday) before I’m done! And then maybe I can return my attention to my game.
No real updates there, although I now have figured out I’m probably just going to end up using bcrypt as my password hashing method. Literally, the only piece of personally-identifiable information I think I want to store that belongs to a user is an email address. No reason for anything else, so I don’t think I need to go all out for security. Still, I did a lot of research and reading and feel a lot more comfortable with what I’m going to be attempting here, at least when it comes to users.
Okay, it’s getting late and I should be up in about 8 hours to work, for eight hours, and then study for the rest of the evening.