So, a new web project came for some small layout changes, nothing to fancy.
It was on the hands of another company and the client didn't want to work with them anymore. Basic Magento with a custom theme.

As I was wondering through files, I found out that the old devs echoed, in ".phtml" files, contents from ".txt" files located in base directory. I was shocked and went forward with it. The core of Magento had tons of this "echo"s. Several minutes later I found out that they "coded" another administration panel besides Magento, that had "authentication" with hard-coded user/pass inside index.php and a session start. That admin panel just rewrote the contents of .txt files using textareas. Why/what/when the fuck..they've forgotten the admin password?!?!!!!

This was like 3-4 years ago.
Worst project i've seen, ever...