Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "page redirect"
-
I hate those fucking sites which make you login first and then redirect to their home page.
FOR FUCK'S SAKE, ITS 2017. CANT YOU BASTARDS WRITE A FEW LINES OF CODE SO THAT I AM AUTOMATICALLY REDIRECTED TO WHERE I WAS AND I NEED NOT BACKSPACE EVERY TIME I LOGIN?9 -
More than half of all support calls and tickets we get are so fucking easily searchable through our own fucking website and search engines, it's really fucking annoying sometimes.
"how do I redirect a site?"
Type the fucking word redirect into our helpdesk page.
"how can i reset my email password?"
Literally fucking type the word EMAIL into fucking search bar?!
"hey the article said to go to yourdomain.com/webmail, I'm not getting anything!!!"
"what domain did you use?"
"yourdomain.com of course!"
😥🔫
"how can I add a domain to my hosting?"
Search for the FUCKING word DOMAIN on our online helpdesk.
IT'S REALLY NOT THAT HARD, PLEASE APPLY COMMON SENSE AND USE YOUR FUCKING BRAIN.17 -
We're using a ticket system at work that a local company wrote specifically for IT-support companies. It's missing so many (to us) essential features that they flat out ignored the feature requests for. I started dissecting their front-end code to find ways to get the site to do what we want and find a lot of ugly code.
Stuff like if(!confirm("blablabla") == false) and whole JavaScript libraries just to perform one task in one page that are loaded on every page you visit, complaining in the js console that they are loaded in the wrong order. It also uses a websocket on a completely arbitrary port making it impossible to work with it if you are on a restricted wifi. They flat out lie about their customers not wanting an offline app even though their communications platform on which they got asked this question once again got swarmed with big customers disagreeing as the mobile perofrmance and design of the mobile webpage is just atrocious.
So i dig farther and farthee adding all the features we want into a userscript with a beat little 'custom namespace' i make pretty good progress until i find a site that does asynchronous loading of its subpages all of a sudden. They never do that anywhere else. Injecting code into the overcomolicated jQuery mess that they call code is impossible to me, so i track changes via a mutationObserver (awesome stuff for userscripts, never heard of it before) and get that running too.
The userscript got such a volume of functions in such a short time that my boss even used it to demonstrate to them what we want and asked them why they couldn't do it in a reasonable timeframe.
All in all I'm pretty proud if the script, but i hate that software companies that write such a mess of code in different coding styles all over the place even get a foot into the door.
And that's just the code part: They very veeeery often just break stuff in updates that then require multiple hotfixes throughout the day after we complain about it. These errors even go so far to break functionality completely or just throw 500s in our face. It really gives you the impression that they are not testing that thing at all.
And the worst: They actively encourage their trainees to write as much code as possible to get paid more than their contract says, so of course they just break stuff all the time to write as much as possible.
Where did i get that information you ask? They state it on ther fucking career page!
We also have reverse proxy in front of that page that manages the HTTPS encryption and Let's Encrypt renewal. Guess what: They internally check if the certificate on the machine is valid and the system refuses to work if it isn't. How do you upload a certificate to the system you asked? You don't! You have to mail it to them for them to SSH into the system and install it manually. When will that be possible you ask? SOON™.
At least after a while i got them to just disable the 'feature'.
While we are at 'features' (sorry for the bad structure): They have this genius 'smart redirect' feature that is supposed to throw you right back where you were once you're done editing something. Brilliant idea, how do they do it? Using a callback libk like everyone else? Noooo. A serverside database entry that only gets correctly updated half of the time. So while multitasking in multiple tabs because the performance of that thing almost forces you to makes it a whole lot worse you are not protected from it if you don't. Example: you did work on ticket A and save that. You get redirected to ticket B you worked on this morning even though its fucking 5 o' clock in the evening. So of course you get confused over wherever you selected the right ticket to begin with. So you have to check that almost everytime.
Alright, rant over.
Let's see if i beed to make another one after their big 'all feature requests on hold, UI redesign, everything will be fixed and much better'-update.5 -
You want to know what fucking pisses me off? This fucking router thinking it can just inject itselft and redirect into any fucking page that it wants..my fucking bank account? Yep, my fucking google docs? YEP, Fucking CSGO? YOU BET BRO19
-
My parents are real sticklers for who is allowed to be on Netflix. They only let people on when they are present, and they never click 'save password'.
Me being a poor college student and desperate for the Netflix password, created a fake website for one of my parents to sign into.
How did I do this? I created my own localhost server with a backend database for the password to go to. I then copied the Netflix home screen and log in and asked them to log me into their account.
They said I can be on for one hour, and then they were signing me out.
I agreed to these terms.
As a small twist, I had also copied the no internet tab from Chrome for the page to redirect to. Knowing that once they logged in they would be expecting the main UI.
They logged in and then waited for the page to load. I, of course, put in a delay for the page to load and then displayed the no internet tab. They were confused and asked me to refresh, still nothing. I asked them if the router was out, and they went to check.
While they were away I quickly switched back to the real Netflix website and yelled back saying I got it working again. They came back over and saw that it was asking for a password again. They signed in and saw the main homepage and none were the wiser that day.
Once they left I checked inside the DB and found the plaintext password they typed in... The damn password was so simple, I cursed myself for not having figured it out sooner. No matter, I had my parents Netflix password.
So you're probably wondering how they didn't see the URL above and think something was off?
I pressed F11 and fullscreened my entire browser. They did ask, and I simply replied with, I don't like seeing all the crap up above when I'm streaming. No further questions, perhaps I was lucky.14 -
In the old days switching accounts was as simple as logging out and logging in
Now, logging out redirects you to 20 different pages, doesn't redirect you to the original page, and sometimes it doesn't even log you out5 -
!!oracle
I'm trying to install a minecraft modpack to play with a friend, and I'm super psyced about it. According to the modpack instructions, the first step is to download the java8 jre. Not sure if I actually need it or not, but it can download while I'm doing everything else, so I dutifully go to the download page and find the appropriate version. The download link does point to the file, but redirects to a login page instead. Apparently I need an oracle account to download anything on their site. stupid.
So I make an account. It requires my life story, or at least full name and address and phone number. stupid. So my name is now "fuck off" and I live in Hell, Michigan. My email is also "gofuckyourself" because I'm feeling spiteful. Also, for some reason every character takes about 3/4ths of a second to type, so it's very slow going. Passwords also cannot contain spaces, which makes me think they're doing some stupid "security" shenanigans like custom reversible encryption with some 5th grade math. or they're just stupid. Whatever, I make the stupid account.
Afterwards, I try to log in, but apparently my browser-saved credentials are wrong? I try a few more times, try enabling all of the javascripts, etc. No beans. Okay, maybe I can't use it until I verify the email? That actually makes some sense. Fine, I go check the throwaway inbox. No verification email. It's been like five minutes, but it's oracle so they probably just failed at it like everything else, so I try to have them resend the email. I find the resend link, and try it. Every time I enter my email address, though, it either gives me a validation error or a server error. I try a few mores times, and give up. I try to log in again; no dice. Giving up, I go do something else for awhile.
On a whim later, I check for the verification email again. Apparently it just takes bloody forever, but it did show up. Except instead of the first name "Fuck" I entered, I'm now "Andrew", apparently. okay.... whatever. I click the verify button anyway, and to my surprise it actually works, and says that I'm now allowed to use my account. Yay!
So, I go back to the login page (from the download link) and enter my credentials. A new error appears! I cannot use redirects, apparently, and "must type in the page address I want to visit manually." huh? okay, i go to the page directly, and see the same bloody error because of course i do because oracle fucking sucks. So I close the page, go back to the download list, click the link, wait for the login page redirect (which is so totally not allowed, apparently, except it works and manual navigation does not. yay backwards!), and try to log in.
Instead of being presented with an error because of the redirect, it lets me (try to) log in. But despite using prefilled creds (and also copy/pasting), it tells me they're invalid. I open a new tab container, clear the cache (just to be thorough), and repeat the above steps. This time it redirects me to a single signon server page (their concept of oauth), and presents me with a system error telling me to contact "the Administrator." -.- Any second attempts, refreshes, etc. just display the same error.
Further attempts to log in from the download page fail with the same invalid credentials error as before.
Fucking oracle and their reverse Midas touch.10 -
deadmau5 exclusive on tidal streaming.
Fuck, okay.
*Sign up*
>> enters email, password
>> redirect to different signup page
>> enters email, password
>> redirect to original signup page
>> ????
>> enters email, password
>> redirect to second signup page again
>> ????????????
>> try to login
>> enters email, password
>> nope
>> listen to preview of album
>> please enable flash
>> okay, fuck you, deadmau5.9 -
Putting chatgpt to some good use. Writing a complaint mail to the idiots maintaining my banking app in the style of shakespare.
Hark thee, App Support Team,
With grave disquiet and vexation doth I write to thee concerning thy recent update of the application. As a software developer, the option to enable developer settings on mine own mobile device is of paramount importance for mine work. Yet thy latest update hath impeded mine access to mine own bank account until I disable this setting. Upon launching the app, it doth redirect me to a browser tab, where I am compelled to deactivate the developer setting to avail of thy services.
This conduct of thine is most unacceptable and unprofessional in mine eyes. It doth seem a transgression of privacy, for thy app doth dictate what settings I may or may not have on mine own personal phone. How canst thou deny me access to mine own bank account information merely on the grounds of having enabled developer options? How doth this option interfere with thy application, such that thou must needs coerce thy users to forsake their phone settings to utilize thy app?
I beseech thee to rectify this issue with all due haste, so that I may access mine own bank account without hindrance. If thou art incapable of doing so, then prithee, might thou recommend a more user-friendly banking application to which I may gladly switch?
With frustration and discontent at this time,
A locked-out person.
Backstory : So recently one of my banking app stopped working and forced me to update to their latest version. As soon as i opened the newer version , it shut down and redirected to my browser with a shitty html page with just one message : Disable developer options on your device to continue using our app. I was extremely frustated and couldnt understand what kind of idiots were maintaining this app.So i decided to write up an email hoping to find some solution for this.11 -
Well... I had in over 15 years of programming a lot of PHP / HTML projects where I asked myself: What psychopath could have written this?
(PHP haters: Just go trolling somewhere else...)
In my current project I've "inherited" a project which was running around ~ 15 years. Code Base looked solid to me... (Article system for ERP, huge company / branches system, lot of other modules for internal use... All in all: Not small.)
The original goal was to port to PHP 7 and to give it a fresh layout. Seemed doable...
The first days passed by - porting to an asset system, cleaning up the base system (login / logout / session & cookies... you know the drill).
And that was where it all went haywire.
I really have no clue how someone could have been so ignorant to not even think twice before setting cookies or doing other "header related" stuff without at least checking the result codes...
Basically the authentication / permission system was fully fucked up. It relied on redirecting the user via header modification to the login page with an error set in a GET variable...
Uh boy. That ain't funny.
Ported to session flash messages, checked if headers were sent, hard exit otherwise - redirect.
But then I got to the first layers of the whole "OOP class" related shit...
It's basically "whack a mole".
Whoever wrote this, was as dumb and as ignorant to build up a daisy chain of commands for fixing corner cases of corner cases of the regular command... If you don't understand what I mean, take the following example:
Permissions are based on group (accumulation of single permissions) and single permissions - to get all permissions from a user, you need to fetch both and build a unique array.
Well... The "names" for permissions are not unique. I'd never expected to be someone to be so stupid. Yes. You could have two permissions name "article_search" - while relying on uniqueness.
All in all all permissions are fetched once for lifetime of script and stored to a cache...
To fix this corner case… There is another function that fetches the results from the cache and returns simply "one" of the rights (getting permission array).
In case you need to get the ID of the other (yes... two identifiers used in the project for permissions - name and ID (auto increment key))...
Let's write another function on top of the function on top of the function.
My brain is seriously in deep fried mode.
Untangling this mess is basically like getting pumped up with pain killers and trying to solve logic riddles - it just doesn't work....
So... From redesigning and porting from PHP 7 I'm basically rewriting the whole base system to MVC, porting and touching every script, untangling this dumb shit of "functions" / "OOP" [or whatever you call this garbage] and then hoping everything works...
A huge thanks to AURA. http://auraphp.com/
It's incredibily useful in this case, as it has no dependencies and makes it very easy to get a solid ground without writing a whole framework by myself.
Amen.2 -
My own personal hell was a html page that had a script tag that called a rest endpoint that sent back a text block of JavaScript that was then dynamically executed to redirect the user to a php 3 page that was the exact same thing as the original page but with an extra bit of css to make the buttons blue and slightly rounded
You can’t make this shit up6 -
Realizing that the former so-called PHP developers based the entirety of their so-called dashboard framework (self-written of course) on GET requests.
Every. Controller. Only. Accepts. Get. Requests.
It creates stuff? So what! It does update? No matter! It deletes? Who cares!
Just call that URL, and it will release all hell, plagued with multiple side-effects, and then issue a redirect.
Of course that one delete button was inside some twitter bootstrap tabs, and due to the redirect the page always reloaded and the content manager landed on a very different tab. Meaning if they wanted to delete multiple records, they had to hit "activate tab" and "delete" and "activate tab" and "delete" -- rinse and repeat.
It's our *job* to make things easier for our users! Not to waste their time. (Unless you are browser game developer. Then do your thing.)
And we are talking basic CRUD! Basic CRUD! I am not even demanding for it to be restful or to have some parts of a HTML page being updated on the fly with such rad and new technologies like ajax!
There is just question I would like to ask whoever build this: Seriously!?4 -
Websites that redirect you to a custom /404 page after you've typed their way too fucking long URL and misspelled a single word deserve to be nuked from orbit.
Holy fucking shit, why is this a thing? Has this ever helped ANYBODY?9 -
The layout for my little side project was working fine in IE last week. Made some server side additions over the weekend and now the layout is broken... in IE only. Guess who's putting in a user-agent redirect to a "Works best in Chrome or Firefox" page? 😉
-
Get an email from a client, who has been stringing me along for about 6 months, but ringing me up for advice on tonnes of different shit for free. Basically did his original website but his business model has changed to make his existing site irrelevant. Suggested months back doing a simple one pager as a stop gap with key messages. The bastard said no to that "just take it down for now and redirect to my LinkedIn page". He keeps saying we are getting stuff together and we hope to get together in September. However, yesterday he sends an email "we are getting a student in over the summer (not a Dev or designer or anything). Could you recommend any "web builders" so we can get on with the website in August. By that he means those drag and drop fucking pieces of shit website templates full of wysiwyg editors for creating shit typography. I give them free help and guidance and they think that I'm not going to want to smash him in his fucking face for his last email. The cunt.
I have an idea for 'having the last laugh' but I am open to suggestions from some devRanters, all legal of course.
P.S. I post quite a bit here about shitty clients, but I do have a number of really good clients who value my work and experience and have been with me for many years. It's just some that treat the profession with disdain and that they can easily do it themselves if only they had the time. These fuckers then wonder why their businesses fail.1 -
Fucking Square Enix Website is just a huge pile of shit. NOTHING WORKS!
Wanna change your password? Nah sorry an error occured.
Wanna change your username? Nah sorry I'll just show you a loading symbol forever.
Wanna add a game to your collection? Nah sorry the "add" button is on fucking holiday and doesn't do anything.
Wanna change your avatar? Nah sorry I'll just redirect you and don't do anything.
Most amazing part is where you log in, then get redirected to the home page but it still shows the "Log in" button. Then you click on that "Log In" button and wosh! Home page reloads and tada! You're logged in!
Seriously who let this code into production? Also I know that you're using GraphQL now, due to an error message. Thank you!
Fucking bullshit...6 -
Oh boy, this is gonna be good:
TL;DR: Digital bailiffs are vulnerable as fuck
So, apparently some debt has come back haunting me, it's a somewhat hefty clai and for the average employee this means a lot, it means a lot to me as well but currently things are looking better so i can pay it jsut like that. However, and this is where it's gonna get good:
The Bailiff sent their first contact by mail, on my company address instead of my personal one (its's important since the debt is on a personal record, not company's) but okay, whatever. So they send me a copy of their court appeal, claiming that "according to our data, you are debtor of this debt". with a URL to their portal with a USERNAME and a PASSWORD in cleartext to the message.
Okay, i thought we were passed sending creds in plaintext to people and use tokenized URL's for initiating a login (siilar to email verification links) but okay! Let's pretend we're a dumbfuck average joe sweating already from the bailiff claims and sweating already by attempting to use the computer for something useful instead of just social media junk, vidya and porn.
So i click on the link (of course with noscript and network graph enabled and general security precautions) and UHOH, already a first red flag: The link redirects to a plain http site with NOT username and password: But other fields called OGM and dossiernumer AND it requires you to fill in your age???
Filling in the received username and password obviously does not work and when inspecting the page... oh boy!
This is a clusterfuck of javascript files that do horrible things, i'm no expert in frontend but nothing from the homebrewn stuff i inspect seems to be proper coding... Okay... Anyways, we keep pretending we're dumbasses and let's move on.
I ask for the seemingly "new" credentials and i receive new credentials again, no tokenized URL. okay.
Now Once i log in i get a horrible looking screen still made in the 90's or early 2000's which just contains: the claimaint, a pie chart in big red for amount unpaid, a box which allows you to write an - i suspect unsanitized - text block input field and... NO DATA! The bailiff STILL cannot show what the documents are as evidence for the claim!
Now we stop being the pretending dumbassery and inspect what's going on: A 'customer portal' that does not redirect to a secure webpage, credentials in plaintext and not even working, and the portal seems to have various calls to various domains i hardly seem to think they can be associated with bailiff operations, but more marketing and such... The portal does not show any of the - required by law - data supporting the claim, and it contains nothing in the user interface showing as such.
The portal is being developed by some company claiming to be "specialized in bailiff software" and oh boy oh boy..they're fucked because...
The GDPR requirements.. .they comply to none of them. And there is no way to request support nor to file a complaint nor to request access to the actual data. No DPO, no dedicated email addresses, nothing.
But this is really the ham: The amount on their portal as claimed debt is completely different from the one they came for today, for the sae benefactor! In Belgium, this is considered illegal and is reason enough to completely make the claim void. the siple reason is that it's unjust for the debtor to assess which amount he has to pay, and obviously bailiffs want to make the people pay the highest amount.
So, i sent the bailiff a business proposal to hire me as an expert to tackle these issues and even sent him a commercial bonus of a reduction of my consultancy fees with the amount of the bailiff claim! Not being sneery or angry, but a polite constructive proposal (which will be entirely to my benefit)
So, basically what i want to say is, when life gives you lemons, use your brain and start making lemonade, and with the rest create fertilizer and whatnot and sent it to the lemonthrower, and make him drink it and tell to you it was "yummy yummy i got my own lemons in my tummy"
So, instead of ranting and being angry and such... i simply sent an email to the bailiff, pointing out various issues (the ones6 -
I took like 3 years to my company to get this huge-ass client to ask us to remake their website (the client is already our client for other purposes).
The old website was hosted on their local machine, behind a proxy that was there for other 30 website servers.
The old website took like 30-40 seconds to load on a browser and had a google score of 3-6/100.
We made the new website in wordpress, since it was basically a blog and managed all of the older links to redirect to the new pages so that SEO wouldn't get affected.
We then asked the previous developers to let their domain redirect to the new one (it was like example.com => ex.example.com and now it's just example.com, so we needed them to make ex.example.com redirect to example.com).
What they did was making a redirection to the 404 page of the new website, making everything go to fuck itself.
Damn this might be the first time I despise other developers, but this move was fucking awful.
I mean, I get it, we stole your big client, but it's not our fault if we made the google score go up to 90/100 in a week just by changing server and CMS.11 -
So some asshole keeps sending phishing emails to every student and prof in our university and the IT department is too pathetic to block it. They all come from the same email and contain the same text yet they cant filter it and just send warnings not to click it.
Im getting sick of recieving 5 of these a day, i scanned and viewed the page and its just a simple form copying the outlook login page with a redirect to the actual page after submission.
Whats the easiest way to write a script that will spam them with thousands of fake accounts? How can i fuck with these guys?7 -
What do you do when your redirect doesn’t go where you tell it?
Clearly I’m missing something.
I stepped through the code, following the failure path of Sheogorath’s Recaptcha. It fails as expected, and hits this redirect before doing anything else:
`return redirect_to new_user_session_path`
I verified that this redirects to the “/users/sign_in” path, and it returns so the server doesn’t even try to authenticate the user. It just nopes out as it should to prevent timing attacks.
But somehow instead of doing that and redirecting as it should, it signs the user in and redirects somewhere else entirely: the role select page, which only happens after authenticating an admin user. It never even hits my breakpoint after the recaptcha check! It never authenticates!
I think what I’m missing is my old reality where things made sense.3 -
Just did something hackerman-ish! 😎
Since a lot of new iPhones are out after the XR, Apple "removed" the page for iPhone XR and redirect to the /specs page. I tried adding /index.html to the url and tada! :D hahah "I'm in!"
Any other ways I could've gotten to this page? I was going to try the sitemap and the web archive.3 -
Yesterday I helped in a college final project. To be done using PHP and MySQL.
- they were taught to create a login page and when submitted just check the values against username and password from DB table and redirect to a dashboard page. No session created.
- in the dashboard, session is not checked. Shows links to other pages.
- each page is a separate php file
- the app allows users to issue books to customers. They were taught to delete the book from book table and save all the info in issue table, when a book is issued
- when a book is returned, book info is saved in a return table and also saved to book table again and deleted from issue table
I asked this student to change it to the right way, to use sessions and includes. He said that then the lecturer would know, he didn't do the project. It's a diploma level course.2 -
So let's talk about CNAs, Captive Network Assistants, these downsized browser that open on Smartphones when you try to login to a free wifi which requires you to buy sometging or accept some terms.
I fucking hate them. I'm a web dev which has to deal with these dumbfucks.
Back in the time, there was this dumbfuck who had the idea to capture http requests on network level and response with a redirect to his own landing page. Fuck this guy. Then some dudes had the idea of the CNA as a privacy security feature. A good idea. But also this guys: "hey, let's make them a huge pain to develop for".Fuck them, too. But then came the companies saying: "hey make us a huge SPA with all features we can think of for this fucktard of a browser."
I hate fucking CNAs2 -
I think I may have shared this a while back. Just played with this a little for fun. I was playing with an ESP8266. Apparently it takes very little code to turn it into an access point and have it redirect to a landing page just like a hotel wifi does. Every platform I had connect to the AP seemed to work properly. I setup the AP without a password and let people log in. I named the AP "Virus Distribution Point". Here is what they would see:
https://htmlpreview.github.io//...
Don't mind the name of the repo. It is a junk repo I made for making mom jokes.6 -
TAP - The Art Project.
Started in my college, been working on it for nearly a decade now and during the pandemic I was able to find co-founders and we built an amazing MVP.
But now I got busy with my new job, which is super fun, tech guy got married lol and design guy is little lost.
But over the years, experimenting with people, ideas, and everything around, my idea evolved into something which is loved by everyone I shared it and I can see a huge potential in it.
But meh! Fuck it. Because I am too bored and would rather order a practice pad and start learning to play drums (my childhood dreams), attend more gigs, and live a happier life.
Because the heart wants what the heart wants :)
For the curious ones, you can test the MVP at https://www.tap.prismo.net
And there are few other side projects that I completed which can be found on my portfolio page
https://www.floydimus.prismo.net
I am just wondering shall I redirect my main URL to my portfolio page or keep it pointed to TAP?7 -
I deployed one of our staging websites to a free plan because the site is rarely used. Project Manager sends the stakeholders the new url. There will be a lot of 🤦♀️🤦♂️🤦 all around. Some of it’s my fault. A lot of it is just WTF.
Stakeholder: We still need the staging site because we don’t want to test in the live site…
PM: Okay. We didn’t say we were deleting the site. We are just moving it to a new and better hosting platform, so we’re letting you know the url has changed.
Stakeholder: This url is for the front facing page. How do I access the backend? [they mean the admin interface]
Me: The only thing that’s changed is the url for the staging website. So domain-A/account is now domain-B/account.
I thought that was a pretty straightforward way of explaining things, that even a non technical person would get it. They took the /account example as the literal login url.
Stakeholder: I forgot the password for our admin login and I submitted a password reset, but I realize I don’t know if I have access to the admin email. Or if it’s even a real email account.
WTF
I look back at the email chain and I realize that I gave the PM the wrong url.
Also, WTF x 2. How did this stakeholder not realize they were looking at the wrong website?? There are definitely noticeable style and content differences. And why would you have an admin login that uses a fake email??
Me: My apologies. I sent over the incorrect url. My instructions are mostly the same. All that’s changed is the domain.
Stakeholder’s assistant: [DMs me] How do we access the backend?
WTF…are they seriously playing this game and demanding I type out the url for them?! 🤬 I’m not playing this game and I just copy and paste the example that I already sent over.
They figure it out eventually. Apparently, they never used /account to login before They used /admin/index… but that would still bring them to /account, but with ?redirect=/admin/index appended to the url if they weren’t logged in. Again, WTF.
I know I made mistakes in this whole thing, but damn. I can’t even. I’m pretty sure this whole incident is fueling my boss’s push to stop supporting this particular website anymore so I can focus on sites that actually bring in revenue…and have stakeholders that aren’t looney and condescending like this.4 -
I used to work in a Tech Support department where everybody was constantly pranking each other.
In one of the iterations of such events one of the guys actually forked the source of a login page, in one instance of the app that was running in a VM, and edited the code so it would redirect the user to a lemon party'ish website.
It was quite an upgrade to the old M.O. where people would just email themselves messages with seemingly bureaucratic call to actions containing hyperlinks to the same lemon party'ish websites.
And the most direct approach, which is to type those directly into one's browser if the laptop is left unattended & unlocked due to a trip to the toilet.8 -
Bruh, imagine paying taxes for a site that literally throws a cryptic error message, instead of telling you "Page not found", because those retards literally redirect to /Account/Login after successfully logging in.
Even better, most people here are don't understand English well enough to understand what is going on.
And I pretty much doubt an admin has been informed...3 -
So, it's been a while since I've been working on my current project and I've never had the "luck" to touch the legacy project wrote in PHP, until this week when I got my first issue.
And damn, this goddamn issue. It was a bug, a very strange bug, that only happens in production and that nobody has any idea what was happening, so yeah, I didn't have anyone to ask and I got less time than usual ( because Thanksgiving ).
And thus, I have no starting point, no previous knowledge on PHP and less time! I expected a very fun week 😀 and it was beyond my expectations.
First I tried to understand what might be causing the issue, but there wasn't any real clue to star with, so no choice, time to read the flow on the code and see what are they're doing and using ( 1k line files, yay, legacy ). Luckily I got some clues, we're using a cookie and a php session variable for the session, ok, let's star with the session variable. Where it's that been initialize ? Well, spoiler alert, I shouldn't start with that, because my search end up in the login method of the API that set a that variable and for some reason in the front end app it was always false and that lead me to think that some of the new backend functions were failing, but after checking the logs I got no luck.
Ok, maybe the cookie it's the issue, I should try open the previous website on the brow...redirect to new project login, What? Why ? I ask around and it's a new feature push on Monday, ok I got Chrome Dev tools I can see which value of the cookie it's been set and THERE IT WAS it has a wrong domain! After 2 days ( I resume a lot of my pain ) I got what I've been looking for, so now I should be able to fix the bug. Then where is the cookie initialized ? In the first file the server hits whenever you tried to enter any page of the app, ok, I found the method, but it's using a function that process the domain and sets it correctly? wtf ? Then how in heaven do I get the incorrect domain ? Hello? Ok, relax, you still have one more day to fix this, let's take it easy.
Then, at the end of the Wednesday, nope I still have no clue how this is happening. I talked with the Devops guy and he explain me how this redirection happens and with what it depends on, I followed the PHP code through and nothing, everything should works fine, sigh. Ok I still have 2 days, because I'm not from US and I'm not in US, so I still have time, but the Sprint is messed up already, so whatever I'm gonna had done this bug anyhow.
Thursday ! I got sick, yay, what else could happen this week. Somehow I managed to work a little and star thinking in what external issue could affect the processing, maybe the redirection was bringing a wrong direction, let's talk with the Devops guy again, and he answer me that the redirection it was being made by PHP code, IN A FILE THAT DOESN'T EXIST IN THE REPOSITORY, amazing, it's just amazing. Then he explained me why this file might be missing and how it's the deployment of this app ( btw the Devops guy it's really cool and I will invite him a beer ) . After that I checked the file and I see a random session_star in the first line of the code, without any configuration, eureka ! There was the cause and I only need to ask someone If that line it's necessary anymore, but oh they're on holiday, damn, well I'll wait till Monday to ask them. But once and for all that bug was done for ! 🎉
What do I learn ? PHP and that I don't want any more tickets of PHP 😆. -
Google's Testmysite is piece of shit.
Tested website got 6-7 sec, then built Mobile page and set redirection for mobile users.
Tested Mobile page got around 3-4 sec then tested homepage (which just redirect Mobile user to mobile page) it got fcking 6-7 seconds
FCK you Google, page redirection should not be considered in YOUR FCKING speedtest.10 -
Logging into my schools blackboard using selenium is only redirected on school WiFi
Outside school WiFi I go directly to the site. But on the school WiFi it pauses on a redirect page with a link that loops back to the redirect when grabbed by selenium And selenium fails
Fucking hell2 -
>finally gets around to installing vsftpd on home server RPi
>doesn't work
hmm.mp2
>configurating
>confusing as fuck template documentation
>man page isn't much better
>gets it working
>goes to log in
User: pi
Password: a
(What? It's a home file/command server isolated from the Internet. Sue me.)
nope.avi
>why
>tries again
nope.svg
>FUCK
>sees small raw-command log in bottom-right of phone FTP client
hmm.flac
>tries again, watches log
PASS *****
>the fuck
>goes to change user pass over SSH
# passwd
"Current password?"
about half a second later
"passwd: auth token manipulation denied"
>the delay tho
>WAIT A SECOND
one time i got past some parental software bullshit on a tablet by abusing the delay between opening a banned app and the redirect to the normal software at like age 7. (Doing so let me enable remote wipe through Google. bye bye software!)
>*inner 7 year old has autistic screech*
# nano temp
a
abcdefghi
abcdefghi
^O Y ^X
# passwd < temp
>fucking works
>logs in to FTP server successfully
>does the one file download that was needed
why and how did that fucking work -
Getting the angular interceptor working the way I want has proven to be a pain for me. I try to update an auth token, which returns a promise that has to be transformed to an observable again. based on that, redirect to a login page, in case of 401. But nothing works! Either infinite page reload because of the login() promise function of the auth provider or no reaction at all after a router redirect. 😤4
-
It's 2022 and web browsers are still unable to unfollow redirects.
If I open some URL in a new tab and it redirects me to /503.html or similar due to some server errors (which is bad design to begin with), there is no way to see which URL was redirected from. The "back" (←) navigation button is greyed out, so there is nowhere to go back to.
One might open a new tab to look at it later without realizing it redirected to an error page. Then one opens it, sees /503.html, and has forgotten which article one was going to read.
Only on the mobile edition of Chrome/Chromium, switching between desktop and mobile view unfollows the redirect. But on Firefox mobile, Chrome/Chromium-based desktop, and Firefox desktop, there is no way to know which URL redirected me there. -
Our lead frontend dev insists on using <select> as a dropdown for a language switcher in the navbar of a website and then make the page redirect to the localized url using the onChange event with JS.
Am I wrong thinking that's just really, really dumb, or am I just dumb?3 -
I've gotten started with web dev in the past and learned HTML and CSS and started learning JS but I never could understand what I could use for a code editor to practice and pretty much forgot all of that stuff. Now I'm trying to learn Python, but what's pissing me off is paying for a phone app that doesn't teach you to write code in these lessons, rather interactive multiple choice questions and "put this in the right order". sequences. This is not learning for me, this is informing. Which is info I don't retain. And If i'm paying for it why is there so little to these lessons? Barely covering anything. I've done every lesson Mimo had for python but it didn't really explain the practicality of what it was teaching me and they skipped a lot of shit. Changing the pace of the lesson from Print this and that and heavily explain the most basic stuff 3x over to only explaining the more advanced stuff one fucking time.
I would really like learning python while being walked through a project as a lesson. Teach the terminology, structure, application, process, rinse and repeat, and outcome all in one. With a project target to look forward to. I need a goal to keep my interest.
So far all I know about python is its a programming language used to create Youtube. And I'm trying to learn it because I keep reading that its the recommended starting line. But I need to be able to visualize what this code can be used for. Explanations in terminology I haven't been taught yet just frustrates me. And I read everyone's posts and see many people mention being frustrated, but I haven't even started coding yet. Feel free to comment and redirect me to page that can help. Links are appreciated. Nay, encouraged!7 -
JS/HTML QUESTION:
I wanna create a html page wich redirect us into a certain website and execute Javascript on the new website opened.
So i should use window.open i think, but how do i like execute js on this website after opened?7 -
Which ons is less risky and which one Is most profitable to succeed ?
0- telling the admin you forgot your password and as he's logging in, sniff his password (you already placed sslstrip)
1- gain access to router using its vulnerabilities and redirect the traffic to a fake page and get the password.
2- exploiting smb port of admin's system and placing a krylogger or stealing his cookies if available
3- brute forcing admin password :/
4- pressing forgot password on admin account and staying close to him and sniff the SMS containing the otp using rtl-sdr (and of course you will be prompted to set a new password)
5- any other way .
Also the website itself is almost secure.
It is using iis 8.5 and windows server 2012
Only open ports are 80 and 443.4 -
Fucking hate to explain basic shit to computer illiterate. Usually I don't mind, but right know I working on the project, want to automate one thing I need to do every morning, put two numbers to web page(I will explain details maybe in next rant). So I am only one who fix, buys computers, printer(for some problems I call for other repair man.). Generally speaking working as IT guy. Firm has like 50 computers, some of them has SCADA software. Some computers have Win 7, some win 8 and others win 10, can't upgrade those computers, not enough money(I can deal with this problem). And yes, computer buying is not the fastest, easiest thing too. Because is public firm, I need to do public buying(I don't know how to translate to english), and most of the time wins the lowest price, I am ok with that. But I can't on item specification write I want that model pc or it components. Example: I can't write I want intel processor, however I can write number of cores, frequency. But it's not that bad, usually i have template for all things I buy. One of the worst thing is this, our firm bought new bookkeeping software version, old version was using visual foxpro framework. Good thing I didn't initiate the purchase, because right know I would be jobless, not because I would be fired, but because our senior accountant would drive me crazy. In fact accountants drive me crazy, but I can handle it for now. As I wrote before our form has about 120 workers, major part of workers are old, like my parents age. (I am 28 btw. Mom is 55.). As you all know what happens if you say you work with computers. So our accountants are like 60 years old, got new program, don't know how to work with it, and they ask me how to do certain things. if I don't know how to I ask program's support, every question is like 90 Eur. So in short accountants expect I should know their work and how program works. If I try say something they don't like, they try to make my day hard. Next thing is our billing program. Man that worked before me done some payments import. And when I came everyone expect me to do that. Ok I did that because that people working with billing program would probably fuck it up. And I semi automated that, so I don't mind that much. Sometimes that program fucks up, like it happened yesterday, it send email invoices attachment without filename. Example: people got this attachment ".pdf"(no filename, only extension), And if you save it you need do OPEN WITH command and then select pdf reader or rename file (I don't know what easier). And surprise surprise our firm, customer support redirects all phone calls, emails to me. But I did explain to customer support what to say to people. Still they redirect it to me.
PS: This is my first job after school. I work as part time.
TL;DR Thinking my life, carrier choices. accountants are not the nicest people.8 -
Was debugging a php project (for a friend) the header(location) wasn't working for some reason, and I didn't want to go through his 1000 lines of code to see where the trouble was, so I just inserted JavaScript to redirect the page to a location he wanted.
Now he thinks I'm a genius😂😂 -
stupid dumb wordpress, who POSTS a user registration, returns data to the SAME site with a dumb "successful" message alert, and THEN redirects to whatever page you want?!?! looks like shit, feels like shit in terms of UX
JUST REDIRECT ME TO THE PAGE I WANT FROM THE SERVER THAT'S THE WHOLE POINT OF PHP
I swear its as slow as balls too -
i have a question. when a user logs in, the app should have the "logged in" effect. so when he tries to navigate go login page it should redirect him to home page. but how can the app know if he has logged in? should i store the jwt token in sharedprefs and check if hes logged in locally on the phone or is the backend rest api supposed to handle that (and how)?
-
! Rant
Recently received my ESP8266 and for bad or for worse quickly flashed it to use thingsSDK and espruino.
I have setup a webserver on it but at the moment you need to go to its local ip to see the page, does any one have tryed this before and overcome to redirect all requests to that page? Any ideas are welcome, i know this can be done easly with LUA but cant code LUA, yet...13