this makes it even more likely that it's the real code. Let's face it, no one is expecting a shining example of software design and architectural brilliance here
The original 4chan code was in Japanese and moot used Babelfish to try figure out what did what. From what I remember, the original Futaba code is just as bad (http://www.2chan.net/script/). It's no secret that 4chan is cobbled together with glue and string, moot has said this several times before.
The comments are in Japanese but if you know PHP you should be able to understand it without the comments anyway. It's a single file of less than 1K lines and written in a rather straightforward style. It's also extremely easy to setup - just edit the config parameters at the top and drop it on a webserver, and it's ready to use. Not even a database is needed.
I don't think it's "bad"; it's damn simple and works well for what it is, and contains no unnecessary complexity. No dependencies on some other huge framework, multilayered overengineering, or excessive generality. The same can't be said of the many other clones of it that were attempting to be "better designed" rewrites.
As for "maintainability" or all that other software engineering stuff: this board script doesn't really need to be maintained, because it works, and if anything needs to be changed, it's so simple that the changes can be made easily. Along the same ideas as http://suckless.org/philosophy
4chan has grown to be quite obviously more sophisticated than Futaba, which really has stayed pretty much the same for over a decade. You can see for yourself:
It's kind of surprising though. I wonder what the results of a 4chan re-write by 4chan users would look like. Or even splitting out some functions for re-writing.
What's wrong with the if cookie check? Don't the following conditionals for the mode make sure they still cannot post, which is the point? And the rest of the code is still run so any other security checks are still performed.
extract is one of those moronic things though that only exists to create security holes and other bugs.
Why there isn't a flashing red warning label at the very top of that page, I have no idea. This is one instance where I would actually sanction using the <blink> tag.
To be fair, there is a big red warning box further down that tells you using it with user-supplied data is a very bad idea, and there are flags available to prevent overwriting existing symbols.
None of which the 4chan code actually uses.
I've never seen the utility of extract -- it's the recommended way of getting wordpress plugin parameters, but to me, just using whatever array you're extracting from is always a better solution.
Thanks everyone for your insightful comments: now I've learned that the leaked code is actually from a past leak when 4chan was in a more primitive state, but you're right that it is truly ingenious even then.
Luckily, Javascript is always allowed in PHP projects and it can do a lot more today than it could a decade ago. Also, using it will often lead to having NodeJS on the server even if it's just for compiling assets initially.
No serious, modern PHP developer writes code like this. If it were a code sample for any respectable PHP job, it would be a massive "do not hire" flag.
No True Scotsman. I've seen a few commercial PHP codebases running worse stuff. You can say they aren't "serious" or "modern", yet they have people doing this full time shipping commercial appliances and services.
I think you live in Lala land. I too hope this, but it's wishful thinking; by far most I encounter in the wild write like this and worse (this actually works for instance).
Confirmation bias. 99% of PHP developers out there are in fact absolute shit, and they're happy with it because they're developing "websites" instead of "applications."
Right tool for the right job. You can use qualifiers like "serious" and "modern" but you're deluding yourself if you think they mean anything when the pool of PHP developers is so staggeringly high.
I'm under no delusion. Admittedly this is the wrong place to be debating anything PHP, but I wouldn't suggest that the average skill level of "everybody who writes PHP" is anything better than incompetent. The people I'm sitting next to now and have worked with in the past are as real as I am - the 1% you recognise are the serious and modern PHP developers. We exist and we're the pool you hire from.
Of course, right tool for the right job. PHP has specific use cases but that's another discussion entirely.
that's just not true. Given my experience, most PHP devs dont use a framework or even composer. When the forefront of your language is wordpress, it doesnt help spread best practices.Agreed you can write crap in every languages,you can write jsp pages, but it's unlikely you'll get a java job if you dont know OO or Spring.
Come on now, I hate PHP more than anyone else, but seriously, wordpress is the best that PHP has to offer. It doesnt suck. It has a quite nice API - its the plugins around wordpress that have quality similar to this 4chan source code.
Ive also seen much worse in Java world, with JSPs and all kinds of taglibs and action-handlers mashed up to create a soup which would make you crave for PHP.
People here love to poke fun at WordPress. I'd love to take any of them out of startup-land and make them work for a full week in a 10 years old corporate piece of software, written pretty much in any language.