Time and again I see people do stupid stuff on the web. I’m talking about the developers. There’s this big fat rule in the world of web development: never trust your users to do the right thing.
This could mean asking the user if they’re sure that the want to delete an appointment from their calendar, checking a provided email address is valid or prompting them to save changes before moving to another page.
These examples are quite trivial though – hopefully nothing super bad will happen if these checks aren’t performed. When it comes to money, however, you really want to make sure you’re double checking everything.
I had a rather interesting encounter with a stupid system that processes tons of financial transactions every day (I assume). It’s an online payment system for a number of Australian services: you can pay your car registration fees, building permit fees, council rates and parking infringement fines, to name a few.
Here’s the first screen:
And here’s the payment confirmation page:
It seems that changing the contents of the price field in the first page alters the final payment amount!
Why the developers thought this was a good idea is beyond me. When dealing with money, or any information for that matter, you should always check the values match what is expected. In this situation, I expected one of two results:
- The payment page recalculated the payment amount and charged that amount, rather than the amount sent from the browser, or
- The payment page tells the user that the payment amount does not match the bill amount and prompts the user to start the payment process again.
Update: ZenPsycho just suggested the system might intentionally allow users to pay more or less than the required amount. This is a valid point, and perhaps some of the billing system’s clients might like to offer this. I forgot to mention though that the form element for the amount included “readonly” and “disabled” attributes, so if the client chooses not to allow the user to change the values, the system really should enforce the payment amount. At the very least it should warn me that I’m about to pay less than the current amount and ask me to confirm.
My most memorable interview, though, was for my position at Modem Media in London. I visited their “cosy” office on a rather warm summer’s day, the coolest area was near the system administrators who had a portable air conditioning unit pumping the hot air over Piccadilly Circus, and Glenn White occupied a glass walled room in the centre of the office.
I recently installed PHP 5.3 in order to play with some of the new features and thought I’d share the steps I took with you. While it’s based on a clean installation of Ubuntu 7.10 Server, you might find this useful on existing systems too.
The new year typically spawns lots of “Best of …” and “What happened in …” articles and blog posts. It’s a time of year to reflect on the past 12 months. It’s time to look at the highlights, sometimes the lowlights, and hopefully lock a few of those nuggets away for future use.
Well, I’m very excited! Some of you will know that I was asked to be an author on a book a while ago. I kept quiet about the details at first, but let slip to a few that I was updating a couple of chapters for the upcoming PHP Anthology (second edition). What I wasn’t expecting was to have my name on the cover!
