4chan source code leaked (2010)

Not much to see here, folks. Someone took an <i>old</i> leak of the source code and commented out a few lines for a giggle. Only moot and the developers know what the site looks like now, but given the significant addition of functionality in the past few years, it&#x27;s pretty much impossible that that would be the only difference in the source.<p>The original leak, from 2010 at least, possibly older: <a href="http://pastebin.com/4JVjS02b" rel="nofollow">http:&#x2F;&#x2F;pastebin.com&#x2F;4JVjS02b</a><p>4chan <i>was</i> hacked the other day, so the current source code <i>could</i> have been leaked, but if it was, this sure isn&#x27;t it.

I mean,<p>Yes I hate PHP more than the next guy,<p>Yes this code is terrible,<p>But you know what? I can read it, and follow along. And that&#x27;s actually more to say than other &quot;beautiful&quot; code that was obfuscated behind 3 or 4 levels of unnecessary levels of abstraction or indirection.

<p><pre><code> if ($sectrip != &quot;&quot;) { $salt = &quot;LOLLOLOLOLOLOLOLOLOLOLOLOLOLOLOL&quot;; #this is ONLY used if the host doesn&#x27;t have openssl #I don&#x27;t know a better way to get random data</code></pre>

And yet, despite the horrible code, it&#x27;s still powering an Alexa Top 500 page without any huge problems I&#x27;ve heard of.

I think this just goes to show that you can have a lot of popularity even if your code is just sorta glued together.<p>Don&#x27;t they get a few million users? I&#x27;d say it&#x27;s definitely nothing to scoff at.<p>It makes me wonder how many big profile websites might look like this or worse.

Ask HN: Would you rather have a beautiful source code with 1000 pageviews&#x2F;month or an ugly source code with millions of pageviews&#x2F;month?

This is not leaked recently but spread today which caused people to believe it was looted during the 4chan hack earlier today. The 4chan administration has been awkwardly silenced about the compromised 4chan website, but this isn&#x27;t one of the reasons.<p><a href="http://9ch.in/overscript/" rel="nofollow">http:&#x2F;&#x2F;9ch.in&#x2F;overscript&#x2F;</a> <a href="http://9ch.in/overscript/files/yotsuba.txt" rel="nofollow">http:&#x2F;&#x2F;9ch.in&#x2F;overscript&#x2F;files&#x2F;yotsuba.txt</a>

It seems that it&#x27;s too terrible to be the true code. &quot;if($_COOKIE[&#x27;4chan_auser&#x27;]&quot;,<p>&quot;extract($_POST); extract($_GET); extract($_COOKIE);&quot;

I thought the *chan code was open.<p>Or is this some critical bit? (I noticed it handles cookies, but I&#x27;m too unexperienced with web, php or web-security to explore this wall of code)

I wonder what is the site&#x27;s infrastructure_cost&#x2F;ad_revenue ratio, because I have long had a feeling that it could be greatly improved. Moot has always been skeptical about innovating the board, even the iOS layout is still incomprehensible since the CSS shim has been added.<p>Imageboard is dead easy in it&#x27;s essence, so why not rebuild it from scratch, instead of feeding new bells and whistles to the existing spaghetti monster?

Well at least it&#x27;s neatly organized into functions :P

My eyes, the goggles do nothing!!!

How can code be &quot;leaked&quot;? Wouldn&#x27;t this imply someone was able to terminal into one of their servers?

if(isset($_COOKIE[&#x27;4chan_auser&#x27;])&amp;&amp;isset($_COOKIE[&#x27;4chan_apass&#x27;])){ $user = mysql_real_escape_string($_COOKIE[&#x27;4chan_auser&#x27;]); $pass = mysql_real_escape_string($_COOKIE[&#x27;4chan_apass&#x27;]); }<p>HAHAHAHAAHAHAHAHAA<p>Steal a cookie, gain access.. WTF

&lt;font&gt;? &lt;table&gt;?<p>Man, 4chan is worse than I thought.

F* me. No wonder PHP has a bad rap..