The latest articles on Forem by Keil Hunsaker (@keilhun). https://forem.com/keilhun https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F91226%2Fd4ae255e-160d-4a65-95a0-2852090e3beb.jpg https://forem.com/keilhun en Keil Hunsaker Mon, 16 Feb 2026 12:59:39 +0000 https://forem.com/keilhun/refactoring-legacy-website-and-the-test-suite-that-never-was-449f https://forem.com/keilhun/refactoring-legacy-website-and-the-test-suite-that-never-was-449f <p>The Horror<br> Picture this: It’s the 2010s, but the code feels like the 1990s. I was handed the keys to a custom e-commerce site for a small manufacturing business. The tech stack? A chaotic mix of legacy Perl scripts and static HTML. The navigation bar was hard-coded into 20+ separate files.<br> But the real kicker? The checkout process captured raw credit card numbers and saved them to a flat text file for office staff to manually type into a terminal. No encryption. No tokenization. Just pure, unadulterated liability.</p> <p>The Mission<br> My directive was clear but constrained: “Modernize the site, improve security, but don’t disrupt how we do business.” I wasn’t the architect; I was the mechanic trying to change the tires while the car was doing 60mph.</p> <p>The Fixes (The Wins)<br> I took a pragmatic, three-phase approach to stop the bleeding:</p> <ol> <li>The PHP Facelift I ripped out the hard-coded navigation and built a simple vanilla PHP template system. Updating a menu item went from 45 minutes of copy-pasting to 30 seconds of editing a single file. The site became more consistent and easier to maintain without breaking existing pages.</li> <li>The Security Patch I integrated the PayPal API to offload payment processing. This was the critical win—we finally stopped handling raw credit card data, instantly improving security and reducing PCI liability.</li> <li>The Logic I bridged the UPS API into the Perl cart to automate shipping costs based on weight, eliminating manual lookup errors and reducing operational bottlenecks.</li> </ol> <p>The Heartbreak (The Phantom Test Suite)<br> The legacy checkout code was brittle, and I was constantly worried about regressions. On my own time, I built a small regression test suite using Codeception (PHP) with Selenium to perform end-to-end tests of the checkout flow. Selenium automated browser interactions, while Codeception provided a PHP-based framework to organize and run the tests, giving me confidence that the checkout process continued to work as expected.<br> When I proposed formalizing the suite, the business didn’t see a clear return on investment. Time spent on non-customer-facing work was hard to justify, so no resources were allocated to maintain or expand it. The suite never became part of the official workflow.<br> Even so, I continued running it locally before my own deployments. It quietly caught potential regressions and saved me from breaking things, even if the work never appeared on a roadmap or report.</p> security softwareengineering testing webdev