This is ridiculous, you want me to leave oxwlall for good? You write here proposed coding rules, but now you suspend my plugins, because dont apply this rules. As i see this are PROPOSED RULES, not existing rules. You know law rules? "lex, non retrotrahitur" ("law is not retroactive")

If you want create coding rules, you should discuss it with active developers, when rules was approved, then you must provide time to adjust plugins to new rules, but you don't want discuss with developers, you only can suspend plugins. You dont update oxwall core, we dont have new version oxwall, but you do everything to next developers leave oxwall too.

I have work, many clients, but also want support oxwall platform and do it in free time, but now, when you suspending my plugins, one by one, i probably leave oxwall.

DEAR CLIENTS for now Auto Banning and Membership X, because oxwall team suspended this plugin, i inform you that i dont release next updates, because plugins are suspended, if oxwall team unsuspend this plugin then next version will be published.

Hello,

You're kidding me, right?

Late April Fool's?

incredibly sorry

mike

PHP community has long ago decided on the rule set: PSR1 and PSR12. If you want a proper code style use these specs.

Or just stick to Oxwall's original coding standards:
https://wiki.oxwall.com/dev:core:coding-standards

ArtMedia - I explained why the suspension in the notice you received.  I am sorry that this is painful for you and we certaintly dont want you to leave, you are a good developer.  However, lets try to be more professional about what is happening, and your reaction.  That original post above also says that many of the rules have been approved and we are just waiting on a small few. 

I believe what you are feeling is reaction to change because things have been stagnant for so long and now they are not.

1. Oxwall has the right to change, suspend, modify, improve the coding standards, and review products with or without notice.

2.  What was expected of you to get your plugin back online is a very easy 5 min job, all you have to do is move the function call to the install and only run that in the install. Why is that so hard to do.  We have not suspended all your products yet so why cant you just be more professional and realize that the change is for the better and change is natural, and just do it, and then it will be approved.  Just like SD and eventually Patricia have done.  SD handled it very professionally and the product was back online quickly.  Patricia also had some growing pains and we discussed it and she has been a trooper and very stand up about the whole thing. She knows like SD and myself know that this is a necessary thing to do in order to bring back respect to the Oxwall store and ALL of its developers.

I am sorry that you can no longer just post products and then leave them sit like auto pilot but we have fallen way behind in standards and expecting them.  I dont want to upset anyone but i am focused on a mission and that mission will help everyone.

3. Your hard work is appreciated and we have noticed the good things you and all develpers do here, but you must understand that there will be growing pains along the way but we have to get this done. Are you going to write me and ask me about new changes so you can do them right away, no probably not.   That set of rules has been up for two weeks now and so if you visted the forum more often then you would have seen this and had two weeks to change your products.

4. The reason this post was made was to openly discuss this with develpers but you have not replied until one of your plugins was suspended, you have had two weeks to discuss it.

5. This has nothing to do with the oxwall core update, they are two completely different matters.  I am currently working on an update just to let you know but i wont have it ready for a while.  Basically what you are saying is that just because you cant have one thing you can let another thing slide, that is not professional. 

Sergey, yes it is a block of text because i changed it to text. When posting the html the editor was stripping code for the ul  lists and creating havoc with the post so i decided to just make it plain text.   Any coder can get the overall idea of what is expected. Even with posting using the html menu item it still messed up.

Also Sergey, PSR1 is standard, PSR2 has been depricated to PSR12 which mostly deals with classes, methods, functions and some other formats.  But it does not specifically deal with items unique to Oxwall. 

6. Lets say for example that i messaged all the developers explaining things and then two weeks later i did the job.  They still would get upset because they have been sitting in a comfort zone for so long that they dont feel any work needs to be done or they just dont want to do it.   Plus the fact that by the time we write every developer and then wait for their reply, we would be doing this for 2 more years before the strore is cleaned up.  We cant wait that long folks. 

Maybe you might get to the changes in a week, a month, or later.  We needed to wake developers up to get them onboard that the store is a business just like any other business. In business there are always challenges and this is no different.  What we are asking is not rocket science, for many its just a few minutes of your time. For others its alot more.

I sincerely apologize that your plugins and store privilage might mean that you may have to do 5 - 10 min worth of work once in a while to keep up with standards. 

7.  Also patricia had all of her plugins suspended all at once but we did not do that with any of the rest of you.  And again patricia is a real trooper and very dedicated and understands its all in the achievement of progress. 

8. We dont want anyone to leave and we dont want to upset anyone, but this has to be done, it has to be done now, and it is long overdue, and there is no way to make everyone happy. 

Finally, ArtMedia i would ask kindly that you not use your plugin updates as hostage, you are only hurting yourself and your users. 

Thanks in advance for understanding and i hope we can get through this together.

Dave :)

Chris_W   those coding standards are outdated and do not cover many things that developers across the board are doing wrong.   What i do is i look to see how Skalfa does things, since they wrote it in the first place.  Then i use that as a guide to help determine compliance. 

Plus den was the last person to edit the wiki and he has the password and is no longer with us.  So it will take time to get that modified.  

Artmedia and Sergey, tell you what ill do out of respect.

First artmedia i will appove your two plugins with the understanding that you fix them by tomorrow, that is about 10 min worth of work.

artmedia and sergey, i wont suspend any more of your plugins if you bring them up to code by friday of this next week, that gives you a full week to do this. Which is plenty of time.  But if you do not then i will suspend all that are not changed all at once.

Does that sound fair ?

In the mornings, before going to work, I follow my routine of entering my website, approving or rejecting new members (I use the approved manual), responding to user messages, checking out NewsFeed... It's my daily routine. Then I enter this forum, usually 5 minutes because there is not much to read, and return to my site in case any user has answered me not to make him wait until half a day, when I return from work.

One Monday I found all my plugins suspended at once, all of them, without any notice.

That same night I re-edited ALL of them and uploaded them again, I didn't update the version number because the changes don't bring anything, just the bulk of the new rules.

They didn't reapprove them, I have to rewrite them all.

I'm not going to comment on the fact that I got all of them suspended at once and other developers were given other criteria: what if a few, what if two weeks' notice...

I don't understand that recent plugins that are working well, that have support, are suspended. It has nothing to do with old plugins without support, things are being mixed up.

To emphasize the issue of comments in Spanish, which now happen to be banned.

Too bad, those comments are FOR ME, to develop new versions, for possible bugs, FOR ME. Spanish is my mother tongue, if I have to write them in English it means the same effort as doing it in Mandarin Chinese or Japanese, and they are no longer useful FOR ME.

What I sell in the plugins is a UTILITY, not a programming course. I try to use variable names and descriptive functions in English, but I don't like the language of the comments.

The same goes for "big chunks of code as comments".

For example, my UserJail plugin doesn't notify by email and the code to do this was finished but not tested. Well, it's already removed, there won't be a "version 2" that sends emails.

Another example. In my "MemberAds" plugin I had to move a lot of code from init.php to a new class called from init.php. Functionally it's EXACTLY the same but now the plugin is longer and its execution is 0.0001 % slower. Ah! But now it's nicer. Great. The performance doesn't matter, what a fool I am for not having noticed. I calculate that there are more than 10M ads published with my plugin. This plugin deserves that I improve the graphic part (HTML/CSS), not that I waste time moving functions from one part to another not to improve anything.

The plugins now I'm fixing them little by little, I don't have 8 hours a day because I don't live from selling plugins.

Dave's analyses are very exhaustive, in a plugin like "magazine" (suspended, of course, a plugin of ONE MILLION LINES OF CODE) there is some html that contains a </spam> without its corresponding <spam>

No, a warning is not enough, you have to suspend the plugin.

Actually now nobody will have complaints about the quality of the plugins in the shop, the problem will be if there are plugins.

Mine are already half reapproved, they do the same. The rest, I don't know what to do, in my web they are working perfectly, in my demo web too and those who have bought them, have not commented anything, so I understand that they are satisfied.

What do I do now? Do I waste my time rewriting them all?

Or do I write new ones?

"Making beautiful" a code that works is NOT a hobby.

(I'm sorry that Google translates so badly)

My shop

Dave, why all developers dont get info about this new rules, to discuss it and adjust? When you apply something rules, then why devs don't get email message about its? I only get info about suspend GOOD plugins with support, because you write some rules on forum, where i go only sometimes, because you have there more spam than value posts.

Then tell me why my callback function must be on install.php file, many users stole plugins, i must have veryfiyng mechanism to protect my work, so i create function which send email to me who install my plugin (get only email, site url, license key, plugin name). I also send this email sometimes when prepare big update, to get info, if somebody is enough smart to disable mail function when install plugins. So i create my function on service.php file, because i use it when somebody install plugin or update plugin, as you know, you can use plugin service file on install file, because you get error (plugin namespace dont exist when install plugin), i create function on service to don't refactoring code on install and updates files, because then i must copy the same code from install file to update file, when i want get info who use my plugin after big plugin update and if somebody stole my work, because license key is empty. So my plugin size is smaller, because i have one function on service.php which do this.

Tell me why callback function must be on install file.

About updates, tell me how send plugin updates when plugin is suspended? i have ~ 100 plugins, changes, zipping, clean zip file, update on this site, wait after send plugin when you can change main version (you musi sometimes wait 10-20 minutes), that isn't 5 minutes, this about 20-30 minutes, then 100 * 30 = 50h work and this changes dont upgrade plugin quality. Developers are busy working on many project, you must have it on mind.

I dont understand why you suspend good plugins, which have good reviews, which don't have any harm code. On oxwall store are many bad plugins, eg. aaron plugins, start working on aaron plugins, and then before you want suspend plugin you should contact with good developers.

Now you do this, suspend plugin -> inform  developer, good comunications should be: contact with developer -> suspend plugin if plugin have any harm code or generate errors, when developer dont want cooperate,

Patricia - since you opened the door on the subject then i can now explain why in public.

Your plugins were NEVER suspended for one silly reason, they were suspended because of multiple critical reasons.  In my notes (which i will share if you want me to) i sorted out the issues between critical and non critical.  The critical items were the ones you need to fix to get the plugin approved. The non critical items were labeled as "fix in future releases" 

The biggest issue with your plugins patricia was the fact that you were gathing information during callback that was none of your business (such as all plugins installed and keys) This is why all of your plugins other than one were suspended right away because we had to stop that from happening right away. 

If someone does not know what a callback is, its basically just sending an email back to the developer that contains information they gather from the install and server.

Again I was directed to suspend them all from above, but i would have done so anyway because of the following:

We as developers hold very high power over what is possible, just because it is possible does not mean that we can just do it.  Especially in todays world when privacy and security are both such important topics.  Your plugin was never suspended because of gathering proper information, it was suspended because it was gathing unauthorized inforamtion from someones server without asking first and without any kind of notice or disclaimer.    Getting a list of every plugin that someone has along with key values is none of our business as developers.  

We must be extra cautious and extra sensitive as developers that we do not violate that trust that poeple place in our work and in ourselfes.  This means that you dont collect information that is none of your business. 

This also goes for being on a customers server, we must always do exactly what is needed and nothing more, no snooping around, no seeing what they have in other directories, no sticking our fingers where they dont belong.  I cannot stress this part enough that we must only do exactly what is necessary while on someones server and nothing more. 

The html errors were many in your plugins patricia, so many that yes they became a critical item.  Some where false positives and i allowed for those, some were flat out coding issues.  And yes <spam> text </spam> and missing anchor tags matter in html. Maybe the customer does not get a message on the screen because of it, maybe some confirm url does not appear.  Errors matter regardless where they are.    And i believe that i was very very fair with only marking those critical items that mattered.

As far as format and where files go, they go there for a reason, not only because skalfa wrote it that way but because they did so for a reason.  When you change locations of process you change the way the script works regardless if it is parsed on the page or not. It can also effect security, class protection and other issues.  Plus if the basics are done the same by everyone then its much easier and faster to approve the product.  Just sticking something willy nilly anywhere you want to destroys any kind of stardards at all, and then we have to try to sort out and follow a new data process with every plugin. 

Patricia, i know you did not do that with bad intent, you are a excellent developer.  Which is why i stopped everything else i was doing to focus on your needs so that we could get you back up and running asap. 

There were warnings, notices, errors, sometimes the process caused confusion which is also a great part of having someone else look at your product.  I bent over backwards to even suggest coding for you and sent it to you, i dedicated myself to get your products  back online asap because i knew there was alot to do.

The reason the list became more than just one thing is because while looking at the files we found more stuff that was an issue.  But again i dedicated myself to get your stuff back onlline asap.

Artmedia -  The reason that the callback has to be in the install is because it limits when it can run.  It should not be run during any other time other than install.  The reason why is because the purpose of the callback is to establish when and where your plugin was installed so that you can match it up with the users information in your store to verify they are using it legally.  

The callback is not something that is suppose to be executed just whenever you want and the reason for that is because of legalities and security.  It is one thing and mostly understood and excepted that when a script in any language is installed that the developer or company gets a email notification. It is quite another to send that information whenever you please, that sort of thing goes beyond accepted practices.  Also having the callback anywhere else other than install is a security issue. Someone could modify the code to send email to themselves regarding any information they wanted any time they wanted. 

Once the plugin is installed and the install file is no longer used, that helps prevent abuse.

I do apologize for having to suspend your plugins patricia and artmedia and others in this current cleanup process, but i believe we can and will get past this and look back on this as great time for change in the evolution of Oxwall. 

And finally, when you do something for free or for $5.00 or for $1000000.00 your professionalism and focus on quality should be exactly the same, dont do it if you cant or wont do it well.  :)

I will refrain from auto suspending plugins (just to check them) and unless there is an actual issue they will no longer be suspended. i have removed that section of the post.   I will however still be checking each plugin.  

Chris_W   

Quote "We spent 5 years asking for image alt tags"

since alt tags is a required  tag then may i ask why you did not suggest it here when i ask for such things.

https://developers.oxwall.com/forum/topic/66811

somebody, who steal plugin is smart and first thing what he do is check install.php file if it send any data, he remove this code. I fight with pirates from years and i know something about this

But install.php isn't removed from server after install, so please explain me why i can't use my callback function on service.php and why i can't send again info about site url. email owner and license key after somebody upgrade plugin (i use sometimes this, to check if somebody steal my plugin and is smart enough that i dont receive information about using plugin after installation)

I don't understand why you suspect that i use callback function other else on plugin, now i fell as i be stealer, hacker and bad person, but i add this extra code to protect my work. Please add to oxwall store better mechanism, which will better protect our work, then we dont use any callback on our scripts

Artmedia,

I never said the install file was removed, i said "install file is no longer used".   I also never said or suggested that anyone was stealing or was a bad person, you are again putting words in my mouth that i never said.

Oxwall is an open source script, if you want hard coded protection for your work then dont offer products on an open source script.  Its like deciding to build convertable car then getting upset because the inside gets wet when it rains.

We have all invested our time and money into Oxwall.  We did so because we love Oxwall and/or because we saw a benefit in doing so.  This was your decision to do this, it was your decision to have 100 plugins. 

For example php has changed array() to array[], are you going to write php and complain or would you just do the work to make it right 100 times.  You may do both but in the end you would do the work 100 times. And one day soon Oxwall may no longer except array().  How long as this one change been out, a long time and none of us including me has made any changes to their plugins to modify this. I will be doing mine shortly in a new release.  What about all of you, will you be doing this on your own or will you wait until the plugin fails, is suspended, and then get mad at us over it. 

There is no difference here, it comes with the business that things change and the changes are not always pleasant.

I have tested and i wish that oxwall would support ionCube even if it is just one license file that is connected to the core, but this is not the case and it would probably violate the open source license anyway.   In open source projects the best you can hope for is that the majority of users believe in license rules, have character, and are honest.  But this is not the case in any venture even outside of Oxwall.

In the end you are getting upset and fighting about something you have no control over. I dont have control over wether Oxwall is open source or not. I dont have control over the license, and i dont have control over versions of php.  Which by the way if we dont do something soon we are in for some big trouble and none of us will be selling anything.

Do you realize that if it was not for open source in the first place, none of us would even have Oxwall. It is the open source projects that preceded Oxwall that have made what we have today (all projects) possible.  Open source is not for everyone, it is what it is and i dont expect it to change any time soon.   But i do expect that nothing is going to work for any of us if we dont start having some standards and doing things together in unity.

Can you imagine if apache was like this, if every coder that developed apache did it differently with the feeling "it works so who cares".  It would be a total nightmare and would be much more difficult to update, develope, and grow.  And for users it would be maddening.  

One day i invision that Oxwall could have part of its internal core a way to update 3rd party plugins with new php requirements, sounds far fetched but its possible.  And if everyone does the basics differently then that would be impossible.

When i learned Oxwall i did so by looking how Skalfa did it in the first place, that is why my plugins pass the basics because everything is where it needs to be. And those non critical items will be fixed in future releases.

Oxwall was created and runs on a model that is basically a repeatable mold, certain things go in certain places to maintain the integrity as a whole project.

The reason you cant put the callback just anywhere is because it does not need to run other than the install process, period.    As a developer you have the right to know when someone installed your script and to get some basic information. After that, there is no more reason or need to get notifications.

Finally Artmedia, if it is a ton of work, i will do the same for you as i did for patricia, i can help you change files in my spare time, as long as you dont put all the work on me.  But if we can come up with a standard patch then i will be more than happy to help you patch your files.

I hope that explains our reasons..

Chris_W

I will add alt tags that to my list and i will get that done, so something will happen because i will make it happen. 

Thank you dave, yes I did fix it right away, because we are making oxwall great again (MOGA)!

I fully understand what this is all about, I agree with dave on certain things and dissagree on others, but at the end of the day, the Oxwall team has the right to do whatever the h... they want with the store and they can remove our plugins whenever they want for any reason.

My honest opinion: I Dissagree on removing Licenses security extra layer,suspending free plugins and apply rules retroactively to existing plugins.

Please dave open your mind a little and see what ArtMedia is trying to tell you, he just wants better security for his plugins, so if Oxwall is not going to include better security for our plugins, is not fair to force third party developers to remove the extra security layer from their plugins. It is just not fair for us. If you really want them to remove the extra security layer, please provide a better way to protect their work.

I know there is always people who steal our plugins, I myself have seen (using this extra security layer in the past) some of my plugins with 0 sales being installed in russian websites. I don't know how they get hem, but they do.

I recall that you went nuts (sorry if this a strong word, I don't now what other word use here, you can edit it if you want) when you saw somebody stole your plugins and you were trying to obfuscate them and I told you that they already had your code and that there was no hurry because of that, you have seen that problem happening to you in the past.

My intention is not be negative neither create a discussion here on who is right or wrong, I don't really care, If the boss tells me to do something with my plugins I say "Ok, and thank you". It is what it is, no need to argue, I can spend the day arguing or spend the day making the changes that the boss tells me to do, I choose to "fix it" until another boss comes here and tells me to make more changes. Or if I consider that it will take lots of time to fix them and I don't have sales enough or they are free plugins, then those plugins go kaput. I just wanted to let dave know my position in this matter of licenses verification and reaffirm my opinion on free plugins being suspended instead of moved into a "Plugins with no support, use on your own risk" section inside the store.

Senior Developer.

SD and everyone, i do respect and acknowledge your concerns and yes the developer side of me is with you in many ways. But the mission oriented side of me overpowers that (must be my army mental training kicking in) and sometimes i agree its not fair.  But many things are not fair, free will means we can either chose to keep it alive or let it die. Thats about a real as it gets. 

I have already agreed to not suspend any more plugins during review from active developers unless they have critical issues, so i am with you on that.  However we will still be suspending fly by night developers plugins who have abandoned their stores. 

We are not asking that anyone remove the callback, we are only asking that it happen during the install process.

Yes i freaked out years ago when that one site had my plugins and i never gave them anything.  That probably means that someone bought them and shared the code. In SD's case i also have no idea how they got a plugin without buying it in the first place.  Any open source project has far less security than major credit card sites and yet they get hacked all the time.  Not to say that anyone has hacked anything here, my point is that we need to live and survive in the world we are living in and make progress when we can.

Even though i freaked out that time about stolen products, i realize there was only so much i could do.  So i attemped to try to use ionCube in a non open source threatening way to secure the plugin, that did not fair well.  So i too want to be able to secure our work. But once again there is only so much we can do, and a callback in the install file is what we can do at the moment.  We might be able to do more later.

I dont agree that what we are dong should be thought of as retroactive.  Is php retroactive when they change array() to array[], no of course not.  They develope certain requirements just like aways and then they say here it is folks, do it...  that is the way the information world works.  Yes is seems cold harted at times but the greater good is what is being considered.  Can you imagine how much php would progress if they got everyone elses opinion first.. we would still be on php 3  lol

When and if Oxwall terms become more flexible, when the OSCL becomes more flexible, and we can do things inside the legal scope then we can also be more flexible in our products.  But until  then we are bound.

I love the idea SD of the unsupported free plugin section, but that is something that we have to work on in another phase. 

If we come up with a better way to secure the work of developers we will glady implement it. But remember that open source is just that, open.   And regardless of what we do as plugin developers and license developers and theme developers, someone is going to do what they want.  If that does not appeal to you then maybe look at coding for some closed source project in which you are allowed to use ionCube  to protect your work. 

But just remember that no matter what you do to secure your stuff, if someone really wants it, they will get it.  So rather than worry about playing detective since you cant stop them (criminals dont obey policies). Worry about taking care of those users that are honest and that do obey rules, and do this by not gathering information unauthorized.

I hope that helps.. :)

I fully get it, in fact, that's what I told you that day, focus on making your plugins better instead of fighting with with unknown thief's. 

They know how to remove the callbacks in the installation file, there is plugins whose this info were removed and they share how to remove it from the installer file from new plugins as well. That's what ArtMedia is trying to explain and it is true. You are forcing him to be unprotected against them.
As I said before, I'm not arguing and I'm ok with your reasons and with your decisions, I'm just giving facts.

Senior Developer.

The day may come that the store products can be ionCubed for better security but we are a long ways from that at the moment. 

I do really appreciate your support and your professionalism and feedback SD, good or bad.

We dont see it as having less security, we see it as everyone doing the security the same way.

Artmedia, If we dont start laying down guildlines that you can do this or cant do this, then guess what happens, some developer comes along and downloads all the passwords for all their databases, or downloads all user info (maybe to sell the user info on the black market). 

The whole purpose of the callback is to know who installed your plugin, our policy does not change that one bit and we acknowledge that its an important event. It only puts the code in the install file where it should be.   If they can figure out how to remove it from the install file, they can learn to remove it from anywhere.