We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Here are the new coding rules! | Forum

Topic location: Forum home » Support » Oxwall Store
dave
dave Jun 8 '20
Oxwall Coding Standard Policies

If you decide to write code for Oxwall regardless if it is for the software package core itself or as a plugin developer. Make sure you observe code style standards described in this policy. Some policies apply to core coding, some apply to plugin coding and some apply to both. We will specify how the rule applies in each rule that follows.

You don't have to make your code look fancy to write a great plugin. However, think how others looking at your code would appreciate if it's written like the rest of the Oxwall code. All rules in this policy are not because it is just our preference. There is a reason behind each policy with regards to security, readability, portability, compatibility, fail-safety and general acceptability in mind.

New policies have been marked with [New]


https://developers.oxwall.com/store/coding-standards


If you have any questions please let us know.


The Forum post is edited by dave Aug 4 '20
dave
dave Jun 8 '20
Once we get the approval, i will change this to a link to the standards page.
The Forum post is edited by dave Jun 19 '20
ArtMedia
ArtMedia Jun 19 '20

This is ridiculous, you want me to leave oxwlall for good? You write here proposed coding rules, but now you suspend my plugins, because dont apply this rules. As i see this are PROPOSED RULES, not existing rules. You know law rules? "lex, non retrotrahitur" ("law is not retroactive")


If you want create coding rules, you should discuss it with active developers, when rules was approved, then you must provide time to adjust plugins to new rules, but you don't want discuss with developers, you only can suspend plugins. You dont update oxwall core, we dont have new version oxwall, but you do everything to next developers leave oxwall too.


I have work, many clients, but also want support oxwall platform and do it in free time, but now, when you suspending my plugins, one by one, i probably leave oxwall.


DEAR CLIENTS for now Auto Banning and Membership X, because oxwall team suspended this plugin, i inform you that i dont release next updates, because plugins are suspended, if oxwall team unsuspend this plugin then next version will be published.

The Forum post is edited by ArtMedia Jun 19 '20
Joseph
Joseph Jun 19 '20

Quote from ArtMedia

This is ridiculous, you want me to leave oxwlall for good? You write here proposed coding rules, but now you suspend my plugins, because dont apply this rules. As i see this are PROPOSED RULES, not existing rules. You know law rules? "lex, non retrotrahitur" ("law is not retroactive")


If you want create coding rules, you should discuss it with active developers, when rules was approved, then you must provide time to adjust plugins to new rules, but you don't want discuss with developers, you only can suspend plugins. You dont update oxwall core, we dont have new version oxwall, but you do everything to next developers leave oxwall too.


I have work, many clients, but also want support oxwall platform and do it in free time, but now, when you suspending my plugins, one by one, i probably leave oxwall.


DEAR CLIENTS for now Auto Baning and Memership X, because oxwall team suspended this plugin, i inform you that i dont release next updates, because plugins are suspended, if oxwall team unsuspend this plugin then next version will be published.

+1
gami
gami Jun 19 '20

Hello,


You're kidding me, right?


Late April Fool's?


incredibly sorry


mike

Chris_W
Chris_W Jun 19 '20
If they keep changing rules and suspending plugins and expecting the developers to just update them right now so they can get them back in the store, I can see quite a few jumping ship and selling their Oxwall plugins form their own or another web site.  It's a bit much considering the Oxwall core hasn't seen an update four four years, that is one you can install from the admin panel rather than take a chance on the GitHub version... They want plugins to support php 7+ and be ready for php8. How about leading by example and fixing the core to the same level?  We spent 5 years asking for image alt tags and what did we get.... Nothing, but when it's the other way around, they say jump and dev's are supposed to answer,  How high?
The Forum post is edited by Chris_W Jun 19 '20
Sergey Kambalin
Sergey Kambalin Jun 19 '20
The first post in the thread is just a block of text which is very hard to read due to lack of structure. It does not look like a formal document.

Speaking of code style:

PHP community has long ago decided on the rule set: PSR1 and PSR12. If you want a proper code style use these specs.


Or just stick to Oxwall's original coding standards:
https://wiki.oxwall.com/dev:core:coding-standards



The Forum post is edited by Sergey Kambalin Jun 19 '20
Chris_W
Chris_W Jun 19 '20

Quote from Sergey Kambalin

Or just stick to Oxwall's original coding standards:
https://wiki.oxwall.com/dev:core:coding-standards




dave
dave Jun 19 '20

ArtMedia - I explained why the suspension in the notice you received.  I am sorry that this is painful for you and we certaintly dont want you to leave, you are a good developer.  However, lets try to be more professional about what is happening, and your reaction.  That original post above also says that many of the rules have been approved and we are just waiting on a small few. 


I believe what you are feeling is reaction to change because things have been stagnant for so long and now they are not.


1. Oxwall has the right to change, suspend, modify, improve the coding standards, and review products with or without notice.


2.  What was expected of you to get your plugin back online is a very easy 5 min job, all you have to do is move the function call to the install and only run that in the install. Why is that so hard to do.  We have not suspended all your products yet so why cant you just be more professional and realize that the change is for the better and change is natural, and just do it, and then it will be approved.  Just like SD and eventually Patricia have done.  SD handled it very professionally and the product was back online quickly.  Patricia also had some growing pains and we discussed it and she has been a trooper and very stand up about the whole thing. She knows like SD and myself know that this is a necessary thing to do in order to bring back respect to the Oxwall store and ALL of its developers.


I am sorry that you can no longer just post products and then leave them sit like auto pilot but we have fallen way behind in standards and expecting them.  I dont want to upset anyone but i am focused on a mission and that mission will help everyone.


3. Your hard work is appreciated and we have noticed the good things you and all develpers do here, but you must understand that there will be growing pains along the way but we have to get this done. Are you going to write me and ask me about new changes so you can do them right away, no probably not.   That set of rules has been up for two weeks now and so if you visted the forum more often then you would have seen this and had two weeks to change your products.


4. The reason this post was made was to openly discuss this with develpers but you have not replied until one of your plugins was suspended, you have had two weeks to discuss it.


5. This has nothing to do with the oxwall core update, they are two completely different matters.  I am currently working on an update just to let you know but i wont have it ready for a while.  Basically what you are saying is that just because you cant have one thing you can let another thing slide, that is not professional. 


Sergey, yes it is a block of text because i changed it to text. When posting the html the editor was stripping code for the ul  lists and creating havoc with the post so i decided to just make it plain text.   Any coder can get the overall idea of what is expected. Even with posting using the html menu item it still messed up.


Also Sergey, PSR1 is standard, PSR2 has been depricated to PSR12 which mostly deals with classes, methods, functions and some other formats.  But it does not specifically deal with items unique to Oxwall. 


6. Lets say for example that i messaged all the developers explaining things and then two weeks later i did the job.  They still would get upset because they have been sitting in a comfort zone for so long that they dont feel any work needs to be done or they just dont want to do it.   Plus the fact that by the time we write every developer and then wait for their reply, we would be doing this for 2 more years before the strore is cleaned up.  We cant wait that long folks. 


Maybe you might get to the changes in a week, a month, or later.  We needed to wake developers up to get them onboard that the store is a business just like any other business. In business there are always challenges and this is no different.  What we are asking is not rocket science, for many its just a few minutes of your time. For others its alot more.


I sincerely apologize that your plugins and store privilage might mean that you may have to do 5 - 10 min worth of work once in a while to keep up with standards. 


7.  Also patricia had all of her plugins suspended all at once but we did not do that with any of the rest of you.  And again patricia is a real trooper and very dedicated and understands its all in the achievement of progress. 


8. We dont want anyone to leave and we dont want to upset anyone, but this has to be done, it has to be done now, and it is long overdue, and there is no way to make everyone happy. 


Finally, ArtMedia i would ask kindly that you not use your plugin updates as hostage, you are only hurting yourself and your users. 


Thanks in advance for understanding and i hope we can get through this together.


Dave :)



The Forum post is edited by dave Jun 19 '20
dave
dave Jun 19 '20

Chris_W   those coding standards are outdated and do not cover many things that developers across the board are doing wrong.   What i do is i look to see how Skalfa does things, since they wrote it in the first place.  Then i use that as a guide to help determine compliance. 


Plus den was the last person to edit the wiki and he has the password and is no longer with us.  So it will take time to get that modified.  

dave
dave Jun 19 '20

Artmedia and Sergey, tell you what ill do out of respect.


First artmedia i will appove your two plugins with the understanding that you fix them by tomorrow, that is about 10 min worth of work.


artmedia and sergey, i wont suspend any more of your plugins if you bring them up to code by friday of this next week, that gives you a full week to do this. Which is plenty of time.  But if you do not then i will suspend all that are not changed all at once.


Does that sound fair ?

Patricia Zorrilla Leader
Patricia Zorrilla Jun 19 '20

In the mornings, before going to work, I follow my routine of entering my website, approving or rejecting new members (I use the approved manual), responding to user messages, checking out NewsFeed... It's my daily routine. Then I enter this forum, usually 5 minutes because there is not much to read, and return to my site in case any user has answered me not to make him wait until half a day, when I return from work.

One Monday I found all my plugins suspended at once, all of them, without any notice.

That same night I re-edited ALL of them and uploaded them again, I didn't update the version number because the changes don't bring anything, just the bulk of the new rules.

They didn't reapprove them, I have to rewrite them all.

I'm not going to comment on the fact that I got all of them suspended at once and other developers were given other criteria: what if a few, what if two weeks' notice...

I don't understand that recent plugins that are working well, that have support, are suspended. It has nothing to do with old plugins without support, things are being mixed up.

To emphasize the issue of comments in Spanish, which now happen to be banned.

Too bad, those comments are FOR ME, to develop new versions, for possible bugs, FOR ME. Spanish is my mother tongue, if I have to write them in English it means the same effort as doing it in Mandarin Chinese or Japanese, and they are no longer useful FOR ME.

What I sell in the plugins is a UTILITY, not a programming course. I try to use variable names and descriptive functions in English, but I don't like the language of the comments.

The same goes for "big chunks of code as comments".

For example, my UserJail plugin doesn't notify by email and the code to do this was finished but not tested. Well, it's already removed, there won't be a "version 2" that sends emails.

Another example. In my "MemberAds" plugin I had to move a lot of code from init.php to a new class called from init.php. Functionally it's EXACTLY the same but now the plugin is longer and its execution is 0.0001 % slower. Ah! But now it's nicer. Great. The performance doesn't matter, what a fool I am for not having noticed. I calculate that there are more than 10M ads published with my plugin. This plugin deserves that I improve the graphic part (HTML/CSS), not that I waste time moving functions from one part to another not to improve anything.

The plugins now I'm fixing them little by little, I don't have 8 hours a day because I don't live from selling plugins.

Dave's analyses are very exhaustive, in a plugin like "magazine" (suspended, of course, a plugin of ONE MILLION LINES OF CODE) there is some html that contains a </spam> without its corresponding <spam>

No, a warning is not enough, you have to suspend the plugin.

Actually now nobody will have complaints about the quality of the plugins in the shop, the problem will be if there are plugins.

Mine are already half reapproved, they do the same. The rest, I don't know what to do, in my web they are working perfectly, in my demo web too and those who have bought them, have not commented anything, so I understand that they are satisfied.

What do I do now? Do I waste my time rewriting them all?

Or do I write new ones?

"Making beautiful" a code that works is NOT a hobby.

(I'm sorry that Google translates so badly)

Patricia Zorrilla Leader
Patricia Zorrilla Jun 19 '20

My shop

ArtMedia
ArtMedia Jun 19 '20

Dave, why all developers dont get info about this new rules, to discuss it and adjust? When you apply something rules, then why devs don't get email message about its? I only get info about suspend GOOD plugins with support, because you write some rules on forum, where i go only sometimes, because you have there more spam than value posts.


Then tell me why my callback function must be on install.php file, many users stole plugins, i must have veryfiyng mechanism to protect my work, so i create function which send email to me who install my plugin (get only email, site url, license key, plugin name). I also send this email sometimes when prepare big update, to get info, if somebody is enough smart to disable mail function when install plugins. So i create my function on service.php file, because i use it when somebody install plugin or update plugin, as you know, you can use plugin service file on install file, because you get error (plugin namespace dont exist when install plugin), i create function on service to don't refactoring code on install and updates files, because then i must copy the same code from install file to update file, when i want get info who use my plugin after big plugin update and if somebody stole my work, because license key is empty. So my plugin size is smaller, because i have one function on service.php which do this.


Tell me why callback function must be on install file.


About updates, tell me how send plugin updates when plugin is suspended? i have ~ 100 plugins, changes, zipping, clean zip file, update on this site, wait after send plugin when you can change main version (you musi sometimes wait 10-20 minutes), that isn't 5 minutes, this about 20-30 minutes, then 100 * 30 = 50h work and this changes dont upgrade plugin quality. Developers are busy working on many project, you must have it on mind.


I dont understand why you suspend good plugins, which have good reviews, which don't have any harm code. On oxwall store are many bad plugins, eg. aaron plugins, start working on aaron plugins, and then before you want suspend plugin you should contact with good developers.


Now you do this, suspend plugin -> inform  developer, good comunications should be: contact with developer -> suspend plugin if plugin have any harm code or generate errors, when developer dont want cooperate,

The Forum post is edited by ArtMedia Jun 19 '20
dave
dave Jun 19 '20

Patricia - since you opened the door on the subject then i can now explain why in public.

Your plugins were NEVER suspended for one silly reason, they were suspended because of multiple critical reasons.  In my notes (which i will share if you want me to) i sorted out the issues between critical and non critical.  The critical items were the ones you need to fix to get the plugin approved. The non critical items were labeled as "fix in future releases" 


The biggest issue with your plugins patricia was the fact that you were gathing information during callback that was none of your business (such as all plugins installed and keys) This is why all of your plugins other than one were suspended right away because we had to stop that from happening right away. 


If someone does not know what a callback is, its basically just sending an email back to the developer that contains information they gather from the install and server.


Again I was directed to suspend them all from above, but i would have done so anyway because of the following:


We as developers hold very high power over what is possible, just because it is possible does not mean that we can just do it.  Especially in todays world when privacy and security are both such important topics.  Your plugin was never suspended because of gathering proper information, it was suspended because it was gathing unauthorized inforamtion from someones server without asking first and without any kind of notice or disclaimer.    Getting a list of every plugin that someone has along with key values is none of our business as developers.  


We must be extra cautious and extra sensitive as developers that we do not violate that trust that poeple place in our work and in ourselfes.  This means that you dont collect information that is none of your business. 


This also goes for being on a customers server, we must always do exactly what is needed and nothing more, no snooping around, no seeing what they have in other directories, no sticking our fingers where they dont belong.  I cannot stress this part enough that we must only do exactly what is necessary while on someones server and nothing more. 


The html errors were many in your plugins patricia, so many that yes they became a critical item.  Some where false positives and i allowed for those, some were flat out coding issues.  And yes <spam> text </spam> and missing anchor tags matter in html. Maybe the customer does not get a message on the screen because of it, maybe some confirm url does not appear.  Errors matter regardless where they are.    And i believe that i was very very fair with only marking those critical items that mattered.


As far as format and where files go, they go there for a reason, not only because skalfa wrote it that way but because they did so for a reason.  When you change locations of process you change the way the script works regardless if it is parsed on the page or not. It can also effect security, class protection and other issues.  Plus if the basics are done the same by everyone then its much easier and faster to approve the product.  Just sticking something willy nilly anywhere you want to destroys any kind of stardards at all, and then we have to try to sort out and follow a new data process with every plugin. 


Patricia, i know you did not do that with bad intent, you are a excellent developer.  Which is why i stopped everything else i was doing to focus on your needs so that we could get you back up and running asap. 


There were warnings, notices, errors, sometimes the process caused confusion which is also a great part of having someone else look at your product.  I bent over backwards to even suggest coding for you and sent it to you, i dedicated myself to get your products  back online asap because i knew there was alot to do.


The reason the list became more than just one thing is because while looking at the files we found more stuff that was an issue.  But again i dedicated myself to get your stuff back onlline asap.


Artmedia -  The reason that the callback has to be in the install is because it limits when it can run.  It should not be run during any other time other than install.  The reason why is because the purpose of the callback is to establish when and where your plugin was installed so that you can match it up with the users information in your store to verify they are using it legally.  


The callback is not something that is suppose to be executed just whenever you want and the reason for that is because of legalities and security.  It is one thing and mostly understood and excepted that when a script in any language is installed that the developer or company gets a email notification. It is quite another to send that information whenever you please, that sort of thing goes beyond accepted practices.  Also having the callback anywhere else other than install is a security issue. Someone could modify the code to send email to themselves regarding any information they wanted any time they wanted. 


Once the plugin is installed and the install file is no longer used, that helps prevent abuse.


I do apologize for having to suspend your plugins patricia and artmedia and others in this current cleanup process, but i believe we can and will get past this and look back on this as great time for change in the evolution of Oxwall. 


And finally, when you do something for free or for $5.00 or for $1000000.00 your professionalism and focus on quality should be exactly the same, dont do it if you cant or wont do it well.  :)


I will refrain from auto suspending plugins (just to check them) and unless there is an actual issue they will no longer be suspended. i have removed that section of the post.   I will however still be checking each plugin.  


The Forum post is edited by dave Jun 19 '20
dave
dave Jun 19 '20

Chris_W   


Quote "We spent 5 years asking for image alt tags"


since alt tags is a required  tag then may i ask why you did not suggest it here when i ask for such things.


https://developers.oxwall.com/forum/topic/66811



ArtMedia
ArtMedia Jun 19 '20

somebody, who steal plugin is smart and first thing what he do is check install.php file if it send any data, he remove this code. I fight with pirates from years and i know something about this


But install.php isn't removed from server after install, so please explain me why i can't use my callback function on service.php and why i can't send again info about site url. email owner and license key after somebody upgrade plugin (i use sometimes this, to check if somebody steal my plugin and is smart enough that i dont receive information about using plugin after installation)


I don't understand why you suspect that i use callback function other else on plugin, now i fell as i be stealer, hacker and bad person, but i add this extra code to protect my work. Please add to oxwall store better mechanism, which will better protect our work, then we dont use any callback on our scripts

The Forum post is edited by ArtMedia Jun 19 '20
Chris_W
Chris_W Jun 19 '20
I suggested it over four years by voting for it with no effect. I had given up expecting anything to happen. That's one reason why I tried all the Oxwall spin off forks to see if any of them would be open to suggestions. Sadly they all came to nothing, which is what we have become used to over the last four years or so, nothing happening.
Quote from dave

Chris_W   


Quote "We spent 5 years asking for image alt tags"


since alt tags is a required  tag then may i ask why you did not suggest it here when i ask for such things.


https://developers.oxwall.com/forum/topic/66811




dave
dave Jun 19 '20

Artmedia,


I never said the install file was removed, i said "install file is no longer used".   I also never said or suggested that anyone was stealing or was a bad person, you are again putting words in my mouth that i never said.


Oxwall is an open source script, if you want hard coded protection for your work then dont offer products on an open source script.  Its like deciding to build convertable car then getting upset because the inside gets wet when it rains.


We have all invested our time and money into Oxwall.  We did so because we love Oxwall and/or because we saw a benefit in doing so.  This was your decision to do this, it was your decision to have 100 plugins. 


For example php has changed array() to array[], are you going to write php and complain or would you just do the work to make it right 100 times.  You may do both but in the end you would do the work 100 times. And one day soon Oxwall may no longer except array().  How long as this one change been out, a long time and none of us including me has made any changes to their plugins to modify this. I will be doing mine shortly in a new release.  What about all of you, will you be doing this on your own or will you wait until the plugin fails, is suspended, and then get mad at us over it. 


There is no difference here, it comes with the business that things change and the changes are not always pleasant.


I have tested and i wish that oxwall would support ionCube even if it is just one license file that is connected to the core, but this is not the case and it would probably violate the open source license anyway.   In open source projects the best you can hope for is that the majority of users believe in license rules, have character, and are honest.  But this is not the case in any venture even outside of Oxwall.


In the end you are getting upset and fighting about something you have no control over. I dont have control over wether Oxwall is open source or not. I dont have control over the license, and i dont have control over versions of php.  Which by the way if we dont do something soon we are in for some big trouble and none of us will be selling anything.


Do you realize that if it was not for open source in the first place, none of us would even have Oxwall. It is the open source projects that preceded Oxwall that have made what we have today (all projects) possible.  Open source is not for everyone, it is what it is and i dont expect it to change any time soon.   But i do expect that nothing is going to work for any of us if we dont start having some standards and doing things together in unity.


Can you imagine if apache was like this, if every coder that developed apache did it differently with the feeling "it works so who cares".  It would be a total nightmare and would be much more difficult to update, develope, and grow.  And for users it would be maddening.  


One day i invision that Oxwall could have part of its internal core a way to update 3rd party plugins with new php requirements, sounds far fetched but its possible.  And if everyone does the basics differently then that would be impossible.


When i learned Oxwall i did so by looking how Skalfa did it in the first place, that is why my plugins pass the basics because everything is where it needs to be. And those non critical items will be fixed in future releases.


Oxwall was created and runs on a model that is basically a repeatable mold, certain things go in certain places to maintain the integrity as a whole project.


The reason you cant put the callback just anywhere is because it does not need to run other than the install process, period.    As a developer you have the right to know when someone installed your script and to get some basic information. After that, there is no more reason or need to get notifications.


Finally Artmedia, if it is a ton of work, i will do the same for you as i did for patricia, i can help you change files in my spare time, as long as you dont put all the work on me.  But if we can come up with a standard patch then i will be more than happy to help you patch your files.


I hope that explains our reasons..


Chris_W


I will add alt tags that to my list and i will get that done, so something will happen because i will make it happen. 






The Forum post is edited by dave Jun 19 '20
Senior Developer Leader
Senior Developer Jun 19 '20

Thank you dave, yes I did fix it right away, because we are making oxwall great again (MOGA)!



I fully understand what this is all about, I agree with dave on certain things and dissagree on others, but at the end of the day, the Oxwall team has the right to do whatever the h... they want with the store and they can remove our plugins whenever they want for any reason.


My honest opinion: I Dissagree on removing Licenses security extra layer,suspending free plugins and apply rules retroactively to existing plugins.


Please dave open your mind a little and see what ArtMedia is trying to tell you, he just wants better security for his plugins, so if Oxwall is not going to include better security for our plugins, is not fair to force third party developers to remove the extra security layer from their plugins. It is just not fair for us. If you really want them to remove the extra security layer, please provide a better way to protect their work.


I know there is always people who steal our plugins, I myself have seen (using this extra security layer in the past) some of my plugins with 0 sales being installed in russian websites. I don't know how they get hem, but they do.


I recall that you went nuts (sorry if this a strong word, I don't now what other word use here, you can edit it if you want) when you saw somebody stole your plugins and you were trying to obfuscate them and I told you that they already had your code and that there was no hurry because of that, you have seen that problem happening to you in the past.


My intention is not be negative neither create a discussion here on who is right or wrong, I don't really care, If the boss tells me to do something with my plugins I say "Ok, and thank you". It is what it is, no need to argue, I can spend the day arguing or spend the day making the changes that the boss tells me to do, I choose to "fix it" until another boss comes here and tells me to make more changes. Or if I consider that it will take lots of time to fix them and I don't have sales enough or they are free plugins, then those plugins go kaput. I just wanted to let dave know my position in this matter of licenses verification and reaffirm my opinion on free plugins being suspended instead of moved into a "Plugins with no support, use on your own risk" section inside the store.



Senior Developer.


Pages: 1 2 3 »
This topic is sticky
This topic is locked