A friend of mine bought the code of FactionsUltimate, he has been having some problems with it, as it is not very compatible with other plugins, beacuse of a few flaws I will outline below, and that his profiler plugin keep catching it call many things in an intensive process on main thread.
We took a look into some of the code that he had written, and... well... read below.
A lot of the code we found looks like its been copy pasted, any basic developer knows to just make a method, and use a parameter for the item name, which would save him typing and just be easier on him. This causes on performance hits, but it certianly makes me question his title of "Experienced Java Developer".
When I saw this, I decided to take a look at his "Crack Protection", the plugin advertises that every user gets a different code that they have to put in which allows you to enable the plugin. Which seems fine, but when running the plugin we saw no POST, GET, or outgoing connections out of the norm from the server. So we concluded that it was doing this somehow internally, maybe from a list of HWIDs and Codes? nah. Its literally just one code "facult"
He has attempted to hide it in the Ascii compass which is used in the faction map and other things.
it is then called in a class called CmdShowClaims, which has all its code removed, and he uses the singular "unique code" to enable the plugin.
Onwards there is a sad attempt at obfuscation/confusion so that people cant find this block of code.
He literally took the string and then replaced it "/" and square brackets inside of it...
When we finally got done looking through the atrocities, we went and found the problem as to why we even looked into the plugin.
I believe there are some unspoken rules about forking, such as leaving credit to the original authors and more.
As we can see the version tags other than the 1.6.9.5-U have been removed, all authors have been removed, just leaving his name. While I wouldnt have said anything, this causes issues with any plugin attempting to hook in.
Usually standard practice is to look either at the version string ( which has been stripped ), so if we look at the authors, we can look for "drtshock", which can signify FactionsUUID, so the plugin can use the correct hook, well, guess what, its not there. Hence this breaks any intergration to FactionsUUID hooks, which if he left the names in, would work perfectly as he is using a fork.
After quite a bit of searching and looking through a lot more issues, I just decided to write this quick little post up warning people against this. As FactionsUltimate seems to have a few too many issues. I will slowly be adding all the features from FactionsUltimate into my plugin, I was avoiding doing this but after all the issues people had with my new genbucket plugin not being able to use FactionsUUID hooks in FactionsUltimate, Id rather just not see people using the plugin.
The plugin "FactionsUltimate", does not affect or hurt me in any form, my plugin is free. I just wanted to warn users or potential buyers.
We took a look into some of the code that he had written, and... well... read below.
A lot of the code we found looks like its been copy pasted, any basic developer knows to just make a method, and use a parameter for the item name, which would save him typing and just be easier on him. This causes on performance hits, but it certianly makes me question his title of "Experienced Java Developer".
When I saw this, I decided to take a look at his "Crack Protection", the plugin advertises that every user gets a different code that they have to put in which allows you to enable the plugin. Which seems fine, but when running the plugin we saw no POST, GET, or outgoing connections out of the norm from the server. So we concluded that it was doing this somehow internally, maybe from a list of HWIDs and Codes? nah. Its literally just one code "facult"
He has attempted to hide it in the Ascii compass which is used in the faction map and other things.
it is then called in a class called CmdShowClaims, which has all its code removed, and he uses the singular "unique code" to enable the plugin.
Onwards there is a sad attempt at obfuscation/confusion so that people cant find this block of code.
He literally took the string and then replaced it "/" and square brackets inside of it...
When we finally got done looking through the atrocities, we went and found the problem as to why we even looked into the plugin.
I believe there are some unspoken rules about forking, such as leaving credit to the original authors and more.
As we can see the version tags other than the 1.6.9.5-U have been removed, all authors have been removed, just leaving his name. While I wouldnt have said anything, this causes issues with any plugin attempting to hook in.
Usually standard practice is to look either at the version string ( which has been stripped ), so if we look at the authors, we can look for "drtshock", which can signify FactionsUUID, so the plugin can use the correct hook, well, guess what, its not there. Hence this breaks any intergration to FactionsUUID hooks, which if he left the names in, would work perfectly as he is using a fork.
After quite a bit of searching and looking through a lot more issues, I just decided to write this quick little post up warning people against this. As FactionsUltimate seems to have a few too many issues. I will slowly be adding all the features from FactionsUltimate into my plugin, I was avoiding doing this but after all the issues people had with my new genbucket plugin not being able to use FactionsUUID hooks in FactionsUltimate, Id rather just not see people using the plugin.
The plugin "FactionsUltimate", does not affect or hurt me in any form, my plugin is free. I just wanted to warn users or potential buyers.
