Skip to content

Commit

Permalink
chore: update SRP6 TrinityCore
Browse files Browse the repository at this point in the history
  • Loading branch information
@sayghteight
sayghteight committed Feb 18, 2024
1 parent 2be87da commit d04be59
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 2 deletions.
8 changes: 8 additions & 0 deletions application/config/resources.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,5 +100,13 @@
'trinity_sha' => [
'name' => 'TrinityCore (SHA Hash)',
'urn' => 'TC'
],
'trinitySRP1' => [
'name' => 'TrinityCore (SRP6 V1)',
'urn' => 'TC'
],
'trinitySRP2' => [
'name' => 'TrinityCore (SRP6 V2)',
'urn' => 'TC'
]
];
43 changes: 42 additions & 1 deletion application/helpers/extra_helper.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -319,14 +319,16 @@ function decrypt($data)
*/
function client_pwd_hash($username, $password, $type = null, $salt = null)
{
is_string($username) || $username = '';
is_string($password) || $password = '';

switch ($type) {
case 'bnet':
return strtoupper(bin2hex(strrev(hex2bin(strtoupper(hash('sha256', strtoupper(hash('sha256', strtoupper($username)) . ':' . strtoupper($password))))))));

case 'hex':
$client = new \Laizerox\Wowemu\SRP\UserClient($username, $salt);
return strtoupper($client->generateVerifier($password));

case 'srp6':
// Constants
$g = gmp_init(7);
Expand All @@ -345,6 +347,45 @@ function client_pwd_hash($username, $password, $type = null, $salt = null)
$verifier = str_pad($verifier, 32, chr(0), STR_PAD_RIGHT);
return $verifier;

case 'srp6v1':
// Set the value of generator 'g' to 2.
$g = gmp_init(2);
// Set the value of the safe prime 'N' using the gmp_init() function.
$N = gmp_init('86A7F6DEEB306CE519770FE37D556F29944132554DED0BD68205E27F3231FEF5A10108238A3150C59CAF7B0B6478691C13A6ACF5E1B5ADAFD4A943D4A21A142B800E8A55F8BFBAC700EB77A7235EE5A609E350EA9FC19F10D921C2FA832E4461B7125D38D254A0BE873DFC27858ACB3F8B9F258461E4373BC3A6C2A9634324AB');

// Calculate the hash value 'h' using the hash() function with SHA-256 and gmp_import().
$h = gmp_import(hash('sha256', $salt . hash('sha256', strtoupper(hash('sha256', strtoupper($username), false) . ':' . substr($password, 0, 16)), true), true), 1, GMP_LSW_FIRST);

// Calculate the verifier using gmp_powm() and convert it to a byte string.
$verifier = str_pad(gmp_export(gmp_powm($g, $h, $N), 1, GMP_LSW_FIRST), 128, chr(0), STR_PAD_RIGHT);

// Return an array with the value 'verifier'.
return $verifier;

case 'srp6v2':
// Define algorithm constants
$g = gmp_init(2); // Generator
$N = gmp_init('AC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73', 16); // Prime

// Calculate 'x' using PBKDF2 with SHA-512
$tmp = strtoupper(hash('sha256', strtoupper($username), false)) . ":" . $password;
$iterations = 15000;
$xBytes = hash_pbkdf2("sha512", $tmp, $salt, $iterations, 64, true);
$x = gmp_import($xBytes, 1, GMP_MSW_FIRST);

// Ensure 'x' is within the range [0, N-1]
if (ord($xBytes[0]) & 0x80) {
$fix = gmp_init('100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000', 16);
$x = gmp_sub($x, $fix);
}
$x = gmp_mod($x, gmp_sub($N, 1));

// Calculate the verifier
$verifier = str_pad(gmp_export(gmp_powm($g, $x, $N), 1, GMP_LSW_FIRST), 256, chr(0), STR_PAD_RIGHT);

// Return an array with the value 'verifier'.
return $verifier;

default:
return strtoupper(sha1(strtoupper($username) . ':' . strtoupper($password)));
}
Expand Down
11 changes: 10 additions & 1 deletion application/models/Server_auth_model.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,16 @@ public function create_account($username, $email, $password)
$account['salt'] = $salt;
$account['verifier'] = client_pwd_hash($username, $password, 'srp6', $salt);
break;

case 'trinitySRP1':
$salt = random_bytes(32);
$account['salt'] = $salt;
$account['verifier'] = client_pwd_hash($username, $password, 'srp6v1', $salt);
break;
case 'trinitySRP2':
$salt = random_bytes(32);
$account['salt'] = $salt;
$account['verifier'] = client_pwd_hash($username, $password, 'srp6v2', $salt);
break;
case 'cmangos':
$salt = bin2hex(random_bytes(32));
$account['v'] = client_pwd_hash($username, $password, 'hex', $salt);
Expand Down

19 comments on commit d04be59

@Under-Wow
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You copied it from FusionCMS but did not write the source.

FusionWowCMS/FusionCMS@fda9ec4#diff-d9ba83c9cc2db512289dc1781301a55d8e222e38d04da80eca98da5a1c9a87f4R83-R101

@LichKing255
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You copied it from FusionCMS but did not write the source.

FusionWowCMS/FusionCMS@fda9ec4#diff-d9ba83c9cc2db512289dc1781301a55d8e222e38d04da80eca98da5a1c9a87f4R83-R101

In the private sources related to Wow, no one ever respects the copyrights, he also did not keep the rights like others.

@shocker978
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You copied it from FusionCMS but did not write the source.
FusionWowCMS/FusionCMS@fda9ec4#diff-d9ba83c9cc2db512289dc1781301a55d8e222e38d04da80eca98da5a1c9a87f4R83-R101

In the private sources related to Wow, no one ever respects the copyrights, he also did not keep the rights like others.

But copyright must always be respected, when a code is copied from somewhere, source name must also be mentioned.

@Under-Wow
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You copied it from FusionCMS but did not write the source.
FusionWowCMS/FusionCMS@fda9ec4#diff-d9ba83c9cc2db512289dc1781301a55d8e222e38d04da80eca98da5a1c9a87f4R83-R101

In the private sources related to Wow, no one ever respects the copyrights, he also did not keep the rights like others.

should everyone repeat mistakes of others?

@LichKing255
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You copied it from FusionCMS but did not write the source.
FusionWowCMS/FusionCMS@fda9ec4#diff-d9ba83c9cc2db512289dc1781301a55d8e222e38d04da80eca98da5a1c9a87f4R83-R101

In the private sources related to Wow, no one ever respects the copyrights, he also did not keep the rights like others.

But copyright must always be respected, when a code is copied from somewhere, source name must also be mentioned.

I didn't say this is correct, I said many people does not it. In many places, other people's source codes are stolen and submit own name, but I did not say that this is correct thing to do.

@LichKing255
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You copied it from FusionCMS but did not write the source.
FusionWowCMS/FusionCMS@fda9ec4#diff-d9ba83c9cc2db512289dc1781301a55d8e222e38d04da80eca98da5a1c9a87f4R83-R101

In the private sources related to Wow, no one ever respects the copyrights, he also did not keep the rights like others.

should everyone repeat mistakes of others?
i know @Nightprince and for, he works in different section of Wow, he has done many fixes on different sources, even years ago i reported a bug to him in the AzerothCore source and he fixed that bug for me and that pulled requested on origin source, but maybe he allowed @sayghteight to use his code.

@Nightprince
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You copied it from FusionCMS but did not write the source.
FusionWowCMS/FusionCMS@fda9ec4#diff-d9ba83c9cc2db512289dc1781301a55d8e222e38d04da80eca98da5a1c9a87f4R83-R101

In the private sources related to Wow, no one ever respects the copyrights, he also did not keep the rights like others.

should everyone repeat mistakes of others?
i know @Nightprince and for, he works in different section of Wow, he has done many fixes on different sources, even years ago i reported a bug to him in the AzerothCore source and he fixed that bug for me and that pulled requested on origin source, but maybe he allowed @sayghteight to use his code.

No, I have not given anyone permission to use FusionCMS code without mentioning its name.
He claims that he wrote these codes himself and all lines and even variables name are exactly same with FusionCMS by 0.0000001 chance .
Ask him how many percent in the world is probability that two codes will be written in exactly same way and everything will be exactly same, not even an additional variable will be used? :)
I don't know, it's not for me to judge :)

@Karitoswow
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You copied it from FusionCMS but did not write the source.

FusionWowCMS/FusionCMS@fda9ec4#diff-d9ba83c9cc2db512289dc1781301a55d8e222e38d04da80eca98da5a1c9a87f4R83-R101

In the private sources related to Wow, no one ever respects the copyrights, he also did not keep the rights like others

@sayghteight
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clarification Regarding Code Origin and Contribution

I want to address this matter from the outset to clear up any misunderstandings:

At no point have we copied any code from FusionCMS for our previous system, SRP6, integrated into BlizzCMS. Functions like gmp_init, gmp_sub, and gmp_import were already present in our old system. Additionally, it's essential to note that functions like hash_pbkdf2 and strtoupper are standard in PHP and are documented on php.net.

It's true that some variables coincided with those used in FusionCMS. However, after careful review and discussion with Nigthprince, I decided to change those names to avoid any confusion (f3d4217). Despite this, I've been once again accused of our work being a copy.

To address any concerns, I'll soon upload another version of SRP6 with a different approach. If doubts persist regarding the originality of our work, I'm willing to include credits to FusionCMS, as mentioned in the release notes. However, it's essential to recognize that our approach and functionalities differ significantly from those of FusionCMS.

I want to emphasize that our goal is to make a positive contribution to the community. It's disheartening to receive constant complaints instead of support and recognition for our efforts. While our foundation may be different, we're working hard to build a project from scratch, and we hope that this effort is valued and respected.

Thank you for your understanding, and I hope we can continue to collaborate constructively in the future.

@shocker978
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clarification Regarding Code Origin and Contribution

I want to address this matter from the outset to clear up any misunderstandings:

At no point have we copied any code from FusionCMS for our previous system, SRP6, integrated into BlizzCMS. Functions like gmp_init, gmp_sub, and gmp_import were already present in our old system. Additionally, it's essential to note that functions like hash_pbkdf2 and strtoupper are standard in PHP and are documented on php.net.

It's true that some variables coincided with those used in FusionCMS. However, after careful review and discussion with Nigthprince, I decided to change those names to avoid any confusion (f3d4217). Despite this, I've been once again accused of our work being a copy.

To address any concerns, I'll soon upload another version of SRP6 with a different approach. If doubts persist regarding the originality of our work, I'm willing to include credits to FusionCMS, as mentioned in the release notes. However, it's essential to recognize that our approach and functionalities differ significantly from those of FusionCMS.

I want to emphasize that our goal is to make a positive contribution to the community. It's disheartening to receive constant complaints instead of support and recognition for our efforts. While our foundation may be different, we're working hard to build a project from scratch, and we hope that this effort is valued and respected.

Thank you for your understanding, and I hope we can continue to collaborate constructively in the future.

Well, with what you said in the first few lines, it can be concluded that your code is similar to Codeigniter and you have not used it, because its functions are PHP.
He is also updating FusionCMS for everyone else's progress, while very few people are working with him.
It is true that gmp functions already existed, but nightprince wrote the formula for using it and how to convert it, and you used exactly the same code, the only difference is where you used it, but the formulas themselves, the names, how Writing the code is exactly the same as written by him in FusionCMS.

@sayghteight
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed, both implementations exhibit resemblances due to the inherent nature of the cryptographic algorithm (SRP6) and the use of common PHP functions such as gmp_init, gmp_sub, gmp_import, hash_pbkdf2, and strtoupper. These functions are widely used in cryptographic operations and are part of PHP's standard library.

While the code structures may appear similar, it's essential to note that our implementation has been independently crafted, following established best practices and security standards. We've taken measures to ensure clarity, maintainability, and adherence to security principles within our codebase.

Furthermore, I want to highlight that a significant refactorization has been undertaken since the commit d3f927c. This refactorization has aimed to improve code organization, readability, and differentiation from any existing codebase, further ensuring the uniqueness of our implementation.

I appreciate your diligence in bringing this matter to my attention, and I assure you that there has been no intentional copying of code from FusionCMS or any other source. Our goal is to develop secure and robust solutions while upholding the integrity of our project.

If you have any further concerns or suggestions for improvement, please feel free to share them. We are committed to fostering transparency and integrity in our development process.

@shocker978
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed, both implementations exhibit resemblances due to the inherent nature of the cryptographic algorithm (SRP6) and the use of common PHP functions such as gmp_init, gmp_sub, gmp_import, hash_pbkdf2, and strtoupper. These functions are widely used in cryptographic operations and are part of PHP's standard library.

While the code structures may appear similar, it's essential to note that our implementation has been independently crafted, following established best practices and security standards. We've taken measures to ensure clarity, maintainability, and adherence to security principles within our codebase.

Furthermore, I want to highlight that a significant refactorization has been undertaken since the commit d3f927c. This refactorization has aimed to improve code organization, readability, and differentiation from any existing codebase, further ensuring the uniqueness of our implementation.

I appreciate your diligence in bringing this matter to my attention, and I assure you that there has been no intentional copying of code from FusionCMS or any other source. Our goal is to develop secure and robust solutions while upholding the integrity of our project.

If you have any further concerns or suggestions for improvement, please feel free to share them. We are committed to fostering transparency and integrity in our development process.

This is not correct, with the same gmp, it can be written in several different ways, none of which is similar to the other. We are not talking about cryptographic functions here, we are talking about the coding itself. No one said why you used gmp_init, gmp_sub, gmp_import, hash_pbkdf2 functions. Everyone says line by line code is like FusionCMS.
You have changed the names of variables in your subsequent commits, but this does not change anything and you have used their codes.

If you have any further concerns or suggestions for improvement, please feel free to share them. We are committed to fostering transparency and integrity in our development process.

If suggestions are really important to you and you are committed to transparency in your developments, mention source of codes in your source.

@sayghteight
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, who started using GMP first? This question serves as a reminder of the constant flow of ideas and technologies in the world of software development. When examining the provided commits and code snippets, it's clear that the implementation of certain technologies like GMP and SRP6 doesn't happen in isolation, but rather builds upon the previous work and research of others.

The "Initial Commit" released 2 years ago in Extra_Helper reveals that BlizzCMS was already using a code snippet related to SRP6 at that time. This fact demonstrates that BlizzCMS was working on integrating SRP6 before other systems, such as FusionCMS. Furthermore, the shared use of the laizerox/php-wowemu-auth library between both CMS suggests an indirect collaboration in the realm of security implementation.

Below is the code snippet demonstrating the usage of GMP in the authentication process:

// Constants
$g = gmp_init(7);
$N = gmp_init('894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7', 16);
// Calculate first hash
$h1 = sha1(strtoupper($username . ':' . $password), true);
// Calculate second hash
$h2 = sha1($salt . $h1, true);
// Convert to integer (little-endian)
$h2 = gmp_import($h2, 1, GMP_LSW_FIRST);
// g^h2 mod N
$verifier = gmp_powm($g, $h2, $N);
// Convert back to a byte array (little-endian)
$verifier = gmp_export($verifier, 1, GMP_LSW_FIRST);
// Pad to 32 bytes, remember that zeros go on the end in little-endian!
$verifier = str_pad($verifier, 32, chr(0), STR_PAD_RIGHT);
return $verifier;

While we cannot definitively determine who started using GMP first, it's evident that its adoption by multiple projects, such as BlizzCMS and FusionCMS, is indicative of its effectiveness and relevance in the field of software development.

Ultimately, beyond attributing credits and recognition, it's essential to acknowledge the value of collaboration and knowledge sharing in the software development community. By leveraging existing technologies and building upon the work of others, we can advance towards more robust and secure solutions for all. Therefore, instead of focusing on who was the first to use a particular technology, we should celebrate the creativity and collective effort that drives innovation in our field.

@Under-Wow
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, who started using GMP first? This question serves as a reminder of the constant flow of ideas and technologies in the world of software development. When examining the provided commits and code snippets, it's clear that the implementation of certain technologies like GMP and SRP6 doesn't happen in isolation, but rather builds upon the previous work and research of others.

The "Initial Commit" released 2 years ago in Extra_Helper reveals that BlizzCMS was already using a code snippet related to SRP6 at that time. This fact demonstrates that BlizzCMS was working on integrating SRP6 before other systems, such as FusionCMS. Furthermore, the shared use of the laizerox/php-wowemu-auth library between both CMS suggests an indirect collaboration in the realm of security implementation.

Below is the code snippet demonstrating the usage of GMP in the authentication process:

// Constants
$g = gmp_init(7);
$N = gmp_init('894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7', 16);
// Calculate first hash
$h1 = sha1(strtoupper($username . ':' . $password), true);
// Calculate second hash
$h2 = sha1($salt . $h1, true);
// Convert to integer (little-endian)
$h2 = gmp_import($h2, 1, GMP_LSW_FIRST);
// g^h2 mod N
$verifier = gmp_powm($g, $h2, $N);
// Convert back to a byte array (little-endian)
$verifier = gmp_export($verifier, 1, GMP_LSW_FIRST);
// Pad to 32 bytes, remember that zeros go on the end in little-endian!
$verifier = str_pad($verifier, 32, chr(0), STR_PAD_RIGHT);
return $verifier;

While we cannot definitively determine who started using GMP first, it's evident that its adoption by multiple projects, such as BlizzCMS and FusionCMS, is indicative of its effectiveness and relevance in the field of software development.

Ultimately, beyond attributing credits and recognition, it's essential to acknowledge the value of collaboration and knowledge sharing in the software development community. By leveraging existing technologies and building upon the work of others, we can advance towards more robust and secure solutions for all. Therefore, instead of focusing on who was the first to use a particular technology, we should celebrate the creativity and collective effort that drives innovation in our field.

You are constantly trying to take the matter to another side. Here no one is talking about gmp, people are not talking about codes using gmp library. You copied exactly the codes yourself, no one said why you used gmp or other encryption functions.
Also as you said, you are using laizerox/php-wowemu-auth and you could have written it with BigInteger as well.
Again, no one talks about why gmp or other functions are used.

@shocker978
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, who started using GMP first? This question serves as a reminder of the constant flow of ideas and technologies in the world of software development. When examining the provided commits and code snippets, it's clear that the implementation of certain technologies like GMP and SRP6 doesn't happen in isolation, but rather builds upon the previous work and research of others.

The "Initial Commit" released 2 years ago in Extra_Helper reveals that BlizzCMS was already using a code snippet related to SRP6 at that time. This fact demonstrates that BlizzCMS was working on integrating SRP6 before other systems, such as FusionCMS. Furthermore, the shared use of the laizerox/php-wowemu-auth library between both CMS suggests an indirect collaboration in the realm of security implementation.

Below is the code snippet demonstrating the usage of GMP in the authentication process:

// Constants
$g = gmp_init(7);
$N = gmp_init('894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7', 16);
// Calculate first hash
$h1 = sha1(strtoupper($username . ':' . $password), true);
// Calculate second hash
$h2 = sha1($salt . $h1, true);
// Convert to integer (little-endian)
$h2 = gmp_import($h2, 1, GMP_LSW_FIRST);
// g^h2 mod N
$verifier = gmp_powm($g, $h2, $N);
// Convert back to a byte array (little-endian)
$verifier = gmp_export($verifier, 1, GMP_LSW_FIRST);
// Pad to 32 bytes, remember that zeros go on the end in little-endian!
$verifier = str_pad($verifier, 32, chr(0), STR_PAD_RIGHT);
return $verifier;

While we cannot definitively determine who started using GMP first, it's evident that its adoption by multiple projects, such as BlizzCMS and FusionCMS, is indicative of its effectiveness and relevance in the field of software development.

Ultimately, beyond attributing credits and recognition, it's essential to acknowledge the value of collaboration and knowledge sharing in the software development community. By leveraging existing technologies and building upon the work of others, we can advance towards more robust and secure solutions for all. Therefore, instead of focusing on who was the first to use a particular technology, we should celebrate the creativity and collective effort that drives innovation in our field.

As I have said many times, no one is talking about using GMP or functions you write. You have copied the codes exactly.

@sayghteight
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You bring up an important point about distinguishing between true innovation and mere replication, particularly within specific code fragments. While it's crucial to encourage contributions and originality through PRs and novel implementations, it's equally important to acknowledge the reality of code convergence in the development process.

Consider situations where developers strive to keep their codebases up-to-date by incorporating established practices or techniques. In doing so, they may unintentionally create code snippets that bear similarities to existing implementations. However, attributing these similarities solely to copying overlooks the natural evolution and convergence of ideas within the software development landscape.

I've personally encountered instances where snippets of my code have been utilized in other projects. Rather than demanding credit for these similarities, I recognize them as part of the collaborative nature of software development. After all, fostering an environment of mutual support and knowledge sharing benefits the entire community.

Therefore, instead of scrutinizing individual code fragments for resemblances and demanding recognition, let's focus on promoting a culture of collaboration and open exchange of ideas. By embracing collective progress and mutual respect, we can cultivate a stronger and more inclusive developer community.

@Under-Wow
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You bring up an important point about distinguishing between true innovation and mere replication, particularly within specific code fragments. While it's crucial to encourage contributions and originality through PRs and novel implementations, it's equally important to acknowledge the reality of code convergence in the development process.

Consider situations where developers strive to keep their codebases up-to-date by incorporating established practices or techniques. In doing so, they may unintentionally create code snippets that bear similarities to existing implementations. However, attributing these similarities solely to copying overlooks the natural evolution and convergence of ideas within the software development landscape.

I've personally encountered instances where snippets of my code have been utilized in other projects. Rather than demanding credit for these similarities, I recognize them as part of the collaborative nature of software development. After all, fostering an environment of mutual support and knowledge sharing benefits the entire community.

Therefore, instead of scrutinizing individual code fragments for resemblances and demanding recognition, let's focus on promoting a culture of collaboration and open exchange of ideas. By embracing collective progress and mutual respect, we can cultivate a stronger and more inclusive developer community.

So your speech is just a slogan:

If you have any further concerns or suggestions for improvement, please feel free to share them. We are committed to fostering transparency and integrity in our development process.

unwantedly? It's not a simple line of code that inadvertently becomes similar.

After all, fostering an environment of mutual support and knowledge sharing benefits the entire community.

Yes, but you should not ignore the efforts of others and put them in your name.

Therefore, instead of scrutinizing individual code fragments for resemblances and demanding recognition, let's focus on promoting a culture of collaboration and open exchange of ideas. By embracing collective progress and mutual respect, we can cultivate a stronger and more inclusive developer community.

You are constantly chanting things that you don't act on. You talk about mutual respect if you have not respected him.

@shocker978
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You bring up an important point about distinguishing between true innovation and mere replication, particularly within specific code fragments. While it's crucial to encourage contributions and originality through PRs and novel implementations, it's equally important to acknowledge the reality of code convergence in the development process.

Consider situations where developers strive to keep their codebases up-to-date by incorporating established practices or techniques. In doing so, they may unintentionally create code snippets that bear similarities to existing implementations. However, attributing these similarities solely to copying overlooks the natural evolution and convergence of ideas within the software development landscape.

I've personally encountered instances where snippets of my code have been utilized in other projects. Rather than demanding credit for these similarities, I recognize them as part of the collaborative nature of software development. After all, fostering an environment of mutual support and knowledge sharing benefits the entire community.

Therefore, instead of scrutinizing individual code fragments for resemblances and demanding recognition, let's focus on promoting a culture of collaboration and open exchange of ideas. By embracing collective progress and mutual respect, we can cultivate a stronger and more inclusive developer community.

But there is no similarity here, it is copy pasting itself.

@sayghteight
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I want to be clear and concise, although I consider this to be a waste of time, as humans tend to judge without knowing the history behind everything.

It's evident that the debate here revolves around the similarities in the codes. I understand it might seem wrong, given that FusionCMS implemented that "update" to the source code before us. I know some might interpret it as a simple copy-paste, although most of the functions use standard PHP code.

I understand some vehemently defend their preferred CMS, probably because they use it and identify with it. I understand there may be criticisms towards BlizzCMS, and I'm willing to listen to all complaints and protests.

I'm an ordinary person who decided to create this CMS with two collaborators. Unfortunately, one of them tried to scam users by not fulfilling their responsibilities. At that moment, I decided to confront the situation, talk to each affected user, and offer refunds from my own pocket, despite not having significant financial resources. I don't tolerate copying, theft, or betrayal of trust, behaviors the previous founder displayed, leading to their departure from the project.

The second collaborator, in charge of CMS version 2, currently can't contribute due to technical issues with their equipment. Therefore, I'm the one, to the best of my abilities, collaborating on various tasks, even though my personal life and work at a PHP programming company keep me busy.

With all this in mind, please allow people to live in peace. I'm being morally affected by this situation. I want to emphasize that I haven't copied anything from FusionCMS. The work has been done according to our usual practices, and the only reference to FusionCMS was in four lines of code inspired by their approach, rather than directly copying and pasting.

For example, FusionCMS directly returns the salt from this same function, which BlizzCMS doesn't. Additionally, FusionCMS has everything focused on a library called Crypto, while in BlizzCMS, we have it in extra_helper.php, and the client_pwd_hash function to which we pass the salt generated elsewhere. No, it's not the same as FusionCMS, and FusionCMS's is probably better.

I haven't studied ENGINEERING; I'm just an ordinary person working as a programmer, trying to learn. My knowledge of encryption is limited, so I search for information to tackle these challenges and then try to understand how it works to learn.

Honestly, you're not going to listen, you're going to keep throwing mud, and what you're doing is making me just post a message in the collaborators' group saying I'm overwhelmed, tired, and demotivated by all this. I know it's not a valid resource, I don't want to evoke pity, but that's what you've achieved with your ways.

I have a private message open for 2 or 3 days with Nightprince, and I already told him to tell me anything. I haven't insulted him, I've treated him with respect, I've shown him why the code was so similar, and all you say is to give credits for 4 lines that are the same. For God's sake, everyone here uses TC or AzerothCore. Do you respect credits on your servers? Do you tell your users that most of the updates they're benefiting from are from contributors? Do you put them on your websites in the changelog giving credits to those people? Probably not; the hypocrisy is beautiful, isn't it?

Sure, it's nice to come to a commit and start discrediting or complaining about a triviality like giving credits for 4 lines of matching code when most of it uses PHP.net functions.

Additionally, I haven't had any issues with giving credits when I've done something, and here's proof of that:

Proffs Credits

Please sign in to comment.