The v2 Code Crash (and how it’s being rectified)
Chatspot v1 was quite a ‘quick-fix’ solution built on top of Smartor’s “Chatbox” phpBB modification, which, in itself, is not the best code the world had ever seen. Things would’ve stopped there unless it had experienced roaring success at Dreamviews, which, ultimately, spurred me to take it on as a sort of pet project to see how it could be modified to build upon that success. Unfortunately the focus was more on features than it was stability, and this led to unimaginable problems. v2, as it stands today, is a big mess of several features who all have different ways on how to do things. Various people have contributed their patches and fixes here and there, and it is possible to find seams in coding standards by pretty much just taking a glance at the codebase.
So I was faced with a small dillema. Some people are quite happy with what “just works”, and v2 does this, barely, but it was clear to me and Techboy that there would be absolutely no way to develop the v2 branch any further without creating a huge security hole that happened to have a few chat features bolted onto it. So it was decided a better idea to halt any further development - having to drop some features I would’ve liked to of seen myself - and begin work on a v3 that allowed ‘home grown’ features that other people had added to be dropped into Chatspot easily while fixing the codebase-rot that was beginning to show strains in ways of v2’s performance and security.
v3, then, employs a new modular-feature architecture that allows different modules for different features to be added. We, the authors, employ it, but it is made primarialy for other people to be able to add their features in without disturbing the code. This allows us to update any security holes across any installations that have competent Administrators who are able to use the updater (and it is simple enough, sometimes able to do things itself), while keeping any new features people have added working. v2 is not like that - if there’s a security hole near your hack, you need to start splicing code to solve it. This can be a complicated or at least gruelling task, and v3 completely eliminates this.
How the module system works is something I’ll be looking at in next posts (Saturday). We use modules for core functionality (build frames, post, poll and so forth) and have coupled it with our Javascript framework so modules can easily display their own output or add their own functions without having to modify any of the base code. It’s still under construction, though, and a lot of thought is paid to making sure that it is simple enough to use - I’m anticpating some annoyance when people see this is not such a feature-filled release, but that’ll soon be quelled 
- while being powerful enough to reduce the temptation of hacking the code.