How Module Developers increase the bottom line for WHMCS - improving the process.

[durangod]

Hey Everyone,

 

I just thought it might be a good idea to address this topic. Over time sometimes we get so involved in the race to get things done and increase profits we forget what might be right in front of us which is Addon Modules.

 

Benefit to WHMCS - not that they forgot or anything or that they have taken focus off of this. Afterall they came up with the process in the first place. However WHMCS is not the only institution out there (open source or not) that has user contributed addons, plugins, mods however you refer to them which are offered by users of the product.

 

They all face similar issues with subjects like - approval, quality control, variety, quantity, usefullness, support both technical and basic customer support. We all know that WHMCS is held harmless and does not offer support for Addon Modules free or commercial. However if you have ever asked yourself "then why do they even have an Appstore?" well here is my take on it from a business point of view, its good business!

 

When i say that i mean its a great business concept with many benefits. Any program or SOP (standard operating procedure) out there is only as good as the people involved or not involved. Its good business because it helps the bottom line. Trust me if WHMCS was losing money or felt as such on the Appstore they would close it down in a second, any business minded person would. So how do they make money by doing so, especially under the current setup? Many ways.

 

First they make money through traffic to the Appstore. Any time you have another opportunity to create a page with your name on it that will draw traffic, some of that traffic eventually will end up with a license, and if not for the Appstore, there is a possiblity of that sale going to the competitor. The other way is by offering Appstore content that is popular, usefull, and has a better reputation. I will cover the reputation part later.

 

Another way they make money is from Developers who purchase a license not because their business is hosting but because thier business is modules.

 

And yet another way is im sure (not possitive but makes sense) that WHMCS has setup some kind of Google Adsense set up to get some revenue in that way.

 

The point is that it is profitable for them. Ontop of that are the developers which typically add professionalism and quality to the mix. The reason i say typically is because that is the norm, however every site out there that has this structure fights the same battles, and that is damage control for those Developers who fall short of professional ways. Some sites are better than others, some have a Developer point process or rating which helps the consumer choose more wisely and some have nothing at all. The problem with most rating structures although the intent is in the right direction, you have those with selfish interests which try to" poison the stew" for others instead of improving their ways.

 

Some sites out there do nothing at all even when the Developers are quite obviously lacking in any real customer support at all. I personally have had a Devloper of a $25 plugin from a social site when i asked them to fix something tell me quote "you dont like it, too bad, im busy and i dont have time". And when reported to the website support team, they did nothing at all. But luckily over time that Developer faded away and all his junk is no longer on the site. And sadly for many that is what usually happens, they fade away, and because their offerings are outdated they eventually get removed.

 

Being a new Developer here with WHMCS, so far from what i have seen and heard they do not practice the "turn your head and pretend its not an issue" management when it comes to Developers that do more harm than good. And thats a good thing, and it is one way to validate and increate the reputation of the Appstore process and of the company. Keeping good Developers developing keeps the whole process chugging along.

 

So how do we take what we have now and tweek it so it can work better for all, by all i mean WHMCS, the consumer and the Developer. Well i hope the smart minds over at WHMCS still sit down around the big table and at least do an annual review of the process and how it could be better.

 

Im sure that WHMCS feels that getting any more hands on involved regarding approval of and or inspection of Addon Modules opens a huge can of worms with regards to liability and other legal issues. Which im sure is why the process is what it is now. But we all know that in this business the status quo is never long term.

 

So how do we make everyone happy, improve quality, keep good developers, keep WHMCS out of the courtroom, increase the consumer confidence is what they are getting, and run a better user contributed program?

 

Some might say to just decode everything, that solves that problem, you know that is not going to happen. We have to protect our interest as well. We dont live in a world where everyone respects boundries or the gentlemen agreement per se. So that wont happen, and besides the rumor mill is full statements like "ionCube wont help you we can decode it anyway" and i have even heard that you can get just about any script you want in a decoded version if you google enough. So it is up to each of us to set our own boundries regarding good character. I dont care if i happen to be among the very few that dont have decoded versions of whatever, for me personally i decided for me that was going too far. Some do so for referrence purposes only, i can see that and i can understand that point of view, but again i decided for me as one of my life rules that i would not do that.

 

So with that said we are back at managing the status quo. My suggestion here is to meet somewhere in the middle. Present a copy of what you have done to WHMCS on a volunteer basis. Let them look at it, it does not have to be sanctioned by or supported by WHMCS. But just the knowledge by consumers that WHMCS is looking at what you have installs more confidence.

 

So lets say that WHMCS decides ok we can take a look. What do you look for? My suggestion is you dont have to go so deep as to verify that the script works, that will solve itself in the consumer arena. What you look for WHMCS staff is you look at the very basics which makes the process faster and you wont get bogged down with scripts. This is not about coding style or you could do it better or anything like that. It is a simple scan of the files.

 

Such as...

 

1. do they use $_POST rather than $_GET.

2. if they use $_GET, is it with data that should be under $_POST, or is it $_GET using just a integer value

3. check the sanitize cycle, do they stripslashes before displaying on page, do they use htmlspecialchars, do they escape string before writing to the DB.

4. do they validate both with js and with php.

5. do they use integer values where ever possible.

6. do they initialize vars properly

7. are there any outbound data streams that dont make sense, if so this could be a leak.

8. is there any data that is stored in the db that is way off topic for the module.

9. do they use short tags

<?  or <?= 

which are not always accepted.

10. Do they use self close on inputs /> (not required in html5 but required in earlier versions)

 

Just that right there would make a huge positive impression on the confidense and reputation for any user contributed program. And that right there is so easy to do. No Module is so huge that it is going to take days to go through them, most are not very big at all.

 

And more confidense means more traffic, more sales for developers, more sales for WHMCS, developers stick around longer because of the revenue source, consumers are happier and tell their friends, its positive all the way around.

 

So this way WHMCS stays out of the court room because they are still not supporting anyting new, they are not saying it works or not, they are only saying that when they checked those particular items, it passed the exam. And that does not open WHMCS up to any liability at all. Now does this mean that WHMCS will have to provide staff for this. Maybe not!

 

What about developing a review board from the good developers out there, those who have established themselves as having good character and being professional. To run over these and have it so that if majority rules then the board leader passes the "pass" onto WHMCS, if not then we put what we feel needs to be improved when it comes to those items.

 

I WANT TO BE CLEAR HERE lol.... this is not about rejection because of coding style or hey i could have done that in 4 lines of code instead of 10. If someone decides to use the escape statement on every single var that should be escaped individually, instead of puting it in a function, i dont care, as long as its escaped. Over kill is not wrong coding, just more work lol...

 

The board can make recommendations such as: to make your life easier WHMCS does have a function for this already so you might try using that as its already sanitized. Again we are not validating if the script works, because if we do that then we have to back that up with support. We are simply saying that when we looked at items 1 thru 10 above, it passed or did not pass. And that we can do without being held liable.

 

To do this we would have to comprise the board of developers that are selfless professionals and that are fair, knowledgeable, and professional, without any political, personal, or any bias.

 

I think this is a great idea and could take this whole thing to the next level, we could stand out front and set the pace for others.

 

How about this also, have a private forum just for Develpers to discuss concepts and issues in an open way that is probably not best to share with the public, meaning we want to feel free to discuss items such as Module security and coding insights that could leave some things more vulnerable so it would have to be some kind of private forum, sanctioned by or not by WHMCS.. One of us could start one ourselves and make it private, just an idea.

 

Heck ill even provide free hosting for it, whatever we come up with... Lets face it, with the pace and habitual change in this business, some kind of review is inevitable if we are to grow and keep pace with others. Do we want someone else to set the pace... i dont think so..

 

Just my thoughts...

Edited August 30, 2014 by durangod

[durangod]

LOL either everyone is happy with the status quo or they dont want to read all that... lmao

[durangod]

Yes it can be a vicious circle. Some not so nice people sometimes introduce doubt to the process and so people dont trust people, that leads to low sales, which in turn causes dev's to look elsewhere to make money and abandon their projects, which in turn causes more distrust. And round and round we go.

 

All of you out there have my word on this, unless i die or you kill me:evil: lmao im not going to abandoned my projects. If i decide to leave a project behind and move on to better things, i will make sure that i post a non encrypted version so that noone gets messed up on this deal. Thats how it should be.

 

 

As the man (JW) in my profile picture once talked about (i wish he was still here, we could sure use him right now to kick this country back in the right direction) he was talking about what you own and dont own when it comes right down to it. I cant quote him but it went something like this. (only in quotes because of attention to need)

 

Your pride in what you do, your dignity in doing so is all that is truely yours in this world. If you dont have those in your heart then your no better than the vermin in the back alleys of the world that do to others before they get done to themselves. I dont know about others but i know "i dont want to live that way" .

 

And thats the truth of it folks, i certainly dont want to live that way and i can promise you "there is nothing in any of my scripts that is malicious or out of malis or any of the sort" it is pure code ONLY for the purpose for which it is intended. And you can take that to the bank..

Edited September 28, 2014 by durangod