From: TorrentTrader Forums -> Premium Account Upgrade
TorrentTrader offers quality code which undergoes intense beta testing before being released publicly as an official and final build. We deliver our scripts free to everyone at NO cost, even though fees of running this site are high, and that a lot of time is taken to produce these absolutely free-to-use code, which is available to everyone.
However, there is limited support for these scripts by the actual developers of the project. By popular demand, we have introduced a Premium Support section!
Our Premium Support section is where you can get support for all your TorrentTrader problems directly from the TorrentTrader development team - the people who know the code the best because they wrote it!
We don't look at Premium Support as a "service" because the support we give for your problems, it's a thank-you for the financial support you give to the Project.
Bonuses of being a Premium Member Include:
• Priority support from the TorrentTrader Dev Team for all your related problems
• Ability to remove the TorrentTrader Copyright notice from your site
• Premium only access to beta source codes - get the goods long before the rest of the world.
Being a Premium Member is the fastest and easiest way to keep your TorrentTrader Tracker unique!
Costs:
$15 USD gets you unlimited (infinate - not limited by time) Premium Access
What quality code? Oh! By popular demand they will give you the quality code for only $15 USD! Any halfway decent Developer/SysAdmin should be able to code the "premium mods" they sell in a few minutes. However, they do have one true thing on this: no one knows anything about the source code except the ones who wrote it because it was so poorly written. (Don't believe me? Look through the code in their SVN.) Maybe they wrote the code so poorly so they could get people to buy premium accounts. Maybe buying a premium account will make your TorrentTrader Tracker unique by giving people access to the "quality code" that gets rid of all the XSS (Cross-Site Scripting), CSRF (Cross Site Request Forgery), and other various vulnerabilities that make running a SVN or Official Release of TorrentTrader a huge mistake. If this is true, then for a measly $15 USD you can secure your server in a way that running any other FOSS BitTorrent tracker would have done.
The code is so poor that not only does it have all these vulnerabilities, it's very hard to create themes for it and you have to hope you don't break any of its original functionality and error cases are not even handled most of the time! But that's okay! Most of the themes written for TorrentTrader (both first-party and third-party) take a page from their book and write their themes just as poorly. They really need to get a theme engine or somehow separate design and function.
All of this is especially true for TorrentTrader 1.x, which is still officially supported and under somewhat active development. By that I mean they do some bug fixes and once in awhile they'll ignore bug reports or forget to commit their bug fixes to the SVN after they fix their own copy leaving those who do not know how to fix the bugs with a completely useless and/or easily exploitable BitTorrent tracker. One example of this is that they never bothered to package the XSS vulnerability fixes into an official release yet. I even posted a bug fix that patches a CSRF vulnerability, but they never bothered to fix that even in their SVN. I guess this is what you get for not knowing any better and using register_globals so PHP will automatically initialize $id instead of having to manually initialize it by writing $id = $_GET['id']. Is it really all that hard to manually initialize all request variables? You fix a lot of security flaws by doing this. They have a lot of unnecessary code stemming from their use of register_globals and their form designs. Their form designs just do not make sense. In admin.php, they have many radio buttons that have values of ON1 or OFF1 and then they use register globals of course initialize the variables for them. Then they check if the value is ON1. If it is, then they initialize a new variable with the Boolean value "true". If it isn't ON1, then they initialize a new variable with the Boolean value "false". Why not just give the radio buttons values of "true" or "false" or whatever value it needs to be and just use $_POST['var']?
Their use of comments in the code is very sporadic at best. Many of the comments are useless and the parts that should be commented are not. This is fairly forgivable since many FOSS projects and even most other projects fall short on this front. Their style is also pretty bad. The indentation is not always correct and this makes debugging or plain reading the code quite difficult. (Though I cannot imagine why anyone would just want to read the source code of this particular project if they are not debugging it or adding a feature.) The overall design between source files is also very inconsistent and this often breaks the functionality of the software.
I have a lot more to say about TorrentTrader, but I'm just going to stop it there since I hate thinking about the horror that is the codebase of TorrentTrader. Needless to say, I don't want to even look at the codebase or write any new code for a long time.
