We’ve been talking a lot about the new payment system lately, specifically the availability of tiers on Eir and Thor, but what’s actually happening is far more than just a simple update to Premium Tiers. For those that are unaware, the main Rebirth.RO site is powered by a “control panel” (written by me) called Triton, specifically Triton 4. We have been using Triton since about 2007.
Triton: A History
This part is a (somewhat) brief history of Triton. If you don’t really care about the history of Triton, you can skip to the next bolded section.
Triton started as an unnamed control panel written for and used exclusively by AncykerRO back in 2005. Features of it were written as needed, and slowly it began to encompass many different aspects of managing game data. Eventually, a public CP emerged called ROCP. As ROCP was poorly written and had many exploits, I decided to rewrite my own CP for public use. That became what would eventually be called Triton. Triton had a later release than ROCP and didn’t start picking up steam until a few months later. That’s when the now-popular FluxCP was released. FluxCP took advantage of some new-to-PHP techniques to create a better control panel. To compete, I created Triton 2 which was a complete rewrite and shared almost no code with the original Triton. After seeing the success of RebirthRO, I made Triton 2 into what was effectively a paid product, and as such it only saw larger servers adopting it. It was significantly easier to expand and customize than FluxCP was or even is now. The decline in the number of large servers and my eventual absence from RO faded the use to just a single server, RebirthRO.
When I returned to RO, I started work on Triton 3. Triton 3 was based on Triton 2 but added some new features that the previous version was lacking. Later came Triton 4, which added even more features, but still was based on the previous version. Triton 3 and 4 never saw a public release. Triton 3 did have a beta, but as only 1 person participated I decided not to release it.
With now-popular tools like composer and frameworks like Laravel, Triton could be a lot better. But to make it so would require a rewrite. Enter Triton Aesir, a complete ground-up rewrite of Triton. It shares absolutely no code with any previous version. Since basing some code on a previous version saves time, Triton Aesir is going to take significantly longer to finish than previous versions of Triton.
Triton Aesir aims to solve some core problems of not just Triton but also of FluxCP. It is written using the Laravel framework. Parts of the front end will be written in Angular. Most of it will be using Bootstrap 4, except for the staff side. Triton Aesir is split into applications, these applications will live in various places and for the most part, you won’t really notice that. The reason for the split is to try and get some security. Each application will be using its own username and password to access the database, and as such we can isolate the parts to only be able to change the part they are supposed to be changing, i.e. the character manager won’t be able to edit or view your payment info. That’s important for PCI compliance as well as general data security.
Triton Aesir doesn’t just stop at solving CP issues, no, it goes further. It will also add the ability for players to enable 2-factor authentication which will also be enforced in-game. Not only that, but it will use bcrypt to hash passwords. Currently, all servers use the insecure MD5 implementation. While I’ve decided to keep most of Triton Aesir private for now, both of these security features will be made publicly available as Hercules plugins. My hope is that they will eventually make it into Hercules core, but who knows. Many of our players play other servers and I strongly believe in data security, as such I feel it’s my duty to share these with the public. We’ve already got the 2-factor side working, we will be testing the bcrypt system soon. We intend to make it backward compatible with the current MD5 system to avoid any interruptions. Note that while we will be allowing you to continue your use of old passwords, for now, I strongly recommend that once we implement bcrypt (there will be another post when that happens) that you change your password for security.
Conclusion / tl;dr
Anyway, that all basically sums up to this: It’s taking so long because it’s not just about payments. It’s the entire site, starting with payments. Since it’s all new it’s taking longer to write than if we based it off our current code base.