Scratch

sparks wrote:

Oh good grief. Hang on.

EDIT: you should be able to log in now.

Thank you, it works

I've created an `images` database table with the fields:

id, username, publicity, created

(image ID, username of creator, public or private and creation date)

I'm not going to do the elements table yet, since we still need to finalise all the columns that one will need.

I would personally love to use the verification link to join the two logins together. However, people feel safer not giving out their password outside the Scratch site. My guess is that most people will register with the same name anyway. If there are users misusing the system under an alias, myself, the other mods and the Scratch Team have IP based searching systems. (It might be worth storing user's IP's).

How about we offer the option to link the two accounts, saying they can log in with the same password or create a new account without the link? Is that worth it? In this case it would only check with the servers the first time. This might cause problems if they change their Scratch password though, so maybe using a cookie with a week expiry is the best option.

sparks wrote:

I would personally love to use the verification link to join the two logins together. However, people feel safer not giving out their password outside the Scratch site. My guess is that most people will register with the same name anyway. If there are users misusing the system under an alias, myself, the other mods and the Scratch Team have IP based searching systems. (It might be worth storing user's IP's).

How about we offer the option to link the two accounts, saying they can log in with the same password or create a new account without the link? Is that worth it? In this case it would only check with the servers the first time. This might cause problems if they change their Scratch password though, so maybe using a cookie with a week expiry is the best option.

So maybe Mod Share's first approach (before it was spammed by outsiders) is the best:
You are free to sign up under any alias, but if you use a username that is also used on Scratch you have to provide password just for verification on signup, and can choose a different password to actually be stored and hashed in our databases.

It goes without saying that IPs should be stored on signup, and maybe updated/appended on login.

Here is a preliminary map of the site's pages:

Home- contains description, links, and maybe a how-to

User pages:
  Login, signup, logout
  Manage images- links to edit, add, and remove images
  Manage account- maybe change password could be integrated into the image page

Image creation page:
  Make image- a wizard that opens before the main GUI to set stuff like canvas size (which can still be set later) as well as maybe being able to choose from a template
  The GUI- the one and only image creation page 
  A small help page and start guide / video?
  Image deploying and ready BBCode

There could be space for a template submission system and image sharing if we have time and resources later.

We also need an admin page to manage users, images, and possibly to manage whitelists for embedded image URLs (although they should pretty much remain stable). Don't forget automatic word filters for embedded text!

I'm free Monday and Tuesday 

Well I can make a start Monday morning, but I'm at work tomorrow too, so I won't be able to do much then! We'll see what I get up to by the time you're on 

Collected IP's would be used as a combatant against unruly users. If someone uses another alias on the API site we can do an IP cross-check with the Scratch site to see who they are. That is of course a security measure and shouldn't have to be used. It wouldn't be used for the actual authentication - that would exclude people with dynamic IP's.

Yes, all cookies are retrievable. However, the password needn't be stored in the cookie as having the cookie is validation enough.

sparks wrote:

Yes, all cookies are retrievable. However, the password needn't be stored in the cookie as having the cookie is validation enough.

Well, having a cookie with a username is not validation enough for the obvious reason that it can be changed way too easily, so I hope you don't mean that 

However a hashed cookie of username+password+secrethashphrase+maybeIPaddress is undiscoverable and inimitable, therefore ultra secure! 

Hey fg123! We weren't actually looking for any more developers for this project, but I've worked with you a little before and LS97 and I reckon it would be lovely to have you on board. Is there a particular area you would like to work in for this? Perhaps you'd like to work on the login and verification functionality of the site since you seem to know a lot about that or help with the actual renderer? (Have you ever generated images with PHP before?). There is certainly still a lot to be done for the site support such as user registering and just storing images with accounts and such! LS97 and I both have PHP experience though, as well as JS and such so you're not alone with that!

To anyone else reading this, three developers is enough - I don't want this to get too big, sorry!

For one, yes, I have a php generated rotating quote/text in my siggy right now!    It's being hosted on my site. 

I reckon we should go for a minimalist Web 2.0 theme, but still keeping functionality and ease of use...

By the way, I used to love 000webhost and still use it today, but I've switched to x90x.net as they provide more hosting features. 

And on another note, do you have skype?

Could you send me the details of what you've worked out so far? (like website details/ideas/mockups) I've read the 4 pages of the thread to get up onto speed, just need someone to confirm the ideas.

Last edited by fg123 (2012-06-24 13:56:38)

Okey. I've emailed you. Would you like me to setup a SVN project? We could all commit our changes onto the SVN, then update it onto FTP when ready.

I presume you have SVN and perhaps a WAMP setup?