Scratch

We're are going to try to end up with a api2.scratchr.org domain, or something similar.

So thanks,  , but no thanks.

Nice entrepreneurel jump-in there, SteveTheIpad, but this'll be either going on blocks.scratchr.org or hopefully api.scratchr.org 

BTW, SteveTheIpad is a long name. Is it okay for me to shorten it to Steve or STI? Actually... maybe not STI... 

sparks wrote:

Nice entrepreneurel jump-in there, SteveTheIpad, but this'll be either going on blocks.scratchr.org or hopefully api.scratchr.org 

BTW, SteveTheIpad is a long name. Is it okay for me to shorten it to Steve or STI? Actually... maybe not STI... 

Yeah, my company needs to get "out there", but I can understand using the scratchr domain. 

Long but easy to remember. And I always flinch when you capitalize three letters in my name, so just call me Steve. 

Are you guys in need of any help with anything specific? It sounds like a cool project to help with.

Edit: 7000th post in the collaborations forum. 

Last edited by stevetheipad (2012-06-30 14:35:18)

LS97 wrote:

Back and you guys haven't worked on it for 3 days 
I should be back to my home commodities Saturday afternoon and will make a start on the GUI. I feel like I'm pushing, but it would really be a good idea to start the user system, fg...

Yes! Of course, sorry, my bad.

I've been preparing for my theory exam and have been really busy. I'll chunk out some time to work on it. 

So they have a choice of making an account on our servers or logging in with the scratch one? Okay.

Last edited by fg123 (2012-07-03 12:31:23)

fg123 wrote:

LS97 wrote:

Back and you guys haven't worked on it for 3 days 
I should be back to my home commodities Saturday afternoon and will make a start on the GUI. I feel like I'm pushing, but it would really be a good idea to start the user system, fg...

Yes! Of course, sorry, my bad.

I've been preparing for my theory exam and have been really busy. I'll chunk out some time to work on it. 

So they have a choice of making an account on our servers or logging in with the scratch one? Okay.

Oh, sorry, by all means exams should come first!

Here's how the system should optimally work, in my opinion:
On registration, the user will have the choice of their alias to use on the API site to create and store images. They can choose any name they like, but if the name they choose also exists on Scratch, the password must match that of the Scratch servers.

After registration they may change their password, and passwords must be hashed and only stored in one place.

fg123 wrote:

LS97 wrote:

fg123 wrote:

Yes! Of course, sorry, my bad.

I've been preparing for my theory exam and have been really busy. I'll chunk out some time to work on it. 

So they have a choice of making an account on our servers or logging in with the scratch one? Okay.

Oh, sorry, by all means exams should come first!

Here's how the system should optimally work, in my opinion:
On registration, the user will have the choice of their alias to use on the API site to create and store images. They can choose any name they like, but if the name they choose also exists on Scratch, the password must match that of the Scratch servers.

After registration they may change their password, and passwords must be hashed and only stored in one place.

I trust MD5 is secure enough?

Perhaps SHA-1?

MD5 with secret passphrase is more than enough 
I already explained this upthread I think, but in a nutshell
md5($password . 'secretcodethatonlyweknow')

Do you have code to retrieve the user profile icon of the scratch user?

Hi guys, so sorry I've done nothing lately, I can't believe how busy work has been lately. Good to see other people are doing updates though!

What's with all the syntax errors on the create page?

EDIT: ah, I see you've prepared for database connection to the site we move to. 

I'm loving error message2 in login.php: "You must login to place an order!" Was that code recycled by chance? 

EDIT2: I managed to fix the SQL error that db.php was causing by simply adding a "www." to the start of the host name.

Whoever managed to get the textboxes to look better, I love you forever! They were giving me a lot of grief. 

Last edited by sparks (2012-07-05 05:07:49)

What if someone doesn't want to share their password with us?
You can give all the encryption and privacy policies you like, but some people could still distrust giving out the same password to another site.

I think and repeat that this is the best option:

The user MUST actually sign up on our site and create a user to be able to make stuff. There's only one form, no choice between "scratch account" or "api account" yet.

Once the user has submitted the signup form the PHP automatically does some checks:
- if the username exists on the site, it rejects the signup
- it then checks the password: if the username given is also a scratch one, the password must match the records. if it doesn't, rejected.
- at the same time we save the user ID on scratch if appropriate, for the user image.

That is true, fg, but there is nothing we can do about it if we also want to preserve the policy that users are not obliged to share their password with us!

The site has a new syntax error... Mistake in db.php...

You see, in the code above, instead of directly checking in an IF statement whether the string equals "false", we can store the file_get_c in a variable. Then we parse it and store what we need in the user's database entry, or if we find it says false then we reject the user.

As for the details that are included, here is a sample.
279261:LS97:unblocked

We're really only interested in the first string of numbers preceding the colon as it is the user ID required for the user image.

For the details to store, here's what I can think of:
- username
- hashed password
- IP (maybe even of each login/day/week...)
- date registered on our site
- ID on scratch (if not applicable, use 0 or some other recognisable number)
- privileges (we don't want to hard code moderation abilities to usernames as the admins may change over time/site)

I think that info could fit well in a table of its own. Then we should have, IMO, two other tables.

The first with a list of images and their basic properties:
- name of image given by user
- unique image ID
- chosen URL if we allow this
- creator's username
- size
- other properties that pertain to the canvas

The second with a list of elements that fit into the images
- unique ID of image they're in
- various properties

fg123 wrote:

Sounds good, I'll setup the DB. So no email/gender/location or any of that. I was thinking it's actually possible to retrieve the location from the user page.

You raise a good point about maybe an optional email field.
But I don't think gender location is too necessary for our purpose, right?