|
Users | Browse | Upload | Forums | Log in |
Welcome to the Mod Share forums.
You are not logged in.
Pages: 1
As many of you know, Scratch 2.0 will be released on May 9, 2013. However, after that we will be on Mod Share 4, so we will still have twice as big a version number. 
Anyway, the only change that needs to be made is the user verification system. Currently, our system verifies against a simple API where we just throw a user and password at it, and it will tell us whether it is valid. However, due to security concerns of people having to provide their Scratch password, this will not be available on Scratch 2.0.
The current proposed alternative by the Scratch Team is to use OAuth. However, I do not think that will be available right after 2.0 is released, so we would have to wait a fair amount of time before anyone could register on this site. OAuth is also a rather complicated system, and we do not currently have the time to learn about it and implement it.
Because of the problems listed above, we discussed anything else we could try, and eventually came up with a reasonable solution: comment verification. The registration process will be a bit different and will look like this:
1. User enters username
2. User is given a code and a link to a certain Scratch project (there will be a project dedicated to user verification)
3. User comments the code on the project
4. System checks if the comment was made, and if it was continues, and if not returns to step 2
5. User is shown the page where they enter their password and other information
This system is much easier to implement and still accomplishes the goal of not giving out Scratch passwords.
This system will be in effect starting May 9. However, the code has not been tested yet, so registrations have been disabled until then so we can implement and test the new verification system. If we finish testing the code before then, we will re-enable registration, but it will only be available to users on the Scratch 2.0 beta, because it uses 2.0-specific APIs.
If the system proves effective, we may consider providing an API for users to implement this on their own sites.
Thanks for reading! We're excited for Scratch 2.0!
Programmer • Runner • Mod Share Admin
Offline
Hmm, sounds good.
Please help! Free ads on my next project on Scratch for helpers! Love-its on your 5 most recent projects (also with ads) for people who fix the entire problem!
ALL THESE WORLDS ARE YOURS - EXCEPT EUROPA - ATTEMPT NO LANDING THERE / I've quit MS. Why? ":P". Feel free to land on Europa now, and you might contact me at intf.tk or intforums.com, but remember the 49 minute time lag between Europa and Earth.
SHA-256 confirmation
Offline
After a bit of work, registrations are working again! We will publish this code (along with all of our other recent changes) to Assembla once we have confirmed that it works.
The forgot password page is still disabled, and that will take a little longer to port to 2.0.
Programmer • Runner • Mod Share Admin
Offline
There is one problem with this - It doesn't allow users banned on scratch to join MS, such as when you let me join. Of course, I don't see a way around it with this method, so just pointing it out.
Please help! Free ads on my next project on Scratch for helpers! Love-its on your 5 most recent projects (also with ads) for people who fix the entire problem!
ALL THESE WORLDS ARE YOURS - EXCEPT EUROPA - ATTEMPT NO LANDING THERE / I've quit MS. Why? ":P". Feel free to land on Europa now, and you might contact me at intf.tk or intforums.com, but remember the 49 minute time lag between Europa and Earth.
SHA-256 confirmation
Offline
There is one problem with this - It doesn't allow users banned on scratch to join MS, such as when you let me join. Of course, I don't see a way around it with this method, so just pointing it out.
I talked about this system with the Scratch team about using this instead of OAuth, and one of the things they said is this:
O-auth would allow us to withdraw permission to authenticate against us, and also send more associated data about the user profile (like icon, etc.). That could have some advantages. For example, if people get blocked, we don't want to continue to support them by allowing them authenticate against us.
Basically, on Scratch 2.0, there will be no way to let banned Scratch users on sites that verify against Scratch. Even if we used OAuth, they wouldn't be able to register, as explained in the message above. The Scratch Team prefers it to be this way, and we want this site to meet the Scratch standards, and in some cases we even want to define the standards. The point they are making is that if a user is banned on Scratch they can't continue their mischief on another site.
Programmer • Runner • Mod Share Admin
Offline
jvvg i need the api
MY MOD!!!!!
Offline
jvvg i need the api
Currently, we have not created an API. After Scratch 2.0 comes out, we will consider making a public API for other sites to use.
Also, I am thinking about the following policies for the API (though it hasn't been discussed yet):
-By default, a server IP address can only make 2 queries per hour
-Any more than that will require our approval
-To approve your site, we would basically just make sure that it's appropriate for all ages and has rules similar to our Terms of Use
-Excessive queries from an approved host (over 60 per hour, possibly?) would result in the server IP being banned from our API until further review, so putting registration spamming prevention is your own responsibility
Programmer • Runner • Mod Share Admin
Offline
just wondering, what is the problem with a username/ password system not connected to scratch? then someone wouldn't need a scratch account to use modshare
the following statement is void where prohibited
this statement is prohibited
Offline
Okay Then........
But It's Over Ten Weeks Since The Release Of Scratch 2.0.........
Do You Know What I Did To Register?
Changed My Password, Signed Up, Changed It Back.
In An Effort To Not Look Like A Spambot, I Have Created This Signature
Offline
Okay Then........
But It's Over Ten Weeks Since The Release Of Scratch 2.0.........
Do You Know What I Did To Register?
Changed My Password, Signed Up, Changed It Back.
Wait.....How Am I New?
In An Effort To Not Look Like A Spambot, I Have Created This Signature
Offline
Mrsrec wrote:Okay Then........
But It's Over Ten Weeks Since The Release Of Scratch 2.0.........
Do You Know What I Did To Register?
Changed My Password, Signed Up, Changed It Back.Wait.....How Am I New?
it depends on how many posts on the forums & how long you have been on mod share (and maybe projects?).
the above post has been found that the following
o There might be a typo
o I am awesome
o You are awesome
Offline
Mrsrec wrote:Mrsrec wrote:Okay Then........
But It's Over Ten Weeks Since The Release Of Scratch 2.0.........
Do You Know What I Did To Register?
Changed My Password, Signed Up, Changed It Back.Wait.....How Am I New?
it depends on how many posts on the forums & how long you have been on mod share (and maybe projects?).
I can't confirm that because, well... I forgot, but it sounds about right.
LS97 - Mod Share Admin
Offline
I'm A Regular Member Now, So It's Good.
In An Effort To Not Look Like A Spambot, I Have Created This Signature
Offline
Pages: 1
Mod Share