Discuss Scratch
- MCAnimator3D
- Scratcher
500+ posts
sCoin - A Cross-project Currency
sCoin fixed now after Scratch's v1 API was removed for newly projects.
Last edited by MCAnimator3D (Dec. 30, 2017 20:11:14)
scratch
- SonicMasterSystem
- Scratcher
1000+ posts
sCoin - A Cross-project Currency
Could you make it possible to award users with SCoin?
(Example, they earn an in-game achievement for completing the game, and they then are awarded sCoins.
(Example, they earn an in-game achievement for completing the game, and they then are awarded sCoins.
- MathWizz
- Scratcher
100+ posts
sCoin - A Cross-project Currency
The user verification does not prevent users from signing up as other users as there is no way to prove that the user signing up on your form is the same user that clicked the verify button on the verify project. If I felt so inclined, I could set up a project that listens to the cloud variable and then snipes the sign up page before the actual user goes back and clickes on the register button. To fix this, give the user a random ID they need to paste into the verify project and only let them sign up if the ID in the register form matches the one sent via the cloud.
And sorry to @Ceo_, whose account I stole to see if it was possible. You might want to delete that account and let him/her sign up again after you fix this bug.
And sorry to @Ceo_, whose account I stole to see if it was possible. You might want to delete that account and let him/her sign up again after you fix this bug.
Last edited by MathWizz (Dec. 31, 2017 01:57:18)
running Chromium 42.0.2311.90 with Flash Player 15.0.0.189 on Arch Linux 3.19.5-1-ck
MathWizz — JsScratch && sb.js & Amber (coming soon! maybe)
- MCAnimator3D
- Scratcher
500+ posts
sCoin - A Cross-project Currency
I think (hope) I might've fixed the issue now. I shouldn't be surprised the one who made the API I'm using found security issues in my thing . Thank you very much! The user verification does not prevent users from signing up as other users as there is no way to prove that the user signing up on your form is the same user that clicked the verify button on the verify project. If I felt so inclined, I could set up a project that listens to the cloud variable and then snipes the sign up page before the actual user goes back and clickes on the register button. To fix this, give the user a random ID they need to paste into the verify project and only let them sign up if the ID in the register form matches the one sent via the cloud.
And sorry to @Ceo_, whose account I stole to see if it was possible. You might want to delete that account and let him/her sign up again after you fix this bug.
scratch
- WooHooBoy
- Scratcher
1000+ posts
sCoin - A Cross-project Currency
but is it b l o c k c h a i n????
considered harmful
- MCAnimator3D
- Scratcher
500+ posts
sCoin - A Cross-project Currency
I just gave all users 90 sCoins to make it seem less of a commitment when spending them and now new users start out with 100.
scratch
- Nicsena
- Scratcher
100+ posts
sCoin - A Cross-project Currency
hey, did you delete my account on sCoin?