Okay, this post is seriously outdated! I have changed my vision of the purpose of Scratch Tools a lot during development. The first version of Scratch Tools intended to be used by the public is hopefully coming out in less than a month! When it finally does, I will make a new topic with up-to-date information.

Scratch Tools v0.0.4 ALPHA
The very first release of Scratch Tools is finally available. Details here. You can find the development roadmap here.

Please give feedback about this! Thanks!

• Multiple user roles: users, moderators, admins ⦿
  
• Verifying user roles when accessing pages ⦿
  

• Registration (linking Scratch account) ⦿
  
• Logging in ⦿
  
• Changing account credentials ⦿
  
• Deleting account ⦿
  
• Creating project groups ⦿
  
• Setting permission (owner, member) in project groups ⦿
  
• Commenting and replying in project groups ⦿
  
• Inviting users to a project group ⦿
  
• Deleting project groups ⦿
  
• Viewing other users and comments ⦿
  
• Reporting users and comments ⦿
  
• Composing feedback ⦿
  
• Adding users as friends ⦿
  
• Reading notifications⦿
  

• All user privileges ⦿
  
• Viewing reports ⦿
  
• Deleting comments ⦿
  
• Disabling and enabling project groups ⦿
  
• Warning users through notifications ⦿
  
• Handling (replying, deleting) feedbacks Viewing feedbacks ⦿
  
• Kicking users for max 5 days ⦿
  

• All user and moderator privileges ⦿
  
• Toggling maintenance mod ⦿
  
• Whitelisting ips that may access the website when in maintenance mode ⦿
  
• Managing users, permission, and feedbacks (CRUD - Create, Read, Write, Delete) ⦿
  
• Disabling and enabling registration and login⦿
  
• Banning users ⦿
  
• Viewing stats about the users (how many un/activated users, new users, etc) ⦿
  
• Managing reports ⦿
  
• Managing project groups ⦿
  

• Passwords - Please use the

  password_hash()
  

  function to hash all passwords and sensitive details.
  
• Sanitizing inputs - Please remember to sanitize any data before sending it to the database using

  mysql_real_escape_string()
  

• Other - Please use the appropriate security measures in other cases not written above. Thank you!
  

• Username - This field contains the visitor's Scratch username. It is disabled so it cannot be edited.
  
• Nickname - This field is optional; it allows the visitor to enter a custom nickname.
  
• Password - The visitor can enter a password here. This field is required.
  
• Password again - The visitor must type out his/her password again so the two password fields match. This field is required.
  

$project_id = '10135908/';
$project_url = 'http://scratch.mit.edu/projects/' . $project_id;
$api_url = 'http://scratch.mit.edu/site-api/comments/project/' . $project_id . '?page=1&salt=' . md5(time()); //salt is to prevent caching
$data = file_get_contents($api_url);
    if (!$data) {
        echo '<p>API access failed. Please try again later.</p>';
        return;
    }
    $success = false;
    preg_match_all('%<div id="comments-\d+" class="comment.*?" data-comment-id="\d+">.*?<a href="/users/(.*?)">.*?<div class="content">(.*?)</div>%ms', $data, $matches);
    foreach ($matches[2] as $key => $val) {
        $user = $matches[1][$key];
        $comment = trim($val);
        if ($user == $requested_user /* this variable needs to represent the username you're looking for */ && $comment == $verification_code /* whatever verification code you're looking for */) {
            $success = true;
            //do whatever you need to do to continue
            break;
        }
    }

• Registration & Login - Only 1 user can be created per ip address.
  
• Project groups - A user can have a maximum of 2 project groups at a time. The character limit in the description of a project group is 100. The maximum amount of tasks at the same time in a project group is 20. Each task can have maximum of 7 labels, up to 10 people assigned to it; its name must not exceed 50 characters, and its description can contain a maximum of 100 characters. The amount of labels in a project group can be 10 maximum and the title of a label must not be over 20 characters. A user cannot be in more than 5 project groups at a time.
  
• Notifications - Notifications older than 60 days are automatically deleted except for warnings from moderators and administrators.
  
• Comments - All comment should be limited to 300 characters.
  

• This is an opportunity for you to improve your programming skills, learn from more experienced people and teach beginners (like me). Perhaps you will make some friends along the way as well!
  
• You get access to the full source code of the project so you could integrate it into your own website as well.
  
• You will be promoted to manager on my future Scratch web app id you prove yourself responsible enough.
  
• I will design you a custom profile picture if needed.
  I can do basic animations too and make you a GIF!
  
• I will host a Node.js or Python script for you 24/7.
  This is a limited offer available for 3 people maximum. However, I can make exceptions. When submitting your script, please make sure it has no memory-leaks and it is not too resource intensive. If my sever cannot handle your script then you can modify it and resubmit it to me. The server is kept on 24/7 but there might be some outages. I will try to fix them as soon as possible. Please contact me on my profile for more details.
  

when green flag clicked
wait (5) secs
switch costume to [ Nod Stupidly]

StalX wrote:

So, the webapp you are working on is basicly like one of thoes team management apps like “Monday”? That can be very helpful!

-StalX

when green flag clicked
wait (5) secs
switch costume to [ Nod Stupidly]

Jeffalo wrote:

this sounds super cool! please keep us updated with the progress, as i for one would love to see how this is going!

Pufferfish_Test wrote:

I'd absolutely love to help out with this, but sadly I barely know any php and only a basic understanding of sql. I only know node.js and front end stuff
I'll be honest with you - you're probably more likely to find collaborators if you work with node of python, as more people seem to learn these nowadays, even if over 70% of the web uses php
I will try and find a tutorial somewhere online about this incase you don't find anyone, I'm usually quite good at that
I used way too many emojis here

god286 wrote:

I wish I could help out but I don’t have GitHub, I don’t know any php at all

I think for authentication you can use fluffyscratch that @jeffalo knows about. I don’t know if you would need passwords when using that, but I’m not so sure about its security though

Pufferfish_Test wrote:

I'll be honest with you - you're probably more likely to find collaborators if you work with node of python, as more people seem to learn these nowadays, even if over 70% of the web uses php

Pufferfish_Test wrote:

I'd absolutely love to help out with this, but sadly I barely know any php and only a basic understanding of sql. I only know node.js and front end stuff
I'll be honest with you - you're probably more likely to find collaborators if you work with node of python, as more people seem to learn these nowadays, even if over 70% of the web uses php
I will try and find a tutorial somewhere online about this incase you don't find anyone, I'm usually quite good at that
I used way too many emojis here

Jeffalo wrote:

nodejs. nodejs. nodejs. nodejs.

Maximouse wrote:

For reasons. Obviously things are improving over time, but a badly designed language can't just become good.

god286 wrote:

I wish I could help out but I don’t have GitHub, I don’t know any php at all

I think for authentication you can use fluffyscratch that @jeffalo knows about. I don’t know if you would need passwords when using that, but I’m not so sure about its security though

DatOneLefty wrote:

I would recommend using fluffyscratch for authentication because storing passwords gets messy and dangerous (people will often use the same password, and if your database happens to be stolen those passwords are unsafe for all sites). Another upside of fluffyscratch is that it doesn't only allow for passwordless login, it's easy verification that someone is who they say they are!

It's been a long time since I've worked on PHP, but I actively work on MySQL (for ScratchDB) so I can help out there if needed!

1. Set up a password during registration and use it while logging in
   OR
   
2. Always use an authentication system like fluffyscratch to log in
   

SuperScratcher_1234 wrote:

The only problem I have with it though that every time a user would like to login they would need to 1) copy a code, 2) go to a scratch project (and login to Scratch as well if they aren't already), 3) comment their code, 4) go back to the website and press a button to verify that they have commented the code. Thoughts?

Jeffalo wrote:

SuperScratcher_1234 wrote:

The only problem I have with it though that every time a user would like to login they would need to 1) copy a code, 2) go to a scratch project (and login to Scratch as well if they aren't already), 3) comment their code, 4) go back to the website and press a button to verify that they have commented the code. Thoughts?

you could write a browser extension to automate it. and make it basically instant. either way, i've speedran the fluffyscratch auth process and i can do it in under 15 seconds and sometimes faster than a normal password login

fdreerf wrote:

Are you sure you'll be able to share the finished product on Scratch – the features look very fishy.

fdreerf wrote:

Are you sure you'll be able to share the finished product on Scratch – the features look very fishy.

The guidelines set by the Scratch Team for user created sites (source):

1. All content on your site must be appropriate for Scratchers of all ages. ✅
   
2. Your site should not be giving out any of your personal information - in the website name, in the “Contact Us” area, in links to social media sites, and so on. Remember that what you post on the internet is very hard to remove. ✅
   
3. Your site should not be asking for email addresses - this often happens in the “Contact Us” area. ✅
   
4. Your site should not be providing unmoderated communication. ✅
   
5. Make sure your site is not downloading anything potentially malicious. ✅
   
6. Your site should not be selling anything. ✅
   

DabDatBass wrote:

(is this a website? Because I'm going to refer this as a website often xD)

This is cool- I could help; I have a semi-understanding of PHP (I'm going to lean more every day, it's a new programming language to me owo), I know a LOT of CSS that can make the website look great, and I know TONS of html.

I've been working on https://www.gamr.gq , https://www.openly.tk , and https://outdoors-man.dabdatbass.repl.co ; all of them are websites that I've worked hard on

I sadly don't have GitHub (big sad ;-; BUT I might ask my dad for an account )…

I'm going to be very active with REAL coding and not Scratch, so I could help out. A LOT.

Thanks, hopefully I can help with it!

SuperScratcher_1234 wrote:

Yes, it is going to be a website! I don't think I need much help with CSS because I'm using a framework called Halfmoon

Jeffalo wrote:

SuperScratcher_1234 wrote:

Yes, it is going to be a website! I don't think I need much help with CSS because I'm using a framework called Halfmoon

what! how do you find CSS frameworks like this? whenever i try looking for them I end up just going with boring old bootstrap or whatever! this half-moon stuff looks so clean and it takes care of the whole UI!!! i want to make something that uses it now!