RE: Quick Question

@greeniwastakenyt I think youre right but they weirdly don’t advertise or show their mascot at all outside of the project editor

@tyller_ can you request to join https://glitch.com/edit/#!/yn3d

@tyller_ i have an sqlite database i dont need google sheets dw

@ejrowberry09-12248f6d I don’t know what you mean exactly but here are blocks for sensing colors in general:

1st one is from automation, second is in events, and the bottom one is in sensing.

Now, to actually answer your question in a helpful way, first, you can use this online tool if you need it for like a one time thing:
https://meyerweb.com/eric/tools/color-blend/#FF0000:990033:10:hex

And for blocks, well blocks for that doesn’t exist.

@tyller_ That makes sense. If you know NodeJS and socket.io / websockets, would you want to help me making a DM/saved chatting system for YN3D? I have/use the perspective API (https://perspectiveapi.com) to filter out toxicity and harmful content, which I applied for to use in my google cloud project and I also saw there I can apply for other API access like gmail and google sheets. That can for the most part do content moderation pretty well and it’s free. That way forum users would have a secure and safe place to chat, and YN3D would get more users as a result

@ejrowberry09-12248f6d I’m not CreatiCode but I can answer your question. A slider is fine and possible, and no, there isn’t a block to check if someone is over 18 but that wouldn’t really be needed because if you plan on making an 18+ project, then you shouldn’t publish it publicly because this is a kids site. For your project to get views, you’ll have to advertise it somewhere else like say a web game development forum (not this one) to try to get people to play your project. It would be nice if they make project settings like “restrict to 13+ users, restrict to 18+ users” but they dont have that so that’d need to be a suggestion

@tyller_ brute forcing it would then make it unavailable for everyone then right? And abuse logs would be good but my opinion is that you probably shouldn’t use CreatiCode for this, especially since you cant do things like ban IPs and people can make alt accounts easily so yeah… Brb, Im gonna be gone for like say a half hour

@tyller_ Yeah I also havent checked out inspect element, it’s also against their ToS to “reverse engineer” or basically try to understand and hack their code, but I can just tell from the way it works how its likely implemented on the inside. I like your idea of only allowing the CC service account to access the sheet (I use that too) but once again, the hiding the URL is only a client barrier, because the project JSON (actually .sb3 but is still JSON) file has to literally be sent to the client to run it and to do things like for projects with source code viewable to show the code blocks using the Scratch GUI thing and modifications. That .sb3 would contain GS links in the blocks and somebody could then get the URL of the google sheet of yours. While that person can’t directly access the Google Sheet because they dont have access, CreatiCode’s bot account does, and they can just use the GS blocks to takeover your google sheet and itd be pretty hard to revert the changes if they make it spam a 1000 times per second. I recommend that you get the Google Sheets API for your backend (you have to make a google cloud project, and then go to apis i think and enable that API for your service) so that you can do stuff there, and remove CreatiCode edit access to your Google Sheet, but set the service account to viewer. That way, all attackers can do is try to capture data that is updated like every 10 seconds and becomes useless after that. I recommend you encrypt your data by making like a text jumbler or something with a key that randomizes everyday so even if someone has an old data log they stole from your sheets, they wouldn’t be able to do anything with it because it’s just a bunch of gibberish. I made my own encryptor/hasher but it is not all that secure and instead serves the purpose of making text unreadable/undecipherable at a glance by using ROT13 and taking the length of the string as a number and inserting it at the beginning of the string.
https://play.creaticode.com/projects/675deee356af495135f2a9c1

You could make your app super secure by changing the way it does its job each time therefore making any old data obsolete and useless to hackers and people trying to infiltrate it for whatever reason

TL;DR: don’t store private or secret things in CreatiCode like user data if you wanna make an app like a social media or something because databases and storage is able to be hacked regardless of you hiding your code blocks when publishing a project, which is not great. CC isn’t popular enough for that to even be a possibilty currently, but when its audience becomes more diverse and starts to have people inspecting its code and looking for vulnerabilities, things could get ugly for some projects.

Sorry for the all caps title, but this mainly concerns anybody doing anything with databases and chatting systems (like what @Tyller_ is making). You don’t need to take immediate action, but I’d say by at least when CreatiCode blows up in popularity. Basically, CreatiCode is possible to hack (in many ways) so you should never be storing stuff like banking details or whatever, especially if youre a famous/often targeted person. I say this because of the nature of Scratch itself, which it’s built on, its past vulnerabilities, and other things I can sense coming mile away. I know with my game YOUniverse3D that people are going to attempt hacking it and therefore hacking CreatiCode, so I want to let it be known in order to minimize the potential of destructive actions caused by random internet people. With my game that won’t be much of an issue because data is stored on my personal site and server, and hacking the game wouldn’t provide much benefits other than fun.

What I have observed

CreatiCode allows for data storage with things like databases and private/public variables which is “secure”. A SUPER big programming principle is “Never trust the client”. The client means the user’s device. For example (dw, creaticode doesnt do this), a horrible thing to do would be coding a login page on ur site that checks if the username and password are right by having the server send the password corresponding to that username and having the client check if the submitted password is correct, and then doing tasks as normal. On the outside, it might look normal to you and you’d likely notice nothing weird. But to get on the inside, anyone can juse use “inspect element”, edit the page code to show them the user’s password instead of using it for validation, then now the attackers can log into ANYONE’s account and takeover as they please. CreatiCode (as in the site and forum) doesnt do this, but this basically what’s possible with the playground/project runner if you’re using databases or storing data in other ways for sensitive data like chat messages or passwords. CreatiCode is capable of making full feature packed applications and games, but you have to be very careful about security to ensure that users of your app/game don’t get all their user data leaked or destroyed. To make it easier to understand here’s a block code demonstration:

Here, the inputs of the username and password boxes are taken, the client goes to the server and asks the database to give the password of a user where their username is equal to that of the username box value, and the server/database return it to the client, the client checks if it’s right, and either lets the client go (“accepted”) or denies (“incorrect password”) . This is exactly how websites SHOULD NEVER implement validation, but the only reason to do it on CreatiCode is because it’s the only way. And right now (with my code blocks exposed to the public), someone can go inside the code and click a block and authenticate themselves (just let themselves in, not even like uninvited guests, literally trespassers). The playground offers nice web & utility-related blocks, but the thing is they run on the client and there is NEVER going to be a solution to secure validation or preventing project databases being letting in just anybody unless CreatiCode adds new blocks, implements a new project running system or feature, or changes the way the blocks are. I will give a list of suggestions at the end for how they could fix this, but my opinion is that CreatiCode shouldn’t be used for cases where you really need to make sure someone is who they say you are unless you are working with something simpler or where it doesn’t matter if someone hacks something on your project

And you may be thinking, “but I can hide my code blocks to prevent others from just clicking on blocks i dont want them to?”, but that is wrong, as client side restrictions that can be bypassed by anyone tech savvy enough. Hiding the source code of CreatiCode projects is rendered useless if someone flips open their webtools inspector or something and starts removing code and making the project editor appear as normal and then click a block like to give coins or mess with database blocks. Hidden code blocks (when you publish your project) won’t stop a hacker, because in order for the project to be run, the CreatiCode site has to send the project file to you in order for it to play it. The client/site then does all the work, but a hacker can easily intercept that and download the project and use a program to visualize that file or just load the same file in CreatiCode again but owned by them (like making a copy of the project) regardless of any restriction on the client. Although that wouldnt let them mess with your project, them understanding the code and figuring out how to bypass restrictions on a seperate copy is just as harmful since they could then perform the same thing on your project.

How CreatiCode could fix it

None of these options are 100% doable or would be overkill and would waste CreatiCode’s time/money/resources but they are purely hypothetical:

• Projects are proxied, meaning instead of running on the user’s device, they run on CreatiCode servers and are streamed to users. The client would consist of the streamed visual project running (like video streaming) and giving the project frame inputs like clicks, scrolls, right clicks, left/right drag clicks, and key presses would send them to the server. This way, the only thing that the user can possibly do is inputs, they get sent to the server, and backend code magic does its thing, and plays a project. This would make projects unhackable because users will only be able to change so much and it would just change it for them on their side. This would remove capabilities like selecting text/ copy&pasting unless you make an even more complex system to handle things like that to make it more accessible and natural. With this it would be ensured that code that runs pertaining the server could not be modified by an outside source and therefore be trusted. This could make projects run faster, or run slower depending on how it’s implemented and they would also need to keep in mind other things.
• And a doable one I actually might make a new topic about instead

@catty Sorry but I disagree with your decision. CreatiCode is right but games like that just need a warning message. Usually people disregard warnings, like kids getting over age barriers on sites by lying, but if you have PTSD or epilepsy or something that you are aware of, seeing a warning would likely make you leave because you wouldn’t want to have to go to the hopsital over a web game triggering you (I personally would be embarassed). Like adult sites have, a modal saying “are you sensitive to gore? If so you should leave” and and ok button and text that says to exit the project if not ok should be good enough. That way, people are protected, and anything bad happening would be purely their choice and not a mistake. This also doesn’t restrict the creator from being as creative as he wants since CreatiCode isn’t meant to be very limiting. It also makes sense if you dont need or want a warning to just have a disabled by default setting for detailed gore, and a settings screen to change that setting WITH a warning.

@info-creaticode oh yeah i remember me and tylerr recommended that but it’d make sense to have a reporter block instead called “user profile picture” (in sensing section near “username” blocks) that returns that image URL of the PFP that can then be used as a costume with blocks

@jd131111 its nice

@emerson-rowberry-ec48eaae Not sure what the issue is, maybe it was just a temporary outage? I tried it and it worked
First, I clicked “Please select”

Then stuff shows up

Edit: to clarify, this post is not about the fact that I got an error but rather that the error message could be improved for users that don’t know what this means

The link at the bottom (the text “FAQ”) brings you to https://scratch.mit.edu/3faq rather than a FAQ page on the CreatiCode site. Also you may want to make it more apparent/obvious to the user that this doesn’t mean their browser doesn’t actually support it, but that it could be that, or that the browser doesn’t support it at the moment (like the browser’s webGL crashing due to having a gigantic 3D scene beyond the computer’s limits). A naive or non-technical user might see this and get worried or take unnecessary action, like installing a new browser because all of a sudden 3D stopped working. I also feel that although the way it’s worded is simple, it wouldn’t make sense to the average user because “WebGL” and “this technology” (in the context of a Web API) are terms that they probably wouldn’t know or would misunderstand. You might want to give an example in a case of when/why this would happen, like attempting to load 10 avatars every second and keeping them there (putting too much stress on the 3d renderer). The back button also should link to My stuff or creaticode.com rather than that same page since clicking the back page gives you no actual way to go back, since you get the same error again and again (and the popup disallows you from using the topnav to go back as well).

Edit: I also forgot to mention that this can occur without 3D as well, you could simply be loading a normal Scratch project that’s a big file and then it hangs your WebGL renderer. Having multiple tabs open (especially complex ones that use stuff taking up more RAM, like YouTube videos, 3D, something happening every second, etc.) also makes projects more likely to crash due to the computer not having a decent amount of RAM left to do more complex stuff. This happens alot with (school) chromebooks and it would be great to explain this better since the target audience of CreatiCode is teachers and students, and they commonly have low end computers like chromebooks that can’t handle as much as an actual computer like Windows or Mac and are more likely to run into an issue like this.

https://play.creaticode.com/quizzes
Top nav bar says “CHALLANGE” instead of “CHALLENGE”

@jd131111 Hello and welcome to the website! Hope you like it we discuss CreatiCode coding alot here and you can even share/promote your projects too or get help with coding issues/bugs. To answer your question, I’m pretty sure you can see anyone’s score. Like mine is 0 and the sun god’s is 1. And if you’re referring to reputation on the forum, then you can see it just by clicking on a user’s forum profile. The forum and the site are pretty seperate and don’t/can’t use info from each other except for this forum making you use your CreatiCode account to make a forum account( although I feel it’d make sense if they were just together to begin with/merged but they do their job so its ok).

@info-creaticode Oh ok. Thank you, sorry for the false alarm.

@info-creaticode I’m sorry if this comes off as disrespectful, but please add a page to control your account quicker. I just need a way or button to sign out all sessions because I really think my account may be compromised.

It says “last updated a few seconds ago” and I am CERTAIN i do not have an open tab at the moment with that nor did I open the project today. Yet it still says modified a couple seconds ago. I think someone might have access to my account and although I changed my password there isnt much I can even do about it.

Hopefully, the case might just be that it just says modified because one of its stats changed (like number of hearts) rather than the actual project itself being modified.

Could there be easier ways to manage your account? It felt uncomfortable changing my password on my userpage a bit, usually websites have a page where you manage all your account settings, like changing your password, since at the moment it’s more scattered around the topnav.

I also want to be able to have an option that signs you out of all devices, especially because I have a strong feeling someone may have logged into my account on a device I forgot to logout on, since the last modified date of one of my projects looked suspicious like “3 minutes ago” . I changed my password and it felt like nothing happened, the page didn’t even refresh.

@jeffreyrb03-gmail they move with animations so like running, the hat will move too

@sucram-dev there’s a block to attach objects to avatars’ body parts, i was using it in my own game for avatar item testing ()

( in 3D Actions)

@sucram-dev Cool! I’m glad I could help. For your game I recommend adding a lot of more things to keep track of/save to the world like weapons and inventory and even saving stuff to a database/variables and also adding more to the title screen

@sucram-dev just tried out ur project and it’s neat

I see what you mean about like the bordered area and I’m sure that you just gotta change the world width and world height to something higher. I also recommend adding A and D controls for left and right since right now you can go right and left with the mouse and forward/back with W/S and it feels a tiny bit weird. You might also wanna make it so you can go up or like jump. That could be done with a message to the world i think since these blocks were designed for 2D but can also be used for 3D, it’s just the Y coordinate (up and down) need to be implemented another way, like with sending a jump message to the server and then handling it by making a drone go up.

@sucram-dev where you intiialize/create the world,I’m guessing maybe you might wanna increase the world size from 2000x2000 to something like 10000x10000 or something else bigger you would have to mess around with it.

That might solve the problem

I think you might wanna use other projects like the 2 player 3D doom project as a starting point and then edit that to your likings and make it more sandbox-ish

@jeffreyrb03-gmail thank you guys for adding that in I just saw it gives the full code now

@info-creaticode it works and it’s great, but could you make it so it returns the full webpage html code instead of just the <body> tag? I also wanna see the <head> tag for getting things like the title of the site and metadata. I’m thinking of now designing my websites so they have special metadata that when used in my CreatiCode web browser, they can have stuff like extra permissions and customizability and whatnot.

@info-creaticode thank you

@info-creaticode Oh that’s a good idea! Thank you!

@info-creaticode Ah ok, but could you also make it support “view-source:” as well at least or just another block that will return the exact code?

I’m aware that you guys are still working on fixing this block to “show dynamic content” and that makes sense, but could you guys instead introduce a new block for static content so that I can access APIs and stuff? I recently found out there’s a dog API to get information on dog breeds and to get pictures of dogs and I have a key and know which endpoints to use (luckily mostly via GET which is what a fetch does) but I can’t use them in CreatiCode because this still doesn’t work.

It does work for sites like my website and but fails when it comes into contact with things returned as text or JSON or websites that may have code too complicated like indeed.com when I wanna analyse job hirings and stuff like that. The issue with Indeed may actually be that it’s too dynamic due to it using your location to show jobs near you but that’s not the point.

The new block to just get (generally static) page and non-page (like text files) data could look like this:

and if the indeed.com issue is a concern for you guys, then maybe they both could have extra parameter that specifies extra information to personalize page content:

in these parameters, the user agent is that of a Chromebook and the location (lat & long) is London, UK. Maybe user agent might be a stretch but the location would surely be useful for somewhat fixing the issue. It’s also probably not worth fixing if it doesn’t work after that since it might think CreatiCode is a bot (as it is) and might not want it scraping its pages, so we should respect its wishes.

NOTICE: This tutorial below works for both CreatiCode and Scratch (or any Scratch fork/mod like Turbowarp) because this doesn’t take advantage of any CreatiCode-specific features.
Tutorial difficulty: 3.5 out of 5 stars

Does it ever bother you that you’re limited in the fonts you can use when you use the costume/backdrop editor? Well I have a somewhat advanced hack that I’m going to teach you today to use fonts like Arial and whatnot. I’m also going to show you some text/emoji tips and tricks at the end which ties into this.

Step 1

First, in any project (preferably a new project or one of your own projects), open up the costume/backdrop editor, then make a new costume (or backdrop if you’re in the Stage).

Step 2

Now make a new textbox with some example text like “Hello World!” and then set the font to something like “Marker” or “Pixel” so it’s easily recognizable and hard to miss. For performing this trick, it would also be best if you just have this textbox as the only element/thing (which is why I had you make a new costume/backdrop so it’s just a blank canvas) since having anything more might make this a bit harder.

Step 3

Now, export your simple costume/backdrop by right-clicking on the costume and export.

Warning: Make sure that when you export, the file ends with .svg. If it isn’t, then that means you must have clicked the “Convert to Bitmap” button and you don’t wanna do that since it just rasterizes the whole thing - converts it to just pixels, which won’t let you change the text afterwards unless you make it all over again.

Step 4

Now, import the SVG file of your costume/backdrop in a text editor app, like Notepad, or a web one. This will force it to show as text in a way that you can edit raw/directly.

Nerd info/fun fact: See, SVG images/vector graphics files are stored as text (if you wanna get technical, it’s XML text), not in pixels and complicated hex codes like PNG images. Therefore you can edit their contents more conveniently.

To make it easier for you, go to this text editor site: https://texteditor.co/
When you get there, ignore all the other junk like advertisements and hit the big blue button that says “Open File From Computer”.
Then select and choose the SVG file that we just exported in Step 3.
You should see this now:

Step 5

You see where it says font-family="Marker"? Well you can change that to get a custom font!
The way fonts work with Scratch/CreatiCode is that the SVG inherits the currently loaded fonts of the current webpage (HTML document) and browser/system, and that list shown at the beginning doesn’t do anything really special other than just use the name of a font, check if it’s supported and that the page/browser has it, and then put that font onto text.

So now, try to replace Marker with any of these fonts below:

• Arial
• Arial Black
• Comic Sans MS, cursive
• cursive (if on Mac/Apple it’s actual cursive, elsewhere, it’s just Comic Sans)
• Garamond
• Verdana
• Tahoma
• Courier New
• monospace
• Wingdings (Wingdings)
• Roboto
• Google Sans (only available for chromebooks/google maybe)
• Calibri
• Lucida Console (windows only)

I’m going to choose “Roboto” but you can choose whichever one you want. Now download the SVG file from the text editor, and then import it into Scratch.

Step 6

If you followed the last step correctly, it should look like this:

Yayyyyy! You did it! So now you have custom fonts that you can use and you can also change what the text says and any other thing like that. This will now allow you to further customize your text and make it more unique.

Tip: You can also use the “Scratch” font on any Scratch playground (including CreatiCode).

Rasterizing text tips (Step 7)

So you are probably already aware that emojis show differently for people on different devices, since those on Apple devices will see different emojis compared to Androids and same for other devices/platforms. Same applies to text fonts, since not everybody has the same fonts on their system!

You can fix this issue by flattening/rasterizing your text whenever you use emojis/uncommon fonts since some people probably won’t see certain fonts that you use and might be confused or feel misled when your game looks weird. You can do this by clicking the “Convert to Bitmap” button to just basically pixelate and unvectorize it:

You can then click this button again as it’ll say “Convert to vector” to turn it back into SVG which is what we like. You probably just want to rasterize your emojis and text so I recommend doing this in a new blank costume and then cutting and pasting the text back in to whatever costume you wanted like so the text is seperate from the background if you have colors or something.

Everybody will see your text the same after you do this because it’s now pixels, not text made by the computer, so now everybody will see your text the same! However making doing this has some drawbacks, like for example, it will probably make some images very pixelated and have a poor quality/resolution which might suck if you have like some HD image, since Scratch isn’t equipped for such quality. You won’t have to worry about this very much when you’re using CreatiCode though, due to the widgets blocks which are a powerful tool and can display images normally.

Conclusion

I hope you enjoyed my tutorial and found it useful, I will also be porting a project I have on Scratch to here soon that contains “hacked” blocks and backdrops with the custom fonts from this tutorial. When that’s up, you can just skip all these steps and steal the costumes from there, and put 'em in your backpack to use in whatever projects you choose.

(Section below in construction; those tutorials are not written by me yet)

Extra tutorials that expand on this one:

If you wish to learn more of my techniques and methods, I have made more tutorials below:

• Expansion of this tutorial that tells you of the extra things you can do in CreatiCode only
• How to put in more fonts using Opera GX or a Chrome extension (and then rasterize so others can see it)

@011830-0a42ef84 like in flipaclip?

@info-creaticode I fixed it now to use a button lol

@info-creaticode Ohhhh, I didn’t notice that. Thank you for pointing that out, I thought labels and buttons practically did the same thing since they have the same appearance and qualities.

@jeffreyrb03-gmail To clarify further, the issue is that now when you click a widget button, it can’t do anything because the block to do something when it’s clicked doesn’t work anymore.

Im not sure but "when widget ( v) clicked) hat block and other hat blocks in widgets no longer work for me however normal widget blocks do and they won’t run unless you press them. This is the project where I first encountered this:
https://play.creaticode.com/projects/673fa876591b145bfb97fcab


This mightve been caused by the addition of the shake block, and also for the shake block, I found that even when you press the stop button in the middle of the shaking, it’ll still continue to happen.

Edit: my old projects still work even though they use the widget hat blocks, to clarify I just made that new project

@c6099952795-bd492b4e Could you be more specific? I have no idea what you mean

@info-creaticode Yeah, everything would need to get moved, and that gap should probably be filled with black

@info-creaticode Shakes the screen

They also do this weird capitilzation thing and make it similar to a title by turning “What would you like to be the wallpaper?” into “What Would You Like To Be The Wallpaper?” .

@tyller_ I thought of this before but I’d have a computer always on that acts as the server but that’s a whole other issue and idk how to do it without buying a computer and making it run 24/7

@tyller_ yeah that stuff is always an issue with creaticode because there is no “server” or “backend” with projects, just client that can do server things using CC’s main backend. I don’t know how to fix that issue other than extensive testing and checking what will happen.
Edit: im referring to the thing about if someone closes the tab and data get s messed up

@tyller_ not sure but the current database storage should be fine and if youre really worried about that then you can use multiple databases to sort of preserve as much storage as possible. Besides ur pushig it all to GS anyways so no worries about that

@tyller_ Ok. You say this is to “make message storage easier” but idk this looks like a lot more errors and work are gonna come out of this than if you just used a different method like perhaps a queue system where messages are stored in a database (in creaticode) and then pushed gradually over to google sheets and retrieved when needed like for saving chats like a discord like app

@jeffreyrb03-gmail I host things on glitch so when I have the time I could prolly make an API for you

@tyller_ since formulas don’t work with the blocks in GS, just use an API. Like if you need cube root then fetch a url like example.com/cuberoot?n=8. The same applies to your messaging system but im not sure.

@tyller_ That sounds like a good idea since self hosting always gives you more control than something else either free or paid for just a bit more work. What exactly do you need my help with? I’m sorry but I’m not exactly at that level yet in terms of my computer knowledge since I like to use online services to make things as there isn’t really a more conveinient way for me

I have feedback on improving the site and its features to be better and more like Scratch a bit in some ways.

Studios I curate section on user pages feedback

Instead of taking you to the link to make a studio it just takes you to the link to make a new project.

Featured project box on user page

Also the user page’s featured project doesn’t scale properly like in Scratch:

“What I’ve Been Doing” area needs a revamp

Also, to further improve user pages, it’d be a good idea to exclude project creations from activity logs. It gets redundant and unneccessary, as it says “{user} created a new project Untitled” everytime you create a project:

I also am not really a fan of that because it tracks and publicly shows when you make a private project, since all projects start out private, and it lists the time like “5 hours ago” or “a day ago” which allows others to spy on you easier and also when someone clicks on the link they’ll get a /not-found anyways because it’s private to them, so it’s not convienient both ways. It also exposes unlisted projects which isn’t good since they’re supposed to be private-ish by you sharing the URL with a friend, however anyone could now access that URL from there if they were being nosy and got lucky.

What the activity list should show instead of this is when you publish or share a project, and with the name, like “JaecadeJnight published a project named {project name}” and minor social things as well like “{username} changed their username from {old username} to {new username}!”, which could actually help incase you don’t know who the person is afterwards and then you realize the person just changed their username and it isn’t a random person.

Adding comments on user pages

User pages also don’t have a comments section like in original Scratch but that’s okay since the focus of CreatiCode is less social and more educational which I appreciate. I think it would be cool to add though with the option of enabling it and disabling it and deleting others’ comments on your user page’s comment wall.

you can’t do things on other profiles much anymore

All the things like “send friend request” and “report” that were once there are now gone