- Joined
- May 29, 2007
- Messages
- 2,167
- Reaction score
- 899
You are right, it's deprecated but at east tell him what to use instead. Tell him to replace the mysql with mysqli which stands for MySQL improved.Stop using the MySQL extension. Bad bad bad.
Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!
Join Today!You are right, it's deprecated but at east tell him what to use instead. Tell him to replace the mysql with mysqli which stands for MySQL improved.Stop using the MySQL extension. Bad bad bad.
<?php
$mod_pw = 'passwordhere';
if (isset($_SESSION['user']))
{
$sql = mysql_query("SELECT rank FROM users WHERE id = ".intval($_SESSION['user']['id']));
$r = mysql_fetch_assoc($sql);
if (@$r['rank'] >= 8 && (!isset($_POST['mod_pw']) || $_POST['mod_pw'] != $mod_pw))
{
echo '<form method="post" action="">
<p>MOD Password.
<br><br> <input type="password" name="mod_pw" value="" /></p>
<p><input type="submit" value="Log in" /></p>
</form>';
die;
}
}
?>
Just use this solution, so much better and you only need to add this into one file. No database requirements etc.
This will require a extra password from everyone over rank 8. You can change both password and rank in the script. Works with RevCMS.
<?php
if (isset($_SESSION['user']))
{
$sql = mysql_query("SELECT * FROM users WHERE id = ".intval($_SESSION['user']['id']));
$r = mysql_fetch_assoc($sql);
if (@$r['rank'] >= 8 && (!isset($_POST['mod_pw']) || $_POST['mod_pw'] == md5($r['pin'])))
{ ?>
<style>
body{
background-image:url('<?php echo $_CONFIG['hotel']['url']; ?>/app/tpl/skins/Habbo/images/bg.png');
}
input[type='password']{
border-radius:3px;
border:1px solid lightgrey;
height:25px;
text-align:center;
}
input[type='submit']{
border-radius:3px;
border:1px solid lightgrey;
background-color:#fff;
height:25px;
width:100px;
font-weight:700;
margin-top:5px;
}
input[type='submit']:hover{
background-color:lightgrey;
}
</style>
<form method="post" align = "center">
<p>Pin Information<br></p><br>
<input type="password" name="mod_pw" placeholder = "Your client pin!"><br>
<input type="submit" value="Enter Pin">
</form>
<?php
die;
}
}
?>
ALTER TABLE `users` ADD `pin` VARCHAR(255)
It's just extra security, so if a staff account gets hacked, they also have to know the staff members pin.I don't realy get the point for this feature.
It's just to process the users input, so it is safer than putting it all in the client.It is a failing matter why do you need spk.php
First here is my response...
Why are you reconnecting to the database? When using a CMS, it's normally connected itself, so you don't need to connect it.
Re-connecting would have to kill the current database session = which would take longer for a reply.
------
You should always filter your $_POST / $_GET variables, because that's just for extra security, specially if you're releasing it on RaGEZONE or another forum (to public). You could have made this better.
Why does it ban my Proxy IP everytime i use this? Gold Tree Emulator ban the IP from Anti-DDoS.... And its not enable in server settings?
I just tested it on my Phoenix Emulator and ''GTE''
It works for both for me, so you maked a mistake.