Staff Pin System.

[Taiga]

Stop using the MySQL extension. Bad bad bad.

You are right, it's deprecated but at east tell him what to use instead. Tell him to replace the mysql with mysqli which stands for MySQL improved.

 

[Exonize]

Just use this solution, so much better and you only need to add this into one file. No database requirements etc.

<?php
 
$mod_pw = 'passwordhere';
 
if (isset($_SESSION['user']))
{
    $sql = mysql_query("SELECT rank FROM users WHERE id = ".intval($_SESSION['user']['id']));
    $r = mysql_fetch_assoc($sql);
 
    if (@$r['rank'] >= 8 && (!isset($_POST['mod_pw']) || $_POST['mod_pw'] != $mod_pw))
    {
        echo '<form method="post" action="">
    <p>MOD Password.

<br><br>	<input type="password" name="mod_pw" value="" /></p>
    <p><input type="submit" value="Log in" /></p>
</form>';
 
        die;
    }
}
?>

This will require a extra password from everyone over rank 8. You can change both password and rank in the script. Works with RevCMS.

 

[xHosts]

Not bad idea, I am personally more in favor of using either Mysqli or PDO, you could adapt it to allow extra security on paid membership accounts as part of the package allow them to set a personal pin number to access the accounts. Great start though

 

[rafa95123]

Just use this solution, so much better and you only need to add this into one file. No database requirements etc.
This will require a extra password from everyone over rank 8. You can change both password and rank in the script. Works with RevCMS.

Exactly what I said... Use only the MySQL to pick the rank, more secure in my opinion...

 

[Lewislol]

I personally would do key via database instead of same key for every staff member.

<?php 
if (isset($_SESSION['user'])) 
{ 
    $sql = mysql_query("SELECT * FROM users WHERE id = ".intval($_SESSION['user']['id'])); 
    $r = mysql_fetch_assoc($sql); 
  
    if (@$r['rank'] >= 8 && (!isset($_POST['mod_pw']) || $_POST['mod_pw'] == md5($r['pin']))) 
    {  ?>
		<style>
			body{
				background-image:url('<?php echo $_CONFIG['hotel']['url']; ?>/app/tpl/skins/Habbo/images/bg.png');
			}
			
			input[type='password']{
				border-radius:3px;
				border:1px solid lightgrey;
				height:25px;
				text-align:center;
			}
			
			input[type='submit']{
				border-radius:3px;
				border:1px solid lightgrey;
				background-color:#fff;
				height:25px;
				width:100px;
				font-weight:700;
				margin-top:5px;
			}
			
			input[type='submit']:hover{
				background-color:lightgrey;
			}
		</style>
        <form method="post" align = "center"> 
				  <p>Pin Information<br></p><br> 
				  <input type="password" name="mod_pw" placeholder = "Your client pin!"><br>
				  <input type="submit" value="Enter Pin">
		</form> 
<?php
        die; 
    } 
} 
?>

PS - Key is encrypted with md5 use a MD5 encrypter to create the key

You must be registered to see links

Tested it should work I just used the one Exonize posted and got it selecting keys via database.

SQL

ALTER TABLE `users` ADD `pin` VARCHAR(255)

 

[Spot Ify]

Woops tapatalk bug.

But why not making a dicyonary (array in php dicyonary in .net xd) with the usernames of all staffs so you dont have any mysql query??

Dont get why peaple use so much querys i have there in my cms recache staffpage, recache news, login ,register, bancheck client,bancheck login, auth ticket

The recach of the news is manually and staffpage recach can only ve done one time in the 45 minuts (only when someone enters the page)

So why not a dictonairy?
That is much much better stop using mysql for evrything lol. Yeahh and then crying as mysql is using much memory lol.

Hhh just cache poop
I give tomorrow a simple sample

 

[VOID3D]

@Lewislol All staff don't have the same key if you are referring to the original thread, you just have to change it for each user.

 

[Mextur]

I don't realy get the point for this feature.

 

[VOID3D]

I don't realy get the point for this feature.

It's just extra security, so if a staff account gets hacked, they also have to know the staff members pin.

 

[AliDABOSS]

Don't like the way you coded this, what's the point of connecting to mysql when the CMS already does that?

if you're using RevCMS, you should use $a = $engine->query("");
etc..

 

[RichBro123]

It is a failing matter why do you need spk.php

 

[VOID3D]

It is a failing matter why do you need spk.php

It's just to process the users input, so it is safer than putting it all in the client.

 

[AliDABOSS]

First here is my response...
Why are you reconnecting to the database? When using a CMS, it's normally connected itself, so you don't need to connect it.
Re-connecting would have to kill the current database session = which would take longer for a reply.
------
You should always filter your $_POST / $_GET variables, because that's just for extra security, specially if you're releasing it on RaGEZONE or another forum (to public). You could have made this better.

 

[VOID3D]

First here is my response...
Why are you reconnecting to the database? When using a CMS, it's normally connected itself, so you don't need to connect it.
Re-connecting would have to kill the current database session = which would take longer for a reply.
------
You should always filter your $_POST / $_GET variables, because that's just for extra security, specially if you're releasing it on RaGEZONE or another forum (to public). You could have made this better.

The data is filtered, like this, strip_tags(stripslashes(mysql_real_escape_string($_POST["first"])));

 

[Droppy]

I'm developing one for a private cms: 4 letter PIN for Client/6 letter PIN for Housekeeping.
Anyway, nice release!

 

[UartigZone]

Why does it ban my Proxy IP everytime i use this? Gold Tree Emulator ban the IP from Anti-DDoS.... And its not enable in server settings?

 

[Nicolajhansen97]

Why does it ban my Proxy IP everytime i use this? Gold Tree Emulator ban the IP from Anti-DDoS.... And its not enable in server settings?

I just tested it on my Phoenix Emulator and ''GTE''

It works for both for me, so you maked a mistake.

 

[UartigZone]

I just tested it on my Phoenix Emulator and ''GTE''

It works for both for me, so you maked a mistake.

Yeah. Can you please upload your Staff Pin, if you have it? If you want, so i can see the mistake.