Staff Pin System.

Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 38
  1. #16
    Enthusiast VOID3D is offline
    MemberRank
    Oct 2013 Join Date
    44Posts

    Re: Staff Pin System.

    Quote Originally Posted by Matata View Post
    If a user is able to register with such name, you have some serious security problems.
    Well done, that made me laugh pretty hard, idek why x'D

  2. #17
    Banned rafa95123 is offline
    BannedRank
    May 2009 Join Date
    /home/RaphaLocation
    564Posts

    Re: Staff Pin System.

    And other... I'll pick from database, will help?
    To make more secure, don't make an new connection with MySQL and the PIN CODE must be on archive, and the system with $_SESSION...
    My Hotel have this, and is secure, i have sure.

  3. #18
    Account Upgraded | Title Enabled! streamhotel is offline
    MemberRank
    Apr 2012 Join Date
    EarthLocation
    511Posts

    Re: Staff Pin System.

    I think the Staff IP list is much better. You make a table with username and ip and when a user try to acces the remote_addr and session username must be the same as the database records in the table. Or you can make that you only can acces staff accounts from a specified network.

  4. #19
    Banned rafa95123 is offline
    BannedRank
    May 2009 Join Date
    /home/RaphaLocation
    564Posts

    Re: Staff Pin System.

    Quote Originally Posted by streamhotel View Post
    I think the Staff IP list is much better. You make a table with username and ip and when a user try to acces the remote_addr and session username must be the same as the database records in the table. Or you can make that you only can acces staff accounts from a specified network.
    Terrible to Dynamic IP.. I guess?

  5. #20
    Valued Member Nathan is offline
    MemberRank
    Jun 2011 Join Date
    123Posts

    Re: Staff Pin System.

    Stop using the MySQL extension. Bad bad bad.

  6. #21
    ◝(⁰▿⁰)◜Smile◝ (⁰▿⁰)◜ Taiga is offline
    DeveloperRank
    May 2007 Join Date
    InternetLocation
    2,464Posts

    Re: Staff Pin System.

    Quote Originally Posted by Nathan View Post
    Stop using the MySQL extension. Bad bad bad.
    You are right, it's deprecated but at east tell him what to use instead. Tell him to replace the mysql with mysqli which stands for MySQL improved.

  7. #22
    G'nome sayin' Exonize is offline
    MemberRank
    May 2011 Join Date
    Czech RepublicLocation
    517Posts

    Re: Staff Pin System.

    Just use this solution, so much better and you only need to add this into one file. No database requirements etc.

    PHP Code:
    <?php
     
    $mod_pw 
    'passwordhere';
     
    if (isset(
    $_SESSION['user']))
    {
        
    $sql mysql_query("SELECT rank FROM users WHERE id = ".intval($_SESSION['user']['id']));
        
    $r mysql_fetch_assoc($sql);
     
        if (@
    $r['rank'] >= && (!isset($_POST['mod_pw']) || $_POST['mod_pw'] != $mod_pw))
        {
            echo 
    '<form method="post" action="">
        <p>MOD Password.

    <br><br>    <input type="password" name="mod_pw" value="" /></p>
        <p><input type="submit" value="Log in" /></p>
    </form>'
    ;
     
            die;
        }
    }
    ?>
    This will require a extra password from everyone over rank 8. You can change both password and rank in the script. Works with RevCMS.

  8. #23
    Mr VPS - Cheap VPS Server NOC is offline
    MemberRank
    Sep 2011 Join Date
    Liverpool, UKLocation
    844Posts

    Re: Staff Pin System.

    Not bad idea, I am personally more in favor of using either Mysqli or PDO, you could adapt it to allow extra security on paid membership accounts as part of the package allow them to set a personal pin number to access the accounts. Great start though

  9. #24
    Banned rafa95123 is offline
    BannedRank
    May 2009 Join Date
    /home/RaphaLocation
    564Posts

    Re: Staff Pin System.

    Quote Originally Posted by Exonize View Post
    Just use this solution, so much better and you only need to add this into one file. No database requirements etc.
    This will require a extra password from everyone over rank 8. You can change both password and rank in the script. Works with RevCMS.
    Exactly what I said... Use only the MySQL to pick the rank, more secure in my opinion...

  10. #25
    HostSavor.com Lewislol is offline
    MemberRank
    Jul 2013 Join Date
    498Posts

    Re: Staff Pin System.

    I personally would do key via database instead of same key for every staff member.
    Code:
    <?php 
    if (isset($_SESSION['user'])) 
    { 
        $sql = mysql_query("SELECT * FROM users WHERE id = ".intval($_SESSION['user']['id'])); 
        $r = mysql_fetch_assoc($sql); 
      
        if (@$r['rank'] >= 8 && (!isset($_POST['mod_pw']) || $_POST['mod_pw'] == md5($r['pin']))) 
        {  ?>
    		<style>
    			body{
    				background-image:url('<?php echo $_CONFIG['hotel']['url']; ?>/app/tpl/skins/Habbo/images/bg.png');
    			}
    			
    			input[type='password']{
    				border-radius:3px;
    				border:1px solid lightgrey;
    				height:25px;
    				text-align:center;
    			}
    			
    			input[type='submit']{
    				border-radius:3px;
    				border:1px solid lightgrey;
    				background-color:#fff;
    				height:25px;
    				width:100px;
    				font-weight:700;
    				margin-top:5px;
    			}
    			
    			input[type='submit']:hover{
    				background-color:lightgrey;
    			}
    		</style>
            <form method="post" align = "center"> 
    				  <p>Pin Information<br></p><br> 
    				  <input type="password" name="mod_pw" placeholder = "Your client pin!"><br>
    				  <input type="submit" value="Enter Pin">
    		</form> 
    <?php
            die; 
        } 
    } 
    ?>
    PS - Key is encrypted with md5 use a MD5 encrypter to create the key
    http://www.miraclesalad.com/webtools/md5.php

    Tested it should work I just used the one @Exonize posted and got it selecting keys via database.

    SQL
    Code:
    ALTER TABLE `users` ADD `pin` VARCHAR(255)

  11. #26
    I (L) Willem Spot Ify is offline
    MemberRank
    Jun 2012 Join Date
    The NetherlandsLocation
    294Posts

    Re: Staff Pin System.

    Woops tapatalk bug.

    But why not making a dicyonary (array in php dicyonary in .net xd) with the usernames of all staffs so you dont have any mysql query??

    Dont get why peaple use so much querys i have there in my cms recache staffpage, recache news, login ,register, bancheck client,bancheck login, auth ticket

    The recach of the news is manually and staffpage recach can only ve done one time in the 45 minuts (only when someone enters the page)

    So why not a dictonairy?
    That is much much better stop using mysql for evrything lol. Yeahh and then crying as mysql is using much memory lol.

    Hhh just cache shit :p
    I give tomorrow a simple sample
    Last edited by Spot Ify; 21-07-14 at 04:19 AM.

  12. #27
    Enthusiast VOID3D is offline
    MemberRank
    Oct 2013 Join Date
    44Posts

    Re: Staff Pin System.

    @Lewislol All staff don't have the same key if you are referring to the original thread, you just have to change it for each user.

  13. #28
    Freak Mextur is offline
    MemberRank
    Mar 2012 Join Date
    216Posts

    Re: Staff Pin System.

    I don't realy get the point for this feature.

  14. #29
    Enthusiast VOID3D is offline
    MemberRank
    Oct 2013 Join Date
    44Posts

    Re: Staff Pin System.

    Quote Originally Posted by Mextur View Post
    I don't realy get the point for this feature.
    It's just extra security, so if a staff account gets hacked, they also have to know the staff members pin.

  15. #30
    Banned AliDABOSS is offline
    BannedRank
    Apr 2013 Join Date
    EnglandLocation
    48Posts

    Re: Staff Pin System.

    Don't like the way you coded this, what's the point of connecting to mysql when the CMS already does that?

    if you're using RevCMS, you should use $a = $engine->query("");
    etc..



Page 2 of 3 FirstFirst 123 LastLast

Advertisement