Staff Pin System.

[VOID3D]

If a user is able to register with such name, you have some serious security problems.

Well done, that made me laugh pretty hard, idek why x'D

[rafa95123]

And other... I'll pick from database, will help?
To make more secure, don't make an new connection with MySQL and the PIN CODE must be on archive, and the system with $_SESSION...
My Hotel have this, and is secure, i have sure.

[streamhotel]

I think the Staff IP list is much better. You make a table with username and ip and when a user try to acces the remote_addr and session username must be the same as the database records in the table. Or you can make that you only can acces staff accounts from a specified network.

[rafa95123]

I think the Staff IP list is much better. You make a table with username and ip and when a user try to acces the remote_addr and session username must be the same as the database records in the table. Or you can make that you only can acces staff accounts from a specified network.

Terrible to Dynamic IP.. I guess?

[Nathan]

Stop using the MySQL extension. Bad bad bad.

[Taiga]

Stop using the MySQL extension. Bad bad bad.

You are right, it's deprecated but at east tell him what to use instead. Tell him to replace the mysql with mysqli which stands for MySQL improved.

[Exonize]

Just use this solution, so much better and you only need to add this into one file. No database requirements etc.

PHP Code:

<?php
 
$mod_pw = 'passwordhere';
 
if (isset($_SESSION['user']))
{
    $sql = mysql_query("SELECT rank FROM users WHERE id = ".intval($_SESSION['user']['id']));
    $r = mysql_fetch_assoc($sql);
 
    if (@$r['rank'] >= 8 && (!isset($_POST['mod_pw']) || $_POST['mod_pw'] != $mod_pw))
    {
        echo '<form method="post" action="">
    <p>MOD Password.

<br><br>    <input type="password" name="mod_pw" value="" /></p>
    <p><input type="submit" value="Log in" /></p>
</form>';
 
        die;
    }
}
?>

This will require a extra password from everyone over rank 8. You can change both password and rank in the script. Works with RevCMS.

[NOC]

Not bad idea, I am personally more in favor of using either Mysqli or PDO, you could adapt it to allow extra security on paid membership accounts as part of the package allow them to set a personal pin number to access the accounts. Great start though

[rafa95123]

Just use this solution, so much better and you only need to add this into one file. No database requirements etc.
This will require a extra password from everyone over rank 8. You can change both password and rank in the script. Works with RevCMS.

Exactly what I said... Use only the MySQL to pick the rank, more secure in my opinion...

[Lewislol]

I personally would do key via database instead of same key for every staff member.

Code:

<?php 
if (isset($_SESSION['user'])) 
{ 
    $sql = mysql_query("SELECT * FROM users WHERE id = ".intval($_SESSION['user']['id'])); 
    $r = mysql_fetch_assoc($sql); 
  
    if (@$r['rank'] >= 8 && (!isset($_POST['mod_pw']) || $_POST['mod_pw'] == md5($r['pin']))) 
    {  ?>
		<style>
			body{
				background-image:url('<?php echo $_CONFIG['hotel']['url']; ?>/app/tpl/skins/Habbo/images/bg.png');
			}
			
			input[type='password']{
				border-radius:3px;
				border:1px solid lightgrey;
				height:25px;
				text-align:center;
			}
			
			input[type='submit']{
				border-radius:3px;
				border:1px solid lightgrey;
				background-color:#fff;
				height:25px;
				width:100px;
				font-weight:700;
				margin-top:5px;
			}
			
			input[type='submit']:hover{
				background-color:lightgrey;
			}
		</style>
        <form method="post" align = "center"> 
				  <p>Pin Information<br></p><br> 
				  <input type="password" name="mod_pw" placeholder = "Your client pin!"><br>
				  <input type="submit" value="Enter Pin">
		</form> 
<?php
        die; 
    } 
} 
?>

PS - Key is encrypted with md5 use a MD5 encrypter to create the key
http://www.miraclesalad.com/webtools/md5.php

Tested it should work I just used the one @Exonize posted and got it selecting keys via database.

SQL

Code:

ALTER TABLE `users` ADD `pin` VARCHAR(255)

[Spot Ify]

Woops tapatalk bug.

But why not making a dicyonary (array in php dicyonary in .net xd) with the usernames of all staffs so you dont have any mysql query??

Dont get why peaple use so much querys i have there in my cms recache staffpage, recache news, login ,register, bancheck client,bancheck login, auth ticket

The recach of the news is manually and staffpage recach can only ve done one time in the 45 minuts (only when someone enters the page)

So why not a dictonairy?
That is much much better stop using mysql for evrything lol. Yeahh and then crying as mysql is using much memory lol.

Hhh just cache shit :p
I give tomorrow a simple sample

[VOID3D]

@Lewislol All staff don't have the same key if you are referring to the original thread, you just have to change it for each user.

[Mextur]

I don't realy get the point for this feature.

[VOID3D]

I don't realy get the point for this feature.

It's just extra security, so if a staff account gets hacked, they also have to know the staff members pin.

[AliDABOSS]

Don't like the way you coded this, what's the point of connecting to mysql when the CMS already does that?

if you're using RevCMS, you should use $a = $engine->query("");
etc..