Tiny Phoenix Addon - Help prevent scammers

[NOC]

Hey

Its been mentioned to me many times, that people scam on hotels then use "flagme" to change name and hard for hotel owners to trace the scammers because they have changed the user names,

I came up with this idea only a small idea but may help some people in the community


Database

CREATE TABLE IF NOT EXISTS `flagme_logs` (
`old_username` varchar(100) DEFAULT NULL,
`new_username` varchar(100) DEFAULT NULL,
`user_id` int(11) DEFAULT NULL,
`time` timestamp NULL DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

In your class258 / ChangeUserNameMessageEvent.cs

Under this :

class3.ExecuteQuery(string.Concat(new object[]
{
"UPDATE users SET username = '",
text,
"' WHERE id = '",
Session.GetHabbo().Id,
"' LIMIT 1"
}));

Add this

using (DatabaseClient @class = Phoenix.GetDatabase().GetClient())
{
@class.AddParamWithValue("old_username", Session.GetHabbo().Username);
@class.AddParamWithValue("new_username", text);
@class.AddParamWithValue("user_id", Session.GetHabbo().Id);


@class.ExecuteQuery("INSERT INTO flagme_logs SET old_username = @old_username, new_username = @new_username, user_id = @user_id");

}

Now each time a user uses flagme, the old name, new name and most importantly the users ID is stored with the date and time on which they change username.

[MentaL]

[Diddy]

You never cease to amaze me Johno! Thank you.

[Dann Marchelo]

Erm as far as I know if you use :flagme command for phoenix it is stored in cmdlogs table?

[NOC]

Erm as far as I know if you use :flagme command for phoenix it is stored in cmdlogs table?

Yes this is a little more informed for people having its own table they can add the feature into HK for staff to look this up.

[Dann Marchelo]

Yes this is a little more informed for people having its own table they can add the feature into HK for staff to look this up.

cmdlogs http://prntscr.com/714s1d and for HK you can code something like SELECT * FROM cmdlogs WHERE command = 'flagme'

[Luminia]

Something useful from G0D. Thanks for this!

Greetz,

[Fr4n]

Makes everything simple, amazing.

[The General]

If you had a properly set up database with all the relations and constraints properly implemented, you wouldn't have any problem with people changing their username.

Also rooms should've been identified by the user id instead of the username as the user id should not change. Yes I know they did use the username for caching but this is certainly not how a proper database should've been implemented.

[Bozzie]

Nice little addon Johno, thanks!

[YoWesty]

Don't use phoenix but thank you for the idea! :P

[NOC]

If you had a properly set up database with all the relations and constraints properly implemented, you wouldn't have any problem with people changing their username.

Also rooms should've been identified by the user id instead of the username as the user id should not change. Yes I know they did use the username for caching but this is certainly not how a proper database should've been implemented.

It was a simple addon as people I host have asked me for a way log the name changes, I thought of this method as people can easy add a page to housekeeping so that people who do not have direct server access can still view the information if at the time owners are offline.

[The General]

Also make sure to filter the variable 'text'. Either use regex ([a-zA-Z0-9]) to filter it or use the prepared statements as they are more secure. ^.^

[MrSpooks]

It seems a nice little addon cheers johno

[NOC]

Also make sure to filter the variable 'text'. Either use regex ([a-zA-Z0-9]) to filter it or use the prepared statements as they are more secure. ^.^

I am sure the values are ready filtered as they are all ready included within the orginal phoenix, i simply added the method to save them to a table.

[The General]

I am sure the values are ready filtered as they are all ready included within the orginal phoenix, i simply added the method to save them to a table.

Better be safe than sorry