[Release] Staff Pin System for the client

[Central]

Hello, I have stumbled across with this Staff Pin System and decided to release it.

All you have to do is follow the following steps:

• With the code's you will see below you will need to edit them
• The code marked bottom of the client.php file you will need to change mysql password to your mysql password
• As well as changing mysql database name with your database name
• Once completed those, please add that code to the bottom of the client.php, add it after <div class="client"></div> or something along the lines as this.
• Go to app/tpl/skins/SKINFOLDER/ and make a new php file and name it spk, and add the contents of the spk code from this topic into there.
• Go to your database, right click the table users and click Design Table (only if you are using Navicat) and add a new field, this field should be called staff_pin and you will just need to save it, if it says you havent filled anything in, put the type as Varchar and the limit or something as 255.

Spoiler: Bottom of the Client.php file

<style> body {
background-color: #212121;
}

form {
position:absolute;
top:30%;
right:0;
left:0;
text-align: center;
}

select {
background-image: url('

You must be registered for see links

background-size: 150px 150px;
height: 160px;
width: 130px;
font-size: 50px;
text-indent: 40%;
color: orange;
border: none;
border-radius: 10px;
text-align: center
}

select:focus,
input:focus {
outline: none;
}

input {
color: orange;
background-color: transparent;
border: 1px solid orange;
height: 100px;
width: 100px;
border-radius: 100%;
font-size: 50px;

}

select:hover {
color: darkorange;
}

input:hover {
color: darkorange;
border: 1px solid darkorange;
}</style>
<?php $connect = mysql_connect("localhost", "root", "my sql password"); mysql_select_db("mysql database name", $connect); $username = $_SESSION["user"]["username"]; $query = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'"); if(mysql_num_rows($query) == 1) {
$row = mysql_fetch_assoc($query); $rank = $row["rank"]; if($rank >= 2 && !isset($_SESSION["correct_key"])) { ?>
<form action='spk' method='post'> <select name='first'> <option value='0'>0</option> <option value='1'>1</option> <option value='2'>2</option> <option value='3'>3</option> <option value='4'>4</option> <option value='5'>5</option> <option value='6'>6</option> <option value='7'>7</option> <option value='8'>8</option> <option value='9'>9</option> </select> <select name='second'> <option value='0'>0</option> <option value='1'>1</option> <option value='2'>2</option> <option value='3'>3</option> <option value='4'>4</option> <option value='5'>5</option> <option value='6'>6</option> <option value='7'>7</option> <option value='8'>8</option> <option value='9'>9</option> </select> <select name='third'> <option value='0'>0</option> <option value='1'>1</option> <option value='2'>2</option> <option value='3'>3</option> <option value='4'>4</option> <option value='5'>5</option> <option value='6'>6</option> <option value='7'>7</option> <option value='8'>8</option> <option value='9'>9</option> </select> <select name='fourth'> <option value='0'>0</option> <option value='1'>1</option> <option value='2'>2</option> <option value='3'>3</option> <option value='4'>4</option> <option value='5'>5</option> <option value='6'>6</option> <option value='7'>7</option> <option value='8'>8</option> <option value='9'>9</option> </select><br /> <input type='submit' name='staff_key' value='Go' /> </form> <?php exit; } }else { die("Sorry, something went wrong with your account, apparently you do not exist, please try logging in."); } ?>
</body></div>

Spoiler: spk.php

<?php
session_start(); $username = strip_tags(stripslashes(mysql_real_escape_string($_SESSION["user"]["username"]))); $connect = mysql_connect("localhost", "root", "$wqoiwqwqs"); mysql_select_db("fixeddb", $connect); $first = strip_tags(stripslashes(mysql_real_escape_string($_POST["first"]))); $second = strip_tags(stripslashes(mysql_real_escape_string($_POST["second"]))); $third = strip_tags(stripslashes(mysql_real_escape_string($_POST["third"]))); $fourth = strip_tags(stripslashes(mysql_real_escape_string($_POST["fourth"]))); $key = $first."".$second."".$third."".$fourth; if(is_numeric($key)) { $query = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'"); $row = mysql_fetch_assoc($query); $valid_key = $row["staff_pin"]; if($key == $valid_key) { session_start(); $_SESSION["correct_key"] = $key; }else{ die("Incorrect Key!"); } }else { die("Key must be 4 numbers..."); }
?>
<style>
body {
background-color: #212121;
}

#container {
position: absolute;
width: 600px;
height: 172px;
margin: auto;
position: absolute;
top: 0; left: 0; bottom: 0; right: 0;

}

#main {
width: 500px;
text-align: center;
height: 70px;
padding: 10px;
background-color: #333333;
border: 1px solid orange;
margin: 0 auto;
}

#main h1 {
color: orange;
font-size: 20px;
font-family: sans-serif;
}


#nav {
box-sizing: border-box;
border: 1px solid orange;
width: 200px;
height: 50px;
background-color: #333333;
text-align: center;
margin: 30 auto;
}

#nav h2,
#nav a {
text-decoration: none;
color: orange;
font-size: 20px;
font-family: sans-serif;
line-height: 20px;
}

#nav:hover,
#main:hover {
border: 1px solid darkorange;
}

#main h1:hover,
#nav h2:hover {
color: darkorange;
}
</style>

<div id="container">
<div id="main">
<h1>You have entered your staff pin correctly! Click the button to go back to the client!</h1>
</div>
<div id="nav">
<a href="{url}/client"><h2>Enter Client</h2></a>
</div>
</div>

Screenshot

 

[Wickd]

Wasn't this released already?I saw a few retros had it but this new design is really much better.
Not a big fan on the JSON part but it's alright, thanks for sharing.

 

[Berk]

I love it.I think we can use it ?? @Rain LOL.

 

[Rain]

I love it.I think we can use it ?? @Rain LOL.

Yeah man, I'll be sure to add a PIN system to the CMS. I'm getting annoyed with people getting staff accounts anyways.

 

[Berk]

Yeah man, I'll be sure to add a PIN system to the CMS. I'm getting annoyed with people getting staff accounts anyways.

Thanks, check skype

 

[Central]

@Wicked Yeah it was released already, but developed further into it because the design was just too basic, had free time and decided to actually make it better.

Thank you for all your comments.

 

[Lox]

Neat design worked perfect, Was wondering if you mind if I edit it a little?

 

[Calle787]

Really nice! Works!

 

[iGlenn]

this is nice, i used to use it on my hotel

 

[Zodiak]

Cleaned/Edited the PHP code, just preference in-case anybody wants to use it.
(Haven't tested, quickly did this in notepad without even saving it + I'm tired af so yolo)

Bottom of client.php:

<?php
    if(isset($_SESSION['user']['id'])) {
        $database_connection = null;
        try {
            $database_connection = new MySQLi("localhost", "root", "my sql password", "database name");
           
            $getUser = $database_connection->query("SELECT `rank` FROM `users` WHERE `id` = '".$database_connection->real_escape_string($_SESSION['user']['id'])."' LIMIT 1"); 
            if($getUser->num_rows >= 1) {
                $userRow = $getUser->fetch_object();
               
                if(($userRow->rank >= 2) && (!isset($_SESSION["correct_key"]))) { ?>
                <form action='spk' method='post'>
                    <select name='first'>
                        <option value='0'>0</option>
                        <option value='1'>1</option>
                        <option value='2'>2</option>
                        <option value='3'>3</option>
                        <option value='4'>4</option>
                        <option value='5'>5</option>
                        <option value='6'>6</option>
                        <option value='7'>7</option>
                        <option value='8'>8</option>
                        <option value='9'>9</option>
                    </select>
                    <select name='second'>
                        <option value='0'>0</option>
                        <option value='1'>1</option>
                        <option value='2'>2</option>
                        <option value='3'>3</option>
                        <option value='4'>4</option>
                        <option value='5'>5</option>
                        <option value='6'>6</option>
                        <option value='7'>7</option>
                        <option value='8'>8</option>
                        <option value='9'>9</option>
                    </select>
                    <select name='third'>
                        <option value='0'>0</option>
                        <option value='1'>1</option>
                        <option value='2'>2</option>
                        <option value='3'>3</option>
                        <option value='4'>4</option>
                        <option value='5'>5</option>
                        <option value='6'>6</option>
                        <option value='7'>7</option>
                        <option value='8'>8</option>
                        <option value='9'>9</option>
                    </select>
                    <select name='fourth'>
                        <option value='0'>0</option>
                        <option value='1'>1</option>
                        <option value='2'>2</option>
                        <option value='3'>3</option>
                        <option value='4'>4</option>
                        <option value='5'>5</option>
                        <option value='6'>6</option>
                        <option value='7'>7</option>
                        <option value='8'>8</option>
                        <option value='9'>9</option>
                    </select>
                    <br />
                    <input type='submit' name='staff_key' value='Go' />
                </form>
            <?php
                exit;
                }
            } else {
                echo "Sorry, something went wrong with your account, apparently you do not exist, please try logging in.";
                exit;
            }
        } catch(Exception $e) {
            echo "Error connecting to database!<br />";
            echo "Error: " . $e->getMessage();
            exit;
        }
    } else {
        echo "Sorry, something went wrong with your account, apparently you do not exist, please try logging in.";
        exit;
    }
?>

spk.php:

<?php
    session_start();
    $database_connection = null;
   
    function filter($str) {
        if(isset($database_connection) && ($database_connection != null))
            return strip_tags(stripslashes($database_connection->real_escape_string($str)));
           
        return strip_tags(stripslashes($str));
    }
   
    if((isset($_POST['first'])) && (isset($_POST['second'])) && (isset($_POST['third'])) && (isset($_POST['fourth']))) {
        if(isset($_SESSION['user']['id'])) {
            try {
                try {
                    $database_connection = new MySQLi("localhost", "root", "$wqoiwqwqs", "db name");
                } catch(Exception $e) {
                    throw $e;
                }
               
                $key = filter($_POST["first"]).filter($_POST["second"]).filter($_POST["third"]).filter($_POST["fourth"]);
               
                if((isset($key)) && ((strlen($key) == 4) && (ctype_digit($key)))) {
                    $getUser = $database_connection->query("SELECT `staff_pin` FROM `users` WHERE `id` = '".filter($_SESSION['user']['id'])."' LIMIT 1");
                    if($getUser->num_rows >= 1) {
                        $row = $query->fetch_object();
                        if($key === $row->staff_pin) {
                            session_start();
                            $_SESSION["correct_key"] = $key;
                        } else {
                            throw new Exception("Incorrect Key!");
                        }
                    } else {
                        throw new Exception("You don't exist.");
                    }
                } else {
                    throw new Exception("Key must be 4 numbers...");
                }
            } catch(Exception $e) {
                echo $e->getMessage();
                exit;
            }
        }
    }
?>

 

[LeComet]

Pretty cool, will really benefit Staff acounts and keep them against exposure.

 

[iGlenn]

true but this will not stop people from hacking into staff acounts, bypassing the pin system and accessing the client so make sure you fix your exploits if you have any.

 

[LeComet]

Of course it wont, but it's just more beneficial. For example, if a hacker was to get into a member of staff's account (within their being no exploits) he would only be able to do stuff on the website but would be unlikely for him to put things in-game at jeopardy unless he really went in to depth to be able to get the pin.

 

[iGlenn]

Of course it wont, but it's just more beneficial. For example, if a hacker was to get into a member of staff's account (within their being no exploits) he would only be able to do stuff on the website but would be unlikely for him to put things in-game at jeopardy unless he really went in to depth to be able to get the pin.

true but it wouldnt surprise me if there was a loophole in this allowing staff to just access the client via /client without putting in a pin

 

[LeComet]

true but it wouldnt surprise me if there was a loophole in this allowing staff to just access the client via /client without putting in a pin

That's true lol, i guess there is a way around everything. Depending on how desperate you are to get it.

 

[Ian2456]

Wow, it works. some reason the background didn't change, other then that 2/10.
also does it ask after a new login?

 

[Joe]

Wow, it works. some reason the background didn't change, other then that 9/10.
also does it ask after a new login?

What do you mean by new login? Every time you login (as a member of staff - rank 2 or above) you'll be asked for your pin.

 

[LeComet]

I may be wrong - but my guess is, every time a ranked user clicks "Play" or "Enter Client" before they proceed to the client they will be forced to enter the pin that they had set in order to be able to get in to the client

 

[iGlenn]

i've used this before and got tired of it but you only need to enter your pin again if you sign out of the hotel but if u exit the client and reopen it you wont have to

 

[Ian2456]

found a issue with this. my friend show me that non-staff can't get in the client, and I seen it for myself. I edited my rating.