[Release] Staff Pin System for the client

Central

Imagination is more important than knowledge.
Feb 22, 2015
709
107
Hello, I have stumbled across with this Staff Pin System and decided to release it.

All you have to do is follow the following steps:
  • With the code's you will see below you will need to edit them
  • The code marked bottom of the client.php file you will need to change mysql password to your mysql password
  • As well as changing mysql database name with your database name
  • Once completed those, please add that code to the bottom of the client.php, add it after <div class="client"></div> or something along the lines as this.
  • Go to app/tpl/skins/SKINFOLDER/ and make a new php file and name it spk, and add the contents of the spk code from this topic into there.
  • Go to your database, right click the table users and click Design Table (only if you are using Navicat) and add a new field, this field should be called staff_pin and you will just need to save it, if it says you havent filled anything in, put the type as Varchar and the limit or something as 255.
<style> body {
background-color: #212121;
}

form {
position:absolute;
top:30%;
right:0;
left:0;
text-align: center;
}

select {
background-image: url('
background-size: 150px 150px;
height: 160px;
width: 130px;
font-size: 50px;
text-indent: 40%;
color: orange;
border: none;
border-radius: 10px;
text-align: center
}

select:focus,
input:focus {
outline: none;
}

input {
color: orange;
background-color: transparent;
border: 1px solid orange;
height: 100px;
width: 100px;
border-radius: 100%;
font-size: 50px;

}

select:hover {
color: darkorange;
}

input:hover {
color: darkorange;
border: 1px solid darkorange;
}</style>
<?php $connect = mysql_connect("localhost", "root", "my sql password"); mysql_select_db("mysql database name", $connect); $username = $_SESSION["user"]["username"]; $query = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'"); if(mysql_num_rows($query) == 1) {
$row = mysql_fetch_assoc($query); $rank = $row["rank"]; if($rank >= 2 && !isset($_SESSION["correct_key"])) { ?>
<form action='spk' method='post'> <select name='first'> <option value='0'>0</option> <option value='1'>1</option> <option value='2'>2</option> <option value='3'>3</option> <option value='4'>4</option> <option value='5'>5</option> <option value='6'>6</option> <option value='7'>7</option> <option value='8'>8</option> <option value='9'>9</option> </select> <select name='second'> <option value='0'>0</option> <option value='1'>1</option> <option value='2'>2</option> <option value='3'>3</option> <option value='4'>4</option> <option value='5'>5</option> <option value='6'>6</option> <option value='7'>7</option> <option value='8'>8</option> <option value='9'>9</option> </select> <select name='third'> <option value='0'>0</option> <option value='1'>1</option> <option value='2'>2</option> <option value='3'>3</option> <option value='4'>4</option> <option value='5'>5</option> <option value='6'>6</option> <option value='7'>7</option> <option value='8'>8</option> <option value='9'>9</option> </select> <select name='fourth'> <option value='0'>0</option> <option value='1'>1</option> <option value='2'>2</option> <option value='3'>3</option> <option value='4'>4</option> <option value='5'>5</option> <option value='6'>6</option> <option value='7'>7</option> <option value='8'>8</option> <option value='9'>9</option> </select><br /> <input type='submit' name='staff_key' value='Go' /> </form> <?php exit; } }else { die("Sorry, something went wrong with your account, apparently you do not exist, please try logging in."); } ?>
</body></div>

<?php
session_start(); $username = strip_tags(stripslashes(mysql_real_escape_string($_SESSION["user"]["username"]))); $connect = mysql_connect("localhost", "root", "$wqoiwqwqs"); mysql_select_db("fixeddb", $connect); $first = strip_tags(stripslashes(mysql_real_escape_string($_POST["first"]))); $second = strip_tags(stripslashes(mysql_real_escape_string($_POST["second"]))); $third = strip_tags(stripslashes(mysql_real_escape_string($_POST["third"]))); $fourth = strip_tags(stripslashes(mysql_real_escape_string($_POST["fourth"]))); $key = $first."".$second."".$third."".$fourth; if(is_numeric($key)) { $query = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'"); $row = mysql_fetch_assoc($query); $valid_key = $row["staff_pin"]; if($key == $valid_key) { session_start(); $_SESSION["correct_key"] = $key; }else{ die("Incorrect Key!"); } }else { die("Key must be 4 numbers..."); }
?>
<style>
body {
background-color: #212121;
}

#container {
position: absolute;
width: 600px;
height: 172px;
margin: auto;
position: absolute;
top: 0; left: 0; bottom: 0; right: 0;

}

#main {
width: 500px;
text-align: center;
height: 70px;
padding: 10px;
background-color: #333333;
border: 1px solid orange;
margin: 0 auto;
}

#main h1 {
color: orange;
font-size: 20px;
font-family: sans-serif;
}


#nav {
box-sizing: border-box;
border: 1px solid orange;
width: 200px;
height: 50px;
background-color: #333333;
text-align: center;
margin: 30 auto;
}

#nav h2,
#nav a {
text-decoration: none;
color: orange;
font-size: 20px;
font-family: sans-serif;
line-height: 20px;
}

#nav:hover,
#main:hover {
border: 1px solid darkorange;
}

#main h1:hover,
#nav h2:hover {
color: darkorange;
}
</style>

<div id="container">
<div id="main">
<h1>You have entered your staff pin correctly! Click the button to go back to the client!</h1>
</div>
<div id="nav">
<a href="{url}/client"><h2>Enter Client</h2></a>
</div>
</div>

Screenshot
0a9vN0a.png
 

Wickd

The first member of the Knights of the Pink Table
Jan 15, 2013
1,936
612
Wasn't this released already?I saw a few retros had it but this new design is really much better.
Not a big fan on the JSON part but it's alright, thanks for sharing.
 

Central

Imagination is more important than knowledge.
Feb 22, 2015
709
107
@Wicked Yeah it was released already, but developed further into it because the design was just too basic, had free time and decided to actually make it better.

Thank you for all your comments.
 

Zodiak

recovering crack addict
Nov 18, 2011
453
417
Cleaned/Edited the PHP code, just preference in-case anybody wants to use it.
(Haven't tested, quickly did this in notepad without even saving it + I'm tired af so yolo)

Bottom of client.php:
PHP:
<?php
    if(isset($_SESSION['user']['id'])) {
        $database_connection = null;
        try {
            $database_connection = new MySQLi("localhost", "root", "my sql password", "database name");
           
            $getUser = $database_connection->query("SELECT `rank` FROM `users` WHERE `id` = '".$database_connection->real_escape_string($_SESSION['user']['id'])."' LIMIT 1"); 
            if($getUser->num_rows >= 1) {
                $userRow = $getUser->fetch_object();
               
                if(($userRow->rank >= 2) && (!isset($_SESSION["correct_key"]))) { ?>
                <form action='spk' method='post'>
                    <select name='first'>
                        <option value='0'>0</option>
                        <option value='1'>1</option>
                        <option value='2'>2</option>
                        <option value='3'>3</option>
                        <option value='4'>4</option>
                        <option value='5'>5</option>
                        <option value='6'>6</option>
                        <option value='7'>7</option>
                        <option value='8'>8</option>
                        <option value='9'>9</option>
                    </select>
                    <select name='second'>
                        <option value='0'>0</option>
                        <option value='1'>1</option>
                        <option value='2'>2</option>
                        <option value='3'>3</option>
                        <option value='4'>4</option>
                        <option value='5'>5</option>
                        <option value='6'>6</option>
                        <option value='7'>7</option>
                        <option value='8'>8</option>
                        <option value='9'>9</option>
                    </select>
                    <select name='third'>
                        <option value='0'>0</option>
                        <option value='1'>1</option>
                        <option value='2'>2</option>
                        <option value='3'>3</option>
                        <option value='4'>4</option>
                        <option value='5'>5</option>
                        <option value='6'>6</option>
                        <option value='7'>7</option>
                        <option value='8'>8</option>
                        <option value='9'>9</option>
                    </select>
                    <select name='fourth'>
                        <option value='0'>0</option>
                        <option value='1'>1</option>
                        <option value='2'>2</option>
                        <option value='3'>3</option>
                        <option value='4'>4</option>
                        <option value='5'>5</option>
                        <option value='6'>6</option>
                        <option value='7'>7</option>
                        <option value='8'>8</option>
                        <option value='9'>9</option>
                    </select>
                    <br />
                    <input type='submit' name='staff_key' value='Go' />
                </form>
            <?php
                exit;
                }
            } else {
                echo "Sorry, something went wrong with your account, apparently you do not exist, please try logging in.";
                exit;
            }
        } catch(Exception $e) {
            echo "Error connecting to database!<br />";
            echo "Error: " . $e->getMessage();
            exit;
        }
    } else {
        echo "Sorry, something went wrong with your account, apparently you do not exist, please try logging in.";
        exit;
    }
?>

spk.php:
PHP:
<?php
    session_start();
    $database_connection = null;
   
    function filter($str) {
        if(isset($database_connection) && ($database_connection != null))
            return strip_tags(stripslashes($database_connection->real_escape_string($str)));
           
        return strip_tags(stripslashes($str));
    }
   
    if((isset($_POST['first'])) && (isset($_POST['second'])) && (isset($_POST['third'])) && (isset($_POST['fourth']))) {
        if(isset($_SESSION['user']['id'])) {
            try {
                try {
                    $database_connection = new MySQLi("localhost", "root", "$wqoiwqwqs", "db name");
                } catch(Exception $e) {
                    throw $e;
                }
               
                $key = filter($_POST["first"]).filter($_POST["second"]).filter($_POST["third"]).filter($_POST["fourth"]);
               
                if((isset($key)) && ((strlen($key) == 4) && (ctype_digit($key)))) {
                    $getUser = $database_connection->query("SELECT `staff_pin` FROM `users` WHERE `id` = '".filter($_SESSION['user']['id'])."' LIMIT 1");
                    if($getUser->num_rows >= 1) {
                        $row = $query->fetch_object();
                        if($key === $row->staff_pin) {
                            session_start();
                            $_SESSION["correct_key"] = $key;
                        } else {
                            throw new Exception("Incorrect Key!");
                        }
                    } else {
                        throw new Exception("You don't exist.");
                    }
                } else {
                    throw new Exception("Key must be 4 numbers...");
                }
            } catch(Exception $e) {
                echo $e->getMessage();
                exit;
            }
        }
    }
?>
 

iGlenn

:)
Jul 21, 2015
618
92
true but this will not stop people from hacking into staff acounts, bypassing the pin system and accessing the client so make sure you fix your exploits if you have any.
 

LeComet

Retaliation 3
Jun 26, 2016
31
9
Of course it wont, but it's just more beneficial. For example, if a hacker was to get into a member of staff's account (within their being no exploits) he would only be able to do stuff on the website but would be unlikely for him to put things in-game at jeopardy unless he really went in to depth to be able to get the pin.
 

iGlenn

:)
Jul 21, 2015
618
92
Of course it wont, but it's just more beneficial. For example, if a hacker was to get into a member of staff's account (within their being no exploits) he would only be able to do stuff on the website but would be unlikely for him to put things in-game at jeopardy unless he really went in to depth to be able to get the pin.
true but it wouldnt surprise me if there was a loophole in this allowing staff to just access the client via /client without putting in a pin
 

LeComet

Retaliation 3
Jun 26, 2016
31
9
true but it wouldnt surprise me if there was a loophole in this allowing staff to just access the client via /client without putting in a pin
That's true lol, i guess there is a way around everything. Depending on how desperate you are to get it.
 

Ian2456

Member
Feb 19, 2013
275
7
Wow, it works. some reason the background didn't change, other then that 2/10.
also does it ask after a new login?
 
Last edited:

Joe

Well-Known Member
Jun 10, 2012
4,172
1,955
Wow, it works. some reason the background didn't change, other then that 9/10.
also does it ask after a new login?
What do you mean by new login? Every time you login (as a member of staff - rank 2 or above) you'll be asked for your pin.
 

LeComet

Retaliation 3
Jun 26, 2016
31
9
I may be wrong - but my guess is, every time a ranked user clicks "Play" or "Enter Client" before they proceed to the client they will be forced to enter the pin that they had set in order to be able to get in to the client
 

iGlenn

:)
Jul 21, 2015
618
92
i've used this before and got tired of it but you only need to enter your pin again if you sign out of the hotel but if u exit the client and reopen it you wont have to
 

Ian2456

Member
Feb 19, 2013
275
7
found a issue with this. my friend show me that non-staff can't get in the client, and I seen it for myself. I edited my rating.
 

Users who are viewing this thread

Top