What could Metin2 WEB ADMIN contain ?

[theacastus 0]

Hi guys,

 

I am wondering what could Metin2 web admin contain? 

I have a few ideas but I am not sure if they are good or not...

 

Here they are:

- Full item shop administation

- logs

- ban management (and account, character management)

- character debugging (also in player's user pannel would be char. debugger)

- any more ideas ?

 

I feel open for all your ideas!

 

Btw. I didnt start work yet.

The website will be coded in PHP Nette Framework, probably for PHP 5.6

[Aurora 46]

Logs. ban management, character debugging is common in the most CMS's btw character debugging must be open for the public so they can debugg their player on their one. Full item shop administration what do you mean with that most cms's already have it like adding categories, items, discounts.

[theacastus 0]

@Aurora I know that all these features that I have mentioned are common. But I want to do it on my own, to be able to design stuff like I want/need. 

And I'm not sure that all these public CMSs don't have a backdoor. Yes, not every one of them has it. But I don't like common stuff, so I usualy choose some of them which are unknown. 

Yes, Item shop admin. is suppose to be like managing categories/items/discounts/promo codes/payments. Payments could be external stuff.

 

 

There is also one more thing which came to my mind, event flag management - like, I want to do event, which will automaticaly turn off. So I will choose event in adminstration and set up it. When it starts and when it ends. There is two options how to do that, like start at 11am and duration will be 6hrs or start at 11am and end at 3pm...

[Aurora 46]

I don't know about the event idea. Do you want to make like a cronjob through the admin panel?

[theacastus 0]

@AuroraYeah, I will use the crontab which will every X mins (probably 15) a PHP file which will go throw the cron table in database and run all unrunned actions... That is my basic idea

[liko 0]

statistics, what day/time most people are online, class/gender/kingdom percentages , tool to follow trades easily, ...

[Mind Rapist 179]

Hello

If you are creating your own website, web_admin is just a number you can use for everything you want to restrict for any other accounts. Example you have a div that contains tools for server management you can use web_admin to specify access to this div example:

Spoiler

$mysql_query("SELECT * FROM account.account WHERE web_admin='9' LIMIT 1")

if ($mysql_conn->query($mysql_query)->num_rows > 0) {
    div with id="admin-panel" display="block"
} else {
    div with id="admin-panel" display="none"
}

 

<div id="admin-panel" style="display:none;">
    [...]
</div>

or something like that.

[pollux 791]

On 8/25/2016 at 3:30 PM, Mind Rapist said:

Hello

If you are creating your own website, web_admin is just a number you can use for everything you want to restrict for any other accounts. Example you have a div that contains tools for server management you can use web_admin to specify access to this div example:

  Hide contents

$mysql_query("SELECT * FROM account.account WHERE web_admin='9' LIMIT 1")

if ($mysql_conn->query($mysql_query)->num_rows > 0) {
    div with id="admin-panel" display="block"
} else {
    div with id="admin-panel" display="none"
}

 

<div id="admin-panel" style="display:none;">
    [...]
</div>

or something like that.

This is a bad thing, because you should protect your admin page dir / your administrative forms. With this method you will be able to see the div even if you are no admin in the sources. You should just post this div if the user really isAdmin()

Also you need to verify the data for the logged in account - e.g. using a $_SESSION[] var with a AND WHERE login='".$_SESSION."' in your query.

Additionally to this please use MySQLi or PDO instead of just mysql_, it's deprecated and will be removed soon. PHP7 is on its way and there you HAVE to use MySQLi or PDO!

[theacastus 0]

On 29. 8. 2016 at 6:12 PM, .PolluX said:

This is a bad thing, because you should protect your admin page dir / your administrative forms. With this method you will be able to see the div even if you are no admin in the sources. You should just post this div if the user really isAdmin()

Also you need to verify the data for the logged in account - e.g. using a $_SESSION[] var with a AND WHERE login='".$_SESSION."' in your query.

Additionally to this please use MySQLi or PDO instead of just mysql_, it's deprecated and will be removed soon. PHP7 is on its way and there you HAVE to use MySQLi or PDO!

About that form, it is higly unsecured to use the way which @Mind Rapist has used. As @.PolluX said, you need to hide everything. Every single thing. Also, insted of using MySQLi, I would like to use PDO only, because using PDO->prepare($sql) and then PDO->execute(array()) is the most secured way and it is 100% protected against SQL Injection.