2Pacalypse Posted April 14, 2009 Posted April 14, 2009 At first I thought "better not have a demo account", because of how easy it is to change the password on an account, also how unsafe it could be to give the account any decent number of points without abusers transferring to other accounts. Then I though, right, 2Pacalypse, stop being lazy! Sort it out! So I thought of a foolproof way to keep the demo acconut from changing usernames, passwords, transferring items/money/points, even selling things. It's incredibly simple. - Create an acconut with the username 'demo' - Paste these few lines in your sendcash.php, preferences.php, etc etc global $ir,$c,$userid,$h; if ($ir['username']==demo) { print "Demo account cannot (change passwords, etc)!!"; } else { ---NORMAL BODY HERE!--- } Simple eh? Will post some examples now Quote
2Pacalypse Posted April 14, 2009 Author Posted April 14, 2009 Re: Making a perfect demo account! preferences.php would look something like: <?php include "globals.php"; switch($_GET['action']) { case 'passchange2': do_pass_change(); break; case 'passchange': pass_change(); break; case 'namechange2': do_name_change(); break; case 'namechange': name_change(); break; case 'picchange2': do_pic_change(); break; case 'picchange': pic_change(); break; case 'forumchange2': do_forum_change(); break; case 'forumchange': forum_change(); break; case 'sigchange2': do_sig_change(); break; case 'sigchange': sig_change(); break; default: prefs_home(); break; } function prefs_home() { global $db,$ir,$c,$userid,$h; print "<h3>Preferences</h3> [url='preferences.php?action=passchange']Password Change[/url] [url='preferences.php?action=namechange']Name Change[/url] [url='preferences.php?action=sigchange']Signature Change[/url] [url='preferences.php?action=picchange']Display Pic Change[/url] [url='preferences.php?action=forumchange']Forum Info Change[/url] "; } function pass_change() { global $ir,$c,$userid,$h; if ($ir['username']==demo) { print "Demo account cannot change passwords!!"; } else { print "<h3>Password Change</h3><form action='preferences.php?action=passchange2' method='post'>Current Password: <input type='password' name='oldpw' /> New Password: <input type='password' name='newpw' /> Confirm: <input type='password' name='newpw2' /> <input type='submit' value='Change PW' /></form>"; } } function do_pass_change() { global $db,$ir,$c,$userid,$h; if ($ir['username']==demo) { print "Demo account cannot change passwords!!"; } elseif(md5($_POST['oldpw']) != $ir['userpass']) { print "The current password you entered was wrong. [url='preferences.php?action=passchange']> Back[/url]"; } else if($_POST['newpw'] !== $_POST['newpw2']) { print "The new passwords you entered did not match! [url='preferences.php?action=passchange']> Back[/url]"; } else { $db->query("UPDATE users SET userpass=md5('{$_POST['newpw']}') WHERE userid=$userid"); print "Password changed!"; } } function name_change() { global $ir,$c,$userid,$h; if ($ir['username']==demo) { print "Demo account cannot change name!"; } else { print "<h3>Name Change</h3> Please note that you still use the same name to login, this procedure simply changes the name that is displayed. <form action='preferences.php?action=namechange2' method='post'> New Name: <input type='text' name='newname' /> <input type='submit' value='Change Name' /></form>"; } } function do_name_change() { global $db,$ir,$c,$userid,$h; if($_POST['newname'] == "") { print "You did not enter a new name. [url='preferences.php?action=namechange']> Back[/url]"; } else { $_POST['newname']=str_replace(array("<", ">", "\\\'"), array("<", ">", "'"), $_POST['newname']); $db->query("UPDATE users SET username='{$_POST['newname']}' WHERE userid=$userid"); print "Username changed!"; } } function pic_change() { global $ir,$c,$userid,$h; if ($userid==9) { print "Demo account cannot edit their picture!"; } else { print "<h3>Pic Change</h3> Please note that this must be externally hosted, [url='http://imageshack.us']ImageShack[/url] is our recommendation. Any images that are not 150x150 will be automatically resized <form action='preferences.php?action=picchange2' method='post'> New Pic: <input type='text' name='newpic' value='{$ir['display_pic']}' /> <input type='submit' value='Change Name' /></form>"; } } function do_pic_change() { global $db,$ir,$c,$userid,$h; if($_POST['newpic'] == "") { print "You did not enter a new pic. [url='preferences.php?action=picchange']> Back[/url]"; } else { $_POST['newpic']=str_replace('\\\'',''', $_POST['newpic']); $db->query("UPDATE users SET display_pic='{$_POST['newpic']}' WHERE userid=$userid"); print "Pic changed!"; } } function forum_change() { global $ir,$c,$userid,$h; if ($ir['username']==demo) { print "Demo account cannot change forum info!!"; } else { print "<h3>Forum Info Change</h3> Please note that the avatar must be externally hosted, [url='http://imageshack.us']ImageShack[/url] is our recommendation. Any avatars that are not 100x100 will be automatically resized <form action='preferences.php?action=forumchange2' method='post'> Avatar: <input type='text' name='forums_avatar' value='{$ir['forums_avatar']}' /> Signature (you may use BBcode): <textarea rows=10 cols=50 name='forums_signature'>{$ir['forums_signature']}</textarea> <input type='submit' value='Change Info' /></form>"; } } function do_forum_change() { global $db,$ir,$c,$userid,$h; $_POST['forums_avatar']=str_replace(array("<", ">"), array("<", ">"), $_POST['forums_avatar']); $db->query("UPDATE users SET forums_avatar='{$_POST['forums_avatar']}', forums_signature='{$_POST['forums_signature']}' WHERE userid=$userid"); print "Forum Info changed!"; } function sig_change() { global $ir,$c,$userid,$h; if ($ir['username']==demo) { print "Demo account cannot change signature!!"; } else { print "<h3>Signature Change</h3> <form action='preferences.php?action=sigchange2' method='post'> Signature (you may use BBcode): <textarea class=textbox rows=10 cols=50 name='sig'>{$ir['sig']}</textarea> <input class=textbox type='submit' value='Change Signature ' /></form>"; } } function do_sig_change() { global $db,$ir,$c,$userid,$h; $db->query("UPDATE users SET sig='{$_POST['sig']}' WHERE userid=$userid"); print "Signature changed!"; } $h->endpage(); ?> Quote
Guest Anonymous Posted April 14, 2009 Posted April 14, 2009 Re: Making a perfect demo account! No need to include it in every function...just add it before the globals include... Quote
2Pacalypse Posted April 14, 2009 Author Posted April 14, 2009 Re: Making a perfect demo account! Good point, but some mightn't mind certain areas being changed & that is only for one page. It's different for the likes of item markets, sendcash, etc Quote
DELETE ME NOW! Posted April 14, 2009 Posted April 14, 2009 Re: Making a perfect demo account! Why do all of that just do if($userid == Demo Acount Userid here) { echo 'This has been disabled for demo acount'; $h->endpage(); exit; } Simple. Quote
2Pacalypse Posted April 14, 2009 Author Posted April 14, 2009 Re: Making a perfect demo account! Because that's nearly exactly the same, except more general and uses an ID lol I found it easier to use the username, because most demo accounts have the username, 'demo'. Which makes it dead easy to use! Also I'm sure if anyone wanted to change the message to "This feature is disabled" they would work out roughly how to do that themselves :roll: Quote
AlabamaHit Posted April 14, 2009 Posted April 14, 2009 Re: Making a perfect demo account! Something like this I think would be alot better... $page = array("/preferences.php", "/mailbox.php");//Just exmaples...Add whatever. if($ir['userid'] == DEMO_ACCOUNT_ID && in_array($_SERVER['SCRIPT_NAME'], $page)) { echo "Sorry, this is not allowed for demo account."; echo " <br/ >"; echo "[url='index.php']> Go Back[/url]"; exit; } Quote
2Pacalypse Posted April 14, 2009 Author Posted April 14, 2009 Re: Making a perfect demo account! Guessing you put that in header, haven't a clue how to do thatbut it looks good Quote
Guest Anonymous Posted April 15, 2009 Posted April 15, 2009 Re: Making a perfect demo account! Something like this I think would be alot better... $page = array("/preferences.php", "/mailbox.php");//Just exmaples...Add whatever. if($ir['userid'] == DEMO_ACCOUNT_ID && in_array($_SERVER['SCRIPT_NAME'], $page)) { echo "Sorry, this is not allowed for demo account."; echo " <br/ >"; echo "[url='index.php']> Go Back[/url]"; exit; } I'm pretty sure it can be spoofed, Just add another forward slash before the file name e.g example.com//file.php Therefore the script will still be able to execute, as $_SERVER['SCRIPT_NAME'] will look print out "//file.php" instead of what's in the array. Quote
DELETE ME NOW! Posted April 15, 2009 Posted April 15, 2009 Re: Making a perfect demo account! Something like this I think would be alot better... $page = array("/preferences.php", "/mailbox.php");//Just exmaples...Add whatever. if($ir['userid'] == DEMO_ACCOUNT_ID && in_array($_SERVER['SCRIPT_NAME'], $page)) { echo "Sorry, this is not allowed for demo account."; echo " <br/ >"; echo "[url='index.php']> Go Back[/url]"; exit; } I'm pretty sure it can be spoofed, Just add another forward slash before the file name e.g example.com//file.php Therefore the script will still be able to execute, as $_SERVER['SCRIPT_NAME'] will look print out "//file.php" instead of what's in the array. Yeah true hmm. Quote
AlabamaHit Posted April 15, 2009 Posted April 15, 2009 Re: Making a perfect demo account! Umm.....No lol. I did test that. It does work, it only gives 1 / And yeah it goes in header.php :-P Quote
DELETE ME NOW! Posted April 15, 2009 Posted April 15, 2009 Re: Making a perfect demo account! If your put like www.url.com//something.php they can get on the page lol :P Or even better do this in header.. simple :) under the mainemenu function.. under include "mainmenu.php"; add something like this if($ir['userid'] == demo account id) { echo 'Some message here'; $this->endpage(); exit; } xD dont let them access any page till sign up lmao Quote
dementor Posted April 15, 2009 Posted April 15, 2009 Re: Making a perfect demo account! Is better to use the ID rather than just the name demo :) Quote
DELETE ME NOW! Posted April 15, 2009 Posted April 15, 2009 Re: Making a perfect demo account! Is better to use the ID rather than just the name demo :) I duno ID, i guess its the first coloum in the users table, and its an number. I dont really know but i can be wrong. could be the same lol Quote
dementor Posted April 15, 2009 Posted April 15, 2009 Re: Making a perfect demo account! when I say ID I mean userid which equals in game ID Quote
DELETE ME NOW! Posted April 15, 2009 Posted April 15, 2009 Re: Making a perfect demo account! Yes i put ID = userid lol. Quote
Guest Anonymous Posted April 15, 2009 Posted April 15, 2009 Re: Making a perfect demo account! Umm.....No lol. I did test that. It does work, it only gives 1 / And yeah it goes in header.php :-P I guess it depends of server settings or something? I tried it out just now, still was able to access the page with an extra forward slash :-P Quote
AlabamaHit Posted April 15, 2009 Posted April 15, 2009 Re: Making a perfect demo account! If your put like www.url.com//something.php they can get on the page lol :P Um...no.lol This works people...I have tried it...and adding a // don't allow them lol Quote
Carnage Posted April 16, 2009 Posted April 16, 2009 Re: Making a perfect demo account! I use if($userid==2) { die("<div class=\"maincon\">You can not use this on a demo account sorry.</div>"); } I put it in mail, forum and few other pages. I also added a link to the login page <a href="demo.php"> and demo.php is just authenticate.php with the demo name and password hard coded in it so a users does not have to login they just click a link. Quote
AlabamaHit Posted April 16, 2009 Posted April 16, 2009 Re: Making a perfect demo account! Not everyone has your CSS lol. So that div wont work for everyone lol. But the best way is the array i showed on last page. All you have ot do is add pages to the array. No need to add to the different pages. Quote
Carnage Posted April 16, 2009 Posted April 16, 2009 Re: Making a perfect demo account! Not everyone has your CSS lol. So that div wont work for everyone lol. But the best way is the array i showed on last page. All you have ot do is add pages to the array. No need to add to the different pages. Yea I know the div is not going to work for all lol I also over looked your other post. I use something like that in my own cod for other things. I guess I over looked it for this. Quote
DELETE ME NOW! Posted April 16, 2009 Posted April 16, 2009 Re: Making a perfect demo account! Just add in header in the mainmenu function under include "mainmenu.php"; if($ir['userid'] == 2) { echo '[b]This is all you can do in demo account sorry.[/b]'; $this->endpage(); exit; } Done. Quote
Guest Anonymous Posted April 16, 2009 Posted April 16, 2009 Re: Making a perfect demo account! If your put like www.url.com//something.php they can get on the page lol :P Um...no.lol This works people...I have tried it...and adding a // don't allow them lol Umm yeah lol -- Just tried it now, by adding an forward slash before the file, it still was able execute the rest of the script. Code used: <?php $files = array('/test.php'); if(in_array($_SERVER['SCRIPT_NAME'], $files)){ echo 'Access not allowed.'; } ?> first try: example.com/test.php -- Not allowed Secound with an extra forward slash: example.com//test.php -- Allowed to execute the rest of the script. Quote
DELETE ME NOW! Posted April 16, 2009 Posted April 16, 2009 Re: Making a perfect demo account! lol yeah, but i think somethink in .htaccess you can add to stop that. Quote
AlabamaHit Posted April 16, 2009 Posted April 16, 2009 Re: Making a perfect demo account! Then your server is not set up right. Adding slashes on mine does not allow access.. Oh and if you used taht code You posted....take the extra / out. it will Still work. you didn't exit; the script. And please stop arguing about it. I have tested it. If it don't work on yours. Its yoru server or something else not setup right. Also for the sake of Stoping the fighting. Here is 100% Proof. Your wrong. ANd that the script I gave Works. Just fine. Showing Code used in file.. Now picutres LOOK at URL. Normal Your supposed double // Even the classic add folder to end of Mccodes don't work. Now their is the proof...Happy lol :-P Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.