Jump to content
MakeWebGames

Admin View As Complete *TESTED*

boionfire81

By boionfire81
in Free Modifications

 Share

Recommended Posts

boionfire81 Apprentice

boionfire81

Posted
Posted (edited)

What this does is allow you to view your website as any member you choose

 

 

Add to your globals file before the $is=$db->query

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Create staff_view_as.php

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Uridium's edit to switch user_level (i.e. Admin to Member role and vice versa)

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

Thanks to Uridium for the additional option

Edited by boionfire81
  • Like 2
Link to comment
Share on other sites
SRB Enthusiast

SRB

Posted
Posted
14 hours ago, Uridium said:

the users your switching to are they usual game players or users youve created yourself... Cos I can see some flaws if your viewing pages as a paying game member.. wouldnt that effect their privacy rights ? or am I missing something

What personal information do you show in-game, on a user's profile or not, that you feel would contravene GDPR/Privacy laws?

I think if any game shows enough information from the user interface, that you'd have GDPR conflicts, I think the problem there is too much information on the show.

Not sure ICO are ever really coming for anyone they can't take millions from either. 

Link to comment
Share on other sites
boionfire81 Apprentice

boionfire81

Posted
  • Author
Posted (edited)

staff-view-as.php

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

 

in globals.php only above the $is = $db->query

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

 

in globals.php only add just after the $ir = $db->fetch_row

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Links are

To switch between npc and self - ( staff-view-as.php?action=view-as-npc )

To switch user role/level  - ( staff-view-as.php?action=switch-role )

 

 

 

 

Anything else? I'm happy to help.

Edited by boionfire81
updated
Link to comment
Share on other sites
i3ision Newbie

i3ision

Posted
Posted

I have been running various persistent browser based games since the early 2000's and GDPR policies that have came out only specify the following coming from the legal team i asked about having existing features to view a admin, member, player and so on.

 

I was told by a lawyer that specializes in privacy and advocacy that when viewing user data user the reasoning of checking for abuse of any kind that violates the set Terms and Conditions or any other possible abuse for it is legal but must be documented when viewing content.

 

Say they use a stolen card it dictates that viewing private data is allowed only by authorized personal and must me logged and documented then once it has went one way or another it must be secured and encrypted or removed if no abuse is found.

Notification is not required unless abuse is found but publication is not required to be sent the intended person or persons.

 

In case of say harassment or any other non financial abuse it can be viewed but logging is required across the board to check the user i find to be intrusive anyways in someones privacy as GDPR is a privacy protection for the end user.

 

example:

Investigating abuse through user account access can be legitimate under GDPR, but it must be done cautiously, proportionally, and transparently, minimizing data access and respecting user rights.

 

This is pulled from conversation i had with a lawyer so its a grey area either way with current GDPR standards meaning it could be an issue or it couldn't be an issue as always consulting a lawyer is key. ( also expensive )

 

I personally create logging mechanisms to track user messages, send and receiving aka logging into a database with a salt key so only administration have access to the key to decrypt their messages.

 

Logging should track payment records, time, date, cost, ip address and so on in an encrypted manor.

 

Logging should also track for harassment if you allow sending of messages, posting on profiles, comments and so on should also show a searchable interfaces to check for only certain users data and so on. while logging just about anything that can be seen as possible abusive routes

 

While accessing data you must notify if anything is found this is the grey area as some GDPR lawyers say you must notify just for viewing data not if anything is found as it violates privacy while others argue that unless abuse is found there is no need unless they ask has my data been acccessed.

 

Then you are required to send all info that was accessed so its debatable and best case is don't view anything under current laws without detailing everything you view so if the end user or say abuse happened or didn't happen.

 

Logging for you and the end user should be held to the same high standard.

 

GDPR in my opinion is a joke it requires higher logging requirements for your website and the end user so in the end it protects the company mainly not the end user but of course this is my personal opinion after dealing with various cases along the same since its inception.

 

It's similar to fraud we are required by law in most countries to log IP access data, GEO LOCATION, last 4 of the card, or say paypal, stripe and so on account that used to pay for it. While still accounting for user privacy and payment privacy meaning accessing the data should only be by dedicated staff with insurance on them so if they do something or the user says they did something illegal you are covered.

 

The current game my team is working on is in the early stages using modern PHP 8.x+, while using logging at every step of the way i find this to be more abusive to privacy but this is what is required to honor the GDPR, California's Privacy (US), and COPPA policies logging is required for all staff and all users so the right to remove is there. The Terms of Service and Privacy Policy also must explain what is logged and a link has to be easily accessible to download their personal data on request this causes unneeded over head for a small website or small group of web developers like my sites have with limited overall profit on each game. ( currently we have 3 active games that i will not disclose due to legal reasons their are forms for this on our sites if you want that data )

 

I will end this with GDPR, COPPA, California's Privacy and other right to removal requirements actually require you to log more information to stay up to legal standard that accessing data and removing anything unless a legal case arises for small sites vs the requirements of say a large multi-million dollar company so it hurts smaller development teams more than big companies and the end user is logged even on smaller sites to great extent while staff now have to log anything they view that is "private data".

 

This is just my two cents after having to deal with a few cases of abuse and right to removal in the real world because one of our oldest games closed due to cost to redo existing source code to stay updated would cost more than the site was making thus closing was sadly the cost effective option

We where in the process of updating a game that dealt with fake currency, marketplace, trading and selling of digital items what got me in this case was if we made zero profit from allowing users to buy coins vs showing them ads that violated privacy and harassed them to donate would have been easier legally than taking money with minimal logging.

The current privacy frameworks are a harm to smaller development teams that protect privacy more than big companies, we had a remove all data button before big social media companies even offered it after running forums for over two decades we felt it was key to allow for this the fact they had to tell companies that it has to be added is the problem. protecting the rights of the end user should be the same either way its rather annoying but this is again my personal experiences you may have had a different one and please read the notice below .

NOTICE:

Remember, this is a complex legal topic, and the specific application of GDPR to this scenario depends on the individual circumstances. For definitive guidance, consult with legal professionals specializing in data privacy and the GDPR.

 

 

Link to comment
Share on other sites
boionfire81 Apprentice

boionfire81

Posted
  • Author
Posted

Here's my question for logging.

When the action being logged is between 2 players and player 1 deletes their data. How does that effect player 2s data?

 

Example.

Member 1 doesn't like member 2. Member 1 creates a false account and starts harassing member 2. Then member 1 deletes their fake account and all records of it existing. Now member 1 has been harrased, but no record of it to block an ip or anything. 🤷‍♂️

Link to comment
Share on other sites
gamble Enthusiast

gamble

Posted
Posted (edited)
9 hours ago, boionfire81 said:

Here's my question for logging.

When the action being logged is between 2 players and player 1 deletes their data. How does that effect player 2s data?

 

Example.

Member 1 doesn't like member 2. Member 1 creates a false account and starts harassing member 2. Then member 1 deletes their fake account and all records of it existing. Now member 1 has been harrased, but no record of it to block an ip or anything. 🤷‍♂️

From an admin perspective you should never ever ever ever ever delete anything. Ever.

 

Always have a "deleted" field or something and change that value and change your player facing queries to only pull the rows not flagged as deleted 

Edited by gamble
Link to comment
Share on other sites
newttster Enthusiast

newttster

Posted
Posted
On 12/14/2023 at 8:45 AM, boionfire81 said:

Example.

Member 1 doesn't like member 2. Member 1 creates a false account and starts harassing member 2. Then member 1 deletes their fake account and all records of it existing. Now member 1 has been harrased, but no record of it to block an ip or anything. 🤷‍♂️

My first question to you is ... why would you even give your players the right to delete their accounts?  If they don't wan't to play or whatever, then they don't have to log in. If through your own investigation that wrong doing is being done ... then lock lock the account yourself. As the owner of the game, you can do that, you know.

My second question is ... why don't you have every single player transaction copied at the time of input? As Gamble said ... have an additional field  called "deleted" or "duplicate", whatever.  Or better yet, have a separate table that holds that data as well. Every time a player sells something, it's recorded on an admin only table. Every time a player mails another player, it's recorded on an admin only table. Same for comments, forums, events. Any damn thing that has a record of player doing any kind of input, regardless of how mundane or stupid you think it is ... copy it to an admin only table. Example: Player A mails player B, both player A and B can see it, of course. Player A realizes that mail violates a game rule and deletes the mail that they sent assuming it would be gone forever.  Nope. Because being the smart admin that you are made sure to have the exact same mail sent to your "admincopyofplayersmails" or have a file listed under the players ID "playerID123all actions" which will include sender, receiver and the mail itself. There is no reason to ever look at these files unless you are investigating something ... player harassment, rule violation, whatever. The point I'm making is that this covers your ass and theirs as well. You also make it clear to your players that every action is recorded and that their full file can be made available to them, if it is warranted. Pretty simple, huh?

 

Link to comment
Share on other sites
boionfire81 Apprentice

boionfire81

Posted
  • Author
Posted

Yes, but talking gdpr if they request data deletion what can you do?

35 minutes ago, newttster said:

My first question to you is ... why would you even give your players the right to delete their accounts?  If they don't wan't to play or whatever, then they don't have to log in. If through your own investigation that wrong doing is being done ... then lock lock the account yourself. As the owner of the game, you can do that, you know.

My second question is ... why don't you have every single player transaction copied at the time of input? As Gamble said ... have an additional field  called "deleted" or "duplicate", whatever.  Or better yet, have a separate table that holds that data as well. Every time a player sells something, it's recorded on an admin only table. Every time a player mails another player, it's recorded on an admin only table. Same for comments, forums, events. Any damn thing that has a record of player doing any kind of input, regardless of how mundane or stupid you think it is ... copy it to an admin only table. Example: Player A mails player B, both player A and B can see it, of course. Player A realizes that mail violates a game rule and deletes the mail that they sent assuming it would be gone forever.  Nope. Because being the smart admin that you are made sure to have the exact same mail sent to your "admincopyofplayersmails" or have a file listed under the players ID "playerID123all actions" which will include sender, receiver and the mail itself. There is no reason to ever look at these files unless you are investigating something ... player harassment, rule violation, whatever. The point I'm making is that this covers your ass and theirs as well. You also make it clear to your players that every action is recorded and that their full file can be made available to them, if it is warranted. Pretty simple, huh?

 

 

Link to comment
Share on other sites
newttster Enthusiast

newttster

Posted
Posted
1 hour ago, boionfire81 said:

Yes, but talking gdpr if they request data deletion what can you do?

 

From what I've read and have been told, the GDPR refers to "personal data only". Other than a persons email address ... what personal data are you collecting? Most players use a gaming email address as opposed to their personal one anyway.  You shouldn't be collecting anything personal about anyone. Period. As for personal data related to "donations" to your game, do so through paypal or some such entity. This way the personal data is available through a 3rd party, NOT you. You would have to provide that information through your paypal account that's linked to your game but it is not and should not be data collected from the game itself. Paypal and such entities handle credit card transactions as well. Using such an entity protects you as well as the player.

Link to comment
Share on other sites
  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...