Authlevel Protection

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • Authlevel Protection

      When users change(hack) the authlevel after login ..
      Is it possible to protect with the following sources?

      My 2moons is old.

      /* Authlevel Protection - out of service. */
      if($_SESSION['authlevel'] != $USER['authlevel']) {
      $db->query("UPDATE ".USERS." SET `authlevel` = '".$_SESSION['authlevel']."' WHERE `id` = ".$USER['id'].";");
      My version is 2moons 1.3v . :D But all fixed bug and more then mod added.
      Test universe: 1
      ID:2moons pw:1234
    • how do they hack the autlevel after login first of all ? It should be better to protect that issue
    • First of all, the session admin access, existing or not existing, does absolutely nothing. Even if you steal admin password, you know it is used to login/auth. I am curious how they change that values and if that really exists, solution is simple: force auth_level>0 column or recode the admin panel and problem solved.

      Also @noonn which version you're using? Have seen your games around 1.3 and 1.5 . Maybe any old security issue not affecting current game?

      PS. Now that i talked about admin panel, it needs to be recoded. Uses primitive coding and old db vars.
      Looking for good VPS to host your game? Use DigitalOcean and get 100$ bonus credit for 2 months!

      Check my mods here -

      I can build any mod. Need my service? Contact me via PM

      The post was edited 1 time, last by Qwa ().