Admin Panel

[Slashmore]

I'll be having the basics but what else do you think would be good to go in there and why?

So far I have,

Ban
Unban
Mass Message
Communication Ban
Last 50 messages sent
Bet logs
Dupe Check


Thanks,
Sean

[Tomoso]

Edit player profiles? Or at least block part of them until they replace it with something that is allowed. For example they have rude words, dirty picture etc...

[Slashmore]

Edit player profiles? Or at least block part of them until they replace it with something that is allowed. For example they have rude words, dirty picture etc...

I'll add, Thanks

[Tomoso]

Hmmm I had a think about this because I haven't really before but obivously I will also need something like this in my game.

Implement a "Player Overview" page, where by you basically can see all relevan information you might need about that player. It will probably look like thier profile page, except you will be able to edit it yourself if you wish. Also add extra stuff like all messages sent\recieved and all attack logs. Obviously you could also add the buttons to ban etc to this same page.

Your global controls can be on a seperate page. I'll let you know anything else I've thought of when I think of it
Will be interesting to see other stuff I may have missed.

[Slashmore]

I've all ready got the players stats on thier profile. All staff get an extra table to see thier money, bullets, points and loads and loads of other stuff. Maybe I'll make it editable in the future if I need to.

[Scion]

you might want to build in a notes/warning system....(that is if its not first strike your out) so that all previous warnings or notes related to that account can be viewed.

Im planning to have all direct admin actions on an account require a short note to explain what and why....not necesarily for the player to see (although i migh add that as an option) but because if im doing any admin im likely to forget what i did just yesterday...and if you have more than 1 person it will also help.


..Im starting my user admin module next week, assuming i dont get distracted with something else

[Greyth]

bug reports / misconduct reports -type stuff might be handy.

[karnedge]

Some of these ideas are great... so far, I have my admin panel set up very simply with a userlist and a simple pagination using pages and limit SQL queries...

Each row shows quick relevant info (ie; email, username etc. stuff from users table) but also has a select box with access levels that I can change on the fly.
The levels i have set up so far are:
-1 = Banned (user cannot log in and is given a msg saying so) (technically this is a permanant ban)
0 = Muted (user cannot communicate but still play the game)
1 = Normal user
5 = Moderator
9 = Admin
10 = Super Admin

I skipped some numbers just in case I needed to add other ranks later.

Then, I have a link at the end of the row for deleting the user all together (i have a javascript alert() come up to verify you want to delete though).

Another thing I have, that you may want to add is an option to delete inactive users for a certain period of time. Everytime a user logs on or does something their 'time' column updates (this helps with determining online users). So you can have a select box for a few days, weeks, months or years to delete any users that have not done anything in that time period since they are just wasting space.

[JGadrow]

The levels i have set up so far are:
-1 = Banned (user cannot log in and is given a msg saying so) (technically this is a permanant ban)
0 = Muted (user cannot communicate but still play the game)
1 = Normal user
5 = Moderator
9 = Admin
10 = Super Admin

I skipped some numbers just in case I needed to add other ranks later.

Why not do something like this instead of skipping numbers:
0 = No special permissions
1 = Banned
2 = Muted
4 = Super Admin
8 = Admin
16 = Moderator

As you can see, they progress by power of two. In this way, you can actually create a bitmask for your user roles. I know, it doesn't make a whole lot of sense for the Super Admin and Admin roles, but all others fit.

This way, you can do something like:
Permissions = 10 -> Muted, Admin
Permissions = 24 -> Admin, Moderator

And, since you have started numbering from the low and there is no 'skipped' numbers, you can simply add permissions by performing X*2 where X is the max value for permissions currently stored for the new value.

Or, you can simply go with a numbered approach and add another table that completes the one-to-many relationship between user and permissions. Just leave your pre-defined roles as the LOW numbers on the table and don't count on something like:

$superAdmin = $row ['permission'] > 9; // set super admin status

[yuppio]

I agree to Makari, using powers of two is the best way to build permission/role things.

[Chris]

Linear is better, in practice you will be doing a lot of if(access)>=X.

[JGadrow]

Linear is better, in practice you will be doing a lot of if(access)>=X.

See, this is exactly what should be avoided. It assumes that any newly added permissions are granted the permissions below by default. This may not always be the case, or there might be permissions that stack. Say, for instance, you need to temporarily suspend a moderator rather than just remove their moderator status, you ban them.

Or, if you end up writing an extensible system, who's to say a plug-in won't accidentally be triggered that sets some arbitrary permission that now gives users administrative access? It would be an easy error to make and could have disastrous consequences.

That's why I recommend either a bitmask value, or a separate table which maps permissions to a user. Obviously, you needn't map the 'normal' permission to a member.

Under a system you'd probably call a function similar to this:

Code: [Select]

if (checkPermission ('perm name')) // do we have auth?

[Chris]

Linear is still better
(but I encourage all competitors to make an extensible, plugin supporting OOP based panel with bit masks for multilayer permissions stored in a special table plus a multilanguage translation system with skins, templates and proper abstraction layer, this way they will not have the time to implement features that could give them a competitive advantage and steal my players)

[Harkins]

I think both linear and bit-packing are bad ideas.

You have a users table in the database. Create a Role table with columns id, title and the entries Player, Moderator, Admin. Create a table UserRoles with columns user_id, role_id to join to users, who may have many roles. Create a table Permissions with columns id, slug (a constant for use in code, especially nice if your language supports symbols), and description (human-readable)... maybe a detail column or two to constrain, so a permission could give the right to delete messages in only one subforum. Last, a table to link Roles and Permissions.

You can do it in code instead of db (and that might be better if you're not going to have a lot of permissions or changes), but don't create a linear scale that unduly constrains your permisisons or hassle around with bit-twiddling unless it's worth the hours or days to save a couple bytes on the couple user objects that aren't players.

[codestryke]

I saw your list of basics and one thing shocked me "Last 50 messages sent". Now it's time to get on my soap box of Ethics and running a game. Please take this all as my opinion and remember it's your game you can do what you damn well please

When you offer in game messaging and put it in your Terms of Service that you have the right to read those messages doesn't mean you or your staff should. At the very least it doesn't mean your staff should. When people write messages in the game they believe (I hope) that these are private messages sent to another party or parties, just like email. The contents of said email are private. Reading players messages or giving staff the ability to do so could cause a lot of heartache and disconnect from the player base (yes I know even though they agreed to it in the TOS on signup).

I'm no saint I've read emails in the past myself but only when I get a heads up about abuse from a player. Only then will I read them, most of the time the person cut, copies and pastes the original so all I need to do is execute a search and compare. To me reading other peoples messages back and forth just seems "dirty", but in some cases I agree it has to be done. Personally we don't have an admin page for that, only those with direct database access can do that.

The other problem is, you are looking at having a staff. If your game has any type of group dynamic this may cause problems with your users. If your staff is reading emails and playing the game or have friends play the game this is going to give them intimate knowledge of whats going on inside the game and the community. Even if it never happens all it takes is for one person to know a staff member is reading messages and the next thing you know you have a huge conspiracy outcry.

Like I said, my personal thoughts on the matter, hopefully it'll give you something to think about.

[yuppio]

I think both linear and bit-packing are bad ideas.

You have a users table in the database. Create a Role table with columns id, title and the entries Player, Moderator, Admin. Create a table UserRoles with columns user_id, role_id to join to users, who may have many roles. Create a table Permissions with columns id, slug (a constant for use in code, especially nice if your language supports symbols), and description (human-readable)... maybe a detail column or two to constrain, so a permission could give the right to delete messages in only one subforum. Last, a table to link Roles and Permissions.

You can do it in code instead of db (and that might be better if you're not going to have a lot of permissions or changes), but don't create a linear scale that unduly constrains your permisisons or hassle around with bit-twiddling unless it's worth the hours or days to save a couple bytes on the couple user objects that aren't players.

Your solution is good, if you need many types of permissions/roles, but if you need let's say only max 30 and they are quite constant, then powers of two are great in many ways.

My idea is:

1) hard code in source all types of permissions, example (PHP):

Code: [Select]

$perms = array(
1=>'allow this',
2=>'allow that',
4=>'allow access to this',
8=>'allow access to that',
);

and so on. You only need to save in user table one number. If user can do 2. un 8., then you simply sum them up and permission field in DB set as 10. After this you can also make roles, if you like.

And also checking after that if user can access to something is quite simple, you can use for example function http://lv.php.net/decbin, which return binary number of decimal number in string (like: '10001').

then you can simply check like:

Code: [Select]

if (!empty($binary_str[3])) {
//he has access to something that`s fourth key in array
}

No need to check something like $row['perm']>=4 or something in code, each permission have certain number/position.

p.s. sorry, I guess this was a little bit offtopic

[travo]

(but I encourage all competitors to make an extensible, plugin supporting OOP based panel with bit masks for multilayer permissions stored in a special table plus a multilanguage translation system with skins, templates and proper abstraction layer, this way they will not have the time to implement features that could give them a competitive advantage and steal my players)

LOL

A little off topic, but some of those features will be of a great help, particularly bitmask permissions (extremely easy using a similar method to Yuppio's), templates, and the proper abstraction layer.

I dont think you would need a plugin supporting admin panel, unless you planned to sell the game as a script...

And my project is more of an ongoing thing, I dont really have a deadline, meaning I can still implement all of my other features and in the end, steal your players

[Harkins]

Yeah, I mentioned code because, given the low number of overall perms, it may just be way easier to develop and debug.

But I hate hate hate bit-packing. Yeah, it's clever, yeah you feel smart, yeah it's fun code to write, and yeah it used to be important fifteen years ago. I've written bit-packing code for all those reasons. But it's needless complexity nowadays, spending an extra couple bytes of storage on the few user accounts that aren't vanilla players (or even on all user accounts!) is so so so cheap compared to the time an energy of writing and maintaining potentially fragile code.

One sign that this is about fun hacks:

then you can simply check like:

Code: [Select]

if (!empty($binary_str[3])) {
//he has access to something that`s fourth key in array
}

No need to check something like $row['perm']>=4 or something in code, each permission have certain number/position.

This should really look more like

Code: [Select]

if ($user->can_delete_posts()) {
  ...
}

I don't mean to pick on you, but code like this looks to me like coder thinks the interesting bit is twiddling bits rather than managing permissions. The code should look as much like the high-level business logic as possible; where it doesn't it means either that there's a really rare and important performance hack (almost never the case), the language itself is low-level, the libraries are incomplete, or the coder was trying to show off. And it's where bugs lurk.

[yuppio]

Well, if you use only few roles or permissions and they will not change, then 1=>user, 2=>moderator, 3=>admin works fine.

I hate to write code something like that:

Code: [Select]

function can_delete_posts() {
if (SomeOtherFunc()) {
return true;
} else {
return false;
}
}

if ($user->can_delete_posts()) {
 // do this
}

Why don't write:

Code: [Select]

if (SomeOtherFunc()) {
// do it
}

But this seems simply depends on coding style. Make those wrapper functions or not.

Every byte counts! The more light code you write, the more performance you get. Anyway performance > business logic.
Nowadays lots of people think, that PHP will do anything for you - it's such a easy language and they just write messy code by not thinking about how it will perform on great loads.

I'm trying to make every solution as light as possible, because PHP has lots of memory leaks it self, don't want to make new ones with my code

But this doesn't quite make sense in particular case, but coding PHP code in general.

p.s. I still think that using powers of two is great in most cases

Damn off topic, my last post on this thread

[Barrikor]

I'm siding with Harkins on this, the code needs to stay clean and stay easily extensible.

----------------

This is how I'd do it:

Table: Users
UserID | Username | Password | PrivPatternID


Table: PrivilegePatterns
PrivPatternID | Priv1 | Priv2 | Priv3 | Priv4


Just make it so that new patterns (rows) are dynamically created if it doesn't find a matching PrivPatternID when changing a user's privileges. You could make new privileges (columns) be addable via the admin panel dynamically without needing to change any patterns that were already generated.

[travo]

I never thought of it like that.... Thats a tons better idea

[Harkins]

Barrikor: Nice balance of complexity, I think you hit the sweet spot.

Every byte counts! The more light code you write, the more performance you get. Anyway performance > business logic.

I'll believe that these bytes count when I see a performance test showing me a difference. And you'd rather have a fast program that doesn't do what it's supposed to than a working program that may not be fast?

[yuppio]

My code does what it supposed to do

In this case doesn't make large difference, but it makes difference when lots of things come up in one page. It all sums up.

[Slashmore]

I saw your list of basics and one thing shocked me "Last 50 messages sent". Now it's time to get on my soap box of Ethics and running a game. Please take this all as my opinion and remember it's your game you can do what you damn well please

When you offer in game messaging and put it in your Terms of Service that you have the right to read those messages doesn't mean you or your staff should. At the very least it doesn't mean your staff should. When people write messages in the game they believe (I hope) that these are private messages sent to another party or parties, just like email. The contents of said email are private. Reading players messages or giving staff the ability to do so could cause a lot of heartache and disconnect from the player base (yes I know even though they agreed to it in the TOS on signup).

I'm no saint I've read emails in the past myself but only when I get a heads up about abuse from a player. Only then will I read them, most of the time the person cut, copies and pastes the original so all I need to do is execute a search and compare. To me reading other peoples messages back and forth just seems "dirty", but in some cases I agree it has to be done. Personally we don't have an admin page for that, only those with direct database access can do that.

The other problem is, you are looking at having a staff. If your game has any type of group dynamic this may cause problems with your users. If your staff is reading emails and playing the game or have friends play the game this is going to give them intimate knowledge of whats going on inside the game and the community. Even if it never happens all it takes is for one person to know a staff member is reading messages and the next thing you know you have a huge conspiracy outcry.

Like I said, my personal thoughts on the matter, hopefully it'll give you something to think about.

Thanks for your post guys, I'm gonna leave the admin side till last so I know what I need in there..

The reason I have message logs is because of spammers, i some times go on psp at college to check up on my site when it was online to see forums and any major bugs ect

I used to get spammers allmost daily, to save me time i made the page so i could tick the boxs with the links in and delete all at once.

I have to agree though, They should be privite so I've taken the page off and now when a user is banned all thier messages sent in last 6 hours get deleted.

Thanks, Sean.

P.S - Thanks for all the other posts a few of them have helped me out with a few other things.

[Scion]

my PM system has a <report this> button, it flags the message as requiring admin attention. The Admin only has direct access to messages that have been flagged. Once a message has been read it cannot be altered, and if its flagged then it cannot be deleted. Messages always record from what entitiy they were sent and to which they were addressed and record the specific user account that wrote the message. And if the message is flagged who flagged it.

I think this gives me a good system where  an admin can allways see who wrote a message, and players have the abillity to report messages that violate the Games T&C, It also means that i dont have to worry about admin users having access to all messages, only those that are reported can be viewed.