[Release] PHP Whos Online/Online passed 24hrs

[Ace-SG1-]

Ive goten this from someone... or i may have made it... dont know... for got... all i know is that it well take a long time to load all the data...

USE AT YOUR OWN RISK! DO NOT IM/PM/EMAIL ME ASKING FOR HELP.

Config.php

<?php
// MSSQL
$dbhost = ''
$dbuser = ''
$dbpasswd = ''
?>

sql_check.php

<?php
// Anti-SQL Injection 
function check_inject() 
  { 
    $badchars = array(";","'","*","/"," \ ","DROP", "SELECT", "UPDATE", "DELETE", "drop", "select", "update", "delete", "WHERE", "where", "-1", "-2", "-3","-4", "-5", "-6", "-7", "-8", "-9",); 
   
    foreach($_POST as $value) 
    { 
 $value = clean_variable($value);
 if(in_array($value, $badchars)) 
      { 
        die("SQL Injection Detected - Make sure only to use letters and numbers!\n<br />\nIP: ".$_SERVER['REMOTE_ADDR']); 
      } 
      else 
      { 
        $check = preg_split("//", $value, -1, PREG_SPLIT_OFFSET_CAPTURE); 
        foreach($check as $char) 
        { 
          if(in_array($char, $badchars)) 
          { 
            die("SQL Injection Detected - Make sure only to use letters and numbers!\n<br />\nIP: ".$_SERVER['REMOTE_ADDR']); 
          } 
        } 
      } 
    } 
  } 
function clean_variable($var) 
 { 
 $newvar = preg_replace('/[^a-zA-Z0-9\_\-]/', '', $var); 
 return $newvar; 
 }
?>

Online.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="sv" lang="sv">
<head>
 <title>KalOnline Private Server - Register</title>
 <style type="text/css" media="screen">@import "css.css";</style>
</head>
<body>
<div id="adminbody">
 <h1></h1>
    <h2>Server Stats</h2><b>Users Online:</b><br />(<small><font color='green'>Knight</font> <font color='red'>Archer</font> <font color='blue'>Mage</font>)</small><br /><br />
<?php
error_reporting('E_ALL');
//require 'config.php';
include_once('sql_check.php');
check_inject(); 
////$msconnect=mssql_connect("$dbhost","$dbuser","$dbpasswd");
$msconnect=mssql_connect("localhost");
$msconnect=mssql_connect("localhost");
$msdb=mssql_select_db("kal_auth",$msconnect);
$uid = mssql_result(mssql_query("SELECT Max(UID) from Login"),0,0);
mssql_close() or die('failed closing mssql');
$uid++;
$count = 0;
for($i = 3; $i < $uid; $i++) {
 if($i !== 27){
 //$msconnect=mssql_connect("$dbhost","$dbuser","$dbpasswd");
$msconnect=mssql_connect("localhost");
 $msdb=mssql_select_db("kal_auth",$msconnect);
 $on = mssql_result(mssql_query("SELECT [Type] FROM Log where [Player1] = '".$i."' order by [Date] desc"),0,0);
 mssql_close() or die('failed closing mssql');
 if(!$on) {
  //$msconnect=mssql_connect("$dbhost","$dbuser","$dbpasswd");
$msconnect=mssql_connect("localhost");
  $msdb=mssql_select_db("kal_db",$msconnect);
  
  $pid = mssql_result(mssql_query("SELECT [Name] FROM Player where [UID] = '".$i."' order by [Class]"),0,0);
  $class = mssql_result(mssql_query("SELECT [Class] FROM Player where [UID] = '".$i."'"),0,0);
  if($class == '0') { $color = 'green'; } elseif($class == '1') { $color = 'blue'; } else { $color = 'red'; }
  echo '<font color ='.$color.'>'.$pid.'</font><br>';
  mssql_close() or die('failed closing mssql');
  
  $count++;
 }
 }
}
echo '<br />'.$count.' Total<br /><br /><b>Last Login:</b><br />';
$today = time();
echo $today.'<br>';
for($i = 3; $i < $uid; $i++) {
 if($i !== 27){
 //$msconnect=mssql_connect("$dbhost","$dbuser","$dbpasswd");
$msconnect=mssql_connect("localhost");
 $msdb=mssql_select_db("kal_auth",$msconnect);
 $on = mssql_result(mssql_query("SELECT [Date] FROM Log where [Player1] = '".$i."' order by [Date] desc"),0,0);
 $lastlog = strtotime($on);
 $timediff = $today - $lastlog;
 $days = ceil($timediff / (60*60*24));
 mssql_close() or die('failed closing mssql');
 //$msconnect=mssql_connect("$dbhost","$dbuser","$dbpasswd");
$msconnect=mssql_connect("localhost");
 $msdb=mssql_select_db("kal_db",$msconnect);
 
 $pid = mssql_result(mssql_query("SELECT [Name] FROM Player where [UID] = '".$i."'"),0,0);
 $class = mssql_result(mssql_query("SELECT [Class] FROM Player where [UID] = '".$i."'"),0,0);
//  $pid2 = mssql_result(mssql_query("SELECT [pid] FROM player  where [uid] = '".$i."'"),0,0);
// $geons = mssql_result(mssql_query("SELECT [num] FROM item where [index] = '31' and [PID] = '".$pid2."'"),0,0);
 //$geons = number_format($geons);
 if($class == '0') { $x = 'K'; } elseif($class == '1') { $x = 'M'; } else { $x = 'A'; }
 if($days == 1) { echo '<div class="name">'.$x.$i.' '.$pid.'</div>'.$on.'<br>'; } 
 elseif ($days == 2) { echo '<div class="name2">'.$x.$i.' '.$pid.'</div>'.$on.'<br>'; }
 elseif ($days == 3) { echo '<div class="name3">'.$x.$i.' '.$pid.'</div>'.$on.'<br>'; }
 elseif ($days >= 4) { echo '<div class="name4">'.$x.$i.' '.$pid.'</div>'.$on.'<br>'; }
 mssql_close() or die('failed closing mssql');
 }
}
?>
</div>

 

[KeMa]

nice

 

[h3mwhale]

Nice thanks for sharing it dude

 

[Bloodfreak913]

thx for share it, but is it secured? =P

 

[KeMa]

yeah its secured.

 

[General]

Doesnt work

 

[Ace-SG1-]

ya it works.. lol..