Staff Apps Script + Online Users Page

**zMagenta** · 01-07-13

Hi there!

As you may know, I owned my hotels with a good online users page. It shows the users, changing their username colour depending on their rank, and then also, for rank x+ (x = whatever you choose it to be), it will show the IP Registered and IP Last used - so it's easy to identify what users are multi accounting.

This is the page, sorry, I can't put this online therefore I cannot show you the username feature.

All you need to do is run these SQL queries.

Code:

DROP TABLE IF EXISTS `site_user_color`;CREATE TABLE `site_user_color` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `rankid` int(11) NOT NULL,
  `color` varchar(6) DEFAULT NULL,
  `is_bold` enum('0','1') DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=14 DEFAULT CHARSET=latin1;
 
-- ----------------------------
-- Records of site_user_color
-- ----------------------------
INSERT INTO `site_user_color` VALUES ('1', '1', '000000', '0');
INSERT INTO `site_user_color` VALUES ('2', '2', 'F6D8CE', '1');
INSERT INTO `site_user_color` VALUES ('3', '3', '3971A8', '1');
INSERT INTO `site_user_color` VALUES ('4', '4', 'B404AE', '1');
INSERT INTO `site_user_color` VALUES ('5', '5', '40FF00', '1');
INSERT INTO `site_user_color` VALUES ('6', '6', 'B40431', '1');
INSERT INTO `site_user_color` VALUES ('7', '7', 'B40431', '1');
INSERT INTO `site_user_color` VALUES ('8', '8', '0404B4', '1');
INSERT INTO `site_user_color` VALUES ('9', '9', '3B240B', '1');
INSERT INTO `site_user_color` VALUES ('10', '10', 'FF0000', '1');
INSERT INTO `site_user_color` VALUES ('11', '11', '000000', '1');
INSERT INTO `site_user_color` VALUES ('12', '12', '0404B4', '1'); 

INSERT INTO `site_user_color` VALUES ('13', '13', '000000', '0');

Then, just add this PHP into any page.

Code:

<div id="container">    <div id="content">
    <div id="column2" class="column">
<div class="habblet-container ">
                <div class="box-content1">
                        <div class="cbb clearfix blue ">
 
                            <h2 class="title">What is this page?
                            </h2>
                        <div style="padding:5px">
                    <p>This page shows all of the online users; with a colour code next to their name. Below are what the colour means;<br></br>
                    Normal User - <font color="#000000">This colour</font><br>
                    Low VIP - <font color="#F6D8CE"><b>This colour</font></b><br>
                    High VIP - <font color="#3971A8"><b>This colour</font></b><br>
                    Legend VIP - <font color="#B404AE"><b>This colour</font></b><br>
                    eXpert - <font color="#40FF00"><b>This colour</font></b><br>
                    Moderator - <font color="#B40431"><b>This colour</font></b><br>
                    Manager - <font color="#0404B4"><b>This colour</font></b><br>
                    Owner - <b>This colour</b><br>
                 
</div></div></div></div>
 
 
</div>
 
                              <div id="column1" class="column">
 
 
<div class="habblet-container ">
<div class="cbb clearfix red ">
 
 
<h2 class="title">All Online Users</h2>
<div style="padding:5px;">
 
Average users: {average}<br />
{online} user(s) online!, the users are;<br />
<?php
$queryUserList = mysql_query("SELECT * FROM users WHERE online = '1' ORDER BY id ASC");
 
$allowedRank = '7';
$queryRank = mysql_query("SELECT rank FROM users WHERE id = '".$_SESSION['user']['id']."'");
$currentRank = mysql_result($queryRank, 0);
?>
 
<table <?php if($currentRank >= $allowedRank){ echo "border=\"1\""; }?>>
 
<?php
while($row = mysql_fetch_array($queryUserList))
{
    echo "<tr>";
 
    $queryColor = mysql_query("SELECT color,is_bold FROM site_user_color WHERE rankid = '".$row['rank']."'");
    while($rowRank = mysql_fetch_array($queryColor))
    {
        if ($rowRank['is_bold'] == 1)
        {
            $isBold = "font-weight: bold;";
        }
        else
        {
            $isBold= "";
        }
        echo "<td><font style=\"color:#".$rowRank['color']."; ".$isBold."\">". $row['username'] . "</font></td>";
    }
    if ($currentRank >= $allowedRank)
    {
        echo "<td><b>IP Last:</b> " . $row['ip_last'] . "</td>";
        echo "<td><b>IP on registration:</b> " . $row['ip_reg'] . "</td>";
    }
 
    echo "</tr>";
}
?>

</table>

Quick note:

Code:

$allowedRank = '7';

The rank meaning who can see the IP reg/IP last.

Screenshot:

credits: VVess (Sherlock)

Now, onto staff apps..

Another release here, harhar. This is a stand-alone staff apps script. Screenshots below.

Here's the SQL for it, as it's sent via the DB.

Code:

DROP TABLE IF EXISTS `staffapps`;CREATE TABLE `staffapps` (
  `AppID` int(11) NOT NULL AUTO_INCREMENT,
  `RealName` varchar(75) NOT NULL,
  `UserName` varchar(75) DEFAULT NULL,
  `Age` int(2) DEFAULT NULL,
  `Timezone` varchar(10) DEFAULT NULL,
  `Experience` longtext,
  `Why` longtext,
  `What` longtext,
  `TimeStamp` int(11) DEFAULT NULL,
  `IP` varchar(15) DEFAULT NULL,
  PRIMARY KEY (`AppID`)

) ENGINE=InnoDB AUTO_INCREMENT=685 DEFAULT CHARSET=utf8;

And here's the download: Download staff-app.rar - Hostr

Make sure you edit the 'db.php' and 'index.php' - Enjoy. (Likes are welcome)

**MentaL**

**Trillx** · 01-07-13

Very nice release! Thanks.

**MrSpooks** · 01-07-13

Great release, cheers mate!

**Natpopc** · 01-07-13

Looks good, won't be using tho! :)

**Twisted Fate** · 01-07-13

Thanks for the credits for the Users Online script as I basicly coded the whole thing.

**zMagenta** · 01-07-13

Originally Posted by VVess

Thanks for the credits for the Users Online script as I basicly coded the whole thing.

sorry, copied directly from rival forum, and I had to remove certain bits due to errors, re-added.

The page in action, thanks to NGH.

**Hejula** · 01-07-13

It looks a bit messy to be honest, it would be better if users were ordered based on rank so you don't have random colours everywhere.

**Delici0us** · 01-07-13

Should think about caching the results of that query as a constant load on this page would cause horrific DB overhead.

**Quackster** · 02-07-13

The code is so bad behind it.

- If statements are all nested.
- No need to capitalize the variables. (Not really coding etiquette when it comes to PHP)
- Variables have too far of a space apart from each other on the top of submit.php

**PRIZM** · 02-07-13

I love the staff apps, but the online users isn't my taste, maybe there could also be their avatar, and motto too :]

**zMagenta** · 04-07-13

Originally Posted by PRIZM

I love the staff apps, but the online users isn't my taste, maybe there could also be their avatar, and motto too :]

Online users was a quick job, but think about it. If you've got 100 online, that DB mass.

**Clawed** · 04-07-13

Query One:

PHP Code:


$queryUserList = mysql_query("SELECT * FROM users WHERE online = '1' ORDER BY id ASC");

Query Two:

PHP Code:


$queryRank = mysql_query("SELECT rank FROM users WHERE id = '".$_SESSION['user']['id']."'");

Query Three:

PHP Code:


$queryColor = mysql_query("SELECT color,is_bold FROM site_user_color WHERE rankid = '".$row['rank']."'");

Three querys for 1 online user, 100 users that's 201 querys, this can be cut down to 1 query per user with all that data if you know how to do it.

Also i love how people don't filter $_SESSION input into database, i'm sure people don't realise sessions can be changed, so there's a chance of injection.

Edit; in actual fact, i can cut this down to ONE query, not 1 query per user, 1 query!

Edit2; Got bored, so done this (NOT TESTED):

PHP Code:


<div id="container">    <div id="content">
    <div id="column2" class="column">
<div class="habblet-container ">
                <div class="box-content1">
                        <div class="cbb clearfix blue ">
 
                            <h2 class="title">What is this page?
                            </h2>
                        <div style="padding:5px">
                    <p>This page shows all of the online users; with a colour code next to their name. Below are what the colour means;<br></br>
                    Normal User - <font color="#000000">This colour</font><br>
                    Low VIP - <font color="#F6D8CE"><b>This colour</font></b><br>
                    High VIP - <font color="#3971A8"><b>This colour</font></b><br>
                    Legend VIP - <font color="#B404AE"><b>This colour</font></b><br>
                    eXpert - <font color="#40FF00"><b>This colour</font></b><br>
                    Moderator - <font color="#B40431"><b>This colour</font></b><br>
                    Manager - <font color="#0404B4"><b>This colour</font></b><br>
                    Owner - <b>This colour</b><br>
                 
</div></div></div></div>
 
 
</div>
 
                              <div id="column1" class="column">
 
 
<div class="habblet-container ">
<div class="cbb clearfix red ">
 
 
<h2 class="title">All Online Users</h2>
<div style="padding:5px;">
 
Average users: {average}<br />
{online} user(s) online!, the users are;<br />
<?php

    $allowedRank = '7';
    $queryUserList = mysql_query("
        SELECT
            users.username,
            users.rank,
            users.ip_last,
            users.ip_reg,
            site_user_color.color,
            site_user_color.is_bold
        FROM
            users,
            site_user_color
        WHERE
            users.online = '1'
        AND
            users.rank = '" . $_SESSION['user']['id'] . "'
        AND
            site_user_color.rankid = users.rank
        ORDER BY
            id
        ASC
    ") or die(mysql_error());
    $arrayUserList = mysql_fetch_assoc($queryUserList);

?>

<table <?php if($arrayUserList['rank'] >= $allowedRank){ echo "border=\"1\""; }?>>

<?php

    while(true)
    {
        echo "<tr>";

        if($arrayUserList['is_bold'] == 1)
        {
            $isBold = "font-weight: bold;";
        }
        else
        {
            $isBold= "";
        }

        echo "<td><font style=\"color:#" . $arrayUserList['color'] . "; " . $isBold . "\">" . $arrayUserList['username'] . "</font></td>";

        if($arrayUserList['rank'] >= $allowedRank)
        {
            echo "<td><b>IP Last:</b> " . $arrayUserList['ip_last'] . "</td>";
            echo "<td><b>IP on registration:</b> " . $arrayUserList['ip_reg'] . "</td>";
        }

        echo "</tr>";
    }

?>

</table>

**theStew** · 06-07-13

Staff apps are my favourite!
Online users not the best ::/

**Delici0us** · 09-07-13

Originally Posted by Clawed

Also i love how people don't filter $_SESSION input into database, i'm sure people don't realise sessions can be changed, so there's a chance of injection.

I hope this was some failed attempt at humour because this is shockingly incorrect. There are only two possibilities for a user being able to alter a session variable the first is if you give them the option to do it (or if your retarded enough to trust the users input for something such as a username and set it as a session) the other is with session hijacking and still that can only be used to get another users session data and nothing else. So if you use common sense and properly sanitize the session variables at first then no, this can’t be used for injecting.

Further Point: If people actually used prepared statements you wouldn’t need to run around sanitizing the fuck out of your queries because it’s done automatically.

Staff Apps Script + Online Users Page

Thread Tools

Search Thread

Staff Apps Script + Online Users Page

Re: Staff Apps Script + Online Users Page

Re: Staff Apps Script + Online Users Page

Re: Staff Apps Script + Online Users Page

Re: Staff Apps Script + Online Users Page

Re: Staff Apps Script + Online Users Page

Re: Staff Apps Script + Online Users Page

Re: Staff Apps Script + Online Users Page

Re: Staff Apps Script + Online Users Page

Re: Staff Apps Script + Online Users Page

Re: Staff Apps Script + Online Users Page

Re: Staff Apps Script + Online Users Page

Re: Staff Apps Script + Online Users Page

Re: Staff Apps Script + Online Users Page

Advertisement