Graal Forums

Graal Forums (https://forums.graalonline.com/forums/index.php)
-   NPC Scripting (https://forums.graalonline.com/forums/forumdisplay.php?f=8)
-   -   External Playercount (https://forums.graalonline.com/forums/showthread.php?t=134265199)

Gunderak 12-08-2011 02:51 PM
External Playercount
 
1 Attachment(s)
Ever wanted to have you're servers playercount on your website?
Well now you can!

Attached is a zip folder.
Inside are two files.
update.php : The php file which handles everything and creates the file.
script.txt : The script to upload to your GServer.

Notes:
In both files you will see one of the following:
$password = 'password';
or
&pass=password
Please MODIFY both passwords to whatever you wish.
You mas also want to change
$Filename = "index.html";
From index.html to somethingelse.html if you already have an index.html file.
In the script.txt file you WILL need to change http://graalghetto.99k.org/update.php to your own URL.

If you have read and followed all this correctly it should display the servers rc players and the normal player count and the total.

Parts of cbk1994's script in his post which can be found here were used in my scripts.

Deas_Voice 12-10-2011 05:35 PM
i know this is a basic script but, you could improve this by creating variables on Created, so you don't have to search in the script where to change stuffs, and you should probably create a encrypted password in the script, and maybe the php code aswell, for higher security.

maybe perhaps also tell us how you can use this on, lets say, your homepage (lets say the top corner of the website) without having to copy/paste the code into the index.html (=

there's much to learn about in this area, nice work though, even if it wasn't that hard to make.
e; maybe should have been posted in the code gallery as well?

cbk1994 12-10-2011 06:52 PM
Quote:
Originally Posted by Deas_Voice (Post 1677153)
you should probably create a encrypted password in the script, and maybe the php code aswell, for higher security.
That sounds like way overcomplicating it. Why not just mash your keyboard a bit to come up with a random password?

Crow 12-10-2011 07:34 PM
Quote:
Originally Posted by cbk1994 (Post 1677161)
That sounds like way overcomplicating it. Why not just mash your keyboard a bit to come up with a random password?
Or use a random password generator of your choice.

Emera 12-10-2011 08:37 PM
I find sitting on my keyboard is best, but other methods are..
  • Putting jelly babies on your keys and licking them up while accidentally hitting the keys with your forehead.
  • Plugging a USB keyboard into your laptop and throwing the device at the wall.
  • Stage a "punch and judy" puppet performance on your keyboard and see where it gets you.

ff7chocoboknight 12-10-2011 10:48 PM
Ask someone with a crude humor for a new password idea. I asked Eye of the Beholder for password ideas and his suggestions were very interesting.

Gunderak 12-11-2011 01:22 AM
Lol, mashing the keyboard with your hand does the trick for me.
Or just make a JavaScript code which generates random characters..
And it's not like anyone can easily modify your information, as the GServer is updating it every 10 seconds. So the person skewing around with the information might change it temporarily but not permanently and that's only if they know what the PHP file is named and the password.

On an unrelated note:
I wonder if it's possible to open a socket and communicate to a GServer or vise versa?

Deas_Voice 12-11-2011 01:22 AM
humour me all you want,
but think bigger, lets say you used this on your gigantic website with all sorts of stuff on; a sql database, forums, etc etc. i'm not the guy who knows what you can/cant do if you got ahold off the password, but lets say you could inject something into the sql database because you use php to get data from it. now that isnt a very good thing, right?

again; this are just my thoughts, and maybe i dont know everything there is about security, but i would rather be on the safe side then guessing that people can't do bad stuffs with the password i've provided.

cbk1994 12-11-2011 01:29 AM
Quote:
Originally Posted by Deas_Voice (Post 1677201)
humour me all you want,
but think bigger, lets say you used this on your gigantic website with all sorts of stuff on; a sql database, forums, etc etc. i'm not the guy who knows what you can/cant do if you got ahold off the password, but lets say you could inject something into the sql database because you use php to get data from it. now that isnt a very good thing, right?

again; this are just my thoughts, and maybe i dont know everything there is about security, but i would rather be on the safe side then guessing that people can't do bad stuffs with the password i've provided.
wtf are you even talking about, there's nothing in the code that could lead to any kind of SQL injection. Obviously you don't use the same password for more than one thing.

The very worst that could happen is someone finds the password and sends some playercount data with an XSS attack in it to steal cookies from whoever accesses the site and login as them. This is only possible if the site is using bad security practices anyway (e.g. not httponly cookies).

Arbitrary PHP is not being executed, nor are any SQL queries, so I'm not sure how you get SQL injection from that.

Gunderak 12-11-2011 01:50 AM
I'm not sure either lmao.
If only post would work...
Then you wouldn't have to worry about any of this.

fowlplay4 12-11-2011 02:09 AM
It would be better to just write the numbers to a file, and use that in your other code.

PHP Code:
<?php

$password $_REQUEST["pass"];
$key "1234567890";
if ($password == $key) {
  $file "playercount.txt";
  $file fopen($file'w');
  $player_count $_GET['players'];
  $rc_count $_GET['rcplayers'];
  fwrite($file"$player_count $rc_count");
  fclose($file);
  echo "1";
} else {
  echo "INVALID PASSWORD";
}
?>
then in your other code you can use:

PHP Code:
<?php
  
  $data =  file_get_contents("playercount.txt");
  $toks explode(" "$data);
  echo "Playercount: " $toks[0];
  echo "RCs: " $toks[1];

?>
Re-writing your index every time is just a huge waste.

Gunderak 12-11-2011 05:47 AM
Hmm, Makes sense to write it to a text file instead of re-writing the HTML file.
I will look into it.

cbk1994 12-11-2011 05:55 AM
Quote:
Originally Posted by Gunderak (Post 1677209)
I'm not sure either lmao.
If only post would work...
Then you wouldn't have to worry about any of this.
POST works fine with cURL (see my func_http post), but that doesn't solve the XSS problem. All you really need to do is validate the data serverside.

Gunderak 12-11-2011 06:57 AM
Ah, ok that seems cool


All times are GMT +2. The time now is 08:19 AM.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
Copyright (C) 1998-2019 Toonslab All Rights Reserved.