In response to the whole guild roster retrieval:
You can already do it, and it's pretty simple. Just find out the Guild ID (which is simple) and use fopen() with that page (e.g.
http://graalonline.com/guilds/viewgu...0&view=members is for the guild Texan), read the source, and break it down to display the members.
It wouldn't hurt to do it, would use less system resources, but there's no point in password protecting it. Just have it where you can do include_once('http://www.graalonline/guilds/retrieve.php?guild=GUILDNAME');. Though if you do enable the ability to use cross-site scripting on that make sure you do take proper security actions.
And to PS, If he did leave the database resource link open you couldn't call call queries to that database using that resource link. Cross-site scripting doesn't work like that, all it would do is pull the HTML...But that still is a necessary step which should be taken, and could be a security risk.
You say you've had months of experience...in programming, especially large languages like PHP, a few months isn't enough time to become good enough to do something like this. Considering Unixmad is running multiple servers and is using CPU usage from other things you'd want it to use bare minimum usage. You can't learn the necessary steps to do this in a few months time...I've programmed in PHP for years, and there's still stuff I don't know...so you can pretty much guess how much confidence I have in your scripting ability, especially after out "conversation" the other day.