External Playercount

[Gunderak]

Ever wanted to have you're servers playercount on your website?
Well now you can!

Attached is a zip folder.
Inside are two files.
update.php : The php file which handles everything and creates the file.
script.txt : The script to upload to your GServer.

Notes:
In both files you will see one of the following:
$password = 'password';
or
&pass=password
Please MODIFY both passwords to whatever you wish.
You mas also want to change
$Filename = "index.html";
From index.html to somethingelse.html if you already have an index.html file.
In the script.txt file you WILL need to change http://graalghetto.99k.org/update.php to your own URL.

If you have read and followed all this correctly it should display the servers rc players and the normal player count and the total.

Parts of cbk1994's script in his post which can be found here were used in my scripts.

[Deas_Voice]

i know this is a basic script but, you could improve this by creating variables on Created, so you don't have to search in the script where to change stuffs, and you should probably create a encrypted password in the script, and maybe the php code aswell, for higher security.

maybe perhaps also tell us how you can use this on, lets say, your homepage (lets say the top corner of the website) without having to copy/paste the code into the index.html (=

there's much to learn about in this area, nice work though, even if it wasn't that hard to make.
e; maybe should have been posted in the code gallery as well?

[cbk1994]

Quote:

Originally Posted by Deas_Voice

you should probably create a encrypted password in the script, and maybe the php code aswell, for higher security.

That sounds like way overcomplicating it. Why not just mash your keyboard a bit to come up with a random password?

[Crow]

Quote:

Originally Posted by cbk1994

That sounds like way overcomplicating it. Why not just mash your keyboard a bit to come up with a random password?

Or use a random password generator of your choice.

[Emera]

I find sitting on my keyboard is best, but other methods are..

• Putting jelly babies on your keys and licking them up while accidentally hitting the keys with your forehead.
• Plugging a USB keyboard into your laptop and throwing the device at the wall.
• Stage a "punch and judy" puppet performance on your keyboard and see where it gets you.

[ff7chocoboknight]

Ask someone with a crude humor for a new password idea. I asked Eye of the Beholder for password ideas and his suggestions were very interesting.

[Gunderak]

Lol, mashing the keyboard with your hand does the trick for me.
Or just make a JavaScript code which generates random characters..
And it's not like anyone can easily modify your information, as the GServer is updating it every 10 seconds. So the person skewing around with the information might change it temporarily but not permanently and that's only if they know what the PHP file is named and the password.

On an unrelated note:
I wonder if it's possible to open a socket and communicate to a GServer or vise versa?

[Deas_Voice]

humour me all you want,
but think bigger, lets say you used this on your gigantic website with all sorts of stuff on; a sql database, forums, etc etc. i'm not the guy who knows what you can/cant do if you got ahold off the password, but lets say you could inject something into the sql database because you use php to get data from it. now that isnt a very good thing, right?

again; this are just my thoughts, and maybe i dont know everything there is about security, but i would rather be on the safe side then guessing that people can't do bad stuffs with the password i've provided.

[cbk1994]

Quote:

Originally Posted by Deas_Voice

humour me all you want,
but think bigger, lets say you used this on your gigantic website with all sorts of stuff on; a sql database, forums, etc etc. i'm not the guy who knows what you can/cant do if you got ahold off the password, but lets say you could inject something into the sql database because you use php to get data from it. now that isnt a very good thing, right?

again; this are just my thoughts, and maybe i dont know everything there is about security, but i would rather be on the safe side then guessing that people can't do bad stuffs with the password i've provided.

wtf are you even talking about, there's nothing in the code that could lead to any kind of SQL injection. Obviously you don't use the same password for more than one thing.

The very worst that could happen is someone finds the password and sends some playercount data with an XSS attack in it to steal cookies from whoever accesses the site and login as them. This is only possible if the site is using bad security practices anyway (e.g. not httponly cookies).

Arbitrary PHP is not being executed, nor are any SQL queries, so I'm not sure how you get SQL injection from that.

[Gunderak]

I'm not sure either lmao.
If only post would work...
Then you wouldn't have to worry about any of this.

[fowlplay4]

It would be better to just write the numbers to a file, and use that in your other code.

PHP Code:

<?php

$password = $_REQUEST["pass"];
$key = "1234567890";
if ($password == $key) {
  $file = "playercount.txt";
  $file = fopen($file, 'w');
  $player_count = $_GET['players'];
  $rc_count = $_GET['rcplayers'];
  fwrite($file, "$player_count $rc_count");
  fclose($file);
  echo "1";
} else {
  echo "INVALID PASSWORD";
}
?>

then in your other code you can use:

PHP Code:

<?php
  
  $data =  file_get_contents("playercount.txt");
  $toks = explode(" ", $data);
  echo "Playercount: " . $toks[0];
  echo "RCs: " . $toks[1];

?>

Re-writing your index every time is just a huge waste.

[Gunderak]

Hmm, Makes sense to write it to a text file instead of re-writing the HTML file.
I will look into it.

[cbk1994]

Quote:

Originally Posted by Gunderak

I'm not sure either lmao.
If only post would work...
Then you wouldn't have to worry about any of this.

POST works fine with cURL (see my func_http post), but that doesn't solve the XSS problem. All you really need to do is validate the data serverside.

[Gunderak]

Ah, ok that seems cool