diff --git a/online.php b/online.php
index 17b6b01..9f9a5f1 100644
--- a/online.php
+++ b/online.php
@@ -19,38 +19,36 @@
 	}
 */
 
-	if ($time = intval($_GET['time']));
-	else $time = 300;
+	$time = filter_int($_GET['time']) ? $_GET['time'] : 300;
 
 	// FOR THE LOVE OF GOD XKEEPER JUST GIVE ME ~NUKE ACCESS
 	$banorama	= ($_SERVER['REMOTE_ADDR'] == $x_hacks['adminip'] || $loguser['id'] == 1 || $loguser['id'] == 5 || $loguser['id'] == 2100);
 
-	if ($_GET['banip'] && $_GET['valid'] == md5($_GET['banip'] . "aglkdgslhkadgshlkgds") && $banorama) {
+	if ($banorama && filter_string($_GET['banip']) && filter_string($_GET['valid']) == md5($_GET['banip'] . "aglkdgslhkadgshlkgds")) {
 		$sql->query("INSERT INTO `ipbans` SET `ip` = '". $_GET['banip'] ."', `reason`='online.php ban', `date` = '". ctime() ."', `banner` = '$loguserid'") or print mysql_error();
 //		if ($_GET['uid']) mysql_query("UPDATE `users` SET `powerlevel` = -1, `title` = 'Banned; account hijacked. Contact admin via PM to change it.' WHERE `id` = '". $_GET['uid'] ."'") or print mysql_error();
 		xk_ircsend("1|". xk(8) . $loguser['name'] . xk(7) ." added IP ban for ". xk(8) . $_GET['banip'] . xk(7) .".");
 		return header("Location: online.php?m=1");
 	}
 
-  //$server=getenv('SERVER_NAME');
-  //$port=getenv('SERVER_PORT');
-  //$host=$server;
+	$sort	= filter_bool($_GET['sort']);
 
-	$lnk='<a href=online.php?'.($sort?"sort=$sort&":'').'time';
+	$lnk	= '<a href=online.php'. ($sort ? "?sort=1&" : '?') .'time';
 	print "
 		$header$smallfont
-		Timeframe:
-		$lnk=60>Last minute</a> |
-		$lnk=300>Last 5 minutes</a> |
-		$lnk=900>Last 15 minutes</a> |
-		$lnk=3600>Last hour</a> |
-		$lnk=86400>Last day</a>
+		Show online users during the last:
+		$lnk=60>minute</a> |
+		$lnk=300>5 minutes</a> |
+		$lnk=900>15 minutes</a> |
+		$lnk=3600>hour</a> |
+		$lnk=86400>day</a>
 	";
 	if($isadmin)
-		print '<br>Admin cruft: <a href=online.php?'.($sort=='IP'?'':'sort=IP&')."time=$time>Sort by ".($sort=='IP'?'date':'IP')."</a>";
+		print '<br>Admin cruft: <a href=online.php'. ($sort ? '?sort=1&' : '?') ."time=$time>Sort by ".($sort == 'IP' ? 'date' : 'IP') ."</a>";
 
 	// Logged in users
-	$posters = $sql->query("SELECT id,posts,name,sex,powerlevel,aka,lastactivity,lastip,lastposttime,lasturl FROM users WHERE lastactivity>".(ctime()-$time).' ORDER BY '.($sort=='IP'&&$isadmin?'lastip':'lastactivity DESC'));
+	$posters = $sql->query("SELECT id,posts,name,sex,powerlevel,aka,lastactivity,lastip,lastposttime,lasturl,birthday FROM users WHERE lastactivity>".(ctime()-$time).' ORDER BY '.($sort=='IP'&&$isadmin?'lastip':'lastactivity DESC'));
+
 
 	print "<br>
 	$fonttag Online users during the last ".timeunits2($time).":