From 040725475b2562e1696ef17c6adf0b5612c3242f Mon Sep 17 00:00:00 2001
From: Lokutos <j.kuder@swissnwx.ch>
Date: Fri, 18 Oct 2019 23:43:54 +0200
Subject: [PATCH] change old SQL to New SQL class - Changes by user
"n00dl3supp3"
---
adminforce/content/bilanzsystem.php | 4 +-
adminforce/content/interfacebanner/admin.php | 10 +-
.../content/interfacebanner/blacklist.php | 13 +-
.../content/interfacedaten/betreiber.php | 46 ++----
adminforce/content/interfacedaten/crons.php | 5 +-
.../content/interfacedaten/pageconfig.php | 18 +--
adminforce/content/newssystem/news.php | 56 ++++++--
adminforce/content/rallysystem.php | 49 ++++---
adminforce/content/rallysystem2.php | 132 ++++++------------
adminforce/content/startseite.php | 46 ++++--
adminforce/content/usersystem/doppelaccis.php | 20 +--
adminforce/content/usersystem/liste.php | 11 +-
.../content/usersystem/userbearbeiten.php | 68 ++++++---
.../content/werbesystem/forcedbanner_468.php | 3 +-
adminforce/content/werbesystem/paidmail.php | 25 ++--
.../content/werbesystem/paidmail_hist.php | 12 +-
adminforce/frametest.php | 3 +-
adminforce/index.php | 11 +-
adminforce/lib/menue_links.php | 4 +-
content/betteln.php | 12 +-
content/intern/aktivieren.php | 12 +-
content/intern/anmelden.php | 35 +++--
content/konto/auszahlen.php | 36 +++--
content/konto/buchungen.php | 5 +-
content/konto/einzahlen.php | 42 +++---
content/konto/refdetails.php | 36 ++---
content/konto/refuebersicht.php | 32 ++---
content/konto/uebersicht.php | 10 +-
content/konto/userprofil.php | 50 ++++---
content/news.php | 4 +-
content/nickpage.php | 4 +-
content/rallysystem.php | 14 +-
content/verdienen/betteln4.php | 4 +-
content/verdienen/forcedbanner.php | 51 ++++---
content/verdienen/paidmails.php | 10 +-
lib/functions.lib.php | 19 +--
36 files changed, 492 insertions(+), 420 deletions(-)
diff --git a/adminforce/content/bilanzsystem.php b/adminforce/content/bilanzsystem.php
index c52609c..44368d3 100644
--- a/adminforce/content/bilanzsystem.php
+++ b/adminforce/content/bilanzsystem.php
@@ -12,8 +12,8 @@ head("Letzte 14 Tage");
<td align="center">Bilanz</td>
</tr>';
- $sql = db_query("SELECT ein,aus,date FROM ".$db_prefix."_bilanz ORDER BY date DESC");
- while ($bilanz = mysql_fetch_assoc($sql)){
+ $sql = sql::$db->query("SELECT ein,aus,date FROM "._VMS_."_bilanz ORDER BY date DESC");
+ while ($bilanz = $sql -> fetch() ) {
echo '
<tr>
<td align="center">'.date("d.m.Y",$bilanz['date']).'</td>
diff --git a/adminforce/content/interfacebanner/admin.php b/adminforce/content/interfacebanner/admin.php
index cfdecba..25d4f33 100644
--- a/adminforce/content/interfacebanner/admin.php
+++ b/adminforce/content/interfacebanner/admin.php
@@ -4,11 +4,15 @@ if (!isset($_GET['tan'])) $_GET['tan'] = '';
if (!isset($_GET['loeschen'])) $_GET['loeschen'] = '';
if ($_GET['loeschen'] == 'true' && $_GET['tan']) {
- db_query("DELETE FROM " . $db_prefix . "_gebuchte_werbung WHERE tan='" . $_GET['tan'] . "' and sponsor='administrator' LIMIT 1");
+ $sql = sql::$db->prepare("DELETE FROM " . _VMS_ . "_gebuchte_werbung WHERE tan=? and sponsor='administrator' LIMIT 1");
+ $sql->execute(array($_GET['tan']));
}
-$forcedbanner = db_query("SELECT * FROM " . $db_prefix . "_gebuchte_werbung WHERE sponsor='administrator' and werbeart = 'forcedbanner' and status = '1' ORDER BY kid ASC");
-while ($anzeigen = mysql_fetch_array($forcedbanner)) {
+$forcedbanner = sql::$db->query("SELECT * FROM " . _VMS_ . "_gebuchte_werbung WHERE sponsor='administrator' and werbeart = 'forcedbanner' and status = '1' ORDER BY kid ASC");
+if ($forcedbanner->rowCount() == 0) {
+ echo 'Keine Admin Kampagnen im System.';
+}
+while ($anzeigen = $forcedbanner->fetch() ) {
echo '
<table width="100%" cellpadding="0" cellspacing="1" border="0" bgcolor="#c0c0c0">
diff --git a/adminforce/content/interfacebanner/blacklist.php b/adminforce/content/interfacebanner/blacklist.php
index 4244ec0..cea6a04 100644
--- a/adminforce/content/interfacebanner/blacklist.php
+++ b/adminforce/content/interfacebanner/blacklist.php
@@ -5,14 +5,19 @@ if (!isset($_GET['loeschen'])) $_GET['loeschen'] = '';
if (!isset($_GET['blacklist'])) $_GET['blacklist'] = '';
if ($_GET['loeschen'] == 'true' && $_GET['kid']) {
- db_query("DELETE FROM " . $db_prefix . "_gebuchte_werbung WHERE kid='" . $_GET['kid'] . "' and status = '2' and sponsor='" . $_GET['sponsor'] . "' LIMIT 1");
+ $sql = sql::$db->prepare("DELETE FROM " . _VMS_ . "_gebuchte_werbung WHERE kid=? AND status = '2' AND sponsor=? LIMIT 1");
+ $sql->execute(array($_GET['kid'], $_GET['sponsor']));
}
if ($_GET['blacklist'] == 'true' && $_GET['kid']) {
- db_query("UPDATE " . $db_prefix . "_gebuchte_werbung SET status = '1' WHERE kid='" . $_GET['kid'] . "' and sponsor='" . $_GET['sponsor'] . "' LIMIT 1");
+ $sql = sql::$db->prepare("UPDATE " . _VMS_ . "_gebuchte_werbung SET status = '1' WHERE kid=? and sponsor=? LIMIT 1");
+ $sql->execute(array($_GET['kid'], $_GET['sponsor']));
}
-$forcedbanner = db_query("SELECT * FROM " . $db_prefix . "_gebuchte_werbung WHERE werbeart = 'forcedbanner' and status = '2' ORDER BY kid ASC");
-while ($anzeigen = mysql_fetch_array($forcedbanner)) {
+$forcedbanner = sql::$db->query("SELECT * FROM " . _VMS_ . "_gebuchte_werbung WHERE werbeart = 'forcedbanner' and status = '2' ORDER BY kid ASC");
+if ($forcedbanner->rowCount() == 0) {
+ echo 'Die Blacklist ist leer.';
+}
+while ($anzeigen = $forcedbanner->fetch() ) {
echo '
<table width="100%" cellpadding="0" cellspacing="1" border="0" bgcolor="#c0c0c0">
<tr bgcolor="#f0f0f0">
diff --git a/adminforce/content/interfacedaten/betreiber.php b/adminforce/content/interfacedaten/betreiber.php
index 01a3ff0..f7ef5c5 100644
--- a/adminforce/content/interfacedaten/betreiber.php
+++ b/adminforce/content/interfacedaten/betreiber.php
@@ -7,45 +7,20 @@ if (!isset($_POST['einzahltext'])) $_POST['einzahltext'] = '';
if (!isset($_POST['auszahltext'])) $_POST['auszahltext'] = '';
if (isset($_POST['update'])) {
- db_query("UPDATE " . $db_prefix . "_schnittstelle SET
- betreiber_id='" . $_POST['betreiber_id'] . "',
- betreiber_passwort='" . $_POST['betreiber_passwort'] . "',
- betreiber_kennung='" . $_POST['betreiber_kennung'] . "',
- schnittstelle='" . $_POST['schnittstelle'] . "',
- einzahltext='" . $_POST['einzahltext'] . "',
- auszahltext='" . $_POST['auszahltext'] . "',
- einzahlsumme='" . $_POST['einzahlsumme'] . "',
- auszahlsumme='" . $_POST['auszahlsumme'] . "',
- anfragen_tag='" . $_POST['anfragen_tag'] . "',
- aktiv='" . $_POST['aktiv'] . "',
- punktewert='" . $_POST['punktewert'] . "',
- waehrung_name='" . $_POST['waehrung_name'] . "',
- anfragen_user='" . $_POST['anfragen_user'] . "',
- wertepunkt = " . $_POST['wertepunkt'] . "
- WHERE schnittstelle='" . $_POST['schnittstelle'] . "' LIMIT 1");
+ $sql = sql::$db->prepare("UPDATE " . _VMS_. "_schnittstelle SET
+ betreiber_id=?, betreiber_passwort=?, betreiber_kennung=?, schnittstelle=?, einzahltext=?, auszahltext=?, einzahlsumme=?, auszahlsumme=?, anfragen_tag=?, aktiv=?, punktewert=?, waehrung_name=?, anfragen_user=?, wertepunkt=? WHERE schnittstelle=? LIMIT 1");
+ $sql->execute(array( $_POST['betreiber_id'], $_POST['betreiber_passwort'], $_POST['betreiber_kennung'], $_POST['schnittstelle'], $_POST['einzahltext'], $_POST['auszahltext'], $_POST['einzahlsumme'], $_POST['auszahlsumme'], $_POST['anfragen_tag'], $_POST['aktiv'], $_POST['punktewert'], $_POST['waehrung_name'], $_POST['anfragen_user'], $_POST['wertepunkt'], $_POST['schnittstelle'] ));
}
if (isset($_POST['add'])) {
- db_query("INSERT INTO ".$db_prefix."_schnittstelle SET
- betreiber_id='" . $_POST['betreiber_id'] . "',
- betreiber_passwort='" . $_POST['betreiber_passwort'] . "',
- betreiber_kennung='" . $_POST['betreiber_kennung'] . "',
- schnittstelle='" . $_POST['schnittstelle'] . "',
- einzahltext='" . $_POST['einzahltext'] . "',
- auszahltext='" . $_POST['auszahltext'] . "',
- einzahlsumme='" . $_POST['einzahlsumme'] . "',
- auszahlsumme='" . $_POST['auszahlsumme'] . "',
- anfragen_tag='" . $_POST['anfragen_tag'] . "',
- aktiv='" . $_POST['aktiv'] . "',
- punktewert='" . $_POST['punktewert'] . "',
- waehrung_name='" . $_POST['waehrung_name'] . "',
- anfragen_user='" . $_POST['anfragen_user'] . "',
- wertepunkt = " . $_POST['wertepunkt'] . "");
+ $sql = sql::$db->prepare("INSERT INTO " . _VMS_ . "_schnittstelle SET betreiber_id=?, betreiber_passwort=?, betreiber_kennung=?, schnittstelle=?, einzahltext=?, auszahltext=?, einzahlsumme=?, auszahlsumme=?, anfragen_tag=?, aktiv=?, punktewert=?, waehrung_name=?, anfragen_user=?, wertepunkt=?");
+ $sql->execute(array($_POST['betreiber_id'], $_POST['betreiber_passwort'], $_POST['betreiber_kennung'], $_POST['schnittstelle'], $_POST['einzahltext'], $_POST['auszahltext'], $_POST['einzahlsumme'], $_POST['auszahlsumme'], $_POST['anfragen_tag'], $_POST['aktiv'], $_POST['punktewert'], $_POST['waehrung_name'], $_POST['anfragen_user'], $_POST['wertepunkt']));
}
if (isset($_POST['del'])) {
- db_query("DELETE FROM " . $db_prefix . "_schnittstelle WHERE schnittstelle='" . $_POST['schnittstelle'] . "' LIMIT 1");
+ $sql = sql::$db->prepare("DELETE FROM " . _VMS_ . "_schnittstelle WHERE schnittstelle = ? LIMIT 1");
+ $sql->execute(array($_POST['schnittstelle']));
}
@@ -53,8 +28,8 @@ head("Betreiber wählen");
echo '<form action="" method="post">
<input type="hidden" name="do" value="changeselect" />
<select name="schnittstelle">';
- $interface = db_query("SELECT schnittstelle FROM " . $db_prefix . "_schnittstelle");
- while ($interface_name = mysql_fetch_array($interface)) {
+ $interface = sql::$db->query("SELECT schnittstelle FROM " . _VMS_ . "_schnittstelle");
+ while ($interface_name = $interface->fetch() ) {
echo '<option value="' . $interface_name['schnittstelle'] . '" '.( (isset($_POST['schnittstelle']) AND $interface_name['schnittstelle'] == $_POST['schnittstelle']) ? 'selected="selected"' : '' ).'>' . $interface_name['schnittstelle'] . '</option>';
}
echo '</select>
@@ -62,7 +37,8 @@ head("Betreiber wählen");
</form>';
if (isset($_POST['schnittstelle'])){
- $interface = mysql_fetch_array(mysql_query('SELECT * FROM '.$db_prefix.'_schnittstelle WHERE schnittstelle=\''.$_POST['schnittstelle'].'\' LIMIT 1'));
+ $sql = sql::$db->query("SELECT * FROM " . _VMS_ . "_schnittstelle WHERE schnittstelle='".$_POST['schnittstelle']."' LIMIT 1");
+ $interface = $sql->fetch();
}
echo '<form action="" method="post">
<input type="hidden" name="schnittstelle" value="' . $_POST['schnittstelle'] . '" />
diff --git a/adminforce/content/interfacedaten/crons.php b/adminforce/content/interfacedaten/crons.php
index 4a65478..00358b6 100644
--- a/adminforce/content/interfacedaten/crons.php
+++ b/adminforce/content/interfacedaten/crons.php
@@ -6,8 +6,9 @@
<td align="center">URL</td>
</tr>
<?php
-$crons = db_query("SELECT * FROM " . $db_prefix . "_crons");
-while ($crontabelle = mysql_fetch_array($crons)) {
+$i = 0;
+$crons = sql::$db->query("SELECT * FROM " . _VMS_ . "_crons");
+while ($crontabelle = $crons->fetch() ) {
$i++;
$row = ($i % 2 == 0) ? 0 : 1;
diff --git a/adminforce/content/interfacedaten/pageconfig.php b/adminforce/content/interfacedaten/pageconfig.php
index ba74c16..d8295de 100644
--- a/adminforce/content/interfacedaten/pageconfig.php
+++ b/adminforce/content/interfacedaten/pageconfig.php
@@ -2,21 +2,11 @@
if (!isset($_POST['updaten'])) $_POST['updaten'] = '';
if ($_POST['updaten'] == 'Updaten !') {
-db_query("UPDATE ".$db_prefix."_seitenkonfig SET
- denied_domains='".$_POST['denied_domains']."',
- wartung='".$_POST['wartung']."',
- einzahlgrenze='".$_POST['einzahlgrenze']."',
- re1='".$_POST['re1']."',
- re2='".$_POST['re2']."',
- re3='".$_POST['re3']."',
- min_betteln = '".$_POST['min_betteln']."',
- max_betteln = '".$_POST['max_betteln']."',
- reload_betteln = '".$_POST['reload_betteln']."',
- admin_name='".$_POST['admin_name']."',
- admin_pass='".$_POST['admin_pass']."'
-LIMIT 1") or die(mysql_error());
+ $sql = sql::$db->prepare("UPDATE " . _VMS_ . "_seitenkonfig SET denied_domains=?, wartung=?, einzahlgrenze=?, re1=?, re2=?, re3=?, min_betteln=?, max_betteln=?, reload_betteln=?, admin_name=?, admin_pass=? LIMIT 1");
+ $sql->execute(array($_POST['denied_domains'], $_POST['wartung'], $_POST['einzahlgrenze'], $_POST['re1'], $_POST['re2'], $_POST['re3'], $_POST['min_betteln'], $_POST['max_betteln'], $_POST['reload_betteln'], $_POST['admin_name'], $_POST['admin_pass']));
}
-$interface = mysql_fetch_array(db_query("SELECT * FROM ".$db_prefix."_seitenkonfig LIMIT 1"));
+$sql = sql::$db->query("SELECT * FROM " . _VMS_ . "_seitenkonfig LIMIT 1");
+$interface = $sql->fetch();
head("Webseiteneinstellungen"); ?>
<form action="" method="post">
diff --git a/adminforce/content/newssystem/news.php b/adminforce/content/newssystem/news.php
index b603efd..020654b 100644
--- a/adminforce/content/newssystem/news.php
+++ b/adminforce/content/newssystem/news.php
@@ -1,38 +1,64 @@
<?php
if (!isset($titel)) $titel = '';
if (!isset($news)) $news = '';
+if (!isset($_POST['news2'])) $_POST['news2'] = '';
+if (!isset($_POST['news3'])) $_POST['news3'] = '';
+if (!isset($_POST['news4'])) $_POST['news4'] = '';
if (!isset($id)) $id = '0';
if (!isset($_POST['auffuehren'])) $_POST['auffuehren'] = '0';
if (!isset($_POST['load'])) $_POST['load'] = '0';
if (!isset($_POST['loader'])) $_POST['loader'] = '0';
if ($_POST['news4'] == 'seite') {
- db_query("UPDATE " . $db_prefix . "_kontodaten SET news='1' WHERE 1");
- if ($_POST['id'] == 0) db_query("INSERT INTO " . $db_prefix . "_news (zeit,titel,news) VALUES ('" . time() . "','" . $_POST['titel'] . "','" . $_POST['news'] . "')");
- if ($_POST['id'] >= 1) db_query("UPDATE " . $db_prefix . "_news SET titel='" . $_POST['titel'] . "',news='" . $_POST['news'] . "' WHERE id='" . $_POST['id'] . "'");
+ $sql = sql::$db->query("UPDATE " . _VMS_ . "_kontodaten SET news='1' WHERE 1");
+ $sql->execute();
+ if ($_POST['id'] == 0){
+ $sql=sql::$db->prepare("INSERT INTO " . _VMS_ . "_news (zeit,titel,news) VALUES (?,?,?)");
+ $zeit=time();
+ $sql->execute(array($zeit, $_POST['titel'], $_POST['news']));
+ }
+ if ($_POST['id'] >= 1){
+ $sql=sql::$db->prepare("UPDATE " . _VMS_ . "_news SET titel=?,news=? WHERE id=?");
+ $sql->execute(array($_POST['titel'], $_POST['news'], $_POST['id']));
+ }
}
if ($_POST['news2'] == 'Newsletter und seite') {
- db_query("UPDATE " . $db_prefix . "_kontodaten SET news='1' WHERE 1");
- if ($_POST['id'] == 0) db_query("INSERT INTO " . $db_prefix . "_news (zeit,titel,news) VALUES ('" . time() . "','" . $_POST['titel'] . "','" . $_POST['news'] . "')");
- if ($_POST['id'] >= 1) db_query("UPDATE " . $db_prefix . "_news SET titel='" . $_POST['titel'] . "',news='" . $_POST['news'] . "' WHERE id='" . $_POST['id'] . "'");
- $empfaenger = db_query('SELECT emailadresse FROM ' . $db_prefix . '_emaildaten WHERE freigabe_fuer = 1 OR freigabe_fuer = 3 GROUP BY emailadresse');
- while ($user = mysql_fetch_assoc($empfaenger)) usermail ($user['emailadresse'], $_POST['titel'], $_POST['news'], '"' . $seitenname . '" <' . $betreibermail . '>');
+ $sql = sql::$db->query("UPDATE " . _VMS_ . "_kontodaten SET news='1' WHERE 1");
+ $sql->execute();
+ if ($_POST['id'] == 0){
+ $sql=sql::$db->prepare("INSERT INTO " . _VMS_ . "_news (zeit,titel,news) VALUES (?,?,?)");
+ $zeit=time();
+ $sql->execute(array($zeit, $_POST['titel'], $_POST['news']));
+ }
+ if ($_POST['id'] >= 1){
+ $sql=sql::$db->prepare("UPDATE " . _VMS_ . "_news SET titel=?,news=? WHERE id=?");
+ $sql->execute(array($_POST['titel'], $_POST['news']), $_POST['id']);
+ }
+ $empfaenger=sql::$db->query('SELECT emailadresse FROM ' . _VMS_ . '_emaildaten WHERE freigabe_fuer = 1 OR freigabe_fuer = 3 GROUP BY emailadresse');
+ while ($user = $empfaenger->fetch()){
+ usermail ($user['emailadresse'], $_POST['titel'], $_POST['news'], '"' . $seitenname . '" <' . $betreibermail . '>');
+ }
}
if ($_POST['news3'] == 'Newsletter') {
- db_query("UPDATE " . $db_prefix . "_kontodaten SET news='1' WHERE 1");
- $empfaenger = db_query('SELECT emailadresse FROM ' . $db_prefix . '_emaildaten WHERE freigabe_fuer = 1 OR freigabe_fuer = 3 GROUP BY emailadresse');
- while ($user = mysql_fetch_assoc($empfaenger)) usermail ($user['emailadresse'], $_POST['titel'], $_POST['news'], '"' . $seitenname . '" <' . $betreibermail . '>');
+ $sql = sql::$db->query("UPDATE " . _VMS_ . "_kontodaten SET news='1' WHERE 1");
+ $sql->execute();
+ $empfaenger=sql::$db->query('SELECT emailadresse FROM ' . _VMS_ . '_emaildaten WHERE freigabe_fuer = 1 OR freigabe_fuer = 3 GROUP BY emailadresse');
+ while ($user = $empfaenger->fetch()){
+ usermail ($user['emailadresse'], $_POST['titel'], $_POST['news'], '"' . $seitenname . '" <' . $betreibermail . '>');
+ }
}
if ($_POST['load'] == 'Editieren') {
- $edit = mysql_fetch_array(db_query("SELECT * FROM " . $db_prefix . "_news WHERE id='" . $_POST['loader'] . "'"));
+ $sql=sql::$db->query("SELECT * FROM " . _VMS_ . "_news WHERE id='" . $_POST['loader'] . "'");
+ $edit=$sql->fetch();
$titel = $edit['titel'];
$news = $edit['news'];
$id = $edit['id'];
}
if ($_POST['load'] == 'Löschen') {
- db_query("DELETE FROM " . $db_prefix . "_news WHERE id='" . $_POST['loader'] . "'");
+ $sql=sql::$db->prepare("DELETE FROM " . _VMS_ . "_news WHERE id=?");
+ $sql->execute(array($_POST['loader']));
}
head("News editieren / löschen");
@@ -43,8 +69,8 @@ head("News editieren / löschen");
<td>
<select name="loader" size="1">
<?php
-$old_news = db_query("SELECT * FROM " . $db_prefix . "_news ORDER BY id DESC");
-while ($load = mysql_fetch_array($old_news)) {
+$old_news = sql::$db->query("SELECT * FROM " . _VMS_ . "_news ORDER BY id DESC");
+while ($load = $old_news->fetch()) {
echo '<option value="' . $load['id'] . '">(' . $load['id'] . ') - ' . $load['titel'] . ' (' . date("d.m.Y - H:i", $load['zeit']) . ')</option>';
}
diff --git a/adminforce/content/rallysystem.php b/adminforce/content/rallysystem.php
index f597a8f..5bb06a5 100644
--- a/adminforce/content/rallysystem.php
+++ b/adminforce/content/rallysystem.php
@@ -1,26 +1,33 @@
<?php
+if (!isset($_POST['eintragen'])) $_POST['eintragen'] = "";
+if (!isset($_POST['rally'])) $_POST['rally'] = "";
// neuen Rank eintragen, ändern oder löschen
if ($_POST['eintragen'] == 'Neue Position') {
- db_query("INSERT INTO " . $db_prefix . "_rallyorte (id, name, welche_rallys) VALUES (NULL, '" . $_POST['name'] . "','" . implode(',', array_keys($_POST['rally'])) . "');");
- Echo '<b><font size="+2" color="#087102">Eintragung erfolgreich!</font></b>';
+ $sql = sql::$db->prepare("INSERT INTO " . _VMS_ . "_rallyorte (id, name, welche_rallys) values(?,?,?)");
+ $values = implode(',', array_keys($_POST['rally']) );
+ $sql->execute(array(NULL, $_POST['name'], $values));
+ echo '<b><font size="+2" color="#087102">Eintragung erfolgreich!</font></b>';
} ;
if ($_POST['eintragen'] == 'Loeschen') {
- db_query("DELETE FROM " . $db_prefix . "_rallyorte WHERE id = '" . $_POST['id'] . "';");
- Echo '<b><font size="+2" color="#087102">Eintrag erfolgreich gelöscht!</font></b>';
+ $sql = sql::$db->prepare("DELETE FROM " . _VMS_ . "_rallyorte WHERE id = ?;");
+ $sql->execute(array($_POST['id']));
+ echo '<b><font size="+2" color="#087102">Eintrag erfolgreich gelöscht!</font></b>';
} ;
if ($_POST['eintragen'] == 'Aendern') {
- db_query("UPDATE " . $db_prefix . "_rallyorte SET welche_rallys='" . implode(',', array_keys($_POST['rally'])) . "' WHERE id='" . $_POST['id'] . "';");
- Echo '<b><font size="+2" color="#087102">Änderung erfolgreich!</font></b>';
+ $sql = sql::$db->prepare("UPDATE " . _VMS_ . "_rallyorte SET welche_rallys=? WHERE id=?;");
+ $values = implode(',', array_keys($_POST['rally']) );
+ $sql->execute(array($values, $_POST['id']));
+ echo '<b><font size="+2" color="#087102">Änderung erfolgreich!</font></b>';
} ;
if ($_POST['rally'] == 'Eintragen') {
- db_query("INSERT INTO `vms_rallydaten`
- (`id`, `name`, `beschrieb`, `status`, `start`, `ende_art`, `ende_zeit`, `ende_punkte`, `ende_punkte_aktuell`, `ende_punkte_anzahl`, `ende_formulierung`, `ende_vortschritt`, `gewinn_art`, `gewinn_dyn_steigerung`, `gewinn_topf`, `gewinner_anzahl`, `mindestpunktzhl`, `sperruser`, `tagpotstart`, `einheit`)
- VALUES (NULL, '" . $_POST['rallyname'] . "', ' ', 'deaktiviert', '0', 'zeit', '0', '0', '0.00', '0', ' ', 'datum', 'statisch', '0.00', '0.00', '0', '0', ' ', '0', ' ' )");
- Echo '<b><font size="+2" color="#087102">Eintragung erfolgreich!</font></b>';
+ $sql = sql::$db->prepare("INSERT INTO " . _VMS_ . "_rallydaten (`id`, `name`, `beschrieb`, `status`, `start`, `ende_art`, `ende_zeit`, `ende_punkte`, `ende_punkte_aktuell`, `ende_punkte_anzahl`, `ende_formulierung`, `ende_vortschritt`, `gewinn_art`, `gewinn_dyn_steigerung`, `gewinn_topf`, `gewinner_anzahl`, `mindestpunktzhl`, `sperruser`, `tagpotstart`, `einheit`) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)");
+ $sql->execute(array( NULL, $_POST['rallyname'] , ' ', 'deaktiviert', '0', 'zeit', '0', '0', '0.00', '0', ' ', 'datum', 'statisch', '0.00', '0.00', '0', '0', ' ', '0', ' ' ));
+ echo '<b><font size="+2" color="#087102">Eintragung erfolgreich!</font></b>';
} ;
if ($_POST['rally'] == 'Loeschen') {
- db_query("DELETE FROM " . $db_prefix . "_rallydaten WHERE id = '" . $_POST['id'] . "';");
- Echo '<b><font size="+2" color="#087102">Eintrag erfolgreich gelöscht!</font></b>';
+ $sql = sql::$db->prepare("DELETE FROM " . _VMS_ . "_rallydaten WHERE id = ?;");
+ $sql->execute(array($_POST['id']));
+ echo '<b><font size="+2" color="#087102">Eintrag erfolgreich gelöscht!</font></b>';
} ;
head("<b><center>Rallys im System </center></b>");
@@ -30,8 +37,9 @@ head("<b><center>Rallys im System </center></b>");
<td align="center"><strong>Name</strong></td>
<td align="center"><strong>Bearbeiten der einzelnen Rallys</strong></td>
</tr>
- <?php $rally = db_query("SELECT * FROM " . $db_prefix . "_rallydaten");
-while ($rall = mysql_fetch_array($rally)) {?>
+<?php
+$rally=sql::$db->query("SELECT * FROM " . _VMS_ . "_rallydaten");
+while ($rall = $rally->fetch()) {?>
<form action="" method="post">
<tr bgcolor="#d0d0d0" >
<td align="center"><strong><?php echo $rall['name'];?></strong></td>
@@ -74,11 +82,12 @@ while ($rall = mysql_fetch_array($rally)) {?>
<td align="center"><strong>Welche Rallys</strong></td>
<td align="center"><strong>Bearbeiten<br>der <br>einzelnen <br>Positionen</strong></td>
</tr>
- <?php $ap_anzeige = db_query("SELECT * FROM " . $db_prefix . "_rallyorte ORDER BY id ASC");
-while ($ap = mysql_fetch_array($ap_anzeige)) {
- $rallynamen = db_query("SELECT id, name FROM " . $db_prefix . "_rallydaten");
+<?php
+$ap_anzeige=sql::$db->query("SELECT * FROM " . _VMS_ . "_rallyorte ORDER BY id ASC");
+while ($ap = $ap_anzeige->fetch()) {
+ $rallynamen = sql::$db->query("SELECT id, name FROM " . _VMS_ . "_rallydaten");
$rallys = '';
- while ($rallyname = mysql_fetch_array($rallynamen)) {
+ while ($rallyname = $rallynamen->fetch()) {
$checked = '';
$arrays = explode (',', $ap['welche_rallys']);
if (in_array($rallyname['id'], $arrays)) $checked = 'checked="checked"';
@@ -102,9 +111,9 @@ while ($ap = mysql_fetch_array($ap_anzeige)) {
<?php head("<b><center> Neue Position eintragen</center></b>");
-$rallynamenneu = db_query("SELECT id, name FROM " . $db_prefix . "_rallydaten");
+$rallynamenneu = sql::$db->query("SELECT id, name FROM " . _VMS_ . "_rallydaten");
$rallysneu = '';
-while ($rallynameneu = mysql_fetch_array($rallynamenneu)) {
+while ($rallynameneu = $rallynamenneu->fetch()) {
$rallysneu .= '<input type="checkbox" value="1" name="rally[' . $rallynameneu['id'] . ']"> ' . $rallynameneu['name'] . '<br>';
}
?>
diff --git a/adminforce/content/rallysystem2.php b/adminforce/content/rallysystem2.php
index 9670edf..c2fa18a 100644
--- a/adminforce/content/rallysystem2.php
+++ b/adminforce/content/rallysystem2.php
@@ -6,117 +6,65 @@ if (!isset($_POST['reset'])) $_POST['reset'] = '';
if (!isset($_POST['auswerten'])) $_POST['auswerten'] = '';
$rp = 0;
-$ralleydaten = mysql_fetch_array(db_query("SELECT * FROM " . $db_prefix . "_rallydaten WHERE id='" . $_GET['rally'] . "' LIMIT 1"));
+$sql = sql::$db->query("SELECT * FROM " . _VMS_ . "_rallydaten WHERE id='" . $_GET['rally'] . "' LIMIT 1");
+$ralleydaten = $sql->fetch();
// Ralleystand reseten
if ($_POST['reset'] == 'Reseten') {
- db_query ("DELETE FROM " . $db_prefix . "_rallyuser WHERE rally = '" . $ralleydaten['name'] . "' and ausgezahlt = '0'");
- db_query ("UPDATE " . $db_prefix . "_rallydaten SET ende_punkte_aktuell='0', gewinn_topf = '" . $ralleydaten['tagpotstart'] . "' WHERE id='" . $_GET['rally'] . "' LIMIT 1");
+
+ $sql = sql::$db->prepare("DELETE FROM " . _VMS_ . "_rallyuser WHERE rally = ? and ausgezahlt = ?");
+ $sql->execute(array( $ralleydaten['name'], '0'));
+ $sql = sql::$db->prepare("UPDATE " . _VMS_ . "_rallydaten SET ende_punkte_aktuell = ?, gewinn_topf = ? WHERE id = ? LIMIT 1");
+ $sql->execute(array('0', $ralleydaten['tagpotstart'], $_GET['rally'] ));
}
// Ralleystand manuell Auswerten
-if ($_POST['auswert'] == 'Auswerten') {
+if (isset($_POST['auswert']) AND $_POST['auswert'] == 'Auswerten') {
$rp = 0;
- $ralleydaten = mysql_fetch_array(db_query("SELECT * FROM vms_rallydaten WHERE id='" . $_GET['rally'] . "' LIMIT 1"));
- $platz = db_query("SELECT * FROM vms_rallyuser WHERE rally = '" . $ralleydaten['name'] . "' AND ausgezahlt = '0' AND punkte >= '" . $ralleydaten['mindestpunktzhl'] . "' ORDER BY punkte DESC LIMIT " . $ralleydaten['gewinner_anzahl'] . "");
- // echo "SELECT * FROM vms_rallyuser WHERE rally >= '".$ralleydaten['name']."' AND ausgezahlt = '0' AND punkte >= '".$ralleydaten['mindestpunktzhl']."' ORDER BY punkte DESC LIMIT ".$ralleydaten['gewinner_anzahl']."";
+ $sql = sql::$db->query("SELECT * FROM " . _VMS_ . "_rallydaten WHERE id='" . $_GET['rally'] . "' LIMIT 1");
+ $ralleydaten = $sql->fetch();
+ $platz = sql::$db->query("SELECT * FROM " . _VMS_ . "_rallyuser WHERE rally = '" . $ralleydaten['name'] . "' AND ausgezahlt = '0' AND punkte >= '" . $ralleydaten['mindestpunktzhl'] . "' ORDER BY punkte DESC LIMIT " . $ralleydaten['gewinner_anzahl'] . "");
$x1 = 0;
- while ($pa = mysql_fetch_array($platz)) {
+ while ($pa = $platz->fetch() ) {
$x1 ++;
$rp++;
$buchungssumme = $ralleydaten['gewinn_topf'] / 100 * $ralleydaten['p' . $rp];
- db_query("UPDATE vms_rallyuser SET auszahlungssumme = '" . $buchungssumme . "' WHERE uid='" . $pa['uid'] . "' AND ausgezahlt = '0' AND rally = '" . $ralleydaten['name'] . "' LIMIT 1");
+ $sql = sql::$db->prepare("UPDATE " . _VMS_ . "_rallyuser SET auszahlungssumme = ? WHERE uid = ? AND ausgezahlt = '0' AND rally = ? LIMIT 1");
+ $sql->execute(array( $buchungssumme, $pa['uid'], $ralleydaten['name'] ));
$buchungs_id = create_code(14);
kontobuchung ('+', $buchungssumme, $pa['uid']);
buchungsliste ($buchungs_id, '+' . $buchungssumme, $ralleydaten['name'] . ' (Platz ' . $rp . ')', $pa['uid']);
echo' Die UID ' . $pa['uid'] . ' wahr auf Platz' . $x1 . 'und hatt' . $buchungssumme . ' erhalten <br>';
}
- db_query("UPDATE vms_rallyuser SET ausgezahlt = '" . time() . "' WHERE rally = '" . $ralleydaten['name'] . "' AND ausgezahlt = '0'");
- db_query ("DELETE FROM " . $db_prefix . "_rallyuser WHERE rally = '" . $ralleydaten['name'] . "' and ausgezahlt = '0'");
- db_query ("UPDATE " . $db_prefix . "_rallydaten SET ende_punkte_aktuell='0', gewinn_topf = '" . $ralleydaten['tagpotstart'] . "' WHERE id='" . $_GET['rally'] . "' LIMIT 1");
+ $sql = sql::$db->prepare("UPDATE " . _VMS_ . "_rallyuser SET ausgezahlt = ? WHERE rally = ? AND ausgezahlt = ?");
+ $sql->execute(array( time(), $ralleydaten['name'], '0' ));
+
+ $sql = sql::$db->prepare("DELETE FROM " . _VMS_ . "_rallyuser WHERE rally = ? and ausgezahlt = ?");
+ $sql->execute(array( $ralleydaten['name'], '0'));
+
+ $sql = sql::$db->prepare("UPDATE " . _VMS_ . "_rallydaten SET ende_punkte_aktuell = ?, gewinn_topf = ? WHERE id = ? LIMIT 1");
+ $sql->execute(array('0', $ralleydaten['tagpotstart'], $_GET['rally'] ));
+
echo 'Auswertung durch';
}
// Ralleydaten speichern
-if ($_POST['plaetze'] == 'Speichern') {
- db_query ("UPDATE " . $db_prefix . "_rallydaten SET
- p1 = '" . $_POST['p1'] . "',
- p2 = '" . $_POST['p2'] . "',
- p3 = '" . $_POST['p3'] . "',
- p4 = '" . $_POST['p4'] . "',
- p5 = '" . $_POST['p5'] . "',
- p6 = '" . $_POST['p6'] . "',
- p7 = '" . $_POST['p7'] . "',
- p8 = '" . $_POST['p8'] . "',
- p9 = '" . $_POST['p9'] . "',
- p10 = '" . $_POST['p10'] . "',
- p11 = '" . $_POST['p11'] . "',
- p12 = '" . $_POST['p12'] . "',
- p13 = '" . $_POST['p13'] . "',
- p14 = '" . $_POST['p14'] . "',
- p15 = '" . $_POST['p15'] . "',
- p16 = '" . $_POST['p16'] . "',
- p17 = '" . $_POST['p17'] . "',
- p18 = '" . $_POST['p18'] . "',
- p19 = '" . $_POST['p19'] . "',
- p20 = '" . $_POST['p20'] . "',
- p21 = '" . $_POST['p21'] . "',
- p22 = '" . $_POST['p22'] . "',
- p23 = '" . $_POST['p23'] . "',
- p24 = '" . $_POST['p24'] . "',
- p25 = '" . $_POST['p25'] . "',
- p26 = '" . $_POST['p26'] . "',
- p27 = '" . $_POST['p27'] . "',
- p28 = '" . $_POST['p28'] . "',
- p29 = '" . $_POST['p29'] . "',
- p30 = '" . $_POST['p30'] . "',
- p31 = '" . $_POST['p31'] . "',
- p32 = '" . $_POST['p32'] . "',
- p33 = '" . $_POST['p33'] . "',
- p34 = '" . $_POST['p34'] . "',
- p35 = '" . $_POST['p35'] . "',
- p36 = '" . $_POST['p36'] . "',
- p37 = '" . $_POST['p37'] . "',
- p38 = '" . $_POST['p38'] . "',
- p39 = '" . $_POST['p39'] . "',
- p40 = '" . $_POST['p40'] . "',
- p41 = '" . $_POST['p41'] . "',
- p42 = '" . $_POST['p42'] . "',
- p43 = '" . $_POST['p43'] . "',
- p44 = '" . $_POST['p44'] . "',
- p45 = '" . $_POST['p45'] . "',
- p46 = '" . $_POST['p46'] . "',
- p47 = '" . $_POST['p47'] . "',
- p48 = '" . $_POST['p48'] . "',
- p49 = '" . $_POST['p49'] . "',
- p50 = '" . $_POST['p50'] . "' WHERE id = '" . $_GET['rally'] . "'");
+if (isset($_POST['plaetze']) AND $_POST['plaetze'] == 'Speichern') {
+
+ $sql = sql::$db->prepare("UPDATE " . _VMS_ . "_rallydaten SET p1=?,p2=?,p3=?,p4=?,p5=?,p6=?,p7=?,p8=?,p9=?,p10=?,p11=?,p12=?,p13=?,p14=?,p15=?,p16=?,p17=?,p18=?,p19=?,p20=?,p21=?,p22=?,p23=?,p24=?,p25=?,p26=?,p27=?,p28=?,p29=?,p30=?,p31=?,p32=?,p33=?,p34=?,p35=?,p36=?,p37=?,p38=?,p39=?,p40=?,p41=?,p42=?,p43=?,p44=?,p45=?,p46=?,p47=?,p48=?,p49=?,p50=? WHERE id = ?");
+ $sql->execute(array($_POST['p1'],$_POST['p2'],$_POST['p3'],$_POST['p4'],$_POST['p5'],$_POST['p6'],$_POST['p7'],$_POST['p8'],$_POST['p9'],$_POST['p10'],$_POST['p11'],$_POST['p12'],$_POST['p13'],$_POST['p14'],$_POST['p15'],$_POST['p16'],$_POST['p17'],$_POST['p18'],$_POST['p19'],$_POST['p20'],$_POST['p21'],$_POST['p22'],$_POST['p23'],$_POST['p24'],$_POST['p25'],$_POST['p26'],$_POST['p27'],$_POST['p28'],$_POST['p29'],$_POST['p30'],$_POST['p31'],$_POST['p32'],$_POST['p33'],$_POST['p34'],$_POST['p35'],$_POST['p36'],$_POST['p37'],$_POST['p38'],$_POST['p39'],$_POST['p40'],$_POST['p41'],$_POST['p42'],$_POST['p43'],$_POST['p44'],$_POST['p45'],$_POST['p46'],$_POST['p47'],$_POST['p48'],$_POST['p49'],$_POST['p50'],$_GET['rally']));
}
-if ($_POST['konfig'] == 'Speichern') {
+
+if (isset($_POST['konfig']) AND $_POST['konfig'] == 'Speichern') {
$ralleystart = strtotime("" . $_POST['start_monat'] . "/" . $_POST['start_tag'] . "/" . $_POST['start_jahr'] . " " . $_POST['start_stunde'] . " hours " . $_POST['start_minute'] . " minutes 0 seconds");
$ralleyende = strtotime("" . $_POST['ende_monat'] . "/" . $_POST['ende_tag'] . "/" . $_POST['ende_jahr'] . " " . $_POST['ende_stunde'] . " hours " . $_POST['ende_minute'] . " minutes 0 seconds");
- db_query ("UPDATE " . $db_prefix . "_rallydaten SET
- status = '" . $_POST['status'] . "',
- start = '" . $ralleystart . "',
- ende_art = '" . $_POST['ende_art'] . "',
- ende_zeit = '" . $ralleyende . "',
- ende_punkte = '" . $_POST['ende_punkte'] . "',
- ende_punkte_aktuell = '" . $_POST['ende_punkte_aktuell'] . "',
- ende_punkte_anzahl = '" . $_POST['ende_punkte_anzahl'] . "',
- ende_formulierung = '" . $_POST['ende_formulierung'] . "',
- ende_vortschritt = '" . $_POST['ende_vortschritt'] . "',
- gewinn_art = '" . $_POST['gewinn_art'] . "',
- gewinn_dyn_steigerung = '" . $_POST['gewinn_dyn_steigerung'] . "',
- gewinn_topf = '" . $_POST['gewinn_topf'] . "',
- gewinner_anzahl = '" . $_POST['gewinner_anzahl'] . "',
- mindestpunktzhl = '" . $_POST['mindestpunktzhl'] . "',
- sperruser = '" . $_POST['sperruser'] . "',
- tagpotstart = '" . $_POST['tagpotstart'] . "',
- einheit = '" . $_POST['einheit'] . "' WHERE id = '" . $_GET['rally'] . "'");
+
+ $sql = sql::$db->prepare("UPDATE " . _VMS_ . "_rallydaten SET status=?, start=?, ende_art=?, ende_zeit=?, ende_punkte=?, ende_punkte_aktuell=?, ende_punkte_anzahl=?, ende_formulierung=?, ende_fortschritt=?, gewinn_art=?, gewinn_dyn_steigerung=?, gewinn_topf=?, gewinner_anzahl=?, mindestpunktzhl=?, sperruser=?, tagpotstart=?, einheit=? WHERE id = ?");
+ $sql->execute(array($_POST['status'], $ralleystart, $_POST['ende_art'], $ralleyende, $_POST['ende_punkte'], $_POST['ende_punkte_aktuell'], $_POST['ende_punkte_anzahl'], $_POST['ende_formulierung'], $_POST['ende_fortschritt'], $_POST['gewinn_art'], $_POST['gewinn_dyn_steigerung'], $_POST['gewinn_topf'], $_POST['gewinner_anzahl'], $_POST['mindestpunktzhl'], $_POST['sperruser'], $_POST['tagpotstart'], $_POST['einheit'], $_GET['rally']));
}
-if ($_POST['beschrieb'] == 'Speichern') {
- db_query ("UPDATE " . $db_prefix . "_rallydaten SET
- beschrieb = '" . mysql_real_escape_string($_POST['beschriebf']) . "'
- WHERE id = '" . $_GET['rally'] . "'");
+if (isset($_POST['beschrieb']) AND $_POST['beschrieb'] == 'Speichern') {
+ $sql = sql::$db->prepare("UPDATE " . _VMS_ . "_rallydaten SET beschrieb = ? WHERE id = ?");
+ $sql->execute(array($_POST['beschriebf'], $_GET['rally']));
}
-
-$ralleydaten = mysql_fetch_array(db_query("SELECT * FROM " . $db_prefix . "_rallydaten WHERE id='" . $_GET['rally'] . "' LIMIT 1"));
+$sql = sql::$db->query("SELECT * FROM " . _VMS_ . "_rallydaten WHERE id='" . $_GET['rally'] . "' LIMIT 1");
+$ralleydaten = $sql->fetch();
head($ralleydaten['name'] . "-Rally bearbeiten (html erlaubt!)");
?>
@@ -570,10 +518,12 @@ Geben Sie hier den prozentualen Anteil vom Gewinn Topf an. <br>(Die Summe aller
</thead>
<tbody>
<?php
-$platz = db_query ('SELECT k.punkte,u.nickname,u.uid FROM vms_rallyuser k LEFT JOIN vms_userdaten u ON u.uid = k.uid WHERE k.rally = "' . $ralleydaten['name'] . '" AND k.ausgezahlt = "0" ORDER BY k.punkte DESC');
+$sql = sql::$db->query("SELECT * FROM " . _VMS_ . "_rallydaten");
+$rally = $sql->fetch();
+$platz = sql::$db->query('SELECT k.punkte,u.nickname,u.uid FROM '._VMS_.'_rallyuser k LEFT JOIN '._VMS_.'_userdaten u ON u.uid = k.uid WHERE k.rally = "' . $ralleydaten['name'] . '" AND k.ausgezahlt = "0" ORDER BY k.punkte DESC');
$rp = 1;
$gesperrt = explode(',', $ralleydaten['sperruser']);
-while ($pa = mysql_fetch_array($platz)) {
+while ($pa = $platz->fetch() ) {
if (!in_array($pa['uid'], $gesperrt)) {
if ($ralleydaten['gewinner_anzahl'] >= $rp) {
$mg = number_format(($ralleydaten['gewinn_topf'] / 100 * $ralleydaten['p' . $rp]), 2, ',', '.') . ' ' . $waehrung;
diff --git a/adminforce/content/startseite.php b/adminforce/content/startseite.php
index 354c372..49e747f 100644
--- a/adminforce/content/startseite.php
+++ b/adminforce/content/startseite.php
@@ -1,4 +1,13 @@
-<?php if($_SESSION['admin'] != 1){
+<?php
+
+if (!isset($_POST['monat'])) $_POST['monat'] = 0;
+if (!isset($_POST['tag'])) $_POST['tag'] = 0;
+if (!isset($_POST['jahr'])) $_POST['jahr'] = 0;
+
+
+
+
+if($_SESSION['admin'] != 1){
echo '<center>
<b>Adminlogin</b>
@@ -26,7 +35,8 @@
<td width="100%" valign="top">';
head("Userstatistik");
- $kontostats = mysql_fetch_array(db_query("SELECT COUNT(uid) AS kd_uid , SUM(kontostand) AS kd_kontostand FROM ".$db_prefix."_kontodaten"));
+ $sql = sql::$db->query("SELECT COUNT(uid) AS kd_uid , SUM(kontostand) AS kd_kontostand FROM "._VMS_."_kontodaten");
+ $kontostats = $sql -> fetch();
echo '<table width="100%" border="0" cellpadding="0" cellspacing="1" bgcolor="#c0c0c0">
<tr bgcolor="#f0f0f0">
<td width="55%">Angemeldete User</td>
@@ -81,9 +91,9 @@ foot();
if ($_POST['anzeigen'] == 'anzeigen !')
{
- $result=mysql_query("SELECT t1.emailadresse AS email,t1.uid,t2.kontostand,t3.nickname FROM ".$db_prefix."_emaildaten AS t1, vms_kontodaten AS t2,vms_userdaten AS t3 WHERE t1.uid = t2.uid AND t2.uid = t3.uid AND last_active < ".$timestamp."");
+ $sql = sql::$db->query("SELECT t1.emailadresse AS email,t1.uid,t2.kontostand,t3.nickname FROM "._VMS_."_emaildaten AS t1, vms_kontodaten AS t2,vms_userdaten AS t3 WHERE t1.uid = t2.uid AND t2.uid = t3.uid AND last_active < ".$timestamp);
$konto='0';
- while($row=mysql_fetch_array($result))
+ while($row = $sql -> fetch() )
{
$konto= $konto+$row['kontostand'];
$anzahl++;
@@ -95,15 +105,25 @@ foot();
</tr></table>
";
if ($_POST['inaktive'] == '1') {
- db_query ('DELETE FROM '.$db_prefix.'_kontodaten WHERE uid = '.$row['uid']);
- db_query ('DELETE FROM '.$db_prefix.'_emaildaten WHERE uid = '.$row['uid']);
- db_query ('DELETE FROM '.$db_prefix.'_userdaten WHERE uid = '.$row['uid']);
- db_query ('DELETE FROM '.$db_prefix.'_werberdaten WHERE uid = '.$row['uid']);
- db_query ('UPDATE '.$db_prefix.'_werberdaten SET werber = 0 WHERE werber = '.$row['uid']);
- db_query ('DELETE FROM '.$db_prefix.'_admin_abuse WHERE uid = '.$row['uid']);
- db_query ('DELETE FROM vms_buchungen WHERE uid = '.$row['uid']);
- db_query ('DELETE FROM vms_reloads WHERE uid = '.$row['uid']);
- db_query ('DELETE FROM vms_schnittstelle_anfragen WHERE uid = '.$row['uid']);
+
+ $sql = sql::$db->prepare("DELETE FROM "._VMS."_kontodaten WHERE uid = ?");
+ $sql->execute(array($row['uid']));
+ $sql = sql::$db->prepare("DELETE FROM "._VMS."_emaildaten WHERE uid = ?");
+ $sql->execute(array($row['uid']));
+ $sql = sql::$db->prepare("DELETE FROM "._VMS."_userdaten WHERE uid = ?");
+ $sql->execute(array($row['uid']));
+ $sql = sql::$db->prepare("DELETE FROM "._VMS."_werberdaten WHERE uid = ?");
+ $sql->execute(array($row['uid']));
+ $sql = sql::$db->prepare("UPDATE "._VMS."_werberdaten SET werber = 0 WHERE werber = ?");
+ $sql->execute(array($row['uid']));
+ $sql = sql::$db->prepare("DELETE FROM "._VMS."_admin_abuse WHERE uid = ?");
+ $sql->execute(array($row['uid']));
+ $sql = sql::$db->prepare("DELETE FROM "._VMS."_buchungen WHERE uid = ?");
+ $sql->execute(array($row['uid']));
+ $sql = sql::$db->prepare("DELETE FROM "._VMS."_reloads WHERE uid = ?");
+ $sql->execute(array($row['uid']));
+ $sql = sql::$db->prepare("DELETE FROM "._VMS."_schnittstelle_anfragen WHERE uid = ?");
+ $sql->execute(array($row['uid']));
echo '<font color="#00d000">User Gelöscht</font><br />';
$infotext= ' Hallo '.$row['nickname'].'
diff --git a/adminforce/content/usersystem/doppelaccis.php b/adminforce/content/usersystem/doppelaccis.php
index 4f60747..d7384f6 100644
--- a/adminforce/content/usersystem/doppelaccis.php
+++ b/adminforce/content/usersystem/doppelaccis.php
@@ -5,14 +5,14 @@
<td align="center"><b>IP-Adresse</b></td>
</tr>
<?php
-$sql = db_query("SELECT `login_ip`, COUNT(*) AS `anzahl` FROM `" . $db_prefix . "_kontodaten` GROUP BY `login_ip` HAVING COUNT(*) > 1") or die(mysql_error());
-if (!mysql_num_rows($sql)) {
+$sql = sql::$db->query("SELECT `login_ip`, COUNT(*) AS `anzahl` FROM `" . _VMS_ . "_kontodaten` GROUP BY `login_ip` HAVING COUNT(*) > 1") or die(mysql_error());
+if ($sql->rowCount() == 0) {
echo '
<tr>
<td colspan="2" align="center"><font color="green">Keine Doppelten IP-Adressen im System</font></td>
</tr>';
} else {
- while ($fake1 = mysql_fetch_assoc($sql)) {
+ while ($fake1 = $sql -> fetch() ) {
echo '
<tr>
<td>' . $fake1['anzahl'] . '</td>
@@ -25,14 +25,14 @@ if (!mysql_num_rows($sql)) {
?>
</table>
<?php
-if ($_GET['ip']) {
- $ip = db_query("SELECT k.uid,u.nickname FROM
- " . $db_prefix . "_kontodaten AS k
- LEFT JOIN " . $db_prefix . "_userdaten AS u ON u.uid=k.uid
+if (isset($_GET['ip'])) {
+ $ip = sql::$db->query("SELECT k.uid,u.nickname FROM
+ " . _VMS_ . "_kontodaten AS k
+ LEFT JOIN " . _VMS_ . "_userdaten AS u ON u.uid=k.uid
WHERE k.login_ip='" . addslashes($_GET['ip']) . "'");
echo "<p>User mit der IP " . $_GET['ip'] . ":</p>";
- while ($doppelt = mysql_fetch_assoc($ip)) {
+ while ($doppelt = $ip -> fetch() ) {
echo "<a href='?content=/usersystem/userbearbeiten&uid=" . $doppelt['uid'] . "'>" . $doppelt['nickname'] . "</a><br>";
}
}
@@ -49,8 +49,8 @@ foot();
<td align="center"><b>md5Hash</b></td>
</tr>
<?php
-$sql2 = db_query("SELECT `passwort`, COUNT(*) AS `anzahl` FROM `" . $db_prefix . "_kontodaten` GROUP BY `passwort` HAVING COUNT(*) > 1") or die(mysql_error());
-if (!mysql_num_rows($sql)) {
+$sql2 = sql::$db->query("SELECT `passwort`, COUNT(*) AS `anzahl` FROM `" . _VMS_ . "_kontodaten` GROUP BY `passwort` HAVING COUNT(*) > 1") or die(mysql_error());
+if ($sql2->rowCount() == 0) {
echo '
<tr>
<td colspan="2" align="center"><font color="green">Keine Doppelten Passwörter im System</font></td>
diff --git a/adminforce/content/usersystem/liste.php b/adminforce/content/usersystem/liste.php
index 196695a..ab8c7ae 100644
--- a/adminforce/content/usersystem/liste.php
+++ b/adminforce/content/usersystem/liste.php
@@ -1,4 +1,5 @@
<?php
+$i=0;
$gfx_status[0] = '<img src="images/gelb.gif" width="15" height="15" border="0" alt="Nicht freigeschaltet">';
$gfx_status[1] = '<img src="images/gruen.gif" width="15" height="15" border="0" alt="O.K.">';
$gfx_status[2] = '<img src="images/rot.gif" width="15" height="15" border="0" alt="Gesperrt">';
@@ -16,13 +17,13 @@ head("Userliste");
<td align="center"><b>Angemeldet</b></td>
</tr>
<?php
-$userliste = db_query("SELECT k.uid,k.status,k.kontostand,u.nickname,u.vorname,u.nachname,u.angemeldet_seit,e.emailadresse
- FROM " . $db_prefix . "_kontodaten AS k
- LEFT JOIN " . $db_prefix . "_userdaten AS u ON u.uid=k.uid
- LEFT JOIN " . $db_prefix . "_emaildaten AS e ON e.uid=k.uid
+$sql = sql::$db->query ("SELECT k.uid,k.status,k.kontostand,u.nickname,u.vorname,u.nachname,u.angemeldet_seit,e.emailadresse
+ FROM " . _VMS_ . "_kontodaten AS k
+ LEFT JOIN " . _VMS_ . "_userdaten AS u ON u.uid=k.uid
+ LEFT JOIN " . _VMS_ . "_emaildaten AS e ON e.uid=k.uid
ORDER BY k.uid ASC");
-while ($ausgabe = mysql_fetch_array($userliste)) {
+while ($ausgabe = $sql -> fetch() ) {
$i++;
$row = ($i % 2 == 0) ? 0 : 1;
diff --git a/adminforce/content/usersystem/userbearbeiten.php b/adminforce/content/usersystem/userbearbeiten.php
index c171db7..1ef4b95 100644
--- a/adminforce/content/usersystem/userbearbeiten.php
+++ b/adminforce/content/usersystem/userbearbeiten.php
@@ -16,6 +16,8 @@ function ShowUserInfo (art) {
<?php
+if (!isset ($_POST['buchungsart'])) $_POST['buchungsart'] = '';
+if (!isset ($_POST['buchungsmenge'])) $_POST['buchungsmenge'] = '';
// Variable _GET['uid'] pruefen
if (!empty ($_GET['uid'])) $_POST['uid'] = $_GET['uid'];
$_POST['uid'] = (int)$_POST['uid'];
@@ -23,9 +25,14 @@ if (empty ($_POST['uid'])) die ('Keine korrekte User-ID übergeben!');
// Allgemeine Daten speichern
if (isset ($_POST['profile'])) {
- db_query ('UPDATE '.$db_prefix.'_userdaten SET nickname = "'.$_POST['nickname'].'", vorname = "'.$_POST['vorname'].'", nachname = "'.$_POST['nachname'].'" WHERE uid = '.$_POST['uid']);
- db_query ('UPDATE '.$db_prefix.'_emaildaten SET emailadresse = "'.$_POST['emailadresse'].'", freigabe_fuer = "'.$_POST['freigabe_fuer'].'" WHERE uid = '.$_POST['uid']);
- if ($_POST['werber'] != $_POST['alt_werber'] && $_POST['werber'] != $_POST['uid']) db_query ('UPDATE '.$db_prefix.'_werberdaten SET werber = "'.$_POST['werber'].'", umsatz = 0, zuordnungszeit = 0, reset = 0, resetzeit = 0, gesamt = 0, refback = 0, aktivzeit = 0 WHERE uid = '.$_POST['uid']);
+ $sql = sql::$db->prepare('UPDATE '._VMS_.'_userdaten SET nickname = ?, vorname = ?, nachname = ? WHERE uid = ?');
+ $sql -> execute(array($_POST['nickname'], $_POST['vorname'], $_POST['nachname'], $_POST['uid']));
+ $sql = sql::$db->prepare('UPDATE '._VMS_.'_emaildaten SET emailadresse = ?, freigabe_fuer = ? WHERE uid = ?');
+ $sql -> execute(array($_POST['emailadresse'], $_POST['freigabe_fuer'], $_POST['uid']));
+ if ($_POST['werber'] != $_POST['alt_werber'] && $_POST['werber'] != $_POST['uid']){
+ $sql = sql::$db->prepare('UPDATE '._VMS_.'_werberdaten SET werber = ?, umsatz = 0, zuordnungszeit = 0, reset = 0, resetzeit = 0, gesamt = 0, refback = 0, aktivzeit = 0 WHERE uid = ?');
+ $sql -> execute(array($_POST['werber'], $_POST['uid']));
+ }
}
// Betrag verbuchen
@@ -35,10 +42,14 @@ if (isset ($_POST['finanze'])) {
buchungsliste ($buchungs_id, $_POST['buchungsart'].$_POST['buchungssumme'], $_POST['buchungstext'].' (Admin)', $_POST['uid']);
kontobuchung ($_POST['buchungsart'], $_POST['buchungssumme'], $_POST['uid']);
-if ($_POST['art'] == '+'){
-$ausgabe = $_POST['buchungsmenge'];
-}else{
-$einnahme = $_POST['buchungsmenge'];
+if ($_POST['buchungsart'] == '+') {
+$einnahme = 0;
+$ausgabe = $_POST['buchungssumme'];
+}
+
+if ($_POST['buchungsart'] == '-') {
+$einnahme = $_POST['buchungssumme'];
+$ausgabe = 0;
}
bilanz($einnahme,$ausgabe);
@@ -61,31 +72,43 @@ if (isset ($_POST['access'])) {
if ($_POST['status'] != 'loeschen') {
$_POST['status'] = (int)$_POST['status'];
- db_query ('UPDATE '.$db_prefix.'_kontodaten SET status = '.$_POST['status'].', hinweis = "'.$_POST['hinweis'].'" WHERE uid = '.$_POST['uid']);
+ $sql = sql::$db->prepare('UPDATE '._VMS_.'_kontodaten SET status = ?, hinweis = ? WHERE uid = ?');
+ $sql -> execute(array($_POST['status'], $_POST['hinweis'], $_POST['uid']));
} else {
$sperrzeit = ( time() + ( 86400 * 365 ) );
- db_query ('INSERT INTO '.$db_prefix.'_userblacklist (uid,zeit) VALUES ('.$_POST['uid'].','.$sperrzeit.')');
- db_query ('DELETE FROM '.$db_prefix.'_kontodaten WHERE uid = '.$_POST['uid']);
- db_query ('DELETE FROM '.$db_prefix.'_emaildaten WHERE uid = '.$_POST['uid']);
- db_query ('DELETE FROM '.$db_prefix.'_userdaten WHERE uid = '.$_POST['uid']);
- db_query ('DELETE FROM '.$db_prefix.'_werberdaten WHERE uid = '.$_POST['uid']);
- db_query ('UPDATE '.$db_prefix.'_werberdaten SET werber = 0 WHERE werber = '.$_POST['uid']);
+ $sql = sql::$db->prepare("INSERT INTO "._VMS_."_userblacklist (uid,zeit) VALUES (?,?)");
+ $sql->execute(array($_POST['uid'], $sperrzeit));
+
+ $sql = sql::$db->prepare("DELETE FROM "._VMS_."_kontodaten WHERE uid = ?");
+ $sql -> execute(array($_POST['uid']));
+
+ $sql = sql::$db->prepare("DELETE FROM "._VMS_."_emaildaten WHERE uid = ?");
+ $sql -> execute(array($_POST['uid']));
+
+ $sql = sql::$db->prepare("DELETE FROM "._VMS_."_userdaten WHERE uid = ?");
+ $sql -> execute(array($_POST['uid']));
+
+ $sql = sql::$db->prepare("DELETE FROM "._VMS_."_werberdaten WHERE uid = ?");
+ $sql -> execute(array($_POST['uid']));
+
+ $sql = sql::$db->prepare('UPDATE '._VMS_.'_werberdaten SET werber = 0 WHERE werber = ?');
+ $sql -> execute(array($_POST['uid']));
echo '<meta http-equiv="refresh" content="0; URL=index.php?content=/usersystem/liste">';
}
}
// Notizen speichern
if (isset ($_POST['notice'])) {
- db_query ('UPDATE '.$db_prefix.'_userdaten SET notizen = "'.$_POST['notizen'].'" WHERE uid = '.$_POST['uid']);
+ $notizsql = sql::$db->prepare("UPDATE "._VMS_."_userdaten SET notizen = :notiz WHERE uid = :uid");
+ $notizsql -> execute(array('notiz' => $_POST['notizen'], 'uid' => $_POST['uid']));
}
// Daten einlesen
-$sql = db_query ('SELECT * FROM '.$db_prefix.'_kontodaten t1, '.$db_prefix.'_userdaten t2, '.$db_prefix.'_emaildaten t3, '.$db_prefix.'_werberdaten t4 WHERE t1.uid = '.$_POST['uid'].' AND t2.uid = '.$_POST['uid'].' AND t3.uid = '.$_POST['uid'].' AND t4.uid = '.$_POST['uid'].' LIMIT 1');
-if (mysql_num_rows ($sql) == 0) die ('Die angegebene User-ID existiert nicht!');
-$alledaten = mysql_fetch_assoc ($sql);
-?>
+$sql = sql::$db->query('SELECT * FROM '._VMS_.'_kontodaten t1, '._VMS_.'_userdaten t2, '._VMS_.'_emaildaten t3, '._VMS_.'_werberdaten t4 WHERE t1.uid = '.$_POST['uid'].' AND t2.uid = '.$_POST['uid'].' AND t3.uid = '.$_POST['uid'].' AND t4.uid = '.$_POST['uid'].' LIMIT 1');
+if ($sql->rowCount() == 0) die ('Die angegebene User-ID existiert nicht!');
+$alledaten = $sql->fetch();
-<?php head ('Bearbeiten des Users <i>'.$alledaten['nickname'].'</i> ('.$alledaten['uid'].')'); ?>
+head ('Bearbeiten des Users <i>'.$alledaten['nickname'].'</i> ('.$alledaten['uid'].')'); ?>
<div style="text-align: center;">
<a href="javascript:ShowUserInfo(1);">Allgemeines</a> ·
<a href="javascript:ShowUserInfo(2);">Statistik</a> ·
@@ -244,8 +267,9 @@ $alledaten = mysql_fetch_assoc ($sql);
<td align="center"><b>Verwendungszweck</b></td>
</tr>
<?php
-$buchungen_lesen = db_query('SELECT * FROM '.$db_prefix.'_buchungen WHERE uid = '.$alledaten['uid'].' ORDER BY buchungszeit DESC LIMIT 250');
-while ($buchung_schreiben = mysql_fetch_array($buchungen_lesen)) {
+$buchungen_lesen = sql::$db->query('SELECT * FROM '._VMS_.'_buchungen WHERE uid = '.$alledaten['uid'].' ORDER BY buchungszeit DESC LIMIT 250');
+$i=0;
+while ($buchung_schreiben = $buchungen_lesen->fetch() ) {
$i++;
$buchcolor = ($buchung_schreiben['buchungsmenge'] > 0) ? $system['positiv_farbe'] : $system['negativ_farbe'];
$linecolor = ($i %2 == 0) ? 1 : 0;
diff --git a/adminforce/content/werbesystem/forcedbanner_468.php b/adminforce/content/werbesystem/forcedbanner_468.php
index fc2f967..f4571fb 100644
--- a/adminforce/content/werbesystem/forcedbanner_468.php
+++ b/adminforce/content/werbesystem/forcedbanner_468.php
@@ -21,7 +21,8 @@ if ($_POST['buchen'] == 'Jetzt Buchen') {
if (!$buchungsfehler) {
$buchungs_id = create_code(32);
$reload = $_POST['reload'] * 60 * 60;
- db_query("INSERT INTO " . $db_prefix . "_gebuchte_werbung (tan,ziel,banner,aufendhalt,menge,preis,verdienst,werbeart,status,reload,sponsor) VALUES ('" . $buchungs_id . "','" . $_POST['ziel'] . "','" . $_POST['banner_url'] . "','" . $_POST['aufendhalt'] . "','" . $_POST['menge'] . "','0','" . $_POST['verdienst'] . "','forcedbanner','1','" . $reload . "','administrator')");
+ $sql = sql::$db->prepare("INSERT INTO " . _VMS_ . "_gebuchte_werbung (tan,ziel,banner,aufendhalt,menge,preis,verdienst,werbeart,status,reload,sponsor) VALUES (?,?,?,?,?,?,?,?,?,?,?)");
+ $sql->execute(array($buchungs_id, $_POST['ziel'], $_POST['banner_url'], $_POST['aufendhalt'], $_POST['menge'], '0', $_POST['verdienst'], 'forcedbanner', '1', $reload, 'administrator' ));
$buchung = 'true';
}
}
diff --git a/adminforce/content/werbesystem/paidmail.php b/adminforce/content/werbesystem/paidmail.php
index 193e0cb..c3e23f4 100644
--- a/adminforce/content/werbesystem/paidmail.php
+++ b/adminforce/content/werbesystem/paidmail.php
@@ -8,12 +8,13 @@ if (!isset($_POST['beschreibung'])) $_POST['beschreibung'] = "";
if (!isset($_POST['aufendhalt'])) $_POST['aufendhalt'] = "0";
if (!isset($_POST['gueltig'])) $_POST['gueltig'] = "1";
if (!isset($tan)) $tan = "";
+if (!isset($msg_send)) $msg_send = "";
-$empfaenger = db_query("SELECT e.uid,e.emailadresse FROM
- " . $db_prefix . "_emaildaten e
- LEFT JOIN " . $db_prefix . "_kontodaten k ON k.uid=e.uid
-WHERE (e.freigabe_fuer = '3' or e.freigabe_fuer = '2') AND k.status=1");
-$maxempf = mysql_num_rows($empfaenger);
+$empfaenger = sql::$db->query("SELECT e.uid,e.emailadresse FROM
+ " . _VMS_ . "_emaildaten e
+ LEFT JOIN " . _VMS_ . "_kontodaten k ON k.uid=e.uid
+WHERE (e.freigabe_fuer = '3' OR e.freigabe_fuer = '2') AND k.status=1");
+$maxempf = $empfaenger->rowCount();
if ($_POST['versenden'] == 'Paidmail versenden!') {
if ($_POST['menge'] == 0) $_POST['menge'] = 5000;
@@ -21,15 +22,17 @@ if ($_POST['versenden'] == 'Paidmail versenden!') {
$tan = create_code(14);
$bis = time() + (86400 * $_POST['gueltig']);
- db_query("INSERT INTO " . $db_prefix . "_paidmails_versendet (tan,menge,verdienst,ziel,beschreibung,mailtext,aufendhalt,gesendet,gueltig) VALUES ('" . $tan . "','" . $_POST['menge'] . "','" . $_POST['verdienst'] . "','" . $_POST['ziel'] . "','" . $_POST['beschreibung'] . "','" . $_POST['mailtext'] . "','" . $_POST['aufendhalt'] . "','" . time() . "','" . $bis . "')");
- $senden = db_query("SELECT e.uid,e.emailadresse FROM
- " . $db_prefix . "_emaildaten e
- LEFT JOIN " . $db_prefix . "_kontodaten k ON k.uid=e.uid
+ $sql = sql::$db->prepare("INSERT INTO " . _VMS_ . "_paidmails_versendet (tan,menge,verdienst,ziel,beschreibung,mailtext,aufendhalt,gesendet,gueltig) VALUES (?,?,?,?,?,?,?,?,?)");
+ $sql->execute(array( $tan, $_POST['menge'], $_POST['verdienst'], $_POST['ziel'], $_POST['beschreibung'], $_POST['mailtext'], $_POST['aufendhalt'], time(), $bis ));
+ $senden = sql::$db->query("SELECT e.uid,e.emailadresse FROM
+ " . _VMS_ . "_emaildaten e
+ LEFT JOIN " . _VMS_ . "_kontodaten k ON k.uid=e.uid
WHERE (e.freigabe_fuer = '3' or e.freigabe_fuer = '2') AND k.status=1 ORDER BY RAND() LIMIT " . $_POST['menge'] . "");
- while ($versendet = mysql_fetch_array($senden)) {
- db_query("INSERT INTO " . $db_prefix . "_paidmails_empfaenger (uid,gueltig,tan,status,aufendhalt) VALUES ('" . $versendet['uid'] . "','" . $bis . "','" . $tan . "','0','" . $_POST['aufendhalt'] . "')");
+ while ($versendet = $senden->fetch() ) {
+ $sql = sql::$db->prepare("INSERT INTO " . _VMS_ . "_paidmails_empfaenger (uid,gueltig,tan,status,aufendhalt) VALUES (?,?,?,?,?)");
+ $sql->execute(array( $versendet['uid'], $bis, $tan, '0', $_POST['aufendhalt'] ));
$message = 'Hallo,
dieses ist eine neue ' . $system['seitenname'] . ' Paidmail, für dessen Bestätigung
Du ' . $_POST['verdienst'] . ' ' . $system['waehrung'] . ' für ' . $_POST['aufendhalt'] . ' Sek. aufenthalt erhälst!
diff --git a/adminforce/content/werbesystem/paidmail_hist.php b/adminforce/content/werbesystem/paidmail_hist.php
index dba1249..c2a4610 100644
--- a/adminforce/content/werbesystem/paidmail_hist.php
+++ b/adminforce/content/werbesystem/paidmail_hist.php
@@ -3,13 +3,15 @@ if (!isset($_GET['tan'])) $_GET['tan'] = "";
if (!isset($_GET['loeschen'])) $_GET['loeschen'] = "";
if ($_GET['loeschen'] == 'true') {
- db_query("DELETE FROM " . $db_prefix . "_paidmails_versendet WHERE tan='" . $_GET['tan'] . "'");
- db_query("DELETE FROM " . $db_prefix . "_paidmails_empfaenger WHERE tan='" . $_GET['tan'] . "'");
+ $sql = sql::$db->prepare("DELETE FROM " . _VMS_ . "_paidmails_versendet WHERE tan=?");
+ $sql->execute(array($_GET['tan']));
+ $sql = sql::$db->prepare("DELETE FROM " . _VMS_ . "_paidmails_empfaenger WHERE tan=?");
+ $sql->execute(array($_GET['tan']));
}
-$mails = db_query("SELECT * FROM " . $db_prefix . "_paidmails_versendet ORDER BY gesendet DESC");
+$mails = sql::$db->query("SELECT * FROM " . _VMS_ . "_paidmails_versendet ORDER BY gesendet DESC");
-while ($history = mysql_fetch_array($mails)) {
+while ($history = $mails->fetch() ) {
head('Paidmail: ' . $history['beschreibung']);
echo '<b>Tan:</b> ' . $history['tan'] . '<br>
<b>Menge:</b> ' . $history['menge'] . '<br>
@@ -28,7 +30,7 @@ while ($history = mysql_fetch_array($mails)) {
foot();
}
-if (!mysql_num_rows($mails)) {
+if ($mails->rowCount() == 0) {
head("Information");
echo 'Noch keine Paidmails vorhanden!';
foot();
diff --git a/adminforce/frametest.php b/adminforce/frametest.php
index 3593cf7..466a55d 100644
--- a/adminforce/frametest.php
+++ b/adminforce/frametest.php
@@ -16,7 +16,8 @@ if ($_GET['testen'] == 'true') {
// SecVMS change begin
$_GET['tan'] = addslashes ($_GET['tan']);
// SecVMS change end
- $forced = mysql_fetch_assoc(db_query("SELECT ziel FROM " . $db_prefix . "_gebuchte_werbung WHERE tan='" . $_GET['tan'] . "' LIMIT 1"));
+ $sql = sql::$db->query("SELECT ziel FROM "._VMS_."_gebuchte_werbung WHERE tan='" . $_GET['tan'] . "' LIMIT 1");
+ $forced = $sql -> fetch();
if ($forced) {
$ziel = $forced['ziel'];
} else {
diff --git a/adminforce/index.php b/adminforce/index.php
index 04d24d5..2205502 100644
--- a/adminforce/index.php
+++ b/adminforce/index.php
@@ -25,11 +25,12 @@
$shows = 0;
if (!isset($_GET['content'])) $_GET['content'] = '/startseite';
if (!file_exists('content'.$_GET['content'].'.php')) $_GET['content'] = '/error/keine_seite';
- if($_POST['check'] == "Login") {
- require_once ('../lib/config.inc.php');
- require_once ('../lib/functions.lib.php');
- db_connect();
- $page = mysql_fetch_array(db_query("SELECT admin_name, admin_pass FROM ".$db_prefix."_seitenkonfig LIMIT 1"));
+ if (!isset($_SESSION['admin']) || empty ($_SESSION['admin'])) $_SESSION['admin'] = '0';
+ if(isset($_POST['check']) AND $_POST['check'] == "Login") {
+
+ $sql = sql::$db->query("SELECT admin_name, admin_pass FROM "._VMS_."_seitenkonfig LIMIT 1");
+ $page = $sql -> fetch();
+
if($_POST['loginname'] == $page['admin_name'] AND $_POST['passwort'] == $page['admin_pass']) {
$_SESSION['admin'] = 1;
header("Location: ".$_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING']);
diff --git a/adminforce/lib/menue_links.php b/adminforce/lib/menue_links.php
index d6ac92d..ecda027 100644
--- a/adminforce/lib/menue_links.php
+++ b/adminforce/lib/menue_links.php
@@ -11,8 +11,8 @@ menuefoot();
menuehead('Rallysystem');
echo '» <a href="?content=/rallysystem"><strong>Rally / Positionen</strong></a><br>';
- $rally = db_query("SELECT id,name FROM ".$db_prefix."_rallydaten");
- while($rall = mysql_fetch_array($rally)){
+ $sql = sql::$db->query("SELECT id,name FROM "._VMS_."_rallydaten");
+ while($rall = $sql -> fetch() ){
echo ' ↳ <a href="?content=/rallysystem2&rally= '.$rall['id'].'">'.$rall['name'].'></a><br>';
}
menuefoot();
diff --git a/content/betteln.php b/content/betteln.php
index 0bac102..1d5b86c 100644
--- a/content/betteln.php
+++ b/content/betteln.php
@@ -7,16 +7,20 @@ if ($pageconfig['reload_betteln'] == 0) {
if ($_SESSION['uid'] == $_GET['ref'] || $_GET['ref'] == $_COOKIE['uid']) {
$betteltext = '<b><font color="#FF0000">Du kannst dich nicht selbst anbetteln!</font></b>';
} else {
- $reloadcheck = db_query("SELECT bis FROM " . $db_prefix . "_reloads WHERE ip = '" . $ip . "' and tan = 'bettelaufruf' and bis >= " . time() . " LIMIT 1");
+ $reloadcheck = sql::$db->query("SELECT bis FROM " . _VMS_ . "_reloads WHERE ip = '" . $system['ip'] . "' and tan = 'bettelaufruf' and bis >= " . time() . " LIMIT 1");
- if (!mysql_num_rows($reloadcheck)) {
+ if (!($reloadcheck->rowCount() )) {
$minimum = $pageconfig['min_betteln'];
$maximum = $pageconfig['max_betteln'];
srand((double)microtime() * 1000000);
$bettelsumme = rand($minimum * 100, $maximum * 100) / 100;
$new_reload = time() + $pageconfig['reload_betteln'];
- db_query("INSERT INTO " . $db_prefix . "_reloads (ip,uid,tan,bis) VALUES ('" . $ip . "','" . $_GET['ref'] . "','bettelaufruf','" . $new_reload . "')");
- db_query("UPDATE " . $db_prefix . "_kontodaten SET angebettelt =angebettelt + 1, bv = bv + " . $bettelsumme . ", kontostand = kontostand + '" . $bettelsumme . "' WHERE uid = '" . $_GET['ref'] . "'");
+
+ $sql = sql::$db->prepare("INSERT INTO " . _VMS_ . "_reloads (ip,uid,tan,bis) VALUES (?,?,?)");
+ $sql->execute(array( $system['ip'], $_GET['ref'], $new_reload ));
+
+ $sql = sql::$db->prepare("UPDATE " . _VMS_ . "_kontodaten SET angebettelt =angebettelt + 1, bv = bv + ?, kontostand = kontostand + ? WHERE uid = ?");
+ $sql->execute(array( $bettelsumme, $bettelsumme, $_GET['ref'] ));
refumsatz ($bettelsumme, $_GET['ref']);
rallysystem ($_GET['ref'], '6', $bettelsumme);
diff --git a/content/intern/aktivieren.php b/content/intern/aktivieren.php
index 646b21f..9de316c 100644
--- a/content/intern/aktivieren.php
+++ b/content/intern/aktivieren.php
@@ -2,12 +2,14 @@
if (!isset($_GET['ak'])) $_GET['ak'] = "";
$_GET['ak'] = addslashes ($_GET['ak']);
-$aktivierung = db_query('SELECT * FROM ' . $db_prefix . '_aktivierungen WHERE ak = "' . $_GET['ak'] . '" LIMIT 1');
+$sql = sql::$db->query('SELECT * FROM ' ._VMS_. '_aktivierungen WHERE ak = "' . $_GET['ak'] . '" LIMIT 1');
+$aktivierung = $sql->fetch();
-if (mysql_num_rows($aktivierung)) {
- $aktivieren = mysql_fetch_array($aktivierung);
- db_query("UPDATE " . $db_prefix . "_kontodaten SET status = '1' WHERE uid = '" . $aktivieren['uid'] . "' AND status = '0' LIMIT 1");
- db_query("DELETE FROM " . $db_prefix . "_aktivierungen WHERE ak = '" . $_GET['ak'] . "' LIMIT 1");
+if ($aktivierung) {
+ $sql = sql::$db->prepare("UPDATE "._VMS_."_kontodaten SET status = '1' WHERE uid = ? AND status = '0' LIMIT 1");
+ $sql -> execute(array($aktivierung['uid']));
+ $sql = sql::$db->prepare("DELETE FROM "._VMS_."_aktivierungen WHERE ak = ? LIMIT 1");
+ $sql -> execute(array($_GET['ak']));
head($system['seitenname']." - Accountaktivierung!");
echo 'Die Aktivierung Deines Accounts bei '.$system['seitenname'].' war erfolgreich,
diff --git a/content/intern/anmelden.php b/content/intern/anmelden.php
index a9fd3a4..00094f5 100644
--- a/content/intern/anmelden.php
+++ b/content/intern/anmelden.php
@@ -28,15 +28,16 @@ if ($_POST['anmelden'] == "Jetzt anmelden!") {
if (!filter_var($_POST['emailadresse'], FILTER_VALIDATE_EMAIL)) $error .= 'Der Emailsyntax ist falsch!<br>';
if ($_POST['passwort_1'] != $_POST['passwort_2']) $error .= 'Passwörter stimmen nicht überein!<br>';
if (strlen($_POST['passwort_1']) < 8) $error .= 'Passwortlänge muss min. 8 Zeichen haben<br>';
- if ($_POST['agb'] != "ja") $error .= 'Du musst die AGBs bestädigen!<br>';
+ if ($_POST['agb'] != "ja") $error .= 'Du musst die AGBs bestätigen!<br>';
// User mit der Datenbank abgleichen
if (!$error) {
- $_POST['nickname'] = mysql_real_escape_string($_POST['nickname']);
- $nickname_check = db_query ("SELECT `nickname` FROM " . $db_prefix . "_userdaten WHERE nickname='" . $_POST['nickname'] . "'");
- $mail_check = db_query ("SELECT `emailadresse` FROM " . $db_prefix . "_emaildaten WHERE emailadresse='" . $_POST['emailadresse'] . "'");
+ $sql = sql::$db->query("SELECT `nickname` FROM " ._VMS_. "_userdaten WHERE nickname='" . $_POST['nickname'] . "'");
+ $nickname_check = $sql -> fetch();
+ $sql = sql::$db->query("SELECT `emailadresse` FROM " ._VMS_. "_emaildaten WHERE emailadresse='" . $_POST['emailadresse'] . "'");
+ $mail_check = $sql -> fetch();
- if (mysql_num_rows($mail_check)) $error .= 'Diese Emailadresse ist schon im System!<br>';
- if (mysql_num_rows($nickname_check)) $error .= 'Der Nickname ist schon vergeben!<br>';
+ if ($mail_check) $error .= 'Diese Emailadresse ist schon im System!<br>';
+ if ($nickname_check) $error .= 'Der Nickname ist schon vergeben!<br>';
}
// User eintragen
if (!$error) {
@@ -44,14 +45,20 @@ if ($_POST['anmelden'] == "Jetzt anmelden!") {
if ($_POST['newsletter'] == 1 and $_POST['paidmails'] == 0) $mailstatus = 1;
if ($_POST['newsletter'] == 0 and $_POST['paidmails'] == 1) $mailstatus = 2;
if ($_POST['newsletter'] == 1 and $_POST['paidmails'] == 1) $mailstatus = 3;
- db_query("INSERT INTO " . $db_prefix . "_kontodaten (passwort,status,hinweis,kontostand) VALUES ('" . md5($_POST['passwort_1']) . "','0','','0')");
- $uid = mysql_insert_id();
- if ($_SESSION['werber'] == $uid) $_SESSION['werber'] = 0;
- db_query("INSERT INTO " . $db_prefix . "_emaildaten (uid,emailadresse,freigabe_fuer) VALUES ('" . $uid . "','" . $_POST['emailadresse'] . "','" . $mailstatus . "')");
- db_query("INSERT INTO " . $db_prefix . "_userdaten (uid,nickname,vorname,nachname,angemeldet_seit) VALUES ('" . $uid . "','" . $_POST['nickname'] . "','" . $_POST['vorname'] . "','" . $_POST['nachname'] . "','" . time() . "')");
- db_query("INSERT INTO " . $db_prefix . "_werberdaten (uid,werber,umsatz,zuordnungszeit) VALUES ('" . $uid . "','" . $_SESSION['werber'] . "','0','" . time() . "')");
- $ak = md5($_POST['uid'] . '' . time());
- db_query("INSERT INTO " . $db_prefix . "_aktivierungen (uid,ak) VALUES ('" . $uid . "','" . $ak . "')");
+
+ $sql = sql::$db->prepare("INSERT INTO "._VMS_."_kontodaten (passwort,status,hinweis,kontostand) VALUES (?,?,?,?)");
+ $sql->execute(array(md5($_POST['passwort_1']),'0','','0'));
+ $uid = sql::$db->lastInsertId();
+
+ $sql = sql::$db->prepare("INSERT INTO "._VMS_."_emaildaten (uid,emailadresse,freigabe_fuer) VALUES (?,?,?)");
+ $sql->execute(array($uid, $_POST['emailadresse'],$mailstatus));
+
+ $sql = sql::$db->prepare("INSERT INTO " ._VMS_. "_userdaten (uid,nickname,vorname,nachname,angemeldet_seit) VALUES (?,?,?,?,?)");
+ $sql->execute(array($uid, $_POST['nickname'], $_POST['vorname'], $_POST['nachname'], time() ));
+
+ $ak = md5($uid . '' . time());
+ $sql = sql::$db->prepare("INSERT INTO " ._VMS_. "_aktivierungen (uid,ak) VALUES (?,?)");
+ $sql->execute(array($uid, $ak));
$email_message = 'Hallo ' . $_POST['nickname'] . ',
Du hast Dich soeben erfolgreich bei ' . $system['seitenname'] . ' angemeldet.
diff --git a/content/konto/auszahlen.php b/content/konto/auszahlen.php
index fce07ef..afa96af 100644
--- a/content/konto/auszahlen.php
+++ b/content/konto/auszahlen.php
@@ -9,24 +9,26 @@ if(!isset($auszahlmeldung)) $auszahlmeldung = "";
$tag = strtotime("".date("m")."/".date("d")."/".date("Y")." 0 hours 0 minutes 0 seconds");
-$schnittstellen_res = db_query("SELECT t1.*, t2.* FROM vms_multi_konten t2
- LEFT JOIN ".$db_prefix."_schnittstelle t1 ON t1.schnittstelle=t2.waehrung
+$sql = sql::$db->query("SELECT t1.*, t2.* FROM "._VMS_."_multi_konten t2
+ LEFT JOIN "._VMS_."_schnittstelle t1 ON t1.schnittstelle=t2.waehrung
WHERE t2.uid=".$_SESSION['uid']." AND t1.aktiv >=2 ");
-while($_temp = mysql_fetch_assoc($schnittstellen_res)){
+while($_temp = $sql->fetchAll() ){
$schnittstellen[] = $_temp;
$erlaubte_schnittstellen[] = $_temp['schnittstelle'];
}
-$kontodaten = mysql_fetch_array(db_query("SELECT `kontostand` FROM ".$db_prefix."_kontodaten WHERE uid=".$_SESSION['uid']." LIMIT 1"));
+$sql = sql::$db->query("SELECT `kontostand` FROM "._VMS_."_kontodaten WHERE uid=".$_SESSION['uid']." LIMIT 1");
+$kontodaten = $sql->fetch();
if(isset($_POST['waehrung']) && $_POST['auszahlen'] == 'Auszahlen' && $_POST['uid_passwort'] && $_POST['trans_menge'] && in_array($_POST['waehrung'], $erlaubte_schnittstellen)){
- $schnittstelle_f = db_query("SELECT * FROM ".$db_prefix."_schnittstelle WHERE aktiv >=2 AND schnittstelle='".$_POST['waehrung']."' LIMIT 1");
- if(mysql_num_rows($schnittstelle_f) == 1){
- $schnittstelle = mysql_fetch_array($schnittstelle_f);
+ $schnittstelle_f = sql::$db->query("SELECT * FROM "._VMS_."_schnittstelle WHERE aktiv >=2 AND schnittstelle='".$_POST['waehrung']."' LIMIT 1");
+ if($schnittstelle_f->rowCount() == 1){
+ $schnittstelle = $schnittstelle_f->fetch();
if($schnittstelle['anfragen_user'] != 0){
- $s_verbrauch = mysql_num_rows(db_query("SELECT * FROM ".$db_prefix."_schnittstelle_anfragen WHERE uid='".$_SESSION['uid']."' AND zeit='".$tag."'"));
+ $sql = sql::$db->query("SELECT * FROM "._VMS_."_schnittstelle_anfragen WHERE uid='".$_SESSION['uid']."' AND zeit='".$tag."'");
+ $s_verbrauch = $sql->rowCount();
}else $s_verbrauch = 0;
if(filter_var($_POST['trans_menge'],FILTER_VALIDATE_FLOAT) and $_POST['trans_menge'] >= $schnittstelle['auszahlsumme']){
@@ -34,13 +36,17 @@ if(isset($_POST['waehrung']) && $_POST['auszahlen'] == 'Auszahlen' && $_POST['ui
$_POST['trans_menge'] /= $schnittstelle['punktewert'];
if($_POST['trans_menge'] <= $kontodaten['kontostand']){
if($schnittstelle['anfragen_user'] == 0 or $s_verbrauch <= $schnittstelle['anfragen_user']){
- $konto = mysql_fetch_assoc(db_query("SELECT kontoid FROM ".$db_prefix."_multi_konten WHERE uid=".$_SESSION['uid']." AND waehrung='".$_POST['waehrung']."' LIMIT 1"));
+ $sql = sql::$db->query("SELECT kontoid FROM "._VMS_."_multi_konten WHERE uid=".$_SESSION['uid']." AND waehrung='".$_POST['waehrung']."' LIMIT 1");
+ $konto = $sql->fetchAll();
$buchungs_id = create_code(14);
if($konto['kontoid'] != 0){
require_once("lib/schnittstellen/".$schnittstelle['schnittstelle'].".php");
auszahlen($schnittstelle['betreiber_id'], $schnittstelle['betreiber_passwort'], $konto['kontoid'], $_POST['uid_passwort'], $schnittstelle['betreiber_kennung'], $azs, $schnittstelle['auszahltext'], '');
}
- if($schnittstelle['anfragen_user'] != 0) db_query("INSERT INTO ".$db_prefix."_schnittstelle_anfragen (zeit,uid) VALUES ('".$tag."','".$_SESSION['uid']."')");
+ if($schnittstelle['anfragen_user'] != 0) {
+ $sql = sql::$db->prepare("INSERT INTO "._VMS_."_schnittstelle_anfragen (zeit,uid) VALUES (?,?)");
+ $sql->execute(array( $tag, $_SESSION['uid'] ));
+ }
if($error){
$auszahlmeldung = $trans_ausgabe;
}else{
@@ -75,16 +81,18 @@ head("Auszahlen"); ?>
<?php foot();
if(isset($_POST['waehrung']) && in_array($_POST['waehrung'], $erlaubte_schnittstellen)){
- $schnittstelle = mysql_fetch_array(db_query("SELECT * FROM ".$db_prefix."_schnittstelle WHERE aktiv >= 2 AND schnittstelle='".$_POST['waehrung']."' LIMIT 1 "));
+ $sql = sql::$db->query("SELECT * FROM "._VMS_."_schnittstelle WHERE aktiv >= 2 AND schnittstelle='".$_POST['waehrung']."' LIMIT 1 ");
+ $schnittstelle = $sql->fetch();
head("Auszahlen"); ?>
<form action="" method="post">
<input type="hidden" name="waehrung" value="<?php echo $_POST['waehrung']; ?>">
<?php
- $multi_kontoida = db_query("SELECT kontoid FROM ".$db_prefix."_multi_konten WHERE uid=".$_SESSION['uid']." AND waehrung='".$_POST['waehrung']."' LIMIT 1");
- if(mysql_num_rows($multi_kontoida) == 0){
+ $multi_kontoida = sql::$db->query("SELECT kontoid FROM "._VMS_."_multi_konten WHERE uid=".$_SESSION['uid']." AND waehrung='".$_POST['waehrung']."' LIMIT 1");
+ if($multi_kontoida->rowCount() == 0){
echo 'Bitte lege im Userprofil deine Konto-ID fest.';
}else{
- $multi_kontoid = mysql_fetch_array($multi_kontoida); ?>
+ $multi_kontoid = $multi_kontoida->fetch();
+ ?>
<table width="100%" border="0" cellpadding="2" cellspacing="2">
<tr>
<td align="left" width="55%">Kontonummer der ausgewählten Währung</td>
diff --git a/content/konto/buchungen.php b/content/konto/buchungen.php
index c863a65..ce2b8ac 100644
--- a/content/konto/buchungen.php
+++ b/content/konto/buchungen.php
@@ -9,8 +9,9 @@
<td align="center"><b>Verwendungszweck</b></td>
</tr>
<?php
-$buchungen_lesen = db_query("SELECT * FROM ".$db_prefix."_buchungen WHERE uid=".$_SESSION['uid']." ORDER BY buchungszeit DESC LIMIT 50");
-while ($buchung_schreiben = mysql_fetch_array($buchungen_lesen)) {
+$i = 0;
+$buchungen_lesen = sql::$db->query ("SELECT * FROM `" . _VMS_ . "_buchungen` WHERE uid=".$_SESSION['uid']." ORDER BY buchungszeit DESC LIMIT 50");
+while ($buchung_schreiben = $buchungen_lesen->fetch()) {
$i++;
$buchcolor = $system['positiv_farbe'];
if ($buchung_schreiben['buchungsmenge'] < 0) $buchcolor=$system['negativ_farbe'];
diff --git a/content/konto/einzahlen.php b/content/konto/einzahlen.php
index 2277358..da34b7a 100644
--- a/content/konto/einzahlen.php
+++ b/content/konto/einzahlen.php
@@ -9,38 +9,44 @@ if(!isset($einzahlmeldung)) $einzahlmeldung = "";
$tag = strtotime("".date("m")."/".date("d")."/".date("Y")." 0 hours 0 minutes 0 seconds");
-$schnittstellen_res = db_query("SELECT t1.*, t2.* FROM vms_multi_konten t2
- LEFT JOIN ".$db_prefix."_schnittstelle t1 ON t1.schnittstelle=t2.waehrung
+$schnittstellen_res = sql::$db->query("SELECT t1.*, t2.* FROM "._VMS_."_multi_konten t2
+ LEFT JOIN "._VMS_."_schnittstelle t1 ON t1.schnittstelle=t2.waehrung
WHERE t2.uid=".$_SESSION['uid']." AND (t1.aktiv = 1 OR t1.aktiv = 3)");
-while($_temp = mysql_fetch_assoc($schnittstellen_res)){
+while($_temp = $schnittstellen_res->fetch() ){
$schnittstellen[] = $_temp;
$erlaubte_schnittstellen[] = $_temp['schnittstelle'];
}
-$kontodaten = mysql_fetch_array(db_query("SELECT `kontostand` FROM ".$db_prefix."_kontodaten WHERE uid=".$_SESSION['uid']." LIMIT 1"));
+$sql = sql::$db->query("SELECT `kontostand` FROM "._VMS_."_kontodaten WHERE uid=".$_SESSION['uid']." LIMIT 1");
+$kontodaten = $sql->fetch();
if(isset($_POST['waehrung']) && $_POST['einzahlen'] == 'Einzahlen' && $_POST['uid_passwort'] && $_POST['trans_menge'] && in_array($_POST['waehrung'], $erlaubte_schnittstellen)){
- $schnittstelle_f = db_query("SELECT * FROM ".$db_prefix."_schnittstelle WHERE (aktiv = 1 OR aktiv= 3) AND schnittstelle='".$_POST['waehrung']."' LIMIT 1");
- if(mysql_num_rows($schnittstelle_f) == 1){
- $schnittstelle = mysql_fetch_array($schnittstelle_f);
+ $schnittstelle_f = sql::$db->query("SELECT * FROM "._VMS_."_schnittstelle WHERE (aktiv = 1 OR aktiv= 3) AND schnittstelle='".$_POST['waehrung']."' LIMIT 1");
+ if($schnittstelle_f->rowCount() == 1){
+ $schnittstelle = $schnittstelle_f->fetch();;
if($schnittstelle['anfragen_user'] != 0){
- $s_verbrauch = mysql_num_rows(db_query("SELECT * FROM ".$db_prefix."_schnittstelle_anfragen WHERE uid='".$_SESSION['uid']."' AND zeit='".$tag."'"));
+ $sql = sql::$db->query("SELECT * FROM "._VMS_."_schnittstelle_anfragen WHERE uid='".$_SESSION['uid']."' AND zeit='".$tag."'");
+ $s_verbrauch = $sql->rowCount();
}else $s_verbrauch = 0;
$betragu = floor($_POST['trans_menge'] / $schnittstelle['wertepunkt']);
- $einzahlgrenze = mysql_fetch_array(db_query("SELECT `einzahlgrenze` FROM ".$db_prefix."_seitenkonfig LIMIT 1"));
+ $sql = sql::$db->query("SELECT `einzahlgrenze` FROM "._VMS_."_seitenkonfig LIMIT 1");
+ $einzahlgrenze = $sql->fetch();
if(filter_var($_POST['trans_menge'],FILTER_VALIDATE_FLOAT) and $_POST['trans_menge'] >= $schnittstelle['einzahlsumme'] and ($kontodaten['kontostand'] + ($_POST['trans_menge'] / $schnittstelle['wertepunkt'])) <= $einzahlgrenze['einzahlgrenze']){
if($schnittstelle['anfragen_user'] == 0 or $s_verbrauch < $schnittstelle['anfragen_user']){
- $konto = mysql_fetch_assoc(db_query('SELECT kontoid FROM vms_multi_konten WHERE uid='.$_SESSION['uid'].' AND waehrung=\''.$_POST['waehrung'].'\' LIMIT 1'));
+ $sql = sql::$db->prepare("SELECT kontoid FROM vms_multi_konten WHERE uid=? AND waehrung=? LIMIT 1");
+ $sql->execute(array($_SESSION['uid'], $_POST['waehrung']));
+ $konto = $sql->fetch(PDO::FETCH_ASSOC);
$buchungs_id = create_code(14);
if($konto['kontoid'] != 0){
require_once("lib/schnittstellen/".$schnittstelle['schnittstelle'].".php");
einzahlen($schnittstelle['betreiber_id'], $schnittstelle['betreiber_passwort'], $konto['kontoid'], $_POST['uid_passwort'], $schnittstelle['betreiber_kennung'], $_POST['trans_menge'], $schnittstelle['einzahltext'], '');
}
if($schnittstelle['anfragen_user'] != 0)
- db_query("INSERT INTO ".$db_prefix."_schnittstelle_anfragen (zeit,uid) VALUES ('".$tag."','".$_SESSION['uid']."')");
+ $sql = sql::$db->prepare("INSERT INTO "._VMS_."_schnittstelle_anfragen (zeit,uid) VALUES (?,?)");
+ $sql->execute(array($tag, $_SESSION['uid']));
if($error){
$einzahlmeldung = $trans_ausgabe;
}else{
@@ -69,18 +75,22 @@ head("Einzahlen"); ?>
<p align="center"><input type="submit" name="b1" value="Auswählen"/></p>
</form>
<br>
-<?php foot();
+<?php
+if ($c == 0) {echo '<center>Keine Konten gefunden. Bitte schalte in deinem Userprofil externe Accounts frei.</center>'; }
+foot();
if(isset($_POST['waehrung']) && in_array($_POST['waehrung'], $erlaubte_schnittstellen)){
- $schnittstelle = mysql_fetch_array(db_query("SELECT * FROM ".$db_prefix."_schnittstelle WHERE (aktiv = 1 OR aktiv= 3) AND schnittstelle='".$_POST['waehrung']."' LIMIT 1 "));
+ $sql = sql::$db->query("SELECT * FROM "._VMS_."_schnittstelle WHERE (aktiv = 1 OR aktiv= 3) AND schnittstelle='".$_POST['waehrung']."' LIMIT 1 ");
+ $schnittstelle = $sql->fetch();
head("Einzahlen"); ?>
<form action="" method="post">
<input type="hidden" name="waehrung" value="<?php echo $_POST['waehrung']; ?>"/>
- <?php $multi_kontoida = db_query('SELECT kontoid FROM vms_multi_konten WHERE uid='.$_SESSION['uid'].' AND waehrung=\''.$_POST['waehrung'].'\' LIMIT 1');
- if(mysql_num_rows($multi_kontoida) == 0){
+ <?php
+ $multi_kontoida = sql::$db->query("SELECT kontoid FROM "._VMS_."_multi_konten WHERE uid=".$_SESSION['uid']." AND waehrung='".$_POST['waehrung']."' LIMIT 1");
+ if($multi_kontoida->rowCount() == 0){
echo 'Bitte lege im Userprofil deine Konto-ID fest.';
}else{
- $multi_kontoid = mysql_fetch_array($multi_kontoida); ?>
+ $multi_kontoid = $multi_kontoida->fetch();?>
<table width="100%" border="0" cellpadding="2" cellspacing="2">
<tr>
<td align="left" width="55%">Kontonummer der ausgewählten Währung</td>
diff --git a/content/konto/refdetails.php b/content/konto/refdetails.php
index 01f1023..7dd634d 100644
--- a/content/konto/refdetails.php
+++ b/content/konto/refdetails.php
@@ -10,48 +10,48 @@ $ebene3 = 0;
$_GET['ruid'] = (int)$_GET['ruid'];
if ($_GET['reset'] == 'true') {
-db_query("UPDATE ".$db_prefix."_werberdaten SET
+$sql = sql::$db->prepare("UPDATE "._VMS_."_werberdaten SET
resetzeit = '".time()."',
reset = 0
-WHERE uid='".$_GET['ruid']."' and werber='".$_SESSION['uid']."' LIMIT 1");
+WHERE uid=? and werber=? LIMIT 1");
+$sql->execute(array( $_GET['ruid'], $_SESSION['uid'] ));
}
if ($_POST['save'] == 'Save' && $_POST['refback'] >= 0 && $_POST['refback'] <= 100 && filter_var($_POST['refback'],FILTER_VALIDATE_INT)) {
-db_query("UPDATE ".$db_prefix."_werberdaten SET
- refback = '".$_POST['refback']."'
-WHERE uid='".$_GET['ruid']."' and werber='".$_SESSION['uid']."' LIMIT 1");
+$sql = sql::$db->prepare("UPDATE "._VMS_."_werberdaten SET
+ refback = ? WHERE uid=? and werber=? LIMIT 1");
+$sql->execute(array( $_POST['refback'], $_GET['ruid'], $_SESSION['uid'] ));
}
-
-$ref_check = db_query("SELECT w.uid,w.umsatz,w.reset,w.resetzeit,w.gesamt,w.refback,w.aktivzeit,w.zuordnungszeit,k.loginzeit,u.nickname FROM
- ".$db_prefix."_werberdaten w
- LEFT JOIN ".$db_prefix."_kontodaten k ON k.uid = w.uid
- LEFT JOIN ".$db_prefix."_userdaten u ON u.uid = k.uid
+$ref_check = sql::$db->query("SELECT w.uid,w.umsatz,w.reset,w.resetzeit,w.gesamt,w.refback,w.aktivzeit,w.zuordnungszeit,k.loginzeit,u.nickname FROM
+ "._VMS_."_werberdaten w
+ LEFT JOIN "._VMS_."_kontodaten k ON k.uid = w.uid
+ LEFT JOIN "._VMS_."_userdaten u ON u.uid = k.uid
WHERE w.uid=".$_GET['ruid']." and w.werber=".$_SESSION['uid']." LIMIT 1");
-if (!mysql_num_rows($ref_check)) {
+if (!$ref_check->rowCount() ) {
@include_once('content/error/kein_ref.php');
@include_once('lib/footer.php');
die();
}
-$refuser = mysql_fetch_assoc($ref_check);
+$refuser = $ref_check->fetchAll();
if ($refuser['aktivzeit'] >= (time()-(86400*7))) $refstatus = '<img src="./images/gruen.gif" width="15" height="15" border="0" alt="'.date("d.m.y - H:i",$refuser['aktivzeit']).'" align="absmiddle"> » User ist aktiv';
if ($refuser['aktivzeit'] < (time()-(86400*7))) $refstatus = '<img src="./images/gelb.gif" width="15" height="15" border="0" alt="'.date("d.m.y - H:i",$refuser['aktivzeit']).'" align="absmiddle"> » User seit 7 tagen inaktiv';
if ($refuser['aktivzeit'] <= (time()-(86400*30))) $refstatus = '<img src="./images/rot.gif" width="15" height="15" border="0" alt="'.date("d.m.y - H:i",$refuser['aktivzeit']).'" align="absmiddle"> » User seit 30 tagen inaktiv';
-$refebene_1 = db_query ("SELECT uid FROM ".$db_prefix."_werberdaten WHERE werber='".$_GET['ruid']."'");
-while ($anzeigen_1 = mysql_fetch_array($refebene_1)) {
+$refebene_1 = sql::$db->query("SELECT uid FROM "._VMS_."_werberdaten WHERE werber='".$_GET['ruid']."'");
+while ($anzeigen_1 = $refebene_1->fetch() ) {
$ebene2++;
}
if ($ebene2 > 0){
- $refebene_1 = db_query ("SELECT uid FROM ".$db_prefix."_werberdaten WHERE werber='".$_GET['ruid']."'");
- while ($anzeigen_1 = mysql_fetch_array($refebene_1)) {
- $refebene_2 = db_query ("SELECT * FROM ".$db_prefix."_werberdaten WHERE werber='".$anzeigen_1['uid']."' ORDER BY uid ASC");
- while ($anzeigen_2 = mysql_fetch_array($refebene_2)) {
+ $refebene_1 = sql::$db->query ("SELECT uid FROM "._VMS_."_werberdaten WHERE werber='".$_GET['ruid']."'");
+ while ($anzeigen_1 = $refebene_1->fetch() ) {
+ $refebene_2 = sql::$db->query ("SELECT * FROM "._VMS_."_werberdaten WHERE werber='".$anzeigen_1['uid']."' ORDER BY uid ASC");
+ while ($anzeigen_2 = $refebene_2->fetch() ) {
$ebene3++;
}
}
diff --git a/content/konto/refuebersicht.php b/content/konto/refuebersicht.php
index 4451d75..d19d034 100644
--- a/content/konto/refuebersicht.php
+++ b/content/konto/refuebersicht.php
@@ -4,14 +4,14 @@ $ebene_1 = false;
$ebene_2 = false;
$ebene_3 = false;
-$ebene1 = db_query("SELECT werber.*, u.nickname, k.last_active FROM
- ".$db_prefix."_werberdaten AS werber
- LEFT JOIN ".$db_prefix."_userdaten AS u ON u.uid = werber.uid
- LEFT JOIN ".$db_prefix."_kontodaten AS k ON k.uid = werber.uid
+$ebene1 = sql::$db->query("SELECT werber.*, u.nickname, k.last_active FROM
+ "._VMS_."_werberdaten AS werber
+ LEFT JOIN "._VMS_."_userdaten AS u ON u.uid = werber.uid
+ LEFT JOIN "._VMS_."_kontodaten AS k ON k.uid = werber.uid
WHERE werber.werber=".$_SESSION['uid']." ORDER BY u.nickname ASC");
-if (mysql_num_rows($ebene1)){
- while ($user1 = mysql_fetch_assoc($ebene1)){
+if ($ebene1->rowCount() ){
+ while ($user1 = $ebene1->fetchAll() ){
$ebene_1 = true;
$count++;
if ($count % 2 == 0){$row = 0;}else{$row = 1;}
@@ -30,13 +30,13 @@ if (mysql_num_rows($ebene1)){
<td align="center">'.$refstatus.'</td>
</tr>
';
-$ebene2 = db_query("SELECT werber.*, u.nickname, k.last_active FROM
- ".$db_prefix."_werberdaten AS werber
- LEFT JOIN ".$db_prefix."_userdaten AS u ON u.uid = werber.uid
- LEFT JOIN ".$db_prefix."_kontodaten AS k ON k.uid = werber.uid
+$ebene2 = sql::$db->query("SELECT werber.*, u.nickname, k.last_active FROM
+ "._VMS_."_werberdaten AS werber
+ LEFT JOIN "._VMS_."_userdaten AS u ON u.uid = werber.uid
+ LEFT JOIN "._VMS_."_kontodaten AS k ON k.uid = werber.uid
WHERE werber.werber=".$user1['uid']." ORDER BY u.nickname ASC");
- while ($user2 = mysql_fetch_assoc($ebene2)){
+ while ($user2 = $ebene2->fetchAll() ){
$ebene_2 = true;
$count++;
if ($count % 2 == 0){$row = 0;}else{$row = 1;}
@@ -55,13 +55,13 @@ $ebene2 = db_query("SELECT werber.*, u.nickname, k.last_active FROM
</tr>
';
-$ebene3 = db_query("SELECT werber.*, u.nickname, k.last_active FROM
- ".$db_prefix."_werberdaten AS werber
- LEFT JOIN ".$db_prefix."_userdaten AS u ON u.uid = werber.uid
- LEFT JOIN ".$db_prefix."_kontodaten AS k ON k.uid = werber.uid
+$ebene3 = sql::$db->query("SELECT werber.*, u.nickname, k.last_active FROM
+ "._VMS_."_werberdaten AS werber
+ LEFT JOIN "._VMS_."_userdaten AS u ON u.uid = werber.uid
+ LEFT JOIN "._VMS_."_kontodaten AS k ON k.uid = werber.uid
WHERE werber.werber=".$user2['uid']." ORDER BY u.nickname ASC");
- while ($user3 = mysql_fetch_assoc($ebene3)){
+ while ($user3 = $ebene3->fetchAll() ){
$ebene_3 = true;
$count++;
if ($count % 2 == 0){$row = 0;}else{$row = 1;}
diff --git a/content/konto/uebersicht.php b/content/konto/uebersicht.php
index 84f04f6..c5050a9 100644
--- a/content/konto/uebersicht.php
+++ b/content/konto/uebersicht.php
@@ -1,11 +1,11 @@
<?php userstatus();
-$sql = db_query("SELECT u.nickname,u.vorname,u.nachname,u.angemeldet_seit,w.werber,w.umsatz,w.gesamt,w.refback,k.kontostand,k.klicks,k.kv,k.angebettelt,k.bv FROM
- ".$db_prefix."_kontodaten k
- LEFT JOIN ".$db_prefix."_userdaten u ON u.uid = k.uid
- LEFT JOIN ".$db_prefix."_werberdaten w ON w.uid = k.uid
+$sql = sql::$db->query("SELECT u.nickname,u.vorname,u.nachname,u.angemeldet_seit,w.werber,w.umsatz,w.gesamt,w.refback,k.kontostand,k.klicks,k.kv,k.angebettelt,k.bv
+FROM "._VMS_."_kontodaten k
+LEFT JOIN "._VMS_."_userdaten u ON u.uid = k.uid
+LEFT JOIN "._VMS_."_werberdaten w ON w.uid = k.uid
WHERE k.uid=".$_SESSION['uid']." LIMIT 1");
-$kontoinfo = mysql_fetch_array($sql);
+$kontoinfo = $sql -> fetch();
if ($kontoinfo['werber'] == 0) $kontoinfo['werber'] = '<i>Kein Werber</i>';
diff --git a/content/konto/userprofil.php b/content/konto/userprofil.php
index 4f0620a..6001f2b 100644
--- a/content/konto/userprofil.php
+++ b/content/konto/userprofil.php
@@ -14,17 +14,17 @@ if (!isset($mailstatus)) $mailstatus = "";
if (!isset($delchange)) $delchange = "";
if ($_POST['acc_del'] == 'Jetzt löschen!' && $_POST['del_passwort']) {
- $schnittstelle = mysql_fetch_array(db_query("SELECT `passwort` FROM " . $db_prefix . "_kontodaten LIMIT 1")) or die("Userinfo");
+ $schnittstelle = mysql_fetch_array(db_query("SELECT `passwort` FROM " . _VMS_ . "_kontodaten LIMIT 1")) or die("Userinfo");
if ($schnittstelle['passwort'] != md5($_GET['del_passwort'])) {
echo 'Passwort falsch';
} else {
$sperrzeit = time() + (86400 * 30);
- db_query("DELETE FROM " . $db_prefix . "_kontodaten WHERE uid=" . $_SESSION['uid'] . "");
- db_query("DELETE FROM " . $db_prefix . "_emaildaten WHERE uid=" . $_SESSION['uid'] . "");
- db_query("DELETE FROM " . $db_prefix . "_userdaten WHERE uid=" . $_SESSION['uid'] . "");
- db_query("DELETE FROM " . $db_prefix . "_werberdaten WHERE uid=" . $_SESSION['uid'] . "");
- db_query("UPDATE " . $db_prefix . "_werberdaten SET werber = 0 WHERE werber=" . $_SESSION['uid'] . "");
- db_query ('DELETE FROM ' . $db_prefix . '_admin_abuse WHERE uid = ' . $_SESSION['uid']);
+ db_query("DELETE FROM " . _VMS_ . "_kontodaten WHERE uid=" . $_SESSION['uid'] . "");
+ db_query("DELETE FROM " . _VMS_ . "_emaildaten WHERE uid=" . $_SESSION['uid'] . "");
+ db_query("DELETE FROM " . _VMS_ . "_userdaten WHERE uid=" . $_SESSION['uid'] . "");
+ db_query("DELETE FROM " . _VMS_ . "_werberdaten WHERE uid=" . $_SESSION['uid'] . "");
+ db_query("UPDATE " . _VMS_ . "_werberdaten SET werber = 0 WHERE werber=" . $_SESSION['uid'] . "");
+ db_query ('DELETE FROM ' . _VMS_ . '_admin_abuse WHERE uid = ' . $_SESSION['uid']);
db_query ('DELETE FROM vms_buchungen WHERE uid = ' . $_SESSION['uid']);
db_query ('DELETE FROM vms_reloads WHERE uid = ' . $_SESSION['uid']);
db_query ('DELETE FROM vms_schnittstelle_anfragen WHERE uid = ' . $_SESSION['uid']);
@@ -37,7 +37,7 @@ if ($_POST['aendern'] == 'Jetzt ändern!') {
if ($_POST['pwd'] && $_POST['pwd2']) {
if ($_POST['pwd'] == $_POST['pwd2']) {
if (strlen($_POST['pwd']) >= 8) {
- db_query("UPDATE " . $db_prefix . "_kontodaten SET passwort = '" . md5($_POST['pwd']) . "' WHERE uid=" . $_SESSION['uid'] . "");
+ db_query("UPDATE " . _VMS_ . "_kontodaten SET passwort = '" . md5($_POST['pwd']) . "' WHERE uid=" . $_SESSION['uid'] . "");
echo '<meta http-equiv="refresh" content="0; URL=http://' . $_SERVER['HTTP_HOST'] . '/?content=/intern/startseite&logout=true">';
// $change .= 'Das Passwort wurde geändert!<br><b><font color="#FF0000">Bitte logge Dich jetzt aus und wieder neu ein!</font></b><br>';
} else {
@@ -52,14 +52,14 @@ if ($_POST['aendern'] == 'Jetzt ändern!') {
if ($_POST['aendern'] == 'Jetzt ändern!') {
if (isset ($_POST['nickname'])) {
$nickname = mysql_real_escape_string(ucfirst($_POST['nickname']));
- $nickname_check = db_query ("SELECT `nickname` FROM " . $db_prefix . "_userdaten WHERE nickname='" . $nickname . "'");
- $nickname_check2 = db_query ("SELECT `nickname` FROM " . $db_prefix . "_userdaten WHERE nickname='" . $nickname . "'AND uid=" . $_SESSION['uid'] . "");
+ $nickname_check = db_query ("SELECT `nickname` FROM " . _VMS_ . "_userdaten WHERE nickname='" . $nickname . "'");
+ $nickname_check2 = db_query ("SELECT `nickname` FROM " . _VMS_ . "_userdaten WHERE nickname='" . $nickname . "'AND uid=" . $_SESSION['uid'] . "");
if (mysql_num_rows($nickname_check))
if (mysql_num_rows($nickname_check2)) {
} else {
$change = 'Dieser Nickname ist schon vergeben!<br>';
} else {
- db_query("UPDATE " . $db_prefix . "_userdaten SET nickname = '" . $nickname . "' WHERE uid=" . $_SESSION['uid'] . "");
+ db_query("UPDATE " . _VMS_ . "_userdaten SET nickname = '" . $nickname . "' WHERE uid=" . $_SESSION['uid'] . "");
}
}
}
@@ -71,13 +71,14 @@ if ($_POST['aendern'] == 'Jetzt ändern!') {
if ($_POST['newsletter'] == 0 and $_POST['paidmails'] == 1) $mailstatus = 2;
if ($_POST['newsletter'] == 1 and $_POST['paidmails'] == 1) $mailstatus = 3;
$_POST['max_forced'] = (int)$_POST['max_forced'];
- db_query("UPDATE " . $db_prefix . "_emaildaten SET freigabe_fuer = " . $mailstatus . ", emailadresse = '" . $_POST['emailadresse'] . "' WHERE uid=" . $_SESSION['uid'] . "");
- db_query("UPDATE " . $db_prefix . "_userdaten SET max_forced = '" . $_POST['max_forced'] . "' WHERE uid=" . $_SESSION['uid'] . "");
+ db_query("UPDATE " . _VMS_ . "_emaildaten SET freigabe_fuer = " . $mailstatus . ", emailadresse = '" . $_POST['emailadresse'] . "' WHERE uid=" . $_SESSION['uid'] . "");
+ db_query("UPDATE " . _VMS_ . "_userdaten SET max_forced = '" . $_POST['max_forced'] . "' WHERE uid=" . $_SESSION['uid'] . "");
$change .= 'Deine Daten wurden aktualisiert!<br>';
}
}
- $info = mysql_fetch_array(db_query("SELECT u.*,e.emailadresse,e.freigabe_fuer FROM " . $db_prefix . "_userdaten AS u LEFT JOIN " . $db_prefix . "_emaildaten AS e ON e.uid=u.uid WHERE u.uid=" . $_SESSION['uid'] . " LIMIT 1"));
+ $sql = sql::$db->query("SELECT u.*,e.emailadresse,e.freigabe_fuer FROM " . _VMS_ . "_userdaten AS u LEFT JOIN " . _VMS_ . "_emaildaten AS e ON e.uid=u.uid WHERE u.uid=" . $_SESSION['uid'] . " LIMIT 1");
+ $info = $sql->fetch();
if ($info['freigabe_fuer'] == 0) {
$newsletter = 0;
@@ -176,23 +177,28 @@ die Paidmails wenn Du keine haben möchtest!<br>
</table>
</form>
<?php foot();
- $moeglich = mysql_fetch_row(mysql_query('SELECT schnittstelle FROM ' . $db_prefix . '_schnittstelle WHERE aktiv > 0'));
+ $sql = sql::$db->query("SELECT schnittstelle FROM " . _VMS_ . "_schnittstelle WHERE aktiv > 0");
+ $moeglich = $sql->fetch(PDO::FETCH_NUM);
if ($moeglich != 0) {
head("Externe Konten");
if (isset($_POST['veri'])) {
- $schnittstelle = mysql_fetch_array(db_query("SELECT * FROM " . $db_prefix . "_schnittstelle WHERE schnittstelle='" . $_POST['schnittstelle'] . "' AND aktiv > 0 LIMIT 1"));
+ $schnittstelle = mysql_fetch_array(db_query("SELECT * FROM " . _VMS_ . "_schnittstelle WHERE schnittstelle='" . $_POST['schnittstelle'] . "' AND aktiv > 0 LIMIT 1"));
// User beim Betreiber prüfen
- db_query("INSERT INTO " . $db_prefix . "_schnittstelle_anfragen (zeit,uid) VALUES ('" . $tag . "'," . $_SESSION['uid'] . ")");
+ $sql = sql::$db->prepare("INSERT INTO " . _VMS_ . "_schnittstelle_anfragen (zeit,uid) VALUES (?,?)");
+ $sql->execute(array( $tag, $_SESSION['uid'] ));
require_once ("lib/schnittstellen/" . $schnittstelle['schnittstelle'] . ".php");
uservalidate ($schnittstelle['betreiber_id'], $schnittstelle['betreiber_passwort'], $_POST['veri_id'], $_POST['veri_pw']);
$error = $trans_ausgabe;
print_r($error);
- if (!$error) db_query("INSERT INTO " . $db_prefix . "_multi_konten (uid, kontoid, waehrung) VALUES( " . $_SESSION['uid'] . ", '" . $_POST['veri_id'] . "', '" . $_POST['schnittstelle'] . "') ON DUPLICATE KEY UPDATE kontoid='" . $_POST['veri_id'] . "'");
+ if (!$error) {
+ $sql = sql::$db->prepare("INSERT INTO " . _VMS_ . "_multi_konten (uid, kontoid, waehrung) VALUES(?,?,?) ON DUPLICATE KEY UPDATE kontoid='" . $_POST['veri_id'] . "'");
+ $sql->execute(array( $_SESSION['uid'], $_POST['veri_id'], $_POST['schnittstelle'] ));
+ }
}
- $moeglichkeiten_q = mysql_query('SELECT schnittstelle FROM ' . $db_prefix . '_schnittstelle WHERE aktiv > 0 AND schnittstelle NOT IN (SELECT waehrung AS schnittstelle FROM vms_multi_konten WHERE uid=' . $_SESSION['uid'] . ')');
+ $moeglichkeiten_q = sql::$db->query('SELECT schnittstelle FROM ' . _VMS_ . '_schnittstelle WHERE aktiv > 0 AND schnittstelle NOT IN (SELECT waehrung AS schnittstelle FROM vms_multi_konten WHERE uid=' . $_SESSION['uid'] . ')');
?>
<form action="" method="post">
@@ -201,7 +207,7 @@ die Paidmails wenn Du keine haben möchtest!<br>
<td>Konto:</td>
<td><select name="schnittstelle">
<?php
- while ($moeglichkeiten = mysql_fetch_array($moeglichkeiten_q)) { ?>
+ while ($moeglichkeiten = $moeglichkeiten_q->fetch() ) { ?>
<option value="<?php echo $moeglichkeiten['schnittstelle']; ?>"><?php echo $moeglichkeiten['schnittstelle']; ?></option>
<?php } ?>
</select>
@@ -224,8 +230,8 @@ die Paidmails wenn Du keine haben möchtest!<br>
Bereits verifiziert:<br />
<table>
<?php
- $veri = mysql_query('SELECT * FROM vms_multi_konten WHERE uid=' . $_SESSION['uid'] . '');
- while ($verid = mysql_fetch_array($veri)) { ?>
+ $veri = sql::$db->query('SELECT * FROM vms_multi_konten WHERE uid=' . $_SESSION['uid'] . '');
+ while ($verid = $veri->fetch() ) { ?>
<tr>
<td><?php echo $verid['waehrung']; ?>:</td>
<td><?php echo $verid['kontoid']; ?></td>
diff --git a/content/news.php b/content/news.php
index b471d1f..133d663 100644
--- a/content/news.php
+++ b/content/news.php
@@ -1,6 +1,6 @@
<?php
-//$sql = sql::$db->prepare ("UPDATE `" . _VMS_ . "_kontodaten` SET `news` = 0 WHERE `uid` = ? ");
-//$sql -> execute(array($_SESSION['uid']));
+$sql = sql::$db->prepare ("UPDATE `" . _VMS_ . "_kontodaten` SET `news` = 0 WHERE `uid` = ? ");
+$sql -> execute(array($_SESSION['uid']));
if (!isset($_GET['seite']) OR $_GET['seite'] == '') $_GET['seite'] = 1;
$start = $_GET['seite'] * 10 - 10;
diff --git a/content/nickpage.php b/content/nickpage.php
index 81ce1c6..192755b 100644
--- a/content/nickpage.php
+++ b/content/nickpage.php
@@ -1,8 +1,8 @@
<?php
$_GET['nick'] = addslashes($_GET['nick']);
-$sql = mysql_fetch_assoc(db_query("SELECT u.angemeldet_seit,k.klicks,k.kv,k.angebettelt,k.bv FROM ".$db_prefix."_kontodaten k LEFT JOIN ".$db_prefix."_userdaten u ON u.uid = k.uid WHERE u.nickname='".$_GET['nick']."' LIMIT 1"));
-
+$sql = sql::$db->query("SELECT u.angemeldet_seit,k.klicks,k.kv,k.angebettelt,k.bv FROM "._VMS_."_kontodaten k LEFT JOIN "._VMS_."_userdaten u ON u.uid = k.uid WHERE u.nickname='".$_GET['nick']."' LIMIT 1");
+$np = $sql->fetch(PDO::FETCH_ASSOC);
head("Nickpage von ".$_GET['nick']);
echo'<b>Angemeldet seit:</b> '.date("d.m.Y - H:i",$np['angemeldet_seit']).'<br>
<b>Paidbannerstatistik:</b> '.$np['klicks'].' Klicks | Verdienst: '.$np['kv'].'<br>
diff --git a/content/rallysystem.php b/content/rallysystem.php
index 9a04486..5eef6a3 100644
--- a/content/rallysystem.php
+++ b/content/rallysystem.php
@@ -1,9 +1,12 @@
<?php
// Variabeln
-$rallyname = mysql_real_escape_string($_GET['rally']);
+$rallyname = ($_GET['rally']);
$time = time();
// Ralleydaten auslesen
-$rally = mysql_fetch_array (db_query ('SELECT * FROM vms_rallydaten WHERE name = "' . $rallyname . '" LIMIT 1'));
+$sql = sql::$db->prepare ('SELECT * FROM '._VMS_.'_rallydaten WHERE name = :rallyname LIMIT 1');
+$sql -> bindParam(':rallyname', $rallyname, PDO::PARAM_STR);
+$sql -> execute();
+$rally = $sql->fetch();
function sectodays($secs) {
$days = intval($secs / (60 * 60 * 24));
@@ -98,7 +101,8 @@ if (in_array($_SESSION['uid'], $gesperrt)) {
}
if ($_SESSION['login'] == 'true') {
- $rallystand = mysql_fetch_array(db_query("SELECT punkte FROM vms_rallyuser WHERE uid=" . $_SESSION['uid'] . " and rally = '" . $rallyname . "' LIMIT 1"));
+ $sql = sql::$db->query("SELECT punkte FROM "._VMS_."_rallyuser WHERE uid=" . $_SESSION['uid'] . " and rally = '" . $rallyname . "' LIMIT 1");
+ $rallystand = $sql->fetch();
echo'<h2><font color="#010101">Du hast in der ' . $rallyname . '-Rally bereits ' . number_format($rallystand['punkte'], 0, ",", ".") . ' ' . $rally['ende_formulierung'] . '. (Danke)</font></h2><br>';
}
@@ -139,10 +143,10 @@ echo '
</thead>
<tbody>';
-$platz = db_query ('SELECT k.punkte,u.nickname,u.uid FROM vms_rallyuser k LEFT JOIN vms_userdaten u ON u.uid = k.uid WHERE k.rally = "' . $rallyname . '" AND k.ausgezahlt = "0" ORDER BY k.punkte DESC');
+$platz = sql::$db->query ('SELECT k.punkte,u.nickname,u.uid FROM '._VMS_.'_rallyuser k LEFT JOIN '._VMS_.'_userdaten u ON u.uid = k.uid WHERE k.rally = "' . $rallyname . '" AND k.ausgezahlt = "0" ORDER BY k.punkte DESC');
$rp = 1;
$gesperrt = explode(',', $rally['sperruser']);
-while ($pa = mysql_fetch_array($platz)) {
+while ($pa = $platz->fetch() ) {
if (!in_array($pa['uid'], $gesperrt)) {
if ($rally['gewinner_anzahl'] >= $rp) {
$mg = number_format(($rally['gewinn_topf'] / 100 * $rally['p' . $rp]), 2, ',', '.') . ' ' . $system['waehrung'];
diff --git a/content/verdienen/betteln4.php b/content/verdienen/betteln4.php
index 8e2f88b..9fcdddb 100644
--- a/content/verdienen/betteln4.php
+++ b/content/verdienen/betteln4.php
@@ -26,8 +26,8 @@ head('Die Top 25 Bettler');
</tr>
<?php
$rang = 1;
-$sql = db_query ('SELECT k.uid, k.angebettelt, k.bv, u.nickname FROM ' . $db_prefix . '_kontodaten k LEFT JOIN ' . $db_prefix . '_userdaten u ON u.uid = k.uid ORDER BY angebettelt DESC LIMIT 25');
-while ($user = mysql_fetch_array($sql)) {
+$sql = sql::$db->query('SELECT k.uid, k.angebettelt, k.bv, u.nickname FROM ' . _VMS_ . '_kontodaten k LEFT JOIN ' . _VMS_ . '_userdaten u ON u.uid = k.uid ORDER BY angebettelt DESC LIMIT 25');
+while ($user = $sql->fetch() ) {
$row = ($rang % 2 == 0) ? 0 : 1;
echo ' <tr class="tr_row' . $row . '">
<td align="right">' . $rang++ . '. </td>
diff --git a/content/verdienen/forcedbanner.php b/content/verdienen/forcedbanner.php
index c0649f2..be75053 100644
--- a/content/verdienen/forcedbanner.php
+++ b/content/verdienen/forcedbanner.php
@@ -1,15 +1,26 @@
<?php
userstatus ();
+
head ('Klickbanner');
- $fstats_gesamt = mysql_fetch_array(db_query('SELECT COUNT(t1.tan) AS ganzahl, SUM(t1.verdienst) AS gverdienst, SUM(t1.aufendhalt) AS gaufenthalt FROM '.$db_prefix.'_gebuchte_werbung t1
- LEFT JOIN vms_fb_blacklist AS t3 ON t3.kid = t1.kid AND t3.werbeart=t1.werbeart
- WHERE (t3.kid IS NULL OR LOCATE(t3.sponsor, t1.ziel) = 0) AND t1.werbeart = "forcedbanner" and t1.reload >= 100 AND t1.menge > 0 AND t1.status = 1 AND t1.verdienst >= 0 AND t1.sponsor != '.$_SESSION['uid'].''));
+ $sql = sql::$db->query('SELECT COUNT(t1.tan) AS ganzahl, SUM(t1.verdienst) AS gverdienst, SUM(t1.aufendhalt) AS gaufenthalt FROM '._VMS_.'_gebuchte_werbung t1
+ LEFT JOIN '._VMS_.'_fb_blacklist AS t3 ON t3.kid = t1.kid AND t3.werbeart=t1.werbeart
+ WHERE (t3.kid IS NULL OR LOCATE(t3.sponsor, t1.ziel) = 0) AND t1.werbeart = "forcedbanner" and t1.reload >= 100 AND t1.menge > 0 AND t1.status = 1 AND t1.verdienst >= 0 AND t1.sponsor != '.$_SESSION['uid'].'');
+ $fstats_gesamt = $sql->fetch();
+
+ $sql = sql::$db->query('SELECT COUNT(t1.tan) AS uanzahl, SUM(t1.verdienst) AS uverdienst FROM '._VMS_.'_gebuchte_werbung t1
+ LEFT JOIN '._VMS_.'_fb_blacklist AS t3 ON t3.kid = t1.kid AND t3.werbeart=t1.werbeart
+ LEFT JOIN '._VMS_.'_reloads t2 ON (t1.tan = t2.tan AND (t2.uid = '.$_SESSION['uid'].' OR t2.ip = "'.$system['ip'].'") AND t2.bis >= '.time().')
+ WHERE (t3.kid IS NULL OR LOCATE(t3.sponsor, t1.ziel) = 0) AND t2.tan IS NULL AND t1.werbeart = "forcedbanner" and t1.reload >= 100 AND t1.menge > 0 AND t1.status = 1 AND t1.verdienst >= 0 AND t1.sponsor != '.$_SESSION['uid'].'');
+ $fstats_uebrig = $sql->fetch();
- $fstats_uebrig = mysql_fetch_array(db_query('SELECT COUNT(t1.tan) AS uanzahl, SUM(t1.verdienst) AS uverdienst FROM '.$db_prefix.'_gebuchte_werbung t1
- LEFT JOIN vms_fb_blacklist AS t3 ON t3.kid = t1.kid AND t3.werbeart=t1.werbeart
- LEFT JOIN vms_reloads t2 ON (t1.tan = t2.tan AND (t2.uid = '.$_SESSION['uid'].' OR t2.ip = "'.$ip.'") AND t2.bis >= '.time().')
- WHERE (t3.kid IS NULL OR LOCATE(t3.sponsor, t1.ziel) = 0) AND t2.tan IS NULL AND t1.werbeart = "forcedbanner" and t1.reload >= 100 AND t1.menge > 0 AND t1.status = 1 AND t1.verdienst >= 0 AND t1.sponsor != '.$_SESSION['uid'].''));
- $uebriga=100/$fstats_gesamt['ganzahl']*$fstats_uebrig['uanzahl'];
+ if($fstats_gesamt['ganzahl'] == 0) {
+ $uebriga=0;
+ }else {
+ $uebriga=100/$fstats_gesamt['ganzahl']*$fstats_uebrig['uanzahl'];
+ }
+ if (!isset($fstats_gesamt['gverdienst'])) { $fstats_gesamt['gverdienst'] = "0"; }
+ if (!isset($fstats_uebrig['uverdienst'])) { $fstats_uebrig['uverdienst'] = "0"; }
+
$uebrig=number_format($uebriga,2,',','.');
$abgebaut= 100-$uebriga;
echo "<table cellspacing='4' cellpadding='0' width='100%'>
@@ -35,30 +46,32 @@ userstatus ();
jQuery('#fortschritt').progressbar({value: width});
jQuery('#fortschritt').append(jQuery('<div>').html('Noch ".$uebrig."% übrig ').css('position', 'relative').css('top', '-21px').css('width', '100%').css('font-size', '14px').attr('align', 'center').attr('id', 'fortschritttext'));
</script> ";
- $res = mysql_fetch_assoc (db_query ('SELECT r.bis FROM vms_reloads AS r
- LEFT JOIN vms_gebuchte_werbung AS ad ON (ad.tan = r.tan AND ad.status = 1 AND ad.werbeart = "forcedbanner" AND ad.sponsor != '.$_SESSION['uid'].')
+ $sql = sql::$db->query ('SELECT r.bis FROM '._VMS_.'_reloads AS r
+ LEFT JOIN '._VMS_.'_gebuchte_werbung AS ad ON (ad.tan = r.tan AND ad.status = 1 AND ad.werbeart = "forcedbanner" AND ad.sponsor != '.$_SESSION['uid'].')
WHERE r.uid = '.$_SESSION['uid'].' AND ad.tan IS NOT NULL AND r.bis > '.(time()).'
- ORDER BY r.bis ASC LIMIT 1'));
+ ORDER BY r.bis ASC LIMIT 1');
+ $res = $sql->fetch();
$zeit = ((($res['bis']-time()) >= 0) ? ($res['bis']-time()) : NULL );
if ($zeit != NULL){
echo '<center>Der nächste Banner kommt in '.ceil($zeit/60).' Minuten aus dem Reload!</center><hr><br>';
}else echo '<center>Kein Banner im Reload.</center><hr><br>';
-$usr = mysql_fetch_assoc (db_query ('SELECT max_forced FROM ' . $db_prefix . '_userdaten WHERE uid = ' . $_SESSION['uid'] . ' LIMIT 1'));
+$sql = sql::$db->query ('SELECT max_forced FROM ' . _VMS_ . '_userdaten WHERE uid = ' . $_SESSION['uid'] . ' LIMIT 1');
+$usr = $sql->fetch();
-$fbanner = db_query ('SELECT t1.*
- FROM ' . $db_prefix . '_gebuchte_werbung t1
- LEFT JOIN ' . $db_prefix . '_fb_blacklist AS t3 ON t3.kid = t1.kid AND t3.werbeart=t1.werbeart
- LEFT JOIN ' . $db_prefix . '_reloads t2
- ON (t1.tan = t2.tan AND (t2.uid = ' . $_SESSION['uid'] . ' OR t2.ip = "' . $ip . '") AND t2.bis >= ' . time() . ')
+$fbanner = sql::$db->query ('SELECT t1.*
+ FROM ' . _VMS_ . '_gebuchte_werbung t1
+ LEFT JOIN ' . _VMS_ . '_fb_blacklist AS t3 ON t3.kid = t1.kid AND t3.werbeart=t1.werbeart
+ LEFT JOIN ' . _VMS_ . '_reloads t2
+ ON (t1.tan = t2.tan AND (t2.uid = ' . $_SESSION['uid'] . ' OR t2.ip = "' . $system['ip'] . '") AND t2.bis >= ' . time() . ')
WHERE (t3.kid IS NULL OR LOCATE(t3.sponsor, t1.ziel) = 0) AND t2.tan IS NULL AND t1.werbeart = "forcedbanner" AND t1.menge > 0 AND t1.status = 1 AND t1.verdienst > 0 AND t1.sponsor != ' . $_SESSION['uid'] . ' ORDER BY t1.verdienst DESC LIMIT ' . $usr['max_forced']);
-while ($f_banner = mysql_fetch_assoc ($fbanner)) {
+while ($f_banner = $fbanner->fetch(PDO::FETCH_ASSOC) ) {
echo '<div align="center" id="banner_' . $f_banner['tan'] . '"><a href="top_forcedbanner.php?tan=' . $f_banner['tan'] . '" target="_blank"><img src="' . $f_banner['banner'] . '" border="0" height="60" width="468" alt="' . $f_banner['tan'] . '" onClick="document.getElementById(\'banner_' . $f_banner['tan'] . '\').style.display=\'none\';"></a>'
. '<br>Reload:' . $f_banner['reload'] / 3600 . ' Std. | Verdienst: ' . number_format($f_banner['verdienst'], 2, ',', '.') . ' | Aufenthalt: ' . $f_banner['aufendhalt'] . ' Sekunden<br><br></div>';
}
-if (mysql_num_rows ($fbanner) > 0) echo '<div align="center"><input type="button" name="mehr_banner" value="Weitere Banner !" onclick="javascript:location.reload();" /></div>';
+if ($fbanner->rowCount() > 0) echo '<div align="center"><input type="button" name="mehr_banner" value="Weitere Banner !" onclick="javascript:location.reload();" /></div>';
else echo '<div style="text-align: center; font-weight: bold; color: #ff0000;">Alle Banner im Reload !</div>';
foot ();
\ No newline at end of file
diff --git a/content/verdienen/paidmails.php b/content/verdienen/paidmails.php
index e142220..e78cfc3 100644
--- a/content/verdienen/paidmails.php
+++ b/content/verdienen/paidmails.php
@@ -2,13 +2,13 @@
userstatus();
head("Paidmailhistory");
-$paidmails = db_query("SELECT
+$paidmails = sql::$db->query("SELECT
e.gueltig, e.tan, v.verdienst, v.beschreibung, v.mailtext, v.aufendhalt
- FROM " . $db_prefix . "_paidmails_empfaenger e
- LEFT JOIN " . $db_prefix . "_paidmails_versendet v ON v.tan = e.tan
+ FROM " . _VMS_ . "_paidmails_empfaenger e
+ LEFT JOIN " . _VMS_ . "_paidmails_versendet v ON v.tan = e.tan
WHERE e.uid=" . $_SESSION['uid'] . " && e.gueltig > " . time() . " && e.status=0
LIMIT 10");
-while ($mail = mysql_fetch_array($paidmails)) {
+while ($mail = $paidmails->fetch() ) {
echo '
<table border="1" id="mail_' . $mail['tan'] . '" width="100%">
<tr>
@@ -24,7 +24,7 @@ while ($mail = mysql_fetch_array($paidmails)) {
</table>
';
}
-if (!mysql_num_rows($paidmails)) {
+if (!$paidmails->rowCount() ) {
echo '<center><b>Keine Paidmails vorhanden!</b></center>';
}
diff --git a/lib/functions.lib.php b/lib/functions.lib.php
index eada903..547f4a1 100644
--- a/lib/functions.lib.php
+++ b/lib/functions.lib.php
@@ -138,7 +138,7 @@ function rallysystem ($uid,$was,$anzahl) {
global $time;
$anzahl = round($anzahl/100);
//sql::$db->prepare ("UPDATE `vms_kontodaten` SET `eintap` = `eintap` + ? WHERE `uid` = ? LIMIT 1") -> execute(array($anzahl,$uid));
- $sql = sql::$db->prepare ("SELECT * FROM `vms_rallydaten` WHERE `id` IN (( SELECT `welche_rallys` FROM `vms_rallyorte` WHERE `id` = ? LIMIT 1 )) AND `status` = 'aktive' AND `start` <= UNIX_TIMESTAMP() AND ((`ende_art` = 'zeit' AND `ende_zeit` > UNIX_TIMESTAMP()) OR (`ende_art` = 'punkt' AND `ende_punkte` > `ende_punkte_aktuell`)) ");
+ $sql = sql::$db->prepare ("SELECT * FROM `" . _VMS_ . "_rallydaten` WHERE `id` IN (( SELECT `welche_rallys` FROM `" . _VMS_ . "_rallyorte` WHERE `id` = ? LIMIT 1 )) AND `status` = 'aktive' AND `start` <= UNIX_TIMESTAMP() AND ((`ende_art` = 'zeit' AND `ende_zeit` > UNIX_TIMESTAMP()) OR (`ende_art` = 'punkt' AND `ende_punkte` > `ende_punkte_aktuell`)) ");
$sql->execute(array($was));
while($rallys = $sql->fetch()){
$gesperrt = explode(',',$rallys['sperruser']);
@@ -147,10 +147,10 @@ function rallysystem ($uid,$was,$anzahl) {
eval("\$anzahl2 = $anzahl2;");
$steigerung = $anzahl.$rallys['gewinn_dyn_steigerung'];
eval("\$steigerung = $steigerung;");
- if ($rallys['gewinn_art'] == 'dynamisch') sql::$db->prepare ("UPDATE `vms_rallydaten` SET `gewinn_topf` = `gewinn_topf` + ? WHERE `id` = ? LIMIT 1")-> execute(array($steigerung,$rallys['id']));
- if ($rallys['ende_art'] == 'punkt') sql::$db->prepare ("UPDATE `vms_rallydaten` SET `ende_punkte_aktuell` = `ende_punkte_aktuell` + ? WHERE `id` = ? LIMIT 1")-> execute(array($anzahl2,$rallys['id']));
- $sqlu = sql::$db->prepare ("UPDATE `vms_rallyuser` SET `punkte` = `punkte` + ? WHERE `uid` = ? AND `rally` = ? AND `ausgezahlt` < '1'")-> execute(array($anzahl2,$_SESSION['uid'],$rallys['name']));
- if (0 == $sqlu -> rowCount()) sql::$db->prepare ("INSERT INTO `vms_rallyuser` (`rally`,`uid`,`punkte`) VALUES (?, ?, ?)")-> execute(array($rallys['name'], $uid, $anzahl2));
+ if ($rallys['gewinn_art'] == 'dynamisch') sql::$db->prepare ("UPDATE `" . _VMS_ . "_rallydaten` SET `gewinn_topf` = `gewinn_topf` + ? WHERE `id` = ? LIMIT 1")-> execute(array($steigerung,$rallys['id']));
+ if ($rallys['ende_art'] == 'punkt') sql::$db->prepare ("UPDATE `" . _VMS_ . "_rallydaten` SET `ende_punkte_aktuell` = `ende_punkte_aktuell` + ? WHERE `id` = ? LIMIT 1")-> execute(array($anzahl2,$rallys['id']));
+ $sqlu = sql::$db->prepare ("UPDATE `" . _VMS_ . "_rallyuser` SET `punkte` = `punkte` + ? WHERE `uid` = ? AND `rally` = ? AND `ausgezahlt` < '1'")-> execute(array($anzahl2,$_SESSION['uid'],$rallys['name']));
+ if (0 == $sqlu -> rowCount()) sql::$db->prepare ("INSERT INTO `" . _VMS_ . "_rallyuser` (`rally`,`uid`,`punkte`) VALUES (?, ?, ?)")-> execute(array($rallys['name'], $uid, $anzahl2));
}
}
}
@@ -169,10 +169,13 @@ function rallysystem ($uid,$was,$anzahl) {
function bilanz ($ein, $aus) {
$ein = round($ein, 2);
$aus = round($aus, 2);
- $date_stamp = mktime(0, 0, 0, date(m), date(d), date(Y));
- $sql = sql::$db->prepare ('UPDATE `' . _VMS_ . '_bilanz` SET `ein` = `ein` + ? , `aus` = `aus` + ? WHERE `date` = ? LIMIT 1');
+ $date_stamp = mktime(0, 0, 0, date('m'), date('d'), date('Y'));
+ $sql = sql::$db->prepare("UPDATE " . _VMS_ . "_bilanz SET `ein` = `ein` + ? , `aus` = `aus` + ? WHERE `date` = ? LIMIT 1");
$sql -> execute( array( $ein, $aus, $date_stamp));
- if (0 == $sql ->rowCount()) $sql = sql::$db->query ('INSERT INTO `' . _VMS_ . '_bilanz` (`ein`, `aus`, `date`) VALUES ( ?, ?, ?)') ->execute( array( $ein, $aus, $date_stamp));
+ if ($sql ->rowCount() == 0) {
+ $sql = sql::$db->prepare("INSERT INTO " . _VMS_ . "_bilanz (ein,aus,date) VALUES (?,?,?)");
+ $sql->execute( array( $ein, $aus, $date_stamp));
+ }
return $sql;
}
--
GitLab