Skip to content
Snippets Groups Projects
Commit 894ebe56 authored by Henoch Einbier's avatar Henoch Einbier
Browse files

Update forcedbanner.php

-secured PDO queries with bindParam
parent 9e5caba2
Branches
Tags
2 merge requests!46Release 3.0,!27Update forcedbanner.php
......@@ -2,15 +2,20 @@
userstatus ();
head ('Klickbanner');
$sql = sql::$db->query('SELECT COUNT(t1.tan) AS ganzahl, SUM(t1.verdienst) AS gverdienst, SUM(t1.aufendhalt) AS gaufenthalt FROM '._VMS_.'_gebuchte_werbung t1
$sql = sql::$db->prepare('SELECT COUNT(t1.tan) AS ganzahl, SUM(t1.verdienst) AS gverdienst, SUM(t1.aufendhalt) AS gaufenthalt FROM '._VMS_.'_gebuchte_werbung t1
LEFT JOIN '._VMS_.'_fb_blacklist AS t3 ON t3.kid = t1.kid AND t3.werbeart=t1.werbeart
WHERE (t3.kid IS NULL OR LOCATE(t3.sponsor, t1.ziel) = 0) AND t1.werbeart = "forcedbanner" and t1.reload >= 100 AND t1.menge > 0 AND t1.status = 1 AND t1.verdienst >= 0 AND t1.sponsor != '.$_SESSION['uid'].'');
WHERE (t3.kid IS NULL OR LOCATE(t3.sponsor, t1.ziel) = 0) AND t1.werbeart = "forcedbanner" and t1.reload >= 100 AND t1.menge > 0 AND t1.status = 1 AND t1.verdienst >= 0 AND t1.sponsor != :session_uid');
$sql -> bindParam(':session_uid', $_SESSION['uid'], PDO::PARAM_INT);
$sql -> execute();
$fstats_gesamt = $sql->fetch();
$sql = sql::$db->query('SELECT COUNT(t1.tan) AS uanzahl, SUM(t1.verdienst) AS uverdienst FROM '._VMS_.'_gebuchte_werbung t1
$sql = sql::$db->prepare('SELECT COUNT(t1.tan) AS uanzahl, SUM(t1.verdienst) AS uverdienst FROM '._VMS_.'_gebuchte_werbung t1
LEFT JOIN '._VMS_.'_fb_blacklist AS t3 ON t3.kid = t1.kid AND t3.werbeart=t1.werbeart
LEFT JOIN '._VMS_.'_reloads t2 ON (t1.tan = t2.tan AND (t2.uid = '.$_SESSION['uid'].' OR t2.ip = "'.$system['ip'].'") AND t2.bis >= '.time().')
WHERE (t3.kid IS NULL OR LOCATE(t3.sponsor, t1.ziel) = 0) AND t2.tan IS NULL AND t1.werbeart = "forcedbanner" and t1.reload >= 100 AND t1.menge > 0 AND t1.status = 1 AND t1.verdienst >= 0 AND t1.sponsor != '.$_SESSION['uid'].'');
LEFT JOIN '._VMS_.'_reloads t2 ON (t1.tan = t2.tan AND (t2.uid = :session_uid OR t2.ip = :ip) AND t2.bis >= '.time().')
WHERE (t3.kid IS NULL OR LOCATE(t3.sponsor, t1.ziel) = 0) AND t2.tan IS NULL AND t1.werbeart = "forcedbanner" and t1.reload >= 100 AND t1.menge > 0 AND t1.status = 1 AND t1.verdienst >= 0 AND t1.sponsor != :session_uid');
$sql -> bindParam(':session_uid', $_SESSION['uid'], PDO::PARAM_INT);
$sql -> bindParam(':ip', $system['ip'], PDO::PARAM_INT);
$sql -> execute();
$fstats_uebrig = $sql->fetch();
if($fstats_gesamt['ganzahl'] == 0) {
......@@ -46,10 +51,13 @@ userstatus ();
jQuery('#fortschritt').progressbar({value: width});
jQuery('#fortschritt').append(jQuery('<div>').html('Noch ".$uebrig."&#37; &uuml;brig ').css('position', 'relative').css('top', '-21px').css('width', '100%').css('font-size', '14px').attr('align', 'center').attr('id', 'fortschritttext'));
</script> ";
$sql = sql::$db->query ('SELECT r.bis FROM '._VMS_.'_reloads AS r
LEFT JOIN '._VMS_.'_gebuchte_werbung AS ad ON (ad.tan = r.tan AND ad.status = 1 AND ad.werbeart = "forcedbanner" AND ad.sponsor != '.$_SESSION['uid'].')
WHERE r.uid = '.$_SESSION['uid'].' AND ad.tan IS NOT NULL AND r.bis > '.(time()).'
$sql = sql::$db->prepare('SELECT r.bis FROM '._VMS_.'_reloads AS r
LEFT JOIN '._VMS_.'_gebuchte_werbung AS ad ON (ad.tan = r.tan AND ad.status = 1 AND ad.werbeart = "forcedbanner" AND ad.sponsor != :session_uid)
WHERE r.uid = :session_uid AND ad.tan IS NOT NULL AND r.bis > '.(time()).'
ORDER BY r.bis ASC LIMIT 1');
$sql -> bindParam(':session_uid', $_SESSION['uid'], PDO::PARAM_INT);
$sql -> execute();
$res = $sql->fetch();
$zeit = ((($res['bis']-time()) >= 0) ? ($res['bis']-time()) : NULL );
if ($zeit != NULL){
......@@ -58,20 +66,26 @@ userstatus ();
$sql = sql::$db->query ('SELECT max_forced FROM ' . _VMS_ . '_userdaten WHERE uid = ' . $_SESSION['uid'] . ' LIMIT 1');
$usr = $sql->fetch();
$fbanner = sql::$db->query ('SELECT t1.*
sql::$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$fbanner = sql::$db->prepare('SELECT t1.*
FROM ' . _VMS_ . '_gebuchte_werbung t1
LEFT JOIN ' . _VMS_ . '_fb_blacklist AS t3 ON t3.kid = t1.kid AND t3.werbeart=t1.werbeart
LEFT JOIN ' . _VMS_ . '_reloads t2
ON (t1.tan = t2.tan AND (t2.uid = ' . $_SESSION['uid'] . ' OR t2.ip = "' . $system['ip'] . '") AND t2.bis >= ' . time() . ')
WHERE (t3.kid IS NULL OR LOCATE(t3.sponsor, t1.ziel) = 0) AND t2.tan IS NULL AND t1.werbeart = "forcedbanner" AND t1.menge > 0 AND t1.status = 1 AND t1.verdienst > 0 AND t1.sponsor != ' . $_SESSION['uid'] . ' ORDER BY t1.verdienst DESC LIMIT ' . $usr['max_forced']);
ON (t1.tan = t2.tan AND (t2.uid = :session_uid OR t2.ip = :ip) AND t2.bis >= ' . time() . ')
WHERE (t3.kid IS NULL OR LOCATE(t3.sponsor, t1.ziel) = 0) AND t2.tan IS NULL AND t1.werbeart = "forcedbanner" AND t1.menge > 0 AND t1.status = 1 AND t1.verdienst > 0 AND t1.sponsor != :session_uid2
ORDER BY t1.verdienst DESC LIMIT :max_forced');
$fbanner -> bindParam(':session_uid', $_SESSION['uid'], PDO::PARAM_INT);
$fbanner -> bindParam(':session_uid2', $_SESSION['uid'], PDO::PARAM_INT);
$fbanner -> bindParam(':ip', $system['ip'], PDO::PARAM_STR);
$fbanner -> bindParam(':max_forced', $usr['max_forced'], PDO::PARAM_INT);
$fbanner -> execute();
while ($f_banner = $fbanner->fetch(PDO::FETCH_ASSOC) ) {
echo '<div align="center" id="banner_' . $f_banner['tan'] . '"><a href="top_forcedbanner.php?tan=' . $f_banner['tan'] . '" target="_blank"><img src="' . $f_banner['banner'] . '" border="0" height="60" width="468" alt="' . $f_banner['tan'] . '" onClick="document.getElementById(\'banner_' . $f_banner['tan'] . '\').style.display=\'none\';"></a>'
echo '<div align="center" id="banner_' . $f_banner['tan'] . '"><a href="top_forced.php?tan=' . $f_banner['tan'] . '" target="_blank"><img src="' . $f_banner['banner'] . '" border="0" height="60" width="468" alt="' . $f_banner['tan'] . '" onClick="document.getElementById(\'banner_' . $f_banner['tan'] . '\').style.display=\'none\';"></a>'
. '<br>Reload:' . $f_banner['reload'] / 3600 . ' Std. | Verdienst: ' . number_format($f_banner['verdienst'], 2, ',', '.') . ' | Aufenthalt: ' . $f_banner['aufendhalt'] . ' Sekunden<br><br></div>';
}
if ($fbanner->rowCount() > 0) echo '<div align="center"><input type="button" name="mehr_banner" value="Weitere Banner !" onclick="javascript:location.reload();" /></div>';
else echo '<div style="text-align: center; font-weight: bold; color: #ff0000;">Alle Banner im Reload !</div>';
else echo '<div style="text-align: center; font-weight: bold; color: #ff0000;">Alle Banner im Reload!</div>';
foot ();
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment