Compare revisions

77d2186f · 77d2186f · 77d2186f · 77d2186f · 77d2186f · 77d2186f
--- a/lib/menue_links.php
+++ b/lib/menue_links.php
@@ -23,13 +23,13 @@ if ($_SESSION['login'] == 'true') {
 menuehead('Rallysystem');
 echo '<dl>';
-$ralleydaten = db_query("SELECT status, start, ende_art, ende_zeit, ende_punkte, ende_punkte_aktuell, name FROM vms_rallydaten");
+$sql = sql::$db->query ("SELECT `status`, `start`, `ende_art`, `ende_zeit`, `ende_punkte`, `ende_punkte_aktuell`, `name` FROM `vms_rallydaten`");
 $times = time();
-while ($data = mysql_fetch_assoc($ralleydaten)) {
+while ($data = $sql -> fetch()) {
    echo'<dt> <a href="?content=/rallysystem&amp;rally=' . $data['name'] . '"><i>';
    if ($data['status'] == 'aktive' && $data['start'] <= $times && (($data['ende_art'] == 'zeit' && $data['ende_zeit'] > $times) OR ($data['ende_art'] == 'punkt' && $data['ende_punkte_aktuell'] < $data['ende_punkte']))) {
-        echo'<span style="color:#1DA801;">';
+        echo'<span style="color:'.$system['positiv_farbe'].';">';
-    } else echo'<span style="color:#BB0101;">';
+    } else echo'<span style="color:'.$system['negativ_farbe'].';">';
    echo '&nbsp;' . $data['name'] . '-Rally</span></i></a></dt>';
 }
 echo '</dl>';

--- a/lib/schnittstellen/klamm.php
+++ b/lib/schnittstellen/klamm.php
@@ -62,7 +62,7 @@ $ret=@file("http://www.klamm.de/engine/lose/send.php?ef_id=".$betreiber_id."&ef_
 for($i=0;$i<count($ret);$i++) {
  $returned.=$ret[$i];
 }
-$trans_check = split("[|]",$returned,7);
+$trans_check = explode("|",$returned,7);
 if ($trans_check[0] != "1001") {
 $trans_ausgabe = $trans_error[$trans_check[0]];
 if ($trans_ausgabe == "") $trans_ausgabe = $trans_error[1099];
@@ -101,7 +101,7 @@ $ret=file("http://www.klamm.de/engine/lose/get.php?ef_id=".$betreiber_id."&ef_pw
 for($i=0;$i<count($ret);$i++) {
  $returned.=$ret[$i];
 }
-$trans_check = split("[|]",$returned,7);
+$trans_check = explode("|",$returned,7);
 if ($trans_check[0] != "1001") {
 $trans_ausgabe = $trans_error[$trans_check[0]];
 if ($trans_ausgabe == "") $trans_ausgabe = $trans_error[1099];
@@ -134,7 +134,7 @@ $ret=file("http://www.klamm.de/engine/lose/saldo.php?ef_id=".$betreiber_id."&ef_
 for($i=0;$i<count($ret);$i++){
  $returned.=$ret[$i];
 }
-$trans_check = split("[|]",$returned,7);
+$trans_check = explode("|",$returned,7);
 if ($trans_check[0] != "1001") {
 $trans_ausgabe = $trans_error[$trans_check[0]];
 if ($trans_ausgabe == "") $trans_ausgabe = $trans_error[1099];
@@ -169,7 +169,7 @@ $ret=file("http://www.klamm.de/engine/klamm/validate.php?ef_id=".$betreiber_id."
 for($i=0;$i<count($ret);$i++){
  $returned.=$ret[$i];
 }
-$trans_check = split("[|]",$returned,7);
+$trans_check = explode("|",$returned,7);
 if ($trans_check[0] != "1001") {
 $trans_ausgabe = $trans_error[$trans_check[0]];
 if ($trans_ausgabe == "") $trans_ausgabe = $trans_error[1099];

--- a/lib/session.lib.php
+++ b/lib/session.lib.php
@@ -16,30 +16,29 @@ if (!isset($_GET['logout'])) $_GET['logout'] = "";
 if (!isset($_GET['ref'])) $_GET['ref'] = "0";
 if ($_SESSION['werber'] == "0") $_SESSION['werber'] = (int)$_GET['ref'];
 // Seiteneinstellungen laden...
-$pageconfig = mysql_fetch_array(db_query("SELECT * FROM " . $db_prefix . "_seitenkonfig LIMIT 1"));
+$pageconfig = sql::$db->query ("SELECT * FROM `" . _VMS_ . "_seitenkonfig` LIMIT 1")->fetch();
-if ($pageconfig['wartung'] == 1 && $_SESSION['uid'] != $admin_id) {
+if ($pageconfig['wartung'] == 1 && $_SESSION['uid'] != $system['admin_id'] && strpos($_SERVER['PHP_SELF'], "/adminforce/") == false) {
    setCookie('uid', '', time() - 86400 * 30);
    setCookie('passwort', '', time() - 86400 * 30);
    setCookie('autologin', '', time() - 86400 * 30);
    $_SESSION['uid'] = "";
    $_SESSION['passwort'] = "";
    $_SESSION['login'] = "";
-    header ("location: " . $domain . "/wartung.php");
+    header ("location: " . $system['domain'] . "/wartung.php");
    die();
 }
 // Login
 if ($_POST['checkid'] == 'Login' && $_POST['nickname'] && $_POST['passwort']) {
    $_POST['nickname'] = addslashes($_POST['nickname']);
-    $login_check = db_query("SELECT k.uid,k.passwort,k.status,k.hinweis
+    $sql = sql::$db->prepare ("SELECT `k`.`uid`, `k`.`passwort`, `k`.`status`, `k`.`hinweis` FROM `" . _VMS_ . "_userdaten` AS  `u` LEFT JOIN `" . _VMS_ . "_kontodaten`  AS `k` ON `k`.`uid` = `u`.`uid` WHERE `u`.`nickname` = ? AND `k`.`passwort` = ? LIMIT 1");
-                                FROM " . $db_prefix . "_userdaten u
+    $sql -> execute(array($_POST['nickname'], md5($_POST['passwort'])));
-                                LEFT JOIN " . $db_prefix . "_kontodaten k ON k.uid=u.uid
+    if ($sql -> rowCount()) {
-                                WHERE u.nickname='" . $_POST['nickname'] . "' AND k.passwort='" . md5($_POST['passwort']) . "' LIMIT 1");
+        $login_check = $sql -> fetch();
-    if (mysql_num_rows($login_check)) {
-        $login_check = mysql_fetch_array($login_check);
        // Wenn User noch nicht freigeschaltet!
        if ($login_check['status'] == 0) {
            $_SESSION['uid'] = "";
@@ -49,7 +48,8 @@ if ($_POST['checkid'] == 'Login' && $_POST['nickname'] && $_POST['passwort']) {
        }
        // Wenn beim User alles O.K. ist!
        if ($login_check['status'] == 1) {
-            db_query("UPDATE " . $db_prefix . "_kontodaten SET login_ip='" . $ip . "' , loginzeit='" . time() . "' WHERE uid=" . $login_check['uid'] . " and passwort='" . md5($_POST['passwort']) . "' LIMIT 1");
+            sql::$db->prepare ("UPDATE `" . _VMS_ . "_kontodaten` SET `login_ip` = ? , `loginzeit` = ? WHERE `uid` = ? and `passwort` = ? LIMIT 1")
+                -> execute( array( $system['ip'], time(), $login_check['uid'], md5($_POST['passwort'])));
            if ($_POST['autologin'] == 'true') {
                setCookie('uid', $login_check['uid'], time() + 86400 * 30);
                setCookie('passwort', $login_check['passwort'], time() + 86400 * 30);
@@ -58,7 +58,7 @@ if ($_POST['checkid'] == 'Login' && $_POST['nickname'] && $_POST['passwort']) {
            $_SESSION['uid'] = $login_check['uid'];
            $_SESSION['passwort'] = $login_check['passwort'];
            $_SESSION['login'] = "true";
-            header ("location: " . $domain);
+            header ("location: " . $system['domain']);
            die();
        }
        // Wenn User gesperrt wurde!
@@ -75,22 +75,26 @@ if ($_POST['checkid'] == 'Login' && $_POST['nickname'] && $_POST['passwort']) {
 } else {
    if ($_POST['checkid'] == 'Login') $_GET['content'] = '/error/kein_zutritt';
 }
 // Autologin
 if ($_SESSION['login'] != 'true' && isset($_COOKIE['autologin']) && isset($_COOKIE['uid']) && isset($_COOKIE['passwort'])) {
    $_COOKIE['uid'] = (int)$_COOKIE['uid'];
    $_COOKIE['passwort'] = addslashes ($_COOKIE['passwort']);
-    $login_check = db_query("SELECT `uid`,`passwort`,`status`,`hinweis` FROM " . $db_prefix . "_kontodaten WHERE uid=" . $_COOKIE['uid'] . " and passwort='" . $_COOKIE['passwort'] . "' LIMIT 1");
+    $sql = sql::$db->prepare ("SELECT `uid`,`passwort`,`status`,`hinweis` FROM `" . _VMS_ . "_kontodaten` WHERE `uid` = ? and `passwort` = ? LIMIT 1");
-    if (mysql_num_rows($login_check)) {
+    $sql -> execute( array( $_COOKIE['uid'], $_COOKIE['passwort']));
-        $login_check = mysql_fetch_array($login_check);
+    if ($sql -> rowCount()) {
+        $login_check = $sql -> fetch();
        if ($login_check['status'] == 1) {
-            db_query("UPDATE " . $db_prefix . "_kontodaten SET login_ip='" . $ip . "' , loginzeit='" . time() . "' WHERE uid=" . $_COOKIE['uid'] . " and passwort='" . $_COOKIE['passwort'] . "' LIMIT 1");
+            sql::$db->prepare ("UPDATE `" . _VMS_ . "_kontodaten` SET `login_ip` = ? , `loginzeit` = ? WHERE `uid` = ? and `passwort` = ? LIMIT 1")
+                -> execute( array( $system['ip'], time(), $login_check['uid'], md5($_COOKIE['passwort'])));
            $_SESSION['uid'] = $login_check['uid'];
            $_SESSION['passwort'] = $login_check['passwort'];
            $_SESSION['login'] = "true";
        }
    }
 }
 // Logout
 if ($_GET['logout'] == 'true') {
    setCookie('uid', '', time() - 86400 * 30);
@@ -99,11 +103,12 @@ if ($_GET['logout'] == 'true') {
    $_SESSION['uid'] = "";
    $_SESSION['passwort'] = "";
    $_SESSION['login'] = "";
-    header ("location: " . $domain);
+    header ("location: " . $system['domain']);
    die();
 }
 if (isset ($_SESSION['uid']) && isset ($_SESSION['passwort']) && !empty ($_SESSION['uid']) && !empty ($_SESSION['passwort'])) {
-    db_query ("UPDATE " . $db_prefix . "_kontodaten SET last_active = " . time() . " WHERE uid = " . $_SESSION['uid'] . " AND passwort = '" . $_SESSION['passwort'] . "' LIMIT 1");
+    sql::$db->prepare ("UPDATE `" . _VMS_ . "_kontodaten` SET `last_active` = ? WHERE `uid` = ? AND `passwort` = ? LIMIT 1")
+        -> execute( array( time(), $_SESSION['uid'], $_SESSION['passwort']));
 }
 ?>
\ No newline at end of file
--- a/lib/texte/bettelwerbung.txt
+++ b/lib/texte/bettelwerbung.txt
-<a href="http://kingbonus.de/?refid=2&subid=vmsBettel"><img src="http://kingbonus.de/banner/500x400_1.gif" alt=""></a>
\ No newline at end of file
--- a/lib/texte/startwerbung.txt
+++ b/lib/texte/startwerbung.txt
-<script src="http://www.fuco-ads.de/lose/zbanner.php?id=54&aid=89&size=468x60&only="></script>
-<IFRAME SRC="http://www.promotion4banner.de/cgi/p4b.cgi?dimplex" MARGINWIDTH="0" MARGINHEIGHT="0" HSPACE="0" SCROLLING="no" VSPACE="0" FRAMEBORDER="0" WIDTH="468" HEIGHT="60"></IFRAME>
-<!-- ENDE - (c) Promotion4Banner.de - HTML-Code -->
\ No newline at end of file
--- a/lib/weristonline.php
+++ b/lib/weristonline.php
 <?php
-$zeit = (5 * 60); // Sekunden seit der letzten Aktivität
-$np = $domain . '/?content=/nickpage&amp;nick='; // Nickpagelink
 // verhindern, dass die Datei direkt aufgerufen wird
-if (!function_exists ("db_query")) die ("Kein Direktaufruf");
+if (!isset($system)) die ("Kein Direktaufruf");
-$sql = db_query ('SELECT k.uid, u.nickname FROM ' . $db_prefix . '_kontodaten k LEFT JOIN ' . $db_prefix . '_userdaten u ON u.uid = k.uid WHERE k.last_active >= ' . (time() - $zeit));
+$sql = sql::$db->prepare ("SELECT `k`.`uid`, `u`.`nickname` FROM `" . _VMS_ . "_kontodaten` AS `k` LEFT JOIN `" . _VMS_ . "_userdaten` AS `u` ON `u`.`uid` = `k`.`uid` WHERE `k`.`last_active` >= ? ");
+$sql ->execute(array(time() - $system['wer-ist-online_inaktive-zeit']));
-if (mysql_num_rows ($sql) == 0) echo '<span style="font-style: italic;">keiner</span>';
+if (0 == $sql -> rowCount()) echo '<span style="font-style: italic;">keiner</span>';
 else {
    $nr = 1;
-    while ($user = mysql_fetch_assoc ($sql)) {
+    while ($user = $sql->fetch()) {
-        if ($user['uid'] == $admin_id) echo '<a style="font-weight: bold;" href="' . $np . $user['nickname'] . '">' . $user['nickname'] . '</a>';
+        if ($user['uid'] == $system['admin_id']) echo '<a style="font-weight: bold; color: '.$system['admin_farbe'].'" href="' . $system['domain'].$system['wer-ist-online_nickpage-url'] . $user['nickname'] . '">' . $user['nickname'] . '</a>';
-        else echo '<a href="' . $np . $user['nickname'] . '">' . $user['nickname'] . '</a>';
+        else echo '<a style="color: '.$system['user_farbe'].'" href="' . $system['domain'].$system['wer-ist-online_nickpage-url'] . $user['nickname'] . '">' . $user['nickname'] . '</a>';
-        if ($nr < mysql_num_rows ($sql)) echo ', ';
+        if ($nr < $sql -> rowCount()) echo ', ';
        $nr++;
    }
 }

--- a/readme.md
+++ b/readme.md
+VMSone 
+======
+### Virtual Monetary System one
+Dies ist ein einfaches Log-in-Script mit Währungsverwaltung, Log-in-Verwaltung, Admin-Bereich und der Möglichkeit einer Anbindung an eine externe Seite.
+#### Inhalt
+1. [Anforderungen](#Anforderungen)
+1. [Installation](#Installation)
+1. [Support](#Support)
+1. [Lizenzbedingungen](#Lizenzbedingungen)
+## Anforderungen
+Um das Script zu nutzen, benötigen Sie:
+* PHP 7.* - 8.* mit mysql, curl sowie bcmath und diverse Standard Plugins
+* Mysql Version 5.4/5.5/5.6 (andere Versionen ungetestet)
+* allow_url_fopen auf TRUE (cronjob für sponsoren)_
+* Ein FTP / SFTP / etc Programm zum Upload der Scriptfiles
+## Installation
+1. Entpacken der Files.
+2. Upload der Files in das web Verzeichnis
+3. Anlegen einer Datenbank und Einspielung der .ressource/mysql/init.sql 
+(Die Migrations sind bereits darin enthalten und müssen NICHT eingespielt werden.)
+4. Kopieren der lib/config.inc.php.example zu lib/config.inc.php
+5. lib/config.inc.php anpassen mit den notwendigen Daten. 
+6. Ordner lib/texte braucht Schreibrechte für den www-User 
+## Support
+Sämtliche Supportanfragen und Weiterentwicklungen laufen via Community auf [Designerscripte](http://www.designerscripte.net/)
+## Lizenzbedingungen
+Die Nutzungsbedingungen sind zu finden unter 
+[http://www.designerscripte.net/index.php?pageid=nutzungsbedingungen](http://www.designerscripte.net/index.php?pageid=nutzungsbedingungen)
\ No newline at end of file
--- a/top_forcedbanner.php
+++ b/top_forcedbanner.php
 <?php
-require_once ('lib/config.inc.php');
+require_once('lib/extras.init.php');
-require_once ('lib/functions.lib.php');
-db_connect();
-require_once ('lib/session.lib.php');
 if (!isset($_GET['art']))		$_GET['art']		= "";
 if (!isset($forced['tan']))		$forced['tan']		= "";
-if (!isset($forced['ziel']))	        $forced['ziel']		= "";
+if (!isset($forced['ziel']))	$forced['ziel']		= "";
-//Tan absichern
+$sql = sql::$db->prepare ("SELECT `ziel`, `tan` FROM `"._VMS_."_gebuchte_werbung` WHERE `tan` = ? LIMIT 1");
-$_GET['tan'] = addslashes ($_GET['tan']);
+$sql -> execute(array($_GET['tan']));
+$forced = $sql -> fetch();
-$forced = mysql_fetch_assoc(db_query("SELECT ziel,tan FROM ".$db_prefix."_gebuchte_werbung WHERE tan='".$_GET['tan']."' LIMIT 1"));
 echo '<!DOCTYPE>
 <html>
 <head>
-	<title>Forcedklick by '.$seitenname.'</title>
+	<title>Forcedklick by '.$system['seitenname'].'</title>
 </head>
 <frameset rows="30,*" border="0">
 <frame src="topframe_forced.php?tan='.$forced['tan'].'" scrolling="no" frameborder="0">
 <frame src="'.$forced['ziel'].'" scrolling="auto" frameborder="0">
 </frameset>
 </html>';
-db_close();
\ No newline at end of file
--- a/pclick.php
+++ b/pclick.php
 <?php
-require_once ('lib/config.inc.php');
+require_once('lib/extras.init.php');
-require_once ('lib/functions.lib.php');
+if (!isset($_GET['uid']))		$_GET['uid']		= "";
-db_connect();
+if (!isset($_GET['tan']))		$_GET['tan']		= "";
 $_GET['uid'] = (int)$_GET['uid'];
-$_GET['tan'] = addslashes ($_GET['tan']);
-$mail = mysql_fetch_assoc(db_query("SELECT `ziel` FROM ".$db_prefix."_paidmails_versendet WHERE tan='".$_GET['tan']."' LIMIT 1"));
+$sql = sql::$db->prepare ("SELECT `ziel`, `tan` FROM `"._VMS_."_paidmails_versendet` WHERE `tan` = ? LIMIT 1");
+$sql -> execute(array($_GET['tan']));
+$mail = $sql -> fetch();
 echo '
 <!DOCTYPE>
 <html>
    <head>
        <meta charset="UTF-8">
-        <title>Paidmail by '.$seitenname.'</title>
+        <title>Paidmail by '.$system['seitenname'].'</title>
    </head>
        <frameset rows="30,*" border="0">
-            <frame name="abuse" src="pcheck.php?tan=.'.$_GET['tan'].'&uid='.$_GET['uid'].'" scrolling="no" frameborder="0">
+            <frame name="abuse" src="topframe_paidmail.php?tan='.$mail['tan'].'&uid='.$_GET['uid'].'" scrolling="no" frameborder="0">
            <frame name="werbung" src="'.$mail['ziel'].'" scrolling="auto" frameborder="0">
        </frameset>
 </html>';
-db_close();
\ No newline at end of file
--- a/topframe_forced.php
+++ b/topframe_forced.php
 <?php
-require_once ('lib/config.inc.php');
+require_once('lib/extras.init.php');
-require_once ('lib/functions.lib.php');
-require_once ('lib/session.lib.php');
 // Variabeln definieren
 if (!isset($headmsg)) $headmsg = "";
 if (!isset($puk)) $puk = "";
@@ -16,25 +15,21 @@ if (!isset($forced['aufendhalt'])) $forced['aufendhalt'] = "";
 if (!isset($forced['tan'])) $forced['tan'] = "";
 // Nur weiter wenn eingeloggt
-if ($_SESSION['login'] != 'true' || $_SESSION['uid'] <= 0) die('Bitte einloggen!');
+if (!is_user()) die('Bitte einloggen!');
-//DB Verbindung herstellen
-db_connect();
-// Tan sichern
-$_GET['tan'] = mysql_real_escape_string ($_GET['tan']);
 // Werbedaten auslesen! Fixed
-$kamp = db_query ("SELECT t1.* FROM " . $db_prefix . "_gebuchte_werbung t1
+$sql = sql::$db->prepare ("SELECT `t1`.* FROM `" . _VMS_ . "_gebuchte_werbung` AS `t1` 
-                               LEFT JOIN " . $db_prefix . "_reloads t2 ON (t1.tan=t2.tan AND (t2.uid=" . $_SESSION['uid'] . " or t2.ip='" . $ip . "') AND t2.bis > " . time() . ")
+                            LEFT JOIN `" . _VMS_ . "_reloads` AS `t2` ON (`t1`.`tan` = `t2`.`tan` AND (`t2`.`uid` = ? or `t2`.`ip` = ? ) AND `t2`.`bis` > ?)
-                               WHERE t1.tan = '" . $_GET['tan'] . "' AND t2.tan IS NULL AND t1.werbeart = 'forcedbanner' AND t1.menge >=1 AND t1.status = 1 AND t1.sponsor != " . $_SESSION['uid'] . " LIMIT 1");
+                            WHERE `t1`.`tan` = ? AND `t2`.`tan` IS NULL AND `t1`.`werbeart` = 'forcedbanner' AND `t1`.`menge` >= 1 AND `t1`.`status` = 1 AND `t1`.`sponsor` != ? LIMIT 1");
+$sql -> execute(array($_SESSION['uid'], $system['ip'], time(), $_GET['tan'], $_SESSION['uid']));
 // Reloadprüfen
-if (mysql_num_rows($kamp)) {
+if ($sql -> rowCount()) {
-    $forced = mysql_fetch_assoc($kamp);
+    $forced = $sql -> fetch();;
    $wartezeit = $forced['aufendhalt'];
    $headmsg = 'Vergütung in ' . $forced['aufendhalt'] . ' Sek.!';
    if ($_GET['auszahlen'] != 'true') {
-        $puk = md5($_SESSION['uid'] . $forced['aufendhalt'] . date("d.m.Y", time()) . $percode);
+        $puk = md5($_SESSION['uid'] . $forced['aufendhalt'] . date("d.m.Y", time()) . $system['percode']);
        $_SESSION['earlies_payout' . $_GET['tan']] = time() + $wartezeit - 1;
    }
 } else {
@@ -42,24 +37,31 @@ if (mysql_num_rows($kamp)) {
    $force_error = 'true';
 }
 // User bezahlen und Reload schreiben
-if ($_GET['auszahlen'] == 'true' && $force_error != 'true' && $_GET['puk'] == md5($_SESSION['uid'] . $forced['aufendhalt'] . date("d.m.Y", time()) . $percode) && time() >= $_SESSION['earlies_payout' . $_GET['tan']]) {
+if ($_GET['auszahlen'] == 'true' && $force_error != 'true' && $_GET['puk'] == md5($_SESSION['uid'] . $forced['aufendhalt'] . date("d.m.Y", time()) . $system['percode']) && time() >= $_SESSION['earlies_payout' . $_GET['tan']]) {
+    $sql = sql::$db->prepare ("UPDATE `" . _VMS_ . "_kontodaten`  SET `klicks` = `klicks` + 1, `kv` = `kv` + :verdienst , `kontostand` = `kontostand` + :verdienst2 WHERE `uid` = :uid LIMIT 1");
+    $sql -> execute(array(':verdienst' => $forced['verdienst'], ':verdienst2' => $forced['verdienst'], ':uid' => $_SESSION['uid']));
-    db_query("UPDATE " . $db_prefix . "_kontodaten  SET klicks = klicks + 1, kv = kv + " . $forced['verdienst'] . ", kontostand = kontostand + " . $forced['verdienst'] . " WHERE uid = " . $_SESSION['uid'] . "");
    refumsatz ($forced['verdienst'], $_SESSION['uid']);
    rallysystem ($_SESSION['uid'], '1', $forced['verdienst']);
    bilanz($forced['preis'], $forced['verdienst']);
    $new_reload = time() + $forced['reload'];
-    db_query("INSERT INTO " . $db_prefix . "_reloads (ip,uid,tan,bis) VALUES ('" . $ip . "'," . $_SESSION['uid'] . ",'" . $forced['tan'] . "'," . $new_reload . ")");
-    db_query("UPDATE " . $db_prefix . "_gebuchte_werbung SET menge = menge - 1 WHERE tan='" . $_GET['tan'] . "'");
+    $sql = sql::$db->prepare ("INSERT INTO `" . _VMS_ . "_reloads` (`ip`, `uid`, `tan`, `bis`) VALUES (?, ?, ?, ?)");
+    $sql -> execute(array($system['ip'], $_SESSION['uid'], $forced['tan'], $new_reload));
+    $sql = sql::$db->prepare ("UPDATE `" . _VMS_ . "_gebuchte_werbung` SET `menge` = `menge` - 1 WHERE `tan` = ?");
+    $sql -> execute(array($_GET['tan']) );
    $_SESSION['earlies_payout' . $_GET['tan']] = '';
-    $headmsg = $forced['verdienst'] . ' ' . $waehrung . ' erhalten!';
+    $headmsg = $forced['verdienst'] . ' ' . $system['waehrung'] . ' erhalten!';
 } elseif ($_GET['auszahlen'] == 'true' && time() < $_SESSION['earlies_payout' . $_GET['tan']]) {
    $headmsg = 'Wartezeit umgangen.';
 } elseif ($_GET['auszahlen'] == 'true' && $force_error != 'true') {
    $headmsg = 'Pin abgelaufen';
 }
-db_close();
 echo'<!DOCTYPE HTML />
 <html>
@@ -72,7 +74,7 @@ echo'<!DOCTYPE HTML />
    <body>
        <table width="100%" cellpadding="0" cellspacing="0" border="0" align="left">
            <tr>
-                <td align="left" width="50%"><b>'.$seitenname.' ist für den Inhalt nicht verantwortlich.</b></td>
+                <td align="left" width="50%"><b>'.$system['seitenname'].' ist für den Inhalt nicht verantwortlich.</b></td>
                <td align="right" width="50%"><b>'.$headmsg.'</b>&nbsp;&nbsp;&nbsp;&nbsp;</td>
            </tr>
        </table>

--- a/pcheck.php
+++ b/pcheck.php
 <?php
-require_once ('lib/config.inc.php');
+require_once('lib/extras.init.php');
-require_once ('lib/functions.lib.php');
 //Variablen vordefinieren
 if (!isset($headmsg))		       $headmsg			= "";
 if (!isset($wait))		       $wait			= "";
 if (!isset($_GET['auszahlen']))	       $_GET['auszahlen']	= "false";
-//Tan / UID Sichern
+//UID Sichern
 $_GET['uid'] = (int)$_GET['uid'];
-$_GET['tan'] = addslashes ($_GET['tan']);
-//DB Verbindung herstellen
+$sql = sql::$db->prepare ("SELECT `e`.`start`,`e`.`aufendhalt`,`e`.`status`,`e`.`uid`,`v`.`verdienst` FROM `"._VMS_."_paidmails_empfaenger` AS `e`
-db_connect();
+                            LEFT JOIN `"._VMS_."_paidmails_versendet` AS `v` ON `v`.`tan` = `e`.`tan`
+                            WHERE `e`.`tan` = ? AND `e`.`uid` = ? AND `e`.`gueltig` > ? LIMIT 1");
+$sql -> execute(array($_GET['tan'],$_GET['uid'],time()));
-$mail =  mysql_fetch_assoc(db_query("SELECT e.start,e.aufendhalt,e.status,e.uid,v.verdienst FROM ".$db_prefix."_paidmails_empfaenger e
+$mail =  $sql-> fetch();
-                                                                              LEFT JOIN ".$db_prefix."_paidmails_versendet v ON v.tan = e.tan
-                                                                              WHERE e.tan='".$_GET['tan']."' AND e.uid=".$_GET['uid']." AND e.gueltig > ".time()." LIMIT 1"));
-if ($_GET['auszahlen']!='true') {
+if (!isset($_GET['auszahlen']) OR $_GET['auszahlen'] != 'true' ) {
-	if (mysql_num_rows($user_mail)) {
+	if ($sql -> rowCount()) {
 		if ($mail['status'] != 0) {
-    		if ($mail['status'] == 1) $headmsg = 'Mail schon bestädigt!';
+    		if ($mail['status'] == 1) $headmsg = 'Mail schon bestätigt!';
    		if ($mail['status'] == 2) $headmsg = 'Fakeversuch!';
 		} else {
    		$headmsg = 'Bitte warte '.$mail['aufendhalt'].' Sek.!';
-    		$wait = '<meta http-equiv="refresh" content="'.$mail['aufendhalt'].';url=pcheck.php?tan='.$_GET['tan'].'&auszahlen=true&uid='.$_GET['uid'].'">';
+    		$wait = '<meta http-equiv="refresh" content="'.$mail['aufendhalt'].';url=topframe_paidmail.php?tan='.$_GET['tan'].'&auszahlen=true&uid='.$_GET['uid'].'">';
-    		db_query("UPDATE ".$db_prefix."_paidmails_empfaenger SET start=".time()." WHERE tan='".$_GET['tan']."' and uid=".$_GET['uid']."");
+    		$sql = sql::$db->prepare ("UPDATE `"._VMS_."_paidmails_empfaenger` SET `start` = ? WHERE `tan` = ? and `uid` = ? LIMIT 1");
+    		$sql -> execute(array(time(), $_GET['tan'], $_GET['uid']));
 		}
 	} else  $headmsg = 'Diese Mail ist nicht für Dich!';
 }else{
@@ -35,13 +34,16 @@ if ($_GET['auszahlen']!='true') {
    	buchungsliste (create_code(14),$mail['verdienst'],'Paidmailverdienst',$mail['uid']);
    	refumsatz ($mail['verdienst'],$mail['uid']);
    	rallysystem ($mail['uid'],'2',$mail['verdienst']);
-        bilanz(0,$mail['verdienst']);
+      bilanz(0,$mail['verdienst']);
-    	db_query("UPDATE ".$db_prefix."_paidmails_empfaenger SET status=1 WHERE tan='".$_GET['tan']."' and uid=".$_GET['uid']." LIMIT 1");
+    	$sql = sql::$db->prepare ("UPDATE `"._VMS_."_paidmails_empfaenger` SET `status` = 1 WHERE `tan` = ? and `uid` = ? LIMIT 1");
-    	db_query("UPDATE ".$db_prefix."_paidmails_versendet SET bestaedigt=bestaedigt+1 WHERE tan='".$_GET['tan']."'  LIMIT 1");
+    	$sql -> execute(array($_GET['tan'], $_GET['uid']));
-    	$headmsg = $mail['verdienst'].' '.$waehrung.' gutgeschrieben!';
+    	$sql = sql::$db->prepare ("UPDATE `"._VMS_."_paidmails_versendet` SET `bestaedigt` = `bestaedigt` + 1 WHERE `tan` = ?  LIMIT 1");
+        $sql -> execute(array($_GET['tan']));
+    	$headmsg = $mail['verdienst'].' '.$system['waehrung'].' gutgeschrieben!';
 	} else {
        $headmsg = 'Wartezeit umgangen! Paidmail ungültig!';
-        db_query("UPDATE ".$db_prefix."_paidmails_empfaenger SET status=2 WHERE tan='".$_GET['tan']."' and uid=".$_GET['uid']." LIMIT 1");
+        $sql = sql::$db->prepare ("UPDATE `"._VMS_."_paidmails_empfaenger` SET `status` = 2 WHERE `tan` = ? and `uid` = ? LIMIT 1");
+        $sql -> execute(array($_GET['tan'], $_GET['uid']));
 	}
 }
@@ -55,10 +57,9 @@ echo '
    <body bgcolor="#c0c0c0" topmargin="0" leftmargin="0">
        <table width="100%" cellpadding="0" cellspacing="0" border="0" align="left">
            <tr>
-            <td align="left" width="50%"><b>'.$seitenname.' ist für den Inhalt nicht verantwortlich.</b></td>
+            <td align="left" width="50%"><b>'.$system['seitenname'].' ist für den Inhalt nicht verantwortlich.</b></td>
            <td align="right" width="50%"><b>'.$headmsg.'</b>&nbsp;&nbsp;&nbsp;&nbsp;</td>
            </tr>
        </table>
    </body>
 </html>';
-db_close();
\ No newline at end of file
No results found