Commit 04072547 authored by Joel Kuder's avatar Joel Kuder

change old SQL to New SQL class

- Changes by user "n00dl3supp3"
parent c287aa76
......@@ -12,8 +12,8 @@ head("Letzte 14 Tage");
<td align="center">Bilanz</td>
</tr>';
$sql = db_query("SELECT ein,aus,date FROM ".$db_prefix."_bilanz ORDER BY date DESC");
while ($bilanz = mysql_fetch_assoc($sql)){
$sql = sql::$db->query("SELECT ein,aus,date FROM "._VMS_."_bilanz ORDER BY date DESC");
while ($bilanz = $sql -> fetch() ) {
echo '
<tr>
<td align="center">'.date("d.m.Y",$bilanz['date']).'</td>
......
......@@ -4,11 +4,15 @@ if (!isset($_GET['tan'])) $_GET['tan'] = '';
if (!isset($_GET['loeschen'])) $_GET['loeschen'] = '';
if ($_GET['loeschen'] == 'true' && $_GET['tan']) {
db_query("DELETE FROM " . $db_prefix . "_gebuchte_werbung WHERE tan='" . $_GET['tan'] . "' and sponsor='administrator' LIMIT 1");
$sql = sql::$db->prepare("DELETE FROM " . _VMS_ . "_gebuchte_werbung WHERE tan=? and sponsor='administrator' LIMIT 1");
$sql->execute(array($_GET['tan']));
}
$forcedbanner = db_query("SELECT * FROM " . $db_prefix . "_gebuchte_werbung WHERE sponsor='administrator' and werbeart = 'forcedbanner' and status = '1' ORDER BY kid ASC");
while ($anzeigen = mysql_fetch_array($forcedbanner)) {
$forcedbanner = sql::$db->query("SELECT * FROM " . _VMS_ . "_gebuchte_werbung WHERE sponsor='administrator' and werbeart = 'forcedbanner' and status = '1' ORDER BY kid ASC");
if ($forcedbanner->rowCount() == 0) {
echo 'Keine Admin Kampagnen im System.';
}
while ($anzeigen = $forcedbanner->fetch() ) {
echo '
<table width="100%" cellpadding="0" cellspacing="1" border="0" bgcolor="#c0c0c0">
......
......@@ -5,14 +5,19 @@ if (!isset($_GET['loeschen'])) $_GET['loeschen'] = '';
if (!isset($_GET['blacklist'])) $_GET['blacklist'] = '';
if ($_GET['loeschen'] == 'true' && $_GET['kid']) {
db_query("DELETE FROM " . $db_prefix . "_gebuchte_werbung WHERE kid='" . $_GET['kid'] . "' and status = '2' and sponsor='" . $_GET['sponsor'] . "' LIMIT 1");
$sql = sql::$db->prepare("DELETE FROM " . _VMS_ . "_gebuchte_werbung WHERE kid=? AND status = '2' AND sponsor=? LIMIT 1");
$sql->execute(array($_GET['kid'], $_GET['sponsor']));
}
if ($_GET['blacklist'] == 'true' && $_GET['kid']) {
db_query("UPDATE " . $db_prefix . "_gebuchte_werbung SET status = '1' WHERE kid='" . $_GET['kid'] . "' and sponsor='" . $_GET['sponsor'] . "' LIMIT 1");
$sql = sql::$db->prepare("UPDATE " . _VMS_ . "_gebuchte_werbung SET status = '1' WHERE kid=? and sponsor=? LIMIT 1");
$sql->execute(array($_GET['kid'], $_GET['sponsor']));
}
$forcedbanner = db_query("SELECT * FROM " . $db_prefix . "_gebuchte_werbung WHERE werbeart = 'forcedbanner' and status = '2' ORDER BY kid ASC");
while ($anzeigen = mysql_fetch_array($forcedbanner)) {
$forcedbanner = sql::$db->query("SELECT * FROM " . _VMS_ . "_gebuchte_werbung WHERE werbeart = 'forcedbanner' and status = '2' ORDER BY kid ASC");
if ($forcedbanner->rowCount() == 0) {
echo 'Die Blacklist ist leer.';
}
while ($anzeigen = $forcedbanner->fetch() ) {
echo '
<table width="100%" cellpadding="0" cellspacing="1" border="0" bgcolor="#c0c0c0">
<tr bgcolor="#f0f0f0">
......
......@@ -7,45 +7,20 @@ if (!isset($_POST['einzahltext'])) $_POST['einzahltext'] = '';
if (!isset($_POST['auszahltext'])) $_POST['auszahltext'] = '';
if (isset($_POST['update'])) {
db_query("UPDATE " . $db_prefix . "_schnittstelle SET
betreiber_id='" . $_POST['betreiber_id'] . "',
betreiber_passwort='" . $_POST['betreiber_passwort'] . "',
betreiber_kennung='" . $_POST['betreiber_kennung'] . "',
schnittstelle='" . $_POST['schnittstelle'] . "',
einzahltext='" . $_POST['einzahltext'] . "',
auszahltext='" . $_POST['auszahltext'] . "',
einzahlsumme='" . $_POST['einzahlsumme'] . "',
auszahlsumme='" . $_POST['auszahlsumme'] . "',
anfragen_tag='" . $_POST['anfragen_tag'] . "',
aktiv='" . $_POST['aktiv'] . "',
punktewert='" . $_POST['punktewert'] . "',
waehrung_name='" . $_POST['waehrung_name'] . "',
anfragen_user='" . $_POST['anfragen_user'] . "',
wertepunkt = " . $_POST['wertepunkt'] . "
WHERE schnittstelle='" . $_POST['schnittstelle'] . "' LIMIT 1");
$sql = sql::$db->prepare("UPDATE " . _VMS_. "_schnittstelle SET
betreiber_id=?, betreiber_passwort=?, betreiber_kennung=?, schnittstelle=?, einzahltext=?, auszahltext=?, einzahlsumme=?, auszahlsumme=?, anfragen_tag=?, aktiv=?, punktewert=?, waehrung_name=?, anfragen_user=?, wertepunkt=? WHERE schnittstelle=? LIMIT 1");
$sql->execute(array( $_POST['betreiber_id'], $_POST['betreiber_passwort'], $_POST['betreiber_kennung'], $_POST['schnittstelle'], $_POST['einzahltext'], $_POST['auszahltext'], $_POST['einzahlsumme'], $_POST['auszahlsumme'], $_POST['anfragen_tag'], $_POST['aktiv'], $_POST['punktewert'], $_POST['waehrung_name'], $_POST['anfragen_user'], $_POST['wertepunkt'], $_POST['schnittstelle'] ));
}
if (isset($_POST['add'])) {
db_query("INSERT INTO ".$db_prefix."_schnittstelle SET
betreiber_id='" . $_POST['betreiber_id'] . "',
betreiber_passwort='" . $_POST['betreiber_passwort'] . "',
betreiber_kennung='" . $_POST['betreiber_kennung'] . "',
schnittstelle='" . $_POST['schnittstelle'] . "',
einzahltext='" . $_POST['einzahltext'] . "',
auszahltext='" . $_POST['auszahltext'] . "',
einzahlsumme='" . $_POST['einzahlsumme'] . "',
auszahlsumme='" . $_POST['auszahlsumme'] . "',
anfragen_tag='" . $_POST['anfragen_tag'] . "',
aktiv='" . $_POST['aktiv'] . "',
punktewert='" . $_POST['punktewert'] . "',
waehrung_name='" . $_POST['waehrung_name'] . "',
anfragen_user='" . $_POST['anfragen_user'] . "',
wertepunkt = " . $_POST['wertepunkt'] . "");
$sql = sql::$db->prepare("INSERT INTO " . _VMS_ . "_schnittstelle SET betreiber_id=?, betreiber_passwort=?, betreiber_kennung=?, schnittstelle=?, einzahltext=?, auszahltext=?, einzahlsumme=?, auszahlsumme=?, anfragen_tag=?, aktiv=?, punktewert=?, waehrung_name=?, anfragen_user=?, wertepunkt=?");
$sql->execute(array($_POST['betreiber_id'], $_POST['betreiber_passwort'], $_POST['betreiber_kennung'], $_POST['schnittstelle'], $_POST['einzahltext'], $_POST['auszahltext'], $_POST['einzahlsumme'], $_POST['auszahlsumme'], $_POST['anfragen_tag'], $_POST['aktiv'], $_POST['punktewert'], $_POST['waehrung_name'], $_POST['anfragen_user'], $_POST['wertepunkt']));
}
if (isset($_POST['del'])) {
db_query("DELETE FROM " . $db_prefix . "_schnittstelle WHERE schnittstelle='" . $_POST['schnittstelle'] . "' LIMIT 1");
$sql = sql::$db->prepare("DELETE FROM " . _VMS_ . "_schnittstelle WHERE schnittstelle = ? LIMIT 1");
$sql->execute(array($_POST['schnittstelle']));
}
......@@ -53,8 +28,8 @@ head("Betreiber w&auml;hlen");
echo '<form action="" method="post">
<input type="hidden" name="do" value="changeselect" />
<select name="schnittstelle">';
$interface = db_query("SELECT schnittstelle FROM " . $db_prefix . "_schnittstelle");
while ($interface_name = mysql_fetch_array($interface)) {
$interface = sql::$db->query("SELECT schnittstelle FROM " . _VMS_ . "_schnittstelle");
while ($interface_name = $interface->fetch() ) {
echo '<option value="' . $interface_name['schnittstelle'] . '" '.( (isset($_POST['schnittstelle']) AND $interface_name['schnittstelle'] == $_POST['schnittstelle']) ? 'selected="selected"' : '' ).'>' . $interface_name['schnittstelle'] . '</option>';
}
echo '</select>&nbsp;
......@@ -62,7 +37,8 @@ head("Betreiber w&auml;hlen");
</form>';
if (isset($_POST['schnittstelle'])){
$interface = mysql_fetch_array(mysql_query('SELECT * FROM '.$db_prefix.'_schnittstelle WHERE schnittstelle=\''.$_POST['schnittstelle'].'\' LIMIT 1'));
$sql = sql::$db->query("SELECT * FROM " . _VMS_ . "_schnittstelle WHERE schnittstelle='".$_POST['schnittstelle']."' LIMIT 1");
$interface = $sql->fetch();
}
echo '<form action="" method="post">
<input type="hidden" name="schnittstelle" value="' . $_POST['schnittstelle'] . '" />
......
......@@ -6,8 +6,9 @@
<td align="center">URL</td>
</tr>
<?php
$crons = db_query("SELECT * FROM " . $db_prefix . "_crons");
while ($crontabelle = mysql_fetch_array($crons)) {
$i = 0;
$crons = sql::$db->query("SELECT * FROM " . _VMS_ . "_crons");
while ($crontabelle = $crons->fetch() ) {
$i++;
$row = ($i % 2 == 0) ? 0 : 1;
......
......@@ -2,21 +2,11 @@
if (!isset($_POST['updaten'])) $_POST['updaten'] = '';
if ($_POST['updaten'] == 'Updaten !') {
db_query("UPDATE ".$db_prefix."_seitenkonfig SET
denied_domains='".$_POST['denied_domains']."',
wartung='".$_POST['wartung']."',
einzahlgrenze='".$_POST['einzahlgrenze']."',
re1='".$_POST['re1']."',
re2='".$_POST['re2']."',
re3='".$_POST['re3']."',
min_betteln = '".$_POST['min_betteln']."',
max_betteln = '".$_POST['max_betteln']."',
reload_betteln = '".$_POST['reload_betteln']."',
admin_name='".$_POST['admin_name']."',
admin_pass='".$_POST['admin_pass']."'
LIMIT 1") or die(mysql_error());
$sql = sql::$db->prepare("UPDATE " . _VMS_ . "_seitenkonfig SET denied_domains=?, wartung=?, einzahlgrenze=?, re1=?, re2=?, re3=?, min_betteln=?, max_betteln=?, reload_betteln=?, admin_name=?, admin_pass=? LIMIT 1");
$sql->execute(array($_POST['denied_domains'], $_POST['wartung'], $_POST['einzahlgrenze'], $_POST['re1'], $_POST['re2'], $_POST['re3'], $_POST['min_betteln'], $_POST['max_betteln'], $_POST['reload_betteln'], $_POST['admin_name'], $_POST['admin_pass']));
}
$interface = mysql_fetch_array(db_query("SELECT * FROM ".$db_prefix."_seitenkonfig LIMIT 1"));
$sql = sql::$db->query("SELECT * FROM " . _VMS_ . "_seitenkonfig LIMIT 1");
$interface = $sql->fetch();
head("Webseiteneinstellungen"); ?>
<form action="" method="post">
......
<?php
if (!isset($titel)) $titel = '';
if (!isset($news)) $news = '';
if (!isset($_POST['news2'])) $_POST['news2'] = '';
if (!isset($_POST['news3'])) $_POST['news3'] = '';
if (!isset($_POST['news4'])) $_POST['news4'] = '';
if (!isset($id)) $id = '0';
if (!isset($_POST['auffuehren'])) $_POST['auffuehren'] = '0';
if (!isset($_POST['load'])) $_POST['load'] = '0';
if (!isset($_POST['loader'])) $_POST['loader'] = '0';
if ($_POST['news4'] == 'seite') {
db_query("UPDATE " . $db_prefix . "_kontodaten SET news='1' WHERE 1");
if ($_POST['id'] == 0) db_query("INSERT INTO " . $db_prefix . "_news (zeit,titel,news) VALUES ('" . time() . "','" . $_POST['titel'] . "','" . $_POST['news'] . "')");
if ($_POST['id'] >= 1) db_query("UPDATE " . $db_prefix . "_news SET titel='" . $_POST['titel'] . "',news='" . $_POST['news'] . "' WHERE id='" . $_POST['id'] . "'");
$sql = sql::$db->query("UPDATE " . _VMS_ . "_kontodaten SET news='1' WHERE 1");
$sql->execute();
if ($_POST['id'] == 0){
$sql=sql::$db->prepare("INSERT INTO " . _VMS_ . "_news (zeit,titel,news) VALUES (?,?,?)");
$zeit=time();
$sql->execute(array($zeit, $_POST['titel'], $_POST['news']));
}
if ($_POST['id'] >= 1){
$sql=sql::$db->prepare("UPDATE " . _VMS_ . "_news SET titel=?,news=? WHERE id=?");
$sql->execute(array($_POST['titel'], $_POST['news'], $_POST['id']));
}
}
if ($_POST['news2'] == 'Newsletter und seite') {
db_query("UPDATE " . $db_prefix . "_kontodaten SET news='1' WHERE 1");
if ($_POST['id'] == 0) db_query("INSERT INTO " . $db_prefix . "_news (zeit,titel,news) VALUES ('" . time() . "','" . $_POST['titel'] . "','" . $_POST['news'] . "')");
if ($_POST['id'] >= 1) db_query("UPDATE " . $db_prefix . "_news SET titel='" . $_POST['titel'] . "',news='" . $_POST['news'] . "' WHERE id='" . $_POST['id'] . "'");
$empfaenger = db_query('SELECT emailadresse FROM ' . $db_prefix . '_emaildaten WHERE freigabe_fuer = 1 OR freigabe_fuer = 3 GROUP BY emailadresse');
while ($user = mysql_fetch_assoc($empfaenger)) usermail ($user['emailadresse'], $_POST['titel'], $_POST['news'], '"' . $seitenname . '" <' . $betreibermail . '>');
$sql = sql::$db->query("UPDATE " . _VMS_ . "_kontodaten SET news='1' WHERE 1");
$sql->execute();
if ($_POST['id'] == 0){
$sql=sql::$db->prepare("INSERT INTO " . _VMS_ . "_news (zeit,titel,news) VALUES (?,?,?)");
$zeit=time();
$sql->execute(array($zeit, $_POST['titel'], $_POST['news']));
}
if ($_POST['id'] >= 1){
$sql=sql::$db->prepare("UPDATE " . _VMS_ . "_news SET titel=?,news=? WHERE id=?");
$sql->execute(array($_POST['titel'], $_POST['news']), $_POST['id']);
}
$empfaenger=sql::$db->query('SELECT emailadresse FROM ' . _VMS_ . '_emaildaten WHERE freigabe_fuer = 1 OR freigabe_fuer = 3 GROUP BY emailadresse');
while ($user = $empfaenger->fetch()){
usermail ($user['emailadresse'], $_POST['titel'], $_POST['news'], '"' . $seitenname . '" <' . $betreibermail . '>');
}
}
if ($_POST['news3'] == 'Newsletter') {
db_query("UPDATE " . $db_prefix . "_kontodaten SET news='1' WHERE 1");
$empfaenger = db_query('SELECT emailadresse FROM ' . $db_prefix . '_emaildaten WHERE freigabe_fuer = 1 OR freigabe_fuer = 3 GROUP BY emailadresse');
while ($user = mysql_fetch_assoc($empfaenger)) usermail ($user['emailadresse'], $_POST['titel'], $_POST['news'], '"' . $seitenname . '" <' . $betreibermail . '>');
$sql = sql::$db->query("UPDATE " . _VMS_ . "_kontodaten SET news='1' WHERE 1");
$sql->execute();
$empfaenger=sql::$db->query('SELECT emailadresse FROM ' . _VMS_ . '_emaildaten WHERE freigabe_fuer = 1 OR freigabe_fuer = 3 GROUP BY emailadresse');
while ($user = $empfaenger->fetch()){
usermail ($user['emailadresse'], $_POST['titel'], $_POST['news'], '"' . $seitenname . '" <' . $betreibermail . '>');
}
}
if ($_POST['load'] == 'Editieren') {
$edit = mysql_fetch_array(db_query("SELECT * FROM " . $db_prefix . "_news WHERE id='" . $_POST['loader'] . "'"));
$sql=sql::$db->query("SELECT * FROM " . _VMS_ . "_news WHERE id='" . $_POST['loader'] . "'");
$edit=$sql->fetch();
$titel = $edit['titel'];
$news = $edit['news'];
$id = $edit['id'];
}
if ($_POST['load'] == 'Löschen') {
db_query("DELETE FROM " . $db_prefix . "_news WHERE id='" . $_POST['loader'] . "'");
$sql=sql::$db->prepare("DELETE FROM " . _VMS_ . "_news WHERE id=?");
$sql->execute(array($_POST['loader']));
}
head("News editieren / löschen");
......@@ -43,8 +69,8 @@ head("News editieren / löschen");
<td>
<select name="loader" size="1">
<?php
$old_news = db_query("SELECT * FROM " . $db_prefix . "_news ORDER BY id DESC");
while ($load = mysql_fetch_array($old_news)) {
$old_news = sql::$db->query("SELECT * FROM " . _VMS_ . "_news ORDER BY id DESC");
while ($load = $old_news->fetch()) {
echo '<option value="' . $load['id'] . '">(' . $load['id'] . ') - ' . $load['titel'] . ' (' . date("d.m.Y - H:i", $load['zeit']) . ')</option>';
}
......
<?php
if (!isset($_POST['eintragen'])) $_POST['eintragen'] = "";
if (!isset($_POST['rally'])) $_POST['rally'] = "";
// neuen Rank eintragen, ändern oder löschen
if ($_POST['eintragen'] == 'Neue Position') {
db_query("INSERT INTO " . $db_prefix . "_rallyorte (id, name, welche_rallys) VALUES (NULL, '" . $_POST['name'] . "','" . implode(',', array_keys($_POST['rally'])) . "');");
Echo '<b><font size="+2" color="#087102">Eintragung erfolgreich!</font></b>';
$sql = sql::$db->prepare("INSERT INTO " . _VMS_ . "_rallyorte (id, name, welche_rallys) values(?,?,?)");
$values = implode(',', array_keys($_POST['rally']) );
$sql->execute(array(NULL, $_POST['name'], $values));
echo '<b><font size="+2" color="#087102">Eintragung erfolgreich!</font></b>';
} ;
if ($_POST['eintragen'] == 'Loeschen') {
db_query("DELETE FROM " . $db_prefix . "_rallyorte WHERE id = '" . $_POST['id'] . "';");
Echo '<b><font size="+2" color="#087102">Eintrag erfolgreich gel&ouml;scht!</font></b>';
$sql = sql::$db->prepare("DELETE FROM " . _VMS_ . "_rallyorte WHERE id = ?;");
$sql->execute(array($_POST['id']));
echo '<b><font size="+2" color="#087102">Eintrag erfolgreich gel&ouml;scht!</font></b>';
} ;
if ($_POST['eintragen'] == 'Aendern') {
db_query("UPDATE " . $db_prefix . "_rallyorte SET welche_rallys='" . implode(',', array_keys($_POST['rally'])) . "' WHERE id='" . $_POST['id'] . "';");
Echo '<b><font size="+2" color="#087102">&Auml;nderung erfolgreich!</font></b>';
$sql = sql::$db->prepare("UPDATE " . _VMS_ . "_rallyorte SET welche_rallys=? WHERE id=?;");
$values = implode(',', array_keys($_POST['rally']) );
$sql->execute(array($values, $_POST['id']));
echo '<b><font size="+2" color="#087102">&Auml;nderung erfolgreich!</font></b>';
} ;
if ($_POST['rally'] == 'Eintragen') {
db_query("INSERT INTO `vms_rallydaten`
(`id`, `name`, `beschrieb`, `status`, `start`, `ende_art`, `ende_zeit`, `ende_punkte`, `ende_punkte_aktuell`, `ende_punkte_anzahl`, `ende_formulierung`, `ende_vortschritt`, `gewinn_art`, `gewinn_dyn_steigerung`, `gewinn_topf`, `gewinner_anzahl`, `mindestpunktzhl`, `sperruser`, `tagpotstart`, `einheit`)
VALUES (NULL, '" . $_POST['rallyname'] . "', ' ', 'deaktiviert', '0', 'zeit', '0', '0', '0.00', '0', ' ', 'datum', 'statisch', '0.00', '0.00', '0', '0', ' ', '0', ' ' )");
Echo '<b><font size="+2" color="#087102">Eintragung erfolgreich!</font></b>';
$sql = sql::$db->prepare("INSERT INTO " . _VMS_ . "_rallydaten (`id`, `name`, `beschrieb`, `status`, `start`, `ende_art`, `ende_zeit`, `ende_punkte`, `ende_punkte_aktuell`, `ende_punkte_anzahl`, `ende_formulierung`, `ende_vortschritt`, `gewinn_art`, `gewinn_dyn_steigerung`, `gewinn_topf`, `gewinner_anzahl`, `mindestpunktzhl`, `sperruser`, `tagpotstart`, `einheit`) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)");
$sql->execute(array( NULL, $_POST['rallyname'] , ' ', 'deaktiviert', '0', 'zeit', '0', '0', '0.00', '0', ' ', 'datum', 'statisch', '0.00', '0.00', '0', '0', ' ', '0', ' ' ));
echo '<b><font size="+2" color="#087102">Eintragung erfolgreich!</font></b>';
} ;
if ($_POST['rally'] == 'Loeschen') {
db_query("DELETE FROM " . $db_prefix . "_rallydaten WHERE id = '" . $_POST['id'] . "';");
Echo '<b><font size="+2" color="#087102">Eintrag erfolgreich gel&ouml;scht!</font></b>';
$sql = sql::$db->prepare("DELETE FROM " . _VMS_ . "_rallydaten WHERE id = ?;");
$sql->execute(array($_POST['id']));
echo '<b><font size="+2" color="#087102">Eintrag erfolgreich gel&ouml;scht!</font></b>';
} ;
head("<b><center>Rallys im System </center></b>");
......@@ -30,8 +37,9 @@ head("<b><center>Rallys im System </center></b>");
<td align="center"><strong>Name</strong></td>
<td align="center"><strong>Bearbeiten der einzelnen Rallys</strong></td>
</tr>
<?php $rally = db_query("SELECT * FROM " . $db_prefix . "_rallydaten");
while ($rall = mysql_fetch_array($rally)) {?>
<?php
$rally=sql::$db->query("SELECT * FROM " . _VMS_ . "_rallydaten");
while ($rall = $rally->fetch()) {?>
<form action="" method="post">
<tr bgcolor="#d0d0d0" >
<td align="center"><strong><?php echo $rall['name'];?></strong></td>
......@@ -74,11 +82,12 @@ while ($rall = mysql_fetch_array($rally)) {?>
<td align="center"><strong>Welche Rallys</strong></td>
<td align="center"><strong>Bearbeiten<br>der <br>einzelnen <br>Positionen</strong></td>
</tr>
<?php $ap_anzeige = db_query("SELECT * FROM " . $db_prefix . "_rallyorte ORDER BY id ASC");
while ($ap = mysql_fetch_array($ap_anzeige)) {
$rallynamen = db_query("SELECT id, name FROM " . $db_prefix . "_rallydaten");
<?php
$ap_anzeige=sql::$db->query("SELECT * FROM " . _VMS_ . "_rallyorte ORDER BY id ASC");
while ($ap = $ap_anzeige->fetch()) {
$rallynamen = sql::$db->query("SELECT id, name FROM " . _VMS_ . "_rallydaten");
$rallys = '';
while ($rallyname = mysql_fetch_array($rallynamen)) {
while ($rallyname = $rallynamen->fetch()) {
$checked = '';
$arrays = explode (',', $ap['welche_rallys']);
if (in_array($rallyname['id'], $arrays)) $checked = 'checked="checked"';
......@@ -102,9 +111,9 @@ while ($ap = mysql_fetch_array($ap_anzeige)) {
<?php head("<b><center> Neue Position eintragen</center></b>");
$rallynamenneu = db_query("SELECT id, name FROM " . $db_prefix . "_rallydaten");
$rallynamenneu = sql::$db->query("SELECT id, name FROM " . _VMS_ . "_rallydaten");
$rallysneu = '';
while ($rallynameneu = mysql_fetch_array($rallynamenneu)) {
while ($rallynameneu = $rallynamenneu->fetch()) {
$rallysneu .= '<input type="checkbox" value="1" name="rally[' . $rallynameneu['id'] . ']"> ' . $rallynameneu['name'] . '<br>';
}
?>
......
This diff is collapsed.
<?php if($_SESSION['admin'] != 1){
<?php
if (!isset($_POST['monat'])) $_POST['monat'] = 0;
if (!isset($_POST['tag'])) $_POST['tag'] = 0;
if (!isset($_POST['jahr'])) $_POST['jahr'] = 0;
if($_SESSION['admin'] != 1){
echo '<center>
<b>Adminlogin</b>
......@@ -26,7 +35,8 @@
<td width="100%" valign="top">';
head("Userstatistik");
$kontostats = mysql_fetch_array(db_query("SELECT COUNT(uid) AS kd_uid , SUM(kontostand) AS kd_kontostand FROM ".$db_prefix."_kontodaten"));
$sql = sql::$db->query("SELECT COUNT(uid) AS kd_uid , SUM(kontostand) AS kd_kontostand FROM "._VMS_."_kontodaten");
$kontostats = $sql -> fetch();
echo '<table width="100%" border="0" cellpadding="0" cellspacing="1" bgcolor="#c0c0c0">
<tr bgcolor="#f0f0f0">
<td width="55%">Angemeldete User</td>
......@@ -81,9 +91,9 @@ foot();
if ($_POST['anzeigen'] == 'anzeigen !')
{
$result=mysql_query("SELECT t1.emailadresse AS email,t1.uid,t2.kontostand,t3.nickname FROM ".$db_prefix."_emaildaten AS t1, vms_kontodaten AS t2,vms_userdaten AS t3 WHERE t1.uid = t2.uid AND t2.uid = t3.uid AND last_active < ".$timestamp."");
$sql = sql::$db->query("SELECT t1.emailadresse AS email,t1.uid,t2.kontostand,t3.nickname FROM "._VMS_."_emaildaten AS t1, vms_kontodaten AS t2,vms_userdaten AS t3 WHERE t1.uid = t2.uid AND t2.uid = t3.uid AND last_active < ".$timestamp);
$konto='0';
while($row=mysql_fetch_array($result))
while($row = $sql -> fetch() )
{
$konto= $konto+$row['kontostand'];
$anzahl++;
......@@ -95,15 +105,25 @@ foot();
</tr></table>
";
if ($_POST['inaktive'] == '1') {
db_query ('DELETE FROM '.$db_prefix.'_kontodaten WHERE uid = '.$row['uid']);
db_query ('DELETE FROM '.$db_prefix.'_emaildaten WHERE uid = '.$row['uid']);
db_query ('DELETE FROM '.$db_prefix.'_userdaten WHERE uid = '.$row['uid']);
db_query ('DELETE FROM '.$db_prefix.'_werberdaten WHERE uid = '.$row['uid']);
db_query ('UPDATE '.$db_prefix.'_werberdaten SET werber = 0 WHERE werber = '.$row['uid']);
db_query ('DELETE FROM '.$db_prefix.'_admin_abuse WHERE uid = '.$row['uid']);
db_query ('DELETE FROM vms_buchungen WHERE uid = '.$row['uid']);
db_query ('DELETE FROM vms_reloads WHERE uid = '.$row['uid']);
db_query ('DELETE FROM vms_schnittstelle_anfragen WHERE uid = '.$row['uid']);
$sql = sql::$db->prepare("DELETE FROM "._VMS."_kontodaten WHERE uid = ?");
$sql->execute(array($row['uid']));
$sql = sql::$db->prepare("DELETE FROM "._VMS."_emaildaten WHERE uid = ?");
$sql->execute(array($row['uid']));
$sql = sql::$db->prepare("DELETE FROM "._VMS."_userdaten WHERE uid = ?");
$sql->execute(array($row['uid']));
$sql = sql::$db->prepare("DELETE FROM "._VMS."_werberdaten WHERE uid = ?");
$sql->execute(array($row['uid']));
$sql = sql::$db->prepare("UPDATE "._VMS."_werberdaten SET werber = 0 WHERE werber = ?");
$sql->execute(array($row['uid']));
$sql = sql::$db->prepare("DELETE FROM "._VMS."_admin_abuse WHERE uid = ?");
$sql->execute(array($row['uid']));
$sql = sql::$db->prepare("DELETE FROM "._VMS."_buchungen WHERE uid = ?");
$sql->execute(array($row['uid']));
$sql = sql::$db->prepare("DELETE FROM "._VMS."_reloads WHERE uid = ?");
$sql->execute(array($row['uid']));
$sql = sql::$db->prepare("DELETE FROM "._VMS."_schnittstelle_anfragen WHERE uid = ?");
$sql->execute(array($row['uid']));
echo '<font color="#00d000">User Gel&ouml;scht</font><br />';
$infotext= ' Hallo '.$row['nickname'].'
......
......@@ -5,14 +5,14 @@
<td align="center"><b>IP-Adresse</b></td>
</tr>
<?php
$sql = db_query("SELECT `login_ip`, COUNT(*) AS `anzahl` FROM `" . $db_prefix . "_kontodaten` GROUP BY `login_ip` HAVING COUNT(*) > 1") or die(mysql_error());
if (!mysql_num_rows($sql)) {
$sql = sql::$db->query("SELECT `login_ip`, COUNT(*) AS `anzahl` FROM `" . _VMS_ . "_kontodaten` GROUP BY `login_ip` HAVING COUNT(*) > 1") or die(mysql_error());
if ($sql->rowCount() == 0) {
echo '
<tr>
<td colspan="2" align="center"><font color="green">Keine Doppelten IP-Adressen im System</font></td>
</tr>';
} else {
while ($fake1 = mysql_fetch_assoc($sql)) {
while ($fake1 = $sql -> fetch() ) {
echo '
<tr>
<td>' . $fake1['anzahl'] . '</td>
......@@ -25,14 +25,14 @@ if (!mysql_num_rows($sql)) {
?>
</table>
<?php
if ($_GET['ip']) {
$ip = db_query("SELECT k.uid,u.nickname FROM
" . $db_prefix . "_kontodaten AS k
LEFT JOIN " . $db_prefix . "_userdaten AS u ON u.uid=k.uid
if (isset($_GET['ip'])) {
$ip = sql::$db->query("SELECT k.uid,u.nickname FROM
" . _VMS_ . "_kontodaten AS k
LEFT JOIN " . _VMS_ . "_userdaten AS u ON u.uid=k.uid
WHERE k.login_ip='" . addslashes($_GET['ip']) . "'");
echo "<p>User mit der IP " . $_GET['ip'] . ":</p>";
while ($doppelt = mysql_fetch_assoc($ip)) {
while ($doppelt = $ip -> fetch() ) {
echo "<a href='?content=/usersystem/userbearbeiten&uid=" . $doppelt['uid'] . "'>" . $doppelt['nickname'] . "</a><br>";
}
}
......@@ -49,8 +49,8 @@ foot();
<td align="center"><b>md5Hash</b></td>
</tr>
<?php
$sql2 = db_query("SELECT `passwort`, COUNT(*) AS `anzahl` FROM `" . $db_prefix . "_kontodaten` GROUP BY `passwort` HAVING COUNT(*) > 1") or die(mysql_error());
if (!mysql_num_rows($sql)) {
$sql2 = sql::$db->query("SELECT `passwort`, COUNT(*) AS `anzahl` FROM `" . _VMS_ . "_kontodaten` GROUP BY `passwort` HAVING COUNT(*) > 1") or die(mysql_error());
if ($sql2->rowCount() == 0) {
echo '
<tr>
<td colspan="2" align="center"><font color="green">Keine Doppelten Passwörter im System</font></td>
......
<?php
$i=0;
$gfx_status[0] = '<img src="images/gelb.gif" width="15" height="15" border="0" alt="Nicht freigeschaltet">';
$gfx_status[1] = '<img src="images/gruen.gif" width="15" height="15" border="0" alt="O.K.">';
$gfx_status[2] = '<img src="images/rot.gif" width="15" height="15" border="0" alt="Gesperrt">';
......@@ -16,13 +17,13 @@ head("Userliste");
<td align="center"><b>Angemeldet</b></td>
</tr>
<?php
$userliste = db_query("SELECT k.uid,k.status,k.kontostand,u.nickname,u.vorname,u.nachname,u.angemeldet_seit,e.emailadresse
FROM " . $db_prefix . "_kontodaten AS k
LEFT JOIN " . $db_prefix . "_userdaten AS u ON u.uid=k.uid
LEFT JOIN " . $db_prefix . "_emaildaten AS e ON e.uid=k.uid
$sql = sql::$db->query ("SELECT k.uid,k.status,k.kontostand,u.nickname,u.vorname,u.nachname,u.angemeldet_seit,e.emailadresse
FROM " . _VMS_ . "_kontodaten AS k
LEFT JOIN " . _VMS_ . "_userdaten AS u ON u.uid=k.uid
LEFT JOIN " . _VMS_ . "_emaildaten AS e ON e.uid=k.uid
ORDER BY k.uid ASC");
while ($ausgabe = mysql_fetch_array($userliste)) {
while ($ausgabe = $sql -> fetch() ) {
$i++;
$row = ($i % 2 == 0) ? 0 : 1;
......
......@@ -16,6 +16,8 @@ function ShowUserInfo (art) {
<?php
if (!isset ($_POST['buchungsart'])) $_POST['buchungsart'] = '';
if (!isset ($_POST['buchungsmenge'])) $_POST['buchungsmenge'] = '';
// Variable _GET['uid'] pruefen
if (!empty ($_GET['uid'])) $_POST['uid'] = $_GET['uid'];
$_POST['uid'] = (int)$_POST['uid'];
......@@ -23,9 +25,14 @@ if (empty ($_POST['uid'])) die ('Keine korrekte User-ID &uuml;bergeben!');
// Allgemeine Daten speichern
if (isset ($_POST['profile'])) {
db_query ('UPDATE '.$db_prefix.'_userdaten SET nickname = "'.$_POST['nickname'].'", vorname = "'.$_POST['vorname'].'", nachname = "'.$_POST['nachname'].'" WHERE uid = '.$_POST['uid']);
db_query ('UPDATE '.$db_prefix.'_emaildaten SET emailadresse = "'.$_POST['emailadresse'].'", freigabe_fuer = "'.$_POST['freigabe_fuer'].'" WHERE uid = '.$_POST['uid']);
if ($_POST['werber'] != $_POST['alt_werber'] && $_POST['werber'] != $_POST['uid']) db_query ('UPDATE '.$db_prefix.'_werberdaten SET werber = "'.$_POST['werber'].'", umsatz = 0, zuordnungszeit = 0, reset = 0, resetzeit = 0, gesamt = 0, refback = 0, aktivzeit = 0 WHERE uid = '.$_POST['uid']);
$sql = sql::$db->prepare('UPDATE '._VMS_.'_userdaten SET nickname = ?, vorname = ?, nachname = ? WHERE uid = ?');
$sql -> execute(array($_POST['nickname'], $_POST['vorname'], $_POST['nachname'], $_POST['uid']));
$sql = sql::$db->prepare('UPDATE '._VMS_.'_emaildaten SET emailadresse = ?, freigabe_fuer = ? WHERE uid = ?');
$sql -> execute(array($_POST['emailadresse'], $_POST['freigabe_fuer'], $_POST['uid']));
if ($_POST['werber'] != $_POST['alt_werber'] && $_POST['werber'] != $_POST['uid']){
$sql = sql::$db->prepare('UPDATE '._VMS_.'_werberdaten SET werber = ?, umsatz = 0, zuordnungszeit = 0, reset = 0, resetzeit = 0, gesamt = 0, refback = 0, aktivzeit = 0 WHERE uid = ?');
$sql -> execute(array($_POST['werber'], $_POST['uid']));
}
}
// Betrag verbuchen
......@@ -35,10 +42,14 @@ if (isset ($_POST['finanze'])) {
buchungsliste ($buchungs_id, $_POST['buchungsart'].$_POST['buchungssumme'], $_POST['buchungstext'].' (Admin)', $_POST['uid']);
kontobuchung ($_POST['buchungsart'], $_POST['buchungssumme'], $_POST['uid']);
if ($_POST['art'] == '+'){
$ausgabe = $_POST['buchungsmenge'];
}else{
$einnahme = $_POST['buchungsmenge'];
if ($_POST['buchungsart'] == '+') {
$einnahme = 0;
$ausgabe = $_POST['buchungssumme'];
}
if ($_POST['buchungsart'] == '-') {
$einnahme = $_POST['buchungssumme'];
$ausgabe = 0;
}
bilanz($einnahme,$ausgabe);
......@@ -61,31 +72,43 @@ if (isset ($_POST['access'])) {
if ($_POST['status'] != 'loeschen') {
$_POST['status'] = (int)$_POST['status'];
db_query ('UPDATE '.$db_prefix.'_kontodaten SET status = '.$_POST['status'].', hinweis = "'.$_POST['hinweis'].'" WHERE uid = '.$_POST['uid']);
$sql = sql::$db->prepare('UPDATE '._VMS_.'_kontodaten SET status = ?, hinweis = ? WHERE uid = ?');
$sql -> execute(array($_POST['status'], $_POST['hinweis'], $_POST['uid']));
} else {
$sperrzeit = ( time() + ( 86400 * 365 ) );
db_query ('INSERT INTO '.$db_prefix.'_userblacklist (uid,zeit) VALUES ('.$_POST['uid'].','.$sperrzeit.')');
db_query ('DELETE FROM '.$db_prefix.'_kontodaten WHERE uid = '.$_POST['uid']);
db_query ('DELETE FROM '.$db_prefix.'_emaildaten WHERE uid = '.$_POST['uid']);
db_query ('DELETE FROM '.$db_prefix.'_userdaten WHERE uid = '.$_POST['uid']);
db_query ('DELETE FROM '.$db_prefix.'_werberdaten WHERE uid = '.$_POST['uid']);
db_query ('UPDATE '.$db_prefix.'_werberdaten SET werber = 0 WHERE werber = '.$_POST['uid']);
$sql = sql::$db->prepare("INSERT INTO "._VMS_."_userblacklist (uid,zeit) VALUES (?,?)");
$sql->execute(array($_POST['uid'], $sperrzeit));
$sql = sql::$db->prepare("DELETE FROM "._VMS_."_kontodaten WHERE uid = ?");
$sql -> execute(array($_POST['uid']));
$sql = sql::$db->prepare("DELETE FROM "._VMS_."_emaildaten WHERE uid = ?");
$sql -> execute(array($_POST['uid']));
$sql = sql::$db->prepare("DELETE FROM "._VMS_."_userdaten WHERE uid = ?");
$sql -> execute(array($_POST['uid']));
$sql = sql::$db->prepare("DELETE FROM "._VMS_."_werberdaten WHERE uid = ?");
$sql -> execute(array($_POST['uid']));
$sql = sql::$db->prepare('UPDATE '._VMS_.'_werberdaten SET werber = 0 WHERE werber = ?');
$sql -> execute(array($_POST['uid']));
echo '<meta http-equiv="refresh" content="0; URL=index.php?content=/usersystem/liste">';
}
}
// Notizen speichern
if (isset ($_POST['notice'])) {
db_query ('UPDATE '.$db_prefix.'_userdaten SET notizen = "'.$_POST['notizen'].'" WHERE uid = '.$_POST['uid']);
$notizsql = sql::$db->prepare("UPDATE "._VMS_."_userdaten SET notizen = :notiz WHERE uid = :uid");
$notizsql -> execute(array('notiz' => $_POST['notizen'], 'uid' => $_POST['uid']));
}
// Daten einlesen
$sql = db_query ('SELECT * FROM '.$db_prefix.'_kontodaten t1, '.$db_prefix.'_userdaten t2, '.$db_prefix.'_emaildaten t3, '.$db_prefix.'_werberdaten t4 WHERE t1.uid = '.$_POST['uid'].' AND t2.uid = '.$_POST['uid'].' AND t3.uid = '.$_POST['uid'].' AND t4.uid = '.$_POST['uid'].' LIMIT 1');
if (mysql_num_rows ($sql) == 0) die ('Die angegebene User-ID existiert nicht!');
$alledaten = mysql_fetch_assoc ($sql);
?>
$sql = sql::$db->query('SELECT * FROM '._VMS_.'_kontodaten t1, '._VMS_.'_userdaten t2, '._VMS_.'_emaildaten t3, '._VMS_.'_werberdaten t4 WHERE t1.uid = '.$_POST['uid'].' AND t2.uid = '.$_POST['uid'].' AND t3.uid = '.$_POST['uid'].' AND t4.uid = '.$_POST['uid'].' LIMIT 1');
if ($sql->rowCount() == 0) die ('Die angegebene User-ID existiert nicht!');
$alledaten = $sql->fetch();
<?php head ('Bearbeiten des Users <i>'.$alledaten['nickname'].'</i> ('.$alledaten['uid'].')'); ?>
head ('Bearbeiten des Users <i>'.$alledaten['nickname'].'</i> ('.$alledaten['uid'].')'); ?>
<div style="text-align: center;">
<a href="javascript:ShowUserInfo(1);">Allgemeines</a> &middot;
<a href="javascript:ShowUserInfo(2);">Statistik</a> &middot;
......@@ -244,8 +267,9 @@ $alledaten = mysql_fetch_assoc ($sql);
<td align="center"><b>Verwendungszweck</b></td>
</tr>
<?php
$buchungen_lesen = db_query('SELECT * FROM '.$db_prefix.'_buchungen WHERE uid = '.$alledaten['uid'].' ORDER BY buchungszeit DESC LIMIT 250');
while ($buchung_schreiben = mysql_fetch_array($buchungen_lesen)) {
$buchungen_lesen = sql::$db->query('SELECT * FROM '._VMS_.'_buchungen WHERE uid = '.$alledaten['uid'].' ORDER BY buchungszeit DESC LIMIT 250');
$i=0;
while ($buchung_schreiben = $buchungen_lesen->fetch() ) {
$i++;
$buchcolor = ($buchung_schreiben['buchungsmenge'] > 0) ? $system['positiv_farbe'] : $system['negativ_farbe'];
$linecolor = ($i %2 == 0) ? 1 : 0;
......
......@@ -21,7 +21,8 @@ if ($_POST['buchen'] == 'Jetzt Buchen') {
if (!$buchungsfehler) {
$buchungs_id = create_code(32);
$reload = $_POST['reload'] * 60 * 60;
db_query("INSERT INTO " . $db_prefix . "_gebuchte_werbung (tan,ziel,banner,aufendhalt,menge,preis,verdienst,werbeart,status,reload,sponsor) VALUES ('" . $buchungs_id . "','" . $_POST['ziel'] . "','" . $_POST['banner_url'] . "','" . $_POST['aufendhalt'] . "','" . $_POST['menge'] . "','0','" . $_POST['verdienst'] . "','forcedbanner','1','" . $reload . "','administrator')");
$sql = sql::$db->prepare("INSERT INTO " . _VMS_ . "_gebuchte_werbung (tan,ziel,banner,aufendhalt,menge,preis,verdienst,werbeart,status,reload,sponsor) VALUES (?,?,?,?,?,?,?,?,?,?,?)");
$sql->execute(array($buchungs_id, $_POST['ziel'], $_POST['banner_url'], $_POST['aufendhalt'], $_POST['menge'], '0', $_POST['verdienst'], 'forcedbanner', '1', $reload, 'administrator' ));
$buchung = 'true';
}
}
......
......@@ -8,12 +8,13 @@ if (!isset($_POST['beschreibung'])) $_POST['beschreibung'] = "";
if (!isset($_POST['aufendhalt'])) $_POST['aufendhalt'] = "0";
if (!isset($_POST['gueltig'])) $_POST['gueltig'] = "1";
if (!isset($tan)) $tan = "";
if (!isset($msg_send)) $msg_send = "";
$empfaenger = db_query("SELECT e.uid,e.emailadresse FROM
" . $db_prefix . "_emaildaten e
LEFT JOIN " . $db_prefix . "_kontodaten k ON k.uid=e.uid
WHERE (e.freigabe_fuer = '3' or e.freigabe_fuer = '2') AND k.status=1");
$maxempf = mysql_num_rows($empfaenger);
$empfaenger = sql::$db->query("SELECT e.uid,e.emailadresse FROM
" . _VMS_ . "_emaildaten e
LEFT JOIN " . _VMS_ . "_kontodaten k ON k.uid=e.uid
WHERE (e.freigabe_fuer = '3' OR e.freigabe_fuer = '2') AND k.status=1");
$maxempf = $empfaenger->rowCount();
if ($_POST['versenden'] == 'Paidmail versenden!') {
if ($_POST['menge'] == 0) $_POST['menge'] = 5000;
......@@ -21,15 +22,17 @@ if ($_POST['versenden'] == 'Paidmail versenden!') {
$tan = create_code(14);
$bis = time() + (86400 * $_POST['gueltig']);
db_query("INSERT INTO " . $db_prefix . "_paidmails_versendet (tan,menge,verdienst,ziel,beschreibung,mailtext,aufendhalt,gesendet,gueltig) VALUES ('" . $tan . "','" . $_POST['menge'] . "','" . $_POST['verdienst'] . "','" . $_POST['ziel'] . "','" . $_POST['beschreibung'] . "','" . $_POST['mailtext'] . "','" . $_POST['aufendhalt'] . "','" . time() . "','" . $bis . "')");
$senden = db_query("SELECT e.uid,e.emailadresse FROM
" . $db_prefix . "_emaildaten e
LEFT JOIN " . $db_prefix . "_kontodaten k ON k.uid=e.uid
$sql = sql::$db->prepare("INSERT INTO " . _VMS_ . "_paidmails_versendet (tan,menge,verdienst,ziel,beschreibung,mailtext,aufendhalt,gesendet,gueltig) VALUES (?,?,?,?,?,?,?,?,?)");
$sql->execute(array( $tan, $_POST['menge'], $_POST['verdienst'], $_POST['ziel'], $_POST['beschreibung'], $_POST['mailtext'], $_POST['aufendhalt'], time(), $bis ));
$senden