adclick.php

<?php
if(!isset($_GET['data'])) exit;

require ('lib/datenbank.inc.php');
require ('lib/functions.lib.php');
require ('lib/session.lib.php');
require ('ext/ap/ads.inc.php');

list($art, $tan) = explode('-', $_GET['data']); // yeah sorry ;)
$art = base64_decode($art);
$tan = base64_decode($tan);

$kampdaten = $campaigns->getByTanAndType( $tan, $art );
// TODO prevent malicious ziel urls
invalidateAlreadyRunningAd();
setCurrentRunningAd( $art, $tan );
?><!DOCTYPE html>
<html>
    <head>
        <!-- never is old spec but will be ignored by new browsers //-->
        <meta name="referrer" content="never">
        <meta name="referrer" content="no-referrer" />
        <meta http-equiv="refresh" content="0; URL=<?php echo $kampdaten->ziel; ?>">
        <title>Anzeige</title>
    </head>
    <body>

      <script>
        var notified = false;
        function notify()
        {
            if( false == notified )
            {
                notified = true;
                window.opener.postMessage( { 'action': 'adcheck', 'art': '<?php echo $art; ?>', 'tan': '<?php echo $tan; ?>' }, '<?php echo $pageconfig['domain']; ?>');
            }
            return true;
        }
      </script>
      <a href="<?php echo $kampdaten->ziel; ?>" rel="noopener noreferrer nofollow" onclick="notify();" >Hier weiter, falls keine automatische Weiterleitung erfolgt.</a>
    </body>
</html>