content/konto/ueberweisen.php

 <?php
 head("Guthaben &Uuml;berweisen");
-echo '
+?>
 <center>
 	<form method="post" action="">
 		<table width="500px">
@@ -12,11 +12,7 @@ echo '
 				<td>W&auml;hrung</td>
 				<td>
 					<select name="waehrung">
-						<option value="1">'.$waehrung.'</option>';
-						if($grundconfig['waehrung_zwei'] == 1){
-							echo '<option value="2">'.$grundconfig['waehrung_zwei_name'].'</option>';
-						}
-					echo '
+						<option value="1"><?php echo $pageconfig['waehrung']; ?></option>
 					</select>
 				</td>
 			</tr>
@@ -32,6 +28,6 @@ echo '
 		<input type="submit" name="ueberweisen" value="Senden">
 	</form>
 </center>
-';
+<?php
 foot();
-?>
+?>
\ No newline at end of file

content/konto/userprofil.php

@@ -120,9 +120,9 @@ if ($_POST['aendern'] == 'Jetzt ändern!') {
 		</div>
 		<div role="tabpanel" class="tab-pane" id="delete">
 			<div class="alert alert-danger">
-				Hier an dieser Stelle kannst Du deinen Account sofort selber löschen wenn Du es wünscht.
-				Bitte bedenke das alle Daten von Dir verloren gehen und bestehendes Guthaben dann auch
-				verloren geht, eine spätere Forderung an <? echo $waehrung;?> ist ausgeschlossen!
+				Hier, an dieser Stelle, kannst du deinen Account sofort und selber l&ouml;schen, wenn du es w&uuml;nscht.
+				Bitte bedenke, dass alle Daten von dir sowie bestehendes Guthaben ebenfalls
+				verloren geht, eine sp&auml;tere Forderung an <? echo $pageconfig['waehrung'];?> ist ausgeschlossen!
 				<div align="center">
 				<form action="" method="post"><br>
 				<?php echo $delchange;?>
@@ -133,4 +133,4 @@ if ($_POST['aendern'] == 'Jetzt ändern!') {
 		</div>
 	</div>
 
-</div>
+</div>
\ No newline at end of file

content/verdienen/betteln4.php

@@ -5,11 +5,11 @@ head('Dein Bettellink');
 <table width="100%" cellpadding="1" cellspacing="1" border="0">
 	<tr>
 		<td align="right"><b>Dein Reflink:</b></td>
-		<td align="left">&nbsp;<a href="<?php echo $grundconfig['domain'];?>/?ref=<?php echo $_SESSION['uid'];?>" target="_blank"><?php echo $grundconfig['domain'];?>/?ref=<?php echo $_SESSION['uid'];?></a></td>
+		<td align="left">&nbsp;<a href="<?php echo $pageconfig['domain'];?>/?ref=<?php echo $_SESSION['uid'];?>" target="_blank"><?php echo $pageconfig['domain'];?>/?ref=<?php echo $_SESSION['uid'];?></a></td>
 	</tr>
 	<tr>
 		<td align="right"><b>Reflink und Bettellink:</b></td>
-		<td align="left">&nbsp;<a href="<?php echo $grundconfig['domain'];?>/?content=/betteln&amp;ref=<?php echo $_SESSION['uid'];?>" target="_blank"><?php echo $grundconfig['domain'];?>/?content=/betteln&amp;ref=<?php echo $_SESSION['uid'];?></a></td>
+		<td align="left">&nbsp;<a href="<?php echo $pageconfig['domain'];?>/?content=/betteln&amp;ref=<?php echo $_SESSION['uid'];?>" target="_blank"><?php echo $pageconfig['domain'];?>/?content=/betteln&amp;ref=<?php echo $_SESSION['uid'];?></a></td>
 	</tr>
 </table>
 <?php
@@ -22,7 +22,7 @@ head('Die Top 25 Bettler');
 		<td width="50"><b>Rang</b></td>
 		<td><b>Mitglied</b></td>
 		<td width="100"><b>Aufrufe</b></td>
-		<td width="150"><b><?php echo $waehrung;?></b></td>
+		<td width="150"><b><?php echo $pageconfig['waehrung'];?></b></td>
 	</tr>
 <?php
 $rang = 1;
@@ -33,7 +33,7 @@ while ($user = mysqli_fetch_array($sql)) {
 		<td align="right">' . $rang++ . '.&nbsp;</td>
 		<td>&nbsp;' . $user['nickname'] . '</td>
 		<td align="right">' . number_format($user['angebettelt'], 0) . '&nbsp;</td>
-		<td align="right">' . number_format($user['bv'], 2, ',', '.') . ' ' . $waehrung . '&nbsp;</td>
+		<td align="right">' . number_format($user['bv'], 2, ',', '.') . ' ' . $pageconfig['waehrung'] . '&nbsp;</td>
 	</tr>';
 }
 ?>

content/verdienen/forcedbanner.php

@@ -3,16 +3,18 @@ $sperre = mysqli_fetch_array(db_query("SELECT forced_sperre FROM ".$db_prefix."_
 userstatus ();
 include ('fakecheck/fc_redirect.php');
     head ('Klickbanner');
-    $fstats_gesamt = mysqli_fetch_array(db_query('SELECT COUNT(t1.tan) AS ganzahl, SUM(t1.verdienst) AS gverdienst, SUM(t1.aufendhalt) AS gaufenthalt FROM '.$db_prefix.'_gebuchte_werbung t1
-                        LEFT JOIN vms_userblacklist t4 ON t4.tan = t1.tan AND t4.uid = '.$_SESSION['uid'].'
+    $fstats_gesamt_query = db_query('SELECT COUNT(t1.tan) AS ganzahl, SUM(t1.verdienst) AS gverdienst, SUM(t1.aufendhalt) AS gaufenthalt FROM '.$db_prefix.'_gebuchte_werbung t1
+                        LEFT JOIN vms_userblacklist t4 ON t4.uid = '.$_SESSION['uid'].'
                			LEFT JOIN vms_fb_blacklist AS t3 ON t3.kid = t1.kid AND t3.werbeart=t1.werbeart
-                        WHERE (t3.kid IS NULL OR LOCATE(t3.sponsor, t1.ziel) = 0) AND t4.tan IS NULL AND t1.werbeart = "forcedbanner" and t1.reload >= 100 AND t1.menge > 0 AND t1.status = 1 AND t1.verdienst >= 0 AND t1.sponsor != '.$_SESSION['uid'].''));
+                        WHERE (t3.kid IS NULL OR LOCATE(t3.sponsor, t1.ziel) = 0) AND t1.werbeart = "forcedbanner" and t1.reload >= 100 AND t1.menge > 0 AND t1.status = 1 AND t1.verdienst >= 0 AND t1.sponsor != '.$_SESSION['uid'].'');
+    $fstats_gesamt = mysqli_fetch_assoc($fstats_gesamt_query);
 
-    $fstats_uebrig = mysqli_fetch_array(db_query('SELECT COUNT(t1.tan) AS uanzahl, SUM(t1.verdienst) AS uverdienst FROM '.$db_prefix.'_gebuchte_werbung t1
-                        LEFT JOIN vms_userblacklist t4 ON t4.tan = t1.tan AND t4.uid = '.$_SESSION['uid'].'
+    $fstats_uebrig_query = db_query('SELECT COUNT(t1.tan) AS uanzahl, SUM(t1.verdienst) AS uverdienst FROM '.$db_prefix.'_gebuchte_werbung t1
+                        LEFT JOIN vms_userblacklist t4 ON t4.uid = '.$_SESSION['uid'].'
                			LEFT JOIN vms_fb_blacklist AS t3 ON t3.kid = t1.kid AND t3.werbeart=t1.werbeart
                         LEFT JOIN vms_reloads t2 ON (t1.tan = t2.tan AND (t2.uid = '.$_SESSION['uid'].' OR t2.ip = "'.$ip.'") AND t2.bis >= '.time().')
-                        WHERE (t3.kid IS NULL OR LOCATE(t3.sponsor, t1.ziel) = 0) AND t4.tan IS NULL AND t2.tan IS NULL AND t1.werbeart = "forcedbanner" and t1.reload >= 100 AND t1.menge > 0 AND t1.status = 1 AND t1.verdienst >= 0 AND t1.sponsor != '.$_SESSION['uid'].''));
+                        WHERE (t3.kid IS NULL OR LOCATE(t3.sponsor, t1.ziel) = 0) AND t2.tan IS NULL AND t1.werbeart = "forcedbanner" and t1.reload >= 100 AND t1.menge > 0 AND t1.status = 1 AND t1.verdienst >= 0 AND t1.sponsor != '.$_SESSION['uid'].'');
+    $fstats_uebrig = mysqli_fetch_assoc($fstats_uebrig_query);
 	$uebriga=100/$fstats_gesamt['ganzahl']*$fstats_uebrig['uanzahl'];
     $uebrig=number_format($uebriga,2,',','.');
     $abgebaut= 100-$uebriga;
@@ -25,12 +27,12 @@ include ('fakecheck/fc_redirect.php');
         <tr>
         <td align='center'>&Oslash; Aufenthalt: ".number_format($fstats_gesamt['gaufenthalt']/$fstats_gesamt['ganzahl'],2,",",".")." Sekunden</td>
         <td>&nbsp;&nbsp;</td>
-        <td align='center''>&Oslash; Verg&uuml;tung: ".number_format($fstats_gesamt['gverdienst']/$fstats_gesamt['ganzahl'],2,",",".")." ".$waehrung."</td>
+        <td align='center''>&Oslash; Verg&uuml;tung: ".number_format($fstats_gesamt['gverdienst']/$fstats_gesamt['ganzahl'],2,",",".")." ".$pageconfig['waehrung']."</td>
         </tr>
         <tr>
-        <td align='center''>Gesamtwert: ".$fstats_gesamt['gverdienst']." ".$waehrung."</td>
+        <td align='center''>Gesamtwert: ".$fstats_gesamt['gverdienst']." ".$pageconfig['waehrung']."</td>
         <td>&nbsp;&nbsp;</td>
-        <td align='center'>Offen: ".$fstats_uebrig['uverdienst']." ".$waehrung."</td>
+        <td align='center'>Offen: ".$fstats_uebrig['uverdienst']." ".$pageconfig['waehrung']."</td>
         </tr>
         </table>
         <div id='fortschritt' style='width: 380px;  font-weight: bold; margin: 0 auto' align='center''></div>
@@ -53,11 +55,11 @@ include ('fakecheck/fc_redirect.php');
 
 		$fbanner = db_query ('SELECT t1.*
 					FROM ' . $db_prefix . '_gebuchte_werbung t1
-					LEFT JOIN ' . $db_prefix . '_adscan_userblacklist t4 ON t4.tan = t1.tan AND t4.uid = ' . $_SESSION['uid'] . '
+					LEFT JOIN ' . $db_prefix . '_userblacklist t4 ON t4.uid = ' . $_SESSION['uid'] . '
 					LEFT JOIN ' . $db_prefix . '_fb_blacklist AS t3 ON t3.kid = t1.kid AND t3.werbeart=t1.werbeart
 					LEFT JOIN ' . $db_prefix . '_reloads t2
 					ON (t1.tan = t2.tan AND (t2.uid = ' . $_SESSION['uid'] . ' OR t2.ip = "' . $ip . '") AND t2.bis >= ' . time() . ')
-					WHERE (t3.kid IS NULL OR LOCATE(t3.sponsor, t1.ziel) = 0) AND t4.tan IS NULL AND t2.tan IS NULL AND t1.werbeart = "forcedbanner" AND t1.menge > 0 AND t1.status = 1 AND t1.verdienst > 0 AND t1.sponsor != ' . $_SESSION['uid'] . ' ORDER BY t1.verdienst DESC LIMIT ' . $usr['max_forced']);
+					WHERE (t3.kid IS NULL OR LOCATE(t3.sponsor, t1.ziel) = 0) AND t2.tan IS NULL AND t1.werbeart = "forcedbanner" AND t1.menge > 0 AND t1.status = 1 AND t1.verdienst > 0 AND t1.sponsor != ' . $_SESSION['uid'] . ' ORDER BY t1.verdienst DESC LIMIT ' . $usr['max_forced']);
 
 		while ($f_banner = mysqli_fetch_assoc ($fbanner)) {
 			echo '<div align="center" id="banner_' . $f_banner['tan'] . '"><a href="top_forcedbanner.php?tan=' . $f_banner['tan'] . '" target="_blank"><img src="' . $f_banner['banner'] . '" border="0" height="60" width="468" alt="' . $f_banner['tan'] . '" onClick="document.getElementById(\'banner_' . $f_banner['tan'] . '\').style.display=\'none\';"></a>'

content/verdienen/forcedbanner_nf.php

+<?php
+$sperre = mysqli_fetch_array(db_query("SELECT forced_sperre FROM ".$db_prefix."_kontodaten WHERE uid = '".$_SESSION['uid']."' "));
+userstatus ();
+head ('Klickbanner');
+?>
+
+<div id="forcedbanner_display"></div>
+<input type="button" value="Neue Banner laden" id="loadAds_btn">
+
+<script id="forcedBannerTmpl_list" type="text/x-jquery-tmpl">
+    <li class="list-group-item" data-tan="${tan}" data-art="${werbeart}" data-sec="${aufendhalt}"><img src="${banner}" style="min-width:60px; min-height:10px; cursor:pointer;" />${verdienst} <?php echo $pageconfig['waehrung']; ?> f&uuml;r ${aufendhalt} Sekunden</li>
+</script>
+
+<script src="<?php echo $pageconfig['domain']; ?>/ext/js/forcedbanner_nf.js"></script>
+<?php
+foot ();

content/verdienen/paidmails.php

@@ -19,7 +19,7 @@ while ($mail = mysqli_fetch_array($paidmails)) {
         <td colspan="2" align="center"><textarea readonly rows="5" cols="60">' . $mail['mailtext'] . '</textarea></td>
     </tr>
     <tr>
-        <td><font size="2"><b>Verdienst:</b> ' . $mail['verdienst'] . ' ' . $waehrung . ' &nbsp;&nbsp;&nbsp; <b>Aufenthalt:</b> ' . $mail['aufendhalt'] . ' Sek.</td>
+        <td><font size="2"><b>Verdienst:</b> ' . $mail['verdienst'] . ' ' . $pageconfig['waehrung'] . ' &nbsp;&nbsp;&nbsp; <b>Aufenthalt:</b> ' . $mail['aufendhalt'] . ' Sek.</td>
         <td align="center"><b><a href="pclick.php?tan=' . $mail['tan'] . '&uid=' . $_SESSION['uid'] . '" onClick=document.getElementById("mail_' . $mail['tan'] . '").style.display="none" target="_Blank">Bestätigen</a></td>
     </Tr>
     </table>
@@ -31,4 +31,4 @@ if (!mysqli_num_rows($paidmails)) {
 
 echo '<p align="center"><input type="button" onClick="javascript:location.reload();" value="Weitere Paidmails"></p>';
 
-foot();
+foot();
\ No newline at end of file

cron.php

@@ -4,7 +4,7 @@
 
 require ( 'lib/datenbank.inc.php' );
 require ( 'lib/functions.lib.php' );
-db_connect();
+
 if ($_GET['pw'] != $cron_pw) die('Zugriff verweigert!');
 
 $cron = (int)$_GET['id'];
@@ -34,4 +34,3 @@ if ( include ($result['datei']) ){
 	echo 'Cron gelaufen';
 } else echo 'Cron nicht gelaufen';
 
-db_close();
\ No newline at end of file

crons/db_backup.php

@@ -2,7 +2,7 @@
  
 require('../lib/datenbank.inc.php');
 require('../lib/functions.lib.php');
-db_connect();
+
 if($_GET['cron_pw'] == $cron_pw){
 	set_time_limit(0);
 
@@ -27,5 +27,4 @@ if($_GET['cron_pw'] == $cron_pw){
 	mysqli_close($sql_open);
 	die();
 }
-db_close();
-?>
+?>
\ No newline at end of file

ext/ap/ads.inc.php

+<?php
+$adArten = array('forcedbanner' => 'forcedbanner',
+                );
+
+/*
+* TODO
+* nothing checks wether user landed on blacklist...
+* blacklist check is broken currently anyway
+* please fix me
+*/
+
+function invalidateAlreadyRunningAd()
+{
+    global $adArten,$ip,$db_prefix;
+    $result = false;
+
+    if( isset($_SESSION['current_ad']) )
+    {   
+        $tan = ( isset($_SESSION['current_ad']['tan']) ) ? $_SESSION['current_ad']['tan'] : false;
+        $art = ( isset($_SESSION['current_ad']['art']) ) ? $_SESSION['current_ad']['art'] : ''; 
+
+        if( false !== $tan && in_array($art, $adArten) )
+        {
+            $dbArt = $adArten[$art];
+            $kamp = db_query ("SELECT `t1`.* FROM `" . $db_prefix . "_gebuchte_werbung` AS `t1`
+                               LEFT JOIN `" . $db_prefix . "_reloads` AS `t2` ON (`t1`.`tan`=`t2`.`tan` AND (`t2`.`uid`=" . $_SESSION['uid'] . " OR `t2`.`ip`='" . $ip . "') AND `t2`.`bis` > " . time() . ")
+                               WHERE `t1`.`tan` = '" . $tan . "' AND `t2`.`tan` IS NULL AND `t1`.`werbeart` = '".$dbArt."' LIMIT 1");
+
+            if ( mysqli_num_rows( $kamp ) )
+            {
+                $result = true;
+                $forced = mysqli_fetch_assoc( $kamp );
+
+                $new_reload = time() + $forced['reload'];
+
+                db_query("INSERT INTO `" . $db_prefix . "_reloads`
+                         (`ip`,`uid`,`tan`,`bis`) VALUES 
+                         ('" . $ip . "'," . $_SESSION['uid'] . ",'" . $tan . "'," . $new_reload . ")");
+            }   
+        }   
+        unset( $_SESSION['current_ad'] );
+    }
+    return $result;
+}
+
+function setCurrentRunningAd( $art, $tan )
+{
+    $_SESSION['current_ad']['tan'] = $tan;
+    $_SESSION['current_ad']['art'] = $art;
+    $_SESSION['current_ad']['time'] = time();
+    $_SESSION['current_ad']['paid'] = false;
+}
+
+function handleAdPayout( $forced )
+{
+    global $dbArten, $ip, $db_prefix;
+
+    db_query("UPDATE ".$db_prefix."_kontodaten  SET klicks = klicks + 1, kv = kv + ".$forced['verdienst'].", fc_klicks = fc_klicks + 1 WHERE uid = '".$_SESSION['uid']."'"); // Hier Zusatz für Fakeschutz  
+    kontobuchung ('+', $forced['verdienst'], create_code(14), $_SESSION['uid'], 1, 'Forcedbannerverdienst');
+    refumsatz ($forced['verdienst'], $_SESSION['uid']);
+    rallysystem ($_SESSION['uid'], '1', $forced['verdienst']);
+    bilanz($forced['preis'], $forced['verdienst'],'Werbebereich','Forcedbannerklick');
+    $new_reload = time() + $forced['reload'];
+    db_query("INSERT INTO " . $db_prefix . "_reloads (ip,uid,tan,bis) VALUES ('" . $ip . "'," . $_SESSION['uid'] . ",'" . $forced['tan'] . "'," . $new_reload . ")");
+    db_query("UPDATE " . $db_prefix . "_gebuchte_werbung SET menge = menge - 1 WHERE tan='" . $forced['tan'] . "'");
+
+}
+
+function checkAdOk( $art, $tan )
+{
+    global $dbArten, $ip, $db_prefix, $sql_open;
+    $result = array('checkResult' => false);
+
+    $sql = "SELECT `t1`.* FROM `" . $db_prefix . "_gebuchte_werbung` AS `t1`
+            LEFT JOIN `" . $db_prefix . "_reloads` AS `t2` ON (`t1`.`tan`=`t2`.`tan` AND (`t2`.`uid`=" . $_SESSION['uid'] . " OR `t2`.`ip`='" . $ip . "') AND `t2`.`bis` > " . time() . ")
+            WHERE `t1`.`tan` = ? AND `t2`.`tan` IS NULL AND `t1`.`werbeart` = ? LIMIT 1";
+    $statement = mysqli_stmt_init( $sql_open );
+    mysqli_stmt_prepare( $statement, $sql );
+
+    mysqli_stmt_bind_param( $statement, "ss", $tan, $art );
+    if( mysqli_stmt_execute( $statement ) )
+    {
+
+        mysqli_stmt_store_result( $statement );
+
+        if ( mysqli_stmt_num_rows( $statement ) > 0 )
+        {
+
+            $timepassed = ( time() - $_SESSION['current_ad']['time'] ) +1;
+
+            $rows = db_fetch( $statement );
+            $forced = $row[0];
+            $result['data'] = $forced;
+
+            if( $timepassed >= $forced['aufendhalt'] )
+            {
+                handleAdPayout( $forced );
+                $_SESSION['current_ad']['paid'] = true;
+                $result['checkResult'] = true;
+            }
+        }
+    }
+    mysqli_stmt_close( $statement );
+    return $result;
+}
+
+function getNewAdData( $dbArt )
+{
+    global $ip,$db_prefix;
+    $result = array('count' => 0, 'data' => array() );
+
+    $banner_sql = 'SELECT t1.*
+                    FROM ' . $db_prefix . '_gebuchte_werbung t1
+                    LEFT JOIN ' . $db_prefix . '_userblacklist t4 ON t4.uid = ' . $_SESSION['uid'] . ' 
+                    LEFT JOIN ' . $db_prefix . '_fb_blacklist AS t3 ON t3.kid = t1.kid AND t3.werbeart=t1.werbeart
+                    LEFT JOIN ' . $db_prefix . '_reloads t2
+                    ON (t1.tan = t2.tan AND (t2.uid = ' . $_SESSION['uid'] . ' OR t2.ip = "' . $ip . '") AND t2.bis >= ' . time() . ')
+                    WHERE
+                    (t3.kid IS NULL OR LOCATE(t3.sponsor, t1.ziel) = 0) AND 
+                    t2.tan IS NULL AND
+                    t1.werbeart = "'.$dbArt.'" AND
+                    t1.menge > 0 AND
+                    t1.status = 1 AND
+                    t1.verdienst > 0 AND
+                    t1.sponsor != ' . $_SESSION['uid'] . ' 
+                    ORDER BY t1.verdienst DESC LIMIT 3';
+    $banner_res = db_query( $banner_sql );
+    $banner_c   = mysqli_num_rows( $banner_res );
+
+    $result['count'] = $banner_c;
+
+    if( 0 < $banner_c )
+    {   
+        while( $banner = mysqli_fetch_assoc( $banner_res ) )
+            $result['data'][] = $banner;
+    }
+
+    return $result;
+
+}
+
+function getAdDataByArtAndTan( $art, $tan )
+{
+    global $db_prefix, $sql_open;
+    $row = false;
+    $sql = 'SELECT `uid`, `tan`, `kid`, `ziel`, `banner`, `verdienst`, `preis`, `aufendhalt`, `menge`, `reload`, `sponsor`, `werbeart`, `status` FROM `' . $db_prefix . '_gebuchte_werbung` WHERE `tan` = ? AND `werbeart` = ? LIMIT 1';
+
+    $statement = mysqli_prepare( $sql_open, $sql );
+
+    mysqli_stmt_bind_param( $statement, "ss", $tan, $art );
+    if( mysqli_stmt_execute( $statement ) )
+    {
+        mysqli_stmt_store_result( $statement );
+        if ( mysqli_stmt_num_rows( $statement ) > 0 )
+        {
+            $rows = db_fetch( $statement );
+            $row = $rows[0]; // should be there ... > 0
+        }
+    }
+    mysqli_stmt_close( $statement );
+    return $row;
+    
+    //return array( 'uid' => $uid, 'tan' => $tan, 'kid' => $kid, 'ziel' => $ziel, 'banner' => $banner, 'verdienst' => $verdienst, 'preis' => $preis, 'aufendhalt' => $aufendhalt,
+    //                 'menge' =>  $menge, 'reload' => $reload, 'sponsor' => $sponsor, 'werbeart' => $werbeart, 'status' => $status );
+
+}

ext/ap/ads.php

+<?php
+ini_set('display_errors', '1');
+require ('../../lib/datenbank.inc.php');
+require ('../../lib/functions.lib.php');
+require ('../../lib/session.lib.php');
+userstatus();
+require ('ads.inc.php');
+
+$sperre_sql = "SELECT `forced_sperre` FROM `".$db_prefix."_kontodaten` WHERE `uid` = ".$_SESSION['uid'];
+$sperre_res = db_query($sperre_sql);
+$sperre     = mysqli_fetch_assoc( $sperre_res );
+
+
+if( 0 == $sperre['forced_sperre'] )
+{
+    $result = array( 'count' => 0, 'data' => array() );
+
+    if( isset($_POST['action']) )
+    {
+        switch( $_POST['action'] )
+        {
+            case 'getNewAdData':
+                invalidateAlreadyRunningAd();
+                if( isset($_POST['adArt']) )
+                {
+                    if( in_array($_POST['adArt'], $adArten) )
+                    {
+                        $dbArt = $adArten[$_POST['adArt']];
+                        $result = getNewAdData( $dbArt );
+                    }
+                }
+            break;
+
+            case 'checkAdOk':
+                if( isset( $_POST['art'] ) && isset( $_POST['tan'] ) )
+                    $result = checkAdOk( $_POST['art'], $_POST['tan'] );
+            break;
+
+            case 'invalidateAd':
+                $result = invalidateAlreadyRunningAd();
+            break;
+        }
+    }
+
+    echo json_encode($result);
+
+}

ext/js/basics.js

+function sleep(ms)
+{
+    return new Promise(resolve => setTimeout(resolve, ms));
+}

ext/js/forcedbanner_nf.js

+
+$( document ).ready( function()
+    {
+        var adFenster = new Array();
+
+        window.addEventListener("message", function(event)
+            {
+                if ( pageconfig['domain'] != event.origin )
+                {
+                    return;
+                }
+                console.log(event.data);
+                var art = event.data['art'],
+                    tan = event.data['tan'],
+                    action = event.data['action'];
+                
+                if( 'adcheck' == action )
+                {
+                    console.log('okokok');
+                    adFenster[art][tan]['opened'] = true;
+
+                }
+            }   
+        );
+
+        function checkAdOk( art, tan )
+        {
+            console.log('checkadok');
+            if( false == adFenster[art][tan]['checked'] && false == adFenster[art][tan]['window'].closed )
+            {
+                var pdata = window.btoa(art) + '-' + window.btoa(tan)
+                adFenster[art][tan]['checked'] = true;
+                $.post( "ext/ap/ads.php",
+                    {
+                        'action': "checkAdOk",
+                        'art': art,
+                        'tan': tan
+                    },
+                    function(data, status)
+                    {
+                        window.open(pageconfig['domain']+'/adcheck.php?data='+pdata, art+'-'+tan, "height=120,width=200");
+                    }
+                );
+            }
+        }
+
+        /*
+        * if u do something wrong, sorry no matter which ad was active, invalidate 
+        */
+        function invalidateAd( art, tan )
+        {
+            console.log('invalidatead');
+            adFenster[art][tan]['checked'] = true;
+            var pdata = window.btoa(art) + '-' + window.btoa(tan)
+            $.post( "ext/ap/ads.php",
+                {
+                    'action': "invalidateAd"
+                },
+                function(data, status)
+                {
+                    window.open(pageconfig['domain']+'/adcheck.php?data='+pdata, art+'-'+tan, "height=120,width=200");
+                }
+            );
+
+
+        }
+
+        async function startAdCountdown( art, tan, sec )
+        {
+            console.log('startadcountdown');
+            let timer = setInterval( () =>
+                {
+                    console.log('checktimer');
+                    if( true == adFenster[art][tan]['checked'] )
+                    {
+                        clearInterval(timer);
+                    } else {
+                        if( document.hasFocus() )
+                        {
+                            invalidateAd( art, tan );
+                            clearInterval(timer);
+                        }
+                        if ( 'undefined' == adFenster[art][tan]['window'].closed || adFenster[art][tan]['window'].closed )
+                        {
+                            invalidateAd( art, tan );
+                            clearInterval(timer);
+                        }
+                    }
+                },
+                100
+            );
+            await sleep(sec * 1000);
+            checkAdOk( art, tan );
+        }
+
+
+        /*
+        * communicates with ad window, placing detection of actual click
+        */
+        function openAdWindow( art, tan, sec )
+        {
+            if ( 'undefined' == typeof adFenster[art] || (! adFenster[art] instanceof Array ) )
+            {
+                adFenster[art] = new Array();
+            }
+
+            if ( 'undefined' == typeof adFenster[art][tan] || (! adFenster[art][tan] instanceof Array ) )
+            {
+                adFenster[art][tan] = new Array();
+            }
+
+            if( ( 'undefined' == adFenster[art][tan]['window'] || null == adFenster[art][tan]['window'] ) || adFenster[art][tan]['window'].closed )
+            {
+                var data = window.btoa(art) + '-' + window.btoa(tan);
+                adFenster[art][tan]['window'] = window.open( pageconfig['domain'] + '/adclick.php?data='+data, "_blank" );
+
+                adFenster[art][tan]['window'].focus();
+                adFenster[art][tan]['opened'] = false;
+                adFenster[art][tan]['checked']= false;
+                console.log('meh');
+                adFenster[art][tan]['window'].onbeforeunload = function()
+                {   console.log('startadcountdowncall');
+                    startAdCountdown( art, tan, sec );
+                }
+            }
+        }
+
+
+        /*
+        * gets executed on click on ad
+        */
+        $( "#forcedbanner_display" ).on('click', function(e)
+            {
+                var elem = $( e.target ).closest( "li" );
+                var sec = elem.data('sec');
+                var tan = elem.data('tan');
+                var art = elem.data('art');
+                if (typeof tan !== typeof undefined && tan !== false)
+                {
+                    if (typeof art !== typeof undefined && art !== false)
+                    {
+                        if (typeof sec !== typeof undefined && sec !== false)
+                        {
+                            $(elem).remove();
+                            openAdWindow( art, tan, sec );
+                        }
+                    }
+                }
+            }
+        );
+
+        /*
+        * gets executed first, loads available ads and prepares the bootstrap <ul>-list for display
+        */
+        function loadAds( art )
+        {
+            $.post( "ext/ap/ads.php",
+                {
+                    'action': "getNewAdData",
+                    'adArt' : art
+                },
+                function(data, status)
+                {
+                    var useData = jQuery.parseJSON( data );
+                    if( 0 < useData.count )
+                    {
+                        $( "#forcedbanner_display" ).html('<ul class="list-group" id="forcedbanner_display_grp"></ul>');
+                        $( "#forcedBannerTmpl_list" ).tmpl( useData.data ).appendTo( $( "#forcedbanner_display ul" ) );
+                    }
+                }
+            );
+        }
+
+        $( "#loadAds_btn").on('click', function(e) { loadAds( 'forcedbanner' ) } );
+
+        loadAds( 'forcedbanner' );
+    }
+);

index.php

@@ -14,7 +14,6 @@ if (!ini_get('display_errors')) {
 }
 
 require ('lib/datenbank.inc.php');
-db_connect();
 require ('lib/functions.lib.php');
 require ('lib/session.lib.php');
 require ('lib/run.inc.php');
@@ -28,7 +27,6 @@ if (!file_exists('content' . $_GET['content'] . '.php')) $_GET['content'] = '/er
 if ($_GET['content'] == '/intern/startseite') @require_once ('lib/texte/alt_startseitenpopup.txt');
 if ($_GET['content'] == '/betteln') @require_once ('lib/texte/alt_bettelseitenpopup.txt');
 
-$grundconfig = mysqli_fetch_array(db_query("SELECT seitenname,domain FROM ".$db_prefix."_seitenkonfig "));
 $start_reload = db_query("SELECT * FROM ".$db_prefix."_reloads WHERE uid = '".$_SESSION['uid']."' and tan = 'startseitenaufruf' and bis >= '".time()."'");
 if (mysqli_num_rows($start_reload) != 0) {
 	$start = mysqli_fetch_array($start_reload);
@@ -37,12 +35,10 @@ if (mysqli_num_rows($start_reload) != 0) {
 	$datetime = "2014-09-21 20:33:28";
 }
 $ts = strtotime($datetime);
-?>
-
-<!DOCTYPE html>
+?><!DOCTYPE html>
 <html lang='de'>
     <head>
-        <title><?php echo $seitenname;?></title>
+        <title><?php echo $pageconfig['seitenname'];?></title>
         <meta charset="UTF-8">
         <meta name="generator" content="vms-script">
         <meta name="Author" content="Designerscripte.net">
@@ -52,15 +48,19 @@ $ts = strtotime($datetime);
         <meta name="Robots" content="INDEX,FOLLOW">
 		<link rel="stylesheet" type="text/css" href="js/tcal.css" />
 		<link href="css/bootstrap.min.css" rel="stylesheet"> 
-		<script src="http://code.jquery.com/jquery-latest.js"></script>
+    <script src="ext/js/jquery-3.3.1.min.js"></script>
+    <script src="ext/js/jquery.tmpl.js"></script>
 		<script type="text/javascript" src="js/tcal.js"></script> 
-		<script language="JavaScript" src="js/slider.js"></script>
-		<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
-		<script src="js/bootstrap.min.js"></script>
+		<script type="text/javascript" src="js/slider.js"></script>
+		<script type="text/javascript" src="js/bootstrap.min.js"></script>
+    <script type="text/javascript" src="ext/js/basics.js"></script>
 		<script type="text/javascript" src="js/start_countdown.js"></script>
     </head>
     <body>
-	
+    <script>
+        var pageconfig = new Array();
+        pageconfig['domain'] = '<?php echo $pageconfig['domain']; ?>';
+    </script>
 	<?php 
 	if(!empty($meldung['meldung'])){
 	?>
@@ -107,11 +107,11 @@ $ts = strtotime($datetime);
 					<span class="icon-bar"></span>
 					<span class="icon-bar"></span>
 				</button>
-				<a class="navbar-brand" href="<?php echo $grundconfig['domain'];?>"><?php echo $grundconfig['seitenname'];?></a>
+				<a class="navbar-brand" href="<?php echo $pageconfig['domain'];?>"><?php echo $pageconfig['seitenname'];?></a>
 			</div>
 			<div id="navbar" class="navbar-collapse collapse">
 				<ul class="nav navbar-nav">
-					<li class="active"><a href="<?php echo $grundconfig['domain'];?>">Start</a></li>
+					<li class="active"><a href="<?php echo $pageconfig['domain'];?>">Start</a></li>
 					<?php if ($_SESSION['login'] != true) { ?>
 						<li><a href="?content=/intern/anmelden">Registrieren</a></li>
 						<li><a href="?content=/intern/daten">Passwort anfordern!</a></li>
@@ -126,7 +126,7 @@ $ts = strtotime($datetime);
 					<li class="dropdown">
 						<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Start <span class="caret"></span></a>
 						<ul class="dropdown-menu">
-                            <li><a href="<?php echo $domain;?>">Startseite</a></li>
+                            <li><a href="<?php echo $pageconfig['domain'];?>">Startseite</a></li>
                             <li><a href="?content=/news">News</a></li>
                             <li><a href="?content=/intern/mediadaten">Mediadaten</a></li>
                             <li><a href="?content=/intern/agbs">AGB</a></li>
@@ -152,7 +152,7 @@ $ts = strtotime($datetime);
 					<?php 
 					if(isset($_SESSION['admin'])){
 						if($_SESSION['admin'] == 1){
-							echo '<li><a href="'.$domain.'/adminforce/index.php\">Adminforce</a></li>';
+							echo '<li><a href="'.$pageconfig['domain'].'/adminforce/index.php\">Adminforce</a></li>';
 						}
 					}
 					?>
@@ -201,7 +201,3 @@ $ts = strtotime($datetime);
 	?>
     </body>
 </html>
-<?php
-db_close();
-if ($gzip_rate > 0) ob_end_flush();
-?>

install/index.php

@@ -6,12 +6,11 @@ if(!isset($_GET['step'])){ $_GET['step'] = 0;}
 require('../lib/functions.lib.php');
 
 if(isset($_POST['datenbank_anlegen'])){
-	$inhalt = '
-	<?php
+	$inhalt = '<?php
 	define("DB_HOST","'.$_POST['host'].'");
 	define("DB_USER","'.$_POST['nutzername'].'");
 	define("DB_PASS","'.$_POST['passwort'].'");
-	define("DB_BASS","'.$_POST['db'].'");
+	define("DB_BASE","'.$_POST['db'].'");
 	
 	define("PREFIX","'.$_POST['prefix'].'");
 
@@ -20,8 +19,7 @@ if(isset($_POST['datenbank_anlegen'])){
 	
 	// Verschlsselungspasswort
 	define("VER_SCHLUESSEL","'. create_code(16) .'");
-	?>
-	';
+	?>';
 	
 	$datei = fopen("../lib/db_config.php","w");
 	fwrite($datei, $inhalt,100000);
@@ -373,105 +371,6 @@ if(!isset($_GET['step'])){ $_GET['step'] = 0;}
 
 require('../lib/functions.lib.php');
 
-if(isset($_POST['datenbank_anlegen'])){
-	$inhalt = '
-	<?php
-	$db_host = "'.$_POST['host'].'";
-	// Mysql User
-	$db_user = "'.$_POST['nutzername'].'";
-	// Mysql PW
-	$db_pass = "'.$_POST['passwort'].'";
-	// Datenbank
-	$db_base = "'.$_POST['db'].'";
-	//Datenbank Prefix
-	$db_prefix = "'.$_POST['prefix'].'";
-	
-	//Passwort zusatz
-	$pw_zusatz = '. create_code(5) .';
-	
-	// Verschlüsselungspasswort
-	$ver_schluessel = '. create_code(16) .';
-	
-	//Datenbankverbindung herstellen
-	$sql_open = @mysqli_connect($db_host, $db_user, $db_pass, $db_base) or die(\'Verbindung zum Mysql Server fehlgeschlagen! <br>Tipp: <a href="http://www.vms-tutorial.de/wiki//Lib/Functions">http://www.vms-tutorial.de/wiki//Lib/Functions</a>\');
-	$sql_base = @mysqli_select_db($sql_open,$db_base) or die("Keine oder falsche Datenbank gewählt! Tipp: <br><a href=\'http://www.vms-tutorial.de/wiki//Lib/Functions\'>http://www.vms-tutorial.de/wiki//Lib/Functions</a>");
-	
-	/**
-	 * db_connect()
-	 *
-	 * @author designerscripte.net
-	 * @category system Database
-	 * @version 2.5.0
-	 * @example db_query("SELECT `field` FROM `table` WHERE `field` = `value` ");
-	 * @param mixed $sql_tag
-	 * @return 0 bei Fehler Mysql_resource.
-	 *
-	 */
-	function db_query($sql_tag) {
-		global $count_query,$sql_open;
-		$count_query++;
-		$fargs = func_get_args();
-
-		if (!empty($fargs)) {
-			$vargs = array();
-			foreach($fargs as $key => $arg) {
-				$vargs[$key] = mysqli_real_escape_string($sql_open,$arg);
-			}
-			array_shift($vargs);
-			if (!empty($vargs))$sql_tag = vsprintf($sql_tag, $vargs);
-		}
-		if ($ret = mysqli_query($sql_open,$sql_tag)) {
-			return $ret;
-		}else {
-			return 0;
-		}
-	}
-	
-	function pw_erstellen($pw){
-		global $pw_zusatz;
-		$pw_er = hash("sha256",$pw.$pw_zusatz);
-		return $pw_er;
-	}
-	
-	/**
-	 * db_close()
-	 *
-	 * @author designerscripte.net
-	 * @category system Database
-	 * @version 2.5.0
-	 * @example db_close();
-	 * @return die(\'\'); bei fehler nichts bei erfolg
-	 */
-	function db_close() {
-		global $sql_open;
-		@mysqli_close($sql_open) or die(\'Konnte die Verbindung mit Datenbank nicht schliessen!\');
-	}
-
-	$daten = mysqli_fetch_array(db_query("SELECT domain,seitenname,waehrung,betreibermail,cron_pw FROM ".$db_prefix."_seitenkonfig "));
-	// Domain (ohne Slash am Ende)
-	$domain = $daten[\'domain\'];
-	// Seitenname
-	$seitenname = $daten[\'seitenname\'];
-	// Seitenwährung
-	$waehrung = $daten[\'waehrung\'];
-	// ID vom Admin
-	$admin_id = 1;
-	// Adminmail
-	$betreibermail = $daten[\'betreibermail\'];
-	// Passwort für Crons
-	$cron_pw = $daten[\'cron_pw\'];
-	// beliebiger Alphanumerischer String hilft beim Schutz vor Autoklickern
-	$percode = \'551c3d4318d668cc2b00d02b40d1e6cd282817c2be65d401ed0cff2e6b\';
-	/* Globale Variablen nichts ändern */
-	$ip = $_SERVER[\'REMOTE_ADDR\'];
-	?>
-	';
-	
-	$datei = fopen("../lib/datenbank.inc.php","w");
-	fwrite($datei, $inhalt,100000);
-	fclose($datei);
-}
-
 if($_GET['step'] == 4 && $_GET['db'] == true){
 	require_once('../lib/datenbank.inc.php');
 	

lib/class/chat.class.php

@@ -2,10 +2,9 @@
 
 class chatClass{
     public static function getRestChatLines($id){
-		global $db_host,$db_user,$db_pass,$db_base;
 		$arr = array();
 		$jsonData = '{"results":[';
-		$db_connection = new mysqli( $db_host, $db_user, $db_pass, $db_base);
+		$db_connection = new mysqli( DB_HOST, DB_USER, DB_PASS, DB_BASE );
 		$db_connection->query( "SET NAMES 'UTF8'" );
 		$statement = $db_connection->prepare( "SELECT id, absender, nachricht, time FROM vms_chat WHERE id > ? ");
 		$statement->bind_param( 'i', $id);
@@ -27,8 +26,7 @@ class chatClass{
     }
     
     public static function setChatLines( $chattext, $usrname, $color) {
-		global $db_host,$db_user,$db_pass,$db_base;
-		$db_connection = new mysqli( $db_host, $db_user, $db_pass, $db_base);
+		$db_connection = new mysqli( DB_HOST, DB_USER, DB_PASS, DB_BASE );
 		$db_connection->query( "SET NAMES 'UTF8'" );
 		$statement = $db_connection->prepare( "INSERT INTO chat( usrname, color, chattext) VALUES(?, ?, ?)");
 		$statement->bind_param( 'sss', $usrname, $color, $chattext);
@@ -37,4 +35,4 @@ class chatClass{
 		$db_connection->close();
     }
 }
-?>
+?>
\ No newline at end of file

lib/datenbank.inc.php

-	<?php
-	$db_host = "localhost";
-	// Mysql User
-	$db_user = "vms_suee2";
-	// Mysql PW
-	$db_pass = "lTxyJyZtmSQvaV6M";
-	// Datenbank
-	$db_base = "vms_suee2";
-	//Datenbank Prefix
-	$db_prefix = "vms";
-	
+<?php
+  require_once( __DIR__ .'/db_config.php');
 	//Passwort zusatz
 	$pw_zusatz = 'fg65en';
 	
@@ -16,9 +7,10 @@
 	$ver_schluessel = 'libh5476H6G4v0TB';
 	
 	//Datenbankverbindung herstellen
-	$sql_open = @mysqli_connect($db_host, $db_user, $db_pass, $db_base) or die('Verbindung zum Mysql Server fehlgeschlagen! <br>Tipp: <a href="http://www.vms-tutorial.de/wiki//Lib/Functions">http://www.vms-tutorial.de/wiki//Lib/Functions</a>');
-	$sql_base = @mysqli_select_db($sql_open,$db_base) or die("Keine oder falsche Datenbank gewhlt! Tipp: <br><a href='http://www.vms-tutorial.de/wiki//Lib/Functions'>http://www.vms-tutorial.de/wiki//Lib/Functions</a>");
-	
+	$sql_open = @mysqli_connect( DB_HOST, DB_USER, DB_PASS, DB_BASE ) or die('Verbindung zum Mysql Server fehlgeschlagen! <br>Tipp: <a href="http://www.vms-tutorial.de/wiki//Lib/Functions">http://www.vms-tutorial.de/wiki//Lib/Functions</a>');
+  // why?:
+	$sql_base = @mysqli_select_db($sql_open, DB_BASE ) or die("Keine oder falsche Datenbank gewhlt! Tipp: <br><a href='http://www.vms-tutorial.de/wiki//Lib/Functions'>http://www.vms-tutorial.de/wiki//Lib/Functions</a>");
+
 	/**
 	 * db_connect()
 	 *
@@ -50,6 +42,47 @@
 		}
 		
 	}
+
+/*
+* taken from  nieprzeklinaj at gmail dot com
+* http://php.net/manual/de/mysqli-stmt.bind-result.php
+*/
+function db_fetch($result)
+{   
+    $array = array();
+   
+    if($result instanceof mysqli_stmt)
+    {
+        $result->store_result();
+       
+        $variables = array();
+        $data = array();
+        $meta = $result->result_metadata();
+       
+        while($field = $meta->fetch_field())
+            $variables[] = &$data[$field->name]; // pass by reference
+       
+        call_user_func_array(array($result, 'bind_result'), $variables);
+       
+        $i=0;
+        while($result->fetch())
+        {
+            $array[$i] = array();
+            foreach($data as $k=>$v)
+                $array[$i][$k] = $v;
+            $i++;
+           
+            // don't know why, but when I tried $array[] = $data, I got the same one result in all rows
+        }
+    }
+    elseif($result instanceof mysqli_result)
+    {
+        while($row = $result->fetch_assoc())
+            $array[] = $row;
+    }
+   
+    return $array;
+}
 	
 	function pw_erstellen($pw){
 		global $pw_zusatz;

lib/functions.lib.php

 <?php
 
-// Komprimierung der Ausgabe zwischen 0 & 10 wobei 0 die Komprimierung der Ausgabe deaktiviert Empfohlener Wert: 1
-	$gzip_rate = 0;
-
 /**
  * create_code()
  *
@@ -170,13 +167,6 @@ function bilanz ($ein,$aus,$gruppe,$name) {
 }
 
 
-// GZip
-if ($gzip_rate > 0) {
-    ini_set('zlib.output_compression_level', $gzip_rate);
-    if (ereg("gzip", getenv("HTTP_ACCEPT_ENCODING"))) ob_start("ob_gzhandler");
-    else ob_start();
-}
-
 // Datum im Facebook Stil 
 function niceDate($timestamp) 
 { 

lib/funktionen/chat.php

@@ -23,7 +23,7 @@ if($error == 0){
 				$verguetung = $daten['sb_verguetung']/2;
 				kontobuchung ('+', $verguetung/2, create_code(14), $_SESSION['uid'],'Chatvergütung');
 				$error = 0; $meldung = 'Da du deinen Adblocker an hast, bekommst du nicht die ganze Chat Verg&uuml;tung.<br>
-																Du bekommst nur '. number_format($verguetung/2,2,',','.').' '.$waehrung.' anstatt die vollen '. number_format($verguetung,2,',','.').' '.$waehrung.'.';
+																Du bekommst nur '. number_format($verguetung/2,2,',','.').' '.$pageconfig['waehrung'].' anstatt die vollen '. number_format($verguetung,2,',','.').' '.$pageconfig['waehrung'].'.';
 			}else{
 				kontobuchung ('+', $daten['sb_verguetung'], create_code(14), $_SESSION['uid'],'Chatverg&uuml;tung');
 				$error = 0; $meldung = 'Chat Verg&uuml;tung erhalten.';