Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • isaack/VMS-SUEE_2.0
  • ztk.me/VMS-z
2 results
Show changes
Commits on Source (21)
Showing
with 854 additions and 117 deletions
# Ignore any file named foo.txt.
lib/datenbank.inc.php
\ No newline at end of file
lib/db_config.php
<?php
if(!isset($_GET['data'])) exit;
require ('lib/datenbank.inc.php');
require ('lib/functions.lib.php');
require ('lib/session.lib.php');
require ('ext/ap/ads.inc.php');
list($art, $tan) = explode('-', $_GET['data']); // yeah sorry ;)
$art = base64_decode($art);
$tan = base64_decode($tan);
$kampdaten = $campaigns->getByTanAndType( $tan, $art );
$result_color = 'red';
if( $tan == $_SESSION['current_ad']['tan'] &&
$art == $_SESSION['current_ad']['art'] &&
true == $_SESSION['current_ad']['paid'] &&
false !== $kampdaten
)
{
$result_color = 'green';
}
?><!DOCTYPE html>
<html>
<head>
<!-- never is old spec but will be ignored by new browsers //-->
<meta name="referrer" content="never">
<meta name="referrer" content="no-referrer" />
<title>Hinweis</title>
</head>
<body bgcolor="<?php echo $result_color; ?>">
<?php if( 'green' == $result_color ) { ?>
Diese Anzeige wurde dir mit <?php echo $kampdaten->verdienst .' '. $pageconfig['waehrung']; ?> verg&uuml;tet.
<?php } else { ?>
Nope, das war nix
<?php } ?>
</body>
</html><?php
invalidateAlreadyRunningAd();
?>
<?php
if(!isset($_GET['data'])) exit;
require ('lib/datenbank.inc.php');
require ('lib/functions.lib.php');
require ('lib/session.lib.php');
require ('ext/ap/ads.inc.php');
list($art, $tan) = explode('-', $_GET['data']); // yeah sorry ;)
$art = base64_decode($art);
$tan = base64_decode($tan);
$kampdaten = $campaigns->getByTanAndType( $tan, $art );
// TODO prevent malicious ziel urls
invalidateAlreadyRunningAd();
setCurrentRunningAd( $art, $tan );
?><!DOCTYPE html>
<html>
<head>
<!-- never is old spec but will be ignored by new browsers //-->
<meta name="referrer" content="never">
<meta name="referrer" content="no-referrer" />
<meta http-equiv="refresh" content="0; URL=<?php echo $kampdaten->ziel; ?>">
<title>Anzeige</title>
</head>
<body>
<script>
var notified = false;
function notify()
{
if( false == notified )
{
notified = true;
window.opener.postMessage( { 'action': 'adcheck', 'art': '<?php echo $art; ?>', 'tan': '<?php echo $tan; ?>' }, '<?php echo $pageconfig['domain']; ?>');
}
return true;
}
</script>
<a href="<?php echo $kampdaten->ziel; ?>" rel="noopener noreferrer nofollow" onclick="notify();" >Hier weiter, falls keine automatische Weiterleitung erfolgt.</a>
</body>
</html>
......@@ -576,7 +576,7 @@ $gesperrt = explode(',', $ralleydaten['sperruser']);
while ($pa = mysqli_fetch_array($platz)) {
if (!in_array($pa['uid'], $gesperrt)) {
if ($ralleydaten['gewinner_anzahl'] >= $rp) {
$mg = number_format(($ralleydaten['gewinn_topf'] / 100 * $ralleydaten['p' . $rp]), 2, ',', '.') . ' ' . $waehrung;
$mg = number_format(($ralleydaten['gewinn_topf'] / 100 * $ralleydaten['p' . $rp]), 2, ',', '.') . ' ' . $pageconfig['waehrung'];
} else $mg = '---';
if ($pa['punkte'] < $ralleydaten['mindestpunktzhl']) $mindestpunkt = '<span style="color:#FF6600;">Nicht erreicht.</span>';
if ($pa['punkte'] >= $ralleydaten['mindestpunktzhl']) $mindestpunkt = '<span style="color:#339966;">Erreicht.</span>';
......@@ -591,7 +591,7 @@ while ($pa = mysqli_fetch_array($platz)) {
}
for($x = $rp;$x < 11;$x++) {
$mg = number_format($rally['p' . $rp], 2, ',', '.') . ' ' . $waehrung;
$mg = number_format($rally['p' . $rp], 2, ',', '.') . ' ' . $pageconfig['waehrung'];
$row = ($rp % 2 == 0) ? 0 : 1;
if ($x > $rally['plaetze']) $mg = '---';
?>
......@@ -614,4 +614,4 @@ for($x = $rp;$x < 11;$x++) {
<input type="Submit" name="reset" value="Reseten"><input type="Submit" name="auswert" value="Auswerten">
</div>
</form>
<?php foot();
\ No newline at end of file
<?php foot();
<?php head("Admin ForcedBanner");
if (!isset($_GET['tan'])) $_GET['tan'] = '';
if (!isset($_GET['loeschen'])) $_GET['loeschen'] = '';
if ($_GET['loeschen'] == 'true' && $_GET['tan']) {
db_query("DELETE FROM " . $db_prefix . "_gebuchte_werbung WHERE tan='" . $_GET['tan'] . "' and sponsor='administrator' LIMIT 1");
if ($_GET['loeschen'] == 'true' && isset($_GET['id']) )
{
echo $campaigns->delete( array( 'id' => $_GET['id'] ) ) .' Banner gel&ouml;scht';
}
$forcedbanner = db_query("SELECT * FROM " . $db_prefix . "_gebuchte_werbung WHERE sponsor='administrator' and werbeart = 'forcedbanner' and status = '1' ORDER BY kid ASC");
while ($anzeigen = mysqli_fetch_array($forcedbanner)) {
$forcedbanner = $campaigns->getAll( 'forcedbanner', 1, 'administrator');
foreach($forcedbanner['data'] as $anzeigen)
{
echo '
<table width="100%" cellpadding="0" cellspacing="1" border="0" bgcolor="#c0c0c0">
<tr bgcolor="#f0f0f0">
<td align="center" width="50%"><b>TAN:</b>&nbsp;' . $anzeigen['tan'] . '</td>
<td align="center" width="50%"><b>Vergütung:</b>&nbsp;' . number_format($anzeigen['verdienst'], 2, ",", ".") . '</td>
<td align="center" width="50%"><b>TAN:</b>&nbsp;' . $anzeigen->tan . '</td>
<td align="center" width="50%"><b>Verg&uuml;tung:</b>&nbsp;' . number_format($anzeigen->verdienst, 2, ",", ".") . '</td>
</tr>
<tr bgcolor="#f0f0f0">
<td align="left" colspan="2"><br><b>Ziel:</b> <a href="' . $anzeigen['ziel'] . '">' . $anzeigen['ziel'] . '</a> <br><b>Banner:</b> <a href="' . $anzeigen['banner'] . '">' . $anzeigen['banner'] . '</a><br><br></td>
<td align="left" colspan="2"><br><b>Ziel:</b> <a href="' . $anzeigen->ziel . '">' . $anzeigen->ziel . '</a> <br><b>Banner:</b> <a href="' . $anzeigen->banner . '">' . $anzeigen->banner . '</a><br><br></td>
</tr>
<tr bgcolor="#f0f0f0">
<td align="center" width="50%"><b>Reload:</b>&nbsp;' . $anzeigen['reload'] / 3600 . 'h <b>Rest:</b>&nbsp;' . number_format($anzeigen['menge'], 0, ",", ".") . ' Klicks</td>
<td align="center" width="50%"><a href="?content=/interfacebanner/admin&amp;loeschen=true&amp;tan=' . $anzeigen['tan'] . '" target="_self">Löschen</a></td>
<td align="center" width="50%"><b>Reload:</b>&nbsp;' . $anzeigen->reload / 3600 . 'h <b>Rest:</b>&nbsp;' . number_format($anzeigen->menge, 0, ",", ".") . ' Klicks</td>
<td align="center" width="50%"><a href="?content=/interfacebanner/admin&amp;loeschen=true&amp;id=' . $anzeigen->id . '" target="_self">Löschen</a></td>
</tr>
</table>
<br>
......@@ -30,5 +32,3 @@ while ($anzeigen = mysqli_fetch_array($forcedbanner)) {
foot();
?>
<?php head("ForcedBanner Blacklist");
if (!isset($_GET['kid'])) $_GET['kid'] = '';
if (!isset($_GET['id'])) $_GET['id'] = false;
if (!isset($_GET['loeschen'])) $_GET['loeschen'] = '';
if (!isset($_GET['blacklist'])) $_GET['blacklist'] = '';
if ($_GET['loeschen'] == 'true' && $_GET['kid']) {
db_query("DELETE FROM " . $db_prefix . "_gebuchte_werbung WHERE kid='" . $_GET['kid'] . "' and status = '2' and sponsor='" . $_GET['sponsor'] . "' LIMIT 1");
if ($_GET['loeschen'] == 'true' && $_GET['id'])
{
$campaigns->delete( array( 'id' => $_GET['id'] ) );
}
if ($_GET['blacklist'] == 'true' && $_GET['kid']) {
db_query("UPDATE " . $db_prefix . "_gebuchte_werbung SET status = '1' WHERE kid='" . $_GET['kid'] . "' and sponsor='" . $_GET['sponsor'] . "' LIMIT 1");
if ($_GET['blacklist'] == 'true' && $_GET['id'])
{
$campaigns->update( array( 'status' => 1 ), array( 'id' => $_GET['id'] ) );
}
$forcedbanner = db_query("SELECT * FROM " . $db_prefix . "_gebuchte_werbung WHERE werbeart = 'forcedbanner' and status = '2' ORDER BY kid ASC");
while ($anzeigen = mysqli_fetch_array($forcedbanner)) {
$forcedbanner = $campaigns->getAll( 'forcedbanner', 2);
foreach( $forcedbanner['data'] as $anzeigen)
{
echo '
<table width="100%" cellpadding="0" cellspacing="1" border="0" bgcolor="#c0c0c0">
<tr bgcolor="#f0f0f0">
<td align="center" width="50%">TAN:&nbsp;' . $anzeigen['tan'] . '<br>KID:&nbsp;' . $anzeigen['kid'] . ' (' . $anzeigen['sponsor'] . ')</td>
<td align="center" width="50%">Bet:&nbsp;' . number_format($anzeigen['preis'], 2, ",", ".") . ' / User:&nbsp;' . number_format($anzeigen['verdienst'], 2, ",", ".") . '</td>
<td align="center" width="50%">TAN:&nbsp;' . $anzeigen->tan . '<br>KID:&nbsp;' . $anzeigen->kid . ' (' . $anzeigen->sponsor . ')</td>
<td align="center" width="50%">Bet:&nbsp;' . number_format($anzeigen->preis, 2, ",", ".") . ' / User:&nbsp;' . number_format($anzeigen->verdienst, 2, ",", ".") . '</td>
</tr>
<tr bgcolor="#f0f0f0">
<td align="center" colspan="2"><a href="' . $anzeigen['ziel'] . '" target="_blank"><img alt="Sponsorenbanner" src="' . $anzeigen['banner'] . '" border="0" width="468" height="60"></a></td>
<td align="center" colspan="2"><a href="' . $anzeigen->ziel . '" target="_blank"><img alt="Sponsorenbanner" src="' . $anzeigen->banner . '" border="0" width="468" height="60"></a></td>
</tr>
<tr bgcolor="#f0f0f0">
<td align="center" width="50%">Reload:&nbsp;' . $anzeigen['reload'] / 3600 . ' Std. / Rest:&nbsp;' . number_format($anzeigen['menge'], 0, ",", ".") . '</td>
<td align="center" width="50%"><a href="?content=/interfacebanner/blacklist&amp;sponsor=' . $anzeigen['sponsor'] . '&amp;loeschen=true&amp;kid=' . $anzeigen['kid'] . '" target="_self">Löschen</a> <a href="?content=/interfacebanner/blacklist&amp;sponsor=' . $anzeigen['sponsor'] . '&amp;blacklist=true&amp;kid=' . $anzeigen['kid'] . '" target="_self">Löschen-Blacklist</a></td>
<td align="center" width="50%">Reload:&nbsp;' . $anzeigen->reload / 3600 . ' Std. / Rest:&nbsp;' . number_format($anzeigen->menge, 0, ",", ".") . '</td>
<td align="center" width="50%"><a href="?content=/interfacebanner/blacklist&amp;sponsor=' . $anzeigen->sponsor . '&amp;loeschen=true&amp;id=' . $anzeigen->id . '" target="_self">L&ouml;schen</a> <a href="?content=/interfacebanner/blacklist&amp;sponsor=' . $anzeigen->sponsor . '&amp;blacklist=true&amp;id=' . $anzeigen->id . '" target="_self">Freischalten</a></td>
</tr>
</table>
<br>
......@@ -33,4 +36,3 @@ while ($anzeigen = mysqli_fetch_array($forcedbanner)) {
foot();
?>
......@@ -45,7 +45,7 @@ define("NAV_LEISTE","6");
<tr>
<th>Zeit</th>
<th>Buchung</th>
<th><?php echo $waehrung;?></th>
<th><?php echo $pageconfig['waehrung'];?></th>
<th>Verwendungszweck</th>
<th>TAN</th>
<th>Kontobuchung erfolgreich</th>
......@@ -53,4 +53,4 @@ define("NAV_LEISTE","6");
<?php echo $buchungen;?>
</table>
<?php echo $nav_minus;?>
\ No newline at end of file
<?php echo $nav_minus;?>
......@@ -4,7 +4,7 @@
<table class="table table-striped">
<tr>
<td><b>Kontostand</b>:</td>
<td><?php echo number_format($alledaten['kontostand'],2,",",".").' '.$waehrung;?></td>
<td><?php echo number_format($alledaten['kontostand'],2,",",".").' '.$pageconfig['waehrung'];?></td>
</tr>
<tr>
<td><br /><b>Summe</b>:</td>
......@@ -22,4 +22,4 @@
<div class="text-center">
<input type="submit" name="finanze" class="btn btn-default" value="&raquo; Buchen" />
</div>
</form>
\ No newline at end of file
</form>
......@@ -22,11 +22,11 @@
<tr bgcolor="#ededed">
<td>&nbsp;<b>ForcedKlicks</b>:</td>
<td width=50 align="right"><?php echo $alledaten['klicks'];?>&nbsp;</td>
<td align="right"><?php echo number_format ($alledaten['kv'], 2, ',', '.').' '.$waehrung;?>&nbsp;</td>
<td align="right"><?php echo number_format ($alledaten['kv'], 2, ',', '.').' '.$pageconfig['waehrung'];?>&nbsp;</td>
</tr>
<tr bgcolor="#fafafa">
<td>&nbsp;<b>Betteln</b>:</td>
<td align="right"><?php echo $alledaten['angebettelt'];?>&nbsp;</td>
<td align="right"><?php echo number_format ($alledaten['bv'], 2, ',', '.').' '.$waehrung;?>&nbsp;</td>
<td align="right"><?php echo number_format ($alledaten['bv'], 2, ',', '.').' '.$pageconfig['waehrung'];?>&nbsp;</td>
</tr>
</table>
\ No newline at end of file
</table>
......@@ -25,7 +25,7 @@ $einnahme = $_POST['buchungsmenge'];
}
bilanz($einnahme,$ausgabe);
$nachricht = 'Hallo,'."\n\n".'Es wurde soeben eine Buchung auf dein Userkonto ausgeführt:'."\n\n".$_POST['buchungsart'].' '.number_format($_POST['buchungssumme'], 2, ',', '.').' '.$waehrung.' '.$_POST['buchungstext']."\n\n\n".'Mit freundlichen Grüßen, dein '.$seitenname.'-Team';
$nachricht = 'Hallo,'."\n\n".'Es wurde soeben eine Buchung auf dein Userkonto ausgeführt:'."\n\n".$_POST['buchungsart'].' '.number_format($_POST['buchungssumme'], 2, ',', '.').' '.$pageconfig['waehrung'].' '.$_POST['buchungstext']."\n\n\n".'Mit freundlichen Grüßen, dein '.$seitenname.'-Team';
if (isset ($_POST['send_mail']) && $_POST['send_mail'] == 'ja') usermail ($_POST['email'],$seitenname.' Kontobuchung', $nachricht, '"'.$seitenname.'" <'.$betreibermail.'>');
}
}
......@@ -109,4 +109,4 @@ $alledaten = userinfo($_GET['uid']);
</div>
</div>
<?php foot(); ?>
\ No newline at end of file
<?php foot(); ?>
......@@ -15,13 +15,25 @@ if ($_POST['buchen'] == 'Jetzt Buchen') {
if (!is_numeric($_POST['menge'])) $buchungsfehler .= 'Bei Menge nur Zahlen!<br>';
if (!$_POST['banner_url'] or !$_POST['menge'] or !$_POST['ziel'] or !$_POST['reload']) $buchungsfehler .= 'Bitte alle Felder ausfüllen!<br>';
if ($_POST['reload'] < 1 or $_POST['reload'] > 24 or !is_numeric($_POST['reload'])) $buchungsfehler .= 'Bei Reloadzeit nur Zahlen und zwischen 1 und 24 Stunden!<br>';
if ($_POST['aufendhalt'] < 0 or $_POST['aufendhalt'] > 30 or !is_numeric($_POST['aufendhalt'])) $buchungsfehler .= 'Bei dem Aufendhalt nur Zahlen und zwischen 0 und 30 Sekunden!<br>';
if ($_POST['aufendhalt'] > 30 or $_POST['aufendhalt'] < 0 or !is_numeric($_POST['aufendhalt'])) $buchungsfehler .= 'Aufendhalt nur Zahlen und zwischen 1 und 30 Sek.!<br>';
if ($_POST['aufendhalt'] < 0 or !is_numeric($_POST['aufendhalt'])) $buchungsfehler .= 'Aufenthalt nur Zahlen und mindestens 1 Sek.!<br>';
// Buchung durchführen
if (!$buchungsfehler) {
$buchungs_id = create_code(32);
$reload = $_POST['reload'] * 60 * 60;
db_query("INSERT INTO " . $db_prefix . "_gebuchte_werbung (tan,ziel,banner,aufendhalt,menge,preis,verdienst,werbeart,status,reload,sponsor) VALUES ('" . $buchungs_id . "','" . $_POST['ziel'] . "','" . $_POST['banner_url'] . "','" . $_POST['aufendhalt'] . "','" . $_POST['menge'] . "','0','" . $_POST['verdienst'] . "','forcedbanner','1','" . $reload . "','administrator')");
$data = array(
'tan' => $buchungs_id,
'ziel' => $_POST['ziel'],
'banner' => $_POST['banner_url'],
'aufendhalt' => $_POST['aufendhalt'],
'menge' => $_POST['menge'],
'preis' => 0,
'verdienst' => $_POST['verdienst'],
'werbeart' => 'forcedbanner',
'status' => 1,
'reload' => $reload,
'sponsor' => 'administrator',
);
$campaigns->insert( $data );
$buchung = 'true';
}
}
......@@ -63,11 +75,11 @@ head("Formular Forcedbanner 468*60");
</tr>
<tr>
<td>Aufendhalt (Sekunden)</td>
<td><input type="Text" name="aufendhalt" value="' . $_POST['aufendhalt'] . '" style="width:40px" maxlength="2"> max. 30</td>
<td><input type="Text" name="aufendhalt" value="' . $_POST['aufendhalt'] . '" style="width:40px" maxlength="2"></td>
</tr>
<tr>
<td align="center" valign="middle" colspan="2"><input type="Submit" name="buchen" value="Jetzt Buchen"></td>
</tr>
</table>
</form>';
foot();
\ No newline at end of file
foot();
......@@ -31,8 +31,8 @@ WHERE (e.freigabe_fuer = '3' or e.freigabe_fuer = '2') AND k.status=1 ORDER BY R
while ($versendet = mysqli_fetch_array($senden)) {
db_query("INSERT INTO " . $db_prefix . "_paidmails_empfaenger (uid,gueltig,tan,status,aufendhalt) VALUES ('" . $versendet['uid'] . "','" . $bis . "','" . $tan . "','0','" . $_POST['aufendhalt'] . "')");
$message = 'Hallo,
dieses ist eine neue ' . $seitenname . ' Paidmail, für dessen Bestätigung
Du ' . $_POST['verdienst'] . ' ' . $waehrung . ' für ' . $_POST['aufendhalt'] . ' Sek. aufenthalt erhälst!
dieses ist eine neue ' . $pageconfig['seitenname'] . ' Paidmail, für dessen Bestätigung
Du ' . $_POST['verdienst'] . ' ' . $pageconfig['waehrung'] . ' für ' . $_POST['aufendhalt'] . ' Sek. aufenthalt erhälst!
Diese Paidmail ist gültig bis ' . date("d.m.Y - H:i:s", $bis) . '
' . $_POST['beschreibung'] . '
......@@ -40,17 +40,17 @@ WHERE (e.freigabe_fuer = '3' or e.freigabe_fuer = '2') AND k.status=1 ORDER BY R
' . $_POST['mailtext'] . '
--------------------------------------------------------------------
Die Betreiber von ' . $seitenname . ' distanzieren sich vom Inhalt dieser Mail!
Die Betreiber von ' . $pageconfig['seitenname'] . ' distanzieren sich vom Inhalt dieser Mail!
Diese Mail ist kein Spam da der Empfänger als Mitglied von
' . $seitenname . ' dem Empfang zugestimmt hat.
' . $pageconfig['seitenname'] . ' dem Empfang zugestimmt hat.
Bestätigungslink:
' . $domain . '/pclick.php?tan=' . $tan . '&uid=' . $versendet["uid"] . '
' . $pageconfig['domain'] . '/pclick.php?tan=' . $tan . '&uid=' . $versendet["uid"] . '
Mit freundlichen Grüßen
Das ' . $seitenname . ' Team';
usermail($versendet['emailadresse'], 'Neue ' . $seitenname . ' Paidmail', $message, '"' . $seitenname . '" <' . $betreibermail . '>') or die('Versandfehler');
Das ' . $pageconfig['seitenname'] . ' Team';
usermail($versendet['emailadresse'], 'Neue ' . $pageconfig['seitenname'] . ' Paidmail', $message, '"' . $pageconfig['seitenname'] . '" <' . $betreibermail . '>') or die('Versandfehler');
}
$msg_send = '<b><div align="center"><font color="#800000">Diese Paidmail wurd an ' . $_POST['menge'] . ' User versendet</font></div></b>';
}
......@@ -94,4 +94,4 @@ echo '
</form>
' . $msg_send;
foot();
\ No newline at end of file
foot();
<?php
if (!isset($_GET['frame'])) $_GET['frame'] = false;
if (!isset($_GET['testen'])) $_GET['testen'] = true;
if (!isset($_GET['tan'])) $_GET['tan'] = "";
if ($_GET['testen'] == 'true') {
if ($_GET['frame'] == 'true') {
echo 'Dies ist der Testframe';
} else {
@require_once ('../lib/functions.lib.php');
@db_connect();
if (!isset($_GET['art'])) $_GET['art'] = "";
if (!isset($forced['tan'])) $forced['tan'] = "";
if (!isset($forced['ziel'])) $forced['ziel'] = "";
// SecVMS change begin
$_GET['tan'] = addslashes ($_GET['tan']);
// SecVMS change end
$forced = mysql_fetch_assoc(db_query("SELECT ziel FROM " . $db_prefix . "_gebuchte_werbung WHERE tan='" . $_GET['tan'] . "' LIMIT 1"));
if ($forced) {
$ziel = $forced['ziel'];
} else {
$ziel = urldecode($_GET['url']);
}
echo '
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Framekiller-Test by ' . $seitenname . '</title>
</head>
<frameset rows="75,*" border="0">
<frame src="frametest.php?testen=true&frame=true" name="abuse" frameborder="0" scrolling="no" marginheight="10">
<frame name="werbung" src="' . $ziel . '" scrolling="auto" frameborder="0" marginheight="10">
<noscript>Bei dir ist kein Javascript aktiviert!</noscript>
</frameset><noframes></noframes><noframes>Bei dir sind keine Frames aktiviert!</noframes>
</body>
</html>';
db_close();
}
} else {
echo 'Javascript Test! Bitte warte einen Moment!
<script type="text/javascript">
<!--
document.location = "frametest.php?url=' . $_GET['url'] . '&testen=true&tan=' . $_GET['tan'] . '";
//-->
</script>';
}
\ No newline at end of file
......@@ -9,16 +9,17 @@
if ($_GET['content'] {0} != '/') $_GET['content'] = '/' . $_GET['content'];
}
if (!ini_get('display_errors')) {
ini_set('display_errors', '0');
ini_set('display_errors', '1');
}
if (!isset($_GET['content']) || empty ($_GET['content'])) $_GET['content'] = '/startseite';
if (!file_exists('content' . $_GET['content'] . '.php')) $_GET['content'] = '/error/keine_seite';
require ('../lib/datenbank.inc.php');
require ('../lib/datenbank.inc.php');
require ('../lib/functions.lib.php');
session_start();
$pageconfig = mysqli_fetch_array(db_query("SELECT * FROM " . $db_prefix . "_seitenkonfig LIMIT 1"));
require ('lib/layout.lib.php');
require ( '../lib/extras.lib.php' );
require ('../lib/extra/mail.php');
......@@ -45,9 +46,7 @@ if (!ini_get('display_errors')) {
}
}
?>
<!DOCTYPE html>
?><!DOCTYPE html>
<html lang='de'>
<head>
<title>..:: Adminforce ::..</title>
......@@ -83,7 +82,7 @@ if (!ini_get('display_errors')) {
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="<?php echo $domain.'/adminforce';?>">..:: Adminforce ::..</a>
<a class="navbar-brand" href="<?php echo $pageconfig['domain'].'/adminforce';?>">..:: Adminforce ::..</a>
</div>
<div id="navbar" class="navbar-collapse collapse">
<?php if(isset($_SESSION['admin']) && $_SESSION['admin'] == 1){?>
......@@ -104,7 +103,7 @@ if (!ini_get('display_errors')) {
<div class="container-fluid">
<div class="row">
<div class="col-sm-3 col-md-2 sidebar">
<?php if($_SESSION['admin'] == 1) require_once('lib/menue_links.php');?>
<?php if(isset($_SESSION['admin']) && $_SESSION['admin'] == 1) require_once('lib/menue_links.php');?>
</div>
<div class="col-sm-9 col-sm-offset-3 col-md-10 col-md-offset-2 main">
<div class="jumbotron">
......@@ -144,15 +143,16 @@ if (!ini_get('display_errors')) {
</div>
<?php
}
if($_SESSION['admin'] == 1) {
if(file_exists('../install')){
echo '<div class="alert alert-danger text-center">Du musst den Ordner install noch l&ouml;schen</div>';
}
require_once('content'.$_GET['content'].'.php');
if( isset($_SESSION['admin']) && $_SESSION['admin'] == 1 )
{
if(file_exists('../install')){
echo '<div class="alert alert-danger text-center">Du musst den Ordner install noch l&ouml;schen</div>';
}
require_once('content'.$_GET['content'].'.php');
}else{
echo '
<form method="post">
<input type="Text" name="loginname" value="'.$_POST['loginname'].'" placeholder="Username">
<input type="Text" name="loginname" value="" placeholder="Username">
<input type="Password" name="passwort" value="" placeholder="Passwort">
<button type="submit" name="check" value="Login">Login</button>
</form>
......
......@@ -10,8 +10,8 @@ $qres = db_query("SHOW TABLES") or die(mysqli_error($sql_open));
while (list($tabelle) = mysqli_fetch_row($qres)){
db_query("DROP TABLE IF EXISTS ". $tabelle);
}
$command='mysql -h' .$db_host .' -u' .$db_user .' -p' .$db_pass .' ' .$db_base .' < backup/' .$_POST['datei'];
// DB_PASS on cli ... happy person watching process list
$command='mysql -h' .DB_HOST .' -u' .DB_USER .' -p' .DB_PASS .' ' . DB_BASE .' < backup/' .$_POST['datei'];
exec($command,$output=array(),$worked);
$meldung = meldung(0,'Die Daten aus der Datei <b>' .$_POST['datei'] .'</b> wurden erfolgreich eingespielt in der Datenbank <b>' .$_POST['datei'] .'</b>');
......@@ -21,4 +21,4 @@ if (is_writable('backup/' .$_POST['datei'])) {
$fp = versch($fp);
file_put_contents('backup/' .$_POST['datei'], $fp);
}
?>
\ No newline at end of file
?>
<?php
class Campaigns
{
private $database;
const FIELDS_gebuchte_werbung = ' `t1`.`id`, `t1`.`uid`, `t1`.`tan`, `t1`.`kid`, `t1`.`ziel`, `t1`.`banner`,
`t1`.`verdienst`, `t1`.`preis`, `t1`.`aufendhalt`, `t1`.`menge`, `t1`.`reload`,
`t1`.`sponsor`, `t1`.`werbeart`, `t1`.`status` ';
public function __construct( $database )
{
$this->database = $database;
}
public function decreaseAvailCountById( $id, $value = 1 )
{
$sql = 'UPDATE `'. DB_PREFIX . '_gebuchte_werbung` SET `menge` = GREATEST(0, `menge` - :value ) WHERE `id`= :id';
$sql_params = array(
':id' => $id,
':value' => $value
);
return $this->database->sqlUpdate($sql, $sql_params);
}
public function getIsClickableByTanAndType( $tan, $type, $ip, $uid, $zeit )
{
$sql = self::FIELDS_gebuchte_werbung .'
FROM `'. DB_PREFIX .'_gebuchte_werbung` AS `t1`
LEFT JOIN `'. DB_PREFIX .'_reloads` AS `t2` ON
(
`t1`.`tan` = `t2`.`tan` AND
(
`t2`.`uid` = :t2uid OR
`t2`.`ip` = :t2ip
) AND
`t2`.`bis` > :t2bis
)
WHERE
`t1`.`tan` = :t1tan AND
`t2`.`tan` IS NULL AND
`t1`.`werbeart` = :t1type AND
`t1`.`menge` >= 1 AND
`t1`.`status` = 1 AND
`t1`.`sponsor` != :t1uid
LIMIT 1';
$sql_params = array(
':t2uid' => $uid,
':t2ip' => $ip,
':t2bis' => $zeit,
':t1tan' => $tan,
':t1type' => $type,
':t1uid' => $uid,
);
$result = $this->database->select( $sql, $sql_params );
return ( isset($result[0]) ) ? $result[0] : false;
}
public function getByTanAndType( $tan, $type, $status = false )
{
$where_status = ( false !== $status ) ? ' AND `status` = :status ' : '';
$sql = self::FIELDS_gebuchte_werbung .' FROM `'.DB_PREFIX.'_gebuchte_werbung` AS `t1` WHERE `tan` = :tan AND `werbeart` = :type '.$where_status.' LIMIT 1';
$sql_params = array(
':tan' => $tan,
':type' => $type,
);
if( false !== $status )
{
$sql_params[':status'] = $status;
}
$result = $this->database->select($sql, $sql_params);
return ( isset($result[0]) ) ? $result[0] : false;
}
public function getNewAdData( $art, $uid, $ip, $limit = 3 )
{
$zeit = time();
$result = array('count' => 0, 'data' => array() );
$num_limit = (int)$limit;
$sql = self::FIELDS_gebuchte_werbung .'
FROM `' . DB_PREFIX . '_gebuchte_werbung` AS `t1`
LEFT JOIN `' . DB_PREFIX . '_reloads` AS `t2` ON (`t1`.`tan` = `t2`.`tan` AND ( `t2`.`uid` = :ruid OR `t2`.`ip` = :ip ) AND t2.bis >= :zeit)
LEFT JOIN `' . DB_PREFIX . '_fb_blacklist` AS `t3` ON `t3`.`kid` = `t1`.`kid` AND `t3`.`werbeart`=`t1`.`werbeart`
LEFT JOIN `' . DB_PREFIX . '_userblacklist` AS `t4` ON `t4`.`uid` = :ubuid
WHERE
(`t3`.`kid` IS NULL OR LOCATE(`t3`.`sponsor`, `t1`.`ziel`) = 0) AND
`t2`.`tan` IS NULL AND
`t1`.`werbeart` = :wart AND
`t1`.`menge` > 0 AND
`t1`.`status` = 1 AND
`t1`.`verdienst` > 0 AND
`t1`.`sponsor` != :spuid
ORDER BY `t1`.`verdienst` DESC LIMIT '.$num_limit;
$sql_params = array(
':ruid' => $uid,
':ip' => $ip,
':zeit' => $zeit,
':ubuid'=> $uid,
':wart' => $art,
':spuid'=> $uid,
);
$result['data'] = $this->database->select($sql, $sql_params);
$result['count'] = count($result['data']);
return $result;
}
public function getAll( $art, $status = false, $sponsor = false, $limit = false, $start = false)
{
$result = array('count' => 0, 'data' => array() );
$sql_params = array();
$sql = self::FIELDS_gebuchte_werbung .' FROM `' . DB_PREFIX . '_gebuchte_werbung` AS `t1`
WHERE';
if( false !== $sponsor )
{
$sql .= '`t1`.`sponsor` = :sponsor AND ';
$sql_params[':sponsor'] = $sponsor;
}
if( false !== $status )
{
$sql .= '`t1`.`status` = :status AND ';
$sql_params[':status'] = $status;
}
$sql .= '`t1`.`werbeart` = :wart
ORDER BY kid ASC ';
$sql_params[':wart'] = $art;
$result['data'] = $this->database->select($sql, $sql_params);
$result['count'] = count($result['data']);
return $result;
}
public function delete( $where )
{
return $this->database->delete( '`' . DB_PREFIX . '_gebuchte_werbung`' , $where );
}
public function update( $data, $where )
{
return $this->database->update( '`' . DB_PREFIX . '_gebuchte_werbung`' , $data, $where );
}
public function insert( $data )
{
return $this->database->insert( '`' . DB_PREFIX . '_gebuchte_werbung`' , $data );
}
public function getTimeToFirstOffReloadAd( $art, $uid )
{
$zeit = time();
$retval = NULL;
$sql = ' `r`.`bis` FROM `'.DB_PREFIX.'_reloads` AS `r`
LEFT JOIN `'.DB_PREFIX.'_gebuchte_werbung` AS `ad` ON (`ad`.`tan` = `r`.`tan` AND `ad`.`status` = 1 AND `ad`.`werbeart` = :wart AND `ad`.`sponsor` != :spuid)
WHERE
`r`.`uid` = :ruid AND `ad`.`tan` IS NOT NULL AND `r`.`bis` > :zeit
ORDER BY `r`.`bis` ASC LIMIT 1';
$sql_params = array(
':wart' => $art,
':spuid' => $uid,
':ruid' => $uid,
':zeit' => $zeit,
);
$result = $this->database->select($sql, $sql_params);
if( isset($result[0]) )
{
$res = $result[0];
$retval = (($res->bis - $zeit ) >= 0) ? ($res->bis - $zeit) : NULL;
}
return $retval;
}
}
<?php
// https://raw.githubusercontent.com/daveismyname/pdo-wrapper/master/database.php
require_once( __DIR__ .'/databaseTable.php' );
class DaveDatabase extends PDO
{
/**
* @var array Array of saved databases for reusing
*/
protected static $instances = array();
/**
* Static method get
*
* @param array $group
* @return \helpers\database
*/
public static function get($group = false)
{
// Determining if exists or it's not empty, then use default group defined in config
$group = !$group ? array (
'type' => DB_TYPE,
'host' => DB_HOST,
'name' => DB_NAME,
'user' => DB_USER,
'pass' => DB_PASS
) : $group;
// Group information
$type = $group['type'];
$host = $group['host'];
$name = $group['name'];
$user = $group['user'];
$pass = $group['pass'];
// ID for database based on the group information
$id = "$type.$host.$name.$user.$pass";
// Checking if the same
if (isset(self::$instances[$id])) {
return self::$instances[$id];
}
$instance = new Database("$type:host=$host;dbname=$name;charset=utf8", $user, $pass);
$instance->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Setting Database into $instances to avoid duplication
self::$instances[$id] = $instance;
//return the pdo instance
return $instance;
}
/**
* run raw sql queries
* @param string $sql sql command
* @return none
*/
public function raw($sql)
{
$this->query($sql);
}
/**
* method for selecting records from a database
* @param string $sql sql query
* @param array $array named params
* @param object $fetchMode
* @param string $class class name
* @return array returns an array of records
*/
public function select($sql, $array = array(), $fetchMode = PDO::FETCH_OBJ, $class = '')
{
// Append select if it isn't appended.
if (strtolower(substr($sql, 0, 7)) !== 'select ') {
$sql = "SELECT " . $sql;
}
$stmt = $this->prepare($sql);
foreach ($array as $key => $value) {
if (is_int($value)) {
$stmt->bindValue("$key", $value, PDO::PARAM_INT);
} else {
$stmt->bindValue("$key", $value);
}
}
$stmt->execute();
if ($fetchMode === PDO::FETCH_CLASS) {
return $stmt->fetchAll($fetchMode, $class);
} else {
return $stmt->fetchAll($fetchMode);
}
}
/**
* Count method
* @param string $table table name
* @param string $column optional
*/
public function count($table, $column= 'id') {
$stmt = $this->prepare("SELECT $column FROM $table");
$stmt->execute();
return $stmt->rowCount();
}
/**
* insert method
* @param string $table table name
* @param array $data array of columns and values
*/
public function insert($table, $data)
{
ksort($data);
$fieldNames = implode(',', array_keys($data));
$fieldValues = ':'.implode(', :', array_keys($data));
$stmt = $this->prepare("INSERT INTO $table ($fieldNames) VALUES ($fieldValues)");
foreach ($data as $key => $value) {
$stmt->bindValue(":$key", $value);
}
$stmt->execute();
return $this->lastInsertId();
}
/**
* update method
* @param string $table table name
* @param array $data array of columns and values
* @param array $where array of columns and values
*/
public function update($table, $data, $where)
{
ksort($data);
$fieldDetails = null;
foreach ($data as $key => $value) {
$fieldDetails .= "$key = :$key,";
}
$fieldDetails = rtrim($fieldDetails, ',');
$whereDetails = null;
$i = 0;
foreach ($where as $key => $value) {
if ($i == 0) {
$whereDetails .= "$key = :$key";
} else {
$whereDetails .= " AND $key = :$key";
}
$i++;
}
$whereDetails = ltrim($whereDetails, ' AND ');
$stmt = $this->prepare("UPDATE $table SET $fieldDetails WHERE $whereDetails");
foreach ($data as $key => $value) {
$stmt->bindValue(":$key", $value);
}
foreach ($where as $key => $value) {
$stmt->bindValue(":$key", $value);
}
$stmt->execute();
return $stmt->rowCount();
}
/**
* Delete method
* @param string $table table name
* @param array $data array of columns and values
* @param array $where array of columns and values
* @param integer $limit limit number of records
*/
public function delete($table, $where, $limit = 1)
{
ksort($where);
$whereDetails = null;
$i = 0;
foreach ($where as $key => $value) {
if ($i == 0) {
$whereDetails .= "$key = :$key";
} else {
$whereDetails .= " AND $key = :$key";
}
$i++;
}
$whereDetails = ltrim($whereDetails, ' AND ');
//if limit is a number use a limit on the query
if (is_numeric($limit)) {
$uselimit = "LIMIT $limit";
}
$stmt = $this->prepare("DELETE FROM $table WHERE $whereDetails $uselimit");
foreach ($where as $key => $value) {
$stmt->bindValue(":$key", $value);
}
$stmt->execute();
return $stmt->rowCount();
}
/**
* truncate table
* @param string $table table name
*/
public function truncate($table)
{
return $this->exec("TRUNCATE TABLE $table");
}
}
class Database extends DaveDatabase
{
private $table_objects = array();
public function getTable( $table_name )
{
if( !isset($this->table_objects[$table_name]) )
{
$this->loadTableObject( $table_name );
}
return ( isset($this->table_objects[$table_name]) ) ? $this->table_objects[$table_name] : false;
}
private function loadTableObject( $table_name )
{
$result = false;
$filepath = __DIR__ .'/database/'.$table_name.'.ext.php';
if( !file_exists( $filepath ) )
{
$this->tryCreateTableDefinition( $table_name );
}
if( file_exists( $filepath ) )
{
require_once( $filepath );
$class_name = 'Table'. $table_name;
if( class_exists( $class_name ) )
{
$this->table_objects[$table_name] = new $class_name();
$result = true;
}
}
return $result;
}
private function tryCreateTableDefinition( $table_name )
{
$table_class = new DatabaseTable($this, $table_name);
$table_class->getColumnMeta();
var_dump($table_class->fields);
var_dump($table_class->field_meta);
var_dump($table_class->primary_key);
}
/*
* $db->select("`username` FROM `members` WHERE `memberID` = :id and `email` = :email", array(':id' => 1, ':email' => 'someone@domain.com'));
* $db->selectAll("members", "WHERE `memberID` = :id and `email` = :email", array(':id' => 1, ':email' => 'someone@domain.com'));
*/
public function selectAll($sql, $array = array(), $fetchMode = PDO::FETCH_OBJ, $class = '')
{
}
/**
* sqlUpdate method
* @param string $sql the query
* @param array $data array of columns and values
*/
public function sqlUpdate($sql, $array = array())
{
$stmt = $this->prepare($sql);
foreach ($array as $key => $value) {
if (is_int($value))
{
$stmt->bindValue("$key", $value, PDO::PARAM_INT);
}
else
{
$stmt->bindValue("$key", $value);
}
}
$stmt->execute();
return $stmt->rowCount();
}
}
<?php
class DatabaseTable
{
public $fields = array();
public $field_meta = array();
public $primary_key = NULL;
private $database;
private $table_name;
public function __construct( $database, $table_name )
{
$this->database = $database;
$this->table_name = $table_name;
}
/**
* Will attempt to bind columns with datatypes based on parts of the column type name
* Any part of the name below will be picked up and converted unless otherwise sepcified
* Example: 'VARCHAR' columns have 'CHAR' in them, so 'char' => PDO::PARAM_STR will convert
* all columns of that type to be bound as PDO::PARAM_STR
* If there is no specification for a column type, column will be bound as PDO::PARAM_STR
*/
protected $pdo_bind_types = array(
'char' => PDO::PARAM_STR,
'int' => PDO::PARAM_INT,
'bool' => PDO::PARAM_BOOL,
'date' => PDO::PARAM_STR,
'time' => PDO::PARAM_INT,
'text' => PDO::PARAM_STR,
'blob' => PDO::PARAM_LOB,
'binary' => PDO::PARAM_LOB
);
/**
* Parse PDO-produced column type
* [internal function]
*/
protected function parseColumnType($col_type)
{
$col_info = array();
$col_parts = explode(" ", $col_type);
if( $fparen = strpos($colParts[0], "(") )
{
$col_info['type'] = substr($col_parts[0], 0, $fparen);
$col_info['pdo_type'] = '';
$col_info['length'] = str_replace(")", "", substr($col_parts[0], $fparen+1));
$col_info['attributes'] = isset($col_parts[1]) ? $col_parts[1] : NULL;
}
else
{
$col_info['type'] = $col_parts[0];
}
// PDO Bind types
$pdo_type = '';
foreach($this->pdo_bind_types as $pKey => $pType)
{
if(strpos(' '.strtolower($col_info['type']).' ', $pKey))
{
$col_info['pdo_type'] = $pType;
break;
}
else
{
$col_info['pdo_type'] = PDO::PARAM_STR;
}
}
return $col_info;
}
/**
* Automatically get column metadata
*/
protected function getColumnMeta($refresh = false)
{
if( $refresh )
{
// Clear any previous column/field info
$this->fields = array();
$this->field_meta = array();
$this->primary_key = NULL;
}
// Automatically retrieve column information if column info not specified
if( count($this->fields) == 0 || count($this->field_meta) == 0 )
{
// Fetch all columns and store in $this->fields
// TODO prepared statement ...
$columns = $this->database->query("SHOW COLUMNS FROM " . $this->table_name, PDO::FETCH_ASSOC);
foreach( $columns as $key => $col )
{
// Insert into fields array
$col_name = $col['Field'];
$this->fields[$col_name] = $col;
if( $col['Key'] == "PRI" && empty($this->primary_key) )
{
$this->primary_key = $col_name;
}
// Set field types
$col_type = $this->parseColumnType($col['Type']);
$this->field_meta[$col_name] = $col_type;
}
}
return true;
}
}
<?php
class Stats
{
private $database;
public function __construct( $database )
{
$this->database = $database;
}
public function adsTotalsCount( $art, $personal = false )
{
$sql = ' COUNT(`t1`.`tan`) AS `ganzahl`, SUM(`t1`.`verdienst`) AS `gverdienst`, SUM(`t1`.`aufendhalt`) AS `gaufenthalt`,
SUM(`t1`.`menge` * `t1`.`verdienst`) AS `totalvalue`,
SUM(`t1`.`menge`) AS `totalclicks`
FROM `'.DB_PREFIX.'_gebuchte_werbung` AS `t1` ';
if( false !== $personal )
$sql .= ' LEFT JOIN `'.DB_PREFIX.'_userblacklist` `t4` ON `t4`.`uid` = :juid ';
// TODO fix join on blacklist, kid only works with sponsor, going to use id anyway...
$sql .= ' LEFT JOIN `'.DB_PREFIX.'_fb_blacklist` AS `t3` ON `t3`.`kid` = `t1`.`kid` AND `t3`.`werbeart`=`t1`.`werbeart`
WHERE
(`t3`.`kid` IS NULL OR LOCATE(`t3`.`sponsor`, `t1`.`ziel`) = 0) AND
`t1`.`werbeart` = :wart AND
`t1`.`reload` >= 100 AND
`t1`.`menge` > 0 AND
`t1`.`status` = 1 AND
`t1`.`verdienst` >= 0 ';
if( false !== $personal )
$sql .= ' AND `t1`.`sponsor` != :spuid ';
$sql_params = array(':wart' => $art);
if( false !== $personal )
{
$sql_params[':juid'] = $personal;
$sql_params[':spuid'] = $personal;
}
$result = $this->database->select( $sql, $sql_params );
return ( isset($result[0]) ) ? $result[0] : false;
}
public function adsClickableCount( $art, $uid, $ip )
{
$zeit = time();
$sql = ' COUNT(`t1`.`tan`) AS `uanzahl`, SUM(`t1`.`verdienst`) AS `uverdienst` FROM `'.DB_PREFIX.'_gebuchte_werbung` AS `t1`
LEFT JOIN `'.DB_PREFIX.'_reloads` AS `t2` ON (`t1`.`tan` = `t2`.`tan` AND ( `t2`.`uid` = :ruid OR `t2`.`ip` = :ip ) AND t2.bis >= :zeit )
LEFT JOIN `'.DB_PREFIX.'_fb_blacklist` AS `t3` ON `t3`.`kid` = `t1`.`kid` AND `t3`.`werbeart`=`t1`.`werbeart`
LEFT JOIN `'.DB_PREFIX.'_userblacklist` AS `t4` ON `t4`.`uid` = :buid
WHERE
( `t3`.`kid` IS NULL OR LOCATE(`t3`.`sponsor`, `t1`.`ziel`) = 0) AND
`t2`.`tan` IS NULL AND
`t1`.`werbeart` = :wart AND
`t1`.`reload` >= 100 AND
`t1`.`menge` > 0 AND
`t1`.`status` = 1 AND
`t1`.`verdienst` >= 0 AND
`t1`.`sponsor` != :spuid ';
$sql_params = array(
':ruid' => $uid,
':ip' => $ip,
':zeit' => $zeit,
':buid' => $uid,
':spuid'=> $uid,
':wart' => $art,
);
$result = $this->database->select( $sql, $sql_params );
return ( isset($result[0]) ) ? $result[0] : false;
}
}
......@@ -113,10 +113,10 @@ if ($rally['ende_art'] == 'punkt') {
if ($rally['gewinn_art'] == 'dynamisch') {
echo'Es handelt sich bei der ' . $rallyname . '-Rally um eine Dynamische Rally. <br>
Dies bedeutet der Gewinn pro Rang steigt mit der Aktivit&auml;t der User in der Rally. <br>
Der Gewinn-Topf ist nach oben nicht begrenzt und beträgt aktuell ' . $rally['gewinn_topf'] . ' ' . $waehrung . '. <br> ';
Der Gewinn-Topf ist nach oben nicht begrenzt und beträgt aktuell ' . $rally['gewinn_topf'] . ' ' . $pageconfig['waehrung'] . '. <br> ';
} else {
echo'Es handelt sich bei der ' . $rallyname . '-Rally um eine Statische Rally. <br>
Die gesammte Gewinnsumme bel&auml;uft sich auf ' . $rally['gewinn_topf'] . ' ' . $waehrung . '. <br>';
Die gesammte Gewinnsumme bel&auml;uft sich auf ' . $rally['gewinn_topf'] . ' ' . $pageconfig['waehrung'] . '. <br>';
}
if ($rally['mindestpunktzhl'] > '0') {
......@@ -145,7 +145,7 @@ $gesperrt = explode(',', $rally['sperruser']);
while ($pa = mysqli_fetch_array($platz)) {
if (!in_array($pa['uid'], $gesperrt)) {
if ($rally['gewinner_anzahl'] >= $rp) {
$mg = number_format(($rally['gewinn_topf'] / 100 * $rally['p' . $rp]), 2, ',', '.') . ' ' . $waehrung;
$mg = number_format(($rally['gewinn_topf'] / 100 * $rally['p' . $rp]), 2, ',', '.') . ' ' . $pageconfig['waehrung'];
} else $mg = '---';
if ($pa['punkte'] < $rally['mindestpunktzhl']) $mindestpunkt = '<span style="color:#FF6600;">Nicht erreicht.</span>';
if ($pa['punkte'] >= $rally['mindestpunktzhl']) $mindestpunkt = '<span style="color:#339966;">Erreicht.</span>';
......