.gitignore

 # Ignore any file named foo.txt.
-lib/datenbank.inc.php
\ No newline at end of file
+lib/db_config.php

adcheck.php

+<?php
+if(!isset($_GET['data'])) exit;
+
+require ('lib/datenbank.inc.php');
+require ('lib/functions.lib.php');
+require ('lib/session.lib.php');
+require ('ext/ap/ads.inc.php');
+
+list($art, $tan) = explode('-', $_GET['data']); // yeah sorry ;)
+$art = base64_decode($art);
+$tan = base64_decode($tan);
+
+$kampdaten = $campaigns->getByTanAndType( $tan, $art );
+
+$result_color = 'red';
+
+if( $tan == $_SESSION['current_ad']['tan'] &&
+    $art == $_SESSION['current_ad']['art'] &&
+    true == $_SESSION['current_ad']['paid'] &&
+    false !== $kampdaten
+  )
+{
+    $result_color = 'green';
+}
+
+?><!DOCTYPE html>
+<html>
+    <head>
+        <!-- never is old spec but will be ignored by new browsers //-->
+        <meta name="referrer" content="never">
+        <meta name="referrer" content="no-referrer" />
+        <title>Hinweis</title>
+    </head>
+    <body bgcolor="<?php echo $result_color; ?>">
+
+        <?php if( 'green' == $result_color ) { ?>
+        Diese Anzeige wurde dir mit <?php echo $kampdaten->verdienst .' '. $pageconfig['waehrung']; ?> verg&uuml;tet.
+        <?php } else { ?>
+        Nope, das war nix
+        <?php } ?>
+
+    </body>
+</html><?php
+invalidateAlreadyRunningAd();
+?>

adclick.php

+<?php
+if(!isset($_GET['data'])) exit;
+
+require ('lib/datenbank.inc.php');
+require ('lib/functions.lib.php');
+require ('lib/session.lib.php');
+require ('ext/ap/ads.inc.php');
+
+list($art, $tan) = explode('-', $_GET['data']); // yeah sorry ;)
+$art = base64_decode($art);
+$tan = base64_decode($tan);
+
+$kampdaten = $campaigns->getByTanAndType( $tan, $art );
+// TODO prevent malicious ziel urls
+invalidateAlreadyRunningAd();
+setCurrentRunningAd( $art, $tan );
+?><!DOCTYPE html>
+<html>
+    <head>
+        <!-- never is old spec but will be ignored by new browsers //-->
+        <meta name="referrer" content="never">
+        <meta name="referrer" content="no-referrer" />
+        <meta http-equiv="refresh" content="0; URL=<?php echo $kampdaten->ziel; ?>">
+        <title>Anzeige</title>
+    </head>
+    <body>
+
+      <script>
+        var notified = false;
+        function notify()
+        {
+            if( false == notified )
+            {
+                notified = true;
+                window.opener.postMessage( { 'action': 'adcheck', 'art': '<?php echo $art; ?>', 'tan': '<?php echo $tan; ?>' }, '<?php echo $pageconfig['domain']; ?>');
+            }
+            return true;
+        }
+      </script>
+      <a href="<?php echo $kampdaten->ziel; ?>" rel="noopener noreferrer nofollow" onclick="notify();" >Hier weiter, falls keine automatische Weiterleitung erfolgt.</a>
+    </body>
+</html>

adminforce/content/LKT_addons/LKT_rallysystem2.php

@@ -576,7 +576,7 @@ $gesperrt = explode(',', $ralleydaten['sperruser']);
 while ($pa = mysqli_fetch_array($platz)) {
     if (!in_array($pa['uid'], $gesperrt)) {
         if ($ralleydaten['gewinner_anzahl'] >= $rp) {
-            $mg = number_format(($ralleydaten['gewinn_topf'] / 100 * $ralleydaten['p' . $rp]), 2, ',', '.') . ' ' . $waehrung;
+            $mg = number_format(($ralleydaten['gewinn_topf'] / 100 * $ralleydaten['p' . $rp]), 2, ',', '.') . ' ' . $pageconfig['waehrung'];
         } else $mg = '---';
         if ($pa['punkte'] < $ralleydaten['mindestpunktzhl']) $mindestpunkt = '<span style="color:#FF6600;">Nicht erreicht.</span>';
         if ($pa['punkte'] >= $ralleydaten['mindestpunktzhl']) $mindestpunkt = '<span style="color:#339966;">Erreicht.</span>';
@@ -591,7 +591,7 @@ while ($pa = mysqli_fetch_array($platz)) {
 }
 
 for($x = $rp;$x < 11;$x++) {
-    $mg = number_format($rally['p' . $rp], 2, ',', '.') . ' ' . $waehrung;
+    $mg = number_format($rally['p' . $rp], 2, ',', '.') . ' ' . $pageconfig['waehrung'];
     $row = ($rp % 2 == 0) ? 0 : 1;
     if ($x > $rally['plaetze']) $mg = '---';
     ?>
@@ -614,4 +614,4 @@ for($x = $rp;$x < 11;$x++) {
 <input type="Submit" name="reset" value="Reseten"><input type="Submit" name="auswert" value="Auswerten">
 </div>
 </form>
-<?php foot();
\ No newline at end of file
+<?php foot();

adminforce/content/interfacebanner/admin.php

 <?php head("Admin ForcedBanner");
 
-if (!isset($_GET['tan'])) $_GET['tan'] = '';
 if (!isset($_GET['loeschen'])) $_GET['loeschen'] = '';
 
-if ($_GET['loeschen'] == 'true' && $_GET['tan']) {
-    db_query("DELETE FROM " . $db_prefix . "_gebuchte_werbung WHERE tan='" . $_GET['tan'] . "' and sponsor='administrator' LIMIT 1");
+if ($_GET['loeschen'] == 'true' && isset($_GET['id']) )
+{
+    echo $campaigns->delete( array( 'id' => $_GET['id'] ) ) .' Banner gel&ouml;scht';
 }
 
-$forcedbanner = db_query("SELECT * FROM " . $db_prefix . "_gebuchte_werbung WHERE sponsor='administrator' and werbeart = 'forcedbanner' and status = '1' ORDER BY kid ASC");
-while ($anzeigen = mysqli_fetch_array($forcedbanner)) {
+$forcedbanner = $campaigns->getAll( 'forcedbanner', 1, 'administrator');
+foreach($forcedbanner['data'] as $anzeigen)
+{
+
     echo '
 
 <table width="100%" cellpadding="0" cellspacing="1" border="0" bgcolor="#c0c0c0">
 <tr bgcolor="#f0f0f0">
-    <td align="center" width="50%"><b>TAN:</b>&nbsp;' . $anzeigen['tan'] . '</td>
-    <td align="center" width="50%"><b>Vergütung:</b>&nbsp;' . number_format($anzeigen['verdienst'], 2, ",", ".") . '</td>
+    <td align="center" width="50%"><b>TAN:</b>&nbsp;' . $anzeigen->tan . '</td>
+    <td align="center" width="50%"><b>Verg&uuml;tung:</b>&nbsp;' . number_format($anzeigen->verdienst, 2, ",", ".") . '</td>
 </tr>
 <tr bgcolor="#f0f0f0">
-    <td align="left" colspan="2"><br><b>Ziel:</b> <a href="' . $anzeigen['ziel'] . '">' . $anzeigen['ziel'] . '</a> <br><b>Banner:</b> <a href="' . $anzeigen['banner'] . '">' . $anzeigen['banner'] . '</a><br><br></td>
+    <td align="left" colspan="2"><br><b>Ziel:</b> <a href="' . $anzeigen->ziel . '">' . $anzeigen->ziel . '</a> <br><b>Banner:</b> <a href="' . $anzeigen->banner . '">' . $anzeigen->banner . '</a><br><br></td>
 </tr>
 <tr bgcolor="#f0f0f0">
-    <td align="center" width="50%"><b>Reload:</b>&nbsp;' . $anzeigen['reload'] / 3600 . 'h  <b>Rest:</b>&nbsp;' . number_format($anzeigen['menge'], 0, ",", ".") . ' Klicks</td>
-    <td align="center" width="50%"><a href="?content=/interfacebanner/admin&amp;loeschen=true&amp;tan=' . $anzeigen['tan'] . '" target="_self">Löschen</a></td>
+    <td align="center" width="50%"><b>Reload:</b>&nbsp;' . $anzeigen->reload / 3600 . 'h  <b>Rest:</b>&nbsp;' . number_format($anzeigen->menge, 0, ",", ".") . ' Klicks</td>
+    <td align="center" width="50%"><a href="?content=/interfacebanner/admin&amp;loeschen=true&amp;id=' . $anzeigen->id . '" target="_self">Löschen</a></td>
 </tr>
 </table>
 <br>
@@ -30,5 +32,3 @@ while ($anzeigen = mysqli_fetch_array($forcedbanner)) {
 
 foot();
 ?>
-
-

adminforce/content/interfacebanner/blacklist.php

 <?php head("ForcedBanner Blacklist");
 
-if (!isset($_GET['kid'])) $_GET['kid'] = '';
+if (!isset($_GET['id'])) $_GET['id'] = false;
 if (!isset($_GET['loeschen'])) $_GET['loeschen'] = '';
 if (!isset($_GET['blacklist'])) $_GET['blacklist'] = '';
 
-if ($_GET['loeschen'] == 'true' && $_GET['kid']) {
-    db_query("DELETE FROM " . $db_prefix . "_gebuchte_werbung WHERE kid='" . $_GET['kid'] . "' and status = '2' and sponsor='" . $_GET['sponsor'] . "' LIMIT 1");
+if ($_GET['loeschen'] == 'true' && $_GET['id'])
+{
+    $campaigns->delete( array( 'id' => $_GET['id'] ) );
 }
-if ($_GET['blacklist'] == 'true' && $_GET['kid']) {
-    db_query("UPDATE " . $db_prefix . "_gebuchte_werbung SET status = '1' WHERE kid='" . $_GET['kid'] . "' and sponsor='" . $_GET['sponsor'] . "'  LIMIT 1");
+if ($_GET['blacklist'] == 'true' && $_GET['id'])
+{
+    $campaigns->update( array( 'status' => 1 ), array( 'id' => $_GET['id'] ) );
 }
 
-$forcedbanner = db_query("SELECT * FROM " . $db_prefix . "_gebuchte_werbung WHERE werbeart = 'forcedbanner' and status = '2' ORDER BY kid ASC");
-while ($anzeigen = mysqli_fetch_array($forcedbanner)) {
+$forcedbanner = $campaigns->getAll( 'forcedbanner', 2);
+foreach( $forcedbanner['data'] as $anzeigen)
+{
     echo '
 <table width="100%" cellpadding="0" cellspacing="1" border="0" bgcolor="#c0c0c0">
 <tr bgcolor="#f0f0f0">
-<td align="center" width="50%">TAN:&nbsp;' . $anzeigen['tan'] . '<br>KID:&nbsp;' . $anzeigen['kid'] . ' (' . $anzeigen['sponsor'] . ')</td>
-<td align="center" width="50%">Bet:&nbsp;' . number_format($anzeigen['preis'], 2, ",", ".") . ' / User:&nbsp;' . number_format($anzeigen['verdienst'], 2, ",", ".") . '</td>
+<td align="center" width="50%">TAN:&nbsp;' . $anzeigen->tan . '<br>KID:&nbsp;' . $anzeigen->kid . ' (' . $anzeigen->sponsor . ')</td>
+<td align="center" width="50%">Bet:&nbsp;' . number_format($anzeigen->preis, 2, ",", ".") . ' / User:&nbsp;' . number_format($anzeigen->verdienst, 2, ",", ".") . '</td>
 </tr>
 <tr bgcolor="#f0f0f0">
-<td align="center" colspan="2"><a href="' . $anzeigen['ziel'] . '" target="_blank"><img alt="Sponsorenbanner" src="' . $anzeigen['banner'] . '" border="0" width="468" height="60"></a></td>
+<td align="center" colspan="2"><a href="' . $anzeigen->ziel . '" target="_blank"><img alt="Sponsorenbanner" src="' . $anzeigen->banner . '" border="0" width="468" height="60"></a></td>
 </tr>
 <tr bgcolor="#f0f0f0">
-<td align="center" width="50%">Reload:&nbsp;' . $anzeigen['reload'] / 3600 . ' Std. / Rest:&nbsp;' . number_format($anzeigen['menge'], 0, ",", ".") . '</td>
-<td align="center" width="50%"><a href="?content=/interfacebanner/blacklist&amp;sponsor=' . $anzeigen['sponsor'] . '&amp;loeschen=true&amp;kid=' . $anzeigen['kid'] . '" target="_self">Löschen</a>  <a href="?content=/interfacebanner/blacklist&amp;sponsor=' . $anzeigen['sponsor'] . '&amp;blacklist=true&amp;kid=' . $anzeigen['kid'] . '" target="_self">Löschen-Blacklist</a></td>
+<td align="center" width="50%">Reload:&nbsp;' . $anzeigen->reload / 3600 . ' Std. / Rest:&nbsp;' . number_format($anzeigen->menge, 0, ",", ".") . '</td>
+<td align="center" width="50%"><a href="?content=/interfacebanner/blacklist&amp;sponsor=' . $anzeigen->sponsor . '&amp;loeschen=true&amp;id=' . $anzeigen->id . '" target="_self">L&ouml;schen</a>  <a href="?content=/interfacebanner/blacklist&amp;sponsor=' . $anzeigen->sponsor . '&amp;blacklist=true&amp;id=' . $anzeigen->id . '" target="_self">Freischalten</a></td>
 </tr>
 </table>
 <br>
@@ -33,4 +36,3 @@ while ($anzeigen = mysqli_fetch_array($forcedbanner)) {
 
 foot();
 ?>
-

adminforce/content/usersystem/user_include/buchungen.php

@@ -45,7 +45,7 @@ define("NAV_LEISTE","6");
 	<tr>
 		<th>Zeit</th>
 		<th>Buchung</th>
-		<th><?php echo $waehrung;?></th>
+		<th><?php echo $pageconfig['waehrung'];?></th>
 		<th>Verwendungszweck</th>
 		<th>TAN</th>
 		<th>Kontobuchung erfolgreich</th>
@@ -53,4 +53,4 @@ define("NAV_LEISTE","6");
 	<?php echo $buchungen;?>
 </table>
 
-<?php echo $nav_minus;?>
\ No newline at end of file
+<?php echo $nav_minus;?>

adminforce/content/usersystem/user_include/konto.php

@@ -4,7 +4,7 @@
 <table class="table table-striped">
 	<tr>
 		<td><b>Kontostand</b>:</td>
-		<td><?php echo number_format($alledaten['kontostand'],2,",",".").' '.$waehrung;?></td>
+		<td><?php echo number_format($alledaten['kontostand'],2,",",".").' '.$pageconfig['waehrung'];?></td>
 	</tr>
 	<tr>
 		<td><br /><b>Summe</b>:</td>
@@ -22,4 +22,4 @@
 <div class="text-center">
 	<input type="submit" name="finanze" class="btn btn-default" value="&raquo; Buchen" />
 </div>
-</form>
\ No newline at end of file
+</form>

adminforce/content/usersystem/user_include/statistik.php

@@ -22,11 +22,11 @@
 	<tr bgcolor="#ededed">
 		<td>&nbsp;<b>ForcedKlicks</b>:</td>
 		<td width=50 align="right"><?php echo $alledaten['klicks'];?>&nbsp;</td>
-		<td align="right"><?php echo number_format ($alledaten['kv'], 2, ',', '.').' '.$waehrung;?>&nbsp;</td>
+		<td align="right"><?php echo number_format ($alledaten['kv'], 2, ',', '.').' '.$pageconfig['waehrung'];?>&nbsp;</td>
 	</tr>
 	<tr bgcolor="#fafafa">
 		<td>&nbsp;<b>Betteln</b>:</td>
 		<td align="right"><?php echo $alledaten['angebettelt'];?>&nbsp;</td>
-		<td align="right"><?php echo number_format ($alledaten['bv'], 2, ',', '.').' '.$waehrung;?>&nbsp;</td>
+		<td align="right"><?php echo number_format ($alledaten['bv'], 2, ',', '.').' '.$pageconfig['waehrung'];?>&nbsp;</td>
 	</tr>
-</table>
\ No newline at end of file
+</table>

adminforce/content/usersystem/userbearbeiten.php

@@ -25,7 +25,7 @@ $einnahme = $_POST['buchungsmenge'];
 }
 
    bilanz($einnahme,$ausgabe);
-		$nachricht = 'Hallo,'."\n\n".'Es wurde soeben eine Buchung auf dein Userkonto ausgeführt:'."\n\n".$_POST['buchungsart'].' '.number_format($_POST['buchungssumme'], 2, ',', '.').' '.$waehrung.' '.$_POST['buchungstext']."\n\n\n".'Mit freundlichen Grüßen, dein '.$seitenname.'-Team';
+		$nachricht = 'Hallo,'."\n\n".'Es wurde soeben eine Buchung auf dein Userkonto ausgeführt:'."\n\n".$_POST['buchungsart'].' '.number_format($_POST['buchungssumme'], 2, ',', '.').' '.$pageconfig['waehrung'].' '.$_POST['buchungstext']."\n\n\n".'Mit freundlichen Grüßen, dein '.$seitenname.'-Team';
 		if (isset ($_POST['send_mail']) && $_POST['send_mail'] == 'ja') usermail ($_POST['email'],$seitenname.' Kontobuchung', $nachricht, '"'.$seitenname.'" <'.$betreibermail.'>');
 	}
 }
@@ -109,4 +109,4 @@ $alledaten = userinfo($_GET['uid']);
 	</div>
 </div>
 
-<?php  foot(); ?>
\ No newline at end of file
+<?php  foot(); ?>

adminforce/content/werbesystem/forcedbanner_468.php

@@ -15,13 +15,25 @@ if ($_POST['buchen'] == 'Jetzt Buchen') {
     if (!is_numeric($_POST['menge'])) $buchungsfehler .= 'Bei Menge nur Zahlen!<br>';
     if (!$_POST['banner_url'] or !$_POST['menge'] or !$_POST['ziel'] or !$_POST['reload']) $buchungsfehler .= 'Bitte alle Felder ausfüllen!<br>';
     if ($_POST['reload'] < 1 or $_POST['reload'] > 24 or !is_numeric($_POST['reload'])) $buchungsfehler .= 'Bei Reloadzeit nur Zahlen und zwischen 1 und 24 Stunden!<br>';
-    if ($_POST['aufendhalt'] < 0 or $_POST['aufendhalt'] > 30 or !is_numeric($_POST['aufendhalt'])) $buchungsfehler .= 'Bei dem Aufendhalt nur Zahlen und zwischen 0 und 30 Sekunden!<br>';
-    if ($_POST['aufendhalt'] > 30 or $_POST['aufendhalt'] < 0 or !is_numeric($_POST['aufendhalt'])) $buchungsfehler .= 'Aufendhalt nur Zahlen und zwischen 1 und 30 Sek.!<br>';
+    if ($_POST['aufendhalt'] < 0 or !is_numeric($_POST['aufendhalt'])) $buchungsfehler .= 'Aufenthalt nur Zahlen und mindestens 1 Sek.!<br>';
     // Buchung durchführen
     if (!$buchungsfehler) {
         $buchungs_id = create_code(32);
         $reload = $_POST['reload'] * 60 * 60;
-        db_query("INSERT INTO " . $db_prefix . "_gebuchte_werbung  (tan,ziel,banner,aufendhalt,menge,preis,verdienst,werbeart,status,reload,sponsor) VALUES ('" . $buchungs_id . "','" . $_POST['ziel'] . "','" . $_POST['banner_url'] . "','" . $_POST['aufendhalt'] . "','" . $_POST['menge'] . "','0','" . $_POST['verdienst'] . "','forcedbanner','1','" . $reload . "','administrator')");
+        $data = array(
+                       'tan'        => $buchungs_id,
+                       'ziel'       => $_POST['ziel'],
+                       'banner'     => $_POST['banner_url'], 
+                       'aufendhalt' => $_POST['aufendhalt'],
+                       'menge'      => $_POST['menge'],
+                       'preis'      => 0,
+                       'verdienst'  => $_POST['verdienst'],
+                       'werbeart'   => 'forcedbanner',
+                       'status'     => 1,
+                       'reload'     => $reload,
+                       'sponsor'    => 'administrator',
+                );
+        $campaigns->insert( $data );
         $buchung = 'true';
     }
 }
@@ -63,11 +75,11 @@ head("Formular Forcedbanner 468*60");
     </tr>
     <tr>
         <td>Aufendhalt (Sekunden)</td>
-        <td><input type="Text" name="aufendhalt" value="' . $_POST['aufendhalt'] . '" style="width:40px" maxlength="2"> max. 30</td>
+        <td><input type="Text" name="aufendhalt" value="' . $_POST['aufendhalt'] . '" style="width:40px" maxlength="2"></td>
     </tr>
     <tr>
         <td align="center" valign="middle" colspan="2"><input type="Submit" name="buchen" value="Jetzt Buchen"></td>
     </tr>
     </table>
     </form>';
-foot();
\ No newline at end of file
+foot();

adminforce/content/werbesystem/paidmail.php

@@ -31,8 +31,8 @@ WHERE (e.freigabe_fuer = '3' or e.freigabe_fuer = '2') AND k.status=1 ORDER BY R
     while ($versendet = mysqli_fetch_array($senden)) {
         db_query("INSERT INTO " . $db_prefix . "_paidmails_empfaenger (uid,gueltig,tan,status,aufendhalt) VALUES ('" . $versendet['uid'] . "','" . $bis . "','" . $tan . "','0','" . $_POST['aufendhalt'] . "')");
         $message = 'Hallo,
-		dieses ist eine neue ' . $seitenname . ' Paidmail, für dessen Bestätigung
-		Du ' . $_POST['verdienst'] . ' ' . $waehrung . ' für ' . $_POST['aufendhalt'] . ' Sek. aufenthalt erhälst!
+		dieses ist eine neue ' . $pageconfig['seitenname'] . ' Paidmail, für dessen Bestätigung
+		Du ' . $_POST['verdienst'] . ' ' . $pageconfig['waehrung'] . ' für ' . $_POST['aufendhalt'] . ' Sek. aufenthalt erhälst!
 		Diese Paidmail ist gültig bis ' . date("d.m.Y - H:i:s", $bis) . '
 
 ' . $_POST['beschreibung'] . '
@@ -40,17 +40,17 @@ WHERE (e.freigabe_fuer = '3' or e.freigabe_fuer = '2') AND k.status=1 ORDER BY R
 ' . $_POST['mailtext'] . '
 --------------------------------------------------------------------
 
-Die Betreiber von ' . $seitenname . ' distanzieren sich vom Inhalt dieser Mail!
+Die Betreiber von ' . $pageconfig['seitenname'] . ' distanzieren sich vom Inhalt dieser Mail!
 
 Diese Mail ist kein Spam da der Empfänger als Mitglied von
-' . $seitenname . ' dem Empfang zugestimmt hat.
+' . $pageconfig['seitenname'] . ' dem Empfang zugestimmt hat.
 
 Bestätigungslink:
-' . $domain . '/pclick.php?tan=' . $tan . '&uid=' . $versendet["uid"] . '
+' . $pageconfig['domain'] . '/pclick.php?tan=' . $tan . '&uid=' . $versendet["uid"] . '
 
 Mit freundlichen Grüßen
-Das ' . $seitenname . ' Team';
-        usermail($versendet['emailadresse'], 'Neue ' . $seitenname . ' Paidmail', $message, '"' . $seitenname . '" <' . $betreibermail . '>') or die('Versandfehler');
+Das ' . $pageconfig['seitenname'] . ' Team';
+        usermail($versendet['emailadresse'], 'Neue ' . $pageconfig['seitenname'] . ' Paidmail', $message, '"' . $pageconfig['seitenname'] . '" <' . $betreibermail . '>') or die('Versandfehler');
     }
     $msg_send = '<b><div align="center"><font color="#800000">Diese Paidmail wurd an ' . $_POST['menge'] . ' User versendet</font></div></b>';
 }
@@ -94,4 +94,4 @@ echo '
     </form>
     ' . $msg_send;
 
-foot();
\ No newline at end of file
+foot();

adminforce/frametest.php

-<?php
-if (!isset($_GET['frame'])) $_GET['frame'] = false;
-if (!isset($_GET['testen'])) $_GET['testen'] = true;
-if (!isset($_GET['tan'])) $_GET['tan'] = "";
-
-if ($_GET['testen'] == 'true') {
-    if ($_GET['frame'] == 'true') {
-        echo 'Dies ist der Testframe';
-    } else {
-        @require_once ('../lib/functions.lib.php');
-        @db_connect();
-        if (!isset($_GET['art'])) $_GET['art'] = "";
-        if (!isset($forced['tan'])) $forced['tan'] = "";
-        if (!isset($forced['ziel'])) $forced['ziel'] = "";
-        // SecVMS change begin
-        $_GET['tan'] = addslashes ($_GET['tan']);
-        // SecVMS change end
-        $forced = mysql_fetch_assoc(db_query("SELECT ziel FROM " . $db_prefix . "_gebuchte_werbung WHERE tan='" . $_GET['tan'] . "' LIMIT 1"));
-        if ($forced) {
-            $ziel = $forced['ziel'];
-        } else {
-            $ziel = urldecode($_GET['url']);
-        }
-        echo '
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-<html>
-<head>
-	<title>Framekiller-Test by ' . $seitenname . '</title>
-</head>
-
-<frameset rows="75,*" border="0">
-<frame src="frametest.php?testen=true&frame=true" name="abuse" frameborder="0" scrolling="no" marginheight="10">
-<frame name="werbung" src="' . $ziel . '" scrolling="auto" frameborder="0" marginheight="10">
-<noscript>Bei dir ist kein Javascript aktiviert!</noscript>
-</frameset><noframes></noframes><noframes>Bei dir sind keine Frames aktiviert!</noframes>
-</body>
-</html>';
-        db_close();
-    }
-} else {
-    echo 'Javascript Test! Bitte warte einen Moment!
-    <script type="text/javascript">
-    <!--
-    document.location = "frametest.php?url=' . $_GET['url'] . '&testen=true&tan=' . $_GET['tan'] . '";
-    //-->
-    </script>';
-}
\ No newline at end of file

adminforce/index.php

@@ -9,16 +9,17 @@
         if ($_GET['content'] {0} != '/') $_GET['content'] = '/' . $_GET['content'];
     }
 if (!ini_get('display_errors')) {
-    ini_set('display_errors', '0');
+    ini_set('display_errors', '1');
 }
 
 
     if (!isset($_GET['content']) || empty ($_GET['content'])) $_GET['content'] = '/startseite';
     if (!file_exists('content' . $_GET['content'] . '.php')) $_GET['content'] = '/error/keine_seite';
 
-	require ('../lib/datenbank.inc.php');
+	  require ('../lib/datenbank.inc.php');
     require ('../lib/functions.lib.php');
     session_start();
+    $pageconfig = mysqli_fetch_array(db_query("SELECT * FROM " . $db_prefix . "_seitenkonfig LIMIT 1"));
     require ('lib/layout.lib.php');
     require ( '../lib/extras.lib.php' );
     require ('../lib/extra/mail.php');
@@ -45,9 +46,7 @@ if (!ini_get('display_errors')) {
 		}
     }
 
-?>
-
-<!DOCTYPE html>
+?><!DOCTYPE html>
 <html lang='de'>
     <head>
         <title>..:: Adminforce ::..</title>
@@ -83,7 +82,7 @@ if (!ini_get('display_errors')) {
 					<span class="icon-bar"></span>
 					<span class="icon-bar"></span>
 				</button>
-				<a class="navbar-brand" href="<?php echo $domain.'/adminforce';?>">..:: Adminforce ::..</a>
+				<a class="navbar-brand" href="<?php echo $pageconfig['domain'].'/adminforce';?>">..:: Adminforce ::..</a>
 			</div>
 			<div id="navbar" class="navbar-collapse collapse">
 			<?php if(isset($_SESSION['admin']) && $_SESSION['admin'] == 1){?>
@@ -104,7 +103,7 @@ if (!ini_get('display_errors')) {
 	<div class="container-fluid">
 		<div class="row">
 			<div class="col-sm-3 col-md-2 sidebar">
-				<?php if($_SESSION['admin'] == 1) require_once('lib/menue_links.php');?>	
+				<?php if(isset($_SESSION['admin']) && $_SESSION['admin'] == 1) require_once('lib/menue_links.php');?>	
 			</div>
 			<div class="col-sm-9 col-sm-offset-3 col-md-10 col-md-offset-2 main">
 				<div class="jumbotron">
@@ -144,15 +143,16 @@ if (!ini_get('display_errors')) {
 					</div>
 					<?php	
 					}
-					if($_SESSION['admin'] == 1) {
-						if(file_exists('../install')){
-							echo '<div class="alert alert-danger text-center">Du musst den Ordner install noch l&ouml;schen</div>';
-						}
-						require_once('content'.$_GET['content'].'.php');
+					if( isset($_SESSION['admin']) && $_SESSION['admin'] == 1 )
+          {
+					    if(file_exists('../install')){
+							    echo '<div class="alert alert-danger text-center">Du musst den Ordner install noch l&ouml;schen</div>';
+						  }
+						  require_once('content'.$_GET['content'].'.php');
 					}else{
 						echo '
 							<form  method="post">
-									<input type="Text" name="loginname" value="'.$_POST['loginname'].'" placeholder="Username">
+									<input type="Text" name="loginname" value="" placeholder="Username">
 									<input type="Password" name="passwort" value="" placeholder="Passwort">
 									<button type="submit" name="check" value="Login">Login</button>
 								</form>

adminforce/lib/funktionen/db_backup/wiederherstellen.php

@@ -10,8 +10,8 @@ $qres = db_query("SHOW TABLES") or die(mysqli_error($sql_open));
 while (list($tabelle) = mysqli_fetch_row($qres)){
 	db_query("DROP TABLE IF EXISTS ". $tabelle);
 }
-
-$command='mysql -h' .$db_host .' -u' .$db_user .' -p' .$db_pass .' ' .$db_base .' < backup/' .$_POST['datei'];
+// DB_PASS on cli ... happy person watching process list
+$command='mysql -h' .DB_HOST .' -u' .DB_USER .' -p' .DB_PASS .' ' . DB_BASE .' < backup/' .$_POST['datei'];
 exec($command,$output=array(),$worked);
 $meldung = meldung(0,'Die Daten aus der Datei <b>' .$_POST['datei'] .'</b> wurden erfolgreich eingespielt in der Datenbank <b>' .$_POST['datei'] .'</b>');
 
@@ -21,4 +21,4 @@ if (is_writable('backup/' .$_POST['datei'])) {
 	$fp = versch($fp);
 	file_put_contents('backup/' .$_POST['datei'], $fp);
 }
-?>
\ No newline at end of file
+?>

class/campaigns.php

+<?php
+
+class Campaigns
+{
+
+    private $database;
+
+    const FIELDS_gebuchte_werbung = ' `t1`.`id`, `t1`.`uid`, `t1`.`tan`, `t1`.`kid`, `t1`.`ziel`, `t1`.`banner`,
+                                      `t1`.`verdienst`, `t1`.`preis`, `t1`.`aufendhalt`, `t1`.`menge`, `t1`.`reload`,
+                                      `t1`.`sponsor`, `t1`.`werbeart`, `t1`.`status` ';
+
+    public function __construct( $database )
+    {
+        $this->database = $database;
+    }
+
+    public function decreaseAvailCountById( $id, $value = 1 )
+    {
+        $sql = 'UPDATE `'. DB_PREFIX . '_gebuchte_werbung` SET `menge` = GREATEST(0, `menge` - :value ) WHERE `id`= :id';
+        $sql_params = array(
+                           ':id' => $id,
+                           ':value' => $value
+                      );
+        return $this->database->sqlUpdate($sql, $sql_params);
+    }
+
+    public function getIsClickableByTanAndType( $tan, $type, $ip, $uid, $zeit )
+    {
+        $sql = self::FIELDS_gebuchte_werbung .'
+               FROM `'. DB_PREFIX .'_gebuchte_werbung` AS `t1`
+               LEFT JOIN `'. DB_PREFIX .'_reloads` AS `t2` ON 
+                   (
+                     `t1`.`tan` = `t2`.`tan`  AND
+                     (
+                        `t2`.`uid` = :t2uid OR
+                        `t2`.`ip` = :t2ip
+                     ) AND
+                     `t2`.`bis` > :t2bis
+                   )
+               WHERE
+              `t1`.`tan` = :t1tan AND
+              `t2`.`tan` IS NULL AND
+              `t1`.`werbeart` = :t1type AND
+              `t1`.`menge` >= 1 AND
+              `t1`.`status` = 1 AND
+              `t1`.`sponsor` != :t1uid
+              LIMIT 1';
+
+        $sql_params = array(
+                           ':t2uid'  => $uid,
+                           ':t2ip'   => $ip,
+                           ':t2bis'  => $zeit,
+                           ':t1tan'  => $tan,
+                           ':t1type' => $type,
+                           ':t1uid'  => $uid,
+                     );
+        $result = $this->database->select( $sql, $sql_params );
+        return ( isset($result[0]) ) ? $result[0] : false;
+
+    }
+
+    public function getByTanAndType( $tan, $type, $status = false )
+    {
+        $where_status = ( false !== $status ) ? ' AND `status` = :status ' : '';
+
+        $sql = self::FIELDS_gebuchte_werbung .' FROM `'.DB_PREFIX.'_gebuchte_werbung` AS `t1` WHERE `tan` = :tan AND `werbeart` = :type '.$where_status.' LIMIT 1';
+        $sql_params = array(
+                           ':tan'     => $tan,
+                           ':type'    => $type,
+                      );
+        if( false !== $status )
+        {
+            $sql_params[':status'] = $status;
+        }
+
+        $result = $this->database->select($sql, $sql_params);
+        return ( isset($result[0]) ) ? $result[0] : false;
+    }
+
+    public function getNewAdData( $art, $uid, $ip, $limit = 3 )
+    {
+        $zeit = time();
+        $result = array('count' => 0, 'data' => array() );
+        $num_limit = (int)$limit;
+
+        $sql = self::FIELDS_gebuchte_werbung .' 
+                    FROM `' . DB_PREFIX . '_gebuchte_werbung` AS `t1`
+                    LEFT JOIN `' . DB_PREFIX . '_reloads` AS `t2` ON (`t1`.`tan` = `t2`.`tan` AND ( `t2`.`uid` = :ruid OR `t2`.`ip` = :ip ) AND t2.bis >= :zeit)
+                    LEFT JOIN `' . DB_PREFIX . '_fb_blacklist` AS `t3` ON `t3`.`kid` = `t1`.`kid` AND `t3`.`werbeart`=`t1`.`werbeart`
+                    LEFT JOIN `' . DB_PREFIX . '_userblacklist` AS `t4` ON `t4`.`uid` = :ubuid
+                    WHERE
+                    (`t3`.`kid` IS NULL OR LOCATE(`t3`.`sponsor`, `t1`.`ziel`) = 0) AND 
+                    `t2`.`tan` IS NULL AND
+                    `t1`.`werbeart` = :wart AND
+                    `t1`.`menge` > 0 AND
+                    `t1`.`status` = 1 AND
+                    `t1`.`verdienst` > 0 AND
+                    `t1`.`sponsor` != :spuid
+                    ORDER BY `t1`.`verdienst` DESC LIMIT '.$num_limit;
+
+        $sql_params = array(
+                            ':ruid' => $uid,
+                            ':ip'   => $ip,
+                            ':zeit' => $zeit,
+                            ':ubuid'=> $uid,
+                            ':wart' => $art,
+                            ':spuid'=> $uid,
+                     );
+
+        $result['data']  = $this->database->select($sql, $sql_params);
+        $result['count'] = count($result['data']);
+
+        return $result;
+    }
+
+    public function getAll( $art, $status = false, $sponsor = false, $limit = false, $start = false)
+    {
+        $result = array('count' => 0, 'data' => array() );
+        $sql_params = array();
+
+        $sql = self::FIELDS_gebuchte_werbung .' FROM `' . DB_PREFIX . '_gebuchte_werbung` AS `t1`
+                WHERE';
+
+        if( false !== $sponsor )
+        {
+            $sql .= '`t1`.`sponsor` = :sponsor AND ';
+            $sql_params[':sponsor'] = $sponsor;
+        }
+
+        if( false !== $status )
+        {
+            $sql .= '`t1`.`status` = :status AND ';
+            $sql_params[':status'] = $status;
+        }
+
+        $sql .= '`t1`.`werbeart` = :wart
+                  ORDER BY kid ASC ';
+
+        $sql_params[':wart']  = $art;
+
+        $result['data']  = $this->database->select($sql, $sql_params);
+        $result['count'] = count($result['data']);
+
+        return $result;
+    }
+
+    public function delete( $where )
+    {
+        return $this->database->delete( '`' . DB_PREFIX . '_gebuchte_werbung`' , $where );
+    }
+
+    public function update( $data, $where )
+    {
+        return $this->database->update( '`' . DB_PREFIX . '_gebuchte_werbung`' , $data, $where );
+    }
+
+    public function insert( $data )
+    {
+        return $this->database->insert( '`' . DB_PREFIX . '_gebuchte_werbung`' , $data );
+    }
+
+    public function getTimeToFirstOffReloadAd( $art, $uid )
+    {
+        $zeit = time();
+        $retval = NULL;
+
+        $sql = ' `r`.`bis` FROM `'.DB_PREFIX.'_reloads` AS `r`
+                         LEFT JOIN `'.DB_PREFIX.'_gebuchte_werbung` AS `ad` ON (`ad`.`tan` = `r`.`tan` AND `ad`.`status` = 1 AND `ad`.`werbeart` = :wart AND `ad`.`sponsor` != :spuid)
+                         WHERE
+                         `r`.`uid` = :ruid  AND `ad`.`tan` IS NOT NULL  AND `r`.`bis` > :zeit
+                         ORDER BY `r`.`bis` ASC LIMIT 1';
+        $sql_params = array(
+                            ':wart'  => $art,
+                            ':spuid' => $uid,
+                            ':ruid'  => $uid,
+                            ':zeit'  => $zeit,
+                      );
+        $result = $this->database->select($sql, $sql_params);
+        if( isset($result[0]) )
+        {
+            $res    = $result[0];
+            $retval = (($res->bis - $zeit ) >= 0)  ?  ($res->bis - $zeit) : NULL;
+        }
+
+        return $retval;
+
+    }
+}

class/database.php

+<?php
+// https://raw.githubusercontent.com/daveismyname/pdo-wrapper/master/database.php
+
+require_once( __DIR__ .'/databaseTable.php' );
+
+class DaveDatabase extends PDO
+{
+    /**
+     * @var array Array of saved databases for reusing
+     */
+    protected static $instances = array();
+
+    /**
+     * Static method get
+     *
+     * @param  array $group
+     * @return \helpers\database
+     */
+    public static function get($group = false)
+    {
+        // Determining if exists or it's not empty, then use default group defined in config
+        $group = !$group ? array (
+            'type' => DB_TYPE,
+            'host' => DB_HOST,
+            'name' => DB_NAME,
+            'user' => DB_USER,
+            'pass' => DB_PASS
+        ) : $group;
+
+        // Group information
+        $type = $group['type'];
+        $host = $group['host'];
+        $name = $group['name'];
+        $user = $group['user'];
+        $pass = $group['pass'];
+
+        // ID for database based on the group information
+        $id = "$type.$host.$name.$user.$pass";
+
+        // Checking if the same
+        if (isset(self::$instances[$id])) {
+            return self::$instances[$id];
+        }
+
+        $instance = new Database("$type:host=$host;dbname=$name;charset=utf8", $user, $pass);
+        $instance->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
+        // Setting Database into $instances to avoid duplication
+        self::$instances[$id] = $instance;
+
+        //return the pdo instance
+        return $instance;
+
+    }
+
+    /**
+     * run raw sql queries
+     * @param  string $sql sql command
+     * @return none
+     */
+    public function raw($sql)
+    {
+        $this->query($sql);
+    }
+
+    /**
+     * method for selecting records from a database
+     * @param  string $sql       sql query
+     * @param  array  $array     named params
+     * @param  object $fetchMode
+     * @param  string $class     class name
+     * @return array            returns an array of records
+     */
+    public function select($sql, $array = array(), $fetchMode = PDO::FETCH_OBJ, $class = '')
+    {
+         // Append select if it isn't appended.
+        if (strtolower(substr($sql, 0, 7)) !== 'select ') {
+            $sql = "SELECT " . $sql;
+        }
+
+        $stmt = $this->prepare($sql);
+        foreach ($array as $key => $value) {
+            if (is_int($value)) {
+                $stmt->bindValue("$key", $value, PDO::PARAM_INT);
+            } else {
+                $stmt->bindValue("$key", $value);
+            }
+        }
+
+        $stmt->execute();
+
+        if ($fetchMode === PDO::FETCH_CLASS) {
+            return $stmt->fetchAll($fetchMode, $class);
+        } else {
+            return $stmt->fetchAll($fetchMode);
+        }
+    }
+    
+    /**
+    * Count method
+    * @param  string $table table name
+    * @param  string $column optional
+    */
+    public function count($table, $column= 'id') {
+            $stmt = $this->prepare("SELECT $column FROM $table");
+            $stmt->execute();		      
+            return $stmt->rowCount();
+    }
+
+    /**
+     * insert method
+     * @param  string $table table name
+     * @param  array $data  array of columns and values
+     */
+    public function insert($table, $data)
+    {
+        ksort($data);
+
+        $fieldNames = implode(',', array_keys($data));
+        $fieldValues = ':'.implode(', :', array_keys($data));
+
+        $stmt = $this->prepare("INSERT INTO $table ($fieldNames) VALUES ($fieldValues)");
+
+        foreach ($data as $key => $value) {
+            $stmt->bindValue(":$key", $value);
+        }
+
+        $stmt->execute();
+        return $this->lastInsertId();
+    }
+
+    /**
+     * update method
+     * @param  string $table table name
+     * @param  array $data  array of columns and values
+     * @param  array $where array of columns and values
+     */
+    public function update($table, $data, $where)
+    {
+        ksort($data);
+
+        $fieldDetails = null;
+        foreach ($data as $key => $value) {
+            $fieldDetails .= "$key = :$key,";
+        }
+        $fieldDetails = rtrim($fieldDetails, ',');
+
+        $whereDetails = null;
+        $i = 0;
+        foreach ($where as $key => $value) {
+            if ($i == 0) {
+                $whereDetails .= "$key = :$key";
+            } else {
+                $whereDetails .= " AND $key = :$key";
+            }
+            $i++;
+        }
+        $whereDetails = ltrim($whereDetails, ' AND ');
+
+        $stmt = $this->prepare("UPDATE $table SET $fieldDetails WHERE $whereDetails");
+
+        foreach ($data as $key => $value) {
+            $stmt->bindValue(":$key", $value);
+        }
+
+        foreach ($where as $key => $value) {
+            $stmt->bindValue(":$key", $value);
+        }
+
+        $stmt->execute();
+        return $stmt->rowCount();
+    }
+
+    /**
+     * Delete method
+     * @param  string $table table name
+     * @param  array $data  array of columns and values
+     * @param  array $where array of columns and values
+     * @param  integer $limit limit number of records
+     */
+    public function delete($table, $where, $limit = 1)
+    {
+        ksort($where);
+
+        $whereDetails = null;
+        $i = 0;
+        foreach ($where as $key => $value) {
+            if ($i == 0) {
+                $whereDetails .= "$key = :$key";
+            } else {
+                $whereDetails .= " AND $key = :$key";
+            }
+            $i++;
+        }
+        $whereDetails = ltrim($whereDetails, ' AND ');
+
+        //if limit is a number use a limit on the query
+        if (is_numeric($limit)) {
+            $uselimit = "LIMIT $limit";
+        }
+
+        $stmt = $this->prepare("DELETE FROM $table WHERE $whereDetails $uselimit");
+
+        foreach ($where as $key => $value) {
+            $stmt->bindValue(":$key", $value);
+        }
+
+        $stmt->execute();
+        return $stmt->rowCount();
+    }
+
+    /**
+     * truncate table
+     * @param  string $table table name
+     */
+    public function truncate($table)
+    {
+        return $this->exec("TRUNCATE TABLE $table");
+    }
+}
+
+
+class Database extends DaveDatabase
+{
+    private $table_objects = array();
+
+    public function getTable( $table_name )
+    {
+        if( !isset($this->table_objects[$table_name]) )
+        {
+            $this->loadTableObject( $table_name );
+        }
+        return ( isset($this->table_objects[$table_name]) ) ? $this->table_objects[$table_name] : false;
+    }
+
+    private function loadTableObject( $table_name )
+    {
+        $result = false;
+
+        $filepath = __DIR__ .'/database/'.$table_name.'.ext.php';
+
+        if( !file_exists( $filepath ) )
+        {
+            $this->tryCreateTableDefinition( $table_name );
+        }
+
+        if( file_exists( $filepath ) )
+        {
+            require_once( $filepath );
+            $class_name = 'Table'. $table_name;
+            if( class_exists( $class_name ) )
+            {
+                $this->table_objects[$table_name] = new $class_name();
+                $result = true;
+            }
+        }
+        return $result;
+    }
+
+
+    private function tryCreateTableDefinition( $table_name )
+    {
+        $table_class = new DatabaseTable($this, $table_name);
+        $table_class->getColumnMeta();
+        var_dump($table_class->fields);
+        var_dump($table_class->field_meta);
+        var_dump($table_class->primary_key);
+    }
+
+
+    /*
+    * $db->select("`username` FROM `members` WHERE `memberID` = :id and `email` = :email", array(':id' => 1, ':email' => 'someone@domain.com'));
+    * $db->selectAll("members", "WHERE `memberID` = :id and `email` = :email", array(':id' => 1, ':email' => 'someone@domain.com'));
+    */
+    public function selectAll($sql, $array = array(), $fetchMode = PDO::FETCH_OBJ, $class = '')
+    {
+
+
+    }
+
+
+    /** 
+     * sqlUpdate method
+     * @param  string $sql the query
+     * @param  array $data  array of columns and values
+     */
+    public function sqlUpdate($sql, $array = array())
+    {
+        $stmt = $this->prepare($sql);
+        foreach ($array as $key => $value) {
+            if (is_int($value))
+            {
+                $stmt->bindValue("$key", $value, PDO::PARAM_INT);
+            }
+            else
+            {
+                $stmt->bindValue("$key", $value);
+            }
+        }
+
+        $stmt->execute();
+        return $stmt->rowCount();
+    } 
+
+
+}

class/databaseTable.php

+<?php
+
+class DatabaseTable
+{
+
+    public $fields      = array();
+    public $field_meta  = array();
+    public $primary_key = NULL;
+
+    private $database;
+    private $table_name;
+
+    public function __construct( $database, $table_name )
+    {
+        $this->database   = $database;
+        $this->table_name = $table_name;
+    }
+
+    /**
+    * Will attempt to bind columns with datatypes based on parts of the column type name
+    * Any part of the name below will be picked up and converted unless otherwise sepcified
+    *     Example: 'VARCHAR' columns have 'CHAR' in them, so 'char' => PDO::PARAM_STR will convert
+    * all columns of that type to be bound as PDO::PARAM_STR
+    * If there is no specification for a column type, column will be bound as PDO::PARAM_STR
+    */
+    protected $pdo_bind_types = array(
+                                'char'   => PDO::PARAM_STR,
+                                'int'    => PDO::PARAM_INT,
+                                'bool'   => PDO::PARAM_BOOL,
+                                'date'   => PDO::PARAM_STR,
+                                'time'   => PDO::PARAM_INT,
+                                'text'   => PDO::PARAM_STR,
+                                'blob'   => PDO::PARAM_LOB,
+                                'binary' => PDO::PARAM_LOB
+    );
+
+
+    /**
+    * Parse PDO-produced column type
+    * [internal function]
+    */
+    protected function parseColumnType($col_type)
+    {
+        $col_info = array();
+        $col_parts = explode(" ", $col_type);
+        if( $fparen = strpos($colParts[0], "(") )
+        {
+            $col_info['type']       = substr($col_parts[0], 0, $fparen);
+            $col_info['pdo_type']   = '';
+            $col_info['length']     = str_replace(")", "", substr($col_parts[0], $fparen+1));
+            $col_info['attributes'] = isset($col_parts[1]) ? $col_parts[1] : NULL;
+        }
+        else
+        {
+            $col_info['type'] = $col_parts[0];
+        }
+
+        // PDO Bind types
+        $pdo_type = '';
+        foreach($this->pdo_bind_types as $pKey => $pType)
+        {
+            if(strpos(' '.strtolower($col_info['type']).' ', $pKey))
+            {
+                $col_info['pdo_type'] = $pType;
+                break;
+            }
+            else
+            {
+                $col_info['pdo_type'] = PDO::PARAM_STR;
+            }
+        }
+        return $col_info;
+    }
+
+
+    /**
+    * Automatically get column metadata
+    */
+    protected function getColumnMeta($refresh = false)
+    {
+        if( $refresh )
+        {
+            // Clear any previous column/field info
+            $this->fields      = array();
+            $this->field_meta  = array();
+            $this->primary_key = NULL;
+        }
+
+        // Automatically retrieve column information if column info not specified
+        if( count($this->fields) == 0 || count($this->field_meta) == 0 ) 
+        { 
+            // Fetch all columns and store in $this->fields
+            // TODO prepared statement ...
+            $columns = $this->database->query("SHOW COLUMNS FROM " . $this->table_name, PDO::FETCH_ASSOC);
+            foreach( $columns as $key => $col )
+            {   
+                // Insert into fields array
+                $col_name = $col['Field'];
+                $this->fields[$col_name] = $col;
+                if( $col['Key'] == "PRI" && empty($this->primary_key) )
+                {   
+                    $this->primary_key = $col_name;
+                }   
+
+                // Set field types
+                $col_type = $this->parseColumnType($col['Type']);
+                $this->field_meta[$col_name] = $col_type;
+            }   
+        }   
+        return true;
+    }
+
+
+}

class/stats.php

+<?php
+
+class Stats
+{
+
+    private $database;
+
+
+    public function __construct( $database )
+    {
+        $this->database = $database;
+    }
+
+    public function adsTotalsCount( $art, $personal = false )
+    {
+        $sql = ' COUNT(`t1`.`tan`) AS `ganzahl`, SUM(`t1`.`verdienst`) AS `gverdienst`, SUM(`t1`.`aufendhalt`) AS `gaufenthalt`,
+                 SUM(`t1`.`menge` * `t1`.`verdienst`) AS `totalvalue`,
+                 SUM(`t1`.`menge`) AS `totalclicks`
+                 FROM `'.DB_PREFIX.'_gebuchte_werbung` AS `t1` ';
+
+        if( false !== $personal )
+            $sql .= ' LEFT JOIN `'.DB_PREFIX.'_userblacklist` `t4` ON `t4`.`uid` = :juid ';
+
+        // TODO fix join on blacklist, kid only works with sponsor, going to use id anyway... 
+        $sql .= ' LEFT JOIN `'.DB_PREFIX.'_fb_blacklist` AS `t3` ON `t3`.`kid` = `t1`.`kid` AND `t3`.`werbeart`=`t1`.`werbeart`
+                  WHERE
+                  (`t3`.`kid` IS NULL OR LOCATE(`t3`.`sponsor`, `t1`.`ziel`) = 0) AND
+                  `t1`.`werbeart` = :wart AND
+                  `t1`.`reload` >= 100 AND
+                  `t1`.`menge` > 0 AND
+                  `t1`.`status` = 1 AND
+                  `t1`.`verdienst` >= 0 ';
+        if( false !== $personal )
+            $sql .= ' AND `t1`.`sponsor` != :spuid ';
+
+        $sql_params = array(':wart' => $art);
+        if( false !== $personal )
+        {
+            $sql_params[':juid']  = $personal;
+            $sql_params[':spuid'] = $personal;
+        }
+
+        $result = $this->database->select( $sql, $sql_params );
+        return ( isset($result[0]) ) ? $result[0] : false;
+    }
+
+    public function adsClickableCount( $art, $uid, $ip )
+    {
+        $zeit = time();
+        $sql = ' COUNT(`t1`.`tan`) AS `uanzahl`, SUM(`t1`.`verdienst`) AS `uverdienst` FROM `'.DB_PREFIX.'_gebuchte_werbung` AS `t1`
+                 LEFT JOIN `'.DB_PREFIX.'_reloads` AS `t2` ON (`t1`.`tan` = `t2`.`tan` AND ( `t2`.`uid` = :ruid  OR `t2`.`ip` = :ip ) AND t2.bis >= :zeit )
+                 LEFT JOIN `'.DB_PREFIX.'_fb_blacklist` AS `t3` ON `t3`.`kid` = `t1`.`kid` AND `t3`.`werbeart`=`t1`.`werbeart`
+                 LEFT JOIN `'.DB_PREFIX.'_userblacklist` AS `t4` ON `t4`.`uid` = :buid
+                 WHERE
+                 ( `t3`.`kid` IS NULL OR LOCATE(`t3`.`sponsor`, `t1`.`ziel`) = 0) AND
+                 `t2`.`tan` IS NULL AND
+                 `t1`.`werbeart` = :wart AND
+                 `t1`.`reload` >= 100 AND
+                 `t1`.`menge` > 0 AND
+                 `t1`.`status` = 1 AND
+                 `t1`.`verdienst` >= 0 AND
+                 `t1`.`sponsor` != :spuid ';
+        $sql_params = array(
+                             ':ruid' => $uid,
+                             ':ip'   => $ip,
+                             ':zeit' => $zeit,
+                             ':buid' => $uid,
+                             ':spuid'=> $uid,
+                             ':wart' => $art,
+                      );
+        $result = $this->database->select( $sql, $sql_params );
+        return ( isset($result[0]) ) ? $result[0] : false;
+    }
+
+}

content/LKT_Rallysystem.php

@@ -113,10 +113,10 @@ if ($rally['ende_art'] == 'punkt') {
 if ($rally['gewinn_art'] == 'dynamisch') {
     echo'Es handelt sich bei der ' . $rallyname . '-Rally um eine Dynamische Rally. <br>
     Dies bedeutet der Gewinn pro Rang steigt mit der Aktivit&auml;t der User in der Rally. <br>
-    Der Gewinn-Topf ist nach oben nicht begrenzt und beträgt aktuell  ' . $rally['gewinn_topf'] . ' ' . $waehrung . '. <br> ';
+    Der Gewinn-Topf ist nach oben nicht begrenzt und beträgt aktuell  ' . $rally['gewinn_topf'] . ' ' . $pageconfig['waehrung'] . '. <br> ';
 } else {
     echo'Es handelt sich bei der ' . $rallyname . '-Rally um eine Statische Rally. <br>
-    Die gesammte Gewinnsumme bel&auml;uft sich auf ' . $rally['gewinn_topf'] . ' ' . $waehrung . '. <br>';
+    Die gesammte Gewinnsumme bel&auml;uft sich auf ' . $rally['gewinn_topf'] . ' ' . $pageconfig['waehrung'] . '. <br>';
 }
 
 if ($rally['mindestpunktzhl'] > '0') {
@@ -145,7 +145,7 @@ $gesperrt = explode(',', $rally['sperruser']);
 while ($pa = mysqli_fetch_array($platz)) {
     if (!in_array($pa['uid'], $gesperrt)) {
         if ($rally['gewinner_anzahl'] >= $rp) {
-            $mg = number_format(($rally['gewinn_topf'] / 100 * $rally['p' . $rp]), 2, ',', '.') . ' ' . $waehrung;
+            $mg = number_format(($rally['gewinn_topf'] / 100 * $rally['p' . $rp]), 2, ',', '.') . ' ' . $pageconfig['waehrung'];
         } else $mg = '---';
         if ($pa['punkte'] < $rally['mindestpunktzhl']) $mindestpunkt = '<span style="color:#FF6600;">Nicht erreicht.</span>';
         if ($pa['punkte'] >= $rally['mindestpunktzhl']) $mindestpunkt = '<span style="color:#339966;">Erreicht.</span>';