From: Roland Häder <roland@mxchange.org>
Date: Wed, 15 Oct 2008 22:05:29 +0000 (+0000)
Subject: - Beg link will only work in NONE pay mode! (unfinished, sleepy here...)
X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=commitdiff_plain;h=056162fe45aa0d850bb22870e1caf9595a847a9b

- Beg link will only work in NONE pay mode! (unfinished, sleepy here...)
- Extension "wernis" needs to be re-configured. You need to enter your
  Wernis-password to make member payouts possible
- Editing/changing member/guest menu should now work again
- Output of JavaScript code introduced
- Minor improvements
---

diff --git a/.gitattributes b/.gitattributes
index c6a0974e4e..3d8078eedf 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -153,6 +153,7 @@ inc/gen_refback.php -text
 inc/gen_sql_patches.php -text
 inc/header.php -text
 inc/install-inc.php -text
+inc/js/.htaccess -text
 inc/language.php -text
 inc/language/.htaccess -text
 inc/language/active_de.php -text
@@ -203,6 +204,7 @@ inc/language/yoomedia_de.php -text
 inc/libs/.htaccess -text
 inc/libs/admins_functions.php -text
 inc/libs/autopurge_functions.php -text
+inc/libs/beg_functions.php -text
 inc/libs/bonus_functions.php -text
 inc/libs/cache_functions.php -text
 inc/libs/country_functions.php -text
@@ -1139,6 +1141,7 @@ templates/de/html/beg/beg_done.tpl -text
 templates/de/html/beg/beg_failed.tpl -text
 templates/de/html/beg/beg_link.tpl -text
 templates/de/html/beg/beg_login.tpl -text
+templates/de/html/beg/beg_pay_mode_both.tpl -text
 templates/de/html/birthday/.htaccess -text
 templates/de/html/birthday/birthday_confirm.tpl -text
 templates/de/html/birthday/birthday_footer.tpl -text
diff --git a/beg.php b/beg.php
index f53f158f2e..81ee8d4567 100644
--- a/beg.php
+++ b/beg.php
@@ -60,36 +60,34 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
 	if (!empty($_GET['uid'])) {
 		// Init user ID
 		$uid = 0;
+		$result = false;
 
 		// Validate if it is not a number
 		if ("".($_GET['uid'] + 0)."" !== "".$_GET['uid']."") {
 			if (EXT_IS_ACTIVE("nickname")) {
 				// Maybe we have found a nickname?
 				$result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
-				 array($_GET['uid']), __FILE__, __LINE__);
+					array($_GET['uid']), __FILE__, __LINE__);
 			} else {
 				// Nickname entered but nickname is not active
 				$msg = CODE_EXTENSION_PROBLEM;
 				$uid = -1;
-				$result = false;
 			}
 		} else {
 			// Direct userid
 			$result = SQL_QUERY_ESC("SELECT userid, beg_clicks, ref_payout, status, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
-			 array(bigintval($_GET['uid'])), __FILE__, __LINE__);
+				array(bigintval($_GET['uid'])), __FILE__, __LINE__);
 		}
 
 		// Check if locked in so don't pay points
-		$login = false; $status = "failed";
-		if (IS_MEMBER()) {
-			// Logged in user detected!
-			$login = true;
-		} // END - if
+		$login = IS_MEMBER(); $status = "failed";
 
 		// Check if account was found
 		if ((SQL_NUMROWS($result) == 1) && ($result != false)) {
 			// Found an ID so we simply set it
 			list($uid, $clicks, $ref_payout, $status, $last) = SQL_FETCHROW($result);
+
+			// Account confirmed?
 			if ($status == "CONFIRMED") {
 				// Secure userid
 				$uid = bigintval($uid);
@@ -116,69 +114,94 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
 		// Free memory
 		SQL_FREERESULT($result);
 
+		// User id valid and not webmaster's id?
 		if (($uid > 0) && ($_CONFIG['beg_uid'] != $uid)) {
 			// Update counter
 			$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_clicks=beg_clicks+1 WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
-			 array($uid), __FILE__, __LINE__);
+				array($uid), __FILE__, __LINE__);
 
 			// Check for last entry for userid w/o IP number
-			$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > (UNIX_TIMESTAMP() - ".$_CONFIG['beg_timeout'].") OR (timeout > (UNIX_TIMESTAMP() - ".$_CONFIG['beg_uid_timeout'].") AND userid=%s)) AND remote_ip='%s' LIMIT 1",
-			 array($uid, GET_REMOTE_ADDR()), __FILE__, __LINE__);
-			if ((SQL_NUMROWS($result) == 0) && ($points > 0) && (!$login)) {
-				// Free memory
-				SQL_FREERESULT($result);
+			$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_beg_ips WHERE (timeout > (UNIX_TIMESTAMP() - ".$_CONFIG['beg_timeout'].") OR (timeout > (UNIX_TIMESTAMP() - ".$_CONFIG['beg_uid_timeout'].") AND userid=%s)) AND (remote_ip='%s' OR sid='%s') LIMIT 1",
+				array($uid, GET_REMOTE_ADDR(), session_id()), __FILE__, __LINE__);
+
+			// Entry not found, points set and not logged in?
+			if (((SQL_NUMROWS($result) == 0) || (IS_ADMIN())) && ($points > 0) && (!$login) && ($_CONFIG['beg_pay_mode'] == "NONE")) {
+				// Don't pay is the default...
+				$pay = false;
 
+				// Admin is testing?
 				if (!IS_ADMIN()) {
 					// Remember remote address, userid and timestamp for next click
 					// but only when there is no admin begging.
 					// Admins shall be able to test it!
-					$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_beg_ips (userid, remote_ip, timeout) VALUES ('%s','%s', UNIX_TIMESTAMP())",
-					 array($uid, GET_REMOTE_ADDR()), __FILE__, __LINE__);
-				}
-
-				// Set mode depending on how many mails the member has to confirm
-				$locked = false;
-				if (($ref_payout > 0) && ($_CONFIG['allow_direct_pay'] == "N")) $locked = true;
-
-				// Is begging rallye active?
-				if ($_CONFIG['beg_rallye'] == "Y") {
-					// Add points to rallye account
-					$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%s LIMIT 1",
-					 array($points, $uid), __FILE__, __LINE__);
+					SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_beg_ips (userid, remote_ip,sid, timeout) VALUES ('%s','%s','%s', UNIX_TIMESTAMP())",
+						array($uid, GET_REMOTE_ADDR(), session_id()), __FILE__, __LINE__);
+
+					// Was is successfull?
+					if (SQL_AFFECTEDROWS() == 1) {
+						// Okay!
+						$pay = true;
+					} // END - if
 				} else {
-					// Add points to account
-					unset($DEPTH);
-					ADD_POINTS_REFSYSTEM($uid, $points, false, "0", $locked, strtolower($_CONFIG['beg_mode']));
+					// Is admin!
+					$pay = true;
 				}
 
-				// Subtract begged points from member account if the admin has selected one
-				if ($_CONFIG['beg_uid'] > 0) {
-					// Subtract from this account
-					SUB_POINTS($_CONFIG['beg_uid'], $points);
+				// Pay points?
+				if ($pay) {
+					// Set mode depending on how many mails the member has to confirm
+					$locked = false;
+					if (($ref_payout > 0) && ($_CONFIG['allow_direct_pay'] == "N")) $locked = true;
+
+					// Is begging rallye active?
+					if ($_CONFIG['beg_rallye'] == "Y") {
+						// Add points to rallye account
+						SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%s LIMIT 1",
+							array($points, $uid), __FILE__, __LINE__);
+					} else {
+						// Add points to account
+						unset($DEPTH);
+						ADD_POINTS_REFSYSTEM($uid, $points, false, "0", $locked, strtolower($_CONFIG['beg_mode']));
+					}
+
+					// Subtract begged points from member account if the admin has selected one
+					if ($_CONFIG['beg_uid'] > 0) {
+						// Subtract from this account
+						SUB_POINTS($_CONFIG['beg_uid'], $points);
+					} // END - if
+
+					// Set message
+					define('__BEG_MSG', LOAD_TEMPLATE("beg_done", true));
+				} else {
+					// Error!
+					define('__BEG_MSG', LOAD_TEMPLATE("beg_failed", true));
 				}
-
-				// Set message
-				define('__BEG_MSG', LOAD_TEMPLATE("beg_done", true));
 			} elseif ($login) {
 				// Logged in user found!
 				define('__BEG_MSG', LOAD_TEMPLATE("beg_login", true));
-
-				// Free memory
-				SQL_FREERESULT($result);
+			} elseif ($_CONFIG['beg_pay_mode'] != "NONE") {
+				// Other pay-mode active!
+				define('__BEG_MSG', LOAD_TEMPLATE("beg_pay_mode_".strtolower($_CONFIG['beg_pay_mode']), true));
 			} else {
-				// Free memory
-				SQL_FREERESULT($result);
-
 				// Clicked received while reload lock is active
 				define('__BEG_MSG', LOAD_TEMPLATE("beg_failed", true));
 			}
 
+			// Free memory
+			SQL_FREERESULT($result);
+
 			// Include header
 			require_once(PATH."inc/header.php");
 
 			// Load final template
 			LOAD_TEMPLATE("beg_link");
 
+			// Tracker code enabled? (We don't track users here!
+			if ($_CONFIG['beg_pay_mode'] != "NONE") {
+				// Include config-depending template
+				LOAD_TEMPLATE("beg_pay_code_".strtolower($_CONFIG['beg_pay_mode']));
+			} // END - if
+
 			// Include footer
 			require_once(PATH."inc/footer.php");
 		} elseif (($status != "CONFIRMED") && ($status != "failed")) {
@@ -190,7 +213,7 @@ if (isBooleanConstantAndTrue('mxchange_installed')) {
 		} elseif (($uid == "0") || ($status == "failed")) {
 			// Inalid or locked account, so let's find out
 			$result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
-			 array($_GET['uid']), __FILE__, __LINE__);
+				array($_GET['uid']), __FILE__, __LINE__);
 			if (SQL_NUMROWS($result) == 1) {
 				// Locked account
 				$msg = CODE_ACCOUNT_LOCKED;
diff --git a/inc/databases.php b/inc/databases.php
index bd32483af6..7a2badd635 100644
--- a/inc/databases.php
+++ b/inc/databases.php
@@ -70,6 +70,7 @@ define('CODE_MORE_RECEIVERS3'  , 29);
 define('CODE_INVALID_URL'      , 30);
 define('CODE_MENU_NOT_VALID'   , 31);
 define('CODE_LOGIN_FAILED'     , 32);
+define('CODE_BEG_SAME_AS_OWN'  , 33);
 
 // Full version string: /([0-9]){1}\.([0-9]){1}\.([0-9]){1}(-(alpha|beta|pre|rc([1-3]))([0-9]+))?/
 // If you understand regular expressions ^^^ you may know how I versionize... ;-)
@@ -113,7 +114,7 @@ define('USAGE_BASE', "usage");
 define('SERVER_URL', "http://www.mxchange.org");
 
 // This current patch level
-define('CURR_SVN_REVISION', "514");
+define('CURR_SVN_REVISION', "515");
 
 // Take a prime number which is long (if you know a longer one please try it out!)
 define('_PRIME', 591623);
diff --git a/inc/extensions/ext-beg.php b/inc/extensions/ext-beg.php
index f959f1dc21..f6c66816f2 100644
--- a/inc/extensions/ext-beg.php
+++ b/inc/extensions/ext-beg.php
@@ -38,27 +38,27 @@ if (!defined('__SECURITY')) {
 }
 
 // Version number
-$EXT_VERSION = "0.2.5";
+$EXT_VERSION = "0.2.6";
 
 // Auto-set extension version
 if (empty($EXT_VER)) $EXT_VER = $EXT_VERSION;
 
 // Version history array (add more with , "0.1" and so on)
-$EXT_VER_HISTORY = array("0.0", "0.0.1", "0.0.2", "0.0.3", "0.0.4", "0.0.5", "0.0.6", "0.0.7", "0.0.8", "0.0.9", "0.1.0", "0.1.1", "0.1.2", "0.1.3", "0.1.4", "0.1.5", "0.1.6", "0.1.7", "0.1.8", "0.1.9", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.4", "0.2.5");
+$EXT_VER_HISTORY = array("0.0", "0.0.1", "0.0.2", "0.0.3", "0.0.4", "0.0.5", "0.0.6", "0.0.7", "0.0.8", "0.0.9", "0.1.0", "0.1.1", "0.1.2", "0.1.3", "0.1.4", "0.1.5", "0.1.6", "0.1.7", "0.1.8", "0.1.9", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.4", "0.2.5", "0.2.6");
 
 switch ($EXT_LOAD_MODE)
 {
 case "register": // Do stuff when installation is running (modules.php?module=admin&action=login is called)
 	// SQL commands to run
-	$SQLs[] = "INSERT INTO "._MYSQL_PREFIX."_admin_menu (`action`,`what`,`title`,`descr`,`sort`) VALUES ('setup','config_beg','Bettel-Link','IP-Sperre, {!POINTS!}-Verg&uuml;tung usw. k&ouml;nnen Sie hier einstellen.', 10)";
-	$SQLs[] = "INSERT INTO "._MYSQL_PREFIX."_guest_menu (`action`,`what`,`title`,`sort`,`visible`,`locked`) VALUES ('main','beg','{!POINTS!} erbetteln!',4,'Y','Y')";
-	$SQLs[] = "INSERT INTO "._MYSQL_PREFIX."_member_menu (`action`,`what`,`title`,`sort`,`visible`,`locked`) VALUES ('main','beg','Ihr Bettel-Link',6,'Y','Y')";
-	$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD beg_timeout BIGINT(20) UNSIGNED NOT NULL DEFAULT '600'";
-	$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD beg_uid_timeout BIGINT(20) UNSIGNED NOT NULL DEFAULT '1800'";
-	$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD beg_points DOUBLE(20,5) UNSIGNED NOT NULL DEFAULT '0.00100'";
-	$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_user_data ADD beg_clicks BIGINT(20) UNSIGNED NOT NULL DEFAULT '0'";
-	$SQLs[] = "DROP TABLE IF EXISTS "._MYSQL_PREFIX."_beg_ips";
-	$SQLs[] = "CREATE TABLE "._MYSQL_PREFIX."_beg_ips (
+	$SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('setup','config_beg','Bettel-Link','IP-Sperre, {!POINTS!}-Verg&uuml;tung usw. k&ouml;nnen Sie hier einstellen.', 10)";
+	$SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_guest_menu` (`action`,`what`,`title`,`sort`,`visible`,`locked`) VALUES ('main','beg','{!POINTS!} erbetteln!',4,'Y','Y')";
+	$SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_member_menu` (`action`,`what`,`title`,`sort`,`visible`,`locked`) VALUES ('main','beg','Ihr Bettel-Link',6,'Y','Y')";
+	$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD beg_timeout BIGINT(20) UNSIGNED NOT NULL DEFAULT '600'";
+	$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD beg_uid_timeout BIGINT(20) UNSIGNED NOT NULL DEFAULT '1800'";
+	$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD beg_points DOUBLE(20,5) UNSIGNED NOT NULL DEFAULT '0.00100'";
+	$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_user_data` ADD beg_clicks BIGINT(20) UNSIGNED NOT NULL DEFAULT '0'";
+	$SQLs[] = "DROP TABLE IF EXISTS `"._MYSQL_PREFIX."_beg_ips`";
+	$SQLs[] = "CREATE TABLE `"._MYSQL_PREFIX."_beg_ips` (
 id BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT,
 userid BIGINT(20) UNSIGNED NOT NULL DEFAULT '0',
 remote_ip VARCHAR(15) NOT NULL DEFAULT '0.0.0.0',
@@ -73,24 +73,24 @@ PRIMARY KEY(id)
 
 case "remove": // Do stuff when removing extension
 	// SQL commands to run
-	$SQLs[] = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admin_menu WHERE what='config_beg' OR what='list_beg' LIMIT 2";
-	$SQLs[] = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_guest_menu WHERE what='beg' LIMIT 1";
-	$SQLs[] = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_member_menu WHERE what='beg' OR what='beg2' LIMIT 2";
-	$SQLs[] = "DROP TABLE IF EXISTS "._MYSQL_PREFIX."_beg_ips";
+	$SQLs[] = "DELETE LOW_PRIORITY FROM `"._MYSQL_PREFIX."_admin_menu` WHERE what='config_beg' OR what='list_beg' LIMIT 2";
+	$SQLs[] = "DELETE LOW_PRIORITY FROM `"._MYSQL_PREFIX."_guest_menu` WHERE what='beg' LIMIT 1";
+	$SQLs[] = "DELETE LOW_PRIORITY FROM `"._MYSQL_PREFIX."_member_menu` WHERE what='beg' OR what='beg2' LIMIT 2";
+	$SQLs[] = "DROP TABLE IF EXISTS `"._MYSQL_PREFIX."_beg_ips`";
 	break;
 
 case "activate": // Do stuff when admin activates this extension
 	// SQL commands to run
-	$SQLs[] = "UPDATE "._MYSQL_PREFIX."_guest_menu SET visible='Y', locked='N' WHERE what='beg' LIMIT 1";
-	$SQLs[] = "UPDATE "._MYSQL_PREFIX."_member_menu SET visible='Y', locked='N' WHERE what='beg' LIMIT 1";
-	$SQLs[] = "UPDATE "._MYSQL_PREFIX."_mod_reg SET locked='N', hidden='N', admin_only='N', mem_only='N' WHERE module='beg' LIMIT 1";
+	$SQLs[] = "UPDATE `"._MYSQL_PREFIX."_guest_menu` SET visible='Y', locked='N' WHERE what='beg' LIMIT 1";
+	$SQLs[] = "UPDATE `"._MYSQL_PREFIX."_member_menu` SET visible='Y', locked='N' WHERE what='beg' LIMIT 1";
+	$SQLs[] = "UPDATE `"._MYSQL_PREFIX."_mod_reg` SET locked='N', hidden='N', admin_only='N', mem_only='N' WHERE module='beg' LIMIT 1";
 	break;
 
 case "deactivate": // Do stuff when admin deactivates this extension
 	// SQL commands to run
-	$SQLs[] = "UPDATE "._MYSQL_PREFIX."_guest_menu SET visible='Y', locked='Y' WHERE what='beg' LIMIT 1";
-	$SQLs[] = "UPDATE "._MYSQL_PREFIX."_member_menu SET visible='Y', locked='Y' WHERE what='beg' LIMIT 1";
-	$SQLs[] = "UPDATE "._MYSQL_PREFIX."_mod_reg SET locked='Y' WHERE module='beg' LIMIT 1";
+	$SQLs[] = "UPDATE `"._MYSQL_PREFIX."_guest_menu` SET visible='Y', locked='Y' WHERE what='beg' LIMIT 1";
+	$SQLs[] = "UPDATE `"._MYSQL_PREFIX."_member_menu` SET visible='Y', locked='Y' WHERE what='beg' LIMIT 1";
+	$SQLs[] = "UPDATE `"._MYSQL_PREFIX."_mod_reg` SET locked='Y' WHERE module='beg' LIMIT 1";
 	break;
 
 case "update": // Update an extension
@@ -107,7 +107,7 @@ case "update": // Update an extension
 		break;
 
 	case "0.0.3": // SQL queries for v0.0.3
-		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD beg_points_max DOUBLE(20,5) UNSIGNED NOT NULL DEFAULT '0.10000'";
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD beg_points_max DOUBLE(20,5) UNSIGNED NOT NULL DEFAULT '0.10000'";
 
 		// Update notes (these will be set as task text!)
 		$UPDATE_NOTES = "Maximale Obergrenze an {!POINTS!} einstellbar (Standart: 0,1 {!POINTS!})";
@@ -124,14 +124,14 @@ case "update": // Update an extension
 		break;
 
 	case "0.0.6": // SQL queries for v0.0.6
-		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD beg_uid BIGINT(20) UNSIGNED NOT NULL DEFAULT '0'";
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD beg_uid BIGINT(20) UNSIGNED NOT NULL DEFAULT '0'";
 
 		// Update notes (these will be set as task text!)
 		$UPDATE_NOTES = "Ein Mitgliedsaccount (empfehlenswert ist Ihr eigenes!) kann zum Abbuchen der {!POINTS!} verwendet werden. Template <U>admin_config_beg.tpl</U> (und pro!) nicht vergessen, zu aktualisieren.";
 		break;
 
 	case "0.0.8": // SQL queries for v0.0.8
-		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD beg_ip_timeout BIGINT(20) UNSIGNED NOT NULL DEFAULT '1800'";
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD beg_ip_timeout BIGINT(20) UNSIGNED NOT NULL DEFAULT '1800'";
 
 		// Update notes (these will be set as task text!)
 		$UPDATE_NOTES = "Zeitsperre gegen die selbe IP-Nummer hinzugef&uuml;gt.";
@@ -154,15 +154,15 @@ case "update": // Update an extension
 
 	case "0.1.2":
 		// SQL queries for v0.1.2
-		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD beg_mode ENUM('DIRECT','REF') NOT NULL DEFAULT 'REF'";
-		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD beg_ranks TINYINT(3) UNSIGNED NOT NULL DEFAULT '10'";
-		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD beg_active ENUM('Y','N') NOT NULL DEFAULT 'N'";
-		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD beg_rallye ENUM('Y','N') NOT NULL DEFAULT 'N'";
-		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_user_data ADD beg_points DOUBLE(21,5) NOT NULL DEFAULT '0.00000'";
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD beg_mode ENUM('DIRECT','REF') NOT NULL DEFAULT 'REF'";
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD beg_ranks TINYINT(3) UNSIGNED NOT NULL DEFAULT '10'";
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD beg_active ENUM('Y','N') NOT NULL DEFAULT 'N'";
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD beg_rallye ENUM('Y','N') NOT NULL DEFAULT 'N'";
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_user_data` ADD beg_points DOUBLE(21,5) NOT NULL DEFAULT '0.00000'";
 		$VIS = "N"; $LOCKED = "Y";
 		if (EXT_IS_ACTIVE("beg")) { $VIS = "Y"; $LOCKED = "N"; }
-		$SQLs[] = "INSERT INTO "._MYSQL_PREFIX."_member_menu (`action`,`what`,`title`,`visible`,`locked`,`sort`) VALUES ('main','beg2','Bettel-Rallye','".$VIS."','".$LOCKED."','7')";
-		$SQLs[] = "INSERT INTO "._MYSQL_PREFIX."_admin_menu (`action`,`what`,`title`,`descr`,`sort`) VALUES ('user','list_beg','Bettel-Rallye','Listet alle Teilnehmer der monatlichen Bettel-Rallye auf.','12')";
+		$SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_member_menu` (`action`,`what`,`title`,`visible`,`locked`,`sort`) VALUES ('main','beg2','Bettel-Rallye','".$VIS."','".$LOCKED."','7')";
+		$SQLs[] = "INSERT INTO `"._MYSQL_PREFIX."_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('user','list_beg','Bettel-Rallye','Listet alle Teilnehmer der monatlichen Bettel-Rallye auf.','12')";
 
 		// Update notes (these will be set as task text!)
 		$UPDATE_NOTES = "Optionale Bettel-Rallye m&ouml;glich. Und die erbettelten {!POINTS!} k&ouml;nnen entweder nur dem bettelndem Mitglied direkt oder auch seinem Werber gutgeschrieben werden k&ouml;nnen.";
@@ -179,7 +179,7 @@ case "update": // Update an extension
 		break;
 
 	case "0.1.5": // SQL queries for v0.1.5
-		$SQLs[] = "UPDATE "._MYSQL_PREFIX."_admin_menu SET title='Bettellink/-rallye', descr='IP-Sperre, {!POINTS!}-Verg&uuml;tung und auch die Bettel-Rallye k&ouml;nnen Sie hier einstellen.' WHERE what='config_beg' LIMIT 1";
+		$SQLs[] = "UPDATE `"._MYSQL_PREFIX."_admin_menu` SET title='Bettellink/-rallye', descr='IP-Sperre, {!POINTS!}-Verg&uuml;tung und auch die Bettel-Rallye k&ouml;nnen Sie hier einstellen.' WHERE what='config_beg' LIMIT 1";
 
 		// Update notes (these will be set as task text!)
 		$UPDATE_NOTES = "Fehlendes Template im Admin-Bereich hinzugef&uuml;gt. Im Admin-Bereich Hinweis hinzugef&uuml;gt, wenn Bettel-Rallye inaktiv ist. Bitte Script inc/monthly_beg.php l&ouml;schen!";
@@ -191,14 +191,14 @@ case "update": // Update an extension
 		break;
 
 	case "0.1.7": // SQL queries for v0.1.7
-		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD beg_ral_en_notify ENUM('Y','N') NOT NULL DEFAULT 'N'";
-		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD beg_ral_di_notify ENUM('Y','N') NOT NULL DEFAULT 'N'";
-		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD beg_new_mem_notify ENUM('Y','N') NOT NULL DEFAULT 'N'";
-		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD beg_notify_bonus  DOUBLE(20,5) UNSIGNED NOT NULL DEFAULT '0.00000'";
-		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD beg_notify_wait BIGINT(20) UNSIGNED NOT NULL DEFAULT '30'";
-		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_user_data ADD beg_ral_notify BIGINT(20) UNSIGNED NOT NULL DEFAULT '0'";
-		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_user_data ADD beg_ral_en_notify BIGINT(20) UNSIGNED NOT NULL DEFAULT '0'";
-		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_user_data ADD beg_ral_di_notify BIGINT(20) UNSIGNED NOT NULL DEFAULT '0'";
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD beg_ral_en_notify ENUM('Y','N') NOT NULL DEFAULT 'N'";
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD beg_ral_di_notify ENUM('Y','N') NOT NULL DEFAULT 'N'";
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD beg_new_mem_notify ENUM('Y','N') NOT NULL DEFAULT 'N'";
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD beg_notify_bonus  DOUBLE(20,5) UNSIGNED NOT NULL DEFAULT '0.00000'";
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD beg_notify_wait BIGINT(20) UNSIGNED NOT NULL DEFAULT '30'";
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_user_data` ADD beg_ral_notify BIGINT(20) UNSIGNED NOT NULL DEFAULT '0'";
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_user_data` ADD beg_ral_en_notify BIGINT(20) UNSIGNED NOT NULL DEFAULT '0'";
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_user_data` ADD beg_ral_di_notify BIGINT(20) UNSIGNED NOT NULL DEFAULT '0'";
 
 		// Update notes (these will be set as task text!)
 		$UPDATE_NOTES = "Die Mitglieder k&ouml;nnen nun optional automatisch &uuml;ber eine aktivierte und/oder deaktivierte Bettel-Rallye informiert werden. Beide Benachrichtigungen k&ouml;nnen Sie unter <STRONG>Einstellungen --&gt; Bettel-Link/-rallye</STRONG> seperat ein- und ausschalten! Zudem ist eine Sperre gegen eingeloggte Mitglieder eingebaut, die das Klicken auf den eigenen Bettel-Link etwas erschweren soll.";
@@ -225,7 +225,7 @@ case "update": // Update an extension
 		break;
 
 	case "0.2.2": // SQL queries for v0.2.2
-		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD beg_include_own ENUM('Y','N') NOT NULL DEFAULT 'N'";
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD beg_include_own ENUM('Y','N') NOT NULL DEFAULT 'N'";
 
 		// Update notes (these will be set as task text!)
 		$UPDATE_NOTES = "Eigene User-ID von Bettel-Rallye ausschliessbar.";
@@ -237,8 +237,8 @@ case "update": // Update an extension
 		break;
 
 	case "0.2.4": // SQL queries for v0.2.4
-		$SQLs[] = "UPDATE "._MYSQL_PREFIX."_member_menu SET action='extras', sort='1' WHERE what='beg' LIMIT 1";
-		$SQLs[] = "UPDATE "._MYSQL_PREFIX."_member_menu SET action='rals', sort='3', title='Bettel-Rallye' WHERE what='beg2' LIMIT 1";
+		$SQLs[] = "UPDATE `"._MYSQL_PREFIX."_member_menu` SET action='extras', sort='1' WHERE what='beg' LIMIT 1";
+		$SQLs[] = "UPDATE `"._MYSQL_PREFIX."_member_menu` SET action='rals', sort='3', title='Bettel-Rallye' WHERE what='beg2' LIMIT 1";
 
 		// Update notes (these will be set as task text!)
 		$UPDATE_NOTES = "Mitgliedsmen&uuml; komplett umgebaut.";
@@ -248,6 +248,14 @@ case "update": // Update an extension
 		// Update notes (these will be set as task text!)
 		$UPDATE_NOTES = "Fehlerhinweis bei deaktivierter Erweiterung verbessert.";
 		break;
+
+	case "0.2.6": // SQL queries for v0.2.6
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_beg_ips` ADD sid VARCHAR(255) NOT NULL DEFAULT ''";
+		$SQLs[] = "ALTER TABLE `"._MYSQL_PREFIX."_config` ADD `beg_pay_mode` ENUM('IMG','JS','BOTH','NONE') DEFAULT 'NONE' NOT NULL ;";
+
+		// Update notes (these will be set as task text!)
+		$UPDATE_NOTES = "IP-Lock mit Session-ID erweitert. Tracker-Script eingef&uuml;gt, dass das Einbinden des Bettel-Links als Bild/Script/CSS verhindern soll.";
+		break;
 	}
 	break;
 
@@ -255,16 +263,13 @@ default: // Do stuff when extension is loaded
 	// Remove old entries
 	$OLD = $_CONFIG['beg_timeout'];
 	if ($_CONFIG['beg_uid_timeout'] > $OLD) $OLD = $_CONFIG['beg_uid_timeout'];
-	$result_ext = SQL_QUERY("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_beg_ips WHERE timeout < (UNIX_TIMESTAMP() -".($OLD - 60*60).")", __FILE__, __LINE__);
+	$result_ext = SQL_QUERY("DELETE LOW_PRIORITY FROM `"._MYSQL_PREFIX."_beg_ips` WHERE timeout < (UNIX_TIMESTAMP() -".($OLD + 60*60).")", __FILE__, __LINE__);
 
 	// Check for beg rallye is active and send mails out
 	if (($_CONFIG['beg_rallye'] == "Y") && ($_CONFIG['beg_new_mem_notify'] == "Y")) {
 		// Include file for sending out mails
 		$INC_POOL[] = sprintf("%sinc/mails/beg_mails.php", PATH);
-	}
-
-	// Return code for the URL
-	define('CODE_BEG_SAME_AS_OWN', 100);
+	} // END - if
 	break;
 }
 
diff --git a/inc/extensions/ext-refback.php b/inc/extensions/ext-refback.php
index 120aaf2560..42d1672a5c 100644
--- a/inc/extensions/ext-refback.php
+++ b/inc/extensions/ext-refback.php
@@ -76,12 +76,12 @@ case "remove": // Do stuff when removing extension
 
 case "activate": // Do stuff when admin activates this extension
 	// SQL commands to run
-	$SQLs[] = "";
+	$SQLs[] = "UPDATE `"._MYSQL_PREFIX."_member_menu` SET visible='Y' locked='N' WHERE what='refback' LIMIT 1";
 	break;
 
 case "deactivate": // Do stuff when admin deactivates this extension
 	// SQL commands to run
-	$SQLs[] = "";
+	$SQLs[] = "UPDATE `"._MYSQL_PREFIX."_member_menu` SET locked='Y' WHERE what='refback' LIMIT 1";
 	break;
 
 case "update": // Update an extension
diff --git a/inc/extensions/ext-sql_patches.php b/inc/extensions/ext-sql_patches.php
index 9b0bed6a62..78f1bf2aa8 100644
--- a/inc/extensions/ext-sql_patches.php
+++ b/inc/extensions/ext-sql_patches.php
@@ -358,7 +358,7 @@ PRIMARY KEY(id)
 		break;
 
 	case "0.2.7": // SQL queries for v0.2.7
-		$SQLs[] = "INSERT INTO "._MYSQL_PREFIX."_member_menu (action,what,title,sort) VALUES ('main','themes','Designs', 6)";
+		$SQLs[] = "INSERT INTO "._MYSQL_PREFIX."_member_menu (`action`,`what`,`title`,`sort`,`visible`,`locked`) VALUES ('main','themes','Designs', 6,'Y','N')";
 		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_user_data ADD curr_theme VARCHAR(255) NOT NULL DEFAULT 'default'";
 		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD stats_limit BIGINT(20) UNSIGNED NOT NULL DEFAULT '10'";
 		$SQLs[] = "UPDATE "._MYSQL_PREFIX."_admin_menu SET what='config_stats' WHERE what='stats' LIMIT 1";
@@ -672,7 +672,7 @@ PRIMARY KEY (id)
 		break;
 
 	case "0.5.4": // SQL queries for v0.5.4
-		$SQLs[] = "INSERT INTO "._MYSQL_PREFIX."_member_menu (`action`,`what`,`title`,`sort`,`visible`,`locked`) VALUES ('main','reflist','Ref-&Uuml;bersicht',5,'N','N')";
+		$SQLs[] = "INSERT INTO "._MYSQL_PREFIX."_member_menu (`action`,`what`,`title`,`sort`,`visible`,`locked`) VALUES ('main','reflist','Ref-&Uuml;bersicht',5,'Y','N')";
 
 		// Depends on refback extension
 		$EXT_UPDATE_DEPENDS = "refback";
diff --git a/inc/extensions/ext-wernis.php b/inc/extensions/ext-wernis.php
index 6cd48a34ee..e9d2356dc1 100644
--- a/inc/extensions/ext-wernis.php
+++ b/inc/extensions/ext-wernis.php
@@ -38,13 +38,13 @@ if (!defined('__SECURITY')) {
 }
 
 // Version of this extension
-$EXT_VERSION = "0.0.1";
+$EXT_VERSION = "0.0.2";
 
 // Auto-set extension version
 if (empty($EXT_VER)) $EXT_VER = $EXT_VERSION;
 
 // Version history array (add more with , "0.1" and so on)
-$EXT_VER_HISTORY = array("0.0", "0.0.1");
+$EXT_VER_HISTORY = array("0.0", "0.0.1", "0.0.2");
 
 switch ($EXT_LOAD_MODE)
 {
@@ -121,6 +121,13 @@ case "update": // Update an extension
 		// Update notes (these will be set as task text!)
 		$UPDATE_NOTES = "Ein-/Auszahlungsfunktion getrennt ein- und ausschaltbar, sowie mit Umrechungsfaktoren {!POINTS!}-&gt;Wernis versehen. Prozentualer Abzug als &quot;Betreibergeb&uuml;hr hinzugef&uuml;gt, was z.B. f&uuml;r Wechselstuben interessant ist.";
 		break;
+
+	case "0.0.2": // SQL queries for v0.0.2
+		$SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_config ADD wernis_pass_md5 VARCHAR(32) NOT NULL DEFAULT ''";
+
+		// Update notes (these will be set as task text!)
+		$UPDATE_NOTES = "Auszahlunsfunktion an die neue API 0.2-BETA angepasst. Demnach muss Ihr Wernis-Passwort beim Auszahlen benutzt werden und in Ihrem {!MT_WORD!} als MD5-Hash gespeichert werden.";
+		break;
 	}
 	break;
 
diff --git a/inc/js/.htaccess b/inc/js/.htaccess
new file mode 100644
index 0000000000..14249c50bd
--- /dev/null
+++ b/inc/js/.htaccess
@@ -0,0 +1 @@
+Deny from all
\ No newline at end of file
diff --git a/inc/language/beg_de.php b/inc/language/beg_de.php
index 2b25ea2643..0ba7e75813 100644
--- a/inc/language/beg_de.php
+++ b/inc/language/beg_de.php
@@ -83,6 +83,13 @@ define('BEG_SORRY_YOURE_LOGGED_IN_2', " geklickt. Sie haben somit auch keine ");
 define('BEG_SORRY_YOURE_LOGGED_IN_3', " {!POINTS!} erhalten!");
 define('BEG_SAME_UID_AS_OWN', "Mitglieder-ID des Webmasters benutzt!");
 
+// Pay modes
+define('ADMIN_BEG_PAY_MODE', "Wie sollen {!POINTS!} verg&uuml;tet werden?");
+define('ADMIN_BEG_PAY_MODE_IMG', "Abgesichert durch ein 1x1-Pixel");
+define('ADMIN_BEG_PAY_MODE_JS', "Abgesichert durch ein Fake-JavaScript");
+define('ADMIN_BEG_PAY_MODE_BOTH', "Durch beides obriges absichern");
+define('ADMIN_BEG_PAY_MODE_NONE', "Keine Absicherung (unsicher)");
+
 // Begging rallye
 define('BEG_RANK', "Bettel-Rank");
 define('BEG_TOTAL', "Gesamt erbettelt");
diff --git a/inc/language/wernis_de.php b/inc/language/wernis_de.php
index e9a808a51b..56da9c0dde 100644
--- a/inc/language/wernis_de.php
+++ b/inc/language/wernis_de.php
@@ -59,6 +59,7 @@ define('WERNIS_ADMIN_API_ID', "WDS66-API-ID (api_id=x)");
 define('WERNIS_ADMIN_API_MD5', "WDS66-API-Key (api_md5=xxxxx; 32-stellig)");
 define('WERNIS_ADMIN_API_URL', "Basis-URL der API-Skripte");
 define('WERNIS_ADMIN_REFID', "Ihre Referal-ID bei WDS66-Portal (= Ihr Username!)");
+define('WERNIS_ADMIN_WPASS', "Wernis-Passwort (nicht Account-Passwort!)");
 define('WERNIS_ADMIN_CONFIG_NOTE', "<A href=\"http://www.wds66.com/ref.php?refid=10437\" target=\"_blank\">Hier</A> k&ouml;nnen Sie schon f&uuml;r <strong>5,00&euro;</strong>=<strong>25.000 Abfragen</strong> ein API-Account beantragen (dazu ist ein <strong>kostenloses</strong> Wernis-Account dennoch n&ouml;tig!) Geben Sie immer Ihren Usernamen von WDS66-Hauptaccount ein und &uuml;berpr&uuml;fen Sie diesen mehrmals! Er wird zum &Uuml;berweisen von und nach WDS66-Wernis-Portal ben&ouml;tigt. Die Betreibergeb&uuml;hren und Umrechnungsfaktoren sind f&uuml;r den Betrieb Ihres {!MT_WORD2!} komplett in Wernis ausgelegt, diese m&uuml;ssen Sie also noch anpassen, wenn Sie z.B. Punkte haben und in Wernis auszahlen lassen wollen.");
 define('WERNIS_ADMIN_NO_TRANSFERS', "Derzeit keine Wernis transferiert!");
 define('WERNIS_ADMIN_WDS66_ACCOUNT', "Account bei WDS66-Portal");
diff --git a/inc/libs/beg_functions.php b/inc/libs/beg_functions.php
new file mode 100644
index 0000000000..759c83d64c
--- /dev/null
+++ b/inc/libs/beg_functions.php
@@ -0,0 +1,67 @@
+<?php
+/************************************************************************
+ * MXChange v0.2.1                                    Start: 10/15/2008 *
+ * ===============                              Last change: 10/15/2008 *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * File              : beg_functions.php                                *
+ * -------------------------------------------------------------------- *
+ * Short description : Beg link functions                               *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung  : Funktionen fuer den Bettel-Link                  *
+ * -------------------------------------------------------------------- *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder                           *
+ * For more information visit: http://www.mxchange.org                  *
+ *                                                                      *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or    *
+ * (at your option) any later version.                                  *
+ *                                                                      *
+ * This program is distributed in the hope that it will be useful,      *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
+ * GNU General Public License for more details.                         *
+ *                                                                      *
+ * You should have received a copy of the GNU General Public License    *
+ * along with this program; if not, write to the Free Software          *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
+ * MA  02110-1301  USA                                                  *
+ ************************************************************************/
+
+// Some security stuff...
+if (!defined('__SECURITY')) {
+	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+	require($INC);
+}
+
+// Add points to user or begging rallye account
+function BEG_ADD_POINTS($uid, $points) {
+	global $_CONFIG;
+
+	// Set mode depending on how many mails the member has to confirm
+	$locked = false;
+	if (($ref_payout > 0) && ($_CONFIG['allow_direct_pay'] == "N")) $locked = true;
+
+	// Is begging rallye active?
+	if ($_CONFIG['beg_rallye'] == "Y") {
+		// Add points to rallye account
+		SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET beg_points=beg_points+%s WHERE userid=%s LIMIT 1",
+			array($points, $uid), __FILE__, __LINE__);
+	} else {
+		// Add points to account
+		unset($DEPTH);
+		ADD_POINTS_REFSYSTEM($uid, $points, false, "0", $locked, strtolower($_CONFIG['beg_mode']));
+	}
+
+	// Subtract begged points from member account if the admin has selected one
+	if ($_CONFIG['beg_uid'] > 0) {
+		// Subtract from this account
+		SUB_POINTS($_CONFIG['beg_uid'], $points);
+	} // END - if
+}
+
+// [EOF]
+?>
diff --git a/inc/libs/wernis_functions.php b/inc/libs/wernis_functions.php
index 2308b81fa5..fed9c42c5c 100644
--- a/inc/libs/wernis_functions.php
+++ b/inc/libs/wernis_functions.php
@@ -262,7 +262,7 @@ function WERNIS_EXECUTE_WITHDRAW ($wdsId, $userMd5, $amount) {
 
 
 // Payout this amount
-function WERNIS_EXECUTE_PAYOUT ($wdsId, $userMd5, $amount) {
+function WERNIS_EXECUTE_PAYOUT ($wdsId, $amount) {
 	global $_CONFIG;
 
 	// Default is failed attempt
@@ -275,9 +275,9 @@ function WERNIS_EXECUTE_PAYOUT ($wdsId, $userMd5, $amount) {
 	// Prepare the request data
 	$requestData = array(
 		'sub_request'	=> "send",
-		't_uid'			=> bigintval($wdsId),
-		't_md5'			=> $userMd5,
-		'r_uid'			=> $_CONFIG['wernis_refid'],
+		't_uid'			=> $_CONFIG['wernis_refid'],
+		't_md5'			=> $_CONFIG['wernis_pass_md5'],
+		'r_uid'			=> bigintval($wdsId),
 		'amount'		=> bigintval($amount),
 		'purpose'		=> urlencode(base64_encode($purpose))
 	);
diff --git a/inc/modules/admin/what-adminedit.php b/inc/modules/admin/what-adminedit.php
index aadbd0c3db..75045efc2b 100644
--- a/inc/modules/admin/what-adminedit.php
+++ b/inc/modules/admin/what-adminedit.php
@@ -44,7 +44,7 @@ ADD_DESCR("admin", __FILE__);
 $AND = "(what = '' OR what IS NULL)"; $SUB = "";
 if (!empty($_GET['sub']))
 {
-	$AND = sprintf("action='%s'", SQL_ESCAPE($_GET['sub']));
+	$AND = sprintf("action='%s' AND what IS NOT NULL", SQL_ESCAPE($_GET['sub']));
 	$SUB = SQL_ESCAPE($_GET['sub']);
 }
 
diff --git a/inc/modules/admin/what-chk_regs.php b/inc/modules/admin/what-chk_regs.php
index 8f8ebc36af..db2c6657df 100644
--- a/inc/modules/admin/what-chk_regs.php
+++ b/inc/modules/admin/what-chk_regs.php
@@ -41,12 +41,12 @@ if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 ADD_DESCR ("admin", basename(__FILE__));
 
 // Check for accounts
-$query = SQL_QUERY("SELECT userid, gender, surname, family, email, REMOTE_ADDR, refid, user_hash FROM "._MYSQL_PREFIX."_user_data WHERE status='UNCONFIRMED' ORDER BY userid", __FILE__, __LINE__);
+$result = SQL_QUERY("SELECT userid, gender, surname, family, email, REMOTE_ADDR, refid, user_hash FROM "._MYSQL_PREFIX."_user_data WHERE status='UNCONFIRMED' ORDER BY userid", __FILE__, __LINE__);
 
-if (SQL_NUMROWS($query) > 0) {
+if (SQL_NUMROWS($result) > 0) {
 	// We have some (new?) registrations!
 	$SW = 2; $OUT = "";
-	while (list($uid, $gender, $sname, $fname, $email, $IP, $ref, $hash) = SQL_FETCHROW($query)) {
+	while (list($uid, $gender, $sname, $fname, $email, $IP, $ref, $hash) = SQL_FETCHROW($result)) {
 		if ($ref > 0) $ref = ADMIN_USER_PROFILE_LINK($ref);
 		// Prepare array for the row template
 		$content = array(
@@ -66,8 +66,7 @@ if (SQL_NUMROWS($query) > 0) {
 		$SW = 3 - $SW;
 	}
 
-	// Free memory
-	SQL_FREERESULT($query);
+	// Remember rows
 	define('__REG_ROWS', $OUT);
 
 	// Load main template
@@ -77,5 +76,8 @@ if (SQL_NUMROWS($query) > 0) {
 	LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ALL_CONFIRMED_EMAIL);
 }
 
+// Free memory
+SQL_FREERESULT($result);
+
 //
 ?>
diff --git a/inc/modules/admin/what-config_beg.php b/inc/modules/admin/what-config_beg.php
index 6745c0ce95..b6033f28c4 100644
--- a/inc/modules/admin/what-config_beg.php
+++ b/inc/modules/admin/what-config_beg.php
@@ -77,6 +77,7 @@ if (isset($_POST['ok'])) {
 		define('__BEG_RALLYE_N', " checked=\"checked\"");
 		break;
 	}
+
 	switch ($_CONFIG['beg_active'])
 	{
 	case 'Y':
@@ -89,6 +90,7 @@ if (isset($_POST['ok'])) {
 		define('__BEG_ACTIVE_N', " checked=\"checked\"");
 		break;
 	}
+
 	switch ($_CONFIG['beg_mode'])
 	{
 	case "DIRECT":
@@ -101,6 +103,7 @@ if (isset($_POST['ok'])) {
 		define('__BEG_MODE_REF'   , " checked=\"checked\"");
 		break;
 	}
+
 	switch ($_CONFIG['beg_ral_en_notify'])
 	{
 	case 'Y':
@@ -113,6 +116,7 @@ if (isset($_POST['ok'])) {
 		define('__BEG_RAL_EN_NOTIFY_N', " checked=\"checked\"");
 		break;
 	}
+
 	switch ($_CONFIG['beg_ral_di_notify'])
 	{
 	case 'Y':
@@ -125,6 +129,7 @@ if (isset($_POST['ok'])) {
 		define('__BEG_RAL_DI_NOTIFY_N', " checked=\"checked\"");
 		break;
 	}
+
 	switch ($_CONFIG['beg_new_mem_notify'])
 	{
 	case 'Y':
@@ -137,6 +142,7 @@ if (isset($_POST['ok'])) {
 		define('__BEG_NEW_MEMBER_NOTIFY_N', " checked=\"checked\"");
 		break;
 	}
+
 	switch ($_CONFIG['beg_include_own'])
 	{
 	case 'Y':
@@ -150,11 +156,42 @@ if (isset($_POST['ok'])) {
 		break;
 	}
 
+	switch ($_CONFIG['beg_pay_mode']) {
+		case "IMG":
+			define('__BEG_PAY_MODE_IMG' , " selected=\"selected\"");
+			define('__BEG_PAY_MODE_JS'  , "");
+			define('__BEG_PAY_MODE_BOTH', "");
+			define('__BEG_PAY_MODE_NONE', "");
+			break;
+
+		case "JS":
+			define('__BEG_PAY_MODE_IMG' , "");
+			define('__BEG_PAY_MODE_JS'  , " selected=\"selected\"");
+			define('__BEG_PAY_MODE_BOTH', "");
+			define('__BEG_PAY_MODE_NONE', "");
+			break;
+
+		case "BOTH":
+			define('__BEG_PAY_MODE_IMG' , "");
+			define('__BEG_PAY_MODE_JS'  , "");
+			define('__BEG_PAY_MODE_BOTH', " selected=\"selected\"");
+			define('__BEG_PAY_MODE_NONE', "");
+			break;
+
+		case "NONE":
+			define('__BEG_PAY_MODE_IMG' , "");
+			define('__BEG_PAY_MODE_JS'  , "");
+			define('__BEG_PAY_MODE_BOTH', "");
+			define('__BEG_PAY_MODE_NONE', " selected=\"selected\"");
+			break;
+	}
+
 	// Add data to constant __MEMBER_SELECTION
 	define('__MEMBER_SELECTION', ADD_MEMBER_SELECTION_BOX($_CONFIG['beg_uid'], false, true, true, "beg_uid"));
 
 	// Load form template
 	LOAD_TEMPLATE("admin_config_beg");
 }
+
 //
 ?>
diff --git a/inc/modules/admin/what-config_wernis.php b/inc/modules/admin/what-config_wernis.php
index 6c4680a55d..be8e48fe7f 100644
--- a/inc/modules/admin/what-config_wernis.php
+++ b/inc/modules/admin/what-config_wernis.php
@@ -51,6 +51,10 @@ if (isset($_POST['ok'])) {
 			$_POST['wernis_'.$revert] = REVERT_COMMA($_POST['wernis_'.$revert]);
 		} // END - if
 
+		// Hash the password and remove clear-text
+		$_POST['wernis_pass_md5'] = md5($_POST['wernis_pass']);
+		unset($_POST['wernis_pass']);
+
 		// Save settings
 		ADMIN_SAVE_SETTINGS($_POST);
 	} else {
diff --git a/inc/modules/admin/what-guestedit.php b/inc/modules/admin/what-guestedit.php
index ebbcad632d..cf7ed37a83 100644
--- a/inc/modules/admin/what-guestedit.php
+++ b/inc/modules/admin/what-guestedit.php
@@ -44,9 +44,9 @@ ADD_DESCR("admin", __FILE__);
 $AND = "(what = '' OR what IS NULL)"; $SUB = "";
 
 if (!empty($_GET['sub'])) {
-	$AND = sprintf("action='%s'", SQL_ESCAPE($_GET['sub']));
+	$AND = sprintf("action='%s' AND what IS NOT NULL", SQL_ESCAPE($_GET['sub']));
 	$SUB = SQL_ESCAPE($_GET['sub']);
-}
+} // END - if
 
 // Get count of (maybe) selected menu points
 $chk = 0;
@@ -65,12 +65,12 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 		if ($confirm == 1)
 		{
 			$cnt++;
-			$query = SQL_QUERY_ESC("SELECT title, action, what FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
+			$result = SQL_QUERY_ESC("SELECT title, action, what FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
 			 array(bigintval($sel)), __FILE__, __LINE__);
-			if (SQL_NUMROWS($query) == 1)
+			if (SQL_NUMROWS($result) == 1)
 			{
 				// Entry found so we load the stuff...
-				list($menu, $act, $wht) = SQL_FETCHROW($query);
+				list($menu, $act, $wht) = SQL_FETCHROW($result);
 				SQL_FREERESULT($result);
 				$DATA = array(
 					'cnt'    => $cnt,
@@ -112,12 +112,12 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 		if ($confirm == 1)
 		{
 			$cnt++;
-			$query = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
+			$result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
 			 array(bigintval($sel)), __FILE__, __LINE__);
-			if (SQL_NUMROWS($query) == 1)
+			if (SQL_NUMROWS($result) == 1)
 			{
 				// Entry found so we load the stuff...
-				list($menu) = SQL_FETCHROW($query);
+				list($menu) = SQL_FETCHROW($result);
 				SQL_FREERESULT($result);
 				$DATA = array(
 					'cnt'  => $cnt,
@@ -157,7 +157,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 			$sel = bigintval($sel);
 
 			// Update entry
-			$query = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET title='%s', action='%s', what='%s' WHERE ".$AND." AND id=%s LIMIT 1",
+			$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET title='%s', action='%s', what='%s' WHERE ".$AND." AND id=%s LIMIT 1",
 			 array($menu, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel], $sel),__FILE__, __LINE__);
 		}
 		LOAD_TEMPLATE("admin_data_saved");
@@ -167,7 +167,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 		foreach ($_POST['sel'] as $sel => $menu)
 		{
 			// Delete enty
-			$query = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
+			$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
 			 array(bigintval($sel)), __FILE__, __LINE__);
 		}
 		LOAD_TEMPLATE("admin_data_saved");
@@ -278,31 +278,22 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 	// By default list menus
 	if (empty($SUB)) {
 		// List only main menus
-		$query = SQL_QUERY("SELECT id, action, what, title, sort FROM "._MYSQL_PREFIX."_guest_menu WHERE (what='' OR what IS NULL) ORDER BY sort ASC", __FILE__, __LINE__);
+		$result = SQL_QUERY("SELECT id, action, what, title, sort FROM "._MYSQL_PREFIX."_guest_menu WHERE (what='' OR what IS NULL) ORDER BY sort ASC", __FILE__, __LINE__);
 	} else {
 		// List sub menus
-		$query = SQL_QUERY_ESC("SELECT id, action, what, title, sort FROM "._MYSQL_PREFIX."_guest_menu WHERE action='%s' AND what != '' AND what IS NOT NULL ORDER BY sort ASC",
+		$result = SQL_QUERY_ESC("SELECT id, action, what, title, sort FROM "._MYSQL_PREFIX."_guest_menu WHERE action='%s' AND what != '' AND what IS NOT NULL ORDER BY sort ASC",
 		 array($SUB), __FILE__, __LINE__);
 	}
 
 	// Get number of menu entries
-	$max = SQL_NUMROWS($query);
+	$max = SQL_NUMROWS($result);
 	if ($max > 0)
 	{
-		// Some entties does exist!
-		if (!empty($SUB))
-		{
-			// Set sub value
-			define('__SUB_VALUE', $SUB);
-		}
-		 else
-		{
-			// No sub menu selected
-			define('__SUB_VALUE', "");
-		}
+		// Set sub value
+		define('__SUB_VALUE', $SUB);
 
 		$SW = 2; $cnt = 0; $OUT = "";
-		while (list($id, $act, $wht, $title, $sort) = SQL_FETCHROW($query))
+		while (list($id, $act, $wht, $title, $sort) = SQL_FETCHROW($result))
 		{
 			$cnt++;
 			if (($sort == 0) || (($sort == 1) && (!empty($SUB))))
@@ -337,7 +328,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 		}
 
 		// Free memory
-		SQL_FREERESULT($query);
+		SQL_FREERESULT($result);
 		define('__MENU_ROWS', $OUT);
 
 		// Load template
diff --git a/inc/modules/admin/what-memedit.php b/inc/modules/admin/what-memedit.php
index 8e9fb5466c..2c464b2229 100644
--- a/inc/modules/admin/what-memedit.php
+++ b/inc/modules/admin/what-memedit.php
@@ -43,9 +43,8 @@ ADD_DESCR("admin", __FILE__);
 // Do we edit/delete/change main menus or sub menus?
 $AND = "(what = '' OR what IS NULL)"; $SUB = "";
 
-if (!empty($_GET['sub']))
-{
-	$AND = sprintf("action='%s'", SQL_ESCAPE($_GET['sub']));
+if (!empty($_GET['sub'])) {
+	$AND = sprintf("action='%s' AND what IS NOT NULL", SQL_ESCAPE($_GET['sub']));
 	$SUB = SQL_ESCAPE($_GET['sub']);
 }
 
@@ -77,7 +76,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 					'sel'    => $sel,
 					'menu'   => $menu,
 					'sw'     => $SW,
-					'act' => ADMIN_MAKE_MENU_SELECTION("member", "act", "sel_act[".$sel."]", $act),
+					'act'    => ADMIN_MAKE_MENU_SELECTION("member", "act", "sel_act[".$sel."]", $act),
 					'what'   => ADMIN_MAKE_MENU_SELECTION("member", "what", "sel_what[".$sel."]", $wht),
 				);
 				// Load template
@@ -272,8 +271,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 	$max = SQL_NUMROWS($result);
 	if ($max > 0)
 	{
-		$SUB = "";
-		if (!empty($SUB)) $SUB = $SUB;
+		// Set sub value
 		define('__SUB_VALUE', $SUB);
 
 		$SW = 2; $cnt = 0; $OUT = "";
diff --git a/inc/modules/member/what-wernis.php b/inc/modules/member/what-wernis.php
index 4d47daabe5..f38498b40b 100644
--- a/inc/modules/member/what-wernis.php
+++ b/inc/modules/member/what-wernis.php
@@ -265,7 +265,7 @@ if ((isset($_POST['ok'])) && (isset($_GET['mode']))) {
 					OUTPUT_HTML("<br />");
 				} else {
 					// All is fine here so do the withdraw
-					$success = WERNIS_EXECUTE_PAYOUT($_POST['wds66_id'], md5($_POST['wds66_password']), $_POST['amount']);
+					$success = WERNIS_EXECUTE_PAYOUT($_POST['wds66_id'], $_POST['amount']);
 					if ($success) {
 						// Sub points
 						SUB_POINTS($GLOBALS['userid'], $_POST['amount']);
diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php
index 036e853939..be834e68f2 100644
--- a/inc/mysql-manager.php
+++ b/inc/mysql-manager.php
@@ -1522,11 +1522,11 @@ function GET_ADMIN_DEFAULT_ACL ($aid) {
 
 		// Update cache hits
 		if (isset($_CONFIG['cache_hits'])) { $_CONFIG['cache_hits']++; } else { $_CONFIG['cache_hits'] = 1; }
-	} else {
+	} elseif (!EXT_IS_ACTIVE("cache")) {
 		// Load from database
 		$result_aid = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
 			array(bigintval($ret)), __FILE__, __LINE__);
-		if (SQL_NUMROWS($result) == 1) {
+		if (SQL_NUMROWS($result_aid) == 1) {
 			// Fetch data
 			list($ret) = SQL_FETCHROW($result_aid);
 
diff --git a/templates/de/html/admin/admin_config_beg.tpl b/templates/de/html/admin/admin_config_beg.tpl
index 439bad394e..5fac24f74f 100644
--- a/templates/de/html/admin/admin_config_beg.tpl
+++ b/templates/de/html/admin/admin_config_beg.tpl
@@ -126,7 +126,8 @@
 		<TD colspan="3" class="seperator" height="5">&nbsp;</TD>
 	</TR>
 	<TR>
-		<TD align="right" height="20">{--ADMIN_BEG_RALLYE_ONLY_ACTIVE--}
+		<TD align="right" height="20">
+			{--ADMIN_BEG_RALLYE_ONLY_ACTIVE--}
 		</TD>
 		<TD class="seperator" width="5">&nbsp;</TD>
 		<TD align="center"><INPUT type="radio" name="beg_active"
@@ -134,12 +135,30 @@
 		<INPUT type="radio" name="beg_active" class="admin_normal" value="N"{!__BEG_ACTIVE_N!} />&nbsp;{--NO--}
 		</TD>
 	</TR>
+	<TR>
+		<TD colspan="3" class="seperator" height="5">&nbsp;</TD>
+	</TR>
+	<TR>
+		<TD align="right" height="20">
+			{--ADMIN_BEG_PAY_MODE--}
+		</TD>
+		<TD class="seperator" width="5">&nbsp;</TD>
+		<TD align="center">
+			<SELECT name="beg_pay_mode" size="1">
+				<OPTION value="IMG"{!__BEG_PAY_MODE_IMG!}>{--ADMIN_BEG_PAY_MODE_IMG--}</OPTION>
+				<OPTION value="JS"{!__BEG_PAY_MODE_JS!}>{--ADMIN_BEG_PAY_MODE_JS--}</OPTION>
+				<OPTION value="BOTH"{!__BEG_PAY_MODE_BOTH!}>{--ADMIN_BEG_PAY_MODE_BOTH--}</OPTION>
+				<OPTION value="NONE"{!__BEG_PAY_MODE_NONE!}>{--ADMIN_BEG_PAY_MODE_NONE--}</OPTION>
+			</SELECT>
+		</TD>
+	</TR>
 	<TR>
 		<TD colspan="3" class="bottom2 seperator" height="5">&nbsp;</TD>
 	</TR>
 	<TR>
 		<TD colspan="3" align="center" class="admin_title bottom2" height="30">
-		<STRONG>{--ADMIN_EDIT_BEG_RALLYE_NOTIFICATIONS--}</STRONG></TD>
+			<STRONG>{--ADMIN_EDIT_BEG_RALLYE_NOTIFICATIONS--}</STRONG>
+		</TD>
 	</TR>
 	<TR>
 		<TD colspan="3" class="seperator" height="5">&nbsp;</TD>
diff --git a/templates/de/html/admin/admin_config_wernis.tpl b/templates/de/html/admin/admin_config_wernis.tpl
index 093ba8d6b2..fd7f95554f 100644
--- a/templates/de/html/admin/admin_config_wernis.tpl
+++ b/templates/de/html/admin/admin_config_wernis.tpl
@@ -44,6 +44,13 @@
 			<INPUT type="text" name="wernis_refid" class="admin_normal" value="$content[refid]" size="5" maxlength="20" />
 		</TD>
 	</TR>
+	<TR>
+		<TD width="300" height="30" align="right">{--WERNIS_ADMIN_WPASS--}:</TD>
+		<TD class="seperator" width="10">&nbsp;</TD>
+		<TD width="270">
+			<INPUT type="password" name="wernis_pass" class="admin_normal" size="5" maxlength="20" />
+		</TD>
+	</TR>
 	<TR>
 		<TD colspan="3" class="bottom2 seperator" height="5">&nbsp;</TD>
 	</TR>
diff --git a/templates/de/html/beg/beg_pay_mode_both.tpl b/templates/de/html/beg/beg_pay_mode_both.tpl
new file mode 100644
index 0000000000..e065e5b40a
--- /dev/null
+++ b/templates/de/html/beg/beg_pay_mode_both.tpl
@@ -0,0 +1,9 @@
+<TABLE border="0" cellspacing="0" cellpadding="0" width="100%">
+	<TR>
+		<TD align="center">
+			{--BEG_LINK_PAY_BOTH_1--}$content[uid]
+			{--BEG_LINK_PAY_BOTH_2--}$content[points]
+			{--BEG_LINK_PAY_BOTH_3--}$content[clicks]{--BEG_LINK_PAY_BOTH_4--}
+		</TD>
+	</TR>
+</TABLE>