diff --git a/dashboard.php b/dashboard.php
index 2447915..7801a5e 100644
--- a/dashboard.php
+++ b/dashboard.php
@@ -1,26 +1,30 @@
 <?php
+error_reporting(E_ALL);
+ini_set('display_errors', 1);
+
 // dashboard.php
 
-// Gemeinsame Datenbank-Verbindungskonfiguration
-$host    = 'localhost';
-$db      = 'web35_vysion';
-$user    = 'vysion_api';
-$pass    = '7e0pn9~2Z';
-$charset = 'utf8mb4';
-$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
+// Zentrale Zugangsdaten einbinden
+require_once 'secrets.php';
+
+// Datenbank-Verbindungsparameter
+$dsn = "mysql:host=" . DB_HOST . ";dbname=" . DB_NAME . ";charset=" . DB_CHARSET;
 $options = [
   PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
   PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
 ];
 
 try {
-  $pdo = new PDO($dsn, $user, $pass, $options);
+  $pdo = new PDO($dsn, DB_USER, DB_PASS, $options);
 } catch (PDOException $e) {
   header('Content-Type: application/json');
   echo json_encode(['error' => 'Database connection failed: ' . $e->getMessage()]);
   exit;
 }
 
+// Bearer Token für Mastodon-API (falls benötigt)
+$bearerToken = 'your_bearer_token_here';
+
 // -----------------------
 // AJAX-Anfragen (POST)
 // -----------------------
@@ -73,7 +77,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
     $accounts = isset($_POST['accounts']) ? $_POST['accounts'] : [];
     $response = ['updated' => 0];
     foreach ($accounts as $row) {
-      $stmt = $pdo->prepare("UPDATE users SET active = :active WHERE acc_id = :acc_id");
+      // Anpassen: WHERE user_id = :acc_id
+      $stmt = $pdo->prepare("UPDATE users SET active = :active WHERE user_id = :acc_id");
       $stmt->execute([
         'active' => !empty($row['active']) ? 1 : 0,
         'acc_id' => $row['acc_id']
@@ -82,6 +87,25 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
     }
     echo json_encode($response);
     exit;
+  } elseif ($action === 'sync_accounts') {
+    // Synchronisation: Aus der findings-Tabelle werden alle getrackten Accounts (acc_id, username) ermittelt
+    // Für jeden Account, der noch nicht in der "users"-Tabelle existiert, erfolgt ein Insert mit active=0
+    $stmt = $pdo->query("SELECT DISTINCT f.acc_id, f.username FROM findings f LEFT JOIN users u ON f.acc_id = u.user_id WHERE u.user_id IS NULL");
+    $newAccounts = $stmt->fetchAll();
+    
+    foreach ($newAccounts as $acc) {
+      // Neuer Account – unaktiv in die Tabelle schreiben
+      $insertStmt = $pdo->prepare("INSERT INTO users (user_id, username, active) VALUES (:acc_id, :username, 0)");
+      $insertStmt->execute([
+        'acc_id'   => $acc['acc_id'],
+        'username' => $acc['username']
+      ]);
+    }
+    // Nun alle Accounts aus der users-Tabelle abrufen
+    $stmt = $pdo->query("SELECT user_id as acc_id, username, active FROM users ORDER BY username ASC");
+    $accountsList = $stmt->fetchAll();
+    echo json_encode($accountsList);
+    exit;
   } elseif ($action === 'get_dashboard_data') {
     // Lese den Zeitraum und Refresh-Intervall aus der config-Tabelle (id=1)
     $configStmt = $pdo->query("SELECT from_date, to_date, refresh_interval FROM config WHERE id = 1");
@@ -96,7 +120,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
                      SUM(f.favorites_count) AS total_favorites
               FROM findings f
               JOIN hashtags h ON f.hashtag_id = h.hashtag_id
-              JOIN users u ON f.acc_id = u.acc_id
+              JOIN users u ON f.acc_id = u.user_id
               WHERE f.created_at BETWEEN :from_date AND :to_date
                 AND h.active = 1
                 AND u.active = 1
@@ -121,7 +145,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
     ]);
     exit;
   }
-  // Weitere Aktionen können ergänzt werden.
   exit;
 }
 
@@ -144,10 +167,10 @@ if (isset($_GET['action']) && $_GET['action'] == 'setup') {
   // Lade Hashtag-Konfiguration
   $hashtagStmt = $pdo->query("SELECT hashtag_id, hashtag, active FROM hashtags ORDER BY hashtag ASC");
   $hashtags = $hashtagStmt->fetchAll();
-  // Lade getrackte User: Alle unterschiedlichen User aus findings, links zu users (falls nicht vorhanden, erscheinen sie als inaktiv)
+  // Lade getrackte User: Alle unterschiedlichen User aus findings, verknüpft mit der users-Tabelle
   $userStmt = $pdo->query("SELECT DISTINCT f.acc_id, f.username, IFNULL(u.active, 0) as active 
                            FROM findings f 
-                           LEFT JOIN users u ON f.acc_id = u.acc_id 
+                           LEFT JOIN users u ON f.acc_id = u.user_id 
                            ORDER BY f.username ASC");
   $users = $userStmt->fetchAll();
   ?>
diff --git a/refresh.php b/refresh.php
index 7b83098..70ac322 100644
--- a/refresh.php
+++ b/refresh.php
@@ -7,21 +7,17 @@ header('Content-Type: text/plain');
 $startTime = microtime(true);
 echo "Refresh gestartet um " . date('Y-m-d H:i:s') . "\n";
 
-// Datenbank-Verbindungsparameter (bitte anpassen)
-$host    = 'localhost';
-$db      = 'web35_vysion';
-$user    = 'vysion_api';
-$pass    = '7e0pn9~2Z';
-$charset = 'utf8mb4';
+// Zentrale Zugangsdaten einbinden
+require_once 'secrets.php';
 
-$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
+$dsn = "mysql:host=" . DB_HOST . ";dbname=" . DB_NAME . ";charset=" . DB_CHARSET;
 $options = [
     PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
     PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
 ];
 
 try {
-    $pdo = new PDO($dsn, $user, $pass, $options);
+    $pdo = new PDO($dsn, DB_USER, DB_PASS, $options);
 } catch (PDOException $e) {
     echo "Datenbankverbindung fehlgeschlagen: " . $e->getMessage();
     exit;
@@ -75,7 +71,7 @@ foreach ($hashtags as $row) {
     curl_setopt($ch, CURLOPT_URL, $apiUrl);
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
     curl_setopt($ch, CURLOPT_HTTPHEADER, [
-        "Authorization: Bearer $bearerToken"
+        "Authorization: Bearer " . API_TOKEN
     ]);
 
     $response = curl_exec($ch);
diff --git a/search.php b/search.php
index 6906eb4..c61370a 100644
--- a/search.php
+++ b/search.php
@@ -4,21 +4,17 @@
 // Setze den Content-Type auf JSON
 header('Content-Type: application/json');
 
-// Datenbank-Verbindungsparameter (bitte anpassen)
-$host = 'localhost';
-$db   = 'web35_vysion';
-$user = 'vysion_api';
-$pass = '7e0pn9~2Z';
-$charset = 'utf8mb4';
+// Zentrale Zugangsdaten einbinden
+require_once 'secrets.php';
 
-$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
+$dsn = "mysql:host=" . DB_HOST . ";dbname=" . DB_NAME . ";charset=" . DB_CHARSET;
 $options = [
     PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
     PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
 ];
 
 try {
-    $pdo = new PDO($dsn, $user, $pass, $options);
+    $pdo = new PDO($dsn, DB_USER, DB_PASS, $options);
 } catch (PDOException $e) {
     http_response_code(500);
     echo json_encode(['error' => 'Database connection failed: ' . $e->getMessage()]);