$v) if ($k != 'str' && !is_array($_POST[$k])) $_POST[$k] = str_replace('spkomut_HEPSI','%%',$v); foreach ($_GET as $k=>$v) if (!is_array($_GET[$k])) $_GET[$k] = str_replace('spkomut_HEPSI','%%',$v); if($_POST['orderBy']) $_GET['orderBy'] = $_POST['orderBy']; if(($_GET['act'] == 'sifre' || $_GET['act'] == 'forgotPassword') && $_POST['data_email']) { $q = mysql_query("select * from user where email='".addslashes($_POST['data_email'])."' limit 0,1"); $d = mysql_fetch_array($q); if($d['isAdmin'] || $d['isMod']) exit('Yonetici sifresi, site uzerinden sifirlanamaz.'); } if($_GET['orderBy'] && "if(urun.resim = '' or urun.resim is null,1,0),if(urun.stok = 0,1,0),urun.seq desc,urun.ID desc" != $_GET['orderBy']) { $stok = true; $okArray = array('name','ID','fiyat','tarih','sold','anasayfa','yeni','hit','stok'); $c = str_replace(array('desc',' ','asc','marka.',',seq',',asc','puan','seq','urun.',','),'',$_GET['orderBy']); if(!in_array($c,$okArray)) { unset($_GET['orderBy']); unset($_POST['orderBy']); unset($_SESSION['lastOrderBy']); } else $_SESSION['lastOrderBy'] = $_GET['orderBy']; } else { $_GET['orderBy'] = $_SESSION['lastOrderBy']; } $filter = $_GET['filter']?$_GET['filter']:$_POST['filter']; if($filter) { $sarr = array('anasayfa','indirimde','anindaGonderim'); if(!in_array($filter,$sarr)) { unset($_GET['filter']); unset($_POST['filter']); } } unset($_GET['order']); unset($_POST['order']); if( ((strtolower(basename($_SERVER['SCRIPT_FILENAME'])) == 'page.php') || (strtolower(basename($_SERVER['SCRIPT_FILENAME'])) == 'index.php')) && file_exists('include/conf.php') && filesize('include/conf.php') < 10 ) { @header('location:doc/kur.php'); exit(""); } function cleanuserinput($dirty){ if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { $clean = mysql_real_escape_string(stripslashes($dirty)); } else { $clean = mysql_real_escape_string($dirty); } $clean = str_replace(array('<','>',';',"'",'"','\\r','\\n','\\'),array('<','>','',"′",""",'xx-r','xx-n',''),$clean); $clean = str_ireplace(array('xx-r','xx-n'),array('\\r','\\n'),$clean); $clean = str_ireplace(array(' or '),'',$clean); $clean = str_ireplace(array(' set '),'',$clean); $clean = str_ireplace(array('update '),'',$clean); $clean = str_ireplace(array('select '),'',$clean); $clean = str_ireplace(array('delete '),'',$clean); $clean = str_ireplace(array('union'),'',$clean); $clean = str_ireplace(array('isAdmin'),'',$clean); $clean = str_ireplace(array('isMod'),'',$clean); return $clean; } foreach ($_POST as $k=>$v) { if (!is_array($_POST[$k]) && substr($k,0,3) !='dc_' && $k != 'json') { if(preg_match('/'.implode('|', array_map('preg_quote', array(' or ','<','>','"',"'"))).'/i', $k)) unset($_POST[$k]); else $_POST[$k] = (cleanuserinput($_POST[$k])); } } unset($_GET['real_password']); foreach ($_GET as $k=>$v) { if (!is_array($_GET[$k]) && substr($k,0,3) !='dc_') { if(preg_match('/'.implode('|', array_map('preg_quote', array(' or ','<','>','"',"'"))).'/i', $k)) unset($_GET[$k]); else $_GET[$k] = (cleanuserinput($_GET[$k])); } } $toIntArray = array('catID','urunID','markaID','userID','CookieInsertUrunID','CookieRemoveUrunID','cnt','page','limit'); foreach($toIntArray as $k) { if (isset($_GET[$k])) $_GET[$k] = ((int)$_GET[$k]); if (isset($_POST[$k])) $_POST[$k] = ((int)$_POST[$k]); } $nospace = array('db','type'); foreach($toIntArray as $k) { if (isset($_GET[$k])) $_GET[$k] = str_replace(' ','',$_GET[$k]); if (isset($_POST[$k])) $_POST[$k] = str_replace(' ','',$_POST[$k]); } //unset($_GET['username']); //unset($_GET['password']); unset($_GET['real_password']); unset($_POST['data_durum']); unset($_GET['data_durum']); ?>$v) { if(!(stristr($k,'_') === false)) continue; if($arr[$k.'_'.$_SESSION['lang']]) $arr[$k] = $arr[$k.'_'.$_SESSION['lang']]; } return $arr; } if(!$_SESSION['lang'] || strtolower(trim($_SESSION['lang'])) == 'tr') $langPrefix = ''; else $langPrefix = '_'.$_SESSION['lang']; $aylar= array('',_lang_ocak,_lang_subat,_lang_mart,_lang_nisan,_lang_mayis,_lang_haziran,_lang_temmuz,_lang_agustos,_lang_eylul,_lang_ekim,_lang_kasim,_lang_aralik); ?>