<?
if(substr($_SERVER['SERVER_NAME'],0,3) != "www" and $_SERVER['SERVER_NAME'] != "localhost" && !preg_match("/\d/",$_SERVER['SERVER_NAME'])) {
	header("Location: http://www.".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
	die;
}
ob_start();
$maindomain = ".".str_replace("www.","",$_SERVER['SERVER_NAME']);
extract($_POST);
extract($_GET);
$PHP_SELF = $_SERVER['PHP_SELF'];
session_set_cookie_params(0, '/', $maindomain);
session_set_cookie_params(0, '/', "www.".$maindomain);

session_start();
error_reporting(1);
ob_implicit_flush();

date_default_timezone_set("Europe/Moscow");

header('Content-Type: text/html; charset=utf-8');

if($_SERVER['HTTP_X_REQUESTED_WITH'] == "aleviolsun.com.arkadaslik") {

header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

}


function dataFilter($data, $mod = 1, $op = 0) {

$data = urldecode($data);

if($mod == 0) {

 return $data;

} else if($mod == 1) {

 return ($op == 0) ? htmlentities($data) : htmlentities($data, ENT_QUOTES);

} else if($data == 2) {

 return ($op == 0) ? quotemeta($data) : 

 (($op == 2) ? htmlentities(quotemeta($data), ENT_QUOTES) : htmlentities(quotemeta($data)));

} else if($mod == 3) {

 if($op == 0)

  return addslashes($data);

 else if($op == 1)

  return addslashes(quotemeta($data));

 else if($op == 2)

  return htmlentities(addslashes($data));

 else if($op == 3)

  return htmlentities(addslashes(quotemeta($data)));

 }

}
if($durumu_admin!='1'){
$_GETS = array();

$_POSTS = array();


foreach($_GET as $key => $value) {

$_GETS[$key] = dataFilter($value, 3, 2);

}


foreach($_POST as $key => $value) {

$_POSTS[$key] = dataFilter($value, 3, 2);

}


$_GET=$_GETS;

$_POST=$_POSTS;
}
function sqlicheck() {


    $params = array_merge($_GET, $_POST);

    $is_warning = false;


    foreach($params as $key=>$param) {

        switch(getSafeLevel($param)) {

            case SQLI_SAFE: 

                break;

            case SQLI_WARNING:

                $is_warning = true;

                break;

            case SQLI_UNSAFE: 

                mail("webmas52@gmail.com", 'SQL INJECTION ATTACK', print_r($_REQUEST, true).' '.print_r($_SERVER, true));    

                header('Location: https://www.aleviolsun.com');

                exit();     

            }


    }


    if($is_warning === true) {

        mail(SQLI_MAIL_DEST, 'SQL INJECTION WARNING', print_r($_REQUEST, true).print_r($_SERVER, true));

    }

}

function getSafeLevel($param) {


    $error_words  = array('select%20','drop%20','delete%20','truncate%20','insert%20','%20tbclient','select ','drop ','delete ','truncate ','insert ');

    $warning_words = array('%20','select','drop','delete','truncate', ';','union');


    if(!is_array($param)) {

    foreach($error_words as $error_word) {

        if(stripos($param, $error_word) !== false) {

   return SQLI_UNSAFE;  

 }

    }

    foreach($warning_words as $warning_word) {

        if(stripos($param, $warning_word) !== false) return SQLI_WARNING;   

    }

    }

    return SQLI_SAFE; 

}

sqlicheck();


if($_GET['device']!="") {
	setcookie("device",$_GET[device],time()+(60*60*24*30*12*5));
} else if($_COOKIE['device']!="") {
	$_GET['device'] = $_COOKIE['device'];
}


function microtime_float() {
	list($usec, $sec) = explode(" ", microtime());
	return ((float)$usec + (float)$sec);
}

$sure_baslangici = microtime_float();

require_once("class.db.php");

$db = new db();
$db->baglan();


$db->alan[] = "*";
$db->tablo = "ayarlar";
$db->std[id] = array("=","1");
$a = $db->oresult();

$af = unserialize($a[data]);
extract($af);

require_once("function.php");

$_SERVER['REQUEST_URI'] = thisuri();

stripvariables($_POST);
stripvariables($_GET);


if($_GET['aff'] != "") {

	setcookie("affsite", $_GET['aff']);

	$db->std[id] = array("=",$_GET['aff']);

	$db->alan[] = "affiliateid";

	$db->alan[] = "durum";

	$db->tablo = "affiliatesite";

	$afx = $db->oresult();

	if($afx[durum] == "1") {

		setcookie("aff", $afx[affiliateid]);
		
		setcookie("aff_referer", $_SERVER['HTTP_REFERER']);

	}


}


if($auto == "login") {

	$db->alan[] = "id";
	$db->alan[] = "sehir";
	$db->tablo = "uyeler";
	$db->std[id] = array("=",$u);
	$db->std[] = "and";
	$db->std[onaykodu] = array("=",$c);
	$ax = $db->oresult();
	
	if($ax[id] != "") {

		$_SESSION['loggedid'] = $ax[id];
		$_SESSION['loggedipinfo']['city'] = sehir($ax[sehir]);
		$db->values[sonziyaret] = time();
		$db->values[ip] = $_SERVER['REMOTE_ADDR'];
		$db->values[browser] = $_SERVER['HTTP_USER_AGENT'];
		$db->tablo = "uyeler";
		$db->std[id] = array("=",$ax[id]);
		$db->guncelle();

	}

}

if(!stristr($_SERVER['REQUEST_URI'],"admin") && $cron == 0 and !stristr($_SERVER['REQUEST_URI'],"affiliates")) {
	
	
	if($_SESSION['loggedid'] != "" and !stristr(substr($PHP_SELF,0,7),"profile")) {
		
		/*
		$db->std[id] = array("=",$_SESSION['loggedid']);
		$db->alan[] = "*";
		$db->tablo = "uyeler";
		$u = $db->oresult();
		*/
		
		$u = mysql_fetch_assoc(mysql_query("select * from uyeler where id = '".$_SESSION['loggedid']."'"));
		if(mysql_errno()>0) {
			mysql_query("repair table uyeler");
			$u = mysql_fetch_assoc(mysql_query("select * from uyeler where id = '".$_SESSION['loggedid']."'"));
		}
		
		
	} elseif($_SESSION['loggedid'] == "" and $unlogin == 1 and $_GET['r'] == "") {
		// header("Location: index.php?r=".urlencode(($_SERVER['REQUEST_URI'])));
		?> <script>location.href='index.php?r=%2Fprofil%2FCemal_ll%2F111232%2F0';</script> <?
		die;
	}
	if($u[durum]>1) {
		// header("location: cikis.php?rej=1");
		?> <script>location.href='index.php?r=%2Fprofil%2FCemal_ll%2F111232%2F0';</script> <?
		die;
	}
}

$_SESSION['dildegisim'] = str_replace("lang-","",$_SESSION['dildegisim']);
$_SESSION['dildegisim'] = str_replace(".php","",$_SESSION['dildegisim']);

if($dildegis != "") {
	$_SESSION['dildegisim'] = $dildegis;
} elseif ($u[dil] != "" and $_SESSION['dildegisim'] == "") {
	$_SESSION['dildegisim'] = $u[dil];
}

if($_SESSION['dildegisim'] != "") {
	include("dil/lang-".$_SESSION['dildegisim'].".php");
} else {
	include("dil/lang-turkce.php");
}


if($ref == "banner") {

	$refurl = $_SERVER['HTTP_REFERER'];
	$dmn = parse_url($refurl);
	$domain = $dmn[host];
	$ip = $_SERVER['REMOTE_ADDR'];
	$tarih = date("Y-m-d H:i:s");

	mysql_query("INSERT INTO `bannerstats` (`id`, `domain`, `refurl`, `ip`, `tarih`) VALUES (NULL, '$domain', '$refurl', '$ip', '$tarih');");

} elseif ($ref != "") {

	$refurl = base64_decode($ref);
	$dmn = parse_url($refurl);
	$domain = $dmn[host];
	$ip = $_SERVER['REMOTE_ADDR'];
	$tarih = date("Y-m-d H:i:s");

	mysql_query("INSERT INTO `bannerstats` (`id`, `domain`, `refurl`, `ip`, `tarih`) VALUES (NULL, '$domain', '$refurl', '$ip', '$tarih');");

}

if($_SESSION['logoxy_time'] < time()-60 ) {
	if(!stristr($_SERVER['REQUEST_URI'],"admin") and !stristr($_SERVER['REQUEST_URI'],"affiliates")) {
		$_SESSION['logoxy'] = @getimagesize("./images/logo.png");
	} else {
		$_SESSION['logoxy'] = @getimagesize("../images/logo.png");
	}
	$_SESSION['logoxy_time'] = time();
}


if($_GET['mpy'] != "") {
	$mfy = explode("-",base64_decode($_GET['mpy']));
	if(md5("tsdf2010".$mfy[0]) == $mfy[1]) {
		$_SESSION['loggedid'] = $mfy[0];
	}
}
function nezaman($t) 
{ 
    $simdi = time(); 
    $tarih = $simdi - $t; 

    if($tarih < (60)) { 
        $gecen = intval($tarih); 
        $tur = "sn"; 
    } else 
        if($tarih < (60 * 60)) { 
            $gecen = intval($tarih / 60); 
            $tur = "dk"; 
        } else 
            if($tarih < (24 * 60 * 60)) { 
                $gecen = intval($tarih / (60 * 60)); 
                $tur = "saat"; 
            } else 
                if($tarih < (30 * 24 * 60 * 60)) { 
                    $gecen = intval($tarih / (24 * 60 * 60)); 
                    $tur = "gün"; 
                } else 
                    if($tarih < (365 * 24 * 60 * 60)) { 
                        $gecen = intval($tarih / (30 * 24 * 60 * 60)); 
                        $tur = "ay"; 
                    } else { 
                        $gecen = intval($tarih / (365 * 24 * 60 * 60)); 
                        $tur = "yıl"; 
                    } 

                    return $gecen ." ". $tur; 
} 
function clean_data($data) {
	$data = htmlspecialchars($data, ENT_NOQUOTES);
	$data = preg_replace('/\\\[rn]/', '<br/>', $data);	
	return $data;
}


require_once('lib/nusoap.php');
function mikro_odeme($phone,$paket){
	global $db,$u,$o_mobiluyeno,$o_mobilpin;
	$phone = str_replace(" ","",$phone);
	$phone = str_replace("(","",$phone);
	$phone = str_replace(")","",$phone);
	$phone = str_replace("-","",$phone);
	$phone = substr($phone,1);
$param =         
array('token' => array(
		'UserCode'   => $o_mobiluyeno,
	'Pin'        => $o_mobilpin
	),
	'input' => array(
		'MPAY'                 => '',
		'Gsm'                  => $phone,
		'Content'              => 'TEST',
		'SendOrderResult'      => true,
		'PaymentTypeId'        => 3,
		'Url'                  => 'aleviolsun.com',

		'ProductList'          => array 
			( 
				'MSaleProduct' => array 
				( 
					'ProductId'				=> 0, 
					'ProductCategory'		=> 5, 
					'ProductDescription'	=> 'Aleviolsun.com', 
					'Price'					=> number_format($paket,2), 
					'Unit'					=> 1
				) 
			),
		'ReceivedSMSObjectId'	=> '00000000-0000-0000-0000-000000000000',
		'SendNotificationSMS'	=> false,
		'OnSuccessfulSMS'		=> 'Aleviolsun.com',
		'OnErrorSMS'			=> 'Aleviolsun.com',
		'RequestGsmOperator'	=> 0,
		'RequestGsmType'		=> 0,
		'TurkcellServiceId'		=> '3010'
	)    
);
     
    $endpoint = 'https://www.nomupay.com.tr/services/saleservice.asmx?wsdl';       
    $mynamespace = 'https://www.nomupay.com.tr/';
    $client = new nusoap_client($endpoint, true);

    $response = $client->call("SaleWithConfirm", $param, $mynamespace);
	//return $response;
	
	if($response['SaleWithConfirmResult']['ErrorMessage']=='Istek kaydedildi'){
		
		$db->values[uyeid] 		= $u['id'];
		$db->values[telno] 		= $response['SaleWithConfirmResult']['Gsm'];
		$db->values[orderid] 	= $response['SaleWithConfirmResult']['OrderObjectId'];
		$db->values[aboneid] 	= $response['SaleWithConfirmResult']['SubsriberId'];
		$db->values[tarih] 		= time();
		$db->tablo 				= "mikro_odeme";
		$db->insort();
		return $response;
	}else{
		return '';
	}
		
	
}

require_once('lib/nusoap.php');
function MobilOdeme($telefon, $paket)
{
    global $db, $u;
    $zaman = 1;
    $tid   = 3010;
    if (number_format($paket, 2) == '89.00') {
        $zaman = 2;
		//Aylık Abonelik
    }
    $param        = array(
        'token' => array(
            'UserCode' 	=> '18375',
            'Pin' 		=> '1c60ca5313154e81a3e302ad60bd11d0'
        ),
        'input' => array(
            'MPAY' => '',
            'Gsm' => $telefon,
            'Content' => 'Aleviolsun.com',
            'SendOrderResult' => true,
            'PaymentTypeId' => $zaman,
            'Url' => 'Aleviolsun.com',
            'ProductList' => array(
                'MSaleProduct' => array(
                    'ProductId' => 0,
                    'ProductCategory' => 20,
                    'ProductDescription' => 'Aleviolsun',
                    'Price' => number_format($paket, 2),
                    'Unit' => 1
                )
            ),
            'ReceivedSMSObjectId' => '00000000-0000-0000-0000-000000000000',
            'SendNotificationSMS' => false,
            'OnSuccessfulSMS' => 'Aleviolsun',
            'OnErrorSMS' => 'Aleviolsun',
            'RequestGsmOperator' => 0,
            'RequestGsmType' => 0,
            'TurkcellServiceId' => $tid,
            'CustomerIpAddress' => $_SERVER['REMOTE_ADDR']
        )
    );
    $endpoint     = 'https://www.nomupay.com.tr/vas/MSaleService.asmx?wsdl';
    $mynamespace  = 'http://services.mikro-odeme.com/';
    $client       = new nusoap_client($endpoint, true);
    $response     = $client->call("SaleWithConfirm", $param, $mynamespace);
    //return $response;
    if ($response['SaleWithConfirmResult']['ErrorMessage'] == 'Istek kaydedildi') {
        $db->values[uye]      = $u['id'];
        $db->values[telefon]  = $response['SaleWithConfirmResult']['Gsm'];
        $db->values[ucret]    = number_format($paket, 2);
        $db->values[order_id] = $response['SaleWithConfirmResult']['OrderObjectId'];
        $db->values[tarih]    = time();
        $db->tablo            = "mobilodeme";
        $db->insort();
        return $response['SaleWithConfirmResult']['OrderObjectId'];
    } else {
        return false;
    }
}
if($u['id']=='106438')
{
$myfile = fopen("106438.txt", "w+");
fwrite($myfile,print_r($_SERVER,TRUE));
fclose($myfile);
}
?><br />
<b>Notice</b>:  Use of undefined constant id - assumed 'id' in <b>/home/aleviolsun.com/public_html/kisi.php</b> on line <b>3</b><br />
<br />
<b>Notice</b>:  Undefined variable: uname in <b>/home/aleviolsun.com/public_html/kisi.php</b> on line <b>5</b><br />
<br />
<b>Notice</b>:  Undefined variable: _SESSION in <b>/home/aleviolsun.com/public_html/kisi.php</b> on line <b>12</b><br />
<br />
<b>Fatal error</b>:  Call to undefined function stripoutput() in <b>/home/aleviolsun.com/public_html/kisi.php</b> on line <b>19</b><br />