Server IP : 103.53.40.154 / Your IP : 3.145.63.131 Web Server : Apache System : Linux md-in-35.webhostbox.net 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64 User : ppcad7no ( 715) PHP Version : 8.2.25 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0750) : /home2/ppcad7no/adowoods.com/../.cphorde/../parthaquafresh.com/../leetcoaching.co.in/ |
[ Home ] | [ C0mmand ] | [ Upload File ] |
---|
<?php include_once('admin/config.php'); function isAllowedMessage($message) { $allowedChars = '/^[a-zA-Z0-9,@. ]*$/'; return preg_match($allowedChars, $message); } function isAllowedSource($source) { $allowedChars = '/^[a-zA-Z0-9,@. ]*$/'; return preg_match($allowedChars, $source); } function isAllowedAddress($address) { $allowedChars = '/^[a-zA-Z0-9,@.\-\s]*$/'; return preg_match($allowedChars, $address); } function isAllowedQualify($qualify) { $allowedChars = '/^[a-zA-Z0-9,@.\-\s]*$/'; return preg_match($allowedChars, $qualify); } if ($_SERVER["REQUEST_METHOD"] === "POST") { if (isset($_POST['submit'])) { $name = $_POST['name']; $phone = $_POST['phone']; $email = $_POST['email']; $message = $_POST['message']; $source = $_POST['source']; $address = $_POST['address']; $qualify = $_POST['qualify']; $age = $_POST['age']; date_default_timezone_set("Asia/Kolkata"); $currentTime = date("Y-m-d H:i:s"); $errors = array(); // Validate input if (empty($name)) { $errors[] = "Name field is required."; } elseif (!preg_match('/^[a-zA-Z ]+$/', $name)) { $errors[] = "Name can only contain alphabets."; } if (empty($email)) { $errors[] = "Email field is required."; } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors[] = "Invalid email format."; } if (empty($phone)) { $errors[] = "Phone field is required."; } elseif (!preg_match('/^\d{10}$/', $phone)) { $errors[] = "Phone number should have exactly 10 digits."; } // Sanitize input $name = filter_var($name, FILTER_SANITIZE_STRING); $phone = filter_var($phone, FILTER_SANITIZE_NUMBER_INT); $email = filter_var($email, FILTER_SANITIZE_EMAIL); $age = filter_var($age, FILTER_SANITIZE_NUMBER_INT); $message = htmlspecialchars($message, ENT_QUOTES, 'UTF-8'); $source = htmlspecialchars($source, ENT_QUOTES, 'UTF-8'); $address = htmlspecialchars($address, ENT_QUOTES, 'UTF-8'); $qualify = htmlspecialchars($qualify, ENT_QUOTES, 'UTF-8'); // Check for potentially malicious content in the message if (!isAllowedMessage($message)) { $errors[] = "Your message contains potentially malicious content or disallowed characters."; } if (!isAllowedSource($source)) { $errors[] = "Your message contains potentially malicious content or disallowed characters."; } if (!isAllowedAddress($address)) { $errors[] = "Your message contains potentially malicious content or disallowed characters."; } if (!isAllowedQualify($qualify)) { $errors[] = "Your message contains potentially malicious content or disallowed characters."; } if (empty($errors)) { // Your existing code for successful submission $query = "INSERT INTO `tbl_order`(`ord_person_name`, `ord_email`, `ord_mobile`, `ord_adrs`, `ord_pickup_point`, `ord_web_url`, `ord_date`, `ord_pack_type`, `ord_pnr_no`) VALUES ('$name','$email', '$phone', '$address', '$source','$message','$currentTime','$qualify', '$age')"; $result = mysqli_query($db, $query) or die("Query unsuccessful"); // if ($result) { // mysqli_stmt_bind_param($stmt, "sssss", $name, $phone, $email, $message, $currentTime); // $result = mysqli_stmt_execute($stmt); // mysqli_stmt_close($stmt); if ($result) { // $to = "digitalsaleem12@gmail.com"; // $to = "fastelevatorandescalator@gmail.com"; // $subject = "New Query Submitted"; // $emailMessage = "A new query has been submitted:\n\n"; // $emailMessage .= "Name: $name\n"; // $emailMessage .= "Phone: $phone\n"; // $emailMessage .= "Email: $email\n"; // $emailMessage .= "Message: $message\n"; // $headers = "From: $email"; // if (mail($to, $subject, $emailMessage, $headers)) { echo "<script> window.alert('Successfully Sent! We will contact you soon'); window.location.href = '$wspath' + 'contact.html'; </script>"; // } else { // echo "Error sending email."; // } } else { $errors[] = "Error in processing your request. Please try again later."; } // } else { // $errors[] = "Error in preparing the statement."; // } } else { // Display validation errors in an alert echo "<script> var errorMessage = '"; foreach ($errors as $error) { echo addslashes($error) . "\\n"; } echo "'; window.alert(errorMessage); </script>"; } } } ?> <!doctype html> <html class="no-js" lang="zxx"> <head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <?php include("top-link.php") ?> <title><?php echo $dataenroll["site_pages_meta_title"];?></title> <meta name="description" content="<?php echo $dataenroll["site_pages_meta_description"];?>"> </head> <body> <?php include("header.php"); ?> <main> <div class="it-breadcrumb-area it-breadcrumb-bg" data-background="<?php echo $wspath;?>assets/img/breadcrumb/breadcrumb.jpg"> <div class="container"> <div class="row "> <div class="col-md-12"> <div class="it-breadcrumb-content z-index-3 text-center"> <div class="it-breadcrumb-title-box"> <h1 class="it-breadcrumb-title"><?php echo $dataenroll["site_pages_name"];?></h1> </div> <div class="it-breadcrumb-list-wrap"> <div class="it-breadcrumb-list"> <span><a href="<?php echo $wspath;?>">home</a></span> <span class="dvdr">//</span> <span><?php echo $dataenroll["site_pages_name"];?></span> </div> </div> </div> </div> </div> </div> </div> <div class="it-signup-area pt-120 pb-120"> <div class="container"> <div class="it-signup-bg p-relative"> <div class="it-signup-thumb d-none d-lg-block"> <img src="<?php echo $wspath;?>assets/signup-1.jpg" alt="spanish"> </div> <div class="row"> <div class="col-xl-6 col-lg-6"> <form action="<?php $_PHP_SELF?>" method="POST"> <div class="it-signup-wrap"> <h4 class="it-signup-title">Enroll Now</h4> <div class="it-signup-input-wrap mb-40"> <div class="it-signup-input mb-20"> <input type="text" placeholder="Your Name *" name="name" required> <?php if (isset($errors) && in_array("Name field is required.", $errors)) { ?> <p class="error">Name field is required.</p> <?php } elseif (isset($errors) && in_array("Name can only contain alphabets.", $errors)) { ?> <p class="error">Name can only contain alphabets.</p> <?php } ?> </div> <div class="it-signup-input mb-20"> <input type="text" placeholder="Phone *" name="phone" minlength="5" maxlength="12" onkeypress="return isNumberKey(event)" pattern=".{5,12}" onpaste="return false;" required> <?php if (isset($errors) && in_array("Phone field is required.", $errors)) { ?> <p class="error">Phone field is required.</p> <?php } elseif (isset($errors) && in_array("Phone number should have exactly 10 digits.", $errors)) { ?> <p class="error">Phone number should have exactly 10 digits.</p> <?php } ?> </div> <div class="it-signup-input mb-20"> <input type="email" placeholder="Email *" name="email" required> <?php if (isset($errors) && in_array("Email field is required.", $errors)) { ?> <p class="error">Email field is required.</p> <?php } ?> </div> <div class="it-signup-input mb-20"> <input type="text" placeholder="Source*" name="source"> </div> <div class="it-signup-input mb-20"> <input type="text" placeholder="Address*" name="address"> </div> <div class="it-signup-input mb-20"> <input type="text" placeholder="Qualification*" name="qualify"> </div> <div class="it-signup-input mb-20"> <input type="number" placeholder="Age*" name="age"> </div> <div class="it-signup-input mb-20"> <input type="text" placeholder="Comment*" name="message"> </div> </div> <div class="it-signup-btn mb-40"> <button class="it-btn large" type="submit" name="submit">Submit</button> </div> </div> </form> </div> </div> </div> </div> </div> </main> <?php include("footer.php");?> </body> </html>