Server IP : 103.53.40.154 / Your IP : 3.149.254.25 Web Server : Apache System : Linux md-in-35.webhostbox.net 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64 User : ppcad7no ( 715) PHP Version : 8.2.25 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0750) : /home2/ppcad7no/fastelevator.in/../snackpoint.co.nz/ |
[ Home ] | [ C0mmand ] | [ Upload File ] |
---|
<?php include_once('admin/config.php'); function isAllowedMessage($message) { $allowedChars = '/^[a-zA-Z0-9,@. ]*$/'; return preg_match($allowedChars, $message); } if ($_SERVER["REQUEST_METHOD"] === "POST") { if (isset($_POST['submit'])) { $name = $_POST['name']; $phone = $_POST['phone']; $email = $_POST['email']; $message = $_POST['message']; $currentTime = date("Y-m-d H:i:s"); $errors = array(); // Validate input if (empty($name)) { $errors[] = "Name field is required."; } elseif (!preg_match('/^[a-zA-Z ]+$/', $name)) { $errors[] = "Name can only contain alphabets."; } if (empty($email)) { $errors[] = "Email field is required."; } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors[] = "Invalid email format."; } if (empty($phone)) { $errors[] = "Phone field is required."; } // Sanitize input $name = filter_var($name, FILTER_SANITIZE_STRING); $phone = filter_var($phone, FILTER_SANITIZE_NUMBER_INT); $email = filter_var($email, FILTER_SANITIZE_EMAIL); $message = htmlspecialchars($message, ENT_QUOTES, 'UTF-8'); // Check for potentially malicious content in the message if (!isAllowedMessage($message)) { $errors[] = "Your message contains potentially malicious content or disallowed characters."; } if (empty($errors)) { // Your existing code for successful submission $query = "INSERT INTO `tbl_queries` (`name`, `phone`, `email`, `message`, `datetime`) VALUES (?, ?, ?, ?, ?)"; $stmt = mysqli_prepare($db, $query); if ($stmt) { mysqli_stmt_bind_param($stmt, "sssss", $name, $phone, $email, $message, $currentTime); $result = mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); $sqlemail = "SELECT * FROM `tbl_general`"; $runemail = mysqli_query($db,$sqlemail) or die("Query Not run"); $dataemail = mysqli_fetch_assoc($runemail); if ($result) { $to = $dataemail['email']; $subject = "New Query Submitted From Snack Point"; $emailMessage = "A new query has been submitted:\n\n"; $emailMessage .= "Name: $name\n"; $emailMessage .= "Phone: $phone\n"; $emailMessage .= "Email: $email\n"; $emailMessage .= "Message: $message\n"; $headers = "From: $email"; if (mail($to, $subject, $emailMessage, $headers)) { echo "<script> window.alert('Successfully Sent! We will contact you soon'); window.location.href = 'contact.html'; </script>"; } else { echo "Error sending email."; } } else { $errors[] = "Error in processing your request. Please try again later."; } } else { $errors[] = "Error in preparing the statement."; } } else { // Display validation errors in an alert echo "<script> var errorMessage = '"; foreach ($errors as $error) { echo addslashes($error) . "\\n"; } echo "'; window.alert(errorMessage); </script>"; } } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <?php include("top-links.php") ?> <title><?php echo $datacontact["site_pages_meta_title"];?></title> <meta name="description" content="<?php echo $datacontact["site_pages_meta_description"];?>"> </head> <body> <?php include "header.php";?> <div class="pq-breadcrumb" style="background-image:url('images/blog/breadcrumb.jpg');"> <div class="container"> <div class="row align-items-center"> <div class="col-lg-12"> <nav aria-label="breadcrumb"> <div class="pq-breadcrumb-title"> <h1>Contact Us</h1> </div> <div class="pq-breadcrumb-container"> <ol class="breadcrumb"> <li class="breadcrumb-item"> <a href="<?= $wspath;?>"> <i class="fas fa-home me-2"></i>Home </a> </li> <li class="breadcrumb-item active">Contact Us</li> </ol> </div> </nav> </div> </div> </div> </div> <section class="pq-contact-us"> <div class="container"> <div class="row justify-content-center"> <div class="col-xl-4 col-lg-6 col-md-6"> <div class="contact-container"> <div class="contact-icon-box"> <div class="contact-icon-box-icon"> <span class="contact-icon"> <i aria-hidden="true" class=" ti-location-pin"></i> </span> </div> <div class="contact-icon-box-content"> <h4 class="contact-icon-box-title"> <span>Our Location</span> </h4> <p class="contact-icon-box-description m-0"><?php echo $data1["address"] ?></p> </div> </div> </div> </div> <div class="col-xl-4 col-lg-6 col-md-6 mt-4 mt-md-0"> <div class="contact-container"> <div class="contact-icon-box"> <div class="contact-icon-box-icon"> <span class="contact-icon"> <i aria-hidden="true" class=" ti-headphone-alt"></i> </span> </div> <div class="contact-icon-box-content"> <h4 class="contact-icon-box-title"> <span>Our Contact</span> </h4> <p class="contact-icon-box-description m-0"><a style="color:white;" href="tel:<?php echo $data1["phone"] ?>"> <?php echo $data1["phone"] ?></a></p> </div> </div> </div> </div> <div class="col-xl-4 col-lg-12 col-md-12 mt-4 mt-xl-0"> <div class="contact-container"> <div class="contact-icon-box"> <div class="contact-icon-box-icon"> <span class="contact-icon"> <i aria-hidden="true" class=" ti-email"></i> </span> </div> <div class="contact-icon-box-content"> <h4 class="contact-icon-box-title"> <span>Mail Us</span> </h4> <p class="contact-icon-box-description m-0"><a style="color:white;" href="mailto:<?php echo $data1["email"] ?>"><?php echo $data1["email"] ?></a></p> </div> </div> </div> </div> </div> </div> </section> <section class="pq-bg-dark-color"> <div class="container"> <div class="row align-items-center"> <div class="col-xl-6 col-lg-12"> <div class="pq-contact-img"> <img src="images/contact-us/1.jpg" alt="images" class="img-fluid"> </div> </div> <div class="col-xl-6 col-lg-12 ps-xl-4 mt-4 mt-xl-0"> <div class="pq-section-title-style-1 text-left"> <span class="pq-section-sub-title">LET'S TALK</span> <h5 class="pq-section-title">Get In Touch</h5> <p class="pq-section-description">Contrary to popular belief, the use of filler text in design is not just a modern practice.</p> </div> <form class="pq-applyform" novalidate action="<?php $_PHP_SELF?>" method="POST"> <div class="pq-reservation"> <div class="row"> <div class="col-lg-6"> <input size="40" placeholder="Your Name" required name="name"> <?php if (isset($errors) && in_array("Name field is required.", $errors)) { ?> <p class="error">Name field is required.</p> <?php } elseif (isset($errors) && in_array("Name can only contain alphabets.", $errors)) { ?> <p class="error">Name can only contain alphabets.</p> <?php } ?> </div> <div class="col-lg-6"> <input size="40" name="phone" type="text" placeholder="Your Phone" minlength="6" maxlength="12" onkeypress="return isNumberKey(event)" pattern=".{6,12}" onpaste="return false;" required> <?php if (isset($errors) && in_array("Phone field is required.", $errors)) { ?> <p class="error">Phone field is required.</p> <?php } ?> </div> <div class="col-lg-12"> <input type="email" name="email" size="40" placeholder="Email" required> <?php if (isset($errors) && in_array("Email field is required.", $errors)) { ?> <p class="error">Email field is required.</p> <?php } ?> </div> <div class="col-lg-12"> <textarea cols="10" name="message" rows="3" placeholder="Message" required></textarea> </div> <div class="col-lg-12"> <button type="submit" name="submit" class="pq-button"> <span class="pq-button-text">Contact Us</span> </button> </div> </div> </div> <!--<div class="wpcf7-response-output" aria-hidden="true"></div>--> </form> </div> </div> </div> </section> <div class="pq-map"> <iframe src="<?php echo $data1["map_link"] ?>" width="100%" height="450" style="border:0;" allowfullscreen="" loading="lazy" referrerpolicy="no-referrer-when-downgrade"></iframe> </div> <?php include "footer.php";?> </body> </html>