|
Server IP : 103.53.40.154 / Your IP : 13.59.95.170 Web Server : Apache System : Linux md-in-35.webhostbox.net 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64 User : ppcad7no ( 715) PHP Version : 8.2.25 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0750) : /home2/ppcad7no/kedarheliped.in/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
<?php
function isAllowedMessage($message) {
$allowedChars = '/^[a-zA-Z0-9,@. ]*$/';
return preg_match($allowedChars, $message);
}
if ($_SERVER["REQUEST_METHOD"] === "POST") {
if (isset($_POST['submit'])) {
$name = $_POST['name'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$subject = $_POST['subject'];
$message = $_POST['message'];
date_default_timezone_set("Asia/Kolkata");
$currentTime = date("Y-m-d H:i:s");
$errors = array();
// Validate input
if (empty($name)) {
$errors[] = "Name field is required.";
} elseif (!preg_match('/^[a-zA-Z ]+$/', $name)) {
$errors[] = "Name can only contain alphabets.";
}
if (empty($email)) {
$errors[] = "Email field is required.";
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors[] = "Invalid email format.";
}
if (empty($phone)) {
$errors[] = "Phone field is required.";
} elseif (!preg_match('/^\d{10}$/', $phone)) {
$errors[] = "Phone number should have exactly 10 digits.";
}
// Sanitize input
$name = filter_var($name, FILTER_SANITIZE_STRING);
$phone = filter_var($phone, FILTER_SANITIZE_NUMBER_INT);
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
$subject = htmlspecialchars($subject, ENT_QUOTES, 'UTF-8');
$message = htmlspecialchars($message, ENT_QUOTES, 'UTF-8');
// Check for potentially malicious content in the message
if (!isAllowedMessage($message)) {
$errors[] = "Your message contains potentially malicious content or disallowed characters.";
}
if (!isAllowedMessage($subject)) {
$errors[] = "Your Subject contains potentially malicious content or disallowed characters.";
}
if (empty($errors)) {
// Your existing code for successful submission
$to = "test@gmail.com";
$subject = "New Query Submitted From Kedar Helipad";
$emailMessage = "A new query has been submitted:\n\n";
$emailMessage .= "Name: $name\n";
$emailMessage .= "Phone: $phone\n";
$emailMessage .= "Email: $email\n";
$emailMessage .= "Time: $currentTime\n";
$emailMessage .= "Subject: $email\n";
$emailMessage .= "Message: $message\n";
$headers = "From: $email";
if (mail($to, $subject, $emailMessage, $headers)) {
echo "<script>
window.alert('Successfully Sent! We will contact you soon');
window.location.href = 'index.html';
</script>";
} else {
echo "Error sending email.";
}
} else {
// Display validation errors in an alert
echo "<script>
var errorMessage = '";
foreach ($errors as $error) {
echo addslashes($error) . "\\n";
}
echo "';
window.alert(errorMessage);
</script>";
}
}
}
?>
<section id="contact" class="contact">
<div class="container" data-aos="fade-up">
<div class="section-title">
<h2>Contact</h2>
<h3><span>Contact Us</span></h3>
</div>
<div class="row" data-aos="fade-up" data-aos-delay="100">
<div class="col-lg-9">
<div class="info-box mb-4">
<i class="bx bx-map"></i>
<h3>Our Address</h3>
<p>Room No -403 Vishwakarma Bhawan, Uttarakhand Secretariat, 4-Subhash Road Dehradun UttaraKhand India 248001</p>
</div>
</div>
<!--<div class="col-lg-3 col-md-6">-->
<!-- <div class="info-box mb-4">-->
<!-- <i class="bx bx-envelope"></i>-->
<!-- <h3>Email Us</h3>-->
<!-- <p>riteshkumar34815810@gamil.com</p>-->
<!-- </div>-->
<!--</div>-->
<div class="col-lg-3 col-md-6">
<div class="info-box mb-4">
<i class="bx bx-phone-call"></i>
<h3>Call Us</h3>
<a href="tel:+918276916747" style="color:#6f6f6f;"><p>+91-8276916747</p></a>
</div>
</div>
</div>
<div class="row" data-aos="fade-up" data-aos-delay="100">
<div class="col-lg-6 ">
<iframe class="mb-4 mb-lg-0" src="https://www.google.com/maps/embed?pb=!1m14!1m8!1m3!1d13774.657842755216!2d78.0520504!3d30.3320606!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x39092900046e4b2b%3A0xc5989f4b2c40675!2sUttrakhand%20secretariat!5e0!3m2!1sen!2sin!4v1715258871787!5m2!1sen!2sin" width="100%" height="400" style="border:0;" allowfullscreen="" loading="lazy" referrerpolicy="no-referrer-when-downgrade"></iframe>
</div>
<style>
.form-group {
}
</style>
<div class="col-lg-6">
<form action="#" method="post" >
<div class="row">
<div class="col-lg-6 pb-2 form-group">
<input type="text" name="name" class="form-control" id="name" placeholder="Your Name" required>
<?php if (isset($errors) && in_array("Name field is required.", $errors)) { ?>
<p class="error">Name field is required.</p>
<?php } elseif (isset($errors) && in_array("Name can only contain alphabets.", $errors)) { ?>
<p class="error">Name can only contain alphabets.</p>
<?php } ?>
</div>
<div class="col-lg-6 pb-2 form-group">
<input type="email" class="form-control" name="email" id="email" placeholder="Your Email" required>
<?php if (isset($errors) && in_array("Email field is required.", $errors)) { ?>
<p class="error">Email field is required.</p>
<?php } ?>
</div>
</div>
<div class="row">
<div class="col-lg-6 pb-2 form-group">
<input type="text" class="form-control" name="phone" id="subject" placeholder="Phone" id="phone_no" minlength="10" maxlength="10" onkeypress="return isNumberKey(event)" pattern=".{10,10}" onpaste="return false;" required>
<?php if (isset($errors) && in_array("Phone field is required.", $errors)) { ?>
<p class="error">Phone field is required.</p>
<?php } elseif (isset($errors) && in_array("Phone number should have exactly 10 digits.", $errors)) { ?>
<p class="error">Phone number should have exactly 10 digits.</p>
<?php } ?>
</div>
<div class="col-lg-6 pb-2 form-group">
<input type="text" class="form-control" name="subject" id="subject" placeholder="Subject" required>
</div>
</div>
<div class="form-group pb-2">
<textarea class="form-control" name="message" rows="5" placeholder="Message" required></textarea>
</div>
<div class="text-center"><button type="submit" name="submit" class="btn btn-success">Send Message</button></div>
</form>
</div>
</div>
</div>
</section>