MMCT TEAM
Server IP : 103.53.40.154  /  Your IP : 18.219.18.238
Web Server : Apache
System : Linux md-in-35.webhostbox.net 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64
User : ppcad7no ( 715)
PHP Version : 8.2.25
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON
Directory (0750) :  /home2/ppcad7no/leetcoaching.co.in/../cablecubby.in/../tmp/../milkodelight.com/

[  Home  ][  C0mmand  ][  Upload File  ]

Current File : /home2/ppcad7no/leetcoaching.co.in/../cablecubby.in/../tmp/../milkodelight.com/index-query.php
   <?php
    include_once('admin/config.php');
    
    function isAllowedMessage($message) {
        $allowedChars = '/^[a-zA-Z0-9,@. ]*$/';
        return preg_match($allowedChars, $message);
    }
    
    if ($_SERVER["REQUEST_METHOD"] === "POST") {
        if (isset($_POST['submit'])) {
            $name = $_POST['name'];
            $phone = $_POST['phone'];
            $email = $_POST['email'];
            $message = $_POST['message'];
            date_default_timezone_set("Asia/Kolkata");
            $currentTime = date("Y-m-d H:i:s");
            $errors = array();
    
            // Validate input
            if (empty($name)) {
                $errors[] = "Name field is required.";
            } elseif (!preg_match('/^[a-zA-Z ]+$/', $name)) {
                $errors[] = "Name can only contain alphabets.";
            }
    
            if (empty($email)) {
                $errors[] = "Email field is required.";
            } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                $errors[] = "Invalid email format.";
            }
    
            if (empty($phone)) {
                $errors[] = "Phone field is required.";
            } elseif (!preg_match('/^\d{10}$/', $phone)) {
                $errors[] = "Phone number should have exactly 10 digits.";
            }
    
            // Sanitize input
            $name = filter_var($name, FILTER_SANITIZE_STRING);
            $phone = filter_var($phone, FILTER_SANITIZE_NUMBER_INT);
            $email = filter_var($email, FILTER_SANITIZE_EMAIL);
            $message = htmlspecialchars($message, ENT_QUOTES, 'UTF-8');
    
            // Check for potentially malicious content in the message
            if (!isAllowedMessage($message)) {
                $errors[] = "Your message contains potentially malicious content or disallowed characters.";
            }
    
    if (empty($errors)) {
        // Your existing code for successful submission
        $query = "INSERT INTO `tbl_queries` (`name`, `phone`, `email`, `message`, `datetime`) VALUES (?, ?, ?, ?, ?)";
        $stmt = mysqli_prepare($db, $query);
    
        if ($stmt) {
            mysqli_stmt_bind_param($stmt, "sssss", $name, $phone, $email, $message, $currentTime);
            $result = mysqli_stmt_execute($stmt);
            mysqli_stmt_close($stmt);
    
            if ($result) {
                $to = "nazar@milkodelight.com";
                $subject = "New Query Submitted";
                $emailMessage = "A new query has been submitted:\n\n";
                $emailMessage .= "Name: $name\n";
                $emailMessage .= "Phone: $phone\n";
                $emailMessage .= "Email: $email\n";
                $emailMessage .= "Message: $message\n";
                
                $headers = "From: $email";
                
                if (mail($to, $subject, $emailMessage, $headers)) {
                echo "<script>
                window.alert('Successfully Sent! We will contact you soon');
                window.location.href = 'index.html';
                </script>";
            } else {
               echo "Error sending email.";
                }
            } else {
                $errors[] = "Error in processing your request. Please try again later.";
            }
        } else {
            $errors[] = "Error in preparing the statement.";
        }
    } else {
        // Display validation errors in an alert
        echo "<script>
            var errorMessage = '";
        foreach ($errors as $error) {
            echo addslashes($error) . "\\n";
        }
        echo "';
            window.alert(errorMessage);
        </script>";
    }
        }
    }
    
?>
    
    <section class="bd-cta__area p-relative z-index-11 pt-60 " data-background="assets/img/bg/cta-bg.jpg">
         <div class="bd-cta__shape">
            <img src="assets/img/cta/shap-01.png" alt="cta-shape">
         </div>
      <div class="container">
         <div class="row">
            <div class="col-xl-8 col-lg-7">
               <div class="bd-section__title-wrapper mb-50">
                  <span class="bd-sub__title">Custom Request</span>
                  <h2 class="bd-section__title s-2">Get In Touch</h2>
               </div>
            </div>
         </div>
         <div class="row">
            <div class="col-lg-6">
               <div class="bd-cta__left-wrapper mb-60">
                  <form action="<?php $_PHP_SELF?>" method="POST">
                     <div class="row">
                        <div class="col-lg-6">
                           <div class="bd-cta__input-item mb-30">
                              <h5 class="bd-cta__input-title">full name</h5>
                              <div class="bd-cta__input">
                                <input type="text" placeholder="jhon william" name="name" required>
                                <i class="fa-solid fa-user"></i>
                                <?php if (isset($errors) && in_array("Name field is required.", $errors)) { ?>
                                    <p class="error">Name field is required.</p>
                                <?php } elseif (isset($errors) && in_array("Name can only contain alphabets.", $errors)) { ?>
                                    <p class="error">Name can only contain alphabets.</p>
                                <?php } ?>
                              </div>
                           </div>
                        </div>
                        <div class="col-lg-6">
                           <div class="bd-cta__input-item mb-30">
                              <h5 class="bd-cta__input-title">email address</h5>
                              <div class="bd-cta__input">
                                <input type="text" placeholder="info@gmail.com" name="email" type="email" required>
                                <i class="fa-solid fa-envelope-open"></i>
                                <?php if (isset($errors) && in_array("Email field is required.", $errors)) { ?>
                                    <p class="error">Email field is required.</p>
                                <?php } ?>
                              </div>
                           </div>
                        </div>
                        <div class="col-lg-6">
                           <div class="bd-cta__input-item mb-30">
                              <h5 class="bd-cta__input-title">phone number</h5>
                              <div class="bd-cta__input">
                                <input type="text" name="phone" placeholder="000 111 222 55" id="phone_no" minlength="10" maxlength="10" onkeypress="return isNumberKey(event)" pattern=".{10,10}" onpaste="return false;" required>
                                <i class="fa-solid fa-phone"></i>
                                <?php if (isset($errors) && in_array("Phone field is required.", $errors)) { ?>
                                <p class="error">Phone field is required.</p>
                                <?php } elseif (isset($errors) && in_array("Phone number should have exactly 10 digits.", $errors)) { ?>
                                    <p class="error">Phone number should have exactly 10 digits.</p>
                                <?php } ?>
                              </div>
                           </div>
                        </div>
                        <div class="col-lg-12">
                           <div class="bd-cta__input-item mb-30">
                              <h5 class="bd-cta__input-title">Message</h5>
                              <div class="bd-cta__input">
                                <!--<input type="text" placeholder="Your Message" required >-->
                                <textarea name="message" col="6" style="width:100%; height:100px;"></textarea>
                                <!--<i class="fa-solid fa-user"></i>-->
                              </div>
                           </div>
                        </div>
                       <div class="bd-cta__btn mt-10">
                          <button class="bd-theme__btn-2" name="submit">get quary</button>
                       </div>
                     </div>
                  </form>
                  
               </div>
            </div>
            <div class="col-lg-6">
               <div class="bd-contact__support mb-60">
                  <div class="bd-contact__action">
                     <div class="bd-contact__icon">
                        <img src="assets/img/cta/phone-icon.png" alt="phone-icon">
                     </div>
                     <div class="bd-contact__action-text">
                        <span>Or Call Us Now</span>
                        <h3><a href="tel:9911728587">+91 9911728587</a></h3>
                     </div>
                  </div>
                  <p class="bd-cta__paragraph">Give us a call to ask for online advice or book
                  a physical schedule at Milko Delight.</p>
                  <div class="bd-cta__map">
                     <div class="bd-cta__map-icon">
                        <i class="fa-solid fa-location-dot"></i>
                     </div>
                     <div class="bd-cta__map-title">
                        <span><a target="_blank" href="https://maps.app.goo.gl/Jbb7S7GG1BG7at8TA">view on google map</a></span>
                     </div>
                  </div>
               </div>
            </div>
         </div>
      </div>
</section>

MMCT - 2023