MMCT TEAM
Server IP : 103.53.40.154  /  Your IP : 3.145.164.47
Web Server : Apache
System : Linux md-in-35.webhostbox.net 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64
User : ppcad7no ( 715)
PHP Version : 8.2.25
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON
Directory (0750) :  /home2/ppcad7no/leetcoaching.co.in/

[  Home  ][  C0mmand  ][  Upload File  ]

Current File : /home2/ppcad7no/leetcoaching.co.in/enroll-now.php
<?php
    include_once('admin/config.php');
    
    function isAllowedMessage($message) {
        $allowedChars = '/^[a-zA-Z0-9,@. ]*$/';
        return preg_match($allowedChars, $message);
    }
    
    function isAllowedSource($source) {
        $allowedChars = '/^[a-zA-Z0-9,@. ]*$/';
        return preg_match($allowedChars, $source);
    }
    
    function isAllowedAddress($address) {
        $allowedChars = '/^[a-zA-Z0-9,@.\-\s]*$/';
        return preg_match($allowedChars, $address);
    }
    
    function isAllowedQualify($qualify) {
        $allowedChars = '/^[a-zA-Z0-9,@.\-\s]*$/';
        return preg_match($allowedChars, $qualify);
    }
    
    if ($_SERVER["REQUEST_METHOD"] === "POST") {
        if (isset($_POST['submit'])) {
            $name = $_POST['name'];
            $phone = $_POST['phone'];
            $email = $_POST['email'];
            $message = $_POST['message'];
            $source = $_POST['source'];
            $address = $_POST['address'];
            $qualify = $_POST['qualify'];
            $age = $_POST['age'];
            date_default_timezone_set("Asia/Kolkata");
            $currentTime = date("Y-m-d H:i:s");
            $errors = array();
    
            // Validate input
            if (empty($name)) {
                $errors[] = "Name field is required.";
            } elseif (!preg_match('/^[a-zA-Z ]+$/', $name)) {
                $errors[] = "Name can only contain alphabets.";
            }
    
            if (empty($email)) {
                $errors[] = "Email field is required.";
            } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                $errors[] = "Invalid email format.";
            }
    
            if (empty($phone)) {
                $errors[] = "Phone field is required.";
            } elseif (!preg_match('/^\d{10}$/', $phone)) {
                $errors[] = "Phone number should have exactly 10 digits.";
            }
    
            // Sanitize input
            $name = filter_var($name, FILTER_SANITIZE_STRING);
            $phone = filter_var($phone, FILTER_SANITIZE_NUMBER_INT);
            $email = filter_var($email, FILTER_SANITIZE_EMAIL);
            $age = filter_var($age, FILTER_SANITIZE_NUMBER_INT);
            $message = htmlspecialchars($message, ENT_QUOTES, 'UTF-8');
            $source = htmlspecialchars($source, ENT_QUOTES, 'UTF-8');
            $address = htmlspecialchars($address, ENT_QUOTES, 'UTF-8');
            $qualify = htmlspecialchars($qualify, ENT_QUOTES, 'UTF-8');
    
            // Check for potentially malicious content in the message
            if (!isAllowedMessage($message)) {
                $errors[] = "Your message contains potentially malicious content or disallowed characters.";
            }
            
            if (!isAllowedSource($source)) {
                $errors[] = "Your message contains potentially malicious content or disallowed characters.";
            }
            if (!isAllowedAddress($address)) {
                $errors[] = "Your message contains potentially malicious content or disallowed characters.";
            }
            if (!isAllowedQualify($qualify)) {
                $errors[] = "Your message contains potentially malicious content or disallowed characters.";
            }
    
    if (empty($errors)) {
        // Your existing code for successful submission
        
        $query = "INSERT INTO `tbl_order`(`ord_person_name`, `ord_email`, `ord_mobile`, `ord_adrs`, `ord_pickup_point`, `ord_web_url`, `ord_date`, `ord_pack_type`, `ord_pnr_no`) 
                                                             VALUES ('$name','$email', '$phone', '$address', '$source','$message','$currentTime','$qualify', '$age')";
        $result = mysqli_query($db, $query) or die("Query unsuccessful");
    
        // if ($result) {
        //     mysqli_stmt_bind_param($stmt, "sssss", $name, $phone, $email, $message, $currentTime);
        //     $result = mysqli_stmt_execute($stmt);
        //     mysqli_stmt_close($stmt);
    
            if ($result) {
                // $to = "digitalsaleem12@gmail.com";
                // $to = "fastelevatorandescalator@gmail.com";
                // $subject = "New Query Submitted";
                // $emailMessage = "A new query has been submitted:\n\n";
                // $emailMessage .= "Name: $name\n";
                // $emailMessage .= "Phone: $phone\n";
                // $emailMessage .= "Email: $email\n";
                // $emailMessage .= "Message: $message\n";
                
                // $headers = "From: $email";
                
                // if (mail($to, $subject, $emailMessage, $headers)) {
                echo "<script>
                window.alert('Successfully Sent! We will contact you soon');
                window.location.href = '$wspath' + 'contact.html';
                </script>";
            // } else {
            //   echo "Error sending email.";
            //     }
            } else {
                $errors[] = "Error in processing your request. Please try again later.";
            }
        // } else {
        //     $errors[] = "Error in preparing the statement.";
        // }
    } else {
        // Display validation errors in an alert
        echo "<script>
            var errorMessage = '";
        foreach ($errors as $error) {
            echo addslashes($error) . "\\n";
        }
        echo "';
            window.alert(errorMessage);
        </script>";
    }
        }
    }
?>

<!doctype html>
<html class="no-js" lang="zxx">

<head>
    <meta charset="utf-8">
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <?php include("top-link.php") ?>
    
    <title><?php echo $dataenroll["site_pages_meta_title"];?></title>
    <meta name="description" content="<?php echo $dataenroll["site_pages_meta_description"];?>">
</head>
<body>

    <?php include("header.php"); ?>
    
    <main>
        <div class="it-breadcrumb-area it-breadcrumb-bg" data-background="<?php echo $wspath;?>assets/img/breadcrumb/breadcrumb.jpg">
            <div class="container">
                <div class="row ">
                    <div class="col-md-12">
                        <div class="it-breadcrumb-content z-index-3 text-center">
                            <div class="it-breadcrumb-title-box">
                                <h1 class="it-breadcrumb-title"><?php echo $dataenroll["site_pages_name"];?></h1>
                            </div>
                            <div class="it-breadcrumb-list-wrap">
                                <div class="it-breadcrumb-list">
                                    <span><a href="<?php echo $wspath;?>">home</a></span>
                                    <span class="dvdr">//</span>
                                    <span><?php echo $dataenroll["site_pages_name"];?></span>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </div>

<div class="it-signup-area pt-120 pb-120">
    <div class="container">
        <div class="it-signup-bg p-relative">
        <div class="it-signup-thumb d-none d-lg-block">
            <img src="<?php echo $wspath;?>assets/signup-1.jpg" alt="spanish">
        </div>
            <div class="row">
                <div class="col-xl-6 col-lg-6">
                    <form action="<?php $_PHP_SELF?>" method="POST">
                        <div class="it-signup-wrap">
                            <h4 class="it-signup-title">Enroll Now</h4>
                            <div class="it-signup-input-wrap mb-40">
                                <div class="it-signup-input mb-20">
                                    <input type="text" placeholder="Your Name *" name="name" required>
                                    <?php if (isset($errors) && in_array("Name field is required.", $errors)) { ?>
                                        <p class="error">Name field is required.</p>
                                    <?php } elseif (isset($errors) && in_array("Name can only contain alphabets.", $errors)) { ?>
                                        <p class="error">Name can only contain alphabets.</p>
                                    <?php } ?>
                                </div>
                                
                                <div class="it-signup-input mb-20">
                                    <input type="text" placeholder="Phone *" name="phone" minlength="5" maxlength="12" onkeypress="return isNumberKey(event)" pattern=".{5,12}" onpaste="return false;" required>
                                    <?php if (isset($errors) && in_array("Phone field is required.", $errors)) { ?>
                                        <p class="error">Phone field is required.</p>
                                    <?php } elseif (isset($errors) && in_array("Phone number should have exactly 10 digits.", $errors)) { ?>
                                        <p class="error">Phone number should have exactly 10 digits.</p>
                                    <?php } ?>
                                </div>
                                <div class="it-signup-input mb-20">
                                    <input type="email" placeholder="Email *" name="email" required>
                                    <?php if (isset($errors) && in_array("Email field is required.", $errors)) { ?>
                                        <p class="error">Email field is required.</p>
                                    <?php } ?>
                                </div>
                                <div class="it-signup-input mb-20">
                                    <input type="text" placeholder="Source*" name="source">
                                </div>
                                <div class="it-signup-input mb-20">
                                    <input type="text" placeholder="Address*" name="address">
                                </div>
                                <div class="it-signup-input mb-20">
                                    <input type="text" placeholder="Qualification*" name="qualify">
                                </div>
                                <div class="it-signup-input mb-20">
                                    <input type="number" placeholder="Age*" name="age">
                                </div>
                                <div class="it-signup-input mb-20">
                                    <input type="text" placeholder="Comment*" name="message">
                                </div>
                            </div>
                                <div class="it-signup-btn mb-40">
                                    <button class="it-btn large" type="submit" name="submit">Submit</button>
                                </div>
                        </div>
                    </form>
                </div>
            </div>
        </div>
    </div>
</div>

    </main>

    <?php include("footer.php");?>
    
</body>

</html>

MMCT - 2023