HEX
Server: Apache/2.4.58 (Ubuntu)
System: Linux ns3133907 6.8.0-84-generic #84-Ubuntu SMP PREEMPT_DYNAMIC Fri Sep 5 22:36:38 UTC 2025 x86_64
User: cssnetorguk (1024)
PHP: 8.2.28
Disabled: NONE
$ pwd: /home/seochester.co.uk/public_html/
Upload Files
File: /home/seochester.co.uk/public_html/sidebar-code.php
	<?php 
error_reporting(E_ALL);
$form_your_email ='andrei@vanillacircus.co.uk, b.sykes@vanillacircus.co.uk';// <<=== update to your email address (all enquiries)

#session_start();

$form_visitor_email = '';
$message = '';
$first_name = '';
$address = '';

if(isset($_POST['submit']))
{
	$first_name = $_POST['first_name'];
	$address = $_POST['address'];
	$form_visitor_email = $_POST['email_address'];
	$message = $_POST['message'];

		///------------Do Validations-------------
	if(empty($first_name)||$first_name=="NAME")
	{
		$form_errors .= "\n Please fill in your Name.";	
	}
	if(strpos($message,'http://') !== false){
		$form_errors .= "\n Please do not include any links or urls in your content.";
	}
	
	if(empty($form_visitor_email)||$form_visitor_email=="EMAIL")
	{
		$form_errors .= "\n Please fill in your Email.";	
	}

	if($address == '' ||$address == "WEB ADDRESS" )
	{
		$form_errors .= "\n Please enter your domain. ";	
	}

	if(IsInjected($form_visitor_email))
	{
		$form_errors .= "\n Bad email value!";
	}
	
	if(empty($form_errors))
	{
		//send the email
		$form_to = $form_your_email;
		$form_subject='Simple contact form enquiry from '.$_SERVER['SERVER_NAME'];
		$form_from = $form_visitor_email;
		$form_ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';
		
		$form_body = '<div align="center">'.		
		'<table border="1" cellspacing="5" cellpadding="5" width="80%">'.
		'<tr><td nowrap="nowrap" colspan="2" ><p align="center">simple contact form enquiry from '.$_SERVER['SERVER_NAME'].'</p>'.
		
  '<tr><td nowrap="nowrap" bgcolor="#CCCCCC"><p>Name</p>'.
    '<td width="100%"><p>'."$first_name".'&nbsp;</p>'.
	
  '<tr><td nowrap="nowrap" bgcolor="#CCCCCC"><p>e-mail address</p>'.
    '<td width="100%"><p>'."$form_visitor_email".'&nbsp;</p>'.

 '<tr><td nowrap="nowrap" bgcolor="#CCCCCC"><p>Website </p>'.
   '<td width="100%"><p>'."$address".'&nbsp;</p>'.

 '<tr><td nowrap="nowrap" bgcolor="#CCCCCC"><p>Further description</p>'.
   '<td width="100%"><p>'."$message".'&nbsp;</p>'.
	
  '<tr><td nowrap="nowrap" bgcolor="#CCCCCC"><p>Request IP</p>'.
    '<td width="100%"><p>'."$form_ip".'&nbsp;</p></table>'.
	'</div>';
		
		$form_headers = "From: $form_visitor_email \r\n";
		$form_headers .= "Reply-To: $form_visitor_email \r\n";
		$form_headers .= "MIME-Version: 1.0\r\n";
		$form_headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
		
		mail($form_to, $form_subject, $form_body,$form_headers);

		header('Location: /thank-you.php'); 
	}
}

// Function to validate against any email injection attempts
function IsInjected($form_str)
{
  $form_injections = array('(\n+)',
              '(\r+)',
              '(\t+)',
              '(%0A+)',
              '(%0D+)',
              '(%08+)',
              '(%09+)'
              );
  $form_inject = join('|', $form_injections);
  $form_inject = "/$form_inject/i";
  if(preg_match($form_inject,$form_str))
    {
    return true;
  }
  else
    {
    return false;
  }
}
?>
@ Telegram