403Webshell
Server IP : 127.0.0.1  /  Your IP : 216.73.216.109
Web Server : Apache/2.4.54 (Win64) OpenSSL/1.1.1q PHP/8.1.10
System : Windows NT DESKTOP-E5T4RUN 10.0 build 19045 (Windows 10) AMD64
User : SERVERWEB ( 0)
PHP Version : 8.1.10
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : OFF |  Perl : OFF |  Python : OFF |  Sudo : OFF |  Pkexec : OFF
Directory :  C:/laragon/www/endpoints/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :

[ Back ]     

Current File : C:/laragon/www/endpoints/contact.php
<?php
declare(strict_types=1);

header('Content-Type: application/json; charset=utf-8');

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    respond(false, 'Metodo no permitido.', 405);
}

$action = post_value('action');
$recipient = getenv('CONTACT_FORM_TO') ?: 'municipiodequillacollo@gmail.com';
$siteHost = $_SERVER['HTTP_HOST'] ?? 'quillacollo.gob.bo';
$fromAddress = 'no-reply@' . preg_replace('/[^a-z0-9.-]/i', '', $siteHost);

try {
    switch ($action) {
        case 'contact':
            $name = post_value('name');
            $email = post_value('email');
            $subject = post_value('subject');
            $body = post_value('body');

            require_fields([
                'nombre' => $name,
                'email' => $email,
                'asunto' => $subject,
                'mensaje' => $body,
            ]);
            require_email($email);

            $mailSubject = '[Web GAMQ] ' . clean_subject($subject);
            $mailBody = build_message([
                'Tipo' => 'Contacto',
                'Nombre' => $name,
                'Email' => $email,
                'Asunto' => $subject,
                'Mensaje' => $body,
            ]);
            break;

        case 'booking':
            $name = post_value('name');
            $surname = post_value('surname');
            $email = post_value('email');
            $arrival = post_value('arrival');
            $departure = post_value('departure');
            $room = post_value('room');
            $adults = post_value('adults');
            $children = post_value('children');
            $rooms = post_value('rooms');
            $body = post_value('body');

            require_fields([
                'nombre' => $name,
                'apellido' => $surname,
                'email' => $email,
                'llegada' => $arrival,
                'salida' => $departure,
                'habitacion' => $room,
                'adultos' => $adults,
                'ninos' => $children,
                'habitaciones' => $rooms,
                'mensaje' => $body,
            ]);
            require_email($email);

            $mailSubject = '[Web GAMQ] Reserva / Booking';
            $mailBody = build_message([
                'Tipo' => 'Booking',
                'Nombre' => trim($name . ' ' . $surname),
                'Email' => $email,
                'Llegada' => $arrival,
                'Salida' => $departure,
                'Habitacion' => $room,
                'Adultos' => $adults,
                'Ninos' => $children,
                'Habitaciones' => $rooms,
                'Mensaje' => $body,
            ]);
            break;

        case 'newsletter':
            $name = post_value('name_news') ?: 'Sin nombre';
            $email = post_value('email_news');

            require_fields(['email' => $email]);
            require_email($email);

            $mailSubject = '[Web GAMQ] Nueva suscripcion newsletter';
            $mailBody = build_message([
                'Tipo' => 'Newsletter',
                'Nombre' => $name,
                'Email' => $email,
            ]);
            break;

        default:
            respond(false, 'Tipo de formulario no valido.', 400);
    }

    $headers = [
        'MIME-Version: 1.0',
        'Content-Type: text/plain; charset=UTF-8',
        'From: GAMQ Web <' . $fromAddress . '>',
        'Reply-To: ' . sanitize_header($email ?? $fromAddress),
    ];

    $sent = mail($recipient, $mailSubject, $mailBody, implode("\r\n", $headers));

    if (!$sent) {
        respond(false, 'No se pudo enviar el mensaje. Intente nuevamente mas tarde.', 500);
    }

    respond(true, 'Mensaje enviado correctamente.');
} catch (InvalidArgumentException $exception) {
    respond(false, $exception->getMessage(), 422);
}

function post_value(string $key): string
{
    return trim((string) ($_POST[$key] ?? ''));
}

function require_fields(array $fields): void
{
    foreach ($fields as $label => $value) {
        if (trim((string) $value) === '') {
            throw new InvalidArgumentException('Falta completar: ' . $label . '.');
        }
    }
}

function require_email(string $email): void
{
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        throw new InvalidArgumentException('Ingrese un email valido.');
    }
}

function clean_subject(string $subject): string
{
    $subject = sanitize_header($subject);
    return $subject !== '' ? $subject : 'Mensaje de contacto';
}

function sanitize_header(string $value): string
{
    return trim(str_replace(["\r", "\n"], '', $value));
}

function build_message(array $fields): string
{
    $lines = ['Mensaje recibido desde el sitio web GAMQ.', ''];

    foreach ($fields as $label => $value) {
        $lines[] = $label . ': ' . trim((string) $value);
    }

    $lines[] = '';
    $lines[] = 'Fecha: ' . date('Y-m-d H:i:s');

    return implode("\n", $lines);
}

function respond(bool $success, string $message, int $status = 200): void
{
    http_response_code($status);
    echo json_encode([
        'success' => $success,
        'message' => $message,
    ]);
    exit;
}

Youez - 2016 - github.com/yon3zu
LinuXploit