HEX
Server: Apache
System: Linux vps8051.dx3webs.com 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User: paiskincare (10000)
PHP: 5.6.40-52+ubuntu20.04.1+deb.sury.org+1
Disabled: opcache_get_status
$ pwd: /var/www/vhosts/paiskincare.com/httpdocs2/offer/
Upload Files
File: /var/www/vhosts/paiskincare.com/httpdocs2/offer/index.php
<?php
header('Content-Type: text/html;charset=utf-8');
/*
error_reporting(E_ALL); ini_set( 'display_errors', '1');
*/
session_start();
function FilterCChars($TheString)
{
 return preg_replace('/[\x00-\x1F]/', '', $TheString);
}

function validEmail($email)
{
   $isValid = true;
   $atIndex = strrpos($email, "@");
   if (is_bool($atIndex) && !$atIndex)
   {
      $isValid = false;
   }
   else
   {
      $domain = substr($email, $atIndex+1);
      $local = substr($email, 0, $atIndex);
      $localLen = strlen($local);
      $domainLen = strlen($domain);
      if ($localLen < 1 || $localLen > 64)
      {
         // local part length exceeded
         $isValid = false;
      }
      else if ($domainLen < 1 || $domainLen > 255)
      {
         // domain part length exceeded
         $isValid = false;
      }
      else if ($local[0] == '.' || $local[$localLen-1] == '.')
      {
         // local part starts or ends with '.'
         $isValid = false;
      }
      else if (preg_match('/\\.\\./', $local))
      {
         // local part has two consecutive dots
         $isValid = false;
      }
      else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain))
      {
         // character not valid in domain part
         $isValid = false;
      }
      else if (preg_match('/\\.\\./', $domain))
      {
         // domain part has two consecutive dots
         $isValid = false;
      }
      else if
(!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/',
                 str_replace("\\\\","",$local)))
      {
         // character not valid in local part unless 
         // local part is quoted
         if (!preg_match('/^"(\\\\"|[^"])+"$/',
             str_replace("\\\\","",$local)))
         {
            $isValid = false;
         }
      }
      if ($isValid && !(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A")))
      {
         // domain not found in DNS
         $isValid = false;
      }
   }
   return $isValid;
}

include_once 'securimage/securimage.php';

$securimage = new Securimage();
$success=false;

if ($_SERVER['REQUEST_METHOD']=='POST') {
	$errors=array();
	if ($securimage->check($_POST['captcha_code']) == false) {
	  // the code was incorrect
	  // handle the error accordingly with your other error checking
	
	  // or you can do something really basic like this
	  $errors['captcha_code'][]='The code you entered was incorrect. Please try again.';
	  
	}

	$keys=array('' => 'robottrumpet','f1' => 'poseshoot','f2' => 'rowhope','f3' => 'fishfund');
	$names=array();
	$emails=array();
	foreach ($keys as $key => $code) {
		$name=trim(FilterCChars($_POST['name'.$key]));
		$email=trim(FilterCChars($_POST['email'.$key]));

		if (strlen($name)==0) {
			$errors['name'.$key][]='Please enter a name';
		} else if (strlen($name)>50) {
			$errors['name'.$key][]='Please enter a shorter name';
		}
		 
		if (strlen($email)==0) {
			$errors['email'.$key][]='Please enter an email address';
		} else {
			$names[$key]=$name;
			$emails[$key]=$email;
	
			$loweremails=array_map('strtolower', $emails);
			if (count(array_unique($loweremails))!=count($emails)) {
				$errors['email'.$key][]='Please enter different addresses';
				array_pop($emails);
			}

			if (strlen($email)>100) {
				$errors['email'.$key][]='Please enter a shorter email address';
			} else if (!validEmail($email)) {
				$errors['email'.$key][]='This email address is not valid';
			}
		}
	}

	  if (count($errors)==0) {
	  	$success=true;
	  }
	  
	 if ($success) {
			$sendername=$names[''];

		  $messagehtml=FilterCChars(nl2br(htmlspecialchars(trim($_POST['message']))));
		  $messagetext=str_replace('<br />','',$messagehtml);

		// send message

		require_once 'emailfunctions.php';
		require_once "Mail.php";

		$host = "auth.smtp.1and1.co.uk";
		$username = "info@paiskincare.com";
		$password = "sunshin3";
		
		$smtp = Mail::factory('smtp',
		  array ('host' => $host,
		    'auth' => true,
		    'username' => $username,
		    'password' => $password));

		foreach ($keys as $key => $vouchercode) {
			$recipientname=$names[$key];
			$issender=($key=='');

			ob_start();
			require('message/text.php');
			$text=ob_get_contents();
			ob_end_clean();

			ob_start();
			require('message/index.php');
			$html=ob_get_contents();
			ob_end_clean();

		
			$subject=$issender ? 'Your_=C2=A310_Pai_Gift_Voucher' : ($sendername.'_has_sent_you_a_=C2=A310_Pai_Gift_Voucher');
		
			$error=sendemail($smtp,array($emails[$key]),'=?UTF-8?Q?'.$subject.'?=',$text,$html,array(),'info@paiskincare.com');
		
			if ($error) {
				$success=false;
				$errors['email'.$key][]='Error: '.$error;
			}
		}
	}
}

function showerror($name) {
	global $errors;
	
	if (count($errors[$name])) {
		foreach ($errors[$name] as $error) {
			echo '<br><span class="error">'.htmlspecialchars( $error).'</span>';
		}
	}
}


      
?><html>
<head>
<title>Pai Skincare</title>
<link rel="stylesheet" type="text/css" href="style.css" />
<?php if ($success) { ?>
<meta http-equiv="refresh" content="10;url=http://www.paiskincare.com/" />
<?php } ?>
</head>
<body>

<div class="messageouter2">
<div class="messageouter1">
<div class="message">
<img src="images/logo.png" width="186" height="83" alt="Pai logo" class="logo" />
<img src="http://www.paiskincare.com/images/newsletter_images/dec11/xmas_offer_page.jpg" width="160" height="287" alt="Bottles" class="photo"/>

<?php if ($success) { ?>
<div class="copy">
<div class="heading blue">Thank you</div>

<p>Thank you for referring your friends.</p>

<p>They will each be receiving a &pound;10 voucher shortly.</p>

<p>Please check your email for your &pound;10 voucher.</p>

<p>This page will redirect to the Pai homepage in 10 seconds.</p>
</div>

<?php } else { ?>

<div class="copy">
<div class="heading">&pound;10 Pai Gift Voucher</div>
<div class="subhead">for you and your friends</div>
<p>Let your closest pals in on your best kept skin care secret&hellip;</p>
<p>&hellip;simply enter your name and those of your friends, 
and we will send each of them (and you!) a &pound;10 voucher 
to spend at Pai.
</p>
<div class="smallprint">We won't keep any of your friends' details for use in future marketing - we'll use their details once to send the voucher and then throw them away. &pound;20 minimum basket size excluding delivery (which means a &pound;10 minimum spend after voucher is applied, excluding delivery). Voucher cannot be used to purchase additional Pai vouchers. Voucher cannot be used in conjunction with other cash or % discount vouchers.</div>
</div>
<?php } ?>

</div>
</div>
</div>
<?php if (!$success) { ?>

<a name="form"></a>
<div class="formouter2">
<div class="formouter1">
<div class="form">

<h2>Simply fill in the form below</h2>
<form method="post" action="#form">
<table>
<tr>

<td>
<label for="name">Your name</label><br/>
<input id="name" name="name" value="<?php echo htmlspecialchars($_POST['name']) ?>" />
<?php showerror('name') ?>
</td>
<td>
<label for="email">Your email address</label><br/>
<input id="email" name="email" value="<?php echo htmlspecialchars($_POST['email']) ?>" />
<?php showerror('email') ?>
</td>

</tr>

<tr height="10">
<td colspan="2">
</td>
</tr>

<tr>

<td>
<label for="namef1">Friend 1 first name</label><br/>
<input id="namef1" name="namef1" value="<?php echo htmlspecialchars($_POST['namef1']) ?>" />
<?php showerror('namef1') ?>
</td>
<td>
<label for="emailf1">Friend 1 email address</label><br/>
<input id="emailf1" name="emailf1" value="<?php echo htmlspecialchars($_POST['emailf1']) ?>" />
<?php showerror('emailf1') ?>
</td>

</tr>

<tr>

<td>
<label for="namef2">Friend 2 first name</label><br/>
<input id="namef2" name="namef2" value="<?php echo htmlspecialchars($_POST['namef2']) ?>" />
<?php showerror('namef2') ?>
</td>
<td>
<label for="emailf2">Friend 2 email address</label><br/>
<input id="emailf2" name="emailf2" value="<?php echo htmlspecialchars($_POST['emailf2']) ?>" />
<?php showerror('emailf2') ?>
</td>

</tr>

<tr>

<td>
<label for="namef3">Friend 3 first name</label><br/>
<input id="namef3" name="namef3" value="<?php echo htmlspecialchars($_POST['namef3']) ?>" />
<?php showerror('namef3') ?>
</td>
<td>
<label for="emailf3">Friend 3 email address</label><br/>
<input id="emailf3" name="emailf3" value="<?php echo htmlspecialchars($_POST['emailf3']) ?>" />
<?php showerror('emailf3') ?>
</td>

</tr>

<tr height="10">
<td colspan="2">
</td>
</tr>

<tr>
<td colspan="2">
<label for="message">Your message</label><br/>
<textarea id="message" name="message"><?php echo htmlspecialchars($_POST['message']) ?></textarea>
<?php showerror('message') ?>
</td>

</tr>

<tr>
<td colspan="2">
<label>Enter the letters and numbers shown below</label><br/>

<img id="captcha" src="./securimage/securimage_show.php" alt="CAPTCHA Image" /><br/>
<input type="text" name="captcha_code" size="10" maxlength="6" /><?php showerror('captcha_code') ?>
<br/>
<small>If you can't read the image  <a href="#" onClick="document.getElementById('captcha').src = './securimage/securimage_show.php?' + Math.random(); return false">click here</a> for a new one.

</td>
</tr>



<tr>
<td colspan="2">
<input type="submit" name="" value="Send" id="submit" />
</td>
</tr>

</table>

</div>
</div>
</div>
<?php } ?>

<script type="text/javascript">
<!--
if(!gaJsHost) {
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
}
//-->
</script>
<script type="text/javascript">
<!--
if(!pageTracker) {
var pageTracker = _gat._getTracker('UA-3304027-1');
pageTracker._initData();
pageTracker._trackPageview();
<?php if ($success) { ?>
pageTracker._trackPageview('/offer/success');
<?php } ?>
}
//-->
</script>
<script src="https://www.dwin1.com/2753.js" type="text/javascript" defer="defer"></script>
</body>
</html>
@ Telegram