" } */ require_once __DIR__ . '/config.php'; require_once __DIR__ . '/helpers.php'; header('Content-Type: application/json; charset=utf-8'); cors_headers(); if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(204); exit; } if ($_SERVER['REQUEST_METHOD'] !== 'POST') { json_error('Method not allowed', 405); } // ------------------------------------------------------- // Parse body // ------------------------------------------------------- $raw = file_get_contents('php://input'); $body = json_decode($raw, true); if (!is_array($body)) { json_error('Ungültige Anfrage.'); } // ------------------------------------------------------- // Rate limiting // ------------------------------------------------------- rate_limit('contact_' . client_ip(), RATE_LIMIT_CONTACT, RATE_LIMIT_WINDOW); // ------------------------------------------------------- // Validate // ------------------------------------------------------- $name = trim($body['name'] ?? ''); $contact = trim($body['contact'] ?? ''); $serviceType = trim($body['serviceType'] ?? ''); $message = trim($body['message'] ?? ''); if ($name === '') { json_error('Bitte geben Sie Ihren Namen an.'); } if ($contact === '') { json_error('Bitte geben Sie eine E-Mail-Adresse oder Telefonnummer an.'); } if (mb_strlen($name) > 200 || mb_strlen($contact) > 300 || mb_strlen($message) > 5000) { json_error('Ein Feld überschreitet die maximale Länge.'); } // Sanitize $name = htmlspecialchars($name, ENT_QUOTES, 'UTF-8'); $contact = htmlspecialchars($contact, ENT_QUOTES, 'UTF-8'); $serviceType = htmlspecialchars($serviceType, ENT_QUOTES, 'UTF-8'); $message = htmlspecialchars($message, ENT_QUOTES, 'UTF-8'); // ------------------------------------------------------- // Build e-mail // ------------------------------------------------------- $subject = 'Neue Anfrage über superfice.de – ' . ($serviceType ?: 'Allgemein'); $body_text = <<\r\n"; $headers .= "Reply-To: {$contact}\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/plain; charset=UTF-8\r\n"; $headers .= "X-Mailer: Superfice-Website/1.0\r\n"; // ------------------------------------------------------- // Send e-mail // ------------------------------------------------------- if (USE_SMTP) { send_smtp($subject, $body_text, $headers); } else { $sent = @mail(MAIL_TO, $subject, $body_text, $headers); if (!$sent) { error_log('Superfice contact mail() failed for: ' . $contact); json_error('Beim Senden ist ein Fehler aufgetreten. Bitte schreiben Sie uns direkt an info@superfice.de'); } } // ------------------------------------------------------- // Optional webhook (Slack / CRM) // ------------------------------------------------------- if (defined('WEBHOOK_URL') && WEBHOOK_URL !== '') { $payload = json_encode([ 'text' => "*Neue Superfice-Anfrage*\nName: {$name}\nKontakt: {$contact}\nTyp: {$serviceType}\nNachricht: {$message}", ]); $wh_ctx = stream_context_create([ 'http' => [ 'method' => 'POST', 'header' => "Content-Type: application/json\r\n", 'content' => $payload, 'timeout' => 3, ], ]); @file_get_contents(WEBHOOK_URL, false, $wh_ctx); } echo json_encode(['success' => true]);