Superfice_Website/api/contact.php

<?php
/**
 * Superfice – Contact Form API
 *
 * POST /api/contact.php
 * Content-Type: application/json
 *
 * Body:
 * {
 *   "name":        string (required),
 *   "contact":     string (required, email or phone),
 *   "serviceType": string (optional),
 *   "message":     string (optional)
 * }
 *
 * Returns JSON: { "success": true }
 * or            { "success": false, "error": "<message>" }
 */

require_once __DIR__ . '/config.php';
require_once __DIR__ . '/helpers.php';

header('Content-Type: application/json; charset=utf-8');
cors_headers();

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(204);
    exit;
}

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    json_error('Method not allowed', 405);
}

// -------------------------------------------------------
// Parse body
// -------------------------------------------------------
$raw = file_get_contents('php://input');
$body = json_decode($raw, true);

if (!is_array($body)) {
    json_error('Ungültige Anfrage.');
}

// -------------------------------------------------------
// Rate limiting
// -------------------------------------------------------
rate_limit('contact_' . client_ip(), RATE_LIMIT_CONTACT, RATE_LIMIT_WINDOW);

// -------------------------------------------------------
// Validate
// -------------------------------------------------------
$name        = trim($body['name'] ?? '');
$contact     = trim($body['contact'] ?? '');
$serviceType = trim($body['serviceType'] ?? '');
$message     = trim($body['message'] ?? '');

if ($name === '') {
    json_error('Bitte geben Sie Ihren Namen an.');
}

if ($contact === '') {
    json_error('Bitte geben Sie eine E-Mail-Adresse oder Telefonnummer an.');
}

if (mb_strlen($name) > 200 || mb_strlen($contact) > 300 || mb_strlen($message) > 5000) {
    json_error('Ein Feld überschreitet die maximale Länge.');
}

// Sanitize
$name        = htmlspecialchars($name, ENT_QUOTES, 'UTF-8');
$contact     = htmlspecialchars($contact, ENT_QUOTES, 'UTF-8');
$serviceType = htmlspecialchars($serviceType, ENT_QUOTES, 'UTF-8');
$message     = htmlspecialchars($message, ENT_QUOTES, 'UTF-8');

// -------------------------------------------------------
// Build e-mail
// -------------------------------------------------------
$subject = 'Neue Anfrage über superfice.de – ' . ($serviceType ?: 'Allgemein');

$body_text = <<<TXT
Neue Anfrage über superfice.de

Name:        {$name}
Kontakt:     {$contact}
Aufmaß-Typ:  {$serviceType}

Nachricht:
{$message}

---
IP: {$_SERVER['REMOTE_ADDR']}
Zeit: {$_SERVER['REQUEST_TIME']}
TXT;

$headers  = "From: " . MAIL_FROM_NAME . " <" . MAIL_FROM . ">\r\n";
$headers .= "Reply-To: {$contact}\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/plain; charset=UTF-8\r\n";
$headers .= "X-Mailer: Superfice-Website/1.0\r\n";

// -------------------------------------------------------
// Send e-mail
// -------------------------------------------------------
if (USE_SMTP) {
    send_smtp($subject, $body_text, $headers);
} else {
    $sent = @mail(MAIL_TO, $subject, $body_text, $headers);
    if (!$sent) {
        error_log('Superfice contact mail() failed for: ' . $contact);
        json_error('Beim Senden ist ein Fehler aufgetreten. Bitte schreiben Sie uns direkt an info@superfice.de');
    }
}

// -------------------------------------------------------
// Optional webhook (Slack / CRM)
// -------------------------------------------------------
if (defined('WEBHOOK_URL') && WEBHOOK_URL !== '') {
    $payload = json_encode([
        'text' => "*Neue Superfice-Anfrage*\nName: {$name}\nKontakt: {$contact}\nTyp: {$serviceType}\nNachricht: {$message}",
    ]);
    $wh_ctx = stream_context_create([
        'http' => [
            'method'  => 'POST',
            'header'  => "Content-Type: application/json\r\n",
            'content' => $payload,
            'timeout' => 3,
        ],
    ]);
    @file_get_contents(WEBHOOK_URL, false, $wh_ctx);
}

echo json_encode(['success' => true]);