Ihor_Zhekov/Websites
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
44a88dcfadb7f38a63713c410581164262cb60b0
Websites/Profice WebSite/scripts/add/send.php
Ihor_Zhekov 44a88dcfad 5
2026-02-06 13:26:38 +01:00

662 lines
20 KiB
PHP
Raw Blame History

<?php
/**
* Profice Web API Handler - Centralized Configuration
* ALL SENSITIVE DATA STORED HERE - NOT VISIBLE TO CLIENT
* Handles webhooks, API, tokens, cookie consent, tracking
*/
// ==========================================
// SECURITY HEADERS
// ==========================================
header('Content-Type: application/json');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: DENY');
header('X-XSS-Protection: 1; mode=block');
header('Referrer-Policy: strict-origin-when-cross-origin');
// CORS - Restrict to your domain in production
$allowedOrigins = [
'https://profice.de',
'https://www.profice.de',
'http://localhost',
'http://127.0.0.1',
'https://staging.profice.de'
];
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
if (in_array($origin, $allowedOrigins)) {
header("Access-Control-Allow-Origin: $origin");
} else {
header('Access-Control-Allow-Origin: *'); // Development fallback
}
header('Access-Control-Allow-Methods: POST, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type');
header('Access-Control-Max-Age: 86400');
// Handle preflight OPTIONS request
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit();
}
// ==========================================
// SENSITIVE CONFIGURATION - HIDDEN FROM CLIENT
// ==========================================
// Environment
define('USE_PRODUCTION', true); // Use production webhook for live server
define('DEBUG_MODE', true); // Enable debug temporarily to see errors
// N8N Webhooks
define('WEBHOOK_TEST', 'https://n8n.profice.de/webhook-test/d94ef798-3f43-46dd-8207-1e335e64518f');
define('WEBHOOK_PROD', 'https://n8n.profice.de/webhook/d94ef798-3f43-46dd-8207-1e335e64518f');
define('WEBHOOK_URL', USE_PRODUCTION ? WEBHOOK_PROD : WEBHOOK_TEST);
// KI Chat Webhook
define('KI_CHAT_WEBHOOK_TEST', 'https://n8n.profice.de/webhook-test/8a25bce2-ff83-4676-a3a2-a0e1174fcffe');
define('KI_CHAT_WEBHOOK_PROD', 'https://n8n.profice.de/webhook/8a25bce2-ff83-4676-a3a2-a0e1174fcffe');
define('KI_CHAT_WEBHOOK_URL', USE_PRODUCTION ? KI_CHAT_WEBHOOK_PROD : KI_CHAT_WEBHOOK_TEST);
// Google Analytics
define('GA_MEASUREMENT_ID', 'G-XXXXXXXXXX'); // Replace with your actual ID
define('GA_API_SECRET', ''); // For server-side tracking
// Google Tag Manager
define('GTM_CONTAINER_ID', 'GTM-XXXXXXX'); // Replace with your actual ID
// Facebook Pixel
define('FB_PIXEL_ID', ''); // Replace with your actual ID
define('FB_ACCESS_TOKEN', ''); // For Conversions API
// Google Ads
define('GADS_CONVERSION_ID', 'AW-XXXXXXXXXX');
define('GADS_CONVERSION_LABEL', '');
// LinkedIn Insight
define('LINKEDIN_PARTNER_ID', '');
// API Keys
define('API_SECRET_KEY', 'your-secret-key-here'); // For API authentication
// Rate Limiting
define('RATE_LIMIT_REQUESTS', 100);
define('RATE_LIMIT_WINDOW', 3600); // 1 hour
// ==========================================
// HELPER FUNCTIONS
// ==========================================
function sendResponse($success, $message, $data = null, $statusCode = 200) {
http_response_code($statusCode);
$response = [
'success' => $success,
'message' => $message,
'timestamp' => date('c')
];
// Only include data if not null and not in production (security)
if ($data !== null && (!USE_PRODUCTION || DEBUG_MODE)) {
$response['data'] = $data;
} elseif ($data !== null && $success) {
// In production, only return safe data
$response['data'] = filterSafeData($data);
}
echo json_encode($response);
exit();
}
function filterSafeData($data) {
// Remove sensitive fields from response
$sensitiveFields = ['webhook_url', 'ip_address', 'user_agent', 'http_code', 'error'];
if (is_array($data)) {
foreach ($sensitiveFields as $field) {
unset($data[$field]);
}
}
return $data;
}
function getClientIP() {
$ipKeys = ['HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR'];
foreach ($ipKeys as $key) {
if (array_key_exists($key, $_SERVER)) {
foreach (explode(',', $_SERVER[$key]) as $ip) {
$ip = trim($ip);
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) {
return $ip;
}
}
}
}
return $_SERVER['REMOTE_ADDR'] ?? 'unknown';
}
function sanitizeInput($input) {
if (is_array($input)) {
return array_map('sanitizeInput', $input);
}
return htmlspecialchars(trim($input), ENT_QUOTES, 'UTF-8');
}
function validateCSRFToken($token) {
// Implement CSRF validation if needed
return true;
}
function checkRateLimit($ip) {
$rateLimitFile = __DIR__ . '/rate_limits.json';
$limits = [];
if (file_exists($rateLimitFile)) {
$limits = json_decode(file_get_contents($rateLimitFile), true) ?: [];
}
$now = time();
$windowStart = $now - RATE_LIMIT_WINDOW;
// Clean old entries
$limits = array_filter($limits, function($entry) use ($windowStart) {
return $entry['time'] > $windowStart;
});
// Count requests from this IP
$ipRequests = array_filter($limits, function($entry) use ($ip) {
return $entry['ip'] === $ip;
});
if (count($ipRequests) >= RATE_LIMIT_REQUESTS) {
return false;
}
// Add new request
$limits[] = ['ip' => $ip, 'time' => $now];
file_put_contents($rateLimitFile, json_encode($limits));
return true;
}
// ==========================================
// WEBHOOK FUNCTIONS
// ==========================================
function sendToWebhook($data, $webhookUrl = null) {
$url = $webhookUrl ?? WEBHOOK_URL;
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => json_encode($data),
CURLOPT_HTTPHEADER => [
'Content-Type: application/json',
'User-Agent: Profice-Web-API/2.0'
],
CURLOPT_TIMEOUT => 30,
CURLOPT_SSL_VERIFYPEER => false, // Disable SSL verification for n8n connection
CURLOPT_SSL_VERIFYHOST => false, // Disable host verification
CURLOPT_FOLLOWLOCATION => true
]);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$error = curl_error($ch);
$errno = curl_errno($ch);
curl_close($ch);
if ($error) {
error_log("Webhook Error [$errno]: " . $error . " - URL: " . $url);
return ['success' => false, 'error' => $error, 'errno' => $errno, 'response' => $response];
}
return [
'success' => $httpCode >= 200 && $httpCode < 300,
'http_code' => $httpCode,
'response' => $response,
'error' => $error
];
}
// ==========================================
// TRACKING FUNCTIONS - SERVER SIDE
// ==========================================
function getTrackingConfig() {
// Return tracking configuration for client
// IDs are loaded from server, not exposed in JS
return [
'analytics_enabled' => !empty(GA_MEASUREMENT_ID) && GA_MEASUREMENT_ID !== 'G-XXXXXXXXXX',
'gtm_enabled' => !empty(GTM_CONTAINER_ID) && GTM_CONTAINER_ID !== 'GTM-XXXXXXX',
'fb_enabled' => !empty(FB_PIXEL_ID),
'gads_enabled' => !empty(GADS_CONVERSION_ID) && GADS_CONVERSION_ID !== 'AW-XXXXXXXXXX',
'linkedin_enabled' => !empty(LINKEDIN_PARTNER_ID)
];
}
function loadTrackingScripts($preferences) {
$scripts = [];
// Google Analytics
if ($preferences['analytics'] && !empty(GA_MEASUREMENT_ID) && GA_MEASUREMENT_ID !== 'G-XXXXXXXXXX') {
$scripts['ga'] = [
'type' => 'analytics',
'src' => 'https://www.googletagmanager.com/gtag/js?id=' . GA_MEASUREMENT_ID,
'config' => [
'id' => GA_MEASUREMENT_ID
]
];
}
// Google Tag Manager
if ($preferences['analytics'] && !empty(GTM_CONTAINER_ID) && GTM_CONTAINER_ID !== 'GTM-XXXXXXX') {
$scripts['gtm'] = [
'type' => 'gtm',
'src' => 'https://www.googletagmanager.com/gtm.js?id=' . GTM_CONTAINER_ID,
'config' => [
'id' => GTM_CONTAINER_ID
]
];
}
// Facebook Pixel
if ($preferences['marketing'] && !empty(FB_PIXEL_ID)) {
$scripts['fb'] = [
'type' => 'pixel',
'src' => 'https://connect.facebook.net/en_US/fbevents.js',
'config' => [
'pixel_id' => FB_PIXEL_ID
]
];
}
// Google Ads
if ($preferences['marketing'] && !empty(GADS_CONVERSION_ID) && GADS_CONVERSION_ID !== 'AW-XXXXXXXXXX') {
$scripts['gads'] = [
'type' => 'conversion',
'src' => 'https://www.googletagmanager.com/gtag/js?id=' . GADS_CONVERSION_ID,
'config' => [
'conversion_id' => GADS_CONVERSION_ID,
'conversion_label' => GADS_CONVERSION_LABEL
]
];
}
// LinkedIn
if ($preferences['marketing'] && !empty(LINKEDIN_PARTNER_ID)) {
$scripts['linkedin'] = [
'type' => 'insight',
'src' => 'https://snap.licdn.com/li.lms-analytics/insight.min.js',
'config' => [
'partner_id' => LINKEDIN_PARTNER_ID
]
];
}
return $scripts;
}
function sendEventToGA($data) {
if (empty(GA_MEASUREMENT_ID) || GA_MEASUREMENT_ID === 'G-XXXXXXXXXX') {
return false;
}
$postData = [
'client_id' => $data['client_id'] ?? uniqid(),
'user_id' => $data['user_id'] ?? null,
'events' => [
[
'name' => $data['event_name'],
'params' => $data['params'] ?? []
]
]
];
$url = 'https://www.google-analytics.com/mp/collect';
$url .= '?measurement_id=' . GA_MEASUREMENT_ID;
$url .= '&api_secret=' . GA_API_SECRET;
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => json_encode($postData),
CURLOPT_HTTPHEADER => ['Content-Type: application/json'],
CURLOPT_TIMEOUT => 10
]);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
return $httpCode >= 200 && $httpCode < 300;
}
function sendEventToFB($data) {
if (empty(FB_PIXEL_ID) || empty(FB_ACCESS_TOKEN)) {
return false;
}
$postData = [
'data' => [
[
'event_name' => $data['event_name'],
'event_time' => time(),
'action_source' => 'website',
'user_data' => $data['user_data'] ?? [],
'custom_data' => $data['custom_data'] ?? []
]
]
];
$url = 'https://graph.facebook.com/v18.0/' . FB_PIXEL_ID . '/events';
$url .= '?access_token=' . FB_ACCESS_TOKEN;
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => json_encode($postData),
CURLOPT_HTTPHEADER => ['Content-Type: application/json'],
CURLOPT_TIMEOUT => 10
]);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
return $httpCode >= 200 && $httpCode < 300;
}
// ==========================================
// STORAGE FUNCTIONS
// ==========================================
function storeLead($data) {
$leadFile = __DIR__ . '/data/leads.json';
$dir = dirname($leadFile);
if (!is_dir($dir)) {
mkdir($dir, 0755, true);
}
$leads = [];
if (file_exists($leadFile)) {
$leads = json_decode(file_get_contents($leadFile), true) ?: [];
}
$lead = [
'id' => uniqid('lead_', true),
'datum' => date('d.m.Y'),
'dienstleistung' => $data['service'] ?? 'Allgemein',
'status' => 'open',
'statusText' => 'Offen',
'description' => $data['description'] ?? '',
'name' => $data['name'] ?? '',
'contact' => $data['contact'] ?? '',
'organisation' => $data['organisation'] ?? '',
'timestamp' => date('c'),
'ip_address' => getClientIP()
];
array_unshift($leads, $lead);
$leads = array_slice($leads, 0, 100);
file_put_contents($leadFile, json_encode($leads, JSON_PRETTY_PRINT));
return $lead['id'];
}
function storeCookieConsent($data) {
$consentFile = __DIR__ . '/data/cookie_consent.json';
$dir = dirname($consentFile);
if (!is_dir($dir)) {
mkdir($dir, 0755, true);
}
$consents = [];
if (file_exists($consentFile)) {
$consents = json_decode(file_get_contents($consentFile), true) ?: [];
}
$consent = [
'id' => uniqid('consent_', true),
'timestamp' => date('c'),
'preferences' => $data['preferences'] ?? [],
'ip_address' => getClientIP(),
'user_agent' => $_SERVER['HTTP_USER_AGENT'] ?? ''
];
array_unshift($consents, $consent);
$consents = array_slice($consents, 0, 1000);
file_put_contents($consentFile, json_encode($consents, JSON_PRETTY_PRINT));
return $consent['id'];
}
function getCookieConsent() {
$consentFile = __DIR__ . '/data/cookie_consent.json';
if (!file_exists($consentFile)) {
return null;
}
$consents = json_decode(file_get_contents($consentFile), true) ?: [];
return $consents[0] ?? null;
}
// ==========================================
// REQUEST HANDLERS
// ==========================================
function handleContactForm($data) {
$required = ['name', 'contact'];
foreach ($required as $field) {
if (empty($data[$field])) {
sendResponse(false, "Pflichtfeld fehlt: {$field}", null, 400);
}
}
$formData = [
'name' => sanitizeInput($data['name']),
'organisation' => sanitizeInput($data['organisation'] ?? ''),
'contact' => sanitizeInput($data['contact']),
'service' => sanitizeInput($data['service'] ?? ''),
'budget' => sanitizeInput($data['budget'] ?? ''),
'description' => sanitizeInput($data['description'] ?? ''),
'timestamp' => date('c'),
'source' => 'contact_form',
'form_type' => 'offer',
'ip_address' => getClientIP()
];
// Store lead locally first
$leadId = storeLead($formData);
// Send to Offer webhook (contact form)
$webhookResult = sendToWebhook($formData, WEBHOOK_URL);
// Always return success to user, but include webhook info in debug mode
$debugData = DEBUG_MODE ? [
'lead_id' => $leadId,
'webhook_result' => $webhookResult,
'webhook_url' => WEBHOOK_URL,
'form_data' => $formData
] : null;
if ($webhookResult['success']) {
sendResponse(true, 'Formular erfolgreich gesendet', $debugData);
} else {
// Still return success to user but log the webhook error
error_log('Webhook failed but form was stored locally: ' . json_encode($webhookResult));
sendResponse(true, 'Formular erfolgreich gesendet (Webhook-Fehler protokolliert)', $debugData);
}
}
function handleLeadForm($data) {
// Handle lead form submissions
$leadId = storeLead($data);
sendResponse(true, 'Lead gespeichert', ['lead_id' => $leadId]);
}
function handleCookieConsent($data) {
$preferences = $data['preferences'] ?? [];
$consentId = storeCookieConsent(['preferences' => $preferences]);
// Load tracking scripts based on preferences
$scripts = loadTrackingScripts($preferences);
sendResponse(true, 'Cookie-Einstellungen gespeichert', [
'consent_id' => $consentId,
'scripts' => $scripts
]);
}
function handleGetCookieConsent($data) {
$consent = getCookieConsent();
if ($consent) {
sendResponse(true, 'Cookie-Einstellungen gefunden', $consent);
} else {
sendResponse(false, 'Keine Cookie-Einstellungen gefunden', null, 404);
}
}
function handleGetTrackingConfig($data) {
$config = getTrackingConfig();
sendResponse(true, 'Tracking-Konfiguration', $config);
}
function handleChatMessage($data) {
$message = sanitizeInput($data['message'] ?? '');
$sessionId = sanitizeInput($data['session_id'] ?? uniqid('chat_'));
if (empty($message)) {
sendResponse(false, 'Nachricht darf nicht leer sein', null, 400);
}
$chatData = [
'type' => 'chat_message',
'session_id' => $sessionId,
'message' => $message,
'timestamp' => date('c'),
'source' => 'website_chat',
'ip_address' => getClientIP(),
'user_agent' => $_SERVER['HTTP_USER_AGENT'] ?? ''
];
// Send to KI Chat webhook
$webhookResult = sendToWebhook($chatData, KI_CHAT_WEBHOOK_URL);
$debugData = DEBUG_MODE ? [
'session_id' => $sessionId,
'webhook_result' => $webhookResult,
'webhook_url' => KI_CHAT_WEBHOOK_URL
] : null;
if ($webhookResult['success']) {
// Try to parse response from webhook
$response = json_decode($webhookResult['response'], true);
$aiResponse = $response['message'] ?? 'Vielen Dank für Ihre Nachricht. Ich melde mich so schnell wie möglich bei Ihnen.';
sendResponse(true, 'Nachricht gesendet', array_merge($debugData, [
'session_id' => $sessionId,
'ai_response' => $aiResponse,
'timestamp' => date('c')
]));
} else {
error_log('Chat webhook failed: ' . json_encode($webhookResult));
sendResponse(false, 'Chat-Service derzeit nicht verfügbar. Bitte versuchen Sie es später erneut.', $debugData, 503);
}
}
function handleTrackEvent($data) {
$eventName = $data['event_name'] ?? '';
$eventData = $data['event_data'] ?? [];
// Send to Google Analytics
$gaSuccess = sendEventToGA([
'event_name' => $eventName,
'params' => $eventData
]);
// Send to Facebook
$fbSuccess = sendEventToFB([
'event_name' => $eventName,
'custom_data' => $eventData
]);
sendResponse(true, 'Event gesendet', [
'ga_success' => $gaSuccess,
'fb_success' => $fbSuccess
]);
}
// ==========================================
// MAIN REQUEST HANDLER
// ==========================================
// Validate request method
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
sendResponse(false, 'Nur POST-Anfragen erlaubt', null, 405);
}
// Rate limiting
$clientIP = getClientIP();
if (!checkRateLimit($clientIP)) {
sendResponse(false, 'Zu viele Anfragen. Bitte später erneut versuchen.', null, 429);
}
// Get JSON input
$jsonInput = file_get_contents('php://input');
$data = json_decode($jsonInput, true);
if (!$data) {
$data = $_POST;
}
if (!$data || empty($data)) {
sendResponse(false, 'Keine Daten empfangen', null, 400);
}
$requestType = $data['type'] ?? 'contact';
try {
switch ($requestType) {
case 'contact':
handleContactForm($data);
break;
case 'lead':
handleLeadForm($data);
break;
case 'cookie_consent':
handleCookieConsent($data);
break;
case 'get_cookie_consent':
handleGetCookieConsent($data);
break;
case 'get_tracking_config':
handleGetTrackingConfig($data);
break;
case 'track_event':
handleTrackEvent($data);
break;
case 'chat':
handleChatMessage($data);
break;
default:
sendResponse(false, 'Ungültiger Anfragetyp', null, 400);
}
} catch (Exception $e) {
error_log('API Error: ' . $e->getMessage());
error_log('Stack trace: ' . $e->getTraceAsString());
sendResponse(false, 'Interner Serverfehler', null, 500);
}
?>
Reference in New Issue View Git Blame Copy Permalink