jukka/cuitunet.fi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a1b8368b65fc16f0eba8b5f0bb61bd5b94b80275
cuitunet.fi/send.php
Jukka Lampikoski f0d3b66756 Add working availability form with PHP email sending 
- send.php handles form submission and sends email via mail()
- Honeypot field for bot protection
- IP-based rate limiting (60s cooldown)
- Query logging to data/kyselyt.log
- Frontend JS with loading state and success/error feedback
- data/ directory protected with .htaccess

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-10 00:41:08 +02:00

101 lines
3.2 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
header('Content-Type: application/json; charset=utf-8');
// Vain POST-pyynnöt
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode(['success' => false, 'error' => 'Virheellinen pyyntö']);
exit;
}
// Rate limiting (yksinkertainen, IP-pohjainen)
$rateLimitDir = __DIR__ . '/data';
if (!is_dir($rateLimitDir)) {
mkdir($rateLimitDir, 0755, true);
}
$ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
$rateLimitFile = $rateLimitDir . '/ratelimit_' . md5($ip) . '.txt';
$now = time();
if (file_exists($rateLimitFile)) {
$lastSent = (int) file_get_contents($rateLimitFile);
if ($now - $lastSent < 60) {
http_response_code(429);
echo json_encode(['success' => false, 'error' => 'Odota hetki ennen uutta lähetystä']);
exit;
}
}
// Honeypot-kenttä (botisuoja)
if (!empty($_POST['website'])) {
http_response_code(200);
echo json_encode(['success' => true]);
exit;
}
// Kentät
$company = trim($_POST['company'] ?? '');
$email = trim($_POST['email'] ?? '');
$address = trim($_POST['address'] ?? '');
$city = trim($_POST['city'] ?? '');
$message = trim($_POST['message'] ?? '');
// Validointi
if (empty($company) || empty($email) || empty($address) || empty($city)) {
http_response_code(400);
echo json_encode(['success' => false, 'error' => 'Täytä kaikki pakolliset kentät']);
exit;
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
http_response_code(400);
echo json_encode(['success' => false, 'error' => 'Tarkista sähköpostiosoite']);
exit;
}
// Sanitointi
$company = htmlspecialchars($company, ENT_QUOTES, 'UTF-8');
$email = htmlspecialchars($email, ENT_QUOTES, 'UTF-8');
$address = htmlspecialchars($address, ENT_QUOTES, 'UTF-8');
$city = htmlspecialchars($city, ENT_QUOTES, 'UTF-8');
$message = htmlspecialchars($message, ENT_QUOTES, 'UTF-8');
// Sähköpostin sisältö
$to = 'asiakaspalvelu@cuitunet.fi';
$subject = "Saatavuuskysely: $company $address, $city";
$body = "Uusi saatavuuskysely cuitunet.fi-sivustolta\n";
$body .= "=========================================\n\n";
$body .= "Yritys: $company\n";
$body .= "Sähköposti: $email\n";
$body .= "Osoite: $address\n";
$body .= "Kaupunki: $city\n";
if (!empty($message)) {
$body .= "Lisätiedot: $message\n";
}
$body .= "\n-----------------------------------------\n";
$body .= "Lähetetty: " . date('d.m.Y H:i') . "\n";
$body .= "IP: $ip\n";
$headers = "From: sivusto@cuitunet.fi\r\n";
$headers .= "Reply-To: $email\r\n";
$headers .= "Content-Type: text/plain; charset=UTF-8\r\n";
$headers .= "X-Mailer: Cuitunet-Web\r\n";
// Lähetys
$sent = mail($to, $subject, $body, $headers);
if ($sent) {
// Tallenna rate limit
file_put_contents($rateLimitFile, $now);
// Tallenna kopio kyselyistä
$logFile = $rateLimitDir . '/kyselyt.log';
$logEntry = date('Y-m-d H:i:s') . " | $company | $email | $address, $city | $message\n";
file_put_contents($logFile, $logEntry, FILE_APPEND | LOCK_EX);
echo json_encode(['success' => true]);
} else {
http_response_code(500);
echo json_encode(['success' => false, 'error' => 'Viestin lähetys epäonnistui. Yritä myöhemmin uudelleen.']);
}
Reference in New Issue View Git Blame Copy Permalink