From b78345e4c8068e66a7adbbdaa977d416b211b507 Mon Sep 17 00:00:00 2001
From: Jukka Lampikoski <jukka@lampikoski.com>
Date: Mon, 9 Mar 2026 21:12:09 +0200
Subject: [PATCH] =?UTF-8?q?Lis=C3=A4=C3=A4=20laskutoimituscaptcha=20tarjou?=
 =?UTF-8?q?spyynt=C3=B6lomakkeeseen?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Satunnainen yhteenlaskukysymys (esim. "Paljonko on 3 + 5?")
tarkistetaan sekä client- että serverpuolella. Vain sähköposti
on nyt pakollinen kenttä.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 api.php            | 12 ++++++++++--
 tarjouspyynto.html | 37 +++++++++++++++++++++++++++++++++++--
 2 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/api.php b/api.php
index ba34e9d..f76c64f 100644
--- a/api.php
+++ b/api.php
@@ -140,12 +140,20 @@ switch ($action) {
             exit;
         }
 
+        // Captcha
+        $captcha = trim($_POST['captcha'] ?? '');
+        $captchaAnswer = trim($_POST['captcha_answer'] ?? '');
+        if (!$captcha || $captcha !== $captchaAnswer) {
+            echo json_encode(['error' => 'Väärä vastaus varmistuskysymykseen.']);
+            exit;
+        }
+
         // Validate
         $name = trim($_POST['name'] ?? '');
         $email = trim($_POST['email'] ?? '');
 
-        if (!$name || !$email) {
-            echo json_encode(['error' => 'Nimi ja sähköposti ovat pakollisia.']);
+        if (!$email) {
+            echo json_encode(['error' => 'Sähköposti on pakollinen.']);
             exit;
         }
 
diff --git a/tarjouspyynto.html b/tarjouspyynto.html
index 80554dc..bc80eb0 100644
--- a/tarjouspyynto.html
+++ b/tarjouspyynto.html
@@ -65,8 +65,8 @@
                         <!-- Yhteystiedot -->
                         <div class="form-section-title">Yhteystiedot</div>
                         <div class="form-group">
-                            <label for="name">Nimi *</label>
-                            <input type="text" id="name" name="name" required>
+                            <label for="name">Nimi</label>
+                            <input type="text" id="name" name="name">
                         </div>
                         <div class="form-group">
                             <label for="company">Yritys</label>
@@ -191,6 +191,14 @@
                             <textarea id="message" name="message" rows="4" placeholder="Kerro lisää tarpeistasi: tehovaatimukset, aikataulu, erityistoiveet..."></textarea>
                         </div>
 
+                        <!-- Captcha -->
+                        <div class="form-section-title">Varmistus</div>
+                        <div class="form-group">
+                            <label for="captcha" id="captcha-label"></label>
+                            <input type="text" id="captcha" name="captcha" required autocomplete="off" inputmode="numeric" placeholder="Vastaus">
+                            <input type="hidden" id="captcha-answer" name="captcha_answer">
+                        </div>
+
                         <!-- Honeypot -->
                         <div style="display:none" aria-hidden="true">
                             <input type="text" name="website" tabindex="-1" autocomplete="off">
@@ -282,6 +290,19 @@
 
     <script src="script.js"></script>
     <script>
+    // Captcha
+    (function() {
+        function generateCaptcha() {
+            const a = Math.floor(Math.random() * 10) + 1;
+            const b = Math.floor(Math.random() * 10) + 1;
+            const answer = a + b;
+            document.getElementById('captcha-label').textContent = 'Paljonko on ' + a + ' + ' + b + '? *';
+            document.getElementById('captcha-answer').value = answer;
+        }
+        generateCaptcha();
+        window._refreshCaptcha = generateCaptcha;
+    })();
+
     // Price Calculator
     (function() {
         const form = document.getElementById('quote-form');
@@ -410,6 +431,17 @@
             const honeypot = form.querySelector('[name="website"]');
             if (honeypot && honeypot.value) return;
 
+            // Captcha check
+            const captchaInput = document.getElementById('captcha').value.trim();
+            const captchaAnswer = document.getElementById('captcha-answer').value;
+            if (captchaInput !== captchaAnswer) {
+                status.textContent = 'Väärä vastaus varmistuskysymykseen.';
+                status.className = 'form-status form-status-error';
+                window._refreshCaptcha();
+                document.getElementById('captcha').value = '';
+                return;
+            }
+
             const submitBtn = form.querySelector('.btn-submit');
             submitBtn.disabled = true;
             status.textContent = 'Lähetetään...';
@@ -431,6 +463,7 @@
                     status.className = 'form-status form-status-success';
                     form.reset();
                     calculate();
+                    window._refreshCaptcha();
                 }
             })
             .catch(function() {