<?php
header('Content-Type: application/json; charset=utf-8');

// Rate limiting (simple file-based)
function checkRateLimit($ip, $maxRequests = 5, $windowSeconds = 300) {
    $file = __DIR__ . '/data/rate_limits.json';
    $limits = [];

    if (file_exists($file)) {
        $limits = json_decode(file_get_contents($file), true) ?: [];
    }

    $now = time();
    // Clean old entries
    foreach ($limits as $key => $entries) {
        $limits[$key] = array_filter($entries, fn($t) => $now - $t < $windowSeconds);
        if (empty($limits[$key])) {
            unset($limits[$key]);
        }
    }

    $count = count($limits[$ip] ?? []);
    if ($count >= $maxRequests) {
        return false;
    }

    $limits[$ip][] = $now;

    $dir = dirname($file);
    if (!is_dir($dir)) {
        mkdir($dir, 0755, true);
    }
    file_put_contents($file, json_encode($limits));

    return true;
}

$action = $_GET['action'] ?? '';

switch ($action) {
    case 'contact':
        if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
            http_response_code(405);
            echo json_encode(['error' => 'Method not allowed']);
            exit;
        }

        // Honeypot
        if (!empty($_POST['website'])) {
            echo json_encode(['success' => true]);
            exit;
        }

        // Rate limit
        $ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
        if (!checkRateLimit($ip)) {
            http_response_code(429);
            echo json_encode(['error' => 'Liian monta viestiä. Yritä myöhemmin uudelleen.']);
            exit;
        }

        // Validate
        $name = trim($_POST['name'] ?? '');
        $company = trim($_POST['company'] ?? '');
        $email = trim($_POST['email'] ?? '');
        $phone = trim($_POST['phone'] ?? '');
        $message = trim($_POST['message'] ?? '');

        if (!$name || !$email || !$message) {
            echo json_encode(['error' => 'Täytä kaikki pakolliset kentät.']);
            exit;
        }

        if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
            echo json_encode(['error' => 'Tarkista sähköpostiosoite.']);
            exit;
        }

        // Save to file
        $contactFile = __DIR__ . '/data/contacts.json';
        $contacts = [];
        if (file_exists($contactFile)) {
            $contacts = json_decode(file_get_contents($contactFile), true) ?: [];
        }

        $contacts[] = [
            'id' => uniqid(),
            'name' => $name,
            'company' => $company,
            'email' => $email,
            'phone' => $phone,
            'message' => $message,
            'ip' => $ip,
            'created_at' => date('Y-m-d H:i:s')
        ];

        $dir = dirname($contactFile);
        if (!is_dir($dir)) {
            mkdir($dir, 0755, true);
        }
        file_put_contents($contactFile, json_encode($contacts, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));

        // Send email
        $to = 'info@konesaliturku.fi';
        $subject = 'Yhteydenotto: ' . $name . ($company ? " ($company)" : '');
        $body = "Uusi yhteydenotto konesaliturku.fi:n kautta\n\n";
        $body .= "Nimi: $name\n";
        if ($company) $body .= "Yritys: $company\n";
        $body .= "Sähköposti: $email\n";
        if ($phone) $body .= "Puhelin: $phone\n";
        $body .= "\nViesti:\n$message\n";

        $headers = "From: noreply@konesaliturku.fi\r\n";
        $headers .= "Reply-To: $email\r\n";
        $headers .= "Content-Type: text/plain; charset=UTF-8\r\n";

        @mail($to, $subject, $body, $headers);

        echo json_encode(['success' => true]);
        break;

    default:
        http_response_code(404);
        echo json_encode(['error' => 'Unknown action']);
        break;
}