From eb4662e586d766c8e4f8709ab203ffff48bea75e Mon Sep 17 00:00:00 2001
From: Jukka Lampikoski <jukka@lampikoski.com>
Date: Tue, 10 Mar 2026 10:20:27 +0200
Subject: [PATCH] =?UTF-8?q?Lis=C3=A4=C3=A4=20yhteydenottolomakkeen=20PHP-b?=
 =?UTF-8?q?ackend=20ja=20vaihda=20s=C3=A4hk=C3=B6posti?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- send.php: lomake lähettää sähköpostin box@storagebox.fi:hin
- script.js: lomake POSTaa send.php:lle async/await:lla
- Vaihdettu info@storagebox.fi -> box@storagebox.fi
- Validointi, header injection -suojaus, UTF-8 tuki

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 index.html |  2 +-
 script.js  | 37 ++++++++++++++++++++++-------
 send.php   | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 100 insertions(+), 9 deletions(-)
 create mode 100644 send.php

diff --git a/index.html b/index.html
index f1be971..34e8fa2 100644
--- a/index.html
+++ b/index.html
@@ -240,7 +240,7 @@
                         <h3>Yhteystiedot</h3>
                         <div class="contact-item">
                             <span class="contact-icon">📧</span>
-                            <a href="mailto:info@storagebox.fi">info@storagebox.fi</a>
+                            <a href="mailto:box@storagebox.fi">box@storagebox.fi</a>
                         </div>
                         <div class="contact-item">
                             <span class="contact-icon">🌐</span>
diff --git a/script.js b/script.js
index 7b84f4e..92b2d5f 100644
--- a/script.js
+++ b/script.js
@@ -51,19 +51,40 @@ document.querySelectorAll('.feature-card, .pricing-card, .contact-info-card, .se
 const contactForm = document.getElementById('contactForm');
 const formStatus = document.getElementById('formStatus');
 
-contactForm.addEventListener('submit', (e) => {
+contactForm.addEventListener('submit', async (e) => {
     e.preventDefault();
 
-    const formData = new FormData(contactForm);
-    const data = Object.fromEntries(formData);
+    const submitBtn = contactForm.querySelector('button[type="submit"]');
+    const originalText = submitBtn.textContent;
+    submitBtn.textContent = 'Lähetetään...';
+    submitBtn.disabled = true;
 
-    // For now, show success message (backend can be added later)
-    formStatus.className = 'form-status success';
-    formStatus.textContent = 'Kiitos viestistäsi! Palaamme asiaan mahdollisimman pian.';
+    try {
+        const formData = new FormData(contactForm);
+        const response = await fetch('send.php', {
+            method: 'POST',
+            body: formData,
+        });
 
-    contactForm.reset();
+        const result = await response.json();
+
+        if (result.success) {
+            formStatus.className = 'form-status success';
+            formStatus.textContent = result.message;
+            contactForm.reset();
+        } else {
+            formStatus.className = 'form-status error';
+            formStatus.textContent = result.message;
+        }
+    } catch (error) {
+        formStatus.className = 'form-status error';
+        formStatus.textContent = 'Yhteysvirhe. Ota yhteyttä suoraan: box@storagebox.fi';
+    }
+
+    submitBtn.textContent = originalText;
+    submitBtn.disabled = false;
 
     setTimeout(() => {
         formStatus.className = 'form-status';
-    }, 5000);
+    }, 8000);
 });
diff --git a/send.php b/send.php
new file mode 100644
index 0000000..f0c28ae
--- /dev/null
+++ b/send.php
@@ -0,0 +1,70 @@
+<?php
+header('Content-Type: application/json; charset=utf-8');
+
+// Vain POST sallittu
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    http_response_code(405);
+    echo json_encode(['success' => false, 'message' => 'Method not allowed']);
+    exit;
+}
+
+// Lomakkeen tiedot
+$name = trim($_POST['name'] ?? '');
+$email = trim($_POST['email'] ?? '');
+$package = trim($_POST['package'] ?? '');
+$message = trim($_POST['message'] ?? '');
+
+// Validointi
+if (empty($name) || empty($email) || empty($message)) {
+    http_response_code(400);
+    echo json_encode(['success' => false, 'message' => 'Täytä kaikki pakolliset kentät.']);
+    exit;
+}
+
+if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+    http_response_code(400);
+    echo json_encode(['success' => false, 'message' => 'Virheellinen sähköpostiosoite.']);
+    exit;
+}
+
+// Suojaa header injectionilta
+$name = str_replace(["\r", "\n"], '', $name);
+$email = str_replace(["\r", "\n"], '', $email);
+
+// Sähköpostin vastaanottaja
+$to = 'box@storagebox.fi';
+
+// Aihe
+$subject = 'StorageBox.fi - Yhteydenotto: ' . $name;
+
+// Viestin sisältö
+$body = "Uusi yhteydenotto StorageBox.fi:n kautta\n";
+$body .= "========================================\n\n";
+$body .= "Nimi: {$name}\n";
+$body .= "Sähköposti: {$email}\n";
+if (!empty($package)) {
+    $packages = [
+        'mini' => 'Mini — 100 GB — 29€/v',
+        'perus' => 'Perus — 200 GB — 69€/v',
+        'plus' => 'Plus — 500 GB — 119€/v',
+        'pro' => 'Pro — 1 TB — 199€/v',
+        'business' => 'Business — 2 TB — 299€/v',
+    ];
+    $packageName = $packages[$package] ?? $package;
+    $body .= "Paketti: {$packageName}\n";
+}
+$body .= "\nViesti:\n{$message}\n";
+
+// Headerit
+$headers = "From: StorageBox.fi <box@storagebox.fi>\r\n";
+$headers .= "Reply-To: {$name} <{$email}>\r\n";
+$headers .= "Content-Type: text/plain; charset=UTF-8\r\n";
+$headers .= "X-Mailer: StorageBox.fi Contact Form\r\n";
+
+// Lähetä
+if (mail($to, '=?UTF-8?B?' . base64_encode($subject) . '?=', $body, $headers)) {
+    echo json_encode(['success' => true, 'message' => 'Viesti lähetetty! Palaamme asiaan pian.']);
+} else {
+    http_response_code(500);
+    echo json_encode(['success' => false, 'message' => 'Viestin lähetys epäonnistui. Ota yhteyttä suoraan: box@storagebox.fi']);
+}