false, 'message' => 'Method not allowed']); exit; } // Lomakkeen tiedot $name = trim($_POST['name'] ?? ''); $email = trim($_POST['email'] ?? ''); $package = trim($_POST['package'] ?? ''); $message = trim($_POST['message'] ?? ''); // Validointi if (empty($name) || empty($email) || empty($message)) { http_response_code(400); echo json_encode(['success' => false, 'message' => 'Täytä kaikki pakolliset kentät.']); exit; } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { http_response_code(400); echo json_encode(['success' => false, 'message' => 'Virheellinen sähköpostiosoite.']); exit; } // Suojaa header injectionilta $name = str_replace(["\r", "\n"], '', $name); $email = str_replace(["\r", "\n"], '', $email); // Sähköpostin aihe $subject = 'StorageBox.fi - Yhteydenotto: ' . $name; // Viestin sisältö $body = "Uusi yhteydenotto StorageBox.fi:n kautta\r\n"; $body .= "========================================\r\n\r\n"; $body .= "Nimi: {$name}\r\n"; $body .= "Sähköposti: {$email}\r\n"; if (!empty($package)) { $packages = [ 'mini' => 'Mini — 100 GB — 29€/v', 'perus' => 'Perus — 200 GB — 69€/v', 'plus' => 'Plus — 500 GB — 119€/v', 'pro' => 'Pro — 1 TB — 199€/v', 'business' => 'Business — 2 TB — 299€/v', ]; $packageName = $packages[$package] ?? $package; $body .= "Paketti: {$packageName}\r\n"; } $body .= "\r\nViesti:\r\n{$message}\r\n"; // Lähetä SMTP:llä $result = sendSmtp(MAIL_TO, $subject, $body, $email, $name); if ($result === true) { echo json_encode(['success' => true, 'message' => 'Viesti lähetetty! Palaamme asiaan pian.']); } else { http_response_code(500); echo json_encode(['success' => false, 'message' => 'Viestin lähetys epäonnistui: ' . $result]); } /** * Lähettää sähköpostin SMTP:llä (STARTTLS, AUTH LOGIN) */ function sendSmtp($to, $subject, $body, $replyToEmail, $replyToName) { $host = SMTP_HOST; $port = SMTP_PORT; $user = SMTP_USER; $pass = SMTP_PASS; $from = MAIL_FROM; $fromName = MAIL_FROM_NAME; // Yhdistä SMTP-palvelimeen $socket = @fsockopen($host, $port, $errno, $errstr, 10); if (!$socket) { return "Yhteys epäonnistui: {$errstr} ({$errno})"; } // Lue tervehdys $response = smtpRead($socket); if (substr($response, 0, 3) !== '220') { fclose($socket); return "SMTP tervehdys epäonnistui: {$response}"; } // EHLO smtpWrite($socket, "EHLO storagebox.fi\r\n"); $response = smtpRead($socket); // STARTTLS smtpWrite($socket, "STARTTLS\r\n"); $response = smtpRead($socket); if (substr($response, 0, 3) !== '220') { fclose($socket); return "STARTTLS epäonnistui: {$response}"; } // Käynnistä TLS $crypto = stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT); if (!$crypto) { fclose($socket); return "TLS-salaus epäonnistui"; } // EHLO uudelleen TLS:n jälkeen smtpWrite($socket, "EHLO storagebox.fi\r\n"); $response = smtpRead($socket); // AUTH LOGIN smtpWrite($socket, "AUTH LOGIN\r\n"); $response = smtpRead($socket); if (substr($response, 0, 3) !== '334') { fclose($socket); return "AUTH epäonnistui: {$response}"; } // Käyttäjänimi (base64) smtpWrite($socket, base64_encode($user) . "\r\n"); $response = smtpRead($socket); if (substr($response, 0, 3) !== '334') { fclose($socket); return "Käyttäjänimi epäonnistui: {$response}"; } // Salasana (base64) smtpWrite($socket, base64_encode($pass) . "\r\n"); $response = smtpRead($socket); if (substr($response, 0, 3) !== '235') { fclose($socket); return "Kirjautuminen epäonnistui: {$response}"; } // MAIL FROM smtpWrite($socket, "MAIL FROM:<{$from}>\r\n"); $response = smtpRead($socket); if (substr($response, 0, 3) !== '250') { fclose($socket); return "MAIL FROM epäonnistui: {$response}"; } // RCPT TO smtpWrite($socket, "RCPT TO:<{$to}>\r\n"); $response = smtpRead($socket); if (substr($response, 0, 3) !== '250') { fclose($socket); return "RCPT TO epäonnistui: {$response}"; } // DATA smtpWrite($socket, "DATA\r\n"); $response = smtpRead($socket); if (substr($response, 0, 3) !== '354') { fclose($socket); return "DATA epäonnistui: {$response}"; } // Sähköpostin headerit ja sisältö $encodedSubject = '=?UTF-8?B?' . base64_encode($subject) . '?='; $encodedFromName = '=?UTF-8?B?' . base64_encode($fromName) . '?='; $encodedReplyName = '=?UTF-8?B?' . base64_encode($replyToName) . '?='; $date = date('r'); $msg = "Date: {$date}\r\n"; $msg .= "From: {$encodedFromName} <{$from}>\r\n"; $msg .= "To: <{$to}>\r\n"; $msg .= "Reply-To: {$encodedReplyName} <{$replyToEmail}>\r\n"; $msg .= "Subject: {$encodedSubject}\r\n"; $msg .= "MIME-Version: 1.0\r\n"; $msg .= "Content-Type: text/plain; charset=UTF-8\r\n"; $msg .= "Content-Transfer-Encoding: 8bit\r\n"; $msg .= "X-Mailer: StorageBox.fi Contact Form\r\n"; $msg .= "\r\n"; // Escape rivit jotka alkavat pisteellä (SMTP dot-stuffing) $msg .= str_replace("\r\n.", "\r\n..", $body); $msg .= "\r\n.\r\n"; smtpWrite($socket, $msg); $response = smtpRead($socket); if (substr($response, 0, 3) !== '250') { fclose($socket); return "Lähetys epäonnistui: {$response}"; } // QUIT smtpWrite($socket, "QUIT\r\n"); fclose($socket); return true; } function smtpWrite($socket, $data) { fwrite($socket, $data); } function smtpRead($socket) { $response = ''; while ($line = fgets($socket, 515)) { $response .= $line; // Viimeinen rivi: kolme numeroa + välilyönti if (isset($line[3]) && $line[3] === ' ') { break; } } return trim($response); }