Sanitizer::sanitizeString($_POST['first_name'] ?? ''), 'last_name' => Sanitizer::sanitizeString($_POST['last_name'] ?? ''), 'email' => Sanitizer::sanitizeString($_POST['email'] ?? ''), 'phone' => Sanitizer::sanitizeString($_POST['phone'] ?? ''), 'subject' => Sanitizer::sanitizeString($_POST['subject'] ?? ''), 'message' => Sanitizer::sanitizeString($_POST['message'] ?? ''), 'ip_address' => $_SERVER['REMOTE_ADDR'] ?? 'unknown', 'user_agent' => $_SERVER['HTTP_USER_AGENT'] ?? 'unknown', ]; foreach ($formData as $key => $value) { Logger::info("Sanitized input: {$key} = {$value}"); } if ( empty($formData['first_name']) || empty($formData['last_name']) || empty($formData['email']) || empty($formData['phone']) || empty($formData['subject']) || empty($formData['message']) || !Validator::isEmail($formData['email']) ) { Logger::info("Validation failed for contact form submission"); $_SESSION['contact_error'] = 'An internal error occurred. Please try again later.'; SessionHelper::writeClose(); header("Location: /#contact"); exit; } $db = Database::getConnection(); $evaluation = SubmissionCheck::evaluate($db, $formData['email'], $formData['phone'], $formData['ip_address']); Logger::info("Submission evaluation result: " . json_encode($evaluation)); if ($evaluation['action'] === 'block') { $_SESSION['contact_error'] = "Submission blocked due to suspicious activity. If this is a mistake, please contact us directly."; Logger::warning("Blocked submission from IP: {$formData['ip_address']}, Reason: {$evaluation['reason']}"); EmailHelper::alertAdmins('Blocked Submission Detected', "A submission was blocked for the following reason: {$evaluation['reason']}", $formData); SessionHelper::writeClose(); header("Location: /#contact"); exit; } $logId = null; try { $logStmt = $db->prepare("INSERT INTO submission_logs (email, phone, ip_address, user_agent, was_saved, reason) VALUES (:email, :phone, :ip, :ua, :saved, :reason)"); $logStmt->execute([ ':email' => $formData['email'], ':phone' => $formData['phone'], ':ip' => $formData['ip_address'], ':ua' => $formData['user_agent'], ':saved' => 0, ':reason' => $evaluation['reason'], ]); $logId = $db->lastInsertId(); } catch (\Throwable $e) { Logger::error("Failed to insert into submission_logs: " . $e->getMessage()); } $contactModel = new ContactModel($db); $saveSuccess = $contactModel->saveContactForm($formData); $contactId = $db->lastInsertId(); $verificationCode = bin2hex(random_bytes(16)); $expiresAt = (new \DateTime('+72 hours'))->format('Y-m-d H:i:s'); if ($saveSuccess) { $stmt = $db->prepare("UPDATE contact_messages SET verification_code = ?, is_verified = 0, verification_expires_at = ? WHERE id = ?"); $stmt->execute([$verificationCode, $expiresAt, $contactId]); ContactService::sendVerificationEmail($formData['email'], $verificationCode); } if ($saveSuccess && $logId) { $update = $db->prepare("UPDATE submission_logs SET was_saved = 1 WHERE id = :id"); $update->execute([':id' => $logId]); } // Newsletter opt-in logic if (!empty($_POST['subscribe_newsletter'])) { Logger::info("Contact opted into newsletter: {$formData['email']}"); NewsletterService::subscribeOrResend($formData['email']); } Logger::info("✅ Writing session flag: contact_success = true"); Logger::info("✅ Session content before redirect: " . json_encode($_SESSION)); SessionHelper::writeClose(); View::render('pages/contact_check_email'); return; } catch (\Throwable $e) { Logger::error("Fatal error in ContactController::submit: " . $e->getMessage()); EmailHelper::alertAdmins('ContactController::submit - Uncaught Exception', $e->getMessage(), $_POST ?? []); $_SESSION['contact_error'] = 'An internal error occurred. Please try again later.'; SessionHelper::writeClose(); Logger::info("✅ Writing session flag: catch contact_error = " . $_SESSION['contact_error']); Logger::info("✅ Session content before redirect: " . json_encode($_SESSION)); header("Location: /#contact"); exit; } } }