140 lines
6.2 KiB
PHP
140 lines
6.2 KiB
PHP
<?php
|
|
/**
|
|
* File: ContactController.php
|
|
* Version: 2.8
|
|
* Path: /app/Controllers/ContactController.php
|
|
* Purpose: Handles contact form submission and verification, including expiration enforcement.
|
|
* Project: Wizdom Networks Website
|
|
*/
|
|
|
|
namespace WizdomNetworks\WizeWeb\Controllers;
|
|
|
|
use WizdomNetworks\WizeWeb\Core\View;
|
|
use WizdomNetworks\WizeWeb\Utilities\Logger;
|
|
use WizdomNetworks\WizeWeb\Utilities\Validator;
|
|
use WizdomNetworks\WizeWeb\Utilities\Sanitizer;
|
|
use WizdomNetworks\WizeWeb\Utilities\Database;
|
|
use WizdomNetworks\WizeWeb\Utilities\EmailHelper;
|
|
use WizdomNetworks\WizeWeb\Utilities\SessionHelper;
|
|
use WizdomNetworks\WizeWeb\Utilities\SubmissionCheck;
|
|
use WizdomNetworks\WizeWeb\Models\ContactModel;
|
|
use WizdomNetworks\WizeWeb\Services\ContactService;
|
|
use Exception;
|
|
|
|
class ContactController
|
|
{
|
|
public function index(): void
|
|
{
|
|
View::render('pages/landing');
|
|
}
|
|
|
|
public function submit(): void
|
|
{
|
|
Logger::info("Executing controller: ContactController::submit");
|
|
|
|
try {
|
|
$formData = [
|
|
'first_name' => Sanitizer::sanitizeString($_POST['first_name'] ?? ''),
|
|
'last_name' => Sanitizer::sanitizeString($_POST['last_name'] ?? ''),
|
|
'email' => Sanitizer::sanitizeString($_POST['email'] ?? ''),
|
|
'phone' => Sanitizer::sanitizeString($_POST['phone'] ?? ''),
|
|
'subject' => Sanitizer::sanitizeString($_POST['subject'] ?? ''),
|
|
'message' => Sanitizer::sanitizeString($_POST['message'] ?? ''),
|
|
'ip_address' => $_SERVER['REMOTE_ADDR'] ?? 'unknown',
|
|
'user_agent' => $_SERVER['HTTP_USER_AGENT'] ?? 'unknown',
|
|
];
|
|
|
|
foreach ($formData as $key => $value) {
|
|
Logger::info("Sanitized input: {$key} = {$value}");
|
|
}
|
|
|
|
if (
|
|
empty($formData['first_name']) ||
|
|
empty($formData['last_name']) ||
|
|
empty($formData['email']) ||
|
|
empty($formData['phone']) ||
|
|
empty($formData['subject']) ||
|
|
empty($formData['message']) ||
|
|
!Validator::isEmail($formData['email'])
|
|
) {
|
|
Logger::info("Validation failed for contact form submission");
|
|
$_SESSION['contact_error'] = 'An internal error occurred. Please try again later.';
|
|
SessionHelper::writeClose();
|
|
header("Location: /#contact");
|
|
exit;
|
|
}
|
|
|
|
$db = Database::getConnection();
|
|
|
|
$evaluation = SubmissionCheck::evaluate($db, $formData['email'], $formData['phone'], $formData['ip_address']);
|
|
Logger::info("Submission evaluation result: " . json_encode($evaluation));
|
|
|
|
if ($evaluation['action'] === 'block') {
|
|
$_SESSION['contact_error'] = "Submission blocked due to suspicious activity. If this is a mistake, please contact us directly.";
|
|
Logger::warning("Blocked submission from IP: {$formData['ip_address']}, Reason: {$evaluation['reason']}");
|
|
EmailHelper::alertAdmins('Blocked Submission Detected', "A submission was blocked for the following reason: {$evaluation['reason']}", $formData);
|
|
SessionHelper::writeClose();
|
|
header("Location: /#contact");
|
|
exit;
|
|
}
|
|
|
|
$logId = null;
|
|
try {
|
|
$logStmt = $db->prepare("INSERT INTO submission_logs (email, phone, ip_address, user_agent, was_saved, reason) VALUES (:email, :phone, :ip, :ua, :saved, :reason)");
|
|
$logStmt->execute([
|
|
':email' => $formData['email'],
|
|
':phone' => $formData['phone'],
|
|
':ip' => $formData['ip_address'],
|
|
':ua' => $formData['user_agent'],
|
|
':saved' => 0,
|
|
':reason' => $evaluation['reason'],
|
|
]);
|
|
$logId = $db->lastInsertId();
|
|
} catch (\Throwable $e) {
|
|
Logger::error("Failed to insert into submission_logs: " . $e->getMessage());
|
|
}
|
|
|
|
$contactModel = new ContactModel($db);
|
|
$saveSuccess = $contactModel->saveContactForm($formData);
|
|
|
|
$contactId = $db->lastInsertId();
|
|
$verificationCode = bin2hex(random_bytes(16));
|
|
$expiresAt = (new \DateTime('+72 hours'))->format('Y-m-d H:i:s');
|
|
|
|
if ($saveSuccess) {
|
|
$stmt = $db->prepare("UPDATE contact_messages SET verification_code = ?, is_verified = 0, verification_expires_at = ? WHERE id = ?");
|
|
$stmt->execute([$verificationCode, $expiresAt, $contactId]);
|
|
ContactService::sendVerificationEmail($formData['email'], $verificationCode);
|
|
}
|
|
|
|
if ($saveSuccess && $logId) {
|
|
$update = $db->prepare("UPDATE submission_logs SET was_saved = 1 WHERE id = :id");
|
|
$update->execute([':id' => $logId]);
|
|
}
|
|
|
|
// Newsletter opt-in logic
|
|
if (!empty($_POST['subscribe_newsletter'])) {
|
|
Logger::info("Contact opted into newsletter: {$formData['email']}");
|
|
NewsletterService::subscribeOrResend($formData['email']);
|
|
}
|
|
|
|
Logger::info("✅ Writing session flag: contact_success = true");
|
|
Logger::info("✅ Session content before redirect: " . json_encode($_SESSION));
|
|
|
|
SessionHelper::writeClose();
|
|
View::render('pages/contact_check_email');
|
|
return;
|
|
|
|
} catch (\Throwable $e) {
|
|
Logger::error("Fatal error in ContactController::submit: " . $e->getMessage());
|
|
EmailHelper::alertAdmins('ContactController::submit - Uncaught Exception', $e->getMessage(), $_POST ?? []);
|
|
$_SESSION['contact_error'] = 'An internal error occurred. Please try again later.';
|
|
SessionHelper::writeClose();
|
|
Logger::info("✅ Writing session flag: catch contact_error = " . $_SESSION['contact_error']);
|
|
Logger::info("✅ Session content before redirect: " . json_encode($_SESSION));
|
|
header("Location: /#contact");
|
|
exit;
|
|
}
|
|
}
|
|
}
|