| Current Path : /home/h/a/p/happyrenas/fun/activite.myreco.online/public/ |
Linux webd005.cluster105.gra.hosting.ovh.net 5.15.206-ovh-vps-grsec-zfs-classid #1 SMP Fri May 15 02:41:25 UTC 2026 x86_64 |
| Current File : /home/h/a/p/happyrenas/fun/activite.myreco.online/public/contact.php |
<?php
declare(strict_types=1);
header('Content-Type: application/json; charset=utf-8');
header('Cache-Control: no-store');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(204);
exit;
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode(['ok' => false, 'error' => 'method_not_allowed']);
exit;
}
require_once __DIR__ . '/../config_private/contact_config.php';
function fail_json(string $message, int $status = 400): void {
http_response_code($status);
echo json_encode(['ok' => false, 'message' => $message, 'error' => $message], JSON_UNESCAPED_UNICODE);
exit;
}
function clean_text($value, int $max = 500): string {
$text = trim((string)($value ?? ''));
$text = preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/u', '', $text);
if (mb_strlen($text, 'UTF-8') > $max) {
$text = mb_substr($text, 0, $max, 'UTF-8');
}
return $text;
}
function reject_header_injection(string $value): bool {
return preg_match('/[\r\n]/', $value) === 1;
}
function read_smtp_response($socket): string {
$response = '';
while (($line = fgets($socket, 515)) !== false) {
$response .= $line;
if (preg_match('/^\d{3}\s/', $line)) {
break;
}
}
return $response;
}
function smtp_command($socket, string $command, array $expected): string {
if ($command !== '') {
fwrite($socket, $command . "\r\n");
}
$response = read_smtp_response($socket);
$code = (int)substr($response, 0, 3);
if (!in_array($code, $expected, true)) {
throw new RuntimeException('SMTP error after ' . ($command ?: 'connect') . ': ' . trim($response));
}
return $response;
}
function smtp_send_mail(string $to, string $subject, string $body, string $replyTo): void {
$host = SMTP_HOST;
$port = (int)SMTP_PORT;
$encryption = strtolower((string)SMTP_ENCRYPTION);
$remote = $encryption === 'ssl' ? 'ssl://' . $host . ':' . $port : $host . ':' . $port;
$socket = stream_socket_client($remote, $errno, $errstr, 20, STREAM_CLIENT_CONNECT);
if (!$socket) {
throw new RuntimeException('Connexion SMTP impossible: ' . $errstr);
}
stream_set_timeout($socket, 20);
smtp_command($socket, '', [220]);
smtp_command($socket, 'EHLO ' . ($_SERVER['SERVER_NAME'] ?? 'localhost'), [250]);
if ($encryption === 'tls') {
smtp_command($socket, 'STARTTLS', [220]);
if (!stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
throw new RuntimeException('Activation TLS impossible.');
}
smtp_command($socket, 'EHLO ' . ($_SERVER['SERVER_NAME'] ?? 'localhost'), [250]);
}
if (defined('SMTP_USERNAME') && SMTP_USERNAME !== '') {
smtp_command($socket, 'AUTH LOGIN', [334]);
smtp_command($socket, base64_encode(SMTP_USERNAME), [334]);
smtp_command($socket, base64_encode(SMTP_PASSWORD), [235]);
}
smtp_command($socket, 'MAIL FROM:<' . MAIL_FROM . '>', [250]);
smtp_command($socket, 'RCPT TO:<' . $to . '>', [250, 251]);
smtp_command($socket, 'DATA', [354]);
$headers = [
'From: ' . MAIL_FROM_NAME . ' <' . MAIL_FROM . '>',
'To: <' . $to . '>',
'Reply-To: <' . $replyTo . '>',
'MIME-Version: 1.0',
'Content-Type: text/plain; charset=UTF-8',
'Content-Transfer-Encoding: 8bit',
'X-Mailer: MyReco Contact Form'
];
$message = implode("\r\n", $headers) . "\r\n";
$message .= 'Subject: =?UTF-8?B?' . base64_encode($subject) . "?=\r\n\r\n";
$message .= str_replace("\n.", "\n..", str_replace("\r\n", "\n", $body));
$message .= "\r\n.";
smtp_command($socket, $message, [250]);
smtp_command($socket, 'QUIT', [221]);
fclose($socket);
}
$raw = file_get_contents('php://input') ?: '';
$data = json_decode($raw, true);
if (!is_array($data)) {
$data = $_POST;
}
if (!empty($data['website'] ?? '') || !empty($data['hp'] ?? '')) {
fail_json('Demande refusée.', 400);
}
$name = clean_text($data['nomEtablissement'] ?? $data['name'] ?? '', 120);
$address = clean_text($data['adresseEtablissement'] ?? $data['address'] ?? '', 220);
$email = clean_text($data['email'] ?? '', 180);
$message = clean_text($data['message'] ?? '', 5000);
$categories = $data['categories'] ?? $data['sujet'] ?? [];
if (!is_array($categories)) {
$categories = [$categories];
}
$categories = array_values(array_filter(array_map(fn($item) => clean_text($item, 120), $categories)));
$subjectText = implode(', ', $categories);
if ($name === '' || $email === '' || $subjectText === '' || $message === '') {
fail_json('Merci de remplir le nom, l’email, le sujet et le message.');
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
fail_json('Adresse e-mail invalide.');
}
foreach ([$name, $email, $subjectText] as $headerValue) {
if (reject_header_injection($headerValue)) {
fail_json('Contenu invalide.');
}
}
$subject = 'Contact MyReco - ' . $subjectText;
$body = "Nouvelle demande de contact MyReco\n\n";
$body .= "Nom de l'établissement : " . $name . "\n";
$body .= "Adresse : " . $address . "\n";
$body .= "Email : " . $email . "\n";
$body .= "Sujet : " . $subjectText . "\n";
$body .= "Langue : " . clean_text($data['lang'] ?? '', 10) . "\n";
$body .= "Pays : " . clean_text($data['country'] ?? '', 10) . "\n";
$body .= "Site : " . clean_text($data['vertical'] ?? '', 40) . "\n";
$body .= "Page : " . clean_text($data['sourcePath'] ?? '', 220) . "\n\n";
$body .= "Message :\n" . $message . "\n";
try {
smtp_send_mail(MAIL_TO, $subject, $body, $email);
echo json_encode(['ok' => true, 'message' => 'Message envoyé.'], JSON_UNESCAPED_UNICODE);
} catch (Throwable $e) {
error_log('[MyReco contact] ' . $e->getMessage());
fail_json('Impossible d’envoyer le message pour le moment.', 500);
}