From 623b29dea474bce14dc20955fbf7c3c2c9269acb Mon Sep 17 00:00:00 2001 From: Peter Date: Tue, 17 Jun 2025 18:51:06 +0100 Subject: [PATCH] fix --- .claude/settings.local.json | 41 ----------------------------------- contact-handler.php | 39 ++++++++++++++++++++------------- index.php | 9 ++++++++ quote-handler.php | 43 ++++++++++++++++++++++--------------- 4 files changed, 59 insertions(+), 73 deletions(-) delete mode 100644 .claude/settings.local.json diff --git a/.claude/settings.local.json b/.claude/settings.local.json deleted file mode 100644 index 9c6bd22..0000000 --- a/.claude/settings.local.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "permissions": { - "allow": [ - "Bash(find:*)", - "Bash(ls:*)", - "Bash(grep:*)", - "Bash(docker cp:*)", - "Bash(docker exec:*)", - "Bash(mkdir:*)", - "Bash(rg:*)", - "Bash(docker build:*)", - "Bash(docker stop:*)", - "Bash(docker rm:*)", - "Bash(docker run:*)", - "Bash(docker network:*)", - "Bash(chmod:*)", - "Bash(docker-compose up:*)", - "Bash(mysql:*)", - "Bash(git add:*)", - "Bash(php:*)", - "Bash(rm:*)", - "Bash(sudo rm:*)", - "Bash(sudo ln:*)", - "Bash(for:*)", - "Bash(do if [ -f \"/var/www/ukds/$file\" ])", - "Bash(then echo \"✓ $file - EXISTS\")", - "Bash(else echo \"✗ $file - MISSING\")", - "Bash(fi)", - "Bash(done)", - "Bash(sudo apt-get:*)", - "Bash(sudo apt-get install:*)", - "Bash(npm install:*)", - "Bash(terser:*)", - "Bash(curl:*)", - "Bash(cp:*)", - "WebFetch(domain:ukdataservices.co.uk)", - "Bash(mv:*)" - ], - "deny": [] - } -} \ No newline at end of file diff --git a/contact-handler.php b/contact-handler.php index 84677f9..52c9fee 100644 --- a/contact-handler.php +++ b/contact-handler.php @@ -201,14 +201,12 @@ foreach ($suspiciousAgents as $agent) { } } -// Check submission speed (too fast = likely bot) -if (!isset($_SESSION['form_start_time'])) { - $_SESSION['form_start_time'] = time(); -} - -$submissionTime = time() - $_SESSION['form_start_time']; -if ($submissionTime < 5) { // Less than 5 seconds to fill form - sendResponse(false, 'Form submitted too quickly'); +// Check submission speed (too fast = likely bot) - More lenient timing +if (isset($_SESSION['form_start_time'])) { + $submissionTime = time() - $_SESSION['form_start_time']; + if ($submissionTime < 2) { // Only block if under 2 seconds (very aggressive bots) + sendResponse(false, 'Form submitted too quickly'); + } } // Update rate limit counter @@ -303,6 +301,9 @@ if (!file_exists('logs')) { // Send email try { + // Clear any previous errors + error_clear_last(); + $emailSent = mail($to, $subject, $emailHTML, $headers); if ($emailSent) { @@ -310,20 +311,28 @@ try { $logEntry = date('Y-m-d H:i:s') . " - Contact form submission from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ")\n"; file_put_contents('logs/contact-submissions.log', $logEntry, FILE_APPEND | LOCK_EX); - sendResponse(true, 'Thank you for your message! We will get back to you within 24 hours.'); } else { - // Log failed email - $logEntry = date('Y-m-d H:i:s') . " - FAILED contact form submission from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ")\n"; + // Get detailed error information + $lastError = error_get_last(); + $errorMsg = $lastError ? $lastError['message'] : 'Unknown mail error'; + + // Log failed email with detailed error + $logEntry = date('Y-m-d H:i:s') . " - FAILED contact form submission from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - Error: " . $errorMsg . "\n"; file_put_contents('logs/contact-errors.log', $logEntry, FILE_APPEND | LOCK_EX); - sendResponse(false, 'There was an error sending your message. Please try again or contact us directly.'); + // Check common issues + if (strpos($errorMsg, 'sendmail') !== false) { + error_log("Mail server configuration issue: " . $errorMsg); + } + + sendResponse(false, 'There was an error sending your message. Please try again or contact us directly at info@ukdataservices.co.uk'); } } catch (Exception $e) { - // Log exception - $logEntry = date('Y-m-d H:i:s') . " - EXCEPTION: " . $e->getMessage() . " from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ")\n"; + // Log exception with full details + $logEntry = date('Y-m-d H:i:s') . " - EXCEPTION: " . $e->getMessage() . " from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - File: " . $e->getFile() . " Line: " . $e->getLine() . "\n"; file_put_contents('logs/contact-errors.log', $logEntry, FILE_APPEND | LOCK_EX); - sendResponse(false, 'There was an error processing your request. Please try again later.'); + sendResponse(false, 'There was an error processing your request. Please contact us directly at info@ukdataservices.co.uk'); } ?> \ No newline at end of file diff --git a/index.php b/index.php index 6dad2f6..88e2640 100644 --- a/index.php +++ b/index.php @@ -876,6 +876,15 @@ $twitter_card_image = "https://ukdataservices.co.uk/assets/images/ukds-main-logo
+ + + +
diff --git a/quote-handler.php b/quote-handler.php index eb433c5..20714cc 100644 --- a/quote-handler.php +++ b/quote-handler.php @@ -83,8 +83,8 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST') { sendResponse(false, 'Invalid request method'); } -// Validate CSRF token -if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) { +// Validate CSRF token (if present) +if (isset($_POST['csrf_token']) && !validateCSRFToken($_POST['csrf_token'])) { sendResponse(false, 'Security validation failed. Please refresh the page and try again.'); } @@ -193,14 +193,12 @@ foreach ($suspiciousAgents as $agent) { } } -// Check submission speed (too fast = likely bot) -if (!isset($_SESSION['form_start_time'])) { - $_SESSION['form_start_time'] = time(); -} - -$submissionTime = time() - $_SESSION['form_start_time']; -if ($submissionTime < 10) { // Less than 10 seconds for quote form (more complex) - sendResponse(false, 'Form submitted too quickly'); +// Check submission speed (too fast = likely bot) - More lenient timing +if (isset($_SESSION['form_start_time'])) { + $submissionTime = time() - $_SESSION['form_start_time']; + if ($submissionTime < 3) { // Only block if under 3 seconds (very aggressive bots) + sendResponse(false, 'Form submitted too quickly'); + } } // Sanitize services array @@ -375,6 +373,9 @@ if (!file_exists('logs')) { // Send email try { + // Clear any previous errors + error_clear_last(); + $emailSent = mail($to, $subject, $emailHTML, $headers); if ($emailSent) { @@ -382,20 +383,28 @@ try { $logEntry = date('Y-m-d H:i:s') . " - Quote request from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - Services: " . implode(', ', $services) . "\n"; file_put_contents('logs/quote-requests.log', $logEntry, FILE_APPEND | LOCK_EX); - sendResponse(true, 'Thank you for your quote request! We will send you a detailed proposal within 24 hours.'); } else { - // Log failed email - $logEntry = date('Y-m-d H:i:s') . " - FAILED quote request from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ")\n"; + // Get detailed error information + $lastError = error_get_last(); + $errorMsg = $lastError ? $lastError['message'] : 'Unknown mail error'; + + // Log failed email with detailed error + $logEntry = date('Y-m-d H:i:s') . " - FAILED quote request from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - Error: " . $errorMsg . "\n"; file_put_contents('logs/quote-errors.log', $logEntry, FILE_APPEND | LOCK_EX); - sendResponse(false, 'There was an error sending your quote request. Please try again or contact us directly.'); + // Check common issues + if (strpos($errorMsg, 'sendmail') !== false) { + error_log("Mail server configuration issue: " . $errorMsg); + } + + sendResponse(false, 'There was an error sending your quote request. Please try again or contact us directly at info@ukdataservices.co.uk'); } } catch (Exception $e) { - // Log exception - $logEntry = date('Y-m-d H:i:s') . " - EXCEPTION: " . $e->getMessage() . " from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ")\n"; + // Log exception with full details + $logEntry = date('Y-m-d H:i:s') . " - EXCEPTION: " . $e->getMessage() . " from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - File: " . $e->getFile() . " Line: " . $e->getLine() . "\n"; file_put_contents('logs/quote-errors.log', $logEntry, FILE_APPEND | LOCK_EX); - sendResponse(false, 'There was an error processing your quote request. Please try again later.'); + sendResponse(false, 'There was an error processing your quote request. Please contact us directly at info@ukdataservices.co.uk'); } ?> \ No newline at end of file