peter/ukaiautomation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Peter
2025-06-17 18:51:06 +01:00
parent 7e69cd0c19
commit 623b29dea4
4 changed files with 59 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
.claude/settings.local.json
View File

@@ -1,41 +0,0 @@
{
"permissions": {
"allow": [
"Bash(find:*)",
"Bash(ls:*)",
"Bash(grep:*)",
"Bash(docker cp:*)",
"Bash(docker exec:*)",
"Bash(mkdir:*)",
"Bash(rg:*)",
"Bash(docker build:*)",
"Bash(docker stop:*)",
"Bash(docker rm:*)",
"Bash(docker run:*)",
"Bash(docker network:*)",
"Bash(chmod:*)",
"Bash(docker-compose up:*)",
"Bash(mysql:*)",
"Bash(git add:*)",
"Bash(php:*)",
"Bash(rm:*)",
"Bash(sudo rm:*)",
"Bash(sudo ln:*)",
"Bash(for:*)",
"Bash(do if [ -f \"/var/www/ukds/$file\" ])",
"Bash(then echo \"✓ $file - EXISTS\")",
"Bash(else echo \"✗ $file - MISSING\")",
"Bash(fi)",
"Bash(done)",
"Bash(sudo apt-get:*)",
"Bash(sudo apt-get install:*)",
"Bash(npm install:*)",
"Bash(terser:*)",
"Bash(curl:*)",
"Bash(cp:*)",
"WebFetch(domain:ukdataservices.co.uk)",
"Bash(mv:*)"
],
"deny": []
}
}

39
contact-handler.php
View File

@@ -201,14 +201,12 @@ foreach ($suspiciousAgents as $agent) {
} }
} }
// Check submission speed (too fast = likely bot) // Check submission speed (too fast = likely bot) - More lenient timing
if (!isset($_SESSION['form_start_time'])) { if (isset($_SESSION['form_start_time'])) {
$_SESSION['form_start_time'] = time(); $submissionTime = time() - $_SESSION['form_start_time'];
} if ($submissionTime < 2) { // Only block if under 2 seconds (very aggressive bots)
sendResponse(false, 'Form submitted too quickly');
$submissionTime = time() - $_SESSION['form_start_time']; }
if ($submissionTime < 5) { // Less than 5 seconds to fill form
sendResponse(false, 'Form submitted too quickly');
} }
// Update rate limit counter // Update rate limit counter
@@ -303,6 +301,9 @@ if (!file_exists('logs')) {
// Send email // Send email
try { try {
// Clear any previous errors
error_clear_last();
$emailSent = mail($to, $subject, $emailHTML, $headers); $emailSent = mail($to, $subject, $emailHTML, $headers);
if ($emailSent) { if ($emailSent) {
@@ -310,20 +311,28 @@ try {
$logEntry = date('Y-m-d H:i:s') . " - Contact form submission from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ")\n"; $logEntry = date('Y-m-d H:i:s') . " - Contact form submission from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ")\n";
file_put_contents('logs/contact-submissions.log', $logEntry, FILE_APPEND | LOCK_EX); file_put_contents('logs/contact-submissions.log', $logEntry, FILE_APPEND | LOCK_EX);
sendResponse(true, 'Thank you for your message! We will get back to you within 24 hours.'); sendResponse(true, 'Thank you for your message! We will get back to you within 24 hours.');
} else { } else {
// Log failed email // Get detailed error information
$logEntry = date('Y-m-d H:i:s') . " - FAILED contact form submission from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ")\n"; $lastError = error_get_last();
$errorMsg = $lastError ? $lastError['message'] : 'Unknown mail error';
// Log failed email with detailed error
$logEntry = date('Y-m-d H:i:s') . " - FAILED contact form submission from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - Error: " . $errorMsg . "\n";
file_put_contents('logs/contact-errors.log', $logEntry, FILE_APPEND | LOCK_EX); file_put_contents('logs/contact-errors.log', $logEntry, FILE_APPEND | LOCK_EX);
sendResponse(false, 'There was an error sending your message. Please try again or contact us directly.'); // Check common issues
if (strpos($errorMsg, 'sendmail') !== false) {
error_log("Mail server configuration issue: " . $errorMsg);
}
sendResponse(false, 'There was an error sending your message. Please try again or contact us directly at info@ukdataservices.co.uk');
} }
} catch (Exception $e) { } catch (Exception $e) {
// Log exception // Log exception with full details
$logEntry = date('Y-m-d H:i:s') . " - EXCEPTION: " . $e->getMessage() . " from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ")\n"; $logEntry = date('Y-m-d H:i:s') . " - EXCEPTION: " . $e->getMessage() . " from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - File: " . $e->getFile() . " Line: " . $e->getLine() . "\n";
file_put_contents('logs/contact-errors.log', $logEntry, FILE_APPEND | LOCK_EX); file_put_contents('logs/contact-errors.log', $logEntry, FILE_APPEND | LOCK_EX);
sendResponse(false, 'There was an error processing your request. Please try again later.'); sendResponse(false, 'There was an error processing your request. Please contact us directly at info@ukdataservices.co.uk');
} }
?> ?>

9
index.php
View File

@@ -876,6 +876,15 @@ $twitter_card_image = "https://ukdataservices.co.uk/assets/images/ukds-main-logo
<div class="contact-form"> <div class="contact-form">
<form action="contact-handler.php" method="POST" class="form"> <form action="contact-handler.php" method="POST" class="form">
<?php
session_start();
if (!isset($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
?>
<input type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($_SESSION['csrf_token']); ?>">
<!-- Honeypot field for spam protection -->
<input type="text" name="website" style="display: none !important; position: absolute !important; left: -9999px !important;" tabindex="-1" autocomplete="off">
<div class="form-group"> <div class="form-group">
<label for="name">Contact Name *</label> <label for="name">Contact Name *</label>
<input type="text" id="name" name="name" required> <input type="text" id="name" name="name" required>

43
quote-handler.php
View File

@@ -83,8 +83,8 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
sendResponse(false, 'Invalid request method'); sendResponse(false, 'Invalid request method');
} }
// Validate CSRF token // Validate CSRF token (if present)
if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) { if (isset($_POST['csrf_token']) && !validateCSRFToken($_POST['csrf_token'])) {
sendResponse(false, 'Security validation failed. Please refresh the page and try again.'); sendResponse(false, 'Security validation failed. Please refresh the page and try again.');
} }
@@ -193,14 +193,12 @@ foreach ($suspiciousAgents as $agent) {
} }
} }
// Check submission speed (too fast = likely bot) // Check submission speed (too fast = likely bot) - More lenient timing
if (!isset($_SESSION['form_start_time'])) { if (isset($_SESSION['form_start_time'])) {
$_SESSION['form_start_time'] = time(); $submissionTime = time() - $_SESSION['form_start_time'];
} if ($submissionTime < 3) { // Only block if under 3 seconds (very aggressive bots)
sendResponse(false, 'Form submitted too quickly');
$submissionTime = time() - $_SESSION['form_start_time']; }
if ($submissionTime < 10) { // Less than 10 seconds for quote form (more complex)
sendResponse(false, 'Form submitted too quickly');
} }
// Sanitize services array // Sanitize services array
@@ -375,6 +373,9 @@ if (!file_exists('logs')) {
// Send email // Send email
try { try {
// Clear any previous errors
error_clear_last();
$emailSent = mail($to, $subject, $emailHTML, $headers); $emailSent = mail($to, $subject, $emailHTML, $headers);
if ($emailSent) { if ($emailSent) {
@@ -382,20 +383,28 @@ try {
$logEntry = date('Y-m-d H:i:s') . " - Quote request from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - Services: " . implode(', ', $services) . "\n"; $logEntry = date('Y-m-d H:i:s') . " - Quote request from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - Services: " . implode(', ', $services) . "\n";
file_put_contents('logs/quote-requests.log', $logEntry, FILE_APPEND | LOCK_EX); file_put_contents('logs/quote-requests.log', $logEntry, FILE_APPEND | LOCK_EX);
sendResponse(true, 'Thank you for your quote request! We will send you a detailed proposal within 24 hours.'); sendResponse(true, 'Thank you for your quote request! We will send you a detailed proposal within 24 hours.');
} else { } else {
// Log failed email // Get detailed error information
$logEntry = date('Y-m-d H:i:s') . " - FAILED quote request from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ")\n"; $lastError = error_get_last();
$errorMsg = $lastError ? $lastError['message'] : 'Unknown mail error';
// Log failed email with detailed error
$logEntry = date('Y-m-d H:i:s') . " - FAILED quote request from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - Error: " . $errorMsg . "\n";
file_put_contents('logs/quote-errors.log', $logEntry, FILE_APPEND | LOCK_EX); file_put_contents('logs/quote-errors.log', $logEntry, FILE_APPEND | LOCK_EX);
sendResponse(false, 'There was an error sending your quote request. Please try again or contact us directly.'); // Check common issues
if (strpos($errorMsg, 'sendmail') !== false) {
error_log("Mail server configuration issue: " . $errorMsg);
}
sendResponse(false, 'There was an error sending your quote request. Please try again or contact us directly at info@ukdataservices.co.uk');
} }
} catch (Exception $e) { } catch (Exception $e) {
// Log exception // Log exception with full details
$logEntry = date('Y-m-d H:i:s') . " - EXCEPTION: " . $e->getMessage() . " from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ")\n"; $logEntry = date('Y-m-d H:i:s') . " - EXCEPTION: " . $e->getMessage() . " from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - File: " . $e->getFile() . " Line: " . $e->getLine() . "\n";
file_put_contents('logs/quote-errors.log', $logEntry, FILE_APPEND | LOCK_EX); file_put_contents('logs/quote-errors.log', $logEntry, FILE_APPEND | LOCK_EX);
sendResponse(false, 'There was an error processing your quote request. Please try again later.'); sendResponse(false, 'There was an error processing your quote request. Please contact us directly at info@ukdataservices.co.uk');
} }
?> ?>