peter/ukaiautomation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Peter
2025-06-17 18:51:06 +01:00
parent 7e69cd0c19
commit 623b29dea4
4 changed files with 59 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
.claude/settings.local.json
View File

@@ -1,41 +0,0 @@
{
"permissions": {
"allow": [
"Bash(find:*)",
"Bash(ls:*)",
"Bash(grep:*)",
"Bash(docker cp:*)",
"Bash(docker exec:*)",
"Bash(mkdir:*)",
"Bash(rg:*)",
"Bash(docker build:*)",
"Bash(docker stop:*)",
"Bash(docker rm:*)",
"Bash(docker run:*)",
"Bash(docker network:*)",
"Bash(chmod:*)",
"Bash(docker-compose up:*)",
"Bash(mysql:*)",
"Bash(git add:*)",
"Bash(php:*)",
"Bash(rm:*)",
"Bash(sudo rm:*)",
"Bash(sudo ln:*)",
"Bash(for:*)",
"Bash(do if [ -f \"/var/www/ukds/$file\" ])",
"Bash(then echo \"✓ $file - EXISTS\")",
"Bash(else echo \"✗ $file - MISSING\")",
"Bash(fi)",
"Bash(done)",
"Bash(sudo apt-get:*)",
"Bash(sudo apt-get install:*)",
"Bash(npm install:*)",
"Bash(terser:*)",
"Bash(curl:*)",
"Bash(cp:*)",
"WebFetch(domain:ukdataservices.co.uk)",
"Bash(mv:*)"
],
"deny": []
}
}

35
contact-handler.php
View File

@@ -201,15 +201,13 @@ foreach ($suspiciousAgents as $agent) {
}
}
// Check submission speed (too fast = likely bot)
if (!isset($_SESSION['form_start_time'])) {
$_SESSION['form_start_time'] = time();
}
// Check submission speed (too fast = likely bot) - More lenient timing
if (isset($_SESSION['form_start_time'])) {
$submissionTime = time() - $_SESSION['form_start_time'];
if ($submissionTime < 5) { // Less than 5 seconds to fill form
if ($submissionTime < 2) { // Only block if under 2 seconds (very aggressive bots)
sendResponse(false, 'Form submitted too quickly');
}
}
// Update rate limit counter
$ip = $_SERVER['REMOTE_ADDR'];
@@ -303,6 +301,9 @@ if (!file_exists('logs')) {
// Send email
try {
// Clear any previous errors
error_clear_last();
$emailSent = mail($to, $subject, $emailHTML, $headers);
if ($emailSent) {
@@ -310,20 +311,28 @@ try {
$logEntry = date('Y-m-d H:i:s') . " - Contact form submission from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ")\n";
file_put_contents('logs/contact-submissions.log', $logEntry, FILE_APPEND | LOCK_EX);
sendResponse(true, 'Thank you for your message! We will get back to you within 24 hours.');
} else {
// Log failed email
$logEntry = date('Y-m-d H:i:s') . " - FAILED contact form submission from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ")\n";
// Get detailed error information
$lastError = error_get_last();
$errorMsg = $lastError ? $lastError['message'] : 'Unknown mail error';
// Log failed email with detailed error
$logEntry = date('Y-m-d H:i:s') . " - FAILED contact form submission from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - Error: " . $errorMsg . "\n";
file_put_contents('logs/contact-errors.log', $logEntry, FILE_APPEND | LOCK_EX);
sendResponse(false, 'There was an error sending your message. Please try again or contact us directly.');
// Check common issues
if (strpos($errorMsg, 'sendmail') !== false) {
error_log("Mail server configuration issue: " . $errorMsg);
}
sendResponse(false, 'There was an error sending your message. Please try again or contact us directly at info@ukdataservices.co.uk');
}
} catch (Exception $e) {
// Log exception
$logEntry = date('Y-m-d H:i:s') . " - EXCEPTION: " . $e->getMessage() . " from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ")\n";
// Log exception with full details
$logEntry = date('Y-m-d H:i:s') . " - EXCEPTION: " . $e->getMessage() . " from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - File: " . $e->getFile() . " Line: " . $e->getLine() . "\n";
file_put_contents('logs/contact-errors.log', $logEntry, FILE_APPEND | LOCK_EX);
sendResponse(false, 'There was an error processing your request. Please try again later.');
sendResponse(false, 'There was an error processing your request. Please contact us directly at info@ukdataservices.co.uk');
}
?>

9
index.php
View File

@@ -876,6 +876,15 @@ $twitter_card_image = "https://ukdataservices.co.uk/assets/images/ukds-main-logo
<div class="contact-form">
<form action="contact-handler.php" method="POST" class="form">
<?php
session_start();
if (!isset($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
?>
<input type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($_SESSION['csrf_token']); ?>">
<!-- Honeypot field for spam protection -->
<input type="text" name="website" style="display: none !important; position: absolute !important; left: -9999px !important;" tabindex="-1" autocomplete="off">
<div class="form-group">
<label for="name">Contact Name *</label>
<input type="text" id="name" name="name" required>

39
quote-handler.php
View File

@@ -83,8 +83,8 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
sendResponse(false, 'Invalid request method');
}
// Validate CSRF token
if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
// Validate CSRF token (if present)
if (isset($_POST['csrf_token']) && !validateCSRFToken($_POST['csrf_token'])) {
sendResponse(false, 'Security validation failed. Please refresh the page and try again.');
}
@@ -193,15 +193,13 @@ foreach ($suspiciousAgents as $agent) {
}
}
// Check submission speed (too fast = likely bot)
if (!isset($_SESSION['form_start_time'])) {
$_SESSION['form_start_time'] = time();
}
// Check submission speed (too fast = likely bot) - More lenient timing
if (isset($_SESSION['form_start_time'])) {
$submissionTime = time() - $_SESSION['form_start_time'];
if ($submissionTime < 10) { // Less than 10 seconds for quote form (more complex)
if ($submissionTime < 3) { // Only block if under 3 seconds (very aggressive bots)
sendResponse(false, 'Form submitted too quickly');
}
}
// Sanitize services array
$services = array_map(function($service) {
@@ -375,6 +373,9 @@ if (!file_exists('logs')) {
// Send email
try {
// Clear any previous errors
error_clear_last();
$emailSent = mail($to, $subject, $emailHTML, $headers);
if ($emailSent) {
@@ -382,20 +383,28 @@ try {
$logEntry = date('Y-m-d H:i:s') . " - Quote request from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - Services: " . implode(', ', $services) . "\n";
file_put_contents('logs/quote-requests.log', $logEntry, FILE_APPEND | LOCK_EX);
sendResponse(true, 'Thank you for your quote request! We will send you a detailed proposal within 24 hours.');
} else {
// Log failed email
$logEntry = date('Y-m-d H:i:s') . " - FAILED quote request from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ")\n";
// Get detailed error information
$lastError = error_get_last();
$errorMsg = $lastError ? $lastError['message'] : 'Unknown mail error';
// Log failed email with detailed error
$logEntry = date('Y-m-d H:i:s') . " - FAILED quote request from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - Error: " . $errorMsg . "\n";
file_put_contents('logs/quote-errors.log', $logEntry, FILE_APPEND | LOCK_EX);
sendResponse(false, 'There was an error sending your quote request. Please try again or contact us directly.');
// Check common issues
if (strpos($errorMsg, 'sendmail') !== false) {
error_log("Mail server configuration issue: " . $errorMsg);
}
sendResponse(false, 'There was an error sending your quote request. Please try again or contact us directly at info@ukdataservices.co.uk');
}
} catch (Exception $e) {
// Log exception
$logEntry = date('Y-m-d H:i:s') . " - EXCEPTION: " . $e->getMessage() . " from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ")\n";
// Log exception with full details
$logEntry = date('Y-m-d H:i:s') . " - EXCEPTION: " . $e->getMessage() . " from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - File: " . $e->getFile() . " Line: " . $e->getLine() . "\n";
file_put_contents('logs/quote-errors.log', $logEntry, FILE_APPEND | LOCK_EX);
sendResponse(false, 'There was an error processing your quote request. Please try again later.');
sendResponse(false, 'There was an error processing your quote request. Please contact us directly at info@ukdataservices.co.uk');
}
?>