0, 'time' => time()]; } $data = $_SESSION[$key]; if (time() - $data['time'] > 3600) { $_SESSION[$key] = ['count' => 0, 'time' => time()]; $data = $_SESSION[$key]; } if ($data['count'] >= 3) { return false; } return true; } // Input validation function validateInput($data, $type = 'text') { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data, ENT_QUOTES, 'UTF-8'); switch ($type) { case 'email': return filter_var($data, FILTER_VALIDATE_EMAIL) ? $data : false; case 'phone': return preg_match('/^[\+]?[0-9\s\-\(\)]+$/', $data) ? $data : false; case 'text': return strlen($data) > 0 ? $data : false; case 'long_text': return strlen($data) >= 20 ? $data : false; default: return $data; } } // Response function function sendResponse($success, $message, $data = null) { $response = [ 'success' => $success, 'message' => $message ]; if ($data !== null) { $response['data'] = $data; } echo json_encode($response); exit; } // Handle POST requests only if ($_SERVER['REQUEST_METHOD'] !== 'POST') { sendResponse(false, 'Invalid request method'); } // Validate CSRF token (if present) if (isset($_POST['csrf_token']) && !validateCSRFToken($_POST['csrf_token'])) { sendResponse(false, 'Security validation failed. Please refresh the page and try again.'); } // Check for blocked IPs function checkBlockedIP() { $ip = $_SERVER['REMOTE_ADDR']; $blockFile = 'logs/blocked-ips.txt'; if (file_exists($blockFile)) { $blockedIPs = file($blockFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); foreach ($blockedIPs as $blockedEntry) { $parts = explode('|', $blockedEntry); if (isset($parts[0]) && $parts[0] === $ip) { $blockTime = isset($parts[1]) ? (int)$parts[1] : 0; // Block for 24 hours if (time() - $blockTime < 86400) { return false; } } } } return true; } // Check for blocked IPs first if (!checkBlockedIP()) { sendResponse(false, 'Access temporarily restricted'); } // Check rate limiting if (!checkRateLimit()) { sendResponse(false, 'Too many requests. Please try again later.'); } // Spam protection - honeypot field if (isset($_POST['website']) && !empty($_POST['website'])) { sendResponse(false, 'Spam detected'); } // Validate and sanitize inputs $services = $_POST['services'] ?? []; $project_scale = validateInput($_POST['project_scale'] ?? '', 'text'); $timeline = validateInput($_POST['timeline'] ?? '', 'text'); $name = validateInput($_POST['name'] ?? '', 'text'); $email = validateInput($_POST['email'] ?? '', 'email'); $company = validateInput($_POST['company'] ?? '', 'text'); $phone = validateInput($_POST['phone'] ?? '', 'phone'); $data_sources = validateInput($_POST['data_sources'] ?? '', 'text'); $requirements = validateInput($_POST['requirements'] ?? '', 'long_text'); $budget = validateInput($_POST['budget'] ?? '', 'text'); // Validation $errors = []; if (empty($services) || !is_array($services)) { $errors[] = 'Please select at least one service'; } if (!$project_scale) { $errors[] = 'Please select a project scale'; } if (!$timeline) { $errors[] = 'Please select a timeline'; } if (!$name || strlen($name) < 2) { $errors[] = 'Please enter a valid name'; } if (!$email) { $errors[] = 'Please enter a valid email address'; } if (!$requirements) { $errors[] = 'Please provide detailed project requirements'; } if (!empty($errors)) { sendResponse(false, implode('. ', $errors)); } // Enhanced spam protection - content filtering $spamKeywords = [ 'viagra', 'cialis', 'casino', 'lottery', 'bitcoin', 'forex', 'loan', 'debt', 'pharmacy', 'click here', 'act now', 'limited time', 'risk free', 'guarantee', 'no obligation', 'free money', 'make money fast', 'work from home', 'get rich', 'investment opportunity', 'credit repair', 'refinance', 'consolidate debt', 'weight loss', 'miracle cure', 'lose weight', 'adult content', 'porn', 'sex', 'dating', 'singles', 'webcam', 'escort', 'massage' ]; $contentToCheck = strtolower($requirements . ' ' . $name . ' ' . $company . ' ' . $data_sources); foreach ($spamKeywords as $keyword) { if (strpos($contentToCheck, $keyword) !== false) { sendResponse(false, 'Invalid content detected'); } } // Bot detection - check for suspicious patterns $userAgent = $_SERVER['HTTP_USER_AGENT'] ?? ''; $suspiciousAgents = ['curl', 'wget', 'python', 'bot', 'crawler', 'spider', 'scraper']; foreach ($suspiciousAgents as $agent) { if (stripos($userAgent, $agent) !== false) { sendResponse(false, 'Automated submissions not allowed'); } } // Check submission speed (too fast = likely bot) - More lenient timing if (isset($_SESSION['form_start_time'])) { $submissionTime = time() - $_SESSION['form_start_time']; if ($submissionTime < 3) { // Only block if under 3 seconds (very aggressive bots) sendResponse(false, 'Form submitted too quickly'); } } // Sanitize services array $services = array_map(function($service) { return htmlspecialchars(trim($service), ENT_QUOTES, 'UTF-8'); }, $services); // Update rate limit counter $ip = $_SERVER['REMOTE_ADDR']; $key = 'quote_' . md5($ip); $_SESSION[$key]['count']++; // Create friendly service names $service_names = [ 'web-scraping' => 'Web Scraping & Data Extraction', 'business-intelligence' => 'Business Intelligence & Analytics', 'data-processing' => 'Data Processing & Cleaning', 'automation' => 'Automation & APIs', 'consulting' => 'Custom Development', 'other' => 'Other Services' ]; $selected_services = array_map(function($service) use ($service_names) { return $service_names[$service] ?? $service; }, $services); // Create friendly scale names $scale_names = [ 'small' => 'Small Project (One-time extraction, < 10k records)', 'medium' => 'Medium Project (Regular updates, 10k-100k records)', 'large' => 'Large Project (Ongoing service, 100k+ records)', 'enterprise' => 'Enterprise (Complex multi-source solution)' ]; $friendly_scale = $scale_names[$project_scale] ?? $project_scale; // Create friendly timeline names $timeline_names = [ 'asap' => 'ASAP (Rush job)', '1-week' => 'Within 1 week', '2-4-weeks' => '2-4 weeks', 'flexible' => 'Flexible timeline' ]; $friendly_timeline = $timeline_names[$timeline] ?? $timeline; // Prepare email content $to = 'info@ukdataservices.co.uk'; $subject = 'New Quote Request - UK Data Services'; // Create detailed HTML email $emailHTML = ' New Quote Request

🚀 New Quote Request

UK Data Services

Received: ' . date('Y-m-d H:i:s') . ' UTC

👤 Contact Information
Name:
' . htmlspecialchars($name) . '
Email:
' . htmlspecialchars($email) . '
Company:
' . htmlspecialchars($company ?: 'Not provided') . '
Phone:
' . htmlspecialchars($phone ?: 'Not provided') . '
🎯 Services Required
    '; foreach ($selected_services as $service) { $emailHTML .= '
  • ✓ ' . htmlspecialchars($service) . '
    • '; } $emailHTML .= '
📊 Project Details
Project Scale:
' . htmlspecialchars($friendly_scale) . '
Timeline:
' . htmlspecialchars($friendly_timeline) . '
Budget Range:
' . htmlspecialchars($budget ?: 'Not specified') . '
🌐 Data Sources
' . nl2br(htmlspecialchars($data_sources ?: 'Not specified')) . '
📝 Detailed Requirements
' . nl2br(htmlspecialchars($requirements)) . '
🔍 Submission Details
IP Address:
' . htmlspecialchars($_SERVER['REMOTE_ADDR']) . '
User Agent:
' . htmlspecialchars($_SERVER['HTTP_USER_AGENT']) . '
Referrer:
' . htmlspecialchars($_SERVER['HTTP_REFERER'] ?? 'Direct') . '
'; // Email headers $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=UTF-8\r\n"; $headers .= "From: \"UK Data Services Quote System\" \r\n"; $headers .= "Reply-To: " . $email . "\r\n"; $headers .= "X-Mailer: PHP/" . phpversion() . "\r\n"; $headers .= "X-Priority: " . ($timeline === 'asap' ? '1' : '3') . "\r\n"; // Create logs directory if it doesn't exist if (!file_exists('logs')) { mkdir('logs', 0755, true); } // Send email try { // Clear any previous errors error_clear_last(); $emailSent = mail($to, $subject, $emailHTML, $headers); if ($emailSent) { // Log successful submission $logEntry = date('Y-m-d H:i:s') . " - Quote request from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - Services: " . implode(', ', $services) . "\n"; file_put_contents('logs/quote-requests.log', $logEntry, FILE_APPEND | LOCK_EX); sendResponse(true, 'Thank you for your quote request! We will send you a detailed proposal within 24 hours.'); } else { // Get detailed error information $lastError = error_get_last(); $errorMsg = $lastError ? $lastError['message'] : 'Unknown mail error'; // Log failed email with detailed error $logEntry = date('Y-m-d H:i:s') . " - FAILED quote request from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - Error: " . $errorMsg . "\n"; file_put_contents('logs/quote-errors.log', $logEntry, FILE_APPEND | LOCK_EX); // Check common issues if (strpos($errorMsg, 'sendmail') !== false) { error_log("Mail server configuration issue: " . $errorMsg); } sendResponse(false, 'There was an error sending your quote request. Please try again or contact us directly at info@ukdataservices.co.uk'); } } catch (Exception $e) { // Log exception with full details $logEntry = date('Y-m-d H:i:s') . " - EXCEPTION: " . $e->getMessage() . " from " . $email . " (" . $_SERVER['REMOTE_ADDR'] . ") - File: " . $e->getFile() . " Line: " . $e->getLine() . "\n"; file_put_contents('logs/quote-errors.log', $logEntry, FILE_APPEND | LOCK_EX); sendResponse(false, 'There was an error processing your quote request. Please contact us directly at info@ukdataservices.co.uk'); } ?>