false, 'message' => 'Method not allowed']); exit; } function checkRateLimit($ip) { global $config; $cache_file = sys_get_temp_dir() . '/hexahost_contact_' . md5($ip) . '.txt'; $current_time = time(); $data = ['requests' => []]; $handle = @fopen($cache_file, 'c+'); if ($handle === false) { return true; } try { if (!flock($handle, LOCK_EX)) { return true; } $contents = stream_get_contents($handle); if ($contents !== false && $contents !== '') { $decoded = json_decode($contents, true); if (is_array($decoded) && isset($decoded['requests'])) { $data = $decoded; } } $data['requests'] = array_values(array_filter( $data['requests'], static fn($timestamp) => ($current_time - (int) $timestamp) < 3600 )); if (count($data['requests']) >= $config['max_requests_per_hour']) { return false; } $data['requests'][] = $current_time; ftruncate($handle, 0); rewind($handle); fwrite($handle, json_encode($data)); } finally { flock($handle, LOCK_UN); fclose($handle); } return true; } function checkHoneypot($data) { global $config; $honeypot_field = $config['honeypot_field']; return empty($data[$honeypot_field]); } function sanitizeFormField($input) { return strip_tags(trim((string) $input)); } function getSubjectLabel($subjectKey) { $map = getContactSubjectMap(); return $map[$subjectKey] ?? 'Neue Kontaktanfrage'; } function sendEmail($data) { global $config; $subject = '[HexaHost.de] ' . getSubjectLabel($data['subject']); $replyName = sanitizeHeaderValue($data['firstName'] . ' ' . $data['lastName']); $replyEmail = sanitizeHeaderValue($data['email']); $headers = [ 'From: ' . $config['from_name'] . ' <' . $config['from_email'] . '>', 'Reply-To: ' . $replyName . ' <' . $replyEmail . '>', 'MIME-Version: 1.0', 'Content-Type: text/html; charset=UTF-8', 'X-Mailer: HexaHost Contact Form', 'X-Priority: 3', 'X-MSMail-Priority: Normal', 'Importance: Normal', 'X-Report-Abuse: Please report abuse here: abuse@hexahost.de', ]; // Native PHP Mailversand ohne externe Libraries return mail($config['to_email'], $subject, generateEmailHTML($data), implode("\r\n", $headers)); } function generateEmailHTML($data) { $subject_text = htmlspecialchars(getSubjectLabel($data['subject']), ENT_QUOTES, 'UTF-8'); $html = ' Neue Kontaktanfrage - HexaHost.de

Neue Kontaktanfrage

HexaHost.de Kontaktformular

Betreff:
' . $subject_text . '
Name:
' . htmlspecialchars($data['firstName'] . ' ' . $data['lastName'], ENT_QUOTES, 'UTF-8') . '
E-Mail:
' . htmlspecialchars($data['email'], ENT_QUOTES, 'UTF-8') . '
'; if (!empty($data['phone'])) { $html .= '
Telefon:
' . htmlspecialchars($data['phone'], ENT_QUOTES, 'UTF-8') . '
'; } if (!empty($data['company'])) { $html .= '
Unternehmen:
' . htmlspecialchars($data['company'], ENT_QUOTES, 'UTF-8') . '
'; } $html .= '
Nachricht:
' . nl2br(htmlspecialchars($data['message'], ENT_QUOTES, 'UTF-8')) . '
IP-Adresse:
' . htmlspecialchars(getClientIP(), ENT_QUOTES, 'UTF-8') . '
Zeitstempel:
' . date('d.m.Y H:i:s') . '

Diese E-Mail wurde automatisch vom HexaHost.de Kontaktformular generiert.

© ' . date('Y') . ' HexaHost.de - Alle Rechte vorbehalten

'; return $html; } function generateEmailText($data) { $text = "NEUE KONTAKTANFRAGE - HexaHost.de\n"; $text .= "=====================================\n\n"; $text .= "Betreff: " . getSubjectLabel($data['subject']) . "\n"; $text .= "Name: " . $data['firstName'] . " " . $data['lastName'] . "\n"; $text .= "E-Mail: " . $data['email'] . "\n"; if (!empty($data['phone'])) { $text .= "Telefon: " . $data['phone'] . "\n"; } if (!empty($data['company'])) { $text .= "Unternehmen: " . $data['company'] . "\n"; } $text .= "\nNachricht:\n"; $text .= "----------\n"; $text .= $data['message'] . "\n\n"; $text .= "IP-Adresse: " . getClientIP() . "\n"; $text .= "Zeitstempel: " . date('d.m.Y H:i:s') . "\n\n"; $text .= "---\n"; $text .= "Diese E-Mail wurde automatisch vom HexaHost.de Kontaktformular generiert.\n"; $text .= "© " . date('Y') . " HexaHost.de - Alle Rechte vorbehalten"; return $text; } try { if (!empty($config['enable_csrf'])) { if (empty($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) { http_response_code(403); echo json_encode([ 'success' => false, 'message' => 'Ungültige Sitzung. Bitte laden Sie die Seite neu und versuchen Sie es erneut.', ]); exit; } } if (!checkRateLimit(getClientIP())) { http_response_code(429); echo json_encode([ 'success' => false, 'message' => 'Zu viele Anfragen. Bitte versuchen Sie es später erneut.', ]); exit; } if (!checkHoneypot($_POST)) { http_response_code(400); echo json_encode(['success' => false, 'message' => 'Ungültige Anfrage.']); exit; } $required_fields = ['firstName', 'lastName', 'email', 'subject', 'message', 'privacy']; $missing_fields = []; foreach ($required_fields as $field) { if (empty($_POST[$field])) { $missing_fields[] = $field; } } if (!empty($missing_fields)) { http_response_code(400); echo json_encode([ 'success' => false, 'message' => 'Bitte füllen Sie alle Pflichtfelder aus.', 'missing_fields' => $missing_fields, ]); exit; } $subjectKey = trim((string) $_POST['subject']); if (!isAllowedContactSubject($subjectKey)) { http_response_code(400); echo json_encode([ 'success' => false, 'message' => 'Bitte wählen Sie einen gültigen Betreff.', ]); exit; } $email = trim((string) $_POST['email']); if (!isValidEmail($email)) { http_response_code(400); echo json_encode([ 'success' => false, 'message' => 'Bitte geben Sie eine gültige E-Mail-Adresse ein.', ]); exit; } $message = trim((string) $_POST['message']); $messageLength = mb_strlen($message, 'UTF-8'); if ($messageLength < $config['min_message_length']) { http_response_code(400); echo json_encode([ 'success' => false, 'message' => 'Ihre Nachricht ist zu kurz.', ]); exit; } if ($messageLength > $config['max_message_length']) { http_response_code(400); echo json_encode([ 'success' => false, 'message' => 'Ihre Nachricht ist zu lang.', ]); exit; } $data = [ 'firstName' => sanitizeFormField($_POST['firstName']), 'lastName' => sanitizeFormField($_POST['lastName']), 'email' => sanitizeHeaderValue($email), 'phone' => sanitizeFormField($_POST['phone'] ?? ''), 'company' => sanitizeFormField($_POST['company'] ?? ''), 'subject' => $subjectKey, 'message' => sanitizeFormField($message), 'privacy' => isset($_POST['privacy']), ]; if (sendEmail($data)) { if (LOG_EMAILS) { logEmail('sent', [ 'subject' => $subjectKey, 'email' => $data['email'], 'ip' => getClientIP(), ]); } echo json_encode([ 'success' => true, 'message' => 'Ihre Nachricht wurde erfolgreich gesendet! Wir melden uns in Kürze bei Ihnen.', ]); } else { http_response_code(500); echo json_encode([ 'success' => false, 'message' => 'Beim Senden der Nachricht ist ein Fehler aufgetreten. Bitte versuchen Sie es später erneut.', ]); } } catch (Exception $e) { error_log('HexaHost Contact Form Error: ' . $e->getMessage()); http_response_code(500); echo json_encode([ 'success' => false, 'message' => 'Ein unerwarteter Fehler ist aufgetreten. Bitte versuchen Sie es später erneut.', ]); }