File: /home/theadvocacyservicecenter/public_html/sendlead.php
<?php
// Debug mode (disable in production)
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
require 'vendor/autoload.php';
header('Content-Type: application/json');
// --- Helper sanitize function ---
function sanitize($data) {
return htmlspecialchars(strip_tags(trim($data)));
}
try {
session_start();
// --- Rate limit: 1 submission every 10s ---
if (isset($_SESSION['last_submit']) && time() - $_SESSION['last_submit'] < 10) {
throw new Exception("Too many submissions. Please wait a few seconds.");
}
$_SESSION['last_submit'] = time();
// --- Honeypot check ---
if (!empty($_POST['website'])) {
throw new Exception("Spam detected.");
}
// --- Required fields ---
$required_fields = [
'firstname','lastname','phone','email',
'month','day','year','address','zip','city','state',
'agentName','officeLocation','med1'
];
foreach ($required_fields as $field) {
if (empty($_POST[$field])) {
throw new Exception('Missing required field: ' . $field);
}
}
// --- Sanitize inputs ---
$firstname = sanitize($_POST['firstname']);
$lastname = sanitize($_POST['lastname']);
$phone = preg_replace("/[^0-9]/", "", $_POST['phone']);
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if (!$email) throw new Exception("Invalid email address.");
$dob = sanitize($_POST['month']) . '/' . sanitize($_POST['day']) . '/' . sanitize($_POST['year']);
$address = sanitize($_POST['address']);
$zip = preg_replace("/[^0-9]/", "", $_POST['zip']);
$city = sanitize($_POST['city']);
$state = sanitize($_POST['state']);
$agentName = sanitize($_POST['agentName']);
$officeLocation = sanitize($_POST['officeLocation']);
$med1 = sanitize($_POST['med1']);
$med2 = isset($_POST['med2']) ? sanitize($_POST['med2']) : '';
$med3 = isset($_POST['med3']) ? sanitize($_POST['med3']) : '';
$additionalMeds = isset($_POST['additionalMeds']) ? sanitize($_POST['additionalMeds']) : '';
// --- Build email content ---
$subject = "New Referral Lead from $firstname $lastname";
$body = "
You received a new referral lead:
Name: $firstname $lastname
Phone: $phone
Email: $email
Date of Birth: $dob
Address:
$address
$city, $state $zip
Agent Name: $agentName
Office Location: $officeLocation
Medications:
1. $med1
2. $med2
3. $med3
Additional Meds/Notes: $additionalMeds
";
// --- PHPMailer setup ---
$mail = new PHPMailer(true);
$mail->SMTPDebug = 3; // debug output
$mail->Debugoutput = 'error_log';
$mail->isSMTP();
$mail->Host = 'smtp.gmail.com';
$mail->SMTPAuth = true;
$mail->Username = '[email protected]'; // GSuite email
$mail->Password = 'sdwcqdmoagrtdmdl'; // 16-char App Password
$mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
$mail->Port = 465;
// Recipients
$mail->setFrom('[email protected]', 'The Advocacy Service Center');
$mail->addAddress('[email protected]'); // Recipient
// Content
$mail->isHTML(false);
$mail->Subject = $subject;
$mail->Body = $body;
$mail->send();
echo json_encode(['status' => 'success', 'message' => 'Referral lead submitted successfully.']);
} catch (Exception $e) {
http_response_code(500);
echo json_encode(['status' => 'error', 'message' => $e->getMessage()]);
}
?>