<?php
// kontakt.php — UTF-8 ohne BOM speichern, keine Ausgabe vor diesem Tag!
declare(strict_types=1);

// Immer klaren Zeichensatz senden
header('Content-Type: text/plain; charset=utf-8');

// Nur POST akzeptieren
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
  http_response_code(405);
  exit("Method Not Allowed");
}

// Honeypot gegen Bots
if (!empty($_POST['company'] ?? '')) {
  http_response_code(400);
  exit("Spam detected");
}

// Felder prüfen
$name    = trim($_POST['name'] ?? '');
$email   = trim($_POST['email'] ?? '');
$subject = trim($_POST['subject'] ?? 'Kontaktanfrage');
$message = trim($_POST['message'] ?? '');
$phone   = trim($_POST['phone'] ?? '');
$consent = isset($_POST['consent']);

if ($name === '' || !filter_var($email, FILTER_VALIDATE_EMAIL) || $message === '' || !$consent) {
  http_response_code(400);
  exit("Bad Request");
}

// Maildaten (hier echte Domain einsetzen, keine .tld am Ende)
$to   = 'info@m2tec.de';          // Empfängeradresse
$from = 'webform@m2tec.de';       // Absender muss zu deiner Domain gehören

$body  = "Neue Nachricht über das Kontaktformular:\n\n";
$body .= "Name:   $name\nE-Mail: $email\n";
if ($phone) { $body .= "Telefon: $phone\n"; }
$body .= "\nNachricht:\n$message\n";

$headers = [];
$headers[] = "From: Webformular <{$from}>";
$headers[] = "Reply-To: {$name} <{$email}>";
$headers[] = "MIME-Version: 1.0";

$hasFile = isset($_FILES['file']) && $_FILES['file']['error'] === UPLOAD_ERR_OK;

if ($hasFile) {
  $filename = basename($_FILES['file']['name']);
  $type = mime_content_type($_FILES['file']['tmp_name']) ?: 'application/octet-stream';
  $allowed = ['application/pdf','image/png','image/jpeg'];

  if (!in_array($type, $allowed, true) || $_FILES['file']['size'] > 5*1024*1024) {
    http_response_code(400);
    exit("Ungültiger Anhang");
  }

  $boundary = 'b'.md5(uniqid((string)mt_rand(), true));
  $headers[] = "Content-Type: multipart/mixed; boundary=\"{$boundary}\"";

  $fileData = chunk_split(base64_encode((string)file_get_contents($_FILES['file']['tmp_name'])));

  $mailBody  = "--{$boundary}\r\n";
  $mailBody .= "Content-Type: text/plain; charset=UTF-8\r\n\r\n{$body}\r\n";
  $mailBody .= "--{$boundary}\r\n";
  $mailBody .= "Content-Type: {$type}; name=\"{$filename}\"\r\n";
  $mailBody .= "Content-Transfer-Encoding: base64\r\n";
  $mailBody .= "Content-Disposition: attachment; filename=\"{$filename}\"\r\n\r\n";
  $mailBody .= "{$fileData}\r\n";
  $mailBody .= "--{$boundary}--";
} else {
  $headers[] = "Content-Type: text/plain; charset=UTF-8";
  $mailBody = $body;
}

// Senden
$ok = mail(
  $to,
  '=?UTF-8?B?'.base64_encode('Kontakt: '.$subject).'?=',
  $mailBody,
  implode("\r\n", $headers)
);

http_response_code($ok ? 200 : 500);
echo $ok ? "OK" : "Mail send failed";