 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/domains/soundstudiopro.com/private_html/ |
<?php
session_start();
require_once 'includes/translations.php';
require_once 'includes/security.php';
require_once 'config/database.php';
require_once 'config/email.php';
$current_page = 'contact';
$page_title = t('contact.page_title');
$page_description = t('contact.page_description');
$current_lang = getCurrentLanguage();
$contact_legal_texts = [
'fr' => 'Les demandes envoyées via ce formulaire sont traitées conformément à nos <a href="/privacy.php">Politiques de confidentialité</a> et à nos <a href="/terms.php">Conditions d\'utilisation</a>.',
'en' => 'Inquiries submitted through this form are handled under our <a href="/privacy.php">Privacy Policy</a> and <a href="/terms.php">Terms of Service</a>.'
];
$contact_legal_note = $contact_legal_texts[$current_lang] ?? $contact_legal_texts['en'];
$contact_errors = [];
$contact_success = false;
$form_data = [
'name' => '',
'email' => '',
'subject' => '',
'message' => '',
'topic' => 'support'
];
$recipient_map = [
'support' => [
'email' => 'support@soundstudiopro.com',
'label' => t('contact.form_topic_support')
],
'licensing' => [
'email' => 'licensing@soundstudiopro.com',
'label' => t('contact.form_topic_licensing')
],
'partnerships' => [
'email' => 'partners@soundstudiopro.com',
'label' => t('contact.form_topic_partnerships')
]
];
$admin_notification_email = 'admin@soundstudiopro.com';
// Security: Rate limiting - max 5 submissions per 15 minutes per IP
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!checkRateLimit('contact_form', 5, 900)) {
$contact_errors[] = 'Too many requests. Please wait a few minutes before submitting again.';
}
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && empty($contact_errors)) {
// Security: CSRF Protection
$csrf_token = $_POST['csrf_token'] ?? '';
if (!validateCSRFToken($csrf_token)) {
$contact_errors[] = 'Security validation failed. Please refresh the page and try again.';
error_log("CSRF token validation failed on contact form from IP: " . ($_SERVER['REMOTE_ADDR'] ?? 'unknown'));
}
// Security: Honeypot field - if filled, it's a bot
$honeypot = trim($_POST['website'] ?? '');
if ($honeypot !== '') {
// Silent fail - don't reveal this is a honeypot
$contact_errors[] = t('contact.error_send_failed');
error_log("Honeypot triggered on contact form from IP: " . ($_SERVER['REMOTE_ADDR'] ?? 'unknown'));
}
if (empty($contact_errors)) {
// Security: Input length limits to prevent DoS
$form_data['name'] = substr(trim($_POST['name'] ?? ''), 0, 100);
$form_data['email'] = substr(trim($_POST['email'] ?? ''), 0, 255);
$form_data['subject'] = substr(trim($_POST['subject'] ?? ''), 0, 200);
$form_data['message'] = substr(trim($_POST['message'] ?? ''), 0, 5000);
$form_data['topic'] = isset($_POST['topic'], $recipient_map[$_POST['topic']]) ? $_POST['topic'] : 'support';
// Security: Validate and sanitize inputs
if ($form_data['name'] === '') {
$contact_errors[] = t('contact.error_name_required');
}
if ($form_data['email'] === '' || !filter_var($form_data['email'], FILTER_VALIDATE_EMAIL)) {
$contact_errors[] = t('contact.error_email_invalid');
}
if ($form_data['subject'] === '') {
$contact_errors[] = t('contact.error_subject_required');
}
if ($form_data['message'] === '') {
$contact_errors[] = t('contact.error_message_required');
}
// Security: Additional validation - check for suspicious patterns
$suspicious_patterns = [
'/<script/i',
'/javascript:/i',
'/on\w+\s*=/i',
'/<iframe/i',
'/<object/i',
'/<embed/i'
];
$all_input = $form_data['name'] . $form_data['email'] . $form_data['subject'] . $form_data['message'];
foreach ($suspicious_patterns as $pattern) {
if (preg_match($pattern, $all_input)) {
$contact_errors[] = 'Invalid characters detected in your submission.';
error_log("Suspicious pattern detected on contact form from IP: " . ($_SERVER['REMOTE_ADDR'] ?? 'unknown'));
break;
}
}
}
if (empty($contact_errors)) {
$recipient = $recipient_map[$form_data['topic']];
// Security: Sanitize all inputs for email
$safe_name = htmlspecialchars($form_data['name'], ENT_QUOTES, 'UTF-8');
$safe_email = htmlspecialchars($form_data['email'], ENT_QUOTES, 'UTF-8');
$safe_subject = htmlspecialchars($form_data['subject'], ENT_QUOTES, 'UTF-8');
$safe_message = htmlspecialchars($form_data['message'], ENT_QUOTES, 'UTF-8');
$safe_topic = htmlspecialchars($recipient['label'], ENT_QUOTES, 'UTF-8');
// Security: Prevent email header injection in subject
$safe_subject_line = str_replace(["\r", "\n"], '', $safe_subject);
$subject = '[SoundStudioPro] ' . $safe_topic . ' - ' . $safe_subject_line;
// Security: Sanitize server variables
$safe_host = htmlspecialchars($_SERVER['HTTP_HOST'] ?? 'soundstudiopro.com', ENT_QUOTES, 'UTF-8');
$safe_ip = htmlspecialchars($_SERVER['REMOTE_ADDR'] ?? 'unknown', ENT_QUOTES, 'UTF-8');
$safe_user_agent = htmlspecialchars(substr($_SERVER['HTTP_USER_AGENT'] ?? 'unknown', 0, 200), ENT_QUOTES, 'UTF-8');
$html_body = '
<h2>New contact request</h2>
<p><strong>Name:</strong> ' . $safe_name . '</p>
<p><strong>Email:</strong> ' . $safe_email . '</p>
<p><strong>Topic:</strong> ' . $safe_topic . '</p>
<p><strong>Message:</strong><br>' . nl2br($safe_message) . '</p>
<hr>
<p><strong>Submitted from:</strong> ' . $safe_host . '</p>
<p><strong>IP:</strong> ' . $safe_ip . '</p>
<p><strong>User Agent:</strong> ' . $safe_user_agent . '</p>
';
// Security: Prevent header injection in text body - sanitize all newlines
$text_name = str_replace(["\r", "\n"], ' ', $form_data['name']);
$text_email = str_replace(["\r", "\n"], ' ', $form_data['email']);
$text_topic = str_replace(["\r", "\n"], ' ', $recipient['label']);
$text_message = str_replace(["\r\n", "\r", "\n"], "\n", $form_data['message']);
$text_ip = str_replace(["\r", "\n"], ' ', $safe_ip);
$text_user_agent = str_replace(["\r", "\n"], ' ', $safe_user_agent);
$text_body = "New contact request\n"
. "Name: {$text_name}\n"
. "Email: {$text_email}\n"
. "Topic: {$text_topic}\n"
. "Message:\n{$text_message}\n\n"
. "IP: {$text_ip}\n"
. "User Agent: {$text_user_agent}";
$email_sent = sendEmail(
$recipient['email'],
$recipient['label'] . ' - SoundStudioPro',
$subject,
$html_body,
$text_body,
'contact_form'
);
if ($email_sent && strcasecmp($recipient['email'], $admin_notification_email) !== 0) {
sendEmail(
$admin_notification_email,
'Admin - SoundStudioPro',
$subject . ' (Admin Copy)',
$html_body,
$text_body,
'contact_form_admin_copy'
);
}
if ($email_sent) {
$contact_success = true;
$form_data = [
'name' => '',
'email' => '',
'subject' => '',
'message' => '',
'topic' => 'support'
];
} else {
$contact_errors[] = t('contact.error_send_failed');
}
}
}
include 'includes/header.php';
?>
<div class="contact-page">
<div class="container">
<section class="contact-hero">
<span class="contact-badge"><?= t('contact.hero_badge') ?></span>
<h1><?= htmlspecialchars($page_title) ?></h1>
<p><?= t('contact.hero_subtitle') ?></p>
<div class="contact-meta">
<span><i class="fas fa-clock"></i> <?= t('contact.response_time') ?></span>
<span><i class="fas fa-globe"></i> <?= t('contact.support_hours') ?></span>
</div>
</section>
<?php if ($contact_success): ?>
<div class="contact-alert contact-alert-success">
<i class="fas fa-check-circle"></i> <?= t('contact.form_success') ?>
</div>
<?php elseif (!empty($contact_errors)): ?>
<div class="contact-alert contact-alert-error">
<i class="fas fa-exclamation-triangle"></i>
<div>
<?php foreach ($contact_errors as $error): ?>
<p><?= htmlspecialchars($error) ?></p>
<?php endforeach; ?>
</div>
</div>
<?php endif; ?>
<section class="contact-grid">
<article class="contact-card">
<h2><i class="fas fa-headset"></i> <?= t('contact.card_support_title') ?></h2>
<p><?= t('contact.card_support_desc') ?></p>
<ul>
<li><?= t('contact.card_support_item_1') ?></li>
<li><?= t('contact.card_support_item_2') ?></li>
<li><?= t('contact.card_support_item_3') ?></li>
</ul>
<a class="contact-link" href="mailto:support@soundstudiopro.com">
<i class="fas fa-envelope"></i> support@soundstudiopro.com
</a>
</article>
<article class="contact-card">
<h2><i class="fas fa-file-contract"></i> <?= t('contact.card_licensing_title') ?></h2>
<p><?= t('contact.card_licensing_desc') ?></p>
<ul>
<li><?= t('contact.card_licensing_item_1') ?></li>
<li><?= t('contact.card_licensing_item_2') ?></li>
<li><?= t('contact.card_licensing_item_3') ?></li>
</ul>
<a class="contact-link" href="mailto:licensing@soundstudiopro.com">
<i class="fas fa-envelope"></i> licensing@soundstudiopro.com
</a>
</article>
<article class="contact-card">
<h2><i class="fas fa-handshake"></i> <?= t('contact.card_partnerships_title') ?></h2>
<p><?= t('contact.card_partnerships_desc') ?></p>
<ul>
<li><?= t('contact.card_partnerships_item_1') ?></li>
<li><?= t('contact.card_partnerships_item_2') ?></li>
<li><?= t('contact.card_partnerships_item_3') ?></li>
</ul>
<a class="contact-link" href="mailto:partners@soundstudiopro.com">
<i class="fas fa-envelope"></i> partners@soundstudiopro.com
</a>
</article>
</section>
<section class="contact-form-section">
<div class="contact-form-copy">
<h2><?= t('contact.form_title') ?></h2>
<p><?= t('contact.form_subtitle') ?></p>
<div class="contact-form-highlights">
<span><i class="fas fa-shield-alt"></i> <?= t('contact.form_highlight_privacy') ?></span>
<span><i class="fas fa-bolt"></i> <?= t('contact.form_highlight_priority') ?></span>
<span><i class="fas fa-user-check"></i> <?= t('contact.form_highlight_followup') ?></span>
</div>
</div>
<form class="contact-form" method="post" action="">
<?php // Security: CSRF Token ?>
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars(generateCSRFToken(), ENT_QUOTES, 'UTF-8') ?>">
<?php // Security: Honeypot field (hidden from users, visible to bots) ?>
<label style="position: absolute; left: -9999px; opacity: 0; pointer-events: none;" aria-hidden="true">
<input type="text" name="website" tabindex="-1" autocomplete="off">
</label>
<label>
<?= t('contact.form_name_label') ?>
<input type="text" name="name" value="<?= htmlspecialchars($form_data['name'], ENT_QUOTES, 'UTF-8') ?>" placeholder="<?= t('contact.form_name_placeholder') ?>" maxlength="100" required>
</label>
<label>
<?= t('contact.form_email_label') ?>
<input type="email" name="email" value="<?= htmlspecialchars($form_data['email'], ENT_QUOTES, 'UTF-8') ?>" placeholder="<?= t('contact.form_email_placeholder') ?>" maxlength="255" required>
</label>
<label>
<?= t('contact.form_subject_label') ?>
<input type="text" name="subject" value="<?= htmlspecialchars($form_data['subject'], ENT_QUOTES, 'UTF-8') ?>" placeholder="<?= t('contact.form_subject_placeholder') ?>" maxlength="200" required>
</label>
<label>
<?= t('contact.form_topic_label') ?>
<select name="topic" required>
<option value="support" <?= $form_data['topic'] === 'support' ? 'selected' : '' ?>><?= t('contact.form_topic_support') ?></option>
<option value="licensing" <?= $form_data['topic'] === 'licensing' ? 'selected' : '' ?>><?= t('contact.form_topic_licensing') ?></option>
<option value="partnerships" <?= $form_data['topic'] === 'partnerships' ? 'selected' : '' ?>><?= t('contact.form_topic_partnerships') ?></option>
</select>
</label>
<label>
<?= t('contact.form_message_label') ?>
<textarea name="message" rows="5" placeholder="<?= t('contact.form_message_placeholder') ?>" maxlength="5000" required><?= htmlspecialchars($form_data['message'], ENT_QUOTES, 'UTF-8') ?></textarea>
</label>
<button type="submit" class="contact-submit">
<i class="fas fa-paper-plane"></i> <?= t('contact.form_submit') ?>
</button>
<p class="contact-form-note"><?= t('contact.form_note') ?></p>
<p class="contact-form-legal"><?= $contact_legal_note ?></p>
</form>
</section>
</div>
</div>
<style>
.contact-page {
background: radial-gradient(circle at top, rgba(102,126,234,0.1), transparent 60%), #05050a;
color: #f5f5fb;
padding: 80px 0 120px;
}
.contact-page .container {
max-width: 1100px;
}
.contact-hero {
text-align: center;
margin-bottom: 50px;
}
.contact-badge {
display: inline-flex;
align-items: center;
gap: 8px;
padding: 8px 18px;
border-radius: 999px;
border: 1px solid rgba(255,255,255,0.15);
background: rgba(255,255,255,0.05);
color: #a3b8ff;
font-size: 1rem;
margin-bottom: 15px;
}
.contact-hero h1 {
font-size: 2.5rem;
margin-bottom: 15px;
}
.contact-hero p {
max-width: 680px;
margin: 0 auto;
color: #d6d6e8;
}
.contact-meta {
margin-top: 18px;
display: flex;
justify-content: center;
gap: 20px;
color: #a3b8ff;
font-size: 0.95rem;
}
.contact-grid {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
gap: 24px;
margin-bottom: 60px;
}
.contact-card {
background: rgba(255,255,255,0.04);
border: 1px solid rgba(255,255,255,0.1);
border-radius: 18px;
padding: 24px;
display: flex;
flex-direction: column;
gap: 14px;
box-shadow: 0 10px 30px rgba(0,0,0,0.25);
}
.contact-card h2 {
font-size: 1.3rem;
display: flex;
align-items: center;
gap: 10px;
}
.contact-card p {
color: #d6d6e8;
margin: 0;
}
.contact-card ul {
list-style: none;
margin: 0;
padding: 0;
display: flex;
flex-direction: column;
gap: 8px;
color: #c0c0d9;
}
.contact-card li::before {
content: '•';
color: #667eea;
margin-right: 8px;
}
.contact-link {
margin-top: auto;
color: #a3b8ff;
text-decoration: none;
font-weight: 600;
display: inline-flex;
align-items: center;
gap: 8px;
}
.contact-form-section {
background: rgba(255,255,255,0.03);
border: 1px solid rgba(255,255,255,0.08);
border-radius: 24px;
padding: 40px;
display: grid;
grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
gap: 30px;
}
.contact-form-copy h2 {
margin-bottom: 12px;
}
.contact-form-copy p {
color: #d6d6e8;
margin-bottom: 20px;
}
.contact-form-highlights {
display: flex;
flex-wrap: wrap;
gap: 10px;
}
.contact-form-highlights span {
display: inline-flex;
align-items: center;
gap: 6px;
padding: 8px 14px;
border-radius: 999px;
background: rgba(255,255,255,0.05);
border: 1px solid rgba(255,255,255,0.08);
font-size: 0.9rem;
color: #a3b8ff;
}
.contact-form {
display: flex;
flex-direction: column;
gap: 18px;
}
.contact-alert {
display: flex;
align-items: flex-start;
gap: 12px;
padding: 16px 20px;
border-radius: 16px;
margin-bottom: 30px;
font-size: 0.95rem;
}
.contact-alert i {
font-size: 1.3rem;
}
.contact-form-legal {
font-size: 0.9rem;
color: #a9b4da;
margin-top: -6px;
}
.contact-alert-success {
background: rgba(34, 197, 94, 0.12);
border: 1px solid rgba(34, 197, 94, 0.4);
color: #90f0b4;
}
.contact-alert-error {
background: rgba(252, 129, 129, 0.12);
border: 1px solid rgba(252, 129, 129, 0.4);
color: #fecaca;
}
.contact-alert-error p {
margin: 0;
}
.contact-form label {
display: flex;
flex-direction: column;
gap: 8px;
font-size: 0.95rem;
color: #d6d6e8;
}
.contact-form input,
.contact-form textarea {
background: rgba(0,0,0,0.4);
border: 1px solid rgba(255,255,255,0.1);
border-radius: 12px;
padding: 12px 14px;
color: #fff;
font-size: 1rem;
}
.contact-submit {
background: linear-gradient(135deg, #667eea, #764ba2);
border: none;
border-radius: 12px;
color: #fff;
padding: 14px 20px;
font-size: 1rem;
font-weight: 600;
cursor: pointer;
display: inline-flex;
align-items: center;
justify-content: center;
gap: 10px;
}
.contact-form-note {
font-size: 0.85rem;
color: #a3b8ff;
margin: 0;
}
@media (max-width: 600px) {
.contact-hero h1 {
font-size: 2rem;
}
.contact-form-section {
padding: 24px;
}
.contact-meta {
flex-direction: column;
}
}
</style>
<?php include 'includes/footer.php'; ?>