sag24-website/public/api/contact.php

<?php
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: https://sag24.ru');
header('Access-Control-Allow-Methods: POST');
header('Access-Control-Allow-Headers: Content-Type');

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['error' => 'Method not allowed']);
    exit;
}

$data = json_decode(file_get_contents('php://input'), true);
if (!$data) {
    http_response_code(400);
    echo json_encode(['error' => 'Invalid JSON']);
    exit;
}

$name    = htmlspecialchars(trim($data['name'] ?? ''), ENT_QUOTES);
$phone   = htmlspecialchars(trim($data['phone'] ?? ''), ENT_QUOTES);
$email   = htmlspecialchars(trim($data['email'] ?? ''), ENT_QUOTES);
$message = htmlspecialchars(trim($data['message'] ?? ''), ENT_QUOTES);

if (!$name || !$message) {
    http_response_code(400);
    echo json_encode(['error' => 'Missing required fields']);
    exit;
}

// ─── Telegram (best-effort, not fatal) ───────────────────────────────────────
$BOT_TOKEN = '8138813013:AAElH2L5NspRLSdiFjDz6Qf32n4G24P_cj8';
$CHAT_ID   = '-5230603582';

$text  = "🔔 <b>Заявка с sag24.ru</b>\n\n";
$text .= "👤 <b>Имя:</b> {$name}\n";
if ($phone) $text .= "📱 <b>Телефон:</b> {$phone}\n";
if ($email) $text .= "📧 <b>Email:</b> {$email}\n";
$text .= "\n💬 <b>Сообщение:</b>\n{$message}\n";
$text .= "\n⏰ " . date('d.m.Y H:i', time() + 3 * 3600) . " MSK";

$ch = curl_init("https://api.telegram.org/bot{$BOT_TOKEN}/sendMessage");
curl_setopt_array($ch, [
    CURLOPT_POST           => true,
    CURLOPT_POSTFIELDS     => json_encode(['chat_id' => $CHAT_ID, 'text' => $text, 'parse_mode' => 'HTML']),
    CURLOPT_HTTPHEADER     => ['Content-Type: application/json'],
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_TIMEOUT        => 10,
]);
curl_exec($ch);
curl_close($ch);

// ─── Email via SMTP (noreply@sag24.ru → info@sag24.ru) ───────────────────────
$smtp_host = 'mx.hhivp.com';
$smtp_port = 587;
$smtp_user = 'noreply@sag24.ru';
$smtp_pass = '9hsnDyBAk5&S4#lE';
$mail_to   = 'info@sag24.ru';

$subject = "=?UTF-8?B?" . base64_encode("Заявка с sag24.ru от {$name}") . "?=";
$body    = "Имя: {$name}\r\n";
if ($phone)   $body .= "Телефон: {$phone}\r\n";
if ($email)   $body .= "Email: {$email}\r\n";
$body .= "\r\nСообщение:\r\n{$message}\r\n";
$body .= "\r\n" . date('d.m.Y H:i', time() + 3 * 3600) . " MSK";

try {
    $smtp = fsockopen($smtp_host, $smtp_port, $errno, $errstr, 10);
    if ($smtp) {
        fgets($smtp, 512);
        fwrite($smtp, "EHLO sag24.ru\r\n"); $caps = '';
        while ($line = fgets($smtp, 512)) { $caps .= $line; if ($line[3] == ' ') break; }
        fwrite($smtp, "STARTTLS\r\n"); fgets($smtp, 512);
        stream_socket_enable_crypto($smtp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
        fwrite($smtp, "EHLO sag24.ru\r\n");
        while ($line = fgets($smtp, 512)) { if ($line[3] == ' ') break; }
        fwrite($smtp, "AUTH LOGIN\r\n"); fgets($smtp, 512);
        fwrite($smtp, base64_encode($smtp_user) . "\r\n"); fgets($smtp, 512);
        fwrite($smtp, base64_encode($smtp_pass) . "\r\n"); fgets($smtp, 512);
        fwrite($smtp, "MAIL FROM:<{$smtp_user}>\r\n"); fgets($smtp, 512);
        fwrite($smtp, "RCPT TO:<{$mail_to}>\r\n");     fgets($smtp, 512);
        fwrite($smtp, "DATA\r\n"); fgets($smtp, 512);
        fwrite($smtp, "From: noreply@sag24.ru\r\nTo: {$mail_to}\r\nSubject: {$subject}\r\n");
        fwrite($smtp, "MIME-Version: 1.0\r\nContent-Type: text/plain; charset=UTF-8\r\n\r\n");
        fwrite($smtp, $body . "\r\n.\r\n"); fgets($smtp, 512);
        fwrite($smtp, "QUIT\r\n");
        fclose($smtp);
    }
} catch (Throwable $e) {
    // email failure is non-fatal
}

echo json_encode(['success' => true]);