<?php
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST');
header('Access-Control-Allow-Headers: Content-Type');

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['error' => 'Method not allowed']);
    exit;
}

$data = json_decode(file_get_contents('php://input'), true);

// Check honeypot
if (!empty($data['website']) || !empty($data['phone_check'])) {
    http_response_code(200);
    echo json_encode(['success' => true]);
    exit;
}

// Validate and sanitize
$name    = htmlspecialchars($data['name'] ?? '');
$email   = filter_var($data['email'] ?? '', FILTER_SANITIZE_EMAIL);
$company = htmlspecialchars($data['company'] ?? '');
$type    = htmlspecialchars($data['type'] ?? '');
$message = htmlspecialchars($data['message'] ?? '');

if (!$name || !$email || !$message || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
    http_response_code(422);
    echo json_encode(['success' => false, 'error' => 'Invalid input']);
    exit;
}

$to      = 'contact@ahojsvet.eu'; // TODO: replace with your actual address
$subject = 'New Contact Form: ' . $type;
$body    = "Name: $name\nEmail: $email\nCompany: $company\nType: $type\n\nMessage:\n$message";
$headers = implode("\r\n", [
    'From: noreply@ahojsvet.eu',
    'Reply-To: ' . $name . ' <' . $email . '>',
    'X-Mailer: PHP/' . phpversion(),
    'Content-Type: text/plain; charset=UTF-8',
]);

if (mail($to, $subject, $body, $headers)) {
    http_response_code(200);
    echo json_encode(['success' => true]);
} else {
    http_response_code(500);
    echo json_encode(['success' => false, 'error' => 'mail() failed']);
}
?>