add_action('wp_ajax_lp_form_actions', 'lp_form_actions'); add_action('wp_ajax_nopriv_lp_form_actions', 'lp_form_actions'); function lp_form_actions() { session_start(); // ✅ GET REAL IP if (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])) { $ip = $_SERVER['HTTP_CF_CONNECTING_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])[0]; } else { $ip = $_SERVER['REMOTE_ADDR'] ?? ''; } $ua = $_SERVER['HTTP_USER_AGENT'] ?? ''; $server_ipv6 = '2a02:4780:11:1234::38'; // ❌ BLOCK EMPTY / SERVER IP if (empty($ip) || $ip === $server_ipv6) { wp_send_json(['rc_code'=>4,'message'=>'Bot blocked']); } // ❌ BLOCK BOTS (USER AGENT) foreach (['bot','crawl','spider','curl','wget'] as $bad) { if (stripos($ua, $bad) !== false) { wp_send_json(['rc_code'=>4,'message'=>'Bot blocked']); } } // ✅ NONCE CHECK (FIXED) if (!isset($_POST['lp_nonce']) || !wp_verify_nonce($_POST['lp_nonce'], 'lp_form_nonce_action')) { wp_send_json(['rc_code'=>4,'message'=>'Security check failed']); } // ❌ HONEYPOT if (!empty($_POST['middle_name'])) { wp_send_json(['rc_code'=>4,'message'=>'Bot detected']); } // ❌ TIME CHECK if (!isset($_POST['form_time']) || floatval($_POST['form_time']) < 3) { wp_send_json(['rc_code'=>4,'message'=>'Too fast - bot']); } // ❌ BOT FIELD CHECK if (!isset($_POST['bot']) || $_POST['bot'] !== 'ggfg') { wp_send_json(['rc_code'=>4,'message'=>'Bot detected']); } // ✅ SANITIZE $firstName = sanitize_text_field($_POST['firstName']); $lastName = sanitize_text_field($_POST['lastName']); $email = sanitize_email($_POST['email']); $location = sanitize_text_field($_POST['location']); $branch = sanitize_text_field($_POST['branch']); $captcha = sanitize_text_field($_POST['captcha']); // ✅ PHONE CLEAN $phone = preg_replace('/\D/', '', $_POST['phone']); if (substr($phone, 0, 2) == "91" && strlen($phone) > 10) { $phone = substr($phone, -10); } // ❌ REQUIRED CHECK if (empty($firstName) || empty($phone) || empty($email)) { wp_send_json(['rc_code'=>3,'message'=>'Required fields missing']); } // ❌ STRICT PHONE VALIDATION (VERY IMPORTANT 🔥) if (!preg_match('/^[6-9]\d{9}$/', $phone)) { wp_send_json(['rc_code'=>3,'message'=>'Invalid mobile number']); } // ❌ EMAIL VALIDATION if (!is_email($email)) { wp_send_json(['rc_code'=>3,'message'=>'Invalid email']); } // ❌ CAPTCHA CHECK if (!isset($_SESSION["captcha_code_1"]) || $_POST['captcha'] != $_SESSION["captcha_code_1"]) { wp_send_json(['rc_code'=>3,'message'=>'Invalid captcha']); } global $wpdb; // ✅ SAVE DB (SAFE) $wpdb->insert( $wpdb->prefix . 'lp_leads', [ 'firstName' => $firstName, 'lastName' => $lastName, 'phone' => $phone, 'email' => $email, 'location' => $location, 'branch' => $branch, 'page_url' => esc_url($_POST['page']), 'utm_source'=> sanitize_text_field($_POST['utm_source']), 'utm_medium'=> sanitize_text_field($_POST['utm_medium']), 'utm_campaign'=> sanitize_text_field($_POST['utm_campaign']), ] ); // ================= LeadSquared ================= // $accessKey = 'u$r2a7f93b88f0f7881fb354f427327cc66'; $secretKey = '34d472d4fa57a43dbbd4f9de5642034f13e042d0'; $api_url = "https://api-in21.leadsquared.com/v2/LeadManagement.svc/Lead.Capture?accessKey={$accessKey}&secretKey={$secretKey}"; $body = [ ["Attribute"=>"FirstName","Value"=>$firstName], ["Attribute"=>"LastName","Value"=>$lastName], ["Attribute"=>"EmailAddress","Value"=>$email], ["Attribute"=>"Phone","Value"=>$phone], ["Attribute"=>"mx_Location","Value"=>$location], ["Attribute"=>"mx_Branch","Value"=>$branch], ["Attribute"=>"Source","Value"=>"Website"], ["Attribute"=>"ProspectIP","Value"=>$ip] // ✅ FIXED (IMPORTANT) ]; $response = wp_remote_post($api_url, [ 'headers' => ['Content-Type'=>'application/json'], 'body' => json_encode($body), 'timeout' => 20 ]); if (is_wp_error($response)) { wp_send_json(['rc_code'=>2,'message'=>'API Error']); } // ================= DONE ================= // wp_send_json([ 'rc_code'=>1, 'message'=>'Your Appointment Received' ]); }