3e44d926de
Some checks failed
WEVAL NonReg / nonreg (push) Has been cancelled
V138 TODO item resolved:
Previous state V139-V141:
- form-submit V137 log call was at END of file
- Triggered ONLY when email valid and processing succeeds
- Invalid email submissions die() early at L50 → never logged
- No trace of failed attempts
V142 fix:
- Added early-log call IMMEDIATELY before validation die()
- Uses json decoded data already parsed (consistent source)
- Works for BOTH valid and invalid email submissions
- Source: form-inline (as per V137 pattern)
Live test confirmation:
POST valid email -> HTTP 200 {ok:1,Subscribed} + logged
POST invalid email -> HTTP 200 {Invalid email} + ALSO LOGGED
DB verification:
form-contact-60d4c9bd3470 | form-inline | Form contact · not_an_email
form-contact-6e10787072ee | form-inline | Form contact · v142-valid-*
chattr +i applied for auto-sync protection.
GOLD backup: form-submit.php.GOLD-V142-20260422-005233
Defense-in-depth chattr complete coverage V142:
4 files now chattr +i protected:
- wevia-master-api.php (V138)
- wevia-admin.php (V139)
- weval-chatbot-api.php (V140)
- form-submit.php (V142)
Memory pressure audit V142:
Swap 3G/4G appears high but memory pressure avg300=0.00 = ZERO stress.
Swap contains persistent old pages, not active pressure. No action needed.
Disk audit V142:
/opt/wevads/vault 7.4GB (1259 GOLDs all <30 days, no cleanup possible).
Docker reclaimable only 95MB (not rentable to prune active infra).
Session default 15180 msgs audit V142:
97pct bot traffic (curl/8.5.0 + empty UAs).
10 real Mozilla users mixed in.
Recommended: admin filter exclude default by default (future V143+ work).
L99 153/153 PASS maintained (12 consecutive versions V125-V142).
Chain V96-V142:
V131 routing,
V132 Playwright,
V133-V134 4/4 hubs,
V135-V136 admin repoint,
V137-V138 widget+master logging,
V139-V140 filter+chatbot-api+Playwright,
V141 handoff,
V142 form early-log + memory audit + disk audit
Doctrines 0+1+2+4+14+16+54+60+95+100 applied
88 lines
5.2 KiB
PHP
88 lines
5.2 KiB
PHP
<?php
|
|
|
|
/* V137: log widget/master/form sessions to wevia_db public.conversations + messages */
|
|
if (!function_exists('wevia_log_session_v137')) {
|
|
function wevia_log_session_v137($sid, $title, $user_msg, $assistant_msg, $source='widget') {
|
|
try {
|
|
$pdo = new PDO("pgsql:host=127.0.0.1;dbname=wevia_db;connect_timeout=3","admin","admin123",[PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_TIMEOUT => 3]);
|
|
if (!$sid) return false;
|
|
$ip = $_SERVER['REMOTE_ADDR'] ?? '';
|
|
$ua = substr($_SERVER['HTTP_USER_AGENT'] ?? '', 0, 240);
|
|
$lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'] ?? '', 0, 20);
|
|
$device = (stripos($ua, 'Mobile') !== false) ? 'mobile' : 'desktop';
|
|
$browser = 'other';
|
|
if (stripos($ua, 'Chrome') !== false) $browser = 'chrome';
|
|
elseif (stripos($ua, 'Firefox') !== false) $browser = 'firefox';
|
|
elseif (stripos($ua, 'Safari') !== false) $browser = 'safari';
|
|
elseif (stripos($ua, 'Edge') !== false) $browser = 'edge';
|
|
/* find existing conversation or create */
|
|
$stmt = $pdo->prepare("SELECT id FROM public.conversations WHERE session_id=? ORDER BY updated_at DESC LIMIT 1");
|
|
$stmt->execute([$sid]);
|
|
$cid = $stmt->fetchColumn();
|
|
if (!$cid) {
|
|
$stmt = $pdo->prepare("INSERT INTO public.conversations (session_id, title, ip_address, user_agent, device, browser, language, source) VALUES (?,?,?,?,?,?,?,?) RETURNING id");
|
|
$stmt->execute([$sid, mb_substr($title ?: '(sans titre)', 0, 200), $ip, $ua, $device, $browser, $lang, $source]);
|
|
$cid = $stmt->fetchColumn();
|
|
} else {
|
|
$pdo->prepare("UPDATE public.conversations SET updated_at=NOW(), source=COALESCE(source,?) WHERE id=?")->execute([$source, $cid]);
|
|
}
|
|
if ($cid) {
|
|
if ($user_msg !== '') $pdo->prepare("INSERT INTO public.messages (conversation_id, role, content) VALUES (?,?,?)")->execute([$cid, 'user', mb_substr($user_msg, 0, 8000)]);
|
|
if ($assistant_msg !== '') $pdo->prepare("INSERT INTO public.messages (conversation_id, role, content) VALUES (?,?,?)")->execute([$cid, 'assistant', mb_substr($assistant_msg, 0, 32000)]);
|
|
}
|
|
return true;
|
|
} catch (Throwable $e) { error_log("WEVIA_LOG_V137 fail: ".$e->getMessage()); return false; }
|
|
}
|
|
}
|
|
|
|
require_once __DIR__ . '/_secrets.php'; error_reporting(E_ALL);ini_set("display_errors",0);
|
|
header('Content-Type: application/json');
|
|
header('Access-Control-Allow-Origin: *');
|
|
header('Access-Control-Allow-Headers: Content-Type');
|
|
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') exit;
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') die(json_encode(['error'=>'POST only']));
|
|
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
$email = filter_var($data['email'] ?? '', FILTER_VALIDATE_EMAIL);
|
|
$name = substr($data['name'] ?? '', 0, 100);
|
|
$form_id = substr($data['form_id'] ?? 'default', 0, 50);
|
|
|
|
/* V142 early-log: trace ALL form submits including validation failures */
|
|
try {
|
|
$__v142_sid = "form-" . ($data["form_id"] ?? "unknown") . "-" . substr(md5(($data["email"] ?? "") . ($_SERVER["REMOTE_ADDR"] ?? "")), 0, 12);
|
|
$__v142_title = "Form " . ($data["form_id"] ?? "?") . " · " . ($data["email"] ?? "anon");
|
|
$__v142_msg = "name=" . ($data["name"] ?? "") . " email=" . ($data["email"] ?? "(invalid)") . " msg=" . substr($data["message"] ?? "", 0, 500);
|
|
@wevia_log_session_v137($__v142_sid, $__v142_title, $__v142_msg, "", "form-inline");
|
|
} catch (Throwable $__e_v142) { /* silent */ }
|
|
|
|
if (!$email) die(json_encode(['error'=>'Invalid email']));
|
|
|
|
$db = new PDO('pgsql:host=10.1.0.3;port=5432;dbname=adx_system','admin',weval_secret('WEVAL_PG_ADMIN_PASS'));
|
|
$db->exec("SET search_path TO admin");
|
|
|
|
try {
|
|
$db->exec("CREATE TABLE IF NOT EXISTS form_submissions (id SERIAL PRIMARY KEY, form_id TEXT, email TEXT, name TEXT, ip TEXT, created_at TIMESTAMP DEFAULT NOW())");
|
|
$db->prepare("INSERT INTO form_submissions (form_id, email, name, ip) VALUES (?, ?, ?, ?)")
|
|
->execute([$form_id, $email, $name, $_SERVER['REMOTE_ADDR'] ?? '']);
|
|
|
|
// Also add to send_contacts if not exists
|
|
$exists = $db->prepare("SELECT COUNT(*) FROM send_contacts WHERE email = ?");
|
|
$exists->execute([$email]);
|
|
if ($exists->fetchColumn() == 0) {
|
|
$db->prepare("INSERT INTO send_contacts (email, first_name, status, source, score) VALUES (?, ?, 'active', ?, 100)")
|
|
->execute([$email, $name, 'form_' . $form_id]);
|
|
}
|
|
|
|
echo json_encode(['ok'=>1, 'message'=>'Subscribed']);
|
|
} catch (Exception $e) {
|
|
echo json_encode(['error'=>'Server error']);
|
|
}
|
|
|
|
/* V137: log form submission to unified sessions */
|
|
try {
|
|
$__form_sid = "form-" . ($_POST["form_id"] ?? "unknown") . "-" . substr(md5($_POST["email"] ?? $_SERVER["REMOTE_ADDR"] ?? ""), 0, 12);
|
|
$__form_title = "Form " . ($_POST["form_id"] ?? "?") . " · " . ($_POST["email"] ?? "anon");
|
|
$__form_msg = "name=" . ($_POST["name"] ?? "") . " email=" . ($_POST["email"] ?? "") . " msg=" . substr($_POST["message"] ?? "", 0, 500);
|
|
@wevia_log_session_v137($__form_sid, $__form_title, $__form_msg, "", "form-inline");
|
|
} catch (Throwable $__e) { /* silent */ }
|