
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    header('Content-Type: application/json');

    $name = filter_var(trim($_POST['name']), FILTER_SANITIZE_STRING);
    $email = filter_var(trim($_POST['email']), FILTER_SANITIZE_EMAIL);
    $message = filter_var(trim($_POST['message']), FILTER_SANITIZE_STRING);

    if (empty($name) || !filter_var($email, FILTER_VALIDATE_EMAIL) || empty($message)) {
        echo json_encode(['success' => false, 'message' => 'Invalid input. Please check your fields and try again.']);
        exit;
    }

    require_once __DIR__ . '/db/config.php';

    try {
        $pdo = db();
        $sql = "INSERT INTO contact_submissions (name, email, message) VALUES (?, ?, ?)";
        $stmt = $pdo->prepare($sql);
        $stmt->execute([$name, $email, $message]);

        // Optionally send an email notification
        require_once __DIR__ . '/mail/MailService.php';
        $admin_email = getenv('ADMIN_EMAIL') ?: 'umre6456@gmail.com';
        MailService::sendContactMessage($name, $email, $message, $admin_email, "New Contact Form Submission");

        echo json_encode(['success' => true, 'message' => 'Thank you for your message! We will get back to you shortly.']);
    } catch (PDOException $e) {
        // In a real app, you would log this error
        echo json_encode(['success' => false, 'message' => 'There was an error processing your request. Please try again later.']);
    }
} else {
    header("HTTP/1.1 403 Forbidden");
    echo "You are not allowed to access this page.";
}