<?php
require_once __DIR__ . '/config.php';
if (!IS_INSTALLED) { header('Location: setup.php'); exit; }
require_once ROOT_PATH . '/includes/db.php';
require_once ROOT_PATH . '/includes/functions.php';
require_once ROOT_PATH . '/includes/auth.php';
require_once ROOT_PATH . '/includes/mail.php';
if (!subscribe_enabled()) { http_response_code(404); die('Page not found.'); }
$optFields = subscribe_optional_fields();
$customLabels = [
'custom1' => get_setting('subscribe_custom1_label'),
'custom2' => get_setting('subscribe_custom2_label'),
'custom3' => get_setting('subscribe_custom3_label'),
];
$useCaptcha = get_setting('subscribe_captcha', '0') === '1';
// Generate a fresh captcha question if needed (stored in session)
function captcha_generate(): void {
$a = random_int(1, 12);
$b = random_int(1, 12);
$_SESSION['captcha_answer'] = $a + $b;
$_SESSION['captcha_q'] = "$a + $b";
}
if ($useCaptcha && empty($_SESSION['captcha_answer'])) {
captcha_generate();
}
$error = '';
$success = false;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
verify_csrf();
// Captcha check
if ($useCaptcha) {
$given = (int)trim($_POST['captcha'] ?? '');
$expect = (int)($_SESSION['captcha_answer'] ?? -1);
if ($given !== $expect) {
$error = 'Incorrect answer to the security question. Please try again.';
captcha_generate(); // refresh question after wrong answer
}
}
if (!$error) {
$email = trim(strtolower($_POST['email'] ?? ''));
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error = 'Please enter a valid email address.';
} else {
$row = db()->prepare("SELECT id FROM subscribers WHERE email = ?");
$row->execute([$email]);
if ($row->fetch()) {
$error = 'This email address is already subscribed.';
} else {
$ipHash = hash('sha256', ($_SERVER['REMOTE_ADDR'] ?? '') . date('Y-m-d'));
$data = [
'email' => $email,
'first_name' => trim($_POST['first_name'] ?? ''),
'last_name' => trim($_POST['last_name'] ?? ''),
'zip_code' => trim($_POST['zip_code'] ?? ''),
'phone' => trim($_POST['phone'] ?? ''),
'comments' => trim($_POST['comments'] ?? ''),
'custom1' => trim($_POST['custom1'] ?? ''),
'custom2' => trim($_POST['custom2'] ?? ''),
'custom3' => trim($_POST['custom3'] ?? ''),
'ip_hash' => $ipHash,
];
db()->prepare(
"INSERT INTO subscribers
(email,first_name,last_name,zip_code,phone,comments,custom1,custom2,custom3,ip_hash)
VALUES (:email,:first_name,:last_name,:zip_code,:phone,:comments,:custom1,:custom2,:custom3,:ip_hash)"
)->execute($data);
// Clear captcha from session on success
unset($_SESSION['captcha_answer'], $_SESSION['captcha_q']);
$success = true;
// Notify opted-in admins/editors
$displayName = trim(($data['first_name'] . ' ' . $data['last_name']));
notify_new_subscriber($email, $displayName);
}
}
}
// Refresh captcha question if there was any error and captcha is on
if ($error && $useCaptcha && empty($_SESSION['captcha_answer'])) {
captcha_generate();
}
}
$meta = build_meta([
'title' => get_setting('subscribe_title', 'Subscribe') . ' — ' . get_setting('site_title', SITE_NAME),
'og_type' => 'website',
]);
include ROOT_PATH . '/includes/header.php';
?>
<div class="window" style="max-width:520px;margin:30px auto">
<div class="win-titlebar">✉ <?= h(get_setting('subscribe_title', 'Subscribe')) ?></div>
<div class="win-body">
<?php if ($success): ?>
<div class="flash flash-success">✓ You have been subscribed successfully. Thank you!</div>
<p><a href="<?= h(base_url()) ?>" class="button">← Back to Home</a></p>
<?php else: ?>
<?php if (get_setting('subscribe_desc')): ?>
<p style="margin:0 0 12px"><?= h(get_setting('subscribe_desc')) ?></p>
<?php endif; ?>
<?php if ($error): ?>
<div class="flash flash-error"><?= h($error) ?></div>
<?php endif; ?>
<form method="post">
<input type="hidden" name="csrf_token" value="<?= csrf_token() ?>">
<div class="form-row" style="margin-bottom:10px">
<label for="email" style="display:block;font-size:12px;font-weight:bold;margin-bottom:3px">
Email Address <span style="color:#CC0000">*</span>
</label>
<input type="email" id="email" name="email" required class="input-full"
value="<?= h($_POST['email'] ?? '') ?>">
</div>
<?php if (in_array('first_name', $optFields)): ?>
<div class="form-row" style="margin-bottom:10px">
<label for="first_name" style="display:block;font-size:12px;font-weight:bold;margin-bottom:3px">First Name</label>
<input type="text" id="first_name" name="first_name" class="input-full"
value="<?= h($_POST['first_name'] ?? '') ?>">
</div>
<?php endif; ?>
<?php if (in_array('last_name', $optFields)): ?>
<div class="form-row" style="margin-bottom:10px">
<label for="last_name" style="display:block;font-size:12px;font-weight:bold;margin-bottom:3px">Last Name</label>
<input type="text" id="last_name" name="last_name" class="input-full"
value="<?= h($_POST['last_name'] ?? '') ?>">
</div>
<?php endif; ?>
<?php if (in_array('zip_code', $optFields)): ?>
<div class="form-row" style="margin-bottom:10px">
<label for="zip_code" style="display:block;font-size:12px;font-weight:bold;margin-bottom:3px">Zip / Postal Code</label>
<input type="text" id="zip_code" name="zip_code" class="input-full"
value="<?= h($_POST['zip_code'] ?? '') ?>">
</div>
<?php endif; ?>
<?php if (in_array('phone', $optFields)): ?>
<div class="form-row" style="margin-bottom:10px">
<label for="phone" style="display:block;font-size:12px;font-weight:bold;margin-bottom:3px">Phone Number</label>
<input type="tel" id="phone" name="phone" class="input-full"
value="<?= h($_POST['phone'] ?? '') ?>">
</div>
<?php endif; ?>
<?php if (in_array('comments', $optFields)): ?>
<div class="form-row" style="margin-bottom:10px">
<label for="comments" style="display:block;font-size:12px;font-weight:bold;margin-bottom:3px">Comments</label>
<textarea id="comments" name="comments" class="input-full" rows="3"
style="resize:vertical"><?= h($_POST['comments'] ?? '') ?></textarea>
</div>
<?php endif; ?>
<?php foreach (['custom1','custom2','custom3'] as $cf):
if (!in_array($cf, $optFields)) continue;
$lbl = $customLabels[$cf] ?? '';
if (!$lbl) continue;
?>
<div class="form-row" style="margin-bottom:10px">
<label for="<?= $cf ?>" style="display:block;font-size:12px;font-weight:bold;margin-bottom:3px"><?= h($lbl) ?></label>
<input type="text" id="<?= $cf ?>" name="<?= $cf ?>" class="input-full"
value="<?= h($_POST[$cf] ?? '') ?>">
</div>
<?php endforeach; ?>
<?php if ($useCaptcha): ?>
<div class="form-row" style="margin-bottom:10px;padding:8px 10px;background:#FFFFF0;border:2px solid;border-color:#FFF #808080 #808080 #FFF">
<label for="captcha" style="display:block;font-size:12px;font-weight:bold;margin-bottom:4px">
🔒 Security Check <span style="color:#CC0000">*</span>
</label>
<div style="display:flex;align-items:center;gap:10px">
<span style="font-size:14px;font-weight:bold">What is <?= h($_SESSION['captcha_q']) ?> ?</span>
<input type="number" id="captcha" name="captcha" required
style="width:70px;padding:4px 6px;border:2px solid;border-color:#808080 #FFF #FFF #808080;font-size:14px;font-family:inherit"
min="0" max="99" autocomplete="off">
</div>
</div>
<?php endif; ?>
<div style="margin-top:12px">
<button type="submit" class="button">✉ Subscribe</button>
<a href="<?= h(base_url()) ?>" class="button" style="margin-left:8px">Cancel</a>
</div>
</form>
<?php endif; ?>
</div>
</div>
<?php include ROOT_PATH . '/includes/footer.php'; ?>