<?php

session_start();
require_once 'php/config.inc.php';
include header;

if (isset($_POST) && count($_POST)>0) {
	// add a few misc maybe-useful fields to the data before encrypting
	$_POST['00a_received'] = date(DATE_RSS);
	$_POST['00b_spam'] = isset($_POST['email']) && trim($_POST['email']) != "" ? "probably" : "unlikely";
	$_POST['00c_ip'] = $_SERVER['REMOTE_ADDR'];
	$_POST['00d_session'] = session_id();

	// serialize post data -- creates a risk of extraneous data being submitted by pests
	$data = json_encode($_POST);

	// pubkey is a base64-encoded key generated by sodium_crypto_box_keypair
	$pubKey = base64_decode(file_get_contents("key.public"));

	// for now, data is stored by encrypting each submission individually, base64 encoding it,
	// and appending it as a separate line onto the end of the data file (prepending with a
	// unix timestamp so later we can tell if new data has arrived without decrypting)
	$encrypted = sodium_crypto_box_seal($data, $pubKey);
	
	if (file_put_contents(FILE, time() . "|" . base64_encode($encrypted)."\n", FILE_APPEND | LOCK_EX) !== false) {
		echo MSG_SUCCESS;
	} else {
		echo MSG_FAIL;
	}
} else {
	include form;
}

include footer;

?>