/* ══════════════════════════════════════════════════════════════════════
   SECURITATE FORMULARE — CSRF, Honeypot, Rate Limiting, Sanitizare
══════════════════════════════════════════════════════════════════════ */

/** Pornire sesiune sigură (idempotentă) */
function hga_session_start(): void {
    if (session_status() === PHP_SESSION_NONE) {
        ini_set('session.cookie_httponly', '1');
        ini_set('session.cookie_samesite', 'Strict');
        session_start();
    }
}

/** Generează / returnează token CSRF pentru sesiunea curentă */
function hga_csrf_token(): string {
    hga_session_start();
    if (empty($_SESSION['hga_public_csrf'])) {
        $_SESSION['hga_public_csrf'] = bin2hex(random_bytes(32));
    }
    return $_SESSION['hga_public_csrf'];
}

/** Afișează câmpul ascuns CSRF */
function hga_csrf_field(): string {
    return '<input type="hidden" name="_csrf" value="' . htmlspecialchars(hga_csrf_token(), ENT_QUOTES, 'UTF-8') . '">';
}

/** Verifică token CSRF — returnează false dacă invalid */
function hga_csrf_verify(): bool {
    hga_session_start();
    $token = (string)($_POST['_csrf'] ?? '');
    $stored = (string)($_SESSION['hga_public_csrf'] ?? '');
    if ($stored === '' || $token === '') return false;
    return hash_equals($stored, $token);
}

/** Verifică honeypot — returnează true dacă este bot (câmpul completat) */
function hga_is_bot(): bool {
    return (string)($_POST['_hp'] ?? '') !== '';
}

/**
 * Rate limiting simplu bazat pe sesiune.
 * Permite $maxPerWindow cereri în $windowSec secunde per $key.
 * Returnează true dacă e permis, false dacă e blocat.
 */
function hga_rate_limit(string $key, int $maxPerWindow = 5, int $windowSec = 300): bool {
    hga_session_start();
    $now   = time();
    $rlKey = 'hga_rl_' . $key;
    if (!isset($_SESSION[$rlKey])) $_SESSION[$rlKey] = ['count' => 0, 'window_start' => $now];
    $rl = &$_SESSION[$rlKey];
    if ($now - $rl['window_start'] > $windowSec) {
        $rl = ['count' => 0, 'window_start' => $now];
    }
    if ($rl['count'] >= $maxPerWindow) return false;
    $rl['count']++;
    return true;
}

/** Sanitizare text general pentru formulare publice */
function hga_san(mixed $v, int $maxLen = 1000): string {
    $v = strip_tags((string)$v);
    $v = str_replace(['', '<script', '</script', '<%', '%>'], '', $v);
    $v = preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/', '', $v) ?? $v;
    return mb_substr(trim($v), 0, $maxLen, 'UTF-8');
}

/** Sanitizare email */
function hga_san_email(mixed $v): string {
    $v = trim((string)$v);
    return filter_var($v, FILTER_VALIDATE_EMAIL) ? $v : '';
}

/** Sanitizare telefon — permite doar cifre, +, -, spații, paranteze */
function hga_san_phone(mixed $v): string {
    return preg_replace('/[^0-9+\-\s()]/', '', trim((string)$v)) ?? '';
}
<!DOCTYPE html>
<html lang="ro">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover">
    <title>Contact • Sorin Harosa Photographer</title>
    <meta name="description" content="Contact direct pentru oferte, disponibilitate și rezervări foto.">
    <meta name="theme-color" content="#0b0f16">
    <meta name="format-detection" content="telephone=no">
    <meta property="og:type" content="website">
    <meta property="og:title" content="Contact • Sorin Harosa Photographer">
    <meta property="og:description" content="Contact direct pentru oferte, disponibilitate și rezervări foto.">
    <meta property="og:image" content="https://harosagraphicarts.ro/assets/img/android-chrome-512x512.png">
    <meta property="og:url" content="https://harosagraphicarts.ro/contact/">
    <meta property="og:site_name" content="Sorin Harosa Photographer">
    <meta name="twitter:card" content="summary_large_image">
    <link rel="canonical" href="https://harosagraphicarts.ro/contact/">
    <link rel="icon" type="image/x-icon" href="/assets/img/favicon.ico">
    <link rel="icon" type="image/png" sizes="32x32" href="/assets/img/favicon-32x32.png">
    <link rel="icon" type="image/png" sizes="16x16" href="/assets/img/favicon-16x16.png">
    <link rel="apple-touch-icon" sizes="180x180" href="/assets/img/apple-touch-icon.png">
    <link rel="manifest" href="/site.webmanifest">
    <link rel="preload" href="/assets/css/style.css" as="style">
    <link rel="stylesheet" href="/assets/css/style.css">
        <script type="application/ld+json">
    {
      "@context":"https://schema.org",
      "@type":"ProfessionalService",
      "name":"Sorin Harosa Photographer",
      "url":"https://harosagraphicarts.ro",
      "image":"https://harosagraphicarts.ro/assets/img/android-chrome-512x512.png",
      "telephone":"+40756950671",
      "email":"harosa.sorinel@icloud.com",
      "address":{
        "@type":"PostalAddress",
        "addressLocality":"Bistrița",
        "addressRegion":"Bistrița-Năsăud",
        "addressCountry":"RO"
      },
      "areaServed":"Romania",
      "sameAs":["https://www.facebook.com/people/Harosa-Sorin-WeddingPhotographer/61561577026057/","https://www.instagram.com/sorin_harosa_photographer/"]
    }
    </script>
</head>
<body>
<div class="scroll-progress" aria-hidden="true"><span class="scroll-progress__bar"></span></div>
<div class="site-bg" aria-hidden="true">
    <div class="site-bg__orb site-bg__orb--one"></div>
    <div class="site-bg__orb site-bg__orb--two"></div>
    <div class="site-bg__orb site-bg__orb--three"></div>
    <div class="site-bg__grid"></div>
    <div class="site-bg__noise"></div>
    <div class="site-bg__vignette"></div>
    <div class="site-bg__scanlines"></div>
    <div class="site-bg__bokeh site-bg__bokeh--one"></div>
    <div class="site-bg__bokeh site-bg__bokeh--two"></div>
    <div class="site-bg__bokeh site-bg__bokeh--three"></div>
    <div class="site-bg__bokeh site-bg__bokeh--four"></div>
</div>
<div class="cursor-glow" aria-hidden="true"></div>
<div class="viewfinder-frame" aria-hidden="true">
    <span class="viewfinder-frame__corner viewfinder-frame__corner--tl"></span>
    <span class="viewfinder-frame__corner viewfinder-frame__corner--tr"></span>
    <span class="viewfinder-frame__corner viewfinder-frame__corner--bl"></span>
    <span class="viewfinder-frame__corner viewfinder-frame__corner--br"></span>
</div>
<header class="site-header">
    <div class="container shell">
        <a class="brand" href="/" aria-label="Sorin Harosa Photographer">
            <img src="/assets/img/logo-harosa-white.png" alt="Sorin Harosa Photographer logo" fetchpriority="high">
            <span class="brand__text">
                <strong></strong>
                <em></em>
            </span>
        </a>

        <button class="nav-toggle" type="button" aria-expanded="false" aria-controls="site-nav">
            <span></span><span></span><span></span>
            <span class="sr-only">Meniu</span>
        </button>

        <nav class="site-nav" id="site-nav" aria-label="Meniu principal">
                                            <a href="/" class="" >Acasă</a>
                                            <a href="/despre/" class="" >Despre</a>
                                            <a href="/servicii/" class="" >Servicii</a>
                                            <a href="/galerie/" class="" >Galerie</a>
                                            <a href="/preturi/" class="" >Prețuri</a>
                                            <a href="/disponibilitate/" class="" >Disponibilitate</a>
                                            <a href="/contact/" class="is-active" aria-current="page">Contact</a>
                    </nav>
    </div>
</header>
<main class="site-main">
<section class="section">
    <div class="container">
        <div class="section-head center reveal">
            <p class="eyebrow">Contact</p>
            <h1 class="title-lg">Discută direct despre evenimentul tău</h1>
            <p class="lead center"></p>
        </div>

        <div class="contact-grid">
            <aside class="contact-card reveal">
                <h2 class="title-md">Date de contact</h2>
                <p class="muted">Răspuns rapid pentru solicitări, rezervări și colaborări comerciale.</p>
                <ul class="contact-list">
                    <li><strong>Email:</strong> <a href="mailto:harosa.sorinel@icloud.com">harosa.sorinel@icloud.com</a></li>
                    <li><strong>Telefon:</strong> <a href="tel:+40756950671">+40756 950 671</a></li>
                    <li><strong>WhatsApp:</strong> <a href="https://wa.me/40756950671" target="_blank" rel="noopener">Deschide conversația</a></li>
                    <li><strong>Facebook:</strong> <a href="https://www.facebook.com/people/Harosa-Sorin-WeddingPhotographer/61561577026057/" target="_blank" rel="noopener">Pagina oficială</a></li>
                    <li><strong>Instagram:</strong> <a href="https://www.instagram.com/sorin_harosa_photographer/" target="_blank" rel="noopener">Profil Instagram</a></li>
                </ul>
                <div class="kicker-panel">
                    <div class="kicker"><strong>Rapid</strong><span>Canale multiple de contact.</span></div>
                    <div class="kicker"><strong>Clar</strong><span>Formular scurt și bine structurat.</span></div>
                    <div class="kicker"><strong>Flexibil</strong><span>Pentru evenimente, branduri și proiecte speciale.</span></div>
                </div>
            </aside>

            <section class="form-card reveal">
                
                <form action="/contact/send.php" method="post">