false, 'message' => Bootstrap::appMessage('common.method_not_allowed'), ], 405); } $csrf = $_POST['csrf'] ?? ''; if (!Csrf::validate(is_string($csrf) ? $csrf : null)) { Bootstrap::jsonResponse([ 'ok' => false, 'message' => Bootstrap::appMessage('common.invalid_csrf'), ], 419); } $honeypot = trim((string) ($_POST['website'] ?? '')); if ($honeypot !== '') { Bootstrap::jsonResponse([ 'ok' => false, 'message' => Bootstrap::appMessage('common.request_blocked'), ], 400); } $email = strtolower(trim((string) ($_POST['email'] ?? ''))); if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) { Bootstrap::jsonResponse([ 'ok' => false, 'message' => Bootstrap::appMessage('common.invalid_email'), ], 422); } $app = Bootstrap::config('app'); $limiter = new RateLimiter(); $ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown'; $rateKey = sprintf('load:%s:%s', $ip, $email); if (!$limiter->allow($rateKey, (int) $app['rate_limit']['requests'], (int) $app['rate_limit']['window_seconds'])) { Bootstrap::jsonResponse([ 'ok' => false, 'message' => Bootstrap::appMessage('load_draft.rate_limited'), ], 429); } $store = new JsonStore(); $submission = $store->getSubmissionByEmail($email); if ($submission !== null) { Bootstrap::jsonResponse([ 'ok' => true, 'already_submitted' => true, 'message' => Bootstrap::appMessage('load_draft.already_submitted'), ]); } $draft = $store->getDraft($email); Bootstrap::jsonResponse([ 'ok' => true, 'already_submitted' => false, 'data' => $draft['form_data'] ?? [], 'uploads' => $draft['uploads'] ?? [], 'step' => $draft['step'] ?? 1, 'updated_at' => $draft['updated_at'] ?? null, ]);