feat: Add MU plugins from staging server

- hvac-nocache.php: Prevents caching on HVAC pages and for logged-in users
- mu-certificate-handler.php: Handles certificate URLs at earliest stage to prevent 404 errors

These MU plugins are critical for proper functionality of dashboard, login, and certificate features.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

wordpress-dev/wordpress/wp-content/mu-plugins/hvac-nocache.php

@@ -0,0 +1,54 @@
+<?php
+/**
+ * Plugin Name: HVAC No-Cache for Login
+ * Description: Prevents caching on login and dashboard pages
+ * Version: 1.0
+ */
+
+function hvac_disable_cache() {
+    // Check if we are on a login-related page
+    $uri = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : "";
+    $disable_cache = false;
+    
+    // Pages that should never be cached
+    $no_cache_pages = array(
+        "community-login",
+        "wp-login.php",
+        "hvac-dashboard",
+        "certificate-reports",
+        "generate-certificates",
+        "event-summary"
+    );
+    
+    foreach ($no_cache_pages as $page) {
+        if (strpos($uri, $page) !== false) {
+            $disable_cache = true;
+            break;
+        }
+    }
+    
+    // Also disable cache for logged-in users or authentication attempts
+    if (is_user_logged_in() || isset($_POST["log"]) || isset($_GET["login"])) {
+        $disable_cache = true;
+    }
+    
+    if ($disable_cache) {
+        // Define WordPress constant
+        if (!defined("DONOTCACHEPAGE")) {
+            define("DONOTCACHEPAGE", true);
+        }
+        
+        // Set no-cache headers
+        header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
+        header("Pragma: no-cache");
+    }
+}
+add_action("init", "hvac_disable_cache", 0);
+
+// Disable Breeze caching for logged-in users
+function hvac_disable_breeze_cache() {
+    if (is_user_logged_in()) {
+        add_filter("breeze_skip_cache", "__return_true");
+    }
+}
+add_action("init", "hvac_disable_breeze_cache");

wordpress-dev/wordpress/wp-content/mu-plugins/mu-certificate-handler.php

@@ -0,0 +1,75 @@
+<?php
+/**
+ * MU Plugin: HVAC Certificate URL Handler
+ * 
+ * This MUST-USE plugin handles certificate URLs at the earliest possible stage
+ * to prevent 404 errors.
+ * 
+ * Place this file in wp-content/mu-plugins/
+ */
+
+// Only run on frontend
+if (!defined('ABSPATH') || defined('WP_ADMIN')) {
+    return;
+}
+
+// Check for certificate URLs immediately
+add_action('muplugins_loaded', function() {
+    $request_uri = $_SERVER['REQUEST_URI'] ?? '';
+    $parsed = parse_url($request_uri);
+    $path = rtrim($parsed['path'] ?? '', '/');
+    
+    // Check if this is a certificate URL
+    if (preg_match('#^/hvac-certificate/([a-zA-Z0-9]{32})$#', $path, $matches)) {
+        $token = $matches[1];
+        
+        // Load WordPress to access functions
+        if (!function_exists('get_transient')) {
+            return;
+        }
+        
+        // Hook into the earliest possible action to handle the certificate
+        add_action('plugins_loaded', function() use ($token) {
+            // Check if token exists
+            $certificate_data = get_transient('hvac_certificate_token_' . $token);
+            
+            if (!$certificate_data) {
+                // Invalid token - show 404
+                status_header(404);
+                wp_die('Certificate not found', 'Not Found', array('response' => 404));
+            }
+            
+            // Delete token to prevent reuse
+            delete_transient('hvac_certificate_token_' . $token);
+            
+            // Get file path
+            $upload_dir = wp_upload_dir();
+            $file_path = $upload_dir['basedir'] . '/' . $certificate_data['file_path'];
+            
+            if (!file_exists($file_path)) {
+                status_header(404);
+                wp_die('Certificate file not found', 'Not Found', array('response' => 404));
+            }
+            
+            // Serve the file
+            $file_name = basename($file_path);
+            $file_size = filesize($file_path);
+            
+            // Set headers
+            nocache_headers();
+            header('Content-Type: application/pdf');
+            header('Content-Disposition: attachment; filename="certificate.pdf"');
+            header('Content-Transfer-Encoding: binary');
+            header('Content-Length: ' . $file_size);
+            
+            // Clear any output buffers
+            while (ob_get_level()) {
+                ob_end_clean();
+            }
+            
+            // Output file
+            readfile($file_path);
+            exit;
+        }, 1);
+    }
+}, 1);