Implements /find-training page with Google Maps JavaScript API:
- Interactive map showing trainers (teal) and venues (orange) markers
- MarkerClusterer for dense areas
- Filter by State, Certification, Training Format
- Search by name/location
- "Near Me" geolocation with proximity filtering
- Trainer profile modal with contact form
- Venue info modal with upcoming events
- 301 redirect from /find-a-trainer to /find-training
- Auto-geocoding for new TEC venues via Google API
Multi-model code review fixes (GPT-5, Gemini 3, Zen MCP):
- Added missing contact form AJAX handler with rate limiting
- Fixed XSS risk in InfoWindow (DOM creation vs inline onclick)
- Added caching for filter dropdown queries (1-hour TTL)
- Added AJAX abort handling to prevent race conditions
- Replaced alert() with inline error notifications
New files:
- includes/find-training/class-hvac-find-training-page.php
- includes/find-training/class-hvac-training-map-data.php
- includes/find-training/class-hvac-venue-geocoding.php
- templates/page-find-training.php
- assets/js/find-training-map.js
- assets/js/find-training-filters.js
- assets/css/find-training-map.css
- assets/images/marker-trainer.svg
- assets/images/marker-venue.svg
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Initialize HVAC_Master_Dashboard_Data during plugin init to ensure
AJAX handler is registered for all requests (not just template loads)
- Accept both hvac_ajax_nonce and hvac_master_dashboard_nonce for
backward compatibility with existing JavaScript
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Object.defineProperty interceptor to catch iMapsData assignment before IGM plugin corrupts it
- Detect and repair markers with corrupted coordinates (Lat == Lng) using backup lat/lng keys
- Remove PHP query injections that caused 500 errors
- Increase safety timeouts from 6s to 30s for slower resource loading
- Remove Safari blocker bug in find-trainer assets
- Update debug script for mapgeo integration testing
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add generate_sync_hash(), should_sync(), and should_sync_user() helper methods
- Modify all 5 sync methods to check hashes before syncing
- Add 'skipped' count to track unchanged records
- Update scheduled sync to aggregate and log skipped counts
This fixes the issue where 59 items were synced every scheduled run even
when no WordPress records had changed.
- Load HVAC_Zoho_Scheduled_Sync on ALL requests (not just admin)
so WP-Cron can find custom schedules and action hooks
- Add add_option hook for first-time setting creation
- Explicitly call schedule_sync() in save_settings() to ensure
scheduling works even when option value hasn't changed
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix Client ID regex to allow lowercase letters
- Update HVAC_Zoho_CRM_Auth to use encrypted storage for all operations
- Update class-zoho-admin.php to use HVAC_Secure_Storage for credential retrieval
- Update OAuth callback to use secure storage for token storage
- Update Status.md with blocking production issue (400 Bad Request)
Note: Issue persists on production - needs further investigation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1. Created zoho-admin.css (was missing, causing 404)
- Added styles for Zoho admin page layout
- Card styling, form tables, sync buttons, status messages
2. Fixed jQuery not defined on master-trainer pages
- Changed inject_inline_content hook from wp_head to wp_footer
- Ensures jQuery is loaded before inline script executes
Note: "message channel closed" error is a browser extension issue,
not a code problem (typically ad blockers intercepting message passing)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1. OAuth CSRF Protection:
- Added state parameter to OAuth authorization URL
- Generate and store state in transient (10 min expiry)
- Validate state on callback with timing-safe comparison
2. Debug Log Sanitization:
- Added sanitize_log_message() to mask credentials in logs
- Patterns mask client_id, client_secret, access_token, refresh_token
- Error handlers only expose file paths in WP_DEBUG mode
3. Move Inline JS to External File:
- Moved ~100 lines of inline JS to assets/js/zoho-admin.js
- Added redirectUri and oauthUrl to wp_localize_script
- Better CSP compliance and caching
4. Updated .gitignore to track includes/admin/ and includes/zoho/
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Changed initializeAdminComponents hook from admin_init to admin_menu
with priority 5. WordPress fires admin_menu before admin_init, so
the Zoho admin submenu was being registered too late to appear.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace WooCommerce sync with Event Tickets (Tickets Commerce) support
- Add sync_attendees() for Contacts + Campaign Members
- Add sync_rsvps() for Leads + Campaign Members
- Fix user roles filter (hvac_trainer/hvac_master_trainer)
- Fix event query to include past events
- Update admin UI with new sync buttons
- Correct meta keys for Tickets Commerce (_tec_tickets_commerce_*)
- Correct meta keys for RSVPs (_tribe_rsvp_*)
Dry-run tested on staging:
- Events: 20 records
- Trainers: 53 records
- Attendees: 79 records
- RSVPs: 4 records
- Orders: 52 records
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix version mismatch (2.0.0 → 2.1.5 in main plugin file)
- Fix modal FOUC (CSS defaults to display:none, JS adds .active class)
- Replace direct error_log() with HVAC_Logger for conditional debug logging
- All logging now respects WP_DEBUG flag for production cleanliness
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changes:
- Fix z-index conflict where announcement modal (999999) was higher than WordPress media modals (160000)
- Reduce announcement modal z-index to 100000 to allow WordPress media library to stack on top
- Remove duplicate TinyMCE initialization that was unnecessary
- Add custom "Add Media" button that renders when modal opens (prevents hidden modal issues)
- Improve page detection with multi-layered approach (URL path, template, slug, queried object)
- Move script loading to footer for better WordPress editor compatibility
Technical Details:
- WordPress core media modals use z-index 160000-160010
- Custom plugin modals should use 100000-159000 range to avoid conflicts
- wp_editor() with media_buttons => true in hidden modals causes auto-open issues
- Solution: media_buttons => false + custom button added via JavaScript when modal opens
Testing:
- Verified with MCP Playwright browser automation
- Media modal now properly appears above announcement modal
- All form functionality preserved
- Screenshot verification shows correct stacking order
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Resolves missing data on /master-trainer/trainers/ page by adding the JavaScript
file that handles AJAX loading of trainer statistics and table data.
✅ Changes:
- Created assets/js/hvac-master-trainers-overview.js
- Handles AJAX calls to load trainer stats and filtered trainer lists
- Implements filter change handlers for status, region, and search
- Includes debounced search input for better UX
- Initializes interactive table elements after load
- Updated includes/class-hvac-master-trainers-overview.php
- Added enqueue_scripts() method to properly load the JS file
- Registers wp_enqueue_scripts action hook
- Detects master trainer pages via shortcode or template slug
- Ensures jQuery dependency is met
The page was showing navigation and filters but no data because the JavaScript
to make AJAX calls to hvac_master_trainers_stats and hvac_master_trainers_filter
actions was completely missing.
Tested on staging and deployed to production.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixes three critical production issues discovered on upskillhvac.com:
✅ Dashboard Fatal Errors (class-hvac-dashboard-data.php):
- Added class_exists('Tribe__Events__Main') checks before accessing TEC constants
- Prevents fatal errors when TEC plugin loads after our code
- Applied to get_total_events_count(), get_upcoming_events_count(), and get_past_events_count()
- Gracefully returns 0 when TEC is not available
✅ Event Edit Security Check Failure (page-edit-event-custom.php):
- Fixed nonce action mismatch: changed 'hvac_edit_event' to 'hvac_event_action'
- Aligns with HVAC_Event_Manager::NONCE_ACTION constant
- Resolves "Security check failed" error on event update forms
✅ Google Drive Folder Update:
- Updated embedded folder ID from 16uDRkFcaEqKUxfBek9VbfbAIeFV77nZG to 1-SDHGR9Ix6BmUVTHa3wI99K0rwfWL-vs
- Applied to templates/page-trainer-resources.php (trainer resources page)
- Applied to includes/class-hvac-announcements-display.php (shortcode default)
- Updated tests/unit/test-announcements-display.php (test references)
All changes tested and verified on production.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Update hook names from tribe_* to tec_* prefix for TEC 5.0+ compatibility
- Replace non-existent tribe_events_community_submission_before_save with actual tec_events_community_before_save_submission
- Replace non-existent tribe_events_community_submission_success with actual tribe_community_event_save_updated
- Update method signatures to match correct hook parameters
- Maintain WordPress transient caching implementation for performance
- Remove JavaScript form override to prevent security conflicts
- Add proper debug logging for hook validation
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Major modernization of HVAC plugin for PHP 8+ with full backward compatibility:
CORE MODERNIZATION:
- Implement strict type declarations throughout codebase
- Modernize main plugin class with PHP 8+ features
- Convert array syntax to modern PHP format
- Add constructor property promotion where applicable
- Enhance security helpers with modern PHP patterns
COMPATIBILITY FIXES:
- Fix PHP 8.1+ enum compatibility (convert to class constants)
- Fix union type compatibility (true|WP_Error → bool|WP_Error)
- Remove mixed type declarations for PHP 8.0 compatibility
- Add default arms to match expressions preventing UnhandledMatchError
- Fix method naming inconsistency (ensureRegistrationAccess callback)
- Add null coalescing in TEC integration for strict type compliance
DEPLOYMENT STATUS:
✅ Successfully deployed and tested on staging
✅ Site functional at https://upskill-staging.measurequick.com✅ Expert code review completed with GPT-5 validation
✅ MCP Playwright testing confirms functionality
Ready for production deployment when requested.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed registration form not displaying due to missing HVAC_Security_Helpers dependency
- Added require_once for dependencies in class-hvac-shortcodes.php render_registration()
- Fixed event edit HTTP 500 error by correcting class instantiation to HVAC_Event_Manager
- Created comprehensive E2E test suite with MCP Playwright integration
- Achieved 70% test success rate with both issues fully resolved
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Systematic audit and implementation of missing Master Trainer functionality
with comprehensive WordPress best practices and security implementation.
## Features Implemented
- Master Events Overview (/master-trainer/events/) - KPI dashboard with filtering
- Import/Export Data Management (/master-trainer/import-export/) - CSV operations
- Communication Templates (/trainer/communication-templates/) - Professional templates
- Enhanced Announcements (/master-trainer/announcements/) - Dynamic shortcode integration
- Pending Approvals System (/master-trainer/pending-approvals/) - Workflow management
## Navigation & UX Improvements
- Removed redundant Events link from top-level navigation menu
- Reorganized administrative functions under Tools dropdown
- Enhanced navigation clarity and professional appearance
- Full responsive design with accessibility compliance
## Architecture & Security
- 5 new singleton manager classes following WordPress patterns
- Comprehensive role-based access control (hvac_master_trainer)
- Complete security implementation (nonces, sanitization, escaping)
- Performance optimizations with transient caching and conditional loading
- Professional error handling and user feedback systems
## Files Added (16 new files)
- 4 manager classes: Import/Export, Events Overview, Pending Approvals, Communication Templates
- 4 CSS files with responsive design and accessibility features
- 4 JavaScript files with AJAX functionality and error handling
- 2 new templates: Import/Export, Pending Approvals
- 2 enhanced templates: Events Overview, Communication Templates
## Files Modified (14 files)
- Core system integration in Plugin, Page Manager, Scripts/Styles classes
- Navigation system cleanup in Master Menu System
- Enhanced access control and role management
- Template updates for dynamic content integration
## Testing & Deployment
- Comprehensive testing with Playwright automation
- Successful staging deployment and verification
- All 5 missing pages now fully functional
- Navigation improvements verified working
Resolves master trainer area audit requirements with production-ready implementation.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Removed old button navigation from master dashboard
- Added Google Sheets to Tools dropdown menu
- Added Account dropdown with Trainer Dashboard and Logout options
- Ensured all navigation links are properly integrated in the menu system
- Master dashboard now uses consistent navigation with all other pages
- Disabled all legacy authentication hooks in class-hvac-community-events.php
- All authentication now handled by centralized HVAC_Access_Control system
- Eliminates dual authentication conflicts that were causing page redirects
- Pages covered: event-summary, email-attendees, certificate pages, google-sheets, master-trainer pages
- Cleaner architecture with single source of truth for access control
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
- Commented out check_master_dashboard_auth hook to prevent conflicts
- The centralized HVAC_Access_Control system now handles all master trainer authentication
- This resolves the dual authentication system conflict causing persistent redirects
- Master trainer pages should now load properly without authentication loops
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed capability check in check_master_dashboard_auth function
- Changed from custom capabilities to role-based check: hvac_master_trainer role
- Root cause: function was checking for capabilities that hvac_master_trainer role didn't have
- This was causing HTTP 302 redirects to login page instead of loading dashboard content
- Master trainer pages now properly authenticate users with hvac_master_trainer role
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
- Added template loading for master-trainer/communication-templates in class-hvac-community-events.php
- Created page-master-communication-templates.php template with proper auth and navigation
- Fixed URL redirect issue preventing access to master trainer communication templates
- All master trainer pages now accessible without redirects
- Completed comprehensive master trainer dashboard fixes
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed critical security vulnerability with incorrect capability checks
- Fixed hardcoded redirect path from /community-login/ to /training-login/
- Moved dashboard shortcode registration to centralized location
- Fixed duplicate class loading with proper singleton checks
- Fixed incorrect edit URLs in dashboard
- Removed debug HTML comments from production templates
- Moved inline CSS to external stylesheets for better maintainability
- Added caching mechanism for dashboard statistics queries (1 hour cache)
- Implemented pagination JavaScript handlers for AJAX navigation
- Added comprehensive error handling and logging throughout
- Fixed role-based access control (checking roles not capabilities)
- Improved performance with cached database queries
- Created hvac-navigation-simple.css with simplified, reliable dropdown styles
- Added hvac-navigation-robust.js with comprehensive click handlers and fallbacks
- Removed complex CSS that could conflict with theme styles
- Added multiple initialization methods and error recovery
- Enhanced debugging with console logging for troubleshooting
- Simplified mobile responsive behavior
- Added periodic visibility checks and click handler verification
This addresses user-reported navigation issues with a more robust, simple solution.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Created hvac-navigation-fix.css to work with span.menu-toggle elements
- Fixed hover states for menu items using spans instead of anchors
- Ensured proper display/visibility/opacity transitions
- Added z-index layering to prevent conflicts
- Mobile responsive behavior maintained
The issue was that the menu uses span.menu-toggle instead of anchor tags,
so the CSS selectors needed to be updated to match the actual HTML structure.
- Created hvac-navigation-enhanced.css with modern dropdown styles
- Pure CSS hover dropdowns for desktop (no JS needed)
- Smooth animations with 300ms transitions
- Professional hover effects with bottom border animation
- Proper z-index layering (z-index: 9999 for dropdowns)
- Keyboard navigation support
- Added hvac-navigation-enhanced.js for enhanced UX
- Mobile hamburger menu with smooth animations
- Keyboard navigation (arrow keys, escape, enter)
- Click outside to close
- Accessibility improvements with ARIA attributes
- Smooth scroll for anchor links
- Fixed menu toggle visibility issue
- Removed conflicting Astra theme buttons
- Using pure CSS :hover for desktop dropdowns
- Better mobile responsive behavior
- Updated class-hvac-scripts-styles.php
- Added new CSS and JS files to build pipeline
- Proper dependency management
Best practices implemented:
- WCAG 2.1 AA compliant keyboard navigation
- Focus management for accessibility
- Smooth 300ms transitions for professional feel
- Mobile-first responsive design
- No JavaScript required for desktop dropdowns
BREAKING CHANGE: Removed Astra theme integration and all theme-specific code
- Removed class-hvac-astra-integration.php (584 lines of theme-specific code)
- Removed 500+ theme-specific CSS files (ast-*, astra-*, divi-*)
- Removed 15+ theme-specific JavaScript files
- Created theme-agnostic HVAC_Layout_Manager class
- Added generic hvac-layout.css with universal styling
- Plugin now works with ANY WordPress theme
This refactoring ensures the plugin complies with WordPress.org plugin
guidelines which require plugins to be theme-independent. The new layout
system uses standard WordPress hooks and filters that work universally.
Key changes:
- Body classes: hvac-plugin-page, hvac-no-sidebar, hvac-full-width
- Generic post meta: _sidebar_layout, page_layout (widely supported)
- Standard WordPress hooks: body_class, wp_enqueue_scripts, is_active_sidebar
- CSS uses generic selectors: .site-content, .content-area, #primary
Removed monitoring infrastructure files that were causing PHP segfaults:
- class-hvac-background-jobs.php
- class-hvac-health-monitor.php
- class-hvac-error-recovery.php
- class-hvac-security-monitor.php
- class-hvac-performance-monitor.php
- class-hvac-backup-manager.php
- class-hvac-cache-optimizer.php
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
- Add interactive modal popup for announcement 'Read More' functionality
- Fix nonce conflict by creating separate hvac_announcements_ajax object
- Implement secure AJAX handler with rate limiting and permission checks
- Add comprehensive modal CSS with smooth animations and responsive design
- Include accessibility features (ARIA, keyboard navigation, screen reader support)
- Create detailed documentation in docs/ANNOUNCEMENT-MODAL-SYSTEM.md
- Update API-REFERENCE.md with new modal endpoints and security details
- Add automated Playwright E2E testing for modal functionality
- All modal interactions working: click to open, X to close, ESC to close, outside click
- Production-ready with full error handling and content sanitization
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit introduces a complete announcement management system for HVAC trainers
with enterprise-grade security, performance optimization, and email notifications.
## Core Features
- Custom post type for trainer announcements with categories and tags
- Role-based permissions (master trainers can create/edit, all trainers can read)
- AJAX-powered admin interface with real-time updates
- Modal popup viewing for announcements on frontend
- Automated email notifications when announcements are published
- Google Drive integration for training resources
## Security Enhancements
- Fixed critical capability mapping bug preventing proper permission checks
- Added content disclosure protection for draft/private announcements
- Fixed XSS vulnerabilities with proper output escaping and sanitization
- Implemented permission checks on all AJAX endpoints
- Added rate limiting to prevent abuse (30 requests/minute)
- Email validation before sending notifications
## Performance Optimizations
- Implemented intelligent caching for user queries (5-minute TTL)
- Added cache versioning for announcement lists (2-minute TTL)
- Automatic cache invalidation on content changes
- Batch email processing to prevent timeouts (50 emails per batch)
- Retry mechanism for failed email sends (max 3 attempts)
## Technical Implementation
- Singleton pattern for all manager classes
- WordPress coding standards compliance
- Proper nonce verification on all AJAX requests
- Comprehensive error handling and logging
- Mobile-responsive UI with smooth animations
- WCAG accessibility compliance
## Components Added
- 6 PHP classes for modular architecture
- 2 page templates (master announcements, trainer resources)
- Admin and frontend JavaScript with jQuery integration
- Comprehensive CSS for both admin and frontend
- Email notification system with HTML templates
- Complete documentation and implementation plans
This system provides a secure, scalable foundation for trainer communications
while following WordPress best practices and maintaining high code quality.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove unnecessary jQuery compatibility layers (200 lines)
- Update community-login.js to use standard WordPress jQuery patterns
- Use jQuery(document).ready() instead of complex compatibility checks
- Remove hvac-jquery-compatibility-fix.js and related PHP class
- Follows WordPress convention of jQuery in no-conflict mode
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed z-index layering with !important rules for proper navigation stacking
- Enhanced CSS file loading detection with multiple page identification methods
- Added comprehensive header overlap prevention for all Astra theme header elements
- Improved event edit page detection to handle URL patterns and page IDs
- Verified all fixes working on staging with proper navigation visibility
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed permission check in canUserEditEvent() method to properly check user roles
- Changed from checking non-existent 'hvac_trainer' capability to in_array('hvac_trainer', $user->roles)
- Trainers can now create new events and edit their own events
- Security maintained: trainers cannot edit others' events
- Added initial CSS file to fix narrow width and navigation z-index issues
- Page now displays at proper 1200px max width matching other trainer pages
- Navigation menu no longer hidden under site header (z-index: 100)
🤖 Generated with Claude Code (https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added page ID 6177 detection for reliability
- Using multiple detection methods (page ID, slug, URL)
- Works around WordPress limitation of not loading plugin templates via page template assignment
