'; if (!empty($errors['transient'])) echo '

' . esc_html($errors['transient']) . '

'; // Nonce errors should ideally be caught in admin-post, but display if somehow set if (!empty($errors['nonce'])) echo '

' . esc_html($errors['nonce']) . '

'; error_log('[HVAC REG DEBUG] render_registration_form: Errors before display_form_html: ' . print_r($errors, true)); if (!empty($errors['account'])) echo '

' . esc_html($errors['account']) . '

'; echo ''; } // Display the form HTML, passing retrieved errors and submitted data // No success message here anymore, success leads to redirect $this->display_form_html($submitted_data, $errors); return ob_get_clean(); // --- End Render Form --- } /** * Processes the registration form submission via admin-post. * Handles validation, user creation, notifications, and redirects. */ public function process_registration_submission() { $errors = []; $submitted_data = $_POST; // Capture submitted data early for potential repopulation $registration_page_url = home_url('/trainer/registration/'); // Updated to hierarchical URL // --- Verify Nonce --- if (!isset($_POST['hvac_registration_nonce']) || !wp_verify_nonce($_POST['hvac_registration_nonce'], 'hvac_trainer_registration')) { $errors['nonce'] = 'Security check failed. Please try submitting the form again.'; $this->redirect_with_errors($errors, $submitted_data, $registration_page_url); // No need for return/exit here, redirect_with_errors exits. } // --- File Upload Handling --- $profile_image_data = null; if (isset($_FILES['profile_image']) && $_FILES['profile_image']['error'] !== UPLOAD_ERR_NO_FILE) { if ($_FILES['profile_image']['error'] === UPLOAD_ERR_OK) { // Check if it's actually an uploaded file if (!is_uploaded_file($_FILES['profile_image']['tmp_name'])) { $errors['profile_image'] = 'File upload error (invalid temp file).'; } else { $allowed_types = ['image/jpeg', 'image/png', 'image/gif']; // Use wp_check_filetype on the actual file name for extension check // Use finfo_file or getimagesize on tmp_name for actual MIME type check for better security $finfo = finfo_open(FILEINFO_MIME_TYPE); $mime_type = finfo_file($finfo, $_FILES['profile_image']['tmp_name']); finfo_close($finfo); if (!in_array($mime_type, $allowed_types)) { $errors['profile_image'] = 'Invalid file type detected (' . esc_html($mime_type) . '). Please upload a JPG, PNG, or GIF.'; } else { $profile_image_data = $_FILES['profile_image']; // Store the whole $_FILES entry } } error_log('[HVAC REG DEBUG] process_registration_submission: Errors after validation merge: ' . print_r($errors, true)); } else { $errors['profile_image'] = 'There was an error uploading the profile image. Code: ' . $_FILES['profile_image']['error']; error_log('[HVAC REG DEBUG] process_registration_submission: Checking if errors is empty. Result: ' . (empty($errors) ? 'Yes' : 'No')); } } // --- End File Upload Handling --- // Validate the rest of the form data $validation_errors = $this->validate_registration($submitted_data); $errors = array_merge($errors, $validation_errors); // Combine file errors and validation errors // --- Process if No Errors --- if (empty($errors)) { $user_id = $this->create_trainer_account($submitted_data, $profile_image_data); if (is_wp_error($user_id)) { $errors['account'] = $user_id->get_error_message(); error_log('[HVAC REG DEBUG] Account creation WP_Error in admin-post: ' . $user_id->get_error_message()); $this->redirect_with_errors($errors, $submitted_data, $registration_page_url); // No need for return/exit here } elseif ($user_id) { $this->send_admin_notification($user_id, $submitted_data); // $this->send_user_pending_notification($user_id); // TODO // --- Success Redirect --- $success_redirect_url = home_url('/registration-pending/'); // URL from E2E test wp_safe_redirect($success_redirect_url); exit; // Important after redirect } else { // This case should ideally not happen if wp_insert_user works correctly $errors['account'] = 'An unknown error occurred during registration. Please contact support.'; $this->redirect_with_errors($errors, $submitted_data, $registration_page_url); // No need for return/exit here } } else { error_log('[HVAC REG DEBUG] Validation errors found in admin-post: ' . print_r($errors, true)); $this->redirect_with_errors($errors, $submitted_data, $registration_page_url); // No need for return/exit here } } /** * Helper function to store errors/data in transient and redirect back to the form page. error_log('[HVAC REG DEBUG] redirect_with_errors: Preparing transient. Key: ' . $transient_key . ' Data: ' . print_r($transient_data, true)); * * @param array $errors Array of error messages. * @param array $data Submitted form data. * @param string $redirect_url The URL to redirect back to. */ private function redirect_with_errors($errors, $data, $redirect_url) { $transient_id = uniqid(); // Generate unique ID for transient key $transient_key = self::TRANSIENT_PREFIX . $transient_id; $transient_data = [ 'errors' => $errors, 'data' => $data, // Store submitted data to repopulate form ]; // Store for 5 minutes set_transient($transient_key, $transient_data, MINUTE_IN_SECONDS * 5); // Add query arguments to the redirect URL $redirect_url = add_query_arg([ 'reg_error' => '1', 'tid' => $transient_id, ], $redirect_url); wp_safe_redirect($redirect_url); exit; // Stop execution after redirect } /** * Displays the actual form HTML. * Receives submitted data and errors as arguments (potentially retrieved from transient). */ private function display_form_html($data = [], $errors = []) { // Ensure $data and $errors are arrays, even if transient failed $data = is_array($data) ? $data : []; $errors = is_array($errors) ? $errors : []; ?>

HVAC Trainer Registration

By submitting this form, you will be creating an account in the Upskill HVAC online event system. Once approved, you will be able to login to the trainer portal to manage your profile and event listings.

Account Information

' . esc_html($errors['user_email']) . '

'; ?>
Password must be at least 8 characters long, and include at least one uppercase letter, one lowercase letter, and one number. ' . esc_html($errors['user_pass']) . '

'; ?>
' . esc_html($errors['confirm_password']) . '

'; ?>

Personal Information

' . esc_html($errors['first_name']) . '

'; ?>
' . esc_html($errors['last_name']) . '

'; ?>
This will be the name displayed to other users on the site. ' . esc_html($errors['display_name']) . '

'; ?>
' . esc_html($errors['user_url']) . '

'; ?>
' . esc_html($errors['user_linkedin']) . '

'; ?>
Enter your abbreviated accreditations separated by commas.
A short bio about yourself. This will be displayed on your profile page. ' . esc_html($errors['description']) . '

'; ?>
Please attach a .jpg, .png, or .gif image. By attaching an image to use as your profile picture you assert that you have rights to use the image and it is not illegal, pornographic or violent in any way. This will be displayed on your profile page. ' . esc_html($errors['profile_image']) . '

'; ?>

Business Information

' . esc_html($errors['business_name']) . '

'; ?>
' . esc_html($errors['business_phone']) . '

'; ?>
' . esc_html($errors['business_email']) . '

'; ?>
' . esc_html($errors['business_website']) . '

'; ?>
' . esc_html($errors['business_description']) . '

'; ?>

Address Information

' . esc_html($errors['user_country']) . '

'; ?>
' . esc_html($errors['user_state']) . '

'; ?> ' . esc_html($errors['user_state_other']) . '

'; ?>
' . esc_html($errors['user_city']) . '

'; ?>
' . esc_html($errors['user_zip']) . '

'; ?>

Training Venue

Do you want to create a Training Venue Profile for your business to use when listing your training events? If yes, we will use the address provided above.
' . esc_html($errors['create_venue']) . '

'; ?>

Training Information

What type of business are you?
' . esc_html($type) . ''; } ?>
' . esc_html($errors['business_type']) . '

'; ?>
Who do you offer training to? (Select all that apply)
"Anyone (open to the public)", "Industry professionals" => "Industry professionals", "Internal staff" => "Internal staff in my company", "Registered students" => "Registered students/members of my org/institution" ]; $selected_audience = $data['training_audience'] ?? []; if (!is_array($selected_audience)) $selected_audience = []; // Ensure it's an array foreach ($audience_options as $value => $label) { echo ''; } ?>
' . esc_html($errors['training_audience']) . '

'; ?>
What formats of training do you offer?
' . esc_html($format) . ''; } ?>
' . esc_html($errors['training_formats']) . '

'; ?>
Where are you willing to provide training? (Select all that apply)
' . esc_html($location) . ''; } ?>
' . esc_html($errors['training_locations']) . '

'; ?>
What training resources do you have access to? (Select all that apply)
' . esc_html($resource) . ''; } ?>
' . esc_html($errors['training_resources']) . '

'; ?>

Application Details

Please explain why you want to create a training account on Upskill HVAC. ' . esc_html($errors['application_details']) . '

'; ?>
It's our goal to help you generate revenue through your training. How much revenue are you looking to generate annually though your training on Upskill HVAC?
post_content, 'hvac_trainer_registration')) { wp_enqueue_style( 'hvac-registration-style', HVAC_CE_PLUGIN_URL . 'assets/css/hvac-registration.css', // Ensure this CSS file exists and is styled array(), HVAC_CE_VERSION ); wp_enqueue_script( 'hvac-registration-js', HVAC_CE_PLUGIN_URL . 'assets/js/hvac-registration.js', // Ensure this JS file exists array('jquery'), HVAC_CE_VERSION, true ); // Localize script to pass states/provinces data and AJAX URL wp_localize_script('hvac-registration-js', 'hvacRegistrationData', array( 'ajax_url' => admin_url('admin-ajax.php'), // Needed if JS fetches states/provinces via AJAX 'states' => $this->get_us_states(), // Pass US states 'provinces' => $this->get_canadian_provinces(), // Pass CA provinces // Pass other country data if needed, or handle via AJAX )); } } /** * Handle profile image upload after user is created. * Should be called from within create_trainer_account or similar context. * * @param int $user_id The ID of the user to attach the image to. * @param array $file_data The $_FILES array entry for the uploaded image. * @return int|false Attachment ID on success, false on failure. */ private function handle_profile_image_upload($user_id, $file_data) { // Basic validation already done in process_registration_submission if (!$user_id || empty($file_data) || !isset($file_data['tmp_name']) || $file_data['error'] !== UPLOAD_ERR_OK) { return false; } // These files need to be included as dependencies when on the front-end. require_once(ABSPATH . 'wp-admin/includes/image.php'); require_once(ABSPATH . 'wp-admin/includes/file.php'); require_once(ABSPATH . 'wp-admin/includes/media.php'); // Let WordPress handle the upload. It moves the file and creates attachment post. // Pass the $_FILES array key ('profile_image' in this case) $attachment_id = media_handle_upload('profile_image', 0); // 0 means don't attach to a post if (is_wp_error($attachment_id)) { // Handle upload error error_log('[HVAC REG DEBUG] Profile image upload error for user ' . $user_id . ': ' . $attachment_id->get_error_message()); // Optionally add this error to be displayed to the user via transient? // For now, just fail silently in terms of user feedback, but log it. return false; } else { // Store the attachment ID as user meta update_user_meta($user_id, 'profile_image_id', $attachment_id); return $attachment_id; } } /** * Validate registration form data * * @param array $data Submitted form data ($_POST). * @return array Array of errors, empty if valid. */ public function validate_registration($data) { error_log('[HVAC REG DEBUG] validate_registration: Received data: ' . print_r($data, true)); $errors = array(); // Required field validation $required_fields = [ 'user_email' => 'Email', 'user_pass' => 'Password', 'confirm_password' => 'Confirm Password', 'first_name' => 'First Name', 'last_name' => 'Last Name', 'display_name' => 'Display Name', 'description' => 'Biographical Info', 'business_name' => 'Business Name', 'business_phone' => 'Business Phone', 'business_email' => 'Business Email', 'business_description' => 'Business Description', 'user_country' => 'Country', 'user_state' => 'State/Province', 'user_city' => 'City', 'user_zip' => 'Zip/Postal Code', 'create_venue' => 'Create Training Venue Profile selection', 'business_type' => 'Business Type', 'application_details' => 'Application Details', ]; foreach ($required_fields as $field => $label) { // Use trim to catch spaces-only input if (empty($data[$field]) || trim($data[$field]) === '') { $errors[$field] = $label . ' is required.'; } } // Required checkbox groups $required_checkboxes = [ 'training_audience' => 'Training Audience', 'training_formats' => 'Training Formats', 'training_locations' => 'Training Locations', 'training_resources' => 'Training Resources', ]; foreach ($required_checkboxes as $field => $label) { // Check if the key exists and is a non-empty array if (empty($data[$field]) || !is_array($data[$field])) { $errors[$field] = 'Please select at least one option for ' . $label . '.'; } } // Email validation if (!empty($data['user_email']) && !is_email($data['user_email'])) { $errors['user_email'] = 'Please enter a valid email address.'; } if (!empty($data['business_email']) && !is_email($data['business_email'])) { $errors['business_email'] = 'Please enter a valid business email address.'; } // Email exists validation (only if email is valid) if (empty($errors['user_email']) && !empty($data['user_email']) && email_exists($data['user_email'])) { $errors['user_email'] = 'This email address is already registered.'; } // Password validation if (!empty($data['user_pass'])) { if (strlen($data['user_pass']) < 8) { $errors['user_pass'] = 'Password must be at least 8 characters long.'; } elseif (!preg_match('/[A-Z]/', $data['user_pass'])) { $errors['user_pass'] = 'Password must contain at least one uppercase letter.'; } elseif (!preg_match('/[a-z]/', $data['user_pass'])) { $errors['user_pass'] = 'Password must contain at least one lowercase letter.'; } elseif (!preg_match('/[0-9]/', $data['user_pass'])) { $errors['user_pass'] = 'Password must contain at least one number.'; } // Consider adding special character requirement if needed: !preg_match('/[\W_]/', $data['user_pass']) } // Confirm password validation (only if password itself is not empty) if (!empty($data['user_pass']) && empty($errors['user_pass'])) { if (empty($data['confirm_password'])) { $errors['confirm_password'] = 'Please confirm your password.'; } elseif ($data['user_pass'] !== $data['confirm_password']) { $errors['confirm_password'] = 'Passwords do not match.'; } } // URL validation (optional fields) if (!empty($data['user_url']) && !filter_var($data['user_url'], FILTER_VALIDATE_URL)) { $errors['user_url'] = 'Please enter a valid URL for your personal website.'; } if (!empty($data['user_linkedin']) && !filter_var($data['user_linkedin'], FILTER_VALIDATE_URL)) { $errors['user_linkedin'] = 'Please enter a valid URL for your LinkedIn profile.'; } if (!empty($data['business_website']) && !filter_var($data['business_website'], FILTER_VALIDATE_URL)) { $errors['business_website'] = 'Please enter a valid URL for your business website.'; } // State/Province 'Other' validation if (!empty($data['user_country'])) { if ($data['user_country'] !== 'United States' && $data['user_country'] !== 'Canada') { // If country is not US/CA, state *must* be 'Other' if (empty($data['user_state']) || $data['user_state'] !== 'Other') { $errors['user_state'] = 'Please select "Other" for State/Province if your country is not US or Canada.'; } elseif (empty($data['user_state_other']) || trim($data['user_state_other']) === '') { // If state is 'Other', the text input must not be empty $errors['user_state_other'] = 'Please enter your state/province.'; } } elseif (!empty($data['user_state'])) { // If country is US/CA if ($data['user_state'] === 'Other') { // State cannot be 'Other' if country is US/CA $errors['user_state'] = 'Please select your state/province from the list.'; } elseif (empty($errors['user_state'])) { // Only check 'Other' field if state itself is valid // Ensure 'Other' text input is cleared if a valid state is selected // This might be better handled by JS, but add server-side check just in case if (!empty($data['user_state_other'])) { // Maybe log a warning? Or just ignore it. Let's ignore for now. } } } } error_log('[HVAC REG DEBUG] validate_registration: FINAL errors before return: ' . print_r($errors, true)); return $errors; } /** * Create trainer account and associated data * * @param array $data Sanitized form data. * @param array|null $profile_image_data The $_FILES entry for the profile image, if provided. * @return int|WP_Error User ID on success, WP_Error on failure. */ private function create_trainer_account($data, $profile_image_data = null) { // Assume data is already somewhat validated by validate_registration // Perform final sanitization here before insertion $user_email = sanitize_email($data['user_email']); $user_pass = $data['user_pass']; // wp_insert_user handles hashing $first_name = sanitize_text_field($data['first_name']); $last_name = sanitize_text_field($data['last_name']); $display_name = sanitize_text_field($data['display_name']); $user_url = !empty($data['user_url']) ? esc_url_raw($data['user_url']) : ''; $description = wp_kses_post($data['description']); // Allow some HTML // Generate username from email (ensure uniqueness) $username_base = sanitize_user(substr($user_email, 0, strpos($user_email, '@')), true); if (empty($username_base)) { // Handle cases where email might be weird $username_base = 'trainer'; } $username = $username_base; $counter = 1; while (username_exists($username)) { $username = $username_base . $counter; $counter++; if ($counter > 100) { // Safety break return new WP_Error('username_generation', 'Could not generate a unique username.'); } } // User data array $user_data = array( 'user_login' => $username, 'user_email' => $user_email, 'user_pass' => $user_pass, 'first_name' => $first_name, 'last_name' => $last_name, 'display_name' => $display_name, 'user_url' => $user_url, 'description' => $description, 'role' => 'hvac_trainer' // Assign custom role ); // Insert the user $user_id = wp_insert_user($user_data); // Check for errors if (is_wp_error($user_id)) { error_log('[HVAC REG DEBUG] wp_insert_user failed: ' . $user_id->get_error_message()); return $user_id; // Return the WP_Error object } // --- Update User Meta --- // Sanitize all meta values before updating $meta_fields = [ 'user_linkedin' => !empty($data['user_linkedin']) ? esc_url_raw($data['user_linkedin']) : '', 'personal_accreditation' => !empty($data['personal_accreditation']) ? sanitize_text_field($data['personal_accreditation']) : '', 'business_name' => sanitize_text_field($data['business_name']), 'business_phone' => sanitize_text_field($data['business_phone']), 'business_email' => sanitize_email($data['business_email']), 'business_website' => !empty($data['business_website']) ? esc_url_raw($data['business_website']) : '', 'business_description' => wp_kses_post($data['business_description']), 'user_country' => sanitize_text_field($data['user_country']), // Use the 'Other' field value if state was 'Other', otherwise use the selected state 'user_state' => ($data['user_state'] === 'Other' && isset($data['user_state_other'])) ? sanitize_text_field($data['user_state_other']) : sanitize_text_field($data['user_state']), 'user_city' => sanitize_text_field($data['user_city']), 'user_zip' => sanitize_text_field($data['user_zip']), 'create_venue' => sanitize_text_field($data['create_venue']), // Should be 'Yes' or 'No' 'business_type' => sanitize_text_field($data['business_type']), 'training_audience' => (!empty($data['training_audience']) && is_array($data['training_audience'])) ? array_map('sanitize_text_field', $data['training_audience']) : [], 'training_formats' => (!empty($data['training_formats']) && is_array($data['training_formats'])) ? array_map('sanitize_text_field', $data['training_formats']) : [], 'training_locations' => (!empty($data['training_locations']) && is_array($data['training_locations'])) ? array_map('sanitize_text_field', $data['training_locations']) : [], 'training_resources' => (!empty($data['training_resources']) && is_array($data['training_resources'])) ? array_map('sanitize_text_field', $data['training_resources']) : [], 'application_details' => wp_kses_post($data['application_details']), 'annual_revenue_target' => !empty($data['annual_revenue_target']) ? intval($data['annual_revenue_target']) : '', 'account_status' => 'pending' // Set initial status ]; foreach ($meta_fields as $key => $value) { update_user_meta($user_id, $key, $value); } // --- Handle Profile Image Upload --- // Note: handle_profile_image_upload uses media_handle_upload which expects the key from $_FILES if ($profile_image_data) { // We don't need the return value here unless we want to report specific upload errors $this->handle_profile_image_upload($user_id, $profile_image_data); // Pass the $_FILES entry } // --- Create Organizer Profile --- $organizer_id = $this->create_organizer_profile($user_id, $meta_fields); // Pass sanitized meta fields if ($organizer_id) { update_user_meta($user_id, 'hvac_organizer_id', $organizer_id); } else { // Consider returning an error if this is critical // return new WP_Error('organizer_creation', 'Failed to create the associated organizer profile.'); } // --- Create Training Venue (if requested) --- if (isset($meta_fields['create_venue']) && $meta_fields['create_venue'] === 'Yes') { $venue_id = $this->create_training_venue($user_id, $meta_fields); // Pass sanitized meta fields if ($venue_id) { update_user_meta($user_id, 'hvac_venue_id', $venue_id); } else { // Consider returning an error if this is critical // return new WP_Error('venue_creation', 'Failed to create the associated training venue.'); } } // --- Set Account Status to Pending --- // This is already done via user meta, but could also involve custom capabilities or flags // update_user_meta($user_id, 'account_status', 'pending'); // Redundant if set above return $user_id; // Return user ID on success } /** * Create or update an Organizer profile linked to the user using sanitized data. * * @param int $user_id The user ID. * @param array $meta_data Array of sanitized user meta data. * @return int|false Organizer Post ID on success, false on failure. */ private function create_organizer_profile($user_id, $meta_data) { if (!class_exists('Tribe__Events__Main') || !function_exists('tribe_create_organizer')) { return false; } $organizer_data = array( 'Organizer' => $meta_data['business_name'], // Use sanitized business name 'Phone' => $meta_data['business_phone'], 'Website' => $meta_data['business_website'], 'Email' => $meta_data['business_email'], 'Description' => $meta_data['business_description'], 'post_status' => 'publish', // Publish organizer immediately 'post_author' => $user_id // Associate with the new user ); // Check if an organizer already exists for this user $existing_organizer_id = get_user_meta($user_id, 'hvac_organizer_id', true); if ($existing_organizer_id && get_post_type($existing_organizer_id) === Tribe__Events__Main::ORGANIZER_POST_TYPE) { // Update existing organizer $organizer_data['ID'] = $existing_organizer_id; $organizer_id = tribe_update_organizer($existing_organizer_id, $organizer_data); } else { // Create new organizer $organizer_id = tribe_create_organizer($organizer_data); } if (is_wp_error($organizer_id)) { error_log('[HVAC REG DEBUG] Error creating/updating organizer: ' . $organizer_id->get_error_message()); return false; } elseif (!$organizer_id || $organizer_id === 0) { // Check for 0 as well return false; } return (int) $organizer_id; } /** * Create or update a Venue profile linked to the user using sanitized data. * * @param int $user_id The user ID. * @param array $meta_data Array of sanitized user meta data. * @return int|false Venue Post ID on success, false on failure. */ private function create_training_venue($user_id, $meta_data) { if (!class_exists('Tribe__Events__Main') || !function_exists('tribe_create_venue')) { return false; } // Use the already processed state/province from meta $state_province = $meta_data['user_state']; $venue_data = array( 'Venue' => $meta_data['business_name'] . ' Training Venue', // Venue name from sanitized meta 'Country' => $meta_data['user_country'], 'Address' => '', // TEC doesn't have a single address line, use City/State/Zip 'City' => $meta_data['user_city'], 'StateProvince' => $state_province, 'State' => $state_province, // Also set State field 'Province' => $state_province, // Also set Province field 'Zip' => $meta_data['user_zip'], 'Phone' => $meta_data['business_phone'], 'Website' => $meta_data['business_website'], 'post_status' => 'publish', // Publish venue immediately 'post_author' => $user_id // Associate with the new user ); // Check if a venue already exists for this user $existing_venue_id = get_user_meta($user_id, 'hvac_venue_id', true); if ($existing_venue_id && get_post_type($existing_venue_id) === Tribe__Events__Main::VENUE_POST_TYPE) { // Update existing venue $venue_data['ID'] = $existing_venue_id; $venue_id = tribe_update_venue($existing_venue_id, $venue_data); } else { // Create new venue $venue_id = tribe_create_venue($venue_data); } if (is_wp_error($venue_id)) { error_log('[HVAC REG DEBUG] Error creating/updating venue: ' . $venue_id->get_error_message()); return false; } elseif (!$venue_id || $venue_id === 0) { // Check for 0 as well return false; } return (int) $venue_id; } /** * Send notification email to admin about new registration * * @param int $user_id The ID of the newly registered user. * @param array $data The raw submitted form data (used for notification content). */ private function send_admin_notification($user_id, $data) { $admin_email = get_option('admin_email'); if (!$admin_email) { return; } $user_info = get_userdata($user_id); if (!$user_info) { return; } $subject = sprintf('%s - New HVAC Trainer Registration Pending Approval', get_bloginfo('name')); // Use sanitized data for the email body where appropriate $message = "A new HVAC trainer has registered and is awaiting approval.\n\n"; $message .= "Details:\n"; $message .= "Username: " . $user_info->user_login . "\n"; $message .= "Email: " . $user_info->user_email . "\n"; // Use the sanitized first/last name from user_info if available, fallback to data $first_name = $user_info->first_name ?: sanitize_text_field($data['first_name']); $last_name = $user_info->last_name ?: sanitize_text_field($data['last_name']); $message .= "Name: " . $first_name . " " . $last_name . "\n"; $message .= "Business Name: " . sanitize_text_field($data['business_name']) . "\n"; // Use raw data as meta might not be fully updated yet? Safer to use raw. $message .= "Application Details:\n" . wp_kses_post($data['application_details']) . "\n\n"; // Use wp_kses_post for safety // Add link to user profile in admin $profile_link = admin_url('user-edit.php?user_id=' . $user_id); $message .= "Approve/Deny User: " . $profile_link . "\n"; $headers = array('Content-Type: text/plain; charset=UTF-8'); if (wp_mail($admin_email, $subject, $message, $headers)) { } else { // Consider adding an error to the transient if email failure is critical? // $errors['notification'] = 'Admin notification failed. Registration complete but please contact support.'; } } // TODO: Add send_user_pending_notification() // TODO: Add send_user_approved_notification() // TODO: Add send_user_denied_notification() /** * Renders the edit profile form shortcode output */ public function render_edit_profile_form() { if (!is_user_logged_in()) { return '

Please log in to edit your profile.

'; } // We don't need to do anything here since the template file already handles the form rendering // Just set up the shortcode to point to the template ob_start(); include HVAC_CE_PLUGIN_DIR . 'templates/template-edit-profile.php'; return ob_get_clean(); } /** * Process profile update submission from the edit profile form */ public function process_profile_update() { // Only logged-in users can update profiles if (!is_user_logged_in()) { wp_redirect(home_url('/community-login/')); exit; } $user_id = get_current_user_id(); $user = get_userdata($user_id); $errors = []; $submitted_data = $_POST; $profile_page_url = home_url('/edit-profile/'); // Verify nonce if (!isset($_POST['hvac_profile_nonce']) || !wp_verify_nonce($_POST['hvac_profile_nonce'], 'hvac_update_profile')) { $errors['nonce'] = 'Security check failed. Please try submitting the form again.'; $this->redirect_with_profile_errors($errors, $profile_page_url); // No need for return/exit here, redirect_with_errors exits. } // File Upload Handling $profile_image_data = null; if (isset($_FILES['profile_image']) && $_FILES['profile_image']['error'] !== UPLOAD_ERR_NO_FILE) { if ($_FILES['profile_image']['error'] === UPLOAD_ERR_OK) { // Check if it's actually an uploaded file if (!is_uploaded_file($_FILES['profile_image']['tmp_name'])) { $errors['profile_image'] = 'File upload error (invalid temp file).'; } else { $allowed_types = ['image/jpeg', 'image/png', 'image/gif']; $finfo = finfo_open(FILEINFO_MIME_TYPE); $mime_type = finfo_file($finfo, $_FILES['profile_image']['tmp_name']); finfo_close($finfo); if (!in_array($mime_type, $allowed_types)) { $errors['profile_image'] = 'Invalid file type detected (' . esc_html($mime_type) . '). Please upload a JPG, PNG, or GIF.'; } else { $profile_image_data = $_FILES['profile_image']; // Store the whole $_FILES entry } } } else { $errors['profile_image'] = 'There was an error uploading the profile image. Code: ' . $_FILES['profile_image']['error']; } } // Validate form data $validation_errors = $this->validate_profile_update($submitted_data, $user); $errors = array_merge($errors, $validation_errors); // Process if no errors if (empty($errors)) { $update_success = $this->update_user_profile($user_id, $submitted_data, $profile_image_data); if (is_wp_error($update_success)) { $errors['account'] = $update_success->get_error_message(); error_log('[HVAC PROFILE DEBUG] Profile update WP_Error: ' . $update_success->get_error_message()); $this->redirect_with_profile_errors($errors, $profile_page_url); } elseif ($update_success) { // Redirect to the profile page with success message wp_safe_redirect(add_query_arg('updated', '1', $profile_page_url)); exit; } else { $errors['account'] = 'An unknown error occurred during profile update. Please try again.'; $this->redirect_with_profile_errors($errors, $profile_page_url); } } else { error_log('[HVAC PROFILE DEBUG] Validation errors found in profile update: ' . print_r($errors, true)); $this->redirect_with_profile_errors($errors, $profile_page_url); } } /** * Helper function to store profile errors in transient and redirect back to the form page. * * @param array $errors Array of error messages. * @param string $redirect_url The URL to redirect back to. */ private function redirect_with_profile_errors($errors, $redirect_url) { $transient_id = uniqid(); // Generate unique ID for transient key $transient_key = self::PROFILE_TRANSIENT_PREFIX . $transient_id; $transient_data = [ 'errors' => $errors, ]; // Store for 5 minutes set_transient($transient_key, $transient_data, MINUTE_IN_SECONDS * 5); // Add query arguments to the redirect URL $redirect_url = add_query_arg([ 'prof_error' => '1', 'tid' => $transient_id, ], $redirect_url); wp_safe_redirect($redirect_url); exit; // Stop execution after redirect } /** * Validate profile update data * * @param array $data Submitted form data ($_POST). * @param WP_User $user Current user object. * @return array Array of errors, empty if valid. */ public function validate_profile_update($data, $user) { $errors = array(); // Required field validation $required_fields = [ 'first_name' => 'First Name', 'last_name' => 'Last Name', 'display_name' => 'Display Name', 'user_email' => 'Email', 'description' => 'Biographical Info', 'business_name' => 'Business Name', 'business_phone' => 'Business Phone', 'business_email' => 'Business Email', 'business_description' => 'Business Description', 'user_country' => 'Country', 'user_state' => 'State/Province', 'user_city' => 'City', 'user_zip' => 'Zip/Postal Code', 'business_type' => 'Business Type', ]; foreach ($required_fields as $field => $label) { // Use trim to catch spaces-only input if (empty($data[$field]) || trim($data[$field]) === '') { $errors[$field] = $label . ' is required.'; } } // Required checkbox groups $required_checkboxes = [ 'training_audience' => 'Training Audience', 'training_formats' => 'Training Formats', 'training_locations' => 'Training Locations', 'training_resources' => 'Training Resources', ]; foreach ($required_checkboxes as $field => $label) { // Check if the key exists and is a non-empty array if (empty($data[$field]) || !is_array($data[$field])) { $errors[$field] = 'Please select at least one option for ' . $label . '.'; } } // Email validation if (!empty($data['user_email']) && !is_email($data['user_email'])) { $errors['user_email'] = 'Please enter a valid email address.'; } if (!empty($data['business_email']) && !is_email($data['business_email'])) { $errors['business_email'] = 'Please enter a valid business email address.'; } // Email exists validation (only if email is changed and valid) if (empty($errors['user_email']) && !empty($data['user_email']) && $data['user_email'] !== $user->user_email && email_exists($data['user_email'])) { $errors['user_email'] = 'This email address is already registered to another account.'; } // URL validation (optional fields) if (!empty($data['user_url']) && !filter_var($data['user_url'], FILTER_VALIDATE_URL)) { $errors['user_url'] = 'Please enter a valid URL for your personal website.'; } if (!empty($data['user_linkedin']) && !filter_var($data['user_linkedin'], FILTER_VALIDATE_URL)) { $errors['user_linkedin'] = 'Please enter a valid URL for your LinkedIn profile.'; } if (!empty($data['business_website']) && !filter_var($data['business_website'], FILTER_VALIDATE_URL)) { $errors['business_website'] = 'Please enter a valid URL for your business website.'; } // State/Province 'Other' validation if (!empty($data['user_country'])) { if ($data['user_country'] !== 'United States' && $data['user_country'] !== 'Canada') { // If country is not US/CA, state *must* be 'Other' if (empty($data['user_state']) || $data['user_state'] !== 'Other') { $errors['user_state'] = 'Please select "Other" for State/Province if your country is not US or Canada.'; } elseif (empty($data['user_state_other']) || trim($data['user_state_other']) === '') { // If state is 'Other', the text input must not be empty $errors['user_state_other'] = 'Please enter your state/province.'; } } elseif (!empty($data['user_state'])) { // If country is US/CA if ($data['user_state'] === 'Other') { // State cannot be 'Other' if country is US/CA $errors['user_state'] = 'Please select your state/province from the list.'; } } } // Password validation (only if user is attempting to change password) if (!empty($data['current_password']) || !empty($data['new_password']) || !empty($data['confirm_new_password'])) { // Verify current password if (empty($data['current_password'])) { $errors['current_password'] = 'Please enter your current password.'; } elseif (!wp_check_password($data['current_password'], $user->user_pass, $user->ID)) { $errors['current_password'] = 'Current password is incorrect.'; } // Validate new password if (empty($data['new_password'])) { $errors['new_password'] = 'Please enter a new password.'; } elseif (strlen($data['new_password']) < 8) { $errors['new_password'] = 'Password must be at least 8 characters long.'; } elseif (!preg_match('/[A-Z]/', $data['new_password'])) { $errors['new_password'] = 'Password must contain at least one uppercase letter.'; } elseif (!preg_match('/[a-z]/', $data['new_password'])) { $errors['new_password'] = 'Password must contain at least one lowercase letter.'; } elseif (!preg_match('/[0-9]/', $data['new_password'])) { $errors['new_password'] = 'Password must contain at least one number.'; } // Confirm new password if (empty($data['confirm_new_password'])) { $errors['confirm_new_password'] = 'Please confirm your new password.'; } elseif ($data['new_password'] !== $data['confirm_new_password']) { $errors['confirm_new_password'] = 'New passwords do not match.'; } } error_log('[HVAC PROFILE DEBUG] validate_profile_update: Validation result - ' . (empty($errors) ? 'VALID' : 'INVALID')); return $errors; } /** * Update the user profile with submitted data * * @param int $user_id The user ID to update. * @param array $data The submitted form data. * @param array|null $profile_image_data The profile image file data, if any. * @return bool|WP_Error True on success, WP_Error on failure. */ private function update_user_profile($user_id, $data, $profile_image_data = null) { // Sanitize and prepare user data for update $userdata = array( 'ID' => $user_id, 'first_name' => sanitize_text_field($data['first_name']), 'last_name' => sanitize_text_field($data['last_name']), 'display_name' => sanitize_text_field($data['display_name']), 'user_email' => sanitize_email($data['user_email']), 'user_url' => !empty($data['user_url']) ? esc_url_raw($data['user_url']) : '', 'description' => wp_kses_post($data['description']), ); // Handle password update if provided if (!empty($data['new_password']) && !empty($data['current_password']) && !empty($data['confirm_new_password'])) { $userdata['user_pass'] = $data['new_password']; // wp_update_user will hash the password } // Update user data $update_result = wp_update_user($userdata); if (is_wp_error($update_result)) { error_log('[HVAC PROFILE DEBUG] wp_update_user failed: ' . $update_result->get_error_message()); return $update_result; } // Update user meta $meta_fields = [ 'user_linkedin' => !empty($data['user_linkedin']) ? esc_url_raw($data['user_linkedin']) : '', 'personal_accreditation' => !empty($data['personal_accreditation']) ? sanitize_text_field($data['personal_accreditation']) : '', 'business_name' => sanitize_text_field($data['business_name']), 'business_phone' => sanitize_text_field($data['business_phone']), 'business_email' => sanitize_email($data['business_email']), 'business_website' => !empty($data['business_website']) ? esc_url_raw($data['business_website']) : '', 'business_description' => wp_kses_post($data['business_description']), 'user_country' => sanitize_text_field($data['user_country']), 'user_state' => ($data['user_state'] === 'Other' && isset($data['user_state_other'])) ? sanitize_text_field($data['user_state_other']) : sanitize_text_field($data['user_state']), 'user_city' => sanitize_text_field($data['user_city']), 'user_zip' => sanitize_text_field($data['user_zip']), 'business_type' => sanitize_text_field($data['business_type']), 'training_audience' => (!empty($data['training_audience']) && is_array($data['training_audience'])) ? array_map('sanitize_text_field', $data['training_audience']) : [], 'training_formats' => (!empty($data['training_formats']) && is_array($data['training_formats'])) ? array_map('sanitize_text_field', $data['training_formats']) : [], 'training_locations' => (!empty($data['training_locations']) && is_array($data['training_locations'])) ? array_map('sanitize_text_field', $data['training_locations']) : [], 'training_resources' => (!empty($data['training_resources']) && is_array($data['training_resources'])) ? array_map('sanitize_text_field', $data['training_resources']) : [], 'annual_revenue_target' => !empty($data['annual_revenue_target']) ? intval($data['annual_revenue_target']) : '', ]; foreach ($meta_fields as $key => $value) { update_user_meta($user_id, $key, $value); } // Handle profile image upload if provided if ($profile_image_data) { // We don't need the return value here unless we want to report specific upload errors $this->handle_profile_image_upload($user_id, $profile_image_data); } // Update organizer profile if it exists $organizer_id = get_user_meta($user_id, 'hvac_organizer_id', true); if ($organizer_id && get_post_type($organizer_id) === Tribe__Events__Main::ORGANIZER_POST_TYPE) { $this->create_organizer_profile($user_id, $meta_fields); } // Update venue profile if it exists $venue_id = get_user_meta($user_id, 'hvac_venue_id', true); if ($venue_id && get_post_type($venue_id) === Tribe__Events__Main::VENUE_POST_TYPE) { $this->create_training_venue($user_id, $meta_fields); } return true; } /** * Get list of countries (simplified) */ private function get_country_list() { // In a real application, use a more comprehensive list or library return array( 'US' => 'United States', 'CA' => 'Canada', // Add more countries as needed 'GB' => 'United Kingdom', 'AU' => 'Australia', // ... ); } /** * Get list of US states */ private function get_us_states() { // Use state abbreviations as keys if preferred by JS/validation return array( 'AL' => 'Alabama', 'AK' => 'Alaska', 'AZ' => 'Arizona', 'AR' => 'Arkansas', 'CA' => 'California', 'CO' => 'Colorado', 'CT' => 'Connecticut', 'DE' => 'Delaware', 'DC' => 'District of Columbia', 'FL' => 'Florida', 'GA' => 'Georgia', 'HI' => 'Hawaii', 'ID' => 'Idaho', 'IL' => 'Illinois', 'IN' => 'Indiana', 'IA' => 'Iowa', 'KS' => 'Kansas', 'KY' => 'Kentucky', 'LA' => 'Louisiana', 'ME' => 'Maine', 'MD' => 'Maryland', 'MA' => 'Massachusetts', 'MI' => 'Michigan', 'MN' => 'Minnesota', 'MS' => 'Mississippi', 'MO' => 'Missouri', 'MT' => 'Montana', 'NE' => 'Nebraska', 'NV' => 'Nevada', 'NH' => 'New Hampshire', 'NJ' => 'New Jersey', 'NM' => 'New Mexico', 'NY' => 'New York', 'NC' => 'North Carolina', 'ND' => 'North Dakota', 'OH' => 'Ohio', 'OK' => 'Oklahoma', 'OR' => 'Oregon', 'PA' => 'Pennsylvania', 'RI' => 'Rhode Island', 'SC' => 'South Carolina', 'SD' => 'South Dakota', 'TN' => 'Tennessee', 'TX' => 'Texas', 'UT' => 'Utah', 'VT' => 'Vermont', 'VA' => 'Virginia', 'WA' => 'Washington', 'WV' => 'West Virginia', 'WI' => 'Wisconsin', 'WY' => 'Wyoming' ); } /** * Get list of Canadian provinces */ private function get_canadian_provinces() { // Use province abbreviations as keys if preferred by JS/validation return array( 'AB' => 'Alberta', 'BC' => 'British Columbia', 'MB' => 'Manitoba', 'NB' => 'New Brunswick', 'NL' => 'Newfoundland and Labrador', 'NS' => 'Nova Scotia', 'ON' => 'Ontario', 'PE' => 'Prince Edward Island', 'QC' => 'Quebec', 'SK' => 'Saskatchewan', 'NT' => 'Northwest Territories', 'NU' => 'Nunavut', 'YT' => 'Yukon' ); } } // End class HVAC_Registration