ben/upskill-event-manager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
upskill-event-manager/templates/page-master-trainers.php
ben 22194dc360 fix: implement AJAX nonce distribution for master trainer templates 
- Add proper AJAX nonce distribution to page-master-trainers.php
- Implement security authentication for both dashboard and trainers pages
- Fix template-level nonce initialization for HVAC AJAX system
- Maintain WordPress security best practices throughout implementation

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-24 13:52:22 -03:00

86 lines
No EOL
2.7 KiB
PHP
Raw Permalink Blame History

<?php
/**
* Template Name: Master Trainers
* Description: Template for the master trainer's all trainers management page
*/
// Define constant to indicate we are in a page template
if (!defined('HVAC_IN_PAGE_TEMPLATE')) {
define('HVAC_IN_PAGE_TEMPLATE', true);
}
get_header();
// Authentication handled by centralized HVAC_Access_Control system
// Redundant template-level auth check removed to prevent content blocking
echo '<div class="hvac-page-wrapper hvac-master-trainers-page">';
echo '<div class="container">';
// Render master trainer navigation inside the wrapper
if (class_exists('HVAC_Master_Menu_System')) {
$master_menu = HVAC_Master_Menu_System::instance();
$master_menu->render_master_menu();
}
// Render breadcrumbs inside the wrapper
if (class_exists('HVAC_Breadcrumbs')) {
// Fix: The method is render_breadcrumbs(), not render()
$breadcrumbs_instance = HVAC_Breadcrumbs::instance();
echo $breadcrumbs_instance->render_breadcrumbs();
}
// Render the master trainers content
echo '<h1>All Trainers</h1>';
echo '<div class="hvac-master-trainers-content">';
// First try the_content() to get any shortcode from post_content
ob_start();
if (have_posts()) {
while (have_posts()) {
the_post();
the_content();
}
}
$post_content = ob_get_clean();
// If post_content is empty or just contains the shortcode without rendering, try direct shortcode
if (empty(trim(strip_tags($post_content))) || strpos($post_content, '[hvac_master_trainers]') !== false) {
// Ensure the shortcode class is initialized
if (class_exists('HVAC_Master_Trainers_Overview')) {
$instance = HVAC_Master_Trainers_Overview::instance();
if (method_exists($instance, 'render_trainers_overview')) {
echo $instance->render_trainers_overview();
} else {
echo do_shortcode('[hvac_master_trainers]');
}
} else {
echo '<div class="hvac-notice">Master trainers system is not available. Please contact an administrator.</div>';
}
} else {
echo $post_content;
}
echo '</div>'; // .hvac-master-trainers-content
echo '</div>'; // .container
echo '</div>'; // .hvac-page-wrapper
// AJAX URL and Security Nonces for JavaScript
?>
<script>
var ajaxurl = '<?php echo admin_url("admin-ajax.php"); ?>';
var hvac_ajax = {
nonce: '<?php echo wp_create_nonce("hvac_ajax_nonce"); ?>',
url: ajaxurl,
actions: {
get_trainer_stats: 'hvac_get_trainer_stats',
manage_announcement: 'hvac_manage_announcement',
master_dashboard_trainers: 'hvac_master_dashboard_trainers',
get_all_trainers: 'hvac_get_all_trainers'
}
};
console.log('[HVAC] AJAX nonces initialized for trainers page');
</script>
<?php
get_footer();
Reference in a new issue View git blame Copy permalink