8be49ad5a9
- Fixed critical security vulnerability with incorrect capability checks - Fixed hardcoded redirect path from /community-login/ to /training-login/ - Moved dashboard shortcode registration to centralized location - Fixed duplicate class loading with proper singleton checks - Fixed incorrect edit URLs in dashboard - Removed debug HTML comments from production templates - Moved inline CSS to external stylesheets for better maintainability - Added caching mechanism for dashboard statistics queries (1 hour cache) - Implemented pagination JavaScript handlers for AJAX navigation - Added comprehensive error handling and logging throughout - Fixed role-based access control (checking roles not capabilities) - Improved performance with cached database queries
302 lines
No EOL
9.3 KiB
PHP
302 lines
No EOL
9.3 KiB
PHP
<?php
|
|
/**
|
|
* HVAC Welcome Popup Handler
|
|
*
|
|
* Handles welcome popup display logic and user preferences
|
|
*
|
|
* @package HVAC_Community_Events
|
|
* @since 1.0.0
|
|
*/
|
|
|
|
if (!defined('ABSPATH')) {
|
|
exit;
|
|
}
|
|
|
|
class HVAC_Welcome_Popup {
|
|
|
|
/**
|
|
* User meta key for storing dismissal preference
|
|
*/
|
|
const DISMISSED_META_KEY = 'hvac_welcome_popup_dismissed';
|
|
|
|
/**
|
|
* Plugin instance
|
|
*
|
|
* @var HVAC_Welcome_Popup
|
|
*/
|
|
private static $instance = null;
|
|
|
|
/**
|
|
* Get plugin instance
|
|
*
|
|
* @return HVAC_Welcome_Popup
|
|
*/
|
|
public static function get_instance() {
|
|
if (null === self::$instance) {
|
|
self::$instance = new self();
|
|
}
|
|
return self::$instance;
|
|
}
|
|
|
|
/**
|
|
* Constructor
|
|
*/
|
|
public function __construct() {
|
|
add_action('wp_enqueue_scripts', array($this, 'enqueue_assets'));
|
|
add_action('wp_ajax_hvac_check_welcome_dismissed', array($this, 'ajax_check_welcome_dismissed'));
|
|
add_action('wp_ajax_hvac_dismiss_welcome_popup', array($this, 'ajax_dismiss_welcome_popup'));
|
|
}
|
|
|
|
/**
|
|
* Enqueue popup assets on dashboard page
|
|
*/
|
|
public function enqueue_assets() {
|
|
// TEMPORARY FIX: Disable welcome popup to test dropdown interference
|
|
// The welcome popup appears to be blocking dropdown clicks on dashboard
|
|
return;
|
|
|
|
// Only load on trainer dashboard page
|
|
if (!$this->is_dashboard_page()) {
|
|
return;
|
|
}
|
|
|
|
// Only load for logged in users with trainer capabilities
|
|
if (!is_user_logged_in() || !$this->user_can_see_popup()) {
|
|
return;
|
|
}
|
|
|
|
// Enqueue CSS
|
|
wp_enqueue_style(
|
|
'hvac-welcome-popup-css',
|
|
HVAC_PLUGIN_URL . 'assets/css/hvac-welcome-popup.css',
|
|
array(),
|
|
HVAC_PLUGIN_VERSION
|
|
);
|
|
|
|
// Enqueue JavaScript
|
|
wp_enqueue_script(
|
|
'hvac-welcome-popup-js',
|
|
HVAC_PLUGIN_URL . 'assets/js/hvac-welcome-popup.js',
|
|
array('jquery'),
|
|
HVAC_PLUGIN_VERSION,
|
|
true
|
|
);
|
|
|
|
// Localize script
|
|
wp_localize_script('hvac-welcome-popup-js', 'hvac_welcome', array(
|
|
'ajax_url' => admin_url('admin-ajax.php'),
|
|
'nonce' => wp_create_nonce('hvac_welcome_nonce')
|
|
));
|
|
}
|
|
|
|
/**
|
|
* Check if current page is the dashboard page
|
|
*
|
|
* @return bool
|
|
*/
|
|
private function is_dashboard_page() {
|
|
global $post, $wp;
|
|
|
|
// Check if we're on a page with the trainer dashboard shortcode
|
|
if (is_a($post, 'WP_Post') && has_shortcode($post->post_content, 'hvac_dashboard')) {
|
|
return true;
|
|
}
|
|
|
|
// Check if we're on the trainer dashboard template
|
|
if (is_page_template('templates/page-trainer-dashboard.php')) {
|
|
return true;
|
|
}
|
|
|
|
// Check URL patterns
|
|
$current_url = home_url(add_query_arg(array(), $wp->request));
|
|
|
|
if (strpos($current_url, '/trainer/dashboard') !== false) {
|
|
return true;
|
|
}
|
|
|
|
// Check if this is a page with class indicating it's the trainer dashboard
|
|
if (is_a($post, 'WP_Post')) {
|
|
$page_template = get_page_template_slug($post->ID);
|
|
if ($page_template === 'templates/page-trainer-dashboard.php') {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Check if user can see the popup
|
|
*
|
|
* @return bool
|
|
*/
|
|
private function user_can_see_popup() {
|
|
// Check basic capability first
|
|
if (!current_user_can('hvac_trainer') &&
|
|
!current_user_can('hvac_master_trainer') &&
|
|
!current_user_can('manage_options')) {
|
|
return false;
|
|
}
|
|
|
|
// For admin users, always show (for testing purposes)
|
|
if (current_user_can('manage_options')) {
|
|
return true;
|
|
}
|
|
|
|
// For trainers, check account status using the proper status system
|
|
$user_id = get_current_user_id();
|
|
|
|
// Use the HVAC_Trainer_Status class to get the proper account status
|
|
if (class_exists('HVAC_Trainer_Status')) {
|
|
$account_status = HVAC_Trainer_Status::get_trainer_status($user_id);
|
|
} else {
|
|
// Fallback to direct meta query if class not available
|
|
$account_status = get_user_meta($user_id, 'account_status', true);
|
|
}
|
|
|
|
// Debug logging for staging (will be removed in production)
|
|
if (defined('WP_DEBUG') && WP_DEBUG) {
|
|
error_log("HVAC Welcome Popup: User ID {$user_id}, Account Status: '{$account_status}'");
|
|
}
|
|
|
|
// Only show popup for users with Active, Approved, or Inactive account status
|
|
// Users with Pending or Disabled status should not see the welcome popup
|
|
// Inactive users should see it as they're approved but just haven't been active recently
|
|
$allowed_statuses = ['approved', 'active', 'inactive'];
|
|
return in_array($account_status, $allowed_statuses);
|
|
}
|
|
|
|
/**
|
|
* AJAX handler to check if user has dismissed the popup
|
|
*/
|
|
public function ajax_check_welcome_dismissed() {
|
|
// Verify nonce
|
|
if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'hvac_welcome_nonce')) {
|
|
wp_send_json_error(array('message' => 'Security check failed.'));
|
|
return;
|
|
}
|
|
|
|
// Check if user is logged in
|
|
if (!is_user_logged_in()) {
|
|
wp_send_json_error(array('message' => 'User not logged in.'));
|
|
return;
|
|
}
|
|
|
|
// Check user capabilities
|
|
if (!$this->user_can_see_popup()) {
|
|
wp_send_json_error(array('message' => 'Access denied.'));
|
|
return;
|
|
}
|
|
|
|
$user_id = get_current_user_id();
|
|
$dismissed = get_user_meta($user_id, self::DISMISSED_META_KEY, true);
|
|
|
|
wp_send_json_success(array(
|
|
'dismissed' => (bool) $dismissed
|
|
));
|
|
}
|
|
|
|
/**
|
|
* AJAX handler to dismiss the popup permanently
|
|
*/
|
|
public function ajax_dismiss_welcome_popup() {
|
|
// Verify nonce
|
|
if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'hvac_welcome_nonce')) {
|
|
wp_send_json_error(array('message' => 'Security check failed.'));
|
|
return;
|
|
}
|
|
|
|
// Check if user is logged in
|
|
if (!is_user_logged_in()) {
|
|
wp_send_json_error(array('message' => 'User not logged in.'));
|
|
return;
|
|
}
|
|
|
|
// Check user capabilities
|
|
if (!$this->user_can_see_popup()) {
|
|
wp_send_json_error(array('message' => 'Access denied.'));
|
|
return;
|
|
}
|
|
|
|
$user_id = get_current_user_id();
|
|
|
|
// Save dismissal preference
|
|
$result = update_user_meta($user_id, self::DISMISSED_META_KEY, true);
|
|
|
|
if ($result !== false) {
|
|
wp_send_json_success(array(
|
|
'message' => 'Welcome popup dismissed successfully.'
|
|
));
|
|
} else {
|
|
wp_send_json_error(array(
|
|
'message' => 'Failed to save dismissal preference.'
|
|
));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Reset dismissal for a user (useful for testing or re-onboarding)
|
|
*
|
|
* @param int $user_id User ID
|
|
* @return bool Success status
|
|
*/
|
|
public function reset_dismissal($user_id) {
|
|
if (!$user_id || !is_numeric($user_id)) {
|
|
return false;
|
|
}
|
|
|
|
return delete_user_meta($user_id, self::DISMISSED_META_KEY);
|
|
}
|
|
|
|
/**
|
|
* Check if a specific user has dismissed the popup
|
|
*
|
|
* @param int $user_id User ID
|
|
* @return bool True if dismissed, false otherwise
|
|
*/
|
|
public function is_dismissed_for_user($user_id) {
|
|
if (!$user_id || !is_numeric($user_id)) {
|
|
return false;
|
|
}
|
|
|
|
return (bool) get_user_meta($user_id, self::DISMISSED_META_KEY, true);
|
|
}
|
|
|
|
/**
|
|
* Get dismissal statistics for all users
|
|
*
|
|
* @return array Statistics array
|
|
*/
|
|
public function get_dismissal_stats() {
|
|
global $wpdb;
|
|
|
|
// Get total trainer users
|
|
$trainer_roles = array('hvac_trainer', 'hvac_master_trainer');
|
|
$total_trainers = 0;
|
|
|
|
foreach ($trainer_roles as $role) {
|
|
$users = get_users(array(
|
|
'role' => $role,
|
|
'count_total' => true,
|
|
'fields' => 'ID'
|
|
));
|
|
$total_trainers += count($users);
|
|
}
|
|
|
|
// Get users who have dismissed the popup
|
|
$dismissed_count = $wpdb->get_var($wpdb->prepare(
|
|
"SELECT COUNT(*) FROM {$wpdb->usermeta} WHERE meta_key = %s AND meta_value = '1'",
|
|
self::DISMISSED_META_KEY
|
|
));
|
|
|
|
return array(
|
|
'total_trainers' => $total_trainers,
|
|
'dismissed_count' => (int) $dismissed_count,
|
|
'active_count' => $total_trainers - (int) $dismissed_count,
|
|
'dismissal_rate' => $total_trainers > 0 ? round(((int) $dismissed_count / $total_trainers) * 100, 2) : 0
|
|
);
|
|
}
|
|
}
|
|
|
|
// Initialize the welcome popup system
|
|
HVAC_Welcome_Popup::get_instance(); |