upskill-event-manager/includes/class-hvac-organizers.php

<?php
/**
 * HVAC Organizers Management
 *
 * @package HVAC_Community_Events
 * @since 2.0.0
 */

if (!defined('ABSPATH')) {
    exit;
}

/**
 * HVAC_Organizers class
 */
class HVAC_Organizers {
    
    /**
     * Constructor
     */
    public function __construct() {
        // Register shortcodes
        add_shortcode('hvac_trainer_organizers_list', array($this, 'render_organizers_list'));
        add_shortcode('hvac_trainer_organizer_manage', array($this, 'render_organizer_manage'));
        
        // Enqueue scripts
        add_action('wp_enqueue_scripts', array($this, 'enqueue_scripts'));
        
        // Handle AJAX requests
        add_action('wp_ajax_hvac_save_organizer', array($this, 'ajax_save_organizer'));
        add_action('wp_ajax_hvac_delete_organizer', array($this, 'ajax_delete_organizer'));
        add_action('wp_ajax_hvac_upload_org_logo', array($this, 'ajax_upload_org_logo'));
    }
    
    /**
     * Enqueue scripts and styles
     */
    public function enqueue_scripts() {
        if (is_page('trainer/organizer/list') || is_page('trainer/organizer/manage')) {
            wp_enqueue_style(
                'hvac-organizers-style',
                HVAC_PLUGIN_URL . 'assets/css/hvac-organizers.css',
                array(),
                HVAC_PLUGIN_VERSION
            );
            
            wp_enqueue_script(
                'hvac-organizers-js',
                HVAC_PLUGIN_URL . 'assets/js/hvac-organizers.js',
                array('jquery'),
                HVAC_PLUGIN_VERSION,
                true
            );
            
            wp_localize_script('hvac-organizers-js', 'hvacOrganizers', array(
                'ajax_url' => admin_url('admin-ajax.php'),
                'nonce' => wp_create_nonce('hvac_organizers_nonce')
            ));
            
            // Enqueue media uploader for logo upload
            if (is_page('trainer/organizer/manage')) {
                wp_enqueue_media();
            }
        }
    }
    
    /**
     * Render organizers list
     */
    public function render_organizers_list() {
        if (!is_user_logged_in()) {
            return '<p>You must be logged in to view this page.</p>';
        }
        
        // Allow trainers, master trainers, or WordPress admins
        $user = wp_get_current_user();
        if (!in_array('hvac_trainer', $user->roles) && !in_array('hvac_master_trainer', $user->roles) && !current_user_can('manage_options')) {
            return '<p>You must be a trainer to view this page.</p>';
        }
        
        ob_start();
        ?>
        <div class="hvac-organizers-list">
            <div class="hvac-page-header">
                <h1>Training Organizers</h1>
                <a href="/trainer/organizer/manage/" class="hvac-button hvac-button-primary">Add New Organizer</a>
            </div>
            
            <?php 
            // Breadcrumbs are handled by page template when using WordPress pages
            if (!defined('HVAC_IN_PAGE_TEMPLATE') && class_exists('HVAC_Breadcrumbs')) {
                echo HVAC_Breadcrumbs::instance()->render_breadcrumbs();
            }
            ?>
            
            <?php $this->render_organizers_table(); ?>
        </div>
        <?php
        return ob_get_clean();
    }
    
    /**
     * Render organizers table
     */
    private function render_organizers_table() {
        $current_user_id = get_current_user_id();
        
        // Get pagination parameters
        $page = max(1, HVAC_Security_Helpers::get_input('GET', 'paged', 'absint', 1));
        $per_page = 20;
        $offset = ($page - 1) * $per_page;
        
        // Build query
        $query_args = array(
            'post_type' => class_exists('Tribe__Events__Main') ? Tribe__Events__Main::ORGANIZER_POST_TYPE : 'tribe_organizer',
            'posts_per_page' => $per_page,
            'offset' => $offset,
            'orderby' => 'title',
            'order' => 'ASC',
            'post_status' => 'publish'
        );
        
        // Master trainers can see all organizers, regular trainers only see their own
        $user = wp_get_current_user();
        if (!in_array('hvac_master_trainer', $user->roles) && !current_user_can('manage_options')) {
            $query_args['author'] = $current_user_id;
        }
        
        // Filter handling
        $search = HVAC_Security_Helpers::get_input('GET', 'search', 'sanitize_text_field', '');
        if (!empty($search)) {
            $query_args['s'] = $search;
        }
        
        // Get organizers
        $organizers_query = new WP_Query($query_args);
        
        // Get total count for pagination
        $total_organizers = $organizers_query->found_posts;
        $total_pages = ceil($total_organizers / $per_page);
        
        ?>
        <div class="hvac-organizers-filters">
            <form method="get" class="hvac-filter-form">
                <div class="hvac-filter-row">
                    <div class="hvac-filter-group">
                        <input type="text" name="search" placeholder="Search organizers..." 
                               value="<?php echo HVAC_Security_Helpers::escape(HVAC_Security_Helpers::get_input('GET', 'search', 'sanitize_text_field', ''), 'attr'); ?>" />
                    </div>
                    <div class="hvac-filter-group">
                        <button type="submit" class="hvac-button">Search</button>
                        <a href="/trainer/organizer/list/" class="hvac-button hvac-button-secondary">Clear</a>
                    </div>
                </div>
            </form>
        </div>
        
        <div class="hvac-organizers-table-wrapper">
            <table class="hvac-organizers-table">
                <thead>
                    <tr>
                        <th>Logo</th>
                        <th>Organization Name</th>
                        <th>Headquarters</th>
                        <th>Contact</th>
                        <th>Website</th>
                        <th>Actions</th>
                    </tr>
                </thead>
                <tbody>
                    <?php
                    if ($organizers_query->have_posts()) {
                        while ($organizers_query->have_posts()) {
                            $organizers_query->the_post();
                            $organizer_id = get_the_ID();
                            
                            // Get organizer meta
                            $phone = get_post_meta($organizer_id, '_OrganizerPhone', true);
                            $email = get_post_meta($organizer_id, '_OrganizerEmail', true);
                            $website = get_post_meta($organizer_id, '_OrganizerWebsite', true);
                            
                            // Get headquarters location
                            $hq_city = get_post_meta($organizer_id, '_hvac_headquarters_city', true);
                            $hq_state = get_post_meta($organizer_id, '_hvac_headquarters_state', true);
                            $hq_country = get_post_meta($organizer_id, '_hvac_headquarters_country', true);
                            $hq_parts = array_filter(array($hq_city, $hq_state, $hq_country));
                            $headquarters = implode(', ', $hq_parts);
                            
                            ?>
                            <tr>
                                <td class="hvac-org-logo">
                                    <?php if (has_post_thumbnail()): ?>
                                        <?php the_post_thumbnail('thumbnail'); ?>
                                    <?php else: ?>
                                        <div class="hvac-logo-placeholder">
                                            <span><?php echo esc_html(substr(get_the_title(), 0, 1)); ?></span>
                                        </div>
                                    <?php endif; ?>
                                </td>
                                <td>
                                    <strong><?php the_title(); ?></strong>
                                </td>
                                <td><?php echo esc_html($headquarters ?: 'Not specified'); ?></td>
                                <td>
                                    <?php if ($email): ?>
                                        <a href="mailto:<?php echo esc_attr($email); ?>"><?php echo esc_html($email); ?></a>
                                    <?php endif; ?>
                                    <?php if ($phone): ?>
                                        <br /><?php echo esc_html($phone); ?>
                                    <?php endif; ?>
                                </td>
                                <td>
                                    <?php if ($website): ?>
                                        <a href="<?php echo esc_url($website); ?>" target="_blank">Visit Website</a>
                                    <?php else: ?>
                                        <span class="hvac-text-muted">Not specified</span>
                                    <?php endif; ?>
                                </td>
                                <td>
                                    <a href="/trainer/organizer/manage/?organizer_id=<?php echo esc_attr($organizer_id); ?>" 
                                       class="hvac-button hvac-button-small">Edit</a>
                                </td>
                            </tr>
                            <?php
                        }
                    } else {
                        ?>
                        <tr>
                            <td colspan="6" class="hvac-no-results">No organizers found.</td>
                        </tr>
                        <?php
                    }
                    wp_reset_postdata();
                    ?>
                </tbody>
            </table>
        </div>
        
        <?php if ($total_pages > 1): ?>
            <div class="hvac-pagination">
                <?php
                echo paginate_links(array(
                    'base' => add_query_arg('paged', '%#%'),
                    'format' => '',
                    'current' => $page,
                    'total' => $total_pages,
                    'prev_text' => '&laquo; Previous',
                    'next_text' => 'Next &raquo;'
                ));
                ?>
            </div>
        <?php endif; ?>
        <?php
    }
    
    /**
     * Render organizer manage form
     */
    public function render_organizer_manage() {
        if (!is_user_logged_in()) {
            return '<p>You must be logged in to view this page.</p>';
        }
        
        // Allow trainers, master trainers, or WordPress admins
        $user = wp_get_current_user();
        if (!in_array('hvac_trainer', $user->roles) && !in_array('hvac_master_trainer', $user->roles) && !current_user_can('manage_options')) {
            return '<p>You must be a trainer to view this page.</p>';
        }
        
        $organizer_id = HVAC_Security_Helpers::get_input('GET', 'organizer_id', 'absint', 0);
        $organizer = null;
        
        if ($organizer_id) {
            $organizer = get_post($organizer_id);
            
            // Check if user can edit this organizer
            if (!$organizer || $organizer->post_author != get_current_user_id()) {
                return '<p>You do not have permission to edit this organizer.</p>';
            }
        }
        
        ob_start();
        ?>
        <div class="hvac-organizer-manage">
            <div class="hvac-page-header">
                <h1><?php echo esc_html($organizer ? 'Edit Organizer' : 'Create New Organizer'); ?></h1>
            </div>
            
            <?php 
            // Breadcrumbs are handled by page template when using WordPress pages
            if (!defined('HVAC_IN_PAGE_TEMPLATE') && class_exists('HVAC_Breadcrumbs')) {
                echo HVAC_Breadcrumbs::instance()->render_breadcrumbs();
            }
            ?>
            
            <form id="hvac-organizer-form" class="hvac-form">
                <?php wp_nonce_field('hvac_organizer_manage', 'hvac_organizer_nonce'); ?>
                <input type="hidden" name="organizer_id" value="<?php echo esc_attr($organizer_id); ?>" />
                
                <div class="hvac-form-section">
                    <h3>Organization Logo</h3>
                    <div class="hvac-org-logo-upload">
                        <div class="hvac-current-logo">
                            <?php if ($organizer && has_post_thumbnail($organizer_id)): ?>
                                <?php echo get_the_post_thumbnail($organizer_id, 'medium'); ?>
                            <?php else: ?>
                                <div class="hvac-logo-placeholder-large">
                                    <span>No logo uploaded</span>
                                </div>
                            <?php endif; ?>
                        </div>
                        <div class="hvac-logo-actions">
                            <button type="button" id="hvac-upload-logo" class="hvac-button hvac-button-secondary">
                                <?php echo esc_html(($organizer && has_post_thumbnail($organizer_id)) ? 'Change Logo' : 'Upload Logo'); ?>
                            </button>
                            <?php if ($organizer && has_post_thumbnail($organizer_id)): ?>
                                <button type="button" id="hvac-remove-logo" class="hvac-button hvac-button-danger-outline">
                                    Remove Logo
                                </button>
                            <?php endif; ?>
                            <input type="hidden" id="org_logo_id" name="org_logo_id" 
                                   value="<?php echo esc_attr($organizer ? get_post_thumbnail_id($organizer_id) : ''); ?>" />
                        </div>
                        <p class="hvac-help-text">Recommended size: 300x300px. Maximum file size: 2MB.</p>
                    </div>
                </div>
                
                <div class="hvac-form-section">
                    <h3>Organization Information</h3>
                    
                    <div class="hvac-form-row">
                        <label for="org_name">Organization Name *</label>
                        <input type="text" id="org_name" name="org_name" required
                               value="<?php echo $organizer ? esc_attr($organizer->post_title) : ''; ?>" />
                    </div>
                    
                    <div class="hvac-form-row">
                        <label for="org_description">Description</label>
                        <textarea id="org_description" name="org_description" rows="4"><?php 
                            echo $organizer ? esc_textarea($organizer->post_content) : ''; 
                        ?></textarea>
                    </div>
                </div>
                
                <div class="hvac-form-section">
                    <h3>Headquarters Location</h3>
                    
                    <div class="hvac-form-row">
                        <label for="hq_city">City *</label>
                        <input type="text" id="hq_city" name="hq_city" required
                               value="<?php echo $organizer ? esc_attr(get_post_meta($organizer_id, '_hvac_headquarters_city', true)) : ''; ?>" />
                    </div>
                    
                    <div class="hvac-form-row hvac-form-row-half">
                        <div>
                            <label for="hq_state">State/Province *</label>
                            <input type="text" id="hq_state" name="hq_state" required
                                   value="<?php echo $organizer ? esc_attr(get_post_meta($organizer_id, '_hvac_headquarters_state', true)) : ''; ?>" />
                        </div>
                        <div>
                            <label for="hq_country">Country *</label>
                            <select id="hq_country" name="hq_country" required>
                                <?php
                                $current_country = $organizer ? get_post_meta($organizer_id, '_hvac_headquarters_country', true) : 'United States';
                                $countries = array(
                                    'United States' => 'United States',
                                    'Canada' => 'Canada',
                                    'United Kingdom' => 'United Kingdom',
                                    'Australia' => 'Australia'
                                );
                                
                                foreach ($countries as $code => $name) {
                                    printf(
                                        '<option value="%s" %s>%s</option>',
                                        esc_attr($code),
                                        selected($current_country, $code, false),
                                        esc_html($name)
                                    );
                                }
                                ?>
                            </select>
                        </div>
                    </div>
                </div>
                
                <div class="hvac-form-section">
                    <h3>Contact Information</h3>
                    
                    <div class="hvac-form-row">
                        <label for="org_phone">Phone</label>
                        <input type="tel" id="org_phone" name="org_phone"
                               value="<?php echo $organizer ? esc_attr(get_post_meta($organizer_id, '_OrganizerPhone', true)) : ''; ?>" />
                    </div>
                    
                    <div class="hvac-form-row">
                        <label for="org_email">Email</label>
                        <input type="email" id="org_email" name="org_email"
                               value="<?php echo $organizer ? esc_attr(get_post_meta($organizer_id, '_OrganizerEmail', true)) : ''; ?>" />
                    </div>
                    
                    <div class="hvac-form-row">
                        <label for="org_website">Website</label>
                        <input type="url" id="org_website" name="org_website"
                               value="<?php echo $organizer ? esc_attr(get_post_meta($organizer_id, '_OrganizerWebsite', true)) : ''; ?>" />
                    </div>
                </div>
                
                <div class="hvac-form-actions">
                    <button type="submit" class="hvac-button hvac-button-primary">
                        <?php echo $organizer ? 'Update Organizer' : 'Create Organizer'; ?>
                    </button>
                    <a href="/trainer/organizer/list/" class="hvac-button hvac-button-secondary">Cancel</a>
                    
                    <?php if ($organizer): ?>
                        <button type="button" id="hvac-delete-organizer" class="hvac-button hvac-button-danger" 
                                data-organizer-id="<?php echo $organizer_id; ?>">Delete Organizer</button>
                    <?php endif; ?>
                </div>
            </form>
        </div>
        <?php
        return ob_get_clean();
    }
    
    /**
     * AJAX handler for saving organizer
     */
    public function ajax_save_organizer() {
        check_ajax_referer('hvac_organizers_nonce', 'nonce');
        
        if (!HVAC_Security_Helpers::is_hvac_trainer() && !current_user_can('manage_options')) {
            wp_send_json_error('Unauthorized');
        }
        
        $organizer_id = HVAC_Security_Helpers::get_input('POST', 'organizer_id', 'absint', 0);
        
        // If editing, check ownership
        if ($organizer_id) {
            $organizer = get_post($organizer_id);
            if (!$organizer || $organizer->post_author != get_current_user_id()) {
                wp_send_json_error('You do not have permission to edit this organizer.');
            }
        }
        
        // Validate required fields
        $org_name = HVAC_Security_Helpers::get_input('POST', 'org_name', 'sanitize_text_field', '');
        if (empty($org_name)) {
            wp_send_json_error('Organization name is required.');
        }
        
        // Prepare organizer data with proper sanitization
        $organizer_data = array(
            'Organizer' => $org_name,
            'Description' => HVAC_Security_Helpers::get_input('POST', 'org_description', 'wp_kses_post', ''),
            'Phone' => HVAC_Security_Helpers::get_input('POST', 'org_phone', 'sanitize_text_field', ''),
            'Email' => HVAC_Security_Helpers::get_input('POST', 'org_email', 'sanitize_email', ''),
            'Website' => HVAC_Security_Helpers::get_input('POST', 'org_website', 'esc_url_raw', '')
        );
        
        if ($organizer_id) {
            $organizer_data['ID'] = $organizer_id;
            $result = function_exists('tribe_update_organizer') ? 
                      tribe_update_organizer($organizer_id, $organizer_data) : 
                      wp_update_post(array(
                          'ID' => $organizer_id,
                          'post_title' => $organizer_data['Organizer'],
                          'post_content' => $organizer_data['Description']
                      ));
        } else {
            $organizer_data['post_status'] = 'publish';
            $organizer_data['post_author'] = get_current_user_id();
            $result = function_exists('tribe_create_organizer') ? 
                      tribe_create_organizer($organizer_data) : 
                      wp_insert_post(array(
                          'post_type' => 'tribe_organizer',
                          'post_title' => $organizer_data['Organizer'],
                          'post_content' => $organizer_data['Description'],
                          'post_status' => 'publish',
                          'post_author' => get_current_user_id()
                      ));
        }
        
        if (is_wp_error($result)) {
            wp_send_json_error($result->get_error_message());
        }
        
        // Update custom meta fields
        $organizer_id = $organizer_id ?: $result;
        
        // Update headquarters data using security helpers
        $hq_city = HVAC_Security_Helpers::get_input('POST', 'hq_city', 'sanitize_text_field', '');
        if (!empty($hq_city)) {
            update_post_meta($organizer_id, '_hvac_headquarters_city', $hq_city);
        }
        
        $hq_state = HVAC_Security_Helpers::get_input('POST', 'hq_state', 'sanitize_text_field', '');
        if (!empty($hq_state)) {
            update_post_meta($organizer_id, '_hvac_headquarters_state', $hq_state);
        }
        
        $hq_country = HVAC_Security_Helpers::get_input('POST', 'hq_country', 'sanitize_text_field', '');
        if (!empty($hq_country)) {
            update_post_meta($organizer_id, '_hvac_headquarters_country', $hq_country);
        }
        
        // Update phone, email, website meta using security helpers
        $org_phone = HVAC_Security_Helpers::get_input('POST', 'org_phone', 'sanitize_text_field', '');
        if (!empty($org_phone)) {
            update_post_meta($organizer_id, '_OrganizerPhone', $org_phone);
        }
        
        $org_email = HVAC_Security_Helpers::get_input('POST', 'org_email', 'sanitize_email', '');
        if (!empty($org_email)) {
            update_post_meta($organizer_id, '_OrganizerEmail', $org_email);
        }
        
        $org_website = HVAC_Security_Helpers::get_input('POST', 'org_website', 'esc_url_raw', '');
        if (!empty($org_website)) {
            update_post_meta($organizer_id, '_OrganizerWebsite', $org_website);
        }
        
        // Handle logo
        $logo_id = HVAC_Security_Helpers::get_input('POST', 'org_logo_id', 'absint', 0);
        if ($logo_id) {
            if ($logo_id) {
                set_post_thumbnail($organizer_id, $logo_id);
            } else {
                delete_post_thumbnail($organizer_id);
            }
        }
        
        // Update user's organizer_id if this is their first organizer
        $user_organizer_id = get_user_meta(get_current_user_id(), 'organizer_id', true);
        if (!$user_organizer_id) {
            update_user_meta(get_current_user_id(), 'organizer_id', $organizer_id);
        }
        
        wp_send_json_success(array(
            'message' => $organizer_id ? 'Organizer updated successfully.' : 'Organizer created successfully.',
            'organizer_id' => $organizer_id
        ));
    }
    
    /**
     * AJAX handler for deleting organizer
     */
    public function ajax_delete_organizer() {
        check_ajax_referer('hvac_organizers_nonce', 'nonce');
        
        if (!HVAC_Security_Helpers::is_hvac_trainer() && !current_user_can('manage_options')) {
            wp_send_json_error('Unauthorized');
        }
        
        $organizer_id = HVAC_Security_Helpers::get_input('POST', 'organizer_id', 'absint', 0);
        
        if (!$organizer_id) {
            wp_send_json_error('Invalid organizer ID');
        }
        
        $organizer = get_post($organizer_id);
        if (!$organizer || $organizer->post_author != get_current_user_id()) {
            wp_send_json_error('You do not have permission to delete this organizer.');
        }
        
        // Check if organizer is being used by any events
        $events_using_organizer = get_posts(array(
            'post_type' => class_exists('Tribe__Events__Main') ? Tribe__Events__Main::POSTTYPE : 'tribe_events',
            'meta_query' => array(
                array(
                    'key' => '_EventOrganizerID',
                    'value' => $organizer_id,
                    'compare' => '='
                )
            ),
            'posts_per_page' => 1
        ));
        
        if (!empty($events_using_organizer)) {
            wp_send_json_error('Cannot delete organizer. It is being used by one or more events.');
        }
        
        $result = wp_trash_post($organizer_id);
        
        if ($result) {
            // If this was the user's primary organizer, clear it
            $user_organizer_id = get_user_meta(get_current_user_id(), 'organizer_id', true);
            if ($user_organizer_id == $organizer_id) {
                delete_user_meta(get_current_user_id(), 'organizer_id');
            }
            
            wp_send_json_success('Organizer deleted successfully.');
        } else {
            wp_send_json_error('Failed to delete organizer.');
        }
    }
    
    /**
     * AJAX handler for uploading organization logo
     */
    public function ajax_upload_org_logo() {
        check_ajax_referer('hvac_organizers_nonce', 'nonce');
        
        $user = wp_get_current_user();
        if (!in_array('hvac_trainer', $user->roles) && !in_array('hvac_master_trainer', $user->roles) && !current_user_can('manage_options')) {
            wp_send_json_error('Unauthorized');
        }
        
        if (!isset($_FILES['org_logo']) || $_FILES['org_logo']['error'] !== UPLOAD_ERR_OK) {
            wp_send_json_error('No file uploaded or upload error occurred');
        }
        
        // Validate file type
        $allowed_types = array('image/jpeg', 'image/jpg', 'image/png', 'image/gif', 'image/webp');
        $file_type = wp_check_filetype($_FILES['org_logo']['name']);
        
        if (!in_array($file_type['type'], $allowed_types)) {
            wp_send_json_error('Invalid file type. Only JPG, PNG, GIF, and WebP images are allowed.');
        }
        
        // Validate file size (5MB max)
        $max_size = 5 * 1024 * 1024; // 5MB in bytes
        if ($_FILES['org_logo']['size'] > $max_size) {
            wp_send_json_error('File too large. Maximum size is 5MB.');
        }
        
        // Additional security check
        if (!is_uploaded_file($_FILES['org_logo']['tmp_name'])) {
            wp_send_json_error('Security error: Invalid file upload.');
        }
        
        require_once(ABSPATH . 'wp-admin/includes/image.php');
        require_once(ABSPATH . 'wp-admin/includes/file.php');
        require_once(ABSPATH . 'wp-admin/includes/media.php');
        
        $attachment_id = media_handle_upload('org_logo', 0);
        
        if (is_wp_error($attachment_id)) {
            wp_send_json_error($attachment_id->get_error_message());
        }
        
        wp_send_json_success(array(
            'attachment_id' => $attachment_id,
            'url' => wp_get_attachment_image_url($attachment_id, 'medium')
        ));
    }
}