ben/upskill-event-manager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
upskill-event-manager/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/includes/class-hvac-registration.php
bengizmo 20a5be3e65 feat: Add trainer profile editing functionality 
- Add profile edit form template
- Implement profile update handler with validation
- Add profile update shortcode registration
- Create E2E test for profile editing
- Support updating personal & business info, location info and training preferences
- Add password change functionality with validation

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-05-20 09:47:22 -03:00

1407 lines
No EOL
81 KiB
PHP
Raw Blame History

<?php
/**
* Handles the HVAC trainer registration functionality using admin-post for processing.
*/
if (!defined('ABSPATH')) {
exit;
}
class HVAC_Registration {
const TRANSIENT_PREFIX = 'hvac_reg_'; // Prefix for transients
const PROFILE_TRANSIENT_PREFIX = 'hvac_prof_'; // Prefix for profile transients
const REGISTRATION_ACTION = 'hvac_register'; // Action name for admin-post
const PROFILE_UPDATE_ACTION = 'hvac_update_profile'; // Action name for profile update
/**
* Constructor
*/
public function __construct() {
// Register shortcode for registration form
add_shortcode('hvac_trainer_registration', array($this, 'render_registration_form'));
// Register shortcode for edit profile form
add_shortcode('hvac_edit_profile', array($this, 'render_edit_profile_form'));
// Enqueue styles and scripts
add_action('wp_enqueue_scripts', array($this, 'enqueue_scripts'));
// Hook the processing function to admin-post actions
add_action('admin_post_nopriv_' . self::REGISTRATION_ACTION, array($this, 'process_registration_submission'));
add_action('admin_post_' . self::REGISTRATION_ACTION, array($this, 'process_registration_submission')); // Allow logged-in users? Maybe not needed but harmless.
// Hook the profile update function to admin-post actions (only for logged in users)
add_action('admin_post_' . self::PROFILE_UPDATE_ACTION, array($this, 'process_profile_update'));
}
/**
* Renders the registration form. Retrieves errors/data from transient if redirected back.
*/
public function render_registration_form() {
$errors = [];
$submitted_data = [];
$transient_key = null;
// Check if redirected back with errors
if (isset($_GET['reg_error']) && $_GET['reg_error'] === '1' && isset($_GET['tid'])) {
error_log('[HVAC REG DEBUG] render_registration_form: Received GET params: ' . print_r($_GET, true));
$transient_key = self::TRANSIENT_PREFIX . sanitize_key($_GET['tid']);
$transient_data = get_transient($transient_key);
if ($transient_data && is_array($transient_data)) {
$errors = $transient_data['errors'] ?? [];
error_log('[HVAC REG DEBUG] render_registration_form: Attempting to get transient with key: ' . $transient_key);
$submitted_data = $transient_data['data'] ?? [];
// Delete the transient immediately after retrieving
delete_transient($transient_key);
error_log('[HVAC REG DEBUG] render_registration_form: get_transient result: ' . print_r($transient_data, true));
error_log('[HVAC REG DEBUG] Retrieved errors/data from transient: ' . $transient_key);
} else {
// Transient expired or invalid, show a generic error
$errors['transient'] = 'There was a problem retrieving your submission details. Please try again.';
error_log('[HVAC REG DEBUG] Failed to retrieve or invalid data in transient: ' . $transient_key);
}
}
// --- Render Form ---
ob_start();
// Display general errors (transient, nonce, account creation)
// These errors are now set in the transient and retrieved above
if (!empty($errors['transient']) || !empty($errors['nonce']) || !empty($errors['account'])) {
echo '<div class="hvac-errors">';
if (!empty($errors['transient'])) echo '<p class="error">' . esc_html($errors['transient']) . '</p>';
// Nonce errors should ideally be caught in admin-post, but display if somehow set
if (!empty($errors['nonce'])) echo '<p class="error">' . esc_html($errors['nonce']) . '</p>';
error_log('[HVAC REG DEBUG] render_registration_form: Errors before display_form_html: ' . print_r($errors, true));
if (!empty($errors['account'])) echo '<p class="error">' . esc_html($errors['account']) . '</p>';
echo '</div>';
}
// Display the form HTML, passing retrieved errors and submitted data
// No success message here anymore, success leads to redirect
$this->display_form_html($submitted_data, $errors);
return ob_get_clean();
// --- End Render Form ---
}
/**
* Processes the registration form submission via admin-post.
* Handles validation, user creation, notifications, and redirects.
*/
public function process_registration_submission() {
error_log('[HVAC REG DEBUG] process_registration_submission fired.');
$errors = [];
$submitted_data = $_POST; // Capture submitted data early for potential repopulation
$registration_page_url = home_url('/trainer-registration/'); // Adjust if slug changes
// --- Verify Nonce ---
if (!isset($_POST['hvac_registration_nonce']) || !wp_verify_nonce($_POST['hvac_registration_nonce'], 'hvac_trainer_registration')) {
$errors['nonce'] = 'Security check failed. Please try submitting the form again.';
error_log('[HVAC REG DEBUG] Nonce check failed in admin-post.');
$this->redirect_with_errors($errors, $submitted_data, $registration_page_url);
// No need for return/exit here, redirect_with_errors exits.
}
error_log('[HVAC REG DEBUG] Nonce check passed in admin-post.');
// --- File Upload Handling ---
$profile_image_data = null;
if (isset($_FILES['profile_image']) && $_FILES['profile_image']['error'] !== UPLOAD_ERR_NO_FILE) {
if ($_FILES['profile_image']['error'] === UPLOAD_ERR_OK) {
// Check if it's actually an uploaded file
if (!is_uploaded_file($_FILES['profile_image']['tmp_name'])) {
$errors['profile_image'] = 'File upload error (invalid temp file).';
error_log('[HVAC REG DEBUG] Profile image upload error: Not an uploaded file.');
} else {
$allowed_types = ['image/jpeg', 'image/png', 'image/gif'];
// Use wp_check_filetype on the actual file name for extension check
// Use finfo_file or getimagesize on tmp_name for actual MIME type check for better security
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime_type = finfo_file($finfo, $_FILES['profile_image']['tmp_name']);
finfo_close($finfo);
if (!in_array($mime_type, $allowed_types)) {
$errors['profile_image'] = 'Invalid file type detected (' . esc_html($mime_type) . '). Please upload a JPG, PNG, or GIF.';
error_log('[HVAC REG DEBUG] Profile image upload error: Invalid MIME type - ' . $mime_type);
} else {
$profile_image_data = $_FILES['profile_image']; // Store the whole $_FILES entry
error_log('[HVAC REG DEBUG] Profile image seems valid.');
}
}
error_log('[HVAC REG DEBUG] process_registration_submission: Errors after validation merge: ' . print_r($errors, true));
} else {
$errors['profile_image'] = 'There was an error uploading the profile image. Code: ' . $_FILES['profile_image']['error'];
error_log('[HVAC REG DEBUG] Profile image upload error code: ' . $_FILES['profile_image']['error']);
error_log('[HVAC REG DEBUG] process_registration_submission: Checking if errors is empty. Result: ' . (empty($errors) ? 'Yes' : 'No'));
}
}
// --- End File Upload Handling ---
// Validate the rest of the form data
$validation_errors = $this->validate_registration($submitted_data);
$errors = array_merge($errors, $validation_errors); // Combine file errors and validation errors
// --- Process if No Errors ---
if (empty($errors)) {
error_log('[HVAC REG DEBUG] Validation passed in admin-post. Attempting account creation...');
$user_id = $this->create_trainer_account($submitted_data, $profile_image_data);
if (is_wp_error($user_id)) {
$errors['account'] = $user_id->get_error_message();
error_log('[HVAC REG DEBUG] Account creation WP_Error in admin-post: ' . $user_id->get_error_message());
$this->redirect_with_errors($errors, $submitted_data, $registration_page_url);
// No need for return/exit here
} elseif ($user_id) {
error_log('[HVAC REG DEBUG] Account creation SUCCESS in admin-post. User ID: ' . $user_id);
error_log('[HVAC REG DEBUG] Sending admin notification...');
$this->send_admin_notification($user_id, $submitted_data);
// $this->send_user_pending_notification($user_id); // TODO
// --- Success Redirect ---
$success_redirect_url = home_url('/registration-pending/'); // URL from E2E test
error_log('[HVAC REG DEBUG] Redirecting to success page: ' . $success_redirect_url);
wp_safe_redirect($success_redirect_url);
exit; // Important after redirect
} else {
// This case should ideally not happen if wp_insert_user works correctly
$errors['account'] = 'An unknown error occurred during registration. Please contact support.';
error_log('[HVAC REG DEBUG] Account creation failed silently in admin-post (returned false/0).');
$this->redirect_with_errors($errors, $submitted_data, $registration_page_url);
// No need for return/exit here
}
} else {
error_log('[HVAC REG DEBUG] Validation errors found in admin-post: ' . print_r($errors, true));
$this->redirect_with_errors($errors, $submitted_data, $registration_page_url);
// No need for return/exit here
}
}
/**
* Helper function to store errors/data in transient and redirect back to the form page.
error_log('[HVAC REG DEBUG] redirect_with_errors: Preparing transient. Key: ' . $transient_key . ' Data: ' . print_r($transient_data, true));
*
* @param array $errors Array of error messages.
* @param array $data Submitted form data.
* @param string $redirect_url The URL to redirect back to.
*/
private function redirect_with_errors($errors, $data, $redirect_url) {
$transient_id = uniqid(); // Generate unique ID for transient key
$transient_key = self::TRANSIENT_PREFIX . $transient_id;
$transient_data = [
'errors' => $errors,
'data' => $data, // Store submitted data to repopulate form
];
// Store for 5 minutes
set_transient($transient_key, $transient_data, MINUTE_IN_SECONDS * 5);
// Add query arguments to the redirect URL
$redirect_url = add_query_arg([
'reg_error' => '1',
'tid' => $transient_id,
], $redirect_url);
error_log('[HVAC REG DEBUG] Redirecting back with errors. URL: ' . $redirect_url . ' Transient Key: ' . $transient_key);
wp_safe_redirect($redirect_url);
exit; // Stop execution after redirect
}
/**
* Displays the actual form HTML.
* Receives submitted data and errors as arguments (potentially retrieved from transient).
*/
private function display_form_html($data = [], $errors = []) {
// Ensure $data and $errors are arrays, even if transient failed
$data = is_array($data) ? $data : [];
$errors = is_array($errors) ? $errors : [];
?>
<div class="hvac-registration-form">
<h2>HVAC Trainer Registration</h2>
<p>By submitting this form, you will be creating an account in the Upskill HVAC online event system. Once approved, you will be able to login to the trainer portal to manage your profile and event listings.</p>
<?php /* Point form action to admin-post.php */ ?>
<form method="post" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" id="hvac-trainer-registration-form" enctype="multipart/form-data" novalidate> <?php // Added novalidate ?>
<?php /* Add hidden action field for admin-post hook */ ?>
<input type="hidden" name="action" value="<?php echo esc_attr(self::REGISTRATION_ACTION); ?>">
<?php wp_nonce_field('hvac_trainer_registration', 'hvac_registration_nonce'); ?>
<!-- Account Information -->
<div class="form-section">
<h3>Account Information</h3>
<div class="form-row">
<label for="user_email"><strong>Email *</strong></label>
<input type="email" name="user_email" id="user_email" value="<?php echo esc_attr($data['user_email'] ?? ''); ?>" required aria-describedby="user_email_error">
<?php if (isset($errors['user_email'])) echo '<p class="error-message" id="user_email_error">' . esc_html($errors['user_email']) . '</p>'; ?>
</div>
<div class="form-row form-row-half">
<div>
<label for="user_pass"><strong>Password *</strong></label>
<input type="password" name="user_pass" id="user_pass" required pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" title="Password must be at least 8 characters long, and include at least one uppercase letter, one lowercase letter, and one number." aria-describedby="user_pass_hint user_pass_error">
<small id="user_pass_hint">Password must be at least 8 characters long, and include at least one uppercase letter, one lowercase letter, and one number.</small>
<?php if (isset($errors['user_pass'])) echo '<p class="error-message" id="user_pass_error">' . esc_html($errors['user_pass']) . '</p>'; ?>
</div>
<div>
<label for="confirm_password"><strong>Confirm Password *</strong></label>
<input type="password" name="confirm_password" id="confirm_password" required aria-describedby="confirm_password_error">
<?php if (isset($errors['confirm_password'])) echo '<p class="error-message" id="confirm_password_error">' . esc_html($errors['confirm_password']) . '</p>'; ?>
</div>
</div>
<!-- Username is hidden and derived from email server-side -->
<input type="hidden" name="user_login" value="">
</div>
<!-- Personal Information Section -->
<div class="form-section">
<h3>Personal Information</h3>
<div class="form-row form-row-half">
<div>
<label for="first_name"><strong>First Name *</strong></label>
<input type="text" name="first_name" id="first_name" value="<?php echo esc_attr($data['first_name'] ?? ''); ?>" required aria-describedby="first_name_error">
<?php if (isset($errors['first_name'])) echo '<p class="error-message" id="first_name_error">' . esc_html($errors['first_name']) . '</p>'; ?>
</div>
<div>
<label for="last_name"><strong>Last Name *</strong></label>
<input type="text" name="last_name" id="last_name" value="<?php echo esc_attr($data['last_name'] ?? ''); ?>" required aria-describedby="last_name_error">
<?php if (isset($errors['last_name'])) echo '<p class="error-message" id="last_name_error">' . esc_html($errors['last_name']) . '</p>'; ?>
</div>
</div>
<div class="form-row">
<label for="display_name"><strong>Display Name *</strong></label>
<input type="text" name="display_name" id="display_name" value="<?php echo esc_attr($data['display_name'] ?? ''); ?>" required aria-describedby="display_name_hint display_name_error">
<small id="display_name_hint">This will be the name displayed to other users on the site.</small>
<?php if (isset($errors['display_name'])) echo '<p class="error-message" id="display_name_error">' . esc_html($errors['display_name']) . '</p>'; ?>
</div>
<div class="form-row form-row-half">
<div>
<label for="user_url">Personal Website (optional)</label>
<input type="url" name="user_url" id="user_url" value="<?php echo esc_attr($data['user_url'] ?? ''); ?>" aria-describedby="user_url_error">
<?php if (isset($errors['user_url'])) echo '<p class="error-message" id="user_url_error">' . esc_html($errors['user_url']) . '</p>'; ?>
</div>
<div>
<label for="user_linkedin">LinkedIn Profile URL (optional)</label>
<input type="url" name="user_linkedin" id="user_linkedin" value="<?php echo esc_attr($data['user_linkedin'] ?? ''); ?>" aria-describedby="user_linkedin_error">
<?php if (isset($errors['user_linkedin'])) echo '<p class="error-message" id="user_linkedin_error">' . esc_html($errors['user_linkedin']) . '</p>'; ?>
</div>
</div>
<div class="form-row">
<label for="personal_accreditation">Personal Accreditation (optional)</label>
<input type="text" name="personal_accreditation" id="personal_accreditation" value="<?php echo esc_attr($data['personal_accreditation'] ?? ''); ?>" aria-describedby="personal_accreditation_hint">
<small id="personal_accreditation_hint">Enter your abbreviated accreditations separated by commas.</small>
</div>
<div class="form-row">
<label for="description"><strong>Biographical Info *</strong></label>
<textarea name="description" id="description" rows="4" required aria-describedby="description_hint description_error"><?php echo esc_textarea($data['description'] ?? ''); ?></textarea>
<small id="description_hint">A short bio about yourself. This will be displayed on your profile page.</small>
<?php if (isset($errors['description'])) echo '<p class="error-message" id="description_error">' . esc_html($errors['description']) . '</p>'; ?>
</div>
<div class="form-row">
<label for="profile_image">Profile Image (optional)</label>
<input type="file" name="profile_image" id="profile_image" accept="image/jpeg,image/png,image/gif" aria-describedby="profile_image_hint profile_image_error">
<small id="profile_image_hint">Please attach a .jpg, .png, or .gif image. By attaching an image to use as your profile picture you assert that you have rights to use the image and it is not illegal, pornographic or violent in any way. This will be displayed on your profile page.</small>
<?php if (isset($errors['profile_image'])) echo '<p class="error-message" id="profile_image_error">' . esc_html($errors['profile_image']) . '</p>'; ?>
</div>
</div>
<!-- Business Information Section -->
<div class="form-section">
<h3>Business Information</h3>
<div class="form-row">
<label for="business_name"><strong>Business Name *</strong></label>
<input type="text" name="business_name" id="business_name" value="<?php echo esc_attr($data['business_name'] ?? ''); ?>" required aria-describedby="business_name_error">
<?php if (isset($errors['business_name'])) echo '<p class="error-message" id="business_name_error">' . esc_html($errors['business_name']) . '</p>'; ?>
</div>
<div class="form-row form-row-half">
<div>
<label for="business_phone"><strong>Business Phone *</strong></label>
<input type="tel" name="business_phone" id="business_phone" value="<?php echo esc_attr($data['business_phone'] ?? ''); ?>" required aria-describedby="business_phone_error">
<?php if (isset($errors['business_phone'])) echo '<p class="error-message" id="business_phone_error">' . esc_html($errors['business_phone']) . '</p>'; ?>
</div>
<div>
<label for="business_email"><strong>Business Email *</strong></label>
<input type="email" name="business_email" id="business_email" value="<?php echo esc_attr($data['business_email'] ?? ''); ?>" required aria-describedby="business_email_error">
<?php if (isset($errors['business_email'])) echo '<p class="error-message" id="business_email_error">' . esc_html($errors['business_email']) . '</p>'; ?>
</div>
</div>
<div class="form-row">
<label for="business_website">Business Website (optional)</label>
<input type="url" name="business_website" id="business_website" value="<?php echo esc_attr($data['business_website'] ?? ''); ?>" aria-describedby="business_website_error">
<?php if (isset($errors['business_website'])) echo '<p class="error-message" id="business_website_error">' . esc_html($errors['business_website']) . '</p>'; ?>
</div>
<div class="form-row">
<label for="business_description"><strong>Business Description *</strong></label>
<textarea name="business_description" id="business_description" rows="4" required aria-describedby="business_description_error"><?php echo esc_textarea($data['business_description'] ?? ''); ?></textarea>
<?php if (isset($errors['business_description'])) echo '<p class="error-message" id="business_description_error">' . esc_html($errors['business_description']) . '</p>'; ?>
</div>
</div>
<!-- Address Information Section -->
<div class="form-section">
<h3>Address Information</h3>
<div class="form-row">
<label for="user_country"><strong>Country *</strong></label>
<select name="user_country" id="user_country" required aria-describedby="user_country_error">
<option value="">Select Country</option>
<option value="United States" <?php selected($data['user_country'] ?? '', 'United States'); ?>>United States</option>
<option value="Canada" <?php selected($data['user_country'] ?? '', 'Canada'); ?>>Canada</option>
<option value="" disabled>---</option>
<?php
$countries = $this->get_country_list();
foreach ($countries as $code => $name) {
if ($code !== 'US' && $code !== 'CA') {
echo '<option value="' . esc_attr($name) . '" ' . selected($data['user_country'] ?? '', $name, false) . '>' . esc_html($name) . '</option>';
}
}
?>
</select>
<?php if (isset($errors['user_country'])) echo '<p class="error-message" id="user_country_error">' . esc_html($errors['user_country']) . '</p>'; ?>
</div>
<div class="form-row form-row-half">
<div>
<label for="user_state"><strong>State/Province *</strong></label>
<select name="user_state" id="user_state" required aria-describedby="user_state_error">
<!-- Options loaded by JS -->
<option value="">Select State/Province</option>
<option value="Other" <?php selected($data['user_state'] ?? '', 'Other'); ?>>Other</option>
<?php
// Pre-populate selected state if available from transient
$selected_state = $data['user_state'] ?? '';
if (!empty($selected_state) && $selected_state !== 'Other') {
// Determine if it's a US state or CA province based on country or value itself
$is_us_state = array_key_exists($selected_state, $this->get_us_states());
$is_ca_province = array_key_exists($selected_state, $this->get_canadian_provinces());
if ($is_us_state || $is_ca_province) {
echo '<option value="' . esc_attr($selected_state) . '" selected>' . esc_html($selected_state) . '</option>';
}
}
?>
</select>
<input type="text" name="user_state_other" id="user_state_other"
value="<?php echo esc_attr($data['user_state_other'] ?? ''); ?>"
style="<?php echo (($data['user_state'] ?? '') === 'Other' && ($data['user_country'] ?? '') !== 'United States' && ($data['user_country'] ?? '') !== 'Canada') ? '' : 'display:none;'; ?> margin-top: 0.5rem;"
placeholder="Enter your state/province"
aria-describedby="user_state_other_error">
<?php if (isset($errors['user_state'])) echo '<p class="error-message" id="user_state_error">' . esc_html($errors['user_state']) . '</p>'; ?>
<?php if (isset($errors['user_state_other'])) echo '<p class="error-message" id="user_state_other_error">' . esc_html($errors['user_state_other']) . '</p>'; ?>
</div>
<div>
<label for="user_city"><strong>City *</strong></label>
<input type="text" name="user_city" id="user_city" value="<?php echo esc_attr($data['user_city'] ?? ''); ?>" required aria-describedby="user_city_error">
<?php if (isset($errors['user_city'])) echo '<p class="error-message" id="user_city_error">' . esc_html($errors['user_city']) . '</p>'; ?>
</div>
</div>
<div class="form-row">
<label for="user_zip"><strong>Zip/Postal Code *</strong></label>
<input type="text" name="user_zip" id="user_zip" value="<?php echo esc_attr($data['user_zip'] ?? ''); ?>" required aria-describedby="user_zip_error">
<?php if (isset($errors['user_zip'])) echo '<p class="error-message" id="user_zip_error">' . esc_html($errors['user_zip']) . '</p>'; ?>
</div>
</div>
<!-- Training Venue Section -->
<div class="form-section">
<h3>Training Venue</h3>
<div class="form-row">
<label id="create_venue_label"><strong>Create Training Venue Profile? *</strong></label>
<small>Do you want to create a Training Venue Profile for your business to use when listing your training events? If yes, we will use the address provided above.</small>
<div class="radio-group" role="radiogroup" aria-labelledby="create_venue_label">
<label><input type="radio" name="create_venue" value="Yes" <?php checked($data['create_venue'] ?? 'No', 'Yes'); ?> required> Yes</label>
<label><input type="radio" name="create_venue" value="No" <?php checked($data['create_venue'] ?? 'No', 'No'); ?>> No</label>
</div>
<?php if (isset($errors['create_venue'])) echo '<p class="error-message">' . esc_html($errors['create_venue']) . '</p>'; ?>
</div>
</div>
<!-- Training Information Section -->
<div class="form-section">
<h3>Training Information</h3>
<div class="form-row">
<label id="business_type_label"><strong>Business Type *</strong></label>
<small>What type of business are you?</small>
<div class="radio-group" role="radiogroup" aria-labelledby="business_type_label">
<?php
$business_types = ["Manufacturer", "Distributor", "Contractor", "Consultant", "Educator", "Government", "Other"];
foreach ($business_types as $type) {
echo '<label><input type="radio" name="business_type" value="' . esc_attr($type) . '" ' . checked($data['business_type'] ?? '', $type, false) . ' required> ' . esc_html($type) . '</label>';
}
?>
</div>
<?php if (isset($errors['business_type'])) echo '<p class="error-message">' . esc_html($errors['business_type']) . '</p>'; ?>
</div>
<div class="form-row">
<label id="training_audience_label"><strong>Training Audience *</strong></label>
<small>Who do you offer training to? (Select all that apply)</small>
<div class="checkbox-group" role="group" aria-labelledby="training_audience_label">
<?php
$audience_options = [
"Anyone" => "Anyone (open to the public)",
"Industry professionals" => "Industry professionals",
"Internal staff" => "Internal staff in my company",
"Registered students" => "Registered students/members of my org/institution"
];
$selected_audience = $data['training_audience'] ?? [];
if (!is_array($selected_audience)) $selected_audience = []; // Ensure it's an array
foreach ($audience_options as $value => $label) {
echo '<label><input type="checkbox" name="training_audience[]" value="' . esc_attr($value) . '" ' . checked(in_array($value, $selected_audience), true, false) . '> ' . esc_html($label) . '</label>';
}
?>
</div>
<?php if (isset($errors['training_audience'])) echo '<p class="error-message">' . esc_html($errors['training_audience']) . '</p>'; ?>
</div>
<div class="form-row">
<label id="training_formats_label"><strong>Training Formats *</strong></label>
<small>What formats of training do you offer?</small>
<div class="checkbox-group" role="group" aria-labelledby="training_formats_label">
<?php
$format_options = ["In-person", "Virtual", "Hybrid", "On-demand"];
$selected_formats = $data['training_formats'] ?? [];
if (!is_array($selected_formats)) $selected_formats = []; // Ensure it's an array
foreach ($format_options as $format) {
echo '<label><input type="checkbox" name="training_formats[]" value="' . esc_attr($format) . '" ' . checked(in_array($format, $selected_formats), true, false) . '> ' . esc_html($format) . '</label>';
}
?>
</div>
<?php if (isset($errors['training_formats'])) echo '<p class="error-message">' . esc_html($errors['training_formats']) . '</p>'; ?>
</div>
<div class="form-row">
<label id="training_locations_label"><strong>Training Locations *</strong></label>
<small>Where are you willing to provide training? (Select all that apply)</small>
<div class="checkbox-group" role="group" aria-labelledby="training_locations_label">
<?php
$location_options = ["Online", "Local", "Regional Travel", "National Travel", "International Travel"];
$selected_locations = $data['training_locations'] ?? [];
if (!is_array($selected_locations)) $selected_locations = []; // Ensure it's an array
foreach ($location_options as $location) {
echo '<label><input type="checkbox" name="training_locations[]" value="' . esc_attr($location) . '" ' . checked(in_array($location, $selected_locations), true, false) . '> ' . esc_html($location) . '</label>';
}
?>
</div>
<?php if (isset($errors['training_locations'])) echo '<p class="error-message">' . esc_html($errors['training_locations']) . '</p>'; ?>
</div>
<div class="form-row">
<label id="training_resources_label"><strong>Training Resources *</strong></label>
<small>What training resources do you have access to? (Select all that apply)</small>
<div class="checkbox-group" role="group" aria-labelledby="training_resources_label">
<?php
$resource_options = ["Classroom", "Training Lab", "Ducted Furnace(s)", "Ducted Air Handler(s)", "Ducted Air Conditioner(s)", "Ducted Heat Pump(s)", "Ductless Heat Pump(s)", "Training Manuals", "Presentation Slides", "LMS Platform / SCORM Files", "Custom Curriculum", "Other"];
$selected_resources = $data['training_resources'] ?? [];
if (!is_array($selected_resources)) $selected_resources = []; // Ensure it's an array
foreach ($resource_options as $resource) {
echo '<label><input type="checkbox" name="training_resources[]" value="' . esc_attr($resource) . '" ' . checked(in_array($resource, $selected_resources), true, false) . '> ' . esc_html($resource) . '</label>';
}
?>
</div>
<?php if (isset($errors['training_resources'])) echo '<p class="error-message">' . esc_html($errors['training_resources']) . '</p>'; ?>
</div>
</div>
<!-- Application Details Section -->
<div class="form-section">
<h3>Application Details</h3>
<div class="form-row">
<label for="application_details"><strong>Application Details *</strong></label>
<small>Please explain why you want to create a training account on Upskill HVAC.</small>
<textarea name="application_details" id="application_details" rows="5" required aria-describedby="application_details_error"><?php echo esc_textarea($data['application_details'] ?? ''); ?></textarea>
<?php if (isset($errors['application_details'])) echo '<p class="error-message" id="application_details_error">' . esc_html($errors['application_details']) . '</p>'; ?>
</div>
<div class="form-row">
<label for="annual_revenue_target">Annual Revenue Target (optional)</label>
<small>It's our goal to help you generate revenue through your training. How much revenue are you looking to generate annually though your training on Upskill HVAC?</small>
<input type="number" name="annual_revenue_target" id="annual_revenue_target" min="0" step="1" value="<?php echo esc_attr($data['annual_revenue_target'] ?? ''); ?>">
</div>
</div>
<div class="form-submit">
<input type="submit" name="hvac_register" value="Register">
</div>
</form>
</div>
<?php
}
/**
* Enqueue styles and scripts for the registration form
*/
public function enqueue_scripts() {
// Only enqueue on the registration page (assuming it has the shortcode)
global $post;
if (is_a($post, 'WP_Post') && has_shortcode($post->post_content, 'hvac_trainer_registration')) {
wp_enqueue_style(
'hvac-registration-style',
HVAC_CE_PLUGIN_URL . 'assets/css/hvac-registration.css', // Ensure this CSS file exists and is styled
array(),
HVAC_CE_VERSION
);
wp_enqueue_script(
'hvac-registration-js',
HVAC_CE_PLUGIN_URL . 'assets/js/hvac-registration.js', // Ensure this JS file exists
array('jquery'),
HVAC_CE_VERSION,
true
);
// Localize script to pass states/provinces data and AJAX URL
wp_localize_script('hvac-registration-js', 'hvacRegistrationData', array(
'ajax_url' => admin_url('admin-ajax.php'), // Needed if JS fetches states/provinces via AJAX
'states' => $this->get_us_states(), // Pass US states
'provinces' => $this->get_canadian_provinces(), // Pass CA provinces
// Pass other country data if needed, or handle via AJAX
));
}
}
/**
* Handle profile image upload after user is created.
* Should be called from within create_trainer_account or similar context.
*
* @param int $user_id The ID of the user to attach the image to.
* @param array $file_data The $_FILES array entry for the uploaded image.
* @return int|false Attachment ID on success, false on failure.
*/
private function handle_profile_image_upload($user_id, $file_data) {
// Basic validation already done in process_registration_submission
if (!$user_id || empty($file_data) || !isset($file_data['tmp_name']) || $file_data['error'] !== UPLOAD_ERR_OK) {
error_log('[HVAC REG DEBUG] handle_profile_image_upload called with invalid args or file error.');
return false;
}
// These files need to be included as dependencies when on the front-end.
require_once(ABSPATH . 'wp-admin/includes/image.php');
require_once(ABSPATH . 'wp-admin/includes/file.php');
require_once(ABSPATH . 'wp-admin/includes/media.php');
// Let WordPress handle the upload. It moves the file and creates attachment post.
// Pass the $_FILES array key ('profile_image' in this case)
$attachment_id = media_handle_upload('profile_image', 0); // 0 means don't attach to a post
if (is_wp_error($attachment_id)) {
// Handle upload error
error_log('[HVAC REG DEBUG] Profile image upload error for user ' . $user_id . ': ' . $attachment_id->get_error_message());
// Optionally add this error to be displayed to the user via transient?
// For now, just fail silently in terms of user feedback, but log it.
return false;
} else {
// Store the attachment ID as user meta
update_user_meta($user_id, 'profile_image_id', $attachment_id);
error_log('[HVAC REG DEBUG] Profile image uploaded successfully for user ' . $user_id . '. Attachment ID: ' . $attachment_id);
return $attachment_id;
}
}
/**
* Validate registration form data
*
* @param array $data Submitted form data ($_POST).
* @return array Array of errors, empty if valid.
*/
public function validate_registration($data) {
error_log('[HVAC REG DEBUG] validate_registration: Received data: ' . print_r($data, true));
$errors = array();
// Required field validation
$required_fields = [
'user_email' => 'Email',
'user_pass' => 'Password',
'confirm_password' => 'Confirm Password',
'first_name' => 'First Name',
'last_name' => 'Last Name',
'display_name' => 'Display Name',
'description' => 'Biographical Info',
'business_name' => 'Business Name',
'business_phone' => 'Business Phone',
'business_email' => 'Business Email',
'business_description' => 'Business Description',
'user_country' => 'Country',
'user_state' => 'State/Province',
'user_city' => 'City',
'user_zip' => 'Zip/Postal Code',
'create_venue' => 'Create Training Venue Profile selection',
'business_type' => 'Business Type',
'application_details' => 'Application Details',
];
foreach ($required_fields as $field => $label) {
// Use trim to catch spaces-only input
if (empty($data[$field]) || trim($data[$field]) === '') {
$errors[$field] = $label . ' is required.';
}
}
// Required checkbox groups
$required_checkboxes = [
'training_audience' => 'Training Audience',
'training_formats' => 'Training Formats',
'training_locations' => 'Training Locations',
'training_resources' => 'Training Resources',
];
foreach ($required_checkboxes as $field => $label) {
// Check if the key exists and is a non-empty array
if (empty($data[$field]) || !is_array($data[$field])) {
$errors[$field] = 'Please select at least one option for ' . $label . '.';
}
}
// Email validation
if (!empty($data['user_email']) && !is_email($data['user_email'])) {
$errors['user_email'] = 'Please enter a valid email address.';
}
if (!empty($data['business_email']) && !is_email($data['business_email'])) {
$errors['business_email'] = 'Please enter a valid business email address.';
}
// Email exists validation (only if email is valid)
if (empty($errors['user_email']) && !empty($data['user_email']) && email_exists($data['user_email'])) {
$errors['user_email'] = 'This email address is already registered.';
}
// Password validation
if (!empty($data['user_pass'])) {
if (strlen($data['user_pass']) < 8) {
$errors['user_pass'] = 'Password must be at least 8 characters long.';
} elseif (!preg_match('/[A-Z]/', $data['user_pass'])) {
$errors['user_pass'] = 'Password must contain at least one uppercase letter.';
} elseif (!preg_match('/[a-z]/', $data['user_pass'])) {
$errors['user_pass'] = 'Password must contain at least one lowercase letter.';
} elseif (!preg_match('/[0-9]/', $data['user_pass'])) {
$errors['user_pass'] = 'Password must contain at least one number.';
}
// Consider adding special character requirement if needed: !preg_match('/[\W_]/', $data['user_pass'])
}
// Confirm password validation (only if password itself is not empty)
if (!empty($data['user_pass']) && empty($errors['user_pass'])) {
if (empty($data['confirm_password'])) {
$errors['confirm_password'] = 'Please confirm your password.';
} elseif ($data['user_pass'] !== $data['confirm_password']) {
$errors['confirm_password'] = 'Passwords do not match.';
}
}
// URL validation (optional fields)
if (!empty($data['user_url']) && !filter_var($data['user_url'], FILTER_VALIDATE_URL)) {
$errors['user_url'] = 'Please enter a valid URL for your personal website.';
}
if (!empty($data['user_linkedin']) && !filter_var($data['user_linkedin'], FILTER_VALIDATE_URL)) {
$errors['user_linkedin'] = 'Please enter a valid URL for your LinkedIn profile.';
}
if (!empty($data['business_website']) && !filter_var($data['business_website'], FILTER_VALIDATE_URL)) {
$errors['business_website'] = 'Please enter a valid URL for your business website.';
}
// State/Province 'Other' validation
if (!empty($data['user_country'])) {
if ($data['user_country'] !== 'United States' && $data['user_country'] !== 'Canada') {
// If country is not US/CA, state *must* be 'Other'
if (empty($data['user_state']) || $data['user_state'] !== 'Other') {
$errors['user_state'] = 'Please select "Other" for State/Province if your country is not US or Canada.';
} elseif (empty($data['user_state_other']) || trim($data['user_state_other']) === '') {
// If state is 'Other', the text input must not be empty
$errors['user_state_other'] = 'Please enter your state/province.';
}
} elseif (!empty($data['user_state'])) {
// If country is US/CA
if ($data['user_state'] === 'Other') {
// State cannot be 'Other' if country is US/CA
$errors['user_state'] = 'Please select your state/province from the list.';
} elseif (empty($errors['user_state'])) { // Only check 'Other' field if state itself is valid
// Ensure 'Other' text input is cleared if a valid state is selected
// This might be better handled by JS, but add server-side check just in case
if (!empty($data['user_state_other'])) {
// Maybe log a warning? Or just ignore it. Let's ignore for now.
// error_log("[HVAC REG DEBUG] 'Other State' field had data but a valid US/CA state was selected.");
}
}
}
}
error_log('[HVAC REG DEBUG] validate_registration: FINAL errors before return: ' . print_r($errors, true));
return $errors;
}
/**
* Create trainer account and associated data
*
* @param array $data Sanitized form data.
* @param array|null $profile_image_data The $_FILES entry for the profile image, if provided.
* @return int|WP_Error User ID on success, WP_Error on failure.
*/
private function create_trainer_account($data, $profile_image_data = null) {
// Assume data is already somewhat validated by validate_registration
// Perform final sanitization here before insertion
$user_email = sanitize_email($data['user_email']);
$user_pass = $data['user_pass']; // wp_insert_user handles hashing
$first_name = sanitize_text_field($data['first_name']);
$last_name = sanitize_text_field($data['last_name']);
$display_name = sanitize_text_field($data['display_name']);
$user_url = !empty($data['user_url']) ? esc_url_raw($data['user_url']) : '';
$description = wp_kses_post($data['description']); // Allow some HTML
// Generate username from email (ensure uniqueness)
$username_base = sanitize_user(substr($user_email, 0, strpos($user_email, '@')), true);
if (empty($username_base)) { // Handle cases where email might be weird
$username_base = 'trainer';
}
$username = $username_base;
$counter = 1;
while (username_exists($username)) {
$username = $username_base . $counter;
$counter++;
if ($counter > 100) { // Safety break
return new WP_Error('username_generation', 'Could not generate a unique username.');
}
}
// User data array
$user_data = array(
'user_login' => $username,
'user_email' => $user_email,
'user_pass' => $user_pass,
'first_name' => $first_name,
'last_name' => $last_name,
'display_name' => $display_name,
'user_url' => $user_url,
'description' => $description,
'role' => 'hvac_trainer' // Assign custom role
);
// Insert the user
$user_id = wp_insert_user($user_data);
// Check for errors
if (is_wp_error($user_id)) {
error_log('[HVAC REG DEBUG] wp_insert_user failed: ' . $user_id->get_error_message());
return $user_id; // Return the WP_Error object
}
error_log('[HVAC REG DEBUG] wp_insert_user success. User ID: ' . $user_id);
// --- Update User Meta ---
// Sanitize all meta values before updating
$meta_fields = [
'user_linkedin' => !empty($data['user_linkedin']) ? esc_url_raw($data['user_linkedin']) : '',
'personal_accreditation' => !empty($data['personal_accreditation']) ? sanitize_text_field($data['personal_accreditation']) : '',
'business_name' => sanitize_text_field($data['business_name']),
'business_phone' => sanitize_text_field($data['business_phone']),
'business_email' => sanitize_email($data['business_email']),
'business_website' => !empty($data['business_website']) ? esc_url_raw($data['business_website']) : '',
'business_description' => wp_kses_post($data['business_description']),
'user_country' => sanitize_text_field($data['user_country']),
// Use the 'Other' field value if state was 'Other', otherwise use the selected state
'user_state' => ($data['user_state'] === 'Other' && isset($data['user_state_other'])) ? sanitize_text_field($data['user_state_other']) : sanitize_text_field($data['user_state']),
'user_city' => sanitize_text_field($data['user_city']),
'user_zip' => sanitize_text_field($data['user_zip']),
'create_venue' => sanitize_text_field($data['create_venue']), // Should be 'Yes' or 'No'
'business_type' => sanitize_text_field($data['business_type']),
'training_audience' => (!empty($data['training_audience']) && is_array($data['training_audience'])) ? array_map('sanitize_text_field', $data['training_audience']) : [],
'training_formats' => (!empty($data['training_formats']) && is_array($data['training_formats'])) ? array_map('sanitize_text_field', $data['training_formats']) : [],
'training_locations' => (!empty($data['training_locations']) && is_array($data['training_locations'])) ? array_map('sanitize_text_field', $data['training_locations']) : [],
'training_resources' => (!empty($data['training_resources']) && is_array($data['training_resources'])) ? array_map('sanitize_text_field', $data['training_resources']) : [],
'application_details' => wp_kses_post($data['application_details']),
'annual_revenue_target' => !empty($data['annual_revenue_target']) ? intval($data['annual_revenue_target']) : '',
'account_status' => 'pending' // Set initial status
];
foreach ($meta_fields as $key => $value) {
update_user_meta($user_id, $key, $value);
}
error_log('[HVAC REG DEBUG] User meta updated for user ID: ' . $user_id);
// --- Handle Profile Image Upload ---
// Note: handle_profile_image_upload uses media_handle_upload which expects the key from $_FILES
if ($profile_image_data) {
error_log('[HVAC REG DEBUG] Attempting profile image upload for user ID: ' . $user_id);
// We don't need the return value here unless we want to report specific upload errors
$this->handle_profile_image_upload($user_id, $profile_image_data); // Pass the $_FILES entry
}
// --- Create Organizer Profile ---
error_log('[HVAC REG DEBUG] Attempting organizer profile creation for user ID: ' . $user_id);
$organizer_id = $this->create_organizer_profile($user_id, $meta_fields); // Pass sanitized meta fields
if ($organizer_id) {
error_log('[HVAC REG DEBUG] Organizer profile created/updated. ID: ' . $organizer_id);
update_user_meta($user_id, 'hvac_organizer_id', $organizer_id);
} else {
error_log('[HVAC REG DEBUG] Organizer profile creation failed for user ID: ' . $user_id);
// Consider returning an error if this is critical
// return new WP_Error('organizer_creation', 'Failed to create the associated organizer profile.');
}
// --- Create Training Venue (if requested) ---
if (isset($meta_fields['create_venue']) && $meta_fields['create_venue'] === 'Yes') {
error_log('[HVAC REG DEBUG] Attempting venue creation for user ID: ' . $user_id);
$venue_id = $this->create_training_venue($user_id, $meta_fields); // Pass sanitized meta fields
if ($venue_id) {
error_log('[HVAC REG DEBUG] Venue created/updated. ID: ' . $venue_id);
update_user_meta($user_id, 'hvac_venue_id', $venue_id);
} else {
error_log('[HVAC REG DEBUG] Venue creation failed for user ID: ' . $user_id);
// Consider returning an error if this is critical
// return new WP_Error('venue_creation', 'Failed to create the associated training venue.');
}
}
// --- Set Account Status to Pending ---
// This is already done via user meta, but could also involve custom capabilities or flags
// update_user_meta($user_id, 'account_status', 'pending'); // Redundant if set above
return $user_id; // Return user ID on success
}
/**
* Create or update an Organizer profile linked to the user using sanitized data.
*
* @param int $user_id The user ID.
* @param array $meta_data Array of sanitized user meta data.
* @return int|false Organizer Post ID on success, false on failure.
*/
private function create_organizer_profile($user_id, $meta_data) {
if (!class_exists('Tribe__Events__Main') || !function_exists('tribe_create_organizer')) {
error_log('[HVAC REG DEBUG] The Events Calendar function tribe_create_organizer not found.');
return false;
}
$organizer_data = array(
'Organizer' => $meta_data['business_name'], // Use sanitized business name
'Phone' => $meta_data['business_phone'],
'Website' => $meta_data['business_website'],
'Email' => $meta_data['business_email'],
'Description' => $meta_data['business_description'],
'post_status' => 'publish', // Publish organizer immediately
'post_author' => $user_id // Associate with the new user
);
// Check if an organizer already exists for this user
$existing_organizer_id = get_user_meta($user_id, 'hvac_organizer_id', true);
if ($existing_organizer_id && get_post_type($existing_organizer_id) === Tribe__Events__Main::ORGANIZER_POST_TYPE) {
// Update existing organizer
$organizer_data['ID'] = $existing_organizer_id;
$organizer_id = tribe_update_organizer($existing_organizer_id, $organizer_data);
error_log('[HVAC REG DEBUG] Updated existing organizer ID: ' . $existing_organizer_id);
} else {
// Create new organizer
$organizer_id = tribe_create_organizer($organizer_data);
error_log('[HVAC REG DEBUG] Created new organizer.');
}
if (is_wp_error($organizer_id)) {
error_log('[HVAC REG DEBUG] Error creating/updating organizer: ' . $organizer_id->get_error_message());
return false;
} elseif (!$organizer_id || $organizer_id === 0) { // Check for 0 as well
error_log('[HVAC REG DEBUG] tribe_create/update_organizer returned false or 0.');
return false;
}
return (int) $organizer_id;
}
/**
* Create or update a Venue profile linked to the user using sanitized data.
*
* @param int $user_id The user ID.
* @param array $meta_data Array of sanitized user meta data.
* @return int|false Venue Post ID on success, false on failure.
*/
private function create_training_venue($user_id, $meta_data) {
if (!class_exists('Tribe__Events__Main') || !function_exists('tribe_create_venue')) {
error_log('[HVAC REG DEBUG] The Events Calendar function tribe_create_venue not found.');
return false;
}
// Use the already processed state/province from meta
$state_province = $meta_data['user_state'];
$venue_data = array(
'Venue' => $meta_data['business_name'] . ' Training Venue', // Venue name from sanitized meta
'Country' => $meta_data['user_country'],
'Address' => '', // TEC doesn't have a single address line, use City/State/Zip
'City' => $meta_data['user_city'],
'StateProvince' => $state_province,
'State' => $state_province, // Also set State field
'Province' => $state_province, // Also set Province field
'Zip' => $meta_data['user_zip'],
'Phone' => $meta_data['business_phone'],
'Website' => $meta_data['business_website'],
'post_status' => 'publish', // Publish venue immediately
'post_author' => $user_id // Associate with the new user
);
// Check if a venue already exists for this user
$existing_venue_id = get_user_meta($user_id, 'hvac_venue_id', true);
if ($existing_venue_id && get_post_type($existing_venue_id) === Tribe__Events__Main::VENUE_POST_TYPE) {
// Update existing venue
$venue_data['ID'] = $existing_venue_id;
$venue_id = tribe_update_venue($existing_venue_id, $venue_data);
error_log('[HVAC REG DEBUG] Updated existing venue ID: ' . $existing_venue_id);
} else {
// Create new venue
$venue_id = tribe_create_venue($venue_data);
error_log('[HVAC REG DEBUG] Created new venue.');
}
if (is_wp_error($venue_id)) {
error_log('[HVAC REG DEBUG] Error creating/updating venue: ' . $venue_id->get_error_message());
return false;
} elseif (!$venue_id || $venue_id === 0) { // Check for 0 as well
error_log('[HVAC REG DEBUG] tribe_create/update_venue returned false or 0.');
return false;
}
return (int) $venue_id;
}
/**
* Send notification email to admin about new registration
*
* @param int $user_id The ID of the newly registered user.
* @param array $data The raw submitted form data (used for notification content).
*/
private function send_admin_notification($user_id, $data) {
$admin_email = get_option('admin_email');
if (!$admin_email) {
error_log('[HVAC REG DEBUG] Admin email not configured. Cannot send notification.');
return;
}
$user_info = get_userdata($user_id);
if (!$user_info) {
error_log('[HVAC REG DEBUG] Could not get user data for notification. User ID: ' . $user_id);
return;
}
$subject = sprintf('%s - New HVAC Trainer Registration Pending Approval', get_bloginfo('name'));
// Use sanitized data for the email body where appropriate
$message = "A new HVAC trainer has registered and is awaiting approval.\n\n";
$message .= "Details:\n";
$message .= "Username: " . $user_info->user_login . "\n";
$message .= "Email: " . $user_info->user_email . "\n";
// Use the sanitized first/last name from user_info if available, fallback to data
$first_name = $user_info->first_name ?: sanitize_text_field($data['first_name']);
$last_name = $user_info->last_name ?: sanitize_text_field($data['last_name']);
$message .= "Name: " . $first_name . " " . $last_name . "\n";
$message .= "Business Name: " . sanitize_text_field($data['business_name']) . "\n"; // Use raw data as meta might not be fully updated yet? Safer to use raw.
$message .= "Application Details:\n" . wp_kses_post($data['application_details']) . "\n\n"; // Use wp_kses_post for safety
// Add link to user profile in admin
$profile_link = admin_url('user-edit.php?user_id=' . $user_id);
$message .= "Approve/Deny User: " . $profile_link . "\n";
$headers = array('Content-Type: text/plain; charset=UTF-8');
if (wp_mail($admin_email, $subject, $message, $headers)) {
error_log('[HVAC REG DEBUG] Admin notification email sent successfully to ' . $admin_email);
} else {
error_log('[HVAC REG DEBUG] Failed to send admin notification email to ' . $admin_email);
// Consider adding an error to the transient if email failure is critical?
// $errors['notification'] = 'Admin notification failed. Registration complete but please contact support.';
}
}
// TODO: Add send_user_pending_notification()
// TODO: Add send_user_approved_notification()
// TODO: Add send_user_denied_notification()
/**
* Renders the edit profile form shortcode output
*/
public function render_edit_profile_form() {
if (!is_user_logged_in()) {
return '<p>Please log in to edit your profile.</p>';
}
// We don't need to do anything here since the template file already handles the form rendering
// Just set up the shortcode to point to the template
ob_start();
include HVAC_CE_PLUGIN_DIR . 'templates/template-edit-profile.php';
return ob_get_clean();
}
/**
* Process profile update submission from the edit profile form
*/
public function process_profile_update() {
// Only logged-in users can update profiles
if (!is_user_logged_in()) {
wp_redirect(home_url('/community-login/'));
exit;
}
$user_id = get_current_user_id();
$user = get_userdata($user_id);
$errors = [];
$submitted_data = $_POST;
$profile_page_url = home_url('/edit-profile/');
// Verify nonce
if (!isset($_POST['hvac_profile_nonce']) || !wp_verify_nonce($_POST['hvac_profile_nonce'], 'hvac_update_profile')) {
$errors['nonce'] = 'Security check failed. Please try submitting the form again.';
error_log('[HVAC PROFILE DEBUG] Nonce check failed in profile update.');
$this->redirect_with_profile_errors($errors, $profile_page_url);
// No need for return/exit here, redirect_with_errors exits.
}
error_log('[HVAC PROFILE DEBUG] Nonce check passed in profile update.');
// File Upload Handling
$profile_image_data = null;
if (isset($_FILES['profile_image']) && $_FILES['profile_image']['error'] !== UPLOAD_ERR_NO_FILE) {
if ($_FILES['profile_image']['error'] === UPLOAD_ERR_OK) {
// Check if it's actually an uploaded file
if (!is_uploaded_file($_FILES['profile_image']['tmp_name'])) {
$errors['profile_image'] = 'File upload error (invalid temp file).';
error_log('[HVAC PROFILE DEBUG] Profile image upload error: Not an uploaded file.');
} else {
$allowed_types = ['image/jpeg', 'image/png', 'image/gif'];
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime_type = finfo_file($finfo, $_FILES['profile_image']['tmp_name']);
finfo_close($finfo);
if (!in_array($mime_type, $allowed_types)) {
$errors['profile_image'] = 'Invalid file type detected (' . esc_html($mime_type) . '). Please upload a JPG, PNG, or GIF.';
error_log('[HVAC PROFILE DEBUG] Profile image upload error: Invalid MIME type - ' . $mime_type);
} else {
$profile_image_data = $_FILES['profile_image']; // Store the whole $_FILES entry
error_log('[HVAC PROFILE DEBUG] Profile image seems valid.');
}
}
} else {
$errors['profile_image'] = 'There was an error uploading the profile image. Code: ' . $_FILES['profile_image']['error'];
error_log('[HVAC PROFILE DEBUG] Profile image upload error code: ' . $_FILES['profile_image']['error']);
}
}
// Validate form data
$validation_errors = $this->validate_profile_update($submitted_data, $user);
$errors = array_merge($errors, $validation_errors);
// Process if no errors
if (empty($errors)) {
error_log('[HVAC PROFILE DEBUG] Validation passed in profile update.');
$update_success = $this->update_user_profile($user_id, $submitted_data, $profile_image_data);
if (is_wp_error($update_success)) {
$errors['account'] = $update_success->get_error_message();
error_log('[HVAC PROFILE DEBUG] Profile update WP_Error: ' . $update_success->get_error_message());
$this->redirect_with_profile_errors($errors, $profile_page_url);
} elseif ($update_success) {
error_log('[HVAC PROFILE DEBUG] Profile update SUCCESS for user ID: ' . $user_id);
// Redirect to the profile page with success message
wp_safe_redirect(add_query_arg('updated', '1', $profile_page_url));
exit;
} else {
$errors['account'] = 'An unknown error occurred during profile update. Please try again.';
error_log('[HVAC PROFILE DEBUG] Profile update failed silently (returned false).');
$this->redirect_with_profile_errors($errors, $profile_page_url);
}
} else {
error_log('[HVAC PROFILE DEBUG] Validation errors found in profile update: ' . print_r($errors, true));
$this->redirect_with_profile_errors($errors, $profile_page_url);
}
}
/**
* Helper function to store profile errors in transient and redirect back to the form page.
*
* @param array $errors Array of error messages.
* @param string $redirect_url The URL to redirect back to.
*/
private function redirect_with_profile_errors($errors, $redirect_url) {
$transient_id = uniqid(); // Generate unique ID for transient key
$transient_key = self::PROFILE_TRANSIENT_PREFIX . $transient_id;
$transient_data = [
'errors' => $errors,
];
// Store for 5 minutes
set_transient($transient_key, $transient_data, MINUTE_IN_SECONDS * 5);
// Add query arguments to the redirect URL
$redirect_url = add_query_arg([
'prof_error' => '1',
'tid' => $transient_id,
], $redirect_url);
error_log('[HVAC PROFILE DEBUG] Redirecting back with errors. URL: ' . $redirect_url . ' Transient Key: ' . $transient_key);
wp_safe_redirect($redirect_url);
exit; // Stop execution after redirect
}
/**
* Validate profile update data
*
* @param array $data Submitted form data ($_POST).
* @param WP_User $user Current user object.
* @return array Array of errors, empty if valid.
*/
public function validate_profile_update($data, $user) {
error_log('[HVAC PROFILE DEBUG] validate_profile_update: Validating data');
$errors = array();
// Required field validation
$required_fields = [
'first_name' => 'First Name',
'last_name' => 'Last Name',
'display_name' => 'Display Name',
'user_email' => 'Email',
'description' => 'Biographical Info',
'business_name' => 'Business Name',
'business_phone' => 'Business Phone',
'business_email' => 'Business Email',
'business_description' => 'Business Description',
'user_country' => 'Country',
'user_state' => 'State/Province',
'user_city' => 'City',
'user_zip' => 'Zip/Postal Code',
'business_type' => 'Business Type',
];
foreach ($required_fields as $field => $label) {
// Use trim to catch spaces-only input
if (empty($data[$field]) || trim($data[$field]) === '') {
$errors[$field] = $label . ' is required.';
}
}
// Required checkbox groups
$required_checkboxes = [
'training_audience' => 'Training Audience',
'training_formats' => 'Training Formats',
'training_locations' => 'Training Locations',
'training_resources' => 'Training Resources',
];
foreach ($required_checkboxes as $field => $label) {
// Check if the key exists and is a non-empty array
if (empty($data[$field]) || !is_array($data[$field])) {
$errors[$field] = 'Please select at least one option for ' . $label . '.';
}
}
// Email validation
if (!empty($data['user_email']) && !is_email($data['user_email'])) {
$errors['user_email'] = 'Please enter a valid email address.';
}
if (!empty($data['business_email']) && !is_email($data['business_email'])) {
$errors['business_email'] = 'Please enter a valid business email address.';
}
// Email exists validation (only if email is changed and valid)
if (empty($errors['user_email']) && !empty($data['user_email']) && $data['user_email'] !== $user->user_email && email_exists($data['user_email'])) {
$errors['user_email'] = 'This email address is already registered to another account.';
}
// URL validation (optional fields)
if (!empty($data['user_url']) && !filter_var($data['user_url'], FILTER_VALIDATE_URL)) {
$errors['user_url'] = 'Please enter a valid URL for your personal website.';
}
if (!empty($data['user_linkedin']) && !filter_var($data['user_linkedin'], FILTER_VALIDATE_URL)) {
$errors['user_linkedin'] = 'Please enter a valid URL for your LinkedIn profile.';
}
if (!empty($data['business_website']) && !filter_var($data['business_website'], FILTER_VALIDATE_URL)) {
$errors['business_website'] = 'Please enter a valid URL for your business website.';
}
// State/Province 'Other' validation
if (!empty($data['user_country'])) {
if ($data['user_country'] !== 'United States' && $data['user_country'] !== 'Canada') {
// If country is not US/CA, state *must* be 'Other'
if (empty($data['user_state']) || $data['user_state'] !== 'Other') {
$errors['user_state'] = 'Please select "Other" for State/Province if your country is not US or Canada.';
} elseif (empty($data['user_state_other']) || trim($data['user_state_other']) === '') {
// If state is 'Other', the text input must not be empty
$errors['user_state_other'] = 'Please enter your state/province.';
}
} elseif (!empty($data['user_state'])) {
// If country is US/CA
if ($data['user_state'] === 'Other') {
// State cannot be 'Other' if country is US/CA
$errors['user_state'] = 'Please select your state/province from the list.';
}
}
}
// Password validation (only if user is attempting to change password)
if (!empty($data['current_password']) || !empty($data['new_password']) || !empty($data['confirm_new_password'])) {
// Verify current password
if (empty($data['current_password'])) {
$errors['current_password'] = 'Please enter your current password.';
} elseif (!wp_check_password($data['current_password'], $user->user_pass, $user->ID)) {
$errors['current_password'] = 'Current password is incorrect.';
}
// Validate new password
if (empty($data['new_password'])) {
$errors['new_password'] = 'Please enter a new password.';
} elseif (strlen($data['new_password']) < 8) {
$errors['new_password'] = 'Password must be at least 8 characters long.';
} elseif (!preg_match('/[A-Z]/', $data['new_password'])) {
$errors['new_password'] = 'Password must contain at least one uppercase letter.';
} elseif (!preg_match('/[a-z]/', $data['new_password'])) {
$errors['new_password'] = 'Password must contain at least one lowercase letter.';
} elseif (!preg_match('/[0-9]/', $data['new_password'])) {
$errors['new_password'] = 'Password must contain at least one number.';
}
// Confirm new password
if (empty($data['confirm_new_password'])) {
$errors['confirm_new_password'] = 'Please confirm your new password.';
} elseif ($data['new_password'] !== $data['confirm_new_password']) {
$errors['confirm_new_password'] = 'New passwords do not match.';
}
}
error_log('[HVAC PROFILE DEBUG] validate_profile_update: Validation result - ' . (empty($errors) ? 'VALID' : 'INVALID'));
return $errors;
}
/**
* Update the user profile with submitted data
*
* @param int $user_id The user ID to update.
* @param array $data The submitted form data.
* @param array|null $profile_image_data The profile image file data, if any.
* @return bool|WP_Error True on success, WP_Error on failure.
*/
private function update_user_profile($user_id, $data, $profile_image_data = null) {
// Sanitize and prepare user data for update
$userdata = array(
'ID' => $user_id,
'first_name' => sanitize_text_field($data['first_name']),
'last_name' => sanitize_text_field($data['last_name']),
'display_name' => sanitize_text_field($data['display_name']),
'user_email' => sanitize_email($data['user_email']),
'user_url' => !empty($data['user_url']) ? esc_url_raw($data['user_url']) : '',
'description' => wp_kses_post($data['description']),
);
// Handle password update if provided
if (!empty($data['new_password']) && !empty($data['current_password']) && !empty($data['confirm_new_password'])) {
$userdata['user_pass'] = $data['new_password']; // wp_update_user will hash the password
}
// Update user data
$update_result = wp_update_user($userdata);
if (is_wp_error($update_result)) {
error_log('[HVAC PROFILE DEBUG] wp_update_user failed: ' . $update_result->get_error_message());
return $update_result;
}
// Update user meta
$meta_fields = [
'user_linkedin' => !empty($data['user_linkedin']) ? esc_url_raw($data['user_linkedin']) : '',
'personal_accreditation' => !empty($data['personal_accreditation']) ? sanitize_text_field($data['personal_accreditation']) : '',
'business_name' => sanitize_text_field($data['business_name']),
'business_phone' => sanitize_text_field($data['business_phone']),
'business_email' => sanitize_email($data['business_email']),
'business_website' => !empty($data['business_website']) ? esc_url_raw($data['business_website']) : '',
'business_description' => wp_kses_post($data['business_description']),
'user_country' => sanitize_text_field($data['user_country']),
'user_state' => ($data['user_state'] === 'Other' && isset($data['user_state_other'])) ? sanitize_text_field($data['user_state_other']) : sanitize_text_field($data['user_state']),
'user_city' => sanitize_text_field($data['user_city']),
'user_zip' => sanitize_text_field($data['user_zip']),
'business_type' => sanitize_text_field($data['business_type']),
'training_audience' => (!empty($data['training_audience']) && is_array($data['training_audience'])) ? array_map('sanitize_text_field', $data['training_audience']) : [],
'training_formats' => (!empty($data['training_formats']) && is_array($data['training_formats'])) ? array_map('sanitize_text_field', $data['training_formats']) : [],
'training_locations' => (!empty($data['training_locations']) && is_array($data['training_locations'])) ? array_map('sanitize_text_field', $data['training_locations']) : [],
'training_resources' => (!empty($data['training_resources']) && is_array($data['training_resources'])) ? array_map('sanitize_text_field', $data['training_resources']) : [],
'annual_revenue_target' => !empty($data['annual_revenue_target']) ? intval($data['annual_revenue_target']) : '',
];
foreach ($meta_fields as $key => $value) {
update_user_meta($user_id, $key, $value);
}
error_log('[HVAC PROFILE DEBUG] User meta updated for user ID: ' . $user_id);
// Handle profile image upload if provided
if ($profile_image_data) {
error_log('[HVAC PROFILE DEBUG] Attempting profile image upload for user ID: ' . $user_id);
// We don't need the return value here unless we want to report specific upload errors
$this->handle_profile_image_upload($user_id, $profile_image_data);
}
// Update organizer profile if it exists
$organizer_id = get_user_meta($user_id, 'hvac_organizer_id', true);
if ($organizer_id && get_post_type($organizer_id) === Tribe__Events__Main::ORGANIZER_POST_TYPE) {
error_log('[HVAC PROFILE DEBUG] Updating organizer profile for user ID: ' . $user_id);
$this->create_organizer_profile($user_id, $meta_fields);
}
// Update venue profile if it exists
$venue_id = get_user_meta($user_id, 'hvac_venue_id', true);
if ($venue_id && get_post_type($venue_id) === Tribe__Events__Main::VENUE_POST_TYPE) {
error_log('[HVAC PROFILE DEBUG] Updating venue profile for user ID: ' . $user_id);
$this->create_training_venue($user_id, $meta_fields);
}
return true;
}
/**
* Get list of countries (simplified)
*/
private function get_country_list() {
// In a real application, use a more comprehensive list or library
return array(
'US' => 'United States',
'CA' => 'Canada',
// Add more countries as needed
'GB' => 'United Kingdom',
'AU' => 'Australia',
// ...
);
}
/**
* Get list of US states
*/
private function get_us_states() {
// Use state abbreviations as keys if preferred by JS/validation
return array(
'AL' => 'Alabama', 'AK' => 'Alaska', 'AZ' => 'Arizona', 'AR' => 'Arkansas', 'CA' => 'California',
'CO' => 'Colorado', 'CT' => 'Connecticut', 'DE' => 'Delaware', 'DC' => 'District of Columbia', 'FL' => 'Florida',
'GA' => 'Georgia', 'HI' => 'Hawaii', 'ID' => 'Idaho', 'IL' => 'Illinois', 'IN' => 'Indiana',
'IA' => 'Iowa', 'KS' => 'Kansas', 'KY' => 'Kentucky', 'LA' => 'Louisiana', 'ME' => 'Maine',
'MD' => 'Maryland', 'MA' => 'Massachusetts', 'MI' => 'Michigan', 'MN' => 'Minnesota', 'MS' => 'Mississippi',
'MO' => 'Missouri', 'MT' => 'Montana', 'NE' => 'Nebraska', 'NV' => 'Nevada', 'NH' => 'New Hampshire',
'NJ' => 'New Jersey', 'NM' => 'New Mexico', 'NY' => 'New York', 'NC' => 'North Carolina', 'ND' => 'North Dakota',
'OH' => 'Ohio', 'OK' => 'Oklahoma', 'OR' => 'Oregon', 'PA' => 'Pennsylvania', 'RI' => 'Rhode Island',
'SC' => 'South Carolina', 'SD' => 'South Dakota', 'TN' => 'Tennessee', 'TX' => 'Texas', 'UT' => 'Utah',
'VT' => 'Vermont', 'VA' => 'Virginia', 'WA' => 'Washington', 'WV' => 'West Virginia', 'WI' => 'Wisconsin',
'WY' => 'Wyoming'
);
}
/**
* Get list of Canadian provinces
*/
private function get_canadian_provinces() {
// Use province abbreviations as keys if preferred by JS/validation
return array(
'AB' => 'Alberta', 'BC' => 'British Columbia', 'MB' => 'Manitoba', 'NB' => 'New Brunswick',
'NL' => 'Newfoundland and Labrador', 'NS' => 'Nova Scotia', 'ON' => 'Ontario', 'PE' => 'Prince Edward Island',
'QC' => 'Quebec', 'SK' => 'Saskatchewan', 'NT' => 'Northwest Territories', 'NU' => 'Nunavut', 'YT' => 'Yukon'
);
}
} // End class HVAC_Registration
Reference in a new issue View git blame Copy permalink