$atts Shortcode attributes (unused — reserved for future options). */ public function render( array $atts ): string { // phpcs:ignore Generic.CodeAnalysis.UnusedFunctionParameter.Found if ( is_user_logged_in() ) { $redirect = esc_url( (string) get_permalink() ); return sprintf( '

%s %s.

', esc_html__( 'You are already logged in.', 'unsupervised-schedular' ), $redirect, esc_html__( 'View available lessons', 'unsupervised-schedular' ) ); } $error = ''; $redirect = sanitize_url( (string) get_permalink() ); if ( isset( $_POST['us_login'] ) && check_admin_referer( 'us_student_login' ) ) { $credentials = [ 'user_login' => sanitize_user( wp_unslash( $_POST['log'] ?? '' ) ), // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- passwords must not be sanitized. 'user_password' => wp_unslash( $_POST['pwd'] ?? '' ), 'remember' => isset( $_POST['rememberme'] ), ]; $user = wp_signon( $credentials, false ); if ( is_wp_error( $user ) ) { $error = esc_html__( 'Invalid username or password.', 'unsupervised-schedular' ); } else { wp_safe_redirect( $redirect ); exit; } } ob_start(); include USC_PLUGIN_DIR . 'templates/frontend/login-page.php'; return (string) ob_get_clean(); } }