thatguygriff
1d6ac46ba3
CI / No Debug Code (pull_request) Successful in 3s
CI / Tests (PHP 8.2) (pull_request) Successful in 48s
CI / Tests (PHP 8.3) (pull_request) Successful in 52s
CI / Coding Standards (pull_request) Successful in 57s
CI / Tests (PHP 8.1) (pull_request) Successful in 1m1s
CI / PHPStan (pull_request) Successful in 1m11s
CI / Build Plugin Zip (pull_request) Has been skipped
- Bump phpstan/phpstan ^2.0 and szepeviktor/phpstan-wordpress ^2.0 - Move the analysis level into phpstan.neon (single source) and raise it to 10 - Add Val, a runtime coercion helper that narrows untyped WordPress boundary values (wpdb rows, REST params, superglobals, options) with explicit checks instead of blind casts, plus unit tests - Type value-object fromRow() params as stdClass (what wpdb returns) and map columns through Val so unexpected shapes degrade safely - Use %i identifier placeholders for table names in all wpdb::prepare() calls so every query string is a literal and identifiers are escaped by WordPress; raises the minimum WordPress version to 6.2 where %i was introduced - Guard wpdb::prepare() null result before wpdb::query() in updateTax() - Fix nullable get_permalink()/strtotime() handling, list types at REST and capability call sites, dead null-coalescing on checked superglobals, and narrow get_users() results before mapping - Register Val method names with the ValidatedSanitizedInput sniff so it validates the real sanitizer around each superglobal read - Update repository unit tests for the %i placeholder arguments Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
52 lines
1.5 KiB
PHP
52 lines
1.5 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
namespace Unsupervised\Schedular\Auth;
|
|
|
|
use Unsupervised\Schedular\Val;
|
|
|
|
class LoginPage {
|
|
|
|
/**
|
|
* Renders the student login shortcode output.
|
|
*
|
|
* @param array<string> $atts Shortcode attributes (unused — reserved for future options).
|
|
*/
|
|
public function render( array $atts ): string { // phpcs:ignore Generic.CodeAnalysis.UnusedFunctionParameter.Found
|
|
if ( is_user_logged_in() ) {
|
|
$redirect = esc_url( (string) get_permalink() );
|
|
return sprintf(
|
|
'<p>%s <a href="%s">%s</a>.</p>',
|
|
esc_html__( 'You are already logged in.', 'unsupervised-schedular' ),
|
|
$redirect,
|
|
esc_html__( 'View available lessons', 'unsupervised-schedular' )
|
|
);
|
|
}
|
|
|
|
$error = '';
|
|
$redirect = sanitize_url( (string) get_permalink() );
|
|
|
|
if ( isset( $_POST['us_login'] ) && check_admin_referer( 'us_student_login' ) ) {
|
|
$credentials = [
|
|
'user_login' => sanitize_user( Val::string( wp_unslash( $_POST['log'] ?? '' ) ) ),
|
|
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- passwords must not be sanitized.
|
|
'user_password' => Val::string( wp_unslash( $_POST['pwd'] ?? '' ) ),
|
|
'remember' => isset( $_POST['rememberme'] ),
|
|
];
|
|
|
|
$user = wp_signon( $credentials, false );
|
|
|
|
if ( is_wp_error( $user ) ) {
|
|
$error = esc_html__( 'Invalid username or password.', 'unsupervised-schedular' );
|
|
} else {
|
|
wp_safe_redirect( $redirect );
|
|
exit;
|
|
}
|
|
}
|
|
|
|
ob_start();
|
|
include USC_PLUGIN_DIR . 'templates/frontend/login-page.php';
|
|
return (string) ob_get_clean();
|
|
}
|
|
}
|