dwindown/WooNooW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: resolve container width issues, spa redirects, and appearance settings overwrite. feat: enhance order/sub details and newsletter layout

Browse Source
This commit is contained in:
Dwindi Ramadhana
2026-02-05 00:09:40 +07:00
parent a0b5f8496d
commit 5f08c18ec7
77 changed files with 7027 additions and 4546 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
includes/Api/CheckoutController.php
View File

@@ -311,12 +311,27 @@ class CheckoutController
return ['error' => __('No items provided', 'woonoow')];
}
// Security: Rate limiting check
if (\WooNooW\Compat\SecuritySettingsProvider::is_rate_limited()) {
return ['error' => __('Too many orders. Please try again later.', 'woonoow')];
}
// Security: CAPTCHA validation
$captcha_token = $payload['captcha_token'] ?? '';
$captcha_result = \WooNooW\Compat\SecuritySettingsProvider::validate_captcha($captcha_token);
if (is_wp_error($captcha_result)) {
return ['error' => $captcha_result->get_error_message()];
}
// Create order
$order = wc_create_order();
if (is_wp_error($order)) {
return ['error' => $order->get_error_message()];
}
// Track if user was logged in during this request (for frontend page reload)
$user_logged_in = false;
// Set customer ID if user is logged in
if (is_user_logged_in()) {
$user_id = get_current_user_id();
@@ -358,8 +373,9 @@ class CheckoutController
$existing_user = get_user_by('email', $email);
if ($existing_user) {
// User exists - link order to them
// User exists - link order to them (but do NOT auto-login for security)
$order->set_customer_id($existing_user->ID);
// Note: user_logged_in stays false - existing users must authenticate separately
} else {
// Create new user account
$password = wp_generate_password(12, true, true);
@@ -387,6 +403,7 @@ class CheckoutController
// AUTO-LOGIN: Set authentication cookie so user is logged in after page reload
wp_set_auth_cookie($new_user_id, true);
wp_set_current_user($new_user_id);
$user_logged_in = true;
// Set WooCommerce customer billing data
$customer = new \WC_Customer($new_user_id);
@@ -509,6 +526,9 @@ class CheckoutController
WC()->cart->empty_cart();
}
// Record this order attempt for rate limiting
\WooNooW\Compat\SecuritySettingsProvider::record_order_attempt();
return [
'ok' => true,
'order_id' => $order->get_id(),
@@ -516,6 +536,7 @@ class CheckoutController
'status' => $order->get_status(),
'pay_url' => $order->get_checkout_payment_url(),
'thankyou_url' => $order->get_checkout_order_received_url(),
'user_logged_in' => $user_logged_in, // True if user was logged in during this request (requires page reload)
];
}