function mst_handle_save_profile() {
// ===== HONEYPOT SPAM CHECK =====
if (!empty($_POST['company_name'])) {
wp_die('Spam detected.');
}
// ===== RATE LIMIT =====
$ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
$key = 'mst_rate_' . md5($ip);
if (get_transient($key)) {
wp_die('Too many submissions. Please wait a minute.');
}
set_transient($key, 1, 60);
if (!isset($_POST['mst_nonce']) || !wp_verify_nonce($_POST['mst_nonce'], 'mst_save_profile')) {
wp_die('Security check failed.');
}
$nfc_uid_raw = sanitize_text_field($_POST['nfc_uid'] ?? '');
if (!$nfc_uid_raw || !mst_is_valid_uid($nfc_uid_raw)) {
wp_die('Invalid NFC UID.');
}
$uid = mst_normalize_uid($nfc_uid_raw);
$existing = mst_db_get_profile_by_uid($uid);
if (!$existing) {
wp_die('This wristband UID does not exist.');
}
$is_sample = (
isset($existing['first_name'], $existing['last_name']) &&
strcasecmp(trim($existing['first_name']), 'John') === 0 &&
strcasecmp(trim($existing['last_name']), 'Doe') === 0
);
if (!$is_sample) {
wp_die('This profile has already been activated and cannot be edited.');
}
if (function_exists('mst_subscription_allows_profile_completion') && $existing && !mst_subscription_allows_profile_completion($existing)) {
wp_die('Payment required before profile activation.');
}
$data = mst_collect_post_fields();
/* ===== BLOOD TYPE VALIDATION ===== */
$valid_blood_types = ['A+','A-','B+','B-','AB+','AB-','O+','O-'];
if (!in_array($data['blood_type'], $valid_blood_types, true)) {
$data['blood_type'] = '';
}
for ($d = 1; $d <= 3; $d++) {
$key = "DEP{$d}_bloodgroup";
if (!in_array($data[$key] ?? '', $valid_blood_types, true)) {
$data[$key] = '';
}
}
$allowed_types = ['image/jpeg','image/png','image/webp'];
/* ===== PROFILE PHOTO ===== */
if (!empty($_FILES['photo_file']['tmp_name'])) {
$check = wp_check_filetype_and_ext(
$_FILES['photo_file']['tmp_name'],
$_FILES['photo_file']['name']
);
$mime = $check['type'] ?? '';
if (!in_array($mime, $allowed_types, true)) {
wp_die('Invalid image format.');
}
$url = mst_cloudinary_upload_file($_FILES['photo_file']['tmp_name'], $uid, 'profile');
$data['photo_url'] = $url ?: ($existing['photo_url'] ?? '');
} else {
$data['photo_url'] = $existing['photo_url'] ?? '';
}
/* ===== DEPENDENT PHOTOS ===== */
for ($d = 1; $d <= 3; $d++) {
$fileKey = "DEP{$d}_photo_file";
$dbcol = "DEP{$d}_photo";
if (!empty($_FILES[$fileKey]['tmp_name'])) {
$check = wp_check_filetype_and_ext(
$_FILES[$fileKey]['tmp_name'],
$_FILES[$fileKey]['name']
);
$mime = $check['type'] ?? '';
if (!in_array($mime, $allowed_types, true)) {
wp_die('Invalid image format.');
}
$url = mst_cloudinary_upload_file(
$_FILES[$fileKey]['tmp_name'],
$uid,
"dep{$d}"
);
$data[$dbcol] = $url ?: ($existing[$dbcol] ?? '');
} else {
$data[$dbcol] = $existing[$dbcol] ?? '';
}
}
/* ===== SAVE ===== */
$res = mst_update_profile_row($uid, $data);
if (!is_array($res)) {
error_log('mst_update_profile_row FAILED');
wp_die('System error. Please contact support.');
}
/* ===== MULTI PROFILE REDIRECT ===== */
if (!empty($res['redirect'])) {
sleep(1);
wp_safe_redirect($res['redirect']);
exit;
}
/* ===== EMAILS ===== */
if (!empty($res['ok'])) {
$email = sanitize_email($data['email'] ?? '');
if ($email) {
mst_send_email(
$email,
"Medical SmartTag Profile Activated",
"Your SmartTag profile has been successfully created.
"
);
}
$admin = get_option('admin_email');
if ($admin) {
mst_send_email(
$admin,
'New SmartTag Signup',
"UID: {$uid}
"
);
}
}
/* ===== FINAL REDIRECT ===== */
if (empty($res['ok'])) {
wp_safe_redirect(site_url('/ice-information/?id=' . rawurlencode($uid) . '&mst_error=1'));
exit;
}
wp_safe_redirect(site_url('/iceprofile-success/?uid=' . rawurlencode($uid)));
exit;
}
https://smarttag.digital/wp-sitemap-posts-page-1.xmlhttps://smarttag.digital/wp-sitemap-posts-oceanwp_library-1.xmlhttps://smarttag.digital/wp-sitemap-users-1.xml