Project-Pro/szkoleniauryzaj.pl
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Jacek Pyziak
2026-04-26 23:47:49 +02:00
parent 1b95f03d1e
commit b073e009d8
5288 changed files with 1112699 additions and 55536 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
.paul/codebase/architecture.md Normal file
View File

@@ -0,0 +1,94 @@
# Architecture
> Generated by /paul:map-codebase — 2026-04-26
## Overview
Production e-learning platform. Courses are WooCommerce products. Users browse, reserve/buy spots, and join a bbPress forum community. All page layouts are built via Divi Visual Builder; PHP customizations live in the child theme.
## Directory Structure
```
szkoleniauryzaj.pl/
├── wp-config.php — DB config, WP settings, filesystem perms
├── .htaccess — Apache rewrites + Wordfence WAF rules
├── .user.ini — Wordfence WAF auto_prepend_file
├── cron-products.php — CUSTOM: auto-unpublish products past offer end date
├── wp-content/
│ ├── themes/
│ │ ├── body-relax/ — ACTIVE child theme (all custom code here)
│ │ ├── Divi/ — Parent theme (53 MB, do NOT edit)
│ │ └── twentytwentytwo/ — Inactive
│ ├── plugins/ — 45 plugins (~200 MB total)
│ ├── mu-plugins/
│ │ └── installatron_hide_status_test.php — Disables WP auto-update nag
│ └── uploads/ — Media (server-only, not in repo)
├── .vscode/
│ ├── ftp-kr.json — FTP deployment config
│ ├── sftp.json — SFTP alternative config
│ └── settings.json — SCSS compiler config
└── .paul/ — Project management (not deployed)
```
## Active Child Theme: body-relax
```
body-relax/
├── functions.php — WooCommerce hooks, button text, stock display
├── style.css — Theme header + responsive CSS (981/768/480px breakpoints)
├── screenshot.jpg — Theme preview
└── divi-children-engine/
├── divi_children_engine.php — Loader (includes all engine files)
├── css/
│ └── custom-metabox.css — Admin metabox styling
└── includes/
├── divi_children_functions.php — 2060 lines: Divi customizer extensions, CSS injection
├── custom_codes.php — Admin UI for CSS classes/IDs + "magic codes"
└── divi-mods/
└── divi_mod_functions.php — Overrides et_pb_blog and et_pb_cta shortcodes
```
## Customization Layers (top → bottom)
1. **Divi Visual Builder** — Page/post content (drag-drop, stored as post meta)
2. **body-relax/functions.php** — WooCommerce filters (stock text, CTA button labels)
3. **divi-children-engine** — Customizer extensions, admin UI, Divi shortcode overrides
4. **Divi parent theme** — Core styling, builder components, page templates
5. **WooCommerce** — Product system (courses = products, bookings = orders)
6. **45 Plugins** — SEO, analytics, payments, security, media feeds
7. **WordPress core** — Database, hook system, REST API
## Key Custom Functions
| File | Function | What it does |
|------|----------|-------------|
| `functions.php:30` | `wcs_custom_get_availability()` | Polish stock text: "Duża ilość wolnych miejsc", countdown for last 1-4 spots, "WSZYSTKIE MIEJSCA WYKUPIONE" |
| `functions.php:92` | `bbloomer_custom_add_to_cart_single_product()` | Changes "Add to Cart" by category: webinar/book → "Kup teraz", course → "Rezerwuj miejsce" |
| `functions.php:108` | `bbloomer_archive_custom_cart_button_text()` | Same logic for archive/shop pages |
| `cron-products.php` | (standalone) | Reads ACF `end_date_of_the_offer`, sets product to draft when offer expires |
## Hooks Registered in functions.php
| Type | Hook | Function |
|------|------|---------|
| `add_action` | `wp_enqueue_scripts` | `dce_load_divi_stylesheet()` — enqueues Divi parent CSS |
| `add_filter` | `woocommerce_get_availability` | `wcs_custom_get_availability()` |
| `add_filter` | `woocommerce_product_single_add_to_cart_text` | `bbloomer_custom_add_to_cart_single_product()` |
| `add_filter` | `woocommerce_product_add_to_cart_text` | `bbloomer_archive_custom_cart_button_text()` |
## Data Flow: Course Purchase
```
User → Shop/Archive page
→ WooCommerce product (course) with custom "Rezerwuj miejsce" button
→ Cart → Checkout (with NIP field, custom fields)
→ PayU payment gateway (BLIK/card/bank transfer)
→ Order confirmation → bbPress forum access (community)
```
## Database
- Name: `garbary_szkury`
- Prefix: `wp_`
- Host: localhost
- Key custom data: ACF fields on products (e.g., `end_date_of_the_offer`)

76
.paul/codebase/concerns.md Normal file
View File

@@ -0,0 +1,76 @@
# Concerns & Technical Debt
> Generated by /paul:map-codebase — 2026-04-26
## CRITICAL
### 1. Credentials committed to git
- **wp-config.php**: DB password in version history
- **.vscode/ftp-kr.json**: FTP credentials in version history (host, user, password, path)
- **Action**: Rotate both passwords. Add `wp-config.php` and `.vscode/ftp-kr.json` to `.gitignore`.
### 2. FTP auto-upload to production with no staging
- `autoUpload: true` in `.vscode/ftp-kr.json` — every file save goes live immediately
- No review step, no staging environment
- **Action**: Disable autoUpload for risky changes; test locally first.
### 3. bbPress — 100+ core plugin files modified
- Git shows every file in `wp-content/plugins/bbpress/` as modified
- Next bbPress update will silently overwrite all customizations
- **Action**: Document what was changed and why. Move custom logic to a custom plugin or mu-plugin using bbPress hooks/filters.
## HIGH
### 4. No .gitignore
- Sensitive files (wp-config.php, ftp-kr.json) are tracked
- Uploads, cache, and build artifacts can be accidentally committed
- **Files to add to .gitignore**: `wp-config.php`, `.vscode/ftp-kr.json`, `.vscode/sftp.json`, `wp-content/uploads/`, `wp-content/cache/`, `*.log`
### 5. Deprecated PHP in divi-children-engine
- `extract(shortcode_atts(...))` in `divi-mods/divi_mod_functions.php:28` — deprecated PHP 8.0+, security risk
- `query_posts()` in same file — deprecated, should use `WP_Query`
- **Action**: Replace `extract()` with explicit variable assignments when touching this file.
### 6. AJAX handler without nonce verification
- `custom_selectors_action_callback()` in `custom_codes.php` processes `$_POST['selector']` without sanitization or nonce check
- **Action**: Add `check_ajax_referer()` and `sanitize_text_field()` before the `set_theme_mod()` call.
### 7. No error logging
- `WP_DEBUG = false` with no `WP_DEBUG_LOG` — silent failures in production
- **Action**: Enable `WP_DEBUG_LOG = true`, `WP_DEBUG_DISPLAY = false` to log errors server-side without exposing them.
## MEDIUM
### 8. Inline JavaScript using deprecated jQuery methods
- `custom_codes.php` uses `.toggle()` (removed in jQuery 3.9+) via inline PHP-embedded JS
- **Action**: Replace with `.slideToggle()` or vanilla JS when modifying this area.
### 9. Hardcoded Polish strings without i18n
- `functions.php`: stock text, email address hardcoded as string literals
- `cron-products.php`: hardcoded Polish date strings
- No `.pot` / `.po` / `.mo` files; uses `woocommerce` text domain instead of `body-relax`
- **Action**: Wrap new strings in `__('...', 'body-relax')`, create proper text domain.
### 10. Child theme author URL uses HTTP
- `style.css` Author URI: `http://www.body-relax.baumer.vot.pl` (HTTP, not HTTPS)
- Minor, but update to HTTPS when touching the file.
### 11. FTP over plain FTP (not SFTP)
- `.vscode/ftp-kr.json` uses unencrypted FTP protocol
- Credentials and file contents transmitted in plaintext
- **Action**: Switch to SFTP (port 22) if host supports it.
## LOW
### 12. Poor git commit history
- All recent commits are "Save" — no meaningful history for auditing or rollback
- **Action**: Use conventional commit messages going forward.
### 13. Divi Children Engine version 1.0.4
- Relatively old; last update date unclear
- Non-standard approach that may conflict with Divi updates
- Low urgency, but track for compatibility issues when Divi updates.
### 14. AUTOMATIC_UPDATER_DISABLED = true
- All updates are manual; security patches may be missed
- Acceptable if monitored; ensure a process exists to apply patches.

71
.paul/codebase/conventions.md Normal file
View File

@@ -0,0 +1,71 @@
# Conventions
> Generated by /paul:map-codebase — 2026-04-26
## PHP Conventions
### Current state (in existing code)
- **Style**: Procedural, no OOP
- **Naming**: snake_case with descriptive prefixes (`wcs_`, `bbloomer_`, `Divichild_`) — inconsistent across files
- **PHP version**: Basic PHP 5.x compatible constructs (no type hints, no match expressions)
- **Comments**: Minimal; PHPDoc used in divi-children-engine but not in functions.php
### Convention to follow when adding new code
- **Function prefix**: Use `szkolenia_` or `body_relax_` for all new functions
- **Security**: Always sanitize input (`sanitize_text_field()`), verify nonces for AJAX (`wp_verify_nonce()`), escape output (`esc_html()`, `wp_kses_post()`)
- **Hooks**: Register all hooks inside functions, not at file root level
- **Translations**: Wrap all user-facing strings in `__()` / `_e()` — text domain: `body-relax`
## CSS Conventions
### Current state
- Plain CSS (no preprocessor in production, SCSS compilation configured in VS Code)
- No BEM; simple semantic class names (`.icon_tags`, `.icon_profile`)
- ID-based selectors in admin CSS (anti-pattern)
- Hard-coded hex colors
- Breakpoints: 981px, 768px, 767px, 480px
### Convention to follow
- Namespace custom classes with `br-` prefix (e.g., `.br-availability-message`)
- Keep front-end CSS in `style.css`, admin CSS in `divi-children-engine/css/`
- Use SCSS variables for colors if using the Live Sass compiler
## JavaScript Conventions
### Current state
- Inline jQuery in PHP strings (no separate .js files in theme)
- Uses deprecated `.toggle()` (removed in jQuery 3.9+)
- References global `ajaxurl`
### Convention to follow
- Put new JS in separate files under `wp-content/themes/body-relax/js/`
- Enqueue via `wp_enqueue_script()` with jQuery dependency
- Use `wp_localize_script()` to pass ajaxurl and nonces
- Use `const`/`let`, avoid deprecated jQuery methods
## File Placement
| What to add | Where |
|------------|-------|
| WooCommerce filters/hooks | `wp-content/themes/body-relax/functions.php` |
| Admin UI / metaboxes | `wp-content/themes/body-relax/divi-children-engine/includes/` |
| Standalone cron scripts | Root of repo (like `cron-products.php`) |
| New plugin | `wp-content/plugins/` with own directory |
| Custom styles | `wp-content/themes/body-relax/style.css` |
## Git Conventions
### Current state
- Commit messages are all "Save" (no meaningful history)
- No `.gitignore` file
### Convention to follow
- Use conventional commits: `feat:`, `fix:`, `chore:`, `style:`
- Example: `feat: add availability countdown for last 3 spots`
## Deployment Notes
- FTP auto-upload is ON — every file save syncs to production immediately
- Do not edit Divi parent theme files (overwritten on update)
- Do not edit plugin files directly (overwritten on update) — use hooks/filters in theme instead
- The bbPress plugin is currently an exception (100+ modified files) — this is a known risk

69
.paul/codebase/db_schema.md Normal file
View File

@@ -0,0 +1,69 @@
# Database Schema
> Generated by /paul:map-codebase — 2026-04-26
> Note: WordPress core not in local repo — schema below is derived from config + plugin inventory.
## Connection
- **Database**: `garbary_szkury`
- **Prefix**: `wp_`
- **Host**: localhost
- **Charset**: UTF-8
## Standard WordPress Tables
| Table | Purpose |
|-------|---------|
| `wp_posts` | All content: pages, posts, WooCommerce products, bbPress topics/replies |
| `wp_postmeta` | Post custom fields (includes ACF fields, WooCommerce product data) |
| `wp_users` | User accounts |
| `wp_usermeta` | User meta (WooCommerce customer data, roles) |
| `wp_options` | Site settings, theme mods, plugin config, Divi builder settings |
| `wp_terms` | Categories, tags, product categories, bbPress forums |
| `wp_term_taxonomy` | Taxonomy definitions |
| `wp_term_relationships` | Post ↔ term relationships |
| `wp_comments` | Comments |
| `wp_commentmeta` | Comment meta |
## WooCommerce Tables
| Table | Purpose |
|-------|---------|
| `wp_woocommerce_sessions` | Customer sessions |
| `wp_woocommerce_api_keys` | REST API keys |
| `wp_woocommerce_attribute_taxonomies` | Product attribute definitions |
| `wp_woocommerce_downloadable_product_permissions` | Digital product access |
| `wp_woocommerce_order_items` | Order line items |
| `wp_woocommerce_order_itemmeta` | Order item meta |
| `wp_woocommerce_tax_rates` | Tax configuration |
| `wp_woocommerce_tax_rate_locations` | Tax rate geo rules |
| `wp_woocommerce_shipping_zones` | Shipping zones |
| `wp_woocommerce_shipping_zone_locations` | Zone locations |
| `wp_woocommerce_shipping_zone_methods` | Zone shipping methods |
| `wp_woocommerce_payment_tokens` | Saved payment tokens (PayU) |
| `wp_woocommerce_payment_tokenmeta` | Payment token meta |
| `wp_wc_product_meta_lookup` | Product search/filter cache |
| `wp_wc_tax_rate_classes` | Tax classes |
| `wp_wc_webhooks` | WooCommerce webhooks |
## Key Custom Fields (ACF — stored in wp_postmeta)
| Field key | Post type | Purpose |
|-----------|-----------|---------|
| `end_date_of_the_offer` | `product` | Offer expiry date; read by `cron-products.php` to auto-unpublish |
## bbPress Tables
| Table | Purpose |
|-------|---------|
| Uses `wp_posts` | Forum, topic, reply post types |
| Uses `wp_postmeta` | Forum/topic meta |
| Uses `wp_terms` | Forum taxonomy |
## Notes
- Products (courses) are stored as `wp_posts` with `post_type = 'product'`
- Course categories are `wp_terms` under `product_cat` taxonomy
- Custom "Rezerwuj miejsce" / stock behavior driven by `wp_postmeta` stock fields + ACF `end_date_of_the_offer`
- Divi page builder content stored as serialized shortcodes in `wp_posts.post_content`
- Divi customizer settings (from divi-children-engine) stored in `wp_options` as `theme_mods_body-relax`

56
.paul/codebase/integrations.md Normal file
View File

@@ -0,0 +1,56 @@
# External Integrations
> Generated by /paul:map-codebase — 2026-04-26
## Payment Processing
| Service | Plugin | Version | Notes |
|---------|--------|---------|-------|
| PayU | woo-payu-payment-gateway | 2.0.13 | Methods: card, BLIK, bank transfer, PayPo, Twisto, installments |
## Analytics & Marketing
| Service | Plugin | Version | Purpose |
|---------|--------|---------|---------|
| Google Analytics | Google Site Kit | 1.128.1 | Site analytics |
| Google Tag Manager | GTM4WP | 1.22.3 | Tag container |
| Facebook Pixel | PixelYourSite | — | Conversion tracking |
| Google Shopping | Woo Product Feed PRO | 13.3.2 | Product feeds for Google, Bing, etc. |
## Social Media
| Service | Plugin | Version | Purpose |
|---------|--------|---------|---------|
| Instagram | Smash Balloon Instagram Feed | 6.1.6 | Feed display |
| YouTube | Elfsight YouTube Gallery CC | 3.5.0 | Gallery embed |
| YouTube | YouTube Feed Pro | — | Feed display |
| Facebook Messenger | FB Messenger Live Chat | 1.5.0 | Live chat widget |
## Hosting & Infrastructure
| Service | Details |
|---------|---------|
| Hosting | Cyber-Folks shared hosting (`s165.cyber-folks.pl`) |
| App management | Installatron (handles updates; auto-update disabled in WP) |
| FTP deployment | ftp-kr VS Code extension, auto-upload enabled |
| SSL | Really Simple SSL plugin + server certificate |
## Security
| Service | Method |
|---------|--------|
| Wordfence WAF | `.htaccess` + `.user.ini` auto_prepend_file |
| GDPR Cookie consent | Beautiful & Responsive Cookie Consent plugin |
| Spam protection | WP Armour / Honeypot |
| Malware scanning | GoTMLS plugin |
## Email
- Contact email hardcoded in theme: `szkolenia@kursymasazu.com`
- WooCommerce order emails (via WordPress mail / likely server sendmail)
## Scheduled Tasks
| Script | Trigger | Purpose |
|--------|---------|---------|
| `cron-products.php` | External cron call | Auto-unpublish WooCommerce products when ACF `end_date_of_the_offer` passes |

71
.paul/codebase/stack.md Normal file
View File

@@ -0,0 +1,71 @@
# Technology Stack
> Generated by /paul:map-codebase — 2026-04-26
## Core Platform
| Layer | Technology | Version |
|-------|-----------|---------|
| CMS | WordPress | Core deployed server-side (not in repo) |
| PHP | Minimum 5.6.20, recommended 7.4+ | Runtime on Cyber-Folks |
| Database | MySQL | DB: `garbary_szkury`, prefix `wp_`, host: localhost |
| Web Server | Apache | .htaccess-based routing |
## Themes
| Theme | Role | Version | Path |
|-------|------|---------|------|
| body-relax | Active child theme | 1.0 | `wp-content/themes/body-relax/` |
| Divi | Parent theme (ET) | Current on server | `wp-content/themes/Divi/` |
| Divi Children Engine | Customizer extension | 1.0.4 | `wp-content/themes/body-relax/divi-children-engine/` |
## Key Plugins
### E-Commerce
- **WooCommerce** v6.8.1 — Core e-commerce (courses as products)
- **PayU Payment Gateway** v2.0.13 — Polish payment processor (card, BLIK, bank transfer, PayPo, Twisto)
- **WooCommerce NIP** v1.1.0 — Polish tax ID field at checkout
- **Flexible Checkout Fields** v3.4.2 — Custom checkout field management
- **Checkout Field Editor** v1.9.1 — Additional field customization
### Content & SEO
- **Advanced Custom Fields (ACF)** v6.2.1 — Custom fields (notably `end_date_of_the_offer` on products)
- **Yoast SEO** v19.6.1 — SEO management
- **Google Site Kit** v1.128.1 — Analytics integration
- **GTM4WP** v1.22.3 — Google Tag Manager
- **CMB2** v2.10.1 — Custom meta boxes framework
### Community
- **bbPress** v2.6.9 — Forum software (NOTE: 100+ files modified — see concerns)
### Security
- **Really Simple SSL** v5.3.4 — HTTPS / cookie hardening
- **Wordfence WAF** — Web application firewall (via `.htaccess` + `.user.ini`)
- **Password Protected** v2.7.1 — Site-wide password protection
### Media & Social
- **Smash Balloon Instagram Feed** v6.1.6
- **Elfsight YouTube Gallery CC** v3.5.0
- **FB Messenger Live Chat** v1.5.0
- **PixelYourSite** — Facebook/analytics pixel
### Admin Tools
- **Loco Translate** v2.6.14 — Translation management
- **WP-Optimize** v3.2.14 — DB/image/cache optimization
- **Header/Footer Code Manager** — Custom code injection
- **Supreme Modules Lite for Divi** v2.4.1 — Divi module extensions
## Build Tools
| Tool | Purpose | Config |
|------|---------|--------|
| Live Sass Compile (VS Code) | SCSS → CSS, compressed, autoprefixed | `.vscode/settings.json` |
| FTP-KR (VS Code extension) | Auto-deploy to production | `.vscode/ftp-kr.json` |
## Deployment
- **Method**: FTP auto-upload (ftp-kr VS Code extension)
- **Host**: s165.cyber-folks.pl
- **Remote root**: `/domains/szkoleniauryzaj.pl/public_html/`
- **Auto-upload**: ENABLED (any file save triggers upload)
- **Excluded from sync**: `.git/`, `.vscode/`, `.serena/`, `.paul/`, `CLAUDE.md`

34
.paul/codebase/testing.md Normal file
View File

@@ -0,0 +1,34 @@
# Testing
> Generated by /paul:map-codebase — 2026-04-26
## Current State
**No automated testing detected.**
- No PHPUnit configuration
- No `tests/` directory in the theme or custom code
- No CI/CD pipeline (no GitHub Actions, no Gitlab CI)
- No linting configuration (no `.editorconfig`, `phpcs.xml`, `.eslintrc`)
- No staging environment detected (direct FTP to production)
## Manual Testing
Deployment is done via FTP auto-upload directly to production. All testing is effectively manual QA on the live site.
## Risk Areas Without Tests
| Area | Risk |
|------|------|
| WooCommerce filters (stock text, button labels) | Regressions visible to customers |
| cron-products.php | Silent failures leave expired products published |
| PayU gateway | Payment failures affect revenue |
| bbPress (modified) | Plugin updates will overwrite custom changes without notice |
## Recommended First Steps
If adding testing to this project:
1. Add a local WordPress environment (LocalWP or DDEV)
2. Add PHPUnit + wp-env or Brain Monkey for unit tests on custom functions
3. Add PHP_CodeSniffer with WordPress coding standards for static analysis
4. Add a staging FTP target in ftp-kr.json before going live with changes

4
.paul/codebase/todo.md Normal file
View File

@@ -0,0 +1,4 @@
# TODO
> Luźny parking pomysłów, rzeczy do sprawdzenia, rzeczy które mogą nigdy nie być wdrożone.
> Nie wymaga formalności — wrzucaj co chcesz.