jakevan/jvb.git

			@@ -134,14 +134,15 @@

			public function handleLogin(WP_REST_Request $request): WP_REST_Response
			{
			$data = $request->get_json_params();
			// Verify Turnstile
			if (!$this->verifyTurnstile($request->get_param('cf-turnstile-response') ?? '')) {
			if (!$this->verifyTurnstile($data['cf-turnstile-response'] ?? '')) {
			return $this->error('Security verification failed', 'turnstile_failed', 403);
			}

			$username = $request->get_param('user_email');
			$password = $request->get_param('user_password');
			$remember = (bool)$request->get_param('remember_me');
			$username = sanitize_email($data['user_email'] ?? '');
			$password = $data['user_password'] ?? '';
			$remember = (bool)($data['remember_me'] ?? false);

			// Check for account lockout
			$lockout = $this->checkAccountLockout($username);
			@@ -638,18 +639,6 @@
			return true;
			}

			protected function verifyTurnstile(string $token): bool
			{
			if (!Features::hasIntegration('cloudflare') \|\| !JVB()->connect('cloudflare')->isSetUp()) {
			return true;
			}

			if (empty($token)) {
			return false;
			}

			return JVB()->connect('cloudflare')->verifyTurnstile($token);
			}

			/**
			* Helper to return error response