jakevan/jvb.git

			@@ -152,11 +152,11 @@
			// Attempt login
			$user = wp_signon([
			'user_login' => $username,
			'user_email' => $username,
			'user_password' => $password,
			'remember' => $remember
			], false);


			if (is_wp_error($user)) {
			// Track failed attempt
			$this->trackFailedLogin($username);
			@@ -167,7 +167,6 @@
			401
			) : false;
			}

			// Clear failed attempts on success
			$this->clearFailedAttempts($username);

			@@ -175,6 +174,8 @@
			wp_set_current_user($user->ID);
			wp_set_auth_cookie($user->ID, $remember);



			// Store session fingerprint for hijacking protection
			if ($request) {
			$this->storeSessionFingerprint($user->ID, $request);
			@@ -267,13 +268,12 @@
			*/
			protected function getSessionId(int $user_id): string
			{
			// Use WordPress session tokens
			$sessions = WP_Session_Tokens::get_instance($user_id);
			$token = wp_get_session_token(); // Current session token

			if (!$token) {
			// Fallback to user-specific hash that changes on password reset
			return md5($user_id . get_user_meta($user_id, 'session_tokens', true));
			// Fallback to a hash based on user ID and current timestamp
			// This will be replaced once the session token is available
			return md5($user_id . time());
			}

			return md5($token);
			@@ -532,7 +532,7 @@
			update_user_meta($user_id, BASE . $key, sanitize_text_field($value));
			}

			$redirect = $this->getRedirect($user, $request->get_param('redirect_to'), 'register');
			$redirect = $this->getRedirect($user, $request->get_param('redirect_to')??get_home_url(null,'/dash'), 'register');

			// Handle token handlers
			do_action('jvbUserRegistered', $user_id, $email, $data);