From 8d0e2130627497b55b1a61cbe374bfb309ef2f27 Mon Sep 17 00:00:00 2001
From: Jake Vanderwerf <get@jakevanderwerf.ca>
Date: Thu, 01 Jan 2026 23:04:26 +0000
Subject: [PATCH] Merge branch 'main' of https://github.com/jakevdwerf/jvb

---
 inc/rest/routes/LoginRoutes.php |   14 +++++++-------
 1 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/inc/rest/routes/LoginRoutes.php b/inc/rest/routes/LoginRoutes.php
index 8c663c9..234f231 100644
--- a/inc/rest/routes/LoginRoutes.php
+++ b/inc/rest/routes/LoginRoutes.php
@@ -152,11 +152,11 @@
 		// Attempt login
 		$user = wp_signon([
 			'user_login'	=> $username,
-			'user_email' 	=> $username,
 			'user_password' => $password,
 			'remember' => $remember
 		], false);
 
+
 		if (is_wp_error($user)) {
 			// Track failed attempt
 			$this->trackFailedLogin($username);
@@ -167,7 +167,6 @@
 				401
 			) : false;
 		}
-
 		// Clear failed attempts on success
 		$this->clearFailedAttempts($username);
 
@@ -175,6 +174,8 @@
 		wp_set_current_user($user->ID);
 		wp_set_auth_cookie($user->ID, $remember);
 
+
+
 		// Store session fingerprint for hijacking protection
 		if ($request) {
 			$this->storeSessionFingerprint($user->ID, $request);
@@ -267,13 +268,12 @@
 	 */
 	protected function getSessionId(int $user_id): string
 	{
-		// Use WordPress session tokens
-		$sessions = WP_Session_Tokens::get_instance($user_id);
 		$token = wp_get_session_token(); // Current session token
 
 		if (!$token) {
-			// Fallback to user-specific hash that changes on password reset
-			return md5($user_id . get_user_meta($user_id, 'session_tokens', true));
+			// Fallback to a hash based on user ID and current timestamp
+			// This will be replaced once the session token is available
+			return md5($user_id . time());
 		}
 
 		return md5($token);
@@ -532,7 +532,7 @@
 			update_user_meta($user_id, BASE . $key, sanitize_text_field($value));
 		}
 
-		$redirect = $this->getRedirect($user, $request->get_param('redirect_to'), 'register');
+		$redirect = $this->getRedirect($user, $request->get_param('redirect_to')??get_home_url(null,'/dash'), 'register');
 
 		// Handle token handlers
 		do_action('jvbUserRegistered', $user_id, $email, $data);

--
Gitblit v1.10.0