<?php
// Shortcode: [smart_screen]
add_shortcode(‘smart_screen’, function () {
if ( ! is_user_logged_in() ) {
return ‘<p>You must be logged in to use Smart Screen.</p>’;
}
// Only allow “Partner” role (optional but recommended)
if ( ! current_user_can(‘partner’) && ! current_user_can(‘administrator’) ) {
return ‘<p>Access restricted.</p>’;
}
global $wpdb;
$table = $wpdb->prefix . ‘watchlist’;
$out = ‘<div class=”ss-wrap” style=”max-width:720px;margin:0 auto;padding:16px;border-radius:12px;border:1px solid #eee;”>’;
$out .= ‘<h2 style=”margin-top:0;”>One-Click Smart Screen</h2>’;
if (!empty($_POST[‘ss_token’]) && wp_verify_nonce($_POST[‘ss_token’], ‘ss_check’)) {
$name = isset($_POST[‘ss_name’]) ? trim(sanitize_text_field($_POST[‘ss_name’])) : ”;
$email = isset($_POST[‘ss_email’]) ? sanitize_email($_POST[‘ss_email’]) : ”;
if ($name === ”) {
$out .= ‘<div style=”padding:12px;border-left:4px solid #cc0000;background:#fff5f5;”>Please enter a name.</div>’;
} else {
// Build query (name partial match + optional exact email match)
$like = ‘%’ . $wpdb->esc_like($name) . ‘%’;
$sql = ”
SELECT id, full_name, alt_names, email, passport, national_id, status, source, notes
FROM {$table}
WHERE full_name LIKE %s
OR alt_names LIKE %s
” . ($email ? ” OR email = %s ” : “”) . ”
LIMIT 50
“;
$params = [$like, $like];
if ($email) { $params[] = $email; }
$rows = $wpdb->get_results($wpdb->prepare($sql, $params));
if (!empty($rows)) {
$out .= ‘<div style=”padding:12px;border-left:4px solid #cc8b00;background:#fff9e6;”><strong>⚠️ Possible matches found (‘ . count($rows) . ‘):</strong></div>’;
$out .= ‘<ul style=”line-height:1.7;”>’;
foreach ($rows as $r) {
$label = esc_html($r->full_name);
$status = $r->status ? ‘ — ‘ . esc_html($r->status) : ”;
$src = $r->source ? ‘ (source: ‘ . esc_html($r->source) . ‘)’ : ”;
$out .= ‘<li>’ . $label . $status . $src . ‘</li>’;
}
$out .= ‘</ul>’;
} else {
$out .= ‘<div style=”padding:12px;border-left:4px solid #2a7a2a;background:#ecffef;”><strong>✅ No match found in the internal list.</strong></div>’;
}
}
}
// Simple form
$out .= ‘<form method=”post” style=”margin-top:12px;”>
‘ . wp_nonce_field(‘ss_check’, ‘ss_token’, true, false) . ‘
<label style=”display:block;margin-bottom:6px;”>Name to screen</label>
<input type=”text” name=”ss_name” required style=”width:100%;padding:10px;border:1px solid #ddd;border-radius:8px;”>
<div style=”margin-top:10px;”>
<label style=”display:block;margin-bottom:6px;”>Email (optional)</label>
<input type=”email” name=”ss_email” style=”width:100%;padding:10px;border:1px solid #ddd;border-radius:8px;”>
</div>
<button type=”submit” style=”margin-top:12px;padding:10px 16px;border:none;border-radius:8px;cursor:pointer;”>Run Smart Screen</button>
</form>’;
// Footer note
$out .= ‘<p style=”font-size:12px;color:#555;margin-top:12px;”>Results are checked against your private internal list. For any positive or partial match, please conduct further verification.</p>’;
$out .= ‘</div>’;
return $out;
});