<?php
/**
 * Sway functions file
 *
 * @package sway
 * by KeyDesign
 */

 add_action( 'wp_enqueue_scripts', 'kd_enqueue_parent_theme_style', 5 );
 if ( ! function_exists( 'kd_enqueue_parent_theme_style' ) ) {
     function kd_enqueue_parent_theme_style() {
         wp_enqueue_style( 'bootstrap' );
         wp_enqueue_style( 'keydesign-style', get_template_directory_uri() . '/style.css', array( 'bootstrap' ) );
         wp_enqueue_style( 'child-style', get_stylesheet_directory_uri() . '/style.css', array('keydesign-style') );
     }
 }

 add_action( 'after_setup_theme', 'kd_child_theme_setup' );
 if ( ! function_exists( 'kd_child_theme_setup' ) ) {
     function kd_child_theme_setup() {
         load_child_theme_textdomain( 'sway', get_stylesheet_directory() . '/languages' );
     }
 }

 // -------------------------------------
 // Edit below this line
 // -------------------------------------

// ========================================
// SEO & GEO Enhancements – Care Talent Scouts
// Added: 2026-04-15
// ========================================

// 1. Geo Meta Tags
add_action( 'wp_head', 'cts_geo_meta_tags', 1 );
function cts_geo_meta_tags() {
    echo '<meta name="geo.region" content="DE-BY" />' . "\n";
    echo '<meta name="geo.placename" content="Deutschland" />' . "\n";
    echo '<meta name="geo.position" content="51.1657;10.4515" />' . "\n";
    echo '<meta name="ICBM" content="51.1657, 10.4515" />' . "\n";
    echo '<meta name="language" content="de-DE" />' . "\n";
}

// 2. LocalBusiness Schema (only on front page)
add_action( 'wp_head', 'cts_localbusiness_schema', 5 );
function cts_localbusiness_schema() {
    if ( ! is_front_page() ) return;
    $schema = array(
        '@context'      => 'https://schema.org',
        '@type'         => 'ProfessionalService',
        '@id'           => 'https://care-ts.de/#organization',
        'name'          => 'Care Talent Scouts',
        'alternateName' => 'Care-TS GmbH',
        'url'           => 'https://care-ts.de',
        'logo'          => 'https://care-ts.de/wp-content/uploads/2024/01/cropped-Website-180x180.png',
        'description'   => 'Faire und rechtssichere Vermittlung internationaler Pflegefachkraefte nach Deutschland.',
        'telephone'     => '+491604522544',
        'email'         => 'info@care-ts.com',
        'address'       => array(
            '@type'          => 'PostalAddress',
            'addressCountry' => 'DE',
        ),
        'areaServed'    => array(
            array( '@type' => 'Country', 'name' => 'Deutschland' ),
        ),
        'serviceType'   => array(
            'Personalvermittlung Pflege',
            'Internationale Pflegekraefte',
            'Physiotherapeuten Vermittlung',
        ),
        'knowsLanguage' => array( 'de', 'en', 'ro', 'pl', 'hr', 'sr' ),
    );
    echo '<script type="application/ld+json">' . wp_json_encode( $schema, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT ) . '</script>' . "\n";
}

// ========================================
// Security & Performance – Care Talent Scouts
// Added: 2026-04-15
// ========================================

// 1. Security Headers
add_action( 'send_headers', 'cts_security_headers' );
function cts_security_headers() {
    if ( is_admin() ) return;
    header( 'X-Frame-Options: SAMEORIGIN' );
    header( 'X-Content-Type-Options: nosniff' );
    header( 'X-XSS-Protection: 1; mode=block' );
    header( 'Referrer-Policy: strict-origin-when-cross-origin' );
    header( 'Permissions-Policy: camera=(), microphone=(), geolocation=(), payment=()' );
    header( 'Strict-Transport-Security: max-age=31536000; includeSubDomains' );
}

// 2. Remove X-Powered-By and WP version exposure
remove_action( 'wp_head', 'wp_generator' );
add_filter( 'the_generator', '__return_empty_string' );

add_filter( 'wp_headers', function( $headers ) {
    unset( $headers['X-Powered-By'] );
    return $headers;
});

// 3. Disable XML-RPC (security)
add_filter( 'xmlrpc_enabled', '__return_false' );
add_filter( 'xmlrpc_methods', function( $methods ) { return array(); } );

// 4. Remove WP version from scripts/styles
add_filter( 'style_loader_src',  'cts_remove_version_query', 10, 2 );
add_filter( 'script_loader_src', 'cts_remove_version_query', 10, 2 );
function cts_remove_version_query( $src ) {
    if ( strpos( $src, 'ver=' ) !== false ) {
        $src = remove_query_arg( 'ver', $src );
    }
    return $src;
}

// 5. Disable file editing in WP Admin (security)
if ( ! defined( 'DISALLOW_FILE_EDIT' ) ) {
    define( 'DISALLOW_FILE_EDIT', false );
}

// 6. Limit login attempts protection – hide login errors
add_filter( 'login_errors', function() {
    return 'Ungültige Anmeldedaten.';
} );

// 7. Remove Really Simple Discovery link (RSD)
remove_action( 'wp_head', 'rsd_link' );
remove_action( 'wp_head', 'wlwmanifest_link' );
remove_action( 'wp_head', 'wp_shortlink_wp_head' );

// 8. Disable REST API for non-logged-in users (selective)
add_filter( 'rest_authentication_errors', function( $result ) {
    if ( ! empty( $result ) ) return $result;
    if ( ! is_user_logged_in() ) {
        // Allow Yoast + block pure user enumeration
        $route = isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '';
        if ( strpos( $route, '/wp/v2/users' ) !== false ) {
            return new WP_Error( 'rest_forbidden', 'Keine Berechtigung.', array( 'status' => 401 ) );
        }
    }
    return $result;
} );


// ========================================
// Comment Spam Protection – Care Talent Scouts
// Added: 2026-04-15
// ========================================

// 1. Honeypot field – bots fill it, humans don't
add_action( 'comment_form_after_fields', 'cts_honeypot_field' );
function cts_honeypot_field() {
    echo '<p style="display:none!important" aria-hidden="true">';
    echo '<label for="cts_hp_email">Website (nicht ausfüllen)</label>';
    echo '<input type="text" name="cts_hp_email" id="cts_hp_email" value="" autocomplete="off" tabindex="-1">';
    echo '</p>';
}

// 2. Block comment if honeypot filled
add_filter( 'preprocess_comment', 'cts_honeypot_check' );
function cts_honeypot_check( $commentdata ) {
    if ( ! empty( $_POST['cts_hp_email'] ) ) {
        wp_die( 'Spam erkannt.', 'Kommentar abgelehnt', array( 'response' => 403 ) );
    }
    return $commentdata;
}

// 3. Block comments with too many URLs
add_filter( 'preprocess_comment', 'cts_block_link_spam' );
function cts_block_link_spam( $commentdata ) {
    $content = $commentdata['comment_content'];
    $url_count = preg_match_all( '/https?:///i', $content );
    if ( $url_count > 2 ) {
        wp_die( 'Zu viele Links.', 'Kommentar abgelehnt', array( 'response' => 403 ) );
    }
    return $commentdata;
}

// 4. Block comments submitted too fast (< 5 seconds after page load)
add_action( 'comment_form_before', 'cts_comment_timer_start' );
function cts_comment_timer_start() {
    echo '<input type="hidden" name="cts_form_time" value="' . time() . '">';
}

add_filter( 'preprocess_comment', 'cts_comment_timer_check' );
function cts_comment_timer_check( $commentdata ) {
    if ( isset( $_POST['cts_form_time'] ) ) {
        $elapsed = time() - (int) $_POST['cts_form_time'];
        if ( $elapsed < 5 ) {
            wp_die( 'Bitte warten Sie kurz.', 'Kommentar abgelehnt', array( 'response' => 403 ) );
        }
    }
    return $commentdata;
}

// 5. Disable comments on pages (only allow on blog posts)
add_action( 'init', 'cts_disable_comments_on_pages' );
function cts_disable_comments_on_pages() {
    foreach ( array( 'page' ) as $post_type ) {
        if ( post_type_supports( $post_type, 'comments' ) ) {
            remove_post_type_support( $post_type, 'comments' );
            remove_post_type_support( $post_type, 'trackbacks' );
        }
    }
}

// 6. Block comment REST API for non-logged users
add_filter( 'rest_pre_insert_comment', 'cts_rest_comment_check', 10, 2 );
function cts_rest_comment_check( $prepared, $request ) {
    if ( ! is_user_logged_in() ) {
        return new WP_Error( 'rest_forbidden', 'Nicht erlaubt.', array( 'status' => 403 ) );
    }
    return $prepared;
}


// Virtual page: serve portal at /kandidaten-portal/
add_action('init','cts_portal_rewrite');
function cts_portal_rewrite(){
  add_rewrite_rule('^kandidaten-portal/?$','index.php?cts_portal=1','top');
}
add_filter('query_vars','cts_portal_query_var');
function cts_portal_query_var($vars){$vars[]='cts_portal';return $vars;}
add_action('template_redirect','cts_portal_serve');
function cts_portal_serve(){
  if(!get_query_var('cts_portal'))return;
  $file = WP_CONTENT_DIR.'/uploads/cts-portal/portal.html';
  if(file_exists($file)){
    header('Content-Type: text/html; charset=UTF-8');
    header('X-Robots-Tag: noindex, nofollow');
    readfile($file);
    exit;
  }
  wp_die('Portal nicht verfügbar.');
}<?xml version="1.0" encoding="UTF-8"?><?xml-stylesheet type="text/xsl" href="//care-ts.de/wp-content/plugins/wordpress-seo/css/main-sitemap.xsl"?>
<sitemapindex xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
	<sitemap>
		<loc>https://care-ts.de/post-sitemap.xml</loc>
		<lastmod>2024-03-26T14:15:00+00:00</lastmod>
	</sitemap>
	<sitemap>
		<loc>https://care-ts.de/page-sitemap.xml</loc>
		<lastmod>2026-04-15T00:46:05+00:00</lastmod>
	</sitemap>
	<sitemap>
		<loc>https://care-ts.de/portfolio-sitemap.xml</loc>
		<lastmod>2020-08-04T16:46:42+00:00</lastmod>
	</sitemap>
	<sitemap>
		<loc>https://care-ts.de/category-sitemap.xml</loc>
		<lastmod>2024-03-26T14:15:00+00:00</lastmod>
	</sitemap>
	<sitemap>
		<loc>https://care-ts.de/post_tag-sitemap.xml</loc>
		<lastmod>2024-03-26T14:15:00+00:00</lastmod>
	</sitemap>
	<sitemap>
		<loc>https://care-ts.de/portfolio-category-sitemap.xml</loc>
		<lastmod>2020-08-04T16:46:42+00:00</lastmod>
	</sitemap>
	<sitemap>
		<loc>https://care-ts.de/author-sitemap.xml</loc>
		<lastmod>2026-04-14T22:43:40+00:00</lastmod>
	</sitemap>
</sitemapindex>
<!-- XML Sitemap generated by Yoast SEO -->