- Marked current state as public soft launch
- Temporarily hidden incomplete sections
- Confirmed routing, hero/slider logic loads without error
- Prepared for incremental SEO, UI, and functionality improvements
- Created TokenService for generic HMAC token generation and validation
- Created UnsubscribeTokenService to wrap TokenService with email+timestamp logic and TTL
- Updated UnsubscribeController to require valid signed tokens for GET /unsubscribe
- Token is generated using email + ts + shared secret, validated against TTL (default 24h)
- Confirm view now inaccessible unless accessed via system-generated link
- Deprecated static helper in favor of service architecture
- Updated VerificationController::verify() to:
- Distinguish between invalid and expired verification codes
- Preserve expired codes to allow resend and proper feedback
- Log verification attempts with safe type handling
- Display a clear message for already-verified submissions
- Avoid DB errors from unknown 'type' values (supports contact+newsletter)
- Updated verify_success.php and verify_failed.php:
- Unified layout using Arsha theme with View::render() wrapping buffered output
- `verify_failed.php` now shows a resend form only if applicable
- If code is invalid and no email context is known, redirect prompt is shown
- Ensured fallback logic for all messaging variables is robust and user-safe
essae
overplayed