# CC Soccer D11 - Session Handoff **Date:** March 14, 2026 **Session:** Available Registrations page — text fixes, cache fix, empty state, admin eligibility bypass **Branch:** `main` ## Last Updated 2026-03-14 (session 3) ## Current State ### Completed this session #### Available Registrations page (`/register`) — four fixes **1. Page title / section heading text** - Route title: `Register for Season` → `Available Registrations` - Section heading: `Available Seasons` → `Leagues` - Section heading: `Available Tournaments` → `Tournaments` **2. Cache tags — new seasons/tournaments now show without manual cache clear** - Root cause: cache tags were built only from already-loaded entities, so a brand-new season had no tag to trigger invalidation - Fix: added `entity_list:season` and `entity_list:tournament` to `$build['#cache']['tags']` - Drupal automatically invalidates these list tags whenever any entity of that type is created/updated/deleted **3. Empty state message** - When no seasons or tournaments are visible to the current user, shows: "There are no registrations available at this time. Check back soon!" - Filter-aware: when a filter pill (Coed / Men's / Tournaments) is active, empty state checks only the filtered available arrays — having registrations in other categories doesn't suppress the message **4. Admin eligibility bypass in `userMeetsSeasonRequirements()`** - Root cause: admins/board members without a fully completed profile (e.g. gender not set) were having men's 35+ seasons silently hidden as `ineligible` - Fix: users with `administer ccsoccer` or `manage seasons` permission now skip age/gender checks entirely - Regular players are still subject to normal eligibility filtering --- ## Files Changed This Session - `web/modules/custom/ccsoccer/ccsoccer.routing.yml` (route title) - `web/modules/custom/ccsoccer/src/Controller/RegistrationController.php` (section headings, cache tags, empty state, admin bypass) --- ## Deploy Notes Standard deploy — no new PHP classes, no composer changes needed: ```bash cd ~/public_html/test_ccsoccer_site git pull PATH=/opt/cpanel/ea-php83/root/usr/bin:$PATH /opt/cpanel/ea-php83/root/usr/bin/php vendor/drush/drush/drush.php -r web cr ``` --- ## Remaining Work ### Page cleanup in progress - [ ] My Profile edit page — field/layout tweaks (jersey size review, width/layout) - [ ] Address book page — CSS styling - [ ] Payment methods page — CSS styling - [ ] Credits (Admin) page — dark table header needs token-based styling - [ ] Order detail page — further polish (time format, quantity shows 1.00 not 1) - [ ] Purchase Jerseys — node edit (remove duplicate h2, add jersey set description + photo) - [ ] Product catalog exploration — assess Commerce out-of-box before customizing ### Width/layout pass (batch fix) Pages that are full-width and should be ~60% constrained: - [ ] User edit form - [ ] Address book - [ ] Payment methods - [ ] Order detail (partially done — customer-information/order-information constrained) ### Button methodology pass (after all pages on custom theme) - Formalize 3-tier system: primary red / primary-soft navigation / white informational - Audit all button usages across templates and CSS files ### Content - [ ] Add description to 2026 Summer Cup tournament entity ### Inner Page Styling - [ ] Credits page (player) - [ ] Purchase Jerseys page ### Forms - [ ] Registration form inputs, buttons, visual styling ### Navigation / Mobile - [ ] Re-add Tournament Schedule to main nav ### Notifications - [ ] "Don't send to already registered" logic - [ ] Automated reminders (6/4/2/1 week intervals) ### Security Hardening (Before Production) - [ ] Remove/rotate Authorize.net API credentials from version control; move to environment variables or `settings.local.php` config overrides - [ ] Set a strong `hash_salt` value in production `settings.local.php` - [ ] Disable and uninstall the Devel module for production (`drush pm:uninstall devel devel_generate`) - [ ] Configure `trusted_host_patterns` in `settings.local.php` — do this now on test (`'^test\.ccsoccer\.com$'`), then again on production (`'^ccsoccer\.com$'`, `'^www\.ccsoccer\.com$'`) - [ ] Add `X-CSRF-Token` headers to all AJAX POST requests in JS files (roster-builder, schedule-builder, player-skill, notification-confirm, tournament-teams, season-players) - [ ] Add controller-level entity access checks to AJAX endpoints (PlayerAdminController, PlayerSkillController) - [ ] Replace `innerHTML` with safe DOM methods in JS files handling user-controlled data - [ ] See `CC_Soccer_Security_Assessment.md` for full details ### Deployment Prep - [ ] Enable reCAPTCHA on registration form - [ ] Self-host Inter font - [ ] Enable CSS/JS aggregation on test + production before launch - [ ] Final mobile/browser testing - [ ] Remove IP whitelist block from production `.htaccess` - [ ] Decide canonical domain (www vs non-www) - [ ] Confirm HTTPS redirect handling ### Small Items - [ ] Breadcrumbs - [ ] Game status: only show ON/CANCELLED after 3pm - [ ] Contact page - [ ] Social links (placeholder #) - [ ] Hero width (full bleed) - [ ] Password reset flow for migrated users - [ ] Fix contextual theme stale database reference - [ ] Fix Commerce config import loop - [ ] CSS consolidation pass (33 CSS files — replace hardcoded hex/px with tokens) --- ## Test Server .htaccess (IP Whitelist) Not in git — protected via `skip-worktree`. If ever lost: ```apache # IP Whitelist - Test server only (DO NOT commit to git) # Caleb/Layne: 68.249.41.9 | Andrew: 35.151.50.130 | Dave: 99.8.107.54 | Haley: 97.84.70.141 Require ip 68.249.41.9 35.151.50.130 99.8.107.54 97.84.70.141 Header set X-Robots-Tag "noindex, nofollow, noarchive" ``` ```bash git update-index --skip-worktree web/.htaccess ``` --- ## Server Quick Reference ```bash cd ~/public_html/test_ccsoccer_site git pull # If new PHP classes added: PATH=/opt/cpanel/ea-php83/root/usr/bin:$PATH /opt/cpanel/ea-php83/root/usr/bin/php /opt/cpanel/composer/bin/composer dump-autoload # If composer.lock changed: PATH=/opt/cpanel/ea-php83/root/usr/bin:$PATH /opt/cpanel/ea-php83/root/usr/bin/php /opt/cpanel/composer/bin/composer install --ignore-platform-req=ext-intl # Standard post-pull: PATH=/opt/cpanel/ea-php83/root/usr/bin:$PATH /opt/cpanel/ea-php83/root/usr/bin/php vendor/drush/drush/drush.php -r web updb -y PATH=/opt/cpanel/ea-php83/root/usr/bin:$PATH /opt/cpanel/ea-php83/root/usr/bin/php vendor/drush/drush/drush.php -r web cr ``` ## Git Workflow - Always `git pull` before `git push` — Andrew may have pushed changes - `main` is the primary branch - `settings.local.php` is NOT in git — never commit it