Sponsored Content Submission Plugin – Technical Specifications
Plugin Overview
A standalone WordPress plugin to enable non-logged-in users (authenticated through a custom system) to:

Submit sponsored content (title, body, image, company, contact, links).

Pay via Stripe before submission.

Store all submissions securely in a separate Google Cloud SQL database (not WordPress DB).

Allow admin approval/rejection through a custom dashboard.

Stipulations (Non-Negotiable Requirements)
No WordPress User System

Do not use wp_users or wp_login.

Authentication will hook into an external system (specs included in HubHawaiiAuthentication_Specs.txt).

No WordPress Database Storage

Do not use WP tables (wp_posts, wp_options, etc.).

All submission content, user data, and status tracking will be stored in a Google Cloud SQL (MySQL) database.

Plugin will connect to this DB via secure credentials (to be added separately).

No Dofollow Links

All URLs in sponsored posts will be automatically rewritten to include rel="nofollow sponsored".

Admin Approval Required

Submissions must be manually approved before being shown.

Admin dashboard should list submissions from the external DB with approve/reject buttons.

User Flow
Sponsored Content Submission Form

Fields:

Business Name

Contact Name + Email

Article Title

Body Text (WYSIWYG or Markdown)

Upload Image (1 max – store in /wp-content/uploads/sponsored/)

External Links (max 2)

Submission triggers:

Validation

Stripe Checkout (amount based on pricing tier)

On payment success, content is saved to the Google Cloud SQL DB with status = pending_review.

Admin Review Dashboard (WP Admin > Sponsored Content)

List of all submissions (pending, approved, rejected)

Ability to:

Preview content

Approve (status → approved)

Reject (status → rejected; optional rejection reason)

Bulk actions support

Frontend Display Block

Only approved posts are shown

Shortcode or block: [sponsored_content]

Display style:

Image + Title + Short Excerpt + “Sponsored by X” + “Read More” link

All links have rel="nofollow sponsored" attribute

Content should be injected via API call to Google Cloud SQL, not via WP queries

Technical Structure
Plugin Directory: sponsored-content


sponsored-content/
├── sponsored-content.php           # Main plugin file
├── includes/
│   ├── gcs-db.php                  # External DB connector (Google Cloud SQL)
│   ├── form-handler.php            # Validates form and saves to external DB
│   ├── admin-dashboard.php         # Custom admin panel for moderation
│   ├── display-shortcode.php       # Frontend display block
│   └── stripe-handler.php          # Stripe integration
├── assets/
│   ├── css/
│   └── js/
├── templates/
│   ├── form-template.php
│   └── sponsored-content-block.php
Security Considerations
All user-generated input is sanitized and validated.

Only authenticated users (from external auth system) can submit.

All DB operations use prepared statements via mysqli or PDO.

File uploads restricted to JPEG/PNG, size limit 2MB, with random file names.

Image storage: /wp-content/uploads/sponsored/ (or GCS bucket if preferred later).

No PHP evals or unescaped HTML allowed in body content.