Q-Rare — Digital Asset Management & Appointment Booking Platform

Executive Summary

Q-Rare is a comprehensive digital platform developed for the Italian Huntington Research League Foundation (Fondazione Lega Italiana Ricerca Huntington). The project delivers a sophisticated appointment booking system integrated with staff management, e-commerce capabilities, and GDPR-compliant data handling.

The solution combines the flexibility of WordPress with custom PHP development, implementing modern OOP architecture, REST APIs, and seamless third-party integrations to create a professional, scalable platform for medical research services.

The Challenge

The foundation needed a unified digital platform that could:

Manage Staff Profiles – Display medical professionals with their education, specializations, experience, and publications
Handle Appointment Booking – Allow patients to book consultations with specific staff members
Integrate Multiple Calendars – Sync with Google Calendar, Outlook, and Zoom for video consultations
Process Payments – Support multiple payment gateways (PayPal, Stripe)
Ensure GDPR Compliance – Handle consent management for Italian and EU privacy regulations
Deliver Performance – Serve content efficiently with enterprise-grade caching

Solution Architecture

The architecture leverages WordPress as the foundation while implementing custom PHP code following modern development practices:

Layer	Technologies / Components
Presentation Layer	Elementor Pro, Hello Elementor Child Theme, Custom CSS
Application Layer	Custom REST APIs, Shortcodes, WordPress Hooks, ACF Pro
Business Logic	BookingPress Pro, WooCommerce, iubenda GDPR Integration
Data Layer	MySQL, Redis Cache, Object Cache Pro
Infrastructure	Apache, PHP 8.x, WP Rocket, Malcare WAF

Technology Stack

Core Platform

Component	Technology	Purpose
CMS	WordPress 6.x	Content management foundation
Page Builder	Elementor Pro	Visual page design
Theme	Hello Elementor Child v2.0.0	Custom theme layer
Database	MySQL	Data persistence
Server	Apache	Web server

Booking & E-Commerce

Component	Technology	Purpose
Booking System	BookingPress Pro	Appointment scheduling
E-Commerce	WooCommerce	Product catalog & payments
Payment Gateways	Stripe, PayPal Pro	Transaction processing
Calendar Sync	Google Calendar, Outlook	Staff schedule integration
Video Calls	Zoom Integration	Remote consultations

Performance & Caching

Component	Technology	Purpose
Object Cache	Redis + Object Cache Pro	Database query caching
Page Cache	WP Rocket	Full page caching
Image Optimization	Imagify	WebP/AVIF conversion
Memory	1GB WP Memory Limit	High-performance processing

Security & Compliance

Component	Technology	Purpose
WAF	Malcare	Web Application Firewall
Spam Protection	Akismet	Form/comment filtering
GDPR	iubenda	Consent management

Key Features Implemented

1. Advanced Staff Management

Comprehensive staff profiles with ACF Pro custom fields
Education, specialization, and prior experience tracking
Publications library with external links
Dynamic staff notes displayed in booking interface

2. Multi-Channel Booking System

Service categorization with staff assignment
Cart system for multiple appointment bookings
Waiting list functionality
SMS and WhatsApp notifications
Tax calculation support
Multi-language booking forms

3. Calendar Integration

Bi-directional Google Calendar sync
Outlook Calendar integration
Zoom meeting auto-generation for virtual consultations

4. Payment Processing

Stripe integration for credit card payments
PayPal Pro for alternative payment method
WooCommerce integration for product sales

Automated consent collection via Elementor forms
Real-time consent logging to iubenda API
Cookie law compliance with banner management

Custom Development

Theme Architecture (OOP PHP)

The custom child theme implements modern PHP practices with namespacing and class-based architecture:

<?php
namespace HelloElementorChild;

if (!defined('ABSPATH')) {
    exit; // Exit if accessed directly.
}

// Define constants
define('HELLO_ELEMENTOR_CHILD_VERSION', '2.0.0');
define('HELLO_ELEMENTOR_CHILD_PATH', get_stylesheet_directory());
define('HELLO_ELEMENTOR_CHILD_URL', get_stylesheet_directory_uri());

/**
 * Main theme class to handle all functionality
 */
class Theme {
    /**
     * Constructor
     */
    public function __construct() {
        // Initialize hooks
        add_action('wp_enqueue_scripts', [$this, 'enqueue_scripts_styles'], 20);
        add_action('init', [$this, 'register_shortcodes']);
        add_action('elementor_pro/forms/form_submitted', [$this, 'handle_consent_submission']);
        add_filter('wp_mail', [$this, 'apply_email_template'], 10, 1);
        add_action('rest_api_init', [$this, 'register_rest_routes']);
        add_action('bookingpress_front_staffmember_list_extra_detail', [$this, 'add_staff_member_note']);
    }
}

// Initialize the theme
new Theme();

Custom Shortcodes

Staff Formation & Experience Display:

/**
 * Render staff formation experience
 */
public function render_staff_formation(): string {
    global $post;

    $sections = [
        'education' => __('Formazione', 'qrare'),
        'expertise' => __('Specializzazione', 'qrare'),
        'prior-experiences' => __('Esperienza pregressa', 'qrare')
    ];

    $html_parts = [];

    foreach ($sections as $field => $label) {
        $items = get_field($field, $post->ID);
        if (!empty($items)) {
            $list_items = array_map(function($item) use ($field) {
                $key = $field === 'prior-experiences' ? 'prior-experience' : $field . '_title';
                return sprintf('<li>%s</li>', esc_html($item[$key]));
            }, $items);

            $html_parts[] = sprintf(
                '<tr><th>%s</th><td><ul>%s</ul></td></tr>',
                esc_html($label),
                implode('', $list_items)
            );
        }
    }

    return empty($html_parts) ? '' : sprintf(
        '<table><tbody>%s</tbody></table>',
        implode('', $html_parts)
    );
}

Usage: [staff_formation_experience] – Renders education, specialization, and prior experience in a structured table format.

REST API Endpoints

Custom REST API endpoints provide data access for frontend components:

/**
 * Register REST API routes
 */
public function register_rest_routes(): void {
    register_rest_route('custom-api/v1', '/staff-note/', [
        'methods' => 'POST',
        'callback' => [$this, 'get_staff_member_note'],
        'permission_callback' => [$this, 'check_api_permission'],
        'args' => [
            'id' => [
                'required' => true,
                'validate_callback' => 'is_numeric',
            ],
        ],
    ]);

    register_rest_route('custom-api/v1', '/bookingpress-category-by-service', [
        'methods' => 'GET',
        'callback' => [$this, 'get_category_by_service'],
        'permission_callback' => [$this, 'check_api_permission'],
        'args' => [
            'service_name' => [
                'required' => true,
                'sanitize_callback' => 'sanitize_text_field',
            ],
        ],
    ]);
}

/**
 * Get staff member note from BookingPress
 */
public function get_staff_member_note(\WP_REST_Request $request) {
    global $wpdb;

    $staff_id = (int) $request->get_param('id');
    $table_name = $wpdb->prefix . 'bookingpress_staffmembers_meta';

    $result = $wpdb->get_var($wpdb->prepare(
        "SELECT meta_value FROM {$table_name}
        WHERE bookingpress_staffmember_id = %d
        AND meta_key = %s",
        $staff_id,
        'staffmember_note'
    ));

    if (null === $result) {
        return new \WP_Error(
            'not_found',
            'No staff note found for the provided ID.',
            ['status' => 404]
        );
    }

    return rest_ensure_response(['staffmember_note' => $result]);
}

Endpoints:

POST /wp-json/custom-api/v1/staff-note/ – Retrieves staff member biographical notes
GET /wp-json/custom-api/v1/bookingpress-category-by-service – Maps service names to booking categories

Email Template System

Branded HTML email template with dynamic content injection:

/**
 * Apply email template
 */
public function apply_email_template(array $args): array {
    if (!isset($args['message'], $args['subject'], $args['headers'])) {
        return $args;
    }

    // Skip if already HTML
    if (strpos($args['message'], '<html') !== false ||
        strpos($args['message'], '<body') !== false) {
        return $args;
    }

    $template_path = HELLO_ELEMENTOR_CHILD_PATH . '/email_template.html';
    if (!file_exists($template_path)) {
        return $args;
    }

    $template = file_get_contents($template_path);
    if ($template === false) {
        return $args;
    }

    $replacements = [
        '{email_subject}' => sprintf('<h1 style="line-height: 1.7em;">%s</h1>', $args['subject']),
        '{email_content}' => $args['message'],
        '{email_year}' => date('Y'),
    ];

    $args['message'] = str_replace(
        array_keys($replacements),
        array_values($replacements),
        $template
    );

    // Set appropriate headers
    if (empty($args['headers'])) {
        $args['headers'] = !empty($args['attachments'])
            ? 'Content-Type: multipart/mixed; charset=UTF-8'
            : 'Content-Type: text/html; charset=UTF-8';
    }

    return $args;
}

Automated consent logging to iubenda API on form submission:

/**
 * Handle consent submission
 */
public function handle_consent_submission(): void {
    if (!isset($_POST['form_fields'])) {
        return;
    }

    $fields = wp_unslash($_POST['form_fields']);

    $consent_data = [
        'timestamp' => current_time('mysql'),
        'subject' => [
            'full_name' => sanitize_text_field($fields['full_name'] ?? ''),
            'email' => sanitize_email($fields['email'] ?? ''),
        ],
        'legal_notices' => [
            ['identifier' => 'privacy_policy']
        ],
        'preferences' => [
            'privacy_policy_elementor' => true
        ],
    ];

    wp_remote_post('https://consent.iubenda.com/consent', [
        'headers' => [
            'ApiKey' => $api_key,
            'Content-Type' => 'application/json',
        ],
        'body' => wp_json_encode($consent_data),
        'timeout' => 30,
    ]);
}

BookingPress Customization

Extended BookingPress frontend to display staff notes using Vue.js template binding:

/**
 * Add staff member note to frontend
 */
public function add_staff_member_note(): void {
    echo '<p class="bpa-front-cb__item qrare-staff-area"
          :data-staff-id="staffmember_details.bookingpress_staffmember_id">
          {{ staffmember_details.staffmember_note }}
          </p>';
}

WordPress Ecosystem Integration

Plugin Architecture

The solution integrates 37 carefully selected plugins organized by function:

Booking System (13 components):

BookingPress Core + Pro
Cart, Tax, Waiting List add-ons
Calendar integrations (Google, Outlook)
Payment gateways (Stripe, PayPal)
Communication (SMS, WhatsApp)
Video conferencing (Zoom)

Content Management:

Elementor Pro for visual editing
ACF Pro for structured custom fields
Yoast SEO for search optimization

Performance Stack:

WP Rocket for page caching
Object Cache Pro with Redis backend
Imagify for image optimization

ACF Pro Integration

Custom fields power the staff profile system:

Staff Post Type Fields:
├── education (Repeater)
│   └── education_title (Text)
├── expertise (Repeater)
│   └── expertise_title (Text)
├── prior-experiences (Repeater)
│   └── prior-experience (Text)
└── pubblications (Repeater)
    ├── pubblication-title (Text)
    └── pubblication-url (URL)

Performance & Security

Caching Strategy

Multi-Layer Cache Architecture:

Request → WP Rocket (Page Cache)
        → Object Cache Pro (Redis)
        → MySQL (Persistent Storage)

Redis Configuration:

Dedicated database (DB 6264)
Zstandard compression for memory efficiency
IGBinary serializer for fast object handling
Token-based authentication

WP Rocket Optimizations:

Full page caching with cache preloading
CSS/JS minification and combination
Lazy loading for images
Database optimization

Security Measures

Web Application Firewall:

Malcare WAF with real-time threat detection
Automatic malware scanning
Login protection and rate limiting

Application Security:

Prepared statements for all database queries
Input sanitization (sanitize_text_field, sanitize_email)
Nonce verification for form submissions
Output escaping (esc_html, esc_url)

Infrastructure:

SSL/TLS encryption
.htaccess security rules
Disabled XML-RPC
Hidden WordPress version

Results & Impact

Operational Improvements

Streamlined Booking Process – Patients can book appointments 24/7 with real-time availability
Reduced Administrative Overhead – Automated calendar sync eliminates manual scheduling conflicts
Enhanced Staff Visibility – Comprehensive profiles build trust with prospective patients
Multi-Channel Communication – SMS, WhatsApp, and email notifications improve engagement

Technical Achievements

Sub-2 Second Page Loads – Enterprise caching delivers fast user experience
99.9% Uptime – Robust infrastructure ensures service reliability
GDPR Compliant – Automated consent management meets EU regulations
Scalable Architecture – Modular design supports future feature additions

User Experience

Mobile-Responsive Design – Elementor-powered layouts adapt to all devices
Intuitive Booking Flow – Clear service categorization and staff selection
Secure Payments – Multiple trusted payment options increase conversion
Professional Branding – Consistent visual identity across all touchpoints

Lessons Learned

Technical Insights

OOP Architecture Pays Off – Namespaced classes provide clean separation of concerns and easier maintenance
REST APIs Enable Flexibility – Custom endpoints allowed frontend features without modifying core plugins
Hook System Mastery – WordPress hooks enabled deep customization of third-party plugins (BookingPress) without modifying their code
Redis is Essential – For plugin-heavy WordPress sites, object caching is critical for performance
Plugin Patching Strategy – Maintaining custom patches for plugin updates requires systematic version control

Best Practices Applied

Security First – Prepared statements, input validation, and output escaping throughout
Performance Monitoring – Regular cache hit ratio analysis and database query optimization
Version Control – Git-based deployment with patch management for plugin customizations
Documentation – Code comments and architectural documentation for maintainability

Project Statistics

Metric	Value
Total PHP Files	11,445+
Custom Theme Code	321 lines
Plugins Integrated	37
REST API Endpoints	2 custom
Custom Shortcodes	2
Git Commits	18+

Technologies Used

Backend: PHP 8.x, MySQL, WordPress 6.x, REST API Frontend: HTML5, CSS3, JavaScript, Vue.js (BookingPress) Caching: Redis, WP Rocket, Object Cache Pro Security: Malcare WAF, Akismet, iubenda GDPR DevOps: Git, Apache, .htaccess configuration Integrations: Stripe, PayPal, Google Calendar, Outlook, Zoom, iubenda API