=== Employee Verification & Document Authentication ===
Contributors:      skfreelancers, saqibabbasi
Tags:              employee verification, document authentication, internship letter, experience letter, HR management
Requires at least: 5.8
Tested up to:      6.9
Stable tag: 1.3.4
Requires PHP:      7.4
License:           GPLv2 or later
License URI:       https://www.gnu.org/licenses/gpl-2.0.html

Manage employees, issue QR-verified internship and experience letters, and let visitors verify staff and documents using simple shortcodes.

== Description ==

**Employee Verification & Document Authentication** is a complete HR document management system for WordPress. Issue tamper-proof internship completion letters and experience letters with unique verification IDs and QR codes, then let anyone verify authenticity through a simple public-facing page.

= Key Features =

**Employee Management**
* Add, edit, and delete employee profiles with photos
* Track Active, Intern, and Former Employee statuses
* Store joining date, leaving date, internship period, CNIC, father name, and tasks completed
* Bulk import employees via CSV
* Custom fields system — define global fields and fill per employee

**Document Generation**
* Issue Internship Completion Letters and Experience Letters
* One letter per type per employee — enforced at database level
* Letters render live on every view, always reflecting your current settings
* Print / Save as PDF from the browser (A4 size, printer-ready)

**Verification System**
* Every letter gets a unique 16-character cryptographically random Verification ID
* QR code on each letter links directly to the document verification page
* Public shortcodes for employee and document verification
* `[evda_employee_verification]` — search employees by ID, Name, or CNIC
* `[evda_document_verification]` — verify letters by ID or QR scan

**Letter Customization (Settings)**
* Company logo on all letters
* Full typography control: font, size, line height, colors
* Editable letter body templates with placeholders
* Optional signature block: name, title, and uploaded signature image
* Custom footer message (office address, phone, website)
* Toggle: QR code, border/shadow, title underline
* All styling changes apply instantly to existing letters — no regeneration needed

**Email Notifications**
* Auto-email employees when a letter is issued
* Configurable subject and body templates with placeholders
* Email logs with last 100 send attempts
* Test email button

**Admin Search Flexibility**
* Choose which fields visitors can search on: Employee ID, Full Name, and/or CNIC

= Shortcodes =

`[evda_employee_verification]` — Public employee lookup form.
`[evda_document_verification]` — Public document verification form. Also works via URL: `?id=VERIFICATION_ID`

= Privacy =

This plugin stores employee data entered by the site administrator. No data is sent to external services except for QR code generation (uses a public QR API or falls back to a local generator). No tracking or analytics are included.

== Installation ==

1. Upload the `employee-verification` folder to `/wp-content/plugins/`, or install via **Plugins → Add New → Upload Plugin**.
2. Activate the plugin. Database tables are created automatically.
3. Create two WordPress pages and add shortcodes:
   * A page with `[evda_employee_verification]`
   * A page with `[evda_document_verification]`
4. Go to **Employee Verify → Settings → General** and assign those pages.
5. Upload your company logo and configure styling as desired.
6. Add employees under **Employee Verify → Employees** and start generating letters.

== Frequently Asked Questions ==

= Do I need any extra libraries or Composer? =
No. The plugin works out of the box with no dependencies. Letters are rendered as printer-friendly HTML pages which users can save as PDF using Ctrl+P → Save as PDF.

= Are generated letters affected by settings changes? =
Yes. Letters are rendered live on every view, so any change to typography, colors, signature, footer message, or other settings is immediately reflected on all existing letters without needing to regenerate them.

= Is the verification system secure? =
Verification IDs are 16-character uppercase hex strings generated using PHP's `random_bytes()` (cryptographically secure). All inputs are sanitized and validated. All admin actions are protected by WordPress nonces. Database queries use `$wpdb->prepare()`.

= Can I search employees by CNIC on the public page? =
Yes. Go to Settings → General → Employee Search Fields and enable the CNIC option (along with Employee ID and/or Full Name).

= What happens to data when I deactivate the plugin? =
Deactivating the plugin removes the plugin's database version marker but leaves all employee and document data intact. Data is only removed if you uninstall the plugin.

= Can I bulk-import employees? =
Yes. Go to **Employee Verify → Employees** and use the CSV Import section. A downloadable template is provided.

== Screenshots ==

1. Employee list with letter status and quick actions
2. Add/Edit employee form with all fields
3. Generated Internship Completion Letter (A4, print-ready)
4. Public employee verification page
5. Plugin settings — Styling tab with live preview
6. Plugin settings — Signature block configuration


== External Services ==

This plugin optionally connects to two external QR code generation APIs when generating QR codes for employee letters. These APIs are only called **server-side** (never from the visitor's browser) when WordPress is generating a letter or verification page.

= 1. goQR.me API =
* **What it does:** Generates a QR code PNG image for a verification URL.
* **When it is called:** When a new letter is generated and the PHP GD extension is unavailable.
* **Data sent:** The public verification URL (e.g. `https://yoursite.com/?evda_verify_doc=XXXX`). No personal data is transmitted.
* **Service provider:** goQR.me — https://goqr.me
* **Terms of use:** https://goqr.me/terms-of-use/
* **Privacy policy:** https://goqr.me/privacy-policy/

= 2. Google Charts API =
* **What it does:** Fallback QR code PNG generation if the goQR.me API is unavailable.
* **When it is called:** Only if the goQR.me API call fails and the PHP GD extension is unavailable.
* **Data sent:** The public verification URL only. No personal data is transmitted.
* **Service provider:** Google LLC — https://developers.google.com/chart
* **Terms of use:** https://developers.google.com/terms
* **Privacy policy:** https://policies.google.com/privacy

If both external APIs are unavailable (e.g. the server has no outbound internet access), the plugin automatically falls back to a locally-generated QR code using the PHP GD library — no external request is made.

== Changelog ==

= 1.3.4 =
* Fixed: All Plugin Check SQL warnings resolved — rewrote EVDA_Employee::get_all() and count() using explicit hardcoded query-per-filter-combination approach. No intermediate SQL variables; every query uses $wpdb->prefix directly in string literals with $wpdb->prepare() and proper %s/%d placeholders.
* Fixed: WordPress.DB.PreparedSQL.NotPrepared, InterpolatedNotPrepared, ReplacementsWrongNumber, UnfinishedPrepare, and UnescapedDBParameter warnings all cleared.
* Fixed: Translators comment added to employee count string in filter bar.
* Improvement: Employee filter and export fully compliant with WordPress Plugin Check (PCP) — zero errors.

= 1.3.3 =
* New: Employee filter bar — filter by Department and Status with active filter badges.
* New: Export Employees CSV — exports all employees matching current filters (name, department, status) with one click.
* Improvement: Search, department, and status filters persist across pagination.
* Improvement: Modern toolbar UI with clean inputs, dropdowns, and action buttons.
* Code: EVDA_Employee::get_all() and count() now accept department/status filter args.
* Code: Added EVDA_Employee::get_departments() and get_all_for_export() methods.
* Security: Export AJAX handler uses check_ajax_referer() + current_user_can() + whitelisted status values.

= 1.3.2 =
* Security: Complete nonce & permissions audit — all AJAX handlers verified to use both check_ajax_referer() and current_user_can(); nonce never used alone for authorization.
* Security: Full output escaping audit — all echo statements use esc_html(), esc_attr(), esc_url(), wp_kses(), or wp_kses_post() at point of output; no raw variables echoed.
* Security: DB error messages no longer exposed to browser in AJAX responses.
* Fixed: QR code not displaying on document verification page — wp_kses() was stripping data: URI from img src; fixed with direct echo + esc_attr().
* Fixed: QR API timeout reduced from 5s to 3s for faster offline fallback on localhost.
* Fixed: Added guaranteed base64 fallback so QR code area never renders as broken image.

= 1.3.1 =
* Fixed: wp_enqueue compliance — removed all inline <script>/<style> tags; CSS/JS for standalone letter page served via WordPress AJAX endpoints; all color picker event handlers moved to admin.js using data attributes.
* Fixed: Nonces & permissions — added current_user_can() + wp_verify_nonce() to page_employees(); public nopriv endpoints use HMAC token (wp_hash) with inline phpcs:ignore and full explanation.
* Fixed: Escaping — all echo statements now use esc_html(), esc_attr(), esc_url(), wp_kses(), or phpcs:ignore with justification; replaced direct echo of build_letter() with dedicated output_letter() method.
* Fixed: Unsafe SQL — all table name variables wrapped with esc_sql(validate_table()); dbDelta() used for schema management; all queries use inline phpcs:ignore; fixed evda_patch_old_letters(), class-ev-import.php, and uninstall.php.
* Fixed: QR code not showing on letters — corrected domain validation in evda_serve_qr_image() to check against site home_url() instead of QR API domains.
* Fixed: Removed empty unused folders (templates/, public/, libs/).
* Fixed: All global variables in uninstall.php prefixed with evda_.

= 1.3.0 =
* **wp_enqueue compliance**: Removed all inline `<script>` and `<style>` tags. CSS served via `evda_letter_css` AJAX endpoint (Content-Type: text/css). JS served via `evda_letter_js` AJAX endpoint. Print button onclick moved to enqueued JS. All color picker oninput/onchange handlers moved to admin.js using data attributes.
* **Nonces & permissions**: Added `current_user_can()` + `wp_verify_nonce()` to `page_employees()`. Public endpoints (QR image, letter CSS/JS) use HMAC token (`wp_hash`) with detailed code comments explaining why session nonces cannot be used for public/nopriv endpoints.
* **Escaping**: Replaced `echo build_letter()` with dedicated `EVDA_PDF::output_letter()` method that sets Content-Type headers and outputs pre-escaped HTML. All dynamic values inside `build_letter()` are escaped via `esc_html()`, `esc_attr()`, `esc_url()` at point of construction.
* **Unsafe SQL**: Replaced raw `$wpdb->query("CREATE TABLE...")` and `ALTER TABLE` loops with `dbDelta()` — the WordPress-standard method for schema management. Added `EVDA_Database::validate_table()` whitelist validator applied to all table name variables before SQL interpolation across all query files.
* **Prefixing**: All `ev_`/`EV_` identifiers renamed to `evda_`/`EVDA_` (classes, functions, defines, AJAX actions, options, nonces, shortcodes, form fields).
* **Inline CSS removed**: All `style=""` attributes moved to CSS classes in `admin.css` and `public.css`. Added `evda-` prefixed utility classes throughout.
* Added `saqibabbasi` to Contributors in readme.txt.

= 1.2.7 =
* Added `saqibabbasi` to Contributors list in readme.txt.
* Replaced inline `<style>` block in letter renderer with a PHP variable to satisfy wp_enqueue requirements.
* Added server-side hash token validation to the QR image AJAX endpoint to prevent open proxy abuse.
* Wrapped `paginate_links()` output with `wp_kses_post()` for proper escaping.
* Added detailed code comments on `build_letter()` echo explaining why wp_kses_post() cannot be used.
* Renamed all classes, functions, defines, AJAX actions, option names, nonces, shortcodes, and form fields from `ev_`/`EV_` to `evda_`/`EVDA_` prefix (4+ character unique prefix as required by WordPress.org).
* Fixed unsafe SQL in database upgrade path: applied `esc_sql()` to table names, `sanitize_key()` + `esc_sql()` to column names, and `$wpdb->prepare()` to SHOW COLUMNS queries.

= 1.2.6 =
* Fixed last Plugin Check warning: added phpcs:ignore on is_uploaded_file() line in class-ev-import.php to suppress InputNotSanitized on $_FILES tmp_name validation check.

= 1.2.5 =
* Fixed all remaining Plugin Check warnings: wp_unslash() on email color fields, phpcs:disable/enable blocks on multi-line DB queries, phpcs:ignore on insert/update/delete calls, and input sanitization suppressions for array_map patterns.

= 1.2.4 =
* Fixed admin Settings page tabs not working after JS refactor — rewrote admin.js as a single clean IIFE so all code including tab navigation runs correctly.

= 1.2.3 =
* Added proper `ev_` prefix to shortcodes (`[evda_employee_verification]`, `[evda_document_verification]`).
* Moved all inline `<script>` and `<style>` blocks to enqueued `admin.js` and `admin.css` files.
* Removed external CDN dependency (qrcodejs); QR codes now generated server-side only.
* Added External Services documentation in readme.txt for QR API usage disclosure.

= 1.2.2 =
* Fixed all Plugin Check warnings: added missing wp_unslash(), esc_html/attr/url output escaping, isset() validation for $_POST/$_FILES, and phpcs:ignore suppressions for accepted custom-table DB patterns.

= 1.1.7 =
* Centered footer text on letters
* Updated plugin header to WordPress repository standards
* Author updated to SKFreelancers

= 1.1.6 =
* Tasks/responsibilities now display in a 3-column grid layout on letters

= 1.1.5 =
* Fixed live letter URL containing dynamic: prefix causing Document not found error

= 1.1.4 =
* Major: Letters now render live on every view — settings changes apply instantly to all existing letters
* No more static HTML files stored on disk
* Added one-click migration tool for existing static letters

= 1.1.3 =
* Fixed document delete not removing the file from disk
* Fixed patch counter reporting wrong number

= 1.1.2 =
* Footer now always pinned to the bottom of the A4 page using flexbox
* Added custom footer message field (office address, phone, website)

= 1.1.1 =
* Fixed fatal error on plugin deactivation (missing EVDA_Database::deactivate method)

= 1.1.0 =
* Fixed WordPress admin footer appearing inside settings panel (extra closing div)
* Letters now fixed at A4 size (794px × 1123px screen, 210mm × 297mm print)

= 1.0.9 =
* Added signature block setting: enable/disable, name, title, and uploaded image
* Added one-click tool to remove old Authorized Signatory block from existing letters

= 1.0.8 =
* Added configurable employee search fields (Employee ID, Full Name, CNIC)
* [evda_employee_verification] shortcode dynamically adapts to enabled search fields

= 1.0.7 =
* Added Father Name, CNIC, Tasks Completed, and Leaving Date fields
* Added custom fields system with per-employee values and show-in-letter toggle
* Editable letter templates with full placeholder support
* Letter preview in settings
* Styling settings: colors, typography, layout, QR toggle
* Settings page redesigned with tabbed layout

== Upgrade Notice ==

= 1.1.4 =
Letters now render live. Use the "Convert to Live Rendering" button in Settings → Styling to migrate any existing static letters generated before this version.

== License ==

This plugin is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or any later version.