=== Capsquery Facial Authentication ===
Contributors: arijit1992
Tags: biometric, authentication, security, login, facial authentication
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.1.2
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Face recognition login for users. Enroll your face, set a PIN, and log in without a password.

== Description ==

Capsquery Facial Authentication adds a **Login with Face** button to wp-login.php and a `[capsquery_facial_authentication]` shortcode for front-end pages.

**How it works**

1. A user can enrolls their face from **Users → Profile**.
2. They set a 4–8 digit PIN as a second factor.
3. At login, the browser captures the face locally using face-api.js.
4. An encrypted face descriptor is matched on the server.
5. The user confirms their identity and enters their PIN.

* Face descriptors encrypted at rest (AES-256-GCM)
* PIN stored as a secure hash
* Rate limiting and brute-force protection
* GDPR export/erase support

**Third-party library**

Face detection and recognition run entirely in the visitor's browser using [face-api.js](https://github.com/justadudewhohacks/face-api.js) (MIT license), bundled under `assets/vendor/`. Its pretrained model weights are required for the plugin to function and are bundled under `assets/models/`. Since the raw weight files have no meaningful file extension, each one is stored base64-encoded inside a small `.json` wrapper file and decoded on request by a plugin REST endpoint — no external network calls or third-party servers are involved.

= Requirements =

* HTTPS (or localhost for development) — browsers require a secure context for camera access
* PHP OpenSSL extension
* A webcam on the client device

== Installation ==

1. Upload the plugin folder to `/wp-content/plugins/capsquery-facial-authentication/` or install via **Plugins → Add New**.
2. Activate the plugin.
3. Go to **Settings → Facial Authentication** and confirm Facial Authentication is enabled.
4. As a user, open **Users → Profile**, enroll your face, and set a PIN.
5. Visit wp-login.php and click **Login with Face**.

== Frequently Asked Questions ==

= Who can use Capsquery Facial Authentication in the free version? =

On a single site, this is typically users with the any role.

= Are photos stored on the server? =

No. The plugin stores an encrypted mathematical face descriptor (128 numbers), not an image.

= Is face matching alone enough to log in? =

No. A successful face match must be followed by the correct PIN.

= Does it work without HTTPS? =

No. Modern browsers block camera access except on HTTPS or localhost.

= How do I add Facial Authentication to a page? =

Use the shortcode: `[capsquery_facial_authentication]` or `[capsquery_facial_authentication redirect="/my-account"]`

= What are the .json files under assets/models? =

They are the pretrained face-api.js (MIT-licensed) neural network weights needed for on-device face detection and recognition. The library's raw weight files have no standard file extension, so each one is base64-encoded and wrapped in a `.json` file; the plugin decodes and streams it back out through its own REST endpoint when the browser loads the model. They are required — the plugin cannot detect or recognize faces without them.


== Screenshots ==

1. Login page with Face Authentication enabled.
2. User Face Enrollment screen.
3. PIN verification after successful face recognition.
4. Plugin Settings page.
5. Successful facial authentication login.
6. Unlock with pin page.

== Support ==

Need help or have questions?

Website: https://capsquery.com/
Email: arijit.paul@capsquery.com


== Changelog ==

= 1.1.0 =
* Admin settings page (enable/disable, match sensitivity)
* Security fixes: removed user_id override, improved REST validation, proper rate-limit responses
* Privacy/GDPR export and erasure support
* uninstall.php for clean removal
* Conditional shortcode asset loading

= 1.1.1 =
* Security improvements

=1.1.2=
* Fixed issues reported during WordPress.org plugin review.
* Code cleanup and compliance improvements.