=== ConferenceManager ===
Contributors:       creativestrategy24
Tags:               conference, academic, event, registration, payment
Requires at least:  6.9
Tested up to:       7.0
Requires PHP:       8.4
Stable tag:         1.1.3
License:            GPLv2 or later
License URI:        https://www.gnu.org/licenses/gpl-2.0.html

Academic conference management plugin — registration, payment, and document automation for scholarly events.

== Description ==

Conference Manager is a WordPress plugin designed for academic societies and conference organizers. It provides end-to-end management of event registration, payments, and document generation.

**Features:**

* Member management (import/export via CSV/Excel)
* Event and session management
* Registration forms with group (team) registration support
* Bank transfer and Stripe credit card payment
* Automatic invoice and receipt PDF generation
* Participant list and MyPage (with Passkey/WebAuthn authentication)
* AES-256-GCM encryption for personal data
* Audit logging, rate limiting, and bot protection
* Transactional email notifications (OTP, confirmations)
* SNS share buttons (Twitter/X, Facebook, LINE)
* Full Japanese / English localization

== Installation ==

1. Upload the plugin folder to `/wp-content/plugins/`.
2. Activate the plugin through the "Plugins" menu in WordPress.
3. Go to "Conference" in the admin menu to start configuring your event.
4. (Optional) To accept credit card payments, obtain Stripe API keys from your Stripe account and enter them in Conference → Setup.

== Frequently Asked Questions ==

= Does this plugin charge any fees? =

No. The plugin itself is free and GPL-licensed. If you enable Stripe payments, Stripe's standard transaction fees apply and payments go directly to your own Stripe account — this plugin does not take any percentage.

= Does the plugin support Japanese? =

Yes. The plugin is fully internationalized and includes Japanese translations. PDF documents use IPA fonts for proper Japanese rendering.

= What are the server requirements? =

WordPress 6.9 or later, PHP 8.4 or later, and MariaDB 10.5 or later (or MySQL 8.0+).

= How is personal data protected? =

Email addresses, phone numbers, and postal addresses are encrypted with AES-256-GCM before being stored. The encryption key is stored in `wp-config.php` or generated and stored in `wp_options` on first activation.

== Screenshots ==

1. Dashboard — event overview and quick actions
2. Registration form — participant registration with group support
3. Payment management — bank transfer and Stripe payment tracking with invoice generation

== Changelog ==

= 1.1.3 =
* Internationalization: the plugin source language is now English. All user-facing strings in the PHP backend and the React admin/registration screens use English source text with `__()`/`_e()` and the `conferencemanager` text domain, so the plugin can be translated into any language via translate.wordpress.org. The bundled Japanese translation (`languages/conferencemanager-ja.po`/`.mo` and the React translation JSON) provides the complete Japanese UI as before.

= 1.1.2 =
* Plugin Review feedback response (from the v1.1.1 submission):
  * Trialware: removed all online-meeting (Zoom/Meet/Teams) and Peatix integration fields from the core plugin (database columns, admin UI, REST handling and documentation). These belong to separately distributed add-ons; the core plugin no longer ships any locked or skipped feature code. On-site/online participation fee tiers remain fully functional.
  * Third-party libraries: removed the unused `chillerlan/php-qrcode` and `web-auth/webauthn-lib` dependencies (passkey support is implemented with native PHP), updated `stripe/stripe-php` to 20.2.0, and updated the bundled `setasign/fpdi` to 2.6.7 (security advisory CVE-2026-45802).
  * Writable data location: downloaded/uploaded PDF fonts are now stored under `wp-content/uploads/conf-manager/fonts/` instead of inside the plugin folder, so plugin updates and read-only installs are unaffected.
  * REST API: the public fee-calculation endpoint (`/public/events/{id}/fee`) now returns 404 for non-published events, matching the event-detail endpoint, so unpublished pricing is never exposed.

= 1.1.1 =
* Plugin Review feedback response (from the v1.1.0 submission):
  * Source code: the React/JSX source for the compiled `build/admin-app.js` and `build/public-app.js` bundles is now shipped inside the plugin (`src/`), together with the build configuration (`webpack.config.js`, `package.json`, `package-lock.json`). See the new "Development / Building from source" section.
  * Core files: moved `require_once ABSPATH . 'wp-admin/includes/file.php'` so it immediately precedes the `download_url()` / `wp_handle_upload()` call that needs it.
  * REST API: token-authenticated public endpoints (MyPage, my registrations, group staff, email preferences, logout) now validate the CSRF token and session token in their `permission_callback`.
  * Privacy: the public email-based member existence check no longer returns any personal data (name); it returns only an existence flag and non-identifying metadata, protected by combined IP + email rate limiting.
  * Removed HEREDOC syntax: the default Terms-of-Service content is now rendered from a template partial via output buffering (`templates/default-terms-content.php`).
* Fix: The "fonts not installed" admin notice linked to the wrong page slug, causing a "you do not have permission" error; it now opens the Dashboard correctly.
* Improvement: PDF fonts (IPAex Gothic / Mincho) are now downloaded from the plugin author's own mirror (with automatic retry), and a manual `.ttf` upload option was added to the Dashboard for servers that cannot reach the download host. The download URL is filterable via `conf_manager_font_source_url`.

= 1.1.0 =
* Plugin Review feedback response (from the initial v1.0.3 submission):
  * Removed optional paid add-on gating; all features included in this plugin are fully functional and free.
  * Removed inline `<style>` tags from PDF templates; PDF stylesheets are now loaded from dedicated CSS files.
  * Added Stripe payment integration (requires the site administrator's own Stripe API keys).
  * Documented all external services (Stripe, IPA fonts) in the External Services section below.
  * Audited every REST API route to ensure `permission_callback` is set appropriately for the route's access requirements.
  * Removed `load_plugin_textdomain()` (translations are now loaded automatically by WordPress).
  * Added `composer.json` to the distribution package.
* New: Email opt-in/opt-out feature for compliance with the Japanese Anti-Spam Email Act.
* New: "Email Preferences" tab in the member's MyPage.
* New: RFC 8058 compliant List-Unsubscribe header linking to MyPage.
* Fix: Unified text domain to `conferencemanager`; added translators comments and `phpcs:ignore` comments for safe dynamic SQL queries.
* Database: Schema upgraded to v3.0.0; unused add-on tables are no longer created.

= 1.0.3 =
* Initial submission to the WordPress.org plugin directory.

== Upgrade Notice ==

= 1.1.2 =
Addresses v1.1.1 review feedback: removes online/Peatix add-on fields, drops unused libraries and updates Stripe/FPDI, moves font storage out of the plugin folder, and limits the public fee endpoint to published events. No action required.

= 1.1.1 =
Addresses WordPress.org review feedback from v1.1.0 (source code disclosure, core-file loading, REST permission callbacks, HEREDOC removal). No database changes; no action required.

= 1.1.0 =
Addresses WordPress.org review feedback from v1.0.3. Paid add-on modules are no longer included; Stripe payment is now part of the free plugin. Existing data is preserved; database schema auto-upgrades to v3.0.0.

== External Services ==

This plugin connects to the following external services.

= Stripe Payments (optional) =

When the site administrator configures Stripe API keys (Secret and Publishable) under Conference → Setup, and a participant chooses Stripe at checkout, the plugin:

* Loads Stripe.js from `https://js.stripe.com` on the registration page.
* Creates a PaymentIntent on Stripe's servers via the Stripe PHP SDK.
* Stripe Elements (an iframe hosted by Stripe) collects the card data directly; the card number never touches the WordPress server.
* Optionally receives webhook callbacks from Stripe to confirm payment status.

What data is sent to Stripe:

* Payment amount and currency.
* Participant email address (for Stripe receipts).
* Billing details if provided by the participant.
* Registration ID and registration number as metadata.

When:

* Only when a participant selects Stripe as the payment method and submits the registration form.
* When Stripe sends a webhook back to the site (server-to-server callback).

Links:

* Stripe Terms of Service: [https://stripe.com/legal/ssa](https://stripe.com/legal/ssa)
* Stripe Privacy Policy: [https://stripe.com/privacy](https://stripe.com/privacy)

= IPAex Font Download (PDF generation) =

To render Japanese text in PDF documents (invoice, receipt), the plugin needs the open-source IPAex Gothic and IPAex Mincho fonts. From the admin Dashboard you can install them with one click; the plugin then downloads the font files (one-time, per font). No user data is transmitted — it is a file download only. If the server cannot reach the download host, you can instead upload the `.ttf` files directly from the Dashboard (no external connection required).

* Download host (mirror maintained by the plugin author): [https://cs24.biz/conference/fonts/](https://cs24.biz/conference/fonts/)
* Data sent: none (file download only)
* The download URL can be overridden via the `conf_manager_font_source_url` filter.
* Original font source / IPAex Font License (IPA, Information-technology Promotion Agency): [https://moji.or.jp/ipafont/license/](https://moji.or.jp/ipafont/license/)

== Development / Building from source ==

The admin and public interfaces are built with React (JSX). The human-readable
source for the compiled, minified bundles `build/admin-app.js` and
`build/public-app.js` is shipped inside this plugin under the `src/` directory:

* `src/admin/`  — source for `build/admin-app.js` (admin dashboard app)
* `src/public/` — source for `build/public-app.js` (public registration / MyPage app)

Build toolchain: the project uses [@wordpress/scripts](https://www.npmjs.com/package/@wordpress/scripts)
(a wrapper around webpack and Babel). The webpack configuration is included as
`webpack.config.js`, and all dependencies and build scripts are declared in
`package.json` (with `package-lock.json` for reproducible installs).

To rebuild the compiled assets from source:

1. Install Node.js 18+ and npm.
2. From the plugin directory, run `npm install`.
3. Run `npm run build`. This regenerates `build/admin-app.js` and
   `build/public-app.js` (and their `*.asset.php` dependency manifests).
   Use `npm start` for an unminified development watch build.

Third-party libraries bundled into the compiled JavaScript (all open source,
installed from the public npm registry and declared in `package.json`):

* `@stripe/react-stripe-js` and `@stripe/stripe-js` — Stripe Elements payment UI (MIT)
* `html5-qrcode` — QR code scanner used for participant check-in (Apache-2.0)

WordPress-provided packages (`wp-element`, `wp-components`, `wp-api-fetch`,
`wp-i18n`, `react`, `react-jsx-runtime`) are declared as externals and are NOT
bundled — they are loaded from WordPress core at runtime.
