=== MerchantKits Document Signatures ===
Contributors: khaliddurani
Tags: electronic signature, esignature, digital signature, signature, document signing
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 8.0
Stable tag: 1.0.1
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Collect legally-binding eSignatures on any WordPress page, post, or WooCommerce order with full audit trails and SHA-256 integrity hashing.

== Description ==

**MerchantKits Document Signatures** lets you add a signature collection form to any page or post using a simple shortcode. Signers can draw their signature on a canvas or type it using a cursive font. Every signature is recorded with a SHA-256 integrity hash, signer IP, user agent, and timestamp — giving you a complete audit trail.

= Key Features =

* **Draw or type** — configurable per form or globally in settings.
* **SHA-256 audit hashing** — every signature generates a unique integrity hash.
* **IP & User Agent capture** — complete audit trail for every signing event.
* **Admin dashboard** — stat cards, recent activity, and quick-start guide.
* **Document management** — create signable documents and link forms via shortcode.
* **WP_List_Table** — sortable, filterable, searchable signatures list with CSV export.
* **Email notifications** — automatic confirmation to the signer and notification to the admin.
* **REST API** — full CRUD endpoints under `wpsv/v1`.
* **Theme-overridable templates** — place your own `wpsv/signature-form.php` in your theme.
* **Works anywhere** — drop the shortcode on any page, post, or order confirmation.

= Shortcode Usage =

`[wpsv_signature]`

Attributes:

* `document_id` — links the form to a saved document.
* `title` — heading shown above the form.
* `description` — optional introductory text.
* `button_text` — submit button label.
* `redirect` — URL to redirect to after a successful signature.
* `type` — `draw`, `type`, or `both` (overrides global setting).

Example:

`[wpsv_signature document_id="1" title="Sign the NDA" type="both" redirect="https://example.com/thank-you"]`

= Privacy / External Services =

All signature data (images, hashes, signer information) is stored in your own WordPress database. The plugin does **not** send signature data to any external server.

The draw-mode signature canvas is powered by [Signature Pad](https://github.com/szimek/signature_pad) (MIT License), which runs entirely in the visitor's browser.

== Installation ==

1. Upload the `merchantkits-document-signatures` folder to `/wp-content/plugins/`.
2. Activate the plugin through the **Plugins** menu.
3. Go to **Document Signatures → Settings** to configure company name, email notifications, and canvas options.
4. Create a document at **Document Signatures → Documents**.
5. Add the shortcode `[wpsv_signature document_id="1"]` to any page or post.

== Frequently Asked Questions ==

= Are the signatures legally binding? =

MerchantKits Document Signatures records an electronic signature along with a SHA-256 integrity hash, signer name, email, IP address, user agent, and timestamp. This constitutes a valid electronic record under most e-signature laws (e.g., ESIGN Act, eIDAS). Consult a lawyer for jurisdiction-specific advice.

= Where is the signature data stored? =

All signature data is stored in two custom database tables (`wp_wpsv_signatures` and `wp_wpsv_documents`) in your own WordPress database. Signature data is never sent to external servers.

= Can I override the form template? =

Yes. Copy `templates/signature-form.php` from the plugin folder into `{your-theme}/wpsv/signature-form.php` and edit it freely.

= Can I override the email templates? =

Yes. Place your custom templates at `{your-theme}/wpsv/email/signature-confirmation.php` and `{your-theme}/wpsv/email/admin-notification.php`.

= Does it work with WooCommerce? =

Yes. The shortcode works on any page including WooCommerce order confirmation pages.

= How do I export signatures? =

Go to **Document Signatures → Signatures**, select the signatures you want, choose **Export CSV** from the bulk actions dropdown, and click Apply.

= Can I restrict who can access the admin pages? =

Yes. Use the `wpsv_admin_capabilities` filter to change the required capability (default: `manage_options`).

= What happens to my data if I delete the plugin? =

By default, data is kept. To remove all data, go to **Document Signatures → Settings → Advanced** and enable **Delete Data on Uninstall** before deleting the plugin.

== Screenshots ==

1. Admin dashboard with stat cards and recent signatures.
2. Signature form — draw mode on a desktop browser.
3. Signature form — type mode with cursive preview.
4. Signatures list table with status badges and row actions.
5. Single signature detail page with audit trail and hash verification.
6. Settings page — General tab.
7. Documents management page.

== Changelog ==

= 1.0.1 =
* Fixed the "Upgrade to Pro" link in the dashboard pointing to the wrong URL.

= 1.0.0 =
* Initial release.

== Upgrade Notice ==

= 1.0.1 =
Fixes the dashboard upgrade link.

= 1.0.0 =
Initial release.
