=== Prenotazioni IGEA ===
Contributors: s0ftit
Donate link: https://www.s0ft.it
Tags: booking, appointments, healthcare, prenotazioni, appuntamenti
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.1.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Online booking for healthcare facilities connected to the IGEA CRM: patient verification via SMS OTP, services, reminders and cancellation.

== Description ==

**Prenotazioni IGEA** adds a complete online booking module to your WordPress site, designed for medical practices, clinics and healthcare facilities that use the IGEA CRM by S0ft.it.

Patients identify themselves with their Italian fiscal code (validated with check digit and "omocodia" support) and confirm their identity with a **one-time password (OTP) sent via SMS**. They can then book one or more services, pick a practitioner or the first available time slot, and manage their own appointments.

= Main features =

* Secure identification: fiscal code + SMS OTP (expiring codes, limited attempts)
* Guided registration for new patients with mandatory privacy consent (GDPR) and consent logging
* Booking of one or more services, filtered by specialty
* Choice of practitioner, or "first available" search across all practitioners
* Availability browsing: page through upcoming and previous days
* Optional display of service prices
* "My bookings": patients see their upcoming appointments and can cancel them online (minimum notice configurable on the CRM)
* Confirmation email with calendar invite (.ics) attached
* Optional confirmation SMS and 24-hour reminder SMS
* Pre-visit preparation instructions sent by email, immediately or 24/48 hours before the visit
* Anti-repetition rule: prevents re-booking the same service within a configurable interval
* Temporary suspension of bookings with a custom message
* Customizable colors to match your theme
* No external dependencies: all CSS and JavaScript is bundled with the plugin

= Security =

The API key never leaves the server: the patient's browser only talks to WordPress, which forwards requests to the CRM. Nonce on every call, field whitelisting, rate limiting and anti-bot protections on the CRM side, booking and cancellation only after OTP verification.

= Requirements =

This plugin is a connector: **it requires an installation of the IGEA CRM** by S0ft.it, reachable over HTTPS, with its bookings API endpoint and an SMS provider configured. Without the CRM the plugin has no standalone functionality. More about the CRM: [www.s0ft.it](https://www.s0ft.it).

= External services =

This plugin sends data to the IGEA CRM server configured by the site administrator (URL and API key in the plugin settings). The data transmitted is what the patient enters in the form (fiscal code, personal details during registration, chosen services and time slots, consents) plus the visitor's IP address, used exclusively for anti-abuse rate limiting and privacy-consent logging. No data is ever sent to S0ft.it or to any third party by this plugin: the destination server is chosen and operated by the site owner. Publishing an adequate privacy policy is the site owner's responsibility (the plugin lets you link it next to the mandatory consent checkbox).

= Credits =

The animated confirmation icons are adapted from [vue-sweetalert-icons](https://github.com/JorgenVatle/vue-sweetalert-icons) (MIT license), re-implemented in pure CSS with no dependencies.

== Installation ==

1. Install and activate the plugin from Plugins → Add New, or upload the `prenotazioni-igea` folder to `/wp-content/plugins/`.
2. On the IGEA CRM server: install the bookings API endpoint and run the SQL script shipped with the CRM (OTP, outgoing-messages queue and consents tables).
3. Go to **Settings → Prenotazioni IGEA** and enter the API URL and key (the same key configured on the CRM).
4. Select the privacy policy page and adjust the other options (prices, notifications, colors, anti-repetition interval).
5. Add the `[prenotazione_crm]` shortcode to the page where you want the booking form.
6. For reminders and scheduled instructions, enable the bookings cron on the CRM server (see the CRM documentation).

== Frequently Asked Questions ==

= Does the plugin work without the IGEA CRM? =

No. It is a connector for the IGEA CRM by S0ft.it: schedule, practitioners, services, SMS and email sending all live on the CRM. The plugin provides the booking interface on the website and the secure connection.

= Does patient data go through third-party servers? =

No. The browser only communicates with your WordPress site, which forwards requests to your own CRM server. No data goes through S0ft.it or any other service.

= How are SMS messages sent? =

By the CRM, through the SMS provider configured there. The plugin only toggles the notifications on or off.

= Is the plugin GDPR compliant? =

The plugin enforces a mandatory privacy consent before proceeding, links your privacy policy (selectable among your site pages) and logs consents with date and IP on the CRM. Overall compliance depends on the site owner's privacy policy and processes.

= Can I customize the email texts? =

Yes: emails use the CRM templates (templates_email table) with placeholders for patient and appointment data. When a template is missing, built-in texts are used.

= Can patients cancel a booking? =

Yes, by returning to the form, entering their fiscal code and verifying with the OTP. The minimum notice for online cancellation is configurable on the CRM.

== Screenshots ==

1. Step 1: fiscal code entry with the privacy consent checkbox
2. Specialty, services and practitioner selection
3. Available time slots with the Previous/Next navigation bar
4. Booking summary and confirmation with the animated check mark
5. "Your bookings" screen with the online cancellation button
6. Plugin settings page

== Changelog ==

= 1.1.0 =
* Privacy consent at step one for all patients, with GDPR logging
* Privacy page selector among WordPress pages
* Availability navigation (next and previous days)
* Online cancellation with configurable minimum notice
* CRM template emails (confirmation, cancellation, instructions) with .ics calendar invite
* Optional confirmation SMS and 24-hour reminder SMS
* "First available" search across practitioners of a specialty
* Anti-repetition rule for the same service
* Animated confirmation icons, toast notifications, anti-bot protections

= 1.0.0 =
* First release: fiscal code + SMS OTP identification, service booking, suspension mode, prices, custom colors

== Upgrade Notice ==

= 1.1.0 =
Also update the API endpoint on the CRM server and run the updated SQL script (new tables for consents and the outgoing-messages queue).
