=== Sobi Forms ===
Contributors: alesas
Tags: contact form, form builder, contact, gutenberg, lightweight
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.1.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Lightweight form builder with inbox, shortcode, Gutenberg block, and vanilla AJAX.

== Description ==

Sobi Forms is a lightweight contact form plugin built for speed and simplicity. Create multiple forms, embed them anywhere with a shortcode or Gutenberg block, and keep your front-end lean.

Learn more on the official site: <a href="https://sobiforms.com">sobiforms.com</a> — features, FAQ, and the <a href="https://sobiforms.com/roadmap/">public roadmap</a>.

**Performance-first front-end**

* Vanilla JavaScript on the front-end
* ~3.5 KB CSS + JS combined (minified footprint on form pages)
* Assets enqueue only when a form is rendered on the page - zero impact on other pages
* Script loaded in the footer with `defer` strategy (WordPress 6.3+)
* No global front-end CSS frameworks

**Form builder (admin only)**

* Document-first drag-and-drop editor (React via WordPress `wp-element`, loaded only on the form edit screen)
* Field types: text, email, textarea, phone, number, select, radio, checkbox
* Multiple recipient emails per form
* After submit: inline success message or redirect to a published page

**Embedding**

* Shortcode: `[sobiforms]`, `[sobiforms id="3"]`, `[sobiforms slug="contact"]`
* Gutenberg block: **Sobi Forms Contact** with form picker
* Works with any page builder that supports shortcodes or blocks

**Submissions**

* Email notifications via `wp_mail()` (HTML)
* Optional database storage (off by default)
* Inbox with read/unread, starred, admin notes, search and filters
* Honeypot, nonce verification, rate limiting (5 submissions/hour per hashed IP)

**Security**

* Nonce on every submission
* Honeypot field
* Server-side field validation against a strict JSON schema
* Capability checks and nonces on all admin actions

== Installation ==

1. Upload the `sobi-forms` folder to `/wp-content/plugins/` or install `sobi-forms.zip` from **Plugins -> Add New -> Upload**.
2. Activate **Sobi Forms** through the **Plugins** menu.
3. Go to **Sobi Forms -> Forms** and create your first form.
4. Copy the shortcode from the **Install** tab, or insert the **Sobi Forms Contact** block in the block editor.
5. Paste the shortcode into any page (Gutenberg, Elementor, Divi, widget, etc.).

== Frequently Asked Questions ==

= Does Sobi Forms slow down my site? =

On pages **without** a form, Sobi Forms adds **no** front-end CSS or JavaScript.

On pages **with** a form, only a small vanilla JS file and a minimal stylesheet are loaded - no React or heavy libraries on the public site.

= Where is the form builder JavaScript loaded? =

The admin builder (~70 KB plus WordPress-bundled React) loads **only** on **Sobi Forms -> Forms -> Edit**. It never runs on the front-end.

= Can I use Sobi Forms with Elementor, Divi, or other page builders? =

Yes. Use the `[sobiforms]` shortcode or the Gutenberg block. Assets load when the form HTML is rendered.

= Is database storage required? =

No. By default, submissions are sent by email only. Enable **Save submissions** on each form’s **Settings** tab in the form editor to store messages in the database.

= Does Sobi Forms include reCAPTCHA? =

No. Sobi Forms uses a honeypot, WordPress nonces, and rate limiting. reCAPTCHA is intentionally out of scope to keep the plugin lightweight.

= Can I disable the plugin stylesheet and use my theme styles? =

Yes. Use the `sobiforms_enqueue_front_assets` filter to disable CSS while keeping AJAX submission.

= Where can I suggest features or see what is planned? =

Visit <a href="https://sobiforms.com">sobiforms.com</a> and the <a href="https://sobiforms.com/roadmap/">roadmap</a> to follow upcoming releases and submit ideas. For bugs and support, use the WordPress.org support forum (linked under **Sobi Forms → Settings → Feedback**).

== Privacy Policy ==

Sobi Forms processes data submitted through your forms. By default:

* **Email only** - field values are sent to the recipient address(es) you configure per form via `wp_mail()`. Nothing is stored in the database unless you enable storage.
* **Optional database storage** - when enabled per form (Forms → edit form → Settings), submissions are saved in custom tables on your site (`wp_sobiforms_submissions`, `wp_sobiforms_forms`). Each form has its own retention setting (auto-delete after N days).
* **Hashed IP** - when storage is enabled, a one-way SHA-256 hash of the visitor IP is stored with each submission for abuse prevention. Raw IP addresses are not stored.
* **Rate limiting** - a transient keyed by hashed IP limits submissions to 5 per hour. Transients expire automatically.
* **Admin notes** - internal notes on submissions are stored in your database and never shown on the front-end or included in emails.
* **No tracking** - Sobi Forms does not connect to third-party analytics, advertising, or remote APIs when processing form submissions.
* **No data sent to the plugin author** - form submissions stay on your server and mail server. The **Feedback** settings tab links to the WordPress.org support forum and <a href="https://sobiforms.com/roadmap/">sobiforms.com/roadmap</a> only if you choose to open them.

Site owners are responsible for their privacy policy and lawful basis for collecting visitor data.

== Development ==

Human-readable source for the admin builder is in `src/admin-builder/`. Run `npm install` and `npm run build` to regenerate `build/admin-builder/`. React and `@wordpress/*` are loaded from WordPress; see `third-party-licenses.txt` for bundled libraries.

== Screenshots ==

1. Form builder - drag-and-drop field editor with Settings and Install tabs.
2. Submissions inbox - filters, search, read/unread and starred markers.
3. Gutenberg block - pick a form from the dropdown in the editor.
4. Front-end form - minimal markup, AJAX feedback after submit.

== Changelog ==

= 1.1.0 =
* Custom submit button text per form (editor preview + front-end).
* Field settings: show/hide label, textarea resize toggle, max character limit.
* Per-form database storage and retention (moved from global settings).
* Submissions inbox always available in admin.
* Form builder UX polish — context menus, field contrast, layout fixes.
* Settings: removed global Privacy & Storage tab; Feedback links to WordPress.org forum and public roadmap.

= 1.0.0 =
* Initial release.
* Multi-form builder with shortcode `[sobiforms]` and Gutenberg block `sobiforms/contact`.
* Field types: text, email, textarea, phone, number, select, radio, checkbox.
* Multiple recipient emails, post-submit message or redirect.
* Optional DB storage, submissions inbox with notes and filters.
* Prefix `sobiforms_` throughout (WordPress.org coding standards).
* Conditional front-end assets - load only when a form is rendered.

== Upgrade Notice ==

= 1.1.0 =
Per-form storage settings, submit button customization, and builder improvements. Global save/retention options migrate to each form on upgrade.

= 1.0.0 =
Initial public release of Sobi Forms.
