=== Melmium ===
Contributors: itokuchen
Tags: membership, authentication, login, registration, password-reset
Requires at least: 6.9
Tested up to: 6.9
Stable tag: 1.0.3
Requires PHP: 8.1
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

A minimal plugin to help you build a membership site with custom authentication pages.

== Description ==

Melmium provides custom authentication pages for building a membership site on WordPress. It replaces the default wp-login.php flow with theme-integrated pages for registration, login, and password reset.

**Features:**

* Custom authentication pages (register, login, logout, password reset)
* Email-based registration flow with token verification
* Template override support — customize templates in your theme's `auth/` directory
* Google reCAPTCHA Enterprise integration (optional)
* Configuration via `wp-config.php` constants (no settings page required)

**日本語:**

Melmium は WordPress で会員制サイトを構築するためのプラグインです。カスタム認証ページ（会員登録・ログイン・パスワードリセット）を提供し、テーマ側でテンプレートを自由にカスタマイズできます。

== Installation ==

1. Upload the `melmium` folder to the `/wp-content/plugins/` directory, or install the plugin through the WordPress plugins screen.
2. Activate the plugin through the "Plugins" screen in WordPress.
3. Ensure that **Pretty Permalinks** are enabled (Settings > Permalinks — choose any structure other than "Plain").
4. The plugin automatically creates an authentication page and registers URL rewrite rules on activation.
5. Optionally, add configuration constants to your `wp-config.php` to customize behavior (e.g., `MELMIUM_RECAPTCHA_ENABLED`, `MELMIUM_REDIRECT_AFTER_LOGIN`).

== Screenshots ==

1. Login page

== Frequently Asked Questions ==

= Is this plugin free? =

Yes. Melmium is free and open-source under the GPLv2 license.

= Does this plugin send data to external servers? =

By default, no. However, if you enable Google reCAPTCHA Enterprise (`MELMIUM_RECAPTCHA_ENABLED`), form submissions will send data to Google's reCAPTCHA API for bot detection.

= Why do I need Pretty Permalinks? =

Melmium uses WordPress rewrite rules to map authentication URLs (e.g., `/login`, `/register`). These rules require Pretty Permalinks to be enabled. The plugin will display an admin notice if Plain permalinks are detected.

= How do I customize the authentication templates? =

On activation, the plugin copies default templates to your theme's `auth/` directory. You can edit these template files directly in your theme to customize the look and behavior of each authentication page.

== External Services ==

This plugin optionally connects to the **Google reCAPTCHA Enterprise** service for bot detection on authentication forms (registration, login, and password reset).

**When data is sent:** When the `MELMIUM_RECAPTCHA_ENABLED` constant is set to `true` in `wp-config.php`, a reCAPTCHA token is sent to Google's servers each time a user submits an authentication form.

**What data is sent:** The reCAPTCHA token generated by the user's browser and the site key configured for your project.

**Service provider:** Google LLC

* [Google reCAPTCHA Terms of Service](https://policies.google.com/terms)
* [Google Privacy Policy](https://policies.google.com/privacy)

If reCAPTCHA is not enabled (default), no data is sent to any external service.

== Changelog ==

= 1.0.3 =
* Renamed JavaScript global variables to use `melmium_` prefix to avoid conflicts with other plugins

= 1.0.2 =
* Fixed reCAPTCHA library script version argument (null to MELMIUM_VERSION)
* Fixed Plugin Check reported issues
* Improved .DS_Store exclusion pattern to cover all subdirectories

= 1.0.1 =
* Security improvements: added nonce verification, input sanitization, and output escaping
* Added direct file access protection to template files
* Added third-party service disclosure for Google reCAPTCHA Enterprise
* Renamed constants and classes to use `melmium` prefix (4+ characters)

= 1.0.0 =
* Initial release
