=== Zetpy Mobile Login ===
Contributors: zetpy
Tags: mobile login, otp, tac, passwordless, woocommerce
Requires at least: 5.8
Tested up to: 6.9
Requires PHP: 8.1
Stable tag: 1.10.2
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Mobile login with OTP/TAC verification using ISMS API. Supports country code selector and passwordless authentication.

== Description ==

Zetpy Mobile Login is a powerful and lightweight WordPress plugin that enables users to log in or sign up using their mobile numbers or email addresses. It leverages the ISMS API to deliver one-time passwords (OTP) for secure, passwordless authentication.

= Key Features =

* **Mobile & Email Login**: Unified flow for mobile numbers and email addresses.
* **OTP Verification**: Secure login via SMS or WhatsApp (using ISMS API).
* **WooCommerce Integration**: Seamlessly replaces standard checkout login and redirects guests from the My Account page.
* **Math CAPTCHA**: Built-in "humility check" to prevent bot attacks and save SMS credits.
* **Configurable Country Codes**: Support for international numbers with a custom calling code list.
* **Secure by Design**: Appends a secret key to 6-digit OTPs to prevent direct login via standard WordPress login pages.

== External services ==

This plugin relies on third-party services to deliver OTP codes and provide phone number normalization.

**ISMS.com.my**
*   **Service**: SMS and WhatsApp delivery API.
*   **API URL**: `https://www.isms.com.my/isms_send_all_id.php`
*   **Data Sent**: Mobile number and the message content (including OTP).
*   **Terms & Privacy**: [Terms of Service](https://www.isms.com.my/terms_condition.php), [Privacy Policy](https://www.isms.com.my/privacy_policy.php)

**Twilio**
*   **Service**: SMS delivery API (Global).
*   **API URL**: `https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Messages.json`
*   **Data Sent**: From number, mobile number, and message content.
*   **Terms & Privacy**: [Terms of Service](https://www.twilio.com/legal/tos), [Privacy Policy](https://www.twilio.com/legal/privacy)

**Vonage (Nexmo)**
*   **Service**: SMS delivery API (Global).
*   **API URL**: `https://rest.nexmo.com/sms/json`
*   **Data Sent**: API key, API secret, sender ID, mobile number, and message content.
*   **Terms & Privacy**: [Terms of Service](https://www.vonage.com/legal/terms-of-service/), [Privacy Policy](https://www.vonage.com/legal/privacy-policy/)


== Installation ==

1. Upload the `zetpy-mobile-login` folder to the `/wp-content/plugins/` directory.
2. Activate the plugin through the 'Plugins' menu in WordPress.
3. Navigate to **Settings > Zetpy Mobile Login** to configure your ISMS API credentials.

== Frequently Asked Questions ==

= Does this plugin require a paid SMS service? =
Yes, you need an active account with ISMS.com.my to send OTPs via SMS or WhatsApp.

= Can I use it with WooCommerce? =
Yes, the plugin includes specific settings to integrate with WooCommerce checkout and account pages.

== Screenshots ==

1. Admin Settings Page.
2. Mobile Login Form.
3. OTP Verification Step.

== Changelog ==

= 1.10.1 =
* Maintenance: Version synchronization and documentation refinement.

= 1.10.0 =
* Final Fix: Resolved persistent SVN deployment failure by implementing "Extreme Pruning" of unused library metadata (removed 240+ ShortNumber files and Symfony unidata).
* Increased SVN transaction timeout to 1800s to ensure stability.

= 1.9.9 =
* Resolved persistent SVN deployment failure ("Connection reset by peer") by implementing deep pruning of unused library data (Carrier, Geocoding, Timezone).
* Drastically reduced SVN commit payload size and file count.

= 1.9.8 =
* Fix: Resolved SVN deployment failure ("Connection reset by peer") by implementing aggressive vendor pruning and increasing timeout.
* Maintenance: Version synchronization across all documentation.

= 1.9.7 =
* Maintenance: Refined GitHub Actions deployment workflow for improved PHP 8.2 compatibility and production vendor handling.
* Maintenance: Version synchronization across all documentation.

= 1.9.6 =
* Maintenance: Updated PHP version requirement for deployment safety.
* Maintenance: Version bump for synchronization.

= 1.9.5 =
* Feature: Added GitHub Actions deployment workflow for automated WordPress.org SVN pushing.
* Maintenance: Added .distignore to exclude development files from the distribution.
* Maintenance: Version synchronization across all documentation.

= 1.9.4 =
* Maintenance: Consistency bump and minor documentation refinement.

= 1.9.3 =
* Architectural: Improved hook structure for WooCommerce integration.
* Maintenance: General stabilization.

= 1.9.2 =
* Fix: Missing {otp} placeholder in email subject line for Pro extension.
* Maintenance: Version bump for synchronization.

= 1.9.1 =
* Compliance: Achieved 100% Pro-unawareness by moving all integration logic to hooks.
* Maintenance: Bumped version for final resubmission.

= 1.9.0 =
* Major release following architectural refactor for WordPress.org compliance.
* Maintenance: Consistent versioning across base and Pro extensions.

= 1.8.1 =
* Security: Added sanitize_key() to settings keys during the save process.
* Documentation: Added specific API URLs for ISMS, Twilio, and Vonage.

= 1.8.0 =
* Full compliance with WordPress.org Guidelines regarding Trialware (Guideline 5).
* Refactor: Hook-based admin interface for better extensibility.
* Feature: Moved all restricted logic and UI elements to a separate Pro extension.
* Cleanup: Removed all hardcoded Pro badges and locked fields from the base plugin.

= 1.7.2 =
* Fix: Resolved multiple coding standard issues (WPCS).
* Fix: Updated logic to use UTC_TIMESTAMP and gmdate for better timezone consistency.
* Fix: Prefixed all global variables in template files.
* Fix: Replaced rand() with wp_rand() for better security.
* Fix: Added missing translators comments for strings with placeholders.

= 1.7.1 =
* Security: Implemented proper output escaping for all translatable strings to prevent XSS.

= 1.7.0 =
* Feature: Streamlined profile completion by redirecting to standard WooCommerce edit account page.
* Fix: Ensured phone number normalization is correctly applied during checkout registration.
* Fix: Implemented enhanced template fallback mechanism for empty custom settings.
* Cleanup: Removed deprecated custom profile checkout endpoints and shortcodes.

= 1.6.0 =
* UI: Major overhaul of the admin interface with a custom premium design.
* Feature: AJAX-powered settings saving with real-time feedback.
* Refactor: Decoupled provider configuration logic into individual classes.
* Refactor: Moved WhatsApp delivery logic to the Pro extension for cleaner architecture.
* Feature: Added administrative status sidebar and persistent tabbed navigation.


= 1.5.0 =
* UI: Refined Math CAPTCHA input style (compact, black border, no radius).
* UI: Changed Math CAPTCHA input type to text for better compatibility.
* Documentation: Restructured documentation, moved changelog to CHANGELOG.md.

= 1.4.0 =
* Security: Added Math CAPTCHA ("Prove your humanity") to prevent bot attacks.
* Feature: Automatic regeneration of math problems on failed attempts.

= 1.3.0 =
* Security: Added OTP Secret Key mechanism for enhanced protection.

= 1.2.0 =
* Feature: Unified Mobile and Email login flow.

= 1.1.0 =
* Feature: Added configurable WooCommerce integration settings.

= 1.0.0 =
* Initial release.
