=== HOT Course Delivery ===
Contributors: holographic-online-training
Tags: training, courses, learning, certificates, assessments
Requires at least: 6.4
Tested up to: 6.5
Requires PHP: 8.1
Stable tag: 1.0.6
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

HOT Course Delivery is a standalone WordPress plugin for delivering online training through plugin-managed learner accounts.

== Description ==

HOT Course Delivery provides a complete course delivery platform inside WordPress.

The plugin uses its own learner account system. Learners are not WordPress users and do not use the WordPress admin area.

The plugin supports:

* Plugin-managed learner accounts
* Corporate manager accounts
* Course, module, and lesson delivery
* Elementor Free-compatible content through custom post types and shortcodes
* Mandatory lesson quizzes
* Quiz pass enforcement before progression
* Quiz time limits, cooldowns, retakes, and attempt handling
* Human-marked module assessments
* Progress tracking
* Module and course certificates
* Certificate templates
* Certificate template preview
* Physical certificate requests
* Stripe and PayPal checkout
* Coupons, bundle products, and bundle entitlements
* Basket and direct checkout
* VAT/tax handling
* Invoices
* Corporate seat purchases and assignment
* Admin reporting
* Dashboard reporting widgets
* Completion trends, quiz failure hotspots, learner inactivity reports, revenue reports, and certificate issue reports
* CSV exports
* REST API keys and learner/progress/certificate API endpoints
* Outbound webhooks for course completion, quiz results, certificate issue, and access revocation
* Webhook delivery logs and retry handling
* Automated learner emails with editable templates and optional header images
* Email logs
* Background job queue for heavy processing
* Initial setup screen for required pages and shortcodes
* System health and diagnostics checks
* Admin support tools for learner access troubleshooting
* Data retention settings for old logs, sessions, failed webhooks, email logs, audit logs, abandoned orders, and temporary export files
* Bulk enrolment, unenrolment, certificate issue, access revocation, email resend, and progress export queueing
* Learner impersonation for support testing
* Certificate regeneration tools
* Failed webhook retry tools
* Learner timeline view
* Audit logging
* Internal learner notes
* Protected downloads and protected uploaded video
* Optional moderated module discussions

== Requirements ==

WordPress 6.4 or higher.
PHP 8.1 or higher.
MySQL compatible with WordPress custom tables.

No external WordPress plugin dependency is required.

Elementor Free is supported for editing course, module, and lesson content through the linked custom post types, but Elementor is not required for the plugin to load.

== Installation ==

1. Upload the `hot-course-delivery` folder to `/wp-content/plugins/`.
2. Activate HOT Course Delivery from the WordPress Plugins screen.
3. Go to HOT Training > Setup.
4. Create any missing required front-end pages from the setup screen.
5. Go to HOT Training > Settings.
6. Configure currency, payment gateways, tax, certificate branding, and policy notices.
7. Go to HOT Training > Certificate Templates.
8. Create or edit the default certificate template.
9. Preview the certificate template with sample learner and course data.
10. Configure email automation, integrations, and webhooks where needed.

== Front-End Shortcodes ==

[hcd_register]
[hcd_verify_email]
[hcd_login]
[hcd_logout]
[hcd_forgot_password]
[hcd_reset_password]
[hcd_dashboard]
[hcd_profile]
[hcd_course_list]
[hcd_course id="123"]
[hcd_module id="123"]
[hcd_lesson id="123"]
[hcd_basket]
[hcd_checkout]
[hcd_order_history]
[hcd_invoices]
[hcd_certificates]
[hcd_certificate_verify]
[hcd_corporate_dashboard]
[hcd_module_discussion module_id="123"]
[hcd_continue_learning]
[hcd_progress scope="course" id="123"]
[hcd_policy_notice key="pricing_rule"]

== Learner Accounts ==

Learners are stored in plugin-managed database tables.

Learners are not WordPress users.
Learners do not receive WordPress roles.
Learners cannot access wp-admin.
Learners must verify their email before accessing learning content or certificate-related actions.

== Course Structure ==

The course hierarchy is fixed:

Course
Module
Lesson

A module belongs to one course only.
A lesson belongs to one module only.
Every lesson must have a quiz.
A lesson is complete only when its quiz is passed.

== Assessment Enforcement ==

Mandatory quizzes must be passed before learners can continue.

The plugin can block:

* Next lesson access
* Module progression
* Course completion
* Certificate generation

Failed quiz retries clean up the failed state where required. Cooldowns and time limits help prevent brute-force quiz attempts.

== Certificate Templates ==

Certificate templates are managed from:

HOT Training > Certificate Templates

Admins can create templates, edit templates, preview templates, activate or deactivate templates, and set a default certificate template.

Templates support a background image from the WordPress media library.

Templates support HTML and CSS fields.

Templates can use placeholders, including:

{{learner_name}}
{{certificate_title}}
{{result_text}}
{{issue_date}}
{{verification_code}}
{{verification_url}}
{{qr_code}}
{{logo_url}}
{{signature_url}}
{{site_name}}
{{certificate_scope}}
{{background_url}}
{{background_image}}
{{logo_image}}
{{signature_image}}
{{qr_image}}

The default template is used when module certificates, free module paid certificates, and full-course certificates are generated.

Reissuing or regenerating a certificate creates a replacement certificate using the current default certificate template.

== Certificates ==

Paid module certificates are generated automatically after successful module completion.

Free module certificates are generated only after the learner completes the module and pays the certificate fee.

Full course certificates are generated automatically after successful course completion.

When a module certificate is generated, the module is locked and archived.

When a full-course certificate is generated, the full course and every module inside it are locked and archived.

Each certificate includes the learner name, course or module title, result, issue date, verification code, verification URL, and QR code.

== Email Automation ==

Automated learner emails are managed from:

HOT Training > Email Automation

Supported emails include:

* Welcome email
* Course enrolment email
* Incomplete course reminder
* Quiz failed email
* Quiz passed email
* Course completed email
* Certificate issued email
* Refund/access revoked email

Admins can enable or disable each email, add header images, edit subjects, edit body text, and review email logs.

== Integrations ==

The plugin supports REST API keys, learner API data, progress API data, certificate API data, outbound webhooks, delivery logs, and failed webhook retry handling.

Payment gateway webhooks are separate from outbound webhooks and must not be merged.

== Background Processing ==

The background job queue is used for heavy tasks such as certificate generation, report exports, webhook retries, reminder emails, and bulk learner actions.

The queue can be reviewed from:

HOT Training > Job Queue

== Setup And Diagnostics ==

The setup screen lists required front-end pages and shortcodes. It can create missing pages where needed.

System health checks are available from:

HOT Training > System Health

Diagnostics include database tables, indexes, cron jobs, protected folders, file permissions, PHP version, WordPress version, payment settings, email setup, API keys, webhook status, and certificate storage.

== Admin Support Tools ==

Support tools are available from:

HOT Training > Support Tools

Admins can:

* Load a learner support view
* Open the learner record
* Impersonate a learner to test access
* Diagnose why a learner cannot access a course
* Resend supported learner emails
* Regenerate certificates from existing certificate records
* Retry failed outbound webhooks
* View recent learner timeline events
* Review recent learner email logs

== Payments ==

Stripe and PayPal are supported.

Payment success must be confirmed by the relevant gateway webhook.
The plugin must not trust client-side payment success alone.

== Corporate Seats ==

Corporate managers are plugin-managed accounts.

Corporate managers can assign seats by learner name and email.
Corporate managers can view learner progress and completion.
Corporate managers cannot view exact marks or exact scores.

== Refunds ==

Refund handling must revoke related access.
If a refunded purchase has an issued certificate, the certificate must be invalidated.
The public certificate verification page must show invalid certificates as invalid.

== Security ==

All custom SQL queries must use prepared statements.
All admin actions must use capability checks and nonces.
All learner passwords must use PHP password hashing.
Session tokens, verification tokens, and reset tokens are stored hashed.
Webhook signatures must be verified.
Impersonation must be logged and visibly indicated.
Support actions must be restricted to authorised admins.

== Planned Updates ==

Planned developer work includes:

* Broader automated tests for admin support workflows
* Deeper job queue visibility and failure grouping
* More granular admin roles for support-only staff
* More detailed certificate PDF rendering options
* Expanded timeline events for learner-facing activity
* Optional export of learner support timeline data
* Additional webhook event types as integrations grow
* Continued performance hardening for large learner cohorts

== Uninstall ==

By default, uninstall keeps archived data, certificates, invoices, audit records, reports, and certificate templates.

If the admin setting `delete all plugin data on uninstall` is enabled, uninstall removes plugin data, certificate templates, and plugin options.

== Changelog ==

= 1.0.3 =
Added reporting polish, REST API integrations, outbound webhooks, system health diagnostics, background job queue, setup page tools, and admin support tools.

= 1.0.0 =
Initial version.
Added certificate template management and preview support.

== Licence Gating ==

This build includes a local HOT Course Delivery licence screen under HOT Training > Licence.

Free mode remains usable without a licence key. It allows the plugin to be tested with one course and basic learner/course functionality. Commercial and advanced features are ring fenced behind licence feature flags, including payments, coupons, invoices, certificates, email automation, protected downloads, quiz enforcement, final exams, tutor marking, certificate QR verification, physical certificates, advanced reporting, bulk actions, API access, outbound webhooks, and corporate seats.

The licensing layer is isolated in includes/class-hcd-licensing.php so a commercial build can replace that file with an ionCube encoded equivalent. Admin menu hiding is not the only protection. Premium admin actions, checkout actions, API actions, certificate issuing, coupon use, bulk actions, and outbound webhook actions also check the central feature gate server-side.

The default licence server URL is https://plymouthdigitalservices.com. The expected REST namespace is /wp-json/pdslm/v1/ with activate and validate endpoints. If the licence server uses different endpoint names or signature rules, update the local licence settings or the HCD_Licensing request method to match the final server documentation.

== External Service Disclosure ==

When a site administrator enters and activates a licence key, HOT Course Delivery sends a signed HTTPS request to the configured licence server. The default licence server is Plymouth Digital Services at https://plymouthdigitalservices.com.

The licence request sends the licence key, the site domain, the site URL, the HOT Course Delivery plugin version, a timestamp, and an HMAC signature. The plugin uses this service only for licence activation, scheduled licence validation, and optional local licence deactivation. It does not send learner passwords, course content, quiz answers, payment card details, or WordPress administrator passwords to the licence server.

Service website: https://plymouthdigitalservices.com
Privacy policy: https://plymouthdigitalservices.com/privacy-policy
Terms: https://plymouthdigitalservices.com/terms
