=== Besteron Payment Gateway ===
Contributors: besteron
Tags: woocommerce, payments, payment gateway, besteron, hpos
Requires at least: 6.2
Tested up to: 6.9
Requires PHP: 7.4
WC requires at least: 8.2
WC tested up to: 10.3
Stable tag: 2.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Accept Besteron online payments in WooCommerce with server-side transaction verification and HPOS support.

== Description ==

Besteron Payment Gateway connects WooCommerce stores to the Besteron payment gateway. Customers are redirected to Besteron to complete the payment, and the order is marked as paid only after the plugin verifies the transaction on the server.

= Main features =

* Redirect payment flow through Besteron.
* Server-side transaction status verification through the Besteron Passive API.
* Separate testing and live access profiles.
* Automatic access profile selection by domain, language and currency.
* Write-only KEY and API KEY fields in the WordPress administration.
* WooCommerce High-Performance Order Storage compatibility.
* WooCommerce Blocks checkout compatibility.
* Optional diagnostic logging with redacted data.
* Optional data removal during plugin uninstall.

= Requirements =

* WordPress 6.2 or newer.
* WooCommerce 8.2 or newer.
* PHP 7.4 or newer.
* A Besteron merchant account and access credentials.
* PHP OpenSSL support is recommended for encrypted storage of new secret values.

= Payment verification =

The plugin does not complete an order only because a customer returns from a payment page. The server checks the Besteron transaction status and compares the transaction ID, amount, currency and order number before WooCommerce receives the payment completion signal.

= External services =

This plugin connects to Besteron payment services to create payment transactions and verify transaction status. The external service is required for the payment gateway to work.

Live mode endpoints:

* `https://gate.besteron.com`
* `https://passive.besteron.com`

Testing mode endpoints:

* `https://gate.snd.besteron.com`
* `https://passive.snd.besteron.com`

When a customer chooses Besteron as the payment method, the plugin sends data required for payment processing to Besteron, including order number, order amount, currency, selected order item data, return URL, notification URL, customer email address, customer phone number when available, and billing and delivery address data. The plugin also contacts Besteron during scheduled or manual transaction status checks.

Besteron privacy policy: https://besteron.com/en/privacy-policy/
Besteron terms and conditions: https://besteron.com/en/terms-and-conditions/

= Privacy =

The plugin stores Besteron transaction identifiers, transaction status values, selected access profile information, gateway settings and, when enabled by the administrator, redacted diagnostic log entries. Access KEY and API KEY values are write-only in the administration and are encrypted before storage when the server supports the required OpenSSL cipher.

Diagnostic logging is disabled by default. When enabled, diagnostic logs are visible only to authorized WooCommerce administrators and are limited to the newest stored entries.

The plugin adds suggested privacy policy text to the WordPress privacy policy guide.

== Installation ==

1. Make sure WooCommerce is installed and active.
2. Deactivate any legacy Besteron payment gateway plugin that uses the same WooCommerce gateway ID.
3. Upload the plugin ZIP through Plugins > Add New > Upload Plugin.
4. Activate Besteron Payment Gateway.
5. Open WooCommerce > Settings > Payments > Besteron Payment Gateway.
6. Add testing access profiles and complete a sandbox payment test.
7. Switch the environment to live, add live access profiles and complete your production verification process.

== Configuration ==

1. Select the gateway environment: testing or live.
2. Add one or more Besteron access profiles.
3. Assign access profiles by domain, language and currency when the store uses multiple domains or markets.
4. Select allowed payment methods.
5. Enable scheduled transaction status verification.
6. Keep diagnostic logging disabled unless troubleshooting is required.

== Frequently Asked Questions ==

= Does the plugin support WooCommerce HPOS? =

Yes. The plugin declares compatibility with WooCommerce High-Performance Order Storage.

= Does the plugin support WooCommerce Blocks checkout? =

Yes. The plugin registers a WooCommerce Blocks payment method integration.

= Are access keys shown in the administration after saving? =

No. KEY and API KEY values are write-only. Saved values are not rendered back into HTML or JavaScript.

= Can I use separate testing and live credentials? =

Yes. Each access profile is assigned to either testing mode or live mode. The plugin uses only profiles that match the selected environment.

= How does automatic profile selection work? =

Rules are evaluated from top to bottom. A rule can match the current domain, language and currency. Empty rule conditions are ignored. If no rule matches, the selected default profile is used.

= Where are diagnostic logs stored? =

The administration table reads the latest entries from the WordPress option `besteron_payment_gateway_debug_log_entries`. The same redacted entries are also written to the WooCommerce logger with the source `besteron-payment-gateway` when diagnostic logging is enabled.

= Are plugin data removed on uninstall? =

No, not by default. Plugin data are preserved for accounting and audit purposes. Administrators can enable the Danger Zone option to remove plugin data when the plugin is deleted through the standard WordPress uninstall process.

== Screenshots ==

1. Besteron Payment Gateway settings with tabbed administration sections.
2. Access profile management for testing and live credentials.
3. Automatic access profile selection rules.
4. Besteron payment method in WooCommerce checkout.
5. Besteron transaction status panel in the order administration.
6. Diagnostic log table with search and filtering.

== Upgrade Notice ==

= 2.0.0 =
Privacy policy registration compatibility update. This release avoids direct calls to privacy helper functions outside the supported WordPress admin context.

== Changelog ==

= 2.0.0 =
* Registered suggested privacy policy content through a guarded callable to avoid undefined function warnings outside the WordPress privacy tools context.
* Kept WordPress.org readme, external service and privacy disclosures up to date.
* Updated version metadata to 2.0.0.

= 2.4.10 =
* Changed the WooCommerce diagnostic log source to besteron-payment-gateway.
* Renamed internal plugin slugs, action identifiers and asset handles to besteron-payment-gateway.
* Confirmed diagnostic logging remains disabled by default for new installations.
* Added search and level filtering to the diagnostic log table.
* Improved the diagnostic table toolbar, responsive layout and empty-state handling.

= 2.4.7 =
* Added Danger Zone settings for optional data removal during plugin uninstall.
* Added uninstall cleanup for settings, transaction table, transaction metadata, scheduler hooks and diagnostic logs.

= 2.4.5 =
* Added search and filtering to the diagnostic log table.
* Improved responsive diagnostic log layout.

= 2.4.3 =
* Added tabbed settings layout.
* Improved keyboard navigation in settings tabs.

= 2.4.0 =
* Prepared production wording and WordPress-compatible translations.
* Improved settings layout and removed development labels.

= 2.3.8 =
* Added WordPress-compatible English and Slovak translation files.
* Added POT template and JavaScript translation files.

= 2.3.0 =
* Default environment changed to live for new installations.
* Added strict database query guard.
* Added recursive request payload sanitization.

= 2.2.3 =
* Added environment-specific access profiles for testing and live mode.
* Added dynamic access profile routing by domain, language and currency.

= 2.1.9 =
* Strengthened transaction verification by requiring amount, currency, order number and transaction ID matching.

= 2.1.0 =
* Added server-side transaction verification, scheduler support, HPOS compatibility and protected access credentials.
