=== Besteron Payment Gateway ===
Contributors: besteron
Tags: woocommerce, payments, payment gateway, besteron, hpos
Requires at least: 6.2
Tested up to: 6.9
Requires PHP: 7.4
WC requires at least: 8.2
WC tested up to: 10.3
Stable tag: 2.1.3
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Accept Besteron online payments in WooCommerce with server-side transaction verification and HPOS support.

== Description ==

Besteron Payment Gateway connects WooCommerce stores to the Besteron payment gateway. Customers are redirected to Besteron to complete the payment, and the order is marked as paid only after the plugin verifies the transaction on the server.

= Main features =

* Redirect payment flow through Besteron.
* Server-side transaction status verification through the Besteron Passive API.
* Separate testing and live access profiles.
* Automatic access profile selection by domain, language and currency.
* Write-only KEY and API KEY fields in the WordPress administration.
* WooCommerce High-Performance Order Storage compatibility.
* WooCommerce Blocks checkout compatibility.
* Optional diagnostic logging with redacted data.
* Optional data removal during plugin uninstall.

= Requirements =

* WordPress 6.2 or newer.
* WooCommerce 8.2 or newer.
* PHP 7.4 or newer.
* A Besteron merchant account and access credentials.
* PHP OpenSSL support is recommended for encrypted storage of new secret values.

= Payment verification =

The plugin does not complete an order only because a customer returns from a payment page. The server checks the Besteron transaction status and compares the transaction ID, amount, currency and order number before WooCommerce receives the payment completion signal.

= External services =

This plugin connects to Besteron payment services to create payment transactions and verify transaction status. The external service is required for the payment gateway to work.

Live mode endpoints:

* `https://gate.besteron.com`
* `https://passive.besteron.com`

Testing mode endpoints:

* `https://gate.snd.besteron.com`
* `https://passive.snd.besteron.com`

When a customer chooses Besteron as the payment method, the plugin sends data required for payment processing to Besteron, including order number, order amount, currency, selected order item data, return URL, notification URL, customer email address, customer phone number when available, and billing and delivery address data. The plugin also contacts Besteron during scheduled or manual transaction status checks.

The plugin does not contact Besteron on activation or during normal site page loads before the gateway is configured and used.

The plugin does not collect, store or process payment card numbers, CVV codes or other card authentication data. Payment card entry and payment authorization are handled by Besteron payment infrastructure.

Besteron privacy policy: https://besteron.com/en/privacy-policy/
Besteron terms and conditions: https://besteron.com/en/terms-and-conditions/

= Privacy =

The plugin stores Besteron transaction identifiers, transaction status values, selected access profile information, gateway settings and, when enabled by the administrator, redacted diagnostic log entries. Access KEY and API KEY values are write-only in the administration and are encrypted before storage when the server supports the required OpenSSL cipher.

Diagnostic logging is disabled by default. When enabled, diagnostic logs are visible only to authorized WooCommerce administrators and are limited to the newest stored entries.

The plugin adds suggested privacy policy text to the WordPress privacy policy guide.

== Installation ==

1. Make sure WooCommerce is installed and active.
2. Deactivate any legacy Besteron payment gateway plugin that uses the same WooCommerce gateway ID.
3. Upload the plugin ZIP through Plugins > Add New > Upload Plugin.
4. Activate Besteron Payment Gateway.
5. Open WooCommerce > Settings > Payments > Besteron Payment Gateway.
6. Add testing access profiles and complete a sandbox payment test.
7. Switch the environment to live, add live access profiles and complete your production verification process.

== Configuration ==

1. Select the gateway environment: testing or live.
2. Add one or more Besteron access profiles.
3. Assign access profiles by domain, language and currency when the store uses multiple domains or markets.
4. Select allowed payment methods.
5. Enable scheduled transaction status verification.
6. Keep diagnostic logging disabled unless troubleshooting is required.

== Frequently Asked Questions ==

= Does the plugin support WooCommerce HPOS? =

Yes. The plugin declares compatibility with WooCommerce High-Performance Order Storage.

= Does the plugin support WooCommerce Blocks checkout? =

Yes. The plugin registers a WooCommerce Blocks payment method integration.

= Are access keys shown in the administration after saving? =

No. KEY and API KEY values are write-only. Saved values are not rendered back into HTML or JavaScript.

= Can I use separate testing and live credentials? =

Yes. Each access profile is assigned to either testing mode or live mode. The plugin uses only profiles that match the selected environment.

= How does automatic profile selection work? =

Rules are evaluated from top to bottom. A rule can match the current domain, language and currency. Empty rule conditions are ignored. If no rule matches, the selected default profile is used.

= Where are diagnostic logs stored? =

The administration table reads the latest entries from the WordPress option `besteron_payment_gateway_debug_log_entries`. The same redacted entries are also written to the WooCommerce logger with the source `besteron-payment-gateway` when diagnostic logging is enabled.

= Are plugin data removed on uninstall? =

No, not by default. Plugin data are preserved for accounting and audit purposes. Administrators can enable the Danger Zone option to remove plugin data when the plugin is deleted through the standard WordPress uninstall process.

== Screenshots ==

1. Besteron Payment Gateway settings with tabbed administration sections.
2. Access profile management for testing and live credentials.
3. Automatic access profile selection rules.
4. Besteron payment method in WooCommerce checkout.
5. Besteron transaction status panel in the order administration.
6. Diagnostic log table with search and filtering.

== Upgrade Notice ==

= 2.1.3 =
Fixes uninstall behavior and adds complete English/Slovak translations for Besteron payment-method names and checkout labels.

= 2.1.2 =
Fixes WooCommerce Blocks checkout payment-method selection so the selected Besteron method is sent instead of falling back to CARD.

= 2.1.1 =
Fixes Besteron API v1 response envelope handling so checkout can redirect to the returned payment widget URL.

= 2.1.0 =
Adds configurable checkout display design, payment-method logos, direct Besteron payment method selection, and Besteron API v1 endpoints.

== Changelog ==

= 2.1.3 =
* Fixed uninstall flow so WordPress can remove plugin files when the Danger Zone data-removal option is not enabled.
* Kept settings, logs, transaction tables and order metadata on uninstall when data removal is disabled.
* Expanded data-removal cleanup to delete current and legacy Besteron transaction tables, plugin options, diagnostic logs, WooCommerce database log entries and Besteron order metadata when enabled.
* Added translatable payment-method admin names and checkout labels, including Card payment / Payment card in English and Platba kartou / Platobná karta in Slovak.
* Added explicit loading of bundled plugin translations from the plugin languages directory.

= 2.1.2 =
* Fixed WooCommerce Blocks checkout handling so the selected Besteron payment option from Store API `payment_data` is read correctly.
* Prevented silent fallback to `CARD` when Payment methods display is enabled and no valid selected option reaches the server.
* Hardened payment-method sanitization so empty or invalid values do not automatically become `CARD`.

= 2.1.1 =
* Fixed Besteron API v1 payment-intent response parsing when `redirectUrl` and `transactionId` are returned under the top-level `data` key.
* Fixed server-side passive status response parsing for the same API v1 `data` envelope shape.

= 2.1.0 =
* Added a Checkout display design setting with Simple display and Payment methods display modes.
* Added payment-method logos for supported card, wallet and bank payment methods.
* Shows gateway setting names separately from customer-facing checkout labels such as TatraPay and SporoPay.
* Sends the selected payment method code directly in the `paymentMethods` request field when Payment methods display is enabled.
* Updated Besteron API paths to `/api/v1/oauth2/token`, `/api/v1/payment-intents` and `/api/v1/payment-intents/{transactionId}`.

= 2.0.0 =
* Added server-side transaction verification, scheduler support, HPOS compatibility and protected access credentials.
* Added tabbed administration settings, diagnostic logging and order transaction status tools.
