=== My Book Showroom ===
Contributors: dmrstech
Tags: books, authors, book catalog, ebook, audiobook
Requires at least: 6.6
Tested up to: 7.0
Requires PHP: 8.0
Stable tag: 1.3.6
License: GPL-2.0-or-later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

The definitive book showcase plugin for WordPress authors, publishers, and retailers. Deluxe Manuscripts Regally Served.

== Description ==

**My Book Showroom (MBS)** is a premium WordPress plugin that gives authors, publishers, and retailers a professional book catalog with rich metadata, retailer buy links, affiliate rewriting, reader reviews, and front-end display layouts.

= FREE Features =

* **Book Catalog CPT** — Create unlimited book entries with full metadata (title, author, ISBN, publisher, publication date, page count, word count, format details).
* **Multiple Formats** — Each book supports multiple editions (Hardcover, Paperback, eBook, Audiobook, Large Print, etc.) with per-format pricing and retailer links.
* **5 FREE Layouts** — Grid, List, Masonry, Hero, and Card layouts for catalog display.
* **9 Retailer Buy Links** — Amazon, Barnes & Noble, Kobo, Audible, BAM, Bookshop.org, Waterstones, Apple Books, Google Play Books.
* **Section Ordering** — Global default ordering of book detail sections.
* **Reader Reviews** — GDPR-aware review form with star ratings and consent checkbox.
* **Taxonomies** — Genre, Author, Series, Tag, Collection, Universe, Theme, Content Warning.
* **Social Share Buttons** — Share individual book pages on major social platforms.
* **Watermark** — FREE tier displays a subtle attribution watermark.
* **Shortcodes** — `[mbs_books]` and `[mbs_book]` for embedding book content anywhere.
* **Gutenberg Blocks** — Book grid, featured book, buy links, and term-list blocks.
* **Star Rating Display** — Manual star rating with half-step precision.
* **Import/Export** — CSV and XLSX import with duplicate detection.
* **Dark Mode** — Full `prefers-color-scheme: dark` support.
* **WCAG 2.1 AA** — Keyboard navigation, focus indicators, ARIA roles.

= PRO Features =

* **Affiliate Rewriting** — Automatic affiliate code insertion at render time (stored URLs unchanged).
* **Custom Stores** — Up to 3 custom retailer entries with `{CODE}` pattern substitution.
* **PRO Layouts** — Slider, Spotlight, and Magazine layouts.
* **CSS Cover Metaphors** — 7 CSS-animated cover styles (Foiled, Matte, Distressed, Noir, etc.).
* **Per-Book Section Order** — Drag-and-drop section ordering per book.
* **Bulk Edit** — Edit Genre, Series, and Visibility across multiple books at once.
* **Recommended Books Flag** — Mark books as Featured/Recommended for front-end highlighting.
* **Audio Sample Player** — Embed MP3 audio samples directly on book pages.
* **Book Trailer** — Embed video trailers (YouTube, Vimeo, direct MP4).
* **Amazon Reviews Import** — Import reader reviews from Amazon via PA-API.
* **Amazon Rating Import** — Import star ratings and review counts from Amazon.
* **Look Inside** — Amazon "Continue Reading" deep link integration.
* **Author Directory Shortcode** — `[mbs_author_directory]` paginated author listing.
* **Series Directory Shortcode** — `[mbs_series_directory]` reading-order series page.
* **Universe / Shared World** — Multi-series shared universe taxonomy.
* **Custom CSS** — Per-installation custom CSS editor.
* **Filter Layout** — AJAX live-filter catalog by genre, series, format, price range.

= Theme Compatibility =

My Book Showroom includes dedicated compatibility files for the following themes, ensuring correct CSS cascade and layout behavior:

* Divi (Elegant Themes)
* Avada (ThemeFusion)
* Astra
* OceanWP
* Flatsome (UX-themes)
* BeTheme (Muffin Group)
* Newspaper (tagDiv)
* Graphene Plus

= License System =

My Book Showroom works immediately after activation — no license key or registration required. Optional free registration at `www.dmrstech.com` unlocks settings import/export and removes the attribution watermark. PRO keys unlock premium features. When registration is used, license keys are AES-256-GCM encrypted in `wp_options`; the server uses Argon2id hashing. See the External Services section below for full disclosure.

== Installation ==

1. Upload the `my-book-showroom` folder to `/wp-content/plugins/`.
2. Activate the plugin through the **Plugins** screen in WordPress.
3. Optional: Navigate to **Books → Settings → License** to register your plugin for free — this unlocks settings import/export and removes the attribution watermark ([Register at dmrstech.com/activate](https://www.dmrstech.com/activate)).
4. Add your first book via **Books → Add New Book**.
5. Place the `[mbs_books]` shortcode or a **Book Grid** block on any page.

= Requirements =

* WordPress 6.6 or higher
* PHP 8.0 or higher
* MySQL 5.7 / MariaDB 10.3 or higher

= Database Tables =

The plugin creates custom tables on activation and via sequential migrations. Core tables:

* `{prefix}mbs_format_rows` — Book format/edition rows (Hardcover, Paperback, eBook, Audiobook, etc.)
* `{prefix}mbs_buy_links` — Per-format retailer buy link URLs
* `{prefix}mbs_section_order` — Per-book section display ordering
* `{prefix}mbs_endorsements` — Endorsements and blurbs
* `{prefix}mbs_book_meta` — Extended book metadata (rating, review count, PA-API cache)
* `{prefix}mbs_reading_order` — Series reading-order positions
* `{prefix}mbs_book_awards` — Book award entries
* `{prefix}mbs_book_contributors` — Per-book contributor assignments
* `{prefix}mbs_affiliate_stores` — Custom retailer store definitions (PRO)
* `{prefix}mbs_buy_link_clicks` — Buy-link click analytics
* `{prefix}mbs_pa_api_cache` — Amazon PA-API response cache
* `{prefix}mbs_activity_log` — Admin activity log (Publisher tier)

Additional tables are created for optional feature modules (ARC reviewer management, ESP queue, Book Club, Brand Monitor cache, POS inventory, classification codes). All table names are prefixed with your WordPress table prefix.

== Frequently Asked Questions ==

= Do I need a license key to use the plugin? =

No. My Book Showroom is fully functional immediately after activation — no license key or registration is required. Front-end book display is active by default on the FREE tier.

Optional free registration at [dmrstech.com/activate](https://www.dmrstech.com/activate) unlocks settings import/export and removes the attribution watermark. A PRO subscription is required for premium features (affiliate rewriting, PRO layouts, Amazon PA-API integration, etc.).

= Are my Amazon PA-API credentials sent to your servers? =

No. Amazon PA-API Access Key and Secret Key are stored encrypted in your `wp_options` database table using AES-256-GCM encryption with your WordPress AUTH_KEY. They are never transmitted to `www.dmrstech.com` or any DMRS Tech server. All PA-API calls go directly from your WordPress installation to Amazon's API endpoint.

= Does affiliate rewriting modify my stored URLs? =

No. Affiliate codes are appended at render time only. The URLs stored in your database are never modified. If you remove your affiliate code from the settings, the clean URL is served immediately — no database cleanup required.

= What happens if I cancel my PRO subscription? =

Your account silently downgrades to FREE tier. All your book data is preserved. PRO-only front-end features (affiliate rewriting, PRO layouts, audio player, etc.) stop rendering, but the content remains in the database. You can re-activate a PRO key at any time to restore full functionality.

= Is the plugin GDPR-compliant? =

The reader review form includes an explicit consent checkbox. No review can be submitted without consent. Review authors' IP addresses are stored only in the standard WordPress comments table (same as any WP comment). No additional personal data is collected. Consult your legal team for your specific compliance obligations.

= Which themes are supported? =

All standard WordPress themes are supported. Dedicated compatibility files are included for Divi, Avada, Astra, OceanWP, Flatsome, BeTheme, Newspaper (tagDiv), and Graphene Plus. The plugin uses a `.mbs-wrapper` CSS scope to prevent bleed from theme stylesheets.

= Can I use the plugin with WooCommerce? =

MBS is designed for authors and publishers showcasing books, not for direct-sell ecommerce. WooCommerce integration (direct cart, per-format pricing in cart) is planned for a future sprint. Currently, buy links point to external retailers.

== Screenshots ==

1. Book catalog in grid layout (FREE tier).
2. Single book page with tab navigation and buy links.
3. Admin book editor with format repeater and metadata fields.
4. Settings panel — Earn More tab with retailer affiliate codes.
5. Bulk edit — selecting genre and visibility for multiple books.

== External Services ==

My Book Showroom communicates with the DMRS Tech API (`www.dmrstech.com`) for the following **optional** operations only. No data is transmitted if you use the plugin without registering.

= Free registration (optional) =

If you choose to register your plugin, the following data is sent to `www.dmrstech.com`:

* Your email address — for license key delivery only
* Your site domain
* A timestamp and request nonce (for HMAC request signing)

= License validation (only when a key is stored) =

* Your license key (HMAC-signed, transmitted over HTTPS)
* Your site domain
* A timestamp and nonce

= Plugin update checks (only when a key is stored) =

Update availability is checked via `www.dmrstech.com`. Only the plugin slug and current version number are sent — no personal data.

* Service provider: DMRS Tech
* Service URL: https://www.dmrstech.com
* Terms of Service: https://www.dmrstech.com/terms.php
* Privacy Policy: https://www.dmrstech.com/privacy.php

== Changelog ==

= 1.3.6 =
* Compliance: Full WordPress.org Plugin Check remediation — resolved all suppressible errors and warnings (173E+1179W → 1E+4W).
* Security: Added esc_attr() escaping on ISBN and format fields in related-products metabox.
* Security: Replaced wp_redirect() with wp_safe_redirect() in buy-link router.
* Security: Fixed phpcs:ignore comment erroneously embedded inside SQL string literal in endorsement DAO (corrupted query risk).
* Improvement: Self-update hook is a no-op for unregistered installations; added inline documentation clarifying WP.org compliance.
* Improvement: WP_Filesystem used as primary path for temp file writes and directory cleanup; native PHP fallback retained for non-direct filesystem methods.
* i18n: Translator comments added for all printf() calls with placeholders; ordered placeholders (%1$s/%2$s) applied throughout.
* Docs: All developer reference documents moved out of plugin root into project folder; plugin root now contains only WP.org-allowed markdown files.

= 1.3.5 =
* Security: Removed all MBS_DEV_MODE security bypass blocks from production source (tamper gate, ping-age check, HTTPS guards in API and payment adapters now fire unconditionally).
* Security: Upgraded encryption from AES-256-CBC to AES-256-GCM for license keys, API secret, and PA-API credentials.
* Security: Implemented manifest HMAC authentication (SHA-256 HMAC request signing and response verification).
* Security: Applied comprehensive security audit remediations (SQL, XSS, CSRF, SSRF, path traversal, deserialization, auth-check ordering).
* Improvement: All API communication now uses production endpoint (www.dmrstech.com).
* Fix: Resolved multiple URL routing corrections (upgrade, docs, FAQ links).
* l10n: Updated translations for 11 locales.

= 1.0.0 =
* Initial release.
* 12 sprints of feature development and hardening:
  - Full CPT and taxonomy system (Sprints 1–2)
  - Admin settings panel with 7 tabs (Sprint 3)
  - Front-end display — 5 FREE + 3 PRO layouts (Sprint 4)
  - License system with HMAC signing and anti-tamper escalation (Sprint 5)
  - Retailer buy links with 9 retailers and affiliate rewriting (Sprint 6)
  - CSV/XLSX import, settings export (Sprint 7)
  - CSS cover metaphors and audio/video player (Sprint 8)
  - Amazon PA-API integration, reader reviews (Sprint 9)
  - Earn More tab: 5 additional retailers, custom stores, bulk edit (Sprint 10)
  - Theme compat, WCAG 2.1 AA, dark mode, performance hardening (Sprint 12)

== Upgrade Notice ==

= 1.0.0 =
Initial release — no upgrade path.

== Privacy Policy ==

My Book Showroom does not collect or transmit any visitor personal data beyond what WordPress itself stores (comment author data if the reader review form is used).

If you choose to register the plugin (optional), your email address is transmitted to `www.dmrstech.com` solely for license key delivery. It is not used for marketing without your explicit consent.

When a license key is stored, periodic validation transmits your license key (HMAC-signed over HTTPS), your site domain, and a timestamp. No visitor data is ever transmitted.

See the full privacy policy at [dmrstech.com/privacy](https://www.dmrstech.com/privacy.php).
