=== File Upload Form ===
Contributors: snehalpancholi
Tags: contact form, file upload, email form, attachments, shortcode
Requires at least: 6.0
Tested up to: 6.7
Stable tag: 1.0.0
Requires PHP: 8.1
License: GPL-2.0+
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Contact form with secure file upload. Send files directly to your admin via shortcode.

== Description ==

**File Upload Form** is a lightweight, privacy-first contact form plugin that lets visitors send files directly to your inbox — no third-party services, no monthly fees.

Place the form anywhere using the `[file_upload_form]` shortcode and let users submit their name, email, subject, a message, and an optional file attachment. The file is sent as an email attachment and then immediately deleted from the server — nothing is stored in the media library.

**Key Features:**

* Simple five-field contact form (Name, Email, Subject, Message, File)
* Secure file upload with extension and size validation
* File delivered as email attachment via `wp_mail` then deleted — no permanent storage
* Submissions log stored in a lightweight database table
* Admin submissions viewer with pagination and delete action
* Configurable allowed file types (comma-separated extensions)
* Configurable maximum file size (1–50 MB)
* Custom success message and button label
* Honeypot field + WordPress nonce for CSRF protection
* Real-time upload progress bar
* Client-side validation with inline error messages
* Character counter on the message field
* Mobile-first responsive layout
* Dark mode support via CSS media query
* Vanilla JavaScript — no jQuery dependency
* Automatic updates from the AddonLogic update server

== Installation ==

1. Upload the `file-upload-form` folder to `/wp-content/plugins/`.
2. Activate the plugin via **Plugins > Installed Plugins**.
3. Go to **Settings > File Upload Form** to configure the admin email, allowed file types, max size, and messages.
4. Add `[file_upload_form]` to any page or post.

== Frequently Asked Questions ==

= Are uploaded files stored on the server permanently? =

No. Files are moved to a temporary directory, attached to the notification email, and then deleted from the server immediately after the email is sent. No file content is stored in the database.

= Can I limit which file types visitors can upload? =

Yes. Go to **Settings > File Upload Form** and enter a comma-separated list of extensions in the "Allowed File Types" field (e.g., `pdf,doc,jpg,png`). Both client-side and server-side validation enforce this list.

= What happens if the email fails to send? =

The submission is still saved in the database so you will not lose the message. Go to **Tools > File Submissions** to view all submissions.

= Can I change the maximum file size? =

Yes. Go to **Settings > File Upload Form** and set "Max File Size (MB)". The plugin also respects the server PHP `upload_max_filesize` and `post_max_size` limits.

= Is the form protected against spam? =

The form uses a honeypot hidden field and a WordPress nonce to prevent automated spam and CSRF attacks. There is also a one-minute cookie-based flood prevention after each successful submission.

= Where are submissions stored? =

In the `{prefix}fuf_submissions` database table. View them at **Tools > File Submissions**.

= Can I use the shortcode multiple times on the same page? =

The form can be placed on any page or post. Using it more than once on the same page is not recommended as field IDs would conflict.

== Changelog ==

= 1.0.0 =
* Initial release.
* Shortcode `[file_upload_form]` with five fields.
* Email delivery with file attachment.
* Server-side and client-side file validation.
* Submissions database table with admin viewer.
* Honeypot + nonce spam protection.
* Upload progress bar.
* Settings page for email, file types, size, and messages.
* Automatic updates via AddonLogic update server.
