=== GDPR Consent ===
Contributors: snehalpancholi
Tags: gdpr, consent, privacy, contact form, compliance
Requires at least: 6.0
Tested up to: 6.7
Stable tag: 1.0.0
Requires PHP: 8.1
License: GPL-2.0+
License URI: https://www.gnu.org/licenses/gpl-2.0.html

A reusable GDPR consent checkbox for WordPress forms. Shortcode, CF7 tag, developer action hook, and an admin consent log viewer.

== Description ==

**GDPR Consent** adds a fully compliant GDPR consent checkbox to any WordPress form in seconds. Whether you use the built-in shortcode, Contact Form 7, or a custom coded form, a single line of code gives you:

* A styled, accessible consent checkbox with a configurable privacy policy link
* Client-side validation that blocks submission if the user has not consented
* Server-side validation for Contact Form 7
* An auditable consent log stored in your database, with date-range filtering, CSV export, and automatic record purging
* A developer action hook so any plugin or theme can log consent with one line

= Key Features =

* **[gdpr_consent] shortcode** — embed the checkbox in any page, post, or widget
* **Contact Form 7 integration** — use the `[gdpr-consent gdpr_consent]` tag in any CF7 form; CF7 validates on the server before mail is sent
* **`addlc_gdc_log_consent` action hook** — fire from any custom form or plugin to record consent
* **Admin consent log** — filterable table under Tools > Consent Log with CSV export
* **Configurable consent text** — use the `{privacy_link}` placeholder to auto-insert a link to your privacy policy page
* **Retention policy** — set how many days to keep consent records; purge with one click
* **No jQuery** — vanilla ES6 JavaScript
* **Accessible** — keyboard navigable, ARIA attributes, visible focus ring
* **Dark-mode ready** — CSS variables for easy theming

= Shortcode =

`[gdpr_consent]`

Place this inside any `<form>` element. The checkbox must be checked before the form can be submitted.

= Contact Form 7 Integration =

Add the following tag to any Contact Form 7 form template:

`[gdpr-consent gdpr_consent]`

The plugin automatically validates the field on the server and logs consent to the database after mail is sent successfully.

= Developer Hook =

Log consent from any custom form or third-party plugin:

`do_action( 'addlc_gdc_log_consent', [ 'form_source' => 'my-form', 'page_url' => get_permalink() ] );`

== Installation ==

1. Upload the `gdpr-consent` folder to the `/wp-content/plugins/` directory.
2. Activate the plugin through the **Plugins** screen in WordPress.
3. Go to **Settings > GDPR Consent** to configure consent text, privacy page, and logging options.
4. Add `[gdpr_consent]` to any page or use the CF7 tag in your contact forms.
5. View logged consents under **Tools > Consent Log**.

== Frequently Asked Questions ==

= What does Contact Form 7 integration do? =

When Contact Form 7 is active, GDPR Consent registers a custom `[gdpr-consent]` form tag. Dropping `[gdpr-consent gdpr_consent]` into a CF7 form template renders the styled consent checkbox. CF7 validates server-side that the box was checked before sending mail, and logs the consent event to the database after a successful submission.

= How do I use the action hook in a custom form? =

After your form processes a successful submission, call:

`do_action( 'addlc_gdc_log_consent', [ 'form_source' => 'my-custom-form', 'page_url' => esc_url( $_SERVER['HTTP_REFERER'] ?? '' ) ] );`

The plugin handles inserting the record, grabbing the IP address, and respecting the "Log Consent Records" setting.

= What IP address is logged? =

The plugin checks `HTTP_CF_CONNECTING_IP`, `HTTP_X_FORWARDED_FOR`, `HTTP_X_REAL_IP`, and `REMOTE_ADDR` in that order, using the first valid IP it finds. If your server is behind a trusted proxy (e.g. Cloudflare), the real visitor IP is captured correctly.

= Does the plugin work without Contact Form 7? =

Yes. The CF7 integration only activates when CF7 is detected. The shortcode, action hook, and consent log work independently of CF7.

= Where are consent records stored? =

In a custom database table `{prefix}gdc_consent_log` created during plugin activation. The table is removed when the plugin is uninstalled.

= How do I export consent records? =

Go to **Tools > Consent Log**, optionally filter by date range or form source, then click **Export CSV**. The download includes all visible records.

= How does record purging work? =

The **Retention (Days)** setting on the Settings page defines the maximum age of consent records. Clicking **Purge Old Records** on the Consent Log page deletes all records older than the configured number of days. This action is irreversible.

= Is the consent log GDPR-compliant? =

The log records the consent text shown to the user, the source form, the page where consent was given, an anonymisable IP address, and a timestamp — which constitutes a valid consent audit trail under GDPR Article 7(1). However, GDPR compliance depends on your overall data-handling practices. Consult a legal professional for advice specific to your situation.

== Screenshots ==

1. **Admin Settings page** — configure consent text, privacy page, error message, and logging.
2. **Consent Log** — date-range filter, form-source filter, paginated table, CSV export, and purge button.
3. **Frontend checkbox** — styled, accessible checkbox with privacy policy link.
4. **Error state** — shake animation and red error message when the user tries to submit without consenting.

== Changelog ==

= 1.0.0 =
* Initial release.
* [gdpr_consent] shortcode with configurable text and privacy link.
* Contact Form 7 custom tag with server-side validation.
* addlc_gdc_log_consent action hook for custom integrations.
* Admin consent log with date/source filtering, CSV export, and retention-based purge.
* Vanilla ES6 client-side validation with shake animation.
* Dark-mode–ready CSS with CSS custom properties.
* Automatic update system via AddonLogic update server.

== Upgrade Notice ==

= 1.0.0 =
Initial release. No upgrade steps required.
