{"id":290028,"date":"2026-03-29T23:35:31","date_gmt":"2026-03-29T23:35:31","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/employee-verification-document-authentication\/"},"modified":"2026-03-29T23:35:21","modified_gmt":"2026-03-29T23:35:21","slug":"employee-verification-document-authentication","status":"publish","type":"plugin","link":"https:\/\/azb.wordpress.org\/plugins\/employee-verification-document-authentication\/","author":20005930,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.3.2","stable_tag":"1.3.2","tested":"6.9.4","requires":"5.8","requires_php":"7.4","requires_plugins":null,"header_name":"Employee Verification & Document Authentication","header_author":"SKFreelancers","header_description":"Manage employees, issue verifiable internship and experience letters with QR codes, and let visitors verify staff and documents on your website using simple shortcodes.","assets_banners_color":"8ec0be","last_updated":"2026-03-29 23:35:21","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/skfreelancers.com\/","header_author_uri":"https:\/\/skfreelancers.com","rating":5,"author_block_rating":0,"active_installs":0,"downloads":50,"num_ratings":1,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.3.2":{"tag":"1.3.2","author":"saqibabbasi","date":"2026-03-29 23:35:21"}},"upgrade_notice":{"1.1.4":"

Letters now render live. Use the "Convert to Live Rendering" button in Settings \u2192 Styling to migrate any existing static letters generated before this version.<\/p>"},"ratings":{"1":0,"2":0,"3":0,"4":0,"5":1},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3494130,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3494130,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3494130,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3494130,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.3.2"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3494130,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3494130,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3494130,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3494130,"resolution":"4","location":"assets","locale":""},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3494130,"resolution":"5","location":"assets","locale":""}},"screenshots":{"1":"Employee list with letter status and quick actions","2":"Add\/Edit employee form with all fields","3":"Generated Internship Completion Letter (A4, print-ready)","4":"Public employee verification page","5":"Plugin settings \u2014 Styling tab with live preview","6":"Plugin settings \u2014 Signature block configuration"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[258949,258948,258951,178788,258950],"plugin_category":[],"plugin_contributors":[258952],"plugin_business_model":[],"class_list":["post-290028","plugin","type-plugin","status-publish","hentry","plugin_tags-document-authentication","plugin_tags-employee-verification","plugin_tags-experience-letter","plugin_tags-hr-management","plugin_tags-internship-letter","plugin_contributors-saqibabbasi","plugin_committers-saqibabbasi"],"banners":{"banner":"https:\/\/ps.w.org\/employee-verification-document-authentication\/assets\/banner-772x250.png?rev=3494130","banner_2x":"https:\/\/ps.w.org\/employee-verification-document-authentication\/assets\/banner-1544x500.png?rev=3494130","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/employee-verification-document-authentication\/assets\/icon-128x128.png?rev=3494130","icon_2x":"https:\/\/ps.w.org\/employee-verification-document-authentication\/assets\/icon-256x256.png?rev=3494130","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/employee-verification-document-authentication\/assets\/screenshot-1.png?rev=3494130","caption":"Employee list with letter status and quick actions"},{"src":"https:\/\/ps.w.org\/employee-verification-document-authentication\/assets\/screenshot-2.png?rev=3494130","caption":"Add\/Edit employee form with all fields"},{"src":"https:\/\/ps.w.org\/employee-verification-document-authentication\/assets\/screenshot-3.png?rev=3494130","caption":"Generated Internship Completion Letter (A4, print-ready)"},{"src":"https:\/\/ps.w.org\/employee-verification-document-authentication\/assets\/screenshot-4.png?rev=3494130","caption":"Public employee verification page"},{"src":"https:\/\/ps.w.org\/employee-verification-document-authentication\/assets\/screenshot-5.png?rev=3494130","caption":"Plugin settings \u2014 Styling tab with live preview"}],"raw_content":"\n

Employee Verification & Document Authentication<\/strong> is a complete HR document management system for WordPress. Issue tamper-proof internship completion letters and experience letters with unique verification IDs and QR codes, then let anyone verify authenticity through a simple public-facing page.<\/p>\n\n

Key Features<\/h4>\n\n

Employee Management<\/strong>\n* Add, edit, and delete employee profiles with photos\n* Track Active, Intern, and Former Employee statuses\n* Store joining date, leaving date, internship period, CNIC, father name, and tasks completed\n* Bulk import employees via CSV\n* Custom fields system \u2014 define global fields and fill per employee<\/p>\n\n

Document Generation<\/strong>\n* Issue Internship Completion Letters and Experience Letters\n* One letter per type per employee \u2014 enforced at database level\n* Letters render live on every view, always reflecting your current settings\n* Print \/ Save as PDF from the browser (A4 size, printer-ready)<\/p>\n\n

Verification System<\/strong>\n* Every letter gets a unique 16-character cryptographically random Verification ID\n* QR code on each letter links directly to the document verification page\n* Public shortcodes for employee and document verification\n* [evda_employee_verification]<\/code> \u2014 search employees by ID, Name, or CNIC\n* [evda_document_verification]<\/code> \u2014 verify letters by ID or QR scan<\/p>\n\n

Letter Customization (Settings)<\/strong>\n* Company logo on all letters\n* Full typography control: font, size, line height, colors\n* Editable letter body templates with placeholders\n* Optional signature block: name, title, and uploaded signature image\n* Custom footer message (office address, phone, website)\n* Toggle: QR code, border\/shadow, title underline\n* All styling changes apply instantly to existing letters \u2014 no regeneration needed<\/p>\n\n

Email Notifications<\/strong>\n* Auto-email employees when a letter is issued\n* Configurable subject and body templates with placeholders\n* Email logs with last 100 send attempts\n* Test email button<\/p>\n\n

Admin Search Flexibility<\/strong>\n* Choose which fields visitors can search on: Employee ID, Full Name, and\/or CNIC<\/p>\n\n

Shortcodes<\/h4>\n\n
[evda_employee_verification] \u2014 Public employee lookup form.\n[evda_document_verification] \u2014 Public document verification form. Also works via URL: `?id=VERIFICATION_ID`\n<\/code><\/pre>\n\n
Privacy<\/h4>\n\n
This plugin stores employee data entered by the site administrator. No data is sent to external services except for QR code generation (uses a public QR API or falls back to a local generator). No tracking or analytics are included.<\/p>\n\n
External Services<\/h3>\n\n
This plugin optionally connects to two external QR code generation APIs when generating QR codes for employee letters. These APIs are only called server-side<\/strong> (never from the visitor's browser) when WordPress is generating a letter or verification page.<\/p>\n\n
1. goQR.me API<\/h4>\n\n
    \n
  • What it does:<\/strong> Generates a QR code PNG image for a verification URL.<\/li>\n
  • When it is called:<\/strong> When a new letter is generated and the PHP GD extension is unavailable.<\/li>\n
  • Data sent:<\/strong> The public verification URL (e.g. https:\/\/yoursite.com\/?evda_verify_doc=XXXX<\/code>). No personal data is transmitted.<\/li>\n
  • Service provider:<\/strong> goQR.me \u2014 https:\/\/goqr.me<\/li>\n
  • Terms of use:<\/strong> https:\/\/goqr.me\/terms-of-use\/<\/li>\n
  • Privacy policy:<\/strong> https:\/\/goqr.me\/privacy-policy\/<\/li>\n<\/ul>\n\n
    2. Google Charts API<\/h4>\n\n
      \n
    • What it does:<\/strong> Fallback QR code PNG generation if the goQR.me API is unavailable.<\/li>\n
    • When it is called:<\/strong> Only if the goQR.me API call fails and the PHP GD extension is unavailable.<\/li>\n
    • Data sent:<\/strong> The public verification URL only. No personal data is transmitted.<\/li>\n
    • Service provider:<\/strong> Google LLC \u2014 https:\/\/developers.google.com\/chart<\/li>\n
    • Terms of use:<\/strong> https:\/\/developers.google.com\/terms<\/li>\n
    • Privacy policy:<\/strong> https:\/\/policies.google.com\/privacy<\/li>\n<\/ul>\n\n
      If both external APIs are unavailable (e.g. the server has no outbound internet access), the plugin automatically falls back to a locally-generated QR code using the PHP GD library \u2014 no external request is made.<\/p>\n\n
      License<\/h3>\n\n
      This plugin is free software: you can redistribute it and\/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or any later version.<\/p>\n\n\n
        \n
      1. Upload the employee-verification<\/code> folder to \/wp-content\/plugins\/<\/code>, or install via Plugins \u2192 Add New \u2192 Upload Plugin<\/strong>.<\/li>\n
      2. Activate the plugin. Database tables are created automatically.<\/li>\n
      3. Create two WordPress pages and add shortcodes:\n\n
          \n
        • A page with [evda_employee_verification]<\/code><\/li>\n
        • A page with [evda_document_verification]<\/code><\/li>\n<\/ul><\/li>\n
        • Go to Employee Verify \u2192 Settings \u2192 General<\/strong> and assign those pages.<\/li>\n
        • Upload your company logo and configure styling as desired.<\/li>\n
        • Add employees under Employee Verify \u2192 Employees<\/strong> and start generating letters.<\/li>\n<\/ol>\n\n\n
          \n
          Do I need any extra libraries or Composer?<\/h3><\/dt>\n
          No. The plugin works out of the box with no dependencies. Letters are rendered as printer-friendly HTML pages which users can save as PDF using Ctrl+P \u2192 Save as PDF.<\/p><\/dd>\n
          Are generated letters affected by settings changes?<\/h3><\/dt>\n
          Yes. Letters are rendered live on every view, so any change to typography, colors, signature, footer message, or other settings is immediately reflected on all existing letters without needing to regenerate them.<\/p><\/dd>\n
          Is the verification system secure?<\/h3><\/dt>\n
          Verification IDs are 16-character uppercase hex strings generated using PHP's random_bytes()<\/code> (cryptographically secure). All inputs are sanitized and validated. All admin actions are protected by WordPress nonces. Database queries use $wpdb->prepare()<\/code>.<\/p><\/dd>\n
          Can I search employees by CNIC on the public page?<\/h3><\/dt>\n
          Yes. Go to Settings \u2192 General \u2192 Employee Search Fields and enable the CNIC option (along with Employee ID and\/or Full Name).<\/p><\/dd>\n
          What happens to data when I deactivate the plugin?<\/h3><\/dt>\n
          Deactivating the plugin removes the plugin's database version marker but leaves all employee and document data intact. Data is only removed if you uninstall the plugin.<\/p><\/dd>\n
          Can I bulk-import employees?<\/h3><\/dt>\n
          Yes. Go to Employee Verify \u2192 Employees<\/strong> and use the CSV Import section. A downloadable template is provided.<\/p><\/dd>\n\n<\/dl>\n\n\n
          1.3.2<\/h4>\n\n
            \n
          • Security: Complete nonce & permissions audit \u2014 all AJAX handlers verified to use both check_ajax_referer() and current_user_can(); nonce never used alone for authorization.<\/li>\n
          • Security: Full output escaping audit \u2014 all echo statements use esc_html(), esc_attr(), esc_url(), wp_kses(), or wp_kses_post() at point of output; no raw variables echoed.<\/li>\n
          • Security: DB error messages no longer exposed to browser in AJAX responses.<\/li>\n
          • Fixed: QR code not displaying on document verification page \u2014 wp_kses() was stripping data: URI from img src; fixed with direct echo + esc_attr().<\/li>\n
          • Fixed: QR API timeout reduced from 5s to 3s for faster offline fallback on localhost.<\/li>\n
          • Fixed: Added guaranteed base64 fallback so QR code area never renders as broken image.<\/li>\n<\/ul>\n\n
            1.3.1<\/h4>\n\n
              \n
            • Fixed: wp_enqueue compliance \u2014 removed all inline \/ tags; CSS\/JS for standalone letter page served via WordPress AJAX endpoints; all color picker event handlers moved to admin.js using data attributes.<\/li>\n
            • Fixed: Nonces & permissions \u2014 added current_user_can() + wp_verify_nonce() to page_employees(); public nopriv endpoints use HMAC token (wp_hash) with inline phpcs:ignore and full explanation.<\/li>\n
            • Fixed: Escaping \u2014 all echo statements now use esc_html(), esc_attr(), esc_url(), wp_kses(), or phpcs:ignore with justification; replaced direct echo of build_letter() with dedicated output_letter() method.<\/li>\n
            • Fixed: Unsafe SQL \u2014 all table name variables wrapped with esc_sql(validate_table()); dbDelta() used for schema management; all queries use inline phpcs:ignore; fixed evda_patch_old_letters(), class-ev-import.php, and uninstall.php.<\/li>\n
            • Fixed: QR code not showing on letters \u2014 corrected domain validation in evda_serve_qr_image() to check against site home_url() instead of QR API domains.<\/li>\n
            • Fixed: Removed empty unused folders (templates\/, public\/, libs\/).<\/li>\n
            • Fixed: All global variables in uninstall.php prefixed with evda_.<\/li>\n<\/ul>\n\n
              1.3.0<\/h4>\n\n
                \n
              • wp_enqueue compliance<\/strong>: Removed all inline <script><\/code> and <style><\/code> tags. CSS served via evda_letter_css<\/code> AJAX endpoint (Content-Type: text\/css). JS served via evda_letter_js<\/code> AJAX endpoint. Print button onclick moved to enqueued JS. All color picker oninput\/onchange handlers moved to admin.js using data attributes.<\/li>\n
              • Nonces & permissions<\/strong>: Added current_user_can()<\/code> + wp_verify_nonce()<\/code> to page_employees()<\/code>. Public endpoints (QR image, letter CSS\/JS) use HMAC token (wp_hash<\/code>) with detailed code comments explaining why session nonces cannot be used for public\/nopriv endpoints.<\/li>\n
              • Escaping<\/strong>: Replaced echo build_letter()<\/code> with dedicated EVDA_PDF::output_letter()<\/code> method that sets Content-Type headers and outputs pre-escaped HTML. All dynamic values inside build_letter()<\/code> are escaped via esc_html()<\/code>, esc_attr()<\/code>, esc_url()<\/code> at point of construction.<\/li>\n
              • Unsafe SQL<\/strong>: Replaced raw $wpdb->query(\"CREATE TABLE...\")<\/code> and ALTER TABLE<\/code> loops with dbDelta()<\/code> \u2014 the WordPress-standard method for schema management. Added EVDA_Database::validate_table()<\/code> whitelist validator applied to all table name variables before SQL interpolation across all query files.<\/li>\n
              • Prefixing<\/strong>: All ev_<\/code>\/EV_<\/code> identifiers renamed to evda_<\/code>\/EVDA_<\/code> (classes, functions, defines, AJAX actions, options, nonces, shortcodes, form fields).<\/li>\n
              • Inline CSS removed<\/strong>: All style=\"\"<\/code> attributes moved to CSS classes in admin.css<\/code> and public.css<\/code>. Added evda-<\/code> prefixed utility classes throughout.<\/li>\n
              • Added saqibabbasi<\/code> to Contributors in readme.txt.<\/li>\n<\/ul>\n\n
                1.2.7<\/h4>\n\n
                  \n
                • Added saqibabbasi<\/code> to Contributors list in readme.txt.<\/li>\n
                • Replaced inline <style><\/code> block in letter renderer with a PHP variable to satisfy wp_enqueue requirements.<\/li>\n
                • Added server-side hash token validation to the QR image AJAX endpoint to prevent open proxy abuse.<\/li>\n
                • Wrapped paginate_links()<\/code> output with wp_kses_post()<\/code> for proper escaping.<\/li>\n
                • Added detailed code comments on build_letter()<\/code> echo explaining why wp_kses_post() cannot be used.<\/li>\n
                • Renamed all classes, functions, defines, AJAX actions, option names, nonces, shortcodes, and form fields from ev_<\/code>\/EV_<\/code> to evda_<\/code>\/EVDA_<\/code> prefix (4+ character unique prefix as required by WordPress.org).<\/li>\n
                • Fixed unsafe SQL in database upgrade path: applied esc_sql()<\/code> to table names, sanitize_key()<\/code> + esc_sql()<\/code> to column names, and $wpdb->prepare()<\/code> to SHOW COLUMNS queries.<\/li>\n<\/ul>\n\n
                  1.2.6<\/h4>\n\n
                    \n
                  • Fixed last Plugin Check warning: added phpcs:ignore on is_uploaded_file() line in class-ev-import.php to suppress InputNotSanitized on $_FILES tmp_name validation check.<\/li>\n<\/ul>\n\n
                    1.2.5<\/h4>\n\n
                      \n
                    • Fixed all remaining Plugin Check warnings: wp_unslash() on email color fields, phpcs:disable\/enable blocks on multi-line DB queries, phpcs:ignore on insert\/update\/delete calls, and input sanitization suppressions for array_map patterns.<\/li>\n<\/ul>\n\n
                      1.2.4<\/h4>\n\n
                        \n
                      • Fixed admin Settings page tabs not working after JS refactor \u2014 rewrote admin.js as a single clean IIFE so all code including tab navigation runs correctly.<\/li>\n<\/ul>\n\n
                        1.2.3<\/h4>\n\n
                          \n
                        • Added proper ev_<\/code> prefix to shortcodes ([evda_employee_verification]<\/code>, [evda_document_verification]<\/code>).<\/li>\n
                        • Moved all inline <script><\/code> and <style><\/code> blocks to enqueued admin.js<\/code> and admin.css<\/code> files.<\/li>\n
                        • Removed external CDN dependency (qrcodejs); QR codes now generated server-side only.<\/li>\n
                        • Added External Services documentation in readme.txt for QR API usage disclosure.<\/li>\n<\/ul>\n\n
                          1.2.2<\/h4>\n\n
                            \n
                          • Fixed all Plugin Check warnings: added missing wp_unslash(), esc_html\/attr\/url output escaping, isset() validation for $_POST\/$_FILES, and phpcs:ignore suppressions for accepted custom-table DB patterns.<\/li>\n<\/ul>\n\n
                            1.1.7<\/h4>\n\n
                              \n
                            • Centered footer text on letters<\/li>\n
                            • Updated plugin header to WordPress repository standards<\/li>\n
                            • Author updated to SKFreelancers<\/li>\n<\/ul>\n\n
                              1.1.6<\/h4>\n\n
                                \n
                              • Tasks\/responsibilities now display in a 3-column grid layout on letters<\/li>\n<\/ul>\n\n
                                1.1.5<\/h4>\n\n
                                  \n
                                • Fixed live letter URL containing dynamic: prefix causing Document not found error<\/li>\n<\/ul>\n\n
                                  1.1.4<\/h4>\n\n
                                    \n
                                  • Major: Letters now render live on every view \u2014 settings changes apply instantly to all existing letters<\/li>\n
                                  • No more static HTML files stored on disk<\/li>\n
                                  • Added one-click migration tool for existing static letters<\/li>\n<\/ul>\n\n
                                    1.1.3<\/h4>\n\n
                                      \n
                                    • Fixed document delete not removing the file from disk<\/li>\n
                                    • Fixed patch counter reporting wrong number<\/li>\n<\/ul>\n\n
                                      1.1.2<\/h4>\n\n
                                        \n
                                      • Footer now always pinned to the bottom of the A4 page using flexbox<\/li>\n
                                      • Added custom footer message field (office address, phone, website)<\/li>\n<\/ul>\n\n
                                        1.1.1<\/h4>\n\n
                                          \n
                                        • Fixed fatal error on plugin deactivation (missing EVDA_Database::deactivate method)<\/li>\n<\/ul>\n\n
                                          1.1.0<\/h4>\n\n
                                            \n
                                          • Fixed WordPress admin footer appearing inside settings panel (extra closing div)<\/li>\n
                                          • Letters now fixed at A4 size (794px \u00d7 1123px screen, 210mm \u00d7 297mm print)<\/li>\n<\/ul>\n\n
                                            1.0.9<\/h4>\n\n
                                              \n
                                            • Added signature block setting: enable\/disable, name, title, and uploaded image<\/li>\n
                                            • Added one-click tool to remove old Authorized Signatory block from existing letters<\/li>\n<\/ul>\n\n
                                              1.0.8<\/h4>\n\n
                                                \n
                                              • Added configurable employee search fields (Employee ID, Full Name, CNIC)<\/li>\n
                                              • [evda_employee_verification] shortcode dynamically adapts to enabled search fields<\/li>\n<\/ul>\n\n
                                                1.0.7<\/h4>\n\n
                                                  \n
                                                • Added Father Name, CNIC, Tasks Completed, and Leaving Date fields<\/li>\n
                                                • Added custom fields system with per-employee values and show-in-letter toggle<\/li>\n
                                                • Editable letter templates with full placeholder support<\/li>\n
                                                • Letter preview in settings<\/li>\n
                                                • Styling settings: colors, typography, layout, QR toggle<\/li>\n
                                                • Settings page redesigned with tabbed layout<\/li>\n<\/ul>","raw_excerpt":"Manage employees, issue QR-verified internship and experience letters, and let visitors verify staff and documents using simple shortcodes.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/290028","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=290028"}],"author":[{"embeddable":true,"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/saqibabbasi"}],"wp:attachment":[{"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=290028"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=290028"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=290028"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=290028"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=290028"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=290028"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}