=== WP Subdomain Login ===
Contributors: douglaslamar
Tags: login, subdomain, authentication, multisite, cross-domain
Requires at least: 5.0
Tested up to: 6.4
Stable tag: 1.0.0
Requires PHP: 7.2
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Create a login form on your main site that authenticates users and redirects them to a specific page on a subdomain.

== Description ==

WP Subdomain Login allows you to create a login form on your main WordPress site that authenticates users and automatically redirects them to a specific page on a subdomain. This plugin is perfect for:

* Main marketing site with a separate app subdomain
* Multi-site installations with separate databases
* Any scenario where you need cross-domain authentication

**Key Features:**

* Works with separate databases (users just need matching usernames/passwords)
* Secure token-based authentication with HMAC-SHA256
* Time-limited tokens (5-minute expiry for security)
* Easy integration via shortcode or PHP function
* Customizable redirect pages
* Professional, responsive design
* CSRF protection with nonce verification
* Comprehensive error handling

**Security Features:**

* Token-based authentication
* HMAC-SHA256 signed tokens
* Time-limited tokens (expire after 5 minutes)
* Nonce verification for CSRF protection
* No passwords in URLs
* Username-based tokens (works with separate databases)

== Installation ==

1. Upload the plugin files to `/wp-content/plugins/wp-subdomain-login/` directory, or install through WordPress plugins screen
2. Activate the plugin through the 'Plugins' screen in WordPress
3. **Important:** Install and activate the plugin on BOTH your main site and subdomain
4. Go to Settings → Subdomain Login to view setup instructions
5. Add the secret key to wp-config.php on BOTH sites (see settings page for your key)
6. Ensure users exist on both sites with matching usernames and passwords

== Frequently Asked Questions ==

= Do both sites need to use the same database? =

No! This plugin is specifically designed to work with separate databases. Users just need to have accounts on both sites with the same username and password.

= What if user IDs are different on each site? =

That's perfectly fine! The plugin uses usernames (not user IDs) in the authentication tokens, so it works even when user IDs don't match between sites.

= How do I set up the secret key? =

1. Go to Settings → Subdomain Login in your WordPress admin
2. Copy the secret key shown on that page
3. Add this line to wp-config.php on BOTH sites:
   `define('SUBDOMAIN_AUTH_SECRET', 'your-secret-key-here');`
4. Make sure to use the SAME key on both sites

= How do I display the login form? =

**Using Shortcode (easiest):**
`[wp_subdomain_login subdomain="https://subdomain.example.com" redirect="/dashboard"]`

**Using PHP in template:**
`<?php
wp_subdomain_login_display_form( 
    'https://subdomain.example.com',
    '/dashboard'
);
?>`

= What happens if a user changes their password? =

If a user changes their password on one site, they'll need to change it on the other site as well. The plugin authenticates against each site's own database.

= Is this secure? =

Yes! The plugin uses:
* HMAC-SHA256 signed tokens
* Time-limited tokens (5-minute expiry)
* CSRF protection with nonce verification
* No passwords transmitted in URLs
* Secure token validation

Always use HTTPS on both sites for maximum security.

= Can I customize the form appearance? =

Yes! You can:
1. Override the CSS in your theme
2. Use the `wp_subdomain_login_form` filter to modify the HTML
3. Edit the plugin's CSS file (not recommended - changes will be lost on update)

== Screenshots ==

1. Login form on the main site
2. Settings page with setup instructions
3. Successful redirect to subdomain

== Changelog ==

= 1.0.0 =
* Initial release
* Username-based token authentication
* Support for separate databases
* Shortcode and PHP function support
* Responsive design
* Comprehensive error handling
* Security features (HMAC-SHA256, nonce verification, token expiry)

== Upgrade Notice ==

= 1.0.0 =
Initial release of WP Subdomain Login.

== Usage ==

**Basic Shortcode:**
`[wp_subdomain_login subdomain="https://app.example.com" redirect="/dashboard"]`

**Advanced PHP Usage:**
`<?php
wp_subdomain_login_display_form( 
    'https://app.example.com',
    '/welcome',
    array(
        'label_username' => 'Your Email',
        'label_password' => 'Your Password',
        'label_log_in'   => 'Sign In',
    )
);
?>`

== Setup Checklist ==

1. ✓ Install plugin on BOTH main site and subdomain
2. ✓ Set SUBDOMAIN_AUTH_SECRET in wp-config.php on BOTH sites (same key)
3. ✓ Create matching user accounts on both sites
4. ✓ Use HTTPS on both sites
5. ✓ Add shortcode or PHP function to display form
6. ✓ Test the login flow

== Support ==

For support, documentation, and updates, visit:
https://lamarsoft.com/wp-subdomain-login

== Author ==

Douglas LaMar - LaMarSOFT.com
https://lamarsoft.com
