=== COD Control ===
Contributors: changlee
Tags: woocommerce, cod, payment, checkout, customers
Requires at least: 6.0
Tested up to: 6.8
Requires PHP: 7.4
Stable tag: 1.0.4
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Control WooCommerce Cash on Delivery availability per customer.

== Description ==
- Admin menu: **COD Customers** with columns Name, Email, City, Received COD (Yes/No).
- If **Received COD = No**, the **cod** gateway is removed at checkout for that customer.
- Applies when users are logged in OR when they simply enter their email address on the checkout form.
- Lightweight, no database tables required (uses user meta).

== Installation ==
1. Upload the ZIP via **Plugins → Add New → Upload Plugin**.
2. Activate **COD Control**.
3. Go to **COD Control** in the admin menu to manage flags.

== Frequently Asked Questions ==
= Does this work for guests? =
If the guest uses an email that belongs to an existing WordPress user (customer/subscriber) that has **Received COD = No**, COD will be disabled.

== Changelog ==
= 1.0.0 =
* First release.

= 1.0.1 =
* wordpress.org changes recommended.
* Fixed `readme.txt` Contributors line to use WordPress.org username `changlee`.
* Moved inline `<style>` and `<script>` from PHP into `assets/css/codco-style.css` and `assets/js/codco-script.js`.
* Added proper asset loading via `wp_enqueue_scripts` with `wp_register_style/script`, and `wp_localize_script` for `ajaxurl` + `nonce`.
* Prefixed actions and methods (`codco_*`) and renamed class to `CODCO_Control` to avoid collisions.
* Added nonce checks with `check_ajax_referer( 'codco_email_nonce', 'security' )` in AJAX handler.
* Hardened `wp_verify_nonce()` inputs with `sanitize_text_field( wp_unslash( ... ) )`.
* Escaped output late using `esc_url`, `esc_js` for dynamic values.
* Added placeholder `ajax-loader.gif` if missing.

= 1.0.2 =
* wordpress.org changes recommended.
* Fixed security issues with nonces and sanitization
* Added proper permission checks (`current_user_can`)
* Replaced inline CSS/JS with proper `wp_enqueue_*` methods
* Updated version numbers for release

= 1.0.3 =
* wordpress.org changes recommended.
* Fixed security issues with nonces and sanitization
* Added proper permission checks (`current_user_can`)

= 1.0.4 =
* wordpress.org changes recommended.
* plugin prefix gets Updated