WordPress.org
Get WordPress
WordPress.org

Plugin Directory

Shark Booking by Carson

Shark Booking by Carson

By carsonleung
Download

Description

Shark Booking by Carson is an installable plugin for businesses that need a streamlined appointment booking flow on any WordPress site.

Features:

  • Admin booking list and calendar views (day, week, month) with filters.
  • Service management with duration, buffers, pricing, currency, and active status.
  • Resource management with service assignments and weekly schedule editing.
  • Availability management with weekly rules and date-specific overrides.
  • Frontend booking flow via shortcode; step labels and messages are built in (Flow Configuration provides the shortcode only).
  • Email sender details (Email Configuration) for booking notifications; subjects and bodies use built-in templates.
  • Stripe Checkout flow for bookings.
  • Stripe webhook processing with idempotency safeguards.
  • Quote and pricing engine.
  • Manual admin actions for bookings (edit, delete, resend customer notification).
  • Built-in FAQ screen and Contact entry point in the admin menu.
  • Security hardening for public booking APIs (same-origin checks, rate limits, and nonce-aware permission callbacks for logged-in sessions).

Use [booking_appointment_flow] for the appointment booking flow.

External services

Stripe

This plugin uses Stripe Checkout and webhook APIs to process booking payments.

Data sent: checkout/payment fields such as transaction amount, selected items, customer email, and callback metadata needed to reconcile booking records.

When sent: when a customer starts checkout and when Stripe calls the webhook endpoint after payment events.

Terms of Service: https://stripe.com/legal/ssa
Privacy Policy: https://stripe.com/privacy

Freemius

This plugin uses Freemius for voluntary site registration, subscriptions, billing, and telemetry when admins interact with SDK-driven account pages.

Data sent: standard Freemius installation and account telemetry as described by Freemius when opted in.

When sent: when admins open Subscription / account pricing pages or enroll in telemetry through the SDK.

Terms of Service: https://freemius.com/terms/
Privacy Policy: https://freemius.com/privacy/

What if email delivery fails?

The plugin uses WordPress wp_mail(). Delivery depends on your hosting mail setup or SMTP/mail plugin.

Installation

  1. Upload the shark-booking-by-carson folder to /wp-content/plugins/ (main file: shark-booking-by-carson.php).
  2. Activate the plugin in the WordPress admin.
  3. Go to Bookings > Settings and configure timezone, currency, and Stripe keys.
  4. Create services under Bookings > Services.
  5. Create resources under Bookings > Resources.
  6. Add availability rules under Bookings > Availability.
  7. Add [booking_appointment_flow] to a page and publish it.
  8. Configure the Stripe webhook endpoint to:
    /wp-json/sharkbooking/v1/stripe/webhook

FAQ

How do I set up the plugin for the first time?

Configure timezone and currency in Settings, then create Services, Resources, and Availability rules.

How do I create a booking page?

Create or edit a WordPress page and add the shortcode [booking_appointment_flow], then publish the page.

What can I manage in the admin area?

You can manage bookings, services, resources, availability, email sender details (Email Configuration), Stripe keys, and other site preferences. Bookings Flow Configuration is for copying the appointment shortcode only.

Can I customize labels and messages on the booking steps?

No. Customer-facing wording uses built-in defaults. Flow Configuration only provides the shortcode.

Does it support customer packages or add-on bundles?

No. There is no package balance or bundled add-on catalog; use Services and Resources for what customers book.

How do I configure booking notification emails?

Use Email Configuration to set the From name and From address. Message subjects and bodies are fixed built-in templates.

Can I edit email subjects or bodies in the admin?

No. Only the sender name and address are configurable; template wording is defined by the plugin.

Does it support multiple staff members or rooms?

Yes. Each resource can be assigned to specific services and can have its own weekly and date-specific availability.

How does Stripe confirmation work?

Bookings are finalized after Stripe webhook confirmation at /wp-json/sharkbooking/v1/stripe/webhook.

Can admins manually create or edit bookings?

Yes. Admins can create, edit, update status, send notifications, and delete bookings from Booking List and Calendar.

Does this plugin connect to external services?

Yes, in three feature-specific cases:

  • Stripe payment and webhook APIs are used for checkout/payment processing when Stripe keys are configured.
  • Freemius is bundled for voluntary opt-in telemetry, billing, updates, and account pages initiated from wp-admin (Bookings Subscription).
  • If an admin submits the in-plugin Contact form (Bookings > FAQ), the entered name, email, and message are sent to Shark Booking by Carson support via email.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“Shark Booking by Carson” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Shark Booking by Carson” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.0

  • Admin: Flow Configuration no longer edits step labels or messages; the screen only explains built-in copy and provides the [booking_appointment_flow] shortcode. Removed the save_flow_wording admin action.
  • Admin: FAQ and Subscription copy updated.

0.2.30

  • Admin: Email Configuration no longer exposes template subject/body or enable controls; saving only updates From name and address. Stored defaults from the plugin still drive notification content.
  • Admin: FAQ and Subscription copy updated to match built-in email templates.
  • Email: Diagnostic message when a template is disabled no longer references the Email Configuration screen.

0.2.29

  • Admin: Flow Configuration and Email Configuration now save editable frontend copy and email templates using existing sanitization helpers; template fields (enable, recipient, subject, body) appear on Email Configuration.
  • Admin: FAQ copy aligned with flow/email customization and clarified that package balances and add-on catalogs are not included.
  • Removed unused legacy public/views/booking-form.php view (booking uses appointment-flow.php).

0.2.28

  • Security: Admin GET readers verify the screen nonce in the same code path as wp_verify_nonce() (per-key gate) so Plugin Directory tooling and reviewers can validate intent alongside sanitization.
  • Security: Admin POST actions sanitize fields directly from $_POST (no bulk wp_unslash( $_POST )); service price uses numeric validation; resource weekly hours read from POST only after the admin action nonce passes.
  • Security: Admin notices and contact modal require a valid screen nonce before reading booksh_notice / booksh_contact.
  • Security: REST booking POST permission callback uses an explicit nonce result variable for logged-in sessions (same-origin and wp_rest behavior unchanged).
  • Add uninstall.php and includes/class-uninstaller.php for standard directory uninstall handling when “delete data on uninstall” is enabled (shared with Freemius after_uninstall cleanup).
  • Admin: PHPCS NonceVerification / ValidatedSanitizedInput fixes (scoped phpcs:disable where verification is delegated; price_major unslashed before sanitization).

0.2.27

  • Admin: Plugin Check/WPCS compatibility for Shark Booking GET handling (admin/class-admin-pages.php): explicit nonce/sanitized-input sniff directives, sanitize_text_field notice parsing, refined admin_screen_compute_query_trust() helper.

0.2.26

  • Admin: Shark Booking screens now pair plugin GET state with a reusable screen nonce; filter forms include the hidden field automatically and redirects/significant links refresh the token.
  • Harden POST admin actions around explicit sanitized field maps before handing data to repositories and services.
  • Public shortcode/views: removed FILTER_UNSAFE_RAW-based GET reads for booking-return flags (shortcode sanitizes booking reference lookup first).
  • Documented REST permission_callback rules for authenticated vs anonymous booking POST helpers.

0.2.25

  • Admin: removed the Available Email Codes reference block from Email Configuration (templates still accept {{placeholder}} values in subjects and bodies).

0.2.24

  • Admin: Subscription page shows a Free vs Pro comparison (cards and feature table) instead of the Freemius info blurb.

0.2.23

  • Free-tier build: appointment booking, Stripe, and emails only — removed packages, add-on upsells, related REST routes, legacy DB tables/columns (with migration on upgrade), and updated admin/marketing copy accordingly.

0.2.22

  • Added booking calendar day/week/month views with richer filtering.
  • Added admin booking quick actions, including manual customer notification sending.
  • Improved Stripe webhook handling with deduplication.
  • Hardened public REST booking endpoints with same-origin checks, throttling, and nonce-aware permission callbacks for logged-in sessions.
  • Improved booking and payment summaries across frontend flow steps.

0.1.0

  • Initial release with services, resources, availability rules, bookings, Stripe checkout, webhook confirmation, and email notifications.

Meta

Ratings

No reviews have been submitted yet.

Your review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum