Settings<\/strong> link on the WordPress plugins overview screen.<\/p>\n\nOAuth Credentials<\/strong><\/p>\n\n\n- Client ID<\/strong> \u2014 Your DocCheck OAuth Client ID.<\/li>\n
- Client Secret<\/strong> \u2014 Your DocCheck OAuth Client Secret.<\/li>\n
- Redirect URI<\/strong> \u2014 Auto-generated based on your site URL. Copy this value into your DocCheck application settings.<\/li>\n<\/ul>\n\n
Redirection & Debug<\/strong><\/p>\n\n\n- Default Target Page<\/strong> \u2014 The page users land on after a successful login.<\/li>\n
- Debug Mode<\/strong> \u2014 Logs detailed API and authentication information. Disable on production sites.<\/li>\n<\/ul>\n\n
Content Protection<\/strong><\/p>\n\n\n- Make all Pages Private<\/strong> \u2014 Requires DocCheck login for every page on the site.<\/li>\n
- Auto-assign Parent Configurations<\/strong> \u2014 Child pages automatically inherit their parent page's protection status.<\/li>\n
- Login Button Version<\/strong> \u2014 Pin a specific component version (e.g.
3.2.7<\/code>) or use @latest<\/code> to always load the most recent version.<\/li>\n<\/ul>\n\nUser Management<\/h4>\n\n
Authentication Modes<\/strong><\/p>\n\n\n- Anonymous Session<\/strong> \u2014 Users are authenticated via DocCheck but no WordPress user account is created. Data is held only for the duration of the PHP session and is not stored permanently.<\/li>\n
- WordPress User<\/strong> \u2014 A WordPress user account is created or linked on the visitor's first DocCheck login. Allows persistent storage of user properties and role-based access control.<\/li>\n<\/ul>\n\n
Role & Metadata<\/strong><\/p>\n\n\n- Default User Role<\/strong> \u2014 The WordPress role assigned to newly created DocCheck users. Only low-privilege roles (those without
manage_options<\/code> or edit_others_posts<\/code> capabilities) are available for selection. Administrator and Editor roles cannot be assigned to DocCheck users.<\/li>\n- Automatic User Creation<\/strong> \u2014 Disabled by default. In WordPress User mode, local user creation for first-time DocCheck logins must be explicitly enabled by an administrator.<\/li>\n
- Scope & Property Selection<\/strong> \u2014 Choose which DocCheck scopes to request and which user properties to store as WordPress user metadata.<\/li>\n<\/ul>\n\n
Developer Hooks<\/h4>\n\n
Actions<\/strong><\/p>\n\n\ndocacc_user_created<\/code> \u2014 Fires after a new WordPress user is created via DocCheck login.\nParameters: $user_id<\/code> (int), $user_data<\/code> (array)<\/p><\/li>\ndocacc_user_logged_in<\/code> \u2014 Fires when an existing user logs in via DocCheck.\nParameters: $user_id<\/code> (int), $user_data<\/code> (array)<\/p><\/li>\ndocacc_session_created<\/code> \u2014 Fires when a user is authenticated in anonymous session mode.\nParameters: $user_data<\/code> (array)<\/p><\/li>\n<\/ul>\n\nFilters<\/strong><\/p>\n\n\ndocacc_map_role<\/code> \u2014 Customize role assignment based on DocCheck user data.\nParameters: $current_role<\/code> (string), $user_data<\/code> (array), $user_id<\/code> (int)\nNote: roles with manage_options<\/code> or edit_others_posts<\/code> capabilities are silently rejected for security reasons.<\/p><\/li>\ndocacc_protected_template<\/code> \u2014 Override the template used for protected pages.\nParameters: $template<\/code> (string)<\/p><\/li>\ndocacc_is_authenticated<\/code> \u2014 Override the authentication check result.\nParameters: $authenticated<\/code> (bool)<\/p><\/li>\ndocacc_user_data<\/code> \u2014 Modify the DocCheck user data array before it is used.\nParameters: $user_data<\/code> (array)<\/p><\/li>\n<\/ul>\n\nTemplate Functions<\/h4>\n\n\/\/ Check if the current visitor is authenticated via DocCheck\ndocacc_is_authenticated(); \/\/ returns bool\n\n\/\/ Get the authenticated user's DocCheck profile fields\ndocacc_get_user_data(); \/\/ returns array, empty if not authenticated\n<\/code><\/pre>\n\nExample in a theme template:<\/p>\n\n
<?php if ( docacc_is_authenticated() ) : ?>\n <div class=\"hcp-content\">Visible only to DocCheck users.<\/div>\n<?php else : ?>\n <?php echo do_shortcode( '[docacc_login]' ); ?>\n<?php endif; ?>\n<\/code><\/pre>\n\nCustom Protected Page Template<\/h4>\n\n
Create doccheck-protected.php<\/code> in your active theme directory \u2014 the plugin uses it automatically. Or override via filter:<\/p>\n\nadd_filter( 'docacc_protected_template', function( $template ) {\n return get_stylesheet_directory() . '\/my-protected-template.php';\n} );\n<\/code><\/pre>\n\nUser Metadata Stored<\/h4>\n\n
In WordPress User mode, the following meta fields are stored per user (subject to selected scopes):<\/p>\n\n
\ndocacc_unique_id<\/code> \u2014 DocCheck unique identifier (always stored)<\/li>\ndocacc_profession<\/code> \u2014 Profession name<\/li>\ndocacc_country<\/code> \u2014 Country ISO code<\/li>\ndocacc_language<\/code> \u2014 Interface language<\/li>\nfirst_name<\/code>, last_name<\/code> \u2014 Name fields<\/li>\ndocacc_email<\/code> \u2014 Email address<\/li>\ndocacc_discipline_name<\/code> \u2014 Medical discipline<\/li>\ndocacc_activity_name<\/code> \u2014 Activity type<\/li>\ndocacc_area_code<\/code>, docacc_street<\/code>, docacc_city<\/code>, docacc_state<\/code> \u2014 Address fields<\/li>\ndocacc_last_login<\/code> \u2014 Timestamp of last DocCheck login<\/li>\n<\/ul>\n\n\n\n- Upload the
doccheck-access<\/code> folder to the \/wp-content\/plugins\/<\/code> directory.<\/li>\n- Activate the plugin through the Plugins<\/strong> menu in WordPress.<\/li>\n
- Go to Settings > DocCheck Login<\/strong> and enter your DocCheck OAuth credentials.<\/li>\n
- Copy the displayed Redirect URI<\/strong> into your DocCheck application settings.<\/li>\n
- Add
[docacc_login]<\/code> to any page or post where you want the login button to appear.<\/li>\n<\/ol>\n\n\n\nHow do I get DocCheck OAuth credentials?<\/h3><\/dt>\nContact DocCheck to register your application and obtain a client ID and client secret.<\/p><\/dd>\n
Can I customize the appearance of the login button?<\/h3><\/dt>\nYes. The [docacc_login]<\/code> shortcode accepts a size<\/code> attribute (small<\/code>, medium<\/code>, large<\/code>). You can also apply custom CSS to the dc-login-button<\/code> element.<\/p><\/dd>\nHow does user creation work?<\/h3><\/dt>\nIn WordPress User mode, a new account is created on the visitor's first DocCheck login. The DocCheck unique ID is stored as user meta (docacc_unique_id<\/code>) and used to match subsequent logins to the same account.<\/p><\/dd>\nCan I map DocCheck user types to specific WordPress roles?<\/h3><\/dt>\nYes. Use the docacc_map_role<\/code> filter:<\/p>\n\nadd_filter( 'docacc_map_role', function( $role, $user_data, $user_id ) {\n if ( isset( $user_data['profession'] ) && $user_data['profession'] === 'physician' ) {\n return 'editor';\n }\n return $role;\n}, 10, 3 );\n<\/code><\/pre><\/dd>\nHow do I protect a single page?<\/h3><\/dt>\nEdit the page in the WordPress admin. A DocCheck Protection<\/strong> metabox appears in the sidebar \u2014 check Protect this page<\/strong> and save.<\/p><\/dd>\nCan I protect all pages at once?<\/h3><\/dt>\nYes. Enable Make all Pages Private<\/strong> under Settings > DocCheck Login<\/strong>.<\/p><\/dd>\n\n<\/dl>\n\n\n1.0.6<\/h4>\n\n\n- Added a direct Settings<\/strong> link to the plugin row on the WordPress plugins overview screen for faster access to
options-general.php?page=doccheck-access<\/code>.<\/li>\n<\/ul>\n\n1.0.5<\/h4>\n\n\n- Review fix: Removed WordPress auth salt usage from OAuth state. The state parameter now contains only a nonce, while redirect and tracking data are kept server-side in a one-time transient.<\/li>\n
- Review fix: Recursively sanitize DocCheck anonymous-session data before storing and before exposing it through helper APIs.<\/li>\n
- Review fix: Updated the WordPress.org contributors field to the plugin owner username.<\/li>\n<\/ul>\n\n
1.0.4<\/h4>\n\n\n- Review fix: Sanitized the
wp_list_pages()<\/code> HTML returned by the [docacc_sitemap]<\/code> shortcode before concatenating it into shortcode output.<\/li>\n<\/ul>\n\n1.0.3<\/h4>\n\n\n- Review fix: Renamed plugin-owned global identifiers to the unique
docacc<\/code> prefix, including functions, classes, constants, options, hooks, transients, session keys, user meta keys, role slug, and shortcodes.<\/li>\n- Review fix: Replaced shortcodes with
[docacc_login]<\/code>, [docacc_hide_content]<\/code>, [docacc_logout]<\/code>, and [docacc_sitemap]<\/code>.<\/li>\n- Review fix: Removed plugin-owned
class_exists()<\/code> and function_exists()<\/code> wrappers to avoid silent conflicts with other plugins or themes.<\/li>\n- Review fix: Updated the OAuth callback query var, settings option, admin documentation, developer hooks, and examples to use the
docacc<\/code> prefix consistently.<\/li>\n- Compatibility: Added idempotent settings initialization so the renamed settings option is created safely during updates as well as new activations.<\/li>\n<\/ul>\n\n
1.0.2<\/h4>\n\n\n- Security: Restricted the Default User Role dropdown to low-privilege roles only (excludes roles with
manage_options<\/code> or edit_others_posts<\/code>).<\/li>\n- Security: Added server-side validation in
validate_settings()<\/code> to reject high-privilege roles even if submitted directly.<\/li>\n- Security: The
docacc_map_role<\/code> filter result is now validated before set_role()<\/code> is called, preventing privilege escalation via custom filter callbacks.<\/li>\n- Security: Added explicit opt-in for automatic local user creation (