# Formipay — Implementation Task List **Last Updated:** April 17, 2026 — Phase 1 Complete **Reference:** PRD.md, FINDINGS.md, RECOMMENDATION.md --- ## Phase 1 — Critical Fixes & Stabilization ### Week 1: Critical Bug Fixes ✅ COMPLETE - [x] **F1.1** Fix `Customer::update()` fatal error — define `$table_name` and fix `$new_args` reference - `includes/Customer.php` ~line 172 - [x] **F1.2** Fix `Order::delete()` — change `$id` to `$order_id` in `$wpdb->delete()` where clause - `includes/Order.php` - [x] **F1.3** Fix `Order::formipay_bulk_delete_order()` — use loop variable `$id` instead of outer `$order_id` - `includes/Order.php` - [x] **F1.4** Fix `Email::send_email()` — change `\Formipay_Notification::` to `parent::` - `includes/Notification/Email.php` - [x] **F1.5** Fix `Paypal::auto_cancel_order_on_timeout()` — add `use Formipay\Order as Order` import - `includes/Integration/Paypal.php` - [x] **F1.6** Fix `Paypal::paypal_settings` — declare property or load from config - `includes/Integration/Paypal.php` - [x] **F1.7** Fix `BankTransfer::add_unique_code_details()` — call `check_unique_code()` once, reuse result - `includes/Payment/BankTransfer.php` - [x] **F1.8** Fix color field label "Number" → "Color" - `admin/functions.php` `formipay_field_type_collection()` - [x] **F1.9** Add `check_ajax_referer` nonce check to `Customer::formipay_tabledata_customers()` - `includes/Customer.php` ### Week 2: Performance & Security ✅ COMPLETE - [x] **F1.10** Replace `maybe_serialize()` in cookie handling with `json_encode()`/`json_decode()` - `includes/Order.php` `retrieve_form_data()` - `includes/Thankyou.php` `get_cookie()`, `request_access_link()` - [x] **F1.11** Move `flush_rewrite_rules()` from `init` to activation hook - `includes/Thankyou.php` `set_endpoint()` - `includes/Payment/Payment.php` `set_endpoint()` - `formipay.php` (add register_activation_hook) - [x] **F1.12** Add PayPal webhook signature verification - `includes/Integration/Paypal.php` `webhook_endpoint()` - [x] **F1.13** Cache JSON file reads in static variables - `admin/functions.php` `formipay_currency_array()` - `admin/functions.php` `formipay_country_array()` - `admin/functions.php` `formipay_get_flag_by_currency()` - [x] **F1.14** Add server-side pagination to `Customer::formipay_tabledata_customers()` - `includes/Customer.php` - [x] **F1.15** Optimize `Order::formipay_tabledata_orders()` — replace two queries with `COUNT(*) GROUP BY status` - `includes/Order.php` - [x] **F1.16** Delete backup file `includes/Integration/Paypal.phpbak` - [x] **F1.17** Create `uninstall.php` — clean up options, custom tables, scheduled events - `uninstall.php` (new file) - [x] **F1.18** Add capability checks (`current_user_can('manage_options')`) to admin-ajax handlers - [x] **F1.19** Fix timezone hardcode — replace `'Asia/Jakarta'` with `wp_timezone_string()` - `includes/Render.php` --- ## Phase 2 — React Admin Foundation > ⚠️ **IMPORTANT:** Read `MIGRATION_STRATEGY.md` before starting Phase 2 > - Explains Vue → React coexistence strategy > - Documents custom Vue app in `admin-product-editor.js` that needs recreation > - Provides data compatibility requirements and testing strategy > **See `MIGRATION_STRATEGY.md`** for detailed Vue → React migration approach ### Week 3: Build Pipeline - [ ] **F2.1** Initialize `package.json` with `@wordpress/scripts` - [ ] **F2.2** Create `webpack.config.js` extending wp-scripts - [ ] **F2.3** Set up `src/admin/` directory structure - [ ] **F2.4** Create API client (`src/admin/api/client.js`) with nonce handling - [ ] **F2.5** Create admin page shell component (sidebar + routing) - [ ] **F2.6** Register admin menu pages in PHP that render React mount points ### Week 4: Form Builder - [ ] **F2.7** Build field palette component (drag-and-drop source) - [ ] **F2.8** Build form canvas component (drop target) - [ ] **F2.9** Build field settings panel - [ ] **F2.10** Build live preview renderer - [ ] **F2.11** Connect to existing PHP save/load endpoints - [ ] **F2.12** Replace Vue/Classic Editor metabox with React form builder ### Week 5: Order Management & Dashboard - [ ] **F2.13** Build order list page with filters (status, date, search) - [ ] **F2.14** Build order detail view (replace Handlebars templates) - [ ] **F2.15** Build status change workflow with timeline - [ ] **F2.16** Build analytics dashboard (order count, revenue, charts) - [ ] **F2.17** Build notification log viewer ### Week 6: Settings & Editors - [ ] **F2.18** Build global settings page (replace WPCFTO) - [ ] **F2.19** Build product editor page (includes variation pricing table) - **See `MIGRATION_STRATEGY.md`** — custom Vue app in `admin-product-editor.js` must be recreated in React - Features: multi-currency flat/expanded pricing, attribute repeater sync, validation - [ ] **F2.20** Build coupon editor page - [ ] **F2.21** Build access items manager - [ ] **F2.22** Build license management page - [ ] **F2.23** Remove/deprecate Vue admin code - After all React admin pages are working, remove `admin/assets/vue/` if exists - Remove WPCFTO framework dependency after F2.18 - Remove Vue.js from enqueued scripts after F2.19 complete --- ## Phase 3 — Frontend Enhancements ### Week 7-8: React Island Architecture - [ ] **F3.1** Add "Render Mode" setting to form admin (SSR / React) - [ ] **F3.2** Update `Render.php` — output `
` mount point when React mode selected - [ ] **F3.3** Build React form renderer component (`src/frontend/widgets/FormRenderer.jsx`) - [ ] **F3.4** Implement island hydration — React attaches to SSR HTML - [ ] **F3.5** Build multi-step form navigation component - [ ] **F3.6** Add real-time field validation in React mode ### Week 9: Gutenberg Block - [ ] **F3.7** Create `block.json` for `formipay/form` - [ ] **F3.8** Build `edit.jsx` — form selector + live preview in editor - [ ] **F3.9** Build `render.php` — server-side rendering for frontend - [ ] **F3.10** Register block in PHP - [ ] **F3.11** Test block in Gutenberg editor ### Week 10: Customer Portal - [ ] **F3.12** Build customer order history page (React) - [ ] **F3.13** Build order detail / download access page (React) - [ ] **F3.14** Build access link request form (React) - [ ] **F3.15** Integrate with WordPress user accounts - [ ] **F3.16** Register `[formipay_my_orders]` shortcode --- ## Phase 4 — Missing Features ### Week 11-12: Payment & Commerce - [ ] **F4.1** Implement `ExchangeRateAPI` — fetch rates, cache, convert - `includes/Payment/ExchangeRateAPI.php` - [ ] **F4.2** Implement License API endpoints (verify, activate, deactivate, revoke) - `includes/LicenseAPI.php` - [ ] **F4.3** Add Stripe payment gateway - `includes/Integration/Stripe.php` (new) - [ ] **F4.4** Add tax calculation engine - `includes/Tax.php` (new) - [ ] **F4.5** Add product variations on frontend (render dropdown, process selection) - `includes/Render.php`, `includes/Order.php` ### Week 13-14: Stock & Shipping - [ ] **F4.6** Implement stock management — decrement on order, validate before submit - `includes/Product.php` (new or extend) - [ ] **F4.7** Add "out of stock" frontend messaging - `includes/Render.php` - [ ] **F4.8** Add refund workflow (status change + payment reversal) - `includes/Order.php`, gateway integrations ### Week 15-16: Advanced Features - [ ] **F4.9** Build donation form mode (pay-what-you-want, suggested amounts) - `includes/Render.php` - [ ] **F4.10** Add PDF invoice generation - `includes/Invoice.php` (new) - [ ] **F4.11** Add CSV export for orders, customers, products - Admin pages - [ ] **F4.12** Add outgoing webhook system - `includes/Webhook.php` (new) - [ ] **F4.13** Add rate limiting on public endpoints - `includes/Order.php`, `includes/Coupon.php` - [ ] **F4.14** Wrap all hardcoded English strings in `__()` translation functions - All PHP + JS files - [ ] **F4.15** Generate `.pot` file for translators - [ ] **F4.16** Add form analytics (view tracking, conversion rate) - `includes/Analytics.php` (new) --- ## Definition of Done (per task) - [x] Code compiles without errors - [x] No PHP warnings/notices in debug mode - [x] Manual test passes for the specific fix/feature - [x] No regression in existing functionality - [x] Security-sensitive changes reviewed --- *End of task list.*