Title: Employee Verification & Document Authentication
Author: Saqib K.
Published: <strong>March 29, 2026</strong>
Last modified: April 11, 2026

---

Search plugins

![](https://ps.w.org/employee-verification-document-authentication/assets/banner-
772x250.png?rev=3494130)

![](https://ps.w.org/employee-verification-document-authentication/assets/icon-256x256.
png?rev=3494130)

# Employee Verification & Document Authentication

 By [Saqib K.](https://profiles.wordpress.org/saqibabbasi/)

[Download](https://downloads.wordpress.org/plugin/employee-verification-document-authentication.1.3.4.zip)

 * [Details](https://zul.wordpress.org/plugins/employee-verification-document-authentication/#description)
 * [Reviews](https://zul.wordpress.org/plugins/employee-verification-document-authentication/#reviews)
 *  [Installation](https://zul.wordpress.org/plugins/employee-verification-document-authentication/#installation)
 * [Development](https://zul.wordpress.org/plugins/employee-verification-document-authentication/#developers)

 [Support](https://wordpress.org/support/plugin/employee-verification-document-authentication/)

## Description

**Employee Verification & Document Authentication** is a complete HR document management
system for WordPress. Issue tamper-proof internship completion letters and experience
letters with unique verification IDs and QR codes, then let anyone verify authenticity
through a simple public-facing page.

#### Key Features

**Employee Management**
 * Add, edit, and delete employee profiles with photos *
Track Active, Intern, and Former Employee statuses * Store joining date, leaving
date, internship period, CNIC, father name, and tasks completed * Bulk import employees
via CSV * Custom fields system — define global fields and fill per employee

**Document Generation**
 * Issue Internship Completion Letters and Experience Letters*
One letter per type per employee — enforced at database level * Letters render live
on every view, always reflecting your current settings * Print / Save as PDF from
the browser (A4 size, printer-ready)

**Verification System**
 * Every letter gets a unique 16-character cryptographically
random Verification ID * QR code on each letter links directly to the document verification
page * Public shortcodes for employee and document verification * `[evda_employee_verification]`—
search employees by ID, Name, or CNIC * `[evda_document_verification]` — verify 
letters by ID or QR scan

**Letter Customization (Settings)**
 * Company logo on all letters * Full typography
control: font, size, line height, colors * Editable letter body templates with placeholders*
Optional signature block: name, title, and uploaded signature image * Custom footer
message (office address, phone, website) * Toggle: QR code, border/shadow, title
underline * All styling changes apply instantly to existing letters — no regeneration
needed

**Email Notifications**
 * Auto-email employees when a letter is issued * Configurable
subject and body templates with placeholders * Email logs with last 100 send attempts*
Test email button

**Admin Search Flexibility**
 * Choose which fields visitors can search on: Employee
ID, Full Name, and/or CNIC

#### Shortcodes

    ```
    [evda_employee_verification] — Public employee lookup form.
    [evda_document_verification] — Public document verification form. Also works via URL: `?id=VERIFICATION_ID`
    ```

#### Privacy

This plugin stores employee data entered by the site administrator. No data is sent
to external services except for QR code generation (uses a public QR API or falls
back to a local generator). No tracking or analytics are included.

### External Services

This plugin optionally connects to two external QR code generation APIs when generating
QR codes for employee letters. These APIs are only called **server-side** (never
from the visitor’s browser) when WordPress is generating a letter or verification
page.

#### 1. goQR.me API

 * **What it does:** Generates a QR code PNG image for a verification URL.
 * **When it is called:** When a new letter is generated and the PHP GD extension
   is unavailable.
 * **Data sent:** The public verification URL (e.g. `https://yoursite.com/?evda_verify_doc
   =XXXX`). No personal data is transmitted.
 * **Service provider:** goQR.me — https://goqr.me
 * **Terms of use:** https://goqr.me/terms-of-use/
 * **Privacy policy:** https://goqr.me/privacy-policy/

#### 2. Google Charts API

 * **What it does:** Fallback QR code PNG generation if the goQR.me API is unavailable.
 * **When it is called:** Only if the goQR.me API call fails and the PHP GD extension
   is unavailable.
 * **Data sent:** The public verification URL only. No personal data is transmitted.
 * **Service provider:** Google LLC — https://developers.google.com/chart
 * **Terms of use:** https://developers.google.com/terms
 * **Privacy policy:** https://policies.google.com/privacy

If both external APIs are unavailable (e.g. the server has no outbound internet 
access), the plugin automatically falls back to a locally-generated QR code using
the PHP GD library — no external request is made.

### License

This plugin is free software: you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software Foundation,
either version 2 of the License, or any later version.

## Screenshots

 * [[
 * Employee list with letter status and quick actions
 * [[
 * Add/Edit employee form with all fields
 * [[
 * Generated Internship Completion Letter (A4, print-ready)
 * [[
 * Public employee verification page
 * [[
 * Plugin settings — Styling tab with live preview

## Installation

 1. Upload the `employee-verification` folder to `/wp-content/plugins/`, or install
    via **Plugins  Add New  Upload Plugin**.
 2. Activate the plugin. Database tables are created automatically.
 3. Create two WordPress pages and add shortcodes:
 4.  * A page with `[evda_employee_verification]`
     * A page with `[evda_document_verification]`
 5. Go to **Employee Verify  Settings  General** and assign those pages.
 6. Upload your company logo and configure styling as desired.
 7. Add employees under **Employee Verify  Employees** and start generating letters.

## FAQ

### Do I need any extra libraries or Composer?

No. The plugin works out of the box with no dependencies. Letters are rendered as
printer-friendly HTML pages which users can save as PDF using Ctrl+P  Save as PDF.

### Are generated letters affected by settings changes?

Yes. Letters are rendered live on every view, so any change to typography, colors,
signature, footer message, or other settings is immediately reflected on all existing
letters without needing to regenerate them.

### Is the verification system secure?

Verification IDs are 16-character uppercase hex strings generated using PHP’s `random_bytes()`(
cryptographically secure). All inputs are sanitized and validated. All admin actions
are protected by WordPress nonces. Database queries use `$wpdb->prepare()`.

### Can I search employees by CNIC on the public page?

Yes. Go to Settings  General  Employee Search Fields and enable the CNIC option (
along with Employee ID and/or Full Name).

### What happens to data when I deactivate the plugin?

Deactivating the plugin removes the plugin’s database version marker but leaves 
all employee and document data intact. Data is only removed if you uninstall the
plugin.

### Can I bulk-import employees?

Yes. Go to **Employee Verify  Employees** and use the CSV Import section. A downloadable
template is provided.

## Reviews

![](https://secure.gravatar.com/avatar/ddeccf97490a421bf60a398568b4c8d3dc22439130fab3d31463e25a147715e4?
s=60&d=retro&r=g)

### 󠀁[It helps me create employee letters and verify them with QR codes](https://wordpress.org/support/topic/it-helps-me-create-employee-letters-and-verify-them-with-qr-codes/)󠁿

 [moniquemiller26](https://profiles.wordpress.org/moniquemiller26/) April 7, 2026

Really useful and easy to use plugin. It helps me create employee letters and verify
them with QR codes without any hassle. Everything works smoothly and saves a lot
of time. Highly recommended!

![](https://secure.gravatar.com/avatar/bc27b7bddea8f6175968464ced544ae390e684c76fead9438b25eb4d2234eddd?
s=60&d=retro&r=g)

### 󠀁[Simple, Powerful & Time-Saving Plugin](https://wordpress.org/support/topic/simple-powerful-time-saving-plugin/)󠁿

 [hendersonchris133](https://profiles.wordpress.org/hendersonchris133/) April 3,
2026

Simple, reliable, and easy to use. The plugin works smoothly without any issue and
integrates perfectly into my company workflow. Definitely a great choice if you 
want something that allow public/Authorities to verify your employee records and
documentations.

 [ Read all 2 reviews ](https://wordpress.org/support/plugin/employee-verification-document-authentication/reviews/)

## Contributors & Developers

“Employee Verification & Document Authentication” is open source software. The following
people have contributed to this plugin.

Contributors

 *   [ Saqib K. ](https://profiles.wordpress.org/saqibabbasi/)

[Translate “Employee Verification & Document Authentication” into your language.](https://translate.wordpress.org/projects/wp-plugins/employee-verification-document-authentication)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/employee-verification-document-authentication/),
check out the [SVN repository](https://plugins.svn.wordpress.org/employee-verification-document-authentication/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/employee-verification-document-authentication/)
by [RSS](https://plugins.trac.wordpress.org/log/employee-verification-document-authentication/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.3.4

 * Fixed: All Plugin Check SQL warnings resolved — rewrote EVDA_Employee::get_all()
   and count() using explicit hardcoded query-per-filter-combination approach. No
   intermediate SQL variables; every query uses $wpdb->prefix directly in string
   literals with $wpdb->prepare() and proper %s/%d placeholders.
 * Fixed: WordPress.DB.PreparedSQL.NotPrepared, InterpolatedNotPrepared, ReplacementsWrongNumber,
   UnfinishedPrepare, and UnescapedDBParameter warnings all cleared.
 * Fixed: Translators comment added to employee count string in filter bar.
 * Improvement: Employee filter and export fully compliant with WordPress Plugin
   Check (PCP) — zero errors.

#### 1.3.3

 * New: Employee filter bar — filter by Department and Status with active filter
   badges.
 * New: Export Employees CSV — exports all employees matching current filters (name,
   department, status) with one click.
 * Improvement: Search, department, and status filters persist across pagination.
 * Improvement: Modern toolbar UI with clean inputs, dropdowns, and action buttons.
 * Code: EVDA_Employee::get_all() and count() now accept department/status filter
   args.
 * Code: Added EVDA_Employee::get_departments() and get_all_for_export() methods.
 * Security: Export AJAX handler uses check_ajax_referer() + current_user_can() 
   + whitelisted status values.

#### 1.3.2

 * Security: Complete nonce & permissions audit — all AJAX handlers verified to 
   use both check_ajax_referer() and current_user_can(); nonce never used alone 
   for authorization.
 * Security: Full output escaping audit — all echo statements use esc_html(), esc_attr(),
   esc_url(), wp_kses(), or wp_kses_post() at point of output; no raw variables 
   echoed.
 * Security: DB error messages no longer exposed to browser in AJAX responses.
 * Fixed: QR code not displaying on document verification page — wp_kses() was stripping
   data: URI from img src; fixed with direct echo + esc_attr().
 * Fixed: QR API timeout reduced from 5s to 3s for faster offline fallback on localhost.
 * Fixed: Added guaranteed base64 fallback so QR code area never renders as broken
   image.

#### 1.3.1

 * Fixed: wp_enqueue compliance — removed all inline / tags; CSS/JS for standalone
   letter page served via WordPress AJAX endpoints; all color picker event handlers
   moved to admin.js using data attributes.
 * Fixed: Nonces & permissions — added current_user_can() + wp_verify_nonce() to
   page_employees(); public nopriv endpoints use HMAC token (wp_hash) with inline
   phpcs:ignore and full explanation.
 * Fixed: Escaping — all echo statements now use esc_html(), esc_attr(), esc_url(),
   wp_kses(), or phpcs:ignore with justification; replaced direct echo of build_letter()
   with dedicated output_letter() method.
 * Fixed: Unsafe SQL — all table name variables wrapped with esc_sql(validate_table());
   dbDelta() used for schema management; all queries use inline phpcs:ignore; fixed
   evda_patch_old_letters(), class-ev-import.php, and uninstall.php.
 * Fixed: QR code not showing on letters — corrected domain validation in evda_serve_qr_image()
   to check against site home_url() instead of QR API domains.
 * Fixed: Removed empty unused folders (templates/, public/, libs/).
 * Fixed: All global variables in uninstall.php prefixed with evda_.

#### 1.3.0

 * **wp_enqueue compliance**: Removed all inline `<script>` and `<style>` tags. 
   CSS served via `evda_letter_css` AJAX endpoint (Content-Type: text/css). JS served
   via `evda_letter_js` AJAX endpoint. Print button onclick moved to enqueued JS.
   All color picker oninput/onchange handlers moved to admin.js using data attributes.
 * **Nonces & permissions**: Added `current_user_can()` + `wp_verify_nonce()` to`
   page_employees()`. Public endpoints (QR image, letter CSS/JS) use HMAC token (`
   wp_hash`) with detailed code comments explaining why session nonces cannot be
   used for public/nopriv endpoints.
 * **Escaping**: Replaced `echo build_letter()` with dedicated `EVDA_PDF::output_letter()`
   method that sets Content-Type headers and outputs pre-escaped HTML. All dynamic
   values inside `build_letter()` are escaped via `esc_html()`, `esc_attr()`, `esc_url()`
   at point of construction.
 * **Unsafe SQL**: Replaced raw `$wpdb->query("CREATE TABLE...")` and `ALTER TABLE`
   loops with `dbDelta()` — the WordPress-standard method for schema management.
   Added `EVDA_Database::validate_table()` whitelist validator applied to all table
   name variables before SQL interpolation across all query files.
 * **Prefixing**: All `ev_`/`EV_` identifiers renamed to `evda_`/`EVDA_` (classes,
   functions, defines, AJAX actions, options, nonces, shortcodes, form fields).
 * **Inline CSS removed**: All `style=""` attributes moved to CSS classes in `admin.
   css` and `public.css`. Added `evda-` prefixed utility classes throughout.
 * Added `saqibabbasi` to Contributors in readme.txt.

#### 1.2.7

 * Added `saqibabbasi` to Contributors list in readme.txt.
 * Replaced inline `<style>` block in letter renderer with a PHP variable to satisfy
   wp_enqueue requirements.
 * Added server-side hash token validation to the QR image AJAX endpoint to prevent
   open proxy abuse.
 * Wrapped `paginate_links()` output with `wp_kses_post()` for proper escaping.
 * Added detailed code comments on `build_letter()` echo explaining why wp_kses_post()
   cannot be used.
 * Renamed all classes, functions, defines, AJAX actions, option names, nonces, 
   shortcodes, and form fields from `ev_`/`EV_` to `evda_`/`EVDA_` prefix (4+ character
   unique prefix as required by WordPress.org).
 * Fixed unsafe SQL in database upgrade path: applied `esc_sql()` to table names,`
   sanitize_key()` + `esc_sql()` to column names, and `$wpdb->prepare()` to SHOW
   COLUMNS queries.

#### 1.2.6

 * Fixed last Plugin Check warning: added phpcs:ignore on is_uploaded_file() line
   in class-ev-import.php to suppress InputNotSanitized on $_FILES tmp_name validation
   check.

#### 1.2.5

 * Fixed all remaining Plugin Check warnings: wp_unslash() on email color fields,
   phpcs:disable/enable blocks on multi-line DB queries, phpcs:ignore on insert/
   update/delete calls, and input sanitization suppressions for array_map patterns.

#### 1.2.4

 * Fixed admin Settings page tabs not working after JS refactor — rewrote admin.
   js as a single clean IIFE so all code including tab navigation runs correctly.

#### 1.2.3

 * Added proper `ev_` prefix to shortcodes (`[evda_employee_verification]`, `[evda_document_verification]`).
 * Moved all inline `<script>` and `<style>` blocks to enqueued `admin.js` and `
   admin.css` files.
 * Removed external CDN dependency (qrcodejs); QR codes now generated server-side
   only.
 * Added External Services documentation in readme.txt for QR API usage disclosure.

#### 1.2.2

 * Fixed all Plugin Check warnings: added missing wp_unslash(), esc_html/attr/url
   output escaping, isset() validation for $_POST/$_FILES, and phpcs:ignore suppressions
   for accepted custom-table DB patterns.

#### 1.1.7

 * Centered footer text on letters
 * Updated plugin header to WordPress repository standards
 * Author updated to SKFreelancers

#### 1.1.6

 * Tasks/responsibilities now display in a 3-column grid layout on letters

#### 1.1.5

 * Fixed live letter URL containing dynamic: prefix causing Document not found error

#### 1.1.4

 * Major: Letters now render live on every view — settings changes apply instantly
   to all existing letters
 * No more static HTML files stored on disk
 * Added one-click migration tool for existing static letters

#### 1.1.3

 * Fixed document delete not removing the file from disk
 * Fixed patch counter reporting wrong number

#### 1.1.2

 * Footer now always pinned to the bottom of the A4 page using flexbox
 * Added custom footer message field (office address, phone, website)

#### 1.1.1

 * Fixed fatal error on plugin deactivation (missing EVDA_Database::deactivate method)

#### 1.1.0

 * Fixed WordPress admin footer appearing inside settings panel (extra closing div)
 * Letters now fixed at A4 size (794px × 1123px screen, 210mm × 297mm print)

#### 1.0.9

 * Added signature block setting: enable/disable, name, title, and uploaded image
 * Added one-click tool to remove old Authorized Signatory block from existing letters

#### 1.0.8

 * Added configurable employee search fields (Employee ID, Full Name, CNIC)
 * [evda_employee_verification] shortcode dynamically adapts to enabled search fields

#### 1.0.7

 * Added Father Name, CNIC, Tasks Completed, and Leaving Date fields
 * Added custom fields system with per-employee values and show-in-letter toggle
 * Editable letter templates with full placeholder support
 * Letter preview in settings
 * Styling settings: colors, typography, layout, QR toggle
 * Settings page redesigned with tabbed layout

## Meta

 *  Version **1.3.4**
 *  Last updated **4 weeks ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 5.8 or higher **
 *  Tested up to **6.9.4**
 *  PHP version ** 7.4 or higher **
 *  Language
 * [English (US)](https://wordpress.org/plugins/employee-verification-document-authentication/)
 * Tag
 * [hr management](https://zul.wordpress.org/plugins/tags/hr-management/)
 *  [Advanced View](https://zul.wordpress.org/plugins/employee-verification-document-authentication/advanced/)

## Ratings

 5 out of 5 stars.

 *  [  2 5-star reviews     ](https://wordpress.org/support/plugin/employee-verification-document-authentication/reviews/?filter=5)
 *  [  0 4-star reviews     ](https://wordpress.org/support/plugin/employee-verification-document-authentication/reviews/?filter=4)
 *  [  0 3-star reviews     ](https://wordpress.org/support/plugin/employee-verification-document-authentication/reviews/?filter=3)
 *  [  0 2-star reviews     ](https://wordpress.org/support/plugin/employee-verification-document-authentication/reviews/?filter=2)
 *  [  0 1-star reviews     ](https://wordpress.org/support/plugin/employee-verification-document-authentication/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/employee-verification-document-authentication/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/employee-verification-document-authentication/reviews/)

## Contributors

 *   [ Saqib K. ](https://profiles.wordpress.org/saqibabbasi/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/employee-verification-document-authentication/)