From e71f991d6ea5955055be6bf6f8dd6f1535da0bb6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Suwi=C5=84ski?= <dracono@wp.pl>
Date: Thu, 19 Nov 2020 11:19:21 +0100
Subject: [PATCH] README update

---
 README.md | 30 +++++++++++++++++++++++-------
 auth.php  |  1 +
 2 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index e44579f..5c45da0 100644
--- a/README.md
+++ b/README.md
@@ -1,11 +1,27 @@
 # Email One-Time Password Authentication
 
-Matches only valid email from allowed domain as username. Validates client
-credentials and password if exists in current session or generates ones for
-session time on empty password treated as one-time password request.
+Validates credentials and password if exists in current session or generates
+ones for session time on empty password which is treated as one-time password
+request and sends it to an email. Matches only valid email from allowed domains
+using global `allowemailaddresses` and `denyemailaddresses` settings if set.
 
-On first login account is created if not prevented on global level 
-and parts of email address may be mapped to profile fields using 
-PCRE expressions.
 
-See [setting form help](settings.php) for mapping usage example.
+Additional security can be set:
+
+Revoke threshold: 
+  login failures limit causing revoke of the generated password.  
+
+Minimum request period: 
+  a time in seconds after which another password can be generated.
+
+
+Signup and user creation on first login takes place only in case of using email
+as username (not to be confused with the `authloginviaemail` global setting) if
+not prevented (global setting `authpreventaccountcreation`) and parts of email
+address may be mapped to profile fields using PCRE expressions.
+
+Auth instruction setting (global `auth_instructions`) is recommended depending
+on the adopted user account policy and plugin settings.
+
+
+See also: `fieldsmapping_help` setting form for [mapping usage example](lang/en/auth_emailotp.php).
diff --git a/auth.php b/auth.php
index 6d1863c..ce0391e 100644
--- a/auth.php
+++ b/auth.php
@@ -18,6 +18,7 @@
  * Email OTP authentication plugin.
  *
  * @see self::user_login()
+ * @see self::get_user_field()
  * @package    auth_emailotp
  * @copyright  2020 Pawel Suwinski <psuw@wp.pl>
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later