WP-WebAuthn

localhost.', 'wp-webauthn'), array('code' => array()))); $wwa_not_allowed = true; } // Only admin can change settings if( (isset($_POST['wwa_ref']) && $_POST['wwa_ref'] === 'true') && check_admin_referer('wwa_options_update') && wwa_validate_privileges() && (is_multisite() || (isset($_POST['first_choice']) && ($_POST['first_choice'] === 'true' || $_POST['first_choice'] === 'false' || $_POST['first_choice'] === 'webauthn'))) && (isset($_POST['remember_me']) && ($_POST['remember_me'] === 'true' || $_POST['remember_me'] === 'false')) && (isset($_POST['email_login']) && ($_POST['email_login'] === 'true' || $_POST['email_login'] === 'false')) && (is_multisite() || (isset($_POST['user_verification']) && ($_POST['user_verification'] === 'true' || $_POST['user_verification'] === 'false'))) && (is_multisite() || (isset($_POST['usernameless_login']) && ($_POST['usernameless_login'] === 'true' || $_POST['usernameless_login'] === 'false'))) && (is_multisite() || (isset($_POST['allow_authenticator_type']) && ($_POST['allow_authenticator_type'] === 'none' || $_POST['allow_authenticator_type'] === 'platform' || $_POST['allow_authenticator_type'] === 'cross-platform'))) && (is_multisite() || (isset($_POST['show_authenticator_type']) && ($_POST['show_authenticator_type'] === 'true' || $_POST['show_authenticator_type'] === 'false'))) && (isset($_POST['password_reset']) && ($_POST['password_reset'] === 'off' || $_POST['password_reset'] === 'admin' || $_POST['password_reset'] === 'all')) && (isset($_POST['after_user_registration']) && ($_POST['after_user_registration'] === 'none' || $_POST['after_user_registration'] === 'login' || $_POST['after_user_registration'] === 'mail')) && (isset($_POST['terminology']) && ($_POST['terminology'] === 'webauthn' || $_POST['terminology'] === 'passkey')) && (isset($_POST['logging']) && ($_POST['logging'] === 'true' || $_POST['logging'] === 'false')) && isset($_POST['website_name']) && isset($_POST['website_domain']) // && (is_multisite() || isset($_POST['ror_origins'])) ){ $res_id = wwa_generate_random_string(5); $post_logging = sanitize_text_field(wp_unslash($_POST['logging'])); if($post_logging === 'true' && wwa_get_option('logging') === 'false'){ // Initialize log if(!function_exists('gmp_intval')){ wwa_add_log($res_id, 'Warning: PHP extension gmp not found', true); } if(!function_exists('mb_substr')){ wwa_add_log($res_id, 'Warning: PHP extension mbstring not found', true); } if(!function_exists('sodium_crypto_sign_detached')){ wwa_add_log($res_id, 'Warning: PHP extension sodium not found', true); } if(!wwa_check_ssl() && (wp_parse_url(site_url(), PHP_URL_HOST) !== 'localhost' && wp_parse_url(site_url(), PHP_URL_HOST) !== '127.0.0.1')){ wwa_add_log($res_id, 'Warning: Not in security context', true); } wwa_add_log($res_id, 'PHP Version => '.phpversion().', WordPress Version => '.get_bloginfo('version').', WP-WebAuthn Version => '.get_option('wwa_version')['version'], true); wwa_add_log($res_id, 'Current config: first_choice => "'.wwa_get_option('first_choice').'", website_name => "'.wwa_get_option('website_name').'", website_domain => "'.wwa_get_option('website_domain').'", remember_me => "'.wwa_get_option('remember_me').'", email_login => "'.wwa_get_option('email_login').'", user_verification => "'.wwa_get_option('user_verification').'", allow_authenticator_type => "'.wwa_get_option('allow_authenticator_type').'", show_authenticator_type => "'.wwa_get_option('show_authenticator_type').'", usernameless_login => "'.wwa_get_option('usernameless_login').'", password_reset => "'.wwa_get_option('password_reset').'", after_user_registration => "'.wwa_get_option('after_user_registration').'", terminology => "'.wwa_get_option('terminology').'", ror_origins => "'.str_replace("\n", ', ', wwa_get_option('ror_origins')).'"', true); $extra_logger_info = apply_filters('wwa_logger_init', array()); foreach($extra_logger_info as $info){ wwa_add_log($res_id, $info, true); } wwa_add_log($res_id, 'Logger initialized', true); } wwa_update_option('logging', $post_logging); if(!is_multisite()){ $post_first_choice = sanitize_text_field(wp_unslash($_POST['first_choice'])); if($post_first_choice !== wwa_get_option('first_choice')){ wwa_add_log($res_id, 'first_choice: "'.wwa_get_option('first_choice').'"->"'.$post_first_choice.'"'); } wwa_update_option('first_choice', $post_first_choice); } $post_website_name = sanitize_text_field(wp_unslash($_POST['website_name'])); if($post_website_name !== wwa_get_option('website_name')){ wwa_add_log($res_id, 'website_name: "'.wwa_get_option('website_name').'"->"'.$post_website_name.'"'); } wwa_update_option('website_name', $post_website_name); $post_website_domain = str_replace('https:', '', str_replace('/', '', sanitize_text_field(wp_unslash($_POST['website_domain'])))); if($post_website_domain !== wwa_get_option('website_domain')){ wwa_add_log($res_id, 'website_domain: "'.wwa_get_option('website_domain').'"->"'.$post_website_domain.'"'); } wwa_update_option('website_domain', $post_website_domain); if(!is_multisite() && isset($_POST['ror_origins'])){ $raw_ror = wp_unslash($_POST['ror_origins']); $ror_lines = explode("\n", $raw_ror); $sanitized_ror = array(); foreach($ror_lines as $line){ $line = trim($line); if($line === ''){ continue; } $parsed = wp_parse_url($line); if(isset($parsed['scheme']) && isset($parsed['host'])){ $origin = $parsed['scheme'] . '://' . $parsed['host']; if(isset($parsed['port'])){ $origin .= ':' . $parsed['port']; } $sanitized_ror[] = $origin; } } $post_ror_origins = implode("\n", $sanitized_ror); if($post_ror_origins !== wwa_get_option('ror_origins')){ wwa_add_log($res_id, 'ror_origins: "'.str_replace("\n", ', ', wwa_get_option('ror_origins')).'"->"'.str_replace("\n", ', ', $post_ror_origins).'"'); } wwa_update_option('ror_origins', $post_ror_origins); } $post_remember_me = sanitize_text_field(wp_unslash($_POST['remember_me'])); if($post_remember_me !== wwa_get_option('remember_me')){ wwa_add_log($res_id, 'remember_me: "'.wwa_get_option('remember_me').'"->"'.$post_remember_me.'"'); } wwa_update_option('remember_me', $post_remember_me); $post_email_login = sanitize_text_field(wp_unslash($_POST['email_login'])); if($post_email_login !== wwa_get_option('email_login')){ wwa_add_log($res_id, 'email_login: "'.wwa_get_option('email_login').'"->"'.$post_email_login.'"'); } wwa_update_option('email_login', $post_email_login); if(!is_multisite()){ $post_user_verification = sanitize_text_field(wp_unslash($_POST['user_verification'])); if($post_user_verification !== wwa_get_option('user_verification')){ wwa_add_log($res_id, 'user_verification: "'.wwa_get_option('user_verification').'"->"'.$post_user_verification.'"'); } wwa_update_option('user_verification', $post_user_verification); $post_allow_authenticator_type = sanitize_text_field(wp_unslash($_POST['allow_authenticator_type'])); if($post_allow_authenticator_type !== wwa_get_option('allow_authenticator_type')){ wwa_add_log($res_id, 'allow_authenticator_type: "'.wwa_get_option('allow_authenticator_type').'"->"'.$post_allow_authenticator_type.'"'); } wwa_update_option('allow_authenticator_type', $post_allow_authenticator_type); $post_show_authenticator_type = sanitize_text_field(wp_unslash($_POST['show_authenticator_type'])); if($post_show_authenticator_type !== wwa_get_option('show_authenticator_type')){ wwa_add_log($res_id, 'show_authenticator_type: "'.wwa_get_option('show_authenticator_type').'"->"'.$post_show_authenticator_type.'"'); } wwa_update_option('show_authenticator_type', $post_show_authenticator_type); $post_usernameless_login = sanitize_text_field(wp_unslash($_POST['usernameless_login'])); if($post_usernameless_login !== wwa_get_option('usernameless_login')){ wwa_add_log($res_id, 'usernameless_login: "'.wwa_get_option('usernameless_login').'"->"'.$post_usernameless_login.'"'); } wwa_update_option('usernameless_login', $post_usernameless_login); } $post_password_reset = sanitize_text_field(wp_unslash($_POST['password_reset'])); if($post_password_reset !== wwa_get_option('password_reset')){ wwa_add_log($res_id, 'password_reset: "'.wwa_get_option('password_reset').'"->"'.$post_password_reset.'"'); } wwa_update_option('password_reset', $post_password_reset); $post_after_user_registration = sanitize_text_field(wp_unslash($_POST['after_user_registration'])); if($post_after_user_registration !== wwa_get_option('after_user_registration')){ wwa_add_log($res_id, 'after_user_registration: "'.wwa_get_option('after_user_registration').'"->"'.$post_after_user_registration.'"'); } wwa_update_option('after_user_registration', $post_after_user_registration); $post_terminology = sanitize_text_field(wp_unslash($_POST['terminology'])); if($post_terminology !== wwa_get_option('terminology')){ wwa_add_log($res_id, 'terminology: "'.wwa_get_option('terminology').'"->"'.$post_terminology.'"'); } wwa_update_option('terminology', $post_terminology); do_action('wwa_save_settings', $res_id); add_settings_error('wwa_settings', 'save_success', __('Settings saved.', 'wp-webauthn'), 'success'); }elseif((isset($_POST['wwa_ref']) && $_POST['wwa_ref'] === 'true')){ add_settings_error('wwa_settings', 'save_error', __('Settings NOT saved.', 'wp-webauthn')); } settings_errors('wwa_settings'); ?>

	selected> selected> selected disabled> User that doesn\'t have any registered authenticator (e.g. new user) will unable to login when using "WebAuthn Only". When the browser does not support WebAuthn, the login method will default to password if password login is not disabled.', 'wp-webauthn'), array('br' => array()));?>
	checked="checked"> WebAuthn checked="checked"> Passkey is the brand name for this new way of digital authentication, while WebAuthn is the name of the technical standard under the hood.', 'wp-webauthn'), array('br' => array()));?>
	DOES NOT affect the authentication process in anyway.', 'wp-webauthn'), array('strong' => array()));?>
	MUST be exactly the same with the current domain or parent domain.', 'wp-webauthn'), array('strong' => array()));?>
	checked="checked"> checked="checked">
	checked="checked"> checked="checked"> Note that if enabled attackers may be able to brute force the correspondences between email addresses and users.', 'wp-webauthn'), array('br' => array(), 'strong' => array()));?>
	checked="checked"> checked="checked"> If you cannot register or verify your authenticators, please consider disabling user verification.', 'wp-webauthn'), array('br' => array()));?>
	checked="checked"> checked="checked"> User verification will be enabled automatically when authenticating with usernameless authentication feature. Some authenticators and some browsers DO NOT support this feature.', 'wp-webauthn'), array('br' => array(), 'strong' => array()));?>
	selected> selected> selected>
	checked="checked"> checked="checked"> The "Allow a specific type" restriction above still applies regardless of this setting.', 'wp-webauthn'), array('br' => array()));?>
	selected> selected> selected> If "Everyone except administrators" is selected, only administrators with the "Edit user" permission will be able to update passwords (for all users).', 'wp-webauthn'), array('br' => array()));?>
	selected> selected> selected> By default, new users have to login manually after registration. If "WebAuthn Only" is enabled, they will not be able to login. When using "Log user in", new users will be logged in automatically and redirected to their profile settings so that they can set up WebAuthn authenticators.', 'wp-webauthn'), array('br' => array()));?> When using "Send login link", an one-time login link will be automatically sent to the user\'s email adress. This will replace the default WordPress welcome email. "Send login link" will work even if "Allow user login by login link via email" is disabled.', 'wp-webauthn'), array('br' => array(), 'strong' => array())); } ?>
	checked="checked"> checked="checked"> disabled>      Note: Logs may contain sensitive information.', 'wp-webauthn'), array('br' => array(), 'strong' => array()));?>

0)){ ?> id="wwa-remove-log">

<?php echo get_option("wwa_log") === false ? "" : esc_textarea(implode("\n", get_option("wwa_log")));?>