admin_url('admin-ajax.php'), 'i18n_1' => __('User verification is disabled by default because some mobile devices do not support it (especially on Android devices). But we recommend you to enable it if possible to further secure your login.', 'wp-webauthn'), 'i18n_2' => __('Log count: ', 'wp-webauthn'), 'i18n_3' => __('Loading failed, maybe try refreshing?', 'wp-webauthn') )); wp_enqueue_style('wwa_admin', plugins_url('css/admin.css', __FILE__)); ?>

WP-WebAuthn

localhost.', 'wp-webauthn')); $wwa_not_allowed = true; } // Only admin can change settings // if((isset($_POST['wwa_ref']) && $_POST['wwa_ref'] === 'true') && check_admin_referer('wwa_options_update') && wwa_validate_privileges() && ($_POST['first_choice'] === 'true' || $_POST['first_choice'] === 'false' || $_POST['first_choice'] === 'webauthn') && ($_POST['remember_me'] === 'true' || $_POST['remember_me'] === 'false') && ($_POST['user_verification'] === 'true' || $_POST['user_verification'] === 'false') && ($_POST['usernameless_login'] === 'true' || $_POST['usernameless_login'] === 'false') && ($_POST['allow_authenticator_type'] === 'none' || $_POST['allow_authenticator_type'] === 'platform' || $_POST['allow_authenticator_type'] === 'cross-platform') && ($_POST['after_user_registration'] === 'none' || $_POST['after_user_registration'] === 'login' || $_POST['after_user_registration'] === 'guide') && ($_POST['logging'] === 'true' || $_POST['logging'] === 'false')){ if((isset($_POST['wwa_ref']) && $_POST['wwa_ref'] === 'true') && check_admin_referer('wwa_options_update') && wwa_validate_privileges() && ($_POST['first_choice'] === 'true' || $_POST['first_choice'] === 'false' || $_POST['first_choice'] === 'webauthn') && ($_POST['remember_me'] === 'true' || $_POST['remember_me'] === 'false') && ($_POST['user_verification'] === 'true' || $_POST['user_verification'] === 'false') && ($_POST['usernameless_login'] === 'true' || $_POST['usernameless_login'] === 'false') && ($_POST['allow_authenticator_type'] === 'none' || $_POST['allow_authenticator_type'] === 'platform' || $_POST['allow_authenticator_type'] === 'cross-platform') && ($_POST['logging'] === 'true' || $_POST['logging'] === 'false')){ $res_id = wwa_generate_random_string(5); if(sanitize_text_field($_POST['logging']) === 'true' && wwa_get_option('logging') === 'false'){ // Initialize log if(!function_exists('gmp_intval')){ wwa_add_log($res_id, 'Warning: PHP extension gmp not found', true); } if(!function_exists('mb_substr')){ wwa_add_log($res_id, 'Warning: PHP extension mbstring not found', true); } if(!function_exists('sodium_crypto_sign_detached')){ wwa_add_log($res_id, 'Warning: PHP extension sodium not found', true); } if(!wwa_check_ssl() && (parse_url(site_url(), PHP_URL_HOST) !== 'localhost' && parse_url(site_url(), PHP_URL_HOST) !== '127.0.0.1')){ wwa_add_log($res_id, 'Warning: Not in security context', true); } wwa_add_log($res_id, 'PHP Version => '.phpversion().', WordPress Version => '.get_bloginfo('version').', WP-WebAuthn Version => '.get_option('wwa_version')['version'], true); // wwa_add_log($res_id, 'Current config: first_choice => "'.wwa_get_option('first_choice').'", website_name => "'.wwa_get_option('website_name').'", website_domain => "'.wwa_get_option('website_domain').'", remember_me => "'.wwa_get_option('remember_me').'", user_verification => "'.wwa_get_option('user_verification').'", allow_authenticator_type => "'.wwa_get_option('allow_authenticator_type').'", usernameless_login => "'.wwa_get_option('usernameless_login').'", after_user_registration => "'.wwa_get_option('after_user_registration').'"', true); wwa_add_log($res_id, 'Current config: first_choice => "'.wwa_get_option('first_choice').'", website_name => "'.wwa_get_option('website_name').'", website_domain => "'.wwa_get_option('website_domain').'", remember_me => "'.wwa_get_option('remember_me').'", user_verification => "'.wwa_get_option('user_verification').'", allow_authenticator_type => "'.wwa_get_option('allow_authenticator_type').'", usernameless_login => "'.wwa_get_option('usernameless_login').'"', true); wwa_add_log($res_id, 'Logger initialized', true); } wwa_update_option('logging', sanitize_text_field($_POST['logging'])); $post_first_choice = sanitize_text_field($_POST['first_choice']); if($post_first_choice !== wwa_get_option('first_choice')){ wwa_add_log($res_id, 'first_choice: "'.wwa_get_option('first_choice').'"->"'.$post_first_choice.'"'); } wwa_update_option('first_choice', $post_first_choice); $post_website_name = sanitize_text_field($_POST['website_name']); if($post_website_name !== wwa_get_option('website_name')){ wwa_add_log($res_id, 'website_name: "'.wwa_get_option('website_name').'"->"'.$post_website_name.'"'); } wwa_update_option('website_name', $post_website_name); $post_website_domain = str_replace('https:', '', str_replace('/', '', sanitize_text_field($_POST['website_domain']))); if($post_website_domain !== wwa_get_option('website_domain')){ wwa_add_log($res_id, 'website_domain: "'.wwa_get_option('website_domain').'"->"'.$post_website_domain.'"'); } wwa_update_option('website_domain', $post_website_domain); $post_remember_me = sanitize_text_field($_POST['remember_me']); if($post_remember_me !== wwa_get_option('remember_me')){ wwa_add_log($res_id, 'remember_me: "'.wwa_get_option('remember_me').'"->"'.$post_remember_me.'"'); } wwa_update_option('remember_me', $post_remember_me); $post_user_verification = sanitize_text_field($_POST['user_verification']); if($post_user_verification !== wwa_get_option('user_verification')){ wwa_add_log($res_id, 'user_verification: "'.wwa_get_option('user_verification').'"->"'.$post_user_verification.'"'); } wwa_update_option('user_verification', $post_user_verification); $post_allow_authenticator_type = sanitize_text_field($_POST['allow_authenticator_type']); if($post_allow_authenticator_type !== wwa_get_option('allow_authenticator_type')){ wwa_add_log($res_id, 'allow_authenticator_type: "'.wwa_get_option('allow_authenticator_type').'"->"'.$post_allow_authenticator_type.'"'); } wwa_update_option('allow_authenticator_type', $post_allow_authenticator_type); $post_usernameless_login = sanitize_text_field($_POST['usernameless_login']); if($post_usernameless_login !== wwa_get_option('usernameless_login')){ wwa_add_log($res_id, 'usernameless_login: "'.wwa_get_option('usernameless_login').'"->"'.$post_usernameless_login.'"'); } wwa_update_option('usernameless_login', $post_usernameless_login); // $post_after_user_registration = sanitize_text_field($_POST['after_user_registration']); // if($post_after_user_registration !== wwa_get_option('after_user_registration')){ // wwa_add_log($res_id, 'after_user_registration: "'.wwa_get_option('after_user_registration').'"->"'.$post_after_user_registration.'"'); // } // wwa_update_option('after_user_registration', $post_after_user_registration); add_settings_error('wwa_settings', 'save_success', __('Settings saved.', 'wp-webauthn'), 'success'); }elseif((isset($_POST['wwa_ref']) && $_POST['wwa_ref'] === 'true')){ add_settings_error('wwa_settings', 'save_error', __('Settings NOT saved.', 'wp-webauthn')); } settings_errors('wwa_settings'); wp_localize_script('wwa_admin', 'configs', array('usernameless' => (wwa_get_option('usernameless_login') === false ? 'false' : wwa_get_option('usernameless_login')), 'allow_authenticator_type' => (wwa_get_option('allow_authenticator_type') === false ? 'none' : wwa_get_option('allow_authenticator_type')))); // Only admin can change settings if(wwa_validate_privileges()){ ?>

User that doesn\'t have any registered authenticator (e.g. new user) will unable to login when using "WebAuthn Only".
When the browser does not support WebAuthn, the login method will default to password if password login is not disabled.', 'wp-webauthn');?>

DOES NOT affect the authentication process in anyway.', 'wp-webauthn');?>

MUST be exactly the same with the current domain or parent domain.', 'wp-webauthn');?>




If you cannot register or verify your authenticators, please consider disabling user verification.', 'wp-webauthn');?>


User verification will be enabled automatically when authenticating with usernameless authentication feature.
Some authenticators and some browsers DO NOT support this feature.', 'wp-webauthn');?>



     

Note: Logs may contain sensitive information.', 'wp-webauthn');?>
0)){ ?> id="wwa-remove-log">


your profile.', 'wp-webauthn'), admin_url('profile.php'));?>