=== Didit Verify === Contributors: alexdidit Tags: identity verification, kyc, woocommerce, age verification, id check Requires at least: 6.0 Tested up to: 6.9 Requires PHP: 7.4 Stable tag: 0.1.4 License: GPL-2.0-or-later License URI: https://www.gnu.org/licenses/gpl-2.0.html Add identity verification to any WordPress page or WooCommerce checkout using Didit. == Description == Didit Verify lets you require identity verification on your WordPress site. Drop a shortcode on any page or require it at WooCommerce checkout. **Two integration modes:** * **UniLink** — paste a URL from the workflow you want from Didit Console. No backend needed. * **API Session** — [RECOMMENDED] the plugin creates a unique session per user. Your API key stays server-side. **Display options:** * **Modal** — opens a centered overlay on top of the page * **Embedded** — renders the verification inline where the shortcode is placed * Configurable close button, exit confirmation dialog, and auto-close on completion * Debug logging for SDK events in the browser console **Button appearance:** * Fully configurable from the admin panel: text, colors, border radius, padding, font size * Live preview in Settings that updates as you change values * Shortcode attributes can override the button text per page **Content gating:** * `[didit_gate]` shortcode — restrict any content to verified users only * `[didit_status]` shortcode — show the user's verification status anywhere * Verification status saved to WordPress user meta and visible in the admin Users list **WooCommerce support:** * Require verification at checkout with 4 position options * Automatically send billing data (name, email, phone, address) to Didit for pre-filling and cross-validation * Verification session ID saved to order meta for audit **Developer extensibility:** * PHP action hooks: `didit_session_created`, `didit_verification_completed`, `didit_verification_cancelled` * PHP filter: `didit_sdk_url` to change the SDK CDN * DOM CustomEvent: `didit:complete` for frontend JavaScript **Security (API mode):** * API key stored server-side only — never sent to the browser * CSRF nonce on every request * Per-user rate limit: 10 sessions/hour * Per-IP rate limit: 3 sessions/hour (guests) * All input whitelisted and sanitized == Third-Party Service == This plugin connects to the [Didit](https://didit.me) identity verification service to process user verifications. When a verification session is created (API mode), the plugin sends data to Didit's servers. When the verification UI is displayed, an iframe loads content from `verify.didit.me`. This plugin bundles the [Didit Web SDK](https://www.npmjs.com/package/@didit-protocol/sdk-web) (version 0.1.6) as `assets/js/didit-sdk.umd.min.js`. The full unminified source code is publicly available at the GitHub repository and npm package linked below. * Service: [https://didit.me](https://didit.me) * SDK source code: [https://github.com/didit-protocol/sdk-web](https://github.com/didit-protocol/sdk-web) * SDK npm package: [https://www.npmjs.com/package/@didit-protocol/sdk-web](https://www.npmjs.com/package/@didit-protocol/sdk-web) * SDK license: MIT * Terms of Use: [https://didit.me/en/terms/identity-verification/](https://didit.me/en/terms/identity-verification/) * Privacy Policy: [https://didit.me/en/terms/privacy-policy/](https://didit.me/en/terms/privacy-policy/) The SDK can be rebuilt from source with `npm install && npm run build` (uses Rollup). See the GitHub repository for full build instructions. No data is sent to Didit until the site administrator configures the plugin and a user initiates verification. == Installation == 1. Upload the `didit-verify` folder to `/wp-content/plugins/` 2. Activate the plugin through **Plugins → Didit Verify** 3. Go to **Settings → Didit Verify** and configure your mode: **UniLink (simplest):** Enter the UniLink URL from your [Didit Console](https://business.didit.me) workflow. **API Session (recommended):** Enter your Workflow ID and API Key from the [Didit Console](https://business.didit.me). 4. Add `[didit_verify]` to any page or post. == Frequently Asked Questions == = Where do I get a Workflow ID and API Key? = Sign up at [business.didit.me](https://business.didit.me), create a verification workflow and copy the Workflow ID. Then go to API & Webhooks and copy your API Key. = What is the difference between UniLink and API mode? = UniLink uses a single shared URL — quick to set up but every visitor uses the same session link. API mode creates a unique verification session per user with full tracking, and keeps your API key secure on the server. = Does it work without WooCommerce? = Yes. Use the `[didit_verify]` shortcode on any page. WooCommerce integration is optional. = Is my API key safe? = Yes. In API mode, the key is stored in the WordPress database and used only in server-to-server calls. It is never included in any HTML or JavaScript sent to the browser. = What is vendor data? = Vendor data identifies each user in your Didit dashboard. The plugin automatically sends a per-user value based on your chosen mode: * **WordPress User ID** (default) — sends `wp-42` * **User Email** — sends the user's email address * **Custom prefix + User ID** — sends e.g. `mystore-42` * **None** — omits the field This enables session tracking and aggregation across multiple verifications for the same user. = How do I restrict content to verified users? = Wrap any content with the `[didit_gate]` shortcode: `[didit_gate]This content is only for verified users.[/didit_gate]` Unverified users see a message and a verification button. Once verified, the content is revealed. You can customize the message: `[didit_gate message="Please verify to continue."]Secret content here.[/didit_gate]` = How do I show verification status? = Use the `[didit_status]` shortcode. It shows "Identity Verified" or "Not Verified" for the logged-in user. You can customize all labels: `[didit_status verified_text="Verified!" unverified_text="Pending" login_text="Sign in first"]` = How do I check if a user is verified in PHP? = `get_user_meta($user_id, '_didit_verified', true)` returns `1` if verified. You can also check `_didit_status` for the result (Approved, Pending, Declined). = Can I hook into verification events? = Yes. The plugin fires WordPress actions: * `didit_verification_completed` — when a user completes verification (passes user ID, session ID, status) * `didit_verification_cancelled` — when a user cancels * `didit_session_created` — when a session is created server-side Use `add_action()` in your theme's `functions.php` to hook in. = Can I customize the button? = Go to **Settings → Didit Verify → Button Appearance**. You can change: * Button text and success text * Background color and text color * Border radius (0 = square, 50 = pill) * Padding (vertical and horizontal) * Font size A live preview updates in real time as you change values. You can also override the text per page: `[didit_verify text="Verify Now" success_text="Done!"]` The button has CSS class `didit-verify-btn` (and `didit-verified` after success) for further styling. = Can I switch between modal and embedded display? = Yes. Go to **Settings → Didit Verify → Display Options → Display Mode**. Choose Modal (popup overlay) or Embedded (inline where the shortcode is). You can also override per shortcode: `[didit_verify mode="embedded"]` == Screenshots == 1. Settings page — configure mode, credentials, display options, and button appearance. 2. Button Appearance section with live preview. 3. Verification button on a page. 4. WooCommerce checkout with verification step. == Changelog == = 0.1.4 = * Match verification status handling like in woocommerce: only grant access for Approved status. * Differentiate Approved, Declined, and In Review states in button, content gate, status shortcode, and admin users list. * Use Didit design system colors for status indicators. = 0.1.3 = * Update Didit Web SDK to version 0.1.8. * Improved support for Woocommerce block based checkout on new versions. = 0.1.2 = * Update Didit Web SDK to version 0.1.6. * Document bundled SDK source code repository, license, and build instructions in readme. * Move admin inline scripts to enqueued JavaScript file. * Fix contributors username. = 0.1.1 = * Bundle SDK JavaScript locally instead of loading from CDN. * Add third-party service disclosure (Didit Terms of Use and Privacy Policy). * Add all 49 supported languages to the language selector. * Fix Plugin Check (PCP) errors: output escaping, translators comment, variable prefixes. * Wrap debug logging behind WP_DEBUG flag. = 0.1.0 = * Initial release. * UniLink and API Session modes. * Modal and embedded display modes. * Configurable button appearance with live admin preview (colors, radius, padding, font size). * Content gating with `[didit_gate]` shortcode. * Verification status shortcode `[didit_status]`. * Verification status saved to WordPress user meta. * Verification column in admin Users list. * WooCommerce checkout integration with 4 position options and billing data forwarding. * Dynamic vendor data (User ID, email, custom prefix, or none). * PHP action hooks and `didit_sdk_url` filter for developer extensibility. * 6-layer security model for API session creation. * 49 language options for the verification UI. == Upgrade Notice == = 0.1.4 = Match verification status handling between woocommerce and wordpress = 0.1.3 = SDK updated to 0.1.8. Improved support for Woocommerce block based checkout on new versions. = 0.1.2 = SDK updated to 0.1.6, source code documented, admin scripts properly enqueued. = 0.1.1 = SDK bundled locally, third-party disclosure, all 49 languages, Plugin Check compliance. = 0.1.0 = First release.