ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

only generate auth hash if we are logged in

pull/1185/head
Isaac Connor 2016-10-02 14:13:54 -04:00
parent 056e560b70
commit 16bee2ef55
2 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/includes/actions.php
View File

@ -60,7 +60,7 @@ if ( ZM_OPT_USE_AUTH && ZM_AUTH_HASH_LOGINS ) {
if ( $authUser = getAuthUser( $_REQUEST['auth'] ) ) { if ( $authUser = getAuthUser( $_REQUEST['auth'] ) ) {
userLogin( $authUser['Username'], $authUser['Password'], true ); userLogin( $authUser['Username'], $authUser['Password'], true );
} }
} else { } else if ( ! empty($user) ) {
// generate it once here, while session is open. Value will be cached in session and return when called later on // generate it once here, while session is open. Value will be cached in session and return when called later on
generateAuthHash( ZM_AUTH_HASH_IPS ); generateAuthHash( ZM_AUTH_HASH_IPS );
} }

9
web/includes/functions.php
View File

@ -144,6 +144,9 @@ function generateAuthHash( $useRemoteAddr ) {
if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == 'hashed' ) { if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == 'hashed' ) {
# regenerate a hash at half the liftetime of a hash, an hour is 3600 so half is 1800 # regenerate a hash at half the liftetime of a hash, an hour is 3600 so half is 1800
if ( ( $_SESSION['AuthHashGeneratedAt'] < time() - ( ZM_AUTH_HASH_TTL * 1800 ) ) or ! isset($_SESSION['AuthHash']) ) { if ( ( $_SESSION['AuthHashGeneratedAt'] < time() - ( ZM_AUTH_HASH_TTL * 1800 ) ) or ! isset($_SESSION['AuthHash']) ) {
if ( ! ( $_SESSION['username'] and $_SESSION['passwordHash'] ) ) {
Warning("Can't generate auth hash until we are logged in");
} else {
$time = localtime(); $time = localtime();
if ( $useRemoteAddr ) { if ( $useRemoteAddr ) {
$authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$_SESSION['remoteAddr'].$time[2].$time[3].$time[4].$time[5]; $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$_SESSION['remoteAddr'].$time[2].$time[3].$time[4].$time[5];
@ -156,9 +159,11 @@ function generateAuthHash( $useRemoteAddr ) {
} }
$_SESSION['AuthHash'] = $auth; $_SESSION['AuthHash'] = $auth;
$_SESSION['AuthHashGeneratedAt'] = time(); $_SESSION['AuthHashGeneratedAt'] = time();
Warning("Generating new auth $auth"); Debug("Generating new auth $auth at " . $_SESSION['AuthHashGeneratedAt']. " using $authKey" );
}
} else {
Debug("Using auth " . $_SESSION['AuthHash'] );
} # end if AuthHash is not cached } # end if AuthHash is not cached
Warning("Using auth " . $_SESSION['AuthHash'] );
return $_SESSION['AuthHash']; return $_SESSION['AuthHash'];
} else { } else {
$auth = ""; $auth = "";