ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix hour subtraction in getAuthUser to actually subtract an hour

pull/2645/head
Isaac Connor 2019-06-21 11:45:33 -04:00
parent ad1df8f80a
commit 60618d5998
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
web/includes/auth.php
View File

@ -285,7 +285,7 @@ function getAuthUser($auth, $from_api_layer = false) {
foreach ( dbFetchAll($sql, NULL, $values) as $user ) {
$now = time();
for ( $i = 0; $i < ZM_AUTH_HASH_TTL; $i++, $now -= ZM_AUTH_HASH_TTL * 1800 ) { // Try for last two hours
for ( $i = 0; $i < ZM_AUTH_HASH_TTL; $i++, $now -= 3600 ) { // Try for last TTL hours
$time = localtime($now);
$authKey = ZM_AUTH_HASH_SECRET.$user['Username'].$user['Password'].$remoteAddr.$time[2].$time[3].$time[4].$time[5];
$authHash = md5($authKey);
@ -315,6 +315,7 @@ function generateAuthHash($useRemoteAddr, $force=false) {
if ( ZM_OPT_USE_AUTH and (ZM_AUTH_RELAY == 'hashed') and isset($_SESSION['username']) and $_SESSION['passwordHash'] ) {
$time = time();
# We use 1800 so that we regenerate the hash at half the TTL
$mintime = $time - ( ZM_AUTH_HASH_TTL * 1800 );
if ( $force or ( !isset($_SESSION['AuthHash'.$_SESSION['remoteAddr']]) ) or ( $_SESSION['AuthHashGeneratedAt'] < $mintime ) ) {