From be5b4691dadfed1d1dbb8239d320b67f8c8d514a Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Tue, 22 Nov 2016 15:35:07 -0500
Subject: [PATCH] check for isset of SESSION['username'] instead of just
 assuming it exists

---
 web/includes/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/includes/functions.php b/web/includes/functions.php
index 1543a926f..5f62c9ff7 100644
--- a/web/includes/functions.php
+++ b/web/includes/functions.php
@@ -143,7 +143,7 @@ function getAuthUser( $auth ) {
 }
 
 function generateAuthHash( $useRemoteAddr ) {
-  if ( ZM_OPT_USE_AUTH and ZM_AUTH_RELAY == 'hashed' and $_SESSION['username'] and $_SESSION['passwordHash'] ) {
+  if ( ZM_OPT_USE_AUTH and ZM_AUTH_RELAY == 'hashed' and isset($_SESSION['username']) and $_SESSION['passwordHash'] ) {
     # regenerate a hash at half the liftetime of a hash, an hour is 3600 so half is 1800
     if ( ( ! isset($_SESSION['AuthHash']) ) or ( $_SESSION['AuthHashGeneratedAt'] < time() - ( ZM_AUTH_HASH_TTL * 1800 ) ) ) {
       # Don't both regenerating Auth Hash if an hour hasn't gone by yet