diff --git a/web/api/app/Controller/AppController.php b/web/api/app/Controller/AppController.php index 9dd27e945..51575f055 100644 --- a/web/api/app/Controller/AppController.php +++ b/web/api/app/Controller/AppController.php @@ -67,7 +67,6 @@ class AppController extends Controller { # For use throughout the app. If not logged in, this will be null. global $user; - $user = $this->Session->read('user'); if ( ZM_OPT_USE_AUTH ) { require_once __DIR__ .'/../../../includes/auth.php'; diff --git a/web/api/app/Controller/HostController.php b/web/api/app/Controller/HostController.php index 74ea854a4..e06ca2293 100644 --- a/web/api/app/Controller/HostController.php +++ b/web/api/app/Controller/HostController.php @@ -48,8 +48,7 @@ class HostController extends AppController { // clears out session function logout() { - global $user; - $this->Session->Write('user', null); + userLogout(); $this->set(array( 'result' => 'ok', @@ -67,7 +66,7 @@ class HostController extends AppController { if ( $isZmAuth ) { // In future, we may want to completely move to AUTH_HASH_LOGINS and return &auth= for all cases require_once __DIR__ .'/../../../includes/auth.php'; # in the event we directly call getCredentials.json - $this->Session->read('user'); # this is needed for command line/curl to recognize a session + $zmAuthRelay = $this->Config->find('first',array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_AUTH_RELAY')))['Config']['Value']; if ( $zmAuthRelay == 'hashed' ) { $zmAuthHashIps = $this->Config->find('first',array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_AUTH_HASH_IPS')))['Config']['Value']; @@ -75,7 +74,7 @@ class HostController extends AppController { $credentials = 'auth='.generateAuthHash($zmAuthHashIps,true); } else { // user will need to append the store password here - $credentials = 'user='.$this->Session->read('user.Username').'&pass='; + $credentials = 'user='.$this->Session->read('Username').'&pass='; $appendPassword = 1; } } diff --git a/web/api/app/Model/Event.php b/web/api/app/Model/Event.php index 4e0ec96b9..ecd08a1e6 100644 --- a/web/api/app/Model/Event.php +++ b/web/api/app/Model/Event.php @@ -126,10 +126,10 @@ class Event extends AppModel { if ( file_exists($storage['Storage']['Path'].'/'.$this->Relative_Path().'/'.$event['DefaultVideo']) ) { return 1; } else { - Logger::Debug("FIle does not exist at " . $storage['Storage']['Path'].'/'.$this->Relative_Path().'/'.$event['DefaultVideo'] ); + ZM\Logger::Debug("FIle does not exist at " . $storage['Storage']['Path'].'/'.$this->Relative_Path().'/'.$event['DefaultVideo'] ); } } else { -Logger::Debug("No DefaultVideo in Event" . $this->Event); + ZM\Logger::Debug("No DefaultVideo in Event" . $this->Event); return 0; } } // end function fileExists($event) diff --git a/web/includes/auth.php b/web/includes/auth.php index c16a1e7b8..c1f6fb6a8 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -205,19 +205,20 @@ function canEdit($area, $mid=false) { return ( $user[$area] == 'Edit' && ( !$mid || visibleMonitor($mid) )); } +global $user; if ( ZM_OPT_USE_AUTH ) { - if ( isset($_SESSION['username']) ) { - # Need to refresh permissions and validate that the user still exists - $sql = 'SELECT * FROM Users WHERE Enabled=1 AND Username=?'; - $user = dbFetchOne($sql, NULL, array($_SESSION['username'])); - } - $close_session = 0; if ( !is_session_started() ) { session_start(); $close_session = 1; } + if ( isset($_SESSION['username']) ) { + # Need to refresh permissions and validate that the user still exists + $sql = 'SELECT * FROM Users WHERE Enabled=1 AND Username=?'; + $user = dbFetchOne($sql, NULL, array($_SESSION['username'])); + } + if ( ZM_AUTH_RELAY == 'plain' ) { // Need to save this in session $_SESSION['password'] = $password;