ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Should only generate an auth hash if we are logged in.

pull/1641/head
Isaac Connor 2016-10-03 21:18:13 -04:00
parent e423e0802c
commit f4418260e7
2 changed files with 25 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
web/includes/actions.php
View File

@ -58,14 +58,18 @@ function getAffectedIds( $name )
return( $ids );
}
if ( ZM_OPT_USE_AUTH && ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST['auth']) )
{
if ( $authUser = getAuthUser( $_REQUEST['auth'] ) )
{
userLogin( $authUser['Username'], $authUser['Password'], true );
if ( ZM_OPT_USE_AUTH && ZM_AUTH_HASH_LOGINS ) {
if ( empty($user) && !empty($_REQUEST['auth']) ) {
if ( $authUser = getAuthUser( $_REQUEST['auth'] ) ) {
userLogin( $authUser['Username'], $authUser['Password'], true );
}
} else if ( ! empty($user) ) {
// generate it once here, while session is open. Value will be cached in session and return when called later on
generateAuthHash( ZM_AUTH_HASH_IPS );
}
}
if ( !empty($action) )
{
if ( $action == "login" && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == "remote" || isset($_REQUEST['password']) ) )

28
web/includes/functions.php
View File

@ -144,19 +144,23 @@ function generateAuthHash( $useRemoteAddr ) {
if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == "hashed" ) {
# regenerate a hash at half the liftetime of a hash, an hour is 3600 so half is 1800
if ( ( $_SESSION['AuthHashGeneratedAt'] < time() - ( ZM_AUTH_HASH_TTL * 1800 ) ) or ! isset($_SESSION['AuthHash']) ) {
# Don't both regenerating Auth Hash if an hour hasn't gone by yet
$time = localtime();
if ( $useRemoteAddr ) {
$authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$_SESSION['remoteAddr'].$time[2].$time[3].$time[4].$time[5];
if ( ! ( $_SESSION['username'] and $_SESSION['passwordHash'] ) ) {
Warning("Can't generate auth hash until we are logged in");
} else {
$authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$time[2].$time[3].$time[4].$time[5];
}
$auth = md5( $authKey );
if ( session_status() == PHP_SESSION_NONE ) {
Warning("Session is not active. AuthHash will not be cached.");
}
$_SESSION['AuthHash'] = $auth;
$_SESSION['AuthHashGeneratedAt'] = time();
# Don't both regenerating Auth Hash if an hour hasn't gone by yet
$time = localtime();
if ( $useRemoteAddr ) {
$authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$_SESSION['remoteAddr'].$time[2].$time[3].$time[4].$time[5];
} else {
$authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$time[2].$time[3].$time[4].$time[5];
}
$auth = md5( $authKey );
if ( session_status() == PHP_SESSION_NONE ) {
Warning("Session is not active. AuthHash will not be cached.");
}
$_SESSION['AuthHash'] = $auth;
$_SESSION['AuthHashGeneratedAt'] = time();
} # end if we are logged in yet or not
} # end if AuthHash is not cached
return $_SESSION['AuthHash'];
} else {