ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
22,223 Commits
32 Branches
93 Tags
164 MiB
Commit Graph

96 Commits (9b8dd156bef22764aa1ba4f602b9cc122795c23f)

Author SHA1 Message Date
Isaac Connor d5baadca84 Comment out debug 2023-04-02 16:10:24 -04:00
Isaac Connor 6c8a2ad05a add support for shortened user= pass= which is used in auth_relay=PLAIN 2023-03-22 08:06:02 -04:00
Isaac Connor 97879eab49 Fix missing s causing problems when Group permission set to None 2023-03-08 10:59:33 -05:00
Isaac Connor 2e58ea1a42 return false if not logged in in canView. defaultUser is global, need to tell it so. 2023-02-27 17:01:58 -05:00
Isaac Connor 9ceb22db8f Fix auth for monitor_permissions... 2023-02-25 16:00:34 -05:00
Isaac Connor bf810ec8c4 test for existence of username in session to prevent error outputs 2023-02-20 10:20:59 -05:00
Isaac Connor 1a8a84da96 Remove debug when relay not hashed 2023-02-15 15:02:22 -05:00
Isaac Connor 40e7f8a517 Handle SESSION[password] not being set which happens when you switch AUTH_RELAY to plain. 2023-02-14 17:10:58 -05:00
Isaac Connor 97e464b342 Comment out debugging 2022-11-15 14:17:30 -05:00
Isaac Connor 3c36233dd8 Put in all the new logic for visibleMonitor and editableMonitor referencing Monitor_Permissions and Group_Permissions 2022-11-02 13:25:53 -04:00
Isaac Connor 2ee142813e start to rough in an editable monitor function 2022-11-02 12:37:47 -04:00
Isaac Connor 5734e38f52 Add group permission checking to visibleMonitor 2022-11-02 12:36:42 -04:00
Isaac Connor d00536915e Move getting time into the scope where it is used 2022-11-02 10:07:01 -04:00
Isaac Connor 5c8343f737 remoteAddr is set when session is opened. So no need to do it in auth. session_clear closes the session so no need to close it first 2022-10-17 17:23:45 -04:00
Isaac Connor 2329dda323 Merge pull request #3609 from connortechnology/fix_non_post_auth 
Move relevant code out of includes/actions/auth.php into includs/auth…
 2022-10-14 14:09:09 -04:00
Isaac Connor 9fc0d26d32 If we don't have session, we can still generate an auth hash. We kinda need this for zmu calls from API 2022-09-28 18:35:59 -04:00
megasaturnv 8fb6477820
Case insensitive login - Fix spacing ZoneMinder/zoneminder#3516 2022-09-21 16:47:16 +01:00
Isaac Connor b4fc5abe95 Failure to auth by hash is common, the end result is a redirect to login page. Change the log level to INF 2022-09-13 17:59:53 -04:00
megasaturnv 6c4fb3e2cd
Moved case-insensitive username checks to SQL 2022-09-05 15:43:53 +01:00
megasaturnv d80026cab1
Fix typo 2022-09-05 15:29:23 +01:00
megasaturnv 6c0f40f570 Renamed ZM_AUTH_CASE_INSENSITIVE_USERNAMES to ZM_CASE_INSENSITIVE_USERNAMES as name was too long ZoneMinder/zoneminder#3516 2022-09-02 12:03:47 +01:00
megasaturnv 63e5b63eec Added option ZM_AUTH_CASE_INSENSITIVE_USERNAMES to match mixed case usernames to lower case usernames in database ZoneMinder/zoneminder#3516 2022-09-02 11:58:02 +01:00
Isaac Connor 0b4c35c58e Merge pull request #3241 from connortechnology/fix_3239 
Fix 3239
 2021-05-19 20:39:42 -04:00
Isaac Connor 7901950c48 spacing 2021-04-26 09:40:08 -04:00
Isaac Connor 37e0f010e3 Require session to be instantiated 2021-04-23 09:08:48 -04:00
Isaac Connor 6c4e423a8b Spacing 2021-03-30 18:20:31 -04:00
Isaac Connor 5482d3b3d5 Quiet error when calling logout when already logged out 2020-12-09 17:56:27 -05:00
Isaac Connor 63e36340c6 Remove extra } 2020-12-08 11:26:52 -05:00
Isaac Connor bfe5bb0249 Include code to handle when we are already logged in but trying to auth with a mismatched auth_hash 2020-12-08 11:19:22 -05:00
Isaac Connor b4aacde5bf Remove debug. Auth is pretty solid these days 2020-11-10 13:15:46 -05:00
Isaac Connor 1c5e161909 quotes 2020-10-21 10:37:06 -04:00
Isaac Connor 10c0a6617c Return Debug to a regular function to match other logging functions. Since we switched to using namespaces we no longer clash with cake_php. 2020-10-14 10:39:25 -04:00
Isaac Connor 98dce06d6b Introduce get_auth_relay to return an auth string to use in urls. 2020-08-25 12:38:31 -04:00
Isaac Connor 53f262a4cb Merge pull request #2870 from pliablepixels/dev 
#2866 - fixes incorrect token type comparison
 2020-03-04 11:31:16 -05:00
Isaac Connor bd59ae8856 Move the Basic Auth login code from skin.php to includes/auth.php 2020-03-02 15:00:31 -05:00
Isaac Connor 0de6396a5b Test for null in user before testing for access in CanEdit et all 2019-12-07 12:39:28 -05:00
Pliable Pixels 7b99c89541
its not necessary the token is a refresh. Can also be empty 2019-11-26 20:57:25 -05:00
Isaac Connor 92bc1791f5 fix accidentally removed code 2019-09-03 11:33:13 -04:00
Isaac Connor a384e978c8 don't load user from session if we have already gotten it from elsewhere 2019-09-03 11:19:42 -04:00
Isaac Connor b84d005d8f Load use from session when it exists 2019-09-03 10:54:34 -04:00
Isaac Connor c80ef0e0ab spacing 2019-08-28 12:20:03 -04:00
Isaac Connor 84492f29b1
Fix token auth sessions (#2676) 
* If token is present do token based auth and do not do anything with session

* update HostController.  Use config constants, don't use sessions

* Remove Session from the components list

* spacing

* Remove Session from App Components list.

* Move APIEnabled check to the api from auth.php

* Rework auth.  login using username and password only occurs on login action now.  Including auth.php should not touch the session.  auth_hash logins no longer touch the session.  replace userLogin with a function called validateUser which matches the semantics of validateToken.

* remove debugging

* Add session storage if stateful query param is on, but only for LEGACY_API_AUTH

* fix mUser to username, etc.

* shuffle lines

* use  instead of session when generating auth hash.

* Add docs regarding the use of cookies and stateful query param

* Only open/close session if we are clearing a session var

* Use zm_session_start instead of session_start

* Should use zm_session_start instead of session_start

* document that zm_session_start should be called previously to session_regenerate_id

* Don't actually write out the session when generating auth hashes.  Means they should never actually persist.

* More backticking of SQL

* add .. to fix #2686

* Use material icons for sort because they look nicer

* fix typo

* have to add authhash to session on login

* restore username&password login for all urls

* fix

* fixes
 2019-08-20 09:46:53 -04:00
Isaac Connor 3b58da860f fix 2019-08-19 12:08:41 -04:00
Isaac Connor b1132087b8 restore username&password login for all urls 2019-08-19 12:07:38 -04:00
Isaac Connor d39da61b66 Don't actually write out the session when generating auth hashes. Means they should never actually persist. 2019-08-16 15:27:24 -04:00
Isaac Connor 28155ebd90 Should use zm_session_start instead of session_start 2019-08-16 15:08:10 -04:00
Isaac Connor 3475a11e15 use instead of session when generating auth hash. 2019-08-16 14:13:13 -04:00
Isaac Connor 618e6816ef Rework auth. login using username and password only occurs on login action now. Including auth.php should not touch the session. auth_hash logins no longer touch the session. replace userLogin with a function called validateUser which matches the semantics of validateToken. 2019-08-15 14:59:15 -04:00
Isaac Connor 6a425b6988 If token is present do token based auth and do not do anything with session 2019-08-01 10:02:31 -04:00
Isaac Connor 7f19831e0c Use isset when testing for existence of authash in session 2019-07-29 14:54:55 -04:00