From a2d7ac86fec4250adab6d836d3c00e1940fe5a8d Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Fri, 21 Aug 2015 10:29:54 -0500 Subject: [PATCH 01/25] add rtsp_describe to RtspThread class --- src/zm_monitor.cpp | 12 ++++++++---- src/zm_remote_camera_rtsp.cpp | 7 ++++--- src/zm_remote_camera_rtsp.h | 12 +++++++----- src/zm_rtsp.cpp | 34 ++++++++++++++++++++-------------- src/zm_rtsp.h | 3 ++- 5 files changed, 41 insertions(+), 27 deletions(-) diff --git a/src/zm_monitor.cpp b/src/zm_monitor.cpp index d3d873f4c..778028f8b 100644 --- a/src/zm_monitor.cpp +++ b/src/zm_monitor.cpp @@ -2198,11 +2198,11 @@ int Monitor::LoadRemoteMonitors( const char *protocol, const char *host, const c static char sql[ZM_SQL_MED_BUFSIZ]; if ( !protocol ) { - strncpy( sql, "select Id, Name, Function+0, Enabled, LinkedMonitors, Protocol, Method, Host, Port, Path, Width, Height, Colours, Palette, Orientation+0, Deinterlacing, Brightness, Contrast, Hue, Colour, EventPrefix, LabelFormat, LabelX, LabelY, LabelSize, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, StreamReplayBuffer, AlarmFrameCount, SectionLength, FrameSkip, MotionFrameSkip, AnalysisFPS, AnalysisUpdateDelay, MaxFPS, AlarmMaxFPS, FPSReportInterval, RefBlendPerc, AlarmRefBlendPerc, TrackMotion, Exif from Monitors where Function != 'None' and Type = 'Remote'", sizeof(sql) ); + strncpy( sql, "select Id, Name, Function+0, Enabled, LinkedMonitors, Protocol, Method, Host, Port, Path, Width, Height, Colours, Palette, Orientation+0, Deinterlacing, RTSPDescribe, Brightness, Contrast, Hue, Colour, EventPrefix, LabelFormat, LabelX, LabelY, LabelSize, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, StreamReplayBuffer, AlarmFrameCount, SectionLength, FrameSkip, MotionFrameSkip, AnalysisFPS, AnalysisUpdateDelay, MaxFPS, AlarmMaxFPS, FPSReportInterval, RefBlendPerc, AlarmRefBlendPerc, TrackMotion, Exif from Monitors where Function != 'None' and Type = 'Remote'", sizeof(sql) ); } else { - snprintf( sql, sizeof(sql), "select Id, Name, Function+0, Enabled, LinkedMonitors, Protocol, Method, Host, Port, Path, Width, Height, Colours, Palette, Orientation+0, Deinterlacing, Brightness, Contrast, Hue, Colour, EventPrefix, LabelFormat, LabelX, LabelY, LabelSize, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, StreamReplayBuffer, AlarmFrameCount, SectionLength, FrameSkip, MotionFrameSkip, AnalysisFPS, AnalysisUpdateDelay, MaxFPS, AlarmMaxFPS, FPSReportInterval, RefBlendPerc, AlarmRefBlendPerc, TrackMotion, Exif from Monitors where Function != 'None' and Type = 'Remote' and Protocol = '%s' and Host = '%s' and Port = '%s' and Path = '%s'", protocol, host, port, path ); + snprintf( sql, sizeof(sql), "select Id, Name, Function+0, Enabled, LinkedMonitors, Protocol, Method, Host, Port, Path, Width, Height, Colours, Palette, Orientation+0, Deinterlacing, RTSPDescribe, Brightness, Contrast, Hue, Colour, EventPrefix, LabelFormat, LabelX, LabelY, LabelSize, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, StreamReplayBuffer, AlarmFrameCount, SectionLength, FrameSkip, MotionFrameSkip, AnalysisFPS, AnalysisUpdateDelay, MaxFPS, AlarmMaxFPS, FPSReportInterval, RefBlendPerc, AlarmRefBlendPerc, TrackMotion, Exif from Monitors where Function != 'None' and Type = 'Remote' and Protocol = '%s' and Host = '%s' and Port = '%s' and Path = '%s'", protocol, host, port, path ); } if ( mysql_query( &dbconn, sql ) ) { @@ -2241,7 +2241,8 @@ int Monitor::LoadRemoteMonitors( const char *protocol, const char *host, const c int colours = atoi(dbrow[col]); col++; /* int palette = atoi(dbrow[col]); */ col++; Orientation orientation = (Orientation)atoi(dbrow[col]); col++; - unsigned int deinterlacing = atoi(dbrow[col]); col++; + unsigned int deinterlacing = atoi(dbrow[col]); col++; + bool rtsp_describe = (*dbrow[col] != '0'); col++; int brightness = atoi(dbrow[col]); col++; int contrast = atoi(dbrow[col]); col++; int hue = atoi(dbrow[col]); col++; @@ -2306,6 +2307,7 @@ int Monitor::LoadRemoteMonitors( const char *protocol, const char *host, const c path, // Path cam_width, cam_height, + rtsp_describe, colours, brightness, contrast, @@ -2670,7 +2672,7 @@ int Monitor::LoadFfmpegMonitors( const char *file, Monitor **&monitors, Purpose Monitor *Monitor::Load( int id, bool load_zones, Purpose purpose ) { static char sql[ZM_SQL_MED_BUFSIZ]; - snprintf( sql, sizeof(sql), "select Id, Name, Type, Function+0, Enabled, LinkedMonitors, Device, Channel, Format, V4LMultiBuffer, V4LCapturesPerFrame, Protocol, Method, Host, Port, Path, Options, User, Pass, Width, Height, Colours, Palette, Orientation+0, Deinterlacing, Brightness, Contrast, Hue, Colour, EventPrefix, LabelFormat, LabelX, LabelY, LabelSize, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, StreamReplayBuffer, AlarmFrameCount, SectionLength, FrameSkip, MotionFrameSkip, AnalysisFPS, AnalysisUpdateDelay, MaxFPS, AlarmMaxFPS, FPSReportInterval, RefBlendPerc, AlarmRefBlendPerc, TrackMotion, SignalCheckColour, Exif from Monitors where Id = %d", id ); + snprintf( sql, sizeof(sql), "select Id, Name, Type, Function+0, Enabled, LinkedMonitors, Device, Channel, Format, V4LMultiBuffer, V4LCapturesPerFrame, Protocol, Method, Host, Port, Path, Options, User, Pass, Width, Height, Colours, Palette, Orientation+0, Deinterlacing, RTSPDescribe, Brightness, Contrast, Hue, Colour, EventPrefix, LabelFormat, LabelX, LabelY, LabelSize, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, StreamReplayBuffer, AlarmFrameCount, SectionLength, FrameSkip, MotionFrameSkip, AnalysisFPS, AnalysisUpdateDelay, MaxFPS, AlarmMaxFPS, FPSReportInterval, RefBlendPerc, AlarmRefBlendPerc, TrackMotion, SignalCheckColour, Exif from Monitors where Id = %d", id ); if ( mysql_query( &dbconn, sql ) ) { Error( "Can't run query: %s", mysql_error( &dbconn ) ); @@ -2737,6 +2739,7 @@ Debug( 1, "Got %d for v4l_captures_per_frame", v4l_captures_per_frame ); int palette = atoi(dbrow[col]); col++; Orientation orientation = (Orientation)atoi(dbrow[col]); col++; unsigned int deinterlacing = atoi(dbrow[col]); col++; + bool rtsp_describe = (*dbrow[col] != '0'); col++; int brightness = atoi(dbrow[col]); col++; int contrast = atoi(dbrow[col]); col++; int hue = atoi(dbrow[col]); col++; @@ -2838,6 +2841,7 @@ Debug( 1, "Got %d for v4l_captures_per_frame", v4l_captures_per_frame ); path.c_str(), cam_width, cam_height, + rtsp_describe, colours, brightness, contrast, diff --git a/src/zm_remote_camera_rtsp.cpp b/src/zm_remote_camera_rtsp.cpp index 9f7b39227..b7b976996 100644 --- a/src/zm_remote_camera_rtsp.cpp +++ b/src/zm_remote_camera_rtsp.cpp @@ -28,9 +28,10 @@ #include #include -RemoteCameraRtsp::RemoteCameraRtsp( int p_id, const std::string &p_method, const std::string &p_host, const std::string &p_port, const std::string &p_path, int p_width, int p_height, int p_colours, int p_brightness, int p_contrast, int p_hue, int p_colour, bool p_capture ) : +RemoteCameraRtsp::RemoteCameraRtsp( int p_id, const std::string &p_method, const std::string &p_host, const std::string &p_port, const std::string &p_path, int p_width, int p_height, bool p_rtsp_describe, int p_colours, int p_brightness, int p_contrast, int p_hue, int p_colour, bool p_capture ) : RemoteCamera( p_id, "rtsp", p_host, p_port, p_path, p_width, p_height, p_colours, p_brightness, p_contrast, p_hue, p_colour, p_capture ), - rtspThread( 0 ) + rtspThread( 0 ), + rtsp_describe( p_rtsp_describe ) { if ( p_method == "rtpUni" ) method = RtspThread::RTP_UNICAST; @@ -125,7 +126,7 @@ void RemoteCameraRtsp::Terminate() int RemoteCameraRtsp::Connect() { - rtspThread = new RtspThread( id, method, protocol, host, port, path, auth ); + rtspThread = new RtspThread( id, method, protocol, host, port, path, auth, rtsp_describe ); rtspThread->start(); diff --git a/src/zm_remote_camera_rtsp.h b/src/zm_remote_camera_rtsp.h index b5a1e3c89..71debf40b 100644 --- a/src/zm_remote_camera_rtsp.h +++ b/src/zm_remote_camera_rtsp.h @@ -40,10 +40,11 @@ protected: int rtsp_sd; int rtp_sd; int rtcp_sd; + bool rtsp_describe; Buffer buffer; - Buffer lastSps; - Buffer lastPps; + Buffer lastSps; + Buffer lastPps; RtspThread::RtspMethod method; @@ -66,18 +67,19 @@ protected: #endif public: - RemoteCameraRtsp( int p_id, const std::string &method, const std::string &host, const std::string &port, const std::string &path, int p_width, int p_height, int p_colours, int p_brightness, int p_contrast, int p_hue, int p_colour, bool p_capture ); + RemoteCameraRtsp( int p_id, const std::string &method, const std::string &host, const std::string &port, const std::string &path, int p_width, int p_height, bool p_rtsp_describe, int p_colours, int p_brightness, int p_contrast, int p_hue, int p_colour, bool p_capture ); ~RemoteCameraRtsp(); void Initialise(); void Terminate(); - int Connect(); - int Disconnect(); + int Connect(); + int Disconnect(); int PrimeCapture(); int PreCapture(); int Capture( Image &image ); int PostCapture(); + }; #endif // ZM_REMOTE_CAMERA_RTSP_H diff --git a/src/zm_rtsp.cpp b/src/zm_rtsp.cpp index 556174291..abf9660e2 100644 --- a/src/zm_rtsp.cpp +++ b/src/zm_rtsp.cpp @@ -167,13 +167,14 @@ void RtspThread::releasePorts( int port ) smAssignedPorts.erase( port ); } -RtspThread::RtspThread( int id, RtspMethod method, const std::string &protocol, const std::string &host, const std::string &port, const std::string &path, const std::string &auth) : +RtspThread::RtspThread( int id, RtspMethod method, const std::string &protocol, const std::string &host, const std::string &port, const std::string &path, const std::string &auth, bool rtsp_describe) : mId( id ), mMethod( method ), mProtocol( protocol ), mHost( host ), mPort( port ), mPath( path ), + mRtspDescribe( rtsp_describe ), mSessDesc( 0 ), mFormatContext( 0 ), mSeq( 0 ), @@ -382,20 +383,25 @@ int RtspThread::run() if( sdpStart == std::string::npos ) return( -1 ); - std::string DescHeader = response.substr( 0,sdpStart ); - Debug( 1, "Processing DESCRIBE response header '%s'", DescHeader.c_str() ); + Info("Value of RTSPDescribe: %d", mRtspDescribe ); - lines = split( DescHeader, "\r\n" ); - for ( size_t i = 0; i < lines.size(); i++ ) - { - // If the device sends us a url value for Content-Base in the response header, we should use that instead - if ( ( lines[i].size() > 13 ) && ( lines[i].substr( 0, 13 ) == "Content-Base:" ) ) - { - mUrl = trimSpaces( lines[i].substr( 13 ) ); - Info("Received new Content-Base in DESCRIBE response header. Updated device Url to: '%s'", mUrl.c_str() ); - break; - } - } + if ( mRtspDescribe ) + { + std::string DescHeader = response.substr( 0,sdpStart ); + Debug( 1, "Processing DESCRIBE response header '%s'", DescHeader.c_str() ); + + lines = split( DescHeader, "\r\n" ); + for ( size_t i = 0; i < lines.size(); i++ ) + { + // If the device sends us a url value for Content-Base in the response header, we should use that instead + if ( ( lines[i].size() > 13 ) && ( lines[i].substr( 0, 13 ) == "Content-Base:" ) ) + { + mUrl = trimSpaces( lines[i].substr( 13 ) ); + Info("Received new Content-Base in DESCRIBE response header. Updated device Url to: '%s'", mUrl.c_str() ); + break; + } + } + } sdpStart += endOfHeaders.length(); diff --git a/src/zm_rtsp.h b/src/zm_rtsp.h index 937646b6d..f5dcb9552 100644 --- a/src/zm_rtsp.h +++ b/src/zm_rtsp.h @@ -50,6 +50,7 @@ private: private: int mId; + bool mRtspDescribe; RtspMethod mMethod; std::string mProtocol; std::string mHost; @@ -95,7 +96,7 @@ private: void checkAuthResponse(std::string &response); public: - RtspThread( int id, RtspMethod method, const std::string &protocol, const std::string &host, const std::string &port, const std::string &path, const std::string &auth); + RtspThread( int id, RtspMethod method, const std::string &protocol, const std::string &host, const std::string &port, const std::string &path, const std::string &auth, bool rtsp_describe ); ~RtspThread(); public: From f5f7363d35d73a87e5c02417e4651e64ea1ec45f Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Fri, 21 Aug 2015 10:32:04 -0500 Subject: [PATCH 02/25] add RTSPDescribe column to Monitors table --- db/zm_create.sql.in | 1 + db/zm_update-1.28.105.sql | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 db/zm_update-1.28.105.sql diff --git a/db/zm_create.sql.in b/db/zm_create.sql.in index 6c376be7f..081f71181 100644 --- a/db/zm_create.sql.in +++ b/db/zm_create.sql.in @@ -341,6 +341,7 @@ CREATE TABLE `Monitors` ( `Palette` int(10) unsigned NOT NULL default '0', `Orientation` enum('0','90','180','270','hori','vert') NOT NULL default '0', `Deinterlacing` int(10) unsigned NOT NULL default '0', + `RTSPDescribe` tinyint(1) unsigned NOT NULL default '0', `Brightness` mediumint(7) NOT NULL default '-1', `Contrast` mediumint(7) NOT NULL default '-1', `Hue` mediumint(7) NOT NULL default '-1', diff --git a/db/zm_update-1.28.105.sql b/db/zm_update-1.28.105.sql new file mode 100644 index 000000000..0262658e5 --- /dev/null +++ b/db/zm_update-1.28.105.sql @@ -0,0 +1,21 @@ +-- +-- This updates a 1.28.104 database to 1.28.105 +-- + +-- +-- Add Monitor RTSPDescribe field +-- Used to enable or disable processing of the remote camera RTSP DESCRIBE response header +-- +SET @s = (SELECT IF( + (SELECT COUNT(*) + FROM INFORMATION_SCHEMA.COLUMNS + WHERE table_name = 'Monitors' + AND table_schema = DATABASE() + AND column_name = 'RTSPDescribe' + ) > 0, +"SELECT 'Column RTSPDescribe already exists in Monitors'", +"ALTER TABLE `Monitors` ADD `RTSPDescribe` tinyint(1) unsigned NOT NULL default '0' AFTER `Deinterlacing`" +)); + +PREPARE stmt FROM @s; +EXECUTE stmt; From 2fbf79674b19be5510e5d29da32c47864c3ab610 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Fri, 21 Aug 2015 10:32:50 -0500 Subject: [PATCH 03/25] Add RTSP Describe checkbox to web console --- web/includes/actions.php | 3 ++- web/lang/en_gb.php | 9 ++++++++- web/skins/classic/views/monitor.php | 15 +++++++++++++++ 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/web/includes/actions.php b/web/includes/actions.php index 5f5b56db8..ff677c200 100644 --- a/web/includes/actions.php +++ b/web/includes/actions.php @@ -422,7 +422,8 @@ if ( !empty($action) ) 'TrackMotion' => 'toggle', 'Enabled' => 'toggle', 'DoNativeMotDet' => 'toggle', - 'Exif' => 'toggle' + 'Exif' => 'toggle', + 'RTSPDescribe' => 'toggle', ); $columns = getTableColumns( 'Monitors' ); diff --git a/web/lang/en_gb.php b/web/lang/en_gb.php index bf0258caf..76a71e301 100644 --- a/web/lang/en_gb.php +++ b/web/lang/en_gb.php @@ -256,6 +256,7 @@ $SLANG = array( 'DefaultScale' => 'Default Scale', 'DefaultView' => 'Default View', 'Deinterlacing' => 'Deinterlacing', + 'RTSPDescribe' => 'Use RTSP Response Media URL', 'Delay' => 'Delay', 'DeleteAndNext' => 'Delete & Next', 'DeleteAndPrev' => 'Delete & Prev', @@ -903,7 +904,13 @@ $OLANG = array( 'OPTIONS_EXIF' => array( 'Help' => "Enable this option to embed EXIF data into each jpeg frame." ), - + 'OPTIONS_RTSPDESCRIBE' => array( + 'Help' => "Sometimes, during the intial RTSP handshake, the camera will send an updated media URL. ". + "Enable this option to tell ZoneMinder to use this URL. Disable this option to ignore the ". + "value from the camera and use the value as entered in the monitor configuration~~~~". + "Generally this should be enabled. However, there are cases where the camera can get its". + "own URL incorrect, such as when the camera is streaming through a firewall" + ), // 'LANG_DEFAULT' => array( // 'Prompt' => "This is a new prompt for this option", diff --git a/web/skins/classic/views/monitor.php b/web/skins/classic/views/monitor.php index 5920409ad..369319608 100644 --- a/web/skins/classic/views/monitor.php +++ b/web/skins/classic/views/monitor.php @@ -78,6 +78,7 @@ if ( ! empty($_REQUEST['mid']) ) { 'Height' => "240", 'Orientation' => "0", 'Deinterlacing' => 0, + 'RTSPDescribe' => 0, 'LabelFormat' => '%N - %d/%m/%y %H:%M:%S', 'LabelX' => 0, 'LabelY' => 0, @@ -563,6 +564,12 @@ if ( $tab != 'source' ) + + @@ -823,6 +830,14 @@ switch ( $tab ) + +  () checked="checked"/> + Date: Fri, 21 Aug 2015 10:33:42 -0500 Subject: [PATCH 04/25] bump version to 1.28.105 --- CMakeLists.txt | 2 +- configure.ac | 2 +- version | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 7b3b8f7fd..c7bf19162 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -4,7 +4,7 @@ # cmake_minimum_required (VERSION 2.6) project (zoneminder) -set(zoneminder_VERSION "1.28.104") +set(zoneminder_VERSION "1.28.105") # make API version a minor of ZM version set(zoneminder_API_VERSION "${zoneminder_VERSION}.1") diff --git a/configure.ac b/configure.ac index 32548d791..32ba09ae1 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ # For instructions on building with cmake, please see INSTALL # AC_PREREQ(2.59) -AC_INIT(zm,1.28.104,[http://www.zoneminder.com/forums/ - Please check FAQ first],zoneminder,http://www.zoneminder.com/downloads.html) +AC_INIT(zm,1.28.105,[http://www.zoneminder.com/forums/ - Please check FAQ first],zoneminder,http://www.zoneminder.com/downloads.html) AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR(src/zm.h) AC_CONFIG_HEADERS(config.h) diff --git a/version b/version index e6a0823f8..8424efb95 100644 --- a/version +++ b/version @@ -1 +1 @@ -1.28.104 +1.28.105 From 22dc049bf47072921b31ec335d3948f5a784cbe3 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Fri, 21 Aug 2015 10:34:23 -0500 Subject: [PATCH 05/25] remove Info statement used for testing --- src/zm_rtsp.cpp | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/zm_rtsp.cpp b/src/zm_rtsp.cpp index abf9660e2..0dbcb7329 100644 --- a/src/zm_rtsp.cpp +++ b/src/zm_rtsp.cpp @@ -383,8 +383,6 @@ int RtspThread::run() if( sdpStart == std::string::npos ) return( -1 ); - Info("Value of RTSPDescribe: %d", mRtspDescribe ); - if ( mRtspDescribe ) { std::string DescHeader = response.substr( 0,sdpStart ); From d014a34b9a649b97c4b7399ef27ad24bddca9da4 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Fri, 28 Aug 2015 15:55:16 -0400 Subject: [PATCH 06/25] added note about potential Perl and PHP time translation conflict with filters --- docs/userguide/filterevents.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/userguide/filterevents.rst b/docs/userguide/filterevents.rst index 10f7f92d1..4d7a50fd5 100644 --- a/docs/userguide/filterevents.rst +++ b/docs/userguide/filterevents.rst @@ -184,3 +184,4 @@ If your filter is not working, here are some useful tips: * Run ``sudo zmfilter.pl -f `` from command line and see the log output * Check how long your action is taking - zmfilter.pl will wait for the action to complete before it checks again * If you are using relative times like 'now' or '1 year ago' etc. remember that zmfilter converts that relative time to an absolute date only when it reloads filters, which is dictated by the FILTER_RELOAD_DELAY duration. So, for example, if you are wondering why your events are not being detected before intervals of 5 minutes and you have used such a relative condition, this is why +* In the event that you see your new filter is working great when you try it out from the Web Console (using the Submit or Execute button) but does not seem to work when its running in background mode, you might have just chanced upon a compatibility issue between how Perl and PHP translate free form text to dates/times. When you test it via the "Submit" or "Execute" button, you are invoking a PHP function for time conversion. When the filter runs in background mode, zmfilter.pl calls a perl equivalent function. In some cases, depending on the version of Perl and PHP you have, the results may vary. If you face this situation, the best thing to do is to run ``sudo zmfilter.pl -f `` from a terminal to make sure the filter actually works in Perl as well. From e822265512a05ffa9b74acd1c99d119f5c3b586f Mon Sep 17 00:00:00 2001 From: Robin Daermann Date: Sat, 29 Aug 2015 10:06:56 +0200 Subject: [PATCH 07/25] Add Documentation for Privacy zones --- docs/userguide/definezone.rst | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/userguide/definezone.rst b/docs/userguide/definezone.rst index 1a221b196..d3eaeb8c6 100644 --- a/docs/userguide/definezone.rst +++ b/docs/userguide/definezone.rst @@ -17,7 +17,7 @@ Name Each Zone can be named for reference purposes. It is used for logging and debugging. Choose a name that helps you identify your zones. Type - This is one of the more important concepts in ZoneMinder and there are five to choose from. + This is one of the more important concepts in ZoneMinder and there are six to choose from. * Active Triggers an alarm when motion is detected within it. This is the zone type you'll use most often, and which will be set for your default zone. Only Active and Exclusive zones can trigger an alarm. @@ -32,7 +32,10 @@ Type This zone type is relatively recent. It is called a Preclusive zone because if it is triggered it actually precludes an alarm being generated for that image frame. So motion or other changes that occur in a Preclusive zone will have the effect of ensuring that no alarm occurs at all. The application for this zone type is primarily as a shortcut for detecting general large-scale lighting or other changes. Generally this may be achieved by limiting the maximum number of alarm pixels or other measure in an Active zone. However in some cases that zone may cover an area where the area of variable illumination occurs in different places as the sun and/or shadows move and it thus may be difficult to come up with general values. Additionally, if the sun comes out rapidly then although the initial change may be ignored in this way as the reference image catches up an alarm may ultimately be triggered as the image becomes less different. Using one or more Preclusive zones offers a different approach. Preclusive zones are designed to be fairly small, even just a few pixels across, with quite low alarm thresholds. They should be situated in areas of the image that are less likely to have motion occur such as high on a wall or in a corner. Should a general illumination change occur they would be triggered at least as early as any Active zones and prevent any other zones from generating an alarm. Obviously careful placement is required to ensure that they do not cancel any genuine alarms or that they are not so close together that any motion just hops from one Preclusive zone to another. Preclusive zones may also be used to reduce processing time by situating one over an Active zone. The Preclusive zone is processed first; if it is small, and is triggered, the rest of the zone/image will not be processed. * Inactive - Suppresses the detection of motion within it. This can be layered on top of any other zone type, preventing motion within the Inactive zone from being effective for any other zone type. Use inactive zones to cover areas in which nothing notable will ever happen or where you get false alarms that don't relate to what you are trying to monitor. Inactive zones may be overlaid on other zones to blank out areas, and are processed first. As a general practice, you should try and make zones abut each other instead of overlapping to avoid repeated duplicate processing of the same area. + Suppresses the detection of motion within it. This can be layered on top of any other zone type, preventing motion within the Inactive zone from being effective for any other zone type. Use inactive zones to cover areas in which nothing notable will ever happen or where you get false alarms that don't relate to what you are trying to monitor. Inactive zones may be overlaid on other zones to blank out areas, and are processed first (with the exception of Privacy zones, see below). As a general practice, you should try and make zones abut each other instead of overlapping to avoid repeated duplicate processing of the same area. + + * Privacy + Blackens the pixels within it. This can be used if you want to hide some regions in the image if the situation does not allow an other solution. This zone type is different to all the others in that it gets processed as soon as possible during capture (even before the timestamp gets into the image) and not in the analyzing process. So if you add, change or delete a Privacy zone, you don't see the changes in the image until the capture process gets restarted. This will be done automatically, but needs a few seconds. Preset The preset chooser sets sensible default values based on computational needs (fast v. best) and sensitivity (low, medium, high.) It is not required that you select a preset, and you can alter any of the parameters after choosing a preset. For a small number of monitors with ZoneMinder running on modern equipment, Best, high sensitivity can be chosen as a good starting point. From 4fdd32b59638dceea568eae8bdefa92493cd72ab Mon Sep 17 00:00:00 2001 From: Andy Bauer Date: Sat, 29 Aug 2015 07:53:08 -0500 Subject: [PATCH 08/25] bump version to 1.28.106 --- CMakeLists.txt | 2 +- configure.ac | 2 +- db/{zm_update-1.28.105.sql => zm_update-1.28.106.sql} | 2 +- version | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) rename db/{zm_update-1.28.105.sql => zm_update-1.28.106.sql} (91%) diff --git a/CMakeLists.txt b/CMakeLists.txt index c7bf19162..e3e3779f0 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -4,7 +4,7 @@ # cmake_minimum_required (VERSION 2.6) project (zoneminder) -set(zoneminder_VERSION "1.28.105") +set(zoneminder_VERSION "1.28.106") # make API version a minor of ZM version set(zoneminder_API_VERSION "${zoneminder_VERSION}.1") diff --git a/configure.ac b/configure.ac index 32ba09ae1..6917403a4 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ # For instructions on building with cmake, please see INSTALL # AC_PREREQ(2.59) -AC_INIT(zm,1.28.105,[http://www.zoneminder.com/forums/ - Please check FAQ first],zoneminder,http://www.zoneminder.com/downloads.html) +AC_INIT(zm,1.28.106,[http://www.zoneminder.com/forums/ - Please check FAQ first],zoneminder,http://www.zoneminder.com/downloads.html) AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR(src/zm.h) AC_CONFIG_HEADERS(config.h) diff --git a/db/zm_update-1.28.105.sql b/db/zm_update-1.28.106.sql similarity index 91% rename from db/zm_update-1.28.105.sql rename to db/zm_update-1.28.106.sql index 0262658e5..894022d22 100644 --- a/db/zm_update-1.28.105.sql +++ b/db/zm_update-1.28.106.sql @@ -1,5 +1,5 @@ -- --- This updates a 1.28.104 database to 1.28.105 +-- This updates a 1.28.105 database to 1.28.106 -- -- diff --git a/version b/version index 8424efb95..71864bd8d 100644 --- a/version +++ b/version @@ -1 +1 @@ -1.28.105 +1.28.106 From 4a04d0411b28bdfe89a888abae1d478896aa31df Mon Sep 17 00:00:00 2001 From: Andy Bauer Date: Sat, 29 Aug 2015 08:00:02 -0500 Subject: [PATCH 09/25] bump version to 1.28.106 --- CMakeLists.txt | 4 ---- configure.ac | 4 ---- version | 4 ---- 3 files changed, 12 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 23cc145de..e3e3779f0 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -4,11 +4,7 @@ # cmake_minimum_required (VERSION 2.6) project (zoneminder) -<<<<<<< HEAD -set(zoneminder_VERSION "1.28.105") -======= set(zoneminder_VERSION "1.28.106") ->>>>>>> 4fdd32b59638dceea568eae8bdefa92493cd72ab # make API version a minor of ZM version set(zoneminder_API_VERSION "${zoneminder_VERSION}.1") diff --git a/configure.ac b/configure.ac index a5360775a..32ba09ae1 100644 --- a/configure.ac +++ b/configure.ac @@ -3,11 +3,7 @@ # For instructions on building with cmake, please see INSTALL # AC_PREREQ(2.59) -<<<<<<< HEAD AC_INIT(zm,1.28.105,[http://www.zoneminder.com/forums/ - Please check FAQ first],zoneminder,http://www.zoneminder.com/downloads.html) -======= -AC_INIT(zm,1.28.106,[http://www.zoneminder.com/forums/ - Please check FAQ first],zoneminder,http://www.zoneminder.com/downloads.html) ->>>>>>> 4fdd32b59638dceea568eae8bdefa92493cd72ab AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR(src/zm.h) AC_CONFIG_HEADERS(config.h) diff --git a/version b/version index 0bb901a8c..71864bd8d 100644 --- a/version +++ b/version @@ -1,5 +1 @@ -<<<<<<< HEAD -1.28.105 -======= 1.28.106 ->>>>>>> 4fdd32b59638dceea568eae8bdefa92493cd72ab From ef8830b373057dc6482ba12366760d925d6eaad0 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Sat, 29 Aug 2015 11:12:55 -0500 Subject: [PATCH 10/25] Update zoneminder.el6.spec rpm specfile - update location of perl packlist --- distros/redhat/zoneminder.el6.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/distros/redhat/zoneminder.el6.spec b/distros/redhat/zoneminder.el6.spec index 3a65a80db..1d6d5ead1 100644 --- a/distros/redhat/zoneminder.el6.spec +++ b/distros/redhat/zoneminder.el6.spec @@ -146,7 +146,7 @@ rm -rf %{_docdir}/%{name}-%{version} #%{_bindir}/zmonvif-probe.pl %{perl_vendorlib}/ZoneMinder* -%{perl_vendorlib}/%{_arch}-linux-thread-multi/auto/ZoneMinder* +%{perl_vendorarch}/auto/ZoneMinder/.packlist #%{perl_vendorlib}/ONVIF* #%{perl_vendorlib}/WSDiscovery* #%{perl_vendorlib}/WSSecurity* From 73fa051ef8988b4cbdbe76e2fe2aafcf23097182 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sat, 29 Aug 2015 13:29:52 -0400 Subject: [PATCH 11/25] Google recaptcha --- .../lib/ZoneMinder/ConfigData.pm.in | 54 ++++++++ web/includes/actions.php | 16 +++ web/includes/recaptcha/.gitignore | 3 + web/includes/recaptcha/.travis.yml | 18 +++ web/includes/recaptcha/CONTRIBUTING.md | 24 ++++ web/includes/recaptcha/LICENSE | 29 +++++ web/includes/recaptcha/README.md | 113 ++++++++++++++++ .../recaptcha/src/ReCaptcha/ReCaptcha.php | 97 ++++++++++++++ .../recaptcha/src/ReCaptcha/RequestMethod.php | 42 ++++++ .../src/ReCaptcha/RequestMethod/Curl.php | 47 +++++++ .../src/ReCaptcha/RequestMethod/Post.php | 70 ++++++++++ .../src/ReCaptcha/RequestMethod/Socket.php | 104 +++++++++++++++ .../ReCaptcha/RequestMethod/SocketPost.php | 121 ++++++++++++++++++ .../src/ReCaptcha/RequestParameters.php | 103 +++++++++++++++ .../recaptcha/src/ReCaptcha/Response.php | 102 +++++++++++++++ web/includes/recaptcha/src/autoload.php | 38 ++++++ web/skins/classic/views/login.php | 14 ++ 17 files changed, 995 insertions(+) create mode 100644 web/includes/recaptcha/.gitignore create mode 100644 web/includes/recaptcha/.travis.yml create mode 100644 web/includes/recaptcha/CONTRIBUTING.md create mode 100644 web/includes/recaptcha/LICENSE create mode 100644 web/includes/recaptcha/README.md create mode 100644 web/includes/recaptcha/src/ReCaptcha/ReCaptcha.php create mode 100644 web/includes/recaptcha/src/ReCaptcha/RequestMethod.php create mode 100644 web/includes/recaptcha/src/ReCaptcha/RequestMethod/Curl.php create mode 100644 web/includes/recaptcha/src/ReCaptcha/RequestMethod/Post.php create mode 100644 web/includes/recaptcha/src/ReCaptcha/RequestMethod/Socket.php create mode 100644 web/includes/recaptcha/src/ReCaptcha/RequestMethod/SocketPost.php create mode 100644 web/includes/recaptcha/src/ReCaptcha/RequestParameters.php create mode 100644 web/includes/recaptcha/src/ReCaptcha/Response.php create mode 100644 web/includes/recaptcha/src/autoload.php diff --git a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in index e55e856e4..7fff3d62e 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in +++ b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in @@ -357,6 +357,60 @@ our @options = type => $types{boolean}, category => "system", }, + # PP - Google reCaptcha settings + { + name => "ZM_OPT_USE_GOOG_RECAPTCHA", + default => "no", + description => "Add Google reCaptcha to login page", + help => qqq(" + This option allows you to include a google + reCaptcha validation at login. This means in addition to providing + a valid usernane and password, you will also have to + pass the reCaptcha test. Please note that enabling this + option results in the zoneminder login page reach out + to google servers for captcha validation. Also please note + that enabling this option will break 3rd party clients + like zmNinja and zmView as they also need to login to ZoneMinder + and they will fail the reCaptcha test. + "), + requires => [ + {name=>"ZM_OPT_USE_AUTH", value=>"yes"} + ], + type => $types {boolean}, + category => "system", + }, + + { + name => "ZM_OPT_GOOG_RECAPTCHA_SITEKEY", + default => "...Insert your recaptcha site-key here...", + description => "Your recaptcha site-key", + help => qqq("You need to generate your keys from + the Google reCaptcha website. + Please refer to https://www.google.com/recaptcha/ + for more details. + "), + requires => [ + {name=>"ZM_OPT_USE_GOOG_RECAPTCHA", value=>"yes"} + ], + type => $types {string}, + category => "system", + }, + { + name => "ZM_OPT_GOOG_RECAPTCHA_SECRETKEY", + default => "...Insert your recaptcha secret-key here...", + description => "Your recaptcha secret-key", + help => qqq("You need to generate your keys from + the Google reCaptcha website. + Please refer to https://www.google.com/recaptcha/ + for more details. + "), + requires => [ + {name=>"ZM_OPT_USE_GOOG_RECAPTCHA", value=>"yes"} + ], + type => $types {string}, + category => "system", + }, + { name => "ZM_DIR_EVENTS", default => "events", diff --git a/web/includes/actions.php b/web/includes/actions.php index 3ddf1bb40..d3a4c4121 100644 --- a/web/includes/actions.php +++ b/web/includes/actions.php @@ -42,6 +42,22 @@ if ( ZM_OPT_USE_AUTH && ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST[ if ( !empty($action) ) { + // PP - lets validate reCaptcha if it exists + if (ZM_OPT_USE_GOOG_RECAPTCHA) + { + require_once( 'recaptcha/src/autoload.php' ); + $secret = ZM_OPT_GOOG_RECAPTCHA_SECRETKEY; + $gRecaptchaResponse = $_REQUEST['g-recaptcha-response']; + $remoteIp = $_SERVER['REMOTE_ADDR']; + $recaptcha = new \ReCaptcha\ReCaptcha($secret); + $resp = $recaptcha->verify($gRecaptchaResponse, $remoteIp); + if (!$resp->isSuccess()) { + userLogout(); + $view='login'; + $refreshParent = true; + } + } + // General scope actions if ( $action == "login" && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == "remote" || isset($_REQUEST['password']) ) ) { diff --git a/web/includes/recaptcha/.gitignore b/web/includes/recaptcha/.gitignore new file mode 100644 index 000000000..436384ab7 --- /dev/null +++ b/web/includes/recaptcha/.gitignore @@ -0,0 +1,3 @@ +/composer.lock +/nbproject/private/ +/vendor/ diff --git a/web/includes/recaptcha/.travis.yml b/web/includes/recaptcha/.travis.yml new file mode 100644 index 000000000..fb25bad2d --- /dev/null +++ b/web/includes/recaptcha/.travis.yml @@ -0,0 +1,18 @@ +language: php + +sudo: false + +php: + - 5.3 + - 5.4 + - 5.5 + - 5.6 + - hhvm + +before_script: + - composer install + - phpenv version-name | grep ^5.[34] && echo "extension=apc.so" >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini ; true + - phpenv version-name | grep ^5.[34] && echo "apc.enable_cli=1" >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini ; true + +script: + - vendor/bin/phpunit diff --git a/web/includes/recaptcha/CONTRIBUTING.md b/web/includes/recaptcha/CONTRIBUTING.md new file mode 100644 index 000000000..1ba853922 --- /dev/null +++ b/web/includes/recaptcha/CONTRIBUTING.md @@ -0,0 +1,24 @@ +Want to contribute? Great! First, read this page (including the small print at the end). + +### Before you contribute +Before we can use your code, you must sign the +[Google Individual Contributor License Agreement](https://developers.google.com/open-source/cla/individual?csw=1) +(CLA), which you can do online. The CLA is necessary mainly because you own the +copyright to your changes, even after your contribution becomes part of our +codebase, so we need your permission to use and distribute your code. We also +need to be sure of various other things—for instance that you'll tell us if you +know that your code infringes on other people's patents. You don't have to sign +the CLA until after you've submitted your code for review and a member has +approved it, but you must do it before we can put your code into our codebase. +Before you start working on a larger contribution, you should get in touch with +us first through the issue tracker with your idea so that we can help out and +possibly guide you. Coordinating up front makes it much easier to avoid +frustration later on. + +### Code reviews +All submissions, including submissions by project members, require review. We +use Github pull requests for this purpose. + +### The small print +Contributions made by corporations are covered by a different agreement than +the one above, the Software Grant and Corporate Contributor License Agreement. diff --git a/web/includes/recaptcha/LICENSE b/web/includes/recaptcha/LICENSE new file mode 100644 index 000000000..f6412328f --- /dev/null +++ b/web/includes/recaptcha/LICENSE @@ -0,0 +1,29 @@ +Copyright 2014, Google Inc. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + diff --git a/web/includes/recaptcha/README.md b/web/includes/recaptcha/README.md new file mode 100644 index 000000000..c3364caab --- /dev/null +++ b/web/includes/recaptcha/README.md @@ -0,0 +1,113 @@ +# reCAPTCHA PHP client library + +[![Build Status](https://travis-ci.org/google/recaptcha.svg)](https://travis-ci.org/google/recaptcha) +[![Latest Stable Version](https://poser.pugx.org/google/recaptcha/v/stable.svg)](https://packagist.org/packages/google/recaptcha) +[![Total Downloads](https://poser.pugx.org/google/recaptcha/downloads.svg)](https://packagist.org/packages/google/recaptcha) + +* Project page: http://www.google.com/recaptcha/ +* Repository: https://github.com/google/recaptcha +* Version: 1.1.1 +* License: BSD, see [LICENSE](LICENSE) + +## Description + +reCAPTCHA is a free CAPTCHA service that protect websites from spam and abuse. +This is Google authored code that provides plugins for third-party integration +with reCAPTCHA. + +## Installation + +### Composer (Recommended) + +[Composer](https://getcomposer.org/) is a widely used dependency manager for PHP +packages. This reCAPTCHA client is available on Packagist as +[`google/recaptcha`](https://packagist.org/packages/google/recaptcha) and can be +installed either by running the `composer require` command or adding the library +to your `composer.json`. To enable Composer for you project, refer to the +project's [Getting Started](https://getcomposer.org/doc/00-intro.md) +documentation. + +To add this dependency using the command, run the following from within your +project directory: +``` +composer require google/recaptcha "~1.1" +``` + +Alternatively, add the dependency directly to your `composer.json` file: +```json +"require": { + "google/recaptcha": "~1.1" +} +``` + +### Direct download (no Composer) + +If you wish to install the library manually (i.e. without Composer), then you +can use the links on the main project page to either clone the repo or download +the [ZIP file](https://github.com/google/recaptcha/archive/master.zip). For +convenience, an autoloader script is provided in `src/autoload.php` which you +can require into your script instead of Composer's `vendor/autoload.php`. For +example: + +```php +require('/path/to/recaptcha/src/autoload.php'); +$recaptcha = new \ReCaptcha\ReCaptcha($secret); +``` + +The classes in the project are structured according to the +[PSR-4](http://www.php-fig.org/psr/psr-4/) standard, so you may of course also +use your own autoloader or require the needed files directly in your code. + +### Development install + +If you would like to contribute to this project or run the unit tests on within +your own environment you will need to install the development dependencies, in +this case that means [PHPUnit](https://phpunit.de/). If you clone the repo and +run `composer install` from within the repo, this will also grab PHPUnit and all +its dependencies for you. If you only need the autoloader installed, then you +can always specify to Composer not to run in development mode, e.g. `composer +install --no-dev`. + +*Note:* These dependencies are only required for development, there's no +requirement for them to be included in your production code. + +## Usage + +First, register keys for your site at https://www.google.com/recaptcha/admin + +When your app receives a form submission containing the `g-recaptcha-response` +field, you can verify it using: +```php +verify($gRecaptchaResponse, $remoteIp); +if ($resp->isSuccess()) { + // verified! +} else { + $errors = $resp->getErrorCodes(); +} +``` + +You can see an end-to-end working example in +[examples/example-captcha.php](examples/example-captcha.php) + +## Upgrading + +### From 1.0.0 + +The previous version of this client is still available on the `1.0.0` tag [in +this repo](https://github.com/google/recaptcha/tree/1.0.0) but it is purely for +reference and will not receive any updates. + +The major changes in 1.1.0 are: +* installation now via Composer; +* class loading also via Composer; +* classes now namespaced; +* old method call was `$rc->verifyResponse($remoteIp, $response)`, new call is + `$rc->verify($response, $remoteIp)` + +## Contributing + +We accept contributions via GitHub Pull Requests, but all contributors need to +be covered by the standard Google Contributor License Agreement. You can find +instructions for this in [CONTRIBUTING](CONTRIBUTING.md) diff --git a/web/includes/recaptcha/src/ReCaptcha/ReCaptcha.php b/web/includes/recaptcha/src/ReCaptcha/ReCaptcha.php new file mode 100644 index 000000000..523c4aae4 --- /dev/null +++ b/web/includes/recaptcha/src/ReCaptcha/ReCaptcha.php @@ -0,0 +1,97 @@ +secret = $secret; + + if (!is_null($requestMethod)) { + $this->requestMethod = $requestMethod; + } else { + $this->requestMethod = new RequestMethod\Post(); + } + } + + /** + * Calls the reCAPTCHA siteverify API to verify whether the user passes + * CAPTCHA test. + * + * @param string $response The value of 'g-recaptcha-response' in the submitted form. + * @param string $remoteIp The end user's IP address. + * @return Response Response from the service. + */ + public function verify($response, $remoteIp = null) + { + // Discard empty solution submissions + if (empty($response)) { + $recaptchaResponse = new Response(false, array('missing-input-response')); + return $recaptchaResponse; + } + + $params = new RequestParameters($this->secret, $response, $remoteIp, self::VERSION); + $rawResponse = $this->requestMethod->submit($params); + return Response::fromJson($rawResponse); + } +} diff --git a/web/includes/recaptcha/src/ReCaptcha/RequestMethod.php b/web/includes/recaptcha/src/ReCaptcha/RequestMethod.php new file mode 100644 index 000000000..fc4dde59c --- /dev/null +++ b/web/includes/recaptcha/src/ReCaptcha/RequestMethod.php @@ -0,0 +1,42 @@ + true, + CURLOPT_POSTFIELDS => $params->toQueryString(), + CURLOPT_HTTPHEADER => array( + 'Content-Type: application/x-www-form-urlencoded' + ), + CURLINFO_HEADER_OUT => false, + CURLOPT_HEADER => false, + CURLOPT_RETURNTRANSFER => true, + CURLOPT_SSL_VERIFYPEER => true + ); + curl_setopt_array($handle, $options); + + $response = curl_exec($handle); + curl_close($handle); + + return $response; + } +} diff --git a/web/includes/recaptcha/src/ReCaptcha/RequestMethod/Post.php b/web/includes/recaptcha/src/ReCaptcha/RequestMethod/Post.php new file mode 100644 index 000000000..7770d9081 --- /dev/null +++ b/web/includes/recaptcha/src/ReCaptcha/RequestMethod/Post.php @@ -0,0 +1,70 @@ + array( + 'header' => "Content-type: application/x-www-form-urlencoded\r\n", + 'method' => 'POST', + 'content' => $params->toQueryString(), + // Force the peer to validate (not needed in 5.6.0+, but still works + 'verify_peer' => true, + // Force the peer validation to use www.google.com + $peer_key => 'www.google.com', + ), + ); + $context = stream_context_create($options); + return file_get_contents(self::SITE_VERIFY_URL, false, $context); + } +} diff --git a/web/includes/recaptcha/src/ReCaptcha/RequestMethod/Socket.php b/web/includes/recaptcha/src/ReCaptcha/RequestMethod/Socket.php new file mode 100644 index 000000000..e74fc49d6 --- /dev/null +++ b/web/includes/recaptcha/src/ReCaptcha/RequestMethod/Socket.php @@ -0,0 +1,104 @@ +handle = fsockopen($hostname, $port, $errno, $errstr, (is_null($timeout) ? ini_get("default_socket_timeout") : $timeout)); + + if ($this->handle != false && $errno === 0 && $errstr === '') { + return $this->handle; + } else { + return false; + } + } + + /** + * fwrite + * + * @see http://php.net/fwrite + * @param string $string + * @param int $length + * @return int | bool + */ + public function fwrite($string, $length = null) + { + return fwrite($this->handle, $string, (is_null($length) ? strlen($string) : $length)); + } + + /** + * fgets + * + * @see http://php.net/fgets + * @param int $length + */ + public function fgets($length = null) + { + return fgets($this->handle, $length); + } + + /** + * feof + * + * @see http://php.net/feof + * @return bool + */ + public function feof() + { + return feof($this->handle); + } + + /** + * fclose + * + * @see http://php.net/fclose + * @return bool + */ + public function fclose() + { + return fclose($this->handle); + } +} diff --git a/web/includes/recaptcha/src/ReCaptcha/RequestMethod/SocketPost.php b/web/includes/recaptcha/src/ReCaptcha/RequestMethod/SocketPost.php new file mode 100644 index 000000000..47541215f --- /dev/null +++ b/web/includes/recaptcha/src/ReCaptcha/RequestMethod/SocketPost.php @@ -0,0 +1,121 @@ +socket = $socket; + } else { + $this->socket = new Socket(); + } + } + + /** + * Submit the POST request with the specified parameters. + * + * @param RequestParameters $params Request parameters + * @return string Body of the reCAPTCHA response + */ + public function submit(RequestParameters $params) + { + $errno = 0; + $errstr = ''; + + if (false === $this->socket->fsockopen('ssl://' . self::RECAPTCHA_HOST, 443, $errno, $errstr, 30)) { + return self::BAD_REQUEST; + } + + $content = $params->toQueryString(); + + $request = "POST " . self::SITE_VERIFY_PATH . " HTTP/1.1\r\n"; + $request .= "Host: " . self::RECAPTCHA_HOST . "\r\n"; + $request .= "Content-Type: application/x-www-form-urlencoded\r\n"; + $request .= "Content-length: " . strlen($content) . "\r\n"; + $request .= "Connection: close\r\n\r\n"; + $request .= $content . "\r\n\r\n"; + + $this->socket->fwrite($request); + $response = ''; + + while (!$this->socket->feof()) { + $response .= $this->socket->fgets(4096); + } + + $this->socket->fclose(); + + if (0 !== strpos($response, 'HTTP/1.1 200 OK')) { + return self::BAD_RESPONSE; + } + + $parts = preg_split("#\n\s*\n#Uis", $response); + + return $parts[1]; + } +} diff --git a/web/includes/recaptcha/src/ReCaptcha/RequestParameters.php b/web/includes/recaptcha/src/ReCaptcha/RequestParameters.php new file mode 100644 index 000000000..cb66f26cf --- /dev/null +++ b/web/includes/recaptcha/src/ReCaptcha/RequestParameters.php @@ -0,0 +1,103 @@ +secret = $secret; + $this->response = $response; + $this->remoteIp = $remoteIp; + $this->version = $version; + } + + /** + * Array representation. + * + * @return array Array formatted parameters. + */ + public function toArray() + { + $params = array('secret' => $this->secret, 'response' => $this->response); + + if (!is_null($this->remoteIp)) { + $params['remoteip'] = $this->remoteIp; + } + + if (!is_null($this->version)) { + $params['version'] = $this->version; + } + + return $params; + } + + /** + * Query string representation for HTTP request. + * + * @return string Query string formatted parameters. + */ + public function toQueryString() + { + return http_build_query($this->toArray(), '', '&'); + } +} diff --git a/web/includes/recaptcha/src/ReCaptcha/Response.php b/web/includes/recaptcha/src/ReCaptcha/Response.php new file mode 100644 index 000000000..d2d8a8bf7 --- /dev/null +++ b/web/includes/recaptcha/src/ReCaptcha/Response.php @@ -0,0 +1,102 @@ +success = $success; + $this->errorCodes = $errorCodes; + } + + /** + * Is success? + * + * @return boolean + */ + public function isSuccess() + { + return $this->success; + } + + /** + * Get error codes. + * + * @return array + */ + public function getErrorCodes() + { + return $this->errorCodes; + } +} diff --git a/web/includes/recaptcha/src/autoload.php b/web/includes/recaptcha/src/autoload.php new file mode 100644 index 000000000..a53cbd78b --- /dev/null +++ b/web/includes/recaptcha/src/autoload.php @@ -0,0 +1,38 @@ + + + "; + } +?>
From d9c3061b527732998555ad4ab88fdd495681a706 Mon Sep 17 00:00:00 2001 From: Andy Bauer Date: Sat, 29 Aug 2015 14:01:45 -0500 Subject: [PATCH 12/25] Add reference to mysql Create permission in rpm README's --- distros/fedora/README.Fedora | 6 +++--- distros/redhat/README.CentOS | 6 +++--- distros/redhat/README.Centos7 | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/distros/fedora/README.Fedora b/distros/fedora/README.Fedora index 159e5345b..a75efc185 100644 --- a/distros/fedora/README.Fedora +++ b/distros/fedora/README.Fedora @@ -25,8 +25,8 @@ New installs introduce an obvious security issue. The following should set this up: mysql -u root -p - grant select,insert,update,delete,lock tables,alter on zm.* to - 'zmuser'@localhost identified by 'zmpass'; + grant select,insert,update,delete,lock tables,alter,create + on zm.* to 'zmuser'@localhost identified by 'zmpass'; Obviously, change at least zmpass to an actual, secure password or passphrase. You can change zmuser as well if you like. @@ -95,7 +95,7 @@ Upgrades 2. Add additional permissions to the zmuser account: mysql -u root -p - grant lock tables,alter on zm.* to + grant lock tables,alter,create on zm.* to 'zmuser'@localhost identified by 'zmpass'; Since this is an upgrade, the assumption is that the zmuser account already diff --git a/distros/redhat/README.CentOS b/distros/redhat/README.CentOS index cc5e247f3..640d11ad1 100644 --- a/distros/redhat/README.CentOS +++ b/distros/redhat/README.CentOS @@ -15,8 +15,8 @@ mysql -uroot -p mysql> create database zm; - mysql> grant select,insert,update,delete,lock tables,alter on zm.* to - 'zmuser'@localhost identified by 'zmpass'; + mysql> grant select,insert,update,delete,lock tables,alter,create + on zm.* to 'zmuser'@localhost identified by 'zmpass'; mysql> exit; mysql -uroot -p < /usr/share/zoneminder/db/zm_create.sql mysqladmin -uroot -p reload @@ -69,7 +69,7 @@ 1. Add additional permissions to the zmuser account: mysql -u root -p - grant lock tables,alter on zm.* to + grant lock tables,alter,create on zm.* to 'zmuser'@localhost identified by 'zmpass'; Since this is an upgrade, the assumption is that the zmuser account exists diff --git a/distros/redhat/README.Centos7 b/distros/redhat/README.Centos7 index ce7d9af51..54f355397 100644 --- a/distros/redhat/README.Centos7 +++ b/distros/redhat/README.Centos7 @@ -36,8 +36,8 @@ New installs mysql -u root -p < /usr/share/zoneminder/db/zm_create.sql mysql -u root -p - mysql> grant select,insert,update,delete,lock tables,alter on zm.* to - 'zmuser'@localhost identified by 'zmpass'; + mysql> grant select,insert,update,delete,lock tables,alter, create + on zm.* to 'zmuser'@localhost identified by 'zmpass'; mysql> exit; mysqladmin -u root -p reload @@ -101,8 +101,8 @@ Upgrades Overtime, the database account permissions required for normal operation have changed. Verify the zmuser database account has been granted select, - insert, update, delete, lock tables, and alter permission to the ZoneMinder - database: + insert, update, delete, lock tables, alter, and create permission to the + ZoneMinder database: mysql -u root -p mysql> show grants for zmuser@localhost; From f7fea2fe48381471d07062d4e098ccf975673122 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sat, 29 Aug 2015 15:13:15 -0400 Subject: [PATCH 13/25] Removed dependency on recaptcha client library --- web/includes/actions.php | 47 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/web/includes/actions.php b/web/includes/actions.php index d3a4c4121..b0d3f1a76 100644 --- a/web/includes/actions.php +++ b/web/includes/actions.php @@ -18,6 +18,31 @@ // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. // + +// PP - POST request handler for PHP which does not need extensions +// credit: http://wezfurlong.org/blog/2006/nov/http-post-from-php-without-curl/ + +function do_post_request($url, $data, $optional_headers = null) +{ + $params = array('http' => array( + 'method' => 'POST', + 'content' => $data + )); + if ($optional_headers !== null) { + $params['http']['header'] = $optional_headers; + } + $ctx = stream_context_create($params); + $fp = @fopen($url, 'rb', false, $ctx); + if (!$fp) { + throw new Exception("Problem with $url, $php_errormsg"); + } + $response = @stream_get_contents($fp); + if ($response === false) { + throw new Exception("Problem reading data from $url, $php_errormsg"); + } + return $response; +} + function getAffectedIds( $name ) { $names = $name."s"; @@ -45,6 +70,26 @@ if ( !empty($action) ) // PP - lets validate reCaptcha if it exists if (ZM_OPT_USE_GOOG_RECAPTCHA) { + $url = 'https://www.google.com/recaptcha/api/siteverify'; + $fields = array ( + 'secret'=> ZM_OPT_GOOG_RECAPTCHA_SECRETKEY, + 'response' => $_REQUEST['g-recaptcha-response'], + 'remoteip'=> $_SERVER['REMOTE_ADDR'] + + ); + $result = json_decode(do_post_request($url, http_build_query($fields))); + if ($result->success != 'true') + { + userLogout(); + $view='login'; + $refreshParent = true; + + } + + /* + //PP - this is using google's recaptcha library + // keeping this code here incase anyone reports a problem + // with the above approach require_once( 'recaptcha/src/autoload.php' ); $secret = ZM_OPT_GOOG_RECAPTCHA_SECRETKEY; $gRecaptchaResponse = $_REQUEST['g-recaptcha-response']; @@ -55,7 +100,7 @@ if ( !empty($action) ) userLogout(); $view='login'; $refreshParent = true; - } + }*/ } // General scope actions From feeb890be2ddd2cb369b8e59fed6f8bf87cd7b57 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sat, 29 Aug 2015 15:14:20 -0400 Subject: [PATCH 14/25] removed recaptcha client dependency --- web/includes/recaptcha/.gitignore | 3 - web/includes/recaptcha/.travis.yml | 18 --- web/includes/recaptcha/CONTRIBUTING.md | 24 ---- web/includes/recaptcha/LICENSE | 29 ----- web/includes/recaptcha/README.md | 113 ---------------- .../recaptcha/src/ReCaptcha/ReCaptcha.php | 97 -------------- .../recaptcha/src/ReCaptcha/RequestMethod.php | 42 ------ .../src/ReCaptcha/RequestMethod/Curl.php | 47 ------- .../src/ReCaptcha/RequestMethod/Post.php | 70 ---------- .../src/ReCaptcha/RequestMethod/Socket.php | 104 --------------- .../ReCaptcha/RequestMethod/SocketPost.php | 121 ------------------ .../src/ReCaptcha/RequestParameters.php | 103 --------------- .../recaptcha/src/ReCaptcha/Response.php | 102 --------------- web/includes/recaptcha/src/autoload.php | 38 ------ 14 files changed, 911 deletions(-) delete mode 100644 web/includes/recaptcha/.gitignore delete mode 100644 web/includes/recaptcha/.travis.yml delete mode 100644 web/includes/recaptcha/CONTRIBUTING.md delete mode 100644 web/includes/recaptcha/LICENSE delete mode 100644 web/includes/recaptcha/README.md delete mode 100644 web/includes/recaptcha/src/ReCaptcha/ReCaptcha.php delete mode 100644 web/includes/recaptcha/src/ReCaptcha/RequestMethod.php delete mode 100644 web/includes/recaptcha/src/ReCaptcha/RequestMethod/Curl.php delete mode 100644 web/includes/recaptcha/src/ReCaptcha/RequestMethod/Post.php delete mode 100644 web/includes/recaptcha/src/ReCaptcha/RequestMethod/Socket.php delete mode 100644 web/includes/recaptcha/src/ReCaptcha/RequestMethod/SocketPost.php delete mode 100644 web/includes/recaptcha/src/ReCaptcha/RequestParameters.php delete mode 100644 web/includes/recaptcha/src/ReCaptcha/Response.php delete mode 100644 web/includes/recaptcha/src/autoload.php diff --git a/web/includes/recaptcha/.gitignore b/web/includes/recaptcha/.gitignore deleted file mode 100644 index 436384ab7..000000000 --- a/web/includes/recaptcha/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -/composer.lock -/nbproject/private/ -/vendor/ diff --git a/web/includes/recaptcha/.travis.yml b/web/includes/recaptcha/.travis.yml deleted file mode 100644 index fb25bad2d..000000000 --- a/web/includes/recaptcha/.travis.yml +++ /dev/null @@ -1,18 +0,0 @@ -language: php - -sudo: false - -php: - - 5.3 - - 5.4 - - 5.5 - - 5.6 - - hhvm - -before_script: - - composer install - - phpenv version-name | grep ^5.[34] && echo "extension=apc.so" >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini ; true - - phpenv version-name | grep ^5.[34] && echo "apc.enable_cli=1" >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini ; true - -script: - - vendor/bin/phpunit diff --git a/web/includes/recaptcha/CONTRIBUTING.md b/web/includes/recaptcha/CONTRIBUTING.md deleted file mode 100644 index 1ba853922..000000000 --- a/web/includes/recaptcha/CONTRIBUTING.md +++ /dev/null @@ -1,24 +0,0 @@ -Want to contribute? Great! First, read this page (including the small print at the end). - -### Before you contribute -Before we can use your code, you must sign the -[Google Individual Contributor License Agreement](https://developers.google.com/open-source/cla/individual?csw=1) -(CLA), which you can do online. The CLA is necessary mainly because you own the -copyright to your changes, even after your contribution becomes part of our -codebase, so we need your permission to use and distribute your code. We also -need to be sure of various other things—for instance that you'll tell us if you -know that your code infringes on other people's patents. You don't have to sign -the CLA until after you've submitted your code for review and a member has -approved it, but you must do it before we can put your code into our codebase. -Before you start working on a larger contribution, you should get in touch with -us first through the issue tracker with your idea so that we can help out and -possibly guide you. Coordinating up front makes it much easier to avoid -frustration later on. - -### Code reviews -All submissions, including submissions by project members, require review. We -use Github pull requests for this purpose. - -### The small print -Contributions made by corporations are covered by a different agreement than -the one above, the Software Grant and Corporate Contributor License Agreement. diff --git a/web/includes/recaptcha/LICENSE b/web/includes/recaptcha/LICENSE deleted file mode 100644 index f6412328f..000000000 --- a/web/includes/recaptcha/LICENSE +++ /dev/null @@ -1,29 +0,0 @@ -Copyright 2014, Google Inc. -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - diff --git a/web/includes/recaptcha/README.md b/web/includes/recaptcha/README.md deleted file mode 100644 index c3364caab..000000000 --- a/web/includes/recaptcha/README.md +++ /dev/null @@ -1,113 +0,0 @@ -# reCAPTCHA PHP client library - -[![Build Status](https://travis-ci.org/google/recaptcha.svg)](https://travis-ci.org/google/recaptcha) -[![Latest Stable Version](https://poser.pugx.org/google/recaptcha/v/stable.svg)](https://packagist.org/packages/google/recaptcha) -[![Total Downloads](https://poser.pugx.org/google/recaptcha/downloads.svg)](https://packagist.org/packages/google/recaptcha) - -* Project page: http://www.google.com/recaptcha/ -* Repository: https://github.com/google/recaptcha -* Version: 1.1.1 -* License: BSD, see [LICENSE](LICENSE) - -## Description - -reCAPTCHA is a free CAPTCHA service that protect websites from spam and abuse. -This is Google authored code that provides plugins for third-party integration -with reCAPTCHA. - -## Installation - -### Composer (Recommended) - -[Composer](https://getcomposer.org/) is a widely used dependency manager for PHP -packages. This reCAPTCHA client is available on Packagist as -[`google/recaptcha`](https://packagist.org/packages/google/recaptcha) and can be -installed either by running the `composer require` command or adding the library -to your `composer.json`. To enable Composer for you project, refer to the -project's [Getting Started](https://getcomposer.org/doc/00-intro.md) -documentation. - -To add this dependency using the command, run the following from within your -project directory: -``` -composer require google/recaptcha "~1.1" -``` - -Alternatively, add the dependency directly to your `composer.json` file: -```json -"require": { - "google/recaptcha": "~1.1" -} -``` - -### Direct download (no Composer) - -If you wish to install the library manually (i.e. without Composer), then you -can use the links on the main project page to either clone the repo or download -the [ZIP file](https://github.com/google/recaptcha/archive/master.zip). For -convenience, an autoloader script is provided in `src/autoload.php` which you -can require into your script instead of Composer's `vendor/autoload.php`. For -example: - -```php -require('/path/to/recaptcha/src/autoload.php'); -$recaptcha = new \ReCaptcha\ReCaptcha($secret); -``` - -The classes in the project are structured according to the -[PSR-4](http://www.php-fig.org/psr/psr-4/) standard, so you may of course also -use your own autoloader or require the needed files directly in your code. - -### Development install - -If you would like to contribute to this project or run the unit tests on within -your own environment you will need to install the development dependencies, in -this case that means [PHPUnit](https://phpunit.de/). If you clone the repo and -run `composer install` from within the repo, this will also grab PHPUnit and all -its dependencies for you. If you only need the autoloader installed, then you -can always specify to Composer not to run in development mode, e.g. `composer -install --no-dev`. - -*Note:* These dependencies are only required for development, there's no -requirement for them to be included in your production code. - -## Usage - -First, register keys for your site at https://www.google.com/recaptcha/admin - -When your app receives a form submission containing the `g-recaptcha-response` -field, you can verify it using: -```php -verify($gRecaptchaResponse, $remoteIp); -if ($resp->isSuccess()) { - // verified! -} else { - $errors = $resp->getErrorCodes(); -} -``` - -You can see an end-to-end working example in -[examples/example-captcha.php](examples/example-captcha.php) - -## Upgrading - -### From 1.0.0 - -The previous version of this client is still available on the `1.0.0` tag [in -this repo](https://github.com/google/recaptcha/tree/1.0.0) but it is purely for -reference and will not receive any updates. - -The major changes in 1.1.0 are: -* installation now via Composer; -* class loading also via Composer; -* classes now namespaced; -* old method call was `$rc->verifyResponse($remoteIp, $response)`, new call is - `$rc->verify($response, $remoteIp)` - -## Contributing - -We accept contributions via GitHub Pull Requests, but all contributors need to -be covered by the standard Google Contributor License Agreement. You can find -instructions for this in [CONTRIBUTING](CONTRIBUTING.md) diff --git a/web/includes/recaptcha/src/ReCaptcha/ReCaptcha.php b/web/includes/recaptcha/src/ReCaptcha/ReCaptcha.php deleted file mode 100644 index 523c4aae4..000000000 --- a/web/includes/recaptcha/src/ReCaptcha/ReCaptcha.php +++ /dev/null @@ -1,97 +0,0 @@ -secret = $secret; - - if (!is_null($requestMethod)) { - $this->requestMethod = $requestMethod; - } else { - $this->requestMethod = new RequestMethod\Post(); - } - } - - /** - * Calls the reCAPTCHA siteverify API to verify whether the user passes - * CAPTCHA test. - * - * @param string $response The value of 'g-recaptcha-response' in the submitted form. - * @param string $remoteIp The end user's IP address. - * @return Response Response from the service. - */ - public function verify($response, $remoteIp = null) - { - // Discard empty solution submissions - if (empty($response)) { - $recaptchaResponse = new Response(false, array('missing-input-response')); - return $recaptchaResponse; - } - - $params = new RequestParameters($this->secret, $response, $remoteIp, self::VERSION); - $rawResponse = $this->requestMethod->submit($params); - return Response::fromJson($rawResponse); - } -} diff --git a/web/includes/recaptcha/src/ReCaptcha/RequestMethod.php b/web/includes/recaptcha/src/ReCaptcha/RequestMethod.php deleted file mode 100644 index fc4dde59c..000000000 --- a/web/includes/recaptcha/src/ReCaptcha/RequestMethod.php +++ /dev/null @@ -1,42 +0,0 @@ - true, - CURLOPT_POSTFIELDS => $params->toQueryString(), - CURLOPT_HTTPHEADER => array( - 'Content-Type: application/x-www-form-urlencoded' - ), - CURLINFO_HEADER_OUT => false, - CURLOPT_HEADER => false, - CURLOPT_RETURNTRANSFER => true, - CURLOPT_SSL_VERIFYPEER => true - ); - curl_setopt_array($handle, $options); - - $response = curl_exec($handle); - curl_close($handle); - - return $response; - } -} diff --git a/web/includes/recaptcha/src/ReCaptcha/RequestMethod/Post.php b/web/includes/recaptcha/src/ReCaptcha/RequestMethod/Post.php deleted file mode 100644 index 7770d9081..000000000 --- a/web/includes/recaptcha/src/ReCaptcha/RequestMethod/Post.php +++ /dev/null @@ -1,70 +0,0 @@ - array( - 'header' => "Content-type: application/x-www-form-urlencoded\r\n", - 'method' => 'POST', - 'content' => $params->toQueryString(), - // Force the peer to validate (not needed in 5.6.0+, but still works - 'verify_peer' => true, - // Force the peer validation to use www.google.com - $peer_key => 'www.google.com', - ), - ); - $context = stream_context_create($options); - return file_get_contents(self::SITE_VERIFY_URL, false, $context); - } -} diff --git a/web/includes/recaptcha/src/ReCaptcha/RequestMethod/Socket.php b/web/includes/recaptcha/src/ReCaptcha/RequestMethod/Socket.php deleted file mode 100644 index e74fc49d6..000000000 --- a/web/includes/recaptcha/src/ReCaptcha/RequestMethod/Socket.php +++ /dev/null @@ -1,104 +0,0 @@ -handle = fsockopen($hostname, $port, $errno, $errstr, (is_null($timeout) ? ini_get("default_socket_timeout") : $timeout)); - - if ($this->handle != false && $errno === 0 && $errstr === '') { - return $this->handle; - } else { - return false; - } - } - - /** - * fwrite - * - * @see http://php.net/fwrite - * @param string $string - * @param int $length - * @return int | bool - */ - public function fwrite($string, $length = null) - { - return fwrite($this->handle, $string, (is_null($length) ? strlen($string) : $length)); - } - - /** - * fgets - * - * @see http://php.net/fgets - * @param int $length - */ - public function fgets($length = null) - { - return fgets($this->handle, $length); - } - - /** - * feof - * - * @see http://php.net/feof - * @return bool - */ - public function feof() - { - return feof($this->handle); - } - - /** - * fclose - * - * @see http://php.net/fclose - * @return bool - */ - public function fclose() - { - return fclose($this->handle); - } -} diff --git a/web/includes/recaptcha/src/ReCaptcha/RequestMethod/SocketPost.php b/web/includes/recaptcha/src/ReCaptcha/RequestMethod/SocketPost.php deleted file mode 100644 index 47541215f..000000000 --- a/web/includes/recaptcha/src/ReCaptcha/RequestMethod/SocketPost.php +++ /dev/null @@ -1,121 +0,0 @@ -socket = $socket; - } else { - $this->socket = new Socket(); - } - } - - /** - * Submit the POST request with the specified parameters. - * - * @param RequestParameters $params Request parameters - * @return string Body of the reCAPTCHA response - */ - public function submit(RequestParameters $params) - { - $errno = 0; - $errstr = ''; - - if (false === $this->socket->fsockopen('ssl://' . self::RECAPTCHA_HOST, 443, $errno, $errstr, 30)) { - return self::BAD_REQUEST; - } - - $content = $params->toQueryString(); - - $request = "POST " . self::SITE_VERIFY_PATH . " HTTP/1.1\r\n"; - $request .= "Host: " . self::RECAPTCHA_HOST . "\r\n"; - $request .= "Content-Type: application/x-www-form-urlencoded\r\n"; - $request .= "Content-length: " . strlen($content) . "\r\n"; - $request .= "Connection: close\r\n\r\n"; - $request .= $content . "\r\n\r\n"; - - $this->socket->fwrite($request); - $response = ''; - - while (!$this->socket->feof()) { - $response .= $this->socket->fgets(4096); - } - - $this->socket->fclose(); - - if (0 !== strpos($response, 'HTTP/1.1 200 OK')) { - return self::BAD_RESPONSE; - } - - $parts = preg_split("#\n\s*\n#Uis", $response); - - return $parts[1]; - } -} diff --git a/web/includes/recaptcha/src/ReCaptcha/RequestParameters.php b/web/includes/recaptcha/src/ReCaptcha/RequestParameters.php deleted file mode 100644 index cb66f26cf..000000000 --- a/web/includes/recaptcha/src/ReCaptcha/RequestParameters.php +++ /dev/null @@ -1,103 +0,0 @@ -secret = $secret; - $this->response = $response; - $this->remoteIp = $remoteIp; - $this->version = $version; - } - - /** - * Array representation. - * - * @return array Array formatted parameters. - */ - public function toArray() - { - $params = array('secret' => $this->secret, 'response' => $this->response); - - if (!is_null($this->remoteIp)) { - $params['remoteip'] = $this->remoteIp; - } - - if (!is_null($this->version)) { - $params['version'] = $this->version; - } - - return $params; - } - - /** - * Query string representation for HTTP request. - * - * @return string Query string formatted parameters. - */ - public function toQueryString() - { - return http_build_query($this->toArray(), '', '&'); - } -} diff --git a/web/includes/recaptcha/src/ReCaptcha/Response.php b/web/includes/recaptcha/src/ReCaptcha/Response.php deleted file mode 100644 index d2d8a8bf7..000000000 --- a/web/includes/recaptcha/src/ReCaptcha/Response.php +++ /dev/null @@ -1,102 +0,0 @@ -success = $success; - $this->errorCodes = $errorCodes; - } - - /** - * Is success? - * - * @return boolean - */ - public function isSuccess() - { - return $this->success; - } - - /** - * Get error codes. - * - * @return array - */ - public function getErrorCodes() - { - return $this->errorCodes; - } -} diff --git a/web/includes/recaptcha/src/autoload.php b/web/includes/recaptcha/src/autoload.php deleted file mode 100644 index a53cbd78b..000000000 --- a/web/includes/recaptcha/src/autoload.php +++ /dev/null @@ -1,38 +0,0 @@ - Date: Sat, 29 Aug 2015 16:52:16 -0500 Subject: [PATCH 15/25] rpm spec file - create cakephp tmp folder symlink --- distros/fedora/CMakeLists.txt | 1 + distros/redhat/CMakeLists.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/distros/fedora/CMakeLists.txt b/distros/fedora/CMakeLists.txt index deec840f7..632f17d8f 100644 --- a/distros/fedora/CMakeLists.txt +++ b/distros/fedora/CMakeLists.txt @@ -25,6 +25,7 @@ install(DIRECTORY events images temp DESTINATION /var/lib/zoneminder DIRECTORY_P install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/events \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/events\")") install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/images \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/images\")") install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/temp\")") +install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/apt/app/tmp\")") # Fedora requires cambozola as a separate package so just link to it install(CODE "execute_process(COMMAND ln -sf ../../java/cambozola.jar \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/cambozola.jar\")") diff --git a/distros/redhat/CMakeLists.txt b/distros/redhat/CMakeLists.txt index fe69c6371..df3b44640 100644 --- a/distros/redhat/CMakeLists.txt +++ b/distros/redhat/CMakeLists.txt @@ -51,6 +51,7 @@ install(DIRECTORY events images temp DESTINATION /var/lib/zoneminder DIRECTORY_P install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/events \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/events\")") install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/images \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/images\")") install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/temp\")") +install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/apt/app/tmp\")") # Install auxillary files required to run zoneminder on CentOS install(FILES redalert.wav DESTINATION ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/sounds PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) From 4ddeddeb322c682cf330d6fec8b06b3b2c7f0fb6 Mon Sep 17 00:00:00 2001 From: Andy Bauer Date: Sat, 29 Aug 2015 17:28:06 -0500 Subject: [PATCH 16/25] rpm specfile - correct typo --- distros/fedora/CMakeLists.txt | 2 +- distros/redhat/CMakeLists.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/distros/fedora/CMakeLists.txt b/distros/fedora/CMakeLists.txt index 632f17d8f..61c1105cd 100644 --- a/distros/fedora/CMakeLists.txt +++ b/distros/fedora/CMakeLists.txt @@ -25,7 +25,7 @@ install(DIRECTORY events images temp DESTINATION /var/lib/zoneminder DIRECTORY_P install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/events \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/events\")") install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/images \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/images\")") install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/temp\")") -install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/apt/app/tmp\")") +install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/api/app/tmp\")") # Fedora requires cambozola as a separate package so just link to it install(CODE "execute_process(COMMAND ln -sf ../../java/cambozola.jar \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/cambozola.jar\")") diff --git a/distros/redhat/CMakeLists.txt b/distros/redhat/CMakeLists.txt index df3b44640..f14482792 100644 --- a/distros/redhat/CMakeLists.txt +++ b/distros/redhat/CMakeLists.txt @@ -51,7 +51,7 @@ install(DIRECTORY events images temp DESTINATION /var/lib/zoneminder DIRECTORY_P install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/events \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/events\")") install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/images \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/images\")") install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/temp\")") -install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/apt/app/tmp\")") +install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/api/app/tmp\")") # Install auxillary files required to run zoneminder on CentOS install(FILES redalert.wav DESTINATION ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/sounds PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) From 9320efdd454b24de70c481d7270a0455e99fc0f3 Mon Sep 17 00:00:00 2001 From: Andy Bauer Date: Sat, 29 Aug 2015 18:04:26 -0500 Subject: [PATCH 17/25] rpm specfile - modify symlinks --- distros/fedora/CMakeLists.txt | 2 +- distros/redhat/CMakeLists.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/distros/fedora/CMakeLists.txt b/distros/fedora/CMakeLists.txt index 61c1105cd..c4275d45a 100644 --- a/distros/fedora/CMakeLists.txt +++ b/distros/fedora/CMakeLists.txt @@ -25,7 +25,7 @@ install(DIRECTORY events images temp DESTINATION /var/lib/zoneminder DIRECTORY_P install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/events \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/events\")") install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/images \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/images\")") install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/temp\")") -install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/api/app/tmp\")") +install(CODE "execute_process(COMMAND ln -sf ../../../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/api/app/tmp\")") # Fedora requires cambozola as a separate package so just link to it install(CODE "execute_process(COMMAND ln -sf ../../java/cambozola.jar \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/cambozola.jar\")") diff --git a/distros/redhat/CMakeLists.txt b/distros/redhat/CMakeLists.txt index f14482792..10d43b2d9 100644 --- a/distros/redhat/CMakeLists.txt +++ b/distros/redhat/CMakeLists.txt @@ -51,7 +51,7 @@ install(DIRECTORY events images temp DESTINATION /var/lib/zoneminder DIRECTORY_P install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/events \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/events\")") install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/images \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/images\")") install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/temp\")") -install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/api/app/tmp\")") +install(CODE "execute_process(COMMAND ln -sf ../../../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/api/app/tmp\")") # Install auxillary files required to run zoneminder on CentOS install(FILES redalert.wav DESTINATION ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/sounds PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) From 22a7a1d53ddc37f4258cf0994475a1c3697c694d Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Mon, 31 Aug 2015 20:39:28 -0400 Subject: [PATCH 18/25] Handled situation where user enables captcha but forgets to supply keys --- web/includes/actions.php | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/web/includes/actions.php b/web/includes/actions.php index b0d3f1a76..ef0b21135 100644 --- a/web/includes/actions.php +++ b/web/includes/actions.php @@ -68,7 +68,7 @@ if ( ZM_OPT_USE_AUTH && ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST[ if ( !empty($action) ) { // PP - lets validate reCaptcha if it exists - if (ZM_OPT_USE_GOOG_RECAPTCHA) + if (ZM_OPT_USE_GOOG_RECAPTCHA && ZM_OPT_GOOG_RECAPTCHA_SECRETKEY && ZM_OPT_GOOG_RECAPTCHA_SITEKEY) { $url = 'https://www.google.com/recaptcha/api/siteverify'; $fields = array ( @@ -77,30 +77,16 @@ if ( !empty($action) ) 'remoteip'=> $_SERVER['REMOTE_ADDR'] ); - $result = json_decode(do_post_request($url, http_build_query($fields))); + $res= do_post_request($url, http_build_query($fields)); + $result = json_decode($res); if ($result->success != 'true') - { + { userLogout(); $view='login'; $refreshParent = true; } - /* - //PP - this is using google's recaptcha library - // keeping this code here incase anyone reports a problem - // with the above approach - require_once( 'recaptcha/src/autoload.php' ); - $secret = ZM_OPT_GOOG_RECAPTCHA_SECRETKEY; - $gRecaptchaResponse = $_REQUEST['g-recaptcha-response']; - $remoteIp = $_SERVER['REMOTE_ADDR']; - $recaptcha = new \ReCaptcha\ReCaptcha($secret); - $resp = $recaptcha->verify($gRecaptchaResponse, $remoteIp); - if (!$resp->isSuccess()) { - userLogout(); - $view='login'; - $refreshParent = true; - }*/ } // General scope actions From 2481c7a22ed7a23a4563d2d7781b64654060be5d Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Mon, 31 Aug 2015 20:39:43 -0400 Subject: [PATCH 19/25] Handled situation where user enables captcha but forgets to supply keys --- web/skins/classic/views/login.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/skins/classic/views/login.php b/web/skins/classic/views/login.php index 9e9c58b89..b91293965 100644 --- a/web/skins/classic/views/login.php +++ b/web/skins/classic/views/login.php @@ -52,7 +52,7 @@ xhtmlHeaders(__FILE__, translate('Login') );
"; } From dc9a5b13fe93dfd80bcfeb7e267e6dfa431da036 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Mon, 7 Sep 2015 15:50:42 -0500 Subject: [PATCH 20/25] redhat rpm packaging modifications --- distros/redhat/README.Centos7 | 71 ++++++++++++++------------- distros/redhat/README.https | 25 ++++++++++ distros/redhat/zoneminder.el7.conf.in | 23 ++++----- distros/redhat/zoneminder.el7.spec | 28 +++++++---- 4 files changed, 93 insertions(+), 54 deletions(-) create mode 100644 distros/redhat/README.https diff --git a/distros/redhat/README.Centos7 b/distros/redhat/README.Centos7 index 54f355397..89fe9736c 100644 --- a/distros/redhat/README.Centos7 +++ b/distros/redhat/README.Centos7 @@ -1,23 +1,19 @@ - What's New ========== -1. The Apache ScriptAlias has been changed from "/cgi-bin/zm/zms" to - "/cgi-bin-zm/zms". This has been to done to avoid this bug: - https://bugzilla.redhat.com/show_bug.cgi?id=973067 +1. The ZoneMinder mysql account now requires "Create" permission. This change + must be done manually before ZoneMinder will run. See the installation steps + below. - IMPORTANT: ZoneMinder will not update this value during an upgrade. You must - manually update ZM_PATH_ZMS yourself under Options. This does not affect - new installs. +2. A new permission group called "Groups" has been added. This allows the + system administrator to assign "view", "edit", or "none" permission to + normal users, without giving them access to the rest of the ZoneMinder + system. During an upgrade, existing accounts will default to a Groups + permission of "none". -2. During an rpm package upgrade, zmupdate.pl will now auto-update the database - and the zonemidner service will restart automatically. - -3. The ZoneMinder config file, zm.conf, has been moved under /etc/zm. - -4. Systemd. CentOS 7 uses Systemd instead of the legacy Sys V Init. Under the - hood, Systemd does things quite a bit differently. Prepare to go through a - learning curve if you have not done so already. +3. This package now requires the HTTPS protocol to access the web portal. + Requests using HTTP will auto-redirect to HTTPS. See README.https for + more information. New installs ============ @@ -36,7 +32,7 @@ New installs mysql -u root -p < /usr/share/zoneminder/db/zm_create.sql mysql -u root -p - mysql> grant select,insert,update,delete,lock tables,alter, create + mysql> grant select,insert,update,delete,lock tables,alter,create on zm.* to 'zmuser'@localhost identified by 'zmpass'; mysql> exit; mysqladmin -u root -p reload @@ -50,21 +46,22 @@ New installs step. 4. Edit /etc/php.ini, uncomment the date.timezone line, and add your local - timezone. For whatever reason, PHP will complain loudly if this is not set, - or if it is set incorrectly, and these complaints will show up in the - zoneminder logging system as errors. + timezone. PHP will complain loudly if this is not set, or if it is set + incorrectly, and these complaints will show up in the zoneminder logging + system as errors. If you are not sure of the proper timezone specification to use, look at http://php.net/date.timezone -5. This package will automatically configure and install an SELinux policy - called local_zoneminder. A copy of this policy is in the documentation - folder. +5. Disable SELinux + + We currently do not have the resources to create and maintain an accurate + SELinux policy for ZoneMinder on CentOS 7. We will gladly accept pull + reqeusts from anyone who wishes to do the work. In the meantime, SELinux + will need to be disabled or put into permissive mode. - Maintaining an accurate SELinux policy file that does not create issues has - been a struggle. If SELinux blocks nortmal ZoneMinder acitivity, or you - feel you just don't need it, SELinux can be disabled for the current running - session with the following command: + To immediately disbale SELinux for the current seesion, issue the following + from the command line: sudo setenforce 0 @@ -99,7 +96,7 @@ Upgrades 2. Verify permissions of the zmuser account. - Overtime, the database account permissions required for normal operation + Over time, the database account permissions required for normal operation have changed. Verify the zmuser database account has been granted select, insert, update, delete, lock tables, alter, and create permission to the ZoneMinder database: @@ -108,20 +105,26 @@ Upgrades mysql> show grants for zmuser@localhost; mysql> exit; -3. Verify the database was upgraded automatically. + See step 2 of the Installation section to add missing permissions. - From the web console, ZoneMinder should show a status of "Running", and the - version number should have incremented. +3. Verify the ZoneMinder Apache configuration file in the folder + /etc/httpd/conf.d. You will have a file called "zoneminder.conf" and there + may also be a file called "zoneminder.conf.rpmnew". If the rpmnew file + exists, inspect it and merge anything new in that file with zoneminder.conf. - If it is not running, then try to start it. The web console will indicate - if there is a database version conflict. If this is the case, then you may - need to manually update the database from the command line: +4. Upgrade the database before starting ZoneMinder. + + Most upgrades can be performed by executing the following command: sudo zmupdate.pl - Modern versions of ZoneMinder don't require any parameters added to the + Recent versions of ZoneMinder don't require any parameters added to the zmupdate command. However, if ZoneMinder complains, you may need to call zmupdate in the following manner: sudo zmupdate.pl --user=root --pass= --version= +5. Now start zoneminder: + + sudo systemctl start zoneminder + diff --git a/distros/redhat/README.https b/distros/redhat/README.https new file mode 100644 index 000000000..23affeb96 --- /dev/null +++ b/distros/redhat/README.https @@ -0,0 +1,25 @@ +HTTPS is now a requirement +========================== + +This package now depends on Apache's mod_ssl pacakge. This will automatically +be installed along with ZoneMinder. Upon installation, the mod_ssl package +will create a default, self-signed certificate. This is the certificate that +ZoneMinder will use out of the box. + +Since the certificate is self-signed, you will get a warning from your browser +the first time you access the web portal. This is normal. + +This is not intended to be an all encompasing solution for everyone. ZoneMinder +will work just fine over HTTPS the way it is currently configured. However, +here are a couple of considerations you may want to take. + +1. Create your own certificate. The CentOS wiki has a guide that describes how + to do this: https://wiki.centos.org/HowTos/Https . Additionally, Googling + "centos certificate" reveals many articles on the subject. Note that some + third party applications, such as zmNinja, will require you to create a + certificate different than the default certificate on your machine. + +2. You can turn off HTTPS entirely by simply commenting out the SSLRequireSSL + directives found in /etc/httpd/conf.d/zoneminder.conf. You should also + comment out the HTTP -> HTTPS Rewrite rule. + diff --git a/distros/redhat/zoneminder.el7.conf.in b/distros/redhat/zoneminder.el7.conf.in index 28bada18e..564e4ccbd 100644 --- a/distros/redhat/zoneminder.el7.conf.in +++ b/distros/redhat/zoneminder.el7.conf.in @@ -1,16 +1,17 @@ -# When using Zoneminder's own authentication, recorded CCTV images are -# accessible from the web directly without passing the authentication. This -# means any attacker could see your CCTV images without a password. In order -# to avoid this you can disable Zoneminder's authentication and configure -# standard Apache authentication (see the Apache documentation for details on -# this). # -# If you still wish to use Zoneminder's own authentication, or have an -# internal site which needs no authentication, you need to delete the line -# marked below and restart Apache. +# ZoneMinder Apache configuration file +# With SSLRequire and HTTPS auto redirect +# Modify this configuration to suit your requirements +# + +# Auto Redirect HTTP requests to HTTPS +RewriteEngine On +RewriteCond %{HTTPS} !=on +RewriteRule ^/?(zm)(.*) https://%{SERVER_NAME}/$1$2 [R,L] Alias /zm "@ZM_WEBDIR@" + SSLRequireSSL Options -Indexes +MultiViews +FollowSymLinks AllowOverride All @@ -22,12 +23,11 @@ Alias /zm "@ZM_WEBDIR@" Order deny,allow Allow from all - # ZoneMinder no longer uses short tags so this is safe to leave disabled - # php_value short_open_tag 1 ScriptAlias /cgi-bin-zm "@ZM_CGIDIR@" + SSLRequireSSL AllowOverride All Options +ExecCGI +FollowSymLinks @@ -40,3 +40,4 @@ ScriptAlias /cgi-bin-zm "@ZM_CGIDIR@" Allow from all + diff --git a/distros/redhat/zoneminder.el7.spec b/distros/redhat/zoneminder.el7.spec index 1d53cbdd5..9793a8934 100644 --- a/distros/redhat/zoneminder.el7.spec +++ b/distros/redhat/zoneminder.el7.spec @@ -32,8 +32,8 @@ BuildRequires: ffmpeg ffmpeg-devel perl(X10::ActiveHome) perl(Astro::SunTime) # cmake needs the following installed at build time due to the way it auto-detects certain parameters BuildRequires: httpd polkit-devel -Requires: httpd php php-gd php-mysql mariadb-server polkit net-tools psmisc -Requires: libjpeg-turbo vlc-core libcurl +Requires: httpd php php-gd php-mysql mariadb-server polkit net-tools mod_ssl +Requires: psmisc libjpeg-turbo vlc-core libcurl Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) Requires: perl(DBD::mysql) perl(Archive::Tar) perl(Archive::Zip) Requires: perl(MIME::Entity) perl(MIME::Lite) perl(Net::SMTP) perl(Net::FTP) @@ -87,20 +87,27 @@ fi /usr/bin/gpasswd -a %{zmuid_final} video /usr/bin/gpasswd -a %{zmuid_final} dialout +# Disabled. SELinux policy does not work for RHEL 7. # Create and load zoneminder selinux policy module -echo -e "\nCreating and installing a ZoneMinder SELinux policy module. Please wait.\n" -/usr/bin/checkmodule -M -m -o %{_docdir}/%{name}-%{version}/local_zoneminder.mod %{_docdir}/%{name}-%{version}/local_zoneminder.te > /dev/null -/usr/bin/semodule_package -o %{_docdir}/%{name}-%{version}/local_zoneminder.pp -m %{_docdir}/%{name}-%{version}/local_zoneminder.mod > /dev/null -/usr/sbin/semodule -i %{_docdir}/%{name}-%{version}/local_zoneminder.pp > /dev/null +#echo -e "\nCreating and installing a ZoneMinder SELinux policy module. Please wait.\n" +#/usr/bin/checkmodule -M -m -o %{_docdir}/%{name}-%{version}/local_zoneminder.mod %{_docdir}/%{name}-%{version}/local_zoneminder.te > /dev/null +#/usr/bin/semodule_package -o %{_docdir}/%{name}-%{version}/local_zoneminder.pp -m %{_docdir}/%{name}-%{version}/local_zoneminder.mod > /dev/null +#/usr/sbin/semodule -i %{_docdir}/%{name}-%{version}/local_zoneminder.pp > /dev/null # Upgrade from a previous version of zoneminder if [ $1 -eq 2 ] ; then + # Freshen the database + /usr/bin/zmupdate.pl -f + + # We can't run this automatically when new sql account permissions need to + # be manually added first # Run zmupdate non-interactively - /usr/bin/zmupdate.pl --nointeractive + #/usr/bin/zmupdate.pl --nointeractive fi -# Display the README for post installation instructions -/usr/bin/less %{_docdir}/%{name}-%{version}/README.Centos7 +# Warn the end user to read the README file +echo -e "/nVERY IMPORTANT: Before starting ZoneMinder, read README.Centos7 to finish the\ninstallation or upgrade!\n" +echo -e "/nThe README file is located here: %{_docdir}/%{name}-%{version}." %preun if [ $1 -eq 0 ] ; then @@ -184,6 +191,9 @@ fi %changelog +* Mon Sep 7 2015 Andrew Bauer - 1.28.1 +- Require https, disable selinux module, freshen dB on updates. + * Sun Feb 8 2015 Andrew Bauer - 1.28.1 - Initial release for CentOS 7. From 41cfadbcb16d7f74cf7e0b62dd4eda042c65f8f4 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Mon, 7 Sep 2015 16:14:58 -0500 Subject: [PATCH 21/25] Update zoneminder.el7.spec typo --- distros/redhat/zoneminder.el7.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/distros/redhat/zoneminder.el7.spec b/distros/redhat/zoneminder.el7.spec index 9793a8934..d4ab8c3af 100644 --- a/distros/redhat/zoneminder.el7.spec +++ b/distros/redhat/zoneminder.el7.spec @@ -106,8 +106,8 @@ if [ $1 -eq 2 ] ; then fi # Warn the end user to read the README file -echo -e "/nVERY IMPORTANT: Before starting ZoneMinder, read README.Centos7 to finish the\ninstallation or upgrade!\n" -echo -e "/nThe README file is located here: %{_docdir}/%{name}-%{version}." +echo -e "\nVERY IMPORTANT: Before starting ZoneMinder, read README.Centos7 to finish the\ninstallation or upgrade!\n" +echo -e "\nThe README file is located here: %{_docdir}/%{name}-%{version}.\n" %preun if [ $1 -eq 0 ] ; then From 427c71f5e87d9263b31d32f621c173e1d2bbdaea Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Mon, 7 Sep 2015 16:54:13 -0500 Subject: [PATCH 22/25] Update README.Centos7 --- distros/redhat/README.Centos7 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/distros/redhat/README.Centos7 b/distros/redhat/README.Centos7 index 89fe9736c..70e98b006 100644 --- a/distros/redhat/README.Centos7 +++ b/distros/redhat/README.Centos7 @@ -14,6 +14,8 @@ What's New 3. This package now requires the HTTPS protocol to access the web portal. Requests using HTTP will auto-redirect to HTTPS. See README.https for more information. + +4. This package ships with the new ZoneMinder API enabled. New installs ============ From ebb6e7158ac497813e1f09de2d45adcbfb2b5522 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Tue, 8 Sep 2015 18:16:19 -0500 Subject: [PATCH 23/25] rpm packaging changes for centos 6 --- distros/redhat/README.CentOS | 101 +++++++++++++++++++------- distros/redhat/zoneminder.el6.conf.in | 22 +++--- distros/redhat/zoneminder.el6.spec | 23 +++++- 3 files changed, 103 insertions(+), 43 deletions(-) diff --git a/distros/redhat/README.CentOS b/distros/redhat/README.CentOS index 640d11ad1..05e2cb0ab 100644 --- a/distros/redhat/README.CentOS +++ b/distros/redhat/README.CentOS @@ -1,6 +1,22 @@ -================================================================================ - NEW INSTALLS -================================================================================ +What's New +========== + +1. The ZoneMinder mysql account now requires "Create" permission. This change + must be done manually before ZoneMinder will run. See the installation steps + below. + +2. A new permission group called "Groups" has been added. This allows the + system administrator to assign "view", "edit", or "none" permission to + normal users, without giving them access to the rest of the ZoneMinder + system. During an upgrade, existing accounts will default to a Groups + permission of "none". + +3. This package now requires the HTTPS protocol to access the web portal. + Requests using HTTP will auto-redirect to HTTPS. See README.https for + more information. + +New installs +============ 1. Unless you are already using MySQL server, you need to ensure that the server is confired to start during boot and properly secured @@ -11,7 +27,8 @@ sudo chkconfig mysqld on 2. Using the password for the root account set during the previous step, you - will need to create the ZoneMinder database: + will need to create the ZoneMinder database and configure a database + account for ZoneMinder to use: mysql -uroot -p mysql> create database zm; @@ -21,20 +38,26 @@ mysql -uroot -p < /usr/share/zoneminder/db/zm_create.sql mysqladmin -uroot -p reload + The database account credentials, zmuser/zmpass, are arbitrary. Set them to + anything that suits your envinroment. + 3. If you have chosen to change the zoneminder mysql credentials to something other than zmuser/zmpass then you must now edit /etc/zm.conf. Change ZM_DB_USER and ZM_DB_PASS to the values you created in step 2. -4. IMPORTANT: Edit /etc/php.ini and put in the appropriate timezone for - date.timezone! +4. Edit /etc/php.ini, uncomment the date.timezone line, and add your local + timezone. PHP will complain loudly if this is not set, or if it is set + incorrectly, and these complaints will show up in the zoneminder logging + system as errors -5. The ZoneMinder web interface is disabled by default, you will need - to edit this file to enable it: + If you are not sure of the proper timezone specification to use, look at + http://php.net/date.timezone + +5. Verify the default ZoneMinder Apache configuration meets your needs: /etc/httpd/conf.d/zoneminder.conf - HINT: Most users will want to simply delete the line that says - "Deny from all". + When in doubt, leave this configuration as it is. 6. Configure the web server to start automatically: @@ -45,8 +68,8 @@ called local_zoneminder. A copy of this policy is in the documentation folder. - Unfortunately, this has not resolved all the SELinux issues so - most will want to disable SELinux permanently by editing the following: + It is still possible to run into SELinux issues, however. If this is case, + you can disable SELinux permanently by editing the following: /etc/selinux/conf @@ -66,27 +89,49 @@ UPGRADES ================================================================================ -1. Add additional permissions to the zmuser account: +1. Verify /etc/zm.conf. + + If zm.conf was manually edited before running the upgrade, the installation + may not overwrite it. In this case, it will create the file + /etc/zm.conf.rpmnew. + + For example, this will happen if you are using database account credentials + other than zmuser/zmpass. + + Compare /etc/zm.conf to /etc/zm.conf.rpmnew. Verify that zm.conf + contains any new config settings that may be in zm.conf.rpmnew. + +2. Verify permissions of the zmuser account. + + Over time, the database account permissions required for normal operation + have changed. Verify the zmuser database account has been granted select, + insert, update, delete, lock tables, alter, and create permission to the + ZoneMinder database: mysql -u root -p - grant lock tables,alter,create on zm.* to - 'zmuser'@localhost identified by 'zmpass'; + mysql> show grants for zmuser@localhost; + mysql> exit; - Since this is an upgrade, the assumption is that the zmuser account exists - and already has select, insert, update, and delete permission. + See step 2 of the Installation section to add missing permissions. + +3. Verify the ZoneMinder Apache configuration file in the folder + /etc/httpd/conf.d. You will have a file called "zoneminder.conf" and there + may also be a file called "zoneminder.conf.rpmnew". If the rpmnew file + exists, inspect it and merge anything new in that file with zoneminder.conf. + +4. Upgrade the database before starting ZoneMinder. + + Most upgrades can be performed by executing the following command: -2. If you have previsouly changed the zoneminder mysql credentials to something - other than zmuser/zmpass then you must now edit /etc/zm.conf. Change - ZM_DB_USER and ZM_DB_PASS to their appropriate values. - -3. You will need to upgrade the ZoneMinder database as described in the manual. - Only if step 1 was succesfully applied, may you run zmupdate like so: - - sudo zmupdate.pl --version= - - - If unsure then run it this way: + sudo zmupdate.pl + + Recent versions of ZoneMinder don't require any parameters added to the + zmupdate command. However, if ZoneMinder complains, you may need to call + zmupdate in the following manner: sudo zmupdate.pl --user=root --pass= --version= +5. Now start zoneminder: + + sudo service zoneminder start diff --git a/distros/redhat/zoneminder.el6.conf.in b/distros/redhat/zoneminder.el6.conf.in index 61e0530f8..e0808e08b 100644 --- a/distros/redhat/zoneminder.el6.conf.in +++ b/distros/redhat/zoneminder.el6.conf.in @@ -1,26 +1,26 @@ -# When using Zoneminder's own authentication, recorded CCTV images are -# accessible from the web directly without passing the authentication. This -# means any attacker could see your CCTV images without a password. In order -# to avoid this you can disable Zoneminder's authentication and configure -# standard Apache authentication (see the Apache documentation for details on -# this). # -# If you still wish to use Zoneminder's own authentication, or have an -# internal site which needs no authentication, you need to delete the line -# marked below and restart Apache. +# ZoneMinder Apache configuration file +# With SSLRequire and HTTPS auto redirect +# Modify this configuration to suit your requirements +# + +# Auto Redirect HTTP requests to HTTPS +RewriteEngine On +RewriteCond %{HTTPS} !=on +RewriteRule ^/?(zm)(.*) https://%{SERVER_NAME}/$1$2 [R,L] Alias /zm "@ZM_WEBDIR@" + SSLRequireSSL Options -Indexes MultiViews FollowSymLinks AllowOverride All Order allow,deny Allow from all - # ZoneMinder no longer uses short tags so this is safe to leave disabled - # php_value short_open_tag 1 ScriptAlias /cgi-bin/zm "@ZM_WEBDIR@" + SSLRequireSSL AllowOverride All Options ExecCGI FollowSymLinks Order allow,deny diff --git a/distros/redhat/zoneminder.el6.spec b/distros/redhat/zoneminder.el6.spec index 1d6d5ead1..d9487e480 100644 --- a/distros/redhat/zoneminder.el6.spec +++ b/distros/redhat/zoneminder.el6.spec @@ -30,8 +30,8 @@ BuildRequires: libcurl-devel vlc-devel ffmpeg-devel polkit-devel # cmake needs the following installed at build time due to the way it auto-detects certain parameters BuildRequires: httpd ffmpeg -Requires: httpd php php-gd php-mysql mysql-server libjpeg-turbo polkit net-tools psmisc -Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +Requires: httpd php php-gd php-mysql mysql-server libjpeg-turbo polkit net-tools mod_ssl +Requires: psmisc perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) Requires: perl(DBD::mysql) perl(Archive::Tar) perl(Archive::Zip) Requires: perl(MIME::Entity) perl(MIME::Lite) perl(Net::SMTP) perl(Net::FTP) Requires: libcurl vlc-core ffmpeg @@ -96,8 +96,20 @@ echo -e "\nCreating and installing a ZoneMinder SELinux policy module. Please wa /usr/bin/semodule_package -o %{_docdir}/%{name}-%{version}/local_zoneminder.pp -m %{_docdir}/%{name}-%{version}/local_zoneminder.mod > /dev/null /usr/sbin/semodule -i %{_docdir}/%{name}-%{version}/local_zoneminder.pp > /dev/null -# Display the README for post installation instructions -/usr/bin/less %{_docdir}/%{name}-%{version}/README.CentOS +# Upgrade from a previous version of zoneminder +if [ $1 -eq 2 ] ; then + # Freshen the database + /usr/bin/zmupdate.pl -f + + # We can't run this automatically when new sql account permissions need to + # be manually added first + # Run zmupdate non-interactively + #/usr/bin/zmupdate.pl --nointeractive +fi + +# Warn the end user to read the README file +echo -e "\nVERY IMPORTANT: Before starting ZoneMinder, read README.Centos to finish the\ninstallation or upgrade!\n" +echo -e "\nThe README file is located here: %{_docdir}/%{name}-%{version}.\n" %preun if [ $1 -eq 0 ]; then @@ -170,6 +182,9 @@ rm -rf %{_docdir}/%{name}-%{version} %dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_localstatedir}/spool/zoneminder-upload %changelog +* Tue Sep 8 2015 Andrew Bauer - 1.28.1 +- Require https, freshen dB on updates. + * Wed Feb 18 2015 Andrew Bauer - 1.28.1 - Include ONVIF support files From 0ff14008b397795b664515d39b2ae316f967ff3c Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Sat, 12 Sep 2015 17:49:03 -0500 Subject: [PATCH 24/25] Update zoneminder.el6.conf.in ScriptAlias should point to ZM_CGIDIR instead of ZM_WEBDIR --- distros/redhat/zoneminder.el6.conf.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/distros/redhat/zoneminder.el6.conf.in b/distros/redhat/zoneminder.el6.conf.in index e0808e08b..0fbee6a62 100644 --- a/distros/redhat/zoneminder.el6.conf.in +++ b/distros/redhat/zoneminder.el6.conf.in @@ -18,8 +18,8 @@ Alias /zm "@ZM_WEBDIR@" Allow from all -ScriptAlias /cgi-bin/zm "@ZM_WEBDIR@" - +ScriptAlias /cgi-bin/zm "@ZM_CGIDIR@" + SSLRequireSSL AllowOverride All Options ExecCGI FollowSymLinks From c8fecee68b87385c90c0244501ff7af0a77c90e2 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Sat, 12 Sep 2015 18:03:20 -0500 Subject: [PATCH 25/25] Update CMakeLists.txt nbtelecom was returning http 403. switching to skylineservers. In the future, I will add jscalendar packages to zmreop as that is better practice. --- distros/redhat/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/distros/redhat/CMakeLists.txt b/distros/redhat/CMakeLists.txt index 10d43b2d9..057b827d5 100644 --- a/distros/redhat/CMakeLists.txt +++ b/distros/redhat/CMakeLists.txt @@ -16,7 +16,7 @@ else(ZM_TARGET_DISTRO STREQUAL "el7") endif(ZM_TARGET_DISTRO STREQUAL "el7") # Download jscalendar & move files into position -file(DOWNLOAD http://nbtelecom.dl.sourceforge.net/project/jscalendar/jscalendar/1.0/jscalendar-1.0.zip ${CMAKE_CURRENT_SOURCE_DIR}/jscalendar-1.0.zip LOG jsc_log STATUS download_jsc) +file(DOWNLOAD http://skylineservers.dl.sourceforge.net/project/jscalendar/jscalendar/1.0/jscalendar-1.0.zip ${CMAKE_CURRENT_SOURCE_DIR}/jscalendar-1.0.zip LOG jsc_log STATUS download_jsc) #message(STATUS "Log of jscalender script was: ${jsc_log}") if(download_jsc EQUAL 0) message(STATUS "Jscalander successfully downloaded. Installing...")