mirror/zoneminder
1
0
Fork 0
mirror of https://github.com/ZoneMinder/zoneminder.git synced 2026-03-07 23:48:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
12,643 Commits 76 Branches 104 Tags
ca781523a87d4b4104f5e7aa5a92ded1f2e844ff
Commit Graph

17 Commits

Author SHA1 Message Date
Isaac Connor
2466d765bf If there is a username in the session, then we are logged in, but we need to load the user object from the db. We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request. 2019-02-05 11:44:45 -05:00
Isaac Connor
cc0b5e0f1f Move is_session_open to session.php. Move code to clear a session into session.php 2019-01-30 12:52:01 -05:00
Isaac Connor
85bb70df68 Use zm specific session functions, which are now located in includes/session.php. Be more agressive about clearing session on logout. 2019-01-30 11:05:19 -05:00
Isaac Connor
eba8b3327d Merge branch 'master' into cleanup_auth 2018-12-11 16:04:42 -05:00
Isaac Connor
17a5519dd6 Include the remoteAddr in the session authhash cache, so that a change of ip won't allow the same useless auth hash. (#2264) 2018-10-19 13:39:37 -04:00
Isaac Connor
cbc26e0cec cleanup trailing whitespace 2018-10-09 10:07:40 -04:00
Isaac Connor
a3d0cb42ea Move GOOGLE RECAPCHA to includes/auth.php, clean login actions. 2018-10-09 10:05:50 -04:00
Pliable Pixels
0ff9002adf 2156 api login (#2157) 
* error can be due to bad user or password

* added login/logout and related private functions

* handle case when userLogin fails, current code returns PHP error for  and API throw is not called

* formatting

* converted login params to POST, removed user=&pass= for other APIs

* formatting

* add auth check back but leave out login/out

* fixes to make it work across zmN, postman and curl

* added back enabled check
 2018-07-15 21:17:35 -04:00
Isaac Connor
b8691e4654 Don't need global cookies. Only open session if needed in userLogin 2018-07-11 11:45:19 -04:00
Isaac Connor
c6ded845d0 Return the user db row ifrom userLogin instead of assuming it will be accessed as a global. Add is_session_started function and use it to detect when we need to start/stop the session in generateAuthHash 2018-07-11 10:34:45 -04:00
Isaac Connor
d271d8bf1d Fix my botched change to generateAuthHash 2018-06-25 14:50:54 -04:00
Isaac Connor
99a97543f1 Rework generateAuthHash to take a force parameter so that it can be used to generate auth hashes for zmu 2018-06-25 13:43:08 -04:00
Isaac Connor
3bb1a5b544 Whitespace 2018-04-30 13:02:53 -04:00
Isaac Connor
0b0fbae1c5 Add output of paused image when paused 2018-04-12 18:43:57 -04:00
Isaac Connor
530ac15344 remove csrf_startup 2018-04-06 14:46:33 -04:00
Isaac Connor
53ce8c008a move auth functions into it's own file 2018-04-06 14:36:23 -04:00
Isaac Connor
7b23ef80a4 blah 2018-04-06 14:31:11 -04:00