Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas

db/zm_update-1.31.0.sql

@@ -271,3 +271,8 @@ EXECUTE stmt;
 
 ALTER TABLE Monitors MODIFY EncoderParameters TEXT;
 ALTER TABLE Monitors MODIFY Path VARCHAR(255);
+
+ALTER TAble Monitors MODIFY V4LMultiBuffer tinyint(1) unsigned;
+ALTER TAble Monitors MODIFY ControlId int(10) unsigned;
+ALTER TAble Monitors MODIFY TrackDelay smallint(5) unsigned;
+ALTER TAble Monitors MODIFY ReturnDelay smallint(5) unsigned;

web/ajax/stream.php

@@ -116,7 +116,7 @@ switch ( $data['type'] )
           session_start();
           $time = time();
           // Regenerate auth hash after half the lifetime of the hash
-          if ( $_SESSION['AuthHashGeneratedAt'] < $time - (ZM_AUTH_HASH_TTL * 1800) ) {
+          if ( (!isset($_SESSION['AuthHashGeneratedAt'])) or ( $_SESSION['AuthHashGeneratedAt'] < $time - (ZM_AUTH_HASH_TTL * 1800) ) ) {
             $data['auth'] = generateAuthHash( ZM_AUTH_HASH_IPS );
           } 
           session_write_close();
@@ -134,7 +134,7 @@ switch ( $data['type'] )
           session_start();
           $time = time();
           // Regenerate auth hash after half the lifetime of the hash
-          if ( $_SESSION['AuthHashGeneratedAt'] < $time - (ZM_AUTH_HASH_TTL * 1800) ) {
+          if ( (!isset($_SESSION['AuthHashGeneratedAt'])) or ( $_SESSION['AuthHashGeneratedAt'] < $time - (ZM_AUTH_HASH_TTL * 1800) ) ) {
             $data['auth'] = generateAuthHash( ZM_AUTH_HASH_IPS );
           } 
           session_write_close();

web/includes/Event.php

@@ -126,7 +126,7 @@ class Event {
     } # ! ZM_OPT_FAST_DELETE
   } # end Event->delete
 
-  public function getStreamSrc( $args, $querySep='&' ) {
+  public function getStreamSrc( $args=array(), $querySep='&' ) {
     if ( $this->{'DefaultVideo'} ) {
       return ( ZM_BASE_PATH != '/' ? ZM_BASE_PATH : '' ).'/index.php?view=view_video&eid='.$this->{'Id'};
     }

web/includes/csrf/csrf-magic.php

@@ -52,7 +52,7 @@ $GLOBALS['csrf']['rewrite-js'] = false;
  * place it here. If you change this value, all previously generated tokens
  * will become invalid.
  */
-$GLOBALS['csrf']['secret'] = '';
+$GLOBALS['csrf']['secret'] = ZM_AUTH_HASH_SECRET;
 // nota bene: library code should use csrf_get_secret() and not access
 // this global directly
 
@@ -102,7 +102,7 @@ $GLOBALS['csrf']['user'] = false;
  * tokens, and have Squid ignore that cookie for get requests, for anonymous
  * users. (If you haven't guessed, this scheme was(?) used for MediaWiki).
  */
-$GLOBALS['csrf']['key'] = false;
+$GLOBALS['csrf']['key'] = ZM_AUTH_HASH_SECRET;
 
 /**
  * The name of the magic CSRF token that will be placed in all forms, i.e.
@@ -188,11 +188,23 @@ function csrf_check($fatal = true) {
     $ok = false;
     $tokens = '';
     do {
-        if (!isset($_POST[$name])) break;
+        if (!isset($_POST[$name])) {
+Debug("POST[$name] is not set");
+break;
+} else {
+Debug("POST[$name] is set as " . $_POST[$name] );
+
+}
         // we don't regenerate a token and check it because some token creation
         // schemes are volatile.
         $tokens = $_POST[$name];
-        if (!csrf_check_tokens($tokens)) break;
+        if (!csrf_check_tokens($tokens)) {
+Debug("Failed checking tokens");
+break;
+
+} else {
+Debug("Token passed");
+}
         $ok = true;
     } while (false);
     if ($fatal && !$ok) {
@@ -225,13 +237,13 @@ function csrf_get_tokens() {
     csrf_start();
 
     // These are "strong" algorithms that don't require per se a secret
+    if ($GLOBALS['csrf']['key']) return 'key:' . csrf_hash($GLOBALS['csrf']['key']) . $ip;
     if (session_id()) return 'sid:' . csrf_hash(session_id()) . $ip;
     if ($GLOBALS['csrf']['cookie']) {
         $val = csrf_generate_secret();
         setcookie($GLOBALS['csrf']['cookie'], $val);
         return 'cookie:' . csrf_hash($val) . $ip;
     }
-    if ($GLOBALS['csrf']['key']) return 'key:' . csrf_hash($GLOBALS['csrf']['key']) . $ip;
     // These further algorithms require a server-side secret
     if (!$secret) return 'invalid';
     if ($GLOBALS['csrf']['user'] !== false) {
@@ -296,23 +308,40 @@ function csrf_check_tokens($tokens) {
  * Checks if a token is valid.
  */
 function csrf_check_token($token) {
-    if (strpos($token, ':') === false) return false;
+Debug("Checking CSRF token $token");
+    if (strpos($token, ':') === false) { 
+Debug("Checking CSRF token $token bad because no :");
+      return false;
+    }
     list($type, $value) = explode(':', $token, 2);
-    if (strpos($value, ',') === false) return false;
+    if (strpos($value, ',') === false) {
+Debug("Checking CSRF token $token bad because no ,");
+      return false;
+    }
     list($x, $time) = explode(',', $token, 2);
     if ($GLOBALS['csrf']['expires']) {
-        if (time() > $time + $GLOBALS['csrf']['expires']) return false;
+        if (time() > $time + $GLOBALS['csrf']['expires']) {
+Debug("Checking CSRF token $token bad because expired");
+return false;
+        }
     }
     switch ($type) {
         case 'sid':
+            {
+ Debug("Checking sid: $value === " . csrf_hash(session_id(), $time) );
             return $value === csrf_hash(session_id(), $time);
+            }
         case 'cookie':
             $n = $GLOBALS['csrf']['cookie'];
             if (!$n) return false;
             if (!isset($_COOKIE[$n])) return false;
             return $value === csrf_hash($_COOKIE[$n], $time);
         case 'key':
-            if (!$GLOBALS['csrf']['key']) return false;
+            if (!$GLOBALS['csrf']['key']) {
+		    Debug("Checking key: no key set"  );
+		    return false;
+	    }
+ Debug("Checking sid: $value === " . csrf_hash($GLOBALS['csrf']['key'], $time) );
 	    return $value === csrf_hash($GLOBALS['csrf']['key'], $time);
         // We could disable these 'weaker' checks if 'key' was set, but
         // that doesn't make me feel good then about the cookie-based

web/includes/functions.php

@@ -118,7 +118,7 @@ function getAuthUser( $auth ) {
       }
     }
 
-    if ( $_SESSION['username'] ) {
+    if ( isset( $_SESSION['username'] ) ) {
       # Most of the time we will be logged in already and the session will have our username, so we can significantly speed up our hash testing by only looking at our user.
       # Only really important if you have a lot of users.
       $sql = "SELECT * FROM Users WHERE Enabled = 1 AND Username='".$_SESSION['username']."'";

web/index.php

@@ -175,7 +175,9 @@ foreach ( getSkinIncludes( 'skin.php' ) as $includeFile )
 
 if ( ZM_OPT_USE_AUTH && ZM_AUTH_HASH_LOGINS ) {
   if ( empty($user) && ! empty($_REQUEST['auth']) ) {
+Debug("Getting user from auth hash");
     if ( $authUser = getAuthUser( $_REQUEST['auth'] ) ) {
+Debug("Success Getting user from auth hash");
       userLogin( $authUser['Username'], $authUser['Password'], true );
     }
   } else if ( ! empty($user) ) {
@@ -206,6 +208,7 @@ require_once( 'includes/actions.php' );
 
 # If I put this here, it protects all views and popups, but it has to go after actions.php because actions.php does the actual logging in.
 if ( ZM_OPT_USE_AUTH && ! isset($user) ) {
+	Debug("Redirecting to login" );
   $view = 'login';
 }
 

web/skins/classic/css/dark/control.css

@@ -80,8 +80,8 @@
     border: 1px solid #006699;
     text-align: center;
     padding: 1px;
-    width: 100px;
-    height: 100px;
+    width: 102px;
+    height: 102px;
 }
 
 .ptzControls .controlsPanel .pantiltPanel .pantiltControls .arrowBtn {

web/skins/classic/css/flat/control.css

@@ -80,8 +80,8 @@
     border: 1px solid #006699;
     text-align: center;
     padding: 1px;
-    width: 100px;
-    height: 100px;
+    width: 102px;
+    height: 102px;
 }
 
 .ptzControls .controlsPanel .pantiltPanel .pantiltControls .arrowBtn {

web/skins/classic/includes/functions.php

@@ -98,10 +98,10 @@ var $j = jQuery.noConflict();
   <script src='https://www.google.com/recaptcha/api.js'></script>
 <?php } else if ( $title == 'Event' ) {
 ?>
-        <link href="skins/<?php echo $skin; ?>/js/video-js.css" rel="stylesheet">
-        <script src="skins/<?php echo $skin; ?>/js/video.js"></script>
+        <link href="skins/<?php echo $skin ?>/js/video-js.css" rel="stylesheet">
+        <script src="skins/<?php echo $skin ?>/js/video.js"></script>
         <script src="./js/videojs.zoomrotate.js"></script>
-        <script src="skins/<?php echo $skin; ?>/js/moment.min.js"></script>
+        <script src="skins/<?php echo $skin ?>/js/moment.min.js"></script>
 <?php
     }
     if ( $skinJsPhpFile )

web/skins/classic/views/event.php

@@ -127,7 +127,10 @@ if ( canEdit( 'Events' ) ) {
         <div id="editEvent"><a href="#" onclick="editEvent()"><?php echo translate('Edit') ?></a></div>
         <div id="archiveEvent" class="hidden"><a href="#" onclick="archiveEvent()"><?php echo translate('Archive') ?></a></div>
         <div id="unarchiveEvent" class="hidden"><a href="#" onclick="unarchiveEvent()"><?php echo translate('Unarchive') ?></a></div>
+<?php if ( $Event->DefaultVideo() ) { ?>
+<div id="downloadEventFile"><a href="<?php echo $Event->getStreamSrc()?>">Download MP4</a></div>
 <?php
+  } // end if Event->DefaultVideo
 } // end if can edit Events
 if ( canView( 'Events' ) ) {
 ?>
@@ -139,8 +142,8 @@ if ( $Event->SaveJPEGs() & 3 ) { // Analysis or Jpegs
 <?php
 } // has frames or analysis
 ?>
-        <div id="videoEvent"<?php if ( $streamMode == 'video' ) { ?> class="hidden"<?php } ?>><a href="#" onclick="showVideo()"><?php echo translate('Video') ?></a></div>
-        <div id="exportEvent"><a href="#" onclick="exportEvent()"><?php echo translate('Export')  ?></a></div>
+        <div id="videoEvent"><a href="#" onclick="videoEvent();"><?php echo translate('Video') ?></a></div>
+        <div id="exportEvent"><a href="#" onclick="exportEvent();"><?php echo translate('Export') ?></a></div>
       </div>
       <div id="eventVideo" class="">
 <?php

web/skins/classic/views/js/event.js

@@ -701,6 +701,11 @@ function showFrameStats()
     createPopup( '?view=stats&eid='+eventData.Id+'&fid='+fid, 'zmStats', 'stats', eventData.Width, eventData.Height );
 }
 
+function videoEvent()
+{
+    createPopup( '?view=video&eid='+eventData.Id, 'zmVideo', 'video', eventData.Width, eventData.Height );
+}
+
 
 function drawProgressBar()
 {

web/skins/classic/views/js/watch.js

@@ -330,19 +330,23 @@ function streamCmdQuery() {
 var statusCmdParms = "view=request&request=status&entity=monitor&id="+monitorId+"&element[]=Status&element[]=FrameRate";
 if ( auth_hash )
   statusCmdParms += '&auth='+auth_hash;
-var statusCmdReq = new Request.JSON( { url: monitorUrl+thisUrl, method: 'post', data: statusCmdParms, timeout: AJAX_TIMEOUT, link: 'cancel', onSuccess: getStatusCmdResponse } );
+var statusCmdReq = new Request.JSON( { url: monitorUrl+thisUrl, method: 'get', data: statusCmdParms, timeout: AJAX_TIMEOUT, link: 'cancel', onSuccess: getStatusCmdResponse } );
 var statusCmdTimer = null;
 
 function getStatusCmdResponse( respObj, respText ) {
+console.log("Got statusCmdQuery");
   watchdogOk("status");
   if ( statusCmdTimer )
     statusCmdTimer = clearTimeout( statusCmdTimer );
 
   if ( respObj.result == 'Ok' ) {
+console.log("Got ok for status");
     $('fpsValue').set( 'text', respObj.monitor.FrameRate );
     setAlarmState( respObj.monitor.Status );
-  } else
+  } else {
+	console.log("Got bad response for status");
     checkStreamForErrors("getStatusCmdResponse",respObj);
+  }
 
   var statusCmdTimeout = statusRefreshTimeout;
   if ( alarmState == STATE_ALARM || alarmState == STATE_ALERT )
@@ -351,6 +355,7 @@ function getStatusCmdResponse( respObj, respText ) {
 } 
 
 function statusCmdQuery() {
+console.log("Sending statusCmdQuery");
   statusCmdReq.send();
 }