move auth functions into it's own file
This commit is contained in:
parent
7b23ef80a4
commit
53ce8c008a
File diff suppressed because it is too large
Load Diff
|
@ -27,59 +27,6 @@ if ( version_compare( phpversion(), '4.3.0', '<') ) {
|
|||
}
|
||||
}
|
||||
|
||||
# We are requiring these because this file is getting included from the api, which hasn't already included them.
|
||||
require_once('logger.php');
|
||||
require_once('database.php');
|
||||
|
||||
function userLogin( $username, $password='', $passwordHashed=false ) {
|
||||
global $user, $cookies;
|
||||
|
||||
$sql = 'SELECT * FROM Users WHERE Enabled=1';
|
||||
$sql_values = NULL;
|
||||
if ( ZM_AUTH_TYPE == 'builtin' ) {
|
||||
if ( $passwordHashed ) {
|
||||
$sql .= ' AND Username=? AND Password=?';
|
||||
} else {
|
||||
$sql .= ' AND Username=? AND Password=password(?)';
|
||||
}
|
||||
$sql_values = array( $username, $password );
|
||||
} else {
|
||||
$sql .= ' AND Username=?';
|
||||
$sql_values = array( $username );
|
||||
}
|
||||
session_start();
|
||||
$_SESSION['username'] = $username;
|
||||
if ( ZM_AUTH_RELAY == 'plain' ) {
|
||||
// Need to save this in session
|
||||
$_SESSION['password'] = $password;
|
||||
}
|
||||
$_SESSION['remoteAddr'] = $_SERVER['REMOTE_ADDR']; // To help prevent session hijacking
|
||||
if ( $dbUser = dbFetchOne( $sql, NULL, $sql_values ) ) {
|
||||
Info( "Login successful for user \"$username\"" );
|
||||
$_SESSION['user'] = $user = $dbUser;
|
||||
unset($_SESSION['loginFailed']);
|
||||
if ( ZM_AUTH_TYPE == 'builtin' ) {
|
||||
$_SESSION['passwordHash'] = $user['Password'];
|
||||
}
|
||||
session_regenerate_id();
|
||||
} else {
|
||||
Warning( "Login denied for user \"$username\"" );
|
||||
$_SESSION['loginFailed'] = true;
|
||||
unset( $user );
|
||||
}
|
||||
session_write_close();
|
||||
}
|
||||
|
||||
function userLogout() {
|
||||
global $user;
|
||||
Info( 'User "'.$user['Username'].'" logged out' );
|
||||
session_start();
|
||||
unset( $_SESSION['user'] );
|
||||
unset( $user );
|
||||
|
||||
session_destroy();
|
||||
}
|
||||
|
||||
function noCacheHeaders() {
|
||||
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); // Date in the past
|
||||
header('Last-Modified: '.gmdate( 'D, d M Y H:i:s' ).' GMT'); // always modified
|
||||
|
@ -112,78 +59,6 @@ function CORSHeaders() {
|
|||
}
|
||||
}
|
||||
|
||||
function getAuthUser( $auth ) {
|
||||
if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == 'hashed' && !empty($auth) ) {
|
||||
$remoteAddr = '';
|
||||
if ( ZM_AUTH_HASH_IPS ) {
|
||||
$remoteAddr = $_SERVER['REMOTE_ADDR'];
|
||||
if ( !$remoteAddr ) {
|
||||
Error( "Can't determine remote address for authentication, using empty string" );
|
||||
$remoteAddr = '';
|
||||
}
|
||||
}
|
||||
|
||||
if ( isset( $_SESSION['username'] ) ) {
|
||||
# Most of the time we will be logged in already and the session will have our username, so we can significantly speed up our hash testing by only looking at our user.
|
||||
# Only really important if you have a lot of users.
|
||||
$sql = "SELECT * FROM Users WHERE Enabled = 1 AND Username='".$_SESSION['username']."'";
|
||||
} else {
|
||||
$sql = 'SELECT * FROM Users WHERE Enabled = 1';
|
||||
}
|
||||
|
||||
foreach ( dbFetchAll( $sql ) as $user ) {
|
||||
$now = time();
|
||||
for ( $i = 0; $i < ZM_AUTH_HASH_TTL; $i++, $now -= (3600) ) { // Try for last two hours
|
||||
$time = localtime( $now );
|
||||
$authKey = ZM_AUTH_HASH_SECRET.$user['Username'].$user['Password'].$remoteAddr.$time[2].$time[3].$time[4].$time[5];
|
||||
$authHash = md5( $authKey );
|
||||
|
||||
if ( $auth == $authHash ) {
|
||||
return $user;
|
||||
}
|
||||
} // end foreach hour
|
||||
} // end foreach user
|
||||
} // end if using auth hash
|
||||
Error( "Unable to authenticate user from auth hash '$auth'" );
|
||||
return( false );
|
||||
} // end getAuthUser($auth)
|
||||
|
||||
function generateAuthHash( $useRemoteAddr ) {
|
||||
if ( ZM_OPT_USE_AUTH and ZM_AUTH_RELAY == 'hashed' and isset($_SESSION['username']) and $_SESSION['passwordHash'] ) {
|
||||
# regenerate a hash at half the liftetime of a hash, an hour is 3600 so half is 1800
|
||||
$time = time();
|
||||
$mintime = $time - ( ZM_AUTH_HASH_TTL * 1800 );
|
||||
|
||||
if ( ( !isset($_SESSION['AuthHash']) ) or ( $_SESSION['AuthHashGeneratedAt'] < $mintime ) ) {
|
||||
# Don't both regenerating Auth Hash if an hour hasn't gone by yet
|
||||
$local_time = localtime();
|
||||
$authKey = '';
|
||||
if ( $useRemoteAddr ) {
|
||||
$authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$_SESSION['remoteAddr'].$local_time[2].$local_time[3].$local_time[4].$local_time[5];
|
||||
} else {
|
||||
$authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$local_time[2].$local_time[3].$local_time[4].$local_time[5];
|
||||
}
|
||||
#Logger::Debug("Generated using hour:".$local_time[2] . ' mday:' . $local_time[3] . ' month:'.$local_time[4] . ' year: ' . $local_time[5] );
|
||||
$auth = md5( $authKey );
|
||||
if ( session_status() == PHP_SESSION_NONE ) {
|
||||
$backTrace = debug_backtrace();
|
||||
$file = $backTrace[1]['file'];
|
||||
$line = $backTrace[1]['line'];
|
||||
Warning("Session is not active. AuthHash will not be cached. called from $file:$line. OldHash:" . $_SESSION['AuthHash'] . ' generated at ' . $_SESSION['AuthHashGeneratedAt'] . ' < ' . $time . ' - ( ' . ZM_AUTH_HASH_TTL . '* 1800 = ' . ZM_AUTH_HASH_TTL * 1800 );
|
||||
}
|
||||
$_SESSION['AuthHash'] = $auth;
|
||||
$_SESSION['AuthHashGeneratedAt'] = $time;
|
||||
#Logger::Debug("Generated new auth $auth at " . $_SESSION['AuthHashGeneratedAt']. " using $authKey" );
|
||||
#} else {
|
||||
#Logger::Debug("Using cached auth " . $_SESSION['AuthHash'] ." beacuse generatedat:" . $_SESSION['AuthHashGeneratedAt'] . ' < now:'. $time . ' - ' . ZM_AUTH_HASH_TTL . ' * 1800 = '. $mintime);
|
||||
} # end if AuthHash is not cached
|
||||
return $_SESSION['AuthHash'];
|
||||
} else {
|
||||
$auth = '';
|
||||
}
|
||||
return( $auth );
|
||||
}
|
||||
|
||||
function getStreamSrc( $args, $querySep='&' ) {
|
||||
$streamSrc = ZM_BASE_URL.ZM_PATH_ZMS;
|
||||
|
||||
|
@ -451,24 +326,6 @@ function getZmuCommand( $args ) {
|
|||
return( $zmuCommand );
|
||||
}
|
||||
|
||||
function visibleMonitor( $mid ) {
|
||||
global $user;
|
||||
|
||||
return( empty($user['MonitorIds']) || in_array( $mid, explode( ',', $user['MonitorIds'] ) ) );
|
||||
}
|
||||
|
||||
function canView( $area, $mid=false ) {
|
||||
global $user;
|
||||
|
||||
return( ($user[$area] == 'View' || $user[$area] == 'Edit') && ( !$mid || visibleMonitor( $mid ) ) );
|
||||
}
|
||||
|
||||
function canEdit( $area, $mid=false ) {
|
||||
global $user;
|
||||
|
||||
return( $user[$area] == 'Edit' && ( !$mid || visibleMonitor( $mid ) ) );
|
||||
}
|
||||
|
||||
function getEventDefaultVideoPath( $event ) {
|
||||
$Event = new Event( $event );
|
||||
return $Event->getStreamSrc( array( 'mode'=>'mpeg', 'format'=>'h264' ) );
|
||||
|
|
|
@ -148,6 +148,7 @@ if ( ZM_OPT_USE_AUTH ) {
|
|||
|
||||
require_once( 'includes/lang.php' );
|
||||
require_once( 'includes/functions.php' );
|
||||
require_once( 'includes/auth.php' );
|
||||
|
||||
# Running is global but only do the daemonCheck if it is actually needed
|
||||
$running = null;
|
||||
|
|
Loading…
Reference in New Issue