ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

restore username&password login for all urls

This commit is contained in:
Isaac Connor 2019-08-19 12:07:38 -04:00
parent 87e7ba0e50
commit b1132087b8
3 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
web/includes/actions/login.php
View File

@ -50,6 +50,7 @@ if ( ('login' == $action) && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == '
if ( isset($responseData['error-codes']) && is_array($responseData['error-codes']) ) { if ( isset($responseData['error-codes']) && is_array($responseData['error-codes']) ) {
if ( !in_array('invalid-input-secret', $responseData['error-codes']) ) { if ( !in_array('invalid-input-secret', $responseData['error-codes']) ) {
Error('reCaptcha authentication failed'); Error('reCaptcha authentication failed');
unset($user); // unset should be ok here because we aren't in a function
return; return;
} else { } else {
Error('Invalid recaptcha secret detected'); Error('Invalid recaptcha secret detected');
@ -58,20 +59,12 @@ if ( ('login' == $action) && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == '
} // end if success==false } // end if success==false
} // end if using reCaptcha } // end if using reCaptcha
// coming here means we need to authenticate the user
// if captcha existed, it was passed // if captcha existed, it was passed
$username = $_REQUEST['username']; if ( ! $user ) {
$password = $_REQUEST['password'];
$ret = validateUser($username, $password);
if ( !$ret[0] ) {
ZM\Error($ret[1]);
$_SESSION['loginFailed'] = true; $_SESSION['loginFailed'] = true;
unset($user); // unset should be ok here because we aren't in a function
return; return;
} }
$user = $ret[0];
$close_session = 0; $close_session = 0;
if ( !is_session_started() ) { if ( !is_session_started() ) {

16
web/includes/auth.php
View File

@ -256,15 +256,31 @@ if ( ZM_OPT_USE_AUTH ) {
# This prevent session modification to switch users # This prevent session modification to switch users
if ( isset($_SESSION['AuthHash'.$_SESSION['remoteAddr']]) ) if ( isset($_SESSION['AuthHash'.$_SESSION['remoteAddr']]) )
$user = getAuthUser($_SESSION['AuthHash'.$_SESSION['remoteAddr']]); $user = getAuthUser($_SESSION['AuthHash'.$_SESSION['remoteAddr']]);
else
ZM\Logger::Debug("No auth hash in session, there should have been");
} else { } else {
# Need to refresh permissions and validate that the user still exists # Need to refresh permissions and validate that the user still exists
$sql = 'SELECT * FROM Users WHERE Enabled=1 AND Username=?'; $sql = 'SELECT * FROM Users WHERE Enabled=1 AND Username=?';
$user = dbFetchOne($sql, NULL, array($_SESSION['username'])); $user = dbFetchOne($sql, NULL, array($_SESSION['username']));
} }
} else {
ZM\Logger::Debug("No username in session");
} }
if ( ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST['auth']) ) { if ( ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST['auth']) ) {
$user = getAuthUser($_REQUEST['auth']); $user = getAuthUser($_REQUEST['auth']);
} else if (
! ( empty($_REQUEST['username']) or empty($_REQUEST['password']) or
(defined('ZM_OPT_USE_GOOG_RECAPTCHA') && ZM_OPT_USE_GOOG_RECAPTCHA )
) ) {
$ret = validateUser($_REQUEST['username'], $_REQUEST['password');
if ( !$ret[0] ) {
ZM\Error($ret[1]);
unset($user); // unset should be ok here because we aren't in a function
return;
}
$user = $ret[0];
} }
if ( !empty($user) ) { if ( !empty($user) ) {

1
web/index.php
View File

@ -77,7 +77,6 @@ if ( $_SERVER['REQUEST_METHOD'] == 'OPTIONS' ) {
return; return;
} }
if ( isset($_GET['skin']) ) { if ( isset($_GET['skin']) ) {
$skin = $_GET['skin']; $skin = $_GET['skin'];
} else if ( isset($_COOKIE['zmSkin']) ) { } else if ( isset($_COOKIE['zmSkin']) ) {