ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixes

This commit is contained in:
Isaac Connor 2019-08-19 12:15:58 -04:00
parent 3b58da860f
commit b344701dea
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
web/includes/actions/login.php
View File

@ -61,7 +61,7 @@ if ( ('login' == $action) && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == '
// if captcha existed, it was passed // if captcha existed, it was passed
if ( ! $user ) { if ( ! isset($user) ) {
$_SESSION['loginFailed'] = true; $_SESSION['loginFailed'] = true;
return; return;
} }
@ -71,7 +71,9 @@ if ( ('login' == $action) && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == '
zm_session_start(); zm_session_start();
$close_session = 1; $close_session = 1;
} }
$_SESSION['remoteAddr'] = $_SERVER['REMOTE_ADDR']; // To help prevent session hijacking
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
ZM\Info("Login successful for user \"$username\""); ZM\Info("Login successful for user \"$username\"");
$password_type = password_type($password); $password_type = password_type($password);

3
web/includes/session.php
View File

@ -20,6 +20,7 @@ function zm_session_start() {
ZM\Logger::Debug('Setting cookie parameters to lifetime('.$currentCookieParams['lifetime'].') path('.$currentCookieParams['path'].') domain ('.$currentCookieParams['domain'].') secure('.$currentCookieParams['secure'].') httpOnly(1) name:'.session_name()); ZM\Logger::Debug('Setting cookie parameters to lifetime('.$currentCookieParams['lifetime'].') path('.$currentCookieParams['path'].') domain ('.$currentCookieParams['domain'].') secure('.$currentCookieParams['secure'].') httpOnly(1) name:'.session_name());
session_start(); session_start();
$_SESSION['remoteAddr'] = $_SERVER['REMOTE_ADDR']; // To help prevent session hijacking
// Do not allow to use expired session ID // Do not allow to use expired session ID
if ( !empty($_SESSION['last_time']) && ($_SESSION['last_time'] < (time() - 180)) ) { if ( !empty($_SESSION['last_time']) && ($_SESSION['last_time'] < (time() - 180)) ) {
ZM\Info('Destroying session due to timeout. '); ZM\Info('Destroying session due to timeout. ');
@ -67,8 +68,8 @@ function zm_session_clear() {
setcookie(session_name(), '', time() - 31536000, $p['path'], $p['domain'], $p['secure'], $p['httponly']); setcookie(session_name(), '', time() - 31536000, $p['path'], $p['domain'], $p['secure'], $p['httponly']);
} }
session_unset(); session_unset();
session_write_close();
session_destroy(); session_destroy();
session_write_close();
session_start(); session_start();
} // function zm_session_clear() } // function zm_session_clear()
?> ?>