ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
12,333 Commits 20 Branches 69 Tags 131 MiB
Commit Graph

17 Commits

Author SHA1 Message Date
Isaac Connor 2466d765bf If there is a username in the session, then we are logged in, but we need to load the user object from the db. We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request. 2019-02-05 11:44:45 -05:00
Isaac Connor cc0b5e0f1f Move is_session_open to session.php. Move code to clear a session into session.php 2019-01-30 12:52:01 -05:00
Isaac Connor 85bb70df68 Use zm specific session functions, which are now located in includes/session.php. Be more agressive about clearing session on logout. 2019-01-30 11:05:19 -05:00
Isaac Connor eba8b3327d Merge branch 'master' into cleanup_auth 2018-12-11 16:04:42 -05:00
Isaac Connor 17a5519dd6
Include the remoteAddr in the session authhash cache, so that a change of ip won't allow the same useless auth hash. (#2264) 2018-10-19 13:39:37 -04:00
Isaac Connor cbc26e0cec cleanup trailing whitespace 2018-10-09 10:07:40 -04:00
Isaac Connor a3d0cb42ea Move GOOGLE RECAPCHA to includes/auth.php, clean login actions. 2018-10-09 10:05:50 -04:00
Pliable Pixels 0ff9002adf 2156 api login (#2157) 
* error can be due to bad user or password

* added login/logout and related private functions

* handle case when userLogin fails, current code returns PHP error for  and API throw is not called

* formatting

* converted login params to POST, removed user=&pass= for other APIs

* formatting

* add auth check back but leave out login/out

* fixes to make it work across zmN, postman and curl

* added back enabled check
 2018-07-15 21:17:35 -04:00
Isaac Connor b8691e4654 Don't need global cookies. Only open session if needed in userLogin 2018-07-11 11:45:19 -04:00
Isaac Connor c6ded845d0 Return the user db row ifrom userLogin instead of assuming it will be accessed as a global. Add is_session_started function and use it to detect when we need to start/stop the session in generateAuthHash 2018-07-11 10:34:45 -04:00
Isaac Connor d271d8bf1d Fix my botched change to generateAuthHash 2018-06-25 14:50:54 -04:00
Isaac Connor 99a97543f1 Rework generateAuthHash to take a force parameter so that it can be used to generate auth hashes for zmu 2018-06-25 13:43:08 -04:00
Isaac Connor 3bb1a5b544 Whitespace 2018-04-30 13:02:53 -04:00
Isaac Connor 0b0fbae1c5 Add output of paused image when paused 2018-04-12 18:43:57 -04:00
Isaac Connor 530ac15344 remove csrf_startup 2018-04-06 14:46:33 -04:00
Isaac Connor 53ce8c008a move auth functions into it's own file 2018-04-06 14:36:23 -04:00
Isaac Connor 7b23ef80a4 blah 2018-04-06 14:31:11 -04:00