Commit Graph

1714 Commits

Author SHA1 Message Date
Isaac Connor 6cf448c74e remove debug and spacing 2020-02-25 11:08:23 -05:00
Isaac Connor b389f9660d Merge branch 'fix_class_PTZ_presets_almost_invisible' 2020-02-24 13:17:09 -05:00
Isaac Connor 1a87eb40bd Fixes #2841 and maintains login through password change 2020-02-19 16:55:38 -05:00
Isaac Connor dab5c520fe Merge branch 'master' into add_alarmed_zone_to_filters 2020-02-19 14:20:08 -05:00
Isaac Connor 821355c117 Only set date.timezone if we have a configured value in the Config 2020-02-11 13:21:28 -05:00
Isaac Connor 1c2f2657d2 We don't do automatic login when recaptcha is enabled, so add the login calls on successful recaptcha 2020-02-04 16:41:19 -05:00
Isaac Connor df5bf788d9 Filtering by Alarmed Zone now only supports a single value using EXISTS as the operator. We now also support CURDATE() and NOW() as values for Date/StartDate/EndDate 2020-01-24 11:09:27 -05:00
Isaac Connor 29a04dc1b9 Merge branch 'improve_filter_emails' into add_alarmed_zone_to_filters 2020-01-24 09:50:53 -05:00
Isaac Connor adf376e4a6 add Zone.php 2020-01-24 09:45:02 -05:00
Isaac Connor 8aa0fe665f Add EmailTo,EmailSubjecet,EmailBody fields to Filter object 2020-01-22 14:04:42 -05:00
Isaac Connor 9d41334e8f Merge branch 'master' into add_alarmed_zone_to_filters 2020-01-22 13:45:37 -05:00
Isaac Connor a3754709e4 allow filters to not have terms specified. We can't pass an empty array in a url, so we will just have to handle it. 2020-01-18 16:09:33 -05:00
Isaac Connor 86a2523498 break up a long line, add some parenthesis to clarify logic 2020-01-17 12:30:26 -05:00
Isaac Connor 02e9096d2b When saving an existing Filter and we are unchecking Background, need to stop the filter before saving. Remove dead code 2020-01-13 17:32:57 -05:00
Isaac Connor e4ba1fd432 fix restarting zmcontrol on remote servers by passing object=filter as well 2020-01-13 17:16:15 -05:00
Isaac Connor d7dc7cdc47 Add ServerId to database log entries in php 2020-01-13 16:18:01 -05:00
Isaac Connor 9036b6db77 fix typo 2020-01-13 16:17:39 -05:00
Isaac Connor f3a9e608db Merge branch 'master' of github.com:ZoneMinder/zoneminder 2020-01-13 16:11:19 -05:00
Isaac Connor b11815cfa9 Introduce Storage->EventCount to get the # of events per storage without actually loading all events. 2020-01-13 12:53:50 -05:00
Isaac Connor 6cd76ee2ff Clear cache after loading Events so as to free ram. 2020-01-13 12:53:05 -05:00
Isaac Connor f7e2359818 Implement a clear_cache function so that we can free up cached objects 2020-01-13 10:57:56 -05:00
Isaac Connor 398688550b fixtypo 2020-01-10 20:15:52 -05:00
Isaac Connor 0c478c7962 fix Monitor->Server 2020-01-10 20:13:09 -05:00
Isaac Connor 5ee0158735 Set defaults for vars == '' 2020-01-10 16:42:41 -05:00
Isaac Connor f61f6eaf7d remove line cutnpasted erroneously 2020-01-10 12:45:47 -05:00
Isaac Connor d433590f74 use find_one in stead of new to use Cached Server 2020-01-10 12:45:30 -05:00
Isaac Connor ef4ecd40fb Set defaults before saving Objects 2020-01-10 12:44:59 -05:00
Isaac Connor 0571909d05 add remote_IP to log entries on php side 2020-01-07 17:08:29 -05:00
Isaac Connor c3641df531 spaces 2020-01-05 17:30:06 -05:00
Isaac Connor e951b0af1c add code to set default value for checkboxes 2020-01-03 16:35:04 -05:00
Isaac Connor d42e9beddc Add warnings when the type of movement is not selected 2020-01-02 17:03:52 -05:00
Isaac Connor e9815bf9c7 add ZM Namespace to Error calls 2020-01-02 16:54:50 -05:00
Isaac Connor 714d304528 Change WebColour to a colour selector input and add a random colour icon. Select a random colour on new Monitor creation 2019-12-31 19:10:29 -05:00
Isaac Connor 77cfb7c190 fix spacing 2019-12-31 12:42:49 -05:00
Andrew Bauer 2301103da5 use small, non-zero values, for image buffer & pre & post buffers 2019-12-28 09:49:42 -06:00
Isaac Connor 9e43e06a55 Add empty array value for terms when there isn't any to get rid of warning when loading all events 2019-12-26 11:22:42 -05:00
Isaac Connor 958a6b8218 Merge branch 'master' of github.com:zoneminder/ZoneMinder 2019-12-18 19:06:19 -05:00
Isaac Connor e39a95d761 Add AlarmedZoned to filters, work on fixing filter behaviour in js. Enable viewing filter results in montagereview 2019-12-18 19:06:10 -05:00
Isaac Connor d21fa5c48a Do not set defaults in Object->set(). This allows us to set an empty timestamp. 2019-12-18 19:03:37 -05:00
Isaac Connor 34354f5871 Add Notes field to monitors to store random info in. Bump version to 1.33.16. use htmlSElect for savejpegs. Move storage area under Storage tab. 2019-12-18 12:13:00 -05:00
Isaac Connor 2a4d06f93b Merge branch 'master' of github.com:ZoneMinder/zoneminder 2019-12-15 10:35:56 -05:00
Isaac Connor 4d9d4ba957 Do not allow deletion of archived events. 2019-12-15 10:35:43 -05:00
Isaac Connor 689956bba7 Merge branch 'master' of github.com:zoneminder/ZoneMinder 2019-12-13 17:49:00 -05:00
Isaac Connor b24e912050 Use ZM\Server::find_one for loading server so that it gets cached. Use a single regexp to determine config line validity instead of two for efficiency 2019-12-13 17:46:56 -05:00
Isaac Connor d2a23e4822 add possing port to Monitor->UrlToIndex 2019-12-13 11:50:11 -05:00
Isaac Connor bedc61a347 handle dbFetchNext on null result more gracefully 2019-12-13 11:49:55 -05:00
Isaac Connor ea89ebf150 more mysql8 fixes 2019-12-08 21:33:29 -05:00
Isaac Connor 3bd0525e64 escape column names for mysql8 2019-12-08 14:27:07 -05:00
Isaac Connor 0de6396a5b Test for null in user before testing for access in CanEdit et all 2019-12-07 12:39:28 -05:00
Isaac Connor 4632bbd124 Apply relevant changes to deal with php7,4 deprecations 2019-12-07 11:45:32 -05:00
Isaac Connor cc6d40d67e Missing -> 2019-12-07 10:38:51 -05:00
Isaac Connor df9f6103e4 fix syntax error 2019-12-04 09:00:20 -05:00
Isaac Connor 78912584e1 re-arrange code to hopefully get rid of syntax error reported by some people 2019-12-04 07:10:33 -05:00
Isaac Connor 576dd23907 test for existence of filter in query 2019-12-02 12:30:15 -05:00
Isaac Connor 355fceccb4 test for existence of default 2019-12-02 12:30:03 -05:00
Isaac Connor 09fcbad666 Merge branch 'master' into zma_to_thread 2019-11-30 14:59:39 -05:00
Isaac Connor eedb31730e fix saving Monitor values that don't get passed when empty, like Enabled 2019-11-29 14:49:43 -05:00
Isaac Connor cab1056328 improve debugging in recursive_array_diff 2019-11-29 14:49:10 -05:00
Isaac Connor d6a414a1a4
Merge pull request #2767 from connortechnology/fix_2692
Fix 2692
2019-11-29 14:24:00 -05:00
Isaac Connor 29572abef2 Change Orientation Enum to use strings instead of numbers as values. Sync them up with what we use in C code 2019-11-29 13:56:02 -05:00
Isaac Connor a9d8e73f68 Change Orientation Enum to use strings instead of numbers as values. Sync them up with what we use in C code 2019-11-29 13:53:46 -05:00
Pliable Pixels 7b99c89541
its not necessary the token is a refresh. Can also be empty 2019-11-26 20:57:25 -05:00
Isaac Connor 54a15573ad Make 32bit the default for COlours 2019-11-26 15:06:24 -05:00
Isaac Connor 5ebf929598 Add Event counts, event disk usage to storage tab of options. Disable checkbox selection when there are events stored on the storage area. 2019-11-26 14:36:39 -05:00
Isaac Connor 1dc83700c0 Do a better job of handling the non-server, non-multiport case. Put the code in Url so that it works for other functions that call Url() 2019-11-21 13:32:27 -05:00
Isaac Connor 606c89962f eliminate an extra db call 2019-11-20 16:30:26 -05:00
Isaac Connor 5494fdb087 When upgrading from a version that doesn't do DiskSpace storage, there can be a lot of events to update. Can't load them all or we run out of ram. Batch them in 1000's 2019-11-20 09:31:16 -05:00
Isaac Connor 59b9220ddd if doing multiport still call Url(), as it requires a hostname 2019-11-11 13:33:54 -05:00
Isaac Connor 1c54f22627 Introduce CSP_REPORT_URI to config and use it when setting up CSP headers as to where to report unsafe inline js to. 2019-11-08 15:18:08 -05:00
Isaac Connor 014ce0afe8 improve error message regarding timezone differences 2019-11-05 12:40:11 -05:00
Isaac Connor 5b02bc76f4 Fix donate now functionality. Improve zmWindow to take an optional sub path so that we can target /donate directly 2019-11-05 10:07:42 -05:00
Isaac Connor d218d2ee9f If the default server case, don't add the Url component. So this will return just the path, using whatever servername/port combo is currently in use. Fixes #2750 2019-11-04 12:04:23 -05:00
Isaac Connor 9d8a230252 Prevent deletion of entire events directory when monitor has empty name 2019-11-02 10:12:43 -04:00
Isaac Connor 968c28395d close group popup when saving 2019-11-01 13:39:40 -04:00
Isaac Connor 988b2183c3 use new ViewWIdth and ViewHeight functions to generate video stream. 2019-10-29 17:42:48 -04:00
Isaac Connor eb2269ea52 improve zone saving testing for value before doing math 2019-10-29 17:42:23 -04:00
Isaac Connor f2300f2e8c Add isPortrait and isLandscape functions. Rename Width and Height to ViewWidth and ViewHeight to return the rotated dimensions suitable for viewing 2019-10-29 17:39:12 -04:00
Isaac Connor d036613776 Fix Server() not returning a ServerObject if not found when ServerId is null or 0 2019-10-21 13:45:27 -04:00
Isaac Connor 91651652c7 Only report an error for not finding the server if ServerId had a value 2019-10-21 13:41:32 -04:00
Isaac Connor 3244c8ab5b spacing, quotes, remove debug 2019-10-21 13:18:09 -04:00
Isaac Connor 6a3fe1ef1f actually set date.timezone from ZM_TIMEZONE 2019-10-18 14:37:09 -04:00
Isaac Connor 1a417952c3 AutoStopTimeOut is part of Monitor, not Control 2019-10-18 14:19:25 -04:00
Isaac Connor 13b02284fe Merge branch 'master' into timezone_as_config 2019-10-18 13:58:22 -04:00
Isaac Connor fdf48c4123
Merge pull request #2726 from externo6/more-filter-options
More filter options
2019-10-16 10:15:58 -04:00
Isaac Connor ebebcad10d Merge branch 'master' of github.com:zoneminder/ZoneMinder 2019-10-16 10:13:31 -04:00
Isaac Connor 7146bdd59a IN order to allow specifying a monitor Id that has been deleted, use monitor->Id instead of mid to test for monitor existence 2019-10-16 10:08:30 -04:00
Isaac Connor d145adf9c6 set default for V4LCapturePerFrame to 1 instead of null. 2019-10-16 10:07:50 -04:00
externo6 4b71bc75ea Change language to Contains / Not Contains and update perl filter. 2019-10-16 00:35:49 +01:00
Isaac Connor ee1e12b938 Be more robust about returning a Server object when instantiating the default Storage area. 2019-10-11 17:29:47 -04:00
Isaac Connor 70396c5897 Don't warn about the spaces in the command 2019-10-09 13:10:43 -04:00
Isaac Connor b15f7ad47d handle ipv6 in Server->Hostname. Fixes #2713 2019-10-09 10:00:13 -04:00
Isaac Connor 4126554092 Move sendControlCommand out of includes/control_functions.php into Monitor.php. Make it smarted about talking to zmcontrol.pl. Fix sending the quit command 2019-10-08 18:07:33 -04:00
Isaac Connor 7328eb1979 be more robust when sending commands to zmcontrol. Of no commands given don't bother. 2019-10-03 17:30:10 -04:00
Isaac Connor d02aee64e4 Add setting of timezone to Options/Config instead of php.ini 2019-10-02 09:07:18 -04:00
Isaac Connor 09efbfb4f1 Sort groups 2019-09-30 15:02:05 -04:00
Isaac Connor 85b16e89b7 Fix groups dropdown 2019-09-30 14:42:10 -04:00
Isaac Connor 3d6cab8360 Must force hash regeneration on login. Old hash may be from different user 2019-09-28 17:57:45 -04:00
Isaac Connor 0c1635b3b8 Merge branch 'master' of github.com:ZoneMinder/zoneminder 2019-09-28 14:23:33 -04:00
Isaac Connor 393f0a369c Revamp timeline. Make it handle being full browser width. remove onclicks. 2019-09-28 14:23:23 -04:00
Isaac Connor c24fc6c21f Set Delta to 0 to avoid errors 2019-09-28 14:10:11 -04:00
Isaac Connor 7a3134ae5e Fix restart login in functions. Only start zmc if function is not None and start zma if it isn't None or NoDect. Even if disabled, we still run zma so that we can send it a signal to enable motion detection. 2019-09-28 10:26:50 -04:00
externo6 7479d3f1f1 Add LIKE and NOT LIKE to filter options
This is useful for filtering notes.
EG filtering detected objects from zmeventnofification;
WHERE notes LIKE %detect%
WHERE notes NOT LIKE %car%
2019-09-28 13:03:16 +01:00
Isaac Connor b1bcfe8a9b fix backtrace 2019-09-26 16:26:28 -04:00
Isaac Connor 555f3e9c0d Fix missing semi colon in Content-Security-Policy-Report-Only 2019-09-26 13:52:27 -04:00
Isaac Connor 4deea4c6ab code doc 2019-09-25 10:35:57 -04:00
Isaac Connor fe893a4a01 Add report-uri to out Content-Security-Policy-Report-Only header 2019-09-25 10:16:02 -04:00
Isaac Connor 5c80e098c5 Only save Group changes if there were changes 2019-09-25 10:14:12 -04:00
Isaac Connor 475432449f Add default values for Status record 2019-09-25 10:13:56 -04:00
Isaac Connor d16d77d6b3 quotes and spacing 2019-09-23 12:39:24 -04:00
Isaac Connor a05c513643 Revert change breaking multiport when servers not defined. 2019-09-23 12:03:19 -04:00
Isaac Connor 538478ff1c Need to -1 on the dimensions when comparing to points as they are 0-based 2019-09-23 11:48:58 -04:00
Isaac Connor 1dd09923eb Add special case for just rotating the monitor dimensions and add out of bounds check for zone points 2019-09-23 11:42:49 -04:00
Isaac Connor 23b3ae5783 Remove debug 2019-09-22 21:06:54 -04:00
Isaac Connor 4c3ea7125d Add defaults to Frame 2019-09-22 14:21:59 -04:00
Isaac Connor 6d16363f07 Restore monitor defaults 2019-09-21 10:40:24 -04:00
Isaac Connor 308236b4ad Fix sending ptz controls 2019-09-20 10:35:39 -04:00
Isaac Connor 0a0bb1b326 Update Frame and Server Objects to use common methods 2019-09-19 16:24:05 -04:00
Isaac Connor 1539e34204 spacing 2019-09-19 14:57:28 -04:00
Isaac Connor daa9f646fb fix error printing 2019-09-19 14:56:34 -04:00
Isaac Connor b9b52c964e Upgrade monitor saving and viewing 2019-09-19 14:56:16 -04:00
Isaac Connor 73a5a8c8c5 Improve changes/set/etc to handle more complex defaults 2019-09-19 14:55:45 -04:00
Isaac Connor b41e998a3a Remove Control stuff from Monitor 2019-09-19 14:55:27 -04:00
Isaac Connor 4c206c2e9a Upgrade Control Object to extend ZM\Object. Add commands function from skin specific control functions 2019-09-19 14:55:17 -04:00
Isaac Connor 458268d866 Merge branch 'master' into update_monitor_saving 2019-09-18 11:40:09 -04:00
Isaac Connor 1407d849e8 deprecate getStreamSrc in functions.php. 2019-09-18 11:10:25 -04:00
Isaac Connor e0074692d1 Remove debug 2019-09-17 12:07:30 -04:00
Isaac Connor ad84736cb4 spacing 2019-09-17 12:07:24 -04:00
Isaac Connor deefa0754d Backtick the fields when updating Monitors 2019-09-16 10:53:06 -04:00
Isaac Connor 63db128edf Merge branch 'master' of github.com:ZoneMinder/zoneminder 2019-09-15 17:54:29 -04:00
Isaac Connor 60cf4586da Don't return a hostname when not in multi-server. Should prevent problems with reverse proxies 2019-09-15 17:54:23 -04:00
Isaac Connor 32a1ab58b5 remove use of userLogin which was removed recently 2019-09-15 12:19:35 -04:00
Isaac Connor d5aa95e45f cpplint fixes 2019-09-09 16:13:32 -04:00
Isaac Connor 8103156436 when deleting multiple events, each event has to be it's own transaction due to locking 2019-09-09 09:16:52 -04:00
Isaac Connor 056449590a Update Monitor object, using Object methods for saving monitors 2019-09-08 12:26:11 -04:00
Isaac Connor 2993e52652 Fix auth timing out due to cookie timing out and getting deleted. 2019-09-04 12:14:32 -04:00
Isaac Connor dde655950f Use locking when deleting an event 2019-09-04 10:07:17 -04:00
Isaac Connor 26670c2df2 Add lock function to write lock an object 2019-09-04 10:07:08 -04:00
Isaac Connor 92bc1791f5 fix accidentally removed code 2019-09-03 11:33:13 -04:00
Isaac Connor a384e978c8 don't load user from session if we have already gotten it from elsewhere 2019-09-03 11:19:42 -04:00
Isaac Connor b84d005d8f Load use from session when it exists 2019-09-03 10:54:34 -04:00
Isaac Connor 6b9e8bec69 Add logging of delete events 2019-08-29 11:26:32 -04:00
Isaac Connor a4b057fa2b Upgrade Event object to use the common Object methods. Add deleting files from Secondary storage 2019-08-29 11:25:37 -04:00
Isaac Connor c80ef0e0ab spacing 2019-08-28 12:20:03 -04:00
Isaac Connor 320bf823c5 Don't report errors when creating monitor symlink when it already exists 2019-08-28 09:18:33 -04:00
Isaac Connor c482fa7d5d Fix executing filter 2019-08-26 20:45:38 -04:00
Isaac Connor f01bedb33e Merge branch 'master' of github.com:ZoneMinder/zoneminder 2019-08-26 18:49:12 -04:00
Isaac Connor 231c9c3902 move executeFilter to Filter->execute. If no changes have been made, don't make a tempfilter. 2019-08-26 18:48:34 -04:00
Isaac Connor 82e8bde406 Fix SaveAs 2019-08-26 16:19:19 -04:00
Isaac Connor 396be10d6f Merge branch 'master' into zma_to_thread 2019-08-22 12:57:00 -04:00
Isaac Connor 7ef26275bc use isset to get rid of warnings when eid is not in REQUEST 2019-08-20 10:28:19 -04:00
Isaac Connor 84492f29b1
Fix token auth sessions (#2676)
* If token is present do token based auth and do not do anything with session

* update HostController.  Use config constants, don't use sessions

* Remove Session from the components list

* spacing

* Remove Session from App Components list.

* Move APIEnabled check to the api from auth.php

* Rework auth.  login using username and password only occurs on login action now.  Including auth.php should not touch the session.  auth_hash logins no longer touch the session.  replace userLogin with a function called validateUser which matches the semantics of validateToken.

* remove debugging

* Add session storage if stateful query param is on, but only for LEGACY_API_AUTH

* fix mUser to username, etc.

* shuffle lines

* use  instead of session when generating auth hash.

* Add docs regarding the use of cookies and stateful query param

* Only open/close session if we are clearing a session var

* Use zm_session_start instead of session_start

* Should use zm_session_start instead of session_start

* document that zm_session_start should be called previously to session_regenerate_id

* Don't actually write out the session when generating auth hashes.  Means they should never actually persist.

* More backticking of SQL

* add .. to fix #2686

* Use material icons for sort because they look nicer

* fix typo

* have to add authhash to session on login

* restore username&password login for all urls

* fix

* fixes
2019-08-20 09:46:53 -04:00
Isaac Connor b344701dea fixes 2019-08-19 12:15:58 -04:00
Isaac Connor 3b58da860f fix 2019-08-19 12:08:41 -04:00
Isaac Connor b1132087b8 restore username&password login for all urls 2019-08-19 12:07:38 -04:00
Isaac Connor 87e7ba0e50 have to add authhash to session on login 2019-08-19 11:38:56 -04:00
Isaac Connor d39da61b66 Don't actually write out the session when generating auth hashes. Means they should never actually persist. 2019-08-16 15:27:24 -04:00
Isaac Connor 070b8066f2 document that zm_session_start should be called previously to session_regenerate_id 2019-08-16 15:08:35 -04:00
Isaac Connor 28155ebd90 Should use zm_session_start instead of session_start 2019-08-16 15:08:10 -04:00
Isaac Connor 660eddc69d Only open/close session if we are clearing a session var 2019-08-16 15:06:56 -04:00
Isaac Connor 3475a11e15 use instead of session when generating auth hash. 2019-08-16 14:13:13 -04:00
Isaac Connor 51c7f0b73f shuffle lines 2019-08-16 14:12:52 -04:00
Isaac Connor fdb66aaa72 Merge branch 'master' into fix_token_auth_sessions 2019-08-15 16:22:09 -04:00
Isaac Connor 336f45219b fix object caching 2019-08-15 16:04:56 -04:00
Isaac Connor 68052368f7 use backticks on table and column names. Use data-on-change-this in group dropdown 2019-08-15 16:04:37 -04:00
Isaac Connor f09941ed48 timezone errors shouldn't be fatal 2019-08-15 15:16:02 -04:00
Isaac Connor 618e6816ef Rework auth. login using username and password only occurs on login action now. Including auth.php should not touch the session. auth_hash logins no longer touch the session. replace userLogin with a function called validateUser which matches the semantics of validateToken. 2019-08-15 14:59:15 -04:00
Isaac Connor 0ec6e8d635 Merge branch 'master' into fix_token_auth_sessions 2019-08-15 12:05:07 -04:00
Isaac Connor 4140d51e9f database.php cleanup. remove dbFetchMonitor and dbFetchGroup. Their usage has been replaced with the Object::find_one usage. Also more quoting of table and colume names to fix #2659 2019-08-13 11:45:50 -04:00
Isaac Connor 4922861d1d Merge branch 'master' into fix_token_auth_sessions 2019-08-12 13:59:11 -04:00
Isaac Connor 5f77634aca Update Group object to use shared code in Object.php. Should fix #2659 2019-08-08 13:51:56 -04:00
Isaac Connor 702cb65d2a Merge branch 'storageareas' 2019-08-08 13:38:36 -04:00
Isaac Connor df285006d2 change sortHeader to include eid if it is in the request 2019-08-08 13:34:10 -04:00
Isaac Connor a9de537e01 Merge branch 'master' into storageareas 2019-08-08 09:27:27 -04:00
Isaac Connor 1892528679 quotes 2019-08-08 09:26:15 -04:00
Isaac Connor 5b0509e000 When invalid operator terms, use print_r on the term instead of just the operator 2019-08-08 09:26:00 -04:00
Isaac Connor 3a142df14f Only send zmdc.pl commands for filters to running servers 2019-08-07 15:51:01 -04:00
Isaac Connor fb7ab993b5 Have to include the --daemon param when telling zmdc.pl what to do with zmfilter.pl 2019-08-07 15:34:30 -04:00
Isaac Connor d4b59211cd Merge branch 'master' into storageareas 2019-08-07 11:21:19 -04:00
Isaac Connor 962049fa31 Merge branch 'master' into filter_add_copy 2019-08-06 20:17:21 -04:00
Isaac Connor 7e6b0058d2 Update Zone buttons. Fix double submit. Fixes #2671 2019-08-02 08:04:38 -04:00
Isaac Connor 6a425b6988 If token is present do token based auth and do not do anything with session 2019-08-01 10:02:31 -04:00
Isaac Connor 7f19831e0c Use isset when testing for existence of authash in session 2019-07-29 14:54:55 -04:00
Isaac Connor 45afc2a534 introduce array_recursive_diff which we use to compare two arrays in Object::changes 2019-07-24 11:24:37 -04:00
Isaac Connor e3a9d5d488 Rewrite changes to run through the keys of the passed in new values array, and handle object methods as well as basic values 2019-07-24 11:24:14 -04:00
Isaac Connor 341f4adbdf Functions that change the Query must reset Query_json as well 2019-07-24 11:23:38 -04:00
Isaac Connor 58851d23d2 Add Secondary Storage support to the Event object 2019-07-24 11:22:55 -04:00
Isaac Connor 9b6dedb35d Update Filter saving action to use object set/save etc 2019-07-23 09:58:28 -04:00
Isaac Connor 35ec60ca03 Change Storage object to extend ZM_Object 2019-07-23 09:58:05 -04:00
Isaac Connor 7c52f8a4ae Fixes and add Objects_Indexed_By_Id 2019-07-23 09:57:44 -04:00
Isaac Connor b05aff1d5d Update Filter Object to extend ZM_Object. Rename Query to Query_json and implement a Query function to parse Query_json 2019-07-23 09:57:16 -04:00
Isaac Connor fe71a9abaa php_errormsg is deprecated 2019-07-19 16:32:40 -04:00
Isaac Connor d244aadee6 Fix #2655 2019-07-08 14:27:49 -04:00
Isaac Connor b84e3499f4 Implement code to auto-load monitor status info if not already loaded. Check for Connected instead of Capturing in watch to display warning message 2019-07-07 17:25:49 -04:00
Isaac Connor a28f17653f Add DecoderHWAccel fields to Monitor 2019-06-25 15:34:45 -04:00
Isaac Connor 6ed0074077
End continuous events on alarm (#2644)
* Reference /run/zm instead of /var/run/zm because systemd-tmpfiles complains about it

* Spacing, google code style and tabs to spaces

* add update script to add MinSectionLength

* Add min_section_length to enforce a minimum event length when closing continuous events on alarm
2019-06-24 11:29:00 -04:00
Isaac Connor 38bcdbbffe ONly close session if we opened it in generateAuthHash, only try to validate auth hash if it is set in the session 2019-06-21 18:04:39 -04:00
Isaac Connor 60618d5998 Fix hour subtraction in getAuthUser to actually subtract an hour 2019-06-21 11:45:33 -04:00
Isaac Connor 3bae7a5432 spaces and parenthesis 2019-06-20 13:28:12 -04:00
Tom Hodder 1336c03f97 WIP: Add pagination to frames.php in classic (#2618)
* add pagination to the frames.php results

* remove commented code, fix view all paging

* removing debugging logging statements

* default frames paging to on
2019-06-16 12:02:00 -04:00
Pliable Pixels 98bf7800b0 remove a password log, corrected PHP version in log (#2627)
* remove a password log, corrected PHP version in log

* PHP version correction
2019-06-16 11:59:48 -04:00
Isaac Connor 08cc4e0383 add null value to set() function 2019-06-05 10:22:20 -04:00
Isaac Connor 5346f82de9 Fix unable to login when ZM_AUTH_RELAY != hashed and fix setting the password in session when ZM_AUTH_RELAY==plain 2019-06-05 09:23:34 -04:00
Isaac Connor 4b9b2015cb write a note why regnerateAuthHash doesn't work when saving config 2019-06-04 16:30:57 -04:00
Isaac Connor cc269378cf regenerate auth_hash in session because we might have changed an auth hash setting 2019-06-04 16:27:25 -04:00
Isaac Connor 168aa35461 force regeneration of auth_hash on login. Fix failed auth_hash verification not logging you out by returning null instead of false. Update session with new auth_hash when forcing regeneration 2019-06-04 16:26:29 -04:00
Isaac Connor eaa1939f6b comment out debug lines 2019-05-31 10:35:54 -04:00
Isaac Connor 274737d1b1 Fix moocord to mocord. 2019-05-31 10:35:18 -04:00
Isaac Connor b0869a0b13 spaces and quotes 2019-05-31 10:34:53 -04:00
Isaac Connor 75ec4818a6 WHen saving a monitor, only start zmc and zma if appropriate 2019-05-31 10:15:02 -04:00
Isaac Connor ba96f0709c fix saving user using password_hash 2019-05-30 09:58:54 -04:00
Isaac Connor 628760d5b9 Spacing and braces cleanup from asker's code 2019-05-29 10:29:03 -04:00
Isaac Connor c4d76f03c9 Introduce ZM_PATH_SHUTDOWN to cmake config 2019-05-27 12:09:32 -04:00
Isaac Connor 4765b9d936 Don't generate php errors when returned row doesn't have the specified column 2019-05-24 14:52:04 -04:00
Isaac Connor 1ddd5b1f74 Merge branch 'master' of github.com:ZoneMinder/zoneminder 2019-05-24 13:56:30 -04:00
Isaac Connor 34400419e8
Add shutdown capability (#2575)
* Add Config for showing a system shutdown/restart option

* Add a translation for Shutdown

* add a shutdown power button to the navbar

* but the shutdown icon in a navbar-txt

* set width and height of shutdown window

* Add instructions for enabling the web user to run shutdown

* add the shutdown view and actions
2019-05-24 13:53:24 -04:00
Pliable Pixels fc27393a96 Replace MySQL Password() with bcrypt, allow for alternate JWT tokens (#2598)
* added sha1 and bcrypt submodules

* added bcrypt and sha to src build process

* added test sha1 and bcrypt code to validate working

* bcrypt auth migration in PHP land

* added include path

* add sha source

* added bcrypt to others

* put link_dir ahead of add_executable

* fixed typo

* try add_library instead

* absolute path

* absolute path

* build bcrypt as static

* move to wrapper

* move to fork

* logs tweak

* added lib-ssl/dev for JWT signing

* Moved to openSSL SHA1, initial JWT plugin

* removed vog

* fixed SHA1 algo

* typo

* use php-jwt, use proper way to add PHP modules, via composer

* fixed module path

* first attempt to fix cast error

* own fork

* own fork

* add composer vendor directory

* go back to jwt-cpp as PR merged

* moved to jwt-cpp after PR merge

* New token= query for JWT

* Add JWT token creation, move old code to a different function for future deprecation, simplified code for ZM_XX parameter reading

* JWT integration, validate JWT token via validateToken

* added token validation to zms/zmu/zmuser

* add token to command line for zmu

* move decode inside try/catch

* exception handling for try/catch

* fix db read, forgot to exec query

* remove allowing auth_hash_ip for token

* support refresh tokens as well for increased security

* remove auth_hash_ip

* Error out if used did not create an AUTH_HASH_SECRET

* fixed type conversion

* make sure refresh token login doesn't generate another refresh token

* fix absolute path

* move JWT/Bcrypt inside zm_crypt

* move sha headers out

* move out sha header

* handle case when supplied password is hashed, fix wrong params in AppController

* initial baby step for api tab

* initial plumbing to introduce token expiry and API bans per user

* remove M typo

* display user table in api

* added revoke all tokens code, removed test code

* use strtoul for conversion

* use strtoul for conversion

* use strtoul for conversion

* more fixes

* more fixes

* add mintokenexpiry to DB seek

* typo

* add ability to revoke tokens and enable/disable APIs per user

* moved API enable back to system

* comma

* enable API options only if API enabled

* move user creation to bcrypt

* added password_compat for PHP >=5.3 <5.5

* add Password back so User object indexes don't change

* move token index after adding password

* demote logs

* make old API auth optional, on by default

* make old API auth mechanism optional

* removed stale code

* forgot to checkin update file

* bulk overlay hash mysql encoded passwords

* add back ssl_dev, got deleted

* fix update script

* added token support to index.php

* reworked API document for new changes in 2.0

* Migrate from libdigest to crypt-eks-blowfish due to notice

* merge typo

* css classess for text that disappear

* fixed html typo

* added deps to ubuntu control files

* spaces

* removed extra line

* when regenerating using refresh tokens, username needs to be derived from the refresh token, as no session would exist

* add libssl1.0.0 for ubuntu 16/12

* small API fixes

* clean up of API, remove redundant sections

* moved to ZM fork for bcrypt

* whitespace and google code style

* regenerate auth hash if doing password migration

* dont need AUTH HASH LOGIN to be on

* Add auth hash verification to the user logged in already case

* fix missing ]

* reject requests if per user API disabled
2019-05-24 13:48:40 -04:00
Isaac Connor 729dee5dda Merge branch 'master' into storageareas 2019-05-24 10:06:14 -04:00
Isaac Connor db9ba7eeab Add StartDateTime and EndDateTime as Sort options. Fixes #2614 2019-05-24 10:02:15 -04:00
Isaac Connor f9004443cf Merge branch 'master' into storageareas 2019-05-24 09:37:03 -04:00
Isaac Connor 843a9a6630 Merge branch 'pliablepixels-crypt-replacement3' into storageareas 2019-05-24 09:36:54 -04:00
Isaac Connor 2fc7b3cf4d Don't allow deleting of in-progress recording 2019-05-24 09:31:48 -04:00
Isaac Connor aa1264f4d2 fix missing ] 2019-05-23 16:26:40 -04:00
Isaac Connor 4466ef13fd Merge branch 'pliablepixels-crypt-replacement3' into storageareas 2019-05-23 15:21:58 -04:00
Isaac Connor 7559c975e3 Merge branch 'crypt-replacement' of https://github.com/pliablepixels/ZoneMinder into pliablepixels-crypt-replacement3 2019-05-23 15:15:52 -04:00
Isaac Connor 883688a72d Add auth hash verification to the user logged in already case 2019-05-23 15:15:37 -04:00
Pliable Pixels 57708c016c dont need AUTH HASH LOGIN to be on 2019-05-23 14:59:21 -04:00
Isaac Connor d5120f7506 regenerate auth hash if doing password migration 2019-05-23 14:30:45 -04:00
Isaac Connor bc9116dd94 whitespace and google code style 2019-05-23 14:27:17 -04:00
Isaac Connor 2ce2381269 Merge branch 'crypt-replacement' of https://github.com/pliablepixels/ZoneMinder into pliablepixels-crypt-replacement 2019-05-19 08:45:42 -04:00
Pliable Pixels 8e1037458a when regenerating using refresh tokens, username needs to be derived from the refresh token, as no session would exist 2019-05-18 11:23:16 -04:00
Isaac Connor 93aeceecfc Merge branch 'crypt-replacement' of https://github.com/pliablepixels/ZoneMinder into pliablepixels-crypt-replacement 2019-05-17 10:18:15 -04:00
Pliable Pixels 95460a945a added token support to index.php 2019-05-14 19:22:49 -04:00
Pliable Pixels e9f843f297 bulk overlay hash mysql encoded passwords 2019-05-13 14:29:24 -04:00
Pliable Pixels adb01c4d0e added password_compat for PHP >=5.3 <5.5 2019-05-12 13:57:25 -04:00
Pliable Pixels d7dbaf52d4 move user creation to bcrypt 2019-05-12 13:01:29 -04:00
Pliable Pixels a9d601e5ae add ability to revoke tokens and enable/disable APIs per user 2019-05-12 10:56:17 -04:00
Pliable Pixels ae14be916c initial plumbing to introduce token expiry and API bans per user 2019-05-11 13:39:40 -04:00
Pliable Pixels 95b448abdd handle case when supplied password is hashed, fix wrong params in AppController 2019-05-10 11:25:55 -04:00
Pliable Pixels f9730bb46b remove auth_hash_ip 2019-05-08 14:07:48 -04:00
Pliable Pixels bc050fe330 support refresh tokens as well for increased security 2019-05-08 13:38:42 -04:00
Pliable Pixels b293592e4c added token validation to zms/zmu/zmuser 2019-05-08 10:55:32 -04:00
Pliable Pixels e8f79f3254 JWT integration, validate JWT token via validateToken 2019-05-07 15:04:51 -04:00
Isaac Connor 5fe565b99d spacing 2019-05-06 10:49:18 -04:00
Pliable Pixels ca3f65deef go back to jwt-cpp as PR merged 2019-05-05 14:32:09 -04:00
Pliable Pixels a55a11dad1 first attempt to fix cast error 2019-05-05 11:24:55 -04:00
Pliable Pixels 8d62c61b7a fixed module path 2019-05-05 07:50:52 -04:00
Pliable Pixels 725c3c50ed use php-jwt, use proper way to add PHP modules, via composer 2019-05-05 07:08:25 -04:00
Pliable Pixels 887912e7ad bcrypt auth migration in PHP land 2019-05-01 13:22:24 -04:00
Isaac Connor b3fb934fb5 add namespace to Logging calls 2019-04-29 14:16:55 -04:00
Isaac Connor 077ad75516 Merge branch 'storageareas' into origin/zma_to_thread 2019-04-25 12:41:48 -04:00
Isaac Connor 1a1c2db15f add the shutdown view and actions 2019-04-12 14:55:56 -04:00
Isaac Connor 780f4f9b9a Merge branch 'master' of github.com:zoneminder/ZoneMinder 2019-04-06 09:27:44 -04:00
Isaac Connor 381f526d66 spacing 2019-04-05 15:18:20 -04:00
Isaac Connor 8f3d1f8653 fix a missing = and use csrf_get_tokens instead of csrf_get_secret which is the wrong function 2019-04-02 15:25:14 -04:00
Isaac Connor 9e96c29620 Log a failed csrf check 2019-04-02 15:24:47 -04:00
Isaac Connor 8a90176a2c Add CanReboot to Controls 2019-04-02 09:25:50 -04:00
Isaac Connor 15fb546e15 spacing 2019-04-01 11:13:35 -04:00
Isaac Connor 49e3f0a68e eslint fixes 2019-03-28 09:43:31 -04:00
Isaac Connor 4eafc52955 spacing 2019-03-25 12:18:01 -04:00
Isaac Connor 8d07a4a08f Log useful error messages when can't mkdir the monitor events dir or the symlink to it. symlink is a warning because the symlink is just a user aid 2019-03-25 11:58:04 -04:00
Isaac Connor bd5c9b5b20 add Control to ZM namespace 2019-03-24 09:58:50 -04:00
Isaac Connor 8f28ba0be3 beter debug and less often when no terms in parseFilter 2019-03-22 17:28:12 -04:00
Isaac Connor 6d4d353209 fix namespace on MontageLayout 2019-03-22 17:27:58 -04:00
Isaac Connor 7f7acc18ee spacing and code doc 2019-03-21 14:14:30 -04:00
Isaac Connor f434042c52 fix spacing 2019-03-21 14:14:15 -04:00
Isaac Connor 6efeab5f8d improve readability of parseFilter 2019-03-20 14:26:48 -04:00
Isaac Connor 3f9564c10a Merge branch 'master' into storageareas 2019-03-19 10:37:35 -04:00
Isaac Connor 72b87a7c00 Add code to be a bit more careful about not deleting all events when an incomplete event object is used. 2019-03-19 09:36:58 -04:00
Isaac Connor 520c41da23 Merge ../ZoneMinder.connortechnology.bad into storageareas 2019-03-18 14:40:03 -04:00
Matthew Noorenberghe 3c31dd63ce Use zm_session_start() for API auth. Fixes #2547 2019-03-11 00:27:46 -07:00
Isaac Connor 6c8eac1ac8 Merge branch 'storageareas' into h265 2019-03-06 11:10:01 -05:00
Isaac Connor fa124eb29a Merge branch 'master' of github.com:zoneminder/ZoneMinder 2019-03-05 14:35:15 -05:00
Isaac Connor 0022dbfb76 add a newline to improve readability 2019-03-05 14:31:39 -05:00
Isaac Connor e59eb510e3 update and fix the donate popup 2019-03-05 13:10:04 -05:00
Isaac Connor 73ae3f49ed Merge branch 'master' into storageareas 2019-03-05 11:35:55 -05:00
Isaac Connor 7779edb485 Fix saving multiple monitors at once by moving the relevant code to includes/actions/monitors.php 2019-03-05 11:02:37 -05:00
Isaac Connor 49a1954f96 fix typo and remove deprecated DefaultView 2019-03-05 11:01:39 -05:00
Isaac Connor 8b29c5f54c Fix typo: Ineterval to Interval 2019-03-05 10:58:23 -05:00
Isaac Connor f446e73ff7 Typo: AnalysisUpdateDelete to AnalysisUpdateDelay 2019-03-05 10:55:27 -05:00
Isaac Connor 778707c8df Merge branch 'master' into storageareas 2019-03-04 14:33:28 -05:00
Isaac Connor 96e29c0299 fix up remaining issues with cycle updates 2019-03-04 13:35:40 -05:00
Isaac Connor 190142b24c Merge branch 'master' into storageareas 2019-03-01 17:47:07 -05:00
Isaac Connor 7703661cb1 Don't use streaming port in UrlToIndex because xmlHttpRequest won't send cookies to a different port 2019-03-01 17:25:17 -05:00
Isaac Connor 466c379e94 Merge branch 'master' into storageareas 2019-03-01 14:03:49 -05:00
Isaac Connor 675b4975b0 Fix control presets 2019-03-01 13:37:34 -05:00
Isaac Connor 20fe502ca4 Add ZM to ErrorHandler. Spacing and quotes 2019-02-27 12:02:40 -05:00
Isaac Connor af9c87a112 Merge branch 'master' into storageareas 2019-02-27 10:53:19 -05:00
Isaac Connor 6e4444099b Only populate session with user info on successful login. Use parameters in sql when loading users in getAuthUser. Fixes #2542 2019-02-27 09:57:50 -05:00
Isaac Connor c0ae7820bb add zmeventnotification to Server object 2019-02-27 09:28:36 -05:00
Isaac Connor df3e11d83c Fix authentication in api because we no longer store the user object in the session 2019-02-26 17:01:45 -05:00
Isaac Connor a00e2381b7 Merge branch 'master' into storageareas 2019-02-26 11:33:29 -05:00
Isaac Connor 92dc7878de
Fix 2340 (#2368)
* include includes/functions.php so that we have access to all it's contents

* add a beforeDelete function which deletes the files.  Add other needed functions like Path() LinkPath() etc.

* add require_once for Storage and functions because we use them in Event

* Now that ZM has namespaces use the ZM Event class to do the heavy lifting of delete

* Don't need functions in AppController anymore
2019-02-26 11:28:56 -05:00
Isaac Connor 5da51d51bc Merge branch 'master' into storageareas 2019-02-26 10:55:51 -05:00
Isaac Connor 53c0fae688 Merge fix from storageareas for archive/delete in events list 2019-02-26 10:22:58 -05:00
Isaac Connor 2187dea2aa add namespace to Warnings 2019-02-25 15:11:08 -05:00
Isaac Connor 46c6735311 Missing namespace on filter. Fixes #2541 2019-02-24 10:02:49 -05:00
Isaac Connor 279e0d8bcf Merge branch 'storageareas' into zma_to_thread 2019-02-22 11:39:58 -05:00
Isaac Connor fd310c0f0a Merge branch 'master' into storageareas 2019-02-22 11:33:47 -05:00
Isaac Connor 2b90bf15a6
Improve session (#2487)
* Introduce ZM_COOKIE_LIFETIME which sets the life of the SESSION cookie, instead of using what is in php.ini

* Use zm specific session functions, which are now located in includes/session.php.  Be more agressive about clearing session on logout.

* Move session code to includes/session.php

* remove duplicate line

* Move is_session_open to session.php.  Move code to clear a session into session.php

* improve debug line when there is a problem updating config entry

* split description into description and help text for COOKIE_LIFETIME

* Remove redirect on line.  We do it in javascript on postlogin view so that we can say logging in before switching to console

* If there is a username in the session, then we are logged in, but we need to load the user object from the db.  We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request.

* Use session_regenerate_id instead of our broken code to do the same

* Move auth code to includes/auth.php

* add autocomplete tags to username and password inputs

* Don't redirect to login if we are already viewing login.  Put auth before including skin includes

* need to include session.php in auth.php

* update to php namespace
2019-02-22 09:43:38 -05:00
Isaac Connor 410cb70ddb
get rid of js that just does the form submit. Upgrade the button from an input to a button. Use 0 and 1 instead of accept and decline, which allows us to pre-select the current value of ZM_TELEMETRY_DATA. So that if you had previously declined, you won't accidentally accept. This fixes the reported error that choosing decline would cause the setting to not be saved and the privacy popup to happen again. (#2534) 2019-02-22 09:20:54 -05:00
Isaac Connor 8dd8888975
Php namespace (#2537)
* experiment with namespaces on the Server class

* experiment with namespaces on the Server class

* Implement the ZM namespace on objects

* Implement the ZM namespace on objects

* Implement the ZM namespace on objects
2019-02-22 09:19:07 -05:00
Isaac Connor 8837015239 remove bogus test for Filter Id 2019-02-19 13:54:25 -05:00
Isaac Connor 6d1541a4d2 Merge branch 'fix_privacy_view' into storageareas 2019-02-19 12:57:01 -05:00
Isaac Connor 97a888c0db get rid of js that just does the form submit. Upgrade the button from an input to a button. Use 0 and 1 instead of accept and decline, which allows us to pre-select the current value of ZM_TELEMETRY_DATA. So that if you had previously declined, you won't accidentally accept. This fixes the reported error that choosing decline would cause the setting to not be saved and the privacy popup to happen again. 2019-02-19 12:54:12 -05:00
Isaac Connor 4b3519c84a Merge branch 'storageareas' into zma_to_thread 2019-02-18 17:04:42 -05:00
Isaac Connor 5029d7214a Merge branch 'master' into storageareas 2019-02-18 17:00:45 -05:00
Mitch Capper b646284da3 don't quote dbEscape values it will quote it already (#2529) 2019-02-17 11:31:28 -05:00
Isaac Connor a9e2011727 Merge branch 'storageareas' into zma_to_thread 2019-02-13 12:24:38 -05:00
Isaac Connor b25770a2f0 Merge branch 'master' into storageareas 2019-02-13 11:52:31 -05:00
Isaac Connor d0745da11c fix path to Control.php 2019-02-13 11:52:16 -05:00
Isaac Connor dd641793a2 Merge branch 'improve_session' into storageareas 2019-02-13 11:17:30 -05:00
Isaac Connor 91a280e56e need to include session.php in auth.php 2019-02-13 11:17:15 -05:00
Isaac Connor a3374aa26c Merge branch 'reload_zmfilter_on_filter_save' into storageareas 2019-02-11 13:26:53 -05:00
Isaac Connor 5695be9f32 rough in a control function in Filter object. Use it to start/stop zmfilter processes when filters are deleted or Saved. 2019-02-11 13:21:00 -05:00
Matthew Noorenberghe cdbd59f054 bandwidth.php: Submit to the 'bandwidth' view but render the 'none' view. Fixes #2493 2019-02-10 13:22:08 -08:00
Isaac Connor 555cb4780d Merge branch 'master' into storageareas 2019-02-10 12:37:45 -05:00
Matthew Noorenberghe a6ee79f428 Fix typo in dbc1c7b72f comment 2019-02-09 22:40:39 -08:00
Matthew Noorenberghe dbc1c7b72f Only output the CSRF Try Again button (and add a warning) when ZM_LOG_DEBUG is on. Fixes #2469 2019-02-09 22:39:54 -08:00
Matthew Noorenberghe a97711de89 Replace or sanitize remaining uses of PHP_SELF. Fixes #2446 2019-02-09 22:12:36 -08:00
Matthew Noorenberghe effd609ff7 Escape output of state names. Fixes #2475 2019-02-09 20:40:08 -08:00
Matthew Noorenberghe c9d597dced logger.php: Don't output Panic messages unless debugging is on. Fixes #2460 2019-02-09 18:51:30 -08:00
Matthew Noorenberghe 6d2f3c265f events.php: Remove inline event handlers and enforce CSP 2019-02-09 17:34:59 -08:00
Matthew Noorenberghe fcbc22b6a2 functions.php: Ensure 'limit' request parameter is an integer. Fixes #2456 2019-02-09 17:27:47 -08:00
Matthew Noorenberghe 502f53fad0 functions.php: Fix SQLi in getFormChanges 2019-02-09 17:15:02 -08:00
Matthew Noorenberghe 254b7286b4 monitor.php: Escape SignalCheckColour to prevent XSS. Fixes #2451 2019-02-09 16:41:54 -08:00
Matthew Noorenberghe b2a97ee190 frame.php: Fix multiple XSS from 'show' and 'scale' parameters and enforce CSP.
Fixes #2448, fixes #2449, and fixes #2447.
2019-02-09 15:10:45 -08:00
Matthew Noorenberghe c8066919ff functions.php: Esacepe textContent in htmlOptions() 2019-02-09 14:14:46 -08:00
Matthew Noorenberghe 98e0a0d2c5 Don't output Fatal(...) error messages unless debugging is on to avoid leaking info. Fixes #2459 2019-02-09 02:18:57 -08:00
Matthew Noorenberghe 02f09aad7f view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443 2019-02-09 02:01:26 -08:00
Matthew Noorenberghe 0b38e72f88 view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441 2019-02-09 01:16:32 -08:00
Isaac Connor d33e094526 Merge branch 'master' into storageareas 2019-02-06 17:03:41 -05:00
Isaac Connor 8e62c93f5f add to_json function to Storage. 2019-02-06 11:44:36 -05:00
Isaac Connor d121ecab75 Merge branch 'improve_session' into storageareas 2019-02-05 15:48:42 -05:00
Isaac Connor 141f2afc8c Merge branch 'master' into storageareas 2019-02-05 15:46:58 -05:00
Isaac Connor 21702dcc68 Merge branch 'master' into improve_session 2019-02-05 12:35:29 -05:00
Isaac Connor c54fe7e89a fix state actions 2019-02-05 12:35:06 -05:00
Isaac Connor cb0d9325e6 Use session_regenerate_id instead of our broken code to do the same 2019-02-05 11:45:09 -05:00
Isaac Connor 2466d765bf If there is a username in the session, then we are logged in, but we need to load the user object from the db. We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request. 2019-02-05 11:44:45 -05:00
Isaac Connor 5a9083fe86 Remove redirect on line. We do it in javascript on postlogin view so that we can say logging in before switching to console 2019-02-05 11:40:58 -05:00
Isaac Connor 97e3a8178a use session_regenerate_id instead of other strange code 2019-01-30 16:08:09 -05:00
Isaac Connor b09a71d0e2 code style 2019-01-30 16:06:16 -05:00
Isaac Connor 71f961d012 remove redirect to console on login, as it is done in javascript after Logging in message is displayed 2019-01-30 16:05:51 -05:00
Isaac Connor 4e10e6f0ae Merge branch 'improve_session' into storageareas 2019-01-30 15:26:37 -05:00
Isaac Connor 9a3aa49bae Merge branch 'fix_bandwidth' into storageareas 2019-01-30 15:18:16 -05:00
Isaac Connor 533d021dea Merge branch 'master' into storageareas 2019-01-30 15:17:27 -05:00
Isaac Connor 604dbf8776 fix state changing/etc 2019-01-30 14:36:46 -05:00
Isaac Connor 2e2404643f Fix bandwidth due to new actions code. Update buttons on bandwidth popup 2019-01-30 13:20:24 -05:00
Isaac Connor cc0b5e0f1f Move is_session_open to session.php. Move code to clear a session into session.php 2019-01-30 12:52:01 -05:00
Isaac Connor 0eba430932 remove duplicate line 2019-01-30 11:05:43 -05:00
Isaac Connor 85bb70df68 Use zm specific session functions, which are now located in includes/session.php. Be more agressive about clearing session on logout. 2019-01-30 11:05:19 -05:00
Matt N 8c5687ca30 Fix name/protocol XSS in controlcaps.php. Fixes #2445 (#2479) 2019-01-25 08:35:07 -05:00
Matt N fd6179d7c8 Enforce CSP on many more views (#2480) 2019-01-25 08:34:29 -05:00
Matthew Noorenberghe 47d8c9b066 plugin.php: Remove undefined onclick function reference and enforce CSP
Also fix tag closing.
2019-01-23 19:47:58 -08:00
Isaac Connor 6eb4d7ae27
Filter improvements (#2438)
* Put back code to close the popup when view is none

* clean up and reduce depth of some logic

* Increase width of user popup

* fix code style

* Make execute_filter work on a filter Id instead of name

* rework logic to reduce code depth. Change view to events to display the results of execute.

* Change the redirect to stay on the new view.  When redirecting from executing a filter, it was redirecting to filter.

* Set a form action for correctness. Change execute button to a button instead of a submit. Stay on the filter view when executing
2019-01-23 11:30:51 -05:00
Isaac Connor cc8de69eba Merge branch 'master' into storageareas 2019-01-22 11:44:42 -05:00
Isaac Connor ae703c45ee Set closePopup=true so that we don't need code in the none view to close the popup. The common code in skin.js will take care of it. 2019-01-22 09:14:33 -05:00
Matt N 0619a4a161 Validate cnj, obr, and cbr arguments in parseFilter (#2434) 2019-01-22 08:03:25 -05:00
Isaac Connor 7260f823cb Merge branch 'master' into storageareas 2019-01-21 13:52:38 -05:00
Isaac Connor a2d4dc974b Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-21 11:19:07 -05:00
Isaac Connor fbc236128e add a function to format a time into a duration. Can't use date() because 0 doesn't give us 00:00:00 it gives 19:00:00 2019-01-21 11:16:14 -05:00
Isaac Connor b24b930f65 After login go to postlogin, not console. the login view is in a popup so we want to close 2019-01-21 11:15:36 -05:00
Matt N d7ebc85d81 Replace remaining `console` inline event handlers (#2432)
* Use a hidden submit button in _monitor_filters rather than onkeydown

* events/console: Convert checkbox header toggle inline event listeners
2019-01-21 11:11:40 -05:00
Matt N 35fb4366b6 Fix recaptcha support with the CSP (#2420) 2019-01-19 09:47:04 -05:00
Matt N 4e48939660 Add a validateForm event listener and enforce CSP on some views (#2425)
* Add a validateForm event listener and enforce CSP on the controlcap view

* filter.php: Use .validateFormOnSubmit

* server.php: Use .validateFormOnSubmit and fix makePopupButton condition check

* Use .validateFormOnSubmit and enforce CSP on the storage view
2019-01-19 09:41:53 -05:00
Isaac Connor 552e14a971 Merge branch 'master' into storageareas 2019-01-18 10:36:59 -05:00
Matt N 6bb5aa1b87 More inline JS / nonce conversions (#2415)
* monitor.php: Add nonce and move <script> inside </body>

* export_functions.php: Untested: Add @nonce to <script>

* blank.php: Add @nonce to <script> and add to CSP enforced views

* Enforce CSP on login and privacy views

* group.php: Add nonce and move <script> inside </body>

* filter.php: Add @nonce to <script>

* Fix updateButtons argument on the filter page upon change and page load

* events.php: Add @nonce to <script>
2019-01-18 09:51:06 -05:00
Isaac Connor 599769b701 rework logic of functions to be more verbose about errors. Implement javascript Nonce support when view=none 2019-01-17 08:50:33 -05:00
Isaac Connor 87d1390fed Merge branch 'storageareas' into h265 2019-01-16 15:20:17 -05:00
Isaac Connor f49dd93b6a Merge branch 'master' into storageareas 2019-01-16 14:39:56 -05:00
Isaac Connor 1f3da476b8 switch to single quotes 2019-01-16 14:04:24 -05:00
Isaac Connor b1cc0c2b82 add CSP nonce to CSRF rewriting 2019-01-16 14:04:07 -05:00
Isaac Connor d8ef33396a If multi-port is on, we need to output CORS headers 2019-01-16 13:44:57 -05:00
Isaac Connor ba21820fd0 fix typo 2019-01-16 12:10:34 -05:00
Isaac Connor eee1d871e0 get rid of default value for PathToIndex so that it will use PHP_SELF instead 2019-01-16 12:09:26 -05:00
Matt N d33fec9c3f Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy

* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'

Only handle ones that don't return a value.

* Use @data-on-click to attach inline click event handlers with no args and no return value

* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument

* Enforce a script-src CSP on views without inline JS

* Convert some onchange attributes to data-on-change
2019-01-16 09:59:58 -05:00
Isaac Connor fd696bc066 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-15 11:38:56 -05:00
Isaac Connor 3182d8bab7 implement to_json method so that defaults get included 2019-01-15 11:36:56 -05:00
Andrew Bauer 07d8ac1d49 implement timezone check function (#2387)
* implement timezone check function

* remove comment

* also check if the timezone is valid

* whitespace
2019-01-15 09:05:11 -05:00
Matt N 083f284599 Replace onclick inline event handlers for createPopup (#2410)
* Move <script> before </body>

* Change makePopupLink to not use onclick

* Change makePopupButton to not use onclick

* Use .popup-link in control_functions.php

* Use makePopupButton in controlcaps.php

* Prevent double-encoding in makePopup*

* Use makePopupButton in devices.php

* Use makePopupButton in logout.php

* Use makePopupLink in monitor.php

* Use makePopupLink and .popup-link in montage.php

* Use makePopupButton in options.php

* Use makePopupButton, makePopupLink, and .popup-link in zones.php
2019-01-15 09:01:58 -05:00
Isaac Connor f726666f54 Merge branch 'master' into h265 2019-01-14 12:36:11 -05:00
Isaac Connor fc7403fe3d Merge branch 'master' into storageareas 2019-01-13 14:53:34 -05:00
Isaac Connor c834fbe462 the filter action should singular filter, not filters 2019-01-13 14:52:39 -05:00
Isaac Connor b373577589 fix function view after actions cleanup 2019-01-10 12:08:25 -05:00
Isaac Connor f3a807f1f8 Merge branch 'master' into storageareas 2019-01-07 09:21:25 -05:00
Isaac Connor b4f8500cb5 Merge branch 'split_actions' 2019-01-05 18:33:04 -05:00
Isaac Connor 3f10553464 Fix include path to Monitors.php 2019-01-05 18:32:53 -05:00
Isaac Connor 1a75cf333e Merge branch 'master' into storageareas 2019-01-05 11:12:38 -05:00
Isaac Connor e34a5e972a fix missing } 2019-01-05 11:12:26 -05:00
Isaac Connor 8eb61b1c11 Merge branch 'master' into storageareas 2019-01-05 10:16:38 -05:00
Isaac Connor 5b5905c83a We always use markEids[] now 2019-01-04 16:29:16 -05:00
Isaac Connor 0e20666992 fix eventdetail actions being in events 2019-01-04 15:43:31 -05:00
Isaac Connor ab198bfd75 remove master version of actions.php 2019-01-04 15:29:21 -05:00
Isaac Connor 52466c398b Merge branch 'split_actions' into storageareas 2019-01-04 15:28:55 -05:00
Isaac Connor b8d065275b Merge branch 'master' into storageareas 2019-01-04 15:22:18 -05:00
Isaac Connor e2f32ab091 Upgrade config saving 2019-01-04 09:43:36 -05:00
Isaac Connor 7ec96655c3 fix missing ! when testing for permission on editing config 2019-01-04 09:37:26 -05:00
Isaac Connor 5b9bf48945 Merge branch 'master' into split_actions 2019-01-04 09:35:54 -05:00
Isaac Connor 46adcbb66b Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-04 09:34:51 -05:00
Isaac Connor edeaa07c12 Fix no quotes around Id 2019-01-04 09:34:42 -05:00
Isaac Connor 6cad852e11 fix path to MontageLayout 2019-01-04 09:34:18 -05:00