Commit Graph

170 Commits

Author SHA1 Message Date
Andrew Bauer 3258d8e590 remove ZM_DIR_IMAGES (#2374) 2018-12-29 09:52:58 -05:00
Andrew Bauer 8d74354fcb
Merge pull request #2242 from connortechnology/cleanup_auth
Cleanup auth
2018-12-12 20:53:24 -06:00
Isaac Connor 702143e51b Create a function called getBodyTopHTML that outputs the body tag and anything else that should go at the top.
Things like the we require javascript message, and any other messages like error messages.
Use this on the monitor and console view to stick an error message at the top when saving a monitor fails.

This is a pretty quick, crude implementation.
2018-11-07 12:33:54 -05:00
Isaac Connor a3d0cb42ea Move GOOGLE RECAPCHA to includes/auth.php, clean login actions. 2018-10-09 10:05:50 -04:00
Pliable Pixels 4d626dfb4e allow username&password even if AUTH_HASH is enabled (#2231) 2018-10-08 17:28:03 -04:00
Isaac Connor efda26121b allow login by username&password in request 2018-10-02 16:59:05 -04:00
Isaac Connor 623d31edae Don't do csrf for view=image 2018-08-31 11:58:17 -04:00
Isaac Connor 0823b28712 whitespace changes. Make Privacy test an else so that PRIVACY checks don't happen if not logged in 2018-08-31 10:37:11 -04:00
Andrew Bauer 8f0fb0843a Add Privacy Statement (#2194)
* initial implementation of privacy popup

* split the privacy text and run it through translate

* change style of toggle button, validate the form

* fix copy/paste error

* fix typos

* display privacy view inline rather than popup

* display privacy inline if show_privacy flag set

* redirect to console after selection is made

* typo

* css formatting

* update privacy verbiage

* create and load default.php

* fix typos

* fix erroneous copy/paste
2018-08-30 13:25:02 -04:00
Isaac Connor 15a6eb7e78
Revert "Add Privacy Statement (#2176)" (#2179)
This reverts commit 56f4d768c2.
2018-08-13 15:33:43 -04:00
Andrew Bauer 56f4d768c2 Add Privacy Statement (#2176)
* initial implementation of privacy popup

* split the privacy text and run it through translate

* change style of toggle button, validate the form

* fix copy/paste error

* fix typos

* display privacy view inline rather than popup

* display privacy inline if show_privacy flag set

* redirect to console after selection is made

* typo

* css formatting

* update privacy verbiage

* push privacy text to all language files
2018-08-13 15:23:44 -04:00
Isaac Connor 43827953cd test for existence of HTTP_X_FORWARDED_PROTO 2018-07-12 15:04:54 -04:00
Isaac Connor eb610cd3a1 rewrite the HTTP_X_FORWARDED_PROTO test to just make it part of the if instead of modifying SERVER['HTTPS'] 2018-07-12 11:38:58 -04:00
Mike Brown 6a5ff83848 Adding support for HTTP_X_FORWARDED_PROTO 2018-07-11 21:01:37 -05:00
Isaac Connor 3109536dda Alternate fix for video generation under csrf. Now we just turn off output buffering (discarding contents before sending the avi 2018-06-06 11:55:51 -04:00
Isaac cc27ce7ee9 Turn off csrf for archive downloading, which prevents out of memeory 2018-05-18 15:50:45 +02:00
Isaac Connor dcfd9a60bc close the session earlier 2018-04-14 22:26:47 -04:00
Isaac Connor 53ce8c008a move auth functions into it's own file 2018-04-06 14:36:23 -04:00
Isaac Connor a9f4b7899a move session closing higher up before actions.php. 2018-03-20 12:18:29 -07:00
Isaac Connor b390633f70 Fix authHash generation 2018-01-31 14:58:01 -05:00
Isaac Connor c59751713b fix redirect 2018-01-28 17:31:00 -05:00
Isaac Connor 8a4b17fb50 turn into a url instead of boolean. Use it to refresh the options page on change so that changes are instantly noticable 2018-01-28 15:13:57 -05:00
Isaac Connor bb9d640c01 use instead of ['request'] to fix behaviour when request has been emptied due to failed auth 2018-01-26 12:56:38 -05:00
Isaac 5865bbfb12 turn off debugging 2018-01-24 23:07:21 +01:00
Isaac 06c9266c62 use snapshot.jpg more 2018-01-22 03:27:01 +01:00
Isaac Connor cb70a3627f Fixes to montagereview and only load event data when in History mode 2017-11-28 14:50:21 -05:00
Isaac Connor c0e49b65ef stop writing env to /tmp/env 2017-11-24 15:38:07 -05:00
Isaac Connor 4b92a788f7 fix filter execute 2017-11-24 15:37:50 -05:00
Isaac Connor b5491102ef Fix saving MontageLayouts 2017-10-30 20:21:16 -04:00
Isaac Connor a6c790b374 use a shared include for the filters bar 2017-10-30 07:37:08 -07:00
Isaac Connor bc150574c7 wip import 2017-10-26 18:56:10 -07:00
Isaac Connor 4be133ed09 remove btn styles from buttons. make groups, cycle, montage, montage review non-popups. Add datetime filters to montagereview. Fix dark skin 2017-09-30 14:19:32 -04:00
Isaac Connor 160a553fb9 Don't do csrf for frames view either. If there are a lot of frames, we run out of mem. 2017-09-27 17:33:06 -04:00
Isaac Connor 27fe468868 Don't do csrf for view=video because the output buffering will make it run out of ram 2017-08-09 11:15:00 -04:00
Isaac Connor b030fee429 don't do csrf checks for control commands 2017-07-14 12:29:24 -04:00
Isaac Connor d7950bd732 Merge branch 'master' into knnniggett-configfiles 2017-07-03 21:53:47 -04:00
Isaac Connor f782aeccd9 fix view is view_video, not action=niew_video 2017-06-26 21:09:54 -04:00
Isaac Connor 3a113899ed whitespace and braces fixing 2017-06-26 14:29:45 -04:00
Isaac Connor c1b8105c0e only include csrf if it's going to be used. This fixes view_video using up all ram sending a video file 2017-06-26 14:23:54 -04:00
Isaac Connor d97d156efb Don't do csrf for view_video 2017-06-26 11:48:26 -04:00
Isaac Connor c7026a1b65 requests should be csrf'd. view_video does not need to be 2017-06-20 10:56:59 -04:00
Isaac Connor 1932fa7f81 don't do CSRF for requests, and when not auth, clear the request so that we don't do it. 2017-06-20 10:52:16 -04:00
Isaac Connor 0e643f0f93 Merge branch 'master' into storageareas 2017-05-30 11:58:38 -04:00
Isaac Connor 3062fe43f3 revert csrf on login page. csrf needs to be off in order for zmNinja to work 2017-05-30 11:25:25 -04:00
Isaac Connor f851daca68 merge code to load video.js etc on Event view 2017-05-18 15:10:13 -04:00
Isaac Connor 3ccf7e102e fix Debug to Logger::Debug 2017-05-18 14:50:17 -04:00
Isaac Connor f4224bb88e Merge branch 'master' into storageareas 2017-05-17 17:47:39 -04:00
Matt N 33092e4022 Allow API authentication using the `auth` query parameter containing an auth. hash. (#1845)
* Allow API authentication using the `auth` query parameter containing an auth. hash.

Fixes #1827

The same auth. hash for zms is used here. This allows consumers to use the API without sending the password in the query string and not require forging logins via the login form.

* Move logger.php's global Debug function to Logger::Debug to avoid polluting globals

This avoids a conflict with CakePHP when logger.php gets included indrectly from API code.

* Protect action=login when ZM_ENABLE_CSRF_MAGIC is enabled
2017-05-15 21:51:48 -04:00
Isaac Connor 92854f5cba more debug 2017-05-05 16:37:30 -04:00
Isaac Connor dce39bb2a9 Merge branch 'master' into storageareas 2017-04-26 15:58:17 -04:00
Andrew Bauer 1a565a47f2 fix skin path in export_functions 2017-04-26 12:17:01 -05:00
Isaac Connor b87839f785 turn off csrf on view=view_video 2017-04-19 10:12:51 -04:00
Isaac Connor d1d4fa7b8f fix the redirect location 2017-04-19 10:02:07 -04:00
Isaac Connor 7815f1c539 introduce a redirect flag global variable to allow us to redirect. Which allows to redirect on successful login so we don't get repost popups 2017-04-05 10:05:21 -04:00
Isaac Connor b2db0888ae add a warning if csrf_check returns false 2017-03-30 10:46:13 -04:00
Isaac Connor 35067211e0 more the csrf to before actions.php 2017-03-29 10:19:00 -04:00
Isaac Connor 3cd9e46df9 Merge branch 'knnniggett-csrf' into storageareas 2017-03-28 20:44:38 -04:00
Andy Bauer eb55a6bb9b set action,view, and/or request to NULL if there are not defined 2017-03-28 17:52:31 -05:00
Andy Bauer 4e16ae6d19 add ZM_ENABLE_CSRF_MAGIC toggle 2017-03-28 17:29:36 -05:00
Andrew Bauer d38bae72ae integrate csrf-magic library 2017-03-18 20:12:06 -05:00
Kyle Johnson 746a096483 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2017-01-27 15:16:33 -07:00
Isaac Connor 30674919c4 always include Storage object, because in the end we will be using it everywhere 2017-01-02 10:34:45 -05:00
Isaac Connor 5ae34a7561 Merge branch 'master' into storageareas 2017-01-02 09:39:10 -05:00
Andy Bauer 2dda2d9e1e remove unneeded, empty files 2016-12-26 09:49:14 -06:00
Andy Bauer 254fcbcef7 update gpl 2 mailing address in source files 2016-12-26 09:23:16 -06:00
Isaac Connor 69c39f8a23 set http_only flag in cookie settings 2016-12-14 14:39:44 -05:00
Isaac Connor acbc5bc9e3 Merge branch 'cookie_http_only' into storageareas 2016-12-08 15:20:54 -05:00
Isaac Connor 772792a1b9 remove extra , 2016-12-08 15:20:43 -05:00
Isaac Connor 7f2bf04c2f Merge branch 'cookie_http_only' into storageareas 2016-12-08 14:26:13 -05:00
Isaac Connor 20793ee822 set httpOnly to true on cookie creation. This will override whatever is in php.ini 2016-12-08 14:25:29 -05:00
Isaac Connor c2d6b3d809 fix auth 2016-11-29 15:25:10 -05:00
Isaac Connor f9af1e7129 put authorized check back after including actions.php where it needs to go 2016-11-28 11:34:46 -05:00
Isaac Connor f153e9b8fb MontageReview should only be visisble to people who can view events. Fix running state 2016-10-20 13:38:12 -04:00
Isaac Connor 67e14bd12f move States loading code into state view where it belongs. Move runnign check into specific places where it is needed. These changes reduce events list load time by about 4 seconds for me. 2016-10-20 13:16:50 -04:00
Isaac Connor fc540786a5 Move login by auth hash out of actions.php and into index.php. Double quotes to single quotes and google code style changes in indx.php 2016-10-20 11:51:42 -04:00
Isaac Connor 01397b6695 Merge branch 'iconnor-updated-console' into storageareas 2016-05-06 14:31:27 -04:00
Isaac Connor 83795805f2 Move state getting into index.php 2016-05-06 14:30:50 -04:00
Isaac Connor 44e5b566b8 Merge branch 'iconnor-updated-console' into storageareas 2016-05-06 11:56:24 -04:00
Isaac Connor 8405db4750 Move running=daemonCheck from header to index.php so that it is defined early and can be used everywhere 2016-05-06 11:56:03 -04:00
Isaac Connor 851a81eff7 Merge pull request #1406 from ZoneMinder/svg_zones
replace the static zone image with a stream, and use SVG to draw the zones
2016-04-11 11:14:11 -04:00
Isaac Connor 56c2679afd Merge branch 'icon_video' into storageareas 2016-04-11 10:30:01 -04:00
Andrew Bauer 5542788a45 make cannot write to content dir an error, rather than fatal 2016-04-10 18:45:38 -05:00
Isaac Connor bbd33cc159 add monitor class so we don't have to everywhere else 2016-04-08 13:56:49 -04:00
Isaac Connor 1b69299c2d Include Monitor object so it can be used elsewhere 2016-03-29 14:36:42 -04:00
Isaac Connor c309cdaad4 include Event object so it can be used elsewhere 2016-03-29 12:06:51 -04:00
Isaac Connor 41d92bbf94 need to include Server class 2015-12-02 10:26:11 -05:00
Isaac Connor 644080fd41 call CORSHeaders 2015-12-02 10:05:27 -05:00
Andy Bauer cb7acb36ab Use relative URL's instead of absolute 2015-10-24 13:04:54 -05:00
Andrew Bauer 13aab8a1be Merge pull request #1113 from baffo32/1112-detect-missing-content
Fatal if content dirs are unwritable
2015-10-14 06:49:33 -05:00
baffo32 da8e9dd81b Remove reference to php.ini from timezone error 2015-10-13 16:55:38 -04:00
baffo32 250c3c31e1 Revised source-install specific recommendation. 2015-10-13 16:45:31 -04:00
baffo32 362b190641 Fatal if content dirs are unwritable 2015-10-12 16:16:22 -04:00
baffo32 4a280a73d1 Use Fatal function to report bad timezone 2015-10-12 15:43:24 -04:00
baffo32 d20478a15f Detect invalid timezones 2015-10-12 13:22:30 -04:00
baffo32 7190b532dd Fatal error if date.timezone is unset 2015-10-12 13:07:07 -04:00
Isaac Connor c0139e87ad define ZM_BASE_PROTOCOL 2015-09-17 15:14:43 -04:00
Isaac Connor 82f5ab5175 Fix use of DEFINED. It takes a string not a constant. When COOKIE is not set or has changed, set it 2015-05-11 16:22:14 -04:00
Isaac Connor 01af58018b close the session before requiring the page contents to fix the concurrency issue that exists due to using the file-backed session. 2015-04-20 13:06:34 -04:00
Isaac Connor 0af7d0cc0b check defined(ZM_DEFAULT_SKIN) otherwise php will turn it into a string 2015-02-19 16:04:06 -05:00
Isaac Connor b159f6ce9e Fatal->Error since Fatal is fatal 2015-02-19 15:57:37 -05:00