* added sha1 and bcrypt submodules
* added bcrypt and sha to src build process
* added test sha1 and bcrypt code to validate working
* bcrypt auth migration in PHP land
* added include path
* add sha source
* added bcrypt to others
* put link_dir ahead of add_executable
* fixed typo
* try add_library instead
* absolute path
* absolute path
* build bcrypt as static
* move to wrapper
* move to fork
* logs tweak
* added lib-ssl/dev for JWT signing
* Moved to openSSL SHA1, initial JWT plugin
* removed vog
* fixed SHA1 algo
* typo
* use php-jwt, use proper way to add PHP modules, via composer
* fixed module path
* first attempt to fix cast error
* own fork
* own fork
* add composer vendor directory
* go back to jwt-cpp as PR merged
* moved to jwt-cpp after PR merge
* New token= query for JWT
* Add JWT token creation, move old code to a different function for future deprecation, simplified code for ZM_XX parameter reading
* JWT integration, validate JWT token via validateToken
* added token validation to zms/zmu/zmuser
* add token to command line for zmu
* move decode inside try/catch
* exception handling for try/catch
* fix db read, forgot to exec query
* remove allowing auth_hash_ip for token
* support refresh tokens as well for increased security
* remove auth_hash_ip
* Error out if used did not create an AUTH_HASH_SECRET
* fixed type conversion
* make sure refresh token login doesn't generate another refresh token
* fix absolute path
* move JWT/Bcrypt inside zm_crypt
* move sha headers out
* move out sha header
* handle case when supplied password is hashed, fix wrong params in AppController
* initial baby step for api tab
* initial plumbing to introduce token expiry and API bans per user
* remove M typo
* display user table in api
* added revoke all tokens code, removed test code
* use strtoul for conversion
* use strtoul for conversion
* use strtoul for conversion
* more fixes
* more fixes
* add mintokenexpiry to DB seek
* typo
* add ability to revoke tokens and enable/disable APIs per user
* moved API enable back to system
* comma
* enable API options only if API enabled
* move user creation to bcrypt
* added password_compat for PHP >=5.3 <5.5
* add Password back so User object indexes don't change
* move token index after adding password
* demote logs
* make old API auth optional, on by default
* make old API auth mechanism optional
* removed stale code
* forgot to checkin update file
* bulk overlay hash mysql encoded passwords
* add back ssl_dev, got deleted
* fix update script
* added token support to index.php
* reworked API document for new changes in 2.0
* Migrate from libdigest to crypt-eks-blowfish due to notice
* merge typo
* css classess for text that disappear
* fixed html typo
* added deps to ubuntu control files
* spaces
* removed extra line
* when regenerating using refresh tokens, username needs to be derived from the refresh token, as no session would exist
* add libssl1.0.0 for ubuntu 16/12
* small API fixes
* clean up of API, remove redundant sections
* moved to ZM fork for bcrypt
* whitespace and google code style
* regenerate auth hash if doing password migration
* dont need AUTH HASH LOGIN to be on
* Add auth hash verification to the user logged in already case
* fix missing ]
* reject requests if per user API disabled
Adds fifo options for diagnostic images for much lower impact diagnostics mode. Diagnostic images are only written when there is a client listening for them (otherwise they are skipped). Also added a json stream for the detection data so you can see in real time the pixels or blobs detected for the motion. This allows for easy real time stream of both delta and reference images (as video streams) along with the detection numbers.
* Edit Help array to make it match others below. This should not affect the results
* Misc. grammer and spelling fixes along with removing some duplicated words. This should not affect compilation.
* More grammer and spelling errors
* Replace Javascript with ZoneMinder because it did not make sense there.
* More spelling and grammar edits
This set of methods invoke realtive iris size in the direction indicated by
the <Large/Small> portion of their name. They accept no arguments.
NOTE:
This only just does work. The Dahua API specifies "multiples" as the input.
We pass in a 1 for that as it does not seem to matter what number (0-8) is
provided, the camera iris behaves the same.
* Adding a button for camera reboot function
This series of commits will add a camera reboot function to the
control interface if supported by the camera configuration.
* Adding reboot function option to contorl configuration
This patch adds a reboot option to the camera control configuration
view.
* Adding Reboot field to Controls table
This patch adds a Reboot field to the Controls table to support
a camera reboot control option.
* Correcting button value to match reset
* Updating language files
I'm not sure of the proper procedure to trigger updating of
non-english language files so I'm updating them all with English
hoping that that will draw attention to the changes and others
will translate accordingly.
* Add missing forward slash
* Adding a presetHome method
The Dahua protocol does not appear to support a preset Home feature. We could
allow the user to assign a preset slot as the "home" slot. Dahua does appear
to support naming presets which may lend itself to this sort of thing. At
this point, we'll just send the camera back to center and zoom wide. (0°,0°,0)
* Adjusting naming of private methods and adding POD
* Adding relative focus methods
This patch also adds the return value of the get request used to
send the command to the camera.
Furthermore, it fixes a small bug in the authentication of requests
sent to the camera after the connection is opened. I really have no
idea why the problem occurred and it appeared to have no practical
effect on the execution of the command. It showed up when I enabled
debug, so this attempts to fix it or at least quiet it.
* Adding POD for the new relative focus methods
Also doing a bit of cleanup on POD in general.
* Adding some documentation to demystify control motion types
This was not clear to me at the outset, and I could not locate existing
documentation which explained the prioritization and exclusion aspects.
Maybe it will help someone else.
* Renaming private methods and adding more POD
This patch renames private methods by prefixing an underscore to
them. This at least helps visually distinguish them as private
when reading through the code.
It also adds more documentation on public methods.
* Grouping all relative motion methods together
This makes for easier reading.
* Adding in a reset method from Issue #2414
This method was supplied by kobold81 who got it from
bobylapointe69300 who posted it in the following forum post:
https://forums.zoneminder.com/viewtopic.php?f=9&t=27000&p=104601&hilit=dahua#p104601
This patch also includes some POD cleanup.
* Adding continuous movement methods and fixing reset
This patch adds the continuous movement methods provided in the patch
for Issue #2414. Note that these are not truly continuous as they
result in movement for less than a ms. Adapting the code to support
truly continuous movement would invovle some considerable work.
This patch also correct the reset method and adds a reboot method.
The two are different creatures with different effects.
POD added as well.
* Removing redundant get request code
Two slightly different versions of code are currently used to post
the get request to the camera in order to execute commands. This
patch modifies the open method in order to allow its re-use and
removes redundant code.
Note: This is the first installment on changes towards improving
the way the HTTP transactions are handled.
* Making authenication failures fatal
Authentication failures result in camera commands not being executed.
They may as well be fatal and return the general reason to the user
directly.
* Work on persistent sessions
I think this will have to wait since it appears that the camera expects
some sort of keepalive/heartbeat signal to keep the session open.
* Restoring accidentally deleted code
* Introduce ZM_COOKIE_LIFETIME which sets the life of the SESSION cookie, instead of using what is in php.ini
* Use zm specific session functions, which are now located in includes/session.php. Be more agressive about clearing session on logout.
* Move session code to includes/session.php
* remove duplicate line
* Move is_session_open to session.php. Move code to clear a session into session.php
* improve debug line when there is a problem updating config entry
* split description into description and help text for COOKIE_LIFETIME
* Remove redirect on line. We do it in javascript on postlogin view so that we can say logging in before switching to console
* If there is a username in the session, then we are logged in, but we need to load the user object from the db. We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request.
* Use session_regenerate_id instead of our broken code to do the same
* Move auth code to includes/auth.php
* add autocomplete tags to username and password inputs
* Don't redirect to login if we are already viewing login. Put auth before including skin includes
* need to include session.php in auth.php
* update to php namespace
* Add a control module to support the current Amcrest HTTP API
This patch adds ZoneMinder::Control::Amcrest_HTTP
This module is adapted and improved from one available on the ZoneMinder
forums.[1] It appears that a number of individuals have contributed to
it. This is an attempt to correct some of its interactions with ZM::Control
and friends as well as enhance and extend supported control features
for Amcrest cameras.
This work is based on Amcrest HTTP Protocol API Specifications
Rev. 2.12 2017-03-15
[1]https://forums.zoneminder.com/download/file.php?id=1878
* Fixing zoom methods
* Misc. cleanup of comments, etc.
* Fixing up POD, etc.
* Converting line endings to Unix
* Fixing up preset methods
The current Amcrest HTTP API does not support a Home command per se. So this
method is set up to send the camera to the first preset position. Of course,
this presupposes that the user will setup a preset #1 otherwise the command
will fail on a bad preset error.
If a future version of the API supports a true Home command, we'll adjust
at that point. For now this seems to be a useful workaround.
* Removing duplicate home method
* Adding moveAbs method
I'm putting this in, but absolute camera movement does not seem to be well
supported in the classic skin ATM. Reading
www/skins/classic/include/control_functions.php seems to indicate
a faulty implementation, unless I'm reading it wrong. I see nowhere
where the user is able to specify the absolute location to move to. Rather,
the call is passed back movement in increments of 1 unit. At least with the
Amcrest/Duhua API this would result in the camera moving to the 1* or 0* etc.
position.
moveAbsUp, Down, Left, Right, etc. Doesn't make sense given the definition
of Absolute movement.
* Adding a note about the moveMap method
This method does not appear to be implemented in the classic skin,
but we'll leave it here for future implementation. Caveat: It may
or may not work as-is.
* Fixing up zoomConTele/Wide methods
* Adding a vanilla control type for the Amcrest HTTP API
Please note that this control type matches (mostly) the currently
available control options in Amcrest_HTTP.pm. It does not match
all (or possibly any) of the control options available on a specific
Amcrest camera. The user may need to create their own control type
specific to the camera model they are using.
* Removing misplaced comment
Thanks to connortechnology for pointing this out!
* Set CSRF on as the default for new installs. Not sure we can impact config on existing installations.
* Fix the spelling mistake that I noticed after editing this.