Fix 'remote' AUTH_TYPE

yanychar · Post by **yanychar** » Sun Jul 05, 2009 8:47 pm

    index.php was including skin.php after actions.php, so the latter
    had no effect and authentication was broken

diff --git a/web/index.php b/web/index.php
index 0808a8f..b288c6d 100644
--- a/web/index.php
+++ b/web/index.php
@@ -101,11 +101,11 @@ if ( isset($_REQUEST['view']) )
 if ( isset($_REQUEST['action']) )
     $action = validHtmlStr($_REQUEST['action']);
 
-require_once( 'includes/actions.php' );
-
 foreach ( getSkinIncludes( 'skin.php' ) as $includeFile )
     require_once $includeFile;
 
+require_once( 'includes/actions.php' );
+
 if ( isset( $_REQUEST['request'] ) )
 {
     $request = validHtmlStr($_REQUEST['request']);

[/code]

RichardK · Post by **RichardK** » Fri Mar 12, 2010 6:09 pm

Yikes! I just spent a day troubleshooting this.

Don't fixes like this warrant a code release? This causes an infinite loop on login.

RichardK · Post by **RichardK** » Fri Mar 12, 2010 6:49 pm

Using remote authentication also completely breaks ZM_AUTH_RELAY since it's based partly on the password (and there's no password). So AUTH_RELAY has to be set to NONE or you get no streams and lots of errors like Undefined index: passwordHash.

Luckily for my purpose that's not important (I'm running Zoneminder behind Pubcookie).