ZoneMinder Forums

Hi everyone!

I'm trying to access the ZM server from another web server. The ZM server is in authenticated mode. When I try to access the stream, I generate the auth key and I use it in the stream URL:
This works.

On the other hand, if I try to access the event table using the same auth key, it doesn't work:
Why doesn't the authentication work in the second case? The only difference I can see is that the first URL is calling the CGI script, and the second is calling directly the index.php.

I'd really appreciate your help....

Nobody has an idea??

I don't think it really intened to work that way. You can pass user and password in the url though.

&action=login&user=joe&password=guessme

Cordel, thanks for the reply. I will try the solution you provided as soon as I get home, but if I access the ZM server that way, I'm sending the user and the password non encrypted, which would be a threat to security.

There must be a way to access the server in a more secure manner - maybe &action=login&auth=63a6d3b80abd79f1979542843e7ad0e3 .... ? I'll try that too, and will post the results...

Ok, the method you provided works - just a little detail: the second parameter sould be username instead of user... And it's not possible to use directly auth without code adaptations.

Thanks again!

Using auth instead of user/pass has some merit. The only issue with using it as you propose is that as it stands you actually have to do the action of logging in first. Then cookies take care of your session. I will look at seeing how fiddly it is to treat an auth parameter as implying logging in if not already given.

Having thought further on this I have decided it would be useful so have added it as a feature to 1.24.0. You will still need to explictly allow this kind of login via Options->System->ZM_AUTH_HASH_LOGINS or it won't work.