From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mail.toke.dk; spf=pass (mailfrom) smtp.mailfrom=irif.fr (client-ip=2001:660:3301:8000::1:2; helo=korolev.univ-paris7.fr; envelope-from=jch@irif.fr; receiver=) Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) by mail.toke.dk (Postfix) with ESMTPS id EC87D8026B3 for ; Tue, 2 Mar 2021 19:37:03 +0100 (CET) Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 122Ib2GD023306 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 2 Mar 2021 19:37:02 +0100 Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/82085) with ESMTP id 122Ib2co026923; Tue, 2 Mar 2021 19:37:02 +0100 Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 21EF6E28F4; Tue, 2 Mar 2021 19:37:02 +0100 (CET) X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id z4SCsLpYA4CL; Tue, 2 Mar 2021 19:37:00 +0100 (CET) Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 773FBE28EC; Tue, 2 Mar 2021 19:37:00 +0100 (CET) Date: Tue, 02 Mar 2021 19:37:00 +0100 Message-ID: <874kht1jxv.wl-jch@irif.fr> From: Juliusz Chroboczek To: Rob Dean In-Reply-To: References: User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/27.1 Mule/6.0 MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Tue, 02 Mar 2021 19:37:02 +0100 (CET) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Tue, 02 Mar 2021 19:37:02 +0100 (CET) X-Miltered: at korolev with ID 603E85CE.001 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-Miltered: at potemkin with ID 603E85CE.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Enveloppe: 603E85CE.001 from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/ X-j-chkmail-Enveloppe: 603E85CE.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/ X-j-chkmail-Score: MSGID : 603E85CE.001 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000 X-j-chkmail-Score: MSGID : 603E85CE.000 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000 X-j-chkmail-Status: Ham X-j-chkmail-Status: Ham Message-ID-Hash: FJPH5YWUHIWHTSQDWQG5GMA3FFUCCZD2 X-Message-ID-Hash: FJPH5YWUHIWHTSQDWQG5GMA3FFUCCZD2 X-MailFrom: jch@irif.fr X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: galene@lists.galene.org X-Mailman-Version: 3.3.2 Precedence: list Subject: [Galene] Re: =?iso-8859-1?q?Gal=E8ne?= with PHP List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: > I was wondering if it were possible to use Gal=E8ne inside a PHP page, as= we want > to get our students to fill out some details before joining in, and we th= ought > that we could use php SESSION cookies to check they've completed everythi= ng > before letting them in. Sure. What you'll want to do depends on your security model, though. The simplest, but least secure, would be to check your session cookie in the galene.js file; look around line 2600, where it says document.getElementById('userform').onsubmit This is easily gamed by the user (they can edit the source code in the browser), but if the goal is simply to guide the students and has no influence on their grades, it's probably good enough. If, on the other hand, you want stronger security, you'll need to pass the session cookie to the server and do the validation there. You'll need to add a parameter to the serverConnect.join method, pass the value within the "value" field of the join message, and do the validation in the function handleClientMessage in webclient.go. -- Juliusz