From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-yb1-xb30.google.com (mail-yb1-xb30.google.com [IPv6:2607:f8b0:4864:20::b30]) by mail.toke.dk (Postfix) with ESMTPS id CB43C80855C for ; Fri, 5 Mar 2021 12:49:30 +0100 (CET) Authentication-Results: mail.toke.dk; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=LHg+TTuN Received: by mail-yb1-xb30.google.com with SMTP id c131so1623745ybf.7 for ; Fri, 05 Mar 2021 03:49:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wTtki15en7ki467+Ou9cqdhCVCTdXZpOIBBAmOiuGAw=; b=LHg+TTuNB0mwT/i3C9foDt16slVREq2bp0nyI4R+78V5BKJ0wna1YBuEsosVG4/qIR J8/V1APfSkjOICk7B2ovj+FU5GZaFjp+N5Pq0p6EhIBpJ27H2KDLYm2MYwFHVi2cY9hL Ym0+G1wrP3tI/jfUMq3hgOg0SjIPFkAfQFSEeKBLA0JuqvIO6nvO7bTWjP+3N5+ur/5M f0GXFobWERX8y8rRZjV44Gd23xFSP6DN096eobRPFy8komxzpeNNVknTJS9OGNbdYZ7J UA1/LLJy9LxOBXTvcw9fNXUwRR6JPaRN6T8vAlo2w/0zIKAlW95aOa6eNjCfmhrG+fo+ ZArA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wTtki15en7ki467+Ou9cqdhCVCTdXZpOIBBAmOiuGAw=; b=ginNra2lGJpJ8ASgo8kFcDn/ZOrUZQDn2VCwSWSbNo2IdugwV8wpBfzDZz6rCZC0YX ePF858Ni8BZRwFhnGg1wyxbdI/+XvUb0Slem6chYwl7hTy0h3mGFMpP8IqOu7+5A6h8O c8jOYZCPSCE8kCcQ3cmSwANVymqPpmB+CfLXAsWhfG+1SC0xPrAWrrP+Oo0F7aACShrG ANlEDrIpetxnlNtmoQWKaRzLeLOZnGDemCKJBLM9t9ysrD3ObFye2UbOajRRWW8hJERM Tij6lQdsvwQtxRl3C1wi4znpdzsEgWusR5YHxlrDBb9F0Tc40/zn8phsdjplMnwFasKR iJ7A== X-Gm-Message-State: AOAM532IogOqpECFCmSda1X1Cq/JHQd/WMT1zxyrnIbQ1DRdn6yNgL+E +RC5Bw3RRHl/eefezxuNYZvyrDYnK/eyfwAhw5U= X-Google-Smtp-Source: ABdhPJy1tgoR13oURppBIXXAM1QAh2sai3aGTfzo9JfWIuUILX3Y0I5Rat3rWy/cwYhJE9BQdrcZXDYDGFwkhwzqVtQ= X-Received: by 2002:a25:dc85:: with SMTP id y127mr13617333ybe.198.1614944968707; Fri, 05 Mar 2021 03:49:28 -0800 (PST) MIME-Version: 1.0 References: <874kht1jxv.wl-jch@irif.fr> In-Reply-To: <874kht1jxv.wl-jch@irif.fr> From: Rob Dean Date: Fri, 5 Mar 2021 11:49:15 +0000 Message-ID: To: Juliusz Chroboczek Content-Type: multipart/alternative; boundary="00000000000031110105bcc8adb0" Message-ID-Hash: S4IJ5NGEYETJ3EK2HVXJ2X2I7O3MNDK7 X-Message-ID-Hash: S4IJ5NGEYETJ3EK2HVXJ2X2I7O3MNDK7 X-MailFrom: robdeanmzl@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: galene@lists.galene.org X-Mailman-Version: 3.3.2 Precedence: list Subject: [Galene] =?utf-8?q?Re=3A_Gal=C3=A8ne_with_PHP?= List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: --00000000000031110105bcc8adb0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Everyone, I'm still wondering how to get PHP working on port 8443, so that I can run PHP and MYSQL alongside Galene. (e.g. https://www.servername.com:8443/test.php) Is this query beyond the scope of this group, and more of an Apache configuration issue? As you can tell there is a gap in my knowledge of this kind of architecture but from my testing, I definitely cannot have a host php page running on port 80 that attempts to create the websocket for Galene over on port 8443 via javascript. That definitely doesn't work, and therefore, for a successful Galene connection, I need to use an https uri request on port 8443, before the javascript makes the wss connection. This means therefore, for my design to work, I need PHP to run on port 8443= . Any ideas how to get PHP running on port 8443? Hopefully we can forge an answer although I realise this is slightly leftfield to the amazing development of core Gal=C3=A8ne that you're all wo= rking on. Best wishes and kind regards, Rob On Tue, 2 Mar 2021 at 18:37, Juliusz Chroboczek wrote: > > I was wondering if it were possible to use Gal=C4=8Dne inside a PHP pag= e, as > we want > > to get our students to fill out some details before joining in, and we > thought > > that we could use php SESSION cookies to check they've completed > everything > > before letting them in. > > Sure. What you'll want to do depends on your security model, though. > > The simplest, but least secure, would be to check your session cookie in > the galene.js file; look around line 2600, where it says > > document.getElementById('userform').onsubmit > > This is easily gamed by the user (they can edit the source code in the > browser), but if the goal is simply to guide the students and has no > influence on their grades, it's probably good enough. > > If, on the other hand, you want stronger security, you'll need to pass th= e > session cookie to the server and do the validation there. You'll need to > add a parameter to the serverConnect.join method, pass the value within > the "value" field of the join message, and do the validation in the > function > handleClientMessage in webclient.go. > > -- Juliusz > --00000000000031110105bcc8adb0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Everyone,

I'm s= till wondering how to get PHP working on port 8443, so that I can run PHP a= nd MYSQL alongside Galene. (e.g.=C2=A0https://www.servername.com:8443/test.php<= /a>)

On Tue, = 2 Mar 2021 at 18:37, Juliusz Chroboczek <= jch@irif.fr> wrote:
> I was wondering if it were possible to use Gal=C4=8Dne insi= de a PHP page, as we want
> to get our students to fill out some details before joining in, and we= thought
> that we could use php SESSION cookies to check they've completed e= verything
> before letting them in.

Sure.=C2=A0 What you'll want to do depends on your security model, thou= gh.

The simplest, but least secure, would be to check your session cookie in the galene.js file; look around line 2600, where it says

=C2=A0 =C2=A0 document.getElementById('userform').onsubmit

This is easily gamed by the user (they can edit the source code in the
browser), but if the goal is simply to guide the students and has no
influence on their grades, it's probably good enough.

If, on the other hand, you want stronger security, you'll need to pass = the
session cookie to the server and do the validation there.=C2=A0 You'll = need to
add a parameter to the serverConnect.join method, pass the value within
the "value" field of the join message, and do the validation in t= he function
handleClientMessage in webclient.go.

-- Juliusz
--00000000000031110105bcc8adb0--