Mumble URL with Server Password

Mumble about Mumble

Mumble URL with Server Password

Postby Lindee » Wed Oct 08, 2014 11:28 pm

Hey all,

I was wondering if it's possible to use the mumble:// url function with a server that has a server password set so that people don't need to enter the password themselves.
Lindee
 
Posts: 83
Joined: Fri Sep 19, 2014 12:20 pm

Re: Mumble URL with Server Password

Postby fwaggle » Thu Oct 09, 2014 8:12 am

mumble://:[:port]/ should do it, I think.
Full disclosure: I run a semi-commercial Mumble host, and my opinions do not reflect the opinions of the Mumble project.
Avatar is stolen from here
User avatar
fwaggle
Team member
Team member
 
Posts: 212
Joined: Tue Oct 06, 2009 10:40 pm
Location: Australia

Re: Mumble URL with Server Password

Postby Lindee » Thu Oct 09, 2014 11:09 am

I did that and had a friend test it and they were stopped and asked for the server password.

I want to try and make that not happen so when the situation arises that we are doing a PUG raid I can set it up to tell them to go to a web address which then opens mumble and puts them into a specific channel without them needing to do anything.

I can get them into a specific channel, haven't tried the web address redirect, but the the password is still required.
Lindee
 
Posts: 83
Joined: Fri Sep 19, 2014 12:20 pm

Re: Mumble URL with Server Password

Postby kissaki » Thu Oct 09, 2014 8:16 pm

Yes, that is possible.
See the doc page
http://wiki.mumble.info/wiki/Mumble_URL#General_URL
MumPI: Your Mumble Web Interface in PHP
User avatar
kissaki
Team member
Team member
 
Posts: 1280
Joined: Sat Jan 09, 2010 12:15 pm

Re: Mumble URL with Server Password

Postby Lindee » Thu Oct 09, 2014 8:22 pm

I saw that, and i saw i could do "mumble://TestUser:mypassword@server.com/?version=1.2.0"

Does that log you in as "testuser" with the user password of "mypassword" or is that the server password?

How would i do it with out specifing a user name? Wouldn't "mumble://mypassword@server.com/?version=1.2.0" make "mypassword" the username? or could i do "mumble://:mypassword@server.com/?version=1.2.0" and leave the colon in there to force the password but not the user name?
Lindee
 
Posts: 83
Joined: Fri Sep 19, 2014 12:20 pm

Re: Mumble URL with Server Password

Postby fwaggle » Fri Oct 10, 2014 8:26 am

Lindee wrote:or could i do "mumble://:mypassword@server.com/?version=1.2.0" and leave the colon in there to force the password but not the user name?


I literally just tested that, and it definitely works. Leave a blank username, a colon, then your server's default password, and it will let them in without a password.

Pay close attention to the error messages that pop up, because I thought at first it didn't work when I tested it just now (I was sure I've used it before). If you've ever connected to the server before, it will not prompt for a username and will simply use the one you used last time. If that user is registered, and you're testing with -n, you'll probably get "invalid password for registered user" which is different from "invalid password for unregistered user" (which is what you'll get if the server password is wrong).

If you've connected to the server before, try it via IP instead (assuming you've never connected via the IP). Do start; run; c:\progra~1\mumble\mumble.exe -n mumble://:password@serverip/?version=1.2.0 for example.
Full disclosure: I run a semi-commercial Mumble host, and my opinions do not reflect the opinions of the Mumble project.
Avatar is stolen from here
User avatar
fwaggle
Team member
Team member
 
Posts: 212
Joined: Tue Oct 06, 2009 10:40 pm
Location: Australia

Re: Mumble URL with Server Password

Postby Lindee » Fri Oct 10, 2014 11:53 am

awesome!

Thanks!

Now I just need to figure out how to script a php so you add your name on a webpage and it connects you to mumble...
Lindee
 
Posts: 83
Joined: Fri Sep 19, 2014 12:20 pm

Re: Mumble URL with Server Password

Postby Lindee » Fri Oct 10, 2014 9:25 pm

So I got this all set and figured out.

If anyone would like the code:

Index.php (this code can, in theory, be placed any where on any webpage. I just made it it's own page and dressed it up a bit.)

Code: Select all
<form name = "myform" action="somefile.php">
Name: <input type="text" name="name"><br>
<br>
<input type="submit" onClick="return ActionDeterminator(name);">
</form>


somefile.php (this file needs to be placed in the same folder on the webserver as the form code. if not, you will need to modify the action argument in the form code.)

Code: Select all
<?php

$name = $_REQUEST['name'];


$url = sprintf("mumble://$name:serverpassword@server");


echo $url;

header("Location: $url");
?>


<title>Redirect</title>
<h1>Redirect</h1>
<p><a href="<?=$url?>"><?=$url?></a></p>


One thing to note: In 'somefile.php' where you have your mumble url, if you have spaces that copy over as %20, delete those and replace them with real whitespaces.

This is also not good for "security" as it shows the full URL it's connecting to, including the server password, it really is only for ease of access.
Lindee
 
Posts: 83
Joined: Fri Sep 19, 2014 12:20 pm

Re: Mumble URL with Server Password

Postby fwaggle » Sun Oct 12, 2014 5:54 am

Lindee wrote:
Code: Select all
$url = sprintf("mumble://$name:serverpassword@server");
?>


Minor nitpicks, the echo is probably for debugging, but I believe it will break the script on some platforms as it's before the header() function.

Also, you probably butchered the url line, but for future reference it's generally considered bad practice to have data that comes from the user (unsanitized at that) in the format string for sprintf() et al. It's probably fine on PHP, but it's not a good habit to get into and things can get really wild if you get into a language like C and start doing it (what if the user's username contains %d or something similar?).

Finally if you wanted to get really crazy, I would consider running the same regex as your username= setting in Murmur.ini, if nothing else to stop someone from trying to connect with an invalid username, but it would also have the side effect of (possibly, depending on how liberal Murmur's regex is) preventing an XSS - might want to urlencode()/htmlentities() the $url output as well.

Have fun!
Full disclosure: I run a semi-commercial Mumble host, and my opinions do not reflect the opinions of the Mumble project.
Avatar is stolen from here
User avatar
fwaggle
Team member
Team member
 
Posts: 212
Joined: Tue Oct 06, 2009 10:40 pm
Location: Australia

Re: Mumble URL with Server Password

Postby Lindee » Sun Oct 12, 2014 4:21 pm

Thank you for all that!

I am a coding noob so it is quite helpful.

Is there a better and cleaner way to write this out to end up with the same effect?

Thanks!
Lindee
 
Posts: 83
Joined: Fri Sep 19, 2014 12:20 pm

Next

Return to General

Who is online

Users browsing this forum: No registered users and 3 guests