Jump to content
Mumble forums

Mumble URL with Server Password


Lindee
 Share

Recommended Posts

I did that and had a friend test it and they were stopped and asked for the server password.


I want to try and make that not happen so when the situation arises that we are doing a PUG raid I can set it up to tell them to go to a web address which then opens mumble and puts them into a specific channel without them needing to do anything.


I can get them into a specific channel, haven't tried the web address redirect, but the the password is still required.

Link to comment
Share on other sites

I saw that, and i saw i could do "mumble://TestUser:mypassword@server.com/?version=1.2.0"


Does that log you in as "testuser" with the user password of "mypassword" or is that the server password?


How would i do it with out specifing a user name? Wouldn't "mumble://mypassword@server.com/?version=1.2.0" make "mypassword" the username? or could i do "mumble://:mypassword@server.com/?version=1.2.0" and leave the colon in there to force the password but not the user name?

Link to comment
Share on other sites

  • Moderators
or could i do "mumble://:mypassword@server.com/?version=1.2.0" and leave the colon in there to force the password but not the user name?

 

I literally just tested that, and it definitely works. Leave a blank username, a colon, then your server's default password, and it will let them in without a password.


Pay close attention to the error messages that pop up, because I thought at first it didn't work when I tested it just now (I was sure I've used it before). If you've ever connected to the server before, it will not prompt for a username and will simply use the one you used last time. If that user is registered, and you're testing with -n, you'll probably get "invalid password for registered user" which is different from "invalid password for unregistered user" (which is what you'll get if the server password is wrong).


If you've connected to the server before, try it via IP instead (assuming you've never connected via the IP). Do start; run; c:\progra~1\mumble\mumble.exe -n mumble://:password@serverip/?version=1.2.0 for example.

Full disclosure: I used to run a commercial Mumble host, and my opinions do not reflect the opinions of the Mumble project.

Avatar is stolen from here

Link to comment
Share on other sites

So I got this all set and figured out.


If anyone would like the code:


Index.php (this code can, in theory, be placed any where on any webpage. I just made it it's own page and dressed it up a bit.)

 

<form name = "myform" action="somefile.php">
Name: <input type="text" name="name"><br>
<br>
<input type="submit" onClick="return ActionDeterminator(name);">
</form>

 

somefile.php (this file needs to be placed in the same folder on the webserver as the form code. if not, you will need to modify the action argument in the form code.)

 

<?php

$name = $_REQUEST['name'];


$url = sprintf("mumble://$name:serverpassword@server");


echo $url;

header("Location: $url");
?>


<title>Redirect</title>
<h1>Redirect</h1>
<p><a href="<?=$url?>"><?=$url?></a></p>

 

One thing to note: In 'somefile.php' where you have your mumble url, if you have spaces that copy over as %20, delete those and replace them with real whitespaces.


This is also not good for "security" as it shows the full URL it's connecting to, including the server password, it really is only for ease of access.

Link to comment
Share on other sites

  • Moderators
$url = sprintf("mumble://$name:serverpassword@server");
?>

 

Minor nitpicks, the echo is probably for debugging, but I believe it will break the script on some platforms as it's before the header() function.


Also, you probably butchered the url line, but for future reference it's generally considered bad practice to have data that comes from the user (unsanitized at that) in the format string for sprintf() et al. It's probably fine on PHP, but it's not a good habit to get into and things can get really wild if you get into a language like C and start doing it (what if the user's username contains %d or something similar?).


Finally if you wanted to get really crazy, I would consider running the same regex as your username= setting in Murmur.ini, if nothing else to stop someone from trying to connect with an invalid username, but it would also have the side effect of (possibly, depending on how liberal Murmur's regex is) preventing an XSS - might want to urlencode()/htmlentities() the $url output as well.


Have fun!

Full disclosure: I used to run a commercial Mumble host, and my opinions do not reflect the opinions of the Mumble project.

Avatar is stolen from here

Link to comment
Share on other sites

  • Administrators

http://stackoverflow.com/a/130323


In this case, you could use preg_match

http://php.net/manual/en/function.preg-match.php

Something like

if (preg_match('[-=\\w\\[\\]\\{\\}\\(\\)\\@\\|\\.]+', $name) == 1) {
 $url = sprintf("mumble://$name:serverpassword@server");
 echo '<a href="' . $url . '">connect</a>';
} else {
 echo 'Username not allowed. Please try reducing special characters you used.';
}

Link to comment
Share on other sites

  • Moderators

I would do something like:

 

if (preg_match('[-=\\w\\[\\]\\{\\}\\(\\)\\@\\|\\.]+', $name) == 1) {
 $url = sprintf("mumble://$name:serverpassword@server");
 echo '<a href="' . htmlentities($url) . '">connect</a>';
} else {
 echo 'Username not allowed. Please try reducing special characters you used.';
}

 

But I'm a pretty paranoid guy. :D

Full disclosure: I used to run a commercial Mumble host, and my opinions do not reflect the opinions of the Mumble project.

Avatar is stolen from here

Link to comment
Share on other sites

I would do something like:

 

if (preg_match('[-=\\w\\[\\]\\{\\}\\(\\)\\@\\|\\.]+', $name) == 1) {
 $url = sprintf("mumble://$name:serverpassword@server");
 echo '<a href="' . htmlentities($url) . '">connect</a>';
} else {
 echo 'Username not allowed. Please try reducing special characters you used.';
}

 

But I'm a pretty paranoid guy. :D

 

So, I tried this code...No matter what I type in the field, i get the username not allowed message...do i need to add A-Z on the preg_match?

Link to comment
Share on other sites

This is what i currently have:

 

if (preg_match('[ \-=\w\#\[\]\{\}\(\)\'\!\:\@\\\|]+', $name) == 1) {
 $url = sprintf("mumble://$name:password@server:port/Group Channels/channel?title=Aisthesis&version=1.2.0");
 echo '<a href="' . htmlentities($url) . '">connect</a>';
} else {
 echo 'Username not allowed. Please try reducing special characters you used.';
}

Link to comment
Share on other sites

  • Moderators

Try this:

 

if (preg_match('/^[ \-=\w\#\[\]\{\}\(\)\'\!\:\@\\\|]+$/', $name) == 1) {
 

 

It worked for me. For preg_match(), php seems to expect perl-style regular expressions which require the forward slashes around it. Also, in my testing, not having the caret and dollar sign (for start and end of string) means that any username that has at least one of the legal characters will be allowed, so I included those too.

Full disclosure: I used to run a commercial Mumble host, and my opinions do not reflect the opinions of the Mumble project.

Avatar is stolen from here

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...