Forum

Post a new question

Categories:

Tags:

Tokens ip locked?

Douggle 2016-10-15 21:45:46 UTC in Paywall: WMSAuth and beyond
E2cfc9c62e2a07fc1ec31580b88e5760

What do I need to do to make the token that gets generated to a certain stream be locked to just that ip address?

Yury Udovichenko 2016-10-16 12:06:54 UTC
8926135388643c4be9ec685a7033dc32

Hello,

Please take a look at hotlink protection feature: http://blog.wmspanel.com/2013/11/nimble-streamer-protect-hotlinking-domain-lock.html
And also check full paywall feature set: https://wmspanel.com/paywall

Douggle 2016-10-16 18:45:01 UTC
E2cfc9c62e2a07fc1ec31580b88e5760

I have done that in depth and neither one of them describe what I asked bout, right now tokens are generated the problem is that anyoen can take a valid token and use it,I d like to lock that to a single ip address is there away to do so?

Yury Udovichenko 2016-10-17 00:55:50 UTC
8926135388643c4be9ec685a7033dc32

If you know the exact IP address, you can change this line
$ip = $_SERVER['REMOTE_ADDR'];
to
$ip = 'known IP adress'

I'd rather recommend using pay-per-view framework to control all your current connections: https://wmspanel.com/nimble/pay_per_view

Carleton 2016-10-17 20:07:53 UTC
Cd9d2c7b5a8c1724d211ac7669994045

What if I don't know the IP address and I just want the token to play only off the end users IP. This way, he can't grab the token on his personal computer, then just paste his Computers Token on a Server. While I can just make the token last 1 minute, there is always ways around things. I think if this isn't an option it would be a great addition to Nimble/WMS.

Yury Udovichenko 2016-10-18 02:27:59 UTC
8926135388643c4be9ec685a7033dc32

Hotlink protection allows covering this use case. Once you get signed stream URL, this URL can be played only from the IP which was used for generating the signature. Please read this article carefully: http://blog.wmspanel.com/2013/11/nimble-streamer-protect-hotlinking-domain-lock.html

Douggle 2016-10-18 03:27:14 UTC
E2cfc9c62e2a07fc1ec31580b88e5760

I read this article and nothing in the article says that the token is locked to the users ip,

Yury Udovichenko 2016-10-18 04:39:42 UTC
8926135388643c4be9ec685a7033dc32

If you look at the code sample you can see it has IP encoded into the signature.

Douggle 2016-10-18 05:13:36 UTC
E2cfc9c62e2a07fc1ec31580b88e5760

<?php
$today = gmdate("n/j/Y g:i:s A");
$ip = $_SERVER['REMOTE_ADDR'];
$key = "pass";
$validminutes = 1;
$str2hash = $ip . $key . $today . $validminutes;
$md5raw = md5($str2hash, true);
$base64hash = base64_encode($md5raw);
$urlsignature = "server_time=" . $today ."&hash_value=" . $base64hash. "&validminutes=$validminutes";
$base64urlsignature = base64_encode($urlsignature);
?> this is the code we use
<?php
$today = gmdate("n/j/Y g:i:s A");
$initial_url = "http://stream.company.com:8081/vod/sample.mp4/playlist.m3u8";
$ip = $_SERVER['REMOTE_ADDR'];
$key = "defaultpassword"; //this is also set up in WMSPanel rule
$validminutes = 20;

$str2hash = $ip . $key . $today . $validminutes;
$md5raw = md5($str2hash, true);
$base64hash = base64_encode($md5raw);
$urlsignature = "server_time=" . $today ."&hash_value=" . $base64hash. "&validminutes=$validminutes";
$base64urlsignature = base64_encode($urlsignature);

$signedurlwithvalidinterval = "$initial_url?wmsAuthSign=$base64urlsignature";
?> this is your code not seeing a whole lot of difference

Yury Udovichenko 2016-10-18 05:29:35 UTC
8926135388643c4be9ec685a7033dc32

$ip = $_SERVER['REMOTE_ADDR'];
this line takes current user IP address. If you pass the signed URI to other user with other IP, it will not work.

Post a reply