How does BBB allows for password authentication set by the moderator?

[Jashelle Ojeda]

I'm trying to create a meeting but I want the "join room" (once the viewer clicks on the invite link, it takes it to a webpage where it asks for the name) to use a password as well. However, I don't want a set password, I want the moderator who created that meeting to set its own password. I'm not sure how BBB connects the passwords to a meetingID. I am using the PHP code.

For example, I want that invite/join webpage to be able to have a password...if the user types the moderator password, he will be entered as a moderator, but if he types the attendee's password, he will join as attendee.

I tried different ways but it did not work. Any thoughts?

[Fred Dixon]

Hi  Jashelle,

When you create a meeting in BigBlueButton, you provide a moderatorPW and attendeePW.  Think of these as security tokens, not user-entered passwords.  For example, when you create the meeting from PHP, we recommend you generate two random 32 character strings (such as using a MD5 hash of some random data) and use those as the security tokens for the meeting.

When the user lands on your invite/join web page, your application asks for the moderator or viewer password set by the creator of the meeting (these are different than the security tokens, which are internal to your application).  If the user enters a correct moderator or veiwer password, your application returns a join URL using the corresponding security tokens to BigBlueButton.

Regards,... Fred

-- 
BigBlueButton Developer

http://bigbluebutton.org/
http://code.google.com/p/bigbluebutton

BigBlueButton on twitter: @bigbluebutton

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To view this discussion on the web visit https://groups.google.com/d/msg/bigbluebutton-setup/-/Sd3436UdG_UJ.
To post to this group, send email to bigbluebu...@googlegroups.com.
To unsubscribe from this group, send email to bigbluebutton-s...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/bigbluebutton-setup?hl=en.

[Jashelle Ojeda]

Ok. I understand the password configuration a little better now. But, question: How does BBB know that the user-entered password matches with the security token already entered in the application? Would the security token be used similar to the checksum? 

Right now, without the security tokens, if the moderator is already in the meeting, the user can't join (failed or incorrect password). If the moderator is not in the meeting, then the password works for the user/attendee. 

[Fred Dixon]

Hi Jashelle,

We assume your writing your own front-end logic.  See this API example

   http://demo.bigbluebutton.org/demo/demo3.jsp 

as a way of requiring the user provide a valid moderator or viewer password.  The password is checked first within demo3.jsp and, if it matches one of the moderator or viewer passwords for the meeting, the user is returned a join URL.

The flow of logic is in the code itself.  If you can mirror this logic in your code, it should work in a similar manner.

Regards,... Fred

-- 
BigBlueButton Developer

http://bigbluebutton.org/
http://code.google.com/p/bigbluebutton

BigBlueButton on twitter: @bigbluebutton

--

You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.

To view this discussion on the web visit https://groups.google.com/d/msg/bigbluebutton-setup/-/gMLNBjR41ycJ.

[Jashelle Ojeda]

The only way I saw to do that is to have some sort of database, where the moderator can say "attendeePW = pas$w0rd" and if the viewer does not type it correctly, then viewer is not allowed in the meeting.

We are using mysql database, does 0.80 BBB throw any errors or disfunctionalities when it connects to a database through physical code?

If a storage authentication does not work with BBB, can it be done through code? For example:

  case 'create':

                if (trim($_REQUEST['username']) && trim($_REQUEST['password']) && trim($_REQUEST['attendeePW']) )

                {

                        /*

                         * This is the URL to join the meeting as moderator

                         */

                        $meetingID = trim($_REQUEST['username'])."'s meeting";

                        $moderatorPW = trim( $_REQUEST['password']);

                        $attendeePW = trim($_REQUEST['attendeePW']);

.....

//The meeting was created, and the user will now be joined

                                $bbb_joinURL = BigBlueButton::joinURL($meetingID, $_REQUEST['username'], $moderatorPW,$attendeePW, $salt, $url);

* The user is now attempting to join the meeting

                 */

                if (trim($_REQUEST['username'])&& trim($_REQUEST['meetingID']) && trim($_REQUEST['meetingID'])){

                        $bbb_joinURL = BigBlueButton::joinURL($_REQUEST['meetingID'], $_REQUEST['username'], $attendeePW, $salt, $url);

                       

                          $joinURL = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'].'?        action=join&username='.urlencode($_REQUEST['username']).'&meetingID='.urlencode($_REQUEST['meetingID']).'&attendeePW='.urlencode($_REQUEST['attendeePW']);

To unsubscribe from this group, send email to bigbluebutton-setup+unsub...@googlegroups.com.