Question Flussonic - Need help to Securing Access to Streams

[homa50]

Hi
I used this documentation : https://flussonic.com/doc/authorization/securing-access-to-streams-authorization-with-token/
but there is something that I do not understand, I got a result like this:
http://mydomain.com/script.php?stream=Name
and Its work !
And now I want to put this on my website like this as in the documentation:

<iframe allowfullscreen style="width:640px; height:480px;" src="<%= @url %>"></iframe>

I can not understand, if I put this way everyone can see my url:

<iframe allowfullscreen style="width:640px; height:480px;"  src="http://mydomain.com/script.php?stream=Name"></iframe>

I rather expect a result like that , which changes the token automatically:

<iframe allowfullscreen style="width:640px; height:480px;"  src="http://mydomain.com/Name/embed.html?token=9ef42fbfaa6bf3f0fd387c2bdff9fcc8e56fe846-9c63e87c9aa59ebcf74d375c407692db-1606995882-1606985082"></iframe>

i think i’m doing something wrong,can you help me please?

Thanks

 

[desigujju]

hi,
are you trans-coding via Flussonic or only stream without trans-coding?

 

[homa50]

hi,
are you trans-coding via Flussonic or only stream without trans-coding?

Hi only stream without trans-coding

 

[Barraxcuda]

hi,
Are you able to play without a token?
like

Example:

html <iframe style="width:640px; height:480px;" allowfullscreen src="http://hostname/streamname/embed.html"></iframe>

The code inserts a player window with fixed dimensions (640x480px) to a web page. Playback starts automatically.

I never used the token. but it works on our flussonic

Adding video to websites (embed.html)

Flussonic Media Server has a special web page embed.html, which is intended for video insertion to a website and viewing video via a browser.

flussonic.com

Hi
I used this documentation : https://flussonic.com/doc/authorization/securing-access-to-streams-authorization-with-token/
but there is something that I do not understand, I got a result like this:
http://mydomain.com/script.php?stream=Name
and Its work !
And now I want to put this on my website like this as in the documentation:

<iframe allowfullscreen style="width:640px; height:480px;" src="<%= @url %>"></iframe>

I can not understand, if I put this way everyone can see my url:

<iframe allowfullscreen style="width:640px; height:480px;"  src="http://mydomain.com/script.php?stream=Name"></iframe>

I rather expect a result like that , which changes the token automatically:

<iframe allowfullscreen style="width:640px; height:480px;"  src="http://mydomain.com/Name/embed.html?token=9ef42fbfaa6bf3f0fd387c2bdff9fcc8e56fe846-9c63e87c9aa59ebcf74d375c407692db-1606995882-1606985082"></iframe>

i think i’m doing something wrong,can you help me please?

Thanks

 

[homa50]

hi,
Are you able to play without a token?
like

Example:

html <iframe style="width:640px; height:480px;" allowfullscreen src="http://hostname/streamname/embed.html"></iframe>

The code inserts a player window with fixed dimensions (640x480px) to a web page. Playback starts automatically.

I never used the token. but it works on our flussonic

Adding video to websites (embed.html)

Flussonic Media Server has a special web page embed.html, which is intended for video insertion to a website and viewing video via a browser.

flussonic.com

Hi
it's not possibe now, when you use script php protection you need to add this lie in your config :

 auth securetoken://SECRETKEY;

Exemple :

stream exemple 1 {
  url hls://127.0.0.1:82/MyStream.m3u8
  auth securetoken://SECRETKEY;
  meta iptv "true";
}

And it's work with this php script :
http://mydomain.com/script.php?stream=Name

<?php

$flussonic = 'http://flussonic-ip'; // Flussonic address.
$key = 'SECRETKEY'; // The key from flussonic.conf file. KEEP IT IN SECRET.
$lifetime = 3600 * 3; // The link will become invalid in 3 hours.

$stream = $_GET['stream']; // This script gets the stream name from a query. string (script.php?stream=bbc)

$ipaddr = $_SERVER['REMOTE_ADDR']; // (v20.07) Set $ipaddr = 'no_check_ip' if you want to exclude IP address of client devices from checking.
$desync = 300; // Allowed time desync between Flussonic and hosting servers in seconds.
$starttime = time() - $desync;
$endtime = $starttime + $lifetime;
$salt = bin2hex(openssl_random_pseudo_bytes(16));

$hashsrt = $stream.$ipaddr.$starttime.$endtime.$key.$salt;
$hash = sha1($hashsrt);

$token = $hash.'-'.$salt.'-'.$endtime.'-'.$starttime;
$link = $flussonic.'/'.$stream.'/embed.html?token='.$token.'&remote='.$ipaddr;
$embed = '<iframe allowfullscreen style="width:640px; height:480px;" src="'.$link.'"></iframe>';

echo $embed;
?>

you can use that embed.html but it's not secure and evreyone can use your stream.
here an example of a site that uses the method I talked about with the script, but I don't understand how the token part changes /

To view the content, you need to Sign In or Register.

 

[desigujju]

are you using flussonic offline crack version?

 

[homa50]

are you using flussonic offline crack version?

yes

 

[desigujju]

yes

I need too how to get offline version

 

[dogstyle007]

I need too how to get offline version

I guess you need to get more points or check the forum for version 4.6

 

[erhan6erhan]

token system dont works on crack version, but i have another secure script works on Flussonic crack version, if you want write me back.

 

[samuelxt]

token system dont works on crack version, but i have another secure script works on Flussonic crack version, if you want write me back.

Ok i need that

 

[mjon]

sistema de tokens não funciona na versão crack, mas eu tenho outro script seguro funciona na versão crack Flussonic, se você quiser me escreva de volta.

você ainda tem?

 

[mjon]

se ainda não conseguiu resolver como bloquear, posso mostrar aqui

 

[mjon]

Hi
it's not possibe now, when you use script php protection you need to add this lie in your config :

 auth securetoken://SECRETKEY;

Exemple :

stream exemple 1 {
  url hls://127.0.0.1:82/MyStream.m3u8
  auth securetoken://SECRETKEY;
  meta iptv "true";
}

And it's work with this php script :
http://mydomain.com/script.php?stream=Name

<?php

$flussonic = 'http://flussonic-ip'; // Flussonic address.
$key = 'SECRETKEY'; // The key from flussonic.conf file. KEEP IT IN SECRET.
$lifetime = 3600 * 3; // The link will become invalid in 3 hours.

$stream = $_GET['stream']; // This script gets the stream name from a query. string (script.php?stream=bbc)

$ ipaddr = $ _SERVER ['REMOTE_ADDR']; // (v20.07) Defina $ ipaddr = 'no_check_ip' se quiser excluir o endereço IP dos dispositivos clientes da verificação.
$ desync = 300; // Desincronização do tempo permitido entre os servidores Flussonic e hosting em segundos.
$ starttime = time () - $ desync;
$ endtime = $ starttime + $ lifetime;
$ salt = bin2hex (openssl_random_pseudo_bytes (16));

$ hashsrt = $ stream. $ ipaddr. $ starttime. $ endtime. $ key. $ salt;
$ hash = sha1 ($ hashsrt);

$ token = $ hash .'- '. $ salt .'-'. $ endtime .'- '. $ starttime;
$ link = $ flussonic. '/'. $ stream. '/ embed.html? token ='. $ token. '& remote ='. $ ipaddr;
$ embed = '<iframe allowfullscreen style = "largura: 640px; altura: 480px;" src = "'. $ link.'"> </iframe> ';

echo $ embed;
?>
[/CÓDIGO]


você pode usar esse embed.html, mas não é seguro e todos podem usar seu stream.
aqui um exemplo de um site que usa o método que falei com o script, mas não entendo como a parte do token muda /

Sem citação
[/QUOTE]
your tutorial is correct just put the embed file as embed.php and block the domain using header

 

[FenixTV]

Maybe this is the address of your authorization backend that you need to specify in fluxonics.
You need to create an authorization backend in Flussonic, enter your link http://mydomain.com/script.php?stream=Name in it and enable authorization on the channel. Thus, when the client turns on the channel, he will contact your link to verify the token, and if everything matches, the channel will open