generation for turn-server with static-auth-secret in a separate php script

index.html
added a two config-lines that can simply be uncommented for activating the "twilio-mode" or the "php-credentials-mode"

turn-credentials.php (new file)
will generate username and password for a turn server with a static-auth-secret and will offer it in json-format

main.js
added a section that requests output from php-credentials.php and adds the username, password, stun-server and turn-server into the configuration

index.html

@@ -1577,6 +1577,9 @@
             // turn.urls = ["turn:turn2.obs.ninja:443"]; // US WEST
             // session.configuration.iceServers.push(turn);
 
+            // session.turn-mode == "twilio" // uncomment to use credentials for the turn-server provided by Twilio
+            // session.turn-mode = "php-credentials" // uncomment to distribute the turn-username, -password and -server via running turn-credentials.php, e.g., if you have a turn-server with a static-auth-secret
+
             // session.configuration.iceTransportPolicy = "relay";  // uncomment to enable "&privacy" and force the TURN server
 
 			///// Different endpoints are available; each isolated from each other.

main.js

@@ -2474,7 +2474,7 @@ if (urlParams.has('speedtest')){ // forces essentially UDP mode, unless TCP is s
 
 if (urlParams.has('turn')) {
 	var turnstring = urlParams.get('turn');
-	if (turnstring == "twilio") { // a sample function on loading remote credentials for TURN servers.
+	if (turnstring == "twilio" || session.turn-mode == "twilio") { // a sample function on loading remote credentials for TURN servers.
 		try {
 			
 			session.ws = false; // prevents connection
@@ -2515,6 +2515,45 @@ if (urlParams.has('turn')) {
 			errorlog("Twilio Failed");
 		}
 
+	} else if (turnstring == "php-credentials" || session.turn-mode == "php-credentials") { // a function loading the turn server credentials from the provided php-script "turn-credentials.php"
+		try {
+			
+			session.ws = false; // prevents connection
+			var phpcredentialsRequest = new XMLHttpRequest();
+			phpcredentialsRequest.onreadystatechange = function() {
+				if (phpcredentialsRequest.status === 200) {
+					try{
+						var res = JSON.parse(phpcredentialsRequest.responseText);
+					} catch(e){return;}
+					session.configuration = {
+						iceServers: [{
+								"username": res["1"],
+								"credential": res["2"],
+								"urls": res["3"]
+							},
+							{
+								"username": res["1"],
+								"credential": res["2"],
+								"urls": res["4"]
+							}
+						],
+						sdpSemantics: 'unified-plan' // future-proofing
+					};
+					if (session.ws===false){
+						session.ws=null; // allows connection (clears state)
+						session.connect(); // connect if not already connected.
+					}
+				}
+				// system does not connect if php script does not respond.
+			};
+			phpcredentialsRequest.open('GET', 'turn-credentials.php', true); // `false` makes the request synchronous
+			phpcredentialsRequest.send();
+
+			
+		} catch (e) {
+			errorlog("php-credentials script Failed");
+		}
+
 	} else if ((turnstring == "false") || (turnstring == "off") || (turnstring == "0")) { // disable TURN servers
 		session.configuration = {
 			iceServers: [

turn-credentials.php

@@ -0,0 +1,11 @@
+<?php
+	$stun_server = "stun:<stun-server>:<stun-port>";
+	$turn_server = "turns:<turn-server>:<https-turn-port>";
+	$turn_expiry = 86400;
+	$turn_username = time() + $turn_expiry;
+	$turn_secret = '<turn-server static-auth-secret>';
+	$turn_password = base64_encode ( hash_hmac ( 'sha1', $turn_username, $turn_secret, true ) );
+
+	$arr = array('1' => $turn_username, '2' => $turn_password, '3' => $stun_server, '4' => $turn_server);
+	echo json_encode($arr);
+?>