Sheldonhal
asked on
Display Logged on Windows Username using PHP Script
Hi
I have PHP running on IIS on Windows 2000. I need to capture the username of the user who's currently logged in and running the script. I have had a look around on the web to try and find the solution myself, but it doesn't seem as simple as just retrieving data from a variable. Maybe I'm wrong.
Can you please explain the steps I need to take (changing server settings etc.) and the code I need to get this information.
Thank you,
Sheldon
I have PHP running on IIS on Windows 2000. I need to capture the username of the user who's currently logged in and running the script. I have had a look around on the web to try and find the solution myself, but it doesn't seem as simple as just retrieving data from a variable. Maybe I'm wrong.
Can you please explain the steps I need to take (changing server settings etc.) and the code I need to get this information.
Thank you,
Sheldon
TeRReF
Is the script run via the webserver? If so it's impossible to see which user runs the script since the webserver runs using it's own dedicated user (IUSER_COMPUTERNAME)
ASKER
Well, the site is hosted on the webserver. So I assume yes, since it's being run from the webserver.
Seeing that PHP is a server side scripting language, I suppose I already know the answer to this question, which is No. And that is the result I got from some most of the searches I made on the web.
I understand that this is the issue I'm stuck with. But I am looking for solutions around this, if you can help me. Whatever I need to do regarding changes on the Server and my code, I will do...so long as I can get that username.
Seeing that PHP is a server side scripting language, I suppose I already know the answer to this question, which is No. And that is the result I got from some most of the searches I made on the web.
I understand that this is the issue I'm stuck with. But I am looking for solutions around this, if you can help me. Whatever I need to do regarding changes on the Server and my code, I will do...so long as I can get that username.
Hi, can you give us some more info on why and whether you are restricted to php script only to do this?
I'm guessing that you want to use it as a security measure and only let your script run if its being run by 'IUSER_???' user? right?
Does the account name have to be looked up at the point when the script is run, or can you have a scheduled task to gather the IIS user account, dump it in a file and read it back with PHP as and when you need it (can't see why this would be needed ever).
Actually... is IIS running using the 'IUSER_COMPUTERNAME' as default or have you set it to run as something else?
I'm guessing that you want to use it as a security measure and only let your script run if its being run by 'IUSER_???' user? right?
Does the account name have to be looked up at the point when the script is run, or can you have a scheduled task to gather the IIS user account, dump it in a file and read it back with PHP as and when you need it (can't see why this would be needed ever).
Actually... is IIS running using the 'IUSER_COMPUTERNAME' as default or have you set it to run as something else?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>Seeing that PHP is a server side scripting language, I suppose I already know the answer to this question, which is No.
So you mean that you want the remote username of the people that access the script? That is impossible to do with PHP. It might be possible with ActiveX but that means it will only work when the users use IE AND you would need their permission to intall the ActiveX component on their computer. I really doubt that a lot of people will allow that.
So you mean that you want the remote username of the people that access the script? That is impossible to do with PHP. It might be possible with ActiveX but that means it will only work when the users use IE AND you would need their permission to intall the ActiveX component on their computer. I really doubt that a lot of people will allow that.
Whoops?!
ASKER
Lol...
I understand what you're saying...
The only reason I want to know who's logged onto the computer at that moment, is so that I can record this username in a database. I have a fault logging system for our IT department. The whole system is built around PHP and MySQL. When I add a fault to the database, I want to know who reported it...i.e the user who was logged on at the time.
Maybe I'm taking the wrong approach...maybe something like vbscript or javascript can be used to capture this info into a variable on the page and pass it onto the database.
I understand what you're saying...
The only reason I want to know who's logged onto the computer at that moment, is so that I can record this username in a database. I have a fault logging system for our IT department. The whole system is built around PHP and MySQL. When I add a fault to the database, I want to know who reported it...i.e the user who was logged on at the time.
Maybe I'm taking the wrong approach...maybe something like vbscript or javascript can be used to capture this info into a variable on the page and pass it onto the database.
Well, then implement a login system where users have to login into your PHP application first before they can use it. If you thinkthis could be a solution and need an example, let me know...
If for some reason people can't log in to your app (or can't be bothered ;) then - do the same user's always use the same machines, and if so do those machines have same IP's? Because when I did something similar for an internal software database I just logged the IP using: $_SERVER['REMOTE_ADDR']
ASKER
The idea of using this system is so that my End Users can report issues to the IT department quickly and easily. To ask them to remember another username and password is not practical.
I understand that using the IP Address of the user might be a viable option. But that leaves one small whole in the reliability of the data I'm viewing. There are situations where a user is forced to use another machine, and the nature of the business means that the staff turnover rate is higher than normal. So having to keep track of what user uses what machine is not something I intend doing.
I understand that using the IP Address of the user might be a viable option. But that leaves one small whole in the reliability of the data I'm viewing. There are situations where a user is forced to use another machine, and the nature of the business means that the staff turnover rate is higher than normal. So having to keep track of what user uses what machine is not something I intend doing.
I gues you're stuck then :(
mm... *thinking*
You could give everyone their own login URL, something like:
http://your_server/your_php_page.php?user=username
THen every time they login to the system, the username is known...
http://your_server/your_php_page.php?user=username
THen every time they login to the system, the username is known...
Or instead of using a username/ password combination, just use a username as login. It could be their windows login name for that matter. They don't need to remember anything new and you have the username you want.
Ok the only thing I can think of right now is that each machine has a small windows log-on script that executes each time a user logs on and writes the username, IP address and timestamp to a DB table. Your app, when it submits a fault does a look up on the aforementioned table to see who the newest user on current IP is.
messy but should work no?
messy but should work no?
ASKER
SatelliteCreative...that does sound like a lengthy but rather interesting approach that I will keep in mind as a last resort.
TeRReF...at the end of the day, I don't want the user to log onto the fault reporting system. This would require more admin to create the logons...even if there is no password. Even if I just capture their username by allowing them to type it in themselves, it's still not reliable enough, because they could make spelling errors, and this would cause problems when reporting faults per user etc...Like I said, the process must be quick and painless for the End User.
I think I've found something that might work, and this is something that I'm looking for: I just don't know much about JScript to know if this code is correct.
<script language="JScript">
var strUsername;
var objNetwork;
objNetwork= new ActiveXObject("WScript.Net
strUsername= objNetwork.Username;
strUsername= strUsername.toLowerCase();
[frmCreateLog].[hidUsernam
</script>
Problem is that I'm not sure if it works. When I display the content of hidUsername it's blank.
TeRReF...at the end of the day, I don't want the user to log onto the fault reporting system. This would require more admin to create the logons...even if there is no password. Even if I just capture their username by allowing them to type it in themselves, it's still not reliable enough, because they could make spelling errors, and this would cause problems when reporting faults per user etc...Like I said, the process must be quick and painless for the End User.
I think I've found something that might work, and this is something that I'm looking for: I just don't know much about JScript to know if this code is correct.
<script language="JScript">
var strUsername;
var objNetwork;
objNetwork= new ActiveXObject("WScript.Net
strUsername= objNetwork.Username;
strUsername= strUsername.toLowerCase();
[frmCreateLog].[hidUsernam
</script>
Problem is that I'm not sure if it works. When I display the content of hidUsername it's blank.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
well above code does work on IE but not FF. And you should allow activex to run. if you dont allow activex nothing happens
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey all
I have finally gotten to a solution using the script that I posted earlier with two modifications.
First I need to Enable "Initialize and script ActiveX controls not marked as safe" in IE to allow the script to work. It was set to "Disable" by default.
Second, for some or other reason it didn't work, so I changed it to the suggested format by knightEknight.
[frmCreateLog].[hidUsernam
to
document.frmCreateLog.hidU
....
<head>
<script language="JScript">
var strUsername;
var objNetwork;
objNetwork= new ActiveXObject("WScript.Net
strUsername= objNetwork.Username;
strUsername= strUsername.toLowerCase();
</script>
</head>
....
<body>
....
<script language="JScript">
document.frmCreateLog.hidU
</script>
....
</body>
This works perfect.
The solution does not used PHP at all, it uses JScript...it would seem that PHP cannot capture this kind of info becuase it is a Server Side Script.
Thank you all for your efforts.
Sheldon
I have finally gotten to a solution using the script that I posted earlier with two modifications.
First I need to Enable "Initialize and script ActiveX controls not marked as safe" in IE to allow the script to work. It was set to "Disable" by default.
Second, for some or other reason it didn't work, so I changed it to the suggested format by knightEknight.
[frmCreateLog].[hidUsernam
to
document.frmCreateLog.hidU
....
<head>
<script language="JScript">
var strUsername;
var objNetwork;
objNetwork= new ActiveXObject("WScript.Net
strUsername= objNetwork.Username;
strUsername= strUsername.toLowerCase();
</script>
</head>
....
<body>
....
<script language="JScript">
document.frmCreateLog.hidU
</script>
....
</body>
This works perfect.
The solution does not used PHP at all, it uses JScript...it would seem that PHP cannot capture this kind of info becuase it is a Server Side Script.
Thank you all for your efforts.
Sheldon
Didn't I suggest ActiveX in my second (and third) comment?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
My apologies TeRReF, I missed that one when I was reading throught the comments again. I have requested that points be issued to you.
https://www.experts-exchange.com/questions/22119332/Please-redistribute-Points.html
I will take your suggestion into consideration SatelliteCreative, wouldn't it just be easier to add the site/URL as a Trusted Site in the Group Policy?
Thanks again guys.
https://www.experts-exchange.com/questions/22119332/Please-redistribute-Points.html
I will take your suggestion into consideration SatelliteCreative, wouldn't it just be easier to add the site/URL as a Trusted Site in the Group Policy?
Thanks again guys.
Thanks!
So near.. and yet so far from my first points! haha! TeRReF deserves them of course, I just tought I'd got lucky! :)
No, you'll get points. A points slpit is more than appropriate here ;)
wehey! time for a group hug? no? ok then...
lol
I know I'm late to the party (couple year's worth) but there IS a viable solution, of which I am currently using on a submission page. Users can go to a page and submit notices which then cycles onto the facility-wide screensaver.
Since you know someone is going to do something stupid, I implemented an approve/disapprove, but also caught the posting user by who was logged into the machine. The trick (and I did this last year, but didn't find this reference string that time) is in the IIS settings.
I'm running Windows Server 2003 with IIS 6, along with PHP 5.
I did it in just a single folder - Tracked down through the list until I had the folder of choice > right-click > Properties.
Then I went to the Directory Security tab, and clicked on Edit for Authentication and access control. Having "Integrated Windows Authentication" checked, I just un-checked "Enable anonymous access".
Viola! PHP variable $_SERVER["LOGON_USER"] now shows who's logged into the machine viewing the page. A simple <input type="hidden"> and all submitters using that form are now identified.
Since you know someone is going to do something stupid, I implemented an approve/disapprove, but also caught the posting user by who was logged into the machine. The trick (and I did this last year, but didn't find this reference string that time) is in the IIS settings.
I'm running Windows Server 2003 with IIS 6, along with PHP 5.
I did it in just a single folder - Tracked down through the list until I had the folder of choice > right-click > Properties.
Then I went to the Directory Security tab, and clicked on Edit for Authentication and access control. Having "Integrated Windows Authentication" checked, I just un-checked "Enable anonymous access".
Viola! PHP variable $_SERVER["LOGON_USER"] now shows who's logged into the machine viewing the page. A simple <input type="hidden"> and all submitters using that form are now identified.
Dear Drgyn
I'm glad I read your 'Open Discussion'
This is a perfect solution for all windows based intranet solutions. I asume this covers 95% of all faqs
!!@Everyone: read this !
Thanks so much, Drygyn
How can I give you points? (I'm a newbe)
I'm glad I read your 'Open Discussion'
This is a perfect solution for all windows based intranet solutions. I asume this covers 95% of all faqs
!!@Everyone: read this !
Thanks so much, Drygyn
How can I give you points? (I'm a newbe)
ASKER
Hi Drygyn,
Thanks for the info, and taking the time to add it to the question, really helpful!
Wish I could still allocate points, but this solution is closed. Brings back old memories on this project I was busy with :)
Thanks for the info, and taking the time to add it to the question, really helpful!
Wish I could still allocate points, but this solution is closed. Brings back old memories on this project I was busy with :)