Obtaining Username for an Intranet

I know this will probably sound like a hacker question but here goes anyway

Is it possible to obtain the username of users of my Intranet site. What I've been asked to look at is the possibility of creating a database of which users actively use the Intranet and from that which pages they view and when. The results will be held in either a database or text file which will list the above information ie Username, pages visited with the date and time.

The network is NT with IIS

As I said above, this may sound like a hackers question but hopefully most of you will know me well enough to realise that it isn't.

Regards to all

Nick
LVL 4
NickRackhamAsked:
Who is Participating?
 
JOKConnect With a Mentor Commented:
Take a look at the stuff I just sent.
0
 
NickRackhamAuthor Commented:
Edited text of question.
0
 
JOKCommented:
u'get username
tempUser = request.servervariables("AUTH_USER")
slashPos = inStr(tempUser, "\")

strUser = right(tempUser, len(tempUser)-slashPos)
strUser = lcase(strUser)

This will work if they are required to login to view your site.

You can set up the log options to record with pages they visit. Or, you could put code on each page to record to a db what page they are visiting.

0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
JOKCommented:
Couple of other things. The pages would have to be .asp

You could probably do something similar with JavaScript.

I use something like
oSource = "Select USER,[DATE IN],[TIME IN],[FIRST PAGE] FROM USERTRACK;"
      Set rs = Server.CreateObject("ADODB.Recordset")
      rs.Open oSource, "myDSN", 1, 2, &H0001
      rs.AddNew
      rs("Action") = "In"
      rs("USER") = strUser
      rs("Date In") = Date
      rs("Time In") = Time
      rs("FIRST PAGE") = request.servervariables("URL")
      rs.Update
      rs.Close
      Set rs = Nothing
0
 
NickRackhamAuthor Commented:
JOK

I don't want to sound too thick (although I probably will) but can you expand a bit on the above comments i.e. where should I have this code? etc

Nick
0
 
JOKCommented:
At the top of each page.

Probably best to put it in an include file (.inc)
page would be:
<%
Sub trackusers
u'get username
tempUser = request.servervariables("AUTH_USER")
slashPos = inStr(tempUser, "\")

strUser = right(tempUser, len(tempUser)-slashPos)
strUser = lcase(strUser)

oSource = "Select USER,[DATE IN],[TIME IN],[FIRST PAGE] FROM USERTRACK;"
Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open oSource, "myDSN", 1, 2, &H0001
rs.AddNew
rs("Action") = "In"
rs("USER") = strUser
rs("Date In") = Date
rs("Time In") = Time
rs("FIRST PAGE") = request.servervariables("URL")
rs.Update
rs.Close
Set rs = Nothing
End Sub
%>
Then on each .asp page put
<!-- #include file ="/Includes/mytrack.inc" -->
at the top, right after <title></title> tags.
After body, put
<% trackusers %>

You would have to have:
1) DB setup (I've used access) with the fields like you see in the Select statement
2) system DSN setup
3) folder setup for the includes

There's probably a bit more, but try that and I'll try to help if you have more problems.
0
 
NickRackhamAuthor Commented:
OK Thanks

It'll probably be tomorrow as I'm soon leaving off for the day.

Nick
0
 
mgfranzCommented:
Not to discount JOK code, it will work.  But wouldn't it be easier with a cookie?  Plus I believe this information is already being stored in a log file on the server.

Please correct me if I'm wrong.

Mark
0
 
JOKCommented:
cookie would work, but he's trying to track who visits what and when.
0
 
mgfranzCommented:
You know all this information is already in the log files...  Look at the extended properties of logging in IIS 4.0.  User, time, date, what page, from where, etc... :-)

If you needed to save this to a dB it should be easy, in fact, it would probably be easy to create a hyper link of each log entry for viewing.  :-)

Hmmm....

Mark
0
 
JOKCommented:
If its not already in the log files, it could be. Depends on how its setup.
You can save the log info in a db, but I found it confusing in its structure, same with the text file.
I was lazy when I wanted to start tracking this info, so, of course, I made more work for myself. No guaruntee, but my code should work. It keeps it simple and can be viewed with simple code.

My first response was that the info is in the log files, although I didn't submit it. You'd have to view multiple files depending on the reporting period selected.

I even used FSO to link to each log file and view that too.
0
 
mgfranzCommented:
I seem to remember doing something of the same sort a few years back using Perl and a flat .txt file, I'm sure the FSO way is faster and cleaner.

But still, if all Nick wants to do is track a user, there are dozens of packages that sniff servers for info.  The IIS log file is the start for most of them.

Mark
0
 
NickRackhamAuthor Commented:
Working at home!

The server is currently being built and at the moment I'm using win 95 with PWS V4 (don't laugh). But once the server is running true IIS as a service would I need the code that JOK posted or will IIS provide that info. What I would like is a database (access) of who visited what page and when plus a page that I can view to tell me who is on the Intranet and what page they're viewing.

I think I'd prefer the .inc file solution as this write to the database that If got rights to but I don't have Administrator rights to the server.

Thanks Guys

Nick

0
 
JOKCommented:
I think my code would help if you don't have Admin rights.
This code should help view the db.

<%@ LANGUAGE="VBSCRIPT" %>

<HTML>
<HEAD>
<TITLE>Administrator Tools</TITLE>
<!-- #include virtual ="/Includes/Adovbs.inc" -->
</HEAD>
<BODY>
<%

oSource = "Select * FROM USERTRACK ORDER BY ID DESC;"
Set oRs = Server.CreateObject("ADODB.Recordset")
oRs.Open oSource, "myDSN", adOpenKeyset, adLockPessimistic, adCmdText
oRs.MoveFirst
%>
<Table border=1 cols=<% = oRs.Fields.Count%>
<tr>
<% For Each oField in oRs.Fields %>
<th> <% = oField.Name %> </th>
<%
next
bcol = "white" %>
</tr>
<% Do While Not ORs.EOF
response.write("<TR>")
For Each oField in oRs.Fields
      response.write("<td bgcolor='" & bcol & "'>")
       if IsNull(oField) or oField.Value = "" then
                  Response.Write "&nbsp;"
            Else
                  Response.Write oField.Value
            end if %>
      </td>
<%
      Next
      if bcol = "white" then
            bcol = "silver"
      else
            bcol = "white"
      end if
   oRs.MoveNext %>
</tr>
<% Loop
oRs.Close
Set oRS = Nothing
%>
</table>
</body>
</html>
0
 
NickRackhamAuthor Commented:
JOK, stepping back to your code for the .inc file. I'm getting an error message

Microsoft VBScript runtime error '800a000d'

Type mismatch: 'u'

/Dev/Includes/mytrack.inc, line 3


The file is

<%
Sub trackusers
u'get username
tempUser = request.servervariables("AUTH_USER")
slashPos = inStr(tempUser, "\")

strUser = right(tempUser, len(tempUser)-slashPos)
strUser = lcase(strUser)

oSource = "Select USER,[DATE IN],[TIME IN],[FIRST PAGE] FROM USERTRACK;"
Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open oSource, "USERTRACK", 1, 2, &H0001
rs.AddNew
rs("Action") = "In"
rs("USER") = strUser
rs("Date In") = Date
rs("Time In") = Time
rs("FIRST PAGE") = request.servervariables("URL")
rs.Update
rs.Close
Set rs = Nothing
End Sub
%>

Nick
0
 
NickRackhamAuthor Commented:
JOK, Whats the contents / code for "Adovbs.inc" ?

Cheers

Nick
0
 
NickRackhamAuthor Commented:
JOK, forget the last comment. Found Adovbs.inc
0
 
JOKCommented:
take out the u before the '

don't know how that got in there.
0
 
NickRackhamAuthor Commented:
JOK, error moved onto line 12

Provider error '80004005'

Unspecified error

/Dev/Includes/mytrack.inc, line 12


Nick
0
 
mgfranzCommented:
The AddNew call to the dB needs to have values in order for it to post data.  I don't think you can just copy the script to a file and run it without filling the variable values.

Mark
0
 
NickRackhamAuthor Commented:
OK, so where do I go from here?
0
 
JOKCommented:
Take out the line with rs("Action") for a start.
0
 
JOKCommented:
I think
rs.Open oSource, "USERTRACK", 1, 2, &H0001

should be
rs.Open oSource, "myDSN", 1, 2, &H0001

---------
My apologies. Some of this code comes from different parts, and I haven't looked at/thought about it for awhile


mgfranz,
I'm not sure what you're talking about.
0
 
mgfranzCommented:
Isn't line 12 the rs.AddNew line?
0
 
JOKCommented:
not sure, but in the code I've given, the action field isn't needed.
0
 
NickRackhamAuthor Commented:
JOK, removed the line with rs("Action")

the line rs.Open oSource, "USERTRACK", 1, 2, &H0001 I've left as I named my File DSN USERTRACK. I take it that this is OK.

I've now got the error

Microsoft OLE DB Provider for ODBC Drivers error '80004005'

[Microsoft][ODBC Microsoft Access Driver]Error in row

/Dev/Includes/mytrack.inc, line 18

The file mytrack.inc now looks like this:-

<%
Sub trackusers
'get username
tempUser = request.servervariables("AUTH_USER")
slashPos = inStr(tempUser, "\")

strUser = right(tempUser, len(tempUser)-slashPos)
strUser = lcase(strUser)

oSource = "Select USER,[DATE IN],[TIME IN],[FIRST PAGE] FROM USERTRACK;"
Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open oSource, "USERTRACK", 1, 2, &H0001
rs.AddNew  
rs("USER") = strUser
rs("Date In") = Date
rs("Time In") = Time
rs("FIRST PAGE") = request.servervariables("URL")
rs.Update
rs.Close
Set rs = Nothing
End Sub
%>

Nick

0
 
NickRackhamAuthor Commented:
And now the error

Provider error '80004005'

Unspecified error

/Dev/Includes/mytrack.inc, line 12


And I haven't changed anything
0
 
JOKCommented:
not sure, but in the code I've given, the action field isn't needed.
0
 
JOKCommented:
One thing I've forgotten, the table in the db should be called USERTRACK.

The DSN should be a system DSN.

0
 
NickRackhamAuthor Commented:
JOK, Action field removed but I'm still getting errors in line 12 (see latest version of file above.)

0
 
JOKCommented:
ITs time for me to head home. I'll try to get on later tonight.
0
 
NickRackhamAuthor Commented:
Table is called USERTRACK and I've got a system DSN called USERTRACK
0
 
NickRackhamAuthor Commented:
Error is now

Microsoft OLE DB Provider for ODBC Drivers error '80004005'

[Microsoft][ODBC Microsoft Access Driver]Error in row

/Dev/Includes/mytrack.inc, line 18


and if you refresh the page I get this error

Provider error '80004005'

Unspecified error

/Dev/Includes/mytrack.inc, line 12
0
 
NickRackhamAuthor Commented:
JOK,

OK I'll catch up with this in the morning.

Nick
0
 
JOKCommented:
I'm not sure if request.servervariables will work with PWS. So just comment out that line with an '

Make sure Date In and Time In are defined as date/time in the db.

Make sure you use a system DSN instead of an file DSN.
0
 
mgfranzCommented:
ServerVariables do work on PWS

Mark
0
 
NickRackhamAuthor Commented:
Morning,

OK, I've got a new error message now,

Microsoft OLE DB Provider for ODBC Drivers error '80004005'

[Microsoft][ODBC Microsoft Access 97 Driver] Field 'USERTRACK.User' can't be a zero-length string.

/dev/Includes/mytrack.inc, line 18

I looks like it's not picking up my NT login name.

Any thoughts

Nick
0
 
NickRackhamAuthor Commented:
I'm using system DSN and the Database fields are set correctly for the data to be input.
0
 
NickRackhamAuthor Commented:
I'm now getting records written to the database but the username and firstpage fields are blank.

Looking at the .inc file:-

Sub trackusers
'get username
tempUser = request.servervariables("AUTH_USER")
slashPos = inStr(tempUser, "\")

strUser = right(tempUser, len(tempUser)-slashPos)
strUser = lcase(strUser)

oSource = "Select USER,[DATE IN],[TIME IN],[FIRST PAGE] FROM USERTRACK;"
Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open oSource, "Intranet", 1, 2, &H0001
rs.AddNew
rs("USER") = strUser
rs("Date In") = Date
rs("Time In") = Time
rs("FIRST PAGE") = request.servervariables("URL")
rs.Update
rs.Close
Set rs = Nothing
End Sub
%>

It looks like the two fields that are not being written are both "request.servervariables"

Any thoughts

Nick
0
 
JOKCommented:
Couple of things.
First, thanks mark. I wasn't sure about that.

Nick,
For the 'can't be zero lenght' thing, check in the Access DB in the design view for the table. Near the bottom will be some options. Set "Allow Zero Length" to true.

You need to have Basic Authentication turned off for all except the login/root directory. All other pages would be in directories with Basic Authentication turned off.

If you can't do this (because you don't have admin rights to IIS or because the hosting admin people won't) then there is another way to do it.

The short answer is that if you don't require people to log in, then you can't track who they are because they are all "anonymous". You could use the IP address, but this is not necessarily unique. You can try it and see if on your intranet the IP's will be unique. Even with DHCP, at least where I am, actual IPs rarely change and are essentually unique. But, there is no easy way to match an IP with a person.

The way around this is to require each person to login. The username and password they enter is checked against your own password db, and if valid, they can get to the rest of the pages. Each subsequent page then checks to make sure if they have been validated.

If it looks like you want to go that way, let me know. I'm going to finish my morning coffee right now.
0
 
NickRackhamAuthor Commented:
JOK,
Could this validation be done with cookies. i.e write a cookie the first time they use the Intranet and then retrieve their name from the cookie?

Is this possible? Is it practical?

Hope you enjoyed your coffee <g>

Nick
0
 
JOKCommented:
Yes, using cookies is possible. Its another way of storing their username.
But, if you want to track who, when and where, then cookies aren't enough, although it's a start. You can use a cookie to store the username. If the cookie has expired or doesn't exist, then the user would have to login again.
0
 
NickRackhamAuthor Commented:
Can we have a go at that? So the user has to login the first time they use the Intranet. Their username is held in a cookie. THe code that is included with each page retrieves the name of the user from the cookie, and writes the username, date, time, and page url to the database.

can you write a login page writes a cookie.

Nick
0
 
JOKCommented:
I'm working on it. Each page would check for the existence of the cookie.
0
 
JOKCommented:
Take a look at these links

Cookie Basics
http://www.asptoday.com/articles/19990915.htm

Basic Password Protection
http://www.asptoday.com/articles/19990712.htm

Simple Visitor Access
http://www.asptoday.com/articles/19990604.htm

and maybe this, if you know VB
http://www.asptoday.com/articles/19990514.htm

Try the Basic Password Protection link. If that doesn't help, I'll still post some code.
0
 
JOKCommented:
Take a look at these links

Cookie Basics
http://www.asptoday.com/articles/19990915.htm

Basic Password Protection
http://www.asptoday.com/articles/19990712.htm

Simple Visitor Access
http://www.asptoday.com/articles/19990604.htm

and maybe this, if you know VB
http://www.asptoday.com/articles/19990514.htm

Try the Basic Password Protection link. If that doesn't help, I'll still post some code.
0
 
NickRackhamAuthor Commented:
Let work on the links you've posted.

meanwhile, the records that are being written to the database don't include the page url. can you have a look at it.

and

the admin page format is slightly off. It displays like this

Username
Date In
Time In
First Page
"Blank"  07/01/2000   15:43  "Blank"


I can't work out how to rearrange the column titles into the top of each column.

Many thanks

Nick
0
 
JOKCommented:
I can email you stuff if you want, including a db.
0
 
NickRackhamAuthor Commented:
If you don't mind.

nick_rackham@msn.com

Cheers

Nick
0
 
mgfranzCommented:
Nick,

First of all I must compliment JOK for all his work, reward him well.  Secon, I found a component that does exactly what you want for free... I have already implemented it and it works great!  check it out.

http://www.create-a-webshop.com/codesnippets/stat/statapp.asp
0
 
mgfranzCommented:
Uh oh... I just found out it doesn't track specific users... sorry.
0
 
JOKCommented:
whew...
0
 
mgfranzCommented:
LOL.... :-)
0
 
NickRackhamAuthor Commented:
Mark, I've already had a look at that one. Looks good but doesn't cover the primary objective.

I do appreciate all of the hard work that's gone into this question and as I've been on the other side of questions like this I will award JOK accordingly, don't worry.

Regards

Nick
0
 
NickRackhamAuthor Commented:
JOK,

Received the files. I'm at home now for the weekend but I'll make time to work on this tomorrow night.

Have a good weekend.

Nick
0
 
JOKCommented:
At home already? Geez, I just finished my lunch. Feels like I'm talking to someone in the future!
0
 
mgfranzCommented:
Me thinks Nick is a good chap!  Cheerio' and all that rot... ;-)
0
 
NickRackhamAuthor Commented:
Mark, You after points too? <g>

JOK, at home, fed the kids, put them to bed, and back on EE. All in a days work!!

Later

Nick
0
 
JOKCommented:
Guess life in the future isn't all that different.
0
 
mgfranzCommented:
Nick quick, check todays, (tomorrows?) paper and tell me what horse wins in the 5th race at Belmont.

:-)
0
 
NickRackhamAuthor Commented:
Where's Belmont? :o)
0
 
NickRackhamAuthor Commented:
JOK, I'm on the way to getting this to work but I've received an error message

Please fill in the information

Microsoft OLE DB Provider for ODBC Drivers error '80004005'

[Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'DriverId'.

/Tracking/login.asp, line 24

I can't seem to get round it. I've set the DSN and checked the connectivity in Interdev but I still can't solve it.

0
 
JOKCommented:
Might have to update to MDAC 2.1 sp2

see
http://support.microsoft.com/support/kb/articles/Q184/2/37.ASP
0
 
JOKCommented:
This might be better
http://support.microsoft.com/support/kb/articles/q183/0/60.asp

if you're using NT at home.

Try just deleting the DSN then recreate the *SYSTEM* DSN again.

0
 
JOKCommented:
I'm off ta home. I'll check in later.
0
 
TheImmortalCommented:
Here is some simple code written in JSCRIPT to obtain the UserName form the Network:

<%
if (Request.ServerVariables("LOGON_USER") == "")
{
  Response.Status = "401 access denied";
  Response.End();
}

Response.Expires=0;
Response.Buffer=true;
/*
** We need to split the DOMAIN NAME
** from the userName so we can use it
** in a query
*/

var myUserName=new String(myUserName=Request.ServerVariables("LOGON_USER"));
var myNewUserName= new Array();
myNewUserName=myUserName.split("\\");
var myUserName=new String(myNewUserName[1]);

%>
0
 
NickRackhamAuthor Commented:
The Immortal.

I notice that you have joined Experts Exchabge Today.

It is common practice here to post a comment on a question first rather than answering it straight off. Look in on a number of questions and get the feel of EE before jumping straight in. You'll receive more respect (and probably more points) by joining in with the community spirit rather than getting point hungry.

Although your code above may well fit in with what I'm trying to achieve it certainly doesn't answer my question fully. For that reason I'm rejecting your proposed answer.


Having said that I hope you enjoy your time at EE.

Regards

Nick
0
 
TheImmortalCommented:
Well, guess I misunderstood the question. Rather than just the login information, you want a full bown and working application?

I am by no means point hungry, I was just trying to help. You may receive more respect by not flaming those who are merely trying to help. I probably should have hit the comment button rather than the answer button.

Guess someone else will just have to do your work for you. Enjoy ;-)
0
 
NickRackhamAuthor Commented:
TheImmortal

My comment was not meant as a flame although having re read it I could have used better constructed language. My comment "I hope you enjoy your time at EE" was and is sincere. I would and do appreciate any comment and I have in the past posted an answer instead of a comment. We all make mistakes.

Having said that, JOK has provided me with about 95% of what is required, and I'm nearly at the point of getting the solution to work.

Regards

Nick
0
 
TheImmortalCommented:
No problem. THis is a good forum and I have had a positive experience with it thus far. Thank you ;-)
0
 
NickRackhamAuthor Commented:
JOK,

Nearly there, I've got it to work on a spare PC (Still having problems with my DriverID stuff) but just as a small favour could you mail me the newuser.asp

Much appreciated.

I'm not normally this lazy but I'm going to be late for a college assignment if I don't pull my finger out.

Regards

Nick
0
 
NickRackhamAuthor Commented:
JOK,

Excellent. Thanks. I may need to tweak this once the Intranet Server Proper is up and running but many thanks for your hard work and effort. (No I'm not saying this just in case Mark is listening in <g>)

Once again, Thanks

Nick
0
 
mgfranzCommented:
I would be interested in a peek at the final solution though... mark.franz@lpl.com

Thanks, and good job!
0
 
JOKCommented:
Sure. How many points would it be worth to you to see it?
0
 
JOKCommented:
BTW, Mark. Forgot to add a ;) to my last comment.
BTW2, Nick. Its not really a hacker question.
0
 
JOKCommented:
In the interest of disseminating info, this is the code to check if a user has logged in
If Not(Request.Cookies("myuser")("name")="") then
      'user has logged in
      Session("userOK") = "Yes"
else
      'cookie doesn't exist
      Session("userOK") = "No"
end if

and this wrote the info to the cookie when a user logged in
response.cookies("myuser").expires = "December 31, 2000"
response.cookies("myuser")("Name") = uuname
0
 
mgfranzCommented:
And this to delete the cookie;

<%@ LANGUAGE="VBSCRIPT"%>
<%Response.Buffer = True%>
<%

ID = CStr(Request.QueryString("ID"))
Response.Cookies(ID).Expires = Date() - 1
Response.Redirect("check2.asp")

%>

Mark

P.S. JOK, ;-)

Now... about that solution... ;-)
0
 
JOKCommented:
That's what I did, almost. I put it on a page called "BlowCookies.asp"
0
 
mgfranzCommented:
<SNORT... SNICKER....> You said BlowCookies... <snkrchnk>
0
 
NickRackhamAuthor Commented:
lucky cookies!!
0
All Courses

From novice to tech pro — start learning today.