Solved

get the username with PHP?

Posted on 2002-04-12
25
510 Views
Last Modified: 2007-12-19
Hi there,
does anyone know how i can get the username from a Windows machine (NT or 2000)?
Further configuration:
Webserver with Windows 2000 and IIS 5.0
Clients: NT and 2000

Greetz
0
Comment
Question by:ecotone
  • 9
  • 9
  • 3
  • +4
25 Comments
 
LVL 5

Expert Comment

by:harwantgrewal
Comment Utility
... I dont think you will able to access the windows machine

Harry
0
 
LVL 5

Expert Comment

by:dkjariwala
Comment Utility
I guess some MS guy can only answer this.

Cause IE faithfully passes these parameters to IIS. But I wonder how you as a script writer can find that.

JD
0
 
LVL 8

Expert Comment

by:us111
Comment Utility
try $PHP_AUTH_USER but......no chance I think

You can not get the NT username with PHP.
Try <?phpinfo() ?> to know the available variables you could get

0
 

Expert Comment

by:campione
Comment Utility
using php you wont be directly able to access the NT or 2000 machine. I checked up all variables of phpinfo() and it doesnt wok out. But there might be a tweak possible. I am not sure on this one but just try it.

get the ip of the machine and then use it to get the remote machine name. has to work just try it..

good luck
0
 
LVL 1

Expert Comment

by:pmonk
Comment Utility
Hi ecotone,

I've been doing this successfully for the past year or so.

I use the $HTTP_SERVER_VARS["LOGON_USER"] variable running IIS4 under Windows.  I think you could also use $HTTP_SERVER_VARS["REMOTE_USER"] for the same effect, and you may need to use REMOTE_USER if you're running Apache.

(Note that under PHP 4.1.0 or later you need to change these to $_SERVER["LOGON_USER"] and $_SERVER["REMOTE_USER"] respectively.)

These will return a value in the form Domain\\Username.
So for eg., if your username was Ecotone and you were logged into the domain ECO, it would return ECO\\Ecotone.

You can then use something like:

$pos = strpos( $HTTP_SERVER_VARS["LOGON_USER"], "\\" ) + 2;
$username = substr( $HTTP_SERVER_VARS["LOGON_USER"], $pos );

to get just the username.

NOTE that under Windows/IIS, the LOGON_USER variable is not available if you have anonymous access enabled under IIS!

To disable anonymous access, go into IIS admin, right-click on the web server, select properties, click on the Directory Security tab, click the Edit... button and un-tick the "anonymous access" box.

If anonymous access is disabled, here's what happens with a web page request:

Client (browser) requests page but sends no authentication
IIS checks, sees that anonymous access is disabled and requests authentication
Client resends page request, this time with authentication (username) information
Domain/username are now available for PHP to use!

Good luck!

Peter.
0
 
LVL 5

Expert Comment

by:dkjariwala
Comment Utility
That is very useful info Peter.

I tried what you suggested but..

$_SERVER["REMOTE_USER"]  containts nothing when I try with Apache. I have made sure I have logged in to domain.


You having this info, Can I ask you one thing.

Is it possible to authenticate username/password against his DOMAIN credentials. i dont think it would be possible straight forward but is it possible using ADSI ? Do you have any experience in that ?


JD


0
 
LVL 1

Expert Comment

by:pmonk
Comment Utility
Hi dkjariwala,

Which version of PHP are you using?

Verification against domain credentials is possible (we are doing that, too).

As far as I know, the only way to do it involves using a small third-party program called userserver.  This is a program that runs on a domain controller as a service that your PHP pages connect to and request domain information from (user names, passwords, that kind of thing).

userserver can be downloaded here: http://clauer.free.fr/php/userserver.zip
It's free and unsupported but instructions are included.
I found it quite easy to get it working.

Peter.
0
 

Author Comment

by:ecotone
Comment Utility
pmonk,

i'm gonna try this, i hope this is what i meant.

ecotone
0
 
LVL 1

Expert Comment

by:Rajko
Comment Utility
you can use a modul for apache + a microsoft protocol (the protocol is not routeable.)
Modul:
the name is NTLM.
http://www.syneapps.com/software/mod_ntlm/

or you try the vbs variante. (it works only with IE + pc with vbs support)
"UserName" read from registry, "FullUserName" from environmentvariables
<script language="JavaScript" type="text/javascript">
 function GetAccount(){
 var wshell= new ActiveXObject("WScript.Shell");
 var RegPfad="HKLM\\Software\\Microsoft\\WindowsNT\\CurrentVersion\\Winlogon\\DefaultUserName";
 var UserName=wshell.RegRead(RegPfad);
 var FullUserName = wshell.Environment("Process").Item("FullName");
 window.location.href = "./index.php?nr="+UserName+"&name="+FullUserName;
}
</script>
0
 
LVL 5

Expert Comment

by:dkjariwala
Comment Utility
Peter,


That userserver is KEWL.

I have not tried it, I would definately do it and let you know.

JD
0
 
LVL 5

Expert Comment

by:dkjariwala
Comment Utility
Btw Peter,
My PHP version is 4.0.6

Jd
0
 

Author Comment

by:ecotone
Comment Utility
Peter,

I tried to use this:

$pos = strpos( $HTTP_SERVER_VARS["LOGON_USER"], "\\" ) + 2;
$username = substr( $HTTP_SERVER_VARS["LOGON_USER"], $pos );

that is working. But can i get groupname of some users.
Group1:
       user1
       user3

If user1 is logging on this page, then he must go to an particular page. It has to depend on the group in which he is.

I' m now testing your other option.

Greetz ecotone


0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Expert Comment

by:pmonk
Comment Utility
Hi JD,

Sounds good.

As you're now found out, if you're running 4.0.6, you need to be referring to the $HTTP_SERVER_VARS["REMOTE_USER"] variable, NOT the $_SERVER["REMOTE_USER"] variable, which is for PHP 4.1.0 and above.

Testing if a user belongs to an NT domain group is easy with userserver (you're right, it is great!).  I just use:

if( IsUserInGroup( $ntlogon, $itgroup ) == 1 ) {
 do something
} else {
 do something else
}

where:

$ntlogon holds the current user's NT logon name, and
$group holds the name of an NT domain group

Don't forget to include() the userserver code at the top of the appropriate pages!

Cheers,

Peter
0
 
LVL 5

Expert Comment

by:dkjariwala
Comment Utility
Hi Peter,
It is not working for me.

I am running userserver.exe on PDC itself.
First I could get it installed as service but it never ran as serving saying that Can not find file.

Then I ran it from command line like

userserver 10000 PDC_CONTROLLER

[ here PDC_CONTROLLER is name of the PDC machine.]

Then I checked it by telnetting to PDC machine on 10000 port. it told me that it is running.

But when I check username,password from script it always says Not a valid user.

So what is the problem ? Am I doing things correctly ??
Also I would like to tell you that we have BDC also. So does that affect ??

Finally when I telnet to 10000 port and I type anything it just returns SHUTDOWN. For every character I type it just keeps returning SHUTDOWN. Is it okie ?

Please help me as this is life or death for me now.

JD

0
 
LVL 5

Expert Comment

by:dkjariwala
Comment Utility
Also,

I do not have any vars named REMOTE_USER, LOGON user under HTTP_SERVER_VARS.

I tried it on IIS, Win2k and Apache ,Win2k.

What can be wrong ?


JD
0
 
LVL 1

Expert Comment

by:pmonk
Comment Utility
Hi JD,

Check your list of services to see if the UserServer service is already there.  If it is, remove it.

Now reinstall the service:

- put the userserver.exe and instsvc.exe files in the \winnt\system32 directory
- open a command line and go to the \winnt\system32 directory
- type 'instsvc userserver "UserServer Service"'
(DO include the " marks, DON'T include the ' marks)

That should install the service successfully.

The users.php3 file that came with the userserver package can be used as the userserver include file.  So, rename it to something like userserver.inc, then, in any pages that need to use domain account/group information add the command:

include( 'userserver.inc' );

to the top.

NOTE that this file has some variables at the top which should be changed!!!

$USERSERVER is the IP address of the machine hosting the userserver service - this will need to be changed!
$USERSERVERPORT is the port number used to connect to the service.  By default this is 11 and does not need to be changed if you install the service as I described above.
$LDAPSERVER is only important to change if you're running an LDAP server.

Once userserver is installed as a service you should be able to telnet to port 11 and get the message you described above, SHUTDOWN.  This means it is working correctly.

As for the missing variables ($HTTP_SERVER_VARS["LOGON_USER"]), check that you have disabled anonymous access to the web server:

Go into IIS admin, right-click on the web server name, select "properties", click on the "Directory Security" tab, click the "Edit..." button and un-tick the "anonymous access" box.

You can check to see if these variables are being generated by creating a page on your web site that just has the phpinfo() command in it.  View that page in your web browser.

Down the bottom of the page generated by phpinfo() is a list of server variables and you should be able to see $HTTP_SERVER_VARS["LOGON_USER"] and some others listed there.  You'll also be able to see their contents (ie, DOMAIN\\JD).

Once you have verified userserver is installed and working, and have verified that the server variables are being generated, everything should be fine and you can use the code in my previous posts to check out domain user/group information.

Good luck,

Peter.
0
 
LVL 5

Expert Comment

by:dkjariwala
Comment Utility
Peter,

Thanks for the very detailed instructions but I guess I have good idea about PHP. :)


First tell me, Am I suppose to run UserServer on PDC itself ??? I do have BDC running,does it have any effect ???

Now I have userservice installed but it is not running [ as I didnt copy files in system directory ] so how do I remove it then ?

Now I would again try and see if it works.
Would update you and ask for help if it doesnt work.

JD
0
 
LVL 1

Expert Comment

by:pmonk
Comment Utility
Hi JD,

Userserver can run on a PDC or a BDC (I have it running on a BDC).  Running it on a PDC with other BDCs in the network should not be a problem.  Just make sure your $USERSERVER variable is pointing to the correct machine.

If you need to remove the old service, try this utility, Service Manager - it lets you remove services.

http://downloads-zdnet.com.com/3000-2094-8870097.html?tag=lst-0-2

Peter.
0
 
LVL 5

Expert Comment

by:dkjariwala
Comment Utility
Hey Peter !!!

It worked !!!!!!!!!!!!!!!!!!!!!!!!!! :) :) :) :) :)

Thanks a lot !!!!!!!

It was just that I must user server as service rather than from command line !! :)

Thanks a lot !!!!!

Is there any way I can give you some points ???

JD
0
 
LVL 1

Expert Comment

by:pmonk
Comment Utility
JD,

Yay!  :)

Just after my last posting there should be an "Accept this comment as Answer" option, or something similar.

This will close the question and transfer your question points to me.

Thanks, and good luck!!!

Peter.
0
 
LVL 5

Expert Comment

by:dkjariwala
Comment Utility
I was not the person who posted question. So I don't have that option. :(

Anyways, everything is good. Just one thing, Can I have list of groups just like I have list of user ?

JD
0
 
LVL 1

Expert Comment

by:pmonk
Comment Utility
JD,

The documentation mentions this feature (getting a list of groups) but I can find no function for it in the include() file.

I agree it might be a useful feature to have... perhaps analysing the other functions might let you create such a function.

As for awarding points when you didn't ask the question, the best place to check out is the community support area:
http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt

This is read by EE staff and can be used to post requests for splitting question points between multiple experts, etc.  You can also ask the staff questions there.

Thanks!

Peter.
0
 
LVL 1

Expert Comment

by:pmonk
Comment Utility
Hi JD,

If you're still interesting in giving me some points, here's how to do it:

Ask a question in the support area:
http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt

Make the question heading something like "Points for pmonk (##)", where ## is the number of points.

In the body of the question, paste the link to this question:
http://www.experts-exchange.com/php/Q.20288116.html

Thanks,

Peter.
0
 
LVL 1

Accepted Solution

by:
pmonk earned 75 total points
Comment Utility
Hi ecotone,

As far as being able to tell which group a user is in, I don't think userserver offers that functionality.

It is possible to get a list of all users in a particular group, but I think for what you want to do the best option would be to use the IsUserInGroup function which tests for membership in a specific group, like this:

if( IsUserInGroup( "User", "Group1" ) == 1 ) {
 redirect to group1 page;
} elseif( IsUserInGroup( "User", "Group2" ) == 1 ) {
 redirect to group2 page;
}
...
etc.

Peter.
0
 

Author Comment

by:ecotone
Comment Utility
Thanx it worked!

ecotone
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Both Easy and Powerful How easy is PHP? http://lmgtfy.com?q=how+easy+is+php (http://lmgtfy.com?q=how+easy+is+php)  Very easy.  It has been described as "a programming language even my grandmother can use." How powerful is PHP?  http://en.wikiped…
This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now