Solved

get the username with PHP?

Posted on 2002-04-12
25
513 Views
Last Modified: 2007-12-19
Hi there,
does anyone know how i can get the username from a Windows machine (NT or 2000)?
Further configuration:
Webserver with Windows 2000 and IIS 5.0
Clients: NT and 2000

Greetz
0
Comment
Question by:ecotone
  • 9
  • 9
  • 3
  • +4
25 Comments
 
LVL 5

Expert Comment

by:harwantgrewal
ID: 6937501
... I dont think you will able to access the windows machine

Harry
0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 6938422
I guess some MS guy can only answer this.

Cause IE faithfully passes these parameters to IIS. But I wonder how you as a script writer can find that.

JD
0
 
LVL 8

Expert Comment

by:us111
ID: 6941949
try $PHP_AUTH_USER but......no chance I think

You can not get the NT username with PHP.
Try <?phpinfo() ?> to know the available variables you could get

0
 

Expert Comment

by:campione
ID: 6944006
using php you wont be directly able to access the NT or 2000 machine. I checked up all variables of phpinfo() and it doesnt wok out. But there might be a tweak possible. I am not sure on this one but just try it.

get the ip of the machine and then use it to get the remote machine name. has to work just try it..

good luck
0
 
LVL 1

Expert Comment

by:pmonk
ID: 6952290
Hi ecotone,

I've been doing this successfully for the past year or so.

I use the $HTTP_SERVER_VARS["LOGON_USER"] variable running IIS4 under Windows.  I think you could also use $HTTP_SERVER_VARS["REMOTE_USER"] for the same effect, and you may need to use REMOTE_USER if you're running Apache.

(Note that under PHP 4.1.0 or later you need to change these to $_SERVER["LOGON_USER"] and $_SERVER["REMOTE_USER"] respectively.)

These will return a value in the form Domain\\Username.
So for eg., if your username was Ecotone and you were logged into the domain ECO, it would return ECO\\Ecotone.

You can then use something like:

$pos = strpos( $HTTP_SERVER_VARS["LOGON_USER"], "\\" ) + 2;
$username = substr( $HTTP_SERVER_VARS["LOGON_USER"], $pos );

to get just the username.

NOTE that under Windows/IIS, the LOGON_USER variable is not available if you have anonymous access enabled under IIS!

To disable anonymous access, go into IIS admin, right-click on the web server, select properties, click on the Directory Security tab, click the Edit... button and un-tick the "anonymous access" box.

If anonymous access is disabled, here's what happens with a web page request:

Client (browser) requests page but sends no authentication
IIS checks, sees that anonymous access is disabled and requests authentication
Client resends page request, this time with authentication (username) information
Domain/username are now available for PHP to use!

Good luck!

Peter.
0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 6952917
That is very useful info Peter.

I tried what you suggested but..

$_SERVER["REMOTE_USER"]  containts nothing when I try with Apache. I have made sure I have logged in to domain.


You having this info, Can I ask you one thing.

Is it possible to authenticate username/password against his DOMAIN credentials. i dont think it would be possible straight forward but is it possible using ADSI ? Do you have any experience in that ?


JD


0
 
LVL 1

Expert Comment

by:pmonk
ID: 6958605
Hi dkjariwala,

Which version of PHP are you using?

Verification against domain credentials is possible (we are doing that, too).

As far as I know, the only way to do it involves using a small third-party program called userserver.  This is a program that runs on a domain controller as a service that your PHP pages connect to and request domain information from (user names, passwords, that kind of thing).

userserver can be downloaded here: http://clauer.free.fr/php/userserver.zip
It's free and unsupported but instructions are included.
I found it quite easy to get it working.

Peter.
0
 

Author Comment

by:ecotone
ID: 6960472
pmonk,

i'm gonna try this, i hope this is what i meant.

ecotone
0
 
LVL 1

Expert Comment

by:Rajko
ID: 6962077
you can use a modul for apache + a microsoft protocol (the protocol is not routeable.)
Modul:
the name is NTLM.
http://www.syneapps.com/software/mod_ntlm/

or you try the vbs variante. (it works only with IE + pc with vbs support)
"UserName" read from registry, "FullUserName" from environmentvariables
<script language="JavaScript" type="text/javascript">
 function GetAccount(){
 var wshell= new ActiveXObject("WScript.Shell");
 var RegPfad="HKLM\\Software\\Microsoft\\WindowsNT\\CurrentVersion\\Winlogon\\DefaultUserName";
 var UserName=wshell.RegRead(RegPfad);
 var FullUserName = wshell.Environment("Process").Item("FullName");
 window.location.href = "./index.php?nr="+UserName+"&name="+FullUserName;
}
</script>
0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 6962371
Peter,


That userserver is KEWL.

I have not tried it, I would definately do it and let you know.

JD
0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 6962596
Btw Peter,
My PHP version is 4.0.6

Jd
0
 

Author Comment

by:ecotone
ID: 6963019
Peter,

I tried to use this:

$pos = strpos( $HTTP_SERVER_VARS["LOGON_USER"], "\\" ) + 2;
$username = substr( $HTTP_SERVER_VARS["LOGON_USER"], $pos );

that is working. But can i get groupname of some users.
Group1:
       user1
       user3

If user1 is logging on this page, then he must go to an particular page. It has to depend on the group in which he is.

I' m now testing your other option.

Greetz ecotone


0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 1

Expert Comment

by:pmonk
ID: 6964305
Hi JD,

Sounds good.

As you're now found out, if you're running 4.0.6, you need to be referring to the $HTTP_SERVER_VARS["REMOTE_USER"] variable, NOT the $_SERVER["REMOTE_USER"] variable, which is for PHP 4.1.0 and above.

Testing if a user belongs to an NT domain group is easy with userserver (you're right, it is great!).  I just use:

if( IsUserInGroup( $ntlogon, $itgroup ) == 1 ) {
 do something
} else {
 do something else
}

where:

$ntlogon holds the current user's NT logon name, and
$group holds the name of an NT domain group

Don't forget to include() the userserver code at the top of the appropriate pages!

Cheers,

Peter
0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 6968350
Hi Peter,
It is not working for me.

I am running userserver.exe on PDC itself.
First I could get it installed as service but it never ran as serving saying that Can not find file.

Then I ran it from command line like

userserver 10000 PDC_CONTROLLER

[ here PDC_CONTROLLER is name of the PDC machine.]

Then I checked it by telnetting to PDC machine on 10000 port. it told me that it is running.

But when I check username,password from script it always says Not a valid user.

So what is the problem ? Am I doing things correctly ??
Also I would like to tell you that we have BDC also. So does that affect ??

Finally when I telnet to 10000 port and I type anything it just returns SHUTDOWN. For every character I type it just keeps returning SHUTDOWN. Is it okie ?

Please help me as this is life or death for me now.

JD

0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 6968358
Also,

I do not have any vars named REMOTE_USER, LOGON user under HTTP_SERVER_VARS.

I tried it on IIS, Win2k and Apache ,Win2k.

What can be wrong ?


JD
0
 
LVL 1

Expert Comment

by:pmonk
ID: 6970232
Hi JD,

Check your list of services to see if the UserServer service is already there.  If it is, remove it.

Now reinstall the service:

- put the userserver.exe and instsvc.exe files in the \winnt\system32 directory
- open a command line and go to the \winnt\system32 directory
- type 'instsvc userserver "UserServer Service"'
(DO include the " marks, DON'T include the ' marks)

That should install the service successfully.

The users.php3 file that came with the userserver package can be used as the userserver include file.  So, rename it to something like userserver.inc, then, in any pages that need to use domain account/group information add the command:

include( 'userserver.inc' );

to the top.

NOTE that this file has some variables at the top which should be changed!!!

$USERSERVER is the IP address of the machine hosting the userserver service - this will need to be changed!
$USERSERVERPORT is the port number used to connect to the service.  By default this is 11 and does not need to be changed if you install the service as I described above.
$LDAPSERVER is only important to change if you're running an LDAP server.

Once userserver is installed as a service you should be able to telnet to port 11 and get the message you described above, SHUTDOWN.  This means it is working correctly.

As for the missing variables ($HTTP_SERVER_VARS["LOGON_USER"]), check that you have disabled anonymous access to the web server:

Go into IIS admin, right-click on the web server name, select "properties", click on the "Directory Security" tab, click the "Edit..." button and un-tick the "anonymous access" box.

You can check to see if these variables are being generated by creating a page on your web site that just has the phpinfo() command in it.  View that page in your web browser.

Down the bottom of the page generated by phpinfo() is a list of server variables and you should be able to see $HTTP_SERVER_VARS["LOGON_USER"] and some others listed there.  You'll also be able to see their contents (ie, DOMAIN\\JD).

Once you have verified userserver is installed and working, and have verified that the server variables are being generated, everything should be fine and you can use the code in my previous posts to check out domain user/group information.

Good luck,

Peter.
0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 6970499
Peter,

Thanks for the very detailed instructions but I guess I have good idea about PHP. :)


First tell me, Am I suppose to run UserServer on PDC itself ??? I do have BDC running,does it have any effect ???

Now I have userservice installed but it is not running [ as I didnt copy files in system directory ] so how do I remove it then ?

Now I would again try and see if it works.
Would update you and ask for help if it doesnt work.

JD
0
 
LVL 1

Expert Comment

by:pmonk
ID: 6970529
Hi JD,

Userserver can run on a PDC or a BDC (I have it running on a BDC).  Running it on a PDC with other BDCs in the network should not be a problem.  Just make sure your $USERSERVER variable is pointing to the correct machine.

If you need to remove the old service, try this utility, Service Manager - it lets you remove services.

http://downloads-zdnet.com.com/3000-2094-8870097.html?tag=lst-0-2

Peter.
0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 6970533
Hey Peter !!!

It worked !!!!!!!!!!!!!!!!!!!!!!!!!! :) :) :) :) :)

Thanks a lot !!!!!!!

It was just that I must user server as service rather than from command line !! :)

Thanks a lot !!!!!

Is there any way I can give you some points ???

JD
0
 
LVL 1

Expert Comment

by:pmonk
ID: 6970544
JD,

Yay!  :)

Just after my last posting there should be an "Accept this comment as Answer" option, or something similar.

This will close the question and transfer your question points to me.

Thanks, and good luck!!!

Peter.
0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 6970555
I was not the person who posted question. So I don't have that option. :(

Anyways, everything is good. Just one thing, Can I have list of groups just like I have list of user ?

JD
0
 
LVL 1

Expert Comment

by:pmonk
ID: 6970589
JD,

The documentation mentions this feature (getting a list of groups) but I can find no function for it in the include() file.

I agree it might be a useful feature to have... perhaps analysing the other functions might let you create such a function.

As for awarding points when you didn't ask the question, the best place to check out is the community support area:
http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt

This is read by EE staff and can be used to post requests for splitting question points between multiple experts, etc.  You can also ask the staff questions there.

Thanks!

Peter.
0
 
LVL 1

Expert Comment

by:pmonk
ID: 6976090
Hi JD,

If you're still interesting in giving me some points, here's how to do it:

Ask a question in the support area:
http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt

Make the question heading something like "Points for pmonk (##)", where ## is the number of points.

In the body of the question, paste the link to this question:
http://www.experts-exchange.com/php/Q.20288116.html

Thanks,

Peter.
0
 
LVL 1

Accepted Solution

by:
pmonk earned 75 total points
ID: 6976132
Hi ecotone,

As far as being able to tell which group a user is in, I don't think userserver offers that functionality.

It is possible to get a list of all users in a particular group, but I think for what you want to do the best option would be to use the IsUserInGroup function which tests for membership in a specific group, like this:

if( IsUserInGroup( "User", "Group1" ) == 1 ) {
 redirect to group1 page;
} elseif( IsUserInGroup( "User", "Group2" ) == 1 ) {
 redirect to group2 page;
}
...
etc.

Peter.
0
 

Author Comment

by:ecotone
ID: 7005883
Thanx it worked!

ecotone
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now