Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 528
  • Last Modified:

get the username with PHP?

Hi there,
does anyone know how i can get the username from a Windows machine (NT or 2000)?
Further configuration:
Webserver with Windows 2000 and IIS 5.0
Clients: NT and 2000

Greetz
0
ecotone
Asked:
ecotone
  • 9
  • 9
  • 3
  • +4
1 Solution
 
harwantgrewalCommented:
... I dont think you will able to access the windows machine

Harry
0
 
dkjariwalaCommented:
I guess some MS guy can only answer this.

Cause IE faithfully passes these parameters to IIS. But I wonder how you as a script writer can find that.

JD
0
 
us111Commented:
try $PHP_AUTH_USER but......no chance I think

You can not get the NT username with PHP.
Try <?phpinfo() ?> to know the available variables you could get

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
campioneCommented:
using php you wont be directly able to access the NT or 2000 machine. I checked up all variables of phpinfo() and it doesnt wok out. But there might be a tweak possible. I am not sure on this one but just try it.

get the ip of the machine and then use it to get the remote machine name. has to work just try it..

good luck
0
 
Peter MonkWeb and IT developerCommented:
Hi ecotone,

I've been doing this successfully for the past year or so.

I use the $HTTP_SERVER_VARS["LOGON_USER"] variable running IIS4 under Windows.  I think you could also use $HTTP_SERVER_VARS["REMOTE_USER"] for the same effect, and you may need to use REMOTE_USER if you're running Apache.

(Note that under PHP 4.1.0 or later you need to change these to $_SERVER["LOGON_USER"] and $_SERVER["REMOTE_USER"] respectively.)

These will return a value in the form Domain\\Username.
So for eg., if your username was Ecotone and you were logged into the domain ECO, it would return ECO\\Ecotone.

You can then use something like:

$pos = strpos( $HTTP_SERVER_VARS["LOGON_USER"], "\\" ) + 2;
$username = substr( $HTTP_SERVER_VARS["LOGON_USER"], $pos );

to get just the username.

NOTE that under Windows/IIS, the LOGON_USER variable is not available if you have anonymous access enabled under IIS!

To disable anonymous access, go into IIS admin, right-click on the web server, select properties, click on the Directory Security tab, click the Edit... button and un-tick the "anonymous access" box.

If anonymous access is disabled, here's what happens with a web page request:

Client (browser) requests page but sends no authentication
IIS checks, sees that anonymous access is disabled and requests authentication
Client resends page request, this time with authentication (username) information
Domain/username are now available for PHP to use!

Good luck!

Peter.
0
 
dkjariwalaCommented:
That is very useful info Peter.

I tried what you suggested but..

$_SERVER["REMOTE_USER"]  containts nothing when I try with Apache. I have made sure I have logged in to domain.


You having this info, Can I ask you one thing.

Is it possible to authenticate username/password against his DOMAIN credentials. i dont think it would be possible straight forward but is it possible using ADSI ? Do you have any experience in that ?


JD


0
 
Peter MonkWeb and IT developerCommented:
Hi dkjariwala,

Which version of PHP are you using?

Verification against domain credentials is possible (we are doing that, too).

As far as I know, the only way to do it involves using a small third-party program called userserver.  This is a program that runs on a domain controller as a service that your PHP pages connect to and request domain information from (user names, passwords, that kind of thing).

userserver can be downloaded here: http://clauer.free.fr/php/userserver.zip
It's free and unsupported but instructions are included.
I found it quite easy to get it working.

Peter.
0
 
ecotoneAuthor Commented:
pmonk,

i'm gonna try this, i hope this is what i meant.

ecotone
0
 
RajkoCommented:
you can use a modul for apache + a microsoft protocol (the protocol is not routeable.)
Modul:
the name is NTLM.
http://www.syneapps.com/software/mod_ntlm/

or you try the vbs variante. (it works only with IE + pc with vbs support)
"UserName" read from registry, "FullUserName" from environmentvariables
<script language="JavaScript" type="text/javascript">
 function GetAccount(){
 var wshell= new ActiveXObject("WScript.Shell");
 var RegPfad="HKLM\\Software\\Microsoft\\WindowsNT\\CurrentVersion\\Winlogon\\DefaultUserName";
 var UserName=wshell.RegRead(RegPfad);
 var FullUserName = wshell.Environment("Process").Item("FullName");
 window.location.href = "./index.php?nr="+UserName+"&name="+FullUserName;
}
</script>
0
 
dkjariwalaCommented:
Peter,


That userserver is KEWL.

I have not tried it, I would definately do it and let you know.

JD
0
 
dkjariwalaCommented:
Btw Peter,
My PHP version is 4.0.6

Jd
0
 
ecotoneAuthor Commented:
Peter,

I tried to use this:

$pos = strpos( $HTTP_SERVER_VARS["LOGON_USER"], "\\" ) + 2;
$username = substr( $HTTP_SERVER_VARS["LOGON_USER"], $pos );

that is working. But can i get groupname of some users.
Group1:
       user1
       user3

If user1 is logging on this page, then he must go to an particular page. It has to depend on the group in which he is.

I' m now testing your other option.

Greetz ecotone


0
 
Peter MonkWeb and IT developerCommented:
Hi JD,

Sounds good.

As you're now found out, if you're running 4.0.6, you need to be referring to the $HTTP_SERVER_VARS["REMOTE_USER"] variable, NOT the $_SERVER["REMOTE_USER"] variable, which is for PHP 4.1.0 and above.

Testing if a user belongs to an NT domain group is easy with userserver (you're right, it is great!).  I just use:

if( IsUserInGroup( $ntlogon, $itgroup ) == 1 ) {
 do something
} else {
 do something else
}

where:

$ntlogon holds the current user's NT logon name, and
$group holds the name of an NT domain group

Don't forget to include() the userserver code at the top of the appropriate pages!

Cheers,

Peter
0
 
dkjariwalaCommented:
Hi Peter,
It is not working for me.

I am running userserver.exe on PDC itself.
First I could get it installed as service but it never ran as serving saying that Can not find file.

Then I ran it from command line like

userserver 10000 PDC_CONTROLLER

[ here PDC_CONTROLLER is name of the PDC machine.]

Then I checked it by telnetting to PDC machine on 10000 port. it told me that it is running.

But when I check username,password from script it always says Not a valid user.

So what is the problem ? Am I doing things correctly ??
Also I would like to tell you that we have BDC also. So does that affect ??

Finally when I telnet to 10000 port and I type anything it just returns SHUTDOWN. For every character I type it just keeps returning SHUTDOWN. Is it okie ?

Please help me as this is life or death for me now.

JD

0
 
dkjariwalaCommented:
Also,

I do not have any vars named REMOTE_USER, LOGON user under HTTP_SERVER_VARS.

I tried it on IIS, Win2k and Apache ,Win2k.

What can be wrong ?


JD
0
 
Peter MonkWeb and IT developerCommented:
Hi JD,

Check your list of services to see if the UserServer service is already there.  If it is, remove it.

Now reinstall the service:

- put the userserver.exe and instsvc.exe files in the \winnt\system32 directory
- open a command line and go to the \winnt\system32 directory
- type 'instsvc userserver "UserServer Service"'
(DO include the " marks, DON'T include the ' marks)

That should install the service successfully.

The users.php3 file that came with the userserver package can be used as the userserver include file.  So, rename it to something like userserver.inc, then, in any pages that need to use domain account/group information add the command:

include( 'userserver.inc' );

to the top.

NOTE that this file has some variables at the top which should be changed!!!

$USERSERVER is the IP address of the machine hosting the userserver service - this will need to be changed!
$USERSERVERPORT is the port number used to connect to the service.  By default this is 11 and does not need to be changed if you install the service as I described above.
$LDAPSERVER is only important to change if you're running an LDAP server.

Once userserver is installed as a service you should be able to telnet to port 11 and get the message you described above, SHUTDOWN.  This means it is working correctly.

As for the missing variables ($HTTP_SERVER_VARS["LOGON_USER"]), check that you have disabled anonymous access to the web server:

Go into IIS admin, right-click on the web server name, select "properties", click on the "Directory Security" tab, click the "Edit..." button and un-tick the "anonymous access" box.

You can check to see if these variables are being generated by creating a page on your web site that just has the phpinfo() command in it.  View that page in your web browser.

Down the bottom of the page generated by phpinfo() is a list of server variables and you should be able to see $HTTP_SERVER_VARS["LOGON_USER"] and some others listed there.  You'll also be able to see their contents (ie, DOMAIN\\JD).

Once you have verified userserver is installed and working, and have verified that the server variables are being generated, everything should be fine and you can use the code in my previous posts to check out domain user/group information.

Good luck,

Peter.
0
 
dkjariwalaCommented:
Peter,

Thanks for the very detailed instructions but I guess I have good idea about PHP. :)


First tell me, Am I suppose to run UserServer on PDC itself ??? I do have BDC running,does it have any effect ???

Now I have userservice installed but it is not running [ as I didnt copy files in system directory ] so how do I remove it then ?

Now I would again try and see if it works.
Would update you and ask for help if it doesnt work.

JD
0
 
Peter MonkWeb and IT developerCommented:
Hi JD,

Userserver can run on a PDC or a BDC (I have it running on a BDC).  Running it on a PDC with other BDCs in the network should not be a problem.  Just make sure your $USERSERVER variable is pointing to the correct machine.

If you need to remove the old service, try this utility, Service Manager - it lets you remove services.

http://downloads-zdnet.com.com/3000-2094-8870097.html?tag=lst-0-2

Peter.
0
 
dkjariwalaCommented:
Hey Peter !!!

It worked !!!!!!!!!!!!!!!!!!!!!!!!!! :) :) :) :) :)

Thanks a lot !!!!!!!

It was just that I must user server as service rather than from command line !! :)

Thanks a lot !!!!!

Is there any way I can give you some points ???

JD
0
 
Peter MonkWeb and IT developerCommented:
JD,

Yay!  :)

Just after my last posting there should be an "Accept this comment as Answer" option, or something similar.

This will close the question and transfer your question points to me.

Thanks, and good luck!!!

Peter.
0
 
dkjariwalaCommented:
I was not the person who posted question. So I don't have that option. :(

Anyways, everything is good. Just one thing, Can I have list of groups just like I have list of user ?

JD
0
 
Peter MonkWeb and IT developerCommented:
JD,

The documentation mentions this feature (getting a list of groups) but I can find no function for it in the include() file.

I agree it might be a useful feature to have... perhaps analysing the other functions might let you create such a function.

As for awarding points when you didn't ask the question, the best place to check out is the community support area:
http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt

This is read by EE staff and can be used to post requests for splitting question points between multiple experts, etc.  You can also ask the staff questions there.

Thanks!

Peter.
0
 
Peter MonkWeb and IT developerCommented:
Hi JD,

If you're still interesting in giving me some points, here's how to do it:

Ask a question in the support area:
http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt

Make the question heading something like "Points for pmonk (##)", where ## is the number of points.

In the body of the question, paste the link to this question:
http://www.experts-exchange.com/php/Q.20288116.html

Thanks,

Peter.
0
 
Peter MonkWeb and IT developerCommented:
Hi ecotone,

As far as being able to tell which group a user is in, I don't think userserver offers that functionality.

It is possible to get a list of all users in a particular group, but I think for what you want to do the best option would be to use the IsUserInGroup function which tests for membership in a specific group, like this:

if( IsUserInGroup( "User", "Group1" ) == 1 ) {
 redirect to group1 page;
} elseif( IsUserInGroup( "User", "Group2" ) == 1 ) {
 redirect to group2 page;
}
...
etc.

Peter.
0
 
ecotoneAuthor Commented:
Thanx it worked!

ecotone
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 9
  • 9
  • 3
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now