• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 492
  • Last Modified:

PHP Forms and displaying $_SERVER[PHP_AUTH_USER]

Ok,

I have been able to grab the username from iis and put it into the php page which inturn puts it into the ms sql database. basically - I have setup IIS
to request a username and password -clear text - with the domain. Once done, it goes to the form page.

Is there anyway in the actual form, I can also get the username in a  field so thats its auto shown straight away. My form is in html

Heres the php script:-

<?PHP

define('DB_HOST','itdepartment01');
define('DB_USER','sa');
define('DB_PASS', 'xxxxx');
define('DB_NAME','itrequest');

if(! $conn = mssql_connect(DB_HOST,DB_USER,DB_PASS)){
exit ("Wheres the DB_HOST gone?");
}

if(! mssql_select_db(DB_NAME, $conn)){
exit ("Wheres the database gone?");
}

if($campaign == ''){
exit ("Please enter a campaign name");
}

if ($quotedHours == "") {
  $quotedHours = 0;
}

// if ($required == "") {
//  $required = getdate();
// }

if($required!="")
$sql = "INSERT INTO requests
(requester,email,campaign,required,detail,objective,clientRequest,
quoted,quoteAccepted,quotedHours,login_name)
VALUES
(\"$_SERVER[PHP_AUTH_USER]\",
\"$email\",
\"$campaign\",
\"$required\",
\"$detail\",
\"$objective\",
\"$clientRequest\",
\"$quoted\",
\"$quoteAccepted\",
\"$quotedHours\",
\"$_SERVER[PHP_AUTH_USER]\")";

else
$sql = "INSERT INTO requests
(requester,email,campaign,required,detail,objective,clientRequest,
quoted,quoteAccepted,quotedHours,login_name )
VALUES
(\"$_SERVER[PHP_AUTH_USER]\",
\"$email\",
\"$campaign\",
getdate() + 7,
\"$detail\",
\"$objective\",
\"$clientRequest\",
\"$quoted\",
\"$quoteAccepted\",
\"$quotedHours\",
\"$_SERVER[PHP_AUTH_USER]\")";

if($requester == '*' || $email == '*' || $campaign == '*' || $required ==
'*' || \\ $detail == '*' || $objective == '*' || $quote_accepted == 'yes' or
'no'){

print ("<B><U>IT Request Form Summary</U></B><br><br>
Name: $requester <br><br>
Email Address: $email <br><br>
Campaign: $campaign <br><br>
Required by?: $required <br><br>
Detail: $detail <br><br>
Objective: $objective <br><br>
Client Request: $clientRequest <br><br>
Quoted?: $quoted <br><br>
Quote Accepted?: $quoteAccepted <br><br>
IP ADDRESS?: $_SERVER[PHP_AUTH_USER] <br><br>
Quoted Hours?: $quotedHours <br>");}


if(! mssql_query($sql , $conn) || mssql_error($conn)){
   /* find out if the query worked, and why not if not */

exit ("Unable to insert row [$sql]<br>" . mssql_error($conn));

}

and the form page is here -
http://homepage.ntlworld.com/scott.lewis/misc/index.html -  its done in an editor so dont have a go. It wont connect to a database its just there to view the source.

Scott

0
slewis1972
Asked:
slewis1972
1 Solution
 
Richard QuadlingSenior Software DeverloperCommented:
Instead of ...

$_SERVER[PHP_AUTH_USER]

in the sql statement,

try

{$_SERVER[PHP_AUTH_USER]}

Embedding variables into a string by using "$var" is correct, except for arrays.

Then you use "{$array[CONSTANT]}" or "{$array["$var"]}" or "{$array['assoc']}" or "{$array[0]}".

Regards,

Richard.
0
 
s-maximCommented:
Also, it is a very bad idea not quoting the strings in the array's keys like this:

$_SERVER[PHP_AUTH_USER]

Correct and forever-stable way would be

$_SERVER['PHP_AUTH_USER']

Then, in a string whether escape it:

$str = "I am " . $_SERVER['PHP_AUTH_USER'] . " !";

or embed it:

$str = "I am {$_SERVER['PHP_AUTH_USER']} !";

Moreover, I doubt that $_SERVER['PHP_AUTH_USER'] is present at all on IIS installations. Try phpinfo:

<?php
phpinfo();
?>

It will tell you all the enviroment variables present on the system - you might find your problem, unless this is irrelevant.


Cheers,
Maxim Maletsky
0
 
slewis1972Author Commented:
The $_SERVER[PHP_AUTH_USER] definately works on the system.

I have got round the form issue at last. Where in the form is says VALUE = "<?php echo $_SERVER[PHP_AUTH_USER] echo >" etc etc. Its not exact as not at the script right know but basically embedded the display command in the form and it world superbly.

In ref to the $_SERVER[PHP_AUTH_USER] issue - I was concerned in the first place as heard it only works with Apache but it only seems to woek in IIS it you, under securitty, specify a domain, and only select secuirty but with clear text.

Scott
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Richard QuadlingSenior Software DeverloperCommented:
Yes. I missed that. I forgot that PHP_AUTH_USER is not a constant. DOH!

Something I always code with is ...

error_reporting(E_ALL);

That way this would have been flagged as a notice.

I try to remove all errors, warning and notices.

Makes for cleaner code.

Richard.
0
 
Richard QuadlingSenior Software DeverloperCommented:
I don't think anyone read the question. Me included.

If the questioner doesn't come back to these comments then PAQ with refund is OK.



The question related to not connecting to the DB.

Check php.ini and make sure you have ...

extension=php_mssql.dll

and NOT

;extension=php_mssql.dll

If the web server does not have MSSQL installed on it, you will also need the a DLL from the MSSQL server (from the PHP Manual) ...

Requirements
Requirements for Win32 platforms.

The extension requires the MS SQL Client Tools to be installed on the system where PHP is installed. The Client Tools can be installed from the MS SQL Server CD or by copying ntwdblib.dll from \winnt\system32 on the server to \winnt\system32 on the PHP box. Copying ntwdblib.dll will only provide access. Configuration of the client will require installation of all the tools.

Requirements for Unix/Linux platforms.

To use the MSSQL extension on Unix/Linux, you first need to build and install the FreeTDS library. Source code and installation instructions are available at the FreeTDS home page: http://www.freetds.org/ 

Note: In Windows, the DBLIB from Microsoft is used. Functions that return a column name are based on the dbcolname() function in DBLIB. DBLIB was developed for SQL Server 6.x where the max identifier length is 30. For this reason, the maximum column length is 30 characters. On platforms where FreeTDS is used (Linux), this is not a problem.



What error are you getting?

Richard.

0
 
moduloCommented:
PAQed, with points refunded (50)

modulo
Community Support Moderator
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now