Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Retrieve logged in username

Posted on 2004-10-25
14
Medium Priority
?
524 Views
Last Modified: 2008-01-09
I'm using PHP4 on Apache2 on W2K server, we're running AD but the server this is running on isn't a DC.  I'm trying to make a drop box for students to submit files to teachers.  However, I don't want students submitting work for eachother.

I'm thinking that the easiest way would be to just retrieve the username of the current logged on user but I don't know if that is possible.  It would also have to work with 2k, XP, and 98 clients.

Thanks!
0
Comment
Question by:salvagbf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 3
  • +2
14 Comments
 
LVL 48

Accepted Solution

by:
hernst42 earned 1400 total points
ID: 12403730
If you are using the IE or Mozilla >= 1.4 as webbrowser use the NTLM protocol to authentificate the user on the remote side.

As starting links have a look at:
http://twiki.org/cgi-bin/view/Codev/WindowsInstallModNTLM#mod_auth_sspi_Apache_2_x

Don't know if NTLM is available on WIn98, but I think so.
0
 
LVL 12

Expert Comment

by:minichicken
ID: 12403757
Hi

If you would like to retrieve the username of the logged in user. You will need to create a session for the user.
Info on sessions: http://www.phpfreaks.com/tutorials/41/0.php


Basically, when the user enters his username and password and submits the details for access check, if the username and password is correct then you assign the user a session variable like $_SESSION['username']  = "Student Name".  

The session variable become available across the site, so on the submit work page, you can retrieve the students username without him re-entering his username.

Note about session in PHP: REmember to have the following at the top top of your page in order to use session in that particular page. When I mean top of the page, I mean before any output or HTML or even a blank space.

<?
session_start();
header("Cache-Control: private"); //IE 6 fix
?>
0
 
LVL 5

Expert Comment

by:basiclife
ID: 12406420
Hmmm. If you can get the password file for the students who login, you could use either .htaccess or the apache.conf to configure the upload page so that the students need to login to your site before they can upload. Then:

             if(isset($_SERVER['AUTH_TYPE'])) {
                        print "User: " . $_SERVER['PHP_AUTH_USER'];

             } else {
                        print "Nobody Logged in";
             }
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 5

Expert Comment

by:basiclife
ID: 12406429
Example for your http.conf (NOT apache.conf !!!)

<Directory '/private/utilities'>      
      Options -Indexes
      Order Deny,Allow
      Deny from All
      AuthName "Confirm Your Login"
      AuthType Basic
      AuthUserFile /private/passwords.pwd
      Require valid-user
</Directory>
0
 
LVL 10

Expert Comment

by:eeBlueShadow
ID: 12406694
Please note that for security reasons you can't get the current Windows login username across the Internet Zone. You therefore have to either

1) Get the students to log into the server as well as the computer, the solutions above all address some aspect of that.
2) Make an ActiveX control which can be used on your Intranet to pass the Windows login name to the server.

The approach you want to take determines the help we can give you...

_Blue
0
 
LVL 6

Author Comment

by:salvagbf
ID: 12414200
I guess I'll have to go with a solution where the student logs into a PHP session.

hernst42, I couldn't get that to work, I think I'm missing a step, I don't know.  It seems specific to Tiki and I'm not using that.

It's looking like I'll go with the combo of setting up a PHP session as suggested by minichicken and authenticating to a .htpasswd file as basiclife suggested.

However, I have 950 students.  There's no way I'm manually typing out that many usernames and passwords.  Not to mention that I don't know their passwords.  Any suggestions as to getting their passwords from AD into a file, into a .htpasswd file? I suppose I could set them all up with a default password if I can't get the passwords out of AD, but then I need information on how to let a user change their password that's stored in a .htpasswd file...

Any thoughts?
0
 
LVL 5

Expert Comment

by:basiclife
ID: 12414914
Depending on how the passwords are stored in AD, you might eb able to point your .htaccess file straight to that password file. I'm not sure how it encrypts passwords so I can't guarantee success. As to changing the password, you need to use the command "htpasswd"

I'm running Apache on a windows box so you'll need to modify this slightly but...

$ret = shell_exec("C:\path\to\htpasswd\htpasswd.exe -b d:\path\to\password\list $username $password");

should allow you to change the password using PHP. Of course this deopends on the script having permissions for the files etc...
0
 
LVL 5

Expert Comment

by:basiclife
ID: 12414972
As a suggestion: Does your site have an authenticated login service for any other purpose? IE accessing student-only documents from off-site etc... ? If so, it's probably be easier to add your upload site to that security and elt the existing system do the authentication, then grab the logged in user using the PHP code above. This would save you keeping a parallel password list and also mean you don't have to woryy about authentication at all.
0
 
LVL 5

Expert Comment

by:basiclife
ID: 12414991
Bah! More thoughts as they come to me: If you DO keep your own password list and someone changes their password, they'll be required to login again as soon as they try to go to another page (as the browser will send the old credentials) you'll probably want to mention that on the page as soon as it has changed their password. Also, you'll want to test the value of $ret to make sure the password change has been successful. Finally, if there are any hiccups, the output from htpasswd will be piped to the Apache error log.
0
 
LVL 48

Expert Comment

by:hernst42
ID: 12416643
As you have AD you can use either the ldap-methods provided by php to verify the user or do this with mod_auth_ldap of apache2. See http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html
http://mgmt.uanet.ua.ac.be/u/dbruyne/mod_auth_ldap_apache2.html

If you setup apache to auth the user you can access the username of the authenticated user in PHP by $_SERVER['REMOTE_USER']

So the passwords are in sync and no maintainance need to be done. In this case you also should use a SSL-connection as those username and password would be send in plaintext to the webserver when using http-requests.
0
 
LVL 48

Expert Comment

by:hernst42
ID: 12416675
What was the problem with the mod_auth_sspi, because I might be trying by myself in the future. Have you tried these precompiled so for apache2 ?
http://www.firepages.org/public/mod_auth_sspi-apache2046.zip
0
 
LVL 6

Author Comment

by:salvagbf
ID: 12426002
hernst42, awesome! Thank you so much, that worked.  

I downloaded the zip you just posted, copied mod_auth_sspi.so to the modules directory, included the line:
LoadModule sspi_auth_module modules/mod_auth_sspi.so
in the httpd.conf as well as:

<Directory "C:/Program Files/Apache Group/Apache2/htdocs/dropbox">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
    AuthName "Login using your DOMAIN username and password"
    AuthType SSPI
    SSPIAuth On
    SSPIAuthoritative On
    SSPIOfferBasic On
    require valid-user
</Directory>

Then I used, as you said, $_SERVER['REMOTE_USER'] to access the username.  So it was kind of a combo of your 3 posts that gave the answer.  I'll close this Q and assign you points in just a bit...  Before that, for some extra points, say, 50-100, I don't suppose there's a way to grab the user's actual name, not just the username, from AD as well? Perhaps using the same $_SERVER variable?

Thanks!
0
 
LVL 6

Author Comment

by:salvagbf
ID: 12426660
I've been trying to use the mod_auth_ldap to do what I just mentioned but when I add the line LoadModule auth_ldap_module modules/mod_auth_ldap.dll to httpd.conf it fails to start.  Same thing happens when I try to use the .so version of mod_auth_ldap...
0
 
LVL 5

Expert Comment

by:basiclife
ID: 12428097
You'd have to query the AD yourself to get student name, but there should be a simple command-line way to do that and parse the response for the real name / any other details you want
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question