check if user is logged into nt-domain

segis

I'm building intranet and a timereportsystem. Right now my users have to login again and that's no fun.

What's the easiest way to check if a user is logged into the NT-domin (or AD) and check username and stuff so I can parse those values instead of forcing them to login extra times.

Thanks in advance!

herve

Hi,

I'm quite sure you can't get the password
(for security reason, the "clear" password is not stored, but instead checked by some hashing function) but the login should be accessible via
some global variable;

check the result of phpinfo() call
look for USERNAME var. or something similar
with your current login name.

Hervé.

segis

I dont need the password. I just have to know that the user is logged in and the username.

I've checked printing $GLOBAL's for any usable info found nothing. And phpinfo(); just gives me info about the server.

twigletmac

Try

echo '<pre>';
print_r($_SERVER);
echo '</pre>';

and look for the element that contains your NT login ID (on my system it's 'remote_user'. (phpinfo() also would give you this information as it includes all of the contents of $_SERVER in its output).

Mac

segis

Hmm, I only have REMOTE_ADDR and RMEOTE_PORT there, no REMOTE_USER. Server is Apache on a Linux, klient is Windows 2000, IE6...

viper21634

What you will want to do is setup IIS on your server box, load php and put your login script there. Now he is right you can get the uname, but no go on the pass, that is stored in a encrypted format(if you can even get to that) now you cant hash it either, unless want to do a brute force attack on it 😉 what you need to do is either set a session var that either contains a flag that tells your script that they have already logged in, or store the login info in it, you could encrypt it for security and then decrypt it when you need it.

or you can set a cookie for the above, and do the same thing with that. I have not done that with php, but have done it with ColdFusion, I was running a members page so I would do both so that I could use the session for short term needs(adds a little speed) and then a cookie for future visits. didnt encrypt it though, nothing that important. But that is what I would do If I were you.

PS. if you go the cookie or session route, you wont need to set up on your win box, you can just store the info the first time they login.

herve

Originally posted by segis
Hmm, I only have REMOTE_ADDR and RMEOTE_PORT there, no REMOTE_USER. Server is Apache on a Linux, klient is Windows 2000, IE6...

I may have miss something, but how would you
that a A server (here on Linux) may know
something about a B station (here on Windows)
running a PHP script, which is run on the server
side ?

May be you can get the username with some
javascript script (running on the client side,
so on the Win2000 PC).

When people start their browser, their default
page is set to an HTML page using this Javascript
code, which is launch by an OnLoad() event

This Javascript code launch an URL set to a
PHP script, giving in parameter to this last script the username you have get before in Javascript.

Not really simple, but if you can get the username
in Javascript, the rest is straightforward
(well ... more or less 🙂 ! )

Hervé.

trooper

Hi Guys

I have an intranet at work and we simply get the webserver to authnticate according to the IP of the client. As we use a proxy server for our surfing then that simply means that we authenticate against the IP of the proxy server.

Thats really all you need to do, as its the browser thats accessing the intranet then there is no need to really look for the NT Domain details.

HTH