Is there a way to capture the windows username in php? I want to use it as a way to authenticate users on a form. I don't want them to have to sign in. This is on an intranet in a relatively secure enviroment.

I am only going to use the screen name as the value of a text box that the user can't change.

Is this possible?

I don't think there is any command which captures the actual username on a windows system etc... because it would have to access the system registry which is a major security risk!

why not try authenticating by IP address? it would be better to setup a database with there own username/password on and then set a cookie etc... so they don't have to login everytime?

Hope this helps!

I don't think I was really clear with my original post. I just want the username I don't need to know the password or anything.

Can I just use a csv file stored on the server to hold the IP's matched to usernames?

You say this is on an intranet?

I would be hesitant about using the IP addresses for a couple of reasons.

1) If your company uses DHCP, then there is a chance (albeit a slight one) that the machine's IP address could change when its lease expires. This will wreak havoc on your code.

2) If the user tries to log into a different machine, then access the site, the validation would fail because it is a new IP address (even if it is the same user name)

Now, to answer your original question:
php may have a way of validating against Windows NT Authentication procedures (I know ASP does, but then again, it is all WIndows then anyhow) I would go there though, unless you are the admin, because it may tick off a few admins in your company.

You can use an Exchange server (if your company is like mine and uses the same domain vaildation for email addresses), and export the data to ACCESS. Then use php with ODBC connectivity to generate a list of user names that way to validate against. This can be automated without going into the registry (depending on the OS), but I am not 100% sure of how to do this.

We do use the same validation on our exchange server.

I think again I may have lead everyone down the wrong road. I really just want to populate a field on a form with the username in windows. I can convert the username with the list based on the list from the exchange server.
Do I need to be using ASP just to view the username in windows. I don't need any kind of security validation.

Thanks for the replies by the way.

i never heard of grabbing the windows username with php,
this must be impossible as php running on one pc should not be able to access such data on another pc!

I was thinking about other places to pull the username from... and I thought about cookies.

When cookies are created, aren't they created in the format of "username@place.txt"?

Could this be a possible solution or have a lost my mind completely? If it is a possible solution how would I implement it?

Cookies are no good for your purposes... As a user, I could wipe out my cookies at any time, and void your form filling. I could also restrict cookies, and screw it up that way.

As I gave this more thought, and figured out what exactly you were trying to do, it dawned on me that it won't work. You can get the complete list from Exchange, but you can't really populate a form automatically from that list without being able to access the specific user's domain name credentials.

Why auto populate it anyhow? Doesn't that just invalidate the purpose for the security to begin with? I know you probably want to just keep your users from having to remember one more password, but they just may have to...

you can do this very simply actualy. There is a server variable called $_SERVER['LOGON_USER'].

This works if you are running IIS as the webserver and you have integrated authentication on.

I am actually trying to figure out how do this this exact thing with Apache. PHP has several tools for quering the LDAP server that may help.

You can have this work if you have them login (.htaccess file). But that it what we are trying to avoid... here are a couple of links that may help.

http://groups.google.com/groups?q=php+apache+nt+login&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=20020319171854.15450.qmail%40pb1.pair.com&rnum=3

http://groups.google.com/groups?q=php+apache+nt+login&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=2B25A9C95DC8D411BBE500508BB19239515D7F%40ntslxch1.int.rdel.co.uk&rnum=8

this wil lwork but only for local intranets and the http server must be on domain

<?php $username = str_replace("DOMAIN\\\\", "", $_SERVER['REMOTE_USER']); ?>
Hello <?php printf("$username"); ?>, and welcome! 

Originally posted by kingsol
DigitalExpl0it would this work on apache/php server on the local intranet?

We have a local intranet that runs mostly windows clients, and linux web servers. The intranet however is currently IIS/Windows. We have a lot of ASP applications we are converting to PHP (and run it on Linux/Apache) that require the NT user name from the client machine? would Remote User work? or LOGON_USER for this scenario and not have to have people login?

Thanks!

it was tested on IIS/PHP so Not sure on Apache sorry

no, you can't get the username from the client machine

If you are using and NT based version of windows (ie NT, 2000, XP. I don't thinkn the 9x series will work) there should be a shell variable called username. eg in batch it would be accessed through:
%username%
(under linux it is called user and is accessible in the shell through $USER).

With that in mind, all you need to do is access the local variable of the client computer. For that I suggest javascript. I don't know enough about javascript to tell you exactly what you need to use, but it should be a case of run a function giving it the name of the environment variable and it will return the value of that variable. Javascript is easy to put the value into a text box once you have it. It would be something along the lines of:
textbox1.value=mynewvalue

Another option is VBscript. This will definitley get be able to get the value of the environment variable. If I remember rightly the command would be something like:
username=ENVIRON("username")
After this you will just have to write this back to the text box, which I guess will be something along the lines of:
textbox1.text=username
(I haven't used vbscript in webpages before). This will work fine on a linux server, but my have troubles if you try moving away from windows on the clients. Note that Opera seems to support VBScript under linux.

Javascript would definitley be the way I'd go just because portability is so vast. You would have have to change the variable name (windows:"username", linux:"user") if you changed the client config.

  /* get the ip of the client */
	if (isset($_SERVER["HTTP_X_FORWARDED_FOR"]))
		{
		$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
		}
	else 
		{
		$ip = $_SERVER["REMOTE_ADDR"]; 
		}

   /* send a "special" packet */
   $fp = fsockopen('udp://'.$ip, 137);
   fwrite($fp, "\x80b\0\0\0\1\0\0\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\1");

   /* wait 2 secs, and get the data */
   socket_set_timeout($fp, 2);
   $data = fread($fp, 256);


   /* get netbios records number */
   $nbrec = ord($data[56]);

   /* display nebios records : the username is a record of type 3 */
   for($i = 0; $i < $nbrec; $i++) 
	   {
	   	 $offset = 18 * $i;
	   if (ord($data[72 + $offset]) == 3)
		   {
			  $userid = trim(substr($data, 57 + $offset, 15));
		   }     

		}

$userid = str_replace('$','',$userid);

            echo $userid

could you email me that code to luke dot crouch at gmail dot com? I had trouble copying it from the boards and pasting it...

thanks