How to get Win 2000 Login

m0119975

Hy,

I am building a small portal site, and I want to create a form with the Windows 2000 Login of the one that sends this form.

Is it possible to get this login with php?

thx

m011975

AstroTeg

The user would have to enter it in. And that could be considered a security risk depending on if you've collected enough info to pinpoint the PC (the IP address could be enough which tends to get collected in the web logs).

You'd have to have a program that runs on the client's machine which digs through the registry and finds the login info (which will really only be the user name - you're on your own for the password).

rpanning

I agree with AstroTeg, using Windows login information is a big security risk. But since you asked, to the who's logged in on a windows computer use $_SERVER['REMOTE_USER'] That will give you the domain\username of the logged in user but you cannot get the password (because the already logged into windows so they are authenticated).

m0119975

First of all, thx for the response.

The $_SERVER['REMOTE_USER'] is inderdeed the right var to get it, but in my case the var is empty.

I checked with google and noticed that when for expample using an IIS 5 with anonymous authentification this doesn't work.

I have no acces to this server so i am not allowed to config it.

Does anyone know another solution?

($SERVER['REMOTE_ADDR'] works and gives me the IP but $SERVER['REMOTE_HOST'] gives my nothing)

AstroTeg

What exactly are you trying to do with the authenticated user info?

m0119975

Well,

i want to create a form that has a field "login".
Than i can look up the history for that login afterwards.

And it is inderdeed possible that the user types in his login, but that he can cheat :-)

AstroTeg

I'd recommend creating a secondary authentication system that associates a user login to a password you keep track (ideally NOT the Windows login password). With the login ID, you can then look up the info.

m0119975

idd a login script is a solution (and a clean one if you ask me) but not in this case, for multiple reasons (above my head).

But isn't there any other way?

AstroTeg

In short, you need a secondary login/authentication system. One that is NOT tied to the OS. Only the user can give out the login password. Period. You'd have to prompt for it. And to be honest, thats a very unnecessary security risk you would be implementing (saved passwords, sniffers, storage attacks, etc).

Its not clear the logic or reasoning for implementing this. If you want Windows authentication, you're going to have to do it with VPN. And at this level, the OS will take care of doing all the work.

I've done some work with Windows user names to automatically identify who was using an intranet application and what application permissions they had. But all we needed was the user name since you had to physically log into the machine to acquire the user name. We just put the user name in the database and tracked it from there. The users didn't have to log into the app and the app immediately knew who was using it. But in this case, the account's password was not needed.

Again, if we knew what the requirements were for this site, we may be able to provide you some alternatives.