Intranet Windows Xp UserName

merlin87

I have been charged with moving our interal office software to an intranet based concept and I am learning PHP on the fly. So far so good but I can't seem to find a way to capture the UserName from the WinXP enviroment. The idea behind the concept is an existing users table that has permissions set and I want to avoid using a login page if possible. On the current the database software the username is captured from the logged on Windows user and I would just like to maintain the same style if possible. Any help would be deeply appreciated.

AstroTeg

Can't do it, UNLESS:

Your users are using IE
You build a COM object to retrieve the registry info
You build an ActiveX component to access the COM object (skip the 2nd step if you can get the ActiveX object to access the registry directly)

Then its a matter of using JavaScript to call the ActiveX component and return the user info. Once returned, it'll all be in JavaScript so you'll have to submit the data to a page to get that info to PHP.

merlin87

Yes, all users will be using IE. I will search for a Java script to do as you suggest. Thanks.

piersk

To be honest, if you're gonna be doin something like this, I'd suggest using ASP instead.

You might argue that PHP is the better language, but you should always use the right tool for the right job.

AstroTeg

Originally posted by merlin87
Yes, all users will be using IE. I will search for a Java script to do as you suggest. Thanks.

JavaScript will be what you use to interface with the ActiveX. But JavaScript has NO way to access the registry.

AstroTeg

Originally posted by piersk
To be honest, if you're gonna be doin something like this, I'd suggest using ASP instead.

You might argue that PHP is the better language, but you should always use the right tool for the right job.

Not to go off topic here, but what does ASP have to do with solving a client access problem? ASP will NOT be able to do any better than PHP for this problem. Heck, for the problem at hand (retrieving the client's logged in user name), it doesn't matter what flavor web server is being used or the language it uses to run its scripts.

piersk

Well... if you're using MS's version of ASP (rather than the Sun one) then that can integrate very nicely with active directory (the bit that controls the user logins in w2k and w2k3).

I might be getting the wrong end of the stick here, but I'm sure the whole point of this thread was to provide the users access if they are logged onto the windows network. Since logging onto the windows network involved active directory, then why not use ASP to work with AD?

Weedpacket

Don't I seem to recall something somewhere about some Windows/IE/IIS(?)-specific solution that has something to do with the username being available in the $_SERVER[] array because the browser trusts the server with it and sends it as one of its request headers? (I think it's obvious I don't really have much of a clue about what I'm talking about here; a search on Windows intranet login came up with eleven hits, but I don't know if any of them are any good.)

piersk

Are you sure you're not thinking about $SERVER['PHP_AUTH_USER'] and $SERVER['PHP_AUTH_PW']? They can be used when with basic apache authentication, but I'm pretty sure you can't use them with AD logins.

AstroTeg

PHP_AUTH_USER is the browser authenticated user, which Apache and IIS handle. This doesn't take into account the Window's logged in user. That information can be found in the registry:

My Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
(one of a few places you'll find the login name)

With ActiveX and COM, you can dig this out. I'm not fluent in COM or ActiveX. My boss has written a COM object to fetch the registry info. Then built an ActiveX component that just queried the COM object. Then he had the installer do its thing and install both the ActiveX and COM object. Then when you were in IE and you go to a page which loaded the ActiveX component, you could then retrieve the user name logged in by having JavaScript send it (we did a post submittal). We didn't put much counter measures in the scripts since the user base was about 20 people who barely understood HTML (we had used a modal dialog window to do the checking so it was very tough to view->source and reverse engineer the processing going on).

I'm not familiar with all the tricks of Active Directory. There might be something there to check out. Maybe take the IP the user has and look up the directory and see who logged in on that IP. If you can do that, then you can ditch the COM/ActiveX thing and even make it multi-browser friendly (which would be a much better solution). This may cause security issues if the web server has this much access. Make sure you review the implications of doing this.

chriskhtx

I had the same problem. I used ASP. It works great. We are running a windows 2000 domain, not Active Directory yet.

<% Response.Write Request.ServerVariables("LOGON_USER") %>

That line will echo the domain and username in this format:
DOMAIN\User.Name

Then you can pass that variable to php.

Supposedly you can use $_SERVER['PHP_AUTH_USER'] in php as long as your authentication is set to NTLM and not Basic. But I was never able to get that to work.

Hope that helps,
Chris

merlin87

It appears that I can get the information using vbscripting or possibly windows scripting. I am still looking...

Weedpacket

Originally posted by chriskhtx
<% Response.Write Request.ServerVariables("LOGON_USER") %>

Ah, well the PHP equivalent of that would be

<?php echo $_SERVER['LOGON_USER'] ?>

So maybe that's what I was thinking of.

piersk

Originally posted by Weedpacket
Ah, well the PHP equivalent of that would be
echo $_SERVER['LOGON_USER'];
So maybe that's what I was thinking of. [/B]

I've tried using that (on a windows server) but I couldn't get it to work. Although I don't think that server was attached to the same domain, so that may have been why....

Weedpacket

Originally posted by piersk
I've tried using that (on a windows server) but I couldn't get it to work. Although I don't think that server was attached to the same domain, so that may have been why....

There's probably also some sort of IIS/Windows networking config stuff involved as well.

piersk

I reckon that if the webserver had been on the same domain then it should have been ok, but I also agree that there is probably some networking involved.

TBH, since it's about 20 miles away and just on the Net, it wouldn't have been very secure to have our usernames thrown out onto the net.

AstroTeg

Originally posted by chriskhtx
I had the same problem. I used ASP. It works great. We are running a windows 2000 domain, not Active Directory yet.

<% Response.Write Request.ServerVariables("LOGON_USER") %>

That line will echo the domain and username in this format:
DOMAIN\User.Name

Then you can pass that variable to php.

Supposedly you can use $_SERVER['PHP_AUTH_USER'] in php as long as your authentication is set to NTLM and not Basic. But I was never able to get that to work.

Hope that helps,
Chris

To get "LOGON_USER", you'd still have to setup a challenge/response (can't have IIS defaulted to anonymous access). htp://support.microsoft.com/default.aspx?scid=KB;en-us;q188717

If it works, great! But at our shop, we didn't want to prompt the user for authentication. We just wanted to snag their network login ID and automatically authenticate them that way. We didn't have any success with "LOGON_USER" which is why we went with ActiveX.

chriskhtx

We'll, my understanding is that they have authentication setup as NTLM instead of Basic. It doesnt prompt for a username and password, it just snags it. For some reason, ASP will work, but I cannot get the PHP equivalent to work.

Thanks,
CHris

AstroTeg

Originally posted by chriskhtx
We'll, my understanding is that they have authentication setup as NTLM instead of Basic. It doesnt prompt for a username and password, it just snags it. For some reason, ASP will work, but I cannot get the PHP equivalent to work.

Have you tried using [man]phpinfo[/man] to see if its in one of the variables?

chriskhtx

I hadn't checked it. But on version 4.3.2 that is installed. It says:
AUTH_TYPE NTLM

AUTH_USER MYDOMAIN\My.Username

It does show my domain and my username..... thats weird, because I could not get it to echo that value with $_SERVER['AUTH_USER'].. it would always be empty.

Just saw that LOGON_USER, REMOTE_USER and UNMAPPED_REMOTE_USER also have my domain and username in them.