PHP/Windows Login Integration

jesser

I have a small intranet I'm putting together for my company. What I want to do is grab the user login from the windows network to match to a field in my MySQL database, so that I don't have to have users do a separate login to get access to certain pages on the intranet.

Anyone have any clue how to do this??

Jess

devinemke

that would be pretty scary wouldn't it? pointing my browser to a PHP enabled webserver that could automatically grab my windows password.

jesser

This is a local INTRAnet only, not available to the WWW. I'm not trying to access passwords or anything like it! JUST THE USER NAME. This is, in fact, something that windows propogates the user name field with so you don't have to retype it each and every time your computer locks or you log in. All I'm trying to do is save the people at my company a bit of time/effort and in some ways increase security since they won't be required to remember multiple passwords which for a lot of people forces them to write them down.

If you have personal issues with helping me on this, don't. I hope I've made my motives clear. They are not mallicious.

devinemke

the point of my post was to illustrate how big a security issue it would be if PHP (a server-side language) could extract Windows login information from the client-side.

for a basic idea of what PHP "grabs" from the client have a look at the output generated by [man]phpinfo[/man].

jesser

That's fine. I just wanted to make my intentions clear. I know I would feel weird about helping someone with malicious intent.

Roger_Ramjet

All depends on their browser, Firefox and Netscape 7 have password manager which will remember and autofill username and password according to URL, if the user so desires. IE does not have the same functionality but it will remember .htaccess passwords. If it is an intranet then cookies might be the way to go.

A lot of programmers worry too much about users objecting to entering a password. People don't mind having to input the password, what upsets them is not being able to use the password of their choice.

As to windows, it's security is soooo bad that anything you can do to tighten it is a MUST. I set up windows to require ctrl-alt-del before login just so that it does not propogate the username. If a malicious person has to hack both the username and the password then it is twice as hard. To bad for my users, they have to work them fingers, but I've never had any complaints. Stop worrying about them and start worrying about your real problem, security. Users will just have to do what you need them to do.

Weedpacket

http://www.phpbuilder.com/board/showthread.php?s=&threadid=10244285&highlight=Windows+intranet+login
http://www.phpbuilder.com/board/showthread.php?s=&threadid=10279344&highlight=Windows+intranet+login
http://www.phpbuilder.com/board/showthread.php?s=&threadid=10265953&highlight=Windows+intranet+login
http://www.phpbuilder.com/board/showthread.php?s=&threadid=10266014&highlight=Windows+intranet+login
http://www.phpbuilder.com/board/showthread.php?s=&threadid=10224075&highlight=Windows+intranet+login
http://www.phpbuilder.com/board/showthread.php?s=&threadid=10218911&highlight=Windows+intranet+login

munaf

check my reply there may be you can sort something from it

http://www.phpbuilder.com/board/showthread.php?s=&threadid=10292409&highlight=windows+username