Please help - How do I get Windows user login data?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
optimus
Forum Newbie
Posts: 6
Joined: Tue Oct 19, 2004 5:07 am

Please help - How do I get Windows user login data?

Post by optimus »

I need to be able to check the username and password that the user has logged into Windows 2000 with. I know this is possible using ASP but i can´t find anything about it using Php. Has anyone done this before or know of any tools which do this.
Any help would be greatly appreciated!
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

I doubt you can get system password in plaintext from any application. As for username, it's usually accessible via $_ENV['USERNAME'].
optimus
Forum Newbie
Posts: 6
Joined: Tue Oct 19, 2004 5:07 am

Post by optimus »

I don´t expect to get their actual password in plaintext but in an encrypted format which i can just parse against their password in a DB. The idea is to have a single sign in process whereby when the user logs in to windows and when they start the application that the application authenticates the user based on the windows username and password!
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

[php_man]win32api[/php_man]
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

Post by kettle_drum »

Well is there any easy way to fake your username so that you can pretent to be a different windows user on your site. Security is a trade off between cost of protection, and the price of what your protecting. It sounds like your simply coding a intranet site - maybe for a school or office. Is the data on this site valuable?

If not you could just assume that the user is who they say they are, and therefore dont need to enter a password - if they have managed to log onto the computer - they are good to go.

Can you use the IP to identify people instead? E.g. have a startup script run on the computer at login that adds the username that logged onto the computer and that computers IP address - then you know that 10.0.0.9 is in fact 'jblogs'.

If your not forcing the users to re-identify themselfs on the site, the data cant be that important - people often leave computers logged on, and so anybody could walk up to it and get on this site as that user.

Just a few ideas.
optimus
Forum Newbie
Posts: 6
Joined: Tue Oct 19, 2004 5:07 am

Post by optimus »

w32api might work if php was running on the client but the php is running on the server and so that just returns me the username of the server which i don´t want. I need to find a way to run that ion the client side --- not sure if it´s possible using Php
optimus
Forum Newbie
Posts: 6
Joined: Tue Oct 19, 2004 5:07 am

Post by optimus »

kettle_drum: Faking identity is not an option - content is dependant on who the user is! It does force them to re-identify themselves on every page and the data is very important. Having a script at startup is something i don´t want for security reasons. It looks like i´ll have to add some VB script or something for checking the userdata.
Thanks for the input though!
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Remember, PHP is server-side. PHP doesn't communicate with the client machine at all.

You'd need some sort of Flash program/Java applet to do this for you, and then send the variable to PHP to be processed on the server-side.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

Sami wrote:Remember, PHP is server-side. PHP doesn't communicate with the client machine at all.

You'd need some sort of Flash program/Java applet to do this for you, and then send the variable to PHP to be processed on the server-side.
Nop. You just need IE to do that :) It's called NTLM authentication.

optimus, what server software do you use? Apache, IIS, something else?
optimus
Forum Newbie
Posts: 6
Joined: Tue Oct 19, 2004 5:07 am

Post by optimus »

Its IIS weirdan.
I´ve heard that Internet explorer stores this info somewhere but haven´t had any luck finding out about it. Is that what NTLM authentication is??
optimus
Forum Newbie
Posts: 6
Joined: Tue Oct 19, 2004 5:07 am

Post by optimus »

All i really want to do is get the NT login details - which shouldn´t be that complicated! Any methods i´ve looked at so far have been complete authentication systems(Radius authentication, LDAPetc..) Surely there is an easier way of getting this data!
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

sort of. According to MSDN if IIS server authenticates the user against the domain successfuly it sets $_ENV['REMOTE_USER']. Hence you don't need to store password in any form because you cant trust REMOTE_USER variable. You'll need to configure your IIS to require user to be authenticated though.
Post Reply