Please help - How do I get Windows user login data?
Moderator: General Moderators
Please help - How do I get Windows user login data?
I need to be able to check the username and password that the user has logged into Windows 2000 with. I know this is possible using ASP but i can´t find anything about it using Php. Has anyone done this before or know of any tools which do this.
Any help would be greatly appreciated!
Any help would be greatly appreciated!
I don´t expect to get their actual password in plaintext but in an encrypted format which i can just parse against their password in a DB. The idea is to have a single sign in process whereby when the user logs in to windows and when they start the application that the application authenticates the user based on the windows username and password!
-
kettle_drum
- DevNet Resident
- Posts: 1150
- Joined: Sun Jul 20, 2003 9:25 pm
- Location: West Yorkshire, England
Well is there any easy way to fake your username so that you can pretent to be a different windows user on your site. Security is a trade off between cost of protection, and the price of what your protecting. It sounds like your simply coding a intranet site - maybe for a school or office. Is the data on this site valuable?
If not you could just assume that the user is who they say they are, and therefore dont need to enter a password - if they have managed to log onto the computer - they are good to go.
Can you use the IP to identify people instead? E.g. have a startup script run on the computer at login that adds the username that logged onto the computer and that computers IP address - then you know that 10.0.0.9 is in fact 'jblogs'.
If your not forcing the users to re-identify themselfs on the site, the data cant be that important - people often leave computers logged on, and so anybody could walk up to it and get on this site as that user.
Just a few ideas.
If not you could just assume that the user is who they say they are, and therefore dont need to enter a password - if they have managed to log onto the computer - they are good to go.
Can you use the IP to identify people instead? E.g. have a startup script run on the computer at login that adds the username that logged onto the computer and that computers IP address - then you know that 10.0.0.9 is in fact 'jblogs'.
If your not forcing the users to re-identify themselfs on the site, the data cant be that important - people often leave computers logged on, and so anybody could walk up to it and get on this site as that user.
Just a few ideas.
kettle_drum: Faking identity is not an option - content is dependant on who the user is! It does force them to re-identify themselves on every page and the data is very important. Having a script at startup is something i don´t want for security reasons. It looks like i´ll have to add some VB script or something for checking the userdata.
Thanks for the input though!
Thanks for the input though!
Nop. You just need IE to do thatSami wrote:Remember, PHP is server-side. PHP doesn't communicate with the client machine at all.
You'd need some sort of Flash program/Java applet to do this for you, and then send the variable to PHP to be processed on the server-side.
optimus, what server software do you use? Apache, IIS, something else?