How to retrieve windows logged on username?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
b0necrack3r
Forum Newbie
Posts: 4
Joined: Sat Sep 02, 2006 6:33 pm

How to retrieve windows logged on username?

Post by b0necrack3r »

Hello.
I ma fighting with one problem for about 2 weeks and cannot find any solvation.
I build a site which gonna run in a private ,domain based network, and I need a script in php which will retrieve the username of the corrent logged on to windows user.

Hope that you can help.
Thank you, sasha.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

If the client does not send this information with the http request php (server-side) cannot retrieve it.
If not configured otherwise the internet explorer (afaik no other browser) sends such an ntlm authentication without asking the user.
User avatar
ambivalent
Forum Contributor
Posts: 173
Joined: Thu Apr 14, 2005 8:58 pm
Location: Toronto, ON

Post by ambivalent »

exec() + psloggedon from sysinternals can do that for you. This assumes that all of the systems on your private network are running Windows since *nix systems don't use that naming convention. You also need the Remote Registry service running on the client machine. While this works well in an intranet environment where one has control over machines and browsers, it probably won't be reliable if the client machines on your private network are not under the direct control/administration of your company.
User avatar
sweatje
Forum Contributor
Posts: 277
Joined: Wed Jun 29, 2005 10:04 pm
Location: Iowa, USA

Post by sweatje »

I don't use PHP on an IIS machine, but when I did ASP pages, you could just force directory authentication, and then use Request.ServerVariables("AUTH_USER")

Surly the SAPI for IIS does something similar?
b0necrack3r
Forum Newbie
Posts: 4
Joined: Sat Sep 02, 2006 6:33 pm

must me some easier way!

Post by b0necrack3r »

can I somehow run msdos commands on the remote pc, so I can run 'nbtstat -a' and retrieve the username?

thnx.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Not on just any pc. Would you want anybody to be able to run programs on your pc arbitrarily? I don't think so.
Please explain your scenario in more detail.
b0necrack3r
Forum Newbie
Posts: 4
Joined: Sat Sep 02, 2006 6:33 pm

Post by b0necrack3r »

yeah.. you are right. it's not secure.
I dont have any ideas..
maybe there're any files on the pc which store the information about corrent logged user? and I can retrieve this info with php?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Do you want everybody with a webserver to be able to read arbitrary files on your pc?
volka wrote:Please explain your scenario in more detail.
b0necrack3r
Forum Newbie
Posts: 4
Joined: Sat Sep 02, 2006 6:33 pm

Post by b0necrack3r »

The site is gonna run in a local domain sphere..
I thought that maybe there are any modules for "trusted" and local sites..
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Yes, there are ...more or less.
volka wrote:If not configured otherwise the internet explorer (afaik no other browser) sends such an ntlm authentication without asking the user.
http://support.microsoft.com/kb/158229/ wrote:Unlike Basic authentication, NTLM authentication does not prompt users for their user name and password by default. The current Windows user account on the client machine is used for the NTLM authentication. Then, if this fails, it will prompt the user for the username and password to be used. If NTLM authentication succeeds, the requested application or resource is executed in the context of the specified user.
sweatje wrote:but when I did ASP pages, you could just force directory authentication, and then use Request.ServerVariables("AUTH_USER")
Post Reply