Page 1 of 1
PHP File Exists FireFox and IIS and NTLM
Posted: Thu Apr 19, 2007 4:23 am
by phpdevuk
I have been using a fairly simple bit of code to check if a file exists, and have hit a rather odd problem.
I am working on a intranet setup to read a users windows logon via NTLM, the webserver is set to integrated windows password to enable me to do this with no anonymous access.
I managed to get this working in both IE and fire fox with some tweaks to the NTLM settings in about:config on firefox.
How ever weirdly it seems that when I use php to check for existence of files over a network share from the server the current user (and permissions) are passed down from IE and not FireFox, meaning that in IE I get a file found response, but in firefox it returns file not found.
Only way around this I have found so far is to assign an anonymous access user to my script with access permissions for the directory or file being checked.
Code: Select all
$location = "//server/documents/folder";
echo $location."<br>";
if (file_exists($location))
echo "found";
else
echo "not found";
Re: PHP File Exists FireFox and IIS and NTLM
Posted: Thu Apr 19, 2007 9:34 am
by volka
phpdevuk wrote:How ever weirdly it seems that when I use php to check for existence of files over a network share from the server the current user (and permissions) are passed down from IE and not FireFox, meaning that in IE I get a file found response, but in firefox it returns file not found.
Even stranger php does not run "in" one of the two brosers but on the server. If the same (string) values are passed via http it should matter what browser has been used.
Are you sure the impersonation works properly?
What does
Code: Select all
error_reporting(E_ALL);
ini_set('display_errors', true);
try {
echo 'querying username via winmgmts: ';
$service = new COM('winmgmts:');
$sysobjects = $service->ExecQuery('SELECT * FROM Win32_ComputerSystem');
foreach($sysobjects as $o) {
echo $o->UserName, "<br />\n";
}
}
catch(Exception $e) {
echo 'Caught exception: ', $e->getMessage(), "<br />\n";
}
// or
try {
echo 'querying username via WSCRIPT.Network: ';
$net = new COM("WSCRIPT.Network");
echo $net->UserName, "<br />\n";
}
catch(Exception $e) {
echo 'Caught exception: ', $e->getMessage(), "<br />\n";
}
echo ' done.';
print? (untested, you need at least php 5 with its com extension installed)
Posted: Thu Apr 19, 2007 10:41 am
by phpdevuk
I get the following repsonse from your script
Code: Select all
querying username via winmgmts:
querying username via WSCRIPT.Network: MyUser
done.
I thought it weird at first that either of the 2 browsers were passing permissions down to php as I always thought it ran as its own user on the local machine.
Posted: Thu Apr 19, 2007 10:44 am
by volka
phpdevuk wrote:I get the following repsonse from your script
Code: Select all
querying username via winmgmts:
querying username via WSCRIPT.Network: MyUser
done.
You get that (exactly the same) for both browser? And
MyUser is the expected value?
Posted: Thu Apr 19, 2007 11:06 am
by phpdevuk
Well MyUser is not really my username thought I'd swap it for somthing vague. But I get the same response in both IE and Fire Fox.
Posted: Thu Apr 19, 2007 11:25 am
by volka
and
$location = "//server/documents/folder";
is exactly the same for both requests?
If it is I'm clueless.
Posted: Thu Apr 19, 2007 11:40 am
by phpdevuk
yeah same folder, script each time, best I can tell is it is taking the windows logon as IE and passing it through, but not from Fire Fox, I have a work around so I am not too worried for now.
Posted: Thu Apr 19, 2007 11:43 am
by volka
phpdevuk wrote:yeah same folder, script each time, best I can tell is it is taking the windows logon as IE and passing it through, but not from Fire Fox
That's what the previous script was testing for.
Posted: Thu Apr 19, 2007 2:13 pm
by phpdevuk
yeah that makes sense, in order to extract the windows login from the users browser I disabled the anonymous account in iis settings and replaced it with integrated logon in iis which seems to be where half my problems started.