3
Is it possible to get the computer user login from PHP? The system I am developing is for an intranet, so for the user to log in, it would be enough to compare the user who is logged in with the users of the database, if not, he could not log in. Some way to do it?
I am using PHP on an Apache web server and the machines on my Intranet are connected and a domain.
6
I believe what you want is called Single Sign-On (SSO), that is, the ability of the user to perform authentication once and, from there, all systems share the information of login.
On the web, sharing authentication is common through the open Openid standard. This is the case of "Login with Google" or "Login with Facebook" or "Login with Twitter" that many websites offer.
On intranets, it is very common for systems to perform SSO using the protocol LDAP on a job Active Directory (Windows).
However, SSO does not always provide a transparent login to the user, that is, many implementations require the user to write their credentials to each authentication.
I did a search for "php sso active directory Transparent login" and came up this post from the OS, through which I came to this page about an Apache extension called mod_auth_kerb.
I am not an expert on networks or Windows Server, but I warn you that implementing all the necessary infrastructure can be a very laborious and complicated process.
Sure, you can do some other scam that just takes the username from somewhere, but then security goes down.
I don’t need to worry so much about security because the system will be used by a few lay users. The problem is that the body where I work, the network administrators do not release the connection with LDAP. I asked for access and they do not release.
@Joãoneto In this case, if each user has a fixed machine, you can authenticate by IP. Or you can even put a program in the background on the user’s machine that answers the server’s name, then you make a request from the server to the client to query the user via the IP. If there is no concern for safety, creativity is the limit.
3
Using Apache 2.4 you can use the module mod_authn_ntlm.
Assuming the domain controller is configured to receive requests ntlm, perform the following steps:
1 - Extract the file mod_authn_ntlm.so in your Apache module folder
2 - In your httpd.conf insert the following line to load the module:
LoadModule auth_ntlm_module modules/mod_authn_ntlm.so
3 - This module is dependent on ldap_module. Since it is already included in Apache, simply uncomment the following line on httpd.conf
LoadModule ldap_module modules/mod_ldap.so
4 - Finally, in the configuration of your site, insert the following setting pointing in the directory of your scripts:
<Location /path/para/seu/htdocs >
AllowOverride None
AuthName "Private location"
AuthType SSPI
NTLMAuth On
NTLMAuthoritative On
require valid-user
#require sspi-user EMEA\group_name
</Location>
4 - In your PHP script, use the variable $_SERVER['REMOTE_USER'], it will contain the login in the format dominio\usurario
Step 4 is inside httpd.conf still? Where are you going?
It could be httpd.conf
2
Probably not, because PHP is a server language.
An alternative, but limited to Internet Explorer, is to use Javascript to get this information with Activex.
<!doctype html>
<html>
<head>
<title>Windows Username</title>
</head>
<body>
<script type="text/javascript">
var WinNetwork = new ActiveXObject("WScript.Network");
alert(WinNetwork.UserName);
</script>
</body>
</html>
I think he doesn’t want the server user... he wants the end-user name of the system.
I found a solution like that. But the problem is I can’t require employees to use just IE. But thanks for the layout.
0
to get the user logged in to a PHP computer you can use the following function
<?php
exec('wmic COMPUTERSYSTEM Get UserName', $user);
print_r($user[1]);
?>
Browser other questions tagged php apache windows login
You are not signed in. Login or sign up in order to post.
In a quick search, apparently not with PHP, but yes javascript
– brasofilo
I found nothing concrete.
– João Neto
I believe it is a vulnerability to let a script discover the user’s username... You will have to go another way... Kicking maybe a browser applet or Extension...
– Wakim
I found this other stack in the English OS with a snippet that uses an Activex object, but I don’t know if the result is what it should be. In addition to running only on the Ieca, here showed only Function Activexobject() { [Native code] }
– Bruno Augusto
Yeah, I found the one that uses Activex, and really only runs on IE :/
– João Neto
Is your intranet in a domain? If yes it is possible through webserver (Apache or IIS)
– gmsantos
@gmsantos It’s in a domain yes. How do I do it then?
– João Neto
Apache or IIS??
– gmsantos
@gmsantos Apache.
– João Neto