To be honest with you I'm not 100% sure on IIS 6 and the context PHP will run as after you do the basic authentication ... test this you can audit successes/failures for the everyone group on the particular file/folder you try to write to, then the eventlogs will tell you whose trying to access it. -----Original Message----- From: Paul Menard [mailto:paulmenard1@xxxxxxxxx] Sent: Wednesday, February 25, 2004 10:29 AM To: Bowden, Zeb; php-windows@xxxxxxxxxxxxx Subject: RE: Best way to check for user 'Administrator' group membership Ah. Now we are getting someone who kind of understands my issues. Yes. I mean the local system administrators group. Yes. I was looking at using 'is_readable()', 'is_writeable()'. Tried both on file(s) and folder(s) with no luck. I tried creating a file/folder both inside my Web tree InetPub as well as outside. I would then strip off all user permissions except Administrator. and only then make this writable access. I tried adding the code as in if (is_writable(<my file>) == TRUE) { //code to include menu option } My thought was that is the file is writable then the user must be a member of the Administrators group thus they should see admin only menu option. So this might help clear up my confusion. When the user is authenticated isn't that now the context that PHP is running under? In other words I know that if for instance I allowed anonymous access by users then the PHP.exe would run as the local IIS defined account (I think it is 'IUSR_...'). But since I am requiring each user to authenticate (against windows basic). does this not change the running context for PHP to assume the users local access? will phpinfo() provide the user that PHP is running under? FPM --- "Bowden, Zeb" <zbowden@xxxxxx> wrote: > When you say member of the administrators group do you mean a member > of the local admin group on your webserver machine? The iswritable > solution won't work because you will be writing to the file in the > security context of the account under which IIS is running (Network > Service > probably) > > I think the easiest thing for you to do is use a tool in the windows > 2000 or 2003 resource kit called "showgrps.exe" ... The 2k3 resource > kit is free so you should be able to grab it and use > > > > > > > -----Original Message----- > From: Paul Menard [mailto:paulmenard1@xxxxxxxxx] > Sent: Wednesday, February 25, 2004 9:44 AM > To: trystano@xxxxxxx; b.a.t.svensson@xxxxxxx; > php-windows@xxxxxxxxxxxxx > Subject: Re: Best way to check for user 'Administrator' > group membership > > Okay, well first I do not wish to complicate the maintenance of the > system by requiring dual setup, once on the windows user level and > another in the database to adjust the user group membership. And no I > do not want to add a fancy form page that will allow me to do this > task. At this point I have over 600 accounts on the system. The > requirements were to use system-level user authentication not a > database. So I would have to build a table to contain the accounts and > keep this sync'd with the adding/deleting of users which is a separate > part of the system that I have no control over. > > But thanks for the suggestion. > > FPM > > > --- trystano@xxxxxxx wrote: > > Have an entry in your MySQL databases that states a/the users level > > (admin, user etc). Then when they attempt to login check against > > this value against their username/password credentials and then > > determine > the logic yourself. > > > > You could even have a dropdown box populate with the types of > > admin/user etc and then compare this value with the > > username/password in the database etc > > > > Its not to difficult, you just need to think about it. > > > > Tryst > > > > -- > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: > > http://www.php.net/unsub.php > > > > -- > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: > http://www.php.net/unsub.php > > -- > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: > http://www.php.net/unsub.php > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
