I'm getting somewhere. I set the audit on the folder. I also double-checked my 'is_writeable()' code. I have this code checking the folder. This folder is set to read/write by Administrators only (but not full control). I have started two browsers. One is logged in a an admin-level account. The other is logged in as a lowly user. On both I see the menu option. When I clicked on the menu link on the Admin broswer session I of course am taken to that screen. When I click on the link under the other browser I receive a login popup. This tells me that IIS is asking for an admin-level login. This works for me. As long as the general users cannot get into the page. I would prefer to not have the menu option appear on the non-admin users screen. Thanks for your direction and validation. FPM --- "Bowden, Zeb" <zbowden@xxxxxx> wrote: > To be honest with you I'm not 100% sure on IIS 6 and the context PHP > will run as after you do the basic authentication ... test this you can > audit successes/failures for the everyone group on the particular > file/folder you try to write to, then the eventlogs will tell you whose > trying to access it. > > > > > -----Original Message----- > From: Paul Menard [mailto:paulmenard1@xxxxxxxxx] > Sent: Wednesday, February 25, 2004 10:29 AM > To: Bowden, Zeb; php-windows@xxxxxxxxxxxxx > Subject: RE: Best way to check for user 'Administrator' group > membership > > Ah. Now we are getting someone who kind of understands my issues. > > Yes. I mean the local system administrators group. > Yes. I was looking at using 'is_readable()', 'is_writeable()'. Tried > both on file(s) and folder(s) with no luck. I tried creating a > file/folder both inside my Web tree InetPub as well as outside. I would > then strip off all user permissions except Administrator. and only then > make this writable access. I tried adding the code as in > > if (is_writable(<my file>) == TRUE) > { > //code to include menu option > } > > My thought was that is the file is writable then the user must be a > member of the Administrators group thus they should see admin only menu > option. > > So this might help clear up my confusion. When the user is authenticated > isn't that now the context that PHP is running under? In other words I > know that if for instance I allowed anonymous access by users then the > PHP.exe would run as the local IIS defined account (I think it is > 'IUSR_...'). But since I am requiring each user to authenticate (against > windows basic). does this not change the running context for PHP to > assume the users local access? will phpinfo() provide the user that PHP > is running under? > > FPM > > > --- "Bowden, Zeb" <zbowden@xxxxxx> wrote: > > When you say member of the administrators group do you mean a member > > of the local admin group on your webserver machine? The iswritable > > solution won't work because you will be writing to the file in the > > security context of the account under which IIS is running (Network > > Service > > probably) > > > > I think the easiest thing for you to do is use a tool in the windows > > 2000 or 2003 resource kit called "showgrps.exe" ... The 2k3 resource > > kit is free so you should be able to grab it and use > > > > > > > > > > > > > > -----Original Message----- > > From: Paul Menard [mailto:paulmenard1@xxxxxxxxx] > > Sent: Wednesday, February 25, 2004 9:44 AM > > To: trystano@xxxxxxx; b.a.t.svensson@xxxxxxx; > > php-windows@xxxxxxxxxxxxx > > Subject: Re: Best way to check for user 'Administrator' > > group membership > > > > Okay, well first I do not wish to complicate the maintenance of the > > system by requiring dual setup, once on the windows user level and > > another in the database to adjust the user group membership. And no I > > do not want to add a fancy form page that will allow me to do this > > task. At this point I have over 600 accounts on the system. The > > requirements were to use system-level user authentication not a > > database. So I would have to build a table to contain the accounts and > > > keep this sync'd with the adding/deleting of users which is a separate > > > part of the system that I have no control over. > > > > But thanks for the suggestion. > > > > FPM > > > > > > --- trystano@xxxxxxx wrote: > > > Have an entry in your MySQL databases that states a/the users level > > > (admin, user etc). Then when they attempt to login check against > > > this value against their username/password credentials and then > > > determine > > the logic yourself. > > > > > > You could even have a dropdown box populate with the types of > > > admin/user etc and then compare this value with the > > > username/password in the database etc > > > > > > Its not to difficult, you just need to think about it. > > > > > > Tryst > > > > > > -- > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, > visit: > > > http://www.php.net/unsub.php > > > > > > > -- > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: > > http://www.php.net/unsub.php > > > > -- > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: > > http://www.php.net/unsub.php > > > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
