Sorry, you should be using Integrated Windows Authentication rather than basic integration. -----Original Message----- From: Paul Menard [mailto:paulmenard1@xxxxxxxxx] Sent: 25 February 2004 3:37 To: David Felton; php-windows@xxxxxxxxxxxxx Subject: RE: Best way to check for user 'Administrator' group me mbership That is exactly how my setup is configured. No Anonymous, Yes Basic, No on Windows Integrated This is set at the top level of the wwwroot in IIS. Not sure why the 'is_writeable()' is not working. Still investigating. --- David Felton <davidfelton@xxxxxxxxxxxxxxx> wrote: > > If you enable basic authentication on the webserver and then disable > anonymous access, php will run under the credentials of the currently logged > in user. If you do this the 'is_writeable()' trick would work as you > expeted. > > > -----Original Message----- > From: Paul Menard [mailto:paulmenard1@xxxxxxxxx] > Sent: 25 February 2004 3:29 > To: Bowden, Zeb; php-windows@xxxxxxxxxxxxx > Subject: RE: Best way to check for user 'Administrator' group > membership > > > Ah. Now we are getting someone who kind of understands my issues. > > Yes. I mean the local system administrators group. > Yes. I was looking at using 'is_readable()', 'is_writeable()'. Tried both on > file(s) and folder(s) > with no luck. I tried creating a file/folder both inside my Web tree InetPub > as well as outside. I > would then strip off all user permissions except Administrator. and only > then make this writable > access. I tried adding the code as in > > if (is_writable(<my file>) == TRUE) > { > //code to include menu option > } > > My thought was that is the file is writable then the user must be a member > of the Administrators > group thus they should see admin only menu option. > > So this might help clear up my confusion. When the user is authenticated > isn't that now the > context that PHP is running under? In other words I know that if for > instance I allowed anonymous > access by users then the PHP.exe would run as the local IIS defined account > (I think it is > 'IUSR_...'). But since I am requiring each user to authenticate (against > windows basic). does this > not change the running context for PHP to assume the users local access? > will phpinfo() provide > the user that PHP is running under? > > FPM > > > --- "Bowden, Zeb" <zbowden@xxxxxx> wrote: > > When you say member of the administrators group do you mean a member of > > the local admin group on your webserver machine? The iswritable solution > > won't work because you will be writing to the file in the security > > context of the account under which IIS is running (Network Service > > probably) > > > > I think the easiest thing for you to do is use a tool in the windows > > 2000 or 2003 resource kit called "showgrps.exe" ... The 2k3 resource kit > > is free so you should be able to grab it and use > > > > > > > > > > > > > > -----Original Message----- > > From: Paul Menard [mailto:paulmenard1@xxxxxxxxx] > > Sent: Wednesday, February 25, 2004 9:44 AM > > To: trystano@xxxxxxx; b.a.t.svensson@xxxxxxx; php-windows@xxxxxxxxxxxxx > > Subject: Re: Best way to check for user 'Administrator' group > > membership > > > > Okay, well first I do not wish to complicate the maintenance of the > > system by requiring dual setup, once on the windows user level and > > another in the database to adjust the user group membership. And no I do > > not want to add a fancy form page that will allow me to do this task. At > > this point I have over 600 accounts on the system. The requirements were > > to use system-level user authentication not a database. So I would have > > to build a table to contain the accounts and keep this sync'd with the > > adding/deleting of users which is a separate part of the system that I > > have no control over. > > > > But thanks for the suggestion. > > > > FPM > > > > > > --- trystano@xxxxxxx wrote: > > > Have an entry in your MySQL databases that states a/the users level > > > (admin, user etc). Then when they attempt to login check against this > > > value against their username/password credentials and then determine > > the logic yourself. > > > > > > You could even have a dropdown box populate with the types of > > > admin/user etc and then compare this value with the username/password > > > in the database etc > > > > > > Its not to difficult, you just need to think about it. > > > > > > Tryst > > > > > > -- > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: > > > http://www.php.net/unsub.php > > > > > > > -- > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: > > http://www.php.net/unsub.php > > > > -- > > PHP Windows Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > ********************************************************************** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote also confirms that this email message has been swept by > MIMEsweeper for the presence of computer viruses. > ********************************************************************** > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
