Issue solved. After stopping my system admin on the way for more coffee he suggested cycling IIS. Something about more patience needed on my part and IIS caching or changes like folder permissions related to web page logic not taking instant affect. So no I have what I want. On the admin browser session I have then menu option I need and on the non-admin session I do not have then option. Case closed. Thanks all. --- Paul Menard <paulmenard1@xxxxxxxxx> wrote: > I'm getting somewhere. > > > I set the audit on the folder. I also double-checked my 'is_writeable()' code. I have this code > checking the folder. This folder is set to read/write by Administrators only (but not full > control). I have started two browsers. One is logged in a an admin-level account. The other is > logged in as a lowly user. On both I see the menu option. > > When I clicked on the menu link on the Admin broswer session I of course am taken to that > screen. > When I click on the link under the other browser I receive a login popup. This tells me that IIS > is asking for an admin-level login. > > This works for me. As long as the general users cannot get into the page. I would prefer to not > have the menu option appear on the non-admin users screen. > > Thanks for your direction and validation. > > FPM > > > > --- "Bowden, Zeb" <zbowden@xxxxxx> wrote: > > To be honest with you I'm not 100% sure on IIS 6 and the context PHP > > will run as after you do the basic authentication ... test this you can > > audit successes/failures for the everyone group on the particular > > file/folder you try to write to, then the eventlogs will tell you whose > > trying to access it. > > > > > > > > > > -----Original Message----- > > From: Paul Menard [mailto:paulmenard1@xxxxxxxxx] > > Sent: Wednesday, February 25, 2004 10:29 AM > > To: Bowden, Zeb; php-windows@xxxxxxxxxxxxx > > Subject: RE: Best way to check for user 'Administrator' group > > membership > > > > Ah. Now we are getting someone who kind of understands my issues. > > > > Yes. I mean the local system administrators group. > > Yes. I was looking at using 'is_readable()', 'is_writeable()'. Tried > > both on file(s) and folder(s) with no luck. I tried creating a > > file/folder both inside my Web tree InetPub as well as outside. I would > > then strip off all user permissions except Administrator. and only then > > make this writable access. I tried adding the code as in > > > > if (is_writable(<my file>) == TRUE) > > { > > //code to include menu option > > } > > > > My thought was that is the file is writable then the user must be a > > member of the Administrators group thus they should see admin only menu > > option. > > > > So this might help clear up my confusion. When the user is authenticated > > isn't that now the context that PHP is running under? In other words I > > know that if for instance I allowed anonymous access by users then the > > PHP.exe would run as the local IIS defined account (I think it is > > 'IUSR_...'). But since I am requiring each user to authenticate (against > > windows basic). does this not change the running context for PHP to > > assume the users local access? will phpinfo() provide the user that PHP > > is running under? > > > > FPM > > > > > > --- "Bowden, Zeb" <zbowden@xxxxxx> wrote: > > > When you say member of the administrators group do you mean a member > > > of the local admin group on your webserver machine? The iswritable > > > solution won't work because you will be writing to the file in the > > > security context of the account under which IIS is running (Network > > > Service > > > probably) > > > > > > I think the easiest thing for you to do is use a tool in the windows > > > 2000 or 2003 resource kit called "showgrps.exe" ... The 2k3 resource > > > kit is free so you should be able to grab it and use > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > From: Paul Menard [mailto:paulmenard1@xxxxxxxxx] > > > Sent: Wednesday, February 25, 2004 9:44 AM > > > To: trystano@xxxxxxx; b.a.t.svensson@xxxxxxx; > > > php-windows@xxxxxxxxxxxxx > > > Subject: Re: Best way to check for user 'Administrator' > > > group membership > > > > > > Okay, well first I do not wish to complicate the maintenance of the > > > system by requiring dual setup, once on the windows user level and > > > another in the database to adjust the user group membership. And no I > > > do not want to add a fancy form page that will allow me to do this > > > task. At this point I have over 600 accounts on the system. The > > > requirements were to use system-level user authentication not a > > > database. So I would have to build a table to contain the accounts and > > > > > keep this sync'd with the adding/deleting of users which is a separate > > > > > part of the system that I have no control over. > > > > > > But thanks for the suggestion. > > > > > > FPM > > > > > > > > > --- trystano@xxxxxxx wrote: > > > > Have an entry in your MySQL databases that states a/the users level > > > > (admin, user etc). Then when they attempt to login check against > > > > this value against their username/password credentials and then > > > > determine > > > the logic yourself. > > > > > > > > You could even have a dropdown box populate with the types of > > > > admin/user etc and then compare this value with the > > > > username/password in the database etc > > > > > > > > Its not to difficult, you just need to think about it. > > > > > > > > Tryst > > > > > > > > -- > > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, > > visit: > > > > http://www.php.net/unsub.php > > > > > > > > > > -- > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: > > > http://www.php.net/unsub.php > > > > > > -- > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: > > > http://www.php.net/unsub.php > > > > > > > -- > > PHP Windows Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
