I know I'm late into this discussion, but the PECl extension php_ntuser gives you a tool to get the users and groups from the SAM database with a few simple PHP functions. - Frank > Issue solved. > > After stopping my system admin on the way for more coffee he suggested cycling IIS. Something > about more patience needed on my part and IIS caching or changes like folder permissions related > to web page logic not taking instant affect. > > So no I have what I want. On the admin browser session I have then menu option I need and on the > non-admin session I do not have then option. > > Case closed. > > Thanks all. > > > > --- Paul Menard <paulmenard1@xxxxxxxxx> wrote: > > I'm getting somewhere. > > > > > > I set the audit on the folder. I also double-checked my 'is_writeable()' code. I have this code > > checking the folder. This folder is set to read/write by Administrators only (but not full > > control). I have started two browsers. One is logged in a an admin-level account. The other is > > logged in as a lowly user. On both I see the menu option. > > > > When I clicked on the menu link on the Admin broswer session I of course am taken to that > > screen. > > When I click on the link under the other browser I receive a login popup. This tells me that IIS > > is asking for an admin-level login. > > > > This works for me. As long as the general users cannot get into the page. I would prefer to not > > have the menu option appear on the non-admin users screen. > > > > Thanks for your direction and validation. > > > > FPM > > > > > > > > --- "Bowden, Zeb" <zbowden@xxxxxx> wrote: > > > To be honest with you I'm not 100% sure on IIS 6 and the context PHP > > > will run as after you do the basic authentication ... test this you can > > > audit successes/failures for the everyone group on the particular > > > file/folder you try to write to, then the eventlogs will tell you whose > > > trying to access it. > > > > > > > > > > > > > > > -----Original Message----- > > > From: Paul Menard [mailto:paulmenard1@xxxxxxxxx] > > > Sent: Wednesday, February 25, 2004 10:29 AM > > > To: Bowden, Zeb; php-windows@xxxxxxxxxxxxx > > > Subject: RE: Best way to check for user 'Administrator' group > > > membership > > > > > > Ah. Now we are getting someone who kind of understands my issues. > > > > > > Yes. I mean the local system administrators group. > > > Yes. I was looking at using 'is_readable()', 'is_writeable()'. Tried > > > both on file(s) and folder(s) with no luck. I tried creating a > > > file/folder both inside my Web tree InetPub as well as outside. I would > > > then strip off all user permissions except Administrator. and only then > > > make this writable access. I tried adding the code as in > > > > > > if (is_writable(<my file>) == TRUE) > > > { > > > //code to include menu option > > > } > > > > > > My thought was that is the file is writable then the user must be a > > > member of the Administrators group thus they should see admin only menu > > > option. > > > > > > So this might help clear up my confusion. When the user is authenticated > > > isn't that now the context that PHP is running under? In other words I > > > know that if for instance I allowed anonymous access by users then the > > > PHP.exe would run as the local IIS defined account (I think it is > > > 'IUSR_...'). But since I am requiring each user to authenticate (against > > > windows basic). does this not change the running context for PHP to > > > assume the users local access? will phpinfo() provide the user that PHP > > > is running under? > > > > > > FPM > > > > > > > > > --- "Bowden, Zeb" <zbowden@xxxxxx> wrote: > > > > When you say member of the administrators group do you mean a member > > > > of the local admin group on your webserver machine? The iswritable > > > > solution won't work because you will be writing to the file in the > > > > security context of the account under which IIS is running (Network > > > > Service > > > > probably) > > > > > > > > I think the easiest thing for you to do is use a tool in the windows > > > > 2000 or 2003 resource kit called "showgrps.exe" ... The 2k3 resource > > > > kit is free so you should be able to grab it and use > > > > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: Paul Menard [mailto:paulmenard1@xxxxxxxxx] > > > > Sent: Wednesday, February 25, 2004 9:44 AM > > > > To: trystano@xxxxxxx; b.a.t.svensson@xxxxxxx; > > > > php-windows@xxxxxxxxxxxxx > > > > Subject: Re: Best way to check for user 'Administrator' > > > > group membership > > > > > > > > Okay, well first I do not wish to complicate the maintenance of the > > > > system by requiring dual setup, once on the windows user level and > > > > another in the database to adjust the user group membership. And no I > > > > do not want to add a fancy form page that will allow me to do this > > > > task. At this point I have over 600 accounts on the system. The > > > > requirements were to use system-level user authentication not a > > > > database. So I would have to build a table to contain the accounts and > > > > > > > keep this sync'd with the adding/deleting of users which is a separate > > > > > > > part of the system that I have no control over. > > > > > > > > But thanks for the suggestion. > > > > > > > > FPM > > > > > > > > > > > > --- trystano@xxxxxxx wrote: > > > > > Have an entry in your MySQL databases that states a/the users level > > > > > (admin, user etc). Then when they attempt to login check against > > > > > this value against their username/password credentials and then > > > > > determine > > > > the logic yourself. > > > > > > > > > > You could even have a dropdown box populate with the types of > > > > > admin/user etc and then compare this value with the > > > > > username/password in the database etc > > > > > > > > > > Its not to difficult, you just need to think about it. > > > > > > > > > > Tryst > > > > > > > > > > -- > > > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, > > > visit: > > > > > http://www.php.net/unsub.php > > > > > > > > > > > > > -- > > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: > > > > http://www.php.net/unsub.php > > > > > > > > -- > > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: > > > > http://www.php.net/unsub.php > > > > > > > > > > -- > > > PHP Windows Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > -- > > PHP Windows Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
