Now that would be helpfull not just for this issues but others where I have resorted to PHP calling PERL scripts. So where can I find the PEC1 extensions? Off the PHP site? --- "Frank M. Kromann" <frank@xxxxxxxxxxxx> wrote: > I know I'm late into this discussion, but the PECl extension php_ntuser > gives you a tool to get the users and groups from the SAM database with a > few simple PHP functions. > > - Frank > > > Issue solved. > > > > After stopping my system admin on the way for more coffee he suggested > cycling IIS. Something > > about more patience needed on my part and IIS caching or changes like > folder permissions related > > to web page logic not taking instant affect. > > > > So no I have what I want. On the admin browser session I have then menu > option I need and on the > > non-admin session I do not have then option. > > > > Case closed. > > > > Thanks all. > > > > > > > > --- Paul Menard <paulmenard1@xxxxxxxxx> wrote: > > > I'm getting somewhere. > > > > > > > > > I set the audit on the folder. I also double-checked my > 'is_writeable()' code. I have this code > > > checking the folder. This folder is set to read/write by > Administrators only (but not full > > > control). I have started two browsers. One is logged in a an > admin-level account. The other is > > > logged in as a lowly user. On both I see the menu option. > > > > > > When I clicked on the menu link on the Admin broswer session I of > course am taken to that > > > screen. > > > When I click on the link under the other browser I receive a login > popup. This tells me that IIS > > > is asking for an admin-level login. > > > > > > This works for me. As long as the general users cannot get into the > page. I would prefer to not > > > have the menu option appear on the non-admin users screen. > > > > > > Thanks for your direction and validation. > > > > > > FPM > > > > > > > > > > > > --- "Bowden, Zeb" <zbowden@xxxxxx> wrote: > > > > To be honest with you I'm not 100% sure on IIS 6 and the context > PHP > > > > will run as after you do the basic authentication ... test this you > can > > > > audit successes/failures for the everyone group on the particular > > > > file/folder you try to write to, then the eventlogs will tell you > whose > > > > trying to access it. > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: Paul Menard [mailto:paulmenard1@xxxxxxxxx] > > > > Sent: Wednesday, February 25, 2004 10:29 AM > > > > To: Bowden, Zeb; php-windows@xxxxxxxxxxxxx > > > > Subject: RE: Best way to check for user 'Administrator' > group > > > > membership > > > > > > > > Ah. Now we are getting someone who kind of understands my issues. > > > > > > > > Yes. I mean the local system administrators group. > > > > Yes. I was looking at using 'is_readable()', 'is_writeable()'. > Tried > > > > both on file(s) and folder(s) with no luck. I tried creating a > > > > file/folder both inside my Web tree InetPub as well as outside. I > would > > > > then strip off all user permissions except Administrator. and only > then > > > > make this writable access. I tried adding the code as in > > > > > > > > if (is_writable(<my file>) == TRUE) > > > > { > > > > //code to include menu option > > > > } > > > > > > > > My thought was that is the file is writable then the user must be a > > > > member of the Administrators group thus they should see admin only > menu > > > > option. > > > > > > > > So this might help clear up my confusion. When the user is > authenticated > > > > isn't that now the context that PHP is running under? In other words > I > > > > know that if for instance I allowed anonymous access by users then > the > > > > PHP.exe would run as the local IIS defined account (I think it is > > > > 'IUSR_...'). But since I am requiring each user to authenticate > (against > > > > windows basic). does this not change the running context for PHP to > > > > assume the users local access? will phpinfo() provide the user that > PHP > > > > is running under? > > > > > > > > FPM > > > > > > > > > > > > --- "Bowden, Zeb" <zbowden@xxxxxx> wrote: > > > > > When you say member of the administrators group do you mean a > member > > > > > of the local admin group on your webserver machine? The iswritable > > > > > > solution won't work because you will be writing to the file in the > > > > > > security context of the account under which IIS is running > (Network > > > > > Service > > > > > probably) > > > > > > > > > > I think the easiest thing for you to do is use a tool in the > windows > > > > > 2000 or 2003 resource kit called "showgrps.exe" ... The 2k3 > resource > > > > > kit is free so you should be able to grab it and use > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Paul Menard [mailto:paulmenard1@xxxxxxxxx] > > > > > Sent: Wednesday, February 25, 2004 9:44 AM > > > > > To: trystano@xxxxxxx; b.a.t.svensson@xxxxxxx; > > > > > php-windows@xxxxxxxxxxxxx > > > > > Subject: Re: Best way to check for user 'Administrator' > > > > > > group membership > > > > > > > > > > Okay, well first I do not wish to complicate the maintenance of > the > > > > > system by requiring dual setup, once on the windows user level and > > > > > > another in the database to adjust the user group membership. And > no I > > > > > do not want to add a fancy form page that will allow me to do this > > > > > > task. At this point I have over 600 accounts on the system. The > > > > > requirements were to use system-level user authentication not a > > > > > database. So I would have to build a table to contain the accounts > and > > > > > > > > > keep this sync'd with the adding/deleting of users which is a > separate > > > > > > > > > part of the system that I have no control over. > > > > > > > > > > But thanks for the suggestion. > > > > > > > > > > FPM > > > > > > > > > > > > > > > --- trystano@xxxxxxx wrote: > > > > > > Have an entry in your MySQL databases that states a/the users > level > > > > > > (admin, user etc). Then when they attempt to login check against > > > > > > > this value against their username/password credentials and then > > > > > > > determine > > > > > the logic yourself. > > > > > > > > > > > > You could even have a dropdown box populate with the types of > > > > > > admin/user etc and then compare this value with the > > > > > > username/password in the database etc > > > > > > > > > > > > Its not to difficult, you just need to think about it. > > > > > > > > > > > > Tryst > > > > > > > > > > > > -- > > > > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, > > > > visit: > > > > > > http://www.php.net/unsub.php > > > > > > > > > > > > > > > > -- > > > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, > visit: > > > > > http://www.php.net/unsub.php > > > > > > > > > > -- > > > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, > visit: > > > > > http://www.php.net/unsub.php > === message truncated === -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
