<offtopic>rofl... security hole</offtopic> You could use a database having all the users on the system (sha-1 passwords) and make them login. Then set a cookie with username and password and check them on every page.... ooooops ignore that: it wouldn't work unless you checked who was online and added it to the database. "Christian Fersch" <Chronial@xxxxxx> wrote in message news:20040902232827.70249.qmail@xxxxxxxxxxxxxxx > GHaider@xxxxxxxxxx wrote: > > > In the html headers, the server sees the clients OS, user agent, IP > > address etc. Is there a way on a local LAN a server might be able to know > > the username of the client that sends a request? > > > > I've checked all $_SERVER variables, PHP_AUTH_USER etc require the auth > > box to be displayed. I'm thinking it might be possible to know which user > > is logged in when the request is made, possibly by using COM or even > > (gasp) .NET, without having to ask the user his username. > > > > Any ideas if this can be accomplished at all? > > > > Right now we have Firefox clients and Apache with PHP in an Active > > Directory domain with NT4 compatibility, but we can move to IE6 with > > IIS+PHP if that will work. > > > This isn't possible with php on its own (would be deep impact into your > privacy if it could, wouldn't it?). So you've got 2 choices: > switch to IE and use a security hole :> > Or just stay with the better browser and write a little extension. > The easiest way should be a little extensions, that checks if the url of > your site is opened and if it is, fills a hidden field with the > username. Or even easier: an extension, that sets a cookie for your site > with the username as its content. > > extensions aren't that hard to write, for they are just javascript. > > greetings, Christian -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
