Hello,
"Christian Fersch" <Chronial@xxxxxx> wrote in message news:20040902232827.70249.qmail@xxxxxxxxxxxxxxx
knowGHaider@xxxxxxxxxx wrote:
> In the html headers, the server sees the clients OS, user agent, IP > address etc. Is there a way on a local LAN a server might be able to
user> the username of the client that sends a request? > > I've checked all $_SERVER variables, PHP_AUTH_USER etc require the auth > box to be displayed. I'm thinking it might be possible to know which
> is logged in when the request is made, possibly by using COM or even > (gasp) .NET, without having to ask the user his username. > > Any ideas if this can be accomplished at all? > > Right now we have Firefox clients and Apache with PHP in an Active > Directory domain with NT4 compatibility, but we can move to IE6 with > IIS+PHP if that will work.
This isn't possible with php on its own (would be deep impact into your privacy if it could, wouldn't it?). So you've got 2 choices: switch to IE and use a security hole :>
Mozilla and Firefox already support NTLM authentication on Windows.
If you configure the Web servers (IIS or even Apache not necessariliy on Windows) to require NTLM authentication , either Internet Explorer or Mozilla or Firefox will dialog with the server to authenticate via NTLM and no password is asked to the user that has logged in the same Windows domain.
A PHP script for a page that requires NTLM authentication can obtain the authenticated user name using GetEnv("LOGON_USER"); .
--
Regards, Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html
-- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
