Hi!

I was given a task to develop a php based application. All well, but
now my boss wants me to make it more "user friendly" in a manner that
they won't have to write in their usernames and passwords, which they
already have too many.

I figured, that I might be able to solve it, if I could somehow get
windows login, but my atempts to find an apropriate function were
unsucessfull.

Someone suggested the use of WinBinder to a similar question somewhere
else, but reading through documentation, I couldn't find what I was
looking for. I also found posix_getlogin(), but it appears not to be
available on Windows platform. If I try the get_current_user();
function, the return value is SYSTEM... Can I somehow work with
$_SERVER["REMOTE_USER"] perhaps? If I try it, the return is empty (or
at least echo returns nothing).

I'm developing under WinXP, Apache 2.2, PHP 5.2, however after I
finish, it will be on Windows Server 2003 Standard edition... The
company does use Active Directory, but I had no idea what PHP LDAP
functions manual was talking about, so if it's possible, I'd rather
avoid it.

I know this question is a bit futile to ask, since noone wants his
login to be visible to just any site, but any comments on the subject
would still be greatly apretiated.

Best regards,
Lado

On 14.09.2007 13:45 Lado.Leskovec@gmail.com wrote:
> Hi!
>
> I was given a task to develop a php based application. All well, but
> now my boss wants me to make it more "user friendly" in a manner that
> they won't have to write in their usernames and passwords, which they
> already have too many.
>
> I figured, that I might be able to solve it, if I could somehow get
> windows login, but my atempts to find an apropriate function were
> unsucessfull.
>
> Someone suggested the use of WinBinder to a similar question somewhere
> else, but reading through documentation, I couldn't find what I was
> looking for. I also found posix_getlogin(), but it appears not to be
> available on Windows platform. If I try the get_current_user();
> function, the return value is SYSTEM... Can I somehow work with
> $_SERVER["REMOTE_USER"] perhaps? If I try it, the return is empty (or
> at least echo returns nothing).
>
> I'm developing under WinXP, Apache 2.2, PHP 5.2, however after I
> finish, it will be on Windows Server 2003 Standard edition... The
> company does use Active Directory, but I had no idea what PHP LDAP
> functions manual was talking about, so if it's possible, I'd rather
> avoid it.
>
> I know this question is a bit futile to ask, since noone wants his
> login to be visible to just any site, but any comments on the subject
> would still be greatly apretiated.
>

You answered it yourself: no one wants his login to be visible and no
website can access user's system login. However what your boss said
makes sense, people are tired of having too many logins, that's why
there are distributed identification schemes like MS Passport or OpenID.
I think this technology would be worth investigating for you.


--
gosha bine

makrell ~ http://www.tagarga.com/blok/makrell
php done right http://code.google.com/p/pihipi

On 14 Sep, 13:01, gosha bine <stereof...@gmail.com> wrote:
> On 14.09.2007 13:45 Lado.Lesko...@gmail.com wrote:
>
>
>
> > Hi!
>
> > I was given a task to develop a php based application. All well, but
> > now my boss wants me to make it more "user friendly" in a manner that
> > they won't have to write in their usernames and passwords, which they
> > already have too many.
<snip>
>
> You answered it yourself: no one wants his login to be visible and no
> website can access user's system login. However what your boss said
> makes sense, people are tired of having too many logins, that's why
> there are distributed identification schemes like MS Passport or OpenID.
> I think this technology would be worth investigating for you.
>

Not even Microsoft are punting Passport any more. NTLM is definitely
worth considering - but maybe ident is all you need (good for a quick
fix in very low security environments - but easily tricked) as are
client-side certificates

C.

On 14.09.2007 14:11 C. wrote:

> Not even Microsoft are punting Passport any more.

Yep, I knew there must be someone here who is anal enough

"Passport" is now called "Windows Live ID"

http://login.live.com/login.srf


--
gosha bine

makrell ~ http://www.tagarga.com/blok/makrell
php done right http://code.google.com/p/pihipi

On 14 sep., 13:45, Lado.Lesko...@gmail.com wrote:
> Hi!
>
> I was given a task to develop a php based application. All well, but
> now my boss wants me to make it more "user friendly" in a manner that
> they won't have to write in their usernames and passwords, which they
> already have too many.
>
> I figured, that I might be able to solve it, if I could somehow get
> windows login, but my atempts to find an apropriate function were
> unsucessfull.
>
> Someone suggested the use of WinBinder to a similar question somewhere
> else, but reading through documentation, I couldn't find what I was
> looking for. I also found posix_getlogin(), but it appears not to be
> available on Windows platform. If I try the get_current_user();
> function, the return value is SYSTEM... Can I somehow work with
> $_SERVER["REMOTE_USER"] perhaps? If I try it, the return is empty (or
> at least echo returns nothing).
>
> I'm developing under WinXP, Apache 2.2, PHP 5.2, however after I
> finish, it will be on Windows Server 2003 Standard edition... The
> company does use Active Directory, but I had no idea what PHP LDAP
> functions manual was talking about, so if it's possible, I'd rather
> avoid it.
>
> I know this question is a bit futile to ask, since noone wants his
> login to be visible to just any site, but any comments on the subject
> would still be greatly apretiated.
>
> Best regards,
> Lado

I found something that might be usefull. Thanks to the point in the
right direction (NTLM). I'll look more closely on monday, but here's
link if anyone is interested...

http://forums.whirlpool.net.au/forum...fm/630826.html
post of ^critter:
www.iau5.com/ntlm.php.txt

On Sep 14, 7:45 am, Lado.Lesko...@gmail.com wrote:
> Hi!
>
> I was given a task to develop a php based application. All well, but
> now my boss wants me to make it more "user friendly" in a manner that
> they won't have to write in their usernames and passwords, which they
> already have too many.
>
> I figured, that I might be able to solve it, if I could somehow get
> windows login, but my atempts to find an apropriate function were
> unsucessfull.
>
> Someone suggested the use of WinBinder to a similar question somewhere
> else, but reading through documentation, I couldn't find what I was
> looking for. I also found posix_getlogin(), but it appears not to be
> available on Windows platform. If I try the get_current_user();
> function, the return value is SYSTEM... Can I somehow work with
> $_SERVER["REMOTE_USER"] perhaps? If I try it, the return is empty (or
> at least echo returns nothing).
>
> I'm developing under WinXP, Apache 2.2, PHP 5.2, however after I
> finish, it will be on Windows Server 2003 Standard edition... The
> company does use Active Directory, but I had no idea what PHP LDAP
> functions manual was talking about, so if it's possible, I'd rather
> avoid it.
>
> I know this question is a bit futile to ask, since noone wants his
> login to be visible to just any site, but any comments on the subject
> would still be greatly apretiated.
>
> Best regards,
> Lado

It's easier than you think:


$realm = 'mydomain.local'; //set this to the name of your Windows
domain
$dc = 'my_dc'; //set this to the name of your domain controller

if(empty($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_PW']))
{
//They haven't given us a username and password yet
header('WWW-Authenticate: Basic realm="' . $realm . '"');
header('HTTP/1.0 401 Unauthorized');
die(); //if they hit cancel
}

if(($ldap = @ldap_connect($dc, 389)) !== false) {
if(@ldap_bind($ldap, $_SERVER['PHP_AUTH_USER'] . '@' . $realm,
$_SERVER['PHP_AUTH_PW']) !== false) {
//login was successful and $_SERVER['PHP_AUTH_USER'] has the
username
}
else {
//login was not successful so try again
header('WWW-Authenticate: Basic realm="' . $realm . '"');
header('HTTP/1.0 401 Unauthorized');
die(); //if they hit cancel
}
}

Lado.Leskovec@gmail.com wrote:
> I was given a task to develop a php based application. All well, but
> now my boss wants me to make it more "user friendly" in a manner that
> they won't have to write in their usernames and passwords, which they
> already have too many.
>
> I figured, that I might be able to solve it, if I could somehow get
> windows login, but my atempts to find an apropriate function were
> unsucessfull.

I worked in a company that used an ActiveX object to do this. It was
used only on their intranet and all the PCs had it installed. I don't
know any details of it though.

Best regards.