[SOLVED] queries and setup for $_SERVER['AUTH_USER'];

[johntp]

Hey guys,

 

    What I'm trying to acheive is to have a user go to the intranet site and get their own page where there is some info specific to them without logging in. What im thinking is that if i create the database and have a table with their Auth_User and other fields, then i could call the things from the database using the auth_user. Is this possible or am i crazy? Any help would be appreciated. 

[rhodesa]

well...they have to login somewhere, at some point

 

$_SERVER['AUTH_USER'] is the value from an HTTP Basic Auth session

[johntp]

Right, They will log into their computer via activedirectory so their output for auth_user would be domain/username.

[rhodesa]

um...no...i don't believe their username is passed to that variable

[johntp]

I've got the ball rolling, just need to figure out how i can do an insert into a table with the WHERE Username = '$user'

 

Here is what I've been Playing around with just for testing.

 

<?php
include 'conn2.php'; //This is your file to connect to your database


//Here you get the Auth_User wich comes out to Domain\User
$username = $_SERVER['AUTH_USER'];

//Here we knocked off the domain and the \
$use = explode("\\", $username);

//now we give it a nicer variable
$user = $use[1];

//Call for the items specific to their username and show them
$query  = "SELECT Username, Address, Phone FROM info WHERE Username = '$user'";
$result = mysql_query($query);
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
    echo "Address :{$row['Address']} <br>" .
         "Phone : {$row['Phone']} <br>" . 
         "Username : {$row['Username']} <br><br>";
} 

//close your db connection
include 'close.php';
?> 

[rhodesa]

for an INSERT, you don't do a WHERE...it's just one of the variables you INSERT:

<?php
  $user = mysql_real_escape_string('my user');
  $address = mysql_real_escape_string('123 Fake St');
  $phone = mysql_real_escape_string('123-456-7890');
  $query  = "INSERT INTO info (Username, Address, Phone) VALUES ( '$user', '$address', '$phone' )";
?>

 

but i'm still curious as to what magic you have done to get their AD username into $_SERVER['AUTH_USER']...

 

 

[johntp]

I think that it's because this is just an intranet site with a local IIS Server with integrated ad authentication.

 

My Insert is similar to that, but it won't put it in the database. I have a form that I'm trying to post to the database.

 

<?php
$username = $_SERVER['AUTH_USER'];
$use = explode("\\", $username);
$user = $use[1];

$address = $_POST['address'];
$phone = $_POST['phone'];

  $query  = "INSERT INTO info (Username, Address, Phone, id) VALUES ( '$user', '$address', '$phone', 'null' )";

mysql_query($query) or die('Error, insert query failed');

?>

[rhodesa]

are you getting an error, or it's just not showing up in the table? try this code out:

<?php
  $username = $_SERVER['AUTH_USER'];
  list(,$user) = explode("\\", $username);
  $address = mysql_real_escape_string($_POST['address']);
  $phone = mysql_real_escape_string($_POST['phone']);

  $query  = "INSERT INTO info (Username, Address, Phone, id) VALUES ( '$user', '$address', '$phone', NULL )";
  mysql_query($query) or die('Error, insert query failed: '.mysql_error());
?>

 

...also, thanks for sharing on the IIS stuff...i always use Apache, but having the person's AD name could make me switch

[johntp]

WOW Your a genius. I guess it's the escape string i needed. One more question though, It worked but I need it to update the sql row with thier username, with this if you try to update it again it says Error, insert query failed: Duplicate entry 'myname' for key 'Username'. I did make the username unique.

[rhodesa]

Two update rows that are already in there, you should just be able to use REPLACE instead of INSERT:

  $query  = "REPLACE INTO info (Username, Address, Phone, id) VALUES ( '$user', '$address', '$phone', NULL )";

[johntp]

Thanks. All is working pretty well. I just need to try  and tweak some things.

 

For anyone else interested in doing something like this here is all the stuff i have.

 

Requirements:

Windows server 2003 with IIS (windows based authentication enabled and anonomous access unchecked)

PHP

MySQL

 

My DB

CREATE TABLE IF NOT EXISTS `info` (
  `Username` varchar(100) NOT NULL,
  `Address` varchar(100) NOT NULL,
  `Phone` varchar(100) NOT NULL,
  `id` int(11) NOT NULL AUTO_INCREMENT,
  PRIMARY KEY (`id`),
  UNIQUE KEY `Username` (`Username`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=13 ;

 

Conn.php

<?php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'password';

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');

$dbname = 'authdb';
mysql_select_db($dbname);
?> 

 

Shows the users info.

<?php
include 'conn.php';

$username = $_SERVER['AUTH_USER'];
$use = explode("\\", $username);
$user = $use[1];

$query  = "SELECT Username, Address, Phone FROM info WHERE Username = '$user'";
$result = mysql_query($query);
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
    echo "Address :{$row['Address']} <br>" .
         "Phone : {$row['Phone']} <br>" . 
         "Username : {$row['Username']} <br><br>";
} 

?> 

 

Lets the User change their info

<?php
include 'conn.php';
$username = $_SERVER['AUTH_USER'];
$use = explode("\\", $username);
$user = $use[1];

  $address = mysql_real_escape_string($_POST['address']);
  $phone = mysql_real_escape_string($_POST['phone']);

$query  = "REPLACE INTO info (Username, Address, Phone, id) VALUES ( '$user', '$address', '$phone', NULL )";

  mysql_query($query) or die('Error, insert query failed: '.mysql_error());
?>

 

Remember that this is just a crappy little test to show how it "could be done" if you put alot of time into it.

 

THANKS RHODESA!!!!!!!!!!!