johntp Posted July 10, 2008 Share Posted July 10, 2008 Hey guys, What I'm trying to acheive is to have a user go to the intranet site and get their own page where there is some info specific to them without logging in. What im thinking is that if i create the database and have a table with their Auth_User and other fields, then i could call the things from the database using the auth_user. Is this possible or am i crazy? Any help would be appreciated. Quote Link to comment Share on other sites More sharing options...
rhodesa Posted July 10, 2008 Share Posted July 10, 2008 well...they have to login somewhere, at some point $_SERVER['AUTH_USER'] is the value from an HTTP Basic Auth session Quote Link to comment Share on other sites More sharing options...
johntp Posted July 10, 2008 Author Share Posted July 10, 2008 Right, They will log into their computer via activedirectory so their output for auth_user would be domain/username. Quote Link to comment Share on other sites More sharing options...
rhodesa Posted July 10, 2008 Share Posted July 10, 2008 um...no...i don't believe their username is passed to that variable Quote Link to comment Share on other sites More sharing options...
johntp Posted July 11, 2008 Author Share Posted July 11, 2008 I've got the ball rolling, just need to figure out how i can do an insert into a table with the WHERE Username = '$user' Here is what I've been Playing around with just for testing. <?php include 'conn2.php'; //This is your file to connect to your database //Here you get the Auth_User wich comes out to Domain\User $username = $_SERVER['AUTH_USER']; //Here we knocked off the domain and the \ $use = explode("\\", $username); //now we give it a nicer variable $user = $use[1]; //Call for the items specific to their username and show them $query = "SELECT Username, Address, Phone FROM info WHERE Username = '$user'"; $result = mysql_query($query); while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { echo "Address :{$row['Address']} <br>" . "Phone : {$row['Phone']} <br>" . "Username : {$row['Username']} <br><br>"; } //close your db connection include 'close.php'; ?> Quote Link to comment Share on other sites More sharing options...
rhodesa Posted July 11, 2008 Share Posted July 11, 2008 for an INSERT, you don't do a WHERE...it's just one of the variables you INSERT: <?php $user = mysql_real_escape_string('my user'); $address = mysql_real_escape_string('123 Fake St'); $phone = mysql_real_escape_string('123-456-7890'); $query = "INSERT INTO info (Username, Address, Phone) VALUES ( '$user', '$address', '$phone' )"; ?> but i'm still curious as to what magic you have done to get their AD username into $_SERVER['AUTH_USER']... Quote Link to comment Share on other sites More sharing options...
johntp Posted July 11, 2008 Author Share Posted July 11, 2008 I think that it's because this is just an intranet site with a local IIS Server with integrated ad authentication. My Insert is similar to that, but it won't put it in the database. I have a form that I'm trying to post to the database. <?php $username = $_SERVER['AUTH_USER']; $use = explode("\\", $username); $user = $use[1]; $address = $_POST['address']; $phone = $_POST['phone']; $query = "INSERT INTO info (Username, Address, Phone, id) VALUES ( '$user', '$address', '$phone', 'null' )"; mysql_query($query) or die('Error, insert query failed'); ?> Quote Link to comment Share on other sites More sharing options...
rhodesa Posted July 11, 2008 Share Posted July 11, 2008 are you getting an error, or it's just not showing up in the table? try this code out: <?php $username = $_SERVER['AUTH_USER']; list(,$user) = explode("\\", $username); $address = mysql_real_escape_string($_POST['address']); $phone = mysql_real_escape_string($_POST['phone']); $query = "INSERT INTO info (Username, Address, Phone, id) VALUES ( '$user', '$address', '$phone', NULL )"; mysql_query($query) or die('Error, insert query failed: '.mysql_error()); ?> ...also, thanks for sharing on the IIS stuff...i always use Apache, but having the person's AD name could make me switch Quote Link to comment Share on other sites More sharing options...
johntp Posted July 11, 2008 Author Share Posted July 11, 2008 WOW Your a genius. I guess it's the escape string i needed. One more question though, It worked but I need it to update the sql row with thier username, with this if you try to update it again it says Error, insert query failed: Duplicate entry 'myname' for key 'Username'. I did make the username unique. Quote Link to comment Share on other sites More sharing options...
rhodesa Posted July 11, 2008 Share Posted July 11, 2008 Two update rows that are already in there, you should just be able to use REPLACE instead of INSERT: $query = "REPLACE INTO info (Username, Address, Phone, id) VALUES ( '$user', '$address', '$phone', NULL )"; Quote Link to comment Share on other sites More sharing options...
johntp Posted July 11, 2008 Author Share Posted July 11, 2008 Thanks. All is working pretty well. I just need to try and tweak some things. For anyone else interested in doing something like this here is all the stuff i have. Requirements: Windows server 2003 with IIS (windows based authentication enabled and anonomous access unchecked) PHP MySQL My DB CREATE TABLE IF NOT EXISTS `info` ( `Username` varchar(100) NOT NULL, `Address` varchar(100) NOT NULL, `Phone` varchar(100) NOT NULL, `id` int(11) NOT NULL AUTO_INCREMENT, PRIMARY KEY (`id`), UNIQUE KEY `Username` (`Username`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=13 ; Conn.php <?php $dbhost = 'localhost'; $dbuser = 'root'; $dbpass = 'password'; $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql'); $dbname = 'authdb'; mysql_select_db($dbname); ?> Shows the users info. <?php include 'conn.php'; $username = $_SERVER['AUTH_USER']; $use = explode("\\", $username); $user = $use[1]; $query = "SELECT Username, Address, Phone FROM info WHERE Username = '$user'"; $result = mysql_query($query); while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { echo "Address :{$row['Address']} <br>" . "Phone : {$row['Phone']} <br>" . "Username : {$row['Username']} <br><br>"; } ?> Lets the User change their info <?php include 'conn.php'; $username = $_SERVER['AUTH_USER']; $use = explode("\\", $username); $user = $use[1]; $address = mysql_real_escape_string($_POST['address']); $phone = mysql_real_escape_string($_POST['phone']); $query = "REPLACE INTO info (Username, Address, Phone, id) VALUES ( '$user', '$address', '$phone', NULL )"; mysql_query($query) or die('Error, insert query failed: '.mysql_error()); ?> Remember that this is just a crappy little test to show how it "could be done" if you put alot of time into it. THANKS RHODESA!!!!!!!!!!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.