Jump to content


Photo

Active Directory and sessions/cookies


  • Please log in to reply
7 replies to this topic

#1 Eiolon

Eiolon
  • Members
  • PipPipPip
  • Advanced Member
  • 357 posts

Posted 28 July 2006 - 09:31 PM

Hello,

I am working on an intranet site and instead of making a membership system and having all employees remember two usernames/passwords, I am making IIS use the active directory database to protect files and directories that are restricted.  So here is my question:

Is there a way to treat active directory usernames as you would with sessions or cookies?  I would like to restrict pages to certain people but I still want to see who makes changes.

Thanks for your help!

#2 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 18,021 posts

Posted 28 July 2006 - 10:17 PM

If your users have logged on to your network then you can get their username from
$domain_user = $_SERVER['LOGON_USER'];

echo $domain_user;   // --> domain\username.
(Anonymous access must be disabled for this to work)
If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.

Donations gratefully received






moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts

#3 scottybwoy

scottybwoy
  • Members
  • PipPipPip
  • Advanced Member
  • 532 posts
  • LocationUK

Posted 31 July 2006 - 01:30 PM

Can this be then used within the header of index.php and passed to a database to find out what areas they can use (as long as their username is added exactly the same) and create a session for the duration and restrict thier usage throughout?  In one automated process?

#4 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 18,021 posts

Posted 31 July 2006 - 02:04 PM

You can. I use it for access control and also for digging emails addresses out of the active directory.
If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.

Donations gratefully received






moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts

#5 scottybwoy

scottybwoy
  • Members
  • PipPipPip
  • Advanced Member
  • 532 posts
  • LocationUK

Posted 01 August 2006 - 10:54 AM

Wow, I've been looking for this for ages, and a stupid Microsoft Tech page told me php had no function for this, so stopped looking.

Also how can you get the e-mail addresses out, does that work to get all the other users on the network?

#6 scottybwoy

scottybwoy
  • Members
  • PipPipPip
  • Advanced Member
  • 532 posts
  • LocationUK

Posted 01 August 2006 - 12:58 PM

How would I go about calling
$domain_user = $_SERVER['LOGON_USER'];

Then taking of the prepend of the SERVER\ string to be left with just the user name, to query the Database for that user.

Or would it be easier but slower to retrive a list of the users from the database and compare it to the returned $domain_user to see if they exist in the database?

#7 SharkBait

SharkBait
  • Members
  • PipPipPip
  • Advanced Member
  • 845 posts
  • LocationMetro Vancouver, BC

Posted 01 August 2006 - 02:45 PM

If the domain name is always the same then you could substr() it

or explode it with / being the dilmeter and using the second index...

<?php
// domain user sample: MyDomainName/SharkBait
$domain_user = substr($_SERVER['LOGON_USER'], 0, 13);

// Or split it up
$domain_user = explode("/", $_SERVER['LOGON_USER']);
$domain_user = $domain_user [1];
?>





#8 scottybwoy

scottybwoy
  • Members
  • PipPipPip
  • Advanced Member
  • 532 posts
  • LocationUK

Posted 01 August 2006 - 04:17 PM

Cheers Sharkbait,

The first one only returns the Domain Name but the second array works well, I'm using Windows so had to change "/" to "\\" for anyone else interested.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users