Moron Posted August 31, 2009 Share Posted August 31, 2009 I need php to perform one seemingly simple task: log the user into an information screen using their Windows username and password. Nothing fancy. No AD searches or anything like that. Currently, they log in using their employee number and the last four of their SSN, both of which match database fields. If I can get the AD connection working, then I'll make a new SQL table that contains their Windows username and use that for selection of their info. But everything I find seems to be geared toward some sky-high purpose for which I have no need. Quote Link to comment https://forums.phpfreaks.com/topic/172601-is-there-a-simple-active-directory-php-interface/ Share on other sites More sharing options...
Psycho Posted August 31, 2009 Share Posted August 31, 2009 Think about what you are asking. You are wanting a PHP solution to get the user's AD username & password - without actually connecting to the AD server. Can you imagine how big of a security hole that would be if random websites could do that? A web app can't just grab information off the user's computer. I don't know of any way for a PHP app to grap the username and password for the user's AD session. You could have the user enter their AD username/password upon first login and authenticate them against AD as in this tuorial: http://www.davidschultz.org/2008/04/10/how-to-authenticate-against-active-directory-using-php/ However, if you want it so users don't have to always log in you could implement additional processes - at the expense of security. And, I'm sure your IT Admin would have a say about this. Here is one possibility: Have the user log in one time using their AD credentials. Upon successful authentication store their username & password in the database (encrypted for at least the password). Then also create a random hash value to be stored int he DB and as a cookie on the user's machine. Upon a subsequent access to the PHP application you would grab their credentials from the DB using the cookie value. Of course if the cookie expires or is deleted the user would have to log in again. Of course this opens a security risk in that anyone with access to that computer could get the value from the cookie and then use it to get logged in to the website as that person. Quote Link to comment https://forums.phpfreaks.com/topic/172601-is-there-a-simple-active-directory-php-interface/#findComment-909854 Share on other sites More sharing options...
Moron Posted August 31, 2009 Author Share Posted August 31, 2009 Think about what you are asking. You are wanting a PHP solution to get the user's AD username & password - without actually connecting to the AD server. Huh? Connecting to the AD server is exactly what I want to do. Maybe I didn't explain it very well. I want to: 1. Have the user enter their Windows domain (AD) username and password. 2. Upon doing so, their username will be set as a $_POST variable by which their info will be selected from the database. I don't really want the "single sign-on" model at work here; I want the user to actually have to log into the info system, even though they're already logged into Windows. Thanks. Quote Link to comment https://forums.phpfreaks.com/topic/172601-is-there-a-simple-active-directory-php-interface/#findComment-909866 Share on other sites More sharing options...
Psycho Posted August 31, 2009 Share Posted August 31, 2009 So, look at the link I posted. Seems fairly straitforward to me Quote Link to comment https://forums.phpfreaks.com/topic/172601-is-there-a-simple-active-directory-php-interface/#findComment-909887 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.