Get Windows user through PHP

1

Is it possible to get the computer user login from PHP? The system I am developing is for an intranet, so for the user to log in, it would suffice to compare the user who is logged in with the users of the database, if not, he could not log in. Any way to do this?

I'm using PHP on an Apache web server and the machines on my Intranet are linked and a domain.

    
asked by anonymous 23.05.2014 / 05:48

3 answers

4

I believe that whatever you want is called Single Sign-On ( SSO), that is, the user's ability to perform authentication once, and from there, all systems share the login information.

On the web, authentication sharing is common across the OpenID standard. This is the case of "Login with Google" or "Login with Facebook" or "Login with Twitter" that many sites offer.

On intranets, it is very common for systems to perform SSO using the LDAP protocol in a Active Directory (Windows).

However, SSO does not always provide a transparent user login, that is, many implementations require the user to retype their credentials with each authentication.

I did a search for "php sso active directory transparent login" and got up to this post from the SO , through which I got up to this page about an Apache extension called mod_auth_kerb .

I'm not a network or Windows Server expert, but I'm already aware that deploying all the required infrastructure can be a very labor-intensive and complicated process.

Of course, you can do some other trick that simply takes the user name somewhere, but then the security goes down.

    
23.05.2014 / 15:16
2

Probably not, because PHP is a server language .

An alternative, but limited to Internet Explorer , is to use JavaScript to get this information with Activex .

<!doctype html>
<html>
<head>
    <title>Windows Username</title>
</head>
<body>
<script type="text/javascript">
    var WinNetwork = new ActiveXObject("WScript.Network");
    alert(WinNetwork.UserName); 
</script>
</body>
</html>

Code font

    
23.05.2014 / 14:07
1

Using Apache 2.4, you can use the mod_authn_ntlm module. Assuming the domain controller is configured to receive ntlm requests, perform the following steps:

1 - Extract the mod_authn_ntlm.so file in your Apache modules folder

2 - In your httpd.conf insert the following line to load the module:

 LoadModule auth_ntlm_module modules/mod_authn_ntlm.so

3 - This module has dependency ldap_module , as it is already included in Apache, just uncomment the following line in httpd.conf

 LoadModule ldap_module modules/mod_ldap.so

4 - Finally, enter the following configuration pointing to the directory of your scripts:

 <Location /path/para/seu/htdocs >
    AllowOverride None
    AuthName "Private location"
    AuthType SSPI
    NTLMAuth On
    NTLMAuthoritative On
    require valid-user
    #require sspi-user EMEA\group_name
 </Location>

4 - In your PHP script, just use the $_SERVER['REMOTE_USER'] variable, it will contain the login in dominio\usurario format

    
23.05.2014 / 16:48