We Keep Coding

Getting name of logged in Windows user via Php on Apache [duplicate]

I have a PHP web application on an intranet that can extract the IP and host name of the current user on that page, but I was wondering if there is a way to get/extract their Active Directory/Windows username as well. Is this possible?

Check the AUTH_USER request variable. This will be empty if your web app allows anonymous access, but if your server's using basic or Windows integrated authentication, it will contain the username of the authenticated user.
In an Active Directory domain, if your clients are running Internet Explorer and your web server/filesystem permissions are configured properly, IE will silently submit their domain credentials to your server and AUTH_USER will be MYDOMAIN\user.name without the users having to explicitly log in to your web app.

I've got php mysql running on IIS - I can use $_SERVER["AUTH_USER"] if I turn on Windows Authentication in IIS -> Authentication and turn off Anonymous authentication (important)
I've used this to get my user and domain:
$user = $_SERVER['AUTH_USER'];
$user will return a value like: DOMAIN\username on our network, and then it's just a case of removing the DOMAIN\ from the string.
This has worked in IE, FF, Chrome, Safari (tested) so far.

Look at the PHP LDAP library functions: http://us.php.net/ldap.
Active Directory [mostly] conforms to the LDAP standard.

We have multiple domains in our environment so I use preg_replace with regex to get just the username without DOMAIN\ .
preg_replace("/^.+\\\\/", "", $_SERVER["AUTH_USER"]);

If you're using Apache on Windows, you can install the mod_auth_sspi from
https://sourceforge.net/projects/mod-auth-sspi/
Instructions are in the INSTALL file, and there is a whoami.php example. (It's just a case of copying the mod_auth_sspi.so file into a folder and adding a line into httpd.conf.)
Once it's installed and the necessary settings are made in httpd.conf to protect the directories you wish, PHP will populate the $_SERVER['REMOTE_USER'] with the user and domain ('USER\DOMAIN') of the authenticated user in IE -- or prompt and authenticate in Firefox before passing it in.
Info is session-based, so single(ish) signon is possible even in Firefox...
-Craig

You could probably authenticate the user in Apache with mod_auth_kerb by requiring authenticated access to some files … I think that way, the username should also be available in PHP environment variables somewhere … probably best to check with <?php phpinfo(); ?> once you get it runnning.

If you are looking for retrieving remote user IDSID/Username, use:
echo gethostbyaddr($_SERVER['REMOTE_ADDR']);
You will get something like
iamuser1-mys.corp.company.com
Filter the rest of the domain behind, and you are able to get the idsid only.
For more information visit http://lostwithin.net/how-to-get-users-ip-and-computer-name-using-php/

Use this code:
shell_exec("wmic computersystem get username")

Check out patched NTLM authentication module for Apache
https://github.com/rsim/mod_ntlm
Based on NTLM auth module for Apache/Unix
http://modntlm.sourceforge.net/
Read more at http://blog.rayapps.com/
Source: http://imthi.com/blog/programming/leopard-apache2-ntlm-php-integrated-windows-authentication.php

You can say getenv('USERNAME')

No. But what you can do is have your Active Directory admin enable LDAP so that users can maintain one set of credentials
http://us2.php.net/ldap

get_user_name works the same way as getenv('USERNAME');
I had encoding(with cyrillic) problems using getenv('USERNAME')

Referencing trying to also figure out if AUTH_USER is part of a particular domain group; a clever way to do this is t create a locked down folder with text files (can be blank). Set security to only having the security/distro group you want to validate. Once you run a #file_get_contents (<---will toss a warning)...if the user does not have group access they will not be able to get the file contents and hence, will not have that particular AD group access. This is simple and works wonderfully.

This is a simple NTLM AD integration example, allows single sign on with Internet Explorer, requires login/configuration in other browsers.
PHP Example
<?php
$user = $_SERVER['REMOTE_USER'];
$domain = getenv('USERDOMAIN');
?>
In your apache httpd.conf file
LoadModule authnz_sspi_module modules/mod_authnz_sspi.so
<Directory "/path/to/folder">
AllowOverride All
Options ExecCGI
AuthName "SSPI Authentication"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOmitDomain On
Require valid-user
Require user "NT AUTHORITY\ANONYMOUS LOGON" denied
</Directory>
And if you need the module, this link is useful:
https://www.apachehaus.net/modules/mod_authnz_sspi/

try this code :
$user= shell_exec("echo %username%");
echo "user : $user";
you get your windows(AD) username in php

I tried almost all of these suggestions, but they were all returning empty values. If anyone else has this issue, I found this handy function on php.net (http://php.net/manual/en/function.get-current-user.php):
get_current_user();
$username = get_current_user();
echo $username;
This was the only way I was finally able to get the user's active directory username. If none of the above answers has worked, give this a try.

PHP-Push: Owncloud integration

i have to connect the activeSynch protocol to Owncloud (for blackberry phones).
I have installed php-push 2 (https://github.com/dupondje/PHP-Push-2) but i can't find any example to configure the php-push 2's config.php.
This is my actual config.php
define('CARDDAV_PRINCIPAL','contacts');
define('CARDDAV_SERVER', 'http://{MY SERVER ADDRESS}');
define('CARDDAV_PORT', '80');
define('CARDDAV_PATH', '/apps/contacts/carddav.php/addressbooks/%u/');
Can anyone help me with a working configuration example?
Thx to everyone

take a look at this: https://github.com/arved/PHP-Push-2-owncloud
PHP-push-2 need a different code for carddav on sabredav / owncloud due to not supported command in sabredav

Access network share with PHP5.2 + IIS7.5

I'm using php 5.2 with IIS7.5.
I have a network share on a NAS that is username and password protected. I cannot disable or change authentication info on the NAS. I need to be able to access that network share via php.
I've done the following:
Created new user in windows whose username and password matches those on the NAS.
Created IIS application pool that uses this same auth info.
Created a web.config file inside of the php app directory with an impersonation turned on, using the same auth info.
identity impersonate="true" password="ThePass" userName="TheUser" />
Turned on ASP.NET impersonation in the application authentication in IIS.
None of this seemed to work with this simple line of code in php:
$dir = opendir("\\someservername\somesharename");
Warning: opendir(\someservername\somesharename) [function.opendir]: failed to open dir: No error in C:\websites\site\forum\testing.php on line 7
So, I decided to test the configuration with ASP.NET.
string[] diretories = System.IO.Directory.GetDirectories("\\someservername\somesharename");
The asp.net test worked perfectly.
Going further down the rabbit hole, I ran phpinfo() and checked the username info in it. Down in the "Environment" section of phpinfo, I found the "USERNAME" item. Its value was "TheUser," as was what I expected.
Everything points to the system being configured correctly until I tried:
echo get_current_user();
Which returned, "IUSR." That surely isn't what I expected.
So, how in the world do I get php + IIS7.5 to read from a foreign network share?
Update:
Thanks to a few of the answers, I've added
$result = shell_exec("net use o: \\\\pathToServer\\27301 /persistent:yes 2>&1");
Which returns a success. I'm still getting the error on opendir. I tried another test and used is_dir. This returned false on my newly created mapped drive.
var_dump(is_dir("o:\\"));
// Prints: bool(false)
UPDATE
I ran the script from the command line when logged in as the user that created. The scripts executes correctly. Could this take us back to get_current_user() which returns IUSR? I tryied getmypid() which returned a process ID. I cross referred that process id with the task manager and found that it was for php-cgi.exe, running under the custom user account that I made.

The recommended way to access a network share in PHP is to "mount" it. Try to connect your share as a network drive.
Btw. your command is wrong
$dir = opendir("\\someservername\somesharename");
You have to use 4 "\" because it's the escape character
$dir = opendir("\\\\someservername\somesharename");
NOTE: get_current_user() returns the owner of the process on IIS

You can try a test by mapping it like
$command = "net use $drive \"\\\\$ip\\$share\" $smb_password /user:$domain\\$smb_username";
$result = shell_exec($command);
on opendir you need to have \\\\$server_name\\$share try with 4 '\' and if mapping like that works and 4 '\' is failing on opendir. You may have credentials not matching.
If you map it this way new user you created in windows whose username and password matches those on the NAS will have rights on mapped drive that way you do not need to worry about the scope.

Had the same problem on a similar system. Solved this by going to web site > Authentication > Anonymous Authentication > Change IUSR to whatever your username is or use Application Pool user if correctly configured.

How to connect google and allow my user to invite their contacts

I have a site, where users sign up. After that they get a great product offer, and I would like to allow them to use from my site "Google connect button" and invite their friends and contacts via Google network.
How can I do that?
Follow up
Sample i found
ex: http://www.dumpsquestions.com/testing/wp-content/themes/ModulaBlueGiant/open/example.php
According to your advise i found that, it allowes a lot ?
Free import contacts (addressbook) script from email providers like
Libero, Interia, Azet, Lycos, AOL, Bordermail, Doramail, Freemail, Kids, Rambler, Mail.ru, Care2, Grafitti, Walla, LinkedIn,
Inbox.com, Mail2World, Meta, IndiaTimes, Sapo.pt, Live/Hotmail, 5Fm, Netaddress, Rediff,
Yahoo!, Aussiemail, KataMail, Gawab, GMX.net, Terra, Uk2, Apropo, Popstarmail, Mynet.com,
YouTube, Bigstring, OperaMail, Mail.com, Mail.in, Nz11, Inet, Pochta, Web.de, Canoe, India, Clevergo, Wp.pt, Evite, Yandex,
GMail, Atlas, Hushmail, O2, Techemail, FastMail, Zapakmail, Virgilio, Abv or social portals like Ning, Hyves, Meinvz, Plurk, Xanga, Tagged, Mydogspace, Konnects, Bebo, Friendfeed, Plazes, Flickr, Cyworld, Last.fm, Mevio, Vkontakte, Skyrock, MySpace, Xuqa, Lovento, Faces, Plaxo, NetLog,
Facebook, Perfspot, Mycatspace, Livejournal, Famiva, Flixster, Xing, Multiply, Brazencareerist, Orkut, Bookcrossing,
Twitter, Koolro, Eons, Hi5, Fdcareer, Motortopia, Vimeo, Kincafe, Flingr, Friendster, Badoo. This contacts importer script is integrating with content management systems (aka CMS) like myBB, Dating Pro, JamRoom, Joomla, PHPMELODY, Boonex Dolphin, Vwebmail, Atmail5, PhpBB, phpFoX, SimpleMachines Forum (SMF), phpizabi, joovili, Joomla1.0, vBulletin, Drupal, jamit job, symfony, Buddy Zone, Wordpress, nowFire, Social Engine, PunBB, RoundCube.
Open Inviter is written in PHP 5 (no database required but cURL or wget required) and running on any webserver (tested on Apache) offering advanced tell a friend features. OpenInviterTM is a free self hosted solution that does not use a third party gateway (or API) to import contacts.
Installation it says:
Openinviter installation Guide.
Thank you for downloading The OpenInviter General Package. This document will guide you through the installation process.
A: Requirements:
Your server will need to have PHP5 installed with DOMDocument support and either cURL or WGET.
B: Install:
1. Extract the contents of the openinviter.tar.gz file you have just downloaded.
Note: tar -xzvf openinviter.tar.gz
2. Upload the extracted files to your webserver (subfolder is highly advised).
3. Run postinstall.php (http://yourdomain/openinviter_dir/postinstall.php)
You may encounter the following errors:
i) The cookie storing folder if not writable. (Change the cookie folder or modify it's permisions.)
ii) Php DOM extension is not installed. (Install dom extension for php)
iii) You don't have curl or wget installed. (Install curl or wget)
You may encounter the following warnings:
i) A plugin does not work properly. (Your server has either a firewall or there is a connectivity error)
Note: You have to fix all the errors or openinviter will probably not work.
Note*: You can't run postinstall.php again for 2 minutes.
4. Edit config.php to suit your needs.
5. Delete postinstall.php
6. Run example.php (http://yourdomain/openinviter_dir/example.php) and try to fetch your contacts.
Note: example.php is modifiable but keep in mind the structure of the file.
Also, its providing a PDF how to do it with PHP, excellent work has been done to respect KISS (keep it simple stupid!!).

Do you want users to be able to login/use your website using their google id? In that case, you can use OpenId, a standardized way to login (you'll be able to use other providers too). For more information about the implementation, look here (http://openid.net/developers/libraries/). This normally done on the server, so probably not with javascript.

php access network path under windows

within PHP (XAMPP) installed on a Windows XP Computer Im trying to read a dir which exists on a local network server. Im using is_dir() to check whether it is a dir that I can read.
In Windows Explorer I type \\\server\dir and that dir is being shown.
When I map a network drive a can access it with z:\dir as well.
In PHP I have that script:
<?php if( is_dir($dir){ echo 'success' } ) ?>
For $dir I tried:
/server/dir
//server/dir
\server\dir
\\server\dir
\\\\server\\dir
and
z:\dir
z:\\dir
z:/dir
z://dir
But I never get success?
Any idea?
thx

I solved it by changing some stuff in the registry of the server as explained in the last answer of this discussion:
http://bugs.php.net/bug.php?id=25805
Thanks to VolkerK and Gumbo anyway!
I love stackoverflow and their great people who help you so incredibly fast!!
EDIT (taken from php.net):
The service has limited access to network resources, such as shares
and pipes, because it has no credentials and must connect using a null
session. The following registry key contains the NullSessionPipes and
NullSessionShares values, which are used to specify the pipes and
shares to which null sessions may connect:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Alternatively, you could add the REG_DWORD value
RestrictNullSessAccess to the key and set it to 0 to allow all null
sessions to access all pipes and shares created on that machine.`
add RestrictNullSessAccess=0 to your registery.

You probably let xampp install apache as service and run the php scripts trough this apache. And the apache service (running as localsystem) is not allowed to access the network the way your user account is.
A service that runs in the context of the LocalSystem account inherits the security context of the SCM. The user SID is created from the SECURITY_LOCAL_SYSTEM_RID value. The account is not associated with any logged-on user account.
This has several implications:
...
* The service presents the computer's credentials to remote servers.
...
You can test this by starting the apache as console application (apache_start.bat in the xampp directory should do that) and run the script again. You can use both forward and backward slashes in the unc path. I'd suggest using //server/share since php doesn't care about / in string literals.
<?php
$uncpath = '//server/dir';
$dh = opendir($uncpath);
echo "<pre>\n";
var_dump($dh, error_get_last());
echo "\n</pre>";

Try the file: URI scheme:
file://server/dir
file:///Z:/dir
The begin is always file://. The next path segment is the server. If it’s on your local machine, leave it blank (see second example). See also File URIs in Windows.

Yes, I know this is an old post, but I still found it, and if anyone else does...
On Windows, with newer servers, verify the SMB is installed and enabled on the target machine.