Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New to the CF scene
    Join Date
    Nov 2006
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    PHP authenticate Windows account

    I posted a question in ASP forum but I really want to know your opinion in PHP because I'm more familiar with PHP than ASP .

    I have a windows 2003 stand alone server . In this server I have some windows accounts and they all have passwords.
    Now I have to create an intranet website on this server (IIS)
    My question is how can I use accounts/password on the server to authenticate user through an PHP page ? Users have to enter their identity and the webpage log username and the time they login .

    Thanks so much .

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Hi mate,
    I'm not certain if php is capable of doing this or not. I am leaning a little more toward the not side, simply because it would be a little bit of a security issue if a language such as php can access the usernames and passwords stored in a server environment. It may be just me, but I think that it would be a little silly to allow something like this.
    Good luck though mate, let us know if you find a solution!
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    Regular Coder ralph l mayo's Avatar
    Join Date
    Nov 2005
    Posts
    951
    Thanks
    1
    Thanked 31 Times in 29 Posts
    If you're talking about an active directory server here then yes, you can do it, but it's not particularly pretty. Typically the logic flow is:

    1. Connect and bind to the LDAP server. If your intranet allows anonymous read only access yay, otherwise you'll need to get a dummy account set up that can search.

    2. Search to discover the dn (distinguished name). Typically the login name users give will be the SAMAccountName, so you'll need to search your tree by SAMAccountName. Talk to your sysadmin or fire up an LDAP browser if you don't know what your tree looks like. This step will tell you whether the user exists.

    3. Drop the connection and attempt to bind with the dn you discovered and the password supplied, and the result will tell you whether the user is authenticated.

    The part that sucks about this is that the binding ops don't understand hashing, so unless this is strictly hobby-grade development you're going to want to establish SSL/TLS, which see ldap_start_tls() or failing that ldap_sasl_bind().

    Edited to include the relevant functions from the docs
    Last edited by ralph l mayo; 11-30-2006 at 12:39 AM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •