Go Back   CodingForums.com > :: Server side development > PHP
Reload this Page PHP authenticate Windows account

Before you post, read our: Rules & Posting Guidelines

Reply
 
Thread Tools Rate Thread
Enjoy an ad free experience by logging in. Not a member yet? Register.
Old 11-29-2006, 01:31 AM   PM User | #1
sleepy04
New to the CF scene

 
Join Date: Nov 2006
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
sleepy04 is an unknown quantity at this point
PHP authenticate Windows account
I posted a question in ASP forum but I really want to know your opinion in PHP because I'm more familiar with PHP than ASP .

I have a windows 2003 stand alone server . In this server I have some windows accounts and they all have passwords.
Now I have to create an intranet website on this server (IIS)
My question is how can I use accounts/password on the server to authenticate user through an PHP page ? Users have to enter their identity and the webpage log username and the time they login .

Thanks so much .
sleepy04 is offline   Reply With Quote
Old 11-30-2006, 12:09 AM   PM User | #2
Fou-Lu
God Emperor


 
Fou-Lu's Avatar
 
Join Date: Sep 2002
Location: Saskatoon, Saskatchewan
Posts: 15,662
Thanks: 4
Thanked 2,452 Times in 2,421 Posts
Fou-Lu is a name known to allFou-Lu is a name known to allFou-Lu is a name known to allFou-Lu is a name known to allFou-Lu is a name known to allFou-Lu is a name known to all
Hi mate,
I'm not certain if php is capable of doing this or not. I am leaning a little more toward the not side, simply because it would be a little bit of a security issue if a language such as php can access the usernames and passwords stored in a server environment. It may be just me, but I think that it would be a little silly to allow something like this.
Good luck though mate, let us know if you find a solution!
__________________
As of PHP 5.5, the MySQL library has been officially deprecated. It is recommended to move to either MySQLi or PDO libraries for your mysql connectivity. See here for help choosing which interface you prefer: http://php.net/manual/en/mysqlinfo.api.choosing.php
Fou-Lu is offline   Reply With Quote
Old 11-30-2006, 12:33 AM   PM User | #3
ralph l mayo
Regular Coder

 
ralph l mayo's Avatar
 
Join Date: Nov 2005
Posts: 951
Thanks: 1
Thanked 31 Times in 29 Posts
ralph l mayo is on a distinguished road
If you're talking about an active directory server here then yes, you can do it, but it's not particularly pretty. Typically the logic flow is:

1. Connect and bind to the LDAP server. If your intranet allows anonymous read only access yay, otherwise you'll need to get a dummy account set up that can search.

2. Search to discover the dn (distinguished name). Typically the login name users give will be the SAMAccountName, so you'll need to search your tree by SAMAccountName. Talk to your sysadmin or fire up an LDAP browser if you don't know what your tree looks like. This step will tell you whether the user exists.

3. Drop the connection and attempt to bind with the dn you discovered and the password supplied, and the result will tell you whether the user is authenticated.

The part that sucks about this is that the binding ops don't understand hashing, so unless this is strictly hobby-grade development you're going to want to establish SSL/TLS, which see ldap_start_tls() or failing that ldap_sasl_bind().

Edited to include the relevant functions from the docs
Last edited by ralph l mayo; 11-30-2006 at 12:39 AM..
ralph l mayo is offline   Reply With Quote
Reply

Bookmarks

Jump To Top of Thread


« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 06:39 AM.
Advertisement
Log in to turn off these ads.