View Full Version : is it possible obtain current windows user name/login ?

12-15-2002, 12:05 AM

Imagine someone is using windows2000 (that requires a valid
login/password in order to use computer). Assume that he/she is behind a network and is using a shared computer (like university computer)

Then, he/she visits your website and puts annoying messages
in your foruns or send you anoyying emails using your website
email form.

It could be a great idea if you use javascript or perl in order
to obtain the name that the user used to log in windows.

Does anyone knows how can it be done?

Thanks in advance!


12-15-2002, 01:16 AM
Well, maybe not such a great idea. I think this sort of clashes with the rules here.

You can not get this sort of info (I guess) it just shouldn't happen.
Why not just put a filter on the form?

Or make it so the user has to log in on your site to send messages and post in forums and then when you get a message sent to you just ban that user. And if you make it so that they can only register by entering their email and clicking a link in a confirmation email then you can just make it they can only register from one email address once.

Or just start hunting down that person ... you know stalk em. lol
I wouldn't recommend that though.

12-15-2002, 01:36 AM
in a word, it's impossible :D

...and thankfully so ;)

::] krycek [::

12-15-2002, 02:58 AM
You can use a combination of IP address, user agent and maybe screen res/color depth and OS to identify users behind a proxy with some discrimination ... but probably not very much.

If you're having a problem, then you should think about a login system for your forum, so you can simply ban troublemakers.

12-15-2002, 04:01 AM
And the problem with IP address filtering is that if they are on a network with one outlet to the internet, all the computers on the network are going to report the same ip address because of NAT. Or if they are on dialup it changes too.

12-15-2002, 05:24 AM
Try using cookies. If enabled, they would be user specific.

12-15-2002, 05:35 AM
But you can't use a cookie to block someone ... they could just delete the cookie. You can use to a cookie to authenticate, but then you're back to the same thing of trying to authenticate a unique user when you set the cookie in the first place.

You could always insist that your users install a registry key, which you send them in an email after vetting them with the CIA :D

All forums potentially have this problem. How is it dealt with here? well thankfully it doesn't seem to happen ... but I guess if it did ... I don't know - I suppose a member would be banned.

12-15-2002, 12:00 PM
If you go for a login I think that if you ban users you should make up a page saying that you have taken down your website due to some one sending bad emails messing up the forum etc that way they will not try to get a new membership...

Have a dummy front page that users that have been banned will get, ie one saying the same thing as the one when they try to re-register..

Just make banned people think that it was because of one guy screwing it up and that guy will give up and then no more probs.

12-15-2002, 02:50 PM
Message to everyone:
Thank you very much for your suggestions!

I think the best option for me will be start using cookies with
some kind of registration system forcing all users to
register themselves before posting new messages.

The idea of blocking IP cannot be implemented because
it will block everyone comming from that network
(proxy/firewall problem).

Again, I thank you all!
You are great! :thumbsup:

** Merry Christmas and Happy New Year **

NetLink:) :cool:

12-15-2002, 03:06 PM
The answers posted are correct, and seem to have solved your problem.

One aside. You can, within certain parameters, access window's login information using LDAP protocols. I know iot works within ASP and JSP using IE; I'm not sure about PHP and Moz implementations.

Basically, this takes your windows authenticated identity, which you then then use as a secure identity elsewhere on the system. It's generally only useful on intranets (because you need access to the system user authentification files -- which most people don't deliberately make public).

12-15-2002, 06:20 PM
Well yeah ... I mean if you can use ActiveX then you've access to COM ... and you've got a free run of the whole windows once you've accessed COM ...

... but you won't be able to do that on the web