How to get the Windows login username in PHP_PHP tutorial-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

How to get the Windows login username in PHP_PHP tutorial

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 13, 2016 am 10:26 AM

phpwindowsusername

前几天在问答区提了一下这个问题,所有回答问题的朋友都说不可能通过PHP实现,碰巧我的实习负责人帮我找到了一个方法,貌似是通过NTLM来实现的,我是新手,对具体原理也知之不详,只是自己测试了一下,很好用.
所以赶快拿出来与大家分享.这是一个法国人写的,所以编码中的注释都是法语,如果有朋友很想了解某行的注释含义,请回帖说明,我可以试着翻译一下.

<&#63;php
/***********************************************************************
************************************************************************
*
* PHP NTLM GET LOGIN 
* Version 0.2.1                  
* Copyright (c) 2004 Nicolas GOLLET ( Nicolas (dot) gollet (at) secusquad (dot) com )
* Copyright (c) 2004 Flextronics Saint-Etienne
*
* This program is free software. You can redistribute it and/or modify 
* it under the terms of the GNU General Public License as published by 
* the Free Software Foundation; either version 2 of the License.    
*
***********************************************************************/
session_start();
$headers = apache_request_headers(); // 获取用户头
if (@$_SERVER['HTTP_VIA'] != NULL){ // 确认是否使用了代理(proxy),因为ntlm验证不能穿过代理.
echo "Proxy bypass!";
}
elseif($headers['Authorization'] == NULL){  //si l'entete autorisation est inexistante如果许可头不存在
 header( "HTTP/1.0 401 Unauthorized" );  //envoi au client le mode d'identification
 header( "WWW-Authenticate: NTLM" );  //dans notre cas le NTLM
 exit;    //on quitte
}
if(isset($headers['Authorization']))   //dans le cas d'une authorisation (identification)
{ 
 if(substr($headers['Authorization'],0,5) == 'NTLM '){ // 确认client是否在ntlm下

  $chaine=$headers['Authorization'];   
  $chaine=substr($chaine, 5);  // 获取 base64-encoded type1 信息
  $chained64=base64_decode($chaine); // 解码 base64 到 $chained64
  
  if(ord($chained64{8}) == 1){   
  //   |_ byte signifiant l'etape du processus d'identification (etape 3) 
 
  // verification du drapeau NTLM "0xb2" &#63;l'offset 13 dans le message type-1-message (comp ie 5.5+) :
  if (ord($chained64[13]) != 178){
   echo "NTLM Flag error!";
   exit;
  }

  $retAuth = "NTLMSSP".chr(000).chr(002).chr(000).chr(000).chr(000).chr(000).chr(000).chr(000);
  $retAuth .= chr(000).chr(040).chr(000).chr(000).chr(000).chr(001).chr(130).chr(000).chr(000);
  $retAuth .= chr(000).chr(002).chr(002).chr(002).chr(000).chr(000).chr(000).chr(000).chr(000);
  $retAuth .= chr(000).chr(000).chr(000).chr(000).chr(000).chr(000).chr(000);
  
  $retAuth64 =base64_encode($retAuth); // encode en base64
  $retAuth64 = trim($retAuth64);  // enleve les espaces de debut et de fin
  header( "HTTP/1.0 401 Unauthorized" );  // envoi le nouveau header
  header( "WWW-Authenticate: NTLM $retAuth64" ); // avec l'identification suppl閙entaire
  exit;
  
  }
  
  else if(ord($chained64{8}) == 3){
  //     |_ byte signifiant l'etape du processus d'identification (etape 5)

  // on recupere le domaine
  $lenght_domain = (ord($chained64[31])*256 + ord($chained64[30])); // longueur du domain
  $offset_domain = (ord($chained64[33])*256 + ord($chained64[32])); // position du domain. 
  $domain = str_replace("\0","",substr($chained64, $offset_domain, $lenght_domain)); // decoupage du du domain
  
  //le login
  $lenght_login = (ord($chained64[39])*256 + ord($chained64[38])); // longueur du login.
  $offset_login = (ord($chained64[41])*256 + ord($chained64[40])); // position du login.
  $login = str_replace("\0","",substr($chained64, $offset_login, $lenght_login)); // decoupage du login
  
  if ( $login != NULL){
   // stockage des donn閑s dans des variable de session
   $_SESSION['Login']=$login;
   header("Location: newpage.php");
   exit;
  }
  else{
   echo "NT Login empty!";
  }
   
 
  }
 }
}
&#63;>

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

How does PHP identify a user's session?May 01, 2025 am 12:23 AM

PHPidentifiesauser'ssessionusingsessioncookiesandsessionIDs.1)Whensession_start()iscalled,PHPgeneratesauniquesessionIDstoredinacookienamedPHPSESSIDontheuser'sbrowser.2)ThisIDallowsPHPtoretrievesessiondatafromtheserver.

What are some best practices for securing PHP sessions?May 01, 2025 am 12:22 AM

The security of PHP sessions can be achieved through the following measures: 1. Use session_regenerate_id() to regenerate the session ID when the user logs in or is an important operation. 2. Encrypt the transmission session ID through the HTTPS protocol. 3. Use session_save_path() to specify the secure directory to store session data and set permissions correctly.

Where are PHP session files stored by default?May 01, 2025 am 12:15 AM

PHPsessionfilesarestoredinthedirectoryspecifiedbysession.save_path,typically/tmponUnix-likesystemsorC:\Windows\TemponWindows.Tocustomizethis:1)Usesession_save_path()tosetacustomdirectory,ensuringit'swritable;2)Verifythecustomdirectoryexistsandiswrita

How do you retrieve data from a PHP session?May 01, 2025 am 12:11 AM

ToretrievedatafromaPHPsession,startthesessionwithsession_start()andaccessvariablesinthe$_SESSIONarray.Forexample:1)Startthesession:session_start().2)Retrievedata:$username=$_SESSION['username'];echo"Welcome,".$username;.Sessionsareserver-si

How can you use sessions to implement a shopping cart?May 01, 2025 am 12:10 AM

The steps to build an efficient shopping cart system using sessions include: 1) Understand the definition and function of the session. The session is a server-side storage mechanism used to maintain user status across requests; 2) Implement basic session management, such as adding products to the shopping cart; 3) Expand to advanced usage, supporting product quantity management and deletion; 4) Optimize performance and security, by persisting session data and using secure session identifiers.

How do you create and use an interface in PHP?Apr 30, 2025 pm 03:40 PM

The article explains how to create, implement, and use interfaces in PHP, focusing on their benefits for code organization and maintainability.

What is the difference between crypt() and password_hash()?Apr 30, 2025 pm 03:39 PM

The article discusses the differences between crypt() and password_hash() in PHP for password hashing, focusing on their implementation, security, and suitability for modern web applications.

How can you prevent Cross-Site Scripting (XSS) in PHP?Apr 30, 2025 pm 03:38 PM

Article discusses preventing Cross-Site Scripting (XSS) in PHP through input validation, output encoding, and using tools like OWASP ESAPI and HTML Purifier.

See all articles