+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
Web Development Thread, How to lookup the logged in user on website in Coding and Web Development; Any ideas on what PHP code to use when looking up the users first and surname? Here our users login ...
  1. #1
    jamesfed's Avatar
    Join Date
    Sep 2009
    Location
    Reading
    Posts
    2,185
    Thank Post
    133
    Thanked 340 Times in 287 Posts
    Rep Power
    84

    How to lookup the logged in user on website

    Any ideas on what PHP code to use when looking up the users first and surname?
    Here our users login with their initial followed by their surname so displaying the logged in username kinda looses its effect.

    (Wordpress hosted on PHP using IIS with Windows Auth enabled here)

  2. #2

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,523
    Thank Post
    513
    Thanked 2,398 Times in 1,859 Posts
    Blog Entries
    24
    Rep Power
    821
    Quote Originally Posted by jamesfed View Post
    Any ideas on what PHP code to use when looking up the users first and surname?
    Here our users login with their initial followed by their surname so displaying the logged in username kinda looses its effect.

    (Wordpress hosted on PHP using IIS with Windows Auth enabled here)
    Your best bet would be to use some form of ldap code to search for those details. You'd need to connect to the AD via LDAP, do a search using the username, and then retrieve the sn and givenname properties for that record.

  3. #3
    jamesfed's Avatar
    Join Date
    Sep 2009
    Location
    Reading
    Posts
    2,185
    Thank Post
    133
    Thanked 340 Times in 287 Posts
    Rep Power
    84
    Quote Originally Posted by localzuk View Post
    Your best bet would be to use some form of ldap code to search for those details. You'd need to connect to the AD via LDAP, do a search using the username, and then retrieve the sn and givenname properties for that record.
    Little out of my area of expertise then Time to do some googling I think.

  4. #4

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,523
    Thank Post
    513
    Thanked 2,398 Times in 1,859 Posts
    Blog Entries
    24
    Rep Power
    821
    Quote Originally Posted by jamesfed View Post
    Little out of my area of expertise then Time to do some googling I think.
    After having a play myself, the following works:

    Code:
    $initial = $_SERVER["AUTH_USER"]; 
        $_SESSION['un'] = preg_replace("/.*\\\\/", "", $initial); 
    	
    	$host = 'server';
    	$basedn = 'dc=domain,dc=local';
    	$group = 'Group Name';
    	$bind_user = "cn=Administrator,cn=Users," . $basedn;
            $password = 'password';
    	$ad = ldap_connect("ldap://" . $server ,389) or die('Could not connect to LDAP server.');
    	ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
    	ldap_set_option($ad, LDAP_OPT_REFERRALS, 0);
    	@ldap_bind($ad, $bind_user, $password) or die('Could not bind to AD.');
    
    	$filter = "(sAMAccountName=" . $_SESSION['un'] . ")";
    	$attr = array("memberof");
    	$result = ldap_search($ad, $basedn, $filter, $attr) or exit("Unable to search LDAP server");
    	$entries = ldap_get_entries($ad,$result);
    	ldap_unbind($ad);
    	foreach($entries[0]['memberof'] as $grps){
    		if(strpos($grps,$group)){ $access = 1; break;}
    	}
    	if($access == 1){
    		echo ("user is an admin");
    	}
    So, that simply connects to the AD server $server, using the user $bind_user, with password $password. Then does a search for that user, and retrieves the attribute 'memberof' (which is the list of groups), and then does a compare between each group in the list and $group.

    You can expand this to check multiple groups by adding extra if(strpos($grps,$othergroup)){$access = 2;} lines etc (and remove the 'break;'.

    Note - you should probably turn the above into a function for ease of reuse.

  5. #5

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    199
    Quote Originally Posted by localzuk View Post
    After having a play myself, the following works:
    i'm getting the error:
    PHP Notice: Undefined offset: 0 in test.php on line 28 PHP Warning: Invalid argument supplied for foreach() in test.php on line 28 PHP Notice: Undefined variable: access in test.php on line 30

  6. #6

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,523
    Thank Post
    513
    Thanked 2,398 Times in 1,859 Posts
    Blog Entries
    24
    Rep Power
    821
    Try inserting '$access = 0;' on the line before the foreach.

  7. #7

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,523
    Thank Post
    513
    Thanked 2,398 Times in 1,859 Posts
    Blog Entries
    24
    Rep Power
    821
    Right, function versions of it

    Code:
        //Returns a bound LDAP connection
        function getldapconnection($host,$user,$password){     
            $ad = ldap_connect("ldap://" . $host,389) or die('Could not connect to LDAP server.');
            ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
            ldap_set_option($ad, LDAP_OPT_REFERRALS, 0);
            @ldap_bind($ad, $user, $password) or die('Could not bind to AD.');
            return $ad;
        }
     
        //Checks group membership for a user
        function checkldapgroupmembership($ldap,$basedn,$group,$username){
            $filter = "(sAMAccountName=" . $username . ")";
            $attr = array("memberof");
            $result = ldap_search($ldap, $basedn, $filter, $attr) or exit("Unable to search LDAP server");
            $entries = ldap_get_entries($ldap,$result);
            $access = 0;
            foreach($entries[0]['memberof'] as $grps){
                if(strpos($grps,$group)){ $access = 1; break;}
            }
            return $access;
        }
    Then you'd just call it like so:

    $ld = getldapconnection("server","cn=Administrator,cn=Us ers,dc=domain,dc=local","password");

    $result = checkldapgroupmembership($ld,"dc=domain,dc=local", "Group Name","user.name");

    With result either being 0 or 1.
    Last edited by vikpaw; 23rd March 2011 at 09:32 AM. Reason: typo in function call.

  8. #8

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    199
    Quote Originally Posted by localzuk View Post
    Try inserting '$access = 0;' on the line before the foreach.
    still getting errors, this is what i have
    Code:
    <?php
    $initial = $_SERVER["AUTH_USER"]; 
    $_SESSION['un'] = preg_replace("/.*\\\\/", "", $initial); 
    
    $ldaphost = "server"; 
    $ldapport = 389;                
    $basedn = 'dc=domain,dc=internal';
    $group = 'Domain Admins';
    $bind_user = "cn=Administrator,cn=Users," . $basedn;
    $password = 'xxxxx';
    
    $ad = ldap_connect($ldaphost, $ldapport)
    or die("Could not connect to $ldaphost");
    
    // BIND TO LDAP
    ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($ad, LDAP_OPT_REFERRALS, 0);
    @ldap_bind($ad, $bind_user, $password) or die('Could not bind to AD.');
    
    $filter = "(sAMAccountName=" . $_SESSION['un'] . ")";
    $attr = array("memberof");
    $result = ldap_search($ad, $basedn, $filter, $attr) or exit("Unable to search LDAP server");
    $entries = ldap_get_entries($ad,$result);
    ldap_unbind($ad);
    $access = 0;
    foreach($entries[0]['memberof'] as $grps){if(strpos($grps,$group)){ $access = 1; break;}
    	}
    	if($access == 1){
    		echo ("user is an admin");
    	}
    
    
    ?>

  9. #9

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,523
    Thank Post
    513
    Thanked 2,398 Times in 1,859 Posts
    Blog Entries
    24
    Rep Power
    821
    Do you have authentication enabled on that host? ie. Is $_SERVER["AUTH_USER"]; returning anything? Try outputting that to the page to see.

  10. #10

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    199
    Quote Originally Posted by localzuk View Post
    Do you have authentication enabled on that host? ie. Is $_SERVER["AUTH_USER"]; returning anything? Try outputting that to the page to see.
    permission to call myself a dick......i was testing it on a site which had no authentication. just moved it to a test site with authentication and got my username returned.

    have tried the original script and i just get a blank page now, nothing echoing back about being an admin

    **edit** have tried it in firefox and get "user is an admin"....IE wont play though

  11. #11

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,523
    Thank Post
    513
    Thanked 2,398 Times in 1,859 Posts
    Blog Entries
    24
    Rep Power
    821
    Quote Originally Posted by MK-2 View Post
    permission to call myself a dick......i was testing it on a site which had no authentication. just moved it to a test site with authentication and got my username returned.

    have tried the original script and i just get a blank page now, nothing echoing back about being an admin
    Do you have error reporting enabled on that site?

  12. #12

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    199
    Quote Originally Posted by localzuk View Post
    Do you have error reporting enabled on that site?
    i edited after you posted. firefox it works fine on, its just IE it wont show

  13. #13

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,523
    Thank Post
    513
    Thanked 2,398 Times in 1,859 Posts
    Blog Entries
    24
    Rep Power
    821
    Quote Originally Posted by MK-2 View Post
    i edited after you posted. firefox it works fine on, its just IE it wont show
    It'll be down to permissions regarding authentication in IE. Is the site included in the trusted site group in IE?

  14. #14

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    199
    Quote Originally Posted by localzuk View Post
    It'll be down to permissions regarding authentication in IE. Is the site included in the trusted site group in IE?
    no, its just a test website that i just created in iis, so hasn't been published anywhere.
    does that mean for the script to work using IE in school the intranet pages would need to be added to trusted sites via GPO?

    if it is, thats ok, i can plan for summer when we overhaul all servers and add it then, i just want to know in advance so i dont end up making the same mistakes twice
    Last edited by MK-2; 22nd March 2011 at 10:54 AM.

  15. #15

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,523
    Thank Post
    513
    Thanked 2,398 Times in 1,859 Posts
    Blog Entries
    24
    Rep Power
    821
    Quote Originally Posted by MK-2 View Post
    no, its just a test website that i just created in iis, so hasn't been published anywhere.
    does that mean for the script to work using IE in school the intranet pages would need to be added to trusted sites via GPO?

    if it is, thats ok, i can plan for summer when we overhaul all servers and add it then, i just want to know in advance so i dont end up making the same mistakes twice
    I think these instructions cover it nicely. Enabling NTLM Authentication in Firefox and Internet Explorer

  16. Thanks to localzuk from:

    MK-2 (22nd March 2011)

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. RDP times out after 30 seconds when no user logged on
    By OverWorked in forum Thin Client and Virtual Machines
    Replies: 6
    Last Post: 15th May 2013, 03:11 PM
  2. Prevent showing last user logged in on 7
    By ranj in forum Windows 7
    Replies: 2
    Last Post: 18th August 2010, 01:46 PM
  3. user logged in
    By firefighting in forum Scripts
    Replies: 1
    Last Post: 12th February 2009, 10:14 AM
  4. automatic VNC to PC a user is logged onto
    By ChrisP in forum How do you do....it?
    Replies: 2
    Last Post: 7th December 2007, 04:23 PM
  5. Replies: 5
    Last Post: 21st February 2007, 04:40 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •