Authentication By The Server
I am attempting to discover the remote user for an INTRAnet site, but cannot
see how to do this cleanly. It seems so simple, too... (IIS is NOT being
used)
ALL I need is the user ID that logged in; when they log into their
workstation, that is good enough for this intranet set, and I am willing to
believe who they say they are. I would like them to be automatically logged
into the site using their ID (this part is simple, assuming, of course, I
actually had the ID). For this application, I do not need to know, nor even
care about, their password.
But the problem comes when I try to GET the remote user ID. I realize that
in theory I can use something an Apache module (like mod_auth_sspi), but
these authenticate against the web server, which in this case is in the DMZ
and ignorant of all other users. Simply getting the user name with PHP
returns the user name that PHP is running as, which is exactly what I do not
want.
I saw a brilliant hack that dug the user name out of NetBios in PHP, but
naturally, NetBios is turned off.
There seems to be ways to do this with .htaccess, but the users are stored
in Active Directory. The goal here is that once the user is added to the AD,
then they should have access to the intranet. I can actually handle the
security settings from within the intranet via LDAP. That works like a
champ. But it works because at that point I know the User ID. I want to
figure out what the user ID is in the first place. So, using .htaccess is
not really an acceptable solution.
One suggestion made was to start IE with a .bat file that passes the user
name as a parameter (i.e.; iexporer
http://mysite.mydomain.com/login.php?login=%LOGINNAME% but this makes the
user use a certain browser and click a certain link/icon.) I would like the
server to be able to cope with this all by itself.
It seems that no matter what direction I go, the door is closed. What is
really frustrating is that it IIS does this out of the box! Switching to IIS
is not an option.
View Complete Forum Thread with Replies
Sponsored Links:
Related Messages:
SMTP Server Response: 503 This Mail Server Requires Authentication
I get this any time I try to send an email to someone that IS NOT in the domain of the company: Warning: mail() [function.mail]: SMTP server response: 503 This mail server requires authentication when attempting to send to a non-local e-mail address. Please check your mail client settings or contact your administrator to verify that the domain or address is defined for this server. in corpevent.php on line 21 I have it setup like this (I removed the email address domain...but its correct in the code): // INI Settings // ini_set(sendmail_from,"info@domain.com"); ini_set(SMTP,"mail.domain.com"); ini_set(smtp_port,"25"); $headersĀ = "MIME-Version: 1.0"; $headers .= "Content-type: text/html; charset=iso-8859-1"; $headers .= "From: info@domain.com"; $to = $_POST['txtEmail']; mail($to,"Your Email",$theEmail,$headers); Why am I not allowed to send an email to anyone that doesn't have a "domain.com" at the end of the email?
View Replies !
View Related
Mail Server Authentication
There seems to be a lot of white noise in trying to understand SMTP that requires authentication when searching the newsgroups via Google Groups or searching the PHP.net website. The PHP fsockopen API's notes on php.net provide the routine to connect, unauthenticated, to send messages. But if you need authentication, people want you to download their class or check the PEAR. Some websites even want your email address or some registration process to check out the file, but I don't play that game. Anyway, these methods will work, but here's the short of it... After the HELO initial acknowledgement, do the following. (Translate the pseudocode to PHP.) 1. Send "AUTH LOGIN " 2. Did you get message 334 back? If not, then server doesn't support authentication. Break. 3. Send base64_encode($user) 4. Did you get message 334 back? If not, then server doesn't support that username. Break. 5. Send base64_encode($pass) 6. Did you get 235 back? If not, then server doesn't support that password. Break. 7. Proceed now with MAIL FROM, RCPT TO, DATA, etc.
View Replies !
View Related
Authentication ==> 500 Internal Server Error
I'm using PHP Authentication with: if(!($PHP_AUTH_USER)): ... This works fine on my hosted server but not on my local development machine. When this bit of code executes, I get the above error. My local machine has the following config: NT4 SP4 PHP Version 4.0RC1 Apache/1.3.11 Any suggestions as to how I get it to work locally? Thanks Mark
View Replies !
View Related
Http Authentication On A Linux Web Server
I've been running the following authentication in php on a linux web server. I'm trying to move it to a web server on a Windows machine running Omnihttpd. It isn't working. Any ideas? <?php if(!isset($PHP_AUTH_USER)) { Header("WWW-Authenticate: Basic realm="Hardware Review""); Header("HTTP/1.0 401 Unauthorized"); echo "You are not authorized to view this pagen"; exit; } else { if ($PHP_AUTH_USER!="hardware"| |$PHP_AUTH_PW!="Speed0") { Header("HTTP/1.0 401 Unauthorized"); echo "You are not authorized to view this pagen"; exit; } } ?>
View Replies !
View Related
Create Session After Authentication On Other Server
I've posted my problem in an earlier thread and didn't get any luck. In this post I'm trying to make my question more clear: - I've wrote a php script that composes http get header, this script gets a file and does basic authentication (see below) - The server that recieves the request (this case: www.example.com) succesfully authenticates gives the script the page requested. What I would like to happen: - The page requested should initiate a session between the server and the client. Setting session_start(); in the page requested doesn't do the trick Code:
View Replies !
View Related
Client Does Not Support Authentication Protocol Requested By Server
I've installed php 4x on IIS. I try to open the database I get the following message: Warning: mysql_connect() [function.mysql-connect]: Client does not support authentication protocol requested by server; consider upgrading MySQL client in c:ProjectsManagementSystemMenu.php on line 6 Could not connect: Client does not support authentication protocol requested by server; consider upgrading MySQL client.
View Replies !
View Related
HTTP Authentication .vs. Session Authentication
I am designing a PHP application (yes, I have investigated using existing applications). I cannot use HTTPS for reasons I shall not disclose. I must authenticate users against a database (MySQL) before granting them access. There are two methods I am considering: HTTP authentication, and session authentication. My webpage is spread across multiple scripts, and the user must not have to repeatedly reauthenticate him/herself. It does not matter, however, if the login session remains or is destroyed when the browser closes, although destruction is preferred. To my knowledge, PHP only supports Basic HTTP authentication. This would be easier, and if it matches session authentication in security, I would prefer to use it. Session authentication would be accomplished via a hashed password supplied in a form, sent via POST, after which the userid or another identifying piece of data would be stored in a session variable. My webserver does host other websites, and I cannot adjust its configuration. It seems to me, however, that Basic HTTP authentication sends the username and password in plaintext at the opening of every page. Is this true?
View Replies !
View Related
PHP Authentication ?
I have 2 scripts and two forms. One form is a registration form that inputs a user name and a user password into a MySQL database. The password goes through MySQL's MD5 function. The login form is as basic as it can get, and the login PHP file tests the supplied user name and password against what's in MySQL. I put the submitted password through MySQL's MD5 function when I test...
View Replies !
View Related
Authentication With PHP
I have a bit of complicated authentication scheme that is giving me trouble. I have users in a members area from one domain that I want to be able to allow them to access content on my second domain hosted on a different server that also has a password protected area. Both are using apache. But the tricky part is to accomplish this so that users cannot get or figure out the codes (very easily) that are used to enter the second membership site. I have a link inside a frame taking them to a page that contains the following redirect: <? Header( "Location: http://usernameassword@mysite.com") ?> I have this inside a frame so that if they try to bookmark the page, they will bookmark the original (1st) members area. I realize that a sophisticated user may be able to figure a way around this but that shouldn't be a big problem. I have this all working great with Netscape, but with Internet Explorer there is a big problem because the authentication window pops up and since I don't want the users to know what the codes are in order to enter my 2nd site, I need a way for the codes to automatically be entered unseen to work in IE. Is there a way to provide username and password to the second site other than in the form above? Also, I need codes to be entered rather than setting it up to allow by referrer.
View Replies !
View Related
Help With Authentication
current my code checks against the database to see if $PHP_AUTH_USER and $PHP_AUTH_PW matches the info in the database. If it matches, the user is successfully logged in and "You're authorized!" is shown. If i have a file index.php and i would like to include the line: require ("auth.php") at the top of the file, what codes do i add in auth.php to load the contents of index.php instead of showing the line "You're authorized!" to the successfully logged in user? PHP Code:
View Replies !
View Related
PHP Authentication?
I've been playing with several PHP scipts that I put together and they work (seemingly) well for protecting pages. I can log the user in, and using sessions, I can manage where they are allowed to go (and I log their login to SQL as well). My question is (and maybe I'm just blind), how do you use this to protect non-php 'stuff'? I include a 'logged in' check on all my pages, but what about a PDF for example? Couldn't a non-logged in user reach down and pull up a PDF if they knew the address? Do I need to combine this with some of Apache's .htaccess stuff? Anyway, great site and if anyone has any advice, etc, I'd appreciate it!
View Replies !
View Related
PHP & Pam Authentication
I recently installed pam_auth on my server as a standalone module so I could have people login to areas of my site using their Linux (cPanel) login and password, but am having problems. It seems regardless of whether or not the login/password combination are correct, the pam_auth module returns a "Permission Denied" or "Authentication Failure". I've Google'd on this and checked the above site, and have gotten nowhere. I'm hoping someone here has experience with this and can provide some helpful advice cuz I'm completely stumped.
View Replies !
View Related
Authentication
For some reason, even though my php script does require and prompts the user for authentication, the page still loads slowly in the background. Normally authentication windows pop up before the page starts to load and only loads on correct validation, but in my case it prompts the user, yet the page still loads in the background.
View Replies !
View Related
XML-RPC Authentication
My previous request for people experienced with CORBA found exactly one, so from that I assume that XML-RPC is far more common in the PHP world (about which I know little). However, I tend to think that there are so insane drawbacks of XML-RPC and the attempts of SOAP to rectify these merely creates more problems, mainly due to lack of standards and interoperability. What I'd like to be able to do (at minimum) is: a) support 8-bit ASCII b) support some sort of proper authentication, so not just any client can get data from the server XML-RPC does neither out of the box, but it shouldn't be too difficult to graft these on. How have people here solved these problems in PHP clients?
View Replies !
View Related
Php Authentication
I'm trying to get php authentication going both on a Linux rh9 box and two *bsd systems. In none of these cases is it working as passwords are shadowed and i don't want to make the shadowed password files readable. Does anyone have this going preferably without using an external sql database?
View Replies !
View Related
Authentication On Mac?
I am making a site that requires user authentication. It checks a database for the users username and password and only lets them in if they match. Apparently, my client is using a Mac, and she claims that she cannot log in to the site on that computer. She has a power MAC 7200/90 with system software of 7.5. She has Netscape 3.0. I am wondering if this problem is related to her Mac. My code:
View Replies !
View Related
Authentication Help
I am using this standard code at the start of my script to request a user to login. After the user enters information the login box just pops back up. The script does not move to the else portion after a login is entered. It just stays in the first part of the if statement. { header('WWW-Authenticate: Basic realm = "Club"'); header('HTTP/1.0 401 Unauthorized'); echo "Nice try, if you really are supposed to be in here, try again. "; exit; } else { $linkID = @mysql_connect("localhost", "username", "password"); etc.... }
View Replies !
View Related
WWW-Authentication
-i have a php script that i use to redirect clients to their pages by username and password. it begins like: header("WWW-Authenticate: Basic realm="abcde""); after the header it contains many blocks as this one: if (($_SERVER[PHP_AUTH_USER] == "username") && ($_SERVER[PHP_AUTH_PW] == "password")) { header("Location: location_for_the_user.php"); } It worked just fine untill i reached a number of 1172 clients (blocks like above) . When i want to add new client after the 1172 the script simply wont work; blank page in firefox and "could not find server" in explorer.
View Replies !
View Related
Authentication And CMS
I have been asked to create a CMS that will allow a client to login and be presented with the downloadable contents of a specifc folder held on the ftp server. The CMS also needs to give the owner of the site the ability to select which folders a client can view when creating a new account. I would be using a mysql database for authenticating the client. Any help/advice example of code etc would be most appreciated. I have a fair understanding of PHP, but have been using it mostly in conjunction with Dreamweaver.
View Replies !
View Related
Best Way To Authentication
I have a website I want to allow un authenticated access to. Then I have several directories of html and php files that I want to password protect. What is the best way to do this? I can do it with .htaccess . I don't think anyone likes to use that anymore? Is there an easyish way to setup a small db to store usernames, password and group and then set the directories to allow groups in? I would need to be able to have people belong to multiple groups as some people will have access to more than one authenticated directory.
View Replies !
View Related
Authentication
I have an interesting newbie dilemma. I'm testing a hidden registration form but need to have the user only be able to submit to the database once. I don't want him going back and registering other users, friends etc. I know this is a bonehead question but I'm a bit frazzled. I could tie his IP address and verify or limit to a mktime, verification email. so many choices.
View Replies !
View Related
Use The PHP Authentication
I'm trying to use the PHP authentication example in the PHP manual <?php if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized'); echo 'Text to send if user hits Cancel button' exit; } else { echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>"; echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>"; } ?> It works on my machine, but when I try to run it on my host, it just repeatedly asks for a password over and over again, never taking in what is typed in. It seems that the variables are never getting set, but I'm not sure why. I've tried it on my other hosts and it works fine too - so what's going wrong?
View Replies !
View Related
PHP And IKey Authentication
Hi, Does anyone have experience with the combination of PHP and iKey (http://www.ikey.nl - a USB adaptor authentication key)? There is a module (dll) for ASP to read the contents of the key, but not a module for PHP. I would like to use the iKey authentication in a webproject. Many thanks, Peter
View Replies !
View Related
File Authentication
Hi! I am a "newbie" when it comes to PHP, so this is probably a very easy question but please reply because I have been unable to find the answer. Ok, I have a file which I don't want people to access, so I basically used CHMOD and fixed that problem. However, I would like a PHP script to be able to use this file. So, if I run ex. mytest.php and mytest.php includes the line include(myprotectedfile) then it will be able to access it. Ok, I've heard a lot about htaccess files, but I don't really know a lot about them. Anyway, this was how I was planning to overcome the problem: OK, mytest.php includes a statement that changes the chmod of myprotectedfile, for example to 777 (or whatever). This is done in the beginning of the script. Now the program can basically access myprotectedfile without any problem. Then, after accessing the file it would now change the CHMOD back to the original value. OK, that's how I am planning to do it, but are there easier ways around the problem?
View Replies !
View Related
User Authentication.
I got the following script from the PHP4hosting site, it was done by devshed. I am trying to use it but it doesn't accept any of the usernames or passwords I enter, any ideas why pls? <? function authenticate() { Header( "WWW-authenticate: basic realm='MySQL/PHP Demo'"); Header( "HTTP/1.0 401 Unauthorized"); echo "You must enter a valid login ID and password to access this resource "; exit; } if(!isset($PHP_AUTH_USER) || $PHP_AUTH_USER=="" || $PHP_AUTH_PW=="") { authenticate(); } else { mysql_connect( 'localhost','user','pass'); mysql_select_db("users"); $result = mysql_query("select * FROM users where name = '$PHP_AUTH_USER' and password='$PHP_AUTH_PW'"); $row = mysql_fetch_array($result); if ($PHP_AUTH_PW!=$row["password"] || $PHP_AUTH_USER!=$row["name"]) authenticate(); } echo "User ID :".$row["id"]; ?>
View Replies !
View Related
Authentication Across Servers...
I am dealing with a web application that requires a MySQL based user authentication and complete seesion management within the application's content, but what I trying to accomplish is to link to a site on another server that is using HTTP Authentication through a .htaccess file. The trick here is that the user|password is the exact same between sites. Is there anyway to pass the authentication info through a q string or using PHP header info so that the users will not have to log in twice?
View Replies !
View Related
Some Help With Apache Authentication
I'm developing a website that require a user and password validation. Almost everything works fine, but a have little problem when the user insert a wrong login (user/password). If that happen, the website shows a page that says: Try again. The last is a reload of the index.php file. My question is what I need to do in the code, for a new login dialog from apache.
View Replies !
View Related
HTTP Authentication With PHP
I have followed 3 different tutorials and none of them seem to work. When I use the following code in the beginning of my PHP script: if (!isset($PHP_AUTH_USER)) { header('WWW-Authenticate: Basic realm="Datacenter"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authorization Required.' exit; } and I attempt to access the script I get the error: "Error 500: Internal Server Error" I reset the permissions to 755 and still no luck. I then, out of frustration created a .htaccess file and tried every possible combination, particularly in the UserAuthFile. I have tried, UserAuthFile [path]/myscritp.php4 UserAuthFile /dev/null/ I have also tried deleting the line alltogether and what happens in all these cases is that the box comes up but when I enter the info it does not send the variable to the script. If you have any information I would really appreciate it. I could even send you the script to look at the full code if it would help.
View Replies !
View Related
Cookies & Authentication
My project uses cookies to authenticate, and everything works great except for a small annoyance. When I login, it accepts, redirects to another page, but it doesn't consider me logged in until I refresh that other page again (or any other page for that matter). I swear I saw a thread about that here somewhere, but can't find it again. Is this a common issue, or am I doing something wrong? 1) auth, set cookie, redirect to new page 2) new page loaded, still not authenticated 3) refresh that same page, or load any other protected page, works from then on.
View Replies !
View Related
Authentication On Windows
Hi, I have for some time Apache running on windows. I am interested in authentication, but... If I call the following 'authenticate' example from the manual, I get the 500 internal server error. PHP Code:
View Replies !
View Related
Authentication Scripts
I am trying to write an authentication script for a site I am building, it is going to be a database login script, which I will need the user to be redirected if the authentic fails. I however do not want to use the HEADER function. Does anyone know how i might be able to do this.
View Replies !
View Related
PHP Authentication Query
Is there any way to grap a windows login username using PHP? I need the login username to authenticate the user against a separate mySQL database, the reason being - I don't see the point in people having to log in twice to one (first the workstation login then the intranet login). The intranet server is a linux Red hat 9 with Apache running as the web server. I thought of using cookies set with a long expiration date, but roaming profiles are not being used on the domain.
View Replies !
View Related
Authentication Password Needs To Be Given!
I've a hyperlink called Edit which on click opens a page to edit the details of the table and if needed the user does some modifications and saves what he has done. So i'm need to provide a authentication thing which on clicking Edit hyperlink should open a box and asks for password and if entered correct it should go the desired page or else should give a message Invalid password... etc. How do i do that? Plz help. I've created a table in mysql as authentication and the field name is password varchar(25).
View Replies !
View Related
Authentication & Setcookie
setcookie("username",$username,time()+14400,"/",".georgiaoffroad.com",0); That's how I set a cookie, and once a cookie is set I can access the 'username' cookie variable anywhere on the site (since I have a / in the path field). setcookie has to be used before any other header info is passed to the browser, else I get "too much info.." or somesuch error. With my current login script, I check to see if $username and $password exist (with a query to a users table). If so, I display the page content. If not, the user is prompted to enter a username & password. When the user presses 'go', the page is reloaded and php tests the un & pw again. I can check for user/pw at the top of every page, but what good is that if I can't at some point create a cookie with inputted data from a form? This is probably something incredibly simple, but I've been reading about setcookie on various sites and in a couple books for the last couple hours and everythings becoming a blur.
View Replies !
View Related
Database Authentication
Im using a UltraBoard (full version) as a forum on my site. Ive selected the option for UltraBoard to use MySQL to store username and passwords. What I want to do is autheticate a user against the UltraBoard username / passwords table. The problem is the passwords in the table are encrypted i.e. username: abc123 and password: abc123 is stored in the table as username: abc123 and password: XWTZU2dJkFQ0Q When I enter password : abc123 in my authentication box it wont authorise me, but when I enter XWTZU2dJkFQ0Q it does. Obviously the members wont remember XWTZU2dJkFQ0Q ... who would ?
View Replies !
View Related
Authentication With Sessions...
I'm building a database and I basically need to keep out people who aren't authorized, but it's not like I need top security here. I'm just doing basic user/pass of a SQL database, and when a user authenticates I start a session for him. My question is, is there any way for a hacker to easily start a session without having logged in? For instance, if I save the user name and IP address in the session will it be relatively tough to fake a session? Sorry if this is a dumb question, I really don't know much about this yet.
View Replies !
View Related
Authentication Issues
Well not exactly authentication issues, i am having an issue that is driving me crazy. On my page's index i have three frames. One frame for the top (banners and such), a left frame (for navigation), and a right frame for the body of the site. My problem is that in the left frame I have a php script to determine whether someone's logged in or not (using cookies). If the person is not logged in, the table displays a login for, but if they are logged it says "welcome <user>". Thus far everything works perfectly. The place where i am having issues is when the user isn't logged in it shows the form, then they proceed to log in. Upon successful authentication i have the login script doing something like this PHP Code:
View Replies !
View Related
Php And Email Authentication
i need a framework to set up a web service with email authentication: that is, I need the user to insert his/her email, I send him/her a code via email and when the confirm email arrives, the user is confirmed: it is done in various web services, nothing new :-( But how can I do it? I have seen various CMS which get the subscription, but not the mail confirmation: I obviously need to intercept incoming mail to to check, but how is it done in php?
View Replies !
View Related
Sessions - Authentication
I have a question about sessions and authentication. When people log in to the app that I am writting, it sets a session variable marking them as logged in. One of the testers of this app told me that once any PC on his LAN was logged in, all PCs on the LAN logged in. I was under the impression that each browser instance on different PCs was a unique session. This appears not to be the case. I imagine the use of cookies would solve the problem. However, I am curious as to why if one PC on a LAN is logged in, why all the PCs were logged in?
View Replies !
View Related
Doing Basic Authentication On IIS 6.0
I'm trying to do basic authentication using IIS 6.0 with PHP as an ISAPI module. I can get the dialog to pop up no problem, but when I enter a name/password, it doesn't come back in the header. After checking the documentation, I found that the $PHP_AUTH_USER and $PHP_AUTH_PW are not available in IIS 6.0 and that I had to use the HTTP_AUTHORIZATION variable like so: list($user, $pw) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); ..........
View Replies !
View Related
Authentication With .htaccess
When using authentication on Apache server with .htaccess and .htgroup, is it possible to use PHP to provide customised content depending on whether a visitor to a website is in a specific group or not? If so, does anyone know of a good tutorial?
View Replies !
View Related
HTTPS Authentication
On my current project i have requirement to do HTTPS user authentication. 'Till now i 've been doing authentication using sessions and checking login and pass against MySql. Can you give me some info on authenticating users via HTTPS, what are the requirements, can i use my existing scripts etc.
View Replies !
View Related
|
TRACKER
