开发者

Getting Logged on Users Email | NTLM/Apache/PHP

问答 作者:

I'm using the script below to get the logged on users details in apache. It works a treat.

I was curious as to whether it was possible to get the logged on users email address from this as well?

What other info can I pull? First name and last name?

If this isn't going to work, how can I get the logged in users email address? Is it possible?

Thanks in advance

    // This a copy taken 2008-08-21 from http://siphon9.net/loune/f/ntlm.php.txt to make sure the code is not lost.
// For more information see:
// http://blogs.msdn.com/cellfish/archive/2008/08/26/getting-the-logged-on-windows-user-in-your-apache-server.aspx

// NTLM specs http://davenport.sourceforge.net/ntlm.html

$headers = apache_request_head开发者_StackOverflowers();

if (!isset($headers['Authorization'])){
        header('HTTP/1.1 401 Unauthorized');
        header('WWW-Authenticate: NTLM');
        exit;
}

$auth = $headers['Authorization'];

if (substr($auth,0,5) == 'NTLM ') {
        $msg = base64_decode(substr($auth, 5));
        if (substr($msg, 0, 8) != "NTLMSSP\x00")
                die('error header not recognised');

        if ($msg[8] == "\x01") {
                $msg2 = "NTLMSSP\x00\x02"."\x00\x00\x00\x00". // target name len/alloc
                        "\x00\x00\x00\x00". // target name offset
                        "\x01\x02\x81\x01". // flags
                        "\x00\x00\x00\x00\x00\x00\x00\x00". // challenge
                        "\x00\x00\x00\x00\x00\x00\x00\x00". // context
                        "\x00\x00\x00\x00\x30\x00\x00\x00"; // target info len/alloc/offset

                header('HTTP/1.1 401 Unauthorized');
                header('WWW-Authenticate: NTLM '.trim(base64_encode($msg2)));
                exit;
        }
        else if ($msg[8] == "\x03") {
                function get_msg_str($msg, $start, $unicode = true) {
                        $len = (ord($msg[$start+1]) * 256) + ord($msg[$start]);
                        $off = (ord($msg[$start+5]) * 256) + ord($msg[$start+4]);
                        if ($unicode)
                                return str_replace("\0", '', substr($msg, $off, $len));
                        else
                                return substr($msg, $off, $len);
                }
                $user = get_msg_str($msg, 36);
                $domain = get_msg_str($msg, 28);
                $workstation = get_msg_str($msg, 44);
                print $msg;

                print "You are $user from $workstation.$domain";
        }
}

You can always use the php-ldap module to find out more about the logged on user once you know who they are. This example will output all of the entries for the Distinguished name you chose. You need to do a bit of work here putting in the information for your own circumstances. The LDP tool in Windows is very handy to find the information to put in here.

<?php
//specify the Distinguished Name
$dn = "CN=Joe Bloggs,OU=SomeOU,DC=SomeDomain,DC=com";

$filter = "(sAMAccountName=bloggsj)";

$ad = ldap_connect("ldap://yourADserver");
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
$bd = ldap_bind($ad,"yourDomainReadingAccount@wherever.com","secret")  or die("couldn't bind to AD!");

$result = ldap_search($ad, $dn, $filter);
$entries = ldap_get_entries($ad, $result);

print_r($entries);
?>

No, sorry, the NTLM specification is only regarding authentication and will only provide the username, domain and an authentication response hashed from your challenge. You will not get name or email address in this manner.

继续阅读:exchange-serverntlmphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9