开发者

Getting Logged on Users Email | NTLM/Apache/PHP

I'm using the script below to get the logged on users details in apache. It works a treat.

I was curious as to whether it was possible to get the logged on users email address from this as well?

What other info can I pull? First name and last name?

If this isn't going to work, how can I get the logged in users email address? Is it possible?

Thanks in advance

    // This a copy taken 2008-08-21 from http://siphon9.net/loune/f/ntlm.php.txt to make sure the code is not lost.
// For more information see:
// http://blogs.msdn.com/cellfish/archive/2008/08/26/getting-the-logged-on-windows-user-in-your-apache-server.aspx

// NTLM specs http://davenport.sourceforge.net/ntlm.html

$headers = apache_request_head开发者_StackOverflowers();

if (!isset($headers['Authorization'])){
        header('HTTP/1.1 401 Unauthorized');
        header('WWW-Authenticate: NTLM');
        exit;
}

$auth = $headers['Authorization'];

if (substr($auth,0,5) == 'NTLM ') {
        $msg = base64_decode(substr($auth, 5));
        if (substr($msg, 0, 8) != "NTLMSSP\x00")
                die('error header not recognised');

        if ($msg[8] == "\x01") {
                $msg2 = "NTLMSSP\x00\x02"."\x00\x00\x00\x00". // target name len/alloc
                        "\x00\x00\x00\x00". // target name offset
                        "\x01\x02\x81\x01". // flags
                        "\x00\x00\x00\x00\x00\x00\x00\x00". // challenge
                        "\x00\x00\x00\x00\x00\x00\x00\x00". // context
                        "\x00\x00\x00\x00\x30\x00\x00\x00"; // target info len/alloc/offset

                header('HTTP/1.1 401 Unauthorized');
                header('WWW-Authenticate: NTLM '.trim(base64_encode($msg2)));
                exit;
        }
        else if ($msg[8] == "\x03") {
                function get_msg_str($msg, $start, $unicode = true) {
                        $len = (ord($msg[$start+1]) * 256) + ord($msg[$start]);
                        $off = (ord($msg[$start+5]) * 256) + ord($msg[$start+4]);
                        if ($unicode)
                                return str_replace("\0", '', substr($msg, $off, $len));
                        else
                                return substr($msg, $off, $len);
                }
                $user = get_msg_str($msg, 36);
                $domain = get_msg_str($msg, 28);
                $workstation = get_msg_str($msg, 44);
                print $msg;

                print "You are $user from $workstation.$domain";
        }
}


You can always use the php-ldap module to find out more about the logged on user once you know who they are. This example will output all of the entries for the Distinguished name you chose. You need to do a bit of work here putting in the information for your own circumstances. The LDP tool in Windows is very handy to find the information to put in here.

<?php
//specify the Distinguished Name
$dn = "CN=Joe Bloggs,OU=SomeOU,DC=SomeDomain,DC=com";

$filter = "(sAMAccountName=bloggsj)";

$ad = ldap_connect("ldap://yourADserver");
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
$bd = ldap_bind($ad,"yourDomainReadingAccount@wherever.com","secret")  or die("couldn't bind to AD!");

$result = ldap_search($ad, $dn, $filter);
$entries = ldap_get_entries($ad, $result);

print_r($entries);
?>


No, sorry, the NTLM specification is only regarding authentication and will only provide the username, domain and an authentication response hashed from your challenge. You will not get name or email address in this manner.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜