Actually, I have used both. You can authenticate using basic
authentication, then grab the $_SERVER["AUTH_USER"]... (I believe that's the
correct variable) and authenticate them internally through that. I wrote a
task management system for our department a few months ago where it was
necessary to log them in to keep it internal only, and there was no point in
managing two sets of passwords.
Turn Basic authentication on, and windows authentication off (I found PHP
would crash with this on, never felt like investigating it, and since it was
internal, it didn't matter too much).
Then you can do something like this:
<? If(!empty($_SERVER["AUTH_USER"]))
{
?> You have successfully logged in, <?
print($_SERVER["AUTH_USER"]); ?>!
then do your database query to see what they have access to:
mssql_query("Select AccessLevel From Users Where UserName ='" .
$_SERVER["AUTH_USER"] . "');
One thing you should remember, is that the AUTH_USER also contains the
domain they logged into, so you may have to do a replace on that variable
(IE):
<?
$_SESSION["Username"] = substr($_SERVER["AUTH_USER"], strrchr("\\",
$_SERVER["AUTH_USER"]), strlen($_SERVER["AUTH_USER"]);
?>
should do the trick.
As a warning, I don't know for certain that the above code is 100% correct,
as I just threw it together, but it should be fine. As a second warning,
all that code assumes that you have the default options set on the PHP
Config, and that none of the standard functions are blocked. I write most
of my code to be as portable as possible, and the only way to do that is to
adhere to the default php.ini, which can be downloaded and dumped in place
of my current one, with minimal changes, and without my code breaking :)
I also use MSSQL, so if you're using mySQL, make sure you change that as
well.
Good luck in your endeavor!
___________________________________
Ryan Marrs
-----Original Message-----
From: Davy Obdam [mailto:info@;davyobdam.com]
Sent: Friday, October 18, 2002 7:59 AM
To: 'Cam Dunstan'; [EMAIL PROTECTED]
Subject: RE: [PHP-WIN] RE: [PHP] Re: Need help with HTTP-Authentication
Hi Cam,
Thanks for your reaction. I was wondering if u could send me some
example code maybe;-)
I am a bit new to session based login systems myself;-) Thanks already.
Best regards,
Davy Obdam,
mailto:info@;davyobdam.com
> David and Davy,
>
> My two bobs worth - I like to use sessions myself usually, I
> suppose because it means my scripts are controlling access
> rather than the server or the operating system. With sessons
> you can store all sorts of variables such as exactly what the
> user can do in a list of tasks rather than just "will we let
> him in or not". The user submits a form with his username
> and password, I look them up in a database, and if I find him
> I grab a "task list" of things he is allowed to do on the
> site (could be different for every user) and store them in a
> session. Everytime he tries to go somewhere on the site the
> script first checks if that task is in his list -
> furthermore, you can kick him off if he has overstayed or
> there has been no action for a period of time - also gives
> you the opportunity to log or time his total activity on the site.
>
> I wrap each script in a small "include" routine which does
> all this so its
> no big deal in terms of coding effort or extra overhead.
> You might like to
> go this road rather than the simpler but more restrictive
> HTTP auth. way.
>
> Cheers CD
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
