php-windows Digest 26 Feb 2004 10:22:20 -0000 Issue 2139
Topics (messages 22989 through 22995):
Re: Best way to check for user 'Administrator' group membership
22989 by: Frank M. Kromann
22990 by: Paul Menard
Connecting to MSSQL Server
22991 by: Gerardo Rojas
22992 by: Gerardo Rojas
22993 by: John Ellingsworth
22994 by: Justin Patrin
22995 by: Svensson, B.A.T. (HKG)
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
I know I'm late into this discussion, but the PECl extension php_ntuser
gives you a tool to get the users and groups from the SAM database with a
few simple PHP functions.
- Frank
> Issue solved.
>
> After stopping my system admin on the way for more coffee he suggested
cycling IIS. Something
> about more patience needed on my part and IIS caching or changes like
folder permissions related
> to web page logic not taking instant affect.
>
> So no I have what I want. On the admin browser session I have then menu
option I need and on the
> non-admin session I do not have then option.
>
> Case closed.
>
> Thanks all.
>
>
>
> --- Paul Menard <[EMAIL PROTECTED]> wrote:
> > I'm getting somewhere.
> >
> >
> > I set the audit on the folder. I also double-checked my
'is_writeable()' code. I have this code
> > checking the folder. This folder is set to read/write by
Administrators only (but not full
> > control). I have started two browsers. One is logged in a an
admin-level account. The other is
> > logged in as a lowly user. On both I see the menu option.
> >
> > When I clicked on the menu link on the Admin broswer session I of
course am taken to that
> > screen.
> > When I click on the link under the other browser I receive a login
popup. This tells me that IIS
> > is asking for an admin-level login.
> >
> > This works for me. As long as the general users cannot get into the
page. I would prefer to not
> > have the menu option appear on the non-admin users screen.
> >
> > Thanks for your direction and validation.
> >
> > FPM
> >
> >
> >
> > --- "Bowden, Zeb" <[EMAIL PROTECTED]> wrote:
> > > To be honest with you I'm not 100% sure on IIS 6 and the context
PHP
> > > will run as after you do the basic authentication ... test this you
can
> > > audit successes/failures for the everyone group on the particular
> > > file/folder you try to write to, then the eventlogs will tell you
whose
> > > trying to access it.
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Paul Menard [mailto:[EMAIL PROTECTED]
> > > Sent: Wednesday, February 25, 2004 10:29 AM
> > > To: Bowden, Zeb; [EMAIL PROTECTED]
> > > Subject: RE: [PHP-WIN] Best way to check for user 'Administrator'
group
> > > membership
> > >
> > > Ah. Now we are getting someone who kind of understands my issues.
> > >
> > > Yes. I mean the local system administrators group.
> > > Yes. I was looking at using 'is_readable()', 'is_writeable()'.
Tried
> > > both on file(s) and folder(s) with no luck. I tried creating a
> > > file/folder both inside my Web tree InetPub as well as outside. I
would
> > > then strip off all user permissions except Administrator. and only
then
> > > make this writable access. I tried adding the code as in
> > >
> > > if (is_writable(<my file>) == TRUE)
> > > {
> > > //code to include menu option
> > > }
> > >
> > > My thought was that is the file is writable then the user must be a
> > > member of the Administrators group thus they should see admin only
menu
> > > option.
> > >
> > > So this might help clear up my confusion. When the user is
authenticated
> > > isn't that now the context that PHP is running under? In other words
I
> > > know that if for instance I allowed anonymous access by users then
the
> > > PHP.exe would run as the local IIS defined account (I think it is
> > > 'IUSR_...'). But since I am requiring each user to authenticate
(against
> > > windows basic). does this not change the running context for PHP to
> > > assume the users local access? will phpinfo() provide the user that
PHP
> > > is running under?
> > >
> > > FPM
> > >
> > >
> > > --- "Bowden, Zeb" <[EMAIL PROTECTED]> wrote:
> > > > When you say member of the administrators group do you mean a
member
> > > > of the local admin group on your webserver machine? The iswritable
> > > > solution won't work because you will be writing to the file in the
> > > > security context of the account under which IIS is running
(Network
> > > > Service
> > > > probably)
> > > >
> > > > I think the easiest thing for you to do is use a tool in the
windows
> > > > 2000 or 2003 resource kit called "showgrps.exe" ... The 2k3
resource
> > > > kit is free so you should be able to grab it and use
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Paul Menard [mailto:[EMAIL PROTECTED]
> > > > Sent: Wednesday, February 25, 2004 9:44 AM
> > > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> > > > [EMAIL PROTECTED]
> > > > Subject: Re: [PHP-WIN] Best way to check for user 'Administrator'
> > > > group membership
> > > >
> > > > Okay, well first I do not wish to complicate the maintenance of
the
> > > > system by requiring dual setup, once on the windows user level and
> > > > another in the database to adjust the user group membership. And
no I
> > > > do not want to add a fancy form page that will allow me to do this
> > > > task. At this point I have over 600 accounts on the system. The
> > > > requirements were to use system-level user authentication not a
> > > > database. So I would have to build a table to contain the accounts
and
> > >
> > > > keep this sync'd with the adding/deleting of users which is a
separate
> > >
> > > > part of the system that I have no control over.
> > > >
> > > > But thanks for the suggestion.
> > > >
> > > > FPM
> > > >
> > > >
> > > > --- [EMAIL PROTECTED] wrote:
> > > > > Have an entry in your MySQL databases that states a/the users
level
> > > > > (admin, user etc). Then when they attempt to login check against
> > > > > this value against their username/password credentials and then
> > > > > determine
> > > > the logic yourself.
> > > > >
> > > > > You could even have a dropdown box populate with the types of
> > > > > admin/user etc and then compare this value with the
> > > > > username/password in the database etc
> > > > >
> > > > > Its not to difficult, you just need to think about it.
> > > > >
> > > > > Tryst
> > > > >
> > > > > --
> > > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe,
> > > visit:
> > > > > http://www.php.net/unsub.php
> > > > >
> > > >
> > > > --
> > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe,
visit:
> > > > http://www.php.net/unsub.php
> > > >
> > > > --
> > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe,
visit:
> > > > http://www.php.net/unsub.php
> > > >
> > >
> > > --
> > > PHP Windows Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> >
> > --
> > PHP Windows Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
Now that would be helpfull not just for this issues but others where I have resorted
to PHP
calling PERL scripts. So where can I find the PEC1 extensions? Off the PHP site?
--- "Frank M. Kromann" <[EMAIL PROTECTED]> wrote:
> I know I'm late into this discussion, but the PECl extension php_ntuser
> gives you a tool to get the users and groups from the SAM database with a
> few simple PHP functions.
>
> - Frank
>
> > Issue solved.
> >
> > After stopping my system admin on the way for more coffee he suggested
> cycling IIS. Something
> > about more patience needed on my part and IIS caching or changes like
> folder permissions related
> > to web page logic not taking instant affect.
> >
> > So no I have what I want. On the admin browser session I have then menu
> option I need and on the
> > non-admin session I do not have then option.
> >
> > Case closed.
> >
> > Thanks all.
> >
> >
> >
> > --- Paul Menard <[EMAIL PROTECTED]> wrote:
> > > I'm getting somewhere.
> > >
> > >
> > > I set the audit on the folder. I also double-checked my
> 'is_writeable()' code. I have this code
> > > checking the folder. This folder is set to read/write by
> Administrators only (but not full
> > > control). I have started two browsers. One is logged in a an
> admin-level account. The other is
> > > logged in as a lowly user. On both I see the menu option.
> > >
> > > When I clicked on the menu link on the Admin broswer session I of
> course am taken to that
> > > screen.
> > > When I click on the link under the other browser I receive a login
> popup. This tells me that IIS
> > > is asking for an admin-level login.
> > >
> > > This works for me. As long as the general users cannot get into the
> page. I would prefer to not
> > > have the menu option appear on the non-admin users screen.
> > >
> > > Thanks for your direction and validation.
> > >
> > > FPM
> > >
> > >
> > >
> > > --- "Bowden, Zeb" <[EMAIL PROTECTED]> wrote:
> > > > To be honest with you I'm not 100% sure on IIS 6 and the context
> PHP
> > > > will run as after you do the basic authentication ... test this you
> can
> > > > audit successes/failures for the everyone group on the particular
> > > > file/folder you try to write to, then the eventlogs will tell you
> whose
> > > > trying to access it.
> > > >
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Paul Menard [mailto:[EMAIL PROTECTED]
> > > > Sent: Wednesday, February 25, 2004 10:29 AM
> > > > To: Bowden, Zeb; [EMAIL PROTECTED]
> > > > Subject: RE: [PHP-WIN] Best way to check for user 'Administrator'
> group
> > > > membership
> > > >
> > > > Ah. Now we are getting someone who kind of understands my issues.
> > > >
> > > > Yes. I mean the local system administrators group.
> > > > Yes. I was looking at using 'is_readable()', 'is_writeable()'.
> Tried
> > > > both on file(s) and folder(s) with no luck. I tried creating a
> > > > file/folder both inside my Web tree InetPub as well as outside. I
> would
> > > > then strip off all user permissions except Administrator. and only
> then
> > > > make this writable access. I tried adding the code as in
> > > >
> > > > if (is_writable(<my file>) == TRUE)
> > > > {
> > > > //code to include menu option
> > > > }
> > > >
> > > > My thought was that is the file is writable then the user must be a
> > > > member of the Administrators group thus they should see admin only
> menu
> > > > option.
> > > >
> > > > So this might help clear up my confusion. When the user is
> authenticated
> > > > isn't that now the context that PHP is running under? In other words
> I
> > > > know that if for instance I allowed anonymous access by users then
> the
> > > > PHP.exe would run as the local IIS defined account (I think it is
> > > > 'IUSR_...'). But since I am requiring each user to authenticate
> (against
> > > > windows basic). does this not change the running context for PHP to
> > > > assume the users local access? will phpinfo() provide the user that
> PHP
> > > > is running under?
> > > >
> > > > FPM
> > > >
> > > >
> > > > --- "Bowden, Zeb" <[EMAIL PROTECTED]> wrote:
> > > > > When you say member of the administrators group do you mean a
> member
> > > > > of the local admin group on your webserver machine? The iswritable
>
> > > > > solution won't work because you will be writing to the file in the
>
> > > > > security context of the account under which IIS is running
> (Network
> > > > > Service
> > > > > probably)
> > > > >
> > > > > I think the easiest thing for you to do is use a tool in the
> windows
> > > > > 2000 or 2003 resource kit called "showgrps.exe" ... The 2k3
> resource
> > > > > kit is free so you should be able to grab it and use
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Paul Menard [mailto:[EMAIL PROTECTED]
> > > > > Sent: Wednesday, February 25, 2004 9:44 AM
> > > > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> > > > > [EMAIL PROTECTED]
> > > > > Subject: Re: [PHP-WIN] Best way to check for user 'Administrator'
>
> > > > > group membership
> > > > >
> > > > > Okay, well first I do not wish to complicate the maintenance of
> the
> > > > > system by requiring dual setup, once on the windows user level and
>
> > > > > another in the database to adjust the user group membership. And
> no I
> > > > > do not want to add a fancy form page that will allow me to do this
>
> > > > > task. At this point I have over 600 accounts on the system. The
> > > > > requirements were to use system-level user authentication not a
> > > > > database. So I would have to build a table to contain the accounts
> and
> > > >
> > > > > keep this sync'd with the adding/deleting of users which is a
> separate
> > > >
> > > > > part of the system that I have no control over.
> > > > >
> > > > > But thanks for the suggestion.
> > > > >
> > > > > FPM
> > > > >
> > > > >
> > > > > --- [EMAIL PROTECTED] wrote:
> > > > > > Have an entry in your MySQL databases that states a/the users
> level
> > > > > > (admin, user etc). Then when they attempt to login check against
>
> > > > > > this value against their username/password credentials and then
>
> > > > > > determine
> > > > > the logic yourself.
> > > > > >
> > > > > > You could even have a dropdown box populate with the types of
> > > > > > admin/user etc and then compare this value with the
> > > > > > username/password in the database etc
> > > > > >
> > > > > > Its not to difficult, you just need to think about it.
> > > > > >
> > > > > > Tryst
> > > > > >
> > > > > > --
> > > > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe,
> > > > visit:
> > > > > > http://www.php.net/unsub.php
> > > > > >
> > > > >
> > > > > --
> > > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe,
> visit:
> > > > > http://www.php.net/unsub.php
> > > > >
> > > > > --
> > > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe,
> visit:
> > > > > http://www.php.net/unsub.php
>
=== message truncated ===
--- End Message ---
--- Begin Message ---
I am able to connect to my MSSQL server and do whatever i need to do. The problem
lies in that when I close the connection and the script terminates normally. I do a
'netstat' on my machine i see that i still have a socket connection to all my
databases. Isn't the mssql_close() function supposed to close the connection?
ENV:
Windows 2000
PHP 4.3.3
MS SQL SERVER 2000
--
Gerardo S. Rojas
mailto: [EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
I'm using PHP and MSSQL server.
--
Gerardo S. Rojas
mailto: [EMAIL PROTECTED]
-----Original Message-----
From: Tony Trapp [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 25, 2004 5:02 PM
To: Gerardo Rojas
Subject: Re: [PHP-WIN] Connecting to MSSQL Server
are you using asp or T-SQL?
Tony...
----- Original Message -----
From: "Gerardo Rojas" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, February 25, 2004 2:56 PM
Subject: [PHP-WIN] Connecting to MSSQL Server
I am able to connect to my MSSQL server and do whatever i need to do. The
problem lies in that when I close the connection and the script terminates
normally. I do a 'netstat' on my machine i see that i still have a socket
connection to all my databases. Isn't the mssql_close() function supposed
to close the connection?
ENV:
Windows 2000
PHP 4.3.3
MS SQL SERVER 2000
--
Gerardo S. Rojas
mailto: [EMAIL PROTECTED]
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
I don't recall the specifics, but I believe it drops shortly afterwards.
Do a netstat on it after a specific duration and you will see it has
disconnected.
Also, check out mssql_connect and mssql_pconnect.
Thanks,
John Ellingsworth
http://mail.med.upenn.edu/~jellings/
AIM: vc2000support
-----Original Message-----
From: Gerardo Rojas [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 25, 2004 5:57 PM
To: [EMAIL PROTECTED]
Subject: [PHP-WIN] Connecting to MSSQL Server
I am able to connect to my MSSQL server and do whatever i need to do. The
problem lies in that when I close the connection and the script terminates
normally. I do a 'netstat' on my machine i see that i still have a socket
connection to all my databases. Isn't the mssql_close() function supposed
to close the connection?
ENV:
Windows 2000
PHP 4.3.3
MS SQL SERVER 2000
--
Gerardo S. Rojas
mailto: [EMAIL PROTECTED]
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Gerardo Rojas wrote:
I am able to connect to my MSSQL server and do whatever i need to do. The problem lies in that when I close the connection and the script terminates normally. I do a 'netstat' on my machine i see that i still have a socket connection to all my databases. Isn't the mssql_close() function supposed to close the connection?
ENV:
Windows 2000
PHP 4.3.3
MS SQL SERVER 2000
--
Gerardo S. Rojas
mailto: [EMAIL PROTECTED]
Are you using mssql_connect or mssql_pconnect? If you're using pconnect,
the connection is supposed to stay (that's the point of a persistent
connection).
--
paperCrane <Justin Patrin>
--- End Message ---
--- Begin Message ---
Is the connection status ESTABLISHED? Have, or can you
check with netstat on the other peer to see if you see
anything there as well?
-----Original Message-----
From: Gerardo Rojas
To: [EMAIL PROTECTED]
Sent: 2004-02-25 23:56
Subject: [PHP-WIN] Connecting to MSSQL Server
I am able to connect to my MSSQL server and do whatever i need to do.
The problem lies in that when I close the connection and the script
terminates normally. I do a 'netstat' on my machine i see that i still
have a socket connection to all my databases. Isn't the mssql_close()
function supposed to close the connection?
ENV:
Windows 2000
PHP 4.3.3
MS SQL SERVER 2000
--
Gerardo S. Rojas
mailto: [EMAIL PROTECTED]
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
