Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PHP5 and $_SERVER['REMOTE_USER']

Status
Not open for further replies.
dreamaz

dreamaz

Technical User
Dec 18, 2002
184
0
0
CA
I have a page which allows editing from users, i'm trying to prepend the test with $_SERVER['REMOTE_USER'] to display the user's domain account (to better identify who put the update there)

I get no results when i use that variable, when i try with REMOTE_ADDR i can see the IP address.

Checked phpinfo() and i don't even see REMOTE_USER, is there something im doing wrong?

there is no login to this site, open to everyone..
 
Sort by date Sort by votes
The webpage must be secured by the webserver (IIS/Apache, whatever), otherwise REMOTE_USER never will be populated.
 
Upvote 0 Downvote
Any other ways of getting this info? the web server is just a LAMP box on my desk which i use to serve the team

 
Upvote 0 Downvote
Nope, there's nothing you're doing wrong. REMOTE_USER is not a reliable variable to use - most of the time it's empty.

You'll have to find another way - like a login/authentication scheme.

As preachie stated, your page has to be secured; as in userid and password.

 
Upvote 0 Downvote
@OP there may be other ways, yes. but it's not straightforward and only works on LANs.

i believe it is possible to use the remote address of the browser in an arp query to obtain the MAC. then you can use an LDAP query on the MAC to obtain the currently associated user name.

it may also be possible to do an LDAP query based solely on the IP address of the remote user.

note that this will not authenticate a user. it will just tell you which user is logged on at the box.

 
Upvote 0 Downvote
There is no user name without a login. It is that simple. At a former employer, some of their intranet pages contained an activex control that read that info from the PC.

If you inform the users and keep this in a private environment, this is acceptable. Otherwise, it is just spyware.

The HTTP protocol contains ways to log in. This is what yields the username in PHP. There is no link between submitted logins or PC logins, thank goodness. If websites could see your system credentials, hacking your PC would become so much easier!


+++ Despite being wrong in every important aspect, that is a very good analogy +++
Hex (in Darwin's Watch)
 
Upvote 0 Downvote
@DonQuichote

there is a login to the domain controller. i believe that this can be obtained in the manner I suggest.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

c0deM0nK424
  • Locked
  • Question
Gutenberg Block Editor - page edits and updates not working since wp site migration
Replies
1
Views
194
spamjim
spamjim
lexer
  • Locked
  • Question
Fetching Data from Mysql and filling Inputs in a Form
Replies
0
Views
54
lexer
lexer
Gerrit Broekhuis
  • Locked
  • Question
PHP form with captcha and file upload
Replies
4
Views
81
Gerrit Broekhuis
Gerrit Broekhuis
PeDa
  • Locked
  • Question
PHP and CSS media queries 1
Replies
2
Views
141
PeDa
PeDa
PeDa
  • Locked
  • Question
mdash incorrectly rendering on Android phone (but not on PC) <- well not actually!
Replies
5
Views
189
spamjim
spamjim

Part and Inventory Search

Sponsor

Back
Top