PHP获取windows登录用户名的方法
前几天在问答区提了一下这个问题,所有回答问题的朋友都说不可能通过PHP实现,碰巧我的实习负责人帮我找到了一个方法,貌似是通过NTLM来实现的,我是新手,对具体原理也知之不详,只是自己测试了一下,很好用.
所以赶快拿出来与大家分享.这是一个法国人写的,所以编码中的注释都是法语,如果有朋友很想了解某行的注释含义,请回帖说明,我可以试着翻译一下.
<?php
/***********************************************************************
************************************************************************
*
*PHPNTLMGETLOGIN
*Version0.2.1
*Copyright(c)2004NicolasGOLLET(Nicolas(dot)gollet(at)secusquad(dot)com)
*Copyright(c)2004FlextronicsSaint-Etienne
*
*Thisprogramisfreesoftware.Youcanredistributeitand/ormodify
*itunderthetermsoftheGNUGeneralPublicLicenseaspublishedby
*theFreeSoftwareFoundation;eitherversion2oftheLicense.
*
***********************************************************************/
session_start();
$headers=apache_request_headers();//获取用户头
if(@$_SERVER['HTTP_VIA']!=NULL){//确认是否使用了代理(proxy),因为ntlm验证不能穿过代理.
echo"Proxybypass!";
}
elseif($headers['Authorization']==NULL){//sil'enteteautorisationestinexistante如果许可头不存在
header("HTTP/1.0401Unauthorized");//envoiauclientlemoded'identification
header("WWW-Authenticate:NTLM");//dansnotrecasleNTLM
exit;//onquitte
}
if(isset($headers['Authorization']))//danslecasd'uneauthorisation(identification)
{
if(substr($headers['Authorization'],0,5)=='NTLM'){//确认client是否在ntlm下
$chaine=$headers['Authorization'];
$chaine=substr($chaine,5);//获取base64-encodedtype1信息
$chained64=base64_decode($chaine);//解码base64到$chained64
if(ord($chained64{8})==1){
//|_bytesignifiantl'etapeduprocessusd'identification(etape3)
//verificationdudrapeauNTLM"0xb2"?l'offset13danslemessagetype-1-message(compie5.5+):
if(ord($chained64[13])!=178){
echo"NTLMFlagerror!";
exit;
}
$retAuth="NTLMSSP".chr(000).chr(002).chr(000).chr(000).chr(000).chr(000).chr(000).chr(000);
$retAuth.=chr(000).chr(040).chr(000).chr(000).chr(000).chr(001).chr(130).chr(000).chr(000);
$retAuth.=chr(000).chr(002).chr(002).chr(002).chr(000).chr(000).chr(000).chr(000).chr(000);
$retAuth.=chr(000).chr(000).chr(000).chr(000).chr(000).chr(000).chr(000);
$retAuth64=base64_encode($retAuth);//encodeenbase64
$retAuth64=trim($retAuth64);//enlevelesespacesdedebutetdefin
header("HTTP/1.0401Unauthorized");//envoilenouveauheader
header("WWW-Authenticate:NTLM$retAuth64");//avecl'identificationsuppl閙entaire
exit;
}
elseif(ord($chained64{8})==3){
//|_bytesignifiantl'etapeduprocessusd'identification(etape5)
//onrecupereledomaine
$lenght_domain=(ord($chained64[31])*256+ord($chained64[30]));//longueurdudomain
$offset_domain=(ord($chained64[33])*256+ord($chained64[32]));//positiondudomain.
$domain=str_replace("\0","",substr($chained64,$offset_domain,$lenght_domain));//decoupagedududomain
//lelogin
$lenght_login=(ord($chained64[39])*256+ord($chained64[38]));//longueurdulogin.
$offset_login=(ord($chained64[41])*256+ord($chained64[40]));//positiondulogin.
$login=str_replace("\0","",substr($chained64,$offset_login,$lenght_login));//decoupagedulogin
if($login!=NULL){
//stockagedesdonn閑sdansdesvariabledesession
$_SESSION['Login']=$login;
header("Location:newpage.php");
exit;
}
else{
echo"NTLoginempty!";
}
}
}
}
?>