How does php obtain the local account without entering the user name and password to log on to the website?

Source: Internet
Author: User
Currently, You need to log on to your computer through your domain account and open your website (developed in PHP). Instead of entering your username and password again, you can directly obtain your local domain account to log on to the system. That is to say, the user account on the website is the same as the domain account on the local machine, as long as I log on to the computer ,... currently, You need to log on to your computer through your domain account and open your website (developed in PHP). Instead of entering your username and password again, you can directly obtain your local domain account to log on to the system.

That is to say, the user account on the website is the same as the domain account on the local machine. As long as I log on to the computer and log on to the website through a browser, the website does not prompt the user to enter the account and password to log on.

Can PHP implement this function? If not, is there any other technical support? For example, java, python, and c

I have also learned that php has a ladp extension, but this extension still needs to receive usernames and passwords.

How can some OA systems achieve this function?

Reply content:

Currently, You need to log on to your computer through your domain account and open your website (developed in PHP). Instead of entering your username and password again, you can directly obtain your local domain account to log on to the system.

That is to say, the user account on the website is the same as the domain account on the local machine. As long as I log on to the computer and log on to the website through a browser, the website does not prompt the user to enter the account and password to log on.

Can PHP implement this function? If not, is there any other technical support? For example, java, python, and c

I have also learned that php has a ladp extension, but this extension still needs to receive usernames and passwords.

How can some OA systems achieve this function?

Like MySQL extensions, LDAP extensions read user names and passwords from backend storage systems, but they are extremely fast. The key to your problem is how to submit an identity certificate to the server (instead of manually entering the user name and password) on the browser side ).

This identity can be:

  • The random string in the URL (or the line in the HEADER). This is the solution of @ JohnLui. You can think of it as a Session ID with a very long validity period. In some websites, the WAP version is just like this. For example, in the past kaixin001.com, because the cookies of mobile browsers were often unreliable in that era, and mobile phone privacy was good.

  • $ _ SERVER ['remote _ ADDR ']. If your intranet IP address is fixed and the security requirements are not very high, you can use this method to temporarily pin it to the top, after obtaining the Client IP address, go to the IP address-employee table to check the employee name, and then assign the employee the logon status.

  • $ _ SERVER ['remote _ ADDR '] + LDAP Log, or Active Directory Log. If your employee's computer can only log on through the domain account, after obtaining the Client IP address, check the LDAP/AD log to which employee has just logged on from this IP address. Because he has already passed the domain account verification when logging on to the operating system desktop, this method is much safer than the above method.

B/S architecture programming is restricted. You can submit an identity certificate to the SERVER through variables such as $ _ GET, $ _ POST, and $ _ SERVER (to put it bluntly, you cannot bypass HTTP ), in the browser, the permissions of JS are very low. If you do not install anything on the browser, you can do the above three.

If you can do anything, there will be more options.:

  • Digital Certificate. When an employee initializes, the Intranet server issues an intranet certificate to the employee (that is, the employee account and email address are written into the employee account and email address, and each time the employee accesses the server, the browser will automatically send the certificate information to the server after checking the domain name match. This is widely used in large enterprises and does not require browser plug-ins.
  • Browser plug-in. First, use the plug-in to obtain the various identity information of the desktop system, and then attach it to the Header and send it to the server. Then the server will know what the domain account is currently logged on. As mentioned above, the JS permission in the browser is very low, and the permission of the plug-in is very high. The permission of the plug-in depends on the user who started your browser. Your need for the current region account must be more than enough.

I have answered a similar question on sf.

Simple:
Generate a token, a combination of letters and numbers, and make the link into a browser bookmarks or home page. You can start the browser automatically to open the home page.

This method is simple, but it requires network security, or Use https.

Install the browser extension. This is the perfect solution --

You can write the domain account, account, and password that the user logs on to a file for the first time, or store it in a table. When you log on again next time, perform a search and judgment.

Write a browser and package it.

You are not doing this in PHP anymore. php is a server-side script. How can you deal with the browser?

Solution: Write the browser plug-in

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.