Question about data collection and possible variables - Programmers Heaven

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

Welcome to the new platform of Programmer's Heaven! We apologize for the inconvenience caused, if you visited us from a broken link of the previous version. The main reason to move to a new platform is to provide more effective and collaborative experience to you all. Please feel free to experience the new platform and use its exciting features. Contact us for any issue that you need to get clarified. We are more than happy to help you.

Question about data collection and possible variables

phph Posts: 393Member
I'm working on an intranet site. What I'd like to do is block users with certain windows usernames (the intranet forces people to log into their PC's with their respective network logins).

for instance.
Jim logs into his workstation with the username "JimSmith"

I need some javascript (or html) that looks to the PC for the current logged in user (accessible by registry I presume)

the script I'd like to build will ultimately look to the PC and say "OK so JimSmith is logged into the pc, we will display this message telling him He is unauthorized" or if the script does not find "JimSmith" logged in, just somebody else, then it continues to load the initial index as normal.

Is this possible with Javascript? or HTML, or VBScript?
thanx for any replies :)
[red]ph[/red][blue][/blue][red]t[/red]
[red]http://jmcivor.com[/red]
[red][email protected][/red]

Comments

  • zibadianzibadian Posts: 6,349Member
    : I'm working on an intranet site. What I'd like to do is block users with certain windows usernames (the intranet forces people to log into their PC's with their respective network logins).
    :
    : for instance.
    : Jim logs into his workstation with the username "JimSmith"
    :
    : I need some javascript (or html) that looks to the PC for the current logged in user (accessible by registry I presume)
    :
    : the script I'd like to build will ultimately look to the PC and say "OK so JimSmith is logged into the pc, we will display this message telling him He is unauthorized" or if the script does not find "JimSmith" logged in, just somebody else, then it continues to load the initial index as normal.
    :
    : Is this possible with Javascript? or HTML, or VBScript?
    : thanx for any replies :)
    : [red]ph[/red][blue][/blue][red]t[/red]
    : [red]http://jmcivor.com[/red]
    : [red][email protected][/red]
    :
    I think this is something, which needs a cgi-program or the webserver itself, since none of the scripts and HTML can access the registry on the client. I don't know precisely how to code it, because I'm just a beginner in web-security.
  • phph Posts: 393Member
    : : I'm working on an intranet site. What I'd like to do is block users with certain windows usernames (the intranet forces people to log into their PC's with their respective network logins).
    : :
    : : for instance.
    : : Jim logs into his workstation with the username "JimSmith"
    : :
    : : I need some javascript (or html) that looks to the PC for the current logged in user (accessible by registry I presume)
    : :
    : : the script I'd like to build will ultimately look to the PC and say "OK so JimSmith is logged into the pc, we will display this message telling him He is unauthorized" or if the script does not find "JimSmith" logged in, just somebody else, then it continues to load the initial index as normal.
    : :
    : : Is this possible with Javascript? or HTML, or VBScript?
    : : thanx for any replies :)
    : : [red]ph[/red][blue][/blue][red]t[/red]
    : : [red]http://jmcivor.com[/red]
    : : [red][email protected][/red]
    : :
    : I think this is something, which needs a cgi-program or the webserver itself, since none of the scripts and HTML can access the registry on the client. I don't know precisely how to code it, because I'm just a beginner in web-security.
    :
    there's only a couple user names that need to be blocked, if I could hard code the usernames into the script that need to be blocked, is there a way to do that?
    [red]ph[/red][blue][/blue][red]t[/red]
    [red]http://jmcivor.com[/red]
    [red][email protected][/red]

  • zibadianzibadian Posts: 6,349Member
    : : : I'm working on an intranet site. What I'd like to do is block users with certain windows usernames (the intranet forces people to log into their PC's with their respective network logins).
    : : :
    : : : for instance.
    : : : Jim logs into his workstation with the username "JimSmith"
    : : :
    : : : I need some javascript (or html) that looks to the PC for the current logged in user (accessible by registry I presume)
    : : :
    : : : the script I'd like to build will ultimately look to the PC and say "OK so JimSmith is logged into the pc, we will display this message telling him He is unauthorized" or if the script does not find "JimSmith" logged in, just somebody else, then it continues to load the initial index as normal.
    : : :
    : : : Is this possible with Javascript? or HTML, or VBScript?
    : : : thanx for any replies :)
    : : : [red]ph[/red][blue][/blue][red]t[/red]
    : : : [red]http://jmcivor.com[/red]
    : : : [red][email protected][/red]
    : : :
    : : I think this is something, which needs a cgi-program or the webserver itself, since none of the scripts and HTML can access the registry on the client. I don't know precisely how to code it, because I'm just a beginner in web-security.
    : :
    : there's only a couple user names that need to be blocked, if I could hard code the usernames into the script that need to be blocked, is there a way to do that?
    : [red]ph[/red][blue][/blue][red]t[/red]
    : [red]http://jmcivor.com[/red]
    : [red][email protected][/red]
    :
    :
    It is possible to verify the username in HTML/script, but you cannot get the username from the registry. The user needs to enter his name in an introduction page. This is not a very strong protection, since any-one could enter any name, but if coupled with a password, you might get some sort of check. Here are some ideas on how to proceed with this: http://developer.irt.org/script/password.htm
  • phph Posts: 393Member
    : : : : I'm working on an intranet site. What I'd like to do is block users with certain windows usernames (the intranet forces people to log into their PC's with their respective network logins).
    : : : :
    : : : : for instance.
    : : : : Jim logs into his workstation with the username "JimSmith"
    : : : :
    : : : : I need some javascript (or html) that looks to the PC for the current logged in user (accessible by registry I presume)
    : : : :
    : : : : the script I'd like to build will ultimately look to the PC and say "OK so JimSmith is logged into the pc, we will display this message telling him He is unauthorized" or if the script does not find "JimSmith" logged in, just somebody else, then it continues to load the initial index as normal.
    : : : :
    : : : : Is this possible with Javascript? or HTML, or VBScript?
    : : : : thanx for any replies :)
    : : : : [red]ph[/red][blue][/blue][red]t[/red]
    : : : : [red]http://jmcivor.com[/red]
    : : : : [red][email protected][/red]
    : : : :
    : : : I think this is something, which needs a cgi-program or the webserver itself, since none of the scripts and HTML can access the registry on the client. I don't know precisely how to code it, because I'm just a beginner in web-security.
    : : :
    : : there's only a couple user names that need to be blocked, if I could hard code the usernames into the script that need to be blocked, is there a way to do that?
    : : [red]ph[/red][blue][/blue][red]t[/red]
    : : [red]http://jmcivor.com[/red]
    : : [red][email protected][/red]
    : :
    : :
    : It is possible to verify the username in HTML/script, but you cannot get the username from the registry. The user needs to enter his name in an introduction page. This is not a very strong protection, since any-one could enter any name, but if coupled with a password, you might get some sort of check. Here are some ideas on how to proceed with this: http://developer.irt.org/script/password.htm
    :
    thanx but this needs to be dynamic, no username entry forced onto the user. sorry for being stubborn :)
    [red]ph[/red][blue][/blue][red]t[/red]
    [red]http://jmcivor.com[/red]
    [red][email protected][/red]

  • zibadianzibadian Posts: 6,349Member
    : : : : : I'm working on an intranet site. What I'd like to do is block users with certain windows usernames (the intranet forces people to log into their PC's with their respective network logins).
    : : : : :
    : : : : : for instance.
    : : : : : Jim logs into his workstation with the username "JimSmith"
    : : : : :
    : : : : : I need some javascript (or html) that looks to the PC for the current logged in user (accessible by registry I presume)
    : : : : :
    : : : : : the script I'd like to build will ultimately look to the PC and say "OK so JimSmith is logged into the pc, we will display this message telling him He is unauthorized" or if the script does not find "JimSmith" logged in, just somebody else, then it continues to load the initial index as normal.
    : : : : :
    : : : : : Is this possible with Javascript? or HTML, or VBScript?
    : : : : : thanx for any replies :)
    : : : : : [red]ph[/red][blue][/blue][red]t[/red]
    : : : : : [red]http://jmcivor.com[/red]
    : : : : : [red][email protected][/red]
    : : : : :
    : : : : I think this is something, which needs a cgi-program or the webserver itself, since none of the scripts and HTML can access the registry on the client. I don't know precisely how to code it, because I'm just a beginner in web-security.
    : : : :
    : : : there's only a couple user names that need to be blocked, if I could hard code the usernames into the script that need to be blocked, is there a way to do that?
    : : : [red]ph[/red][blue][/blue][red]t[/red]
    : : : [red]http://jmcivor.com[/red]
    : : : [red][email protected][/red]
    : : :
    : : :
    : : It is possible to verify the username in HTML/script, but you cannot get the username from the registry. The user needs to enter his name in an introduction page. This is not a very strong protection, since any-one could enter any name, but if coupled with a password, you might get some sort of check. Here are some ideas on how to proceed with this: http://developer.irt.org/script/password.htm
    : :
    : thanx but this needs to be dynamic, no username entry forced onto the user. sorry for being stubborn :)
    : [red]ph[/red][blue][/blue][red]t[/red]
    : [red]http://jmcivor.com[/red]
    : [red][email protected][/red]
    :
    :
    The I see only 1 solution, which is illegal: hack into the client and get the username. This is impossible using any of the script- or mark-up languages.
  • phph Posts: 393Member
    : : : : : : I'm working on an intranet site. What I'd like to do is block users with certain windows usernames (the intranet forces people to log into their PC's with their respective network logins).
    : : : : : :
    : : : : : : for instance.
    : : : : : : Jim logs into his workstation with the username "JimSmith"
    : : : : : :
    : : : : : : I need some javascript (or html) that looks to the PC for the current logged in user (accessible by registry I presume)
    : : : : : :
    : : : : : : the script I'd like to build will ultimately look to the PC and say "OK so JimSmith is logged into the pc, we will display this message telling him He is unauthorized" or if the script does not find "JimSmith" logged in, just somebody else, then it continues to load the initial index as normal.
    : : : : : :
    : : : : : : Is this possible with Javascript? or HTML, or VBScript?
    : : : : : : thanx for any replies :)
    : : : : : : [red]ph[/red][blue][/blue][red]t[/red]
    : : : : : : [red]http://jmcivor.com[/red]
    : : : : : : [red][email protected][/red]
    : : : : : :
    : : : : : I think this is something, which needs a cgi-program or the webserver itself, since none of the scripts and HTML can access the registry on the client. I don't know precisely how to code it, because I'm just a beginner in web-security.
    : : : : :
    : : : : there's only a couple user names that need to be blocked, if I could hard code the usernames into the script that need to be blocked, is there a way to do that?
    : : : : [red]ph[/red][blue][/blue][red]t[/red]
    : : : : [red]http://jmcivor.com[/red]
    : : : : [red][email protected][/red]
    : : : :
    : : : :
    : : : It is possible to verify the username in HTML/script, but you cannot get the username from the registry. The user needs to enter his name in an introduction page. This is not a very strong protection, since any-one could enter any name, but if coupled with a password, you might get some sort of check. Here are some ideas on how to proceed with this: http://developer.irt.org/script/password.htm
    : : :
    : : thanx but this needs to be dynamic, no username entry forced onto the user. sorry for being stubborn :)
    : : [red]ph[/red][blue][/blue][red]t[/red]
    : : [red]http://jmcivor.com[/red]
    : : [red][email protected][/red]
    : :
    : :
    : The I see only 1 solution, which is illegal: hack into the client and get the username. This is impossible using any of the script- or mark-up languages.
    :

    are you sure? I thought the login name was just an easy piece of data that we could retrieve, like the ip address, screen resolution, etc.
    [red]ph[/red][blue][/blue][red]t[/red]
    [red]http://jmcivor.com[/red]
    [red][email protected][/red]

  • zibadianzibadian Posts: 6,349Member
    : : : : : : : I'm working on an intranet site. What I'd like to do is block users with certain windows usernames (the intranet forces people to log into their PC's with their respective network logins).
    : : : : : : :
    : : : : : : : for instance.
    : : : : : : : Jim logs into his workstation with the username "JimSmith"
    : : : : : : :
    : : : : : : : I need some javascript (or html) that looks to the PC for the current logged in user (accessible by registry I presume)
    : : : : : : :
    : : : : : : : the script I'd like to build will ultimately look to the PC and say "OK so JimSmith is logged into the pc, we will display this message telling him He is unauthorized" or if the script does not find "JimSmith" logged in, just somebody else, then it continues to load the initial index as normal.
    : : : : : : :
    : : : : : : : Is this possible with Javascript? or HTML, or VBScript?
    : : : : : : : thanx for any replies :)
    : : : : : : : [red]ph[/red][blue][/blue][red]t[/red]
    : : : : : : : [red]http://jmcivor.com[/red]
    : : : : : : : [red][email protected][/red]
    : : : : : : :
    : : : : : : I think this is something, which needs a cgi-program or the webserver itself, since none of the scripts and HTML can access the registry on the client. I don't know precisely how to code it, because I'm just a beginner in web-security.
    : : : : : :
    : : : : : there's only a couple user names that need to be blocked, if I could hard code the usernames into the script that need to be blocked, is there a way to do that?
    : : : : : [red]ph[/red][blue][/blue][red]t[/red]
    : : : : : [red]http://jmcivor.com[/red]
    : : : : : [red][email protected][/red]
    : : : : :
    : : : : :
    : : : : It is possible to verify the username in HTML/script, but you cannot get the username from the registry. The user needs to enter his name in an introduction page. This is not a very strong protection, since any-one could enter any name, but if coupled with a password, you might get some sort of check. Here are some ideas on how to proceed with this: http://developer.irt.org/script/password.htm
    : : : :
    : : : thanx but this needs to be dynamic, no username entry forced onto the user. sorry for being stubborn :)
    : : : [red]ph[/red][blue][/blue][red]t[/red]
    : : : [red]http://jmcivor.com[/red]
    : : : [red][email protected][/red]
    : : :
    : : :
    : : The I see only 1 solution, which is illegal: hack into the client and get the username. This is impossible using any of the script- or mark-up languages.
    : :
    :
    : are you sure? I thought the login name was just an easy piece of data that we could retrieve, like the ip address, screen resolution, etc.
    : [red]ph[/red][blue][/blue][red]t[/red]
    : [red]http://jmcivor.com[/red]
    : [red][email protected][/red]
    :
    :
    I'm sure. The things you mention are (IP-address) or can be (resolution) necessary to display the page correctly. The username is not necessary for the correct display of HTML code and is also protected by the privacy rules. It would be similar thing, if you were in a store and needed to show your ID to buy a bread.
  • WeirdofreakWeirdofreak Posts: 439Member
    Hacking would be a dumb solution, IMO. First you need to find an exploit that everybody's got, then you've got to hope it doesn't get plugged once you've made the script. Besides, it needs a server-side language, which should be able to find out anyway.

    I'm no expert on intranets (okay, I know almost nothing about them), but there are some environment variables that might give you the data you need, depending on the server. I think the more likely one to work is REMOTE_IDENT, if the server is configured to find it, but REMOTE_USER may be the one you want, or they might both work. I was looking in a Perl book for these, so they might be vaguely different (such and remoteIdent and remoteUser) in other languages. And remember that I only vaguely know what I'm talking about here. :-)
Sign In or Register to comment.