get_current_user
(PHP 4, PHP 5, PHP 7, PHP 8)
get_current_user — Получает имя владельца текущего скрипта PHP
Описание
Возвращает имя владельца текущего PHP-скрипта.
Список параметров
У этой функции нет параметров.
Возвращаемые значения
Возвращает имя пользователя в виде строки.
Примеры
Пример #1 Пример использования get_current_user()
Результатом выполнения данного примера будет что-то подобное:
Смотрите также
- getmyuid() — Получение UID владельца скрипта PHP
- getmygid() — Получить GID владельца скрипта PHP
- getmypid() — Получение ID процесса PHP
- getmyinode() — Получает значение inode текущего скрипта
- getlastmod() — Получает время последней модификации страницы
User Contributed Notes 7 notes
to get the username of the process owner (rather than the file owner), you can use:
= posix_getpwuid ( posix_geteuid ());
print $processUser [ ‘name’ ];
?>
On Centos, the Red Hat linux clone, this instruction gives the file’s OWNER (the first parameter in instruction ‘chown’). It does not reveal the file’s GROUP.
get_current_user() does NOT reveal the current process’ user’s identity.
See: posix_getuid() — Return the real user ID of the current process
The information returned by get_current_user() seems to depend on the platform.
Using PHP 5.1.1 running as CGI with IIS 5.0 on Windows NT, get_current_user() returns the owner of the process running the script, *not* the owner of the script itself.
It’s easy to test — create a file containing:
echo get_current_user ();
?>
Then access it through the browser. I get: IUSR_MACHINE, the Internet Guest Account on Windows, which is certainly not the owner of the script.
Further testing of behaviour on Windows vs Linux.
On Linux this function is indeed returning the owner of the script. If you want to know the username PHP is running as you can use POSIX functions (or shell_exec with ‘whoami’).
On Windows this function is returning the username PHP is running as. Both for IIS (IUSR) and Apache (SYSTEM — which comes from the fact Apache is a service on Windows).
The behaviour on Windows is actually useful given that POSIX functions aren’t available. If you need to find the owner of the script on Windows perhaps the best way is to shell_exec to use dir /Q, and parse that.
Since this only returns the file owner and not the actual user running the script, an alternative in Linux is:
= trim ( shell_exec ( ‘whoami’ ));
?>
bobevans/somescript.php will return bobevans when calling get_current_user().
If you want to get the name of the user who executes the current PHP script, you can use
Источник
PHP: get_current_user() vs. exec(‘whoami’)
Short version of the question:
What’s the difference between get_current_user(); and exec(‘whoami’); ?
Long version of the question:
- I’m on a XAMPP Localhost on a Mac.
- I’m using Apache, building a PHP based website in a folder (let’s call it folderxyz) within the htdocs folder (var/www in some flavors of Linux+Apache).
- I was playing around with a database connection, testing out PDO::ERRMODE_EXCEPTION described here: Link
And I got this error:
file_put_contents(PDOErrors.txt): failed to open stream: Permission denied.
So I did some sleuthing around and it seems that to fix this I need to change the CHMOD settings of file PDOErrors.txt to 777.
However, my questions are about something else. During this process I realized that I don’t clearly understand the concept of user in Apache, PHP, and MySQL.
- The PHP manual says that get_current_user() «Gets the name of the owner of the current PHP script»Link
- The PHP manual says that exec(‘whoami’) returns «the username that owns the running php/httpd process»Link
- When I use get_current_user() , I get my firstnamelastname , which is my account name on my Mac.
- When I use exec(‘whoami’) , I get daemon .
Источник
Apache — how to get REMOTE_USER variable
Previously I used the IIS server as PHP server. Currently, it is the apache.
On IIS I could access to the variable $_SERVER [‘REMOTE_USER’] which returns the username and domain (eg domain\user) but after installing XAMPP this variable is not available.
What I should do to get this variable get again?
My app is on local network with no-internet connection
4 Answers 4
Finally got it to works! 😀
Download the module from here https://www.apachehaus.net/modules/mod_authnz_sspi/ (x86 for 32 bit and x64 for 64 bit apache)
Copy the mod_authnz_sspi.so from Apache24\modules folder and place it in the modules folder of your Apache folder on your webserver
Under the httpd.conf file (Config file for your apache) place this line of code. Try to load this as the last module:
LoadModule authnz_sspi_module modules/mod_authnz_sspi.so
Make sure that the following modules are uncommented
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
PS: both the above modules are required for this to work.
Place the following code in your httpd.conf file
Restart your apache servive and hopefully it should restart without any issues.
Now in order to recognise the user , use the following code on a php page
- XAMPP Control Panel 3.2.1
- APACHE 2.4
Источник
PHP get user information
I made a website with a login script. Now there is some guy that makes false logins all the time. For example usernames like ‘lfdjgh’ and email addresses like jkgfhkjghf@dkhfkgh.com. I want to find out where this person is located etc.
Is there a way to find some detailed information about that user? Computer-name, Ip address, location, etc?
7 Answers 7
I agree with that the other answers have said, you can use the values passed with $_SERVER to help avoid this.
Along with adding a CAPTCHA to your page, you can also add the IP address to your database, grabbed with $_SERVER[‘REMOTE_ADDR’] and compare known spam IP’s to new registrations, and check if its a known spammer. Its what I do, and I don’t have much spam at all (:
You can get the user’s IP using the $_SERVER variables, and store it when they submit the form. Then you could use a service to geographically locate the computer, like this one.
You can use certain values in $_SERVER to find out more about the attacker. In most cases $_SERVER[‘REMOTE_ADDR’] will contain the user’s IP address. Be aware though that there is no guarantee that this value is correct and there still might be some kind of proxy involved. The best way probably would be to use some kind of captcha to prevent bots from using your signup form. Because that’s most likely the reason.
you can use $_SERVER[‘REMOTE_ADDR’] to get the users IP-Adress (hopefully*) and then use a site like http://ip-lookup.net/ to get the broad location of taht address.
*there could be some kind of router/proxy/whatever in use together with other users (like in a students’ hostel, for example) where you would only get the ip-adress of that device, so you can’t identify a unique user.
i think the simplest way to track them is only to store the location and IP-address when some one make registration as well as when he/she login in your application from there location..its also safe and good practice for any admin; this entry will make you good tracked application for fake as well as real users too.
I think this facility provided by Google analytic also..they are provided all the details of the user hit on your applications with time/ipaddress/location etc.
But if the entry are just some kind of fake entry from the script only, then its batter to put captcha in your site..
You cannot (really) find out where the user is located (if it is what I suspect it is).
It’s probably some hacker (/ script kiddy) / spambot.
You can try to change your input field’s names to break the automated process of filling the formfields.
You can use the $_SERVER superglobal to find out the ip of the user.
You could suspend the ip address for some time also you could add a captcha to the form.
Источник
how to make PHP lists all Linux Users?
I want to build a php based site that (automate) some commands on my Ubuntu Server
first thing I did was going to the file (sudoers) and add the user www-data so I can execute php commands with root privileges!
then my PHP code was
it returns only one user (the last user) . how to make it return all users?
4 Answers 4
From the PHP manual on exec:
The last line from the result of the command. If you need to execute a command and have all the data from the command passed directly back without any interference, use the passthru() function. To get the output of the executed command, be sure to set and use the output parameter.
So you have to do something similar to this:
As @benjamin explains, no need to be root or sudo, no need for SUID.
Just pure PHP. I used the field names from posix_getpwnam.
It returns an array containing all users, formatted like this:
Like Matt S said, that’s an incredibly bad idea to allow www-data root access on your server. The slightest compromise through your web applications could allow anyone full control of your system.
A better idea would be to make separate scripts for specific accessions then use SUID permissions. This means, a specific user (in this case, www-data) can make small changes to the system through the execution of scripts. Still not a good idea, though. You may be able to work around it with suPHP but security is still a major concern.
Источник
