Get %username% env. variable in PHP

Question

I'm trying to get the %username% in my intranet site to automatically log in the users but I'm not able to get this env. variable.

I changed the "variables_order = "GPCS"" to "variables_order = "EGPCS"" in my PHP.ini.

I displayed the _ENV variables in my code : global $_ENV; var_dump($_ENV); and i get this :

array(11) { ["APACHE_RUN_DIR"]=> string(16) "/var/run/apache2" ["APACHE_PID_FILE"]=> string(28) "/var/run/apache2/apache2.pid" ["JOURNAL_STREAM"]=> string(11) "8:405225026" ["PATH"]=> string(60) "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ["INVOCATION_ID"]=> string(32) "3e8569ce22454bd5b51b1ee4d8902385" ["APACHE_LOCK_DIR"]=> string(17) "/var/lock/apache2" ["LANG"]=> string(1) "C" ["APACHE_RUN_USER"]=> string(8) "www-data" ["APACHE_RUN_GROUP"]=> string(8) "www-data" ["APACHE_LOG_DIR"]=> string(16) "/var/log/apache2" ["PWD"]=> string(1) "/" }

But when I try this echo getenv("username");, I get nothing , do you know why ?

Thank you !

Well, as you can clearly see when you dumped `$_ENV` there is no field called "username" in there, so `getenv()` will also give you nothing. That means the value you are looking for sin't loaded. — Tobias F., Feb 06 '20 at 11:00
`%username%` is probably only set in interactive terminal windows, not background processes like the webserver. — Barmar, Feb 06 '20 at 11:25
You can use [`putenv()`](https://www.php.net/manual/en/function.putenv.php). But it will only exist for the duration of the current request. — N'Bayramberdiyev, Feb 06 '20 at 11:35
Does this answer your question? [How to check what user php is running as?](https://stackoverflow.com/questions/7771586/how-to-check-what-user-php-is-running-as) — Daniel Protopopov, Feb 06 '20 at 12:12
Generally when you run php interactively (through a web server), the username equals to the user under whom the web server is ran (usually it’s www-data on NIX servers). When you run PHP under console, you can use POSIX functions posix_getpwuid / posix_geteuid. — Daniel Protopopov, Feb 06 '20 at 12:13

score 0 · Accepted Answer · answered Nov 21 '22 at 10:19

This script worked for me.

function connected_username(){
    $headers = apache_request_headers();

    if (!isset($headers['Authorization']))
    {
        header('HTTP/1.1 401 Unauthorized');
        header('WWW-Authenticate: NTLM');
        exit;
    }

    $auth = $headers['Authorization'];


    if (substr($auth,0,5) == 'NTLM ')
    {
            
        $msg = base64_decode(substr($auth, 5));
        
        if (substr($msg, 0, 8) != "NTLMSSP\x00" )
        die('error header not recognised');
    
        if ($msg[8] == "\x01" ) {
            $msg2 = "NTLMSSP\x00\x02\x00\x00\x00".
            "\x00\x00\x00\x00". // target name len/alloc            
            "\x00\x00\x00\x00". // target name offset              
            "\x01\x02\x81\x00". // flags              
            "\x00\x00\x00\x00\x00\x00\x00\x00". // challenge              
            "\x00\x00\x00\x00\x00\x00\x00\x00". // context              
            "\x00\x00\x00\x00\x00\x00\x00\x00"; // target info len/alloc/offset            
            header('HTTP/1.1 401 Unauthorized');          
            header('WWW-Authenticate: NTLM '.trim(base64_encode($msg2)));
            exit;
        }
        else if ($msg[8] == "\x03" )
        {
        function get_msg_str($msg, $start, $unicode = true)
        {
            $len = (ord($msg[$start+1]) * 256) + ord($msg[$start]);
            $off = (ord($msg[$start+5]) * 256) + ord($msg[$start+4]);
            if ($unicode)
            return str_replace("\0", '', substr($msg, $off, $len));
            else
            return substr($msg, $off, $len);
            }
            $user = get_msg_str($msg, 36);
            $domain = get_msg_str($msg, 28);
            $workstation = get_msg_str($msg, 44);
        }
    }
    
    return $user;
}

Get %username% env. variable in PHP

1 Answers1