How to make get_current_user() return the same user as $_SERVER['AUTH_USER']?

pileup

1/8/24, 1:35 PM

I have a PHP app that uses LDAP for logging in. The app is served on Windows Server with IIS.

In the past, I was using $_SERVER['AUTH_USER'] to get the remote Windows user that was using the app:

$user = $_SERVER['AUTH_USER'];

Then I changed it to :

$user = get_current_user();

Both returned the same value - the Windows username that is currently using the website.

For example, if my Windows username is some_user then it would detect it and use it.

But something happened very recently and now get_current_user(); returns another user, which is one of the users that is on the permissions list of the PHP project folder.

I am not sure why it changed, but I have to change everything back to use $user = $_SERVER['AUTH_USER'];.

But how can I fix it and make get_current_user() read the user that is using the website from another Windows machine, and not the local Windows Server user?

720

1 + 0

windows

iis

php

permissions

Score:4

Server

vidarlo

1/8/24, 1:53 PM

PHP fixed a fifteen year old bug. You should update your script.

It should not return the logged in user. It should return the owner of the script file.

From php.net/get_current_user

get_current_user(): string
Returns the name of the owner of the current PHP script.

One of the comments notes that this doesn't work on Windows:

The information returned by get_current_user() seems to depend on the platform.

Using PHP 5.1.1 running as CGI with IIS 5.0 on Windows NT, get_current_user() returns the owner of the process running the script, not the owner of the script itself.

The intended behavior is to get the owner of the file; not the user executing the script.

You should probably stick to using $_SERVER['AUTH_USER'].

The fact that it ever worked for you is because PHP had a bug, and IIS runs scripts as the logged in user under your configuration.

+ 3

pileup

1/8/24, 2:07 PM

Ok that's interesting! thank you. Do you have an information where I can read about the bug fix? I want to show it to the team

vidarlo

1/8/24, 2:14 PM

No. I knew that it was supposed to return file owner, and thus checked the documentation, and by chance there was a comment saying that it behaved differently on Windows. If not, my answer would've been that you probably were mistaken, because it wasn't supposed to return the logged in user, but the file owner... ;)

pileup

1/8/24, 5:16 PM

Thank you. Btw I actually updated the PHP version and completely forgot I did that lol

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to make get_current_user() return the same user as $_SERVER['AUTH_USER']?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.