Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    New to the CF scene
    Join Date
    Dec 2002
    Location
    Lisbon, Portugal
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question is it possible obtain current windows user name/login ?

    Hello!

    Imagine someone is using windows2000 (that requires a valid
    login/password in order to use computer). Assume that he/she is behind a network and is using a shared computer (like university computer)

    Then, he/she visits your website and puts annoying messages
    in your foruns or send you anoyying emails using your website
    email form.

    It could be a great idea if you use javascript or perl in order
    to obtain the name that the user used to log in windows.

    Does anyone knows how can it be done?

    Thanks in advance!


  • #2
    Senior Coder Mhtml's Avatar
    Join Date
    Jun 2002
    Location
    Sydney, Australia
    Posts
    3,531
    Thanks
    0
    Thanked 1 Time in 1 Post
    Well, maybe not such a great idea. I think this sort of clashes with the rules here.

    You can not get this sort of info (I guess) it just shouldn't happen.
    Why not just put a filter on the form?

    Or make it so the user has to log in on your site to send messages and post in forums and then when you get a message sent to you just ban that user. And if you make it so that they can only register by entering their email and clicking a link in a confirmation email then you can just make it they can only register from one email address once.

    Or just start hunting down that person ... you know stalk em. lol
    I wouldn't recommend that though.
    Omnis mico antequam dominus Spookster!

  • #3
    Regular Coder
    Join Date
    Nov 2002
    Location
    Bristol, UK
    Posts
    932
    Thanks
    0
    Thanked 0 Times in 0 Posts
    in a word, it's impossible

    ...and thankfully so

    ::] krycek [::
    ithium | SOAPI | SDP | PTPScript manual
    "ithium is a non-profit webhost, which is pretty much unique. The mission of ithium is to provide free hosting resources for worthwhile and needy non-profit projects, which otherwise may not be able to obtain such facilities. The money from commercial customers goes to maintain ithium's servers and further development."

  • #4
    Senior Coder
    Join Date
    Jun 2002
    Location
    near Oswestry
    Posts
    4,508
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You can use a combination of IP address, user agent and maybe screen res/color depth and OS to identify users behind a proxy with some discrimination ... but probably not very much.

    If you're having a problem, then you should think about a login system for your forum, so you can simply ban troublemakers.

  • #5
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    And the problem with IP address filtering is that if they are on a network with one outlet to the internet, all the computers on the network are going to report the same ip address because of NAT. Or if they are on dialup it changes too.
    OracleGuy

  • #6
    Senior Coder
    Join Date
    Jun 2002
    Location
    Nashua, NH
    Posts
    1,724
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Try using cookies. If enabled, they would be user specific.
    Vladdy | KL
    "Working web site is not the one that looks the same on common graphical browsers running on desktop computers, but the one that adequately delivers information regardless of device accessing it"

  • #7
    Senior Coder
    Join Date
    Jun 2002
    Location
    near Oswestry
    Posts
    4,508
    Thanks
    0
    Thanked 0 Times in 0 Posts
    But you can't use a cookie to block someone ... they could just delete the cookie. You can use to a cookie to authenticate, but then you're back to the same thing of trying to authenticate a unique user when you set the cookie in the first place.

    You could always insist that your users install a registry key, which you send them in an email after vetting them with the CIA

    All forums potentially have this problem. How is it dealt with here? well thankfully it doesn't seem to happen ... but I guess if it did ... I don't know - I suppose a member would be banned.
    Last edited by brothercake; 12-15-2002 at 05:37 AM.

  • #8
    Senior Coder Mhtml's Avatar
    Join Date
    Jun 2002
    Location
    Sydney, Australia
    Posts
    3,531
    Thanks
    0
    Thanked 1 Time in 1 Post
    If you go for a login I think that if you ban users you should make up a page saying that you have taken down your website due to some one sending bad emails messing up the forum etc that way they will not try to get a new membership...

    Have a dummy front page that users that have been banned will get, ie one saying the same thing as the one when they try to re-register..

    Just make banned people think that it was because of one guy screwing it up and that guy will give up and then no more probs.
    Omnis mico antequam dominus Spookster!

  • #9
    New to the CF scene
    Join Date
    Dec 2002
    Location
    Lisbon, Portugal
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Post

    Message to everyone:
    Thank you very much for your suggestions!

    I think the best option for me will be start using cookies with
    some kind of registration system forcing all users to
    register themselves before posting new messages.

    The idea of blocking IP cannot be implemented because
    it will block everyone comming from that network
    (proxy/firewall problem).

    Again, I thank you all!
    You are great!

    ** Merry Christmas and Happy New Year **

    []'s
    NetLink

  • #10
    Regular Coder
    Join Date
    Oct 2002
    Posts
    380
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The answers posted are correct, and seem to have solved your problem.

    One aside. You can, within certain parameters, access window's login information using LDAP protocols. I know iot works within ASP and JSP using IE; I'm not sure about PHP and Moz implementations.

    Basically, this takes your windows authenticated identity, which you then then use as a secure identity elsewhere on the system. It's generally only useful on intranets (because you need access to the system user authentification files -- which most people don't deliberately make public).

  • #11
    Senior Coder
    Join Date
    Jun 2002
    Location
    near Oswestry
    Posts
    4,508
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Well yeah ... I mean if you can use ActiveX then you've access to COM ... and you've got a free run of the whole windows once you've accessed COM ...

    ... but you won't be able to do that on the web


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •