I'm currently trying to expand my PHP driven intranet site for my company. It essentially functions as a bunch of miscellaneous reports and utilities that I've thrown together and linked to on the internal webserver. Whenever people keep wanting the same task done, I script it if at all possible and throw it up on the intranet page so people can accomplish their task without my help.
So far this is working great, but there are a handful of utilities that need to be restricted to just managers and such. Now, I know I could create a whole registration system to authenticate users like would be done on a public website, but frankly, that's a pain in the ass for everyone involved. All users already have a Linux user account on the same server as apache, so I'm thinking it would be so much开发者_如何学C better if I could just make a login form that would authenticate users against their system usernames/passwords, and then examine their groups to see if they have the privileges to do what they are trying to do (in which case they would belong to the already existing "managers" group). If I can pull this off it seems like a win-win for everyone. Users don't have to register and remember/maintain/update another set of credentials, and I don't have do to anything extra when I want to add or remove users.
Is this at all possible? If there aren't any pre-existing libraries to do this, could I just do it the direct way and have PHP read in and process /etc/passwd, /etc/shadow, and /etc/group?
To access Linux's authentication system directly, you could look at using the PAM module:
http://pecl.php.net/package/PAM
According to the docs, you need to configure pam to allow php to access it. After that, you can call the pam_auth function to validate a username / password combination:
if (pam_auth($username, $password))
{
// SUCCESS!!!
}
else
{
// FAILURE :(
}
You will want to make sure Linux has LDAP on. PHP has lots of built in functions for authenticating and such:
http://php.net/manual/en/book.ldap.php
精彩评论