Comments on: Simple lightweight NTLM in PHP

By: Adithya

Adithya — Mon, 15 Mar 2010 11:36:34 +0000

Thanks Man, very very helpful.

By: Ira

Ira — Tue, 03 Nov 2009 18:29:47 +0000

David:

I had the same problem with it causing the post data to be empty, and I spent all day trying to figure out a solution. We solved the problem by simply adding that same code(posted by Loune) into every php file that is doing the “$variable = $_POST['name'].”

By: Loune

Loune — Mon, 05 Oct 2009 08:23:58 +0000

Here’s my example code: http://siphon9.net/loune/f/ntlm_post_test.php.txt

By: David

David — Mon, 05 Oct 2009 04:23:47 +0000

Yeah that’s be nice. I wasn’t using a cookie until suggested it (there wasn’t much of interest that I could put in the cookie before this authentication snippet) so I doubt it is a problem with a cookie.

Strange thing is it *does* work for Firefox, not a single problem. The problems occur mainly in IE7 & IE8 (though occasionally IE8 works but without any changes, deletions or anything stops working).

Now as much as I would LOVE to roll out FF3 within the company the directors would have an absolute heart attack as it can’t be simply managed from a central location…. Hey hang on, now there is an opportunity for a KICKASS addon and an server app to manage it, might boost adoption, but I digress…

By: Loune

Loune — Sat, 03 Oct 2009 02:55:43 +0000

I’ve just quickly mocked up an example and it works fine. There was a mistake in my original snippet in that $username variable should really just be named $user as per my ntlm code. I’ve fixed that now.

My testing was in firefox 3.0 and IE8. Could it be some quirk or setting with your browser regarding cookies? I can post my example up if you want.

By: David

David — Thu, 01 Oct 2009 16:10:00 +0000

Nope, still not working.

Well…. it *sorta* works. Once the cookie has been set and you close and reopen the browser then the post forms work. I am guessing this is due to the authentication being skipped as $username is not empty.

Really, REALLY baffling! —- Ohhh look! A grey hair… YAY!

By: Loune

Loune — Thu, 01 Oct 2009 12:32:30 +0000

This is probably due to the 3-way handshake (negotiate, challenge, response) the ntlm script performs. A post would be eaten up by the negotiate step. Ideally you should only ntlm authenticate the first time in a browser session and after that, you set a cookie and don’t ntlm authenticate until the next session ie:

$user = $_COOKIE['username'];
if (empty($user)) {
// the ntlm.php stuff
// straight after print “You are $user…, add:
setcookie(‘username’, $user);
}

This would work provided that the user has cookies enabled and that your first request in that session isn’t a post.

By: David

David — Thu, 01 Oct 2009 11:51:22 +0000

I wanted to use this for our Intranet, not for authentication but to personalise the site for our users. So the hash check would sorta be over kill. This lightweight version works perfect… and here’s the but…

BUT, all forms on the intranet that are set to method=”post” stop working and the $_POST array is totally empty. This is not the case for form set as method=”get”.

As soon as I disable the ntlm authorisation all the forms are working again. Odd thing is that some of these forms are located in pages within a different directory even i.e. ntlm auth happens on index.php and subsequently a form located in /admin/docmanager.php stops working.

I am at wits end on this one and have scoured Google from end to end for a solution…. Any thoughts?

P.S. This even happens on a fresh install of LAMP.

By: Loune

Loune — Sun, 20 Sep 2009 12:18:26 +0000

@Gary – you’re right $msg2 is missing 3 bytes, it’s now fixed.

@Eric Z – See the new php ntlm library with hash checking:
http://siphon9.net/loune/2009/09/ntlm-authentication-in-php-now-with-ntlmv2-hash-checking/

By: Eric Z

Eric Z — Wed, 12 Aug 2009 01:38:10 +0000

Cool function, Did you ever figure out that hash check version?