Pulling environment variables with JavaScript?

T

three_sixteen

Gawd
Joined
Feb 15, 2002
Messages
1,003
Hey guys,

I'm trying to figure out a way to query the username from the windows environment variable so I can do some SQL queries with it, but my JavaScript is no good.

I'm not sure what I need to do to get it?

Code: 
var System=Script.CreateObject("WScript.Shell").Environment("SYSTEM");

alert(System("username"));

Something along those lines?
 
This will do it:
Code: 
var wshell = WScript.CreateObject("wscript.shell");
WScript.Echo(wshell.ExpandEnvironmentStrings("%USERNAME%"));
 
pxc said:
This will do it:
Code: 
var wshell = WScript.CreateObject("wscript.shell");
WScript.Echo(wshell.ExpandEnvironmentStrings("%USERNAME%"));
Click to expand...

I've tried that, but nothing gets output. It's killing me.

I've tried to add the sandbox to my list of trusted sites and as far as I can tell it should work. But it's not working. Something tells me I wont be able to do this from a browser.
 
edit: change the first line to this: var wshell = new ActiveXObject("WScript.Shell");

That does work from a browser.
 
pxc said:
Yeah, good luck from a browser. ;) It works from cscript and i'm glad it doesn't work from a browser.
Click to expand...

Well, heres a stumper for you.

We have another webform here at work that does pull the username of the person logged on. But I don't have immediate access to the ASP page that does the work.

So I know that it's possible, I just can't figure out how. Do you have any ideas where I might start? I was able to write a vbscript file that successfully pulls it -- so I have the concept there. But once I try to implement it in a page it craps out.
 
pxc said:
edit: change the first line to this: var wshell = new ActiveXObject("WScript.Shell");

That does work from a browser.
Click to expand...

Yeah! That did it!

May I have your babies? All I need to do now is figure out a way to mark it as 'safe' so it dosen't prompt when the page loads.
 
Add the local site/directory to the Trusted sites in the Security tab, then change the "Initialize and script ActiveX controls not marked as safe" from Prompt to Enable in Custom Level... for Trusted sites. ;)

It is not a "safe" operation so you have to override it. You will hopefully limit/lock your trusted site appropriately.
 
pxc said:
Add the local site/directory to the Trusted sites in the Security tab, then change the "Initialize and script ActiveX controls not marked as safe" from Prompt to Enable in Custom Level... for Trusted sites. ;)

It is not a "safe" operation so you have to override it. You will hopefully limit/lock your trusted site appropriately.
Click to expand...

Yeah, I did that -- I'm not sure this solution will be appropriate for the scope that I need this to function. I really need to get at that ASP page to see how they did it. Knowing my luck it's probably some goofy function available in ASP that I wont be able to use on a PHP server.
 
Why do you think that? ASP runs on the server, not the client. Any passing of local environment variables from the browser will have to use some kind of scripting or ActiveX, or the other app may have some other separate configuration.
 
pxc said:
Why do you think that? ASP runs on the server, not the client. Any passing of local environment variables from the browser will have to use some kind of scripting or ActiveX, or the other app may have some other separate configuration.
Click to expand...

Well, there must be another way of doing it -- because that page dosen't prompt you for any security nonsense, it just pulls the username without consequence.

I just figured that maybe ASP or IIS had some sneaky way of pulling client information since it's all Windows.
 
three_sixteen said:
I just figured that maybe ASP or IIS had some sneaky way of pulling client information since it's all Windows.
Click to expand...
Only if you disable anonymous access in IIS, which is probably fine if it's a private web server.
 
You must log in or register to reply here.
Back
Top