chamilo /
chamilo-lms
@@ -124,7 +124,7 @@ |
||
| 124 | 124 | } |
| 125 | 125 | |
| 126 | 126 | /** |
| 127 | - * @param $variable |
|
| 127 | + * @param string $variable |
|
| 128 | 128 | * @return mixed |
| 129 | 129 | */ |
| 130 | 130 | public function getConfigurationValue($variable) |
@@ -204,7 +204,6 @@ discard block |
||
| 204 | 204 | * lock = the user can no longer use this account |
| 205 | 205 | * @author Patrick Cool <[email protected]>, Ghent University |
| 206 | 206 | * @param int $active the current state of the account |
| 207 | - * @param int $user_id The user id |
|
| 208 | 207 | * @param string $url_params |
| 209 | 208 | * @return string Some HTML-code with the lock/unlock button |
| 210 | 209 | */ |
@@ -236,7 +235,7 @@ discard block |
||
| 236 | 235 | * @author Patrick Cool <[email protected]>, Ghent University |
| 237 | 236 | * @param int $status, do we want to lock the user ($status=lock) or unlock it ($status=unlock) |
| 238 | 237 | * @param int $user_id The user id |
| 239 | - * @return language variable |
|
| 238 | + * @return string|null variable |
|
| 240 | 239 | */ |
| 241 | 240 | function lock_unlock_user($status, $user_id) { |
| 242 | 241 | $user_table = Database :: get_main_table(TABLE_MAIN_USER); |
@@ -16,7 +16,6 @@ |
||
| 16 | 16 | * @author Patrick Cool |
| 17 | 17 | * @author René Haentjens, added CSV file import (October 2004) |
| 18 | 18 | * @package chamilo.link |
| 19 | - |
|
| 20 | 19 | */ |
| 21 | 20 | |
| 22 | 21 | // Including libraries |
@@ -907,7 +907,7 @@ discard block |
||
| 907 | 907 | * display the edit and delete icons in the sortable table |
| 908 | 908 | * |
| 909 | 909 | * @param integer $id the id of the template |
| 910 | - * @return html code for the link to edit and delete the template |
|
| 910 | + * @return string code for the link to edit and delete the template |
|
| 911 | 911 | * |
| 912 | 912 | * @author Patrick Cool <[email protected]>, Ghent University, Belgium |
| 913 | 913 | * @version August 2008 |
@@ -923,7 +923,7 @@ discard block |
||
| 923 | 923 | * Display the image of the template in the sortable table |
| 924 | 924 | * |
| 925 | 925 | * @param string $image the image |
| 926 | - * @return html code for the image |
|
| 926 | + * @return string code for the image |
|
| 927 | 927 | * |
| 928 | 928 | * @author Patrick Cool <[email protected]>, Ghent University, Belgium |
| 929 | 929 | * @version August 2008 |
@@ -1120,7 +1120,7 @@ discard block |
||
| 1120 | 1120 | /** |
| 1121 | 1121 | * Returns an array containing the list of options used to populate the gradebook_number_decimals variable |
| 1122 | 1122 | * This function is called through a call_user_func() in the generate_settings_form function. |
| 1123 | - * @return array List of gradebook_number_decimals options |
|
| 1123 | + * @return string[] List of gradebook_number_decimals options |
|
| 1124 | 1124 | * |
| 1125 | 1125 | * @author Guillaume Viguier <[email protected]> |
| 1126 | 1126 | */ |
@@ -28,7 +28,7 @@ |
||
| 28 | 28 | * @param string ISO code (fr_FR, ...) |
| 29 | 29 | * @param int Whether the sublanguage is published (0=unpublished, 1=published) |
| 30 | 30 | * @param int ID del idioma padre |
| 31 | - * @return int New sub language ID or false on error |
|
| 31 | + * @return false|string New sub language ID or false on error |
|
| 32 | 32 | */ |
| 33 | 33 | function add_sub_language ($original_name,$english_name,$isocode,$sublanguage_available,$parent_id) { |
| 34 | 34 | $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); |
@@ -62,43 +62,43 @@ discard block |
||
| 62 | 62 | * inside the add_sub_language function. |
| 63 | 63 | */ |
| 64 | 64 | function check_if_language_exist ($original_name, $english_name, $isocode, $sublanguage_available) { |
| 65 | - $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); |
|
| 66 | - $sql_original_name='SELECT count(*) AS count_original_name FROM '.$tbl_admin_languages.' WHERE original_name="'.Database::escape_string($original_name).'" '; |
|
| 67 | - $sql_english_name='SELECT count(*) AS count_english_name FROM '.$tbl_admin_languages.' WHERE english_name="'.Database::escape_string($english_name).'" '; |
|
| 68 | - //$sql_isocode='SELECT count(*) AS count_isocode FROM '.$tbl_admin_languages.' WHERE isocode="'.Database::escape_string($isocode).'" '; |
|
| 69 | - $rs_original_name=Database::query($sql_original_name); |
|
| 70 | - $rs_english_name=Database::query($sql_english_name); |
|
| 71 | - //$rs_isocode=Database::query($sql_isocode); |
|
| 72 | - $count_original_name=Database::result($rs_original_name,0,'count_original_name'); |
|
| 73 | - $count_english_name=Database::result($rs_english_name,0,'count_english_name'); |
|
| 74 | - //$count_isocode=Database::result($rs_isocode,0,'count_isocode'); |
|
| 75 | - $has_error=false; |
|
| 76 | - $message_information=array(); |
|
| 65 | + $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); |
|
| 66 | + $sql_original_name='SELECT count(*) AS count_original_name FROM '.$tbl_admin_languages.' WHERE original_name="'.Database::escape_string($original_name).'" '; |
|
| 67 | + $sql_english_name='SELECT count(*) AS count_english_name FROM '.$tbl_admin_languages.' WHERE english_name="'.Database::escape_string($english_name).'" '; |
|
| 68 | + //$sql_isocode='SELECT count(*) AS count_isocode FROM '.$tbl_admin_languages.' WHERE isocode="'.Database::escape_string($isocode).'" '; |
|
| 69 | + $rs_original_name=Database::query($sql_original_name); |
|
| 70 | + $rs_english_name=Database::query($sql_english_name); |
|
| 71 | + //$rs_isocode=Database::query($sql_isocode); |
|
| 72 | + $count_original_name=Database::result($rs_original_name,0,'count_original_name'); |
|
| 73 | + $count_english_name=Database::result($rs_english_name,0,'count_english_name'); |
|
| 74 | + //$count_isocode=Database::result($rs_isocode,0,'count_isocode'); |
|
| 75 | + $has_error=false; |
|
| 76 | + $message_information=array(); |
|
| 77 | 77 | |
| 78 | - if ($count_original_name==1) { |
|
| 79 | - $has_error=true; |
|
| 80 | - $message_information['original_name']=true; |
|
| 81 | - } |
|
| 82 | - if ($count_english_name==1) { |
|
| 83 | - $has_error=true; |
|
| 84 | - $message_information['english_name']=true; |
|
| 85 | - } |
|
| 78 | + if ($count_original_name==1) { |
|
| 79 | + $has_error=true; |
|
| 80 | + $message_information['original_name']=true; |
|
| 81 | + } |
|
| 82 | + if ($count_english_name==1) { |
|
| 83 | + $has_error=true; |
|
| 84 | + $message_information['english_name']=true; |
|
| 85 | + } |
|
| 86 | 86 | |
| 87 | - $iso_list = api_get_platform_isocodes(); |
|
| 88 | - $iso_list = array_values($iso_list); |
|
| 87 | + $iso_list = api_get_platform_isocodes(); |
|
| 88 | + $iso_list = array_values($iso_list); |
|
| 89 | 89 | |
| 90 | - if (!in_array($isocode, $iso_list)) { |
|
| 91 | - $has_error=true; |
|
| 92 | - $message_information['isocode']=true; |
|
| 93 | - } |
|
| 94 | - if ($has_error===true) { |
|
| 95 | - $message_information['execute_add']=false; |
|
| 96 | - } |
|
| 97 | - if ($has_error===false) { |
|
| 98 | - $message_information['execute_add']=true; |
|
| 99 | - } |
|
| 90 | + if (!in_array($isocode, $iso_list)) { |
|
| 91 | + $has_error=true; |
|
| 92 | + $message_information['isocode']=true; |
|
| 93 | + } |
|
| 94 | + if ($has_error===true) { |
|
| 95 | + $message_information['execute_add']=false; |
|
| 96 | + } |
|
| 97 | + if ($has_error===false) { |
|
| 98 | + $message_information['execute_add']=true; |
|
| 99 | + } |
|
| 100 | 100 | |
| 101 | - return $message_information; |
|
| 101 | + return $message_information; |
|
| 102 | 102 | } |
| 103 | 103 | |
| 104 | 104 | /** |
@@ -109,7 +109,7 @@ discard block |
||
| 109 | 109 | * @todo deprecate this function and use the static method directly |
| 110 | 110 | */ |
| 111 | 111 | function check_if_exist_language_by_id ($language_id) { |
| 112 | - return SubLanguageManager::check_if_exist_language_by_id($language_id); |
|
| 112 | + return SubLanguageManager::check_if_exist_language_by_id($language_id); |
|
| 113 | 113 | } |
| 114 | 114 | /** |
| 115 | 115 | * Check if the given language is a parent of any sub-language |
@@ -117,13 +117,13 @@ discard block |
||
| 117 | 117 | * @return bool True if this language has children, false otherwise |
| 118 | 118 | */ |
| 119 | 119 | function ckeck_if_is_parent_of_sub_language ($parent_id) { |
| 120 | - $sql='SELECT count(*) AS count FROM language WHERE parent_id= '.intval($parent_id).''; |
|
| 121 | - $rs=Database::query($sql); |
|
| 122 | - if (Database::num_rows($rs)>0 && Database::result($rs,0,'count')==1) { |
|
| 123 | - return true; |
|
| 124 | - } else { |
|
| 125 | - return false; |
|
| 126 | - } |
|
| 120 | + $sql='SELECT count(*) AS count FROM language WHERE parent_id= '.intval($parent_id).''; |
|
| 121 | + $rs=Database::query($sql); |
|
| 122 | + if (Database::num_rows($rs)>0 && Database::result($rs,0,'count')==1) { |
|
| 123 | + return true; |
|
| 124 | + } else { |
|
| 125 | + return false; |
|
| 126 | + } |
|
| 127 | 127 | } |
| 128 | 128 | /** |
| 129 | 129 | * Get all information of sub-language |
@@ -132,27 +132,27 @@ discard block |
||
| 132 | 132 | * @return array |
| 133 | 133 | */ |
| 134 | 134 | function allow_get_all_information_of_sub_language ($parent_id,$sub_language_id) { |
| 135 | - return SubLanguageManager::get_all_information_of_sub_language($parent_id,$sub_language_id); |
|
| 135 | + return SubLanguageManager::get_all_information_of_sub_language($parent_id,$sub_language_id); |
|
| 136 | 136 | } |
| 137 | 137 | /*end declare functions*/ |
| 138 | 138 | |
| 139 | 139 | //add data |
| 140 | 140 | |
| 141 | 141 | if (isset($_GET['sub_language_id']) && $_GET['sub_language_id']==strval(intval($_GET['sub_language_id']))) { |
| 142 | - $language_name=SubLanguageManager::get_name_of_language_by_id($_GET['sub_language_id']); |
|
| 143 | - if (check_if_exist_language_by_id ($_GET['sub_language_id'])===true) { |
|
| 144 | - $sub_language_id=$_GET['sub_language_id']; |
|
| 145 | - $sub_language_id_exist=true; |
|
| 146 | - } else { |
|
| 147 | - $sub_language_id_exist=false; |
|
| 148 | - } |
|
| 142 | + $language_name=SubLanguageManager::get_name_of_language_by_id($_GET['sub_language_id']); |
|
| 143 | + if (check_if_exist_language_by_id ($_GET['sub_language_id'])===true) { |
|
| 144 | + $sub_language_id=$_GET['sub_language_id']; |
|
| 145 | + $sub_language_id_exist=true; |
|
| 146 | + } else { |
|
| 147 | + $sub_language_id_exist=false; |
|
| 148 | + } |
|
| 149 | 149 | |
| 150 | 150 | } |
| 151 | 151 | $language_details = array(); |
| 152 | 152 | $language_name=''; |
| 153 | 153 | if (isset($_GET['id']) && $_GET['id']==strval(intval($_GET['id']))) { |
| 154 | 154 | $language_details = SubLanguageManager::get_all_information_of_language($_GET['id']); |
| 155 | - $language_name = $language_details['original_name']; |
|
| 155 | + $language_name = $language_details['original_name']; |
|
| 156 | 156 | if (check_if_exist_language_by_id ($_GET['id'])===true) { |
| 157 | 157 | $parent_id=$_GET['id']; |
| 158 | 158 | $language_id_exist=true; |
@@ -160,67 +160,67 @@ discard block |
||
| 160 | 160 | $language_id_exist=false; |
| 161 | 161 | } |
| 162 | 162 | } else { |
| 163 | - $language_id_exist=false; |
|
| 163 | + $language_id_exist=false; |
|
| 164 | 164 | } |
| 165 | 165 | |
| 166 | 166 | //removed and register |
| 167 | 167 | |
| 168 | 168 | if ((isset($_GET['id']) && $_GET['id']==strval(intval($_GET['id']))) && (isset($_GET['sub_language_id']) && $_GET['sub_language_id']==strval(intval($_GET['sub_language_id'])))) { |
| 169 | - if (check_if_exist_language_by_id($_GET['id'])===true && check_if_exist_language_by_id($_GET['sub_language_id'])===true) { |
|
| 170 | - $get_all_information=allow_get_all_information_of_sub_language ($_GET['id'],$_GET['sub_language_id']); |
|
| 171 | - $original_name=$get_all_information['original_name']; |
|
| 172 | - $english_name=$get_all_information['english_name']; |
|
| 173 | - $isocode=$get_all_information['isocode']; |
|
| 169 | + if (check_if_exist_language_by_id($_GET['id'])===true && check_if_exist_language_by_id($_GET['sub_language_id'])===true) { |
|
| 170 | + $get_all_information=allow_get_all_information_of_sub_language ($_GET['id'],$_GET['sub_language_id']); |
|
| 171 | + $original_name=$get_all_information['original_name']; |
|
| 172 | + $english_name=$get_all_information['english_name']; |
|
| 173 | + $isocode=$get_all_information['isocode']; |
|
| 174 | 174 | |
| 175 | - } |
|
| 175 | + } |
|
| 176 | 176 | } |
| 177 | 177 | |
| 178 | 178 | $language_name=get_lang('CreateSubLanguageForLanguage').' ( '.strtolower($language_name).' )'; |
| 179 | 179 | |
| 180 | 180 | if (ckeck_if_is_parent_of_sub_language($parent_id)===true && isset($_GET['action']) && $_GET['action']=='deletesublanguage') { |
| 181 | - $language_name=get_lang('DeleteSubLanguage'); |
|
| 181 | + $language_name=get_lang('DeleteSubLanguage'); |
|
| 182 | 182 | } |
| 183 | 183 | |
| 184 | 184 | $msg = ''; |
| 185 | 185 | |
| 186 | 186 | if (isset($_POST['SubmitAddNewLanguage'])) { |
| 187 | - $original_name=$_POST['original_name']; |
|
| 188 | - $english_name=$_POST['english_name']; |
|
| 189 | - $isocode=$_POST['isocode']; |
|
| 190 | - $english_name=str_replace(' ','_',$english_name); |
|
| 191 | - $isocode=str_replace(' ','_',$isocode); |
|
| 187 | + $original_name=$_POST['original_name']; |
|
| 188 | + $english_name=$_POST['english_name']; |
|
| 189 | + $isocode=$_POST['isocode']; |
|
| 190 | + $english_name=str_replace(' ','_',$english_name); |
|
| 191 | + $isocode=str_replace(' ','_',$isocode); |
|
| 192 | 192 | |
| 193 | - $sublanguage_available=$_POST['sub_language_is_visible']; |
|
| 194 | - $check_information=array(); |
|
| 195 | - $check_information=check_if_language_exist($original_name,$english_name,$isocode,$sublanguage_available); |
|
| 196 | - foreach ($check_information as $index_information => $value_information) { |
|
| 197 | - $allow_insert_info=false; |
|
| 198 | - if ($index_information=='original_name') { |
|
| 199 | - $msg .= Display::return_message(get_lang('AlreadyExists').' "'.get_lang('OriginalName').'" '.'('.$original_name.')','error'); |
|
| 200 | - } |
|
| 201 | - if ($index_information=='english_name') { |
|
| 202 | - $msg .= Display::return_message(get_lang('AlreadyExists').' "'.get_lang('EnglishName').'" '.'('.$english_name.')','error'); |
|
| 203 | - } |
|
| 204 | - if ($index_information=='isocode') { |
|
| 205 | - $msg .= Display::return_message(get_lang('CodeDoesNotExists').': '.$isocode.'','error'); |
|
| 206 | - } |
|
| 207 | - if ($index_information=='execute_add' && $value_information===true) { |
|
| 208 | - $allow_insert_info=true; |
|
| 209 | - } |
|
| 210 | - } |
|
| 193 | + $sublanguage_available=$_POST['sub_language_is_visible']; |
|
| 194 | + $check_information=array(); |
|
| 195 | + $check_information=check_if_language_exist($original_name,$english_name,$isocode,$sublanguage_available); |
|
| 196 | + foreach ($check_information as $index_information => $value_information) { |
|
| 197 | + $allow_insert_info=false; |
|
| 198 | + if ($index_information=='original_name') { |
|
| 199 | + $msg .= Display::return_message(get_lang('AlreadyExists').' "'.get_lang('OriginalName').'" '.'('.$original_name.')','error'); |
|
| 200 | + } |
|
| 201 | + if ($index_information=='english_name') { |
|
| 202 | + $msg .= Display::return_message(get_lang('AlreadyExists').' "'.get_lang('EnglishName').'" '.'('.$english_name.')','error'); |
|
| 203 | + } |
|
| 204 | + if ($index_information=='isocode') { |
|
| 205 | + $msg .= Display::return_message(get_lang('CodeDoesNotExists').': '.$isocode.'','error'); |
|
| 206 | + } |
|
| 207 | + if ($index_information=='execute_add' && $value_information===true) { |
|
| 208 | + $allow_insert_info=true; |
|
| 209 | + } |
|
| 210 | + } |
|
| 211 | 211 | |
| 212 | - if (strlen($original_name)>0 && strlen($english_name)>0 && strlen($isocode)>0) { |
|
| 213 | - if ($allow_insert_info===true && $language_id_exist===true) { |
|
| 214 | - $english_name=str_replace(' ','_',$english_name); |
|
| 212 | + if (strlen($original_name)>0 && strlen($english_name)>0 && strlen($isocode)>0) { |
|
| 213 | + if ($allow_insert_info===true && $language_id_exist===true) { |
|
| 214 | + $english_name=str_replace(' ','_',$english_name); |
|
| 215 | 215 | //Fixes BT#1636 |
| 216 | 216 | $english_name=api_strtolower($english_name); |
| 217 | 217 | |
| 218 | - $isocode=str_replace(' ','_',$isocode); |
|
| 219 | - $str_info='<br/>'.get_lang('OriginalName').' : '.$original_name.'<br/>'.get_lang('EnglishName').' : '.$english_name.'<br/>'.get_lang('PlatformCharsetTitle').' : '.$isocode; |
|
| 218 | + $isocode=str_replace(' ','_',$isocode); |
|
| 219 | + $str_info='<br/>'.get_lang('OriginalName').' : '.$original_name.'<br/>'.get_lang('EnglishName').' : '.$english_name.'<br/>'.get_lang('PlatformCharsetTitle').' : '.$isocode; |
|
| 220 | 220 | |
| 221 | - $mkdir_result=SubLanguageManager::add_language_directory($english_name); |
|
| 222 | - if ($mkdir_result) { |
|
| 223 | - $sl_id = add_sub_language($original_name,$english_name,$isocode,$sublanguage_available,$parent_id); |
|
| 221 | + $mkdir_result=SubLanguageManager::add_language_directory($english_name); |
|
| 222 | + if ($mkdir_result) { |
|
| 223 | + $sl_id = add_sub_language($original_name,$english_name,$isocode,$sublanguage_available,$parent_id); |
|
| 224 | 224 | if ($sl_id === false) { |
| 225 | 225 | SubLanguageManager::remove_language_directory($english_name); |
| 226 | 226 | $msg .= Display::return_message(get_lang('LanguageDirectoryNotWriteableContactAdmin'),'error'); |
@@ -232,17 +232,17 @@ discard block |
||
| 232 | 232 | require 'sub_language.php'; |
| 233 | 233 | exit(); |
| 234 | 234 | } |
| 235 | - } else { |
|
| 236 | - $msg .= Display::return_message(get_lang('LanguageDirectoryNotWriteableContactAdmin'),'error'); |
|
| 237 | - } |
|
| 238 | - } else { |
|
| 239 | - if ($language_id_exist===false) { |
|
| 240 | - $msg .= Display::return_message(get_lang('LanguageParentNotExist'),'error'); |
|
| 241 | - } |
|
| 242 | - } |
|
| 243 | - } else { |
|
| 235 | + } else { |
|
| 236 | + $msg .= Display::return_message(get_lang('LanguageDirectoryNotWriteableContactAdmin'),'error'); |
|
| 237 | + } |
|
| 238 | + } else { |
|
| 239 | + if ($language_id_exist===false) { |
|
| 240 | + $msg .= Display::return_message(get_lang('LanguageParentNotExist'),'error'); |
|
| 241 | + } |
|
| 242 | + } |
|
| 243 | + } else { |
|
| 244 | 244 | $msg .= Display::return_message(get_lang('FormHasErrorsPleaseComplete'),'error'); |
| 245 | - } |
|
| 245 | + } |
|
| 246 | 246 | } |
| 247 | 247 | |
| 248 | 248 | Display :: display_header($language_name); |
@@ -250,49 +250,49 @@ discard block |
||
| 250 | 250 | echo $msg; |
| 251 | 251 | |
| 252 | 252 | if (isset($_POST['SubmitAddDeleteLanguage'])) { |
| 253 | - $rs = SubLanguageManager::remove_sub_language($_GET['id'], $_GET['sub_language_id']); |
|
| 254 | - if ($rs===true) { |
|
| 255 | - Display::display_confirmation_message(get_lang('TheSubLanguageHasBeenRemoved')); |
|
| 256 | - } else { |
|
| 257 | - Display::display_error_message(get_lang('TheSubLanguageHasNotBeenRemoved')); |
|
| 258 | - } |
|
| 253 | + $rs = SubLanguageManager::remove_sub_language($_GET['id'], $_GET['sub_language_id']); |
|
| 254 | + if ($rs===true) { |
|
| 255 | + Display::display_confirmation_message(get_lang('TheSubLanguageHasBeenRemoved')); |
|
| 256 | + } else { |
|
| 257 | + Display::display_error_message(get_lang('TheSubLanguageHasNotBeenRemoved')); |
|
| 258 | + } |
|
| 259 | 259 | } |
| 260 | 260 | // ckeck_if_is_parent_of_sub_language($parent_id)===false |
| 261 | 261 | // |
| 262 | 262 | if (isset($_GET['action']) && $_GET['action']=='definenewsublanguage') { |
| 263 | - $text = $language_name; |
|
| 264 | - $form = new FormValidator('addsublanguage', 'post', 'sub_language_add.php?id='.Security::remove_XSS($_GET['id']).'&action=definenewsublanguage'); |
|
| 265 | - $class='add'; |
|
| 266 | - $form->addElement('header', '', $text); |
|
| 267 | - $form->addElement('text', 'original_name', get_lang('OriginalName'),'class="input_titles"'); |
|
| 268 | - $form->addRule('original_name', get_lang('ThisFieldIsRequired'), 'required'); |
|
| 269 | - $form->addElement('text', 'english_name', get_lang('EnglishName'),'class="input_titles"'); |
|
| 270 | - $form->addRule('english_name', get_lang('ThisFieldIsRequired'), 'required'); |
|
| 271 | - $form->addElement('text', 'isocode', get_lang('ISOCode'), 'class="input_titles"'); |
|
| 272 | - $form->addRule('isocode', get_lang('ThisFieldIsRequired'), 'required'); |
|
| 273 | - $form->addElement('static', null, ' ', '<i>en, es, fr</i>'); |
|
| 274 | - $form->addElement('checkbox', 'sub_language_is_visible', '', get_lang('Visibility')); |
|
| 275 | - $form->addButtonCreate(get_lang('CreateSubLanguage'), 'SubmitAddNewLanguage'); |
|
| 263 | + $text = $language_name; |
|
| 264 | + $form = new FormValidator('addsublanguage', 'post', 'sub_language_add.php?id='.Security::remove_XSS($_GET['id']).'&action=definenewsublanguage'); |
|
| 265 | + $class='add'; |
|
| 266 | + $form->addElement('header', '', $text); |
|
| 267 | + $form->addElement('text', 'original_name', get_lang('OriginalName'),'class="input_titles"'); |
|
| 268 | + $form->addRule('original_name', get_lang('ThisFieldIsRequired'), 'required'); |
|
| 269 | + $form->addElement('text', 'english_name', get_lang('EnglishName'),'class="input_titles"'); |
|
| 270 | + $form->addRule('english_name', get_lang('ThisFieldIsRequired'), 'required'); |
|
| 271 | + $form->addElement('text', 'isocode', get_lang('ISOCode'), 'class="input_titles"'); |
|
| 272 | + $form->addRule('isocode', get_lang('ThisFieldIsRequired'), 'required'); |
|
| 273 | + $form->addElement('static', null, ' ', '<i>en, es, fr</i>'); |
|
| 274 | + $form->addElement('checkbox', 'sub_language_is_visible', '', get_lang('Visibility')); |
|
| 275 | + $form->addButtonCreate(get_lang('CreateSubLanguage'), 'SubmitAddNewLanguage'); |
|
| 276 | 276 | //$values['original_name'] = $language_details['original_name'].'...'; -> cannot be used because of quickform filtering (freeze) |
| 277 | 277 | $values['english_name'] = $language_details['english_name'].'2'; |
| 278 | 278 | $values['isocode'] = $language_details['isocode']; |
| 279 | 279 | $form->setDefaults($values); |
| 280 | - $form->display(); |
|
| 280 | + $form->display(); |
|
| 281 | 281 | } else { |
| 282 | - if (isset($_GET['action']) && $_GET['action']=='deletesublanguage') { |
|
| 283 | - $text=$language_name; |
|
| 284 | - $form = new FormValidator('deletesublanguage', 'post', 'sub_language_add.php?id='.Security::remove_XSS($_GET['id']).'&sub_language_id='.Security::remove_XSS($_GET['sub_language_id'])); |
|
| 285 | - $class='minus'; |
|
| 286 | - $form->addElement('header', '', $text); |
|
| 287 | - $form->addElement('static', '', get_lang('OriginalName'),$original_name); |
|
| 288 | - $form->addElement('static', '', get_lang('EnglishName'),$english_name); |
|
| 289 | - $form->addElement('static', '', get_lang('PlatformCharsetTitle'),$isocode); |
|
| 290 | - $form->addButtonCreate(get_lang('DeleteSubLanguage'), 'SubmitAddDeleteLanguage'); |
|
| 291 | - $form->display(); |
|
| 292 | - } |
|
| 293 | - if (isset($_GET['action']) && $_GET['action']=='definenewsublanguage') { |
|
| 294 | - Display::display_normal_message(get_lang('TheSubLanguageForThisLanguageHasBeenAdded')); |
|
| 295 | - } |
|
| 282 | + if (isset($_GET['action']) && $_GET['action']=='deletesublanguage') { |
|
| 283 | + $text=$language_name; |
|
| 284 | + $form = new FormValidator('deletesublanguage', 'post', 'sub_language_add.php?id='.Security::remove_XSS($_GET['id']).'&sub_language_id='.Security::remove_XSS($_GET['sub_language_id'])); |
|
| 285 | + $class='minus'; |
|
| 286 | + $form->addElement('header', '', $text); |
|
| 287 | + $form->addElement('static', '', get_lang('OriginalName'),$original_name); |
|
| 288 | + $form->addElement('static', '', get_lang('EnglishName'),$english_name); |
|
| 289 | + $form->addElement('static', '', get_lang('PlatformCharsetTitle'),$isocode); |
|
| 290 | + $form->addButtonCreate(get_lang('DeleteSubLanguage'), 'SubmitAddDeleteLanguage'); |
|
| 291 | + $form->display(); |
|
| 292 | + } |
|
| 293 | + if (isset($_GET['action']) && $_GET['action']=='definenewsublanguage') { |
|
| 294 | + Display::display_normal_message(get_lang('TheSubLanguageForThisLanguageHasBeenAdded')); |
|
| 295 | + } |
|
| 296 | 296 | } |
| 297 | 297 | /** |
| 298 | 298 | * Footer |
@@ -128,7 +128,7 @@ |
||
| 128 | 128 | /** |
| 129 | 129 | * Update users from the imported data |
| 130 | 130 | * @param array $users List of users |
| 131 | - * @return void |
|
| 131 | + * @return false|null |
|
| 132 | 132 | * @uses global variable $inserted_in_course, which returns the list of courses the user was inserted in |
| 133 | 133 | */ |
| 134 | 134 | |
@@ -60,8 +60,8 @@ |
||
| 60 | 60 | $user['error'] = get_lang('UserNameNotAvailable'); |
| 61 | 61 | $errors[] = $user; |
| 62 | 62 | } |
| 63 | - } |
|
| 64 | - } |
|
| 63 | + } |
|
| 64 | + } |
|
| 65 | 65 | |
| 66 | 66 | // 3. Check status. |
| 67 | 67 | if (isset($user['Status']) && !api_status_exists($user['Status'])) { |
@@ -206,7 +206,7 @@ |
||
| 206 | 206 | |
| 207 | 207 | /** |
| 208 | 208 | * Restores an attendance entry and fallback to attendances rendering |
| 209 | - * @param int $attendanceId |
|
| 209 | + * @param int $attendance_id |
|
| 210 | 210 | */ |
| 211 | 211 | public function attendance_restore($attendance_id) |
| 212 | 212 | { |
@@ -636,11 +636,11 @@ |
||
| 636 | 636 | } |
| 637 | 637 | $formToDisplay = $form->returnForm(); |
| 638 | 638 | } else { |
| 639 | - if (!empty($sessionId)) { |
|
| 640 | - $sessionInfo = api_get_session_info($sessionId); |
|
| 641 | - $startDate = $sessionInfo['access_start_date']; |
|
| 642 | - $endDate = $sessionInfo['access_end_date']; |
|
| 643 | - } |
|
| 639 | + if (!empty($sessionId)) { |
|
| 640 | + $sessionInfo = api_get_session_info($sessionId); |
|
| 641 | + $startDate = $sessionInfo['access_start_date']; |
|
| 642 | + $endDate = $sessionInfo['access_end_date']; |
|
| 643 | + } |
|
| 644 | 644 | } |
| 645 | 645 | |
| 646 | 646 | $attendance = new Attendance(); |
@@ -10,7 +10,7 @@ |
||
| 10 | 10 | require_once api_get_path(SYS_PATH).'main/auth/external_login/functions.inc.php'; |
| 11 | 11 | |
| 12 | 12 | /** |
| 13 | -* @return true if cas is configured |
|
| 13 | +* @return boolean if cas is configured |
|
| 14 | 14 | * |
| 15 | 15 | **/ |
| 16 | 16 | function cas_configured() { |
@@ -14,7 +14,7 @@ discard block |
||
| 14 | 14 | * |
| 15 | 15 | **/ |
| 16 | 16 | function cas_configured() { |
| 17 | - global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri; |
|
| 17 | + global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri; |
|
| 18 | 18 | $res = false; |
| 19 | 19 | if (!empty($cas_auth_ver) && !empty($cas_auth_server) && !empty($cas_auth_port)) { |
| 20 | 20 | $res = true; |
@@ -32,23 +32,23 @@ discard block |
||
| 32 | 32 | |
| 33 | 33 | function cas_is_authenticated() |
| 34 | 34 | { |
| 35 | - global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri; |
|
| 36 | - global $PHPCAS_CLIENT; |
|
| 37 | - global $logout; |
|
| 35 | + global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri; |
|
| 36 | + global $PHPCAS_CLIENT; |
|
| 37 | + global $logout; |
|
| 38 | 38 | |
| 39 | 39 | if (!cas_configured()) { |
| 40 | 40 | return; |
| 41 | 41 | } |
| 42 | 42 | |
| 43 | - if (!is_object($PHPCAS_CLIENT)) { |
|
| 44 | - phpCAS::client($cas_auth_ver,$cas_auth_server,$cas_auth_port,$cas_auth_uri); |
|
| 45 | - phpCAS::setNoCasServerValidation(); |
|
| 46 | - } |
|
| 47 | - $auth = phpCAS::checkAuthentication(); |
|
| 43 | + if (!is_object($PHPCAS_CLIENT)) { |
|
| 44 | + phpCAS::client($cas_auth_ver,$cas_auth_server,$cas_auth_port,$cas_auth_uri); |
|
| 45 | + phpCAS::setNoCasServerValidation(); |
|
| 46 | + } |
|
| 47 | + $auth = phpCAS::checkAuthentication(); |
|
| 48 | 48 | |
| 49 | - if ($auth) { |
|
| 50 | - $login= trim(phpCAS::getUser()); |
|
| 51 | - /* |
|
| 49 | + if ($auth) { |
|
| 50 | + $login= trim(phpCAS::getUser()); |
|
| 51 | + /* |
|
| 52 | 52 | Get user attributes. Here are the attributes for crdp platform |
| 53 | 53 | sn => name |
| 54 | 54 | ENTPersonMailInterne => mail |
@@ -56,7 +56,7 @@ discard block |
||
| 56 | 56 | ENTPersonProfils => profil |
| 57 | 57 | givenName => first name |
| 58 | 58 | */ |
| 59 | - /*$user=phpCAS::getAttributes(); |
|
| 59 | + /*$user=phpCAS::getAttributes(); |
|
| 60 | 60 | $firstName = trim($user['givenName']); |
| 61 | 61 | $lastName = trim($user['sn']); |
| 62 | 62 | $login = trim($user['ENTPersonAlias']); |
@@ -79,54 +79,54 @@ discard block |
||
| 79 | 79 | default: |
| 80 | 80 | $status=5; // Student |
| 81 | 81 | }*/ |
| 82 | - if (!$logout){ |
|
| 83 | - // get user info from username |
|
| 84 | - $tab_user_info = api_get_user_info($login); |
|
| 85 | - |
|
| 86 | - // user found in the chamilo database |
|
| 87 | - if (is_array($tab_user_info)) { |
|
| 88 | - // if option is on we update user automatically from ldap server |
|
| 89 | - if (api_get_setting("update_user_info_cas_with_ldap") == "true") { |
|
| 82 | + if (!$logout){ |
|
| 83 | + // get user info from username |
|
| 84 | + $tab_user_info = api_get_user_info($login); |
|
| 85 | + |
|
| 86 | + // user found in the chamilo database |
|
| 87 | + if (is_array($tab_user_info)) { |
|
| 88 | + // if option is on we update user automatically from ldap server |
|
| 89 | + if (api_get_setting("update_user_info_cas_with_ldap") == "true") { |
|
| 90 | 90 | $ldapuser = extldap_authenticate($login, 'nopass', true); |
| 91 | 91 | if ($ldapuser !== false) { |
| 92 | 92 | $chamilo_user = extldap_get_chamilo_user($ldapuser); |
| 93 | 93 | $chamilo_user['user_id'] = $tab_user_info['user_id']; |
| 94 | 94 | $chamilo_user['status'] = $tab_user_info['status']; |
| 95 | - UserManager::update_user ($chamilo_user["user_id"], $chamilo_user["firstname"], $chamilo_user["lastname"], $login, null, null, $chamilo_user["email"], $chamilo_user["status"], '', '', '', '', 1, null, 0, null,'') ; |
|
| 96 | - } |
|
| 97 | - } |
|
| 98 | - return $login; |
|
| 99 | - } |
|
| 100 | - // user not found |
|
| 101 | - else { |
|
| 102 | - // if option is on we can ADD user automatically from ldap server or by modify own profil |
|
| 103 | - $user_added = false; |
|
| 104 | - switch (api_get_setting("cas_add_user_activate")) { |
|
| 105 | - case PLATFORM_AUTH_SOURCE : |
|
| 106 | - // user will have to modify firstname, lastname, email in chamilo profil edit |
|
| 107 | - $userdata = get_lang("EditInProfil"); |
|
| 108 | - UserManager::create_user($userdata, $userdata, '5', $userdata, $login, 'casplaceholder', '','','','',CAS_AUTH_SOURCE); |
|
| 109 | - $user_added = $login; |
|
| 110 | - break; |
|
| 111 | - case LDAP_AUTH_SOURCE : |
|
| 112 | - // user info are read from ldap connexion |
|
| 113 | - // get user info from ldap server |
|
| 114 | - // user has already been authenticated by CAS |
|
| 115 | - // If user not found in LDAP, user not created |
|
| 116 | - $ldapuser = extldap_authenticate($login, 'nopass', true); |
|
| 117 | - if ($ldapuser !== false) { |
|
| 118 | - $chamilo_user = extldap_get_chamilo_user($ldapuser); |
|
| 95 | + UserManager::update_user ($chamilo_user["user_id"], $chamilo_user["firstname"], $chamilo_user["lastname"], $login, null, null, $chamilo_user["email"], $chamilo_user["status"], '', '', '', '', 1, null, 0, null,'') ; |
|
| 96 | + } |
|
| 97 | + } |
|
| 98 | + return $login; |
|
| 99 | + } |
|
| 100 | + // user not found |
|
| 101 | + else { |
|
| 102 | + // if option is on we can ADD user automatically from ldap server or by modify own profil |
|
| 103 | + $user_added = false; |
|
| 104 | + switch (api_get_setting("cas_add_user_activate")) { |
|
| 105 | + case PLATFORM_AUTH_SOURCE : |
|
| 106 | + // user will have to modify firstname, lastname, email in chamilo profil edit |
|
| 107 | + $userdata = get_lang("EditInProfil"); |
|
| 108 | + UserManager::create_user($userdata, $userdata, '5', $userdata, $login, 'casplaceholder', '','','','',CAS_AUTH_SOURCE); |
|
| 109 | + $user_added = $login; |
|
| 110 | + break; |
|
| 111 | + case LDAP_AUTH_SOURCE : |
|
| 112 | + // user info are read from ldap connexion |
|
| 113 | + // get user info from ldap server |
|
| 114 | + // user has already been authenticated by CAS |
|
| 115 | + // If user not found in LDAP, user not created |
|
| 116 | + $ldapuser = extldap_authenticate($login, 'nopass', true); |
|
| 117 | + if ($ldapuser !== false) { |
|
| 118 | + $chamilo_user = extldap_get_chamilo_user($ldapuser); |
|
| 119 | 119 | $chamilo_user['username'] = $login; |
| 120 | 120 | $chamilo_user['auth_source'] = CAS_AUTH_SOURCE; |
| 121 | 121 | $chamilo_uid = external_add_user($chamilo_user); |
| 122 | - $user_added = $login; |
|
| 123 | - } |
|
| 124 | - break; |
|
| 125 | - default : break; |
|
| 126 | - } |
|
| 127 | - return $user_added; |
|
| 128 | - } |
|
| 129 | - } |
|
| 122 | + $user_added = $login; |
|
| 123 | + } |
|
| 124 | + break; |
|
| 125 | + default : break; |
|
| 126 | + } |
|
| 127 | + return $user_added; |
|
| 128 | + } |
|
| 129 | + } |
|
| 130 | 130 | // //If the user is in the dokeos database and we are ,not in a logout request, we upgrade his infomration by ldap |
| 131 | 131 | // if (! $logout){ |
| 132 | 132 | // $user_table = Database::get_main_table(TABLE_MAIN_USER); |
@@ -148,10 +148,10 @@ discard block |
||
| 148 | 148 | // |
| 149 | 149 | // } |
| 150 | 150 | // } |
| 151 | - return $login; |
|
| 151 | + return $login; |
|
| 152 | 152 | } else { |
| 153 | - return false; |
|
| 154 | - } |
|
| 153 | + return false; |
|
| 154 | + } |
|
| 155 | 155 | } |
| 156 | 156 | |
| 157 | 157 | /** |
@@ -516,7 +516,7 @@ discard block |
||
| 516 | 516 | /** |
| 517 | 517 | * Logs a string in debug mode. |
| 518 | 518 | * |
| 519 | - * @param $str the string to write |
|
| 519 | + * @param string $str the string to write |
|
| 520 | 520 | * |
| 521 | 521 | * @private |
| 522 | 522 | */ |
@@ -537,7 +537,7 @@ discard block |
||
| 537 | 537 | * This method is used by interface methods to print an error and where the function |
| 538 | 538 | * was originally called from. |
| 539 | 539 | * |
| 540 | - * @param $msg the message to print |
|
| 540 | + * @param string $msg the message to print |
|
| 541 | 541 | * |
| 542 | 542 | * @private |
| 543 | 543 | */ |
@@ -664,7 +664,7 @@ discard block |
||
| 664 | 664 | /** |
| 665 | 665 | * This method returns the phpCAS version. |
| 666 | 666 | * |
| 667 | - * @return the phpCAS version. |
|
| 667 | + * @return string phpCAS version. |
|
| 668 | 668 | */ |
| 669 | 669 | function getVersion() {
|
| 670 | 670 | return PHPCAS_VERSION; |
@@ -1070,7 +1070,7 @@ discard block |
||
| 1070 | 1070 | * @warning should not be called only after phpCAS::forceAuthentication() |
| 1071 | 1071 | * or phpCAS::checkAuthentication(). |
| 1072 | 1072 | * |
| 1073 | - * @return the login name of the authenticated user |
|
| 1073 | + * @return string login name of the authenticated user |
|
| 1074 | 1074 | */ |
| 1075 | 1075 | function getUser() {
|
| 1076 | 1076 | global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
@@ -33,14 +33,14 @@ discard block |
||
| 33 | 33 | // hack by Vangelis Haniotakis to handle the absence of $_SERVER['REQUEST_URI'] in IIS |
| 34 | 34 | // |
| 35 | 35 | if (!$_SERVER['REQUEST_URI']) {
|
| 36 | - $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING']; |
|
| 36 | + $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING']; |
|
| 37 | 37 | } |
| 38 | 38 | |
| 39 | 39 | // |
| 40 | 40 | // another one by Vangelis Haniotakis also to make phpCAS work with PHP5 |
| 41 | 41 | // |
| 42 | 42 | if (version_compare(PHP_VERSION, '5', '>=')) {
|
| 43 | - require_once (dirname(__FILE__) . '/CAS/domxml-php4-to-php5.php'); |
|
| 43 | + require_once (dirname(__FILE__) . '/CAS/domxml-php4-to-php5.php'); |
|
| 44 | 44 | } |
| 45 | 45 | |
| 46 | 46 | /** |
@@ -282,10 +282,10 @@ discard block |
||
| 282 | 282 | * @hideinitializer |
| 283 | 283 | */ |
| 284 | 284 | $GLOBALS['PHPCAS_INIT_CALL'] = array ( |
| 285 | - 'done' => FALSE, |
|
| 286 | - 'file' => '?', |
|
| 287 | - 'line' => -1, |
|
| 288 | - 'method' => '?' |
|
| 285 | + 'done' => FALSE, |
|
| 286 | + 'file' => '?', |
|
| 287 | + 'line' => -1, |
|
| 288 | + 'method' => '?' |
|
| 289 | 289 | ); |
| 290 | 290 | |
| 291 | 291 | /** |
@@ -295,11 +295,11 @@ discard block |
||
| 295 | 295 | * @hideinitializer |
| 296 | 296 | */ |
| 297 | 297 | $GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array ( |
| 298 | - 'done' => FALSE, |
|
| 299 | - 'file' => '?', |
|
| 300 | - 'line' => -1, |
|
| 301 | - 'method' => '?', |
|
| 302 | - 'result' => FALSE |
|
| 298 | + 'done' => FALSE, |
|
| 299 | + 'file' => '?', |
|
| 300 | + 'line' => -1, |
|
| 301 | + 'method' => '?', |
|
| 302 | + 'result' => FALSE |
|
| 303 | 303 | ); |
| 304 | 304 | |
| 305 | 305 | /** |
@@ -308,9 +308,9 @@ discard block |
||
| 308 | 308 | * @hideinitializer |
| 309 | 309 | */ |
| 310 | 310 | $GLOBALS['PHPCAS_DEBUG'] = array ( |
| 311 | - 'filename' => '/tmp/cas.log', |
|
| 312 | - 'indent' => 0, |
|
| 313 | - 'unique_id' => '' |
|
| 311 | + 'filename' => '/tmp/cas.log', |
|
| 312 | + 'indent' => 0, |
|
| 313 | + 'unique_id' => '' |
|
| 314 | 314 | ); |
| 315 | 315 | |
| 316 | 316 | /** @} */ |
@@ -340,1141 +340,1141 @@ discard block |
||
| 340 | 340 | |
| 341 | 341 | class phpCAS {
|
| 342 | 342 | |
| 343 | - // ######################################################################## |
|
| 344 | - // INITIALIZATION |
|
| 345 | - // ######################################################################## |
|
| 346 | - |
|
| 347 | - /** |
|
| 348 | - * @addtogroup publicInit |
|
| 349 | - * @{
|
|
| 350 | - */ |
|
| 351 | - |
|
| 352 | - /** |
|
| 353 | - * phpCAS client initializer. |
|
| 354 | - * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be |
|
| 355 | - * called, only once, and before all other methods (except phpCAS::getVersion() |
|
| 356 | - * and phpCAS::setDebug()). |
|
| 357 | - * |
|
| 358 | - * @param $server_version the version of the CAS server |
|
| 359 | - * @param $server_hostname the hostname of the CAS server |
|
| 360 | - * @param $server_port the port the CAS server is running on |
|
| 361 | - * @param $server_uri the URI the CAS server is responding on |
|
| 362 | - * @param $start_session Have phpCAS start PHP sessions (default true) |
|
| 363 | - * |
|
| 364 | - * @return a newly created CASClient object |
|
| 365 | - */ |
|
| 366 | - function client($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) {
|
|
| 367 | - global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL; |
|
| 368 | - |
|
| 369 | - phpCAS :: traceBegin(); |
|
| 370 | - if (is_object($PHPCAS_CLIENT)) {
|
|
| 371 | - phpCAS :: error($PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . $PHPCAS_INIT_CALL['file'] . ':' . $PHPCAS_INIT_CALL['line'] . ')'); |
|
| 372 | - } |
|
| 373 | - if (gettype($server_version) != 'string') {
|
|
| 374 | - phpCAS :: error('type mismatched for parameter $server_version (should be `string\')');
|
|
| 375 | - } |
|
| 376 | - if (gettype($server_hostname) != 'string') {
|
|
| 377 | - phpCAS :: error('type mismatched for parameter $server_hostname (should be `string\')');
|
|
| 378 | - } |
|
| 379 | - if (gettype($server_port) != 'integer') {
|
|
| 380 | - phpCAS :: error('type mismatched for parameter $server_port (should be `integer\')');
|
|
| 381 | - } |
|
| 382 | - if (gettype($server_uri) != 'string') {
|
|
| 383 | - phpCAS :: error('type mismatched for parameter $server_uri (should be `string\')');
|
|
| 384 | - } |
|
| 385 | - |
|
| 386 | - // store where the initializer is called from |
|
| 387 | - $dbg = phpCAS :: backtrace(); |
|
| 388 | - $PHPCAS_INIT_CALL = array ( |
|
| 389 | - 'done' => TRUE, |
|
| 390 | - 'file' => $dbg[0]['file'], |
|
| 391 | - 'line' => $dbg[0]['line'], |
|
| 392 | - 'method' => __CLASS__ . '::' . __FUNCTION__ |
|
| 393 | - ); |
|
| 394 | - |
|
| 395 | - // initialize the global object $PHPCAS_CLIENT |
|
| 396 | - $PHPCAS_CLIENT = new CASClient($server_version, FALSE /*proxy*/ |
|
| 397 | - , $server_hostname, $server_port, $server_uri, $start_session); |
|
| 398 | - phpCAS :: traceEnd(); |
|
| 399 | - } |
|
| 400 | - |
|
| 401 | - /** |
|
| 402 | - * phpCAS proxy initializer. |
|
| 403 | - * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be |
|
| 404 | - * called, only once, and before all other methods (except phpCAS::getVersion() |
|
| 405 | - * and phpCAS::setDebug()). |
|
| 406 | - * |
|
| 407 | - * @param $server_version the version of the CAS server |
|
| 408 | - * @param $server_hostname the hostname of the CAS server |
|
| 409 | - * @param $server_port the port the CAS server is running on |
|
| 410 | - * @param $server_uri the URI the CAS server is responding on |
|
| 411 | - * @param $start_session Have phpCAS start PHP sessions (default true) |
|
| 412 | - * |
|
| 413 | - * @return a newly created CASClient object |
|
| 414 | - */ |
|
| 415 | - function proxy($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) {
|
|
| 416 | - global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL; |
|
| 417 | - |
|
| 418 | - phpCAS :: traceBegin(); |
|
| 419 | - if (is_object($PHPCAS_CLIENT)) {
|
|
| 420 | - phpCAS :: error($PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . $PHPCAS_INIT_CALL['file'] . ':' . $PHPCAS_INIT_CALL['line'] . ')'); |
|
| 421 | - } |
|
| 422 | - if (gettype($server_version) != 'string') {
|
|
| 423 | - phpCAS :: error('type mismatched for parameter $server_version (should be `string\')');
|
|
| 424 | - } |
|
| 425 | - if (gettype($server_hostname) != 'string') {
|
|
| 426 | - phpCAS :: error('type mismatched for parameter $server_hostname (should be `string\')');
|
|
| 427 | - } |
|
| 428 | - if (gettype($server_port) != 'integer') {
|
|
| 429 | - phpCAS :: error('type mismatched for parameter $server_port (should be `integer\')');
|
|
| 430 | - } |
|
| 431 | - if (gettype($server_uri) != 'string') {
|
|
| 432 | - phpCAS :: error('type mismatched for parameter $server_uri (should be `string\')');
|
|
| 433 | - } |
|
| 434 | - |
|
| 435 | - // store where the initialzer is called from |
|
| 436 | - $dbg = phpCAS :: backtrace(); |
|
| 437 | - $PHPCAS_INIT_CALL = array ( |
|
| 438 | - 'done' => TRUE, |
|
| 439 | - 'file' => $dbg[0]['file'], |
|
| 440 | - 'line' => $dbg[0]['line'], |
|
| 441 | - 'method' => __CLASS__ . '::' . __FUNCTION__ |
|
| 442 | - ); |
|
| 443 | - |
|
| 444 | - // initialize the global object $PHPCAS_CLIENT |
|
| 445 | - $PHPCAS_CLIENT = new CASClient($server_version, TRUE /*proxy*/ |
|
| 446 | - , $server_hostname, $server_port, $server_uri, $start_session); |
|
| 447 | - phpCAS :: traceEnd(); |
|
| 448 | - } |
|
| 449 | - |
|
| 450 | - /** @} */ |
|
| 451 | - // ######################################################################## |
|
| 452 | - // DEBUGGING |
|
| 453 | - // ######################################################################## |
|
| 454 | - |
|
| 455 | - /** |
|
| 456 | - * @addtogroup publicDebug |
|
| 457 | - * @{
|
|
| 458 | - */ |
|
| 459 | - |
|
| 460 | - /** |
|
| 461 | - * Set/unset debug mode |
|
| 462 | - * |
|
| 463 | - * @param $filename the name of the file used for logging, or FALSE to stop debugging. |
|
| 464 | - */ |
|
| 465 | - function setDebug($filename = '') {
|
|
| 466 | - global $PHPCAS_DEBUG; |
|
| 467 | - |
|
| 468 | - if ($filename != FALSE && gettype($filename) != 'string') {
|
|
| 469 | - phpCAS :: error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)');
|
|
| 470 | - } |
|
| 471 | - |
|
| 472 | - if (empty ($filename)) {
|
|
| 473 | - if (preg_match('/^Win.*/', getenv('OS'))) {
|
|
| 474 | - if (isset ($_ENV['TMP'])) {
|
|
| 475 | - $debugDir = $_ENV['TMP'] . '/'; |
|
| 476 | - } else |
|
| 477 | - if (isset ($_ENV['TEMP'])) {
|
|
| 478 | - $debugDir = $_ENV['TEMP'] . '/'; |
|
| 479 | - } else {
|
|
| 480 | - $debugDir = ''; |
|
| 481 | - } |
|
| 482 | - } else {
|
|
| 483 | - $debugDir = DEFAULT_DEBUG_DIR; |
|
| 484 | - } |
|
| 485 | - $filename = $debugDir . 'phpCAS.log'; |
|
| 486 | - } |
|
| 487 | - |
|
| 488 | - if (empty ($PHPCAS_DEBUG['unique_id'])) {
|
|
| 489 | - $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))), 0, 4);
|
|
| 490 | - } |
|
| 491 | - |
|
| 492 | - $PHPCAS_DEBUG['filename'] = $filename; |
|
| 493 | - |
|
| 494 | - phpCAS :: trace('START ******************');
|
|
| 495 | - } |
|
| 496 | - |
|
| 497 | - /** @} */ |
|
| 498 | - /** |
|
| 499 | - * @addtogroup internalDebug |
|
| 500 | - * @{
|
|
| 501 | - */ |
|
| 502 | - |
|
| 503 | - /** |
|
| 504 | - * This method is a wrapper for debug_backtrace() that is not available |
|
| 505 | - * in all PHP versions (>= 4.3.0 only) |
|
| 506 | - */ |
|
| 507 | - function backtrace() {
|
|
| 508 | - if (function_exists('debug_backtrace')) {
|
|
| 509 | - return debug_backtrace(); |
|
| 510 | - } else {
|
|
| 511 | - // poor man's hack ... but it does work ... |
|
| 512 | - return array (); |
|
| 513 | - } |
|
| 514 | - } |
|
| 515 | - |
|
| 516 | - /** |
|
| 517 | - * Logs a string in debug mode. |
|
| 518 | - * |
|
| 519 | - * @param $str the string to write |
|
| 520 | - * |
|
| 521 | - * @private |
|
| 522 | - */ |
|
| 523 | - function log($str) {
|
|
| 524 | - $indent_str = "."; |
|
| 525 | - global $PHPCAS_DEBUG; |
|
| 526 | - |
|
| 527 | - if ($PHPCAS_DEBUG['filename']) {
|
|
| 528 | - for ($i = 0; $i < $PHPCAS_DEBUG['indent']; $i++) {
|
|
| 529 | - $indent_str .= '| '; |
|
| 530 | - } |
|
| 531 | - error_log($PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str . $str . "\n", 3, $PHPCAS_DEBUG['filename']); |
|
| 532 | - } |
|
| 533 | - |
|
| 534 | - } |
|
| 535 | - |
|
| 536 | - /** |
|
| 537 | - * This method is used by interface methods to print an error and where the function |
|
| 538 | - * was originally called from. |
|
| 539 | - * |
|
| 540 | - * @param $msg the message to print |
|
| 541 | - * |
|
| 542 | - * @private |
|
| 543 | - */ |
|
| 544 | - function error($msg) {
|
|
| 545 | - $dbg = phpCAS :: backtrace(); |
|
| 546 | - $function = '?'; |
|
| 547 | - $file = '?'; |
|
| 548 | - $line = '?'; |
|
| 549 | - if (is_array($dbg)) {
|
|
| 550 | - for ($i = 1; $i < sizeof($dbg); $i++) {
|
|
| 551 | - if (is_array($dbg[$i])) {
|
|
| 552 | - if ($dbg[$i]['class'] == __CLASS__) {
|
|
| 553 | - $function = $dbg[$i]['function']; |
|
| 554 | - $file = $dbg[$i]['file']; |
|
| 555 | - $line = $dbg[$i]['line']; |
|
| 556 | - } |
|
| 557 | - } |
|
| 558 | - } |
|
| 559 | - } |
|
| 560 | - echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>" . __CLASS__ . "::" . $function . '(): ' . htmlentities($msg) . "</b></font> in <b>" . $file . "</b> on line <b>" . $line . "</b><br />\n"; |
|
| 561 | - phpCAS :: trace($msg); |
|
| 562 | - phpCAS :: traceExit(); |
|
| 563 | - exit (); |
|
| 564 | - } |
|
| 565 | - |
|
| 566 | - /** |
|
| 567 | - * This method is used to log something in debug mode. |
|
| 568 | - */ |
|
| 569 | - function trace($str) {
|
|
| 570 | - $dbg = phpCAS :: backtrace(); |
|
| 571 | - phpCAS :: log($str . ' [' . basename($dbg[1]['file']) . ':' . $dbg[1]['line'] . ']'); |
|
| 572 | - } |
|
| 573 | - |
|
| 574 | - /** |
|
| 575 | - * This method is used to indicate the start of the execution of a function in debug mode. |
|
| 576 | - */ |
|
| 577 | - function traceBegin() {
|
|
| 578 | - global $PHPCAS_DEBUG; |
|
| 579 | - |
|
| 580 | - $dbg = phpCAS :: backtrace(); |
|
| 581 | - $str = '=> '; |
|
| 582 | - if (!empty ($dbg[2]['class'])) {
|
|
| 583 | - $str .= $dbg[2]['class'] . '::'; |
|
| 584 | - } |
|
| 585 | - $str .= $dbg[2]['function'] . '(';
|
|
| 586 | - if (is_array($dbg[2]['args'])) {
|
|
| 587 | - foreach ($dbg[2]['args'] as $index => $arg) {
|
|
| 588 | - if ($index != 0) {
|
|
| 589 | - $str .= ', '; |
|
| 590 | - } |
|
| 591 | - $str .= str_replace("\n", "", var_export($arg, TRUE));
|
|
| 592 | - } |
|
| 593 | - } |
|
| 594 | - $str .= ') [' . basename($dbg[2]['file']) . ':' . $dbg[2]['line'] . ']'; |
|
| 595 | - phpCAS :: log($str); |
|
| 596 | - $PHPCAS_DEBUG['indent']++; |
|
| 597 | - } |
|
| 598 | - |
|
| 599 | - /** |
|
| 600 | - * This method is used to indicate the end of the execution of a function in debug mode. |
|
| 601 | - * |
|
| 602 | - * @param $res the result of the function |
|
| 603 | - */ |
|
| 604 | - function traceEnd($res = '') {
|
|
| 605 | - global $PHPCAS_DEBUG; |
|
| 606 | - |
|
| 607 | - $PHPCAS_DEBUG['indent']--; |
|
| 608 | - $dbg = phpCAS :: backtrace(); |
|
| 609 | - $str = ''; |
|
| 610 | - $str .= '<= ' . str_replace("\n", "", var_export($res, TRUE));
|
|
| 611 | - phpCAS :: log($str); |
|
| 612 | - } |
|
| 613 | - |
|
| 614 | - /** |
|
| 615 | - * This method is used to indicate the end of the execution of the program |
|
| 616 | - */ |
|
| 617 | - function traceExit() {
|
|
| 618 | - global $PHPCAS_DEBUG; |
|
| 619 | - |
|
| 620 | - phpCAS :: log('exit()');
|
|
| 621 | - while ($PHPCAS_DEBUG['indent'] > 0) {
|
|
| 622 | - phpCAS :: log('-');
|
|
| 623 | - $PHPCAS_DEBUG['indent']--; |
|
| 624 | - } |
|
| 625 | - } |
|
| 626 | - |
|
| 627 | - /** @} */ |
|
| 628 | - // ######################################################################## |
|
| 629 | - // INTERNATIONALIZATION |
|
| 630 | - // ######################################################################## |
|
| 631 | - /** |
|
| 632 | - * @addtogroup publicLang |
|
| 633 | - * @{
|
|
| 634 | - */ |
|
| 635 | - |
|
| 636 | - /** |
|
| 637 | - * This method is used to set the language used by phpCAS. |
|
| 638 | - * @note Can be called only once. |
|
| 639 | - * |
|
| 640 | - * @param $lang a string representing the language. |
|
| 641 | - * |
|
| 642 | - * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH |
|
| 643 | - */ |
|
| 644 | - function setLang($lang) {
|
|
| 645 | - global $PHPCAS_CLIENT; |
|
| 646 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 647 | - phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 648 | - } |
|
| 649 | - if (gettype($lang) != 'string') {
|
|
| 650 | - phpCAS :: error('type mismatched for parameter $lang (should be `string\')');
|
|
| 651 | - } |
|
| 652 | - $PHPCAS_CLIENT->setLang($lang); |
|
| 653 | - } |
|
| 654 | - |
|
| 655 | - /** @} */ |
|
| 656 | - // ######################################################################## |
|
| 657 | - // VERSION |
|
| 658 | - // ######################################################################## |
|
| 659 | - /** |
|
| 660 | - * @addtogroup public |
|
| 661 | - * @{
|
|
| 662 | - */ |
|
| 663 | - |
|
| 664 | - /** |
|
| 665 | - * This method returns the phpCAS version. |
|
| 666 | - * |
|
| 667 | - * @return the phpCAS version. |
|
| 668 | - */ |
|
| 669 | - function getVersion() {
|
|
| 670 | - return PHPCAS_VERSION; |
|
| 671 | - } |
|
| 672 | - |
|
| 673 | - /** @} */ |
|
| 674 | - // ######################################################################## |
|
| 675 | - // HTML OUTPUT |
|
| 676 | - // ######################################################################## |
|
| 677 | - /** |
|
| 678 | - * @addtogroup publicOutput |
|
| 679 | - * @{
|
|
| 680 | - */ |
|
| 681 | - |
|
| 682 | - /** |
|
| 683 | - * This method sets the HTML header used for all outputs. |
|
| 684 | - * |
|
| 685 | - * @param $header the HTML header. |
|
| 686 | - */ |
|
| 687 | - function setHTMLHeader($header) {
|
|
| 688 | - global $PHPCAS_CLIENT; |
|
| 689 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 690 | - phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 691 | - } |
|
| 692 | - if (gettype($header) != 'string') {
|
|
| 693 | - phpCAS :: error('type mismatched for parameter $header (should be `string\')');
|
|
| 694 | - } |
|
| 695 | - $PHPCAS_CLIENT->setHTMLHeader($header); |
|
| 696 | - } |
|
| 697 | - |
|
| 698 | - /** |
|
| 699 | - * This method sets the HTML footer used for all outputs. |
|
| 700 | - * |
|
| 701 | - * @param $footer the HTML footer. |
|
| 702 | - */ |
|
| 703 | - function setHTMLFooter($footer) {
|
|
| 704 | - global $PHPCAS_CLIENT; |
|
| 705 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 706 | - phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 707 | - } |
|
| 708 | - if (gettype($footer) != 'string') {
|
|
| 709 | - phpCAS :: error('type mismatched for parameter $footer (should be `string\')');
|
|
| 710 | - } |
|
| 711 | - $PHPCAS_CLIENT->setHTMLFooter($footer); |
|
| 712 | - } |
|
| 713 | - |
|
| 714 | - /** @} */ |
|
| 715 | - // ######################################################################## |
|
| 716 | - // PGT STORAGE |
|
| 717 | - // ######################################################################## |
|
| 718 | - /** |
|
| 719 | - * @addtogroup publicPGTStorage |
|
| 720 | - * @{
|
|
| 721 | - */ |
|
| 722 | - |
|
| 723 | - /** |
|
| 724 | - * This method is used to tell phpCAS to store the response of the |
|
| 725 | - * CAS server to PGT requests onto the filesystem. |
|
| 726 | - * |
|
| 727 | - * @param $format the format used to store the PGT's (`plain' and `xml' allowed) |
|
| 728 | - * @param $path the path where the PGT's should be stored |
|
| 729 | - */ |
|
| 730 | - function setPGTStorageFile($format = '', $path = '') {
|
|
| 731 | - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 732 | - |
|
| 733 | - phpCAS :: traceBegin(); |
|
| 734 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 735 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 736 | - } |
|
| 737 | - if (!$PHPCAS_CLIENT->isProxy()) {
|
|
| 738 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 739 | - } |
|
| 740 | - if ($PHPCAS_AUTH_CHECK_CALL['done']) {
|
|
| 741 | - phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')');
|
|
| 742 | - } |
|
| 743 | - if (gettype($format) != 'string') {
|
|
| 744 | - phpCAS :: error('type mismatched for parameter $format (should be `string\')');
|
|
| 745 | - } |
|
| 746 | - if (gettype($path) != 'string') {
|
|
| 747 | - phpCAS :: error('type mismatched for parameter $format (should be `string\')');
|
|
| 748 | - } |
|
| 749 | - $PHPCAS_CLIENT->setPGTStorageFile($format, $path); |
|
| 750 | - phpCAS :: traceEnd(); |
|
| 751 | - } |
|
| 752 | - |
|
| 753 | - /** |
|
| 754 | - * This method is used to tell phpCAS to store the response of the |
|
| 755 | - * CAS server to PGT requests into a database. |
|
| 756 | - * @note The connection to the database is done only when needed. |
|
| 757 | - * As a consequence, bad parameters are detected only when |
|
| 758 | - * initializing PGT storage, except in debug mode. |
|
| 759 | - * |
|
| 760 | - * @param $user the user to access the data with |
|
| 761 | - * @param $password the user's password |
|
| 762 | - * @param $database_type the type of the database hosting the data |
|
| 763 | - * @param $hostname the server hosting the database |
|
| 764 | - * @param $port the port the server is listening on |
|
| 765 | - * @param $database the name of the database |
|
| 766 | - * @param $table the name of the table storing the data |
|
| 767 | - */ |
|
| 768 | - function setPGTStorageDB($user, $password, $database_type = '', $hostname = '', $port = 0, $database = '', $table = '') {
|
|
| 769 | - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 770 | - |
|
| 771 | - phpCAS :: traceBegin(); |
|
| 772 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 773 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 774 | - } |
|
| 775 | - if (!$PHPCAS_CLIENT->isProxy()) {
|
|
| 776 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 777 | - } |
|
| 778 | - if ($PHPCAS_AUTH_CHECK_CALL['done']) {
|
|
| 779 | - phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')');
|
|
| 780 | - } |
|
| 781 | - if (gettype($user) != 'string') {
|
|
| 782 | - phpCAS :: error('type mismatched for parameter $user (should be `string\')');
|
|
| 783 | - } |
|
| 784 | - if (gettype($password) != 'string') {
|
|
| 785 | - phpCAS :: error('type mismatched for parameter $password (should be `string\')');
|
|
| 786 | - } |
|
| 787 | - if (gettype($database_type) != 'string') {
|
|
| 788 | - phpCAS :: error('type mismatched for parameter $database_type (should be `string\')');
|
|
| 789 | - } |
|
| 790 | - if (gettype($hostname) != 'string') {
|
|
| 791 | - phpCAS :: error('type mismatched for parameter $hostname (should be `string\')');
|
|
| 792 | - } |
|
| 793 | - if (gettype($port) != 'integer') {
|
|
| 794 | - phpCAS :: error('type mismatched for parameter $port (should be `integer\')');
|
|
| 795 | - } |
|
| 796 | - if (gettype($database) != 'string') {
|
|
| 797 | - phpCAS :: error('type mismatched for parameter $database (should be `string\')');
|
|
| 798 | - } |
|
| 799 | - if (gettype($table) != 'string') {
|
|
| 800 | - phpCAS :: error('type mismatched for parameter $table (should be `string\')');
|
|
| 801 | - } |
|
| 802 | - $PHPCAS_CLIENT->setPGTStorageDB($user, $password, $database_type, $hostname, $port, $database, $table); |
|
| 803 | - phpCAS :: traceEnd(); |
|
| 804 | - } |
|
| 805 | - |
|
| 806 | - /** @} */ |
|
| 807 | - // ######################################################################## |
|
| 808 | - // ACCESS TO EXTERNAL SERVICES |
|
| 809 | - // ######################################################################## |
|
| 810 | - /** |
|
| 811 | - * @addtogroup publicServices |
|
| 812 | - * @{
|
|
| 813 | - */ |
|
| 814 | - |
|
| 815 | - /** |
|
| 816 | - * This method is used to access an HTTP[S] service. |
|
| 817 | - * |
|
| 818 | - * @param $url the service to access. |
|
| 819 | - * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on |
|
| 820 | - * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, |
|
| 821 | - * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE. |
|
| 822 | - * @param $output the output of the service (also used to give an error |
|
| 823 | - * message on failure). |
|
| 824 | - * |
|
| 825 | - * @return TRUE on success, FALSE otherwise (in this later case, $err_code |
|
| 826 | - * gives the reason why it failed and $output contains an error message). |
|
| 827 | - */ |
|
| 828 | - function serviceWeb($url, & $err_code, & $output) {
|
|
| 829 | - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 830 | - |
|
| 831 | - phpCAS :: traceBegin(); |
|
| 832 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 833 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 834 | - } |
|
| 835 | - if (!$PHPCAS_CLIENT->isProxy()) {
|
|
| 836 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 837 | - } |
|
| 838 | - if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
|
|
| 839 | - phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()');
|
|
| 840 | - } |
|
| 841 | - if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
|
|
| 842 | - phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');
|
|
| 843 | - } |
|
| 844 | - if (gettype($url) != 'string') {
|
|
| 845 | - phpCAS :: error('type mismatched for parameter $url (should be `string\')');
|
|
| 846 | - } |
|
| 847 | - |
|
| 848 | - $res = $PHPCAS_CLIENT->serviceWeb($url, $err_code, $output); |
|
| 849 | - |
|
| 850 | - phpCAS :: traceEnd($res); |
|
| 851 | - return $res; |
|
| 852 | - } |
|
| 853 | - |
|
| 854 | - /** |
|
| 855 | - * This method is used to access an IMAP/POP3/NNTP service. |
|
| 856 | - * |
|
| 857 | - * @param $url a string giving the URL of the service, including the mailing box |
|
| 858 | - * for IMAP URLs, as accepted by imap_open(). |
|
| 859 | - * @param $service a string giving for CAS retrieve Proxy ticket |
|
| 860 | - * @param $flags options given to imap_open(). |
|
| 861 | - * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on |
|
| 862 | - * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, |
|
| 863 | - * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE. |
|
| 864 | - * @param $err_msg an error message on failure |
|
| 865 | - * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL |
|
| 866 | - * on success, FALSE on error). |
|
| 867 | - * |
|
| 868 | - * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code |
|
| 869 | - * gives the reason why it failed and $err_msg contains an error message). |
|
| 870 | - */ |
|
| 871 | - function serviceMail($url, $service, $flags, & $err_code, & $err_msg, & $pt) {
|
|
| 872 | - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 873 | - |
|
| 874 | - phpCAS :: traceBegin(); |
|
| 875 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 876 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 877 | - } |
|
| 878 | - if (!$PHPCAS_CLIENT->isProxy()) {
|
|
| 879 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 880 | - } |
|
| 881 | - if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
|
|
| 882 | - phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()');
|
|
| 883 | - } |
|
| 884 | - if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
|
|
| 885 | - phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');
|
|
| 886 | - } |
|
| 887 | - if (gettype($url) != 'string') {
|
|
| 888 | - phpCAS :: error('type mismatched for parameter $url (should be `string\')');
|
|
| 889 | - } |
|
| 890 | - |
|
| 891 | - if (gettype($flags) != 'integer') {
|
|
| 892 | - phpCAS :: error('type mismatched for parameter $flags (should be `integer\')');
|
|
| 893 | - } |
|
| 894 | - |
|
| 895 | - $res = $PHPCAS_CLIENT->serviceMail($url, $service, $flags, $err_code, $err_msg, $pt); |
|
| 896 | - |
|
| 897 | - phpCAS :: traceEnd($res); |
|
| 898 | - return $res; |
|
| 899 | - } |
|
| 900 | - |
|
| 901 | - /** @} */ |
|
| 902 | - // ######################################################################## |
|
| 903 | - // AUTHENTICATION |
|
| 904 | - // ######################################################################## |
|
| 905 | - /** |
|
| 906 | - * @addtogroup publicAuth |
|
| 907 | - * @{
|
|
| 908 | - */ |
|
| 909 | - |
|
| 910 | - /** |
|
| 911 | - * Set the times authentication will be cached before really accessing the CAS server in gateway mode: |
|
| 912 | - * - -1: check only once, and then never again (until you pree login) |
|
| 913 | - * - 0: always check |
|
| 914 | - * - n: check every "n" time |
|
| 915 | - * |
|
| 916 | - * @param $n an integer. |
|
| 917 | - */ |
|
| 918 | - function setCacheTimesForAuthRecheck($n) {
|
|
| 919 | - global $PHPCAS_CLIENT; |
|
| 920 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 921 | - phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 922 | - } |
|
| 923 | - if (gettype($n) != 'integer') {
|
|
| 924 | - phpCAS :: error('type mismatched for parameter $header (should be `string\')');
|
|
| 925 | - } |
|
| 926 | - $PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n); |
|
| 927 | - } |
|
| 928 | - |
|
| 929 | - /** |
|
| 930 | - * This method is called to check if the user is authenticated (use the gateway feature). |
|
| 931 | - * @return TRUE when the user is authenticated; otherwise FALSE. |
|
| 932 | - */ |
|
| 933 | - function checkAuthentication() {
|
|
| 934 | - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 935 | - |
|
| 936 | - phpCAS :: traceBegin(); |
|
| 937 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 938 | - phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 939 | - } |
|
| 940 | - |
|
| 941 | - $auth = $PHPCAS_CLIENT->checkAuthentication(); |
|
| 942 | - |
|
| 943 | - // store where the authentication has been checked and the result |
|
| 944 | - $dbg = phpCAS :: backtrace(); |
|
| 945 | - $PHPCAS_AUTH_CHECK_CALL = array ( |
|
| 946 | - 'done' => TRUE, |
|
| 947 | - 'file' => $dbg[0]['file'], |
|
| 948 | - 'line' => $dbg[0]['line'], |
|
| 949 | - 'method' => __CLASS__ . '::' . __FUNCTION__, |
|
| 950 | - 'result' => $auth |
|
| 951 | - ); |
|
| 952 | - phpCAS :: traceEnd($auth); |
|
| 953 | - return $auth; |
|
| 954 | - } |
|
| 955 | - |
|
| 956 | - /** |
|
| 957 | - * This method is called to force authentication if the user was not already |
|
| 958 | - * authenticated. If the user is not authenticated, halt by redirecting to |
|
| 959 | - * the CAS server. |
|
| 960 | - */ |
|
| 961 | - function forceAuthentication() {
|
|
| 962 | - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 963 | - |
|
| 964 | - phpCAS :: traceBegin(); |
|
| 965 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 966 | - phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 967 | - } |
|
| 968 | - |
|
| 969 | - $auth = $PHPCAS_CLIENT->forceAuthentication(); |
|
| 970 | - |
|
| 971 | - // store where the authentication has been checked and the result |
|
| 972 | - $dbg = phpCAS :: backtrace(); |
|
| 973 | - $PHPCAS_AUTH_CHECK_CALL = array ( |
|
| 974 | - 'done' => TRUE, |
|
| 975 | - 'file' => $dbg[0]['file'], |
|
| 976 | - 'line' => $dbg[0]['line'], |
|
| 977 | - 'method' => __CLASS__ . '::' . __FUNCTION__, |
|
| 978 | - 'result' => $auth |
|
| 979 | - ); |
|
| 980 | - |
|
| 981 | - if (!$auth) {
|
|
| 982 | - phpCAS :: trace('user is not authenticated, redirecting to the CAS server');
|
|
| 983 | - $PHPCAS_CLIENT->forceAuthentication(); |
|
| 984 | - } else {
|
|
| 985 | - phpCAS :: trace('no need to authenticate (user `' . phpCAS :: getUser() . '\' is already authenticated)');
|
|
| 986 | - } |
|
| 987 | - |
|
| 988 | - phpCAS :: traceEnd(); |
|
| 989 | - return $auth; |
|
| 990 | - } |
|
| 991 | - |
|
| 992 | - /** |
|
| 993 | - * This method is called to renew the authentication. |
|
| 994 | - **/ |
|
| 995 | - function renewAuthentication() {
|
|
| 996 | - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 997 | - |
|
| 998 | - phpCAS :: traceBegin(); |
|
| 999 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1000 | - phpCAS :: error('this method should not be called before' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 1001 | - } |
|
| 1002 | - |
|
| 1003 | - // store where the authentication has been checked and the result |
|
| 1004 | - $dbg = phpCAS :: backtrace(); |
|
| 1005 | - $PHPCAS_AUTH_CHECK_CALL = array ( |
|
| 1006 | - 'done' => TRUE, |
|
| 1007 | - 'file' => $dbg[0]['file'], |
|
| 1008 | - 'line' => $dbg[0]['line'], |
|
| 1009 | - 'method' => __CLASS__ . '::' . __FUNCTION__, |
|
| 1010 | - 'result' => $auth |
|
| 1011 | - ); |
|
| 1012 | - |
|
| 1013 | - $PHPCAS_CLIENT->renewAuthentication(); |
|
| 1014 | - phpCAS :: traceEnd(); |
|
| 1015 | - } |
|
| 1016 | - |
|
| 1017 | - /** |
|
| 1018 | - * This method has been left from version 0.4.1 for compatibility reasons. |
|
| 1019 | - */ |
|
| 1020 | - function authenticate() {
|
|
| 1021 | - phpCAS :: error('this method is deprecated. You should use ' . __CLASS__ . '::forceAuthentication() instead');
|
|
| 1022 | - } |
|
| 1023 | - |
|
| 1024 | - /** |
|
| 1025 | - * This method is called to check if the user is authenticated (previously or by |
|
| 1026 | - * tickets given in the URL). |
|
| 1027 | - * |
|
| 1028 | - * @return TRUE when the user is authenticated. |
|
| 1029 | - */ |
|
| 1030 | - function isAuthenticated() {
|
|
| 1031 | - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 1032 | - |
|
| 1033 | - phpCAS :: traceBegin(); |
|
| 1034 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1035 | - phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 1036 | - } |
|
| 1037 | - |
|
| 1038 | - // call the isAuthenticated method of the global $PHPCAS_CLIENT object |
|
| 1039 | - $auth = $PHPCAS_CLIENT->isAuthenticated(); |
|
| 1040 | - |
|
| 1041 | - // store where the authentication has been checked and the result |
|
| 1042 | - $dbg = phpCAS :: backtrace(); |
|
| 1043 | - $PHPCAS_AUTH_CHECK_CALL = array ( |
|
| 1044 | - 'done' => TRUE, |
|
| 1045 | - 'file' => $dbg[0]['file'], |
|
| 1046 | - 'line' => $dbg[0]['line'], |
|
| 1047 | - 'method' => __CLASS__ . '::' . __FUNCTION__, |
|
| 1048 | - 'result' => $auth |
|
| 1049 | - ); |
|
| 1050 | - phpCAS :: traceEnd($auth); |
|
| 1051 | - return $auth; |
|
| 1052 | - } |
|
| 1053 | - |
|
| 1054 | - /** |
|
| 1055 | - * Checks whether authenticated based on $_SESSION. Useful to avoid |
|
| 1056 | - * server calls. |
|
| 1057 | - * @return true if authenticated, false otherwise. |
|
| 1058 | - * @since 0.4.22 by Brendan Arnold |
|
| 1059 | - */ |
|
| 1060 | - function isSessionAuthenticated() {
|
|
| 1061 | - global $PHPCAS_CLIENT; |
|
| 1062 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1063 | - phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 1064 | - } |
|
| 1065 | - return ($PHPCAS_CLIENT->isSessionAuthenticated()); |
|
| 1066 | - } |
|
| 1067 | - |
|
| 1068 | - /** |
|
| 1069 | - * This method returns the CAS user's login name. |
|
| 1070 | - * @warning should not be called only after phpCAS::forceAuthentication() |
|
| 1071 | - * or phpCAS::checkAuthentication(). |
|
| 1072 | - * |
|
| 1073 | - * @return the login name of the authenticated user |
|
| 1074 | - */ |
|
| 1075 | - function getUser() {
|
|
| 1076 | - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 1077 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1078 | - phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 1079 | - } |
|
| 1080 | - if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
|
|
| 1081 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()');
|
|
| 1082 | - } |
|
| 1083 | - if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
|
|
| 1084 | - phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');
|
|
| 1085 | - } |
|
| 1086 | - return $PHPCAS_CLIENT->getUser(); |
|
| 1087 | - } |
|
| 1088 | - |
|
| 1089 | - /** |
|
| 1090 | - * This method returns the CAS user's login name. |
|
| 1091 | - * @warning should not be called only after phpCAS::forceAuthentication() |
|
| 1092 | - * or phpCAS::checkAuthentication(). |
|
| 1093 | - * |
|
| 1094 | - * @return the login name of the authenticated user |
|
| 1095 | - */ |
|
| 1096 | - function getAttributes() {
|
|
| 1097 | - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 1098 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1099 | - phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 1100 | - } |
|
| 1101 | - if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
|
|
| 1102 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()');
|
|
| 1103 | - } |
|
| 1104 | - if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
|
|
| 1105 | - phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');
|
|
| 1106 | - } |
|
| 1107 | - return $PHPCAS_CLIENT->getAttributes(); |
|
| 1108 | - } |
|
| 1109 | - /** |
|
| 1110 | - * Handle logout requests. |
|
| 1111 | - */ |
|
| 1112 | - function handleLogoutRequests($check_client = true, $allowed_clients = false) {
|
|
| 1113 | - global $PHPCAS_CLIENT; |
|
| 1114 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1115 | - phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 1116 | - } |
|
| 1117 | - return ($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients)); |
|
| 1118 | - } |
|
| 1119 | - |
|
| 1120 | - /** |
|
| 1121 | - * This method returns the URL to be used to login. |
|
| 1122 | - * or phpCAS::isAuthenticated(). |
|
| 1123 | - * |
|
| 1124 | - * @return the login name of the authenticated user |
|
| 1125 | - */ |
|
| 1126 | - function getServerLoginURL() {
|
|
| 1127 | - global $PHPCAS_CLIENT; |
|
| 1128 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1129 | - phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 1130 | - } |
|
| 1131 | - return $PHPCAS_CLIENT->getServerLoginURL(); |
|
| 1132 | - } |
|
| 1133 | - |
|
| 1134 | - /** |
|
| 1135 | - * Set the login URL of the CAS server. |
|
| 1136 | - * @param $url the login URL |
|
| 1137 | - * @since 0.4.21 by Wyman Chan |
|
| 1138 | - */ |
|
| 1139 | - function setServerLoginURL($url = '') {
|
|
| 1140 | - global $PHPCAS_CLIENT; |
|
| 1141 | - phpCAS :: traceBegin(); |
|
| 1142 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1143 | - phpCAS :: error('this method should only be called after
|
|
| 343 | + // ######################################################################## |
|
| 344 | + // INITIALIZATION |
|
| 345 | + // ######################################################################## |
|
| 346 | + |
|
| 347 | + /** |
|
| 348 | + * @addtogroup publicInit |
|
| 349 | + * @{
|
|
| 350 | + */ |
|
| 351 | + |
|
| 352 | + /** |
|
| 353 | + * phpCAS client initializer. |
|
| 354 | + * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be |
|
| 355 | + * called, only once, and before all other methods (except phpCAS::getVersion() |
|
| 356 | + * and phpCAS::setDebug()). |
|
| 357 | + * |
|
| 358 | + * @param $server_version the version of the CAS server |
|
| 359 | + * @param $server_hostname the hostname of the CAS server |
|
| 360 | + * @param $server_port the port the CAS server is running on |
|
| 361 | + * @param $server_uri the URI the CAS server is responding on |
|
| 362 | + * @param $start_session Have phpCAS start PHP sessions (default true) |
|
| 363 | + * |
|
| 364 | + * @return a newly created CASClient object |
|
| 365 | + */ |
|
| 366 | + function client($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) {
|
|
| 367 | + global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL; |
|
| 368 | + |
|
| 369 | + phpCAS :: traceBegin(); |
|
| 370 | + if (is_object($PHPCAS_CLIENT)) {
|
|
| 371 | + phpCAS :: error($PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . $PHPCAS_INIT_CALL['file'] . ':' . $PHPCAS_INIT_CALL['line'] . ')'); |
|
| 372 | + } |
|
| 373 | + if (gettype($server_version) != 'string') {
|
|
| 374 | + phpCAS :: error('type mismatched for parameter $server_version (should be `string\')');
|
|
| 375 | + } |
|
| 376 | + if (gettype($server_hostname) != 'string') {
|
|
| 377 | + phpCAS :: error('type mismatched for parameter $server_hostname (should be `string\')');
|
|
| 378 | + } |
|
| 379 | + if (gettype($server_port) != 'integer') {
|
|
| 380 | + phpCAS :: error('type mismatched for parameter $server_port (should be `integer\')');
|
|
| 381 | + } |
|
| 382 | + if (gettype($server_uri) != 'string') {
|
|
| 383 | + phpCAS :: error('type mismatched for parameter $server_uri (should be `string\')');
|
|
| 384 | + } |
|
| 385 | + |
|
| 386 | + // store where the initializer is called from |
|
| 387 | + $dbg = phpCAS :: backtrace(); |
|
| 388 | + $PHPCAS_INIT_CALL = array ( |
|
| 389 | + 'done' => TRUE, |
|
| 390 | + 'file' => $dbg[0]['file'], |
|
| 391 | + 'line' => $dbg[0]['line'], |
|
| 392 | + 'method' => __CLASS__ . '::' . __FUNCTION__ |
|
| 393 | + ); |
|
| 394 | + |
|
| 395 | + // initialize the global object $PHPCAS_CLIENT |
|
| 396 | + $PHPCAS_CLIENT = new CASClient($server_version, FALSE /*proxy*/ |
|
| 397 | + , $server_hostname, $server_port, $server_uri, $start_session); |
|
| 398 | + phpCAS :: traceEnd(); |
|
| 399 | + } |
|
| 400 | + |
|
| 401 | + /** |
|
| 402 | + * phpCAS proxy initializer. |
|
| 403 | + * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be |
|
| 404 | + * called, only once, and before all other methods (except phpCAS::getVersion() |
|
| 405 | + * and phpCAS::setDebug()). |
|
| 406 | + * |
|
| 407 | + * @param $server_version the version of the CAS server |
|
| 408 | + * @param $server_hostname the hostname of the CAS server |
|
| 409 | + * @param $server_port the port the CAS server is running on |
|
| 410 | + * @param $server_uri the URI the CAS server is responding on |
|
| 411 | + * @param $start_session Have phpCAS start PHP sessions (default true) |
|
| 412 | + * |
|
| 413 | + * @return a newly created CASClient object |
|
| 414 | + */ |
|
| 415 | + function proxy($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) {
|
|
| 416 | + global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL; |
|
| 417 | + |
|
| 418 | + phpCAS :: traceBegin(); |
|
| 419 | + if (is_object($PHPCAS_CLIENT)) {
|
|
| 420 | + phpCAS :: error($PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . $PHPCAS_INIT_CALL['file'] . ':' . $PHPCAS_INIT_CALL['line'] . ')'); |
|
| 421 | + } |
|
| 422 | + if (gettype($server_version) != 'string') {
|
|
| 423 | + phpCAS :: error('type mismatched for parameter $server_version (should be `string\')');
|
|
| 424 | + } |
|
| 425 | + if (gettype($server_hostname) != 'string') {
|
|
| 426 | + phpCAS :: error('type mismatched for parameter $server_hostname (should be `string\')');
|
|
| 427 | + } |
|
| 428 | + if (gettype($server_port) != 'integer') {
|
|
| 429 | + phpCAS :: error('type mismatched for parameter $server_port (should be `integer\')');
|
|
| 430 | + } |
|
| 431 | + if (gettype($server_uri) != 'string') {
|
|
| 432 | + phpCAS :: error('type mismatched for parameter $server_uri (should be `string\')');
|
|
| 433 | + } |
|
| 434 | + |
|
| 435 | + // store where the initialzer is called from |
|
| 436 | + $dbg = phpCAS :: backtrace(); |
|
| 437 | + $PHPCAS_INIT_CALL = array ( |
|
| 438 | + 'done' => TRUE, |
|
| 439 | + 'file' => $dbg[0]['file'], |
|
| 440 | + 'line' => $dbg[0]['line'], |
|
| 441 | + 'method' => __CLASS__ . '::' . __FUNCTION__ |
|
| 442 | + ); |
|
| 443 | + |
|
| 444 | + // initialize the global object $PHPCAS_CLIENT |
|
| 445 | + $PHPCAS_CLIENT = new CASClient($server_version, TRUE /*proxy*/ |
|
| 446 | + , $server_hostname, $server_port, $server_uri, $start_session); |
|
| 447 | + phpCAS :: traceEnd(); |
|
| 448 | + } |
|
| 449 | + |
|
| 450 | + /** @} */ |
|
| 451 | + // ######################################################################## |
|
| 452 | + // DEBUGGING |
|
| 453 | + // ######################################################################## |
|
| 454 | + |
|
| 455 | + /** |
|
| 456 | + * @addtogroup publicDebug |
|
| 457 | + * @{
|
|
| 458 | + */ |
|
| 459 | + |
|
| 460 | + /** |
|
| 461 | + * Set/unset debug mode |
|
| 462 | + * |
|
| 463 | + * @param $filename the name of the file used for logging, or FALSE to stop debugging. |
|
| 464 | + */ |
|
| 465 | + function setDebug($filename = '') {
|
|
| 466 | + global $PHPCAS_DEBUG; |
|
| 467 | + |
|
| 468 | + if ($filename != FALSE && gettype($filename) != 'string') {
|
|
| 469 | + phpCAS :: error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)');
|
|
| 470 | + } |
|
| 471 | + |
|
| 472 | + if (empty ($filename)) {
|
|
| 473 | + if (preg_match('/^Win.*/', getenv('OS'))) {
|
|
| 474 | + if (isset ($_ENV['TMP'])) {
|
|
| 475 | + $debugDir = $_ENV['TMP'] . '/'; |
|
| 476 | + } else |
|
| 477 | + if (isset ($_ENV['TEMP'])) {
|
|
| 478 | + $debugDir = $_ENV['TEMP'] . '/'; |
|
| 479 | + } else {
|
|
| 480 | + $debugDir = ''; |
|
| 481 | + } |
|
| 482 | + } else {
|
|
| 483 | + $debugDir = DEFAULT_DEBUG_DIR; |
|
| 484 | + } |
|
| 485 | + $filename = $debugDir . 'phpCAS.log'; |
|
| 486 | + } |
|
| 487 | + |
|
| 488 | + if (empty ($PHPCAS_DEBUG['unique_id'])) {
|
|
| 489 | + $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))), 0, 4);
|
|
| 490 | + } |
|
| 491 | + |
|
| 492 | + $PHPCAS_DEBUG['filename'] = $filename; |
|
| 493 | + |
|
| 494 | + phpCAS :: trace('START ******************');
|
|
| 495 | + } |
|
| 496 | + |
|
| 497 | + /** @} */ |
|
| 498 | + /** |
|
| 499 | + * @addtogroup internalDebug |
|
| 500 | + * @{
|
|
| 501 | + */ |
|
| 502 | + |
|
| 503 | + /** |
|
| 504 | + * This method is a wrapper for debug_backtrace() that is not available |
|
| 505 | + * in all PHP versions (>= 4.3.0 only) |
|
| 506 | + */ |
|
| 507 | + function backtrace() {
|
|
| 508 | + if (function_exists('debug_backtrace')) {
|
|
| 509 | + return debug_backtrace(); |
|
| 510 | + } else {
|
|
| 511 | + // poor man's hack ... but it does work ... |
|
| 512 | + return array (); |
|
| 513 | + } |
|
| 514 | + } |
|
| 515 | + |
|
| 516 | + /** |
|
| 517 | + * Logs a string in debug mode. |
|
| 518 | + * |
|
| 519 | + * @param $str the string to write |
|
| 520 | + * |
|
| 521 | + * @private |
|
| 522 | + */ |
|
| 523 | + function log($str) {
|
|
| 524 | + $indent_str = "."; |
|
| 525 | + global $PHPCAS_DEBUG; |
|
| 526 | + |
|
| 527 | + if ($PHPCAS_DEBUG['filename']) {
|
|
| 528 | + for ($i = 0; $i < $PHPCAS_DEBUG['indent']; $i++) {
|
|
| 529 | + $indent_str .= '| '; |
|
| 530 | + } |
|
| 531 | + error_log($PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str . $str . "\n", 3, $PHPCAS_DEBUG['filename']); |
|
| 532 | + } |
|
| 533 | + |
|
| 534 | + } |
|
| 535 | + |
|
| 536 | + /** |
|
| 537 | + * This method is used by interface methods to print an error and where the function |
|
| 538 | + * was originally called from. |
|
| 539 | + * |
|
| 540 | + * @param $msg the message to print |
|
| 541 | + * |
|
| 542 | + * @private |
|
| 543 | + */ |
|
| 544 | + function error($msg) {
|
|
| 545 | + $dbg = phpCAS :: backtrace(); |
|
| 546 | + $function = '?'; |
|
| 547 | + $file = '?'; |
|
| 548 | + $line = '?'; |
|
| 549 | + if (is_array($dbg)) {
|
|
| 550 | + for ($i = 1; $i < sizeof($dbg); $i++) {
|
|
| 551 | + if (is_array($dbg[$i])) {
|
|
| 552 | + if ($dbg[$i]['class'] == __CLASS__) {
|
|
| 553 | + $function = $dbg[$i]['function']; |
|
| 554 | + $file = $dbg[$i]['file']; |
|
| 555 | + $line = $dbg[$i]['line']; |
|
| 556 | + } |
|
| 557 | + } |
|
| 558 | + } |
|
| 559 | + } |
|
| 560 | + echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>" . __CLASS__ . "::" . $function . '(): ' . htmlentities($msg) . "</b></font> in <b>" . $file . "</b> on line <b>" . $line . "</b><br />\n"; |
|
| 561 | + phpCAS :: trace($msg); |
|
| 562 | + phpCAS :: traceExit(); |
|
| 563 | + exit (); |
|
| 564 | + } |
|
| 565 | + |
|
| 566 | + /** |
|
| 567 | + * This method is used to log something in debug mode. |
|
| 568 | + */ |
|
| 569 | + function trace($str) {
|
|
| 570 | + $dbg = phpCAS :: backtrace(); |
|
| 571 | + phpCAS :: log($str . ' [' . basename($dbg[1]['file']) . ':' . $dbg[1]['line'] . ']'); |
|
| 572 | + } |
|
| 573 | + |
|
| 574 | + /** |
|
| 575 | + * This method is used to indicate the start of the execution of a function in debug mode. |
|
| 576 | + */ |
|
| 577 | + function traceBegin() {
|
|
| 578 | + global $PHPCAS_DEBUG; |
|
| 579 | + |
|
| 580 | + $dbg = phpCAS :: backtrace(); |
|
| 581 | + $str = '=> '; |
|
| 582 | + if (!empty ($dbg[2]['class'])) {
|
|
| 583 | + $str .= $dbg[2]['class'] . '::'; |
|
| 584 | + } |
|
| 585 | + $str .= $dbg[2]['function'] . '(';
|
|
| 586 | + if (is_array($dbg[2]['args'])) {
|
|
| 587 | + foreach ($dbg[2]['args'] as $index => $arg) {
|
|
| 588 | + if ($index != 0) {
|
|
| 589 | + $str .= ', '; |
|
| 590 | + } |
|
| 591 | + $str .= str_replace("\n", "", var_export($arg, TRUE));
|
|
| 592 | + } |
|
| 593 | + } |
|
| 594 | + $str .= ') [' . basename($dbg[2]['file']) . ':' . $dbg[2]['line'] . ']'; |
|
| 595 | + phpCAS :: log($str); |
|
| 596 | + $PHPCAS_DEBUG['indent']++; |
|
| 597 | + } |
|
| 598 | + |
|
| 599 | + /** |
|
| 600 | + * This method is used to indicate the end of the execution of a function in debug mode. |
|
| 601 | + * |
|
| 602 | + * @param $res the result of the function |
|
| 603 | + */ |
|
| 604 | + function traceEnd($res = '') {
|
|
| 605 | + global $PHPCAS_DEBUG; |
|
| 606 | + |
|
| 607 | + $PHPCAS_DEBUG['indent']--; |
|
| 608 | + $dbg = phpCAS :: backtrace(); |
|
| 609 | + $str = ''; |
|
| 610 | + $str .= '<= ' . str_replace("\n", "", var_export($res, TRUE));
|
|
| 611 | + phpCAS :: log($str); |
|
| 612 | + } |
|
| 613 | + |
|
| 614 | + /** |
|
| 615 | + * This method is used to indicate the end of the execution of the program |
|
| 616 | + */ |
|
| 617 | + function traceExit() {
|
|
| 618 | + global $PHPCAS_DEBUG; |
|
| 619 | + |
|
| 620 | + phpCAS :: log('exit()');
|
|
| 621 | + while ($PHPCAS_DEBUG['indent'] > 0) {
|
|
| 622 | + phpCAS :: log('-');
|
|
| 623 | + $PHPCAS_DEBUG['indent']--; |
|
| 624 | + } |
|
| 625 | + } |
|
| 626 | + |
|
| 627 | + /** @} */ |
|
| 628 | + // ######################################################################## |
|
| 629 | + // INTERNATIONALIZATION |
|
| 630 | + // ######################################################################## |
|
| 631 | + /** |
|
| 632 | + * @addtogroup publicLang |
|
| 633 | + * @{
|
|
| 634 | + */ |
|
| 635 | + |
|
| 636 | + /** |
|
| 637 | + * This method is used to set the language used by phpCAS. |
|
| 638 | + * @note Can be called only once. |
|
| 639 | + * |
|
| 640 | + * @param $lang a string representing the language. |
|
| 641 | + * |
|
| 642 | + * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH |
|
| 643 | + */ |
|
| 644 | + function setLang($lang) {
|
|
| 645 | + global $PHPCAS_CLIENT; |
|
| 646 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 647 | + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 648 | + } |
|
| 649 | + if (gettype($lang) != 'string') {
|
|
| 650 | + phpCAS :: error('type mismatched for parameter $lang (should be `string\')');
|
|
| 651 | + } |
|
| 652 | + $PHPCAS_CLIENT->setLang($lang); |
|
| 653 | + } |
|
| 654 | + |
|
| 655 | + /** @} */ |
|
| 656 | + // ######################################################################## |
|
| 657 | + // VERSION |
|
| 658 | + // ######################################################################## |
|
| 659 | + /** |
|
| 660 | + * @addtogroup public |
|
| 661 | + * @{
|
|
| 662 | + */ |
|
| 663 | + |
|
| 664 | + /** |
|
| 665 | + * This method returns the phpCAS version. |
|
| 666 | + * |
|
| 667 | + * @return the phpCAS version. |
|
| 668 | + */ |
|
| 669 | + function getVersion() {
|
|
| 670 | + return PHPCAS_VERSION; |
|
| 671 | + } |
|
| 672 | + |
|
| 673 | + /** @} */ |
|
| 674 | + // ######################################################################## |
|
| 675 | + // HTML OUTPUT |
|
| 676 | + // ######################################################################## |
|
| 677 | + /** |
|
| 678 | + * @addtogroup publicOutput |
|
| 679 | + * @{
|
|
| 680 | + */ |
|
| 681 | + |
|
| 682 | + /** |
|
| 683 | + * This method sets the HTML header used for all outputs. |
|
| 684 | + * |
|
| 685 | + * @param $header the HTML header. |
|
| 686 | + */ |
|
| 687 | + function setHTMLHeader($header) {
|
|
| 688 | + global $PHPCAS_CLIENT; |
|
| 689 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 690 | + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 691 | + } |
|
| 692 | + if (gettype($header) != 'string') {
|
|
| 693 | + phpCAS :: error('type mismatched for parameter $header (should be `string\')');
|
|
| 694 | + } |
|
| 695 | + $PHPCAS_CLIENT->setHTMLHeader($header); |
|
| 696 | + } |
|
| 697 | + |
|
| 698 | + /** |
|
| 699 | + * This method sets the HTML footer used for all outputs. |
|
| 700 | + * |
|
| 701 | + * @param $footer the HTML footer. |
|
| 702 | + */ |
|
| 703 | + function setHTMLFooter($footer) {
|
|
| 704 | + global $PHPCAS_CLIENT; |
|
| 705 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 706 | + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 707 | + } |
|
| 708 | + if (gettype($footer) != 'string') {
|
|
| 709 | + phpCAS :: error('type mismatched for parameter $footer (should be `string\')');
|
|
| 710 | + } |
|
| 711 | + $PHPCAS_CLIENT->setHTMLFooter($footer); |
|
| 712 | + } |
|
| 713 | + |
|
| 714 | + /** @} */ |
|
| 715 | + // ######################################################################## |
|
| 716 | + // PGT STORAGE |
|
| 717 | + // ######################################################################## |
|
| 718 | + /** |
|
| 719 | + * @addtogroup publicPGTStorage |
|
| 720 | + * @{
|
|
| 721 | + */ |
|
| 722 | + |
|
| 723 | + /** |
|
| 724 | + * This method is used to tell phpCAS to store the response of the |
|
| 725 | + * CAS server to PGT requests onto the filesystem. |
|
| 726 | + * |
|
| 727 | + * @param $format the format used to store the PGT's (`plain' and `xml' allowed) |
|
| 728 | + * @param $path the path where the PGT's should be stored |
|
| 729 | + */ |
|
| 730 | + function setPGTStorageFile($format = '', $path = '') {
|
|
| 731 | + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 732 | + |
|
| 733 | + phpCAS :: traceBegin(); |
|
| 734 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 735 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 736 | + } |
|
| 737 | + if (!$PHPCAS_CLIENT->isProxy()) {
|
|
| 738 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 739 | + } |
|
| 740 | + if ($PHPCAS_AUTH_CHECK_CALL['done']) {
|
|
| 741 | + phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')');
|
|
| 742 | + } |
|
| 743 | + if (gettype($format) != 'string') {
|
|
| 744 | + phpCAS :: error('type mismatched for parameter $format (should be `string\')');
|
|
| 745 | + } |
|
| 746 | + if (gettype($path) != 'string') {
|
|
| 747 | + phpCAS :: error('type mismatched for parameter $format (should be `string\')');
|
|
| 748 | + } |
|
| 749 | + $PHPCAS_CLIENT->setPGTStorageFile($format, $path); |
|
| 750 | + phpCAS :: traceEnd(); |
|
| 751 | + } |
|
| 752 | + |
|
| 753 | + /** |
|
| 754 | + * This method is used to tell phpCAS to store the response of the |
|
| 755 | + * CAS server to PGT requests into a database. |
|
| 756 | + * @note The connection to the database is done only when needed. |
|
| 757 | + * As a consequence, bad parameters are detected only when |
|
| 758 | + * initializing PGT storage, except in debug mode. |
|
| 759 | + * |
|
| 760 | + * @param $user the user to access the data with |
|
| 761 | + * @param $password the user's password |
|
| 762 | + * @param $database_type the type of the database hosting the data |
|
| 763 | + * @param $hostname the server hosting the database |
|
| 764 | + * @param $port the port the server is listening on |
|
| 765 | + * @param $database the name of the database |
|
| 766 | + * @param $table the name of the table storing the data |
|
| 767 | + */ |
|
| 768 | + function setPGTStorageDB($user, $password, $database_type = '', $hostname = '', $port = 0, $database = '', $table = '') {
|
|
| 769 | + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 770 | + |
|
| 771 | + phpCAS :: traceBegin(); |
|
| 772 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 773 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 774 | + } |
|
| 775 | + if (!$PHPCAS_CLIENT->isProxy()) {
|
|
| 776 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 777 | + } |
|
| 778 | + if ($PHPCAS_AUTH_CHECK_CALL['done']) {
|
|
| 779 | + phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')');
|
|
| 780 | + } |
|
| 781 | + if (gettype($user) != 'string') {
|
|
| 782 | + phpCAS :: error('type mismatched for parameter $user (should be `string\')');
|
|
| 783 | + } |
|
| 784 | + if (gettype($password) != 'string') {
|
|
| 785 | + phpCAS :: error('type mismatched for parameter $password (should be `string\')');
|
|
| 786 | + } |
|
| 787 | + if (gettype($database_type) != 'string') {
|
|
| 788 | + phpCAS :: error('type mismatched for parameter $database_type (should be `string\')');
|
|
| 789 | + } |
|
| 790 | + if (gettype($hostname) != 'string') {
|
|
| 791 | + phpCAS :: error('type mismatched for parameter $hostname (should be `string\')');
|
|
| 792 | + } |
|
| 793 | + if (gettype($port) != 'integer') {
|
|
| 794 | + phpCAS :: error('type mismatched for parameter $port (should be `integer\')');
|
|
| 795 | + } |
|
| 796 | + if (gettype($database) != 'string') {
|
|
| 797 | + phpCAS :: error('type mismatched for parameter $database (should be `string\')');
|
|
| 798 | + } |
|
| 799 | + if (gettype($table) != 'string') {
|
|
| 800 | + phpCAS :: error('type mismatched for parameter $table (should be `string\')');
|
|
| 801 | + } |
|
| 802 | + $PHPCAS_CLIENT->setPGTStorageDB($user, $password, $database_type, $hostname, $port, $database, $table); |
|
| 803 | + phpCAS :: traceEnd(); |
|
| 804 | + } |
|
| 805 | + |
|
| 806 | + /** @} */ |
|
| 807 | + // ######################################################################## |
|
| 808 | + // ACCESS TO EXTERNAL SERVICES |
|
| 809 | + // ######################################################################## |
|
| 810 | + /** |
|
| 811 | + * @addtogroup publicServices |
|
| 812 | + * @{
|
|
| 813 | + */ |
|
| 814 | + |
|
| 815 | + /** |
|
| 816 | + * This method is used to access an HTTP[S] service. |
|
| 817 | + * |
|
| 818 | + * @param $url the service to access. |
|
| 819 | + * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on |
|
| 820 | + * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, |
|
| 821 | + * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE. |
|
| 822 | + * @param $output the output of the service (also used to give an error |
|
| 823 | + * message on failure). |
|
| 824 | + * |
|
| 825 | + * @return TRUE on success, FALSE otherwise (in this later case, $err_code |
|
| 826 | + * gives the reason why it failed and $output contains an error message). |
|
| 827 | + */ |
|
| 828 | + function serviceWeb($url, & $err_code, & $output) {
|
|
| 829 | + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 830 | + |
|
| 831 | + phpCAS :: traceBegin(); |
|
| 832 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 833 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 834 | + } |
|
| 835 | + if (!$PHPCAS_CLIENT->isProxy()) {
|
|
| 836 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 837 | + } |
|
| 838 | + if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
|
|
| 839 | + phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()');
|
|
| 840 | + } |
|
| 841 | + if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
|
|
| 842 | + phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');
|
|
| 843 | + } |
|
| 844 | + if (gettype($url) != 'string') {
|
|
| 845 | + phpCAS :: error('type mismatched for parameter $url (should be `string\')');
|
|
| 846 | + } |
|
| 847 | + |
|
| 848 | + $res = $PHPCAS_CLIENT->serviceWeb($url, $err_code, $output); |
|
| 849 | + |
|
| 850 | + phpCAS :: traceEnd($res); |
|
| 851 | + return $res; |
|
| 852 | + } |
|
| 853 | + |
|
| 854 | + /** |
|
| 855 | + * This method is used to access an IMAP/POP3/NNTP service. |
|
| 856 | + * |
|
| 857 | + * @param $url a string giving the URL of the service, including the mailing box |
|
| 858 | + * for IMAP URLs, as accepted by imap_open(). |
|
| 859 | + * @param $service a string giving for CAS retrieve Proxy ticket |
|
| 860 | + * @param $flags options given to imap_open(). |
|
| 861 | + * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on |
|
| 862 | + * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, |
|
| 863 | + * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE. |
|
| 864 | + * @param $err_msg an error message on failure |
|
| 865 | + * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL |
|
| 866 | + * on success, FALSE on error). |
|
| 867 | + * |
|
| 868 | + * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code |
|
| 869 | + * gives the reason why it failed and $err_msg contains an error message). |
|
| 870 | + */ |
|
| 871 | + function serviceMail($url, $service, $flags, & $err_code, & $err_msg, & $pt) {
|
|
| 872 | + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 873 | + |
|
| 874 | + phpCAS :: traceBegin(); |
|
| 875 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 876 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 877 | + } |
|
| 878 | + if (!$PHPCAS_CLIENT->isProxy()) {
|
|
| 879 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 880 | + } |
|
| 881 | + if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
|
|
| 882 | + phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()');
|
|
| 883 | + } |
|
| 884 | + if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
|
|
| 885 | + phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');
|
|
| 886 | + } |
|
| 887 | + if (gettype($url) != 'string') {
|
|
| 888 | + phpCAS :: error('type mismatched for parameter $url (should be `string\')');
|
|
| 889 | + } |
|
| 890 | + |
|
| 891 | + if (gettype($flags) != 'integer') {
|
|
| 892 | + phpCAS :: error('type mismatched for parameter $flags (should be `integer\')');
|
|
| 893 | + } |
|
| 894 | + |
|
| 895 | + $res = $PHPCAS_CLIENT->serviceMail($url, $service, $flags, $err_code, $err_msg, $pt); |
|
| 896 | + |
|
| 897 | + phpCAS :: traceEnd($res); |
|
| 898 | + return $res; |
|
| 899 | + } |
|
| 900 | + |
|
| 901 | + /** @} */ |
|
| 902 | + // ######################################################################## |
|
| 903 | + // AUTHENTICATION |
|
| 904 | + // ######################################################################## |
|
| 905 | + /** |
|
| 906 | + * @addtogroup publicAuth |
|
| 907 | + * @{
|
|
| 908 | + */ |
|
| 909 | + |
|
| 910 | + /** |
|
| 911 | + * Set the times authentication will be cached before really accessing the CAS server in gateway mode: |
|
| 912 | + * - -1: check only once, and then never again (until you pree login) |
|
| 913 | + * - 0: always check |
|
| 914 | + * - n: check every "n" time |
|
| 915 | + * |
|
| 916 | + * @param $n an integer. |
|
| 917 | + */ |
|
| 918 | + function setCacheTimesForAuthRecheck($n) {
|
|
| 919 | + global $PHPCAS_CLIENT; |
|
| 920 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 921 | + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 922 | + } |
|
| 923 | + if (gettype($n) != 'integer') {
|
|
| 924 | + phpCAS :: error('type mismatched for parameter $header (should be `string\')');
|
|
| 925 | + } |
|
| 926 | + $PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n); |
|
| 927 | + } |
|
| 928 | + |
|
| 929 | + /** |
|
| 930 | + * This method is called to check if the user is authenticated (use the gateway feature). |
|
| 931 | + * @return TRUE when the user is authenticated; otherwise FALSE. |
|
| 932 | + */ |
|
| 933 | + function checkAuthentication() {
|
|
| 934 | + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 935 | + |
|
| 936 | + phpCAS :: traceBegin(); |
|
| 937 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 938 | + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 939 | + } |
|
| 940 | + |
|
| 941 | + $auth = $PHPCAS_CLIENT->checkAuthentication(); |
|
| 942 | + |
|
| 943 | + // store where the authentication has been checked and the result |
|
| 944 | + $dbg = phpCAS :: backtrace(); |
|
| 945 | + $PHPCAS_AUTH_CHECK_CALL = array ( |
|
| 946 | + 'done' => TRUE, |
|
| 947 | + 'file' => $dbg[0]['file'], |
|
| 948 | + 'line' => $dbg[0]['line'], |
|
| 949 | + 'method' => __CLASS__ . '::' . __FUNCTION__, |
|
| 950 | + 'result' => $auth |
|
| 951 | + ); |
|
| 952 | + phpCAS :: traceEnd($auth); |
|
| 953 | + return $auth; |
|
| 954 | + } |
|
| 955 | + |
|
| 956 | + /** |
|
| 957 | + * This method is called to force authentication if the user was not already |
|
| 958 | + * authenticated. If the user is not authenticated, halt by redirecting to |
|
| 959 | + * the CAS server. |
|
| 960 | + */ |
|
| 961 | + function forceAuthentication() {
|
|
| 962 | + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 963 | + |
|
| 964 | + phpCAS :: traceBegin(); |
|
| 965 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 966 | + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 967 | + } |
|
| 968 | + |
|
| 969 | + $auth = $PHPCAS_CLIENT->forceAuthentication(); |
|
| 970 | + |
|
| 971 | + // store where the authentication has been checked and the result |
|
| 972 | + $dbg = phpCAS :: backtrace(); |
|
| 973 | + $PHPCAS_AUTH_CHECK_CALL = array ( |
|
| 974 | + 'done' => TRUE, |
|
| 975 | + 'file' => $dbg[0]['file'], |
|
| 976 | + 'line' => $dbg[0]['line'], |
|
| 977 | + 'method' => __CLASS__ . '::' . __FUNCTION__, |
|
| 978 | + 'result' => $auth |
|
| 979 | + ); |
|
| 980 | + |
|
| 981 | + if (!$auth) {
|
|
| 982 | + phpCAS :: trace('user is not authenticated, redirecting to the CAS server');
|
|
| 983 | + $PHPCAS_CLIENT->forceAuthentication(); |
|
| 984 | + } else {
|
|
| 985 | + phpCAS :: trace('no need to authenticate (user `' . phpCAS :: getUser() . '\' is already authenticated)');
|
|
| 986 | + } |
|
| 987 | + |
|
| 988 | + phpCAS :: traceEnd(); |
|
| 989 | + return $auth; |
|
| 990 | + } |
|
| 991 | + |
|
| 992 | + /** |
|
| 993 | + * This method is called to renew the authentication. |
|
| 994 | + **/ |
|
| 995 | + function renewAuthentication() {
|
|
| 996 | + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 997 | + |
|
| 998 | + phpCAS :: traceBegin(); |
|
| 999 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1000 | + phpCAS :: error('this method should not be called before' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 1001 | + } |
|
| 1002 | + |
|
| 1003 | + // store where the authentication has been checked and the result |
|
| 1004 | + $dbg = phpCAS :: backtrace(); |
|
| 1005 | + $PHPCAS_AUTH_CHECK_CALL = array ( |
|
| 1006 | + 'done' => TRUE, |
|
| 1007 | + 'file' => $dbg[0]['file'], |
|
| 1008 | + 'line' => $dbg[0]['line'], |
|
| 1009 | + 'method' => __CLASS__ . '::' . __FUNCTION__, |
|
| 1010 | + 'result' => $auth |
|
| 1011 | + ); |
|
| 1012 | + |
|
| 1013 | + $PHPCAS_CLIENT->renewAuthentication(); |
|
| 1014 | + phpCAS :: traceEnd(); |
|
| 1015 | + } |
|
| 1016 | + |
|
| 1017 | + /** |
|
| 1018 | + * This method has been left from version 0.4.1 for compatibility reasons. |
|
| 1019 | + */ |
|
| 1020 | + function authenticate() {
|
|
| 1021 | + phpCAS :: error('this method is deprecated. You should use ' . __CLASS__ . '::forceAuthentication() instead');
|
|
| 1022 | + } |
|
| 1023 | + |
|
| 1024 | + /** |
|
| 1025 | + * This method is called to check if the user is authenticated (previously or by |
|
| 1026 | + * tickets given in the URL). |
|
| 1027 | + * |
|
| 1028 | + * @return TRUE when the user is authenticated. |
|
| 1029 | + */ |
|
| 1030 | + function isAuthenticated() {
|
|
| 1031 | + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 1032 | + |
|
| 1033 | + phpCAS :: traceBegin(); |
|
| 1034 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1035 | + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 1036 | + } |
|
| 1037 | + |
|
| 1038 | + // call the isAuthenticated method of the global $PHPCAS_CLIENT object |
|
| 1039 | + $auth = $PHPCAS_CLIENT->isAuthenticated(); |
|
| 1040 | + |
|
| 1041 | + // store where the authentication has been checked and the result |
|
| 1042 | + $dbg = phpCAS :: backtrace(); |
|
| 1043 | + $PHPCAS_AUTH_CHECK_CALL = array ( |
|
| 1044 | + 'done' => TRUE, |
|
| 1045 | + 'file' => $dbg[0]['file'], |
|
| 1046 | + 'line' => $dbg[0]['line'], |
|
| 1047 | + 'method' => __CLASS__ . '::' . __FUNCTION__, |
|
| 1048 | + 'result' => $auth |
|
| 1049 | + ); |
|
| 1050 | + phpCAS :: traceEnd($auth); |
|
| 1051 | + return $auth; |
|
| 1052 | + } |
|
| 1053 | + |
|
| 1054 | + /** |
|
| 1055 | + * Checks whether authenticated based on $_SESSION. Useful to avoid |
|
| 1056 | + * server calls. |
|
| 1057 | + * @return true if authenticated, false otherwise. |
|
| 1058 | + * @since 0.4.22 by Brendan Arnold |
|
| 1059 | + */ |
|
| 1060 | + function isSessionAuthenticated() {
|
|
| 1061 | + global $PHPCAS_CLIENT; |
|
| 1062 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1063 | + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 1064 | + } |
|
| 1065 | + return ($PHPCAS_CLIENT->isSessionAuthenticated()); |
|
| 1066 | + } |
|
| 1067 | + |
|
| 1068 | + /** |
|
| 1069 | + * This method returns the CAS user's login name. |
|
| 1070 | + * @warning should not be called only after phpCAS::forceAuthentication() |
|
| 1071 | + * or phpCAS::checkAuthentication(). |
|
| 1072 | + * |
|
| 1073 | + * @return the login name of the authenticated user |
|
| 1074 | + */ |
|
| 1075 | + function getUser() {
|
|
| 1076 | + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 1077 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1078 | + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 1079 | + } |
|
| 1080 | + if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
|
|
| 1081 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()');
|
|
| 1082 | + } |
|
| 1083 | + if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
|
|
| 1084 | + phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');
|
|
| 1085 | + } |
|
| 1086 | + return $PHPCAS_CLIENT->getUser(); |
|
| 1087 | + } |
|
| 1088 | + |
|
| 1089 | + /** |
|
| 1090 | + * This method returns the CAS user's login name. |
|
| 1091 | + * @warning should not be called only after phpCAS::forceAuthentication() |
|
| 1092 | + * or phpCAS::checkAuthentication(). |
|
| 1093 | + * |
|
| 1094 | + * @return the login name of the authenticated user |
|
| 1095 | + */ |
|
| 1096 | + function getAttributes() {
|
|
| 1097 | + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
|
| 1098 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1099 | + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 1100 | + } |
|
| 1101 | + if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
|
|
| 1102 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()');
|
|
| 1103 | + } |
|
| 1104 | + if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
|
|
| 1105 | + phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');
|
|
| 1106 | + } |
|
| 1107 | + return $PHPCAS_CLIENT->getAttributes(); |
|
| 1108 | + } |
|
| 1109 | + /** |
|
| 1110 | + * Handle logout requests. |
|
| 1111 | + */ |
|
| 1112 | + function handleLogoutRequests($check_client = true, $allowed_clients = false) {
|
|
| 1113 | + global $PHPCAS_CLIENT; |
|
| 1114 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1115 | + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 1116 | + } |
|
| 1117 | + return ($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients)); |
|
| 1118 | + } |
|
| 1119 | + |
|
| 1120 | + /** |
|
| 1121 | + * This method returns the URL to be used to login. |
|
| 1122 | + * or phpCAS::isAuthenticated(). |
|
| 1123 | + * |
|
| 1124 | + * @return the login name of the authenticated user |
|
| 1125 | + */ |
|
| 1126 | + function getServerLoginURL() {
|
|
| 1127 | + global $PHPCAS_CLIENT; |
|
| 1128 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1129 | + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 1130 | + } |
|
| 1131 | + return $PHPCAS_CLIENT->getServerLoginURL(); |
|
| 1132 | + } |
|
| 1133 | + |
|
| 1134 | + /** |
|
| 1135 | + * Set the login URL of the CAS server. |
|
| 1136 | + * @param $url the login URL |
|
| 1137 | + * @since 0.4.21 by Wyman Chan |
|
| 1138 | + */ |
|
| 1139 | + function setServerLoginURL($url = '') {
|
|
| 1140 | + global $PHPCAS_CLIENT; |
|
| 1141 | + phpCAS :: traceBegin(); |
|
| 1142 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1143 | + phpCAS :: error('this method should only be called after
|
|
| 1144 | 1144 | ' . __CLASS__ . '::client()'); |
| 1145 | - } |
|
| 1146 | - if (gettype($url) != 'string') {
|
|
| 1147 | - phpCAS :: error('type mismatched for parameter $url (should be
|
|
| 1145 | + } |
|
| 1146 | + if (gettype($url) != 'string') {
|
|
| 1147 | + phpCAS :: error('type mismatched for parameter $url (should be
|
|
| 1148 | 1148 | `string\')'); |
| 1149 | - } |
|
| 1150 | - $PHPCAS_CLIENT->setServerLoginURL($url); |
|
| 1151 | - phpCAS :: traceEnd(); |
|
| 1152 | - } |
|
| 1153 | - |
|
| 1154 | - /** |
|
| 1155 | - * Set the serviceValidate URL of the CAS server. |
|
| 1156 | - * Used only in CAS 1.0 validations |
|
| 1157 | - * @param $url the serviceValidate URL |
|
| 1158 | - * @since 1.1.0 by Joachim Fritschi |
|
| 1159 | - */ |
|
| 1160 | - function setServerServiceValidateURL($url = '') {
|
|
| 1161 | - global $PHPCAS_CLIENT; |
|
| 1162 | - phpCAS :: traceBegin(); |
|
| 1163 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1164 | - phpCAS :: error('this method should only be called after
|
|
| 1149 | + } |
|
| 1150 | + $PHPCAS_CLIENT->setServerLoginURL($url); |
|
| 1151 | + phpCAS :: traceEnd(); |
|
| 1152 | + } |
|
| 1153 | + |
|
| 1154 | + /** |
|
| 1155 | + * Set the serviceValidate URL of the CAS server. |
|
| 1156 | + * Used only in CAS 1.0 validations |
|
| 1157 | + * @param $url the serviceValidate URL |
|
| 1158 | + * @since 1.1.0 by Joachim Fritschi |
|
| 1159 | + */ |
|
| 1160 | + function setServerServiceValidateURL($url = '') {
|
|
| 1161 | + global $PHPCAS_CLIENT; |
|
| 1162 | + phpCAS :: traceBegin(); |
|
| 1163 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1164 | + phpCAS :: error('this method should only be called after
|
|
| 1165 | 1165 | ' . __CLASS__ . '::client()'); |
| 1166 | - } |
|
| 1167 | - if (gettype($url) != 'string') {
|
|
| 1168 | - phpCAS :: error('type mismatched for parameter $url (should be
|
|
| 1166 | + } |
|
| 1167 | + if (gettype($url) != 'string') {
|
|
| 1168 | + phpCAS :: error('type mismatched for parameter $url (should be
|
|
| 1169 | 1169 | `string\')'); |
| 1170 | - } |
|
| 1171 | - $PHPCAS_CLIENT->setServerServiceValidateURL($url); |
|
| 1172 | - phpCAS :: traceEnd(); |
|
| 1173 | - } |
|
| 1174 | - |
|
| 1175 | - /** |
|
| 1176 | - * Set the proxyValidate URL of the CAS server. |
|
| 1177 | - * Used for all CAS 2.0 validations |
|
| 1178 | - * @param $url the proxyValidate URL |
|
| 1179 | - * @since 1.1.0 by Joachim Fritschi |
|
| 1180 | - */ |
|
| 1181 | - function setServerProxyValidateURL($url = '') {
|
|
| 1182 | - global $PHPCAS_CLIENT; |
|
| 1183 | - phpCAS :: traceBegin(); |
|
| 1184 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1185 | - phpCAS :: error('this method should only be called after
|
|
| 1170 | + } |
|
| 1171 | + $PHPCAS_CLIENT->setServerServiceValidateURL($url); |
|
| 1172 | + phpCAS :: traceEnd(); |
|
| 1173 | + } |
|
| 1174 | + |
|
| 1175 | + /** |
|
| 1176 | + * Set the proxyValidate URL of the CAS server. |
|
| 1177 | + * Used for all CAS 2.0 validations |
|
| 1178 | + * @param $url the proxyValidate URL |
|
| 1179 | + * @since 1.1.0 by Joachim Fritschi |
|
| 1180 | + */ |
|
| 1181 | + function setServerProxyValidateURL($url = '') {
|
|
| 1182 | + global $PHPCAS_CLIENT; |
|
| 1183 | + phpCAS :: traceBegin(); |
|
| 1184 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1185 | + phpCAS :: error('this method should only be called after
|
|
| 1186 | 1186 | ' . __CLASS__ . '::client()'); |
| 1187 | - } |
|
| 1188 | - if (gettype($url) != 'string') {
|
|
| 1189 | - phpCAS :: error('type mismatched for parameter $url (should be
|
|
| 1187 | + } |
|
| 1188 | + if (gettype($url) != 'string') {
|
|
| 1189 | + phpCAS :: error('type mismatched for parameter $url (should be
|
|
| 1190 | 1190 | `string\')'); |
| 1191 | - } |
|
| 1192 | - $PHPCAS_CLIENT->setServerProxyValidateURL($url); |
|
| 1193 | - phpCAS :: traceEnd(); |
|
| 1194 | - } |
|
| 1195 | - |
|
| 1196 | - /** |
|
| 1197 | - * Set the samlValidate URL of the CAS server. |
|
| 1198 | - * @param $url the samlValidate URL |
|
| 1199 | - * @since 1.1.0 by Joachim Fritschi |
|
| 1200 | - */ |
|
| 1201 | - function setServerSamlValidateURL($url = '') {
|
|
| 1202 | - global $PHPCAS_CLIENT; |
|
| 1203 | - phpCAS :: traceBegin(); |
|
| 1204 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1205 | - phpCAS :: error('this method should only be called after
|
|
| 1191 | + } |
|
| 1192 | + $PHPCAS_CLIENT->setServerProxyValidateURL($url); |
|
| 1193 | + phpCAS :: traceEnd(); |
|
| 1194 | + } |
|
| 1195 | + |
|
| 1196 | + /** |
|
| 1197 | + * Set the samlValidate URL of the CAS server. |
|
| 1198 | + * @param $url the samlValidate URL |
|
| 1199 | + * @since 1.1.0 by Joachim Fritschi |
|
| 1200 | + */ |
|
| 1201 | + function setServerSamlValidateURL($url = '') {
|
|
| 1202 | + global $PHPCAS_CLIENT; |
|
| 1203 | + phpCAS :: traceBegin(); |
|
| 1204 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1205 | + phpCAS :: error('this method should only be called after
|
|
| 1206 | 1206 | ' . __CLASS__ . '::client()'); |
| 1207 | - } |
|
| 1208 | - if (gettype($url) != 'string') {
|
|
| 1209 | - phpCAS :: error('type mismatched for parameter $url (should be
|
|
| 1207 | + } |
|
| 1208 | + if (gettype($url) != 'string') {
|
|
| 1209 | + phpCAS :: error('type mismatched for parameter $url (should be
|
|
| 1210 | 1210 | `string\')'); |
| 1211 | - } |
|
| 1212 | - $PHPCAS_CLIENT->setServerSamlValidateURL($url); |
|
| 1213 | - phpCAS :: traceEnd(); |
|
| 1214 | - } |
|
| 1215 | - |
|
| 1216 | - /** |
|
| 1217 | - * This method returns the URL to be used to login. |
|
| 1218 | - * or phpCAS::isAuthenticated(). |
|
| 1219 | - * |
|
| 1220 | - * @return the login name of the authenticated user |
|
| 1221 | - */ |
|
| 1222 | - function getServerLogoutURL() {
|
|
| 1223 | - global $PHPCAS_CLIENT; |
|
| 1224 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1225 | - phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 1226 | - } |
|
| 1227 | - return $PHPCAS_CLIENT->getServerLogoutURL(); |
|
| 1228 | - } |
|
| 1229 | - |
|
| 1230 | - /** |
|
| 1231 | - * Set the logout URL of the CAS server. |
|
| 1232 | - * @param $url the logout URL |
|
| 1233 | - * @since 0.4.21 by Wyman Chan |
|
| 1234 | - */ |
|
| 1235 | - function setServerLogoutURL($url = '') {
|
|
| 1236 | - global $PHPCAS_CLIENT; |
|
| 1237 | - phpCAS :: traceBegin(); |
|
| 1238 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1239 | - phpCAS :: error('this method should only be called after
|
|
| 1211 | + } |
|
| 1212 | + $PHPCAS_CLIENT->setServerSamlValidateURL($url); |
|
| 1213 | + phpCAS :: traceEnd(); |
|
| 1214 | + } |
|
| 1215 | + |
|
| 1216 | + /** |
|
| 1217 | + * This method returns the URL to be used to login. |
|
| 1218 | + * or phpCAS::isAuthenticated(). |
|
| 1219 | + * |
|
| 1220 | + * @return the login name of the authenticated user |
|
| 1221 | + */ |
|
| 1222 | + function getServerLogoutURL() {
|
|
| 1223 | + global $PHPCAS_CLIENT; |
|
| 1224 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1225 | + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
|
|
| 1226 | + } |
|
| 1227 | + return $PHPCAS_CLIENT->getServerLogoutURL(); |
|
| 1228 | + } |
|
| 1229 | + |
|
| 1230 | + /** |
|
| 1231 | + * Set the logout URL of the CAS server. |
|
| 1232 | + * @param $url the logout URL |
|
| 1233 | + * @since 0.4.21 by Wyman Chan |
|
| 1234 | + */ |
|
| 1235 | + function setServerLogoutURL($url = '') {
|
|
| 1236 | + global $PHPCAS_CLIENT; |
|
| 1237 | + phpCAS :: traceBegin(); |
|
| 1238 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1239 | + phpCAS :: error('this method should only be called after
|
|
| 1240 | 1240 | ' . __CLASS__ . '::client()'); |
| 1241 | - } |
|
| 1242 | - if (gettype($url) != 'string') {
|
|
| 1243 | - phpCAS :: error('type mismatched for parameter $url (should be
|
|
| 1241 | + } |
|
| 1242 | + if (gettype($url) != 'string') {
|
|
| 1243 | + phpCAS :: error('type mismatched for parameter $url (should be
|
|
| 1244 | 1244 | `string\')'); |
| 1245 | - } |
|
| 1246 | - $PHPCAS_CLIENT->setServerLogoutURL($url); |
|
| 1247 | - phpCAS :: traceEnd(); |
|
| 1248 | - } |
|
| 1249 | - |
|
| 1250 | - /** |
|
| 1251 | - * This method is used to logout from CAS. |
|
| 1252 | - * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server |
|
| 1253 | - * @public |
|
| 1254 | - */ |
|
| 1255 | - function logout($params = "") {
|
|
| 1256 | - global $PHPCAS_CLIENT; |
|
| 1257 | - phpCAS :: traceBegin(); |
|
| 1258 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1259 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
|
|
| 1260 | - } |
|
| 1261 | - $parsedParams = array (); |
|
| 1262 | - if ($params != "") {
|
|
| 1263 | - if (is_string($params)) {
|
|
| 1264 | - phpCAS :: error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead');
|
|
| 1265 | - } |
|
| 1266 | - if (!is_array($params)) {
|
|
| 1267 | - phpCAS :: error('type mismatched for parameter $params (should be `array\')');
|
|
| 1268 | - } |
|
| 1269 | - foreach ($params as $key => $value) {
|
|
| 1270 | - if ($key != "service" && $key != "url") {
|
|
| 1271 | - phpCAS :: error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\'');
|
|
| 1272 | - } |
|
| 1273 | - $parsedParams[$key] = $value; |
|
| 1274 | - } |
|
| 1275 | - } |
|
| 1276 | - $PHPCAS_CLIENT->logout($parsedParams); |
|
| 1277 | - // never reached |
|
| 1278 | - phpCAS :: traceEnd(); |
|
| 1279 | - } |
|
| 1280 | - |
|
| 1281 | - /** |
|
| 1282 | - * This method is used to logout from CAS. Halts by redirecting to the CAS server. |
|
| 1283 | - * @param $service a URL that will be transmitted to the CAS server |
|
| 1284 | - */ |
|
| 1285 | - function logoutWithRedirectService($service) {
|
|
| 1286 | - global $PHPCAS_CLIENT; |
|
| 1287 | - phpCAS :: traceBegin(); |
|
| 1288 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1289 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
|
|
| 1290 | - } |
|
| 1291 | - if (!is_string($service)) {
|
|
| 1292 | - phpCAS :: error('type mismatched for parameter $service (should be `string\')');
|
|
| 1293 | - } |
|
| 1294 | - $PHPCAS_CLIENT->logout(array ( |
|
| 1295 | - "service" => $service |
|
| 1296 | - )); |
|
| 1297 | - // never reached |
|
| 1298 | - phpCAS :: traceEnd(); |
|
| 1299 | - } |
|
| 1300 | - |
|
| 1301 | - /** |
|
| 1302 | - * This method is used to logout from CAS. Halts by redirecting to the CAS server. |
|
| 1303 | - * @param $url a URL that will be transmitted to the CAS server |
|
| 1304 | - */ |
|
| 1305 | - function logoutWithUrl($url) {
|
|
| 1306 | - global $PHPCAS_CLIENT; |
|
| 1307 | - phpCAS :: traceBegin(); |
|
| 1308 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1309 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
|
|
| 1310 | - } |
|
| 1311 | - if (!is_string($url)) {
|
|
| 1312 | - phpCAS :: error('type mismatched for parameter $url (should be `string\')');
|
|
| 1313 | - } |
|
| 1314 | - $PHPCAS_CLIENT->logout(array ( |
|
| 1315 | - "url" => $url |
|
| 1316 | - )); |
|
| 1317 | - // never reached |
|
| 1318 | - phpCAS :: traceEnd(); |
|
| 1319 | - } |
|
| 1320 | - |
|
| 1321 | - /** |
|
| 1322 | - * This method is used to logout from CAS. Halts by redirecting to the CAS server. |
|
| 1323 | - * @param $service a URL that will be transmitted to the CAS server |
|
| 1324 | - * @param $url a URL that will be transmitted to the CAS server |
|
| 1325 | - */ |
|
| 1326 | - function logoutWithRedirectServiceAndUrl($service, $url) {
|
|
| 1327 | - global $PHPCAS_CLIENT; |
|
| 1328 | - phpCAS :: traceBegin(); |
|
| 1329 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1330 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
|
|
| 1331 | - } |
|
| 1332 | - if (!is_string($service)) {
|
|
| 1333 | - phpCAS :: error('type mismatched for parameter $service (should be `string\')');
|
|
| 1334 | - } |
|
| 1335 | - if (!is_string($url)) {
|
|
| 1336 | - phpCAS :: error('type mismatched for parameter $url (should be `string\')');
|
|
| 1337 | - } |
|
| 1338 | - $PHPCAS_CLIENT->logout(array ( |
|
| 1339 | - "service" => $service, |
|
| 1340 | - "url" => $url |
|
| 1341 | - )); |
|
| 1342 | - // never reached |
|
| 1343 | - phpCAS :: traceEnd(); |
|
| 1344 | - } |
|
| 1345 | - |
|
| 1346 | - /** |
|
| 1347 | - * Set the fixed URL that will be used by the CAS server to transmit the PGT. |
|
| 1348 | - * When this method is not called, a phpCAS script uses its own URL for the callback. |
|
| 1349 | - * |
|
| 1350 | - * @param $url the URL |
|
| 1351 | - */ |
|
| 1352 | - function setFixedCallbackURL($url = '') {
|
|
| 1353 | - global $PHPCAS_CLIENT; |
|
| 1354 | - phpCAS :: traceBegin(); |
|
| 1355 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1356 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 1357 | - } |
|
| 1358 | - if (!$PHPCAS_CLIENT->isProxy()) {
|
|
| 1359 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 1360 | - } |
|
| 1361 | - if (gettype($url) != 'string') {
|
|
| 1362 | - phpCAS :: error('type mismatched for parameter $url (should be `string\')');
|
|
| 1363 | - } |
|
| 1364 | - $PHPCAS_CLIENT->setCallbackURL($url); |
|
| 1365 | - phpCAS :: traceEnd(); |
|
| 1366 | - } |
|
| 1367 | - |
|
| 1368 | - /** |
|
| 1369 | - * Set the fixed URL that will be set as the CAS service parameter. When this |
|
| 1370 | - * method is not called, a phpCAS script uses its own URL. |
|
| 1371 | - * |
|
| 1372 | - * @param $url the URL |
|
| 1373 | - */ |
|
| 1374 | - function setFixedServiceURL($url) {
|
|
| 1375 | - global $PHPCAS_CLIENT; |
|
| 1376 | - phpCAS :: traceBegin(); |
|
| 1377 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1378 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 1379 | - } |
|
| 1380 | - if (gettype($url) != 'string') {
|
|
| 1381 | - phpCAS :: error('type mismatched for parameter $url (should be `string\')');
|
|
| 1382 | - } |
|
| 1383 | - $PHPCAS_CLIENT->setURL($url); |
|
| 1384 | - phpCAS :: traceEnd(); |
|
| 1385 | - } |
|
| 1386 | - |
|
| 1387 | - /** |
|
| 1388 | - * Get the URL that is set as the CAS service parameter. |
|
| 1389 | - */ |
|
| 1390 | - function getServiceURL() {
|
|
| 1391 | - global $PHPCAS_CLIENT; |
|
| 1392 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1393 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 1394 | - } |
|
| 1395 | - return ($PHPCAS_CLIENT->getURL()); |
|
| 1396 | - } |
|
| 1397 | - |
|
| 1398 | - /** |
|
| 1399 | - * Retrieve a Proxy Ticket from the CAS server. |
|
| 1400 | - */ |
|
| 1401 | - function retrievePT($target_service, & $err_code, & $err_msg) {
|
|
| 1402 | - global $PHPCAS_CLIENT; |
|
| 1403 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1404 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 1405 | - } |
|
| 1406 | - if (gettype($target_service) != 'string') {
|
|
| 1407 | - phpCAS :: error('type mismatched for parameter $target_service(should be `string\')');
|
|
| 1408 | - } |
|
| 1409 | - return ($PHPCAS_CLIENT->retrievePT($target_service, $err_code, $err_msg)); |
|
| 1410 | - } |
|
| 1411 | - |
|
| 1412 | - /** |
|
| 1413 | - * Set the certificate of the CAS server. |
|
| 1414 | - * |
|
| 1415 | - * @param $cert the PEM certificate |
|
| 1416 | - */ |
|
| 1417 | - function setCasServerCert($cert) {
|
|
| 1418 | - global $PHPCAS_CLIENT; |
|
| 1419 | - phpCAS :: traceBegin(); |
|
| 1420 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1421 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
|
|
| 1422 | - } |
|
| 1423 | - if (gettype($cert) != 'string') {
|
|
| 1424 | - phpCAS :: error('type mismatched for parameter $cert (should be `string\')');
|
|
| 1425 | - } |
|
| 1426 | - $PHPCAS_CLIENT->setCasServerCert($cert); |
|
| 1427 | - phpCAS :: traceEnd(); |
|
| 1428 | - } |
|
| 1429 | - |
|
| 1430 | - /** |
|
| 1431 | - * Set the certificate of the CAS server CA. |
|
| 1432 | - * |
|
| 1433 | - * @param $cert the CA certificate |
|
| 1434 | - */ |
|
| 1435 | - function setCasServerCACert($cert) {
|
|
| 1436 | - global $PHPCAS_CLIENT; |
|
| 1437 | - phpCAS :: traceBegin(); |
|
| 1438 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1439 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
|
|
| 1440 | - } |
|
| 1441 | - if (gettype($cert) != 'string') {
|
|
| 1442 | - phpCAS :: error('type mismatched for parameter $cert (should be `string\')');
|
|
| 1443 | - } |
|
| 1444 | - $PHPCAS_CLIENT->setCasServerCACert($cert); |
|
| 1445 | - phpCAS :: traceEnd(); |
|
| 1446 | - } |
|
| 1447 | - |
|
| 1448 | - /** |
|
| 1449 | - * Set no SSL validation for the CAS server. |
|
| 1450 | - */ |
|
| 1451 | - function setNoCasServerValidation() {
|
|
| 1452 | - global $PHPCAS_CLIENT; |
|
| 1453 | - phpCAS :: traceBegin(); |
|
| 1454 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1455 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
|
|
| 1456 | - } |
|
| 1457 | - $PHPCAS_CLIENT->setNoCasServerValidation(); |
|
| 1458 | - phpCAS :: traceEnd(); |
|
| 1459 | - } |
|
| 1460 | - |
|
| 1461 | - /** @} */ |
|
| 1462 | - |
|
| 1463 | - /** |
|
| 1464 | - * Change CURL options. |
|
| 1465 | - * CURL is used to connect through HTTPS to CAS server |
|
| 1466 | - * @param $key the option key |
|
| 1467 | - * @param $value the value to set |
|
| 1468 | - */ |
|
| 1469 | - function setExtraCurlOption($key, $value) {
|
|
| 1470 | - global $PHPCAS_CLIENT; |
|
| 1471 | - phpCAS :: traceBegin(); |
|
| 1472 | - if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1473 | - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
|
|
| 1474 | - } |
|
| 1475 | - $PHPCAS_CLIENT->setExtraCurlOption($key, $value); |
|
| 1476 | - phpCAS :: traceEnd(); |
|
| 1477 | - } |
|
| 1245 | + } |
|
| 1246 | + $PHPCAS_CLIENT->setServerLogoutURL($url); |
|
| 1247 | + phpCAS :: traceEnd(); |
|
| 1248 | + } |
|
| 1249 | + |
|
| 1250 | + /** |
|
| 1251 | + * This method is used to logout from CAS. |
|
| 1252 | + * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server |
|
| 1253 | + * @public |
|
| 1254 | + */ |
|
| 1255 | + function logout($params = "") {
|
|
| 1256 | + global $PHPCAS_CLIENT; |
|
| 1257 | + phpCAS :: traceBegin(); |
|
| 1258 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1259 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
|
|
| 1260 | + } |
|
| 1261 | + $parsedParams = array (); |
|
| 1262 | + if ($params != "") {
|
|
| 1263 | + if (is_string($params)) {
|
|
| 1264 | + phpCAS :: error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead');
|
|
| 1265 | + } |
|
| 1266 | + if (!is_array($params)) {
|
|
| 1267 | + phpCAS :: error('type mismatched for parameter $params (should be `array\')');
|
|
| 1268 | + } |
|
| 1269 | + foreach ($params as $key => $value) {
|
|
| 1270 | + if ($key != "service" && $key != "url") {
|
|
| 1271 | + phpCAS :: error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\'');
|
|
| 1272 | + } |
|
| 1273 | + $parsedParams[$key] = $value; |
|
| 1274 | + } |
|
| 1275 | + } |
|
| 1276 | + $PHPCAS_CLIENT->logout($parsedParams); |
|
| 1277 | + // never reached |
|
| 1278 | + phpCAS :: traceEnd(); |
|
| 1279 | + } |
|
| 1280 | + |
|
| 1281 | + /** |
|
| 1282 | + * This method is used to logout from CAS. Halts by redirecting to the CAS server. |
|
| 1283 | + * @param $service a URL that will be transmitted to the CAS server |
|
| 1284 | + */ |
|
| 1285 | + function logoutWithRedirectService($service) {
|
|
| 1286 | + global $PHPCAS_CLIENT; |
|
| 1287 | + phpCAS :: traceBegin(); |
|
| 1288 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1289 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
|
|
| 1290 | + } |
|
| 1291 | + if (!is_string($service)) {
|
|
| 1292 | + phpCAS :: error('type mismatched for parameter $service (should be `string\')');
|
|
| 1293 | + } |
|
| 1294 | + $PHPCAS_CLIENT->logout(array ( |
|
| 1295 | + "service" => $service |
|
| 1296 | + )); |
|
| 1297 | + // never reached |
|
| 1298 | + phpCAS :: traceEnd(); |
|
| 1299 | + } |
|
| 1300 | + |
|
| 1301 | + /** |
|
| 1302 | + * This method is used to logout from CAS. Halts by redirecting to the CAS server. |
|
| 1303 | + * @param $url a URL that will be transmitted to the CAS server |
|
| 1304 | + */ |
|
| 1305 | + function logoutWithUrl($url) {
|
|
| 1306 | + global $PHPCAS_CLIENT; |
|
| 1307 | + phpCAS :: traceBegin(); |
|
| 1308 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1309 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
|
|
| 1310 | + } |
|
| 1311 | + if (!is_string($url)) {
|
|
| 1312 | + phpCAS :: error('type mismatched for parameter $url (should be `string\')');
|
|
| 1313 | + } |
|
| 1314 | + $PHPCAS_CLIENT->logout(array ( |
|
| 1315 | + "url" => $url |
|
| 1316 | + )); |
|
| 1317 | + // never reached |
|
| 1318 | + phpCAS :: traceEnd(); |
|
| 1319 | + } |
|
| 1320 | + |
|
| 1321 | + /** |
|
| 1322 | + * This method is used to logout from CAS. Halts by redirecting to the CAS server. |
|
| 1323 | + * @param $service a URL that will be transmitted to the CAS server |
|
| 1324 | + * @param $url a URL that will be transmitted to the CAS server |
|
| 1325 | + */ |
|
| 1326 | + function logoutWithRedirectServiceAndUrl($service, $url) {
|
|
| 1327 | + global $PHPCAS_CLIENT; |
|
| 1328 | + phpCAS :: traceBegin(); |
|
| 1329 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1330 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
|
|
| 1331 | + } |
|
| 1332 | + if (!is_string($service)) {
|
|
| 1333 | + phpCAS :: error('type mismatched for parameter $service (should be `string\')');
|
|
| 1334 | + } |
|
| 1335 | + if (!is_string($url)) {
|
|
| 1336 | + phpCAS :: error('type mismatched for parameter $url (should be `string\')');
|
|
| 1337 | + } |
|
| 1338 | + $PHPCAS_CLIENT->logout(array ( |
|
| 1339 | + "service" => $service, |
|
| 1340 | + "url" => $url |
|
| 1341 | + )); |
|
| 1342 | + // never reached |
|
| 1343 | + phpCAS :: traceEnd(); |
|
| 1344 | + } |
|
| 1345 | + |
|
| 1346 | + /** |
|
| 1347 | + * Set the fixed URL that will be used by the CAS server to transmit the PGT. |
|
| 1348 | + * When this method is not called, a phpCAS script uses its own URL for the callback. |
|
| 1349 | + * |
|
| 1350 | + * @param $url the URL |
|
| 1351 | + */ |
|
| 1352 | + function setFixedCallbackURL($url = '') {
|
|
| 1353 | + global $PHPCAS_CLIENT; |
|
| 1354 | + phpCAS :: traceBegin(); |
|
| 1355 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1356 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 1357 | + } |
|
| 1358 | + if (!$PHPCAS_CLIENT->isProxy()) {
|
|
| 1359 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 1360 | + } |
|
| 1361 | + if (gettype($url) != 'string') {
|
|
| 1362 | + phpCAS :: error('type mismatched for parameter $url (should be `string\')');
|
|
| 1363 | + } |
|
| 1364 | + $PHPCAS_CLIENT->setCallbackURL($url); |
|
| 1365 | + phpCAS :: traceEnd(); |
|
| 1366 | + } |
|
| 1367 | + |
|
| 1368 | + /** |
|
| 1369 | + * Set the fixed URL that will be set as the CAS service parameter. When this |
|
| 1370 | + * method is not called, a phpCAS script uses its own URL. |
|
| 1371 | + * |
|
| 1372 | + * @param $url the URL |
|
| 1373 | + */ |
|
| 1374 | + function setFixedServiceURL($url) {
|
|
| 1375 | + global $PHPCAS_CLIENT; |
|
| 1376 | + phpCAS :: traceBegin(); |
|
| 1377 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1378 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 1379 | + } |
|
| 1380 | + if (gettype($url) != 'string') {
|
|
| 1381 | + phpCAS :: error('type mismatched for parameter $url (should be `string\')');
|
|
| 1382 | + } |
|
| 1383 | + $PHPCAS_CLIENT->setURL($url); |
|
| 1384 | + phpCAS :: traceEnd(); |
|
| 1385 | + } |
|
| 1386 | + |
|
| 1387 | + /** |
|
| 1388 | + * Get the URL that is set as the CAS service parameter. |
|
| 1389 | + */ |
|
| 1390 | + function getServiceURL() {
|
|
| 1391 | + global $PHPCAS_CLIENT; |
|
| 1392 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1393 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 1394 | + } |
|
| 1395 | + return ($PHPCAS_CLIENT->getURL()); |
|
| 1396 | + } |
|
| 1397 | + |
|
| 1398 | + /** |
|
| 1399 | + * Retrieve a Proxy Ticket from the CAS server. |
|
| 1400 | + */ |
|
| 1401 | + function retrievePT($target_service, & $err_code, & $err_msg) {
|
|
| 1402 | + global $PHPCAS_CLIENT; |
|
| 1403 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1404 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
|
|
| 1405 | + } |
|
| 1406 | + if (gettype($target_service) != 'string') {
|
|
| 1407 | + phpCAS :: error('type mismatched for parameter $target_service(should be `string\')');
|
|
| 1408 | + } |
|
| 1409 | + return ($PHPCAS_CLIENT->retrievePT($target_service, $err_code, $err_msg)); |
|
| 1410 | + } |
|
| 1411 | + |
|
| 1412 | + /** |
|
| 1413 | + * Set the certificate of the CAS server. |
|
| 1414 | + * |
|
| 1415 | + * @param $cert the PEM certificate |
|
| 1416 | + */ |
|
| 1417 | + function setCasServerCert($cert) {
|
|
| 1418 | + global $PHPCAS_CLIENT; |
|
| 1419 | + phpCAS :: traceBegin(); |
|
| 1420 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1421 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
|
|
| 1422 | + } |
|
| 1423 | + if (gettype($cert) != 'string') {
|
|
| 1424 | + phpCAS :: error('type mismatched for parameter $cert (should be `string\')');
|
|
| 1425 | + } |
|
| 1426 | + $PHPCAS_CLIENT->setCasServerCert($cert); |
|
| 1427 | + phpCAS :: traceEnd(); |
|
| 1428 | + } |
|
| 1429 | + |
|
| 1430 | + /** |
|
| 1431 | + * Set the certificate of the CAS server CA. |
|
| 1432 | + * |
|
| 1433 | + * @param $cert the CA certificate |
|
| 1434 | + */ |
|
| 1435 | + function setCasServerCACert($cert) {
|
|
| 1436 | + global $PHPCAS_CLIENT; |
|
| 1437 | + phpCAS :: traceBegin(); |
|
| 1438 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1439 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
|
|
| 1440 | + } |
|
| 1441 | + if (gettype($cert) != 'string') {
|
|
| 1442 | + phpCAS :: error('type mismatched for parameter $cert (should be `string\')');
|
|
| 1443 | + } |
|
| 1444 | + $PHPCAS_CLIENT->setCasServerCACert($cert); |
|
| 1445 | + phpCAS :: traceEnd(); |
|
| 1446 | + } |
|
| 1447 | + |
|
| 1448 | + /** |
|
| 1449 | + * Set no SSL validation for the CAS server. |
|
| 1450 | + */ |
|
| 1451 | + function setNoCasServerValidation() {
|
|
| 1452 | + global $PHPCAS_CLIENT; |
|
| 1453 | + phpCAS :: traceBegin(); |
|
| 1454 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1455 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
|
|
| 1456 | + } |
|
| 1457 | + $PHPCAS_CLIENT->setNoCasServerValidation(); |
|
| 1458 | + phpCAS :: traceEnd(); |
|
| 1459 | + } |
|
| 1460 | + |
|
| 1461 | + /** @} */ |
|
| 1462 | + |
|
| 1463 | + /** |
|
| 1464 | + * Change CURL options. |
|
| 1465 | + * CURL is used to connect through HTTPS to CAS server |
|
| 1466 | + * @param $key the option key |
|
| 1467 | + * @param $value the value to set |
|
| 1468 | + */ |
|
| 1469 | + function setExtraCurlOption($key, $value) {
|
|
| 1470 | + global $PHPCAS_CLIENT; |
|
| 1471 | + phpCAS :: traceBegin(); |
|
| 1472 | + if (!is_object($PHPCAS_CLIENT)) {
|
|
| 1473 | + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
|
|
| 1474 | + } |
|
| 1475 | + $PHPCAS_CLIENT->setExtraCurlOption($key, $value); |
|
| 1476 | + phpCAS :: traceEnd(); |
|
| 1477 | + } |
|
| 1478 | 1478 | |
| 1479 | 1479 | } |
| 1480 | 1480 | |
@@ -74,7 +74,7 @@ discard block |
||
| 74 | 74 | * |
| 75 | 75 | * Used by CASClient::PrintHTMLHeader() and CASClient::printHTMLFooter(). |
| 76 | 76 | * |
| 77 | - * @param $str the string to filter and output |
|
| 77 | + * @param string $str the string to filter and output |
|
| 78 | 78 | * |
| 79 | 79 | * @private |
| 80 | 80 | */ |
@@ -187,7 +187,7 @@ discard block |
||
| 187 | 187 | /** |
| 188 | 188 | * This method returns the language used by phpCAS. |
| 189 | 189 | * |
| 190 | - * @return a string representing the language |
|
| 190 | + * @return string string representing the language |
|
| 191 | 191 | * |
| 192 | 192 | * @private |
| 193 | 193 | */ |
@@ -212,7 +212,7 @@ discard block |
||
| 212 | 212 | /** |
| 213 | 213 | * This method returns a string depending on the language. |
| 214 | 214 | * |
| 215 | - * @param $str the index of the string in $_string. |
|
| 215 | + * @param integer $str the index of the string in $_string. |
|
| 216 | 216 | * |
| 217 | 217 | * @return the string corresponding to $index in $string. |
| 218 | 218 | * |
@@ -233,7 +233,7 @@ discard block |
||
| 233 | 233 | * This method is used to set the language used by phpCAS. |
| 234 | 234 | * @note Can be called only once. |
| 235 | 235 | * |
| 236 | - * @param $lang a string representing the language. |
|
| 236 | + * @param string $lang a string representing the language. |
|
| 237 | 237 | * |
| 238 | 238 | * @public |
| 239 | 239 | * @sa CAS_LANG_FRENCH, CAS_LANG_ENGLISH |
@@ -420,7 +420,7 @@ discard block |
||
| 420 | 420 | |
| 421 | 421 | /** |
| 422 | 422 | * This method is used to retrieve the service validating URL of the CAS server. |
| 423 | - * @return a URL. |
|
| 423 | + * @return string URL. |
|
| 424 | 424 | * @private |
| 425 | 425 | */ |
| 426 | 426 | function getServerServiceValidateURL() |
@@ -441,7 +441,7 @@ discard block |
||
| 441 | 441 | } |
| 442 | 442 | /** |
| 443 | 443 | * This method is used to retrieve the SAML validating URL of the CAS server. |
| 444 | - * @return a URL. |
|
| 444 | + * @return string URL. |
|
| 445 | 445 | * @private |
| 446 | 446 | */ |
| 447 | 447 | function getServerSamlValidateURL() |
@@ -460,7 +460,7 @@ discard block |
||
| 460 | 460 | } |
| 461 | 461 | /** |
| 462 | 462 | * This method is used to retrieve the proxy validating URL of the CAS server. |
| 463 | - * @return a URL. |
|
| 463 | + * @return string URL. |
|
| 464 | 464 | * @private |
| 465 | 465 | */ |
| 466 | 466 | function getServerProxyValidateURL() |
@@ -541,7 +541,7 @@ discard block |
||
| 541 | 541 | |
| 542 | 542 | /** |
| 543 | 543 | * This method checks to see if the request is secured via HTTPS |
| 544 | - * @return true if https, false otherwise |
|
| 544 | + * @return boolean if https, false otherwise |
|
| 545 | 545 | * @private |
| 546 | 546 | */ |
| 547 | 547 | function isHttps() { |
@@ -561,7 +561,7 @@ discard block |
||
| 561 | 561 | * CASClient constructor. |
| 562 | 562 | * |
| 563 | 563 | * @param $server_version the version of the CAS server |
| 564 | - * @param $proxy TRUE if the CAS client is a CAS proxy, FALSE otherwise |
|
| 564 | + * @param boolean $proxy TRUE if the CAS client is a CAS proxy, FALSE otherwise |
|
| 565 | 565 | * @param $server_hostname the hostname of the CAS server |
| 566 | 566 | * @param $server_port the port the CAS server is running on |
| 567 | 567 | * @param $server_uri the URI the CAS server is responding on |
@@ -759,7 +759,7 @@ discard block |
||
| 759 | 759 | * @warning should be called only after CASClient::forceAuthentication() or |
| 760 | 760 | * CASClient::isAuthenticated(), otherwise halt with an error. |
| 761 | 761 | * |
| 762 | - * @return the login name of the authenticated user |
|
| 762 | + * @return string login name of the authenticated user |
|
| 763 | 763 | */ |
| 764 | 764 | function getUser() |
| 765 | 765 | { |
@@ -831,7 +831,7 @@ discard block |
||
| 831 | 831 | /** |
| 832 | 832 | * This method is called to be sure that the user is authenticated. When not |
| 833 | 833 | * authenticated, halt by redirecting to the CAS server; otherwise return TRUE. |
| 834 | - * @return TRUE when the user is authenticated; otherwise halt. |
|
| 834 | + * @return boolean when the user is authenticated; otherwise halt. |
|
| 835 | 835 | * @public |
| 836 | 836 | */ |
| 837 | 837 | function forceAuthentication() |
@@ -877,7 +877,7 @@ discard block |
||
| 877 | 877 | |
| 878 | 878 | /** |
| 879 | 879 | * This method is called to check whether the user is authenticated or not. |
| 880 | - * @return TRUE when the user is authenticated, FALSE otherwise. |
|
| 880 | + * @return boolean when the user is authenticated, FALSE otherwise. |
|
| 881 | 881 | * @public |
| 882 | 882 | */ |
| 883 | 883 | function checkAuthentication() |
@@ -933,7 +933,7 @@ discard block |
||
| 933 | 933 | * This method is called to check if the user is authenticated (previously or by |
| 934 | 934 | * tickets given in the URL). |
| 935 | 935 | * |
| 936 | - * @return TRUE when the user is authenticated. Also may redirect to the same URL without the ticket. |
|
| 936 | + * @return boolean when the user is authenticated. Also may redirect to the same URL without the ticket. |
|
| 937 | 937 | * |
| 938 | 938 | * @public |
| 939 | 939 | */ |
@@ -1003,7 +1003,7 @@ discard block |
||
| 1003 | 1003 | |
| 1004 | 1004 | /** |
| 1005 | 1005 | * This method tells if the current session is authenticated. |
| 1006 | - * @return true if authenticated based soley on $_SESSION variable |
|
| 1006 | + * @return boolean if authenticated based soley on $_SESSION variable |
|
| 1007 | 1007 | * @since 0.4.22 by Brendan Arnold |
| 1008 | 1008 | */ |
| 1009 | 1009 | function isSessionAuthenticated () |
@@ -1017,7 +1017,7 @@ discard block |
||
| 1017 | 1017 | * |
| 1018 | 1018 | * @note This function switches to callback mode when needed. |
| 1019 | 1019 | * |
| 1020 | - * @return TRUE when the user has already been authenticated; FALSE otherwise. |
|
| 1020 | + * @return boolean when the user has already been authenticated; FALSE otherwise. |
|
| 1021 | 1021 | * |
| 1022 | 1022 | * @private |
| 1023 | 1023 | */ |
@@ -1129,7 +1129,7 @@ discard block |
||
| 1129 | 1129 | } |
| 1130 | 1130 | |
| 1131 | 1131 | /** |
| 1132 | - * @return true if the current request is a logout request. |
|
| 1132 | + * @return boolean if the current request is a logout request. |
|
| 1133 | 1133 | * @private |
| 1134 | 1134 | */ |
| 1135 | 1135 | function isLogoutRequest() { |
@@ -1241,7 +1241,7 @@ discard block |
||
| 1241 | 1241 | |
| 1242 | 1242 | /** |
| 1243 | 1243 | * This method returns the Service Ticket provided in the URL of the request. |
| 1244 | - * @return The service ticket. |
|
| 1244 | + * @return string service ticket. |
|
| 1245 | 1245 | * @private |
| 1246 | 1246 | */ |
| 1247 | 1247 | function getST() |
@@ -1257,7 +1257,7 @@ discard block |
||
| 1257 | 1257 | |
| 1258 | 1258 | /** |
| 1259 | 1259 | * This method tells if a Service Ticket was stored. |
| 1260 | - * @return TRUE if a Service Ticket has been stored. |
|
| 1260 | + * @return boolean if a Service Ticket has been stored. |
|
| 1261 | 1261 | * @private |
| 1262 | 1262 | */ |
| 1263 | 1263 | function hasST() |
@@ -1330,7 +1330,7 @@ discard block |
||
| 1330 | 1330 | * $text_reponse and $tree_response on success. These parameters are used later |
| 1331 | 1331 | * by CASClient::validatePGT() for CAS proxies. |
| 1332 | 1332 | * Used for all CAS 1.0 validations |
| 1333 | - * @param $validate_url the URL of the request to the CAS server. |
|
| 1333 | + * @param string $validate_url the URL of the request to the CAS server. |
|
| 1334 | 1334 | * @param $text_response the response of the CAS server, as is (XML text). |
| 1335 | 1335 | * @param $tree_response the response of the CAS server, as a DOM XML tree. |
| 1336 | 1336 | * |
@@ -1460,7 +1460,7 @@ discard block |
||
| 1460 | 1460 | * $text_reponse and $tree_response on success. These parameters are used later |
| 1461 | 1461 | * by CASClient::validatePGT() for CAS proxies. |
| 1462 | 1462 | * |
| 1463 | - * @param $validate_url the URL of the request to the CAS server. |
|
| 1463 | + * @param string $validate_url the URL of the request to the CAS server. |
|
| 1464 | 1464 | * @param $text_response the response of the CAS server, as is (XML text). |
| 1465 | 1465 | * @param $tree_response the response of the CAS server, as a DOM XML tree. |
| 1466 | 1466 | * |
@@ -1648,7 +1648,7 @@ discard block |
||
| 1648 | 1648 | |
| 1649 | 1649 | /** |
| 1650 | 1650 | * This method returns the Proxy Granting Ticket given by the CAS server. |
| 1651 | - * @return The Proxy Granting Ticket. |
|
| 1651 | + * @return string Proxy Granting Ticket. |
|
| 1652 | 1652 | * @private |
| 1653 | 1653 | */ |
| 1654 | 1654 | function getPGT() |
@@ -1664,7 +1664,7 @@ discard block |
||
| 1664 | 1664 | |
| 1665 | 1665 | /** |
| 1666 | 1666 | * This method tells if a Proxy Granting Ticket was stored. |
| 1667 | - * @return TRUE if a Proxy Granting Ticket has been stored. |
|
| 1667 | + * @return boolean if a Proxy Granting Ticket has been stored. |
|
| 1668 | 1668 | * @private |
| 1669 | 1669 | */ |
| 1670 | 1670 | function hasPGT() |
@@ -1697,7 +1697,7 @@ discard block |
||
| 1697 | 1697 | /** |
| 1698 | 1698 | * This method sets/unsets callback mode. |
| 1699 | 1699 | * |
| 1700 | - * @param $callback_mode TRUE to set callback mode, FALSE otherwise. |
|
| 1700 | + * @param boolean $callback_mode TRUE to set callback mode, FALSE otherwise. |
|
| 1701 | 1701 | * |
| 1702 | 1702 | * @private |
| 1703 | 1703 | */ |
@@ -1710,7 +1710,7 @@ discard block |
||
| 1710 | 1710 | * This method returns TRUE when the CAs client is running i callback mode, |
| 1711 | 1711 | * FALSE otherwise. |
| 1712 | 1712 | * |
| 1713 | - * @return A boolean. |
|
| 1713 | + * @return boolean boolean. |
|
| 1714 | 1714 | * |
| 1715 | 1715 | * @private |
| 1716 | 1716 | */ |
@@ -1734,7 +1734,7 @@ discard block |
||
| 1734 | 1734 | * fact the URL of the current request without any CGI parameter, except if |
| 1735 | 1735 | * phpCAS::setFixedCallbackURL() was used). |
| 1736 | 1736 | * |
| 1737 | - * @return The callback URL |
|
| 1737 | + * @return string callback URL |
|
| 1738 | 1738 | * |
| 1739 | 1739 | * @private |
| 1740 | 1740 | */ |
@@ -1777,6 +1777,7 @@ discard block |
||
| 1777 | 1777 | * This method sets the callback url. |
| 1778 | 1778 | * |
| 1779 | 1779 | * @param $callback_url url to set callback |
| 1780 | + * @param string $url |
|
| 1780 | 1781 | * |
| 1781 | 1782 | * @private |
| 1782 | 1783 | */ |
@@ -1861,7 +1862,7 @@ discard block |
||
| 1861 | 1862 | /** |
| 1862 | 1863 | * This method reads a PGT from its Iou and deletes the corresponding storage entry. |
| 1863 | 1864 | * |
| 1864 | - * @param $pgt_iou the PGT Iou |
|
| 1865 | + * @param string $pgt_iou the PGT Iou |
|
| 1865 | 1866 | * |
| 1866 | 1867 | * @return The PGT corresponding to the Iou, FALSE when not found. |
| 1867 | 1868 | * |
@@ -1991,7 +1992,7 @@ discard block |
||
| 1991 | 1992 | * @param $err_code an error code (PHPCAS_SERVICE_OK on success). |
| 1992 | 1993 | * @param $err_msg an error message (empty on success). |
| 1993 | 1994 | * |
| 1994 | - * @return a Proxy Ticket, or FALSE on error. |
|
| 1995 | + * @return false|string Proxy Ticket, or FALSE on error. |
|
| 1995 | 1996 | * |
| 1996 | 1997 | * @private |
| 1997 | 1998 | */ |
@@ -2093,14 +2094,14 @@ discard block |
||
| 2093 | 2094 | /** |
| 2094 | 2095 | * This method is used to acces a remote URL. |
| 2095 | 2096 | * |
| 2096 | - * @param $url the URL to access. |
|
| 2097 | + * @param string $url the URL to access. |
|
| 2097 | 2098 | * @param $cookies an array containing cookies strings such as 'name=val' |
| 2098 | 2099 | * @param $headers an array containing the HTTP header lines of the response |
| 2099 | 2100 | * (an empty array on failure). |
| 2100 | 2101 | * @param $body the body of the response, as a string (empty on failure). |
| 2101 | 2102 | * @param $err_msg an error message, filled on failure. |
| 2102 | 2103 | * |
| 2103 | - * @return TRUE on success, FALSE otherwise (in this later case, $err_msg |
|
| 2104 | + * @return boolean on success, FALSE otherwise (in this later case, $err_msg |
|
| 2104 | 2105 | * contains an error message). |
| 2105 | 2106 | * |
| 2106 | 2107 | * @private |
@@ -2197,7 +2198,7 @@ discard block |
||
| 2197 | 2198 | /** |
| 2198 | 2199 | * This method is used to build the SAML POST body sent to /samlValidate URL. |
| 2199 | 2200 | * |
| 2200 | - * @return the SOAP-encased SAMLP artifact (the ticket). |
|
| 2201 | + * @return string SOAP-encased SAMLP artifact (the ticket). |
|
| 2201 | 2202 | * |
| 2202 | 2203 | * @private |
| 2203 | 2204 | */ |
@@ -2235,7 +2236,7 @@ discard block |
||
| 2235 | 2236 | * @param $output the output of the service (also used to give an error |
| 2236 | 2237 | * message on failure). |
| 2237 | 2238 | * |
| 2238 | - * @return TRUE on success, FALSE otherwise (in this later case, $err_code |
|
| 2239 | + * @return boolean on success, FALSE otherwise (in this later case, $err_code |
|
| 2239 | 2240 | * gives the reason why it failed and $output contains an error message). |
| 2240 | 2241 | * |
| 2241 | 2242 | * @public |
@@ -2382,7 +2383,7 @@ discard block |
||
| 2382 | 2383 | |
| 2383 | 2384 | /** |
| 2384 | 2385 | * This method returns the Proxy Ticket provided in the URL of the request. |
| 2385 | - * @return The proxy ticket. |
|
| 2386 | + * @return string proxy ticket. |
|
| 2386 | 2387 | * @private |
| 2387 | 2388 | */ |
| 2388 | 2389 | function getPT() |
@@ -2401,14 +2402,14 @@ discard block |
||
| 2401 | 2402 | |
| 2402 | 2403 | /** |
| 2403 | 2404 | * This method tells if a Proxy Ticket was stored. |
| 2404 | - * @return TRUE if a Proxy Ticket has been stored. |
|
| 2405 | + * @return boolean if a Proxy Ticket has been stored. |
|
| 2405 | 2406 | * @private |
| 2406 | 2407 | */ |
| 2407 | 2408 | function hasPT() |
| 2408 | 2409 | { return !empty($this->_pt); } |
| 2409 | 2410 | /** |
| 2410 | 2411 | * This method returns the SAML Ticket provided in the URL of the request. |
| 2411 | - * @return The SAML ticket. |
|
| 2412 | + * @return string SAML ticket. |
|
| 2412 | 2413 | * @private |
| 2413 | 2414 | */ |
| 2414 | 2415 | function getSA() |
@@ -2424,7 +2425,7 @@ discard block |
||
| 2424 | 2425 | |
| 2425 | 2426 | /** |
| 2426 | 2427 | * This method tells if a SAML Ticket was stored. |
| 2427 | - * @return TRUE if a SAML Ticket has been stored. |
|
| 2428 | + * @return boolean if a SAML Ticket has been stored. |
|
| 2428 | 2429 | * @private |
| 2429 | 2430 | */ |
| 2430 | 2431 | function hasSA() |
@@ -2442,6 +2443,7 @@ discard block |
||
| 2442 | 2443 | /** |
| 2443 | 2444 | * This method is used to validate a ST or PT; halt on failure |
| 2444 | 2445 | * Used for all CAS 2.0 validations |
| 2446 | + * @param string $validate_url |
|
| 2445 | 2447 | * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). |
| 2446 | 2448 | * |
| 2447 | 2449 | * @private |
@@ -2556,7 +2558,7 @@ discard block |
||
| 2556 | 2558 | * This method returns the URL of the current request (without any ticket |
| 2557 | 2559 | * CGI parameter). |
| 2558 | 2560 | * |
| 2559 | - * @return The URL |
|
| 2561 | + * @return string URL |
|
| 2560 | 2562 | * |
| 2561 | 2563 | * @private |
| 2562 | 2564 | */ |
@@ -2634,7 +2636,7 @@ discard block |
||
| 2634 | 2636 | /** |
| 2635 | 2637 | * This method sets the URL of the current request |
| 2636 | 2638 | * |
| 2637 | - * @param $url url to set for service |
|
| 2639 | + * @param string $url url to set for service |
|
| 2638 | 2640 | * |
| 2639 | 2641 | * @private |
| 2640 | 2642 | */ |
@@ -2649,9 +2651,9 @@ discard block |
||
| 2649 | 2651 | /** |
| 2650 | 2652 | * This method is used to print the HTML output when the user was not authenticated. |
| 2651 | 2653 | * |
| 2652 | - * @param $failure the failure that occured |
|
| 2654 | + * @param string $failure the failure that occured |
|
| 2653 | 2655 | * @param $cas_url the URL the CAS server was asked for |
| 2654 | - * @param $no_response the response from the CAS server (other |
|
| 2656 | + * @param boolean $no_response the response from the CAS server (other |
|
| 2655 | 2657 | * parameters are ignored if TRUE) |
| 2656 | 2658 | * @param $bad_response bad response from the CAS server ($err_code |
| 2657 | 2659 | * and $err_msg ignored if TRUE) |
@@ -51,2650 +51,2649 @@ |
||
| 51 | 51 | class CASClient |
| 52 | 52 | { |
| 53 | 53 | |
| 54 | - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 55 | - // XX XX |
|
| 56 | - // XX CONFIGURATION XX |
|
| 57 | - // XX XX |
|
| 58 | - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 59 | - |
|
| 60 | - // ######################################################################## |
|
| 61 | - // HTML OUTPUT |
|
| 62 | - // ######################################################################## |
|
| 63 | - /** |
|
| 64 | - * @addtogroup internalOutput |
|
| 65 | - * @{ |
|
| 66 | - */ |
|
| 67 | - |
|
| 68 | - /** |
|
| 69 | - * This method filters a string by replacing special tokens by appropriate values |
|
| 70 | - * and prints it. The corresponding tokens are taken into account: |
|
| 71 | - * - __CAS_VERSION__ |
|
| 72 | - * - __PHPCAS_VERSION__ |
|
| 73 | - * - __SERVER_BASE_URL__ |
|
| 74 | - * |
|
| 75 | - * Used by CASClient::PrintHTMLHeader() and CASClient::printHTMLFooter(). |
|
| 76 | - * |
|
| 77 | - * @param $str the string to filter and output |
|
| 78 | - * |
|
| 79 | - * @private |
|
| 80 | - */ |
|
| 81 | - function HTMLFilterOutput($str) |
|
| 82 | - { |
|
| 83 | - $str = str_replace('__CAS_VERSION__',$this->getServerVersion(),$str); |
|
| 84 | - $str = str_replace('__PHPCAS_VERSION__',phpCAS::getVersion(),$str); |
|
| 85 | - $str = str_replace('__SERVER_BASE_URL__',$this->getServerBaseURL(),$str); |
|
| 86 | - echo $str; |
|
| 87 | - } |
|
| 88 | - |
|
| 89 | - /** |
|
| 90 | - * A string used to print the header of HTML pages. Written by CASClient::setHTMLHeader(), |
|
| 91 | - * read by CASClient::printHTMLHeader(). |
|
| 92 | - * |
|
| 93 | - * @hideinitializer |
|
| 94 | - * @private |
|
| 95 | - * @see CASClient::setHTMLHeader, CASClient::printHTMLHeader() |
|
| 96 | - */ |
|
| 97 | - var $_output_header = ''; |
|
| 98 | - |
|
| 99 | - /** |
|
| 100 | - * This method prints the header of the HTML output (after filtering). If |
|
| 101 | - * CASClient::setHTMLHeader() was not used, a default header is output. |
|
| 102 | - * |
|
| 103 | - * @param $title the title of the page |
|
| 104 | - * |
|
| 105 | - * @see HTMLFilterOutput() |
|
| 106 | - * @private |
|
| 107 | - */ |
|
| 108 | - function printHTMLHeader($title) |
|
| 109 | - { |
|
| 110 | - $this->HTMLFilterOutput(str_replace('__TITLE__', |
|
| 111 | - $title, |
|
| 112 | - (empty($this->_output_header) |
|
| 113 | - ? '<html><head><title>__TITLE__</title></head><body><h1>__TITLE__</h1>' |
|
| 114 | - : $this->_output_header) |
|
| 115 | - ) |
|
| 116 | - ); |
|
| 117 | - } |
|
| 118 | - |
|
| 119 | - /** |
|
| 120 | - * A string used to print the footer of HTML pages. Written by CASClient::setHTMLFooter(), |
|
| 121 | - * read by printHTMLFooter(). |
|
| 122 | - * |
|
| 123 | - * @hideinitializer |
|
| 124 | - * @private |
|
| 125 | - * @see CASClient::setHTMLFooter, CASClient::printHTMLFooter() |
|
| 126 | - */ |
|
| 127 | - var $_output_footer = ''; |
|
| 128 | - |
|
| 129 | - /** |
|
| 130 | - * This method prints the footer of the HTML output (after filtering). If |
|
| 131 | - * CASClient::setHTMLFooter() was not used, a default footer is output. |
|
| 132 | - * |
|
| 133 | - * @see HTMLFilterOutput() |
|
| 134 | - * @private |
|
| 135 | - */ |
|
| 136 | - function printHTMLFooter() |
|
| 137 | - { |
|
| 138 | - $this->HTMLFilterOutput(empty($this->_output_footer) |
|
| 139 | - ?('<hr><address>phpCAS __PHPCAS_VERSION__ '.$this->getString(CAS_STR_USING_SERVER).' <a href="__SERVER_BASE_URL__">__SERVER_BASE_URL__</a> (CAS __CAS_VERSION__)</a></address></body></html>') |
|
| 140 | - :$this->_output_footer); |
|
| 141 | - } |
|
| 142 | - |
|
| 143 | - /** |
|
| 144 | - * This method set the HTML header used for all outputs. |
|
| 145 | - * |
|
| 146 | - * @param $header the HTML header. |
|
| 147 | - * |
|
| 148 | - * @public |
|
| 149 | - */ |
|
| 150 | - function setHTMLHeader($header) |
|
| 151 | - { |
|
| 152 | - $this->_output_header = $header; |
|
| 153 | - } |
|
| 154 | - |
|
| 155 | - /** |
|
| 156 | - * This method set the HTML footer used for all outputs. |
|
| 157 | - * |
|
| 158 | - * @param $footer the HTML footer. |
|
| 159 | - * |
|
| 160 | - * @public |
|
| 161 | - */ |
|
| 162 | - function setHTMLFooter($footer) |
|
| 163 | - { |
|
| 164 | - $this->_output_footer = $footer; |
|
| 165 | - } |
|
| 166 | - |
|
| 167 | - /** @} */ |
|
| 168 | - // ######################################################################## |
|
| 169 | - // INTERNATIONALIZATION |
|
| 170 | - // ######################################################################## |
|
| 171 | - /** |
|
| 172 | - * @addtogroup internalLang |
|
| 173 | - * @{ |
|
| 174 | - */ |
|
| 175 | - /** |
|
| 176 | - * A string corresponding to the language used by phpCAS. Written by |
|
| 177 | - * CASClient::setLang(), read by CASClient::getLang(). |
|
| 178 | - |
|
| 179 | - * @note debugging information is always in english (debug purposes only). |
|
| 180 | - * |
|
| 181 | - * @hideinitializer |
|
| 182 | - * @private |
|
| 183 | - * @sa CASClient::_strings, CASClient::getString() |
|
| 184 | - */ |
|
| 185 | - var $_lang = ''; |
|
| 186 | - |
|
| 187 | - /** |
|
| 188 | - * This method returns the language used by phpCAS. |
|
| 189 | - * |
|
| 190 | - * @return a string representing the language |
|
| 191 | - * |
|
| 192 | - * @private |
|
| 193 | - */ |
|
| 194 | - function getLang() |
|
| 195 | - { |
|
| 196 | - if ( empty($this->_lang) ) |
|
| 197 | - $this->setLang(PHPCAS_LANG_DEFAULT); |
|
| 198 | - return $this->_lang; |
|
| 199 | - } |
|
| 200 | - |
|
| 201 | - /** |
|
| 202 | - * array containing the strings used by phpCAS. Written by CASClient::setLang(), read by |
|
| 203 | - * CASClient::getString() and used by CASClient::setLang(). |
|
| 204 | - * |
|
| 205 | - * @note This array is filled by instructions in CAS/languages/<$this->_lang>.php |
|
| 206 | - * |
|
| 207 | - * @private |
|
| 208 | - * @see CASClient::_lang, CASClient::getString(), CASClient::setLang(), CASClient::getLang() |
|
| 209 | - */ |
|
| 210 | - var $_strings; |
|
| 211 | - |
|
| 212 | - /** |
|
| 213 | - * This method returns a string depending on the language. |
|
| 214 | - * |
|
| 215 | - * @param $str the index of the string in $_string. |
|
| 216 | - * |
|
| 217 | - * @return the string corresponding to $index in $string. |
|
| 218 | - * |
|
| 219 | - * @private |
|
| 220 | - */ |
|
| 221 | - function getString($str) |
|
| 222 | - { |
|
| 223 | - // call CASclient::getLang() to be sure the language is initialized |
|
| 224 | - $this->getLang(); |
|
| 225 | - |
|
| 226 | - if ( !isset($this->_strings[$str]) ) { |
|
| 227 | - trigger_error('string `'.$str.'\' not defined for language `'.$this->getLang().'\'',E_USER_ERROR); |
|
| 228 | - } |
|
| 229 | - return $this->_strings[$str]; |
|
| 230 | - } |
|
| 231 | - |
|
| 232 | - /** |
|
| 233 | - * This method is used to set the language used by phpCAS. |
|
| 234 | - * @note Can be called only once. |
|
| 235 | - * |
|
| 236 | - * @param $lang a string representing the language. |
|
| 237 | - * |
|
| 238 | - * @public |
|
| 239 | - * @sa CAS_LANG_FRENCH, CAS_LANG_ENGLISH |
|
| 240 | - */ |
|
| 241 | - function setLang($lang) |
|
| 242 | - { |
|
| 243 | - // include the corresponding language file |
|
| 244 | - include_once(dirname(__FILE__).'/languages/'.$lang.'.php'); |
|
| 245 | - |
|
| 246 | - if ( !is_array($this->_strings) ) { |
|
| 247 | - trigger_error('language `'.$lang.'\' is not implemented',E_USER_ERROR); |
|
| 248 | - } |
|
| 249 | - $this->_lang = $lang; |
|
| 250 | - } |
|
| 251 | - |
|
| 252 | - /** @} */ |
|
| 253 | - // ######################################################################## |
|
| 254 | - // CAS SERVER CONFIG |
|
| 255 | - // ######################################################################## |
|
| 256 | - /** |
|
| 257 | - * @addtogroup internalConfig |
|
| 258 | - * @{ |
|
| 259 | - */ |
|
| 260 | - |
|
| 261 | - /** |
|
| 262 | - * a record to store information about the CAS server. |
|
| 263 | - * - $_server["version"]: the version of the CAS server |
|
| 264 | - * - $_server["hostname"]: the hostname of the CAS server |
|
| 265 | - * - $_server["port"]: the port the CAS server is running on |
|
| 266 | - * - $_server["uri"]: the base URI the CAS server is responding on |
|
| 267 | - * - $_server["base_url"]: the base URL of the CAS server |
|
| 268 | - * - $_server["login_url"]: the login URL of the CAS server |
|
| 269 | - * - $_server["service_validate_url"]: the service validating URL of the CAS server |
|
| 270 | - * - $_server["proxy_url"]: the proxy URL of the CAS server |
|
| 271 | - * - $_server["proxy_validate_url"]: the proxy validating URL of the CAS server |
|
| 272 | - * - $_server["logout_url"]: the logout URL of the CAS server |
|
| 273 | - * |
|
| 274 | - * $_server["version"], $_server["hostname"], $_server["port"] and $_server["uri"] |
|
| 275 | - * are written by CASClient::CASClient(), read by CASClient::getServerVersion(), |
|
| 276 | - * CASClient::getServerHostname(), CASClient::getServerPort() and CASClient::getServerURI(). |
|
| 277 | - * |
|
| 278 | - * The other fields are written and read by CASClient::getServerBaseURL(), |
|
| 279 | - * CASClient::getServerLoginURL(), CASClient::getServerServiceValidateURL(), |
|
| 280 | - * CASClient::getServerProxyValidateURL() and CASClient::getServerLogoutURL(). |
|
| 281 | - * |
|
| 282 | - * @hideinitializer |
|
| 283 | - * @private |
|
| 284 | - */ |
|
| 285 | - var $_server = array( |
|
| 286 | - 'version' => -1, |
|
| 287 | - 'hostname' => 'none', |
|
| 288 | - 'port' => -1, |
|
| 289 | - 'uri' => 'none' |
|
| 290 | - ); |
|
| 291 | - |
|
| 292 | - /** |
|
| 293 | - * This method is used to retrieve the version of the CAS server. |
|
| 294 | - * @return the version of the CAS server. |
|
| 295 | - * @private |
|
| 296 | - */ |
|
| 297 | - function getServerVersion() |
|
| 298 | - { |
|
| 299 | - return $this->_server['version']; |
|
| 300 | - } |
|
| 301 | - |
|
| 302 | - /** |
|
| 303 | - * This method is used to retrieve the hostname of the CAS server. |
|
| 304 | - * @return the hostname of the CAS server. |
|
| 305 | - * @private |
|
| 306 | - */ |
|
| 307 | - function getServerHostname() |
|
| 308 | - { return $this->_server['hostname']; } |
|
| 309 | - |
|
| 310 | - /** |
|
| 311 | - * This method is used to retrieve the port of the CAS server. |
|
| 312 | - * @return the port of the CAS server. |
|
| 313 | - * @private |
|
| 314 | - */ |
|
| 315 | - function getServerPort() |
|
| 316 | - { return $this->_server['port']; } |
|
| 317 | - |
|
| 318 | - /** |
|
| 319 | - * This method is used to retrieve the URI of the CAS server. |
|
| 320 | - * @return a URI. |
|
| 321 | - * @private |
|
| 322 | - */ |
|
| 323 | - function getServerURI() |
|
| 324 | - { return $this->_server['uri']; } |
|
| 325 | - |
|
| 326 | - /** |
|
| 327 | - * This method is used to retrieve the base URL of the CAS server. |
|
| 328 | - * @return a URL. |
|
| 329 | - * @private |
|
| 330 | - */ |
|
| 331 | - function getServerBaseURL() |
|
| 332 | - { |
|
| 333 | - // the URL is build only when needed |
|
| 334 | - if ( empty($this->_server['base_url']) ) { |
|
| 335 | - $this->_server['base_url'] = 'https://' |
|
| 336 | - .$this->getServerHostname() |
|
| 337 | - .':' |
|
| 338 | - .$this->getServerPort() |
|
| 339 | - .$this->getServerURI(); |
|
| 340 | - } |
|
| 341 | - return $this->_server['base_url']; |
|
| 342 | - } |
|
| 343 | - |
|
| 344 | - /** |
|
| 345 | - * This method is used to retrieve the login URL of the CAS server. |
|
| 346 | - * @param $gateway true to check authentication, false to force it |
|
| 347 | - * @param $renew true to force the authentication with the CAS server |
|
| 348 | - * NOTE : It is recommended that CAS implementations ignore the |
|
| 54 | + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 55 | + // XX XX |
|
| 56 | + // XX CONFIGURATION XX |
|
| 57 | + // XX XX |
|
| 58 | + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 59 | + |
|
| 60 | + // ######################################################################## |
|
| 61 | + // HTML OUTPUT |
|
| 62 | + // ######################################################################## |
|
| 63 | + /** |
|
| 64 | + * @addtogroup internalOutput |
|
| 65 | + * @{ |
|
| 66 | + */ |
|
| 67 | + |
|
| 68 | + /** |
|
| 69 | + * This method filters a string by replacing special tokens by appropriate values |
|
| 70 | + * and prints it. The corresponding tokens are taken into account: |
|
| 71 | + * - __CAS_VERSION__ |
|
| 72 | + * - __PHPCAS_VERSION__ |
|
| 73 | + * - __SERVER_BASE_URL__ |
|
| 74 | + * |
|
| 75 | + * Used by CASClient::PrintHTMLHeader() and CASClient::printHTMLFooter(). |
|
| 76 | + * |
|
| 77 | + * @param $str the string to filter and output |
|
| 78 | + * |
|
| 79 | + * @private |
|
| 80 | + */ |
|
| 81 | + function HTMLFilterOutput($str) |
|
| 82 | + { |
|
| 83 | + $str = str_replace('__CAS_VERSION__',$this->getServerVersion(),$str); |
|
| 84 | + $str = str_replace('__PHPCAS_VERSION__',phpCAS::getVersion(),$str); |
|
| 85 | + $str = str_replace('__SERVER_BASE_URL__',$this->getServerBaseURL(),$str); |
|
| 86 | + echo $str; |
|
| 87 | + } |
|
| 88 | + |
|
| 89 | + /** |
|
| 90 | + * A string used to print the header of HTML pages. Written by CASClient::setHTMLHeader(), |
|
| 91 | + * read by CASClient::printHTMLHeader(). |
|
| 92 | + * |
|
| 93 | + * @hideinitializer |
|
| 94 | + * @private |
|
| 95 | + * @see CASClient::setHTMLHeader, CASClient::printHTMLHeader() |
|
| 96 | + */ |
|
| 97 | + var $_output_header = ''; |
|
| 98 | + |
|
| 99 | + /** |
|
| 100 | + * This method prints the header of the HTML output (after filtering). If |
|
| 101 | + * CASClient::setHTMLHeader() was not used, a default header is output. |
|
| 102 | + * |
|
| 103 | + * @param $title the title of the page |
|
| 104 | + * |
|
| 105 | + * @see HTMLFilterOutput() |
|
| 106 | + * @private |
|
| 107 | + */ |
|
| 108 | + function printHTMLHeader($title) |
|
| 109 | + { |
|
| 110 | + $this->HTMLFilterOutput(str_replace('__TITLE__', |
|
| 111 | + $title, |
|
| 112 | + (empty($this->_output_header) |
|
| 113 | + ? '<html><head><title>__TITLE__</title></head><body><h1>__TITLE__</h1>' |
|
| 114 | + : $this->_output_header) |
|
| 115 | + ) |
|
| 116 | + ); |
|
| 117 | + } |
|
| 118 | + |
|
| 119 | + /** |
|
| 120 | + * A string used to print the footer of HTML pages. Written by CASClient::setHTMLFooter(), |
|
| 121 | + * read by printHTMLFooter(). |
|
| 122 | + * |
|
| 123 | + * @hideinitializer |
|
| 124 | + * @private |
|
| 125 | + * @see CASClient::setHTMLFooter, CASClient::printHTMLFooter() |
|
| 126 | + */ |
|
| 127 | + var $_output_footer = ''; |
|
| 128 | + |
|
| 129 | + /** |
|
| 130 | + * This method prints the footer of the HTML output (after filtering). If |
|
| 131 | + * CASClient::setHTMLFooter() was not used, a default footer is output. |
|
| 132 | + * |
|
| 133 | + * @see HTMLFilterOutput() |
|
| 134 | + * @private |
|
| 135 | + */ |
|
| 136 | + function printHTMLFooter() |
|
| 137 | + { |
|
| 138 | + $this->HTMLFilterOutput(empty($this->_output_footer) |
|
| 139 | + ?('<hr><address>phpCAS __PHPCAS_VERSION__ '.$this->getString(CAS_STR_USING_SERVER).' <a href="__SERVER_BASE_URL__">__SERVER_BASE_URL__</a> (CAS __CAS_VERSION__)</a></address></body></html>') |
|
| 140 | + :$this->_output_footer); |
|
| 141 | + } |
|
| 142 | + |
|
| 143 | + /** |
|
| 144 | + * This method set the HTML header used for all outputs. |
|
| 145 | + * |
|
| 146 | + * @param $header the HTML header. |
|
| 147 | + * |
|
| 148 | + * @public |
|
| 149 | + */ |
|
| 150 | + function setHTMLHeader($header) |
|
| 151 | + { |
|
| 152 | + $this->_output_header = $header; |
|
| 153 | + } |
|
| 154 | + |
|
| 155 | + /** |
|
| 156 | + * This method set the HTML footer used for all outputs. |
|
| 157 | + * |
|
| 158 | + * @param $footer the HTML footer. |
|
| 159 | + * |
|
| 160 | + * @public |
|
| 161 | + */ |
|
| 162 | + function setHTMLFooter($footer) |
|
| 163 | + { |
|
| 164 | + $this->_output_footer = $footer; |
|
| 165 | + } |
|
| 166 | + |
|
| 167 | + /** @} */ |
|
| 168 | + // ######################################################################## |
|
| 169 | + // INTERNATIONALIZATION |
|
| 170 | + // ######################################################################## |
|
| 171 | + /** |
|
| 172 | + * @addtogroup internalLang |
|
| 173 | + * @{ |
|
| 174 | + */ |
|
| 175 | + /** |
|
| 176 | + * A string corresponding to the language used by phpCAS. Written by |
|
| 177 | + * CASClient::setLang(), read by CASClient::getLang(). |
|
| 178 | + * @note debugging information is always in english (debug purposes only). |
|
| 179 | + * |
|
| 180 | + * @hideinitializer |
|
| 181 | + * @private |
|
| 182 | + * @sa CASClient::_strings, CASClient::getString() |
|
| 183 | + */ |
|
| 184 | + var $_lang = ''; |
|
| 185 | + |
|
| 186 | + /** |
|
| 187 | + * This method returns the language used by phpCAS. |
|
| 188 | + * |
|
| 189 | + * @return a string representing the language |
|
| 190 | + * |
|
| 191 | + * @private |
|
| 192 | + */ |
|
| 193 | + function getLang() |
|
| 194 | + { |
|
| 195 | + if ( empty($this->_lang) ) |
|
| 196 | + $this->setLang(PHPCAS_LANG_DEFAULT); |
|
| 197 | + return $this->_lang; |
|
| 198 | + } |
|
| 199 | + |
|
| 200 | + /** |
|
| 201 | + * array containing the strings used by phpCAS. Written by CASClient::setLang(), read by |
|
| 202 | + * CASClient::getString() and used by CASClient::setLang(). |
|
| 203 | + * |
|
| 204 | + * @note This array is filled by instructions in CAS/languages/<$this->_lang>.php |
|
| 205 | + * |
|
| 206 | + * @private |
|
| 207 | + * @see CASClient::_lang, CASClient::getString(), CASClient::setLang(), CASClient::getLang() |
|
| 208 | + */ |
|
| 209 | + var $_strings; |
|
| 210 | + |
|
| 211 | + /** |
|
| 212 | + * This method returns a string depending on the language. |
|
| 213 | + * |
|
| 214 | + * @param $str the index of the string in $_string. |
|
| 215 | + * |
|
| 216 | + * @return the string corresponding to $index in $string. |
|
| 217 | + * |
|
| 218 | + * @private |
|
| 219 | + */ |
|
| 220 | + function getString($str) |
|
| 221 | + { |
|
| 222 | + // call CASclient::getLang() to be sure the language is initialized |
|
| 223 | + $this->getLang(); |
|
| 224 | + |
|
| 225 | + if ( !isset($this->_strings[$str]) ) { |
|
| 226 | + trigger_error('string `'.$str.'\' not defined for language `'.$this->getLang().'\'',E_USER_ERROR); |
|
| 227 | + } |
|
| 228 | + return $this->_strings[$str]; |
|
| 229 | + } |
|
| 230 | + |
|
| 231 | + /** |
|
| 232 | + * This method is used to set the language used by phpCAS. |
|
| 233 | + * @note Can be called only once. |
|
| 234 | + * |
|
| 235 | + * @param $lang a string representing the language. |
|
| 236 | + * |
|
| 237 | + * @public |
|
| 238 | + * @sa CAS_LANG_FRENCH, CAS_LANG_ENGLISH |
|
| 239 | + */ |
|
| 240 | + function setLang($lang) |
|
| 241 | + { |
|
| 242 | + // include the corresponding language file |
|
| 243 | + include_once(dirname(__FILE__).'/languages/'.$lang.'.php'); |
|
| 244 | + |
|
| 245 | + if ( !is_array($this->_strings) ) { |
|
| 246 | + trigger_error('language `'.$lang.'\' is not implemented',E_USER_ERROR); |
|
| 247 | + } |
|
| 248 | + $this->_lang = $lang; |
|
| 249 | + } |
|
| 250 | + |
|
| 251 | + /** @} */ |
|
| 252 | + // ######################################################################## |
|
| 253 | + // CAS SERVER CONFIG |
|
| 254 | + // ######################################################################## |
|
| 255 | + /** |
|
| 256 | + * @addtogroup internalConfig |
|
| 257 | + * @{ |
|
| 258 | + */ |
|
| 259 | + |
|
| 260 | + /** |
|
| 261 | + * a record to store information about the CAS server. |
|
| 262 | + * - $_server["version"]: the version of the CAS server |
|
| 263 | + * - $_server["hostname"]: the hostname of the CAS server |
|
| 264 | + * - $_server["port"]: the port the CAS server is running on |
|
| 265 | + * - $_server["uri"]: the base URI the CAS server is responding on |
|
| 266 | + * - $_server["base_url"]: the base URL of the CAS server |
|
| 267 | + * - $_server["login_url"]: the login URL of the CAS server |
|
| 268 | + * - $_server["service_validate_url"]: the service validating URL of the CAS server |
|
| 269 | + * - $_server["proxy_url"]: the proxy URL of the CAS server |
|
| 270 | + * - $_server["proxy_validate_url"]: the proxy validating URL of the CAS server |
|
| 271 | + * - $_server["logout_url"]: the logout URL of the CAS server |
|
| 272 | + * |
|
| 273 | + * $_server["version"], $_server["hostname"], $_server["port"] and $_server["uri"] |
|
| 274 | + * are written by CASClient::CASClient(), read by CASClient::getServerVersion(), |
|
| 275 | + * CASClient::getServerHostname(), CASClient::getServerPort() and CASClient::getServerURI(). |
|
| 276 | + * |
|
| 277 | + * The other fields are written and read by CASClient::getServerBaseURL(), |
|
| 278 | + * CASClient::getServerLoginURL(), CASClient::getServerServiceValidateURL(), |
|
| 279 | + * CASClient::getServerProxyValidateURL() and CASClient::getServerLogoutURL(). |
|
| 280 | + * |
|
| 281 | + * @hideinitializer |
|
| 282 | + * @private |
|
| 283 | + */ |
|
| 284 | + var $_server = array( |
|
| 285 | + 'version' => -1, |
|
| 286 | + 'hostname' => 'none', |
|
| 287 | + 'port' => -1, |
|
| 288 | + 'uri' => 'none' |
|
| 289 | + ); |
|
| 290 | + |
|
| 291 | + /** |
|
| 292 | + * This method is used to retrieve the version of the CAS server. |
|
| 293 | + * @return the version of the CAS server. |
|
| 294 | + * @private |
|
| 295 | + */ |
|
| 296 | + function getServerVersion() |
|
| 297 | + { |
|
| 298 | + return $this->_server['version']; |
|
| 299 | + } |
|
| 300 | + |
|
| 301 | + /** |
|
| 302 | + * This method is used to retrieve the hostname of the CAS server. |
|
| 303 | + * @return the hostname of the CAS server. |
|
| 304 | + * @private |
|
| 305 | + */ |
|
| 306 | + function getServerHostname() |
|
| 307 | + { return $this->_server['hostname']; } |
|
| 308 | + |
|
| 309 | + /** |
|
| 310 | + * This method is used to retrieve the port of the CAS server. |
|
| 311 | + * @return the port of the CAS server. |
|
| 312 | + * @private |
|
| 313 | + */ |
|
| 314 | + function getServerPort() |
|
| 315 | + { return $this->_server['port']; } |
|
| 316 | + |
|
| 317 | + /** |
|
| 318 | + * This method is used to retrieve the URI of the CAS server. |
|
| 319 | + * @return a URI. |
|
| 320 | + * @private |
|
| 321 | + */ |
|
| 322 | + function getServerURI() |
|
| 323 | + { return $this->_server['uri']; } |
|
| 324 | + |
|
| 325 | + /** |
|
| 326 | + * This method is used to retrieve the base URL of the CAS server. |
|
| 327 | + * @return a URL. |
|
| 328 | + * @private |
|
| 329 | + */ |
|
| 330 | + function getServerBaseURL() |
|
| 331 | + { |
|
| 332 | + // the URL is build only when needed |
|
| 333 | + if ( empty($this->_server['base_url']) ) { |
|
| 334 | + $this->_server['base_url'] = 'https://' |
|
| 335 | + .$this->getServerHostname() |
|
| 336 | + .':' |
|
| 337 | + .$this->getServerPort() |
|
| 338 | + .$this->getServerURI(); |
|
| 339 | + } |
|
| 340 | + return $this->_server['base_url']; |
|
| 341 | + } |
|
| 342 | + |
|
| 343 | + /** |
|
| 344 | + * This method is used to retrieve the login URL of the CAS server. |
|
| 345 | + * @param $gateway true to check authentication, false to force it |
|
| 346 | + * @param $renew true to force the authentication with the CAS server |
|
| 347 | + * NOTE : It is recommended that CAS implementations ignore the |
|
| 349 | 348 | "gateway" parameter if "renew" is set |
| 350 | - * @return a URL. |
|
| 351 | - * @private |
|
| 352 | - */ |
|
| 353 | - function getServerLoginURL($gateway=false,$renew=false) { |
|
| 354 | - phpCAS::traceBegin(); |
|
| 355 | - // the URL is build only when needed |
|
| 356 | - if ( empty($this->_server['login_url']) ) { |
|
| 357 | - $this->_server['login_url'] = $this->getServerBaseURL(); |
|
| 358 | - $this->_server['login_url'] .= 'login?service='; |
|
| 359 | - // $this->_server['login_url'] .= preg_replace('/&/','%26',$this->getURL()); |
|
| 360 | - $this->_server['login_url'] .= urlencode($this->getURL()); |
|
| 361 | - if($renew) { |
|
| 362 | - // It is recommended that when the "renew" parameter is set, its value be "true" |
|
| 363 | - $this->_server['login_url'] .= '&renew=true'; |
|
| 364 | - } elseif ($gateway) { |
|
| 365 | - // It is recommended that when the "gateway" parameter is set, its value be "true" |
|
| 366 | - $this->_server['login_url'] .= '&gateway=true'; |
|
| 367 | - } |
|
| 368 | - } |
|
| 369 | - phpCAS::traceEnd($this->_server['login_url']); |
|
| 370 | - return $this->_server['login_url']; |
|
| 371 | - } |
|
| 372 | - |
|
| 373 | - /** |
|
| 374 | - * This method sets the login URL of the CAS server. |
|
| 375 | - * @param $url the login URL |
|
| 376 | - * @private |
|
| 377 | - * @since 0.4.21 by Wyman Chan |
|
| 378 | - */ |
|
| 379 | - function setServerLoginURL($url) |
|
| 380 | - { |
|
| 381 | - return $this->_server['login_url'] = $url; |
|
| 382 | - } |
|
| 383 | - |
|
| 384 | - |
|
| 385 | - /** |
|
| 386 | - * This method sets the serviceValidate URL of the CAS server. |
|
| 387 | - * @param $url the serviceValidate URL |
|
| 388 | - * @private |
|
| 389 | - * @since 1.1.0 by Joachim Fritschi |
|
| 390 | - */ |
|
| 391 | - function setServerServiceValidateURL($url) |
|
| 392 | - { |
|
| 393 | - return $this->_server['service_validate_url'] = $url; |
|
| 394 | - } |
|
| 395 | - |
|
| 396 | - |
|
| 397 | - /** |
|
| 398 | - * This method sets the proxyValidate URL of the CAS server. |
|
| 399 | - * @param $url the proxyValidate URL |
|
| 400 | - * @private |
|
| 401 | - * @since 1.1.0 by Joachim Fritschi |
|
| 402 | - */ |
|
| 403 | - function setServerProxyValidateURL($url) |
|
| 404 | - { |
|
| 405 | - return $this->_server['proxy_validate_url'] = $url; |
|
| 406 | - } |
|
| 407 | - |
|
| 408 | - |
|
| 409 | - /** |
|
| 410 | - * This method sets the samlValidate URL of the CAS server. |
|
| 411 | - * @param $url the samlValidate URL |
|
| 412 | - * @private |
|
| 413 | - * @since 1.1.0 by Joachim Fritschi |
|
| 414 | - */ |
|
| 415 | - function setServerSamlValidateURL($url) |
|
| 416 | - { |
|
| 417 | - return $this->_server['saml_validate_url'] = $url; |
|
| 418 | - } |
|
| 419 | - |
|
| 420 | - |
|
| 421 | - /** |
|
| 422 | - * This method is used to retrieve the service validating URL of the CAS server. |
|
| 423 | - * @return a URL. |
|
| 424 | - * @private |
|
| 425 | - */ |
|
| 426 | - function getServerServiceValidateURL() |
|
| 427 | - { |
|
| 428 | - // the URL is build only when needed |
|
| 429 | - if ( empty($this->_server['service_validate_url']) ) { |
|
| 430 | - switch ($this->getServerVersion()) { |
|
| 431 | - case CAS_VERSION_1_0: |
|
| 432 | - $this->_server['service_validate_url'] = $this->getServerBaseURL().'validate'; |
|
| 433 | - break; |
|
| 434 | - case CAS_VERSION_2_0: |
|
| 435 | - $this->_server['service_validate_url'] = $this->getServerBaseURL().'serviceValidate'; |
|
| 436 | - break; |
|
| 437 | - } |
|
| 438 | - } |
|
| 439 | - // return $this->_server['service_validate_url'].'?service='.preg_replace('/&/','%26',$this->getURL()); |
|
| 440 | - return $this->_server['service_validate_url'].'?service='.urlencode($this->getURL()); |
|
| 441 | - } |
|
| 442 | - /** |
|
| 443 | - * This method is used to retrieve the SAML validating URL of the CAS server. |
|
| 444 | - * @return a URL. |
|
| 445 | - * @private |
|
| 446 | - */ |
|
| 447 | - function getServerSamlValidateURL() |
|
| 448 | - { |
|
| 449 | - phpCAS::traceBegin(); |
|
| 450 | - // the URL is build only when needed |
|
| 451 | - if ( empty($this->_server['saml_validate_url']) ) { |
|
| 452 | - switch ($this->getServerVersion()) { |
|
| 453 | - case SAML_VERSION_1_1: |
|
| 454 | - $this->_server['saml_validate_url'] = $this->getServerBaseURL().'samlValidate'; |
|
| 455 | - break; |
|
| 456 | - } |
|
| 457 | - } |
|
| 458 | - phpCAS::traceEnd($this->_server['saml_validate_url'].'?TARGET='.urlencode($this->getURL())); |
|
| 459 | - return $this->_server['saml_validate_url'].'?TARGET='.urlencode($this->getURL()); |
|
| 460 | - } |
|
| 461 | - /** |
|
| 462 | - * This method is used to retrieve the proxy validating URL of the CAS server. |
|
| 463 | - * @return a URL. |
|
| 464 | - * @private |
|
| 465 | - */ |
|
| 466 | - function getServerProxyValidateURL() |
|
| 467 | - { |
|
| 468 | - // the URL is build only when needed |
|
| 469 | - if ( empty($this->_server['proxy_validate_url']) ) { |
|
| 470 | - switch ($this->getServerVersion()) { |
|
| 471 | - case CAS_VERSION_1_0: |
|
| 472 | - $this->_server['proxy_validate_url'] = ''; |
|
| 473 | - break; |
|
| 474 | - case CAS_VERSION_2_0: |
|
| 475 | - $this->_server['proxy_validate_url'] = $this->getServerBaseURL().'proxyValidate'; |
|
| 476 | - break; |
|
| 477 | - } |
|
| 478 | - } |
|
| 479 | - // return $this->_server['proxy_validate_url'].'?service='.preg_replace('/&/','%26',$this->getURL()); |
|
| 480 | - return $this->_server['proxy_validate_url'].'?service='.urlencode($this->getURL()); |
|
| 481 | - } |
|
| 482 | - |
|
| 483 | - /** |
|
| 484 | - * This method is used to retrieve the proxy URL of the CAS server. |
|
| 485 | - * @return a URL. |
|
| 486 | - * @private |
|
| 487 | - */ |
|
| 488 | - function getServerProxyURL() |
|
| 489 | - { |
|
| 490 | - // the URL is build only when needed |
|
| 491 | - if ( empty($this->_server['proxy_url']) ) { |
|
| 492 | - switch ($this->getServerVersion()) { |
|
| 493 | - case CAS_VERSION_1_0: |
|
| 494 | - $this->_server['proxy_url'] = ''; |
|
| 495 | - break; |
|
| 496 | - case CAS_VERSION_2_0: |
|
| 497 | - $this->_server['proxy_url'] = $this->getServerBaseURL().'proxy'; |
|
| 498 | - break; |
|
| 499 | - } |
|
| 500 | - } |
|
| 501 | - return $this->_server['proxy_url']; |
|
| 502 | - } |
|
| 503 | - |
|
| 504 | - /** |
|
| 505 | - * This method is used to retrieve the logout URL of the CAS server. |
|
| 506 | - * @return a URL. |
|
| 507 | - * @private |
|
| 508 | - */ |
|
| 509 | - function getServerLogoutURL() |
|
| 510 | - { |
|
| 511 | - // the URL is build only when needed |
|
| 512 | - if ( empty($this->_server['logout_url']) ) { |
|
| 513 | - $this->_server['logout_url'] = $this->getServerBaseURL().'logout'; |
|
| 514 | - } |
|
| 515 | - return $this->_server['logout_url']; |
|
| 516 | - } |
|
| 517 | - |
|
| 518 | - /** |
|
| 519 | - * This method sets the logout URL of the CAS server. |
|
| 520 | - * @param $url the logout URL |
|
| 521 | - * @private |
|
| 522 | - * @since 0.4.21 by Wyman Chan |
|
| 523 | - */ |
|
| 524 | - function setServerLogoutURL($url) |
|
| 525 | - { |
|
| 526 | - return $this->_server['logout_url'] = $url; |
|
| 527 | - } |
|
| 528 | - |
|
| 529 | - /** |
|
| 530 | - * An array to store extra curl options. |
|
| 531 | - */ |
|
| 532 | - var $_curl_options = array(); |
|
| 533 | - |
|
| 534 | - /** |
|
| 535 | - * This method is used to set additional user curl options. |
|
| 536 | - */ |
|
| 537 | - function setExtraCurlOption($key, $value) |
|
| 538 | - { |
|
| 539 | - $this->_curl_options[$key] = $value; |
|
| 540 | - } |
|
| 541 | - |
|
| 542 | - /** |
|
| 543 | - * This method checks to see if the request is secured via HTTPS |
|
| 544 | - * @return true if https, false otherwise |
|
| 545 | - * @private |
|
| 546 | - */ |
|
| 547 | - function isHttps() { |
|
| 548 | - //if ( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) ) { |
|
| 549 | - //0.4.24 by Hinnack |
|
| 550 | - if ( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { |
|
| 551 | - return true; |
|
| 552 | - } else { |
|
| 553 | - return false; |
|
| 554 | - } |
|
| 555 | - } |
|
| 556 | - |
|
| 557 | - // ######################################################################## |
|
| 558 | - // CONSTRUCTOR |
|
| 559 | - // ######################################################################## |
|
| 560 | - /** |
|
| 561 | - * CASClient constructor. |
|
| 562 | - * |
|
| 563 | - * @param $server_version the version of the CAS server |
|
| 564 | - * @param $proxy TRUE if the CAS client is a CAS proxy, FALSE otherwise |
|
| 565 | - * @param $server_hostname the hostname of the CAS server |
|
| 566 | - * @param $server_port the port the CAS server is running on |
|
| 567 | - * @param $server_uri the URI the CAS server is responding on |
|
| 568 | - * @param $start_session Have phpCAS start PHP sessions (default true) |
|
| 569 | - * |
|
| 570 | - * @return a newly created CASClient object |
|
| 571 | - * |
|
| 572 | - * @public |
|
| 573 | - */ |
|
| 574 | - function CASClient( |
|
| 575 | - $server_version, |
|
| 576 | - $proxy, |
|
| 577 | - $server_hostname, |
|
| 578 | - $server_port, |
|
| 579 | - $server_uri, |
|
| 580 | - $start_session = true) { |
|
| 581 | - |
|
| 582 | - phpCAS::traceBegin(); |
|
| 583 | - |
|
| 584 | - // the redirect header() call and DOM parsing code from domxml-php4-php5.php won't work in PHP4 compatibility mode |
|
| 585 | - if (version_compare(PHP_VERSION,'5','>=') && ini_get('zend.ze1_compatibility_mode')) { |
|
| 586 | - phpCAS::error('phpCAS cannot support zend.ze1_compatibility_mode. Sorry.'); |
|
| 587 | - } |
|
| 588 | - // skip Session Handling for logout requests and if don't want it' |
|
| 589 | - if ($start_session && !$this->isLogoutRequest()) { |
|
| 590 | - phpCAS::trace("Starting session handling"); |
|
| 591 | - // Check for Tickets from the CAS server |
|
| 592 | - if (empty($_GET['ticket'])){ |
|
| 593 | - phpCAS::trace("No ticket found"); |
|
| 594 | - // only create a session if necessary |
|
| 595 | - if (!session_id()) { |
|
| 596 | - phpCAS::trace("No session found, creating new session"); |
|
| 597 | - session_start(); |
|
| 598 | - } |
|
| 599 | - }else{ |
|
| 600 | - phpCAS::trace("Ticket found"); |
|
| 601 | - // We have to copy any old data before renaming the session |
|
| 602 | - if (session_id()) { |
|
| 603 | - phpCAS::trace("Old active session found, saving old data and destroying session"); |
|
| 604 | - $old_session = $_SESSION; |
|
| 605 | - session_destroy(); |
|
| 606 | - }else{ |
|
| 607 | - session_start(); |
|
| 608 | - phpCAS::trace("Starting possible old session to copy variables"); |
|
| 609 | - $old_session = $_SESSION; |
|
| 610 | - session_destroy(); |
|
| 611 | - } |
|
| 612 | - // set up a new session, of name based on the ticket |
|
| 613 | - $session_id = preg_replace('/[^\w]/','',$_GET['ticket']); |
|
| 614 | - phpCAS::LOG("Session ID: " . $session_id); |
|
| 615 | - session_id($session_id); |
|
| 616 | - session_start(); |
|
| 617 | - // restore old session vars |
|
| 618 | - if(isset($old_session)){ |
|
| 619 | - phpCAS::trace("Restoring old session vars"); |
|
| 620 | - $_SESSION = $old_session; |
|
| 621 | - } |
|
| 622 | - } |
|
| 623 | - }else{ |
|
| 624 | - phpCAS::trace("Skipping session creation"); |
|
| 625 | - } |
|
| 626 | - |
|
| 627 | - |
|
| 628 | - // are we in proxy mode ? |
|
| 629 | - $this->_proxy = $proxy; |
|
| 630 | - |
|
| 631 | - //check version |
|
| 632 | - switch ($server_version) { |
|
| 633 | - case CAS_VERSION_1_0: |
|
| 634 | - if ( $this->isProxy() ) |
|
| 635 | - phpCAS::error('CAS proxies are not supported in CAS ' |
|
| 636 | - .$server_version); |
|
| 637 | - break; |
|
| 638 | - case CAS_VERSION_2_0: |
|
| 639 | - break; |
|
| 640 | - case SAML_VERSION_1_1: |
|
| 641 | - break; |
|
| 642 | - default: |
|
| 643 | - phpCAS::error('this version of CAS (`' |
|
| 644 | - .$server_version |
|
| 645 | - .'\') is not supported by phpCAS ' |
|
| 646 | - .phpCAS::getVersion()); |
|
| 647 | - } |
|
| 648 | - $this->_server['version'] = $server_version; |
|
| 649 | - |
|
| 650 | - // check hostname |
|
| 651 | - if ( empty($server_hostname) |
|
| 652 | - || !preg_match('/[\.\d\-abcdefghijklmnopqrstuvwxyz]*/',$server_hostname) ) { |
|
| 653 | - phpCAS::error('bad CAS server hostname (`'.$server_hostname.'\')'); |
|
| 654 | - } |
|
| 655 | - $this->_server['hostname'] = $server_hostname; |
|
| 656 | - |
|
| 657 | - // check port |
|
| 658 | - if ( $server_port == 0 |
|
| 659 | - || !is_int($server_port) ) { |
|
| 660 | - phpCAS::error('bad CAS server port (`'.$server_hostname.'\')'); |
|
| 661 | - } |
|
| 662 | - $this->_server['port'] = $server_port; |
|
| 663 | - |
|
| 664 | - // check URI |
|
| 665 | - if ( !preg_match('/[\.\d\-_abcdefghijklmnopqrstuvwxyz\/]*/',$server_uri) ) { |
|
| 666 | - phpCAS::error('bad CAS server URI (`'.$server_uri.'\')'); |
|
| 667 | - } |
|
| 668 | - // add leading and trailing `/' and remove doubles |
|
| 669 | - $server_uri = preg_replace('/\/\//','/','/'.$server_uri.'/'); |
|
| 670 | - $this->_server['uri'] = $server_uri; |
|
| 671 | - |
|
| 672 | - // set to callback mode if PgtIou and PgtId CGI GET parameters are provided |
|
| 673 | - if ( $this->isProxy() ) { |
|
| 674 | - $this->setCallbackMode(!empty($_GET['pgtIou'])&&!empty($_GET['pgtId'])); |
|
| 675 | - } |
|
| 676 | - |
|
| 677 | - if ( $this->isCallbackMode() ) { |
|
| 678 | - //callback mode: check that phpCAS is secured |
|
| 679 | - if ( !$this->isHttps() ) { |
|
| 680 | - phpCAS::error('CAS proxies must be secured to use phpCAS; PGT\'s will not be received from the CAS server'); |
|
| 681 | - } |
|
| 682 | - } else { |
|
| 683 | - //normal mode: get ticket and remove it from CGI parameters for developpers |
|
| 684 | - $ticket = (isset($_GET['ticket']) ? $_GET['ticket'] : null); |
|
| 685 | - switch ($this->getServerVersion()) { |
|
| 686 | - case CAS_VERSION_1_0: // check for a Service Ticket |
|
| 687 | - if( preg_match('/^ST-/',$ticket) ) { |
|
| 688 | - phpCAS::trace('ST \''.$ticket.'\' found'); |
|
| 689 | - //ST present |
|
| 690 | - $this->setST($ticket); |
|
| 691 | - //ticket has been taken into account, unset it to hide it to applications |
|
| 692 | - unset($_GET['ticket']); |
|
| 693 | - } else if ( !empty($ticket) ) { |
|
| 694 | - //ill-formed ticket, halt |
|
| 695 | - phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')'); |
|
| 696 | - } |
|
| 697 | - break; |
|
| 698 | - case CAS_VERSION_2_0: // check for a Service or Proxy Ticket |
|
| 699 | - if( preg_match('/^[SP]T-/',$ticket) ) { |
|
| 700 | - phpCAS::trace('ST or PT \''.$ticket.'\' found'); |
|
| 701 | - $this->setPT($ticket); |
|
| 702 | - unset($_GET['ticket']); |
|
| 703 | - } else if ( !empty($ticket) ) { |
|
| 704 | - //ill-formed ticket, halt |
|
| 705 | - phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')'); |
|
| 706 | - } |
|
| 707 | - break; |
|
| 708 | - case SAML_VERSION_1_1: // SAML just does Service Tickets |
|
| 709 | - if( preg_match('/^[SP]T-/',$ticket) ) { |
|
| 710 | - phpCAS::trace('SA \''.$ticket.'\' found'); |
|
| 711 | - $this->setSA($ticket); |
|
| 712 | - unset($_GET['ticket']); |
|
| 713 | - } else if ( !empty($ticket) ) { |
|
| 714 | - //ill-formed ticket, halt |
|
| 715 | - phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')'); |
|
| 716 | - } |
|
| 717 | - break; |
|
| 718 | - } |
|
| 719 | - } |
|
| 720 | - phpCAS::traceEnd(); |
|
| 721 | - } |
|
| 722 | - |
|
| 723 | - /** @} */ |
|
| 724 | - |
|
| 725 | - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 726 | - // XX XX |
|
| 727 | - // XX AUTHENTICATION XX |
|
| 728 | - // XX XX |
|
| 729 | - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 730 | - |
|
| 731 | - /** |
|
| 732 | - * @addtogroup internalAuthentication |
|
| 733 | - * @{ |
|
| 734 | - */ |
|
| 735 | - |
|
| 736 | - /** |
|
| 737 | - * The Authenticated user. Written by CASClient::setUser(), read by CASClient::getUser(). |
|
| 738 | - * @attention client applications should use phpCAS::getUser(). |
|
| 739 | - * |
|
| 740 | - * @hideinitializer |
|
| 741 | - * @private |
|
| 742 | - */ |
|
| 743 | - var $_user = ''; |
|
| 744 | - |
|
| 745 | - /** |
|
| 746 | - * This method sets the CAS user's login name. |
|
| 747 | - * |
|
| 748 | - * @param $user the login name of the authenticated user. |
|
| 749 | - * |
|
| 750 | - * @private |
|
| 751 | - */ |
|
| 752 | - function setUser($user) |
|
| 753 | - { |
|
| 754 | - $this->_user = $user; |
|
| 755 | - } |
|
| 756 | - |
|
| 757 | - /** |
|
| 758 | - * This method returns the CAS user's login name. |
|
| 759 | - * @warning should be called only after CASClient::forceAuthentication() or |
|
| 760 | - * CASClient::isAuthenticated(), otherwise halt with an error. |
|
| 761 | - * |
|
| 762 | - * @return the login name of the authenticated user |
|
| 763 | - */ |
|
| 764 | - function getUser() |
|
| 765 | - { |
|
| 766 | - if ( empty($this->_user) ) { |
|
| 767 | - phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'); |
|
| 768 | - } |
|
| 769 | - return $this->_user; |
|
| 770 | - } |
|
| 771 | - |
|
| 772 | - |
|
| 773 | - |
|
| 774 | - /*********************************************************************************************************************** |
|
| 349 | + * @return a URL. |
|
| 350 | + * @private |
|
| 351 | + */ |
|
| 352 | + function getServerLoginURL($gateway=false,$renew=false) { |
|
| 353 | + phpCAS::traceBegin(); |
|
| 354 | + // the URL is build only when needed |
|
| 355 | + if ( empty($this->_server['login_url']) ) { |
|
| 356 | + $this->_server['login_url'] = $this->getServerBaseURL(); |
|
| 357 | + $this->_server['login_url'] .= 'login?service='; |
|
| 358 | + // $this->_server['login_url'] .= preg_replace('/&/','%26',$this->getURL()); |
|
| 359 | + $this->_server['login_url'] .= urlencode($this->getURL()); |
|
| 360 | + if($renew) { |
|
| 361 | + // It is recommended that when the "renew" parameter is set, its value be "true" |
|
| 362 | + $this->_server['login_url'] .= '&renew=true'; |
|
| 363 | + } elseif ($gateway) { |
|
| 364 | + // It is recommended that when the "gateway" parameter is set, its value be "true" |
|
| 365 | + $this->_server['login_url'] .= '&gateway=true'; |
|
| 366 | + } |
|
| 367 | + } |
|
| 368 | + phpCAS::traceEnd($this->_server['login_url']); |
|
| 369 | + return $this->_server['login_url']; |
|
| 370 | + } |
|
| 371 | + |
|
| 372 | + /** |
|
| 373 | + * This method sets the login URL of the CAS server. |
|
| 374 | + * @param $url the login URL |
|
| 375 | + * @private |
|
| 376 | + * @since 0.4.21 by Wyman Chan |
|
| 377 | + */ |
|
| 378 | + function setServerLoginURL($url) |
|
| 379 | + { |
|
| 380 | + return $this->_server['login_url'] = $url; |
|
| 381 | + } |
|
| 382 | + |
|
| 383 | + |
|
| 384 | + /** |
|
| 385 | + * This method sets the serviceValidate URL of the CAS server. |
|
| 386 | + * @param $url the serviceValidate URL |
|
| 387 | + * @private |
|
| 388 | + * @since 1.1.0 by Joachim Fritschi |
|
| 389 | + */ |
|
| 390 | + function setServerServiceValidateURL($url) |
|
| 391 | + { |
|
| 392 | + return $this->_server['service_validate_url'] = $url; |
|
| 393 | + } |
|
| 394 | + |
|
| 395 | + |
|
| 396 | + /** |
|
| 397 | + * This method sets the proxyValidate URL of the CAS server. |
|
| 398 | + * @param $url the proxyValidate URL |
|
| 399 | + * @private |
|
| 400 | + * @since 1.1.0 by Joachim Fritschi |
|
| 401 | + */ |
|
| 402 | + function setServerProxyValidateURL($url) |
|
| 403 | + { |
|
| 404 | + return $this->_server['proxy_validate_url'] = $url; |
|
| 405 | + } |
|
| 406 | + |
|
| 407 | + |
|
| 408 | + /** |
|
| 409 | + * This method sets the samlValidate URL of the CAS server. |
|
| 410 | + * @param $url the samlValidate URL |
|
| 411 | + * @private |
|
| 412 | + * @since 1.1.0 by Joachim Fritschi |
|
| 413 | + */ |
|
| 414 | + function setServerSamlValidateURL($url) |
|
| 415 | + { |
|
| 416 | + return $this->_server['saml_validate_url'] = $url; |
|
| 417 | + } |
|
| 418 | + |
|
| 419 | + |
|
| 420 | + /** |
|
| 421 | + * This method is used to retrieve the service validating URL of the CAS server. |
|
| 422 | + * @return a URL. |
|
| 423 | + * @private |
|
| 424 | + */ |
|
| 425 | + function getServerServiceValidateURL() |
|
| 426 | + { |
|
| 427 | + // the URL is build only when needed |
|
| 428 | + if ( empty($this->_server['service_validate_url']) ) { |
|
| 429 | + switch ($this->getServerVersion()) { |
|
| 430 | + case CAS_VERSION_1_0: |
|
| 431 | + $this->_server['service_validate_url'] = $this->getServerBaseURL().'validate'; |
|
| 432 | + break; |
|
| 433 | + case CAS_VERSION_2_0: |
|
| 434 | + $this->_server['service_validate_url'] = $this->getServerBaseURL().'serviceValidate'; |
|
| 435 | + break; |
|
| 436 | + } |
|
| 437 | + } |
|
| 438 | + // return $this->_server['service_validate_url'].'?service='.preg_replace('/&/','%26',$this->getURL()); |
|
| 439 | + return $this->_server['service_validate_url'].'?service='.urlencode($this->getURL()); |
|
| 440 | + } |
|
| 441 | + /** |
|
| 442 | + * This method is used to retrieve the SAML validating URL of the CAS server. |
|
| 443 | + * @return a URL. |
|
| 444 | + * @private |
|
| 445 | + */ |
|
| 446 | + function getServerSamlValidateURL() |
|
| 447 | + { |
|
| 448 | + phpCAS::traceBegin(); |
|
| 449 | + // the URL is build only when needed |
|
| 450 | + if ( empty($this->_server['saml_validate_url']) ) { |
|
| 451 | + switch ($this->getServerVersion()) { |
|
| 452 | + case SAML_VERSION_1_1: |
|
| 453 | + $this->_server['saml_validate_url'] = $this->getServerBaseURL().'samlValidate'; |
|
| 454 | + break; |
|
| 455 | + } |
|
| 456 | + } |
|
| 457 | + phpCAS::traceEnd($this->_server['saml_validate_url'].'?TARGET='.urlencode($this->getURL())); |
|
| 458 | + return $this->_server['saml_validate_url'].'?TARGET='.urlencode($this->getURL()); |
|
| 459 | + } |
|
| 460 | + /** |
|
| 461 | + * This method is used to retrieve the proxy validating URL of the CAS server. |
|
| 462 | + * @return a URL. |
|
| 463 | + * @private |
|
| 464 | + */ |
|
| 465 | + function getServerProxyValidateURL() |
|
| 466 | + { |
|
| 467 | + // the URL is build only when needed |
|
| 468 | + if ( empty($this->_server['proxy_validate_url']) ) { |
|
| 469 | + switch ($this->getServerVersion()) { |
|
| 470 | + case CAS_VERSION_1_0: |
|
| 471 | + $this->_server['proxy_validate_url'] = ''; |
|
| 472 | + break; |
|
| 473 | + case CAS_VERSION_2_0: |
|
| 474 | + $this->_server['proxy_validate_url'] = $this->getServerBaseURL().'proxyValidate'; |
|
| 475 | + break; |
|
| 476 | + } |
|
| 477 | + } |
|
| 478 | + // return $this->_server['proxy_validate_url'].'?service='.preg_replace('/&/','%26',$this->getURL()); |
|
| 479 | + return $this->_server['proxy_validate_url'].'?service='.urlencode($this->getURL()); |
|
| 480 | + } |
|
| 481 | + |
|
| 482 | + /** |
|
| 483 | + * This method is used to retrieve the proxy URL of the CAS server. |
|
| 484 | + * @return a URL. |
|
| 485 | + * @private |
|
| 486 | + */ |
|
| 487 | + function getServerProxyURL() |
|
| 488 | + { |
|
| 489 | + // the URL is build only when needed |
|
| 490 | + if ( empty($this->_server['proxy_url']) ) { |
|
| 491 | + switch ($this->getServerVersion()) { |
|
| 492 | + case CAS_VERSION_1_0: |
|
| 493 | + $this->_server['proxy_url'] = ''; |
|
| 494 | + break; |
|
| 495 | + case CAS_VERSION_2_0: |
|
| 496 | + $this->_server['proxy_url'] = $this->getServerBaseURL().'proxy'; |
|
| 497 | + break; |
|
| 498 | + } |
|
| 499 | + } |
|
| 500 | + return $this->_server['proxy_url']; |
|
| 501 | + } |
|
| 502 | + |
|
| 503 | + /** |
|
| 504 | + * This method is used to retrieve the logout URL of the CAS server. |
|
| 505 | + * @return a URL. |
|
| 506 | + * @private |
|
| 507 | + */ |
|
| 508 | + function getServerLogoutURL() |
|
| 509 | + { |
|
| 510 | + // the URL is build only when needed |
|
| 511 | + if ( empty($this->_server['logout_url']) ) { |
|
| 512 | + $this->_server['logout_url'] = $this->getServerBaseURL().'logout'; |
|
| 513 | + } |
|
| 514 | + return $this->_server['logout_url']; |
|
| 515 | + } |
|
| 516 | + |
|
| 517 | + /** |
|
| 518 | + * This method sets the logout URL of the CAS server. |
|
| 519 | + * @param $url the logout URL |
|
| 520 | + * @private |
|
| 521 | + * @since 0.4.21 by Wyman Chan |
|
| 522 | + */ |
|
| 523 | + function setServerLogoutURL($url) |
|
| 524 | + { |
|
| 525 | + return $this->_server['logout_url'] = $url; |
|
| 526 | + } |
|
| 527 | + |
|
| 528 | + /** |
|
| 529 | + * An array to store extra curl options. |
|
| 530 | + */ |
|
| 531 | + var $_curl_options = array(); |
|
| 532 | + |
|
| 533 | + /** |
|
| 534 | + * This method is used to set additional user curl options. |
|
| 535 | + */ |
|
| 536 | + function setExtraCurlOption($key, $value) |
|
| 537 | + { |
|
| 538 | + $this->_curl_options[$key] = $value; |
|
| 539 | + } |
|
| 540 | + |
|
| 541 | + /** |
|
| 542 | + * This method checks to see if the request is secured via HTTPS |
|
| 543 | + * @return true if https, false otherwise |
|
| 544 | + * @private |
|
| 545 | + */ |
|
| 546 | + function isHttps() { |
|
| 547 | + //if ( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) ) { |
|
| 548 | + //0.4.24 by Hinnack |
|
| 549 | + if ( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { |
|
| 550 | + return true; |
|
| 551 | + } else { |
|
| 552 | + return false; |
|
| 553 | + } |
|
| 554 | + } |
|
| 555 | + |
|
| 556 | + // ######################################################################## |
|
| 557 | + // CONSTRUCTOR |
|
| 558 | + // ######################################################################## |
|
| 559 | + /** |
|
| 560 | + * CASClient constructor. |
|
| 561 | + * |
|
| 562 | + * @param $server_version the version of the CAS server |
|
| 563 | + * @param $proxy TRUE if the CAS client is a CAS proxy, FALSE otherwise |
|
| 564 | + * @param $server_hostname the hostname of the CAS server |
|
| 565 | + * @param $server_port the port the CAS server is running on |
|
| 566 | + * @param $server_uri the URI the CAS server is responding on |
|
| 567 | + * @param $start_session Have phpCAS start PHP sessions (default true) |
|
| 568 | + * |
|
| 569 | + * @return a newly created CASClient object |
|
| 570 | + * |
|
| 571 | + * @public |
|
| 572 | + */ |
|
| 573 | + function CASClient( |
|
| 574 | + $server_version, |
|
| 575 | + $proxy, |
|
| 576 | + $server_hostname, |
|
| 577 | + $server_port, |
|
| 578 | + $server_uri, |
|
| 579 | + $start_session = true) { |
|
| 580 | + |
|
| 581 | + phpCAS::traceBegin(); |
|
| 582 | + |
|
| 583 | + // the redirect header() call and DOM parsing code from domxml-php4-php5.php won't work in PHP4 compatibility mode |
|
| 584 | + if (version_compare(PHP_VERSION,'5','>=') && ini_get('zend.ze1_compatibility_mode')) { |
|
| 585 | + phpCAS::error('phpCAS cannot support zend.ze1_compatibility_mode. Sorry.'); |
|
| 586 | + } |
|
| 587 | + // skip Session Handling for logout requests and if don't want it' |
|
| 588 | + if ($start_session && !$this->isLogoutRequest()) { |
|
| 589 | + phpCAS::trace("Starting session handling"); |
|
| 590 | + // Check for Tickets from the CAS server |
|
| 591 | + if (empty($_GET['ticket'])){ |
|
| 592 | + phpCAS::trace("No ticket found"); |
|
| 593 | + // only create a session if necessary |
|
| 594 | + if (!session_id()) { |
|
| 595 | + phpCAS::trace("No session found, creating new session"); |
|
| 596 | + session_start(); |
|
| 597 | + } |
|
| 598 | + }else{ |
|
| 599 | + phpCAS::trace("Ticket found"); |
|
| 600 | + // We have to copy any old data before renaming the session |
|
| 601 | + if (session_id()) { |
|
| 602 | + phpCAS::trace("Old active session found, saving old data and destroying session"); |
|
| 603 | + $old_session = $_SESSION; |
|
| 604 | + session_destroy(); |
|
| 605 | + }else{ |
|
| 606 | + session_start(); |
|
| 607 | + phpCAS::trace("Starting possible old session to copy variables"); |
|
| 608 | + $old_session = $_SESSION; |
|
| 609 | + session_destroy(); |
|
| 610 | + } |
|
| 611 | + // set up a new session, of name based on the ticket |
|
| 612 | + $session_id = preg_replace('/[^\w]/','',$_GET['ticket']); |
|
| 613 | + phpCAS::LOG("Session ID: " . $session_id); |
|
| 614 | + session_id($session_id); |
|
| 615 | + session_start(); |
|
| 616 | + // restore old session vars |
|
| 617 | + if(isset($old_session)){ |
|
| 618 | + phpCAS::trace("Restoring old session vars"); |
|
| 619 | + $_SESSION = $old_session; |
|
| 620 | + } |
|
| 621 | + } |
|
| 622 | + }else{ |
|
| 623 | + phpCAS::trace("Skipping session creation"); |
|
| 624 | + } |
|
| 625 | + |
|
| 626 | + |
|
| 627 | + // are we in proxy mode ? |
|
| 628 | + $this->_proxy = $proxy; |
|
| 629 | + |
|
| 630 | + //check version |
|
| 631 | + switch ($server_version) { |
|
| 632 | + case CAS_VERSION_1_0: |
|
| 633 | + if ( $this->isProxy() ) |
|
| 634 | + phpCAS::error('CAS proxies are not supported in CAS ' |
|
| 635 | + .$server_version); |
|
| 636 | + break; |
|
| 637 | + case CAS_VERSION_2_0: |
|
| 638 | + break; |
|
| 639 | + case SAML_VERSION_1_1: |
|
| 640 | + break; |
|
| 641 | + default: |
|
| 642 | + phpCAS::error('this version of CAS (`' |
|
| 643 | + .$server_version |
|
| 644 | + .'\') is not supported by phpCAS ' |
|
| 645 | + .phpCAS::getVersion()); |
|
| 646 | + } |
|
| 647 | + $this->_server['version'] = $server_version; |
|
| 648 | + |
|
| 649 | + // check hostname |
|
| 650 | + if ( empty($server_hostname) |
|
| 651 | + || !preg_match('/[\.\d\-abcdefghijklmnopqrstuvwxyz]*/',$server_hostname) ) { |
|
| 652 | + phpCAS::error('bad CAS server hostname (`'.$server_hostname.'\')'); |
|
| 653 | + } |
|
| 654 | + $this->_server['hostname'] = $server_hostname; |
|
| 655 | + |
|
| 656 | + // check port |
|
| 657 | + if ( $server_port == 0 |
|
| 658 | + || !is_int($server_port) ) { |
|
| 659 | + phpCAS::error('bad CAS server port (`'.$server_hostname.'\')'); |
|
| 660 | + } |
|
| 661 | + $this->_server['port'] = $server_port; |
|
| 662 | + |
|
| 663 | + // check URI |
|
| 664 | + if ( !preg_match('/[\.\d\-_abcdefghijklmnopqrstuvwxyz\/]*/',$server_uri) ) { |
|
| 665 | + phpCAS::error('bad CAS server URI (`'.$server_uri.'\')'); |
|
| 666 | + } |
|
| 667 | + // add leading and trailing `/' and remove doubles |
|
| 668 | + $server_uri = preg_replace('/\/\//','/','/'.$server_uri.'/'); |
|
| 669 | + $this->_server['uri'] = $server_uri; |
|
| 670 | + |
|
| 671 | + // set to callback mode if PgtIou and PgtId CGI GET parameters are provided |
|
| 672 | + if ( $this->isProxy() ) { |
|
| 673 | + $this->setCallbackMode(!empty($_GET['pgtIou'])&&!empty($_GET['pgtId'])); |
|
| 674 | + } |
|
| 675 | + |
|
| 676 | + if ( $this->isCallbackMode() ) { |
|
| 677 | + //callback mode: check that phpCAS is secured |
|
| 678 | + if ( !$this->isHttps() ) { |
|
| 679 | + phpCAS::error('CAS proxies must be secured to use phpCAS; PGT\'s will not be received from the CAS server'); |
|
| 680 | + } |
|
| 681 | + } else { |
|
| 682 | + //normal mode: get ticket and remove it from CGI parameters for developpers |
|
| 683 | + $ticket = (isset($_GET['ticket']) ? $_GET['ticket'] : null); |
|
| 684 | + switch ($this->getServerVersion()) { |
|
| 685 | + case CAS_VERSION_1_0: // check for a Service Ticket |
|
| 686 | + if( preg_match('/^ST-/',$ticket) ) { |
|
| 687 | + phpCAS::trace('ST \''.$ticket.'\' found'); |
|
| 688 | + //ST present |
|
| 689 | + $this->setST($ticket); |
|
| 690 | + //ticket has been taken into account, unset it to hide it to applications |
|
| 691 | + unset($_GET['ticket']); |
|
| 692 | + } else if ( !empty($ticket) ) { |
|
| 693 | + //ill-formed ticket, halt |
|
| 694 | + phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')'); |
|
| 695 | + } |
|
| 696 | + break; |
|
| 697 | + case CAS_VERSION_2_0: // check for a Service or Proxy Ticket |
|
| 698 | + if( preg_match('/^[SP]T-/',$ticket) ) { |
|
| 699 | + phpCAS::trace('ST or PT \''.$ticket.'\' found'); |
|
| 700 | + $this->setPT($ticket); |
|
| 701 | + unset($_GET['ticket']); |
|
| 702 | + } else if ( !empty($ticket) ) { |
|
| 703 | + //ill-formed ticket, halt |
|
| 704 | + phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')'); |
|
| 705 | + } |
|
| 706 | + break; |
|
| 707 | + case SAML_VERSION_1_1: // SAML just does Service Tickets |
|
| 708 | + if( preg_match('/^[SP]T-/',$ticket) ) { |
|
| 709 | + phpCAS::trace('SA \''.$ticket.'\' found'); |
|
| 710 | + $this->setSA($ticket); |
|
| 711 | + unset($_GET['ticket']); |
|
| 712 | + } else if ( !empty($ticket) ) { |
|
| 713 | + //ill-formed ticket, halt |
|
| 714 | + phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')'); |
|
| 715 | + } |
|
| 716 | + break; |
|
| 717 | + } |
|
| 718 | + } |
|
| 719 | + phpCAS::traceEnd(); |
|
| 720 | + } |
|
| 721 | + |
|
| 722 | + /** @} */ |
|
| 723 | + |
|
| 724 | + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 725 | + // XX XX |
|
| 726 | + // XX AUTHENTICATION XX |
|
| 727 | + // XX XX |
|
| 728 | + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 729 | + |
|
| 730 | + /** |
|
| 731 | + * @addtogroup internalAuthentication |
|
| 732 | + * @{ |
|
| 733 | + */ |
|
| 734 | + |
|
| 735 | + /** |
|
| 736 | + * The Authenticated user. Written by CASClient::setUser(), read by CASClient::getUser(). |
|
| 737 | + * @attention client applications should use phpCAS::getUser(). |
|
| 738 | + * |
|
| 739 | + * @hideinitializer |
|
| 740 | + * @private |
|
| 741 | + */ |
|
| 742 | + var $_user = ''; |
|
| 743 | + |
|
| 744 | + /** |
|
| 745 | + * This method sets the CAS user's login name. |
|
| 746 | + * |
|
| 747 | + * @param $user the login name of the authenticated user. |
|
| 748 | + * |
|
| 749 | + * @private |
|
| 750 | + */ |
|
| 751 | + function setUser($user) |
|
| 752 | + { |
|
| 753 | + $this->_user = $user; |
|
| 754 | + } |
|
| 755 | + |
|
| 756 | + /** |
|
| 757 | + * This method returns the CAS user's login name. |
|
| 758 | + * @warning should be called only after CASClient::forceAuthentication() or |
|
| 759 | + * CASClient::isAuthenticated(), otherwise halt with an error. |
|
| 760 | + * |
|
| 761 | + * @return the login name of the authenticated user |
|
| 762 | + */ |
|
| 763 | + function getUser() |
|
| 764 | + { |
|
| 765 | + if ( empty($this->_user) ) { |
|
| 766 | + phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'); |
|
| 767 | + } |
|
| 768 | + return $this->_user; |
|
| 769 | + } |
|
| 770 | + |
|
| 771 | + |
|
| 772 | + |
|
| 773 | + /*********************************************************************************************************************** |
|
| 775 | 774 | * Atrributes section |
| 776 | 775 | * |
| 777 | 776 | * @author Matthias Crauwels <[email protected]>, Ghent University, Belgium |
| 778 | 777 | * |
| 779 | 778 | ***********************************************************************************************************************/ |
| 780 | - /** |
|
| 781 | - * The Authenticated users attributes. Written by CASClient::setAttributes(), read by CASClient::getAttributes(). |
|
| 782 | - * @attention client applications should use phpCAS::getAttributes(). |
|
| 783 | - * |
|
| 784 | - * @hideinitializer |
|
| 785 | - * @private |
|
| 786 | - */ |
|
| 787 | - var $_attributes = array(); |
|
| 788 | - |
|
| 789 | - function setAttributes($attributes) |
|
| 790 | - { $this->_attributes = $attributes; } |
|
| 791 | - |
|
| 792 | - function getAttributes() { |
|
| 793 | - if ( empty($this->_user) ) { // if no user is set, there shouldn't be any attributes also... |
|
| 794 | - phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'); |
|
| 795 | - } |
|
| 796 | - return $this->_attributes; |
|
| 797 | - } |
|
| 798 | - |
|
| 799 | - function hasAttributes() |
|
| 800 | - { return !empty($this->_attributes); } |
|
| 801 | - |
|
| 802 | - function hasAttribute($key) |
|
| 803 | - { return (is_array($this->_attributes) && array_key_exists($key, $this->_attributes)); } |
|
| 804 | - |
|
| 805 | - function getAttribute($key) { |
|
| 806 | - if($this->hasAttribute($key)) { |
|
| 807 | - return $this->_attributes[$key]; |
|
| 808 | - } |
|
| 809 | - } |
|
| 810 | - |
|
| 811 | - /** |
|
| 812 | - * This method is called to renew the authentication of the user |
|
| 813 | - * If the user is authenticated, renew the connection |
|
| 814 | - * If not, redirect to CAS |
|
| 815 | - * @public |
|
| 816 | - */ |
|
| 817 | - function renewAuthentication(){ |
|
| 818 | - phpCAS::traceBegin(); |
|
| 819 | - // Either way, the user is authenticated by CAS |
|
| 820 | - if( isset( $_SESSION['phpCAS']['auth_checked'] ) ) |
|
| 821 | - unset($_SESSION['phpCAS']['auth_checked']); |
|
| 822 | - if ( $this->isAuthenticated() ) { |
|
| 823 | - phpCAS::trace('user already authenticated; renew'); |
|
| 824 | - $this->redirectToCas(false,true); |
|
| 825 | - } else { |
|
| 826 | - $this->redirectToCas(); |
|
| 827 | - } |
|
| 828 | - phpCAS::traceEnd(); |
|
| 829 | - } |
|
| 830 | - |
|
| 831 | - /** |
|
| 832 | - * This method is called to be sure that the user is authenticated. When not |
|
| 833 | - * authenticated, halt by redirecting to the CAS server; otherwise return TRUE. |
|
| 834 | - * @return TRUE when the user is authenticated; otherwise halt. |
|
| 835 | - * @public |
|
| 836 | - */ |
|
| 837 | - function forceAuthentication() |
|
| 838 | - { |
|
| 839 | - phpCAS::traceBegin(); |
|
| 840 | - |
|
| 841 | - if ( $this->isAuthenticated() ) { |
|
| 842 | - // the user is authenticated, nothing to be done. |
|
| 843 | - phpCAS::trace('no need to authenticate'); |
|
| 844 | - $res = TRUE; |
|
| 845 | - } else { |
|
| 846 | - // the user is not authenticated, redirect to the CAS server |
|
| 847 | - if (isset($_SESSION['phpCAS']['auth_checked'])) { |
|
| 848 | - unset($_SESSION['phpCAS']['auth_checked']); |
|
| 849 | - } |
|
| 850 | - $this->redirectToCas(FALSE/* no gateway */); |
|
| 851 | - // never reached |
|
| 852 | - $res = FALSE; |
|
| 853 | - } |
|
| 854 | - phpCAS::traceEnd($res); |
|
| 855 | - return $res; |
|
| 856 | - } |
|
| 857 | - |
|
| 858 | - /** |
|
| 859 | - * An integer that gives the number of times authentication will be cached before rechecked. |
|
| 860 | - * |
|
| 861 | - * @hideinitializer |
|
| 862 | - * @private |
|
| 863 | - */ |
|
| 864 | - var $_cache_times_for_auth_recheck = 0; |
|
| 865 | - |
|
| 866 | - /** |
|
| 867 | - * Set the number of times authentication will be cached before rechecked. |
|
| 868 | - * |
|
| 869 | - * @param $n an integer. |
|
| 870 | - * |
|
| 871 | - * @public |
|
| 872 | - */ |
|
| 873 | - function setCacheTimesForAuthRecheck($n) |
|
| 874 | - { |
|
| 875 | - $this->_cache_times_for_auth_recheck = $n; |
|
| 876 | - } |
|
| 877 | - |
|
| 878 | - /** |
|
| 879 | - * This method is called to check whether the user is authenticated or not. |
|
| 880 | - * @return TRUE when the user is authenticated, FALSE otherwise. |
|
| 881 | - * @public |
|
| 882 | - */ |
|
| 883 | - function checkAuthentication() |
|
| 884 | - { |
|
| 885 | - phpCAS::traceBegin(); |
|
| 886 | - if ( $this->isAuthenticated() ) { |
|
| 779 | + /** |
|
| 780 | + * The Authenticated users attributes. Written by CASClient::setAttributes(), read by CASClient::getAttributes(). |
|
| 781 | + * @attention client applications should use phpCAS::getAttributes(). |
|
| 782 | + * |
|
| 783 | + * @hideinitializer |
|
| 784 | + * @private |
|
| 785 | + */ |
|
| 786 | + var $_attributes = array(); |
|
| 787 | + |
|
| 788 | + function setAttributes($attributes) |
|
| 789 | + { $this->_attributes = $attributes; } |
|
| 790 | + |
|
| 791 | + function getAttributes() { |
|
| 792 | + if ( empty($this->_user) ) { // if no user is set, there shouldn't be any attributes also... |
|
| 793 | + phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'); |
|
| 794 | + } |
|
| 795 | + return $this->_attributes; |
|
| 796 | + } |
|
| 797 | + |
|
| 798 | + function hasAttributes() |
|
| 799 | + { return !empty($this->_attributes); } |
|
| 800 | + |
|
| 801 | + function hasAttribute($key) |
|
| 802 | + { return (is_array($this->_attributes) && array_key_exists($key, $this->_attributes)); } |
|
| 803 | + |
|
| 804 | + function getAttribute($key) { |
|
| 805 | + if($this->hasAttribute($key)) { |
|
| 806 | + return $this->_attributes[$key]; |
|
| 807 | + } |
|
| 808 | + } |
|
| 809 | + |
|
| 810 | + /** |
|
| 811 | + * This method is called to renew the authentication of the user |
|
| 812 | + * If the user is authenticated, renew the connection |
|
| 813 | + * If not, redirect to CAS |
|
| 814 | + * @public |
|
| 815 | + */ |
|
| 816 | + function renewAuthentication(){ |
|
| 817 | + phpCAS::traceBegin(); |
|
| 818 | + // Either way, the user is authenticated by CAS |
|
| 819 | + if( isset( $_SESSION['phpCAS']['auth_checked'] ) ) |
|
| 820 | + unset($_SESSION['phpCAS']['auth_checked']); |
|
| 821 | + if ( $this->isAuthenticated() ) { |
|
| 822 | + phpCAS::trace('user already authenticated; renew'); |
|
| 823 | + $this->redirectToCas(false,true); |
|
| 824 | + } else { |
|
| 825 | + $this->redirectToCas(); |
|
| 826 | + } |
|
| 827 | + phpCAS::traceEnd(); |
|
| 828 | + } |
|
| 829 | + |
|
| 830 | + /** |
|
| 831 | + * This method is called to be sure that the user is authenticated. When not |
|
| 832 | + * authenticated, halt by redirecting to the CAS server; otherwise return TRUE. |
|
| 833 | + * @return TRUE when the user is authenticated; otherwise halt. |
|
| 834 | + * @public |
|
| 835 | + */ |
|
| 836 | + function forceAuthentication() |
|
| 837 | + { |
|
| 838 | + phpCAS::traceBegin(); |
|
| 839 | + |
|
| 840 | + if ( $this->isAuthenticated() ) { |
|
| 841 | + // the user is authenticated, nothing to be done. |
|
| 842 | + phpCAS::trace('no need to authenticate'); |
|
| 843 | + $res = TRUE; |
|
| 844 | + } else { |
|
| 845 | + // the user is not authenticated, redirect to the CAS server |
|
| 846 | + if (isset($_SESSION['phpCAS']['auth_checked'])) { |
|
| 847 | + unset($_SESSION['phpCAS']['auth_checked']); |
|
| 848 | + } |
|
| 849 | + $this->redirectToCas(FALSE/* no gateway */); |
|
| 850 | + // never reached |
|
| 851 | + $res = FALSE; |
|
| 852 | + } |
|
| 853 | + phpCAS::traceEnd($res); |
|
| 854 | + return $res; |
|
| 855 | + } |
|
| 856 | + |
|
| 857 | + /** |
|
| 858 | + * An integer that gives the number of times authentication will be cached before rechecked. |
|
| 859 | + * |
|
| 860 | + * @hideinitializer |
|
| 861 | + * @private |
|
| 862 | + */ |
|
| 863 | + var $_cache_times_for_auth_recheck = 0; |
|
| 864 | + |
|
| 865 | + /** |
|
| 866 | + * Set the number of times authentication will be cached before rechecked. |
|
| 867 | + * |
|
| 868 | + * @param $n an integer. |
|
| 869 | + * |
|
| 870 | + * @public |
|
| 871 | + */ |
|
| 872 | + function setCacheTimesForAuthRecheck($n) |
|
| 873 | + { |
|
| 874 | + $this->_cache_times_for_auth_recheck = $n; |
|
| 875 | + } |
|
| 876 | + |
|
| 877 | + /** |
|
| 878 | + * This method is called to check whether the user is authenticated or not. |
|
| 879 | + * @return TRUE when the user is authenticated, FALSE otherwise. |
|
| 880 | + * @public |
|
| 881 | + */ |
|
| 882 | + function checkAuthentication() |
|
| 883 | + { |
|
| 884 | + phpCAS::traceBegin(); |
|
| 885 | + if ( $this->isAuthenticated() ) { |
|
| 887 | 886 | phpCAS::trace('user is authenticated'); |
| 888 | - $res = TRUE; |
|
| 889 | - } else if (isset($_SESSION['phpCAS']['auth_checked'])) { |
|
| 887 | + $res = TRUE; |
|
| 888 | + } else if (isset($_SESSION['phpCAS']['auth_checked'])) { |
|
| 890 | 889 | // the previous request has redirected the client to the CAS server with gateway=true |
| 891 | 890 | // comment line bellow to |
| 892 | 891 | // unset($_SESSION['phpCAS']['auth_checked']); |
| 893 | 892 | $res = FALSE; |
| 894 | - } else { |
|
| 893 | + } else { |
|
| 895 | 894 | // $_SESSION['phpCAS']['auth_checked'] = true; |
| 896 | - // $this->redirectToCas(TRUE/* gateway */); |
|
| 897 | - // // never reached |
|
| 898 | - // $res = FALSE; |
|
| 899 | - // avoid a check against CAS on every request |
|
| 900 | - if (! isset($_SESSION['phpCAS']['unauth_count']) ) |
|
| 901 | - $_SESSION['phpCAS']['unauth_count'] = -2; // uninitialized |
|
| 895 | + // $this->redirectToCas(TRUE/* gateway */); |
|
| 896 | + // // never reached |
|
| 897 | + // $res = FALSE; |
|
| 898 | + // avoid a check against CAS on every request |
|
| 899 | + if (! isset($_SESSION['phpCAS']['unauth_count']) ) |
|
| 900 | + $_SESSION['phpCAS']['unauth_count'] = -2; // uninitialized |
|
| 902 | 901 | |
| 903 | - if (($_SESSION['phpCAS']['unauth_count'] != -2 && $this->_cache_times_for_auth_recheck == -1) |
|
| 904 | - || ($_SESSION['phpCAS']['unauth_count'] >= 0 && $_SESSION['phpCAS']['unauth_count'] < $this->_cache_times_for_auth_recheck)) |
|
| 905 | - { |
|
| 906 | - $res = FALSE; |
|
| 902 | + if (($_SESSION['phpCAS']['unauth_count'] != -2 && $this->_cache_times_for_auth_recheck == -1) |
|
| 903 | + || ($_SESSION['phpCAS']['unauth_count'] >= 0 && $_SESSION['phpCAS']['unauth_count'] < $this->_cache_times_for_auth_recheck)) |
|
| 904 | + { |
|
| 905 | + $res = FALSE; |
|
| 907 | 906 | |
| 908 | - if ($this->_cache_times_for_auth_recheck != -1) |
|
| 909 | - { |
|
| 910 | - $_SESSION['phpCAS']['unauth_count']++; |
|
| 911 | - phpCAS::trace('user is not authenticated (cached for '.$_SESSION['phpCAS']['unauth_count'].' times of '.$this->_cache_times_for_auth_recheck.')'); |
|
| 912 | - } |
|
| 913 | - else |
|
| 914 | - { |
|
| 915 | - phpCAS::trace('user is not authenticated (cached for until login pressed)'); |
|
| 916 | - } |
|
| 917 | - } |
|
| 918 | - else |
|
| 919 | - { |
|
| 920 | - $_SESSION['phpCAS']['unauth_count'] = 0; |
|
| 921 | - $_SESSION['phpCAS']['auth_checked'] = true; |
|
| 922 | - phpCAS::trace('user is not authenticated (cache reset)'); |
|
| 923 | - // $this->redirectToCas(TRUE/* gateway */); |
|
| 924 | - // never reached |
|
| 925 | - $res = FALSE; |
|
| 926 | - } |
|
| 927 | - } |
|
| 928 | - phpCAS::traceEnd($res); |
|
| 929 | - return $res; |
|
| 930 | - } |
|
| 931 | - |
|
| 932 | - /** |
|
| 933 | - * This method is called to check if the user is authenticated (previously or by |
|
| 934 | - * tickets given in the URL). |
|
| 935 | - * |
|
| 936 | - * @return TRUE when the user is authenticated. Also may redirect to the same URL without the ticket. |
|
| 937 | - * |
|
| 938 | - * @public |
|
| 939 | - */ |
|
| 940 | - function isAuthenticated() |
|
| 941 | - { |
|
| 942 | - phpCAS::traceBegin(); |
|
| 943 | - $res = FALSE; |
|
| 944 | - $validate_url = ''; |
|
| 945 | - |
|
| 946 | - if ( $this->wasPreviouslyAuthenticated() ) { |
|
| 947 | - // the user has already (previously during the session) been |
|
| 948 | - // authenticated, nothing to be done. |
|
| 949 | - phpCAS::trace('user was already authenticated, no need to look for tickets'); |
|
| 950 | - $res = TRUE; |
|
| 951 | - } |
|
| 952 | - else { |
|
| 953 | - if ( $this->hasST() ) { |
|
| 954 | - // if a Service Ticket was given, validate it |
|
| 955 | - phpCAS::trace('ST `'.$this->getST().'\' is present'); |
|
| 956 | - $this->validateST($validate_url,$text_response,$tree_response); // if it fails, it halts |
|
| 957 | - phpCAS::trace('ST `'.$this->getST().'\' was validated'); |
|
| 958 | - if ( $this->isProxy() ) { |
|
| 959 | - $this->validatePGT($validate_url,$text_response,$tree_response); // idem |
|
| 960 | - phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); |
|
| 961 | - $_SESSION['phpCAS']['pgt'] = $this->getPGT(); |
|
| 962 | - } |
|
| 963 | - $_SESSION['phpCAS']['user'] = $this->getUser(); |
|
| 964 | - $res = TRUE; |
|
| 965 | - } |
|
| 966 | - elseif ( $this->hasPT() ) { |
|
| 967 | - // if a Proxy Ticket was given, validate it |
|
| 968 | - phpCAS::trace('PT `'.$this->getPT().'\' is present'); |
|
| 969 | - $this->validatePT($validate_url,$text_response,$tree_response); // note: if it fails, it halts |
|
| 970 | - phpCAS::trace('PT `'.$this->getPT().'\' was validated'); |
|
| 971 | - if ( $this->isProxy() ) { |
|
| 972 | - $this->validatePGT($validate_url,$text_response,$tree_response); // idem |
|
| 973 | - phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); |
|
| 974 | - $_SESSION['phpCAS']['pgt'] = $this->getPGT(); |
|
| 975 | - } |
|
| 976 | - $_SESSION['phpCAS']['user'] = $this->getUser(); |
|
| 977 | - $res = TRUE; |
|
| 978 | - } |
|
| 979 | - elseif ( $this->hasSA() ) { |
|
| 980 | - // if we have a SAML ticket, validate it. |
|
| 981 | - phpCAS::trace('SA `'.$this->getSA().'\' is present'); |
|
| 982 | - $this->validateSA($validate_url,$text_response,$tree_response); // if it fails, it halts |
|
| 983 | - phpCAS::trace('SA `'.$this->getSA().'\' was validated'); |
|
| 984 | - $_SESSION['phpCAS']['user'] = $this->getUser(); |
|
| 985 | - $_SESSION['phpCAS']['attributes'] = $this->getAttributes(); |
|
| 986 | - $res = TRUE; |
|
| 987 | - } |
|
| 988 | - else { |
|
| 989 | - // no ticket given, not authenticated |
|
| 990 | - phpCAS::trace('no ticket found'); |
|
| 991 | - } |
|
| 992 | - if ($res) { |
|
| 993 | - // if called with a ticket parameter, we need to redirect to the app without the ticket so that CAS-ification is transparent to the browser (for later POSTS) |
|
| 994 | - // most of the checks and errors should have been made now, so we're safe for redirect without masking error messages. |
|
| 995 | - header('Location: '.$this->getURL()); |
|
| 996 | - phpCAS::log( "Prepare redirect to : ".$this->getURL() ); |
|
| 997 | - } |
|
| 998 | - } |
|
| 999 | - |
|
| 1000 | - phpCAS::traceEnd($res); |
|
| 1001 | - return $res; |
|
| 1002 | - } |
|
| 1003 | - |
|
| 1004 | - /** |
|
| 1005 | - * This method tells if the current session is authenticated. |
|
| 1006 | - * @return true if authenticated based soley on $_SESSION variable |
|
| 1007 | - * @since 0.4.22 by Brendan Arnold |
|
| 1008 | - */ |
|
| 1009 | - function isSessionAuthenticated () |
|
| 1010 | - { |
|
| 1011 | - return !empty($_SESSION['phpCAS']['user']); |
|
| 1012 | - } |
|
| 1013 | - |
|
| 1014 | - /** |
|
| 1015 | - * This method tells if the user has already been (previously) authenticated |
|
| 1016 | - * by looking into the session variables. |
|
| 1017 | - * |
|
| 1018 | - * @note This function switches to callback mode when needed. |
|
| 1019 | - * |
|
| 1020 | - * @return TRUE when the user has already been authenticated; FALSE otherwise. |
|
| 1021 | - * |
|
| 1022 | - * @private |
|
| 1023 | - */ |
|
| 1024 | - function wasPreviouslyAuthenticated() |
|
| 1025 | - { |
|
| 1026 | - phpCAS::traceBegin(); |
|
| 1027 | - |
|
| 1028 | - if ( $this->isCallbackMode() ) { |
|
| 1029 | - $this->callback(); |
|
| 1030 | - } |
|
| 1031 | - |
|
| 1032 | - $auth = FALSE; |
|
| 1033 | - |
|
| 1034 | - if ( $this->isProxy() ) { |
|
| 1035 | - // CAS proxy: username and PGT must be present |
|
| 1036 | - if ( $this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt']) ) { |
|
| 1037 | - // authentication already done |
|
| 1038 | - $this->setUser($_SESSION['phpCAS']['user']); |
|
| 1039 | - $this->setPGT($_SESSION['phpCAS']['pgt']); |
|
| 1040 | - phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\', PGT = `'.$_SESSION['phpCAS']['pgt'].'\''); |
|
| 1041 | - $auth = TRUE; |
|
| 1042 | - } elseif ( $this->isSessionAuthenticated() && empty($_SESSION['phpCAS']['pgt']) ) { |
|
| 1043 | - // these two variables should be empty or not empty at the same time |
|
| 1044 | - phpCAS::trace('username found (`'.$_SESSION['phpCAS']['user'].'\') but PGT is empty'); |
|
| 1045 | - // unset all tickets to enforce authentication |
|
| 1046 | - unset($_SESSION['phpCAS']); |
|
| 1047 | - $this->setST(''); |
|
| 1048 | - $this->setPT(''); |
|
| 1049 | - } elseif ( !$this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt']) ) { |
|
| 1050 | - // these two variables should be empty or not empty at the same time |
|
| 1051 | - phpCAS::trace('PGT found (`'.$_SESSION['phpCAS']['pgt'].'\') but username is empty'); |
|
| 1052 | - // unset all tickets to enforce authentication |
|
| 1053 | - unset($_SESSION['phpCAS']); |
|
| 1054 | - $this->setST(''); |
|
| 1055 | - $this->setPT(''); |
|
| 1056 | - } else { |
|
| 1057 | - phpCAS::trace('neither user not PGT found'); |
|
| 1058 | - } |
|
| 1059 | - } else { |
|
| 1060 | - // `simple' CAS client (not a proxy): username must be present |
|
| 1061 | - if ( $this->isSessionAuthenticated() ) { |
|
| 1062 | - // authentication already done |
|
| 1063 | - $this->setUser($_SESSION['phpCAS']['user']); |
|
| 1064 | - if(isset($_SESSION['phpCAS']['attributes'])){ |
|
| 1065 | - $this->setAttributes($_SESSION['phpCAS']['attributes']); |
|
| 1066 | - } |
|
| 1067 | - phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\''); |
|
| 1068 | - $auth = TRUE; |
|
| 1069 | - } else { |
|
| 1070 | - phpCAS::trace('no user found'); |
|
| 1071 | - } |
|
| 1072 | - } |
|
| 1073 | - |
|
| 1074 | - phpCAS::traceEnd($auth); |
|
| 1075 | - return $auth; |
|
| 1076 | - } |
|
| 1077 | - |
|
| 1078 | - /** |
|
| 1079 | - * This method is used to redirect the client to the CAS server. |
|
| 1080 | - * It is used by CASClient::forceAuthentication() and CASClient::checkAuthentication(). |
|
| 1081 | - * @param $gateway true to check authentication, false to force it |
|
| 1082 | - * @param $renew true to force the authentication with the CAS server |
|
| 1083 | - * @public |
|
| 1084 | - */ |
|
| 1085 | - function redirectToCas($gateway=false,$renew=false){ |
|
| 1086 | - phpCAS::traceBegin(); |
|
| 1087 | - $cas_url = $this->getServerLoginURL($gateway,$renew); |
|
| 1088 | - header('Location: '.$cas_url); |
|
| 1089 | - phpCAS::log( "Redirect to : ".$cas_url ); |
|
| 1090 | - |
|
| 1091 | - $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_WANTED)); |
|
| 1092 | - |
|
| 1093 | - printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url); |
|
| 1094 | - $this->printHTMLFooter(); |
|
| 1095 | - |
|
| 1096 | - phpCAS::traceExit(); |
|
| 1097 | - exit(); |
|
| 1098 | - } |
|
| 1099 | - |
|
| 1100 | - |
|
| 1101 | - /** |
|
| 1102 | - * This method is used to logout from CAS. |
|
| 1103 | - * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server |
|
| 1104 | - * @public |
|
| 1105 | - */ |
|
| 1106 | - function logout($params) { |
|
| 1107 | - phpCAS::traceBegin(); |
|
| 1108 | - $cas_url = $this->getServerLogoutURL(); |
|
| 1109 | - $paramSeparator = '?'; |
|
| 1110 | - if (isset($params['url'])) { |
|
| 1111 | - $cas_url = $cas_url . $paramSeparator . "url=" . urlencode($params['url']); |
|
| 1112 | - $paramSeparator = '&'; |
|
| 1113 | - } |
|
| 1114 | - if (isset($params['service'])) { |
|
| 1115 | - $cas_url = $cas_url . $paramSeparator . "service=" . urlencode($params['service']); |
|
| 1116 | - } |
|
| 1117 | - header('Location: '.$cas_url); |
|
| 1118 | - phpCAS::log( "Prepare redirect to : ".$cas_url ); |
|
| 1119 | - |
|
| 1120 | - session_unset(); |
|
| 1121 | - session_destroy(); |
|
| 1122 | - |
|
| 1123 | - $this->printHTMLHeader($this->getString(CAS_STR_LOGOUT)); |
|
| 1124 | - printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url); |
|
| 1125 | - $this->printHTMLFooter(); |
|
| 1126 | - |
|
| 1127 | - phpCAS::traceExit(); |
|
| 1128 | - exit(); |
|
| 1129 | - } |
|
| 1130 | - |
|
| 1131 | - /** |
|
| 1132 | - * @return true if the current request is a logout request. |
|
| 1133 | - * @private |
|
| 1134 | - */ |
|
| 1135 | - function isLogoutRequest() { |
|
| 1136 | - return !empty($_POST['logoutRequest']); |
|
| 1137 | - } |
|
| 1138 | - |
|
| 1139 | - /** |
|
| 1140 | - * @return true if a logout request is allowed. |
|
| 1141 | - * @private |
|
| 1142 | - */ |
|
| 1143 | - function isLogoutRequestAllowed() { |
|
| 1144 | - } |
|
| 1145 | - |
|
| 1146 | - /** |
|
| 1147 | - * This method handles logout requests. |
|
| 1148 | - * @param $check_client true to check the client bofore handling the request, |
|
| 1149 | - * false not to perform any access control. True by default. |
|
| 1150 | - * @param $allowed_clients an array of host names allowed to send logout requests. |
|
| 1151 | - * By default, only the CAs server (declared in the constructor) will be allowed. |
|
| 1152 | - * @public |
|
| 1153 | - */ |
|
| 1154 | - function handleLogoutRequests($check_client=true, $allowed_clients=false) { |
|
| 1155 | - phpCAS::traceBegin(); |
|
| 1156 | - if (!$this->isLogoutRequest()) { |
|
| 1157 | - phpCAS::log("Not a logout request"); |
|
| 1158 | - phpCAS::traceEnd(); |
|
| 1159 | - return; |
|
| 1160 | - } |
|
| 1161 | - phpCAS::log("Logout requested"); |
|
| 1162 | - phpCAS::log("SAML REQUEST: ".$_POST['logoutRequest']); |
|
| 1163 | - if ($check_client) { |
|
| 1164 | - if (!$allowed_clients) { |
|
| 1165 | - $allowed_clients = array( $this->getServerHostname() ); |
|
| 1166 | - } |
|
| 1167 | - $client_ip = $_SERVER['REMOTE_ADDR']; |
|
| 1168 | - $client = gethostbyaddr($client_ip); |
|
| 1169 | - phpCAS::log("Client: ".$client."/".$client_ip); |
|
| 1170 | - $allowed = false; |
|
| 1171 | - foreach ($allowed_clients as $allowed_client) { |
|
| 1172 | - if (($client == $allowed_client) or ($client_ip == $allowed_client)) { |
|
| 1173 | - phpCAS::log("Allowed client '".$allowed_client."' matches, logout request is allowed"); |
|
| 1174 | - $allowed = true; |
|
| 1175 | - break; |
|
| 1176 | - } else { |
|
| 1177 | - phpCAS::log("Allowed client '".$allowed_client."' does not match"); |
|
| 1178 | - } |
|
| 1179 | - } |
|
| 1180 | - if (!$allowed) { |
|
| 1181 | - phpCAS::error("Unauthorized logout request from client '".$client."'"); |
|
| 1182 | - printf("Unauthorized!"); |
|
| 1183 | - phpCAS::traceExit(); |
|
| 1184 | - exit(); |
|
| 1185 | - } |
|
| 1186 | - } else { |
|
| 1187 | - phpCAS::log("No access control set"); |
|
| 1188 | - } |
|
| 1189 | - // Extract the ticket from the SAML Request |
|
| 1190 | - preg_match("|<samlp:SessionIndex>(.*)</samlp:SessionIndex>|", $_POST['logoutRequest'], $tick, PREG_OFFSET_CAPTURE, 3); |
|
| 1191 | - $wrappedSamlSessionIndex = preg_replace('|<samlp:SessionIndex>|','',$tick[0][0]); |
|
| 1192 | - $ticket2logout = preg_replace('|</samlp:SessionIndex>|','',$wrappedSamlSessionIndex); |
|
| 1193 | - phpCAS::log("Ticket to logout: ".$ticket2logout); |
|
| 1194 | - $session_id = preg_replace('/[^\w]/','',$ticket2logout); |
|
| 1195 | - phpCAS::log("Session id: ".$session_id); |
|
| 1196 | - |
|
| 1197 | - // destroy a possible application session created before phpcas |
|
| 1198 | - if(session_id()){ |
|
| 1199 | - session_unset(); |
|
| 1200 | - session_destroy(); |
|
| 1201 | - } |
|
| 1202 | - // fix session ID |
|
| 1203 | - session_id($session_id); |
|
| 1204 | - $_COOKIE[session_name()]=$session_id; |
|
| 1205 | - $_GET[session_name()]=$session_id; |
|
| 1206 | - |
|
| 1207 | - // Overwrite session |
|
| 1208 | - session_start(); |
|
| 1209 | - session_unset(); |
|
| 1210 | - session_destroy(); |
|
| 1211 | - printf("Disconnected!"); |
|
| 1212 | - phpCAS::traceExit(); |
|
| 1213 | - exit(); |
|
| 1214 | - } |
|
| 1215 | - |
|
| 1216 | - /** @} */ |
|
| 1217 | - |
|
| 1218 | - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 1219 | - // XX XX |
|
| 1220 | - // XX BASIC CLIENT FEATURES (CAS 1.0) XX |
|
| 1221 | - // XX XX |
|
| 1222 | - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 1223 | - |
|
| 1224 | - // ######################################################################## |
|
| 1225 | - // ST |
|
| 1226 | - // ######################################################################## |
|
| 1227 | - /** |
|
| 1228 | - * @addtogroup internalBasic |
|
| 1229 | - * @{ |
|
| 1230 | - */ |
|
| 1231 | - |
|
| 1232 | - /** |
|
| 1233 | - * the Service Ticket provided in the URL of the request if present |
|
| 1234 | - * (empty otherwise). Written by CASClient::CASClient(), read by |
|
| 1235 | - * CASClient::getST() and CASClient::hasPGT(). |
|
| 1236 | - * |
|
| 1237 | - * @hideinitializer |
|
| 1238 | - * @private |
|
| 1239 | - */ |
|
| 1240 | - var $_st = ''; |
|
| 1241 | - |
|
| 1242 | - /** |
|
| 1243 | - * This method returns the Service Ticket provided in the URL of the request. |
|
| 1244 | - * @return The service ticket. |
|
| 1245 | - * @private |
|
| 1246 | - */ |
|
| 1247 | - function getST() |
|
| 1248 | - { return $this->_st; } |
|
| 1249 | - |
|
| 1250 | - /** |
|
| 1251 | - * This method stores the Service Ticket. |
|
| 1252 | - * @param $st The Service Ticket. |
|
| 1253 | - * @private |
|
| 1254 | - */ |
|
| 1255 | - function setST($st) |
|
| 1256 | - { $this->_st = $st; } |
|
| 1257 | - |
|
| 1258 | - /** |
|
| 1259 | - * This method tells if a Service Ticket was stored. |
|
| 1260 | - * @return TRUE if a Service Ticket has been stored. |
|
| 1261 | - * @private |
|
| 1262 | - */ |
|
| 1263 | - function hasST() |
|
| 1264 | - { return !empty($this->_st); } |
|
| 1265 | - |
|
| 1266 | - /** @} */ |
|
| 1267 | - |
|
| 1268 | - // ######################################################################## |
|
| 1269 | - // ST VALIDATION |
|
| 1270 | - // ######################################################################## |
|
| 1271 | - /** |
|
| 1272 | - * @addtogroup internalBasic |
|
| 1273 | - * @{ |
|
| 1274 | - */ |
|
| 1275 | - |
|
| 1276 | - /** |
|
| 1277 | - * the certificate of the CAS server. |
|
| 1278 | - * |
|
| 1279 | - * @hideinitializer |
|
| 1280 | - * @private |
|
| 1281 | - */ |
|
| 1282 | - var $_cas_server_cert = ''; |
|
| 1283 | - |
|
| 1284 | - /** |
|
| 1285 | - * the certificate of the CAS server CA. |
|
| 1286 | - * |
|
| 1287 | - * @hideinitializer |
|
| 1288 | - * @private |
|
| 1289 | - */ |
|
| 1290 | - var $_cas_server_ca_cert = ''; |
|
| 1291 | - |
|
| 1292 | - /** |
|
| 1293 | - * Set to true not to validate the CAS server. |
|
| 1294 | - * |
|
| 1295 | - * @hideinitializer |
|
| 1296 | - * @private |
|
| 1297 | - */ |
|
| 1298 | - var $_no_cas_server_validation = false; |
|
| 1299 | - |
|
| 1300 | - /** |
|
| 1301 | - * Set the certificate of the CAS server. |
|
| 1302 | - * |
|
| 1303 | - * @param $cert the PEM certificate |
|
| 1304 | - */ |
|
| 1305 | - function setCasServerCert($cert) |
|
| 1306 | - { |
|
| 1307 | - $this->_cas_server_cert = $cert; |
|
| 1308 | - } |
|
| 1309 | - |
|
| 1310 | - /** |
|
| 1311 | - * Set the CA certificate of the CAS server. |
|
| 1312 | - * |
|
| 1313 | - * @param $cert the PEM certificate of the CA that emited the cert of the server |
|
| 1314 | - */ |
|
| 1315 | - function setCasServerCACert($cert) |
|
| 1316 | - { |
|
| 1317 | - $this->_cas_server_ca_cert = $cert; |
|
| 1318 | - } |
|
| 1319 | - |
|
| 1320 | - /** |
|
| 1321 | - * Set no SSL validation for the CAS server. |
|
| 1322 | - */ |
|
| 1323 | - function setNoCasServerValidation() |
|
| 1324 | - { |
|
| 1325 | - $this->_no_cas_server_validation = true; |
|
| 1326 | - } |
|
| 1327 | - |
|
| 1328 | - /** |
|
| 1329 | - * This method is used to validate a ST; halt on failure, and sets $validate_url, |
|
| 1330 | - * $text_reponse and $tree_response on success. These parameters are used later |
|
| 1331 | - * by CASClient::validatePGT() for CAS proxies. |
|
| 1332 | - * Used for all CAS 1.0 validations |
|
| 1333 | - * @param $validate_url the URL of the request to the CAS server. |
|
| 1334 | - * @param $text_response the response of the CAS server, as is (XML text). |
|
| 1335 | - * @param $tree_response the response of the CAS server, as a DOM XML tree. |
|
| 1336 | - * |
|
| 1337 | - * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). |
|
| 1338 | - * |
|
| 1339 | - * @private |
|
| 1340 | - */ |
|
| 1341 | - function validateST($validate_url,&$text_response,&$tree_response) |
|
| 1342 | - { |
|
| 1343 | - phpCAS::traceBegin(); |
|
| 1344 | - // build the URL to validate the ticket |
|
| 1345 | - $validate_url = $this->getServerServiceValidateURL().'&ticket='.$this->getST(); |
|
| 1346 | - if ( $this->isProxy() ) { |
|
| 1347 | - // pass the callback url for CAS proxies |
|
| 1348 | - $validate_url .= '&pgtUrl='.$this->getCallbackURL(); |
|
| 1349 | - } |
|
| 1350 | - |
|
| 1351 | - // open and read the URL |
|
| 1352 | - if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) { |
|
| 1353 | - phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')'); |
|
| 1354 | - $this->authError('ST not validated', |
|
| 1355 | - $validate_url, |
|
| 1356 | - TRUE/*$no_response*/); |
|
| 1357 | - } |
|
| 1358 | - |
|
| 1359 | - // analyze the result depending on the version |
|
| 1360 | - switch ($this->getServerVersion()) { |
|
| 1361 | - case CAS_VERSION_1_0: |
|
| 1362 | - if (preg_match('/^no\n/',$text_response)) { |
|
| 1363 | - phpCAS::trace('ST has not been validated'); |
|
| 1364 | - $this->authError('ST not validated', |
|
| 1365 | - $validate_url, |
|
| 1366 | - FALSE/*$no_response*/, |
|
| 1367 | - FALSE/*$bad_response*/, |
|
| 1368 | - $text_response); |
|
| 1369 | - } |
|
| 1370 | - if (!preg_match('/^yes\n/',$text_response)) { |
|
| 1371 | - phpCAS::trace('ill-formed response'); |
|
| 1372 | - $this->authError('ST not validated', |
|
| 1373 | - $validate_url, |
|
| 1374 | - FALSE/*$no_response*/, |
|
| 1375 | - TRUE/*$bad_response*/, |
|
| 1376 | - $text_response); |
|
| 1377 | - } |
|
| 1378 | - // ST has been validated, extract the user name |
|
| 1379 | - $arr = preg_split('/\n/',$text_response); |
|
| 1380 | - $this->setUser(trim($arr[1])); |
|
| 1381 | - break; |
|
| 1382 | - case CAS_VERSION_2_0: |
|
| 1383 | - // read the response of the CAS server into a DOM object |
|
| 1384 | - if ( !($dom = domxml_open_mem($text_response))) { |
|
| 1385 | - phpCAS::trace('domxml_open_mem() failed'); |
|
| 1386 | - $this->authError('ST not validated', |
|
| 1387 | - $validate_url, |
|
| 1388 | - FALSE/*$no_response*/, |
|
| 1389 | - TRUE/*$bad_response*/, |
|
| 1390 | - $text_response); |
|
| 1391 | - } |
|
| 1392 | - // read the root node of the XML tree |
|
| 1393 | - if ( !($tree_response = $dom->document_element()) ) { |
|
| 1394 | - phpCAS::trace('document_element() failed'); |
|
| 1395 | - $this->authError('ST not validated', |
|
| 1396 | - $validate_url, |
|
| 1397 | - FALSE/*$no_response*/, |
|
| 1398 | - TRUE/*$bad_response*/, |
|
| 1399 | - $text_response); |
|
| 1400 | - } |
|
| 1401 | - // insure that tag name is 'serviceResponse' |
|
| 1402 | - if ( $tree_response->node_name() != 'serviceResponse' ) { |
|
| 1403 | - phpCAS::trace('bad XML root node (should be `serviceResponse\' instead of `'.$tree_response->node_name().'\''); |
|
| 1404 | - $this->authError('ST not validated', |
|
| 1405 | - $validate_url, |
|
| 1406 | - FALSE/*$no_response*/, |
|
| 1407 | - TRUE/*$bad_response*/, |
|
| 1408 | - $text_response); |
|
| 1409 | - } |
|
| 1410 | - if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("authenticationSuccess")) != 0) { |
|
| 1411 | - // authentication succeded, extract the user name |
|
| 1412 | - if ( sizeof($user_elements = $success_elements[0]->get_elements_by_tagname("user")) == 0) { |
|
| 1413 | - phpCAS::trace('<authenticationSuccess> found, but no <user>'); |
|
| 1414 | - $this->authError('ST not validated', |
|
| 1415 | - $validate_url, |
|
| 1416 | - FALSE/*$no_response*/, |
|
| 1417 | - TRUE/*$bad_response*/, |
|
| 1418 | - $text_response); |
|
| 1419 | - } |
|
| 1420 | - $user = trim($user_elements[0]->get_content()); |
|
| 1421 | - phpCAS::trace('user = `'.$user); |
|
| 1422 | - $this->setUser($user); |
|
| 907 | + if ($this->_cache_times_for_auth_recheck != -1) |
|
| 908 | + { |
|
| 909 | + $_SESSION['phpCAS']['unauth_count']++; |
|
| 910 | + phpCAS::trace('user is not authenticated (cached for '.$_SESSION['phpCAS']['unauth_count'].' times of '.$this->_cache_times_for_auth_recheck.')'); |
|
| 911 | + } |
|
| 912 | + else |
|
| 913 | + { |
|
| 914 | + phpCAS::trace('user is not authenticated (cached for until login pressed)'); |
|
| 915 | + } |
|
| 916 | + } |
|
| 917 | + else |
|
| 918 | + { |
|
| 919 | + $_SESSION['phpCAS']['unauth_count'] = 0; |
|
| 920 | + $_SESSION['phpCAS']['auth_checked'] = true; |
|
| 921 | + phpCAS::trace('user is not authenticated (cache reset)'); |
|
| 922 | + // $this->redirectToCas(TRUE/* gateway */); |
|
| 923 | + // never reached |
|
| 924 | + $res = FALSE; |
|
| 925 | + } |
|
| 926 | + } |
|
| 927 | + phpCAS::traceEnd($res); |
|
| 928 | + return $res; |
|
| 929 | + } |
|
| 930 | + |
|
| 931 | + /** |
|
| 932 | + * This method is called to check if the user is authenticated (previously or by |
|
| 933 | + * tickets given in the URL). |
|
| 934 | + * |
|
| 935 | + * @return TRUE when the user is authenticated. Also may redirect to the same URL without the ticket. |
|
| 936 | + * |
|
| 937 | + * @public |
|
| 938 | + */ |
|
| 939 | + function isAuthenticated() |
|
| 940 | + { |
|
| 941 | + phpCAS::traceBegin(); |
|
| 942 | + $res = FALSE; |
|
| 943 | + $validate_url = ''; |
|
| 944 | + |
|
| 945 | + if ( $this->wasPreviouslyAuthenticated() ) { |
|
| 946 | + // the user has already (previously during the session) been |
|
| 947 | + // authenticated, nothing to be done. |
|
| 948 | + phpCAS::trace('user was already authenticated, no need to look for tickets'); |
|
| 949 | + $res = TRUE; |
|
| 950 | + } |
|
| 951 | + else { |
|
| 952 | + if ( $this->hasST() ) { |
|
| 953 | + // if a Service Ticket was given, validate it |
|
| 954 | + phpCAS::trace('ST `'.$this->getST().'\' is present'); |
|
| 955 | + $this->validateST($validate_url,$text_response,$tree_response); // if it fails, it halts |
|
| 956 | + phpCAS::trace('ST `'.$this->getST().'\' was validated'); |
|
| 957 | + if ( $this->isProxy() ) { |
|
| 958 | + $this->validatePGT($validate_url,$text_response,$tree_response); // idem |
|
| 959 | + phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); |
|
| 960 | + $_SESSION['phpCAS']['pgt'] = $this->getPGT(); |
|
| 961 | + } |
|
| 962 | + $_SESSION['phpCAS']['user'] = $this->getUser(); |
|
| 963 | + $res = TRUE; |
|
| 964 | + } |
|
| 965 | + elseif ( $this->hasPT() ) { |
|
| 966 | + // if a Proxy Ticket was given, validate it |
|
| 967 | + phpCAS::trace('PT `'.$this->getPT().'\' is present'); |
|
| 968 | + $this->validatePT($validate_url,$text_response,$tree_response); // note: if it fails, it halts |
|
| 969 | + phpCAS::trace('PT `'.$this->getPT().'\' was validated'); |
|
| 970 | + if ( $this->isProxy() ) { |
|
| 971 | + $this->validatePGT($validate_url,$text_response,$tree_response); // idem |
|
| 972 | + phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); |
|
| 973 | + $_SESSION['phpCAS']['pgt'] = $this->getPGT(); |
|
| 974 | + } |
|
| 975 | + $_SESSION['phpCAS']['user'] = $this->getUser(); |
|
| 976 | + $res = TRUE; |
|
| 977 | + } |
|
| 978 | + elseif ( $this->hasSA() ) { |
|
| 979 | + // if we have a SAML ticket, validate it. |
|
| 980 | + phpCAS::trace('SA `'.$this->getSA().'\' is present'); |
|
| 981 | + $this->validateSA($validate_url,$text_response,$tree_response); // if it fails, it halts |
|
| 982 | + phpCAS::trace('SA `'.$this->getSA().'\' was validated'); |
|
| 983 | + $_SESSION['phpCAS']['user'] = $this->getUser(); |
|
| 984 | + $_SESSION['phpCAS']['attributes'] = $this->getAttributes(); |
|
| 985 | + $res = TRUE; |
|
| 986 | + } |
|
| 987 | + else { |
|
| 988 | + // no ticket given, not authenticated |
|
| 989 | + phpCAS::trace('no ticket found'); |
|
| 990 | + } |
|
| 991 | + if ($res) { |
|
| 992 | + // if called with a ticket parameter, we need to redirect to the app without the ticket so that CAS-ification is transparent to the browser (for later POSTS) |
|
| 993 | + // most of the checks and errors should have been made now, so we're safe for redirect without masking error messages. |
|
| 994 | + header('Location: '.$this->getURL()); |
|
| 995 | + phpCAS::log( "Prepare redirect to : ".$this->getURL() ); |
|
| 996 | + } |
|
| 997 | + } |
|
| 998 | + |
|
| 999 | + phpCAS::traceEnd($res); |
|
| 1000 | + return $res; |
|
| 1001 | + } |
|
| 1002 | + |
|
| 1003 | + /** |
|
| 1004 | + * This method tells if the current session is authenticated. |
|
| 1005 | + * @return true if authenticated based soley on $_SESSION variable |
|
| 1006 | + * @since 0.4.22 by Brendan Arnold |
|
| 1007 | + */ |
|
| 1008 | + function isSessionAuthenticated () |
|
| 1009 | + { |
|
| 1010 | + return !empty($_SESSION['phpCAS']['user']); |
|
| 1011 | + } |
|
| 1012 | + |
|
| 1013 | + /** |
|
| 1014 | + * This method tells if the user has already been (previously) authenticated |
|
| 1015 | + * by looking into the session variables. |
|
| 1016 | + * |
|
| 1017 | + * @note This function switches to callback mode when needed. |
|
| 1018 | + * |
|
| 1019 | + * @return TRUE when the user has already been authenticated; FALSE otherwise. |
|
| 1020 | + * |
|
| 1021 | + * @private |
|
| 1022 | + */ |
|
| 1023 | + function wasPreviouslyAuthenticated() |
|
| 1024 | + { |
|
| 1025 | + phpCAS::traceBegin(); |
|
| 1026 | + |
|
| 1027 | + if ( $this->isCallbackMode() ) { |
|
| 1028 | + $this->callback(); |
|
| 1029 | + } |
|
| 1030 | + |
|
| 1031 | + $auth = FALSE; |
|
| 1032 | + |
|
| 1033 | + if ( $this->isProxy() ) { |
|
| 1034 | + // CAS proxy: username and PGT must be present |
|
| 1035 | + if ( $this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt']) ) { |
|
| 1036 | + // authentication already done |
|
| 1037 | + $this->setUser($_SESSION['phpCAS']['user']); |
|
| 1038 | + $this->setPGT($_SESSION['phpCAS']['pgt']); |
|
| 1039 | + phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\', PGT = `'.$_SESSION['phpCAS']['pgt'].'\''); |
|
| 1040 | + $auth = TRUE; |
|
| 1041 | + } elseif ( $this->isSessionAuthenticated() && empty($_SESSION['phpCAS']['pgt']) ) { |
|
| 1042 | + // these two variables should be empty or not empty at the same time |
|
| 1043 | + phpCAS::trace('username found (`'.$_SESSION['phpCAS']['user'].'\') but PGT is empty'); |
|
| 1044 | + // unset all tickets to enforce authentication |
|
| 1045 | + unset($_SESSION['phpCAS']); |
|
| 1046 | + $this->setST(''); |
|
| 1047 | + $this->setPT(''); |
|
| 1048 | + } elseif ( !$this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt']) ) { |
|
| 1049 | + // these two variables should be empty or not empty at the same time |
|
| 1050 | + phpCAS::trace('PGT found (`'.$_SESSION['phpCAS']['pgt'].'\') but username is empty'); |
|
| 1051 | + // unset all tickets to enforce authentication |
|
| 1052 | + unset($_SESSION['phpCAS']); |
|
| 1053 | + $this->setST(''); |
|
| 1054 | + $this->setPT(''); |
|
| 1055 | + } else { |
|
| 1056 | + phpCAS::trace('neither user not PGT found'); |
|
| 1057 | + } |
|
| 1058 | + } else { |
|
| 1059 | + // `simple' CAS client (not a proxy): username must be present |
|
| 1060 | + if ( $this->isSessionAuthenticated() ) { |
|
| 1061 | + // authentication already done |
|
| 1062 | + $this->setUser($_SESSION['phpCAS']['user']); |
|
| 1063 | + if(isset($_SESSION['phpCAS']['attributes'])){ |
|
| 1064 | + $this->setAttributes($_SESSION['phpCAS']['attributes']); |
|
| 1065 | + } |
|
| 1066 | + phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\''); |
|
| 1067 | + $auth = TRUE; |
|
| 1068 | + } else { |
|
| 1069 | + phpCAS::trace('no user found'); |
|
| 1070 | + } |
|
| 1071 | + } |
|
| 1072 | + |
|
| 1073 | + phpCAS::traceEnd($auth); |
|
| 1074 | + return $auth; |
|
| 1075 | + } |
|
| 1076 | + |
|
| 1077 | + /** |
|
| 1078 | + * This method is used to redirect the client to the CAS server. |
|
| 1079 | + * It is used by CASClient::forceAuthentication() and CASClient::checkAuthentication(). |
|
| 1080 | + * @param $gateway true to check authentication, false to force it |
|
| 1081 | + * @param $renew true to force the authentication with the CAS server |
|
| 1082 | + * @public |
|
| 1083 | + */ |
|
| 1084 | + function redirectToCas($gateway=false,$renew=false){ |
|
| 1085 | + phpCAS::traceBegin(); |
|
| 1086 | + $cas_url = $this->getServerLoginURL($gateway,$renew); |
|
| 1087 | + header('Location: '.$cas_url); |
|
| 1088 | + phpCAS::log( "Redirect to : ".$cas_url ); |
|
| 1089 | + |
|
| 1090 | + $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_WANTED)); |
|
| 1091 | + |
|
| 1092 | + printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url); |
|
| 1093 | + $this->printHTMLFooter(); |
|
| 1094 | + |
|
| 1095 | + phpCAS::traceExit(); |
|
| 1096 | + exit(); |
|
| 1097 | + } |
|
| 1098 | + |
|
| 1099 | + |
|
| 1100 | + /** |
|
| 1101 | + * This method is used to logout from CAS. |
|
| 1102 | + * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server |
|
| 1103 | + * @public |
|
| 1104 | + */ |
|
| 1105 | + function logout($params) { |
|
| 1106 | + phpCAS::traceBegin(); |
|
| 1107 | + $cas_url = $this->getServerLogoutURL(); |
|
| 1108 | + $paramSeparator = '?'; |
|
| 1109 | + if (isset($params['url'])) { |
|
| 1110 | + $cas_url = $cas_url . $paramSeparator . "url=" . urlencode($params['url']); |
|
| 1111 | + $paramSeparator = '&'; |
|
| 1112 | + } |
|
| 1113 | + if (isset($params['service'])) { |
|
| 1114 | + $cas_url = $cas_url . $paramSeparator . "service=" . urlencode($params['service']); |
|
| 1115 | + } |
|
| 1116 | + header('Location: '.$cas_url); |
|
| 1117 | + phpCAS::log( "Prepare redirect to : ".$cas_url ); |
|
| 1118 | + |
|
| 1119 | + session_unset(); |
|
| 1120 | + session_destroy(); |
|
| 1121 | + |
|
| 1122 | + $this->printHTMLHeader($this->getString(CAS_STR_LOGOUT)); |
|
| 1123 | + printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url); |
|
| 1124 | + $this->printHTMLFooter(); |
|
| 1125 | + |
|
| 1126 | + phpCAS::traceExit(); |
|
| 1127 | + exit(); |
|
| 1128 | + } |
|
| 1129 | + |
|
| 1130 | + /** |
|
| 1131 | + * @return true if the current request is a logout request. |
|
| 1132 | + * @private |
|
| 1133 | + */ |
|
| 1134 | + function isLogoutRequest() { |
|
| 1135 | + return !empty($_POST['logoutRequest']); |
|
| 1136 | + } |
|
| 1137 | + |
|
| 1138 | + /** |
|
| 1139 | + * @return true if a logout request is allowed. |
|
| 1140 | + * @private |
|
| 1141 | + */ |
|
| 1142 | + function isLogoutRequestAllowed() { |
|
| 1143 | + } |
|
| 1144 | + |
|
| 1145 | + /** |
|
| 1146 | + * This method handles logout requests. |
|
| 1147 | + * @param $check_client true to check the client bofore handling the request, |
|
| 1148 | + * false not to perform any access control. True by default. |
|
| 1149 | + * @param $allowed_clients an array of host names allowed to send logout requests. |
|
| 1150 | + * By default, only the CAs server (declared in the constructor) will be allowed. |
|
| 1151 | + * @public |
|
| 1152 | + */ |
|
| 1153 | + function handleLogoutRequests($check_client=true, $allowed_clients=false) { |
|
| 1154 | + phpCAS::traceBegin(); |
|
| 1155 | + if (!$this->isLogoutRequest()) { |
|
| 1156 | + phpCAS::log("Not a logout request"); |
|
| 1157 | + phpCAS::traceEnd(); |
|
| 1158 | + return; |
|
| 1159 | + } |
|
| 1160 | + phpCAS::log("Logout requested"); |
|
| 1161 | + phpCAS::log("SAML REQUEST: ".$_POST['logoutRequest']); |
|
| 1162 | + if ($check_client) { |
|
| 1163 | + if (!$allowed_clients) { |
|
| 1164 | + $allowed_clients = array( $this->getServerHostname() ); |
|
| 1165 | + } |
|
| 1166 | + $client_ip = $_SERVER['REMOTE_ADDR']; |
|
| 1167 | + $client = gethostbyaddr($client_ip); |
|
| 1168 | + phpCAS::log("Client: ".$client."/".$client_ip); |
|
| 1169 | + $allowed = false; |
|
| 1170 | + foreach ($allowed_clients as $allowed_client) { |
|
| 1171 | + if (($client == $allowed_client) or ($client_ip == $allowed_client)) { |
|
| 1172 | + phpCAS::log("Allowed client '".$allowed_client."' matches, logout request is allowed"); |
|
| 1173 | + $allowed = true; |
|
| 1174 | + break; |
|
| 1175 | + } else { |
|
| 1176 | + phpCAS::log("Allowed client '".$allowed_client."' does not match"); |
|
| 1177 | + } |
|
| 1178 | + } |
|
| 1179 | + if (!$allowed) { |
|
| 1180 | + phpCAS::error("Unauthorized logout request from client '".$client."'"); |
|
| 1181 | + printf("Unauthorized!"); |
|
| 1182 | + phpCAS::traceExit(); |
|
| 1183 | + exit(); |
|
| 1184 | + } |
|
| 1185 | + } else { |
|
| 1186 | + phpCAS::log("No access control set"); |
|
| 1187 | + } |
|
| 1188 | + // Extract the ticket from the SAML Request |
|
| 1189 | + preg_match("|<samlp:SessionIndex>(.*)</samlp:SessionIndex>|", $_POST['logoutRequest'], $tick, PREG_OFFSET_CAPTURE, 3); |
|
| 1190 | + $wrappedSamlSessionIndex = preg_replace('|<samlp:SessionIndex>|','',$tick[0][0]); |
|
| 1191 | + $ticket2logout = preg_replace('|</samlp:SessionIndex>|','',$wrappedSamlSessionIndex); |
|
| 1192 | + phpCAS::log("Ticket to logout: ".$ticket2logout); |
|
| 1193 | + $session_id = preg_replace('/[^\w]/','',$ticket2logout); |
|
| 1194 | + phpCAS::log("Session id: ".$session_id); |
|
| 1195 | + |
|
| 1196 | + // destroy a possible application session created before phpcas |
|
| 1197 | + if(session_id()){ |
|
| 1198 | + session_unset(); |
|
| 1199 | + session_destroy(); |
|
| 1200 | + } |
|
| 1201 | + // fix session ID |
|
| 1202 | + session_id($session_id); |
|
| 1203 | + $_COOKIE[session_name()]=$session_id; |
|
| 1204 | + $_GET[session_name()]=$session_id; |
|
| 1205 | + |
|
| 1206 | + // Overwrite session |
|
| 1207 | + session_start(); |
|
| 1208 | + session_unset(); |
|
| 1209 | + session_destroy(); |
|
| 1210 | + printf("Disconnected!"); |
|
| 1211 | + phpCAS::traceExit(); |
|
| 1212 | + exit(); |
|
| 1213 | + } |
|
| 1214 | + |
|
| 1215 | + /** @} */ |
|
| 1216 | + |
|
| 1217 | + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 1218 | + // XX XX |
|
| 1219 | + // XX BASIC CLIENT FEATURES (CAS 1.0) XX |
|
| 1220 | + // XX XX |
|
| 1221 | + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 1222 | + |
|
| 1223 | + // ######################################################################## |
|
| 1224 | + // ST |
|
| 1225 | + // ######################################################################## |
|
| 1226 | + /** |
|
| 1227 | + * @addtogroup internalBasic |
|
| 1228 | + * @{ |
|
| 1229 | + */ |
|
| 1230 | + |
|
| 1231 | + /** |
|
| 1232 | + * the Service Ticket provided in the URL of the request if present |
|
| 1233 | + * (empty otherwise). Written by CASClient::CASClient(), read by |
|
| 1234 | + * CASClient::getST() and CASClient::hasPGT(). |
|
| 1235 | + * |
|
| 1236 | + * @hideinitializer |
|
| 1237 | + * @private |
|
| 1238 | + */ |
|
| 1239 | + var $_st = ''; |
|
| 1240 | + |
|
| 1241 | + /** |
|
| 1242 | + * This method returns the Service Ticket provided in the URL of the request. |
|
| 1243 | + * @return The service ticket. |
|
| 1244 | + * @private |
|
| 1245 | + */ |
|
| 1246 | + function getST() |
|
| 1247 | + { return $this->_st; } |
|
| 1248 | + |
|
| 1249 | + /** |
|
| 1250 | + * This method stores the Service Ticket. |
|
| 1251 | + * @param $st The Service Ticket. |
|
| 1252 | + * @private |
|
| 1253 | + */ |
|
| 1254 | + function setST($st) |
|
| 1255 | + { $this->_st = $st; } |
|
| 1256 | + |
|
| 1257 | + /** |
|
| 1258 | + * This method tells if a Service Ticket was stored. |
|
| 1259 | + * @return TRUE if a Service Ticket has been stored. |
|
| 1260 | + * @private |
|
| 1261 | + */ |
|
| 1262 | + function hasST() |
|
| 1263 | + { return !empty($this->_st); } |
|
| 1264 | + |
|
| 1265 | + /** @} */ |
|
| 1266 | + |
|
| 1267 | + // ######################################################################## |
|
| 1268 | + // ST VALIDATION |
|
| 1269 | + // ######################################################################## |
|
| 1270 | + /** |
|
| 1271 | + * @addtogroup internalBasic |
|
| 1272 | + * @{ |
|
| 1273 | + */ |
|
| 1274 | + |
|
| 1275 | + /** |
|
| 1276 | + * the certificate of the CAS server. |
|
| 1277 | + * |
|
| 1278 | + * @hideinitializer |
|
| 1279 | + * @private |
|
| 1280 | + */ |
|
| 1281 | + var $_cas_server_cert = ''; |
|
| 1282 | + |
|
| 1283 | + /** |
|
| 1284 | + * the certificate of the CAS server CA. |
|
| 1285 | + * |
|
| 1286 | + * @hideinitializer |
|
| 1287 | + * @private |
|
| 1288 | + */ |
|
| 1289 | + var $_cas_server_ca_cert = ''; |
|
| 1290 | + |
|
| 1291 | + /** |
|
| 1292 | + * Set to true not to validate the CAS server. |
|
| 1293 | + * |
|
| 1294 | + * @hideinitializer |
|
| 1295 | + * @private |
|
| 1296 | + */ |
|
| 1297 | + var $_no_cas_server_validation = false; |
|
| 1298 | + |
|
| 1299 | + /** |
|
| 1300 | + * Set the certificate of the CAS server. |
|
| 1301 | + * |
|
| 1302 | + * @param $cert the PEM certificate |
|
| 1303 | + */ |
|
| 1304 | + function setCasServerCert($cert) |
|
| 1305 | + { |
|
| 1306 | + $this->_cas_server_cert = $cert; |
|
| 1307 | + } |
|
| 1308 | + |
|
| 1309 | + /** |
|
| 1310 | + * Set the CA certificate of the CAS server. |
|
| 1311 | + * |
|
| 1312 | + * @param $cert the PEM certificate of the CA that emited the cert of the server |
|
| 1313 | + */ |
|
| 1314 | + function setCasServerCACert($cert) |
|
| 1315 | + { |
|
| 1316 | + $this->_cas_server_ca_cert = $cert; |
|
| 1317 | + } |
|
| 1318 | + |
|
| 1319 | + /** |
|
| 1320 | + * Set no SSL validation for the CAS server. |
|
| 1321 | + */ |
|
| 1322 | + function setNoCasServerValidation() |
|
| 1323 | + { |
|
| 1324 | + $this->_no_cas_server_validation = true; |
|
| 1325 | + } |
|
| 1326 | + |
|
| 1327 | + /** |
|
| 1328 | + * This method is used to validate a ST; halt on failure, and sets $validate_url, |
|
| 1329 | + * $text_reponse and $tree_response on success. These parameters are used later |
|
| 1330 | + * by CASClient::validatePGT() for CAS proxies. |
|
| 1331 | + * Used for all CAS 1.0 validations |
|
| 1332 | + * @param $validate_url the URL of the request to the CAS server. |
|
| 1333 | + * @param $text_response the response of the CAS server, as is (XML text). |
|
| 1334 | + * @param $tree_response the response of the CAS server, as a DOM XML tree. |
|
| 1335 | + * |
|
| 1336 | + * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). |
|
| 1337 | + * |
|
| 1338 | + * @private |
|
| 1339 | + */ |
|
| 1340 | + function validateST($validate_url,&$text_response,&$tree_response) |
|
| 1341 | + { |
|
| 1342 | + phpCAS::traceBegin(); |
|
| 1343 | + // build the URL to validate the ticket |
|
| 1344 | + $validate_url = $this->getServerServiceValidateURL().'&ticket='.$this->getST(); |
|
| 1345 | + if ( $this->isProxy() ) { |
|
| 1346 | + // pass the callback url for CAS proxies |
|
| 1347 | + $validate_url .= '&pgtUrl='.$this->getCallbackURL(); |
|
| 1348 | + } |
|
| 1349 | + |
|
| 1350 | + // open and read the URL |
|
| 1351 | + if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) { |
|
| 1352 | + phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')'); |
|
| 1353 | + $this->authError('ST not validated', |
|
| 1354 | + $validate_url, |
|
| 1355 | + TRUE/*$no_response*/); |
|
| 1356 | + } |
|
| 1357 | + |
|
| 1358 | + // analyze the result depending on the version |
|
| 1359 | + switch ($this->getServerVersion()) { |
|
| 1360 | + case CAS_VERSION_1_0: |
|
| 1361 | + if (preg_match('/^no\n/',$text_response)) { |
|
| 1362 | + phpCAS::trace('ST has not been validated'); |
|
| 1363 | + $this->authError('ST not validated', |
|
| 1364 | + $validate_url, |
|
| 1365 | + FALSE/*$no_response*/, |
|
| 1366 | + FALSE/*$bad_response*/, |
|
| 1367 | + $text_response); |
|
| 1368 | + } |
|
| 1369 | + if (!preg_match('/^yes\n/',$text_response)) { |
|
| 1370 | + phpCAS::trace('ill-formed response'); |
|
| 1371 | + $this->authError('ST not validated', |
|
| 1372 | + $validate_url, |
|
| 1373 | + FALSE/*$no_response*/, |
|
| 1374 | + TRUE/*$bad_response*/, |
|
| 1375 | + $text_response); |
|
| 1376 | + } |
|
| 1377 | + // ST has been validated, extract the user name |
|
| 1378 | + $arr = preg_split('/\n/',$text_response); |
|
| 1379 | + $this->setUser(trim($arr[1])); |
|
| 1380 | + break; |
|
| 1381 | + case CAS_VERSION_2_0: |
|
| 1382 | + // read the response of the CAS server into a DOM object |
|
| 1383 | + if ( !($dom = domxml_open_mem($text_response))) { |
|
| 1384 | + phpCAS::trace('domxml_open_mem() failed'); |
|
| 1385 | + $this->authError('ST not validated', |
|
| 1386 | + $validate_url, |
|
| 1387 | + FALSE/*$no_response*/, |
|
| 1388 | + TRUE/*$bad_response*/, |
|
| 1389 | + $text_response); |
|
| 1390 | + } |
|
| 1391 | + // read the root node of the XML tree |
|
| 1392 | + if ( !($tree_response = $dom->document_element()) ) { |
|
| 1393 | + phpCAS::trace('document_element() failed'); |
|
| 1394 | + $this->authError('ST not validated', |
|
| 1395 | + $validate_url, |
|
| 1396 | + FALSE/*$no_response*/, |
|
| 1397 | + TRUE/*$bad_response*/, |
|
| 1398 | + $text_response); |
|
| 1399 | + } |
|
| 1400 | + // insure that tag name is 'serviceResponse' |
|
| 1401 | + if ( $tree_response->node_name() != 'serviceResponse' ) { |
|
| 1402 | + phpCAS::trace('bad XML root node (should be `serviceResponse\' instead of `'.$tree_response->node_name().'\''); |
|
| 1403 | + $this->authError('ST not validated', |
|
| 1404 | + $validate_url, |
|
| 1405 | + FALSE/*$no_response*/, |
|
| 1406 | + TRUE/*$bad_response*/, |
|
| 1407 | + $text_response); |
|
| 1408 | + } |
|
| 1409 | + if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("authenticationSuccess")) != 0) { |
|
| 1410 | + // authentication succeded, extract the user name |
|
| 1411 | + if ( sizeof($user_elements = $success_elements[0]->get_elements_by_tagname("user")) == 0) { |
|
| 1412 | + phpCAS::trace('<authenticationSuccess> found, but no <user>'); |
|
| 1413 | + $this->authError('ST not validated', |
|
| 1414 | + $validate_url, |
|
| 1415 | + FALSE/*$no_response*/, |
|
| 1416 | + TRUE/*$bad_response*/, |
|
| 1417 | + $text_response); |
|
| 1418 | + } |
|
| 1419 | + $user = trim($user_elements[0]->get_content()); |
|
| 1420 | + phpCAS::trace('user = `'.$user); |
|
| 1421 | + $this->setUser($user); |
|
| 1423 | 1422 | |
| 1424 | - } else if ( sizeof($failure_elements = $tree_response->get_elements_by_tagname("authenticationFailure")) != 0) { |
|
| 1425 | - phpCAS::trace('<authenticationFailure> found'); |
|
| 1426 | - // authentication failed, extract the error code and message |
|
| 1427 | - $this->authError('ST not validated', |
|
| 1428 | - $validate_url, |
|
| 1429 | - FALSE/*$no_response*/, |
|
| 1430 | - FALSE/*$bad_response*/, |
|
| 1431 | - $text_response, |
|
| 1432 | - $failure_elements[0]->get_attribute('code')/*$err_code*/, |
|
| 1433 | - trim($failure_elements[0]->get_content())/*$err_msg*/); |
|
| 1434 | - } else { |
|
| 1435 | - phpCAS::trace('neither <authenticationSuccess> nor <authenticationFailure> found'); |
|
| 1436 | - $this->authError('ST not validated', |
|
| 1437 | - $validate_url, |
|
| 1438 | - FALSE/*$no_response*/, |
|
| 1439 | - TRUE/*$bad_response*/, |
|
| 1440 | - $text_response); |
|
| 1441 | - } |
|
| 1442 | - break; |
|
| 1443 | - } |
|
| 1444 | - |
|
| 1445 | - // at this step, ST has been validated and $this->_user has been set, |
|
| 1446 | - phpCAS::traceEnd(TRUE); |
|
| 1447 | - return TRUE; |
|
| 1448 | - } |
|
| 1449 | - |
|
| 1450 | - // ######################################################################## |
|
| 1451 | - // SAML VALIDATION |
|
| 1452 | - // ######################################################################## |
|
| 1453 | - /** |
|
| 1454 | - * @addtogroup internalBasic |
|
| 1455 | - * @{ |
|
| 1456 | - */ |
|
| 1457 | - |
|
| 1458 | - /** |
|
| 1459 | - * This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, |
|
| 1460 | - * $text_reponse and $tree_response on success. These parameters are used later |
|
| 1461 | - * by CASClient::validatePGT() for CAS proxies. |
|
| 1462 | - * |
|
| 1463 | - * @param $validate_url the URL of the request to the CAS server. |
|
| 1464 | - * @param $text_response the response of the CAS server, as is (XML text). |
|
| 1465 | - * @param $tree_response the response of the CAS server, as a DOM XML tree. |
|
| 1466 | - * |
|
| 1467 | - * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). |
|
| 1468 | - * |
|
| 1469 | - * @private |
|
| 1470 | - */ |
|
| 1471 | - function validateSA($validate_url,&$text_response,&$tree_response) |
|
| 1472 | - { |
|
| 1473 | - phpCAS::traceBegin(); |
|
| 1474 | - |
|
| 1475 | - // build the URL to validate the ticket |
|
| 1476 | - $validate_url = $this->getServerSamlValidateURL(); |
|
| 1477 | - |
|
| 1478 | - // open and read the URL |
|
| 1479 | - if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) { |
|
| 1480 | - phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')'); |
|
| 1481 | - $this->authError('SA not validated', $validate_url, TRUE/*$no_response*/); |
|
| 1482 | - } |
|
| 1483 | - |
|
| 1484 | - phpCAS::trace('server version: '.$this->getServerVersion()); |
|
| 1485 | - |
|
| 1486 | - // analyze the result depending on the version |
|
| 1487 | - switch ($this->getServerVersion()) { |
|
| 1488 | - case SAML_VERSION_1_1: |
|
| 1423 | + } else if ( sizeof($failure_elements = $tree_response->get_elements_by_tagname("authenticationFailure")) != 0) { |
|
| 1424 | + phpCAS::trace('<authenticationFailure> found'); |
|
| 1425 | + // authentication failed, extract the error code and message |
|
| 1426 | + $this->authError('ST not validated', |
|
| 1427 | + $validate_url, |
|
| 1428 | + FALSE/*$no_response*/, |
|
| 1429 | + FALSE/*$bad_response*/, |
|
| 1430 | + $text_response, |
|
| 1431 | + $failure_elements[0]->get_attribute('code')/*$err_code*/, |
|
| 1432 | + trim($failure_elements[0]->get_content())/*$err_msg*/); |
|
| 1433 | + } else { |
|
| 1434 | + phpCAS::trace('neither <authenticationSuccess> nor <authenticationFailure> found'); |
|
| 1435 | + $this->authError('ST not validated', |
|
| 1436 | + $validate_url, |
|
| 1437 | + FALSE/*$no_response*/, |
|
| 1438 | + TRUE/*$bad_response*/, |
|
| 1439 | + $text_response); |
|
| 1440 | + } |
|
| 1441 | + break; |
|
| 1442 | + } |
|
| 1443 | + |
|
| 1444 | + // at this step, ST has been validated and $this->_user has been set, |
|
| 1445 | + phpCAS::traceEnd(TRUE); |
|
| 1446 | + return TRUE; |
|
| 1447 | + } |
|
| 1448 | + |
|
| 1449 | + // ######################################################################## |
|
| 1450 | + // SAML VALIDATION |
|
| 1451 | + // ######################################################################## |
|
| 1452 | + /** |
|
| 1453 | + * @addtogroup internalBasic |
|
| 1454 | + * @{ |
|
| 1455 | + */ |
|
| 1456 | + |
|
| 1457 | + /** |
|
| 1458 | + * This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, |
|
| 1459 | + * $text_reponse and $tree_response on success. These parameters are used later |
|
| 1460 | + * by CASClient::validatePGT() for CAS proxies. |
|
| 1461 | + * |
|
| 1462 | + * @param $validate_url the URL of the request to the CAS server. |
|
| 1463 | + * @param $text_response the response of the CAS server, as is (XML text). |
|
| 1464 | + * @param $tree_response the response of the CAS server, as a DOM XML tree. |
|
| 1465 | + * |
|
| 1466 | + * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). |
|
| 1467 | + * |
|
| 1468 | + * @private |
|
| 1469 | + */ |
|
| 1470 | + function validateSA($validate_url,&$text_response,&$tree_response) |
|
| 1471 | + { |
|
| 1472 | + phpCAS::traceBegin(); |
|
| 1473 | + |
|
| 1474 | + // build the URL to validate the ticket |
|
| 1475 | + $validate_url = $this->getServerSamlValidateURL(); |
|
| 1476 | + |
|
| 1477 | + // open and read the URL |
|
| 1478 | + if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) { |
|
| 1479 | + phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')'); |
|
| 1480 | + $this->authError('SA not validated', $validate_url, TRUE/*$no_response*/); |
|
| 1481 | + } |
|
| 1482 | + |
|
| 1483 | + phpCAS::trace('server version: '.$this->getServerVersion()); |
|
| 1484 | + |
|
| 1485 | + // analyze the result depending on the version |
|
| 1486 | + switch ($this->getServerVersion()) { |
|
| 1487 | + case SAML_VERSION_1_1: |
|
| 1489 | 1488 | |
| 1490 | - // read the response of the CAS server into a DOM object |
|
| 1491 | - if ( !($dom = domxml_open_mem($text_response))) { |
|
| 1492 | - phpCAS::trace('domxml_open_mem() failed'); |
|
| 1493 | - $this->authError('SA not validated', |
|
| 1494 | - $validate_url, |
|
| 1495 | - FALSE/*$no_response*/, |
|
| 1496 | - TRUE/*$bad_response*/, |
|
| 1497 | - $text_response); |
|
| 1498 | - } |
|
| 1499 | - // read the root node of the XML tree |
|
| 1500 | - if ( !($tree_response = $dom->document_element()) ) { |
|
| 1501 | - phpCAS::trace('document_element() failed'); |
|
| 1502 | - $this->authError('SA not validated', |
|
| 1503 | - $validate_url, |
|
| 1504 | - FALSE/*$no_response*/, |
|
| 1505 | - TRUE/*$bad_response*/, |
|
| 1506 | - $text_response); |
|
| 1507 | - } |
|
| 1508 | - // insure that tag name is 'Envelope' |
|
| 1509 | - if ( $tree_response->node_name() != 'Envelope' ) { |
|
| 1510 | - phpCAS::trace('bad XML root node (should be `Envelope\' instead of `'.$tree_response->node_name().'\''); |
|
| 1511 | - $this->authError('SA not validated', |
|
| 1512 | - $validate_url, |
|
| 1513 | - FALSE/*$no_response*/, |
|
| 1514 | - TRUE/*$bad_response*/, |
|
| 1515 | - $text_response); |
|
| 1516 | - } |
|
| 1517 | - // check for the NameIdentifier tag in the SAML response |
|
| 1518 | - if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("NameIdentifier")) != 0) { |
|
| 1519 | - phpCAS::trace('NameIdentifier found'); |
|
| 1520 | - $user = trim($success_elements[0]->get_content()); |
|
| 1521 | - phpCAS::trace('user = `'.$user.'`'); |
|
| 1522 | - $this->setUser($user); |
|
| 1523 | - $this->setSessionAttributes($text_response); |
|
| 1524 | - } else { |
|
| 1525 | - phpCAS::trace('no <NameIdentifier> tag found in SAML payload'); |
|
| 1526 | - $this->authError('SA not validated', |
|
| 1527 | - $validate_url, |
|
| 1528 | - FALSE/*$no_response*/, |
|
| 1529 | - TRUE/*$bad_response*/, |
|
| 1530 | - $text_response); |
|
| 1531 | - } |
|
| 1532 | - break; |
|
| 1533 | - } |
|
| 1534 | - |
|
| 1535 | - // at this step, ST has been validated and $this->_user has been set, |
|
| 1536 | - phpCAS::traceEnd(TRUE); |
|
| 1537 | - return TRUE; |
|
| 1538 | - } |
|
| 1539 | - |
|
| 1540 | - /** |
|
| 1541 | - * This method will parse the DOM and pull out the attributes from the SAML |
|
| 1542 | - * payload and put them into an array, then put the array into the session. |
|
| 1543 | - * |
|
| 1544 | - * @param $text_response the SAML payload. |
|
| 1545 | - * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). |
|
| 1546 | - * |
|
| 1547 | - * @private |
|
| 1548 | - */ |
|
| 1549 | - function setSessionAttributes($text_response) |
|
| 1550 | - { |
|
| 1551 | - phpCAS::traceBegin(); |
|
| 1552 | - |
|
| 1553 | - $result = FALSE; |
|
| 1554 | - |
|
| 1555 | - if (isset($_SESSION[SAML_ATTRIBUTES])) { |
|
| 1556 | - phpCAS::trace("session attrs already set."); //testbml - do we care? |
|
| 1557 | - } |
|
| 1558 | - |
|
| 1559 | - $attr_array = array(); |
|
| 1560 | - |
|
| 1561 | - if (($dom = domxml_open_mem($text_response))) { |
|
| 1562 | - $xPath = $dom->xpath_new_context(); |
|
| 1563 | - $xPath->xpath_register_ns('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol'); |
|
| 1564 | - $xPath->xpath_register_ns('saml', 'urn:oasis:names:tc:SAML:1.0:assertion'); |
|
| 1565 | - $nodelist = $xPath->xpath_eval("//saml:Attribute"); |
|
| 1566 | - $attrs = $nodelist->nodeset; |
|
| 1567 | - phpCAS::trace($text_response); |
|
| 1568 | - foreach($attrs as $attr){ |
|
| 1569 | - $xres = $xPath->xpath_eval("saml:AttributeValue", $attr); |
|
| 1570 | - $name = $attr->get_attribute("AttributeName"); |
|
| 1571 | - $value_array = array(); |
|
| 1572 | - foreach($xres->nodeset as $node){ |
|
| 1573 | - $value_array[] = $node->get_content(); |
|
| 1489 | + // read the response of the CAS server into a DOM object |
|
| 1490 | + if ( !($dom = domxml_open_mem($text_response))) { |
|
| 1491 | + phpCAS::trace('domxml_open_mem() failed'); |
|
| 1492 | + $this->authError('SA not validated', |
|
| 1493 | + $validate_url, |
|
| 1494 | + FALSE/*$no_response*/, |
|
| 1495 | + TRUE/*$bad_response*/, |
|
| 1496 | + $text_response); |
|
| 1497 | + } |
|
| 1498 | + // read the root node of the XML tree |
|
| 1499 | + if ( !($tree_response = $dom->document_element()) ) { |
|
| 1500 | + phpCAS::trace('document_element() failed'); |
|
| 1501 | + $this->authError('SA not validated', |
|
| 1502 | + $validate_url, |
|
| 1503 | + FALSE/*$no_response*/, |
|
| 1504 | + TRUE/*$bad_response*/, |
|
| 1505 | + $text_response); |
|
| 1506 | + } |
|
| 1507 | + // insure that tag name is 'Envelope' |
|
| 1508 | + if ( $tree_response->node_name() != 'Envelope' ) { |
|
| 1509 | + phpCAS::trace('bad XML root node (should be `Envelope\' instead of `'.$tree_response->node_name().'\''); |
|
| 1510 | + $this->authError('SA not validated', |
|
| 1511 | + $validate_url, |
|
| 1512 | + FALSE/*$no_response*/, |
|
| 1513 | + TRUE/*$bad_response*/, |
|
| 1514 | + $text_response); |
|
| 1515 | + } |
|
| 1516 | + // check for the NameIdentifier tag in the SAML response |
|
| 1517 | + if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("NameIdentifier")) != 0) { |
|
| 1518 | + phpCAS::trace('NameIdentifier found'); |
|
| 1519 | + $user = trim($success_elements[0]->get_content()); |
|
| 1520 | + phpCAS::trace('user = `'.$user.'`'); |
|
| 1521 | + $this->setUser($user); |
|
| 1522 | + $this->setSessionAttributes($text_response); |
|
| 1523 | + } else { |
|
| 1524 | + phpCAS::trace('no <NameIdentifier> tag found in SAML payload'); |
|
| 1525 | + $this->authError('SA not validated', |
|
| 1526 | + $validate_url, |
|
| 1527 | + FALSE/*$no_response*/, |
|
| 1528 | + TRUE/*$bad_response*/, |
|
| 1529 | + $text_response); |
|
| 1530 | + } |
|
| 1531 | + break; |
|
| 1532 | + } |
|
| 1533 | + |
|
| 1534 | + // at this step, ST has been validated and $this->_user has been set, |
|
| 1535 | + phpCAS::traceEnd(TRUE); |
|
| 1536 | + return TRUE; |
|
| 1537 | + } |
|
| 1538 | + |
|
| 1539 | + /** |
|
| 1540 | + * This method will parse the DOM and pull out the attributes from the SAML |
|
| 1541 | + * payload and put them into an array, then put the array into the session. |
|
| 1542 | + * |
|
| 1543 | + * @param $text_response the SAML payload. |
|
| 1544 | + * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). |
|
| 1545 | + * |
|
| 1546 | + * @private |
|
| 1547 | + */ |
|
| 1548 | + function setSessionAttributes($text_response) |
|
| 1549 | + { |
|
| 1550 | + phpCAS::traceBegin(); |
|
| 1551 | + |
|
| 1552 | + $result = FALSE; |
|
| 1553 | + |
|
| 1554 | + if (isset($_SESSION[SAML_ATTRIBUTES])) { |
|
| 1555 | + phpCAS::trace("session attrs already set."); //testbml - do we care? |
|
| 1556 | + } |
|
| 1557 | + |
|
| 1558 | + $attr_array = array(); |
|
| 1559 | + |
|
| 1560 | + if (($dom = domxml_open_mem($text_response))) { |
|
| 1561 | + $xPath = $dom->xpath_new_context(); |
|
| 1562 | + $xPath->xpath_register_ns('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol'); |
|
| 1563 | + $xPath->xpath_register_ns('saml', 'urn:oasis:names:tc:SAML:1.0:assertion'); |
|
| 1564 | + $nodelist = $xPath->xpath_eval("//saml:Attribute"); |
|
| 1565 | + $attrs = $nodelist->nodeset; |
|
| 1566 | + phpCAS::trace($text_response); |
|
| 1567 | + foreach($attrs as $attr){ |
|
| 1568 | + $xres = $xPath->xpath_eval("saml:AttributeValue", $attr); |
|
| 1569 | + $name = $attr->get_attribute("AttributeName"); |
|
| 1570 | + $value_array = array(); |
|
| 1571 | + foreach($xres->nodeset as $node){ |
|
| 1572 | + $value_array[] = $node->get_content(); |
|
| 1574 | 1573 | |
| 1575 | - } |
|
| 1576 | - phpCAS::trace("* " . $name . "=" . $value_array); |
|
| 1577 | - $attr_array[$name] = $value_array; |
|
| 1578 | - } |
|
| 1579 | - $_SESSION[SAML_ATTRIBUTES] = $attr_array; |
|
| 1580 | - // UGent addition... |
|
| 1581 | - foreach($attr_array as $attr_key => $attr_value) { |
|
| 1582 | - if(count($attr_value) > 1) { |
|
| 1583 | - $this->_attributes[$attr_key] = $attr_value; |
|
| 1584 | - } |
|
| 1585 | - else { |
|
| 1586 | - $this->_attributes[$attr_key] = $attr_value[0]; |
|
| 1587 | - } |
|
| 1588 | - } |
|
| 1589 | - $result = TRUE; |
|
| 1590 | - } |
|
| 1591 | - phpCAS::traceEnd($result); |
|
| 1592 | - return $result; |
|
| 1593 | - } |
|
| 1594 | - |
|
| 1595 | - /** @} */ |
|
| 1596 | - |
|
| 1597 | - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 1598 | - // XX XX |
|
| 1599 | - // XX PROXY FEATURES (CAS 2.0) XX |
|
| 1600 | - // XX XX |
|
| 1601 | - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 1602 | - |
|
| 1603 | - // ######################################################################## |
|
| 1604 | - // PROXYING |
|
| 1605 | - // ######################################################################## |
|
| 1606 | - /** |
|
| 1607 | - * @addtogroup internalProxy |
|
| 1608 | - * @{ |
|
| 1609 | - */ |
|
| 1610 | - |
|
| 1611 | - /** |
|
| 1612 | - * A boolean telling if the client is a CAS proxy or not. Written by CASClient::CASClient(), |
|
| 1613 | - * read by CASClient::isProxy(). |
|
| 1614 | - * |
|
| 1615 | - * @private |
|
| 1616 | - */ |
|
| 1617 | - var $_proxy; |
|
| 1618 | - |
|
| 1619 | - /** |
|
| 1620 | - * Tells if a CAS client is a CAS proxy or not |
|
| 1621 | - * |
|
| 1622 | - * @return TRUE when the CAS client is a CAs proxy, FALSE otherwise |
|
| 1623 | - * |
|
| 1624 | - * @private |
|
| 1625 | - */ |
|
| 1626 | - function isProxy() |
|
| 1627 | - { |
|
| 1628 | - return $this->_proxy; |
|
| 1629 | - } |
|
| 1630 | - |
|
| 1631 | - /** @} */ |
|
| 1632 | - // ######################################################################## |
|
| 1633 | - // PGT |
|
| 1634 | - // ######################################################################## |
|
| 1635 | - /** |
|
| 1636 | - * @addtogroup internalProxy |
|
| 1637 | - * @{ |
|
| 1638 | - */ |
|
| 1639 | - |
|
| 1640 | - /** |
|
| 1641 | - * the Proxy Grnting Ticket given by the CAS server (empty otherwise). |
|
| 1642 | - * Written by CASClient::setPGT(), read by CASClient::getPGT() and CASClient::hasPGT(). |
|
| 1643 | - * |
|
| 1644 | - * @hideinitializer |
|
| 1645 | - * @private |
|
| 1646 | - */ |
|
| 1647 | - var $_pgt = ''; |
|
| 1648 | - |
|
| 1649 | - /** |
|
| 1650 | - * This method returns the Proxy Granting Ticket given by the CAS server. |
|
| 1651 | - * @return The Proxy Granting Ticket. |
|
| 1652 | - * @private |
|
| 1653 | - */ |
|
| 1654 | - function getPGT() |
|
| 1655 | - { return $this->_pgt; } |
|
| 1656 | - |
|
| 1657 | - /** |
|
| 1658 | - * This method stores the Proxy Granting Ticket. |
|
| 1659 | - * @param $pgt The Proxy Granting Ticket. |
|
| 1660 | - * @private |
|
| 1661 | - */ |
|
| 1662 | - function setPGT($pgt) |
|
| 1663 | - { $this->_pgt = $pgt; } |
|
| 1664 | - |
|
| 1665 | - /** |
|
| 1666 | - * This method tells if a Proxy Granting Ticket was stored. |
|
| 1667 | - * @return TRUE if a Proxy Granting Ticket has been stored. |
|
| 1668 | - * @private |
|
| 1669 | - */ |
|
| 1670 | - function hasPGT() |
|
| 1671 | - { return !empty($this->_pgt); } |
|
| 1672 | - |
|
| 1673 | - /** @} */ |
|
| 1674 | - |
|
| 1675 | - // ######################################################################## |
|
| 1676 | - // CALLBACK MODE |
|
| 1677 | - // ######################################################################## |
|
| 1678 | - /** |
|
| 1679 | - * @addtogroup internalCallback |
|
| 1680 | - * @{ |
|
| 1681 | - */ |
|
| 1682 | - /** |
|
| 1683 | - * each PHP script using phpCAS in proxy mode is its own callback to get the |
|
| 1684 | - * PGT back from the CAS server. callback_mode is detected by the constructor |
|
| 1685 | - * thanks to the GET parameters. |
|
| 1686 | - */ |
|
| 1687 | - |
|
| 1688 | - /** |
|
| 1689 | - * a boolean to know if the CAS client is running in callback mode. Written by |
|
| 1690 | - * CASClient::setCallBackMode(), read by CASClient::isCallbackMode(). |
|
| 1691 | - * |
|
| 1692 | - * @hideinitializer |
|
| 1693 | - * @private |
|
| 1694 | - */ |
|
| 1695 | - var $_callback_mode = FALSE; |
|
| 1696 | - |
|
| 1697 | - /** |
|
| 1698 | - * This method sets/unsets callback mode. |
|
| 1699 | - * |
|
| 1700 | - * @param $callback_mode TRUE to set callback mode, FALSE otherwise. |
|
| 1701 | - * |
|
| 1702 | - * @private |
|
| 1703 | - */ |
|
| 1704 | - function setCallbackMode($callback_mode) |
|
| 1705 | - { |
|
| 1706 | - $this->_callback_mode = $callback_mode; |
|
| 1707 | - } |
|
| 1708 | - |
|
| 1709 | - /** |
|
| 1710 | - * This method returns TRUE when the CAs client is running i callback mode, |
|
| 1711 | - * FALSE otherwise. |
|
| 1712 | - * |
|
| 1713 | - * @return A boolean. |
|
| 1714 | - * |
|
| 1715 | - * @private |
|
| 1716 | - */ |
|
| 1717 | - function isCallbackMode() |
|
| 1718 | - { |
|
| 1719 | - return $this->_callback_mode; |
|
| 1720 | - } |
|
| 1721 | - |
|
| 1722 | - /** |
|
| 1723 | - * the URL that should be used for the PGT callback (in fact the URL of the |
|
| 1724 | - * current request without any CGI parameter). Written and read by |
|
| 1725 | - * CASClient::getCallbackURL(). |
|
| 1726 | - * |
|
| 1727 | - * @hideinitializer |
|
| 1728 | - * @private |
|
| 1729 | - */ |
|
| 1730 | - var $_callback_url = ''; |
|
| 1731 | - |
|
| 1732 | - /** |
|
| 1733 | - * This method returns the URL that should be used for the PGT callback (in |
|
| 1734 | - * fact the URL of the current request without any CGI parameter, except if |
|
| 1735 | - * phpCAS::setFixedCallbackURL() was used). |
|
| 1736 | - * |
|
| 1737 | - * @return The callback URL |
|
| 1738 | - * |
|
| 1739 | - * @private |
|
| 1740 | - */ |
|
| 1741 | - function getCallbackURL() |
|
| 1742 | - { |
|
| 1743 | - // the URL is built when needed only |
|
| 1744 | - if ( empty($this->_callback_url) ) { |
|
| 1745 | - $final_uri = ''; |
|
| 1746 | - // remove the ticket if present in the URL |
|
| 1747 | - $final_uri = 'https://'; |
|
| 1748 | - /* replaced by Julien Marchal - v0.4.6 |
|
| 1574 | + } |
|
| 1575 | + phpCAS::trace("* " . $name . "=" . $value_array); |
|
| 1576 | + $attr_array[$name] = $value_array; |
|
| 1577 | + } |
|
| 1578 | + $_SESSION[SAML_ATTRIBUTES] = $attr_array; |
|
| 1579 | + // UGent addition... |
|
| 1580 | + foreach($attr_array as $attr_key => $attr_value) { |
|
| 1581 | + if(count($attr_value) > 1) { |
|
| 1582 | + $this->_attributes[$attr_key] = $attr_value; |
|
| 1583 | + } |
|
| 1584 | + else { |
|
| 1585 | + $this->_attributes[$attr_key] = $attr_value[0]; |
|
| 1586 | + } |
|
| 1587 | + } |
|
| 1588 | + $result = TRUE; |
|
| 1589 | + } |
|
| 1590 | + phpCAS::traceEnd($result); |
|
| 1591 | + return $result; |
|
| 1592 | + } |
|
| 1593 | + |
|
| 1594 | + /** @} */ |
|
| 1595 | + |
|
| 1596 | + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 1597 | + // XX XX |
|
| 1598 | + // XX PROXY FEATURES (CAS 2.0) XX |
|
| 1599 | + // XX XX |
|
| 1600 | + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 1601 | + |
|
| 1602 | + // ######################################################################## |
|
| 1603 | + // PROXYING |
|
| 1604 | + // ######################################################################## |
|
| 1605 | + /** |
|
| 1606 | + * @addtogroup internalProxy |
|
| 1607 | + * @{ |
|
| 1608 | + */ |
|
| 1609 | + |
|
| 1610 | + /** |
|
| 1611 | + * A boolean telling if the client is a CAS proxy or not. Written by CASClient::CASClient(), |
|
| 1612 | + * read by CASClient::isProxy(). |
|
| 1613 | + * |
|
| 1614 | + * @private |
|
| 1615 | + */ |
|
| 1616 | + var $_proxy; |
|
| 1617 | + |
|
| 1618 | + /** |
|
| 1619 | + * Tells if a CAS client is a CAS proxy or not |
|
| 1620 | + * |
|
| 1621 | + * @return TRUE when the CAS client is a CAs proxy, FALSE otherwise |
|
| 1622 | + * |
|
| 1623 | + * @private |
|
| 1624 | + */ |
|
| 1625 | + function isProxy() |
|
| 1626 | + { |
|
| 1627 | + return $this->_proxy; |
|
| 1628 | + } |
|
| 1629 | + |
|
| 1630 | + /** @} */ |
|
| 1631 | + // ######################################################################## |
|
| 1632 | + // PGT |
|
| 1633 | + // ######################################################################## |
|
| 1634 | + /** |
|
| 1635 | + * @addtogroup internalProxy |
|
| 1636 | + * @{ |
|
| 1637 | + */ |
|
| 1638 | + |
|
| 1639 | + /** |
|
| 1640 | + * the Proxy Grnting Ticket given by the CAS server (empty otherwise). |
|
| 1641 | + * Written by CASClient::setPGT(), read by CASClient::getPGT() and CASClient::hasPGT(). |
|
| 1642 | + * |
|
| 1643 | + * @hideinitializer |
|
| 1644 | + * @private |
|
| 1645 | + */ |
|
| 1646 | + var $_pgt = ''; |
|
| 1647 | + |
|
| 1648 | + /** |
|
| 1649 | + * This method returns the Proxy Granting Ticket given by the CAS server. |
|
| 1650 | + * @return The Proxy Granting Ticket. |
|
| 1651 | + * @private |
|
| 1652 | + */ |
|
| 1653 | + function getPGT() |
|
| 1654 | + { return $this->_pgt; } |
|
| 1655 | + |
|
| 1656 | + /** |
|
| 1657 | + * This method stores the Proxy Granting Ticket. |
|
| 1658 | + * @param $pgt The Proxy Granting Ticket. |
|
| 1659 | + * @private |
|
| 1660 | + */ |
|
| 1661 | + function setPGT($pgt) |
|
| 1662 | + { $this->_pgt = $pgt; } |
|
| 1663 | + |
|
| 1664 | + /** |
|
| 1665 | + * This method tells if a Proxy Granting Ticket was stored. |
|
| 1666 | + * @return TRUE if a Proxy Granting Ticket has been stored. |
|
| 1667 | + * @private |
|
| 1668 | + */ |
|
| 1669 | + function hasPGT() |
|
| 1670 | + { return !empty($this->_pgt); } |
|
| 1671 | + |
|
| 1672 | + /** @} */ |
|
| 1673 | + |
|
| 1674 | + // ######################################################################## |
|
| 1675 | + // CALLBACK MODE |
|
| 1676 | + // ######################################################################## |
|
| 1677 | + /** |
|
| 1678 | + * @addtogroup internalCallback |
|
| 1679 | + * @{ |
|
| 1680 | + */ |
|
| 1681 | + /** |
|
| 1682 | + * each PHP script using phpCAS in proxy mode is its own callback to get the |
|
| 1683 | + * PGT back from the CAS server. callback_mode is detected by the constructor |
|
| 1684 | + * thanks to the GET parameters. |
|
| 1685 | + */ |
|
| 1686 | + |
|
| 1687 | + /** |
|
| 1688 | + * a boolean to know if the CAS client is running in callback mode. Written by |
|
| 1689 | + * CASClient::setCallBackMode(), read by CASClient::isCallbackMode(). |
|
| 1690 | + * |
|
| 1691 | + * @hideinitializer |
|
| 1692 | + * @private |
|
| 1693 | + */ |
|
| 1694 | + var $_callback_mode = FALSE; |
|
| 1695 | + |
|
| 1696 | + /** |
|
| 1697 | + * This method sets/unsets callback mode. |
|
| 1698 | + * |
|
| 1699 | + * @param $callback_mode TRUE to set callback mode, FALSE otherwise. |
|
| 1700 | + * |
|
| 1701 | + * @private |
|
| 1702 | + */ |
|
| 1703 | + function setCallbackMode($callback_mode) |
|
| 1704 | + { |
|
| 1705 | + $this->_callback_mode = $callback_mode; |
|
| 1706 | + } |
|
| 1707 | + |
|
| 1708 | + /** |
|
| 1709 | + * This method returns TRUE when the CAs client is running i callback mode, |
|
| 1710 | + * FALSE otherwise. |
|
| 1711 | + * |
|
| 1712 | + * @return A boolean. |
|
| 1713 | + * |
|
| 1714 | + * @private |
|
| 1715 | + */ |
|
| 1716 | + function isCallbackMode() |
|
| 1717 | + { |
|
| 1718 | + return $this->_callback_mode; |
|
| 1719 | + } |
|
| 1720 | + |
|
| 1721 | + /** |
|
| 1722 | + * the URL that should be used for the PGT callback (in fact the URL of the |
|
| 1723 | + * current request without any CGI parameter). Written and read by |
|
| 1724 | + * CASClient::getCallbackURL(). |
|
| 1725 | + * |
|
| 1726 | + * @hideinitializer |
|
| 1727 | + * @private |
|
| 1728 | + */ |
|
| 1729 | + var $_callback_url = ''; |
|
| 1730 | + |
|
| 1731 | + /** |
|
| 1732 | + * This method returns the URL that should be used for the PGT callback (in |
|
| 1733 | + * fact the URL of the current request without any CGI parameter, except if |
|
| 1734 | + * phpCAS::setFixedCallbackURL() was used). |
|
| 1735 | + * |
|
| 1736 | + * @return The callback URL |
|
| 1737 | + * |
|
| 1738 | + * @private |
|
| 1739 | + */ |
|
| 1740 | + function getCallbackURL() |
|
| 1741 | + { |
|
| 1742 | + // the URL is built when needed only |
|
| 1743 | + if ( empty($this->_callback_url) ) { |
|
| 1744 | + $final_uri = ''; |
|
| 1745 | + // remove the ticket if present in the URL |
|
| 1746 | + $final_uri = 'https://'; |
|
| 1747 | + /* replaced by Julien Marchal - v0.4.6 |
|
| 1749 | 1748 | * $this->uri .= $_SERVER['SERVER_NAME']; |
| 1750 | 1749 | */ |
| 1751 | - if(empty($_SERVER['HTTP_X_FORWARDED_SERVER'])){ |
|
| 1752 | - /* replaced by teedog - v0.4.12 |
|
| 1750 | + if(empty($_SERVER['HTTP_X_FORWARDED_SERVER'])){ |
|
| 1751 | + /* replaced by teedog - v0.4.12 |
|
| 1753 | 1752 | * $final_uri .= $_SERVER['SERVER_NAME']; |
| 1754 | 1753 | */ |
| 1755 | - if (empty($_SERVER['SERVER_NAME'])) { |
|
| 1756 | - $final_uri .= $_SERVER['HTTP_HOST']; |
|
| 1757 | - } else { |
|
| 1758 | - $final_uri .= $_SERVER['SERVER_NAME']; |
|
| 1759 | - } |
|
| 1760 | - } else { |
|
| 1761 | - $final_uri .= $_SERVER['HTTP_X_FORWARDED_SERVER']; |
|
| 1762 | - } |
|
| 1763 | - if ( ($this->isHttps() && $_SERVER['SERVER_PORT']!=443) |
|
| 1764 | - || (!$this->isHttps() && $_SERVER['SERVER_PORT']!=80) ) { |
|
| 1765 | - $final_uri .= ':'; |
|
| 1766 | - $final_uri .= $_SERVER['SERVER_PORT']; |
|
| 1767 | - } |
|
| 1768 | - $request_uri = $_SERVER['REQUEST_URI']; |
|
| 1769 | - $request_uri = preg_replace('/\?.*$/','',$request_uri); |
|
| 1770 | - $final_uri .= $request_uri; |
|
| 1771 | - $this->setCallbackURL($final_uri); |
|
| 1772 | - } |
|
| 1773 | - return $this->_callback_url; |
|
| 1774 | - } |
|
| 1775 | - |
|
| 1776 | - /** |
|
| 1777 | - * This method sets the callback url. |
|
| 1778 | - * |
|
| 1779 | - * @param $callback_url url to set callback |
|
| 1780 | - * |
|
| 1781 | - * @private |
|
| 1782 | - */ |
|
| 1783 | - function setCallbackURL($url) |
|
| 1784 | - { |
|
| 1785 | - return $this->_callback_url = $url; |
|
| 1786 | - } |
|
| 1787 | - |
|
| 1788 | - /** |
|
| 1789 | - * This method is called by CASClient::CASClient() when running in callback |
|
| 1790 | - * mode. It stores the PGT and its PGT Iou, prints its output and halts. |
|
| 1791 | - * |
|
| 1792 | - * @private |
|
| 1793 | - */ |
|
| 1794 | - function callback() |
|
| 1795 | - { |
|
| 1796 | - phpCAS::traceBegin(); |
|
| 1797 | - $this->printHTMLHeader('phpCAS callback'); |
|
| 1798 | - $pgt_iou = $_GET['pgtIou']; |
|
| 1799 | - $pgt = $_GET['pgtId']; |
|
| 1800 | - phpCAS::trace('Storing PGT `'.$pgt.'\' (id=`'.$pgt_iou.'\')'); |
|
| 1801 | - echo '<p>Storing PGT `'.$pgt.'\' (id=`'.$pgt_iou.'\').</p>'; |
|
| 1802 | - $this->storePGT($pgt,$pgt_iou); |
|
| 1803 | - $this->printHTMLFooter(); |
|
| 1804 | - phpCAS::traceExit(); |
|
| 1805 | - exit(); |
|
| 1806 | - } |
|
| 1807 | - |
|
| 1808 | - /** @} */ |
|
| 1809 | - |
|
| 1810 | - // ######################################################################## |
|
| 1811 | - // PGT STORAGE |
|
| 1812 | - // ######################################################################## |
|
| 1813 | - /** |
|
| 1814 | - * @addtogroup internalPGTStorage |
|
| 1815 | - * @{ |
|
| 1816 | - */ |
|
| 1817 | - |
|
| 1818 | - /** |
|
| 1819 | - * an instance of a class inheriting of PGTStorage, used to deal with PGT |
|
| 1820 | - * storage. Created by CASClient::setPGTStorageFile() or CASClient::setPGTStorageDB(), used |
|
| 1821 | - * by CASClient::setPGTStorageFile(), CASClient::setPGTStorageDB() and CASClient::initPGTStorage(). |
|
| 1822 | - * |
|
| 1823 | - * @hideinitializer |
|
| 1824 | - * @private |
|
| 1825 | - */ |
|
| 1826 | - var $_pgt_storage = null; |
|
| 1827 | - |
|
| 1828 | - /** |
|
| 1829 | - * This method is used to initialize the storage of PGT's. |
|
| 1830 | - * Halts on error. |
|
| 1831 | - * |
|
| 1832 | - * @private |
|
| 1833 | - */ |
|
| 1834 | - function initPGTStorage() |
|
| 1835 | - { |
|
| 1836 | - // if no SetPGTStorageXxx() has been used, default to file |
|
| 1837 | - if ( !is_object($this->_pgt_storage) ) { |
|
| 1838 | - $this->setPGTStorageFile(); |
|
| 1839 | - } |
|
| 1840 | - |
|
| 1841 | - // initializes the storage |
|
| 1842 | - $this->_pgt_storage->init(); |
|
| 1843 | - } |
|
| 1844 | - |
|
| 1845 | - /** |
|
| 1846 | - * This method stores a PGT. Halts on error. |
|
| 1847 | - * |
|
| 1848 | - * @param $pgt the PGT to store |
|
| 1849 | - * @param $pgt_iou its corresponding Iou |
|
| 1850 | - * |
|
| 1851 | - * @private |
|
| 1852 | - */ |
|
| 1853 | - function storePGT($pgt,$pgt_iou) |
|
| 1854 | - { |
|
| 1855 | - // ensure that storage is initialized |
|
| 1856 | - $this->initPGTStorage(); |
|
| 1857 | - // writes the PGT |
|
| 1858 | - $this->_pgt_storage->write($pgt,$pgt_iou); |
|
| 1859 | - } |
|
| 1860 | - |
|
| 1861 | - /** |
|
| 1862 | - * This method reads a PGT from its Iou and deletes the corresponding storage entry. |
|
| 1863 | - * |
|
| 1864 | - * @param $pgt_iou the PGT Iou |
|
| 1865 | - * |
|
| 1866 | - * @return The PGT corresponding to the Iou, FALSE when not found. |
|
| 1867 | - * |
|
| 1868 | - * @private |
|
| 1869 | - */ |
|
| 1870 | - function loadPGT($pgt_iou) |
|
| 1871 | - { |
|
| 1872 | - // ensure that storage is initialized |
|
| 1873 | - $this->initPGTStorage(); |
|
| 1874 | - // read the PGT |
|
| 1875 | - return $this->_pgt_storage->read($pgt_iou); |
|
| 1876 | - } |
|
| 1877 | - |
|
| 1878 | - /** |
|
| 1879 | - * This method is used to tell phpCAS to store the response of the |
|
| 1880 | - * CAS server to PGT requests onto the filesystem. |
|
| 1881 | - * |
|
| 1882 | - * @param $format the format used to store the PGT's (`plain' and `xml' allowed) |
|
| 1883 | - * @param $path the path where the PGT's should be stored |
|
| 1884 | - * |
|
| 1885 | - * @public |
|
| 1886 | - */ |
|
| 1887 | - function setPGTStorageFile($format='', |
|
| 1888 | - $path='') |
|
| 1889 | - { |
|
| 1890 | - // check that the storage has not already been set |
|
| 1891 | - if ( is_object($this->_pgt_storage) ) { |
|
| 1892 | - phpCAS::error('PGT storage already defined'); |
|
| 1893 | - } |
|
| 1894 | - |
|
| 1895 | - // create the storage object |
|
| 1896 | - $this->_pgt_storage = new PGTStorageFile($this,$format,$path); |
|
| 1897 | - } |
|
| 1898 | - |
|
| 1899 | - /** |
|
| 1900 | - * This method is used to tell phpCAS to store the response of the |
|
| 1901 | - * CAS server to PGT requests into a database. |
|
| 1902 | - * @note The connection to the database is done only when needed. |
|
| 1903 | - * As a consequence, bad parameters are detected only when |
|
| 1904 | - * initializing PGT storage. |
|
| 1905 | - * |
|
| 1906 | - * @param $user the user to access the data with |
|
| 1907 | - * @param $password the user's password |
|
| 1908 | - * @param $database_type the type of the database hosting the data |
|
| 1909 | - * @param $hostname the server hosting the database |
|
| 1910 | - * @param $port the port the server is listening on |
|
| 1911 | - * @param $database the name of the database |
|
| 1912 | - * @param $table the name of the table storing the data |
|
| 1913 | - * |
|
| 1914 | - * @public |
|
| 1915 | - */ |
|
| 1916 | - function setPGTStorageDB($user, |
|
| 1917 | - $password, |
|
| 1918 | - $database_type, |
|
| 1919 | - $hostname, |
|
| 1920 | - $port, |
|
| 1921 | - $database, |
|
| 1922 | - $table) |
|
| 1923 | - { |
|
| 1924 | - // check that the storage has not already been set |
|
| 1925 | - if ( is_object($this->_pgt_storage) ) { |
|
| 1926 | - phpCAS::error('PGT storage already defined'); |
|
| 1927 | - } |
|
| 1928 | - |
|
| 1929 | - // warn the user that he should use file storage... |
|
| 1930 | - trigger_error('PGT storage into database is an experimental feature, use at your own risk',E_USER_WARNING); |
|
| 1931 | - |
|
| 1932 | - // create the storage object |
|
| 1933 | - $this->_pgt_storage = new PGTStorageDB($this,$user,$password,$database_type,$hostname,$port,$database,$table); |
|
| 1934 | - } |
|
| 1935 | - |
|
| 1936 | - // ######################################################################## |
|
| 1937 | - // PGT VALIDATION |
|
| 1938 | - // ######################################################################## |
|
| 1939 | - /** |
|
| 1940 | - * This method is used to validate a PGT; halt on failure. |
|
| 1941 | - * |
|
| 1942 | - * @param $validate_url the URL of the request to the CAS server. |
|
| 1943 | - * @param $text_response the response of the CAS server, as is (XML text); result |
|
| 1944 | - * of CASClient::validateST() or CASClient::validatePT(). |
|
| 1945 | - * @param $tree_response the response of the CAS server, as a DOM XML tree; result |
|
| 1946 | - * of CASClient::validateST() or CASClient::validatePT(). |
|
| 1947 | - * |
|
| 1948 | - * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). |
|
| 1949 | - * |
|
| 1950 | - * @private |
|
| 1951 | - */ |
|
| 1952 | - function validatePGT(&$validate_url,$text_response,$tree_response) |
|
| 1953 | - { |
|
| 1954 | - // here cannot use phpCAS::traceBegin(); alongside domxml-php4-to-php5.php |
|
| 1955 | - phpCAS::log('start validatePGT()'); |
|
| 1956 | - if ( sizeof($arr = $tree_response->get_elements_by_tagname("proxyGrantingTicket")) == 0) { |
|
| 1957 | - phpCAS::trace('<proxyGrantingTicket> not found'); |
|
| 1958 | - // authentication succeded, but no PGT Iou was transmitted |
|
| 1959 | - $this->authError('Ticket validated but no PGT Iou transmitted', |
|
| 1960 | - $validate_url, |
|
| 1961 | - FALSE/*$no_response*/, |
|
| 1962 | - FALSE/*$bad_response*/, |
|
| 1963 | - $text_response); |
|
| 1964 | - } else { |
|
| 1965 | - // PGT Iou transmitted, extract it |
|
| 1966 | - $pgt_iou = trim($arr[0]->get_content()); |
|
| 1967 | - $pgt = $this->loadPGT($pgt_iou); |
|
| 1968 | - if ( $pgt == FALSE ) { |
|
| 1969 | - phpCAS::trace('could not load PGT'); |
|
| 1970 | - $this->authError('PGT Iou was transmitted but PGT could not be retrieved', |
|
| 1971 | - $validate_url, |
|
| 1972 | - FALSE/*$no_response*/, |
|
| 1973 | - FALSE/*$bad_response*/, |
|
| 1974 | - $text_response); |
|
| 1975 | - } |
|
| 1976 | - $this->setPGT($pgt); |
|
| 1977 | - } |
|
| 1978 | - // here, cannot use phpCAS::traceEnd(TRUE); alongside domxml-php4-to-php5.php |
|
| 1979 | - phpCAS::log('end validatePGT()'); |
|
| 1980 | - return TRUE; |
|
| 1981 | - } |
|
| 1982 | - |
|
| 1983 | - // ######################################################################## |
|
| 1984 | - // PGT VALIDATION |
|
| 1985 | - // ######################################################################## |
|
| 1986 | - |
|
| 1987 | - /** |
|
| 1988 | - * This method is used to retrieve PT's from the CAS server thanks to a PGT. |
|
| 1989 | - * |
|
| 1990 | - * @param $target_service the service to ask for with the PT. |
|
| 1991 | - * @param $err_code an error code (PHPCAS_SERVICE_OK on success). |
|
| 1992 | - * @param $err_msg an error message (empty on success). |
|
| 1993 | - * |
|
| 1994 | - * @return a Proxy Ticket, or FALSE on error. |
|
| 1995 | - * |
|
| 1996 | - * @private |
|
| 1997 | - */ |
|
| 1998 | - function retrievePT($target_service,&$err_code,&$err_msg) |
|
| 1999 | - { |
|
| 2000 | - phpCAS::traceBegin(); |
|
| 2001 | - |
|
| 2002 | - // by default, $err_msg is set empty and $pt to TRUE. On error, $pt is |
|
| 2003 | - // set to false and $err_msg to an error message. At the end, if $pt is FALSE |
|
| 2004 | - // and $error_msg is still empty, it is set to 'invalid response' (the most |
|
| 2005 | - // commonly encountered error). |
|
| 2006 | - $err_msg = ''; |
|
| 2007 | - |
|
| 2008 | - // build the URL to retrieve the PT |
|
| 2009 | - // $cas_url = $this->getServerProxyURL().'?targetService='.preg_replace('/&/','%26',$target_service).'&pgt='.$this->getPGT(); |
|
| 2010 | - $cas_url = $this->getServerProxyURL().'?targetService='.urlencode($target_service).'&pgt='.$this->getPGT(); |
|
| 2011 | - |
|
| 2012 | - // open and read the URL |
|
| 2013 | - if ( !$this->readURL($cas_url,''/*cookies*/,$headers,$cas_response,$err_msg) ) { |
|
| 2014 | - phpCAS::trace('could not open URL \''.$cas_url.'\' to validate ('.$err_msg.')'); |
|
| 2015 | - $err_code = PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE; |
|
| 2016 | - $err_msg = 'could not retrieve PT (no response from the CAS server)'; |
|
| 2017 | - phpCAS::traceEnd(FALSE); |
|
| 2018 | - return FALSE; |
|
| 2019 | - } |
|
| 2020 | - |
|
| 2021 | - $bad_response = FALSE; |
|
| 2022 | - |
|
| 2023 | - if ( !$bad_response ) { |
|
| 2024 | - // read the response of the CAS server into a DOM object |
|
| 2025 | - if ( !($dom = @domxml_open_mem($cas_response))) { |
|
| 2026 | - phpCAS::trace('domxml_open_mem() failed'); |
|
| 2027 | - // read failed |
|
| 2028 | - $bad_response = TRUE; |
|
| 2029 | - } |
|
| 2030 | - } |
|
| 2031 | - |
|
| 2032 | - if ( !$bad_response ) { |
|
| 2033 | - // read the root node of the XML tree |
|
| 2034 | - if ( !($root = $dom->document_element()) ) { |
|
| 2035 | - phpCAS::trace('document_element() failed'); |
|
| 2036 | - // read failed |
|
| 2037 | - $bad_response = TRUE; |
|
| 2038 | - } |
|
| 2039 | - } |
|
| 2040 | - |
|
| 2041 | - if ( !$bad_response ) { |
|
| 2042 | - // insure that tag name is 'serviceResponse' |
|
| 2043 | - if ( $root->node_name() != 'serviceResponse' ) { |
|
| 2044 | - phpCAS::trace('node_name() failed'); |
|
| 2045 | - // bad root node |
|
| 2046 | - $bad_response = TRUE; |
|
| 2047 | - } |
|
| 2048 | - } |
|
| 2049 | - |
|
| 2050 | - if ( !$bad_response ) { |
|
| 2051 | - // look for a proxySuccess tag |
|
| 2052 | - if ( sizeof($arr = $root->get_elements_by_tagname("proxySuccess")) != 0) { |
|
| 2053 | - // authentication succeded, look for a proxyTicket tag |
|
| 2054 | - if ( sizeof($arr = $root->get_elements_by_tagname("proxyTicket")) != 0) { |
|
| 2055 | - $err_code = PHPCAS_SERVICE_OK; |
|
| 2056 | - $err_msg = ''; |
|
| 2057 | - phpCAS::trace('original PT: '.trim($arr[0]->get_content())); |
|
| 2058 | - $pt = trim($arr[0]->get_content()); |
|
| 2059 | - phpCAS::traceEnd($pt); |
|
| 2060 | - return $pt; |
|
| 2061 | - } else { |
|
| 2062 | - phpCAS::trace('<proxySuccess> was found, but not <proxyTicket>'); |
|
| 2063 | - } |
|
| 2064 | - } |
|
| 2065 | - // look for a proxyFailure tag |
|
| 2066 | - else if ( sizeof($arr = $root->get_elements_by_tagname("proxyFailure")) != 0) { |
|
| 2067 | - // authentication failed, extract the error |
|
| 2068 | - $err_code = PHPCAS_SERVICE_PT_FAILURE; |
|
| 2069 | - $err_msg = 'PT retrieving failed (code=`' |
|
| 2070 | - .$arr[0]->get_attribute('code') |
|
| 2071 | - .'\', message=`' |
|
| 2072 | - .trim($arr[0]->get_content()) |
|
| 2073 | - .'\')'; |
|
| 2074 | - phpCAS::traceEnd(FALSE); |
|
| 2075 | - return FALSE; |
|
| 2076 | - } else { |
|
| 2077 | - phpCAS::trace('neither <proxySuccess> nor <proxyFailure> found'); |
|
| 2078 | - } |
|
| 2079 | - } |
|
| 2080 | - |
|
| 2081 | - // at this step, we are sure that the response of the CAS server was ill-formed |
|
| 2082 | - $err_code = PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE; |
|
| 2083 | - $err_msg = 'Invalid response from the CAS server (response=`'.$cas_response.'\')'; |
|
| 2084 | - |
|
| 2085 | - phpCAS::traceEnd(FALSE); |
|
| 2086 | - return FALSE; |
|
| 2087 | - } |
|
| 2088 | - |
|
| 2089 | - // ######################################################################## |
|
| 2090 | - // ACCESS TO EXTERNAL SERVICES |
|
| 2091 | - // ######################################################################## |
|
| 2092 | - |
|
| 2093 | - /** |
|
| 2094 | - * This method is used to acces a remote URL. |
|
| 2095 | - * |
|
| 2096 | - * @param $url the URL to access. |
|
| 2097 | - * @param $cookies an array containing cookies strings such as 'name=val' |
|
| 2098 | - * @param $headers an array containing the HTTP header lines of the response |
|
| 2099 | - * (an empty array on failure). |
|
| 2100 | - * @param $body the body of the response, as a string (empty on failure). |
|
| 2101 | - * @param $err_msg an error message, filled on failure. |
|
| 2102 | - * |
|
| 2103 | - * @return TRUE on success, FALSE otherwise (in this later case, $err_msg |
|
| 2104 | - * contains an error message). |
|
| 2105 | - * |
|
| 2106 | - * @private |
|
| 2107 | - */ |
|
| 2108 | - function readURL($url,$cookies,&$headers,&$body,&$err_msg) |
|
| 2109 | - { |
|
| 2110 | - phpCAS::traceBegin(); |
|
| 2111 | - $headers = ''; |
|
| 2112 | - $body = ''; |
|
| 2113 | - $err_msg = ''; |
|
| 2114 | - |
|
| 2115 | - $res = TRUE; |
|
| 2116 | - |
|
| 2117 | - // initialize the CURL session |
|
| 2118 | - $ch = curl_init($url); |
|
| 2119 | - |
|
| 2120 | - if (version_compare(PHP_VERSION,'5.1.3','>=')) { |
|
| 2121 | - //only avaible in php5 |
|
| 2122 | - curl_setopt_array($ch, $this->_curl_options); |
|
| 2123 | - } else { |
|
| 2124 | - foreach ($this->_curl_options as $key => $value) { |
|
| 2125 | - curl_setopt($ch, $key, $value); |
|
| 2126 | - } |
|
| 2127 | - } |
|
| 2128 | - |
|
| 2129 | - if ($this->_cas_server_cert == '' && $this->_cas_server_ca_cert == '' && !$this->_no_cas_server_validation) { |
|
| 2130 | - phpCAS::error('one of the methods phpCAS::setCasServerCert(), phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.'); |
|
| 2131 | - } |
|
| 2132 | - if ($this->_cas_server_cert != '' && $this->_cas_server_ca_cert != '') { |
|
| 2133 | - // This branch added by IDMS. Seems phpCAS implementor got a bit confused about the curl options CURLOPT_SSLCERT and CURLOPT_CAINFO |
|
| 2134 | - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); |
|
| 2135 | - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); |
|
| 2136 | - curl_setopt($ch, CURLOPT_SSLCERT, $this->_cas_server_cert); |
|
| 2137 | - curl_setopt($ch, CURLOPT_CAINFO, $this->_cas_server_ca_cert); |
|
| 2138 | - curl_setopt($ch, CURLOPT_VERBOSE, '1'); |
|
| 2139 | - phpCAS::trace('CURL: Set all required opts for mutual authentication ------'); |
|
| 2140 | - } else if ($this->_cas_server_cert != '' ) { |
|
| 2141 | - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); |
|
| 2142 | - curl_setopt($ch, CURLOPT_SSLCERT, $this->_cas_server_cert); |
|
| 2143 | - } else if ($this->_cas_server_ca_cert != '') { |
|
| 2144 | - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); |
|
| 2145 | - curl_setopt($ch, CURLOPT_CAINFO, $this->_cas_server_ca_cert); |
|
| 2146 | - } else { |
|
| 2147 | - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); |
|
| 2148 | - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); |
|
| 2149 | - } |
|
| 2150 | - |
|
| 2151 | - // return the CURL output into a variable |
|
| 2152 | - curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); |
|
| 2153 | - // get the HTTP header with a callback |
|
| 2154 | - $this->_curl_headers = array(); // empty the headers array |
|
| 2155 | - curl_setopt($ch, CURLOPT_HEADERFUNCTION, array($this, '_curl_read_headers')); |
|
| 2156 | - // add cookies headers |
|
| 2157 | - if ( is_array($cookies) ) { |
|
| 2158 | - curl_setopt($ch,CURLOPT_COOKIE,implode(';',$cookies)); |
|
| 2159 | - } |
|
| 2160 | - // add extra stuff if SAML |
|
| 2161 | - if ($this->hasSA()) { |
|
| 2162 | - $more_headers = array ("soapaction: http://www.oasis-open.org/committees/security", |
|
| 2163 | - "cache-control: no-cache", |
|
| 2164 | - "pragma: no-cache", |
|
| 2165 | - "accept: text/xml", |
|
| 2166 | - "connection: keep-alive", |
|
| 2167 | - "content-type: text/xml"); |
|
| 1754 | + if (empty($_SERVER['SERVER_NAME'])) { |
|
| 1755 | + $final_uri .= $_SERVER['HTTP_HOST']; |
|
| 1756 | + } else { |
|
| 1757 | + $final_uri .= $_SERVER['SERVER_NAME']; |
|
| 1758 | + } |
|
| 1759 | + } else { |
|
| 1760 | + $final_uri .= $_SERVER['HTTP_X_FORWARDED_SERVER']; |
|
| 1761 | + } |
|
| 1762 | + if ( ($this->isHttps() && $_SERVER['SERVER_PORT']!=443) |
|
| 1763 | + || (!$this->isHttps() && $_SERVER['SERVER_PORT']!=80) ) { |
|
| 1764 | + $final_uri .= ':'; |
|
| 1765 | + $final_uri .= $_SERVER['SERVER_PORT']; |
|
| 1766 | + } |
|
| 1767 | + $request_uri = $_SERVER['REQUEST_URI']; |
|
| 1768 | + $request_uri = preg_replace('/\?.*$/','',$request_uri); |
|
| 1769 | + $final_uri .= $request_uri; |
|
| 1770 | + $this->setCallbackURL($final_uri); |
|
| 1771 | + } |
|
| 1772 | + return $this->_callback_url; |
|
| 1773 | + } |
|
| 1774 | + |
|
| 1775 | + /** |
|
| 1776 | + * This method sets the callback url. |
|
| 1777 | + * |
|
| 1778 | + * @param $callback_url url to set callback |
|
| 1779 | + * |
|
| 1780 | + * @private |
|
| 1781 | + */ |
|
| 1782 | + function setCallbackURL($url) |
|
| 1783 | + { |
|
| 1784 | + return $this->_callback_url = $url; |
|
| 1785 | + } |
|
| 1786 | + |
|
| 1787 | + /** |
|
| 1788 | + * This method is called by CASClient::CASClient() when running in callback |
|
| 1789 | + * mode. It stores the PGT and its PGT Iou, prints its output and halts. |
|
| 1790 | + * |
|
| 1791 | + * @private |
|
| 1792 | + */ |
|
| 1793 | + function callback() |
|
| 1794 | + { |
|
| 1795 | + phpCAS::traceBegin(); |
|
| 1796 | + $this->printHTMLHeader('phpCAS callback'); |
|
| 1797 | + $pgt_iou = $_GET['pgtIou']; |
|
| 1798 | + $pgt = $_GET['pgtId']; |
|
| 1799 | + phpCAS::trace('Storing PGT `'.$pgt.'\' (id=`'.$pgt_iou.'\')'); |
|
| 1800 | + echo '<p>Storing PGT `'.$pgt.'\' (id=`'.$pgt_iou.'\').</p>'; |
|
| 1801 | + $this->storePGT($pgt,$pgt_iou); |
|
| 1802 | + $this->printHTMLFooter(); |
|
| 1803 | + phpCAS::traceExit(); |
|
| 1804 | + exit(); |
|
| 1805 | + } |
|
| 1806 | + |
|
| 1807 | + /** @} */ |
|
| 1808 | + |
|
| 1809 | + // ######################################################################## |
|
| 1810 | + // PGT STORAGE |
|
| 1811 | + // ######################################################################## |
|
| 1812 | + /** |
|
| 1813 | + * @addtogroup internalPGTStorage |
|
| 1814 | + * @{ |
|
| 1815 | + */ |
|
| 1816 | + |
|
| 1817 | + /** |
|
| 1818 | + * an instance of a class inheriting of PGTStorage, used to deal with PGT |
|
| 1819 | + * storage. Created by CASClient::setPGTStorageFile() or CASClient::setPGTStorageDB(), used |
|
| 1820 | + * by CASClient::setPGTStorageFile(), CASClient::setPGTStorageDB() and CASClient::initPGTStorage(). |
|
| 1821 | + * |
|
| 1822 | + * @hideinitializer |
|
| 1823 | + * @private |
|
| 1824 | + */ |
|
| 1825 | + var $_pgt_storage = null; |
|
| 1826 | + |
|
| 1827 | + /** |
|
| 1828 | + * This method is used to initialize the storage of PGT's. |
|
| 1829 | + * Halts on error. |
|
| 1830 | + * |
|
| 1831 | + * @private |
|
| 1832 | + */ |
|
| 1833 | + function initPGTStorage() |
|
| 1834 | + { |
|
| 1835 | + // if no SetPGTStorageXxx() has been used, default to file |
|
| 1836 | + if ( !is_object($this->_pgt_storage) ) { |
|
| 1837 | + $this->setPGTStorageFile(); |
|
| 1838 | + } |
|
| 1839 | + |
|
| 1840 | + // initializes the storage |
|
| 1841 | + $this->_pgt_storage->init(); |
|
| 1842 | + } |
|
| 1843 | + |
|
| 1844 | + /** |
|
| 1845 | + * This method stores a PGT. Halts on error. |
|
| 1846 | + * |
|
| 1847 | + * @param $pgt the PGT to store |
|
| 1848 | + * @param $pgt_iou its corresponding Iou |
|
| 1849 | + * |
|
| 1850 | + * @private |
|
| 1851 | + */ |
|
| 1852 | + function storePGT($pgt,$pgt_iou) |
|
| 1853 | + { |
|
| 1854 | + // ensure that storage is initialized |
|
| 1855 | + $this->initPGTStorage(); |
|
| 1856 | + // writes the PGT |
|
| 1857 | + $this->_pgt_storage->write($pgt,$pgt_iou); |
|
| 1858 | + } |
|
| 1859 | + |
|
| 1860 | + /** |
|
| 1861 | + * This method reads a PGT from its Iou and deletes the corresponding storage entry. |
|
| 1862 | + * |
|
| 1863 | + * @param $pgt_iou the PGT Iou |
|
| 1864 | + * |
|
| 1865 | + * @return The PGT corresponding to the Iou, FALSE when not found. |
|
| 1866 | + * |
|
| 1867 | + * @private |
|
| 1868 | + */ |
|
| 1869 | + function loadPGT($pgt_iou) |
|
| 1870 | + { |
|
| 1871 | + // ensure that storage is initialized |
|
| 1872 | + $this->initPGTStorage(); |
|
| 1873 | + // read the PGT |
|
| 1874 | + return $this->_pgt_storage->read($pgt_iou); |
|
| 1875 | + } |
|
| 1876 | + |
|
| 1877 | + /** |
|
| 1878 | + * This method is used to tell phpCAS to store the response of the |
|
| 1879 | + * CAS server to PGT requests onto the filesystem. |
|
| 1880 | + * |
|
| 1881 | + * @param $format the format used to store the PGT's (`plain' and `xml' allowed) |
|
| 1882 | + * @param $path the path where the PGT's should be stored |
|
| 1883 | + * |
|
| 1884 | + * @public |
|
| 1885 | + */ |
|
| 1886 | + function setPGTStorageFile($format='', |
|
| 1887 | + $path='') |
|
| 1888 | + { |
|
| 1889 | + // check that the storage has not already been set |
|
| 1890 | + if ( is_object($this->_pgt_storage) ) { |
|
| 1891 | + phpCAS::error('PGT storage already defined'); |
|
| 1892 | + } |
|
| 1893 | + |
|
| 1894 | + // create the storage object |
|
| 1895 | + $this->_pgt_storage = new PGTStorageFile($this,$format,$path); |
|
| 1896 | + } |
|
| 1897 | + |
|
| 1898 | + /** |
|
| 1899 | + * This method is used to tell phpCAS to store the response of the |
|
| 1900 | + * CAS server to PGT requests into a database. |
|
| 1901 | + * @note The connection to the database is done only when needed. |
|
| 1902 | + * As a consequence, bad parameters are detected only when |
|
| 1903 | + * initializing PGT storage. |
|
| 1904 | + * |
|
| 1905 | + * @param $user the user to access the data with |
|
| 1906 | + * @param $password the user's password |
|
| 1907 | + * @param $database_type the type of the database hosting the data |
|
| 1908 | + * @param $hostname the server hosting the database |
|
| 1909 | + * @param $port the port the server is listening on |
|
| 1910 | + * @param $database the name of the database |
|
| 1911 | + * @param $table the name of the table storing the data |
|
| 1912 | + * |
|
| 1913 | + * @public |
|
| 1914 | + */ |
|
| 1915 | + function setPGTStorageDB($user, |
|
| 1916 | + $password, |
|
| 1917 | + $database_type, |
|
| 1918 | + $hostname, |
|
| 1919 | + $port, |
|
| 1920 | + $database, |
|
| 1921 | + $table) |
|
| 1922 | + { |
|
| 1923 | + // check that the storage has not already been set |
|
| 1924 | + if ( is_object($this->_pgt_storage) ) { |
|
| 1925 | + phpCAS::error('PGT storage already defined'); |
|
| 1926 | + } |
|
| 1927 | + |
|
| 1928 | + // warn the user that he should use file storage... |
|
| 1929 | + trigger_error('PGT storage into database is an experimental feature, use at your own risk',E_USER_WARNING); |
|
| 1930 | + |
|
| 1931 | + // create the storage object |
|
| 1932 | + $this->_pgt_storage = new PGTStorageDB($this,$user,$password,$database_type,$hostname,$port,$database,$table); |
|
| 1933 | + } |
|
| 1934 | + |
|
| 1935 | + // ######################################################################## |
|
| 1936 | + // PGT VALIDATION |
|
| 1937 | + // ######################################################################## |
|
| 1938 | + /** |
|
| 1939 | + * This method is used to validate a PGT; halt on failure. |
|
| 1940 | + * |
|
| 1941 | + * @param $validate_url the URL of the request to the CAS server. |
|
| 1942 | + * @param $text_response the response of the CAS server, as is (XML text); result |
|
| 1943 | + * of CASClient::validateST() or CASClient::validatePT(). |
|
| 1944 | + * @param $tree_response the response of the CAS server, as a DOM XML tree; result |
|
| 1945 | + * of CASClient::validateST() or CASClient::validatePT(). |
|
| 1946 | + * |
|
| 1947 | + * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). |
|
| 1948 | + * |
|
| 1949 | + * @private |
|
| 1950 | + */ |
|
| 1951 | + function validatePGT(&$validate_url,$text_response,$tree_response) |
|
| 1952 | + { |
|
| 1953 | + // here cannot use phpCAS::traceBegin(); alongside domxml-php4-to-php5.php |
|
| 1954 | + phpCAS::log('start validatePGT()'); |
|
| 1955 | + if ( sizeof($arr = $tree_response->get_elements_by_tagname("proxyGrantingTicket")) == 0) { |
|
| 1956 | + phpCAS::trace('<proxyGrantingTicket> not found'); |
|
| 1957 | + // authentication succeded, but no PGT Iou was transmitted |
|
| 1958 | + $this->authError('Ticket validated but no PGT Iou transmitted', |
|
| 1959 | + $validate_url, |
|
| 1960 | + FALSE/*$no_response*/, |
|
| 1961 | + FALSE/*$bad_response*/, |
|
| 1962 | + $text_response); |
|
| 1963 | + } else { |
|
| 1964 | + // PGT Iou transmitted, extract it |
|
| 1965 | + $pgt_iou = trim($arr[0]->get_content()); |
|
| 1966 | + $pgt = $this->loadPGT($pgt_iou); |
|
| 1967 | + if ( $pgt == FALSE ) { |
|
| 1968 | + phpCAS::trace('could not load PGT'); |
|
| 1969 | + $this->authError('PGT Iou was transmitted but PGT could not be retrieved', |
|
| 1970 | + $validate_url, |
|
| 1971 | + FALSE/*$no_response*/, |
|
| 1972 | + FALSE/*$bad_response*/, |
|
| 1973 | + $text_response); |
|
| 1974 | + } |
|
| 1975 | + $this->setPGT($pgt); |
|
| 1976 | + } |
|
| 1977 | + // here, cannot use phpCAS::traceEnd(TRUE); alongside domxml-php4-to-php5.php |
|
| 1978 | + phpCAS::log('end validatePGT()'); |
|
| 1979 | + return TRUE; |
|
| 1980 | + } |
|
| 1981 | + |
|
| 1982 | + // ######################################################################## |
|
| 1983 | + // PGT VALIDATION |
|
| 1984 | + // ######################################################################## |
|
| 1985 | + |
|
| 1986 | + /** |
|
| 1987 | + * This method is used to retrieve PT's from the CAS server thanks to a PGT. |
|
| 1988 | + * |
|
| 1989 | + * @param $target_service the service to ask for with the PT. |
|
| 1990 | + * @param $err_code an error code (PHPCAS_SERVICE_OK on success). |
|
| 1991 | + * @param $err_msg an error message (empty on success). |
|
| 1992 | + * |
|
| 1993 | + * @return a Proxy Ticket, or FALSE on error. |
|
| 1994 | + * |
|
| 1995 | + * @private |
|
| 1996 | + */ |
|
| 1997 | + function retrievePT($target_service,&$err_code,&$err_msg) |
|
| 1998 | + { |
|
| 1999 | + phpCAS::traceBegin(); |
|
| 2000 | + |
|
| 2001 | + // by default, $err_msg is set empty and $pt to TRUE. On error, $pt is |
|
| 2002 | + // set to false and $err_msg to an error message. At the end, if $pt is FALSE |
|
| 2003 | + // and $error_msg is still empty, it is set to 'invalid response' (the most |
|
| 2004 | + // commonly encountered error). |
|
| 2005 | + $err_msg = ''; |
|
| 2006 | + |
|
| 2007 | + // build the URL to retrieve the PT |
|
| 2008 | + // $cas_url = $this->getServerProxyURL().'?targetService='.preg_replace('/&/','%26',$target_service).'&pgt='.$this->getPGT(); |
|
| 2009 | + $cas_url = $this->getServerProxyURL().'?targetService='.urlencode($target_service).'&pgt='.$this->getPGT(); |
|
| 2010 | + |
|
| 2011 | + // open and read the URL |
|
| 2012 | + if ( !$this->readURL($cas_url,''/*cookies*/,$headers,$cas_response,$err_msg) ) { |
|
| 2013 | + phpCAS::trace('could not open URL \''.$cas_url.'\' to validate ('.$err_msg.')'); |
|
| 2014 | + $err_code = PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE; |
|
| 2015 | + $err_msg = 'could not retrieve PT (no response from the CAS server)'; |
|
| 2016 | + phpCAS::traceEnd(FALSE); |
|
| 2017 | + return FALSE; |
|
| 2018 | + } |
|
| 2019 | + |
|
| 2020 | + $bad_response = FALSE; |
|
| 2021 | + |
|
| 2022 | + if ( !$bad_response ) { |
|
| 2023 | + // read the response of the CAS server into a DOM object |
|
| 2024 | + if ( !($dom = @domxml_open_mem($cas_response))) { |
|
| 2025 | + phpCAS::trace('domxml_open_mem() failed'); |
|
| 2026 | + // read failed |
|
| 2027 | + $bad_response = TRUE; |
|
| 2028 | + } |
|
| 2029 | + } |
|
| 2030 | + |
|
| 2031 | + if ( !$bad_response ) { |
|
| 2032 | + // read the root node of the XML tree |
|
| 2033 | + if ( !($root = $dom->document_element()) ) { |
|
| 2034 | + phpCAS::trace('document_element() failed'); |
|
| 2035 | + // read failed |
|
| 2036 | + $bad_response = TRUE; |
|
| 2037 | + } |
|
| 2038 | + } |
|
| 2039 | + |
|
| 2040 | + if ( !$bad_response ) { |
|
| 2041 | + // insure that tag name is 'serviceResponse' |
|
| 2042 | + if ( $root->node_name() != 'serviceResponse' ) { |
|
| 2043 | + phpCAS::trace('node_name() failed'); |
|
| 2044 | + // bad root node |
|
| 2045 | + $bad_response = TRUE; |
|
| 2046 | + } |
|
| 2047 | + } |
|
| 2048 | + |
|
| 2049 | + if ( !$bad_response ) { |
|
| 2050 | + // look for a proxySuccess tag |
|
| 2051 | + if ( sizeof($arr = $root->get_elements_by_tagname("proxySuccess")) != 0) { |
|
| 2052 | + // authentication succeded, look for a proxyTicket tag |
|
| 2053 | + if ( sizeof($arr = $root->get_elements_by_tagname("proxyTicket")) != 0) { |
|
| 2054 | + $err_code = PHPCAS_SERVICE_OK; |
|
| 2055 | + $err_msg = ''; |
|
| 2056 | + phpCAS::trace('original PT: '.trim($arr[0]->get_content())); |
|
| 2057 | + $pt = trim($arr[0]->get_content()); |
|
| 2058 | + phpCAS::traceEnd($pt); |
|
| 2059 | + return $pt; |
|
| 2060 | + } else { |
|
| 2061 | + phpCAS::trace('<proxySuccess> was found, but not <proxyTicket>'); |
|
| 2062 | + } |
|
| 2063 | + } |
|
| 2064 | + // look for a proxyFailure tag |
|
| 2065 | + else if ( sizeof($arr = $root->get_elements_by_tagname("proxyFailure")) != 0) { |
|
| 2066 | + // authentication failed, extract the error |
|
| 2067 | + $err_code = PHPCAS_SERVICE_PT_FAILURE; |
|
| 2068 | + $err_msg = 'PT retrieving failed (code=`' |
|
| 2069 | + .$arr[0]->get_attribute('code') |
|
| 2070 | + .'\', message=`' |
|
| 2071 | + .trim($arr[0]->get_content()) |
|
| 2072 | + .'\')'; |
|
| 2073 | + phpCAS::traceEnd(FALSE); |
|
| 2074 | + return FALSE; |
|
| 2075 | + } else { |
|
| 2076 | + phpCAS::trace('neither <proxySuccess> nor <proxyFailure> found'); |
|
| 2077 | + } |
|
| 2078 | + } |
|
| 2079 | + |
|
| 2080 | + // at this step, we are sure that the response of the CAS server was ill-formed |
|
| 2081 | + $err_code = PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE; |
|
| 2082 | + $err_msg = 'Invalid response from the CAS server (response=`'.$cas_response.'\')'; |
|
| 2083 | + |
|
| 2084 | + phpCAS::traceEnd(FALSE); |
|
| 2085 | + return FALSE; |
|
| 2086 | + } |
|
| 2087 | + |
|
| 2088 | + // ######################################################################## |
|
| 2089 | + // ACCESS TO EXTERNAL SERVICES |
|
| 2090 | + // ######################################################################## |
|
| 2091 | + |
|
| 2092 | + /** |
|
| 2093 | + * This method is used to acces a remote URL. |
|
| 2094 | + * |
|
| 2095 | + * @param $url the URL to access. |
|
| 2096 | + * @param $cookies an array containing cookies strings such as 'name=val' |
|
| 2097 | + * @param $headers an array containing the HTTP header lines of the response |
|
| 2098 | + * (an empty array on failure). |
|
| 2099 | + * @param $body the body of the response, as a string (empty on failure). |
|
| 2100 | + * @param $err_msg an error message, filled on failure. |
|
| 2101 | + * |
|
| 2102 | + * @return TRUE on success, FALSE otherwise (in this later case, $err_msg |
|
| 2103 | + * contains an error message). |
|
| 2104 | + * |
|
| 2105 | + * @private |
|
| 2106 | + */ |
|
| 2107 | + function readURL($url,$cookies,&$headers,&$body,&$err_msg) |
|
| 2108 | + { |
|
| 2109 | + phpCAS::traceBegin(); |
|
| 2110 | + $headers = ''; |
|
| 2111 | + $body = ''; |
|
| 2112 | + $err_msg = ''; |
|
| 2113 | + |
|
| 2114 | + $res = TRUE; |
|
| 2115 | + |
|
| 2116 | + // initialize the CURL session |
|
| 2117 | + $ch = curl_init($url); |
|
| 2118 | + |
|
| 2119 | + if (version_compare(PHP_VERSION,'5.1.3','>=')) { |
|
| 2120 | + //only avaible in php5 |
|
| 2121 | + curl_setopt_array($ch, $this->_curl_options); |
|
| 2122 | + } else { |
|
| 2123 | + foreach ($this->_curl_options as $key => $value) { |
|
| 2124 | + curl_setopt($ch, $key, $value); |
|
| 2125 | + } |
|
| 2126 | + } |
|
| 2127 | + |
|
| 2128 | + if ($this->_cas_server_cert == '' && $this->_cas_server_ca_cert == '' && !$this->_no_cas_server_validation) { |
|
| 2129 | + phpCAS::error('one of the methods phpCAS::setCasServerCert(), phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.'); |
|
| 2130 | + } |
|
| 2131 | + if ($this->_cas_server_cert != '' && $this->_cas_server_ca_cert != '') { |
|
| 2132 | + // This branch added by IDMS. Seems phpCAS implementor got a bit confused about the curl options CURLOPT_SSLCERT and CURLOPT_CAINFO |
|
| 2133 | + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); |
|
| 2134 | + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); |
|
| 2135 | + curl_setopt($ch, CURLOPT_SSLCERT, $this->_cas_server_cert); |
|
| 2136 | + curl_setopt($ch, CURLOPT_CAINFO, $this->_cas_server_ca_cert); |
|
| 2137 | + curl_setopt($ch, CURLOPT_VERBOSE, '1'); |
|
| 2138 | + phpCAS::trace('CURL: Set all required opts for mutual authentication ------'); |
|
| 2139 | + } else if ($this->_cas_server_cert != '' ) { |
|
| 2140 | + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); |
|
| 2141 | + curl_setopt($ch, CURLOPT_SSLCERT, $this->_cas_server_cert); |
|
| 2142 | + } else if ($this->_cas_server_ca_cert != '') { |
|
| 2143 | + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); |
|
| 2144 | + curl_setopt($ch, CURLOPT_CAINFO, $this->_cas_server_ca_cert); |
|
| 2145 | + } else { |
|
| 2146 | + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); |
|
| 2147 | + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); |
|
| 2148 | + } |
|
| 2149 | + |
|
| 2150 | + // return the CURL output into a variable |
|
| 2151 | + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); |
|
| 2152 | + // get the HTTP header with a callback |
|
| 2153 | + $this->_curl_headers = array(); // empty the headers array |
|
| 2154 | + curl_setopt($ch, CURLOPT_HEADERFUNCTION, array($this, '_curl_read_headers')); |
|
| 2155 | + // add cookies headers |
|
| 2156 | + if ( is_array($cookies) ) { |
|
| 2157 | + curl_setopt($ch,CURLOPT_COOKIE,implode(';',$cookies)); |
|
| 2158 | + } |
|
| 2159 | + // add extra stuff if SAML |
|
| 2160 | + if ($this->hasSA()) { |
|
| 2161 | + $more_headers = array ("soapaction: http://www.oasis-open.org/committees/security", |
|
| 2162 | + "cache-control: no-cache", |
|
| 2163 | + "pragma: no-cache", |
|
| 2164 | + "accept: text/xml", |
|
| 2165 | + "connection: keep-alive", |
|
| 2166 | + "content-type: text/xml"); |
|
| 2168 | 2167 | |
| 2169 | - curl_setopt($ch, CURLOPT_HTTPHEADER, $more_headers); |
|
| 2170 | - curl_setopt($ch, CURLOPT_POST, 1); |
|
| 2171 | - $data = $this->buildSAMLPayload(); |
|
| 2172 | - //phpCAS::trace('SAML Payload: '.print_r($data, TRUE)); |
|
| 2173 | - curl_setopt($ch, CURLOPT_POSTFIELDS, $data); |
|
| 2174 | - } |
|
| 2175 | - // perform the query |
|
| 2176 | - $buf = curl_exec ($ch); |
|
| 2177 | - //phpCAS::trace('CURL: Call completed. Response body is: \''.$buf.'\''); |
|
| 2178 | - if ( $buf === FALSE ) { |
|
| 2179 | - phpCAS::trace('curl_exec() failed'); |
|
| 2180 | - $err_msg = 'CURL error #'.curl_errno($ch).': '.curl_error($ch); |
|
| 2181 | - //phpCAS::trace('curl error: '.$err_msg); |
|
| 2182 | - // close the CURL session |
|
| 2183 | - curl_close ($ch); |
|
| 2184 | - $res = FALSE; |
|
| 2185 | - } else { |
|
| 2186 | - // close the CURL session |
|
| 2187 | - curl_close ($ch); |
|
| 2168 | + curl_setopt($ch, CURLOPT_HTTPHEADER, $more_headers); |
|
| 2169 | + curl_setopt($ch, CURLOPT_POST, 1); |
|
| 2170 | + $data = $this->buildSAMLPayload(); |
|
| 2171 | + //phpCAS::trace('SAML Payload: '.print_r($data, TRUE)); |
|
| 2172 | + curl_setopt($ch, CURLOPT_POSTFIELDS, $data); |
|
| 2173 | + } |
|
| 2174 | + // perform the query |
|
| 2175 | + $buf = curl_exec ($ch); |
|
| 2176 | + //phpCAS::trace('CURL: Call completed. Response body is: \''.$buf.'\''); |
|
| 2177 | + if ( $buf === FALSE ) { |
|
| 2178 | + phpCAS::trace('curl_exec() failed'); |
|
| 2179 | + $err_msg = 'CURL error #'.curl_errno($ch).': '.curl_error($ch); |
|
| 2180 | + //phpCAS::trace('curl error: '.$err_msg); |
|
| 2181 | + // close the CURL session |
|
| 2182 | + curl_close ($ch); |
|
| 2183 | + $res = FALSE; |
|
| 2184 | + } else { |
|
| 2185 | + // close the CURL session |
|
| 2186 | + curl_close ($ch); |
|
| 2188 | 2187 | |
| 2189 | - $headers = $this->_curl_headers; |
|
| 2190 | - $body = $buf; |
|
| 2191 | - } |
|
| 2192 | - |
|
| 2193 | - phpCAS::traceEnd($res); |
|
| 2194 | - return $res; |
|
| 2195 | - } |
|
| 2196 | - |
|
| 2197 | - /** |
|
| 2198 | - * This method is used to build the SAML POST body sent to /samlValidate URL. |
|
| 2199 | - * |
|
| 2200 | - * @return the SOAP-encased SAMLP artifact (the ticket). |
|
| 2201 | - * |
|
| 2202 | - * @private |
|
| 2203 | - */ |
|
| 2204 | - function buildSAMLPayload() |
|
| 2205 | - { |
|
| 2206 | - phpCAS::traceBegin(); |
|
| 2207 | - |
|
| 2208 | - //get the ticket |
|
| 2209 | - $sa = $this->getSA(); |
|
| 2210 | - //phpCAS::trace("SA: ".$sa); |
|
| 2211 | - |
|
| 2212 | - $body=SAML_SOAP_ENV.SAML_SOAP_BODY.SAMLP_REQUEST.SAML_ASSERTION_ARTIFACT.$sa.SAML_ASSERTION_ARTIFACT_CLOSE.SAMLP_REQUEST_CLOSE.SAML_SOAP_BODY_CLOSE.SAML_SOAP_ENV_CLOSE; |
|
| 2213 | - |
|
| 2214 | - phpCAS::traceEnd($body); |
|
| 2215 | - return ($body); |
|
| 2216 | - } |
|
| 2217 | - |
|
| 2218 | - /** |
|
| 2219 | - * This method is the callback used by readURL method to request HTTP headers. |
|
| 2220 | - */ |
|
| 2221 | - var $_curl_headers = array(); |
|
| 2222 | - function _curl_read_headers($ch, $header) |
|
| 2223 | - { |
|
| 2224 | - $this->_curl_headers[] = $header; |
|
| 2225 | - return strlen($header); |
|
| 2226 | - } |
|
| 2227 | - |
|
| 2228 | - /** |
|
| 2229 | - * This method is used to access an HTTP[S] service. |
|
| 2230 | - * |
|
| 2231 | - * @param $url the service to access. |
|
| 2232 | - * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on |
|
| 2233 | - * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, |
|
| 2234 | - * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE. |
|
| 2235 | - * @param $output the output of the service (also used to give an error |
|
| 2236 | - * message on failure). |
|
| 2237 | - * |
|
| 2238 | - * @return TRUE on success, FALSE otherwise (in this later case, $err_code |
|
| 2239 | - * gives the reason why it failed and $output contains an error message). |
|
| 2240 | - * |
|
| 2241 | - * @public |
|
| 2242 | - */ |
|
| 2243 | - function serviceWeb($url,&$err_code,&$output) |
|
| 2244 | - { |
|
| 2245 | - phpCAS::traceBegin(); |
|
| 2246 | - // at first retrieve a PT |
|
| 2247 | - $pt = $this->retrievePT($url,$err_code,$output); |
|
| 2248 | - |
|
| 2249 | - $res = TRUE; |
|
| 2250 | - |
|
| 2251 | - // test if PT was retrieved correctly |
|
| 2252 | - if ( !$pt ) { |
|
| 2253 | - // note: $err_code and $err_msg are filled by CASClient::retrievePT() |
|
| 2254 | - phpCAS::trace('PT was not retrieved correctly'); |
|
| 2255 | - $res = FALSE; |
|
| 2256 | - } else { |
|
| 2257 | - // add cookies if necessary |
|
| 2258 | - if ( is_array($_SESSION['phpCAS']['services'][$url]['cookies']) ) { |
|
| 2259 | - foreach ( $_SESSION['phpCAS']['services'][$url]['cookies'] as $name => $val ) { |
|
| 2260 | - $cookies[] = $name.'='.$val; |
|
| 2261 | - } |
|
| 2262 | - } |
|
| 2188 | + $headers = $this->_curl_headers; |
|
| 2189 | + $body = $buf; |
|
| 2190 | + } |
|
| 2191 | + |
|
| 2192 | + phpCAS::traceEnd($res); |
|
| 2193 | + return $res; |
|
| 2194 | + } |
|
| 2195 | + |
|
| 2196 | + /** |
|
| 2197 | + * This method is used to build the SAML POST body sent to /samlValidate URL. |
|
| 2198 | + * |
|
| 2199 | + * @return the SOAP-encased SAMLP artifact (the ticket). |
|
| 2200 | + * |
|
| 2201 | + * @private |
|
| 2202 | + */ |
|
| 2203 | + function buildSAMLPayload() |
|
| 2204 | + { |
|
| 2205 | + phpCAS::traceBegin(); |
|
| 2206 | + |
|
| 2207 | + //get the ticket |
|
| 2208 | + $sa = $this->getSA(); |
|
| 2209 | + //phpCAS::trace("SA: ".$sa); |
|
| 2210 | + |
|
| 2211 | + $body=SAML_SOAP_ENV.SAML_SOAP_BODY.SAMLP_REQUEST.SAML_ASSERTION_ARTIFACT.$sa.SAML_ASSERTION_ARTIFACT_CLOSE.SAMLP_REQUEST_CLOSE.SAML_SOAP_BODY_CLOSE.SAML_SOAP_ENV_CLOSE; |
|
| 2212 | + |
|
| 2213 | + phpCAS::traceEnd($body); |
|
| 2214 | + return ($body); |
|
| 2215 | + } |
|
| 2216 | + |
|
| 2217 | + /** |
|
| 2218 | + * This method is the callback used by readURL method to request HTTP headers. |
|
| 2219 | + */ |
|
| 2220 | + var $_curl_headers = array(); |
|
| 2221 | + function _curl_read_headers($ch, $header) |
|
| 2222 | + { |
|
| 2223 | + $this->_curl_headers[] = $header; |
|
| 2224 | + return strlen($header); |
|
| 2225 | + } |
|
| 2226 | + |
|
| 2227 | + /** |
|
| 2228 | + * This method is used to access an HTTP[S] service. |
|
| 2229 | + * |
|
| 2230 | + * @param $url the service to access. |
|
| 2231 | + * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on |
|
| 2232 | + * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, |
|
| 2233 | + * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE. |
|
| 2234 | + * @param $output the output of the service (also used to give an error |
|
| 2235 | + * message on failure). |
|
| 2236 | + * |
|
| 2237 | + * @return TRUE on success, FALSE otherwise (in this later case, $err_code |
|
| 2238 | + * gives the reason why it failed and $output contains an error message). |
|
| 2239 | + * |
|
| 2240 | + * @public |
|
| 2241 | + */ |
|
| 2242 | + function serviceWeb($url,&$err_code,&$output) |
|
| 2243 | + { |
|
| 2244 | + phpCAS::traceBegin(); |
|
| 2245 | + // at first retrieve a PT |
|
| 2246 | + $pt = $this->retrievePT($url,$err_code,$output); |
|
| 2247 | + |
|
| 2248 | + $res = TRUE; |
|
| 2249 | + |
|
| 2250 | + // test if PT was retrieved correctly |
|
| 2251 | + if ( !$pt ) { |
|
| 2252 | + // note: $err_code and $err_msg are filled by CASClient::retrievePT() |
|
| 2253 | + phpCAS::trace('PT was not retrieved correctly'); |
|
| 2254 | + $res = FALSE; |
|
| 2255 | + } else { |
|
| 2256 | + // add cookies if necessary |
|
| 2257 | + if ( is_array($_SESSION['phpCAS']['services'][$url]['cookies']) ) { |
|
| 2258 | + foreach ( $_SESSION['phpCAS']['services'][$url]['cookies'] as $name => $val ) { |
|
| 2259 | + $cookies[] = $name.'='.$val; |
|
| 2260 | + } |
|
| 2261 | + } |
|
| 2263 | 2262 | |
| 2264 | - // build the URL including the PT |
|
| 2265 | - if ( strstr($url,'?') === FALSE ) { |
|
| 2266 | - $service_url = $url.'?ticket='.$pt; |
|
| 2267 | - } else { |
|
| 2268 | - $service_url = $url.'&ticket='.$pt; |
|
| 2269 | - } |
|
| 2263 | + // build the URL including the PT |
|
| 2264 | + if ( strstr($url,'?') === FALSE ) { |
|
| 2265 | + $service_url = $url.'?ticket='.$pt; |
|
| 2266 | + } else { |
|
| 2267 | + $service_url = $url.'&ticket='.$pt; |
|
| 2268 | + } |
|
| 2270 | 2269 | |
| 2271 | - phpCAS::trace('reading URL`'.$service_url.'\''); |
|
| 2272 | - if ( !$this->readURL($service_url,$cookies,$headers,$output,$err_msg) ) { |
|
| 2273 | - phpCAS::trace('could not read URL`'.$service_url.'\''); |
|
| 2274 | - $err_code = PHPCAS_SERVICE_NOT_AVAILABLE; |
|
| 2275 | - // give an error message |
|
| 2276 | - $output = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE), |
|
| 2277 | - $service_url, |
|
| 2278 | - $err_msg); |
|
| 2279 | - $res = FALSE; |
|
| 2280 | - } else { |
|
| 2281 | - // URL has been fetched, extract the cookies |
|
| 2282 | - phpCAS::trace('URL`'.$service_url.'\' has been read, storing cookies:'); |
|
| 2283 | - foreach ( $headers as $header ) { |
|
| 2284 | - // test if the header is a cookie |
|
| 2285 | - if ( preg_match('/^Set-Cookie:/',$header) ) { |
|
| 2286 | - // the header is a cookie, remove the beginning |
|
| 2287 | - $header_val = preg_replace('/^Set-Cookie: */','',$header); |
|
| 2288 | - // extract interesting information |
|
| 2289 | - $name_val = strtok($header_val,'; '); |
|
| 2290 | - // extract the name and the value of the cookie |
|
| 2291 | - $cookie_name = strtok($name_val,'='); |
|
| 2292 | - $cookie_val = strtok('='); |
|
| 2293 | - // store the cookie |
|
| 2294 | - $_SESSION['phpCAS']['services'][$url]['cookies'][$cookie_name] = $cookie_val; |
|
| 2295 | - phpCAS::trace($cookie_name.' -> '.$cookie_val); |
|
| 2296 | - } |
|
| 2297 | - } |
|
| 2298 | - } |
|
| 2299 | - } |
|
| 2300 | - |
|
| 2301 | - phpCAS::traceEnd($res); |
|
| 2302 | - return $res; |
|
| 2303 | - } |
|
| 2304 | - |
|
| 2305 | - /** |
|
| 2306 | - * This method is used to access an IMAP/POP3/NNTP service. |
|
| 2307 | - * |
|
| 2308 | - * @param $url a string giving the URL of the service, including the mailing box |
|
| 2309 | - * for IMAP URLs, as accepted by imap_open(). |
|
| 2310 | - * @param $service a string giving for CAS retrieve Proxy ticket |
|
| 2311 | - * @param $flags options given to imap_open(). |
|
| 2312 | - * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on |
|
| 2313 | - * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, |
|
| 2314 | - * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE. |
|
| 2315 | - * @param $err_msg an error message on failure |
|
| 2316 | - * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL |
|
| 2317 | - * on success, FALSE on error). |
|
| 2318 | - * |
|
| 2319 | - * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code |
|
| 2320 | - * gives the reason why it failed and $err_msg contains an error message). |
|
| 2321 | - * |
|
| 2322 | - * @public |
|
| 2323 | - */ |
|
| 2324 | - function serviceMail($url,$service,$flags,&$err_code,&$err_msg,&$pt) |
|
| 2325 | - { |
|
| 2326 | - phpCAS::traceBegin(); |
|
| 2327 | - // at first retrieve a PT |
|
| 2328 | - $pt = $this->retrievePT($service,$err_code,$output); |
|
| 2329 | - |
|
| 2330 | - $stream = FALSE; |
|
| 2331 | - |
|
| 2332 | - // test if PT was retrieved correctly |
|
| 2333 | - if ( !$pt ) { |
|
| 2334 | - // note: $err_code and $err_msg are filled by CASClient::retrievePT() |
|
| 2335 | - phpCAS::trace('PT was not retrieved correctly'); |
|
| 2336 | - } else { |
|
| 2337 | - phpCAS::trace('opening IMAP URL `'.$url.'\'...'); |
|
| 2338 | - $stream = @imap_open($url,$this->getUser(),$pt,$flags); |
|
| 2339 | - if ( !$stream ) { |
|
| 2340 | - phpCAS::trace('could not open URL'); |
|
| 2341 | - $err_code = PHPCAS_SERVICE_NOT_AVAILABLE; |
|
| 2342 | - // give an error message |
|
| 2343 | - $err_msg = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE), |
|
| 2344 | - $service_url, |
|
| 2345 | - var_export(imap_errors(),TRUE)); |
|
| 2346 | - $pt = FALSE; |
|
| 2347 | - $stream = FALSE; |
|
| 2348 | - } else { |
|
| 2349 | - phpCAS::trace('ok'); |
|
| 2350 | - } |
|
| 2351 | - } |
|
| 2352 | - |
|
| 2353 | - phpCAS::traceEnd($stream); |
|
| 2354 | - return $stream; |
|
| 2355 | - } |
|
| 2356 | - |
|
| 2357 | - /** @} */ |
|
| 2358 | - |
|
| 2359 | - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 2360 | - // XX XX |
|
| 2361 | - // XX PROXIED CLIENT FEATURES (CAS 2.0) XX |
|
| 2362 | - // XX XX |
|
| 2363 | - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 2364 | - |
|
| 2365 | - // ######################################################################## |
|
| 2366 | - // PT |
|
| 2367 | - // ######################################################################## |
|
| 2368 | - /** |
|
| 2369 | - * @addtogroup internalProxied |
|
| 2370 | - * @{ |
|
| 2371 | - */ |
|
| 2372 | - |
|
| 2373 | - /** |
|
| 2374 | - * the Proxy Ticket provided in the URL of the request if present |
|
| 2375 | - * (empty otherwise). Written by CASClient::CASClient(), read by |
|
| 2376 | - * CASClient::getPT() and CASClient::hasPGT(). |
|
| 2377 | - * |
|
| 2378 | - * @hideinitializer |
|
| 2379 | - * @private |
|
| 2380 | - */ |
|
| 2381 | - var $_pt = ''; |
|
| 2382 | - |
|
| 2383 | - /** |
|
| 2384 | - * This method returns the Proxy Ticket provided in the URL of the request. |
|
| 2385 | - * @return The proxy ticket. |
|
| 2386 | - * @private |
|
| 2387 | - */ |
|
| 2388 | - function getPT() |
|
| 2389 | - { |
|
| 2390 | - // return 'ST'.substr($this->_pt, 2); |
|
| 2391 | - return $this->_pt; |
|
| 2392 | - } |
|
| 2393 | - |
|
| 2394 | - /** |
|
| 2395 | - * This method stores the Proxy Ticket. |
|
| 2396 | - * @param $pt The Proxy Ticket. |
|
| 2397 | - * @private |
|
| 2398 | - */ |
|
| 2399 | - function setPT($pt) |
|
| 2400 | - { $this->_pt = $pt; } |
|
| 2401 | - |
|
| 2402 | - /** |
|
| 2403 | - * This method tells if a Proxy Ticket was stored. |
|
| 2404 | - * @return TRUE if a Proxy Ticket has been stored. |
|
| 2405 | - * @private |
|
| 2406 | - */ |
|
| 2407 | - function hasPT() |
|
| 2408 | - { return !empty($this->_pt); } |
|
| 2409 | - /** |
|
| 2410 | - * This method returns the SAML Ticket provided in the URL of the request. |
|
| 2411 | - * @return The SAML ticket. |
|
| 2412 | - * @private |
|
| 2413 | - */ |
|
| 2414 | - function getSA() |
|
| 2415 | - { return 'ST'.substr($this->_sa, 2); } |
|
| 2416 | - |
|
| 2417 | - /** |
|
| 2418 | - * This method stores the SAML Ticket. |
|
| 2419 | - * @param $sa The SAML Ticket. |
|
| 2420 | - * @private |
|
| 2421 | - */ |
|
| 2422 | - function setSA($sa) |
|
| 2423 | - { $this->_sa = $sa; } |
|
| 2424 | - |
|
| 2425 | - /** |
|
| 2426 | - * This method tells if a SAML Ticket was stored. |
|
| 2427 | - * @return TRUE if a SAML Ticket has been stored. |
|
| 2428 | - * @private |
|
| 2429 | - */ |
|
| 2430 | - function hasSA() |
|
| 2431 | - { return !empty($this->_sa); } |
|
| 2432 | - |
|
| 2433 | - /** @} */ |
|
| 2434 | - // ######################################################################## |
|
| 2435 | - // PT VALIDATION |
|
| 2436 | - // ######################################################################## |
|
| 2437 | - /** |
|
| 2438 | - * @addtogroup internalProxied |
|
| 2439 | - * @{ |
|
| 2440 | - */ |
|
| 2441 | - |
|
| 2442 | - /** |
|
| 2443 | - * This method is used to validate a ST or PT; halt on failure |
|
| 2444 | - * Used for all CAS 2.0 validations |
|
| 2445 | - * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). |
|
| 2446 | - * |
|
| 2447 | - * @private |
|
| 2448 | - */ |
|
| 2449 | - function validatePT(&$validate_url,&$text_response,&$tree_response) |
|
| 2450 | - { |
|
| 2451 | - phpCAS::traceBegin(); |
|
| 2452 | - // build the URL to validate the ticket |
|
| 2453 | - $validate_url = $this->getServerProxyValidateURL().'&ticket='.$this->getPT(); |
|
| 2454 | - |
|
| 2455 | - if ( $this->isProxy() ) { |
|
| 2456 | - // pass the callback url for CAS proxies |
|
| 2457 | - $validate_url .= '&pgtUrl='.$this->getCallbackURL(); |
|
| 2458 | - } |
|
| 2459 | - |
|
| 2460 | - // open and read the URL |
|
| 2461 | - if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) { |
|
| 2462 | - phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')'); |
|
| 2463 | - $this->authError('PT not validated', |
|
| 2464 | - $validate_url, |
|
| 2465 | - TRUE/*$no_response*/); |
|
| 2466 | - } |
|
| 2467 | - |
|
| 2468 | - // read the response of the CAS server into a DOM object |
|
| 2469 | - if ( !($dom = domxml_open_mem($text_response))) { |
|
| 2470 | - // read failed |
|
| 2471 | - $this->authError('PT not validated', |
|
| 2472 | - $validate_url, |
|
| 2473 | - FALSE/*$no_response*/, |
|
| 2474 | - TRUE/*$bad_response*/, |
|
| 2475 | - $text_response); |
|
| 2476 | - } |
|
| 2477 | - // read the root node of the XML tree |
|
| 2478 | - if ( !($tree_response = $dom->document_element()) ) { |
|
| 2479 | - // read failed |
|
| 2480 | - $this->authError('PT not validated', |
|
| 2481 | - $validate_url, |
|
| 2482 | - FALSE/*$no_response*/, |
|
| 2483 | - TRUE/*$bad_response*/, |
|
| 2484 | - $text_response); |
|
| 2485 | - } |
|
| 2486 | - // insure that tag name is 'serviceResponse' |
|
| 2487 | - if ( $tree_response->node_name() != 'serviceResponse' ) { |
|
| 2488 | - // bad root node |
|
| 2489 | - $this->authError('PT not validated', |
|
| 2490 | - $validate_url, |
|
| 2491 | - FALSE/*$no_response*/, |
|
| 2492 | - TRUE/*$bad_response*/, |
|
| 2493 | - $text_response); |
|
| 2494 | - } |
|
| 2495 | - if ( sizeof($arr = $tree_response->get_elements_by_tagname("authenticationSuccess")) != 0) { |
|
| 2496 | - // authentication succeded, extract the user name |
|
| 2497 | - if ( sizeof($arr = $tree_response->get_elements_by_tagname("user")) == 0) { |
|
| 2498 | - // no user specified => error |
|
| 2499 | - $this->authError('PT not validated', |
|
| 2500 | - $validate_url, |
|
| 2501 | - FALSE/*$no_response*/, |
|
| 2502 | - TRUE/*$bad_response*/, |
|
| 2503 | - $text_response); |
|
| 2504 | - } |
|
| 2505 | - $this->setUser(trim($arr[0]->get_content())); |
|
| 2270 | + phpCAS::trace('reading URL`'.$service_url.'\''); |
|
| 2271 | + if ( !$this->readURL($service_url,$cookies,$headers,$output,$err_msg) ) { |
|
| 2272 | + phpCAS::trace('could not read URL`'.$service_url.'\''); |
|
| 2273 | + $err_code = PHPCAS_SERVICE_NOT_AVAILABLE; |
|
| 2274 | + // give an error message |
|
| 2275 | + $output = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE), |
|
| 2276 | + $service_url, |
|
| 2277 | + $err_msg); |
|
| 2278 | + $res = FALSE; |
|
| 2279 | + } else { |
|
| 2280 | + // URL has been fetched, extract the cookies |
|
| 2281 | + phpCAS::trace('URL`'.$service_url.'\' has been read, storing cookies:'); |
|
| 2282 | + foreach ( $headers as $header ) { |
|
| 2283 | + // test if the header is a cookie |
|
| 2284 | + if ( preg_match('/^Set-Cookie:/',$header) ) { |
|
| 2285 | + // the header is a cookie, remove the beginning |
|
| 2286 | + $header_val = preg_replace('/^Set-Cookie: */','',$header); |
|
| 2287 | + // extract interesting information |
|
| 2288 | + $name_val = strtok($header_val,'; '); |
|
| 2289 | + // extract the name and the value of the cookie |
|
| 2290 | + $cookie_name = strtok($name_val,'='); |
|
| 2291 | + $cookie_val = strtok('='); |
|
| 2292 | + // store the cookie |
|
| 2293 | + $_SESSION['phpCAS']['services'][$url]['cookies'][$cookie_name] = $cookie_val; |
|
| 2294 | + phpCAS::trace($cookie_name.' -> '.$cookie_val); |
|
| 2295 | + } |
|
| 2296 | + } |
|
| 2297 | + } |
|
| 2298 | + } |
|
| 2299 | + |
|
| 2300 | + phpCAS::traceEnd($res); |
|
| 2301 | + return $res; |
|
| 2302 | + } |
|
| 2303 | + |
|
| 2304 | + /** |
|
| 2305 | + * This method is used to access an IMAP/POP3/NNTP service. |
|
| 2306 | + * |
|
| 2307 | + * @param $url a string giving the URL of the service, including the mailing box |
|
| 2308 | + * for IMAP URLs, as accepted by imap_open(). |
|
| 2309 | + * @param $service a string giving for CAS retrieve Proxy ticket |
|
| 2310 | + * @param $flags options given to imap_open(). |
|
| 2311 | + * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on |
|
| 2312 | + * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, |
|
| 2313 | + * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE. |
|
| 2314 | + * @param $err_msg an error message on failure |
|
| 2315 | + * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL |
|
| 2316 | + * on success, FALSE on error). |
|
| 2317 | + * |
|
| 2318 | + * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code |
|
| 2319 | + * gives the reason why it failed and $err_msg contains an error message). |
|
| 2320 | + * |
|
| 2321 | + * @public |
|
| 2322 | + */ |
|
| 2323 | + function serviceMail($url,$service,$flags,&$err_code,&$err_msg,&$pt) |
|
| 2324 | + { |
|
| 2325 | + phpCAS::traceBegin(); |
|
| 2326 | + // at first retrieve a PT |
|
| 2327 | + $pt = $this->retrievePT($service,$err_code,$output); |
|
| 2328 | + |
|
| 2329 | + $stream = FALSE; |
|
| 2330 | + |
|
| 2331 | + // test if PT was retrieved correctly |
|
| 2332 | + if ( !$pt ) { |
|
| 2333 | + // note: $err_code and $err_msg are filled by CASClient::retrievePT() |
|
| 2334 | + phpCAS::trace('PT was not retrieved correctly'); |
|
| 2335 | + } else { |
|
| 2336 | + phpCAS::trace('opening IMAP URL `'.$url.'\'...'); |
|
| 2337 | + $stream = @imap_open($url,$this->getUser(),$pt,$flags); |
|
| 2338 | + if ( !$stream ) { |
|
| 2339 | + phpCAS::trace('could not open URL'); |
|
| 2340 | + $err_code = PHPCAS_SERVICE_NOT_AVAILABLE; |
|
| 2341 | + // give an error message |
|
| 2342 | + $err_msg = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE), |
|
| 2343 | + $service_url, |
|
| 2344 | + var_export(imap_errors(),TRUE)); |
|
| 2345 | + $pt = FALSE; |
|
| 2346 | + $stream = FALSE; |
|
| 2347 | + } else { |
|
| 2348 | + phpCAS::trace('ok'); |
|
| 2349 | + } |
|
| 2350 | + } |
|
| 2351 | + |
|
| 2352 | + phpCAS::traceEnd($stream); |
|
| 2353 | + return $stream; |
|
| 2354 | + } |
|
| 2355 | + |
|
| 2356 | + /** @} */ |
|
| 2357 | + |
|
| 2358 | + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 2359 | + // XX XX |
|
| 2360 | + // XX PROXIED CLIENT FEATURES (CAS 2.0) XX |
|
| 2361 | + // XX XX |
|
| 2362 | + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 2363 | + |
|
| 2364 | + // ######################################################################## |
|
| 2365 | + // PT |
|
| 2366 | + // ######################################################################## |
|
| 2367 | + /** |
|
| 2368 | + * @addtogroup internalProxied |
|
| 2369 | + * @{ |
|
| 2370 | + */ |
|
| 2371 | + |
|
| 2372 | + /** |
|
| 2373 | + * the Proxy Ticket provided in the URL of the request if present |
|
| 2374 | + * (empty otherwise). Written by CASClient::CASClient(), read by |
|
| 2375 | + * CASClient::getPT() and CASClient::hasPGT(). |
|
| 2376 | + * |
|
| 2377 | + * @hideinitializer |
|
| 2378 | + * @private |
|
| 2379 | + */ |
|
| 2380 | + var $_pt = ''; |
|
| 2381 | + |
|
| 2382 | + /** |
|
| 2383 | + * This method returns the Proxy Ticket provided in the URL of the request. |
|
| 2384 | + * @return The proxy ticket. |
|
| 2385 | + * @private |
|
| 2386 | + */ |
|
| 2387 | + function getPT() |
|
| 2388 | + { |
|
| 2389 | + // return 'ST'.substr($this->_pt, 2); |
|
| 2390 | + return $this->_pt; |
|
| 2391 | + } |
|
| 2392 | + |
|
| 2393 | + /** |
|
| 2394 | + * This method stores the Proxy Ticket. |
|
| 2395 | + * @param $pt The Proxy Ticket. |
|
| 2396 | + * @private |
|
| 2397 | + */ |
|
| 2398 | + function setPT($pt) |
|
| 2399 | + { $this->_pt = $pt; } |
|
| 2400 | + |
|
| 2401 | + /** |
|
| 2402 | + * This method tells if a Proxy Ticket was stored. |
|
| 2403 | + * @return TRUE if a Proxy Ticket has been stored. |
|
| 2404 | + * @private |
|
| 2405 | + */ |
|
| 2406 | + function hasPT() |
|
| 2407 | + { return !empty($this->_pt); } |
|
| 2408 | + /** |
|
| 2409 | + * This method returns the SAML Ticket provided in the URL of the request. |
|
| 2410 | + * @return The SAML ticket. |
|
| 2411 | + * @private |
|
| 2412 | + */ |
|
| 2413 | + function getSA() |
|
| 2414 | + { return 'ST'.substr($this->_sa, 2); } |
|
| 2415 | + |
|
| 2416 | + /** |
|
| 2417 | + * This method stores the SAML Ticket. |
|
| 2418 | + * @param $sa The SAML Ticket. |
|
| 2419 | + * @private |
|
| 2420 | + */ |
|
| 2421 | + function setSA($sa) |
|
| 2422 | + { $this->_sa = $sa; } |
|
| 2423 | + |
|
| 2424 | + /** |
|
| 2425 | + * This method tells if a SAML Ticket was stored. |
|
| 2426 | + * @return TRUE if a SAML Ticket has been stored. |
|
| 2427 | + * @private |
|
| 2428 | + */ |
|
| 2429 | + function hasSA() |
|
| 2430 | + { return !empty($this->_sa); } |
|
| 2431 | + |
|
| 2432 | + /** @} */ |
|
| 2433 | + // ######################################################################## |
|
| 2434 | + // PT VALIDATION |
|
| 2435 | + // ######################################################################## |
|
| 2436 | + /** |
|
| 2437 | + * @addtogroup internalProxied |
|
| 2438 | + * @{ |
|
| 2439 | + */ |
|
| 2440 | + |
|
| 2441 | + /** |
|
| 2442 | + * This method is used to validate a ST or PT; halt on failure |
|
| 2443 | + * Used for all CAS 2.0 validations |
|
| 2444 | + * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). |
|
| 2445 | + * |
|
| 2446 | + * @private |
|
| 2447 | + */ |
|
| 2448 | + function validatePT(&$validate_url,&$text_response,&$tree_response) |
|
| 2449 | + { |
|
| 2450 | + phpCAS::traceBegin(); |
|
| 2451 | + // build the URL to validate the ticket |
|
| 2452 | + $validate_url = $this->getServerProxyValidateURL().'&ticket='.$this->getPT(); |
|
| 2453 | + |
|
| 2454 | + if ( $this->isProxy() ) { |
|
| 2455 | + // pass the callback url for CAS proxies |
|
| 2456 | + $validate_url .= '&pgtUrl='.$this->getCallbackURL(); |
|
| 2457 | + } |
|
| 2458 | + |
|
| 2459 | + // open and read the URL |
|
| 2460 | + if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) { |
|
| 2461 | + phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')'); |
|
| 2462 | + $this->authError('PT not validated', |
|
| 2463 | + $validate_url, |
|
| 2464 | + TRUE/*$no_response*/); |
|
| 2465 | + } |
|
| 2466 | + |
|
| 2467 | + // read the response of the CAS server into a DOM object |
|
| 2468 | + if ( !($dom = domxml_open_mem($text_response))) { |
|
| 2469 | + // read failed |
|
| 2470 | + $this->authError('PT not validated', |
|
| 2471 | + $validate_url, |
|
| 2472 | + FALSE/*$no_response*/, |
|
| 2473 | + TRUE/*$bad_response*/, |
|
| 2474 | + $text_response); |
|
| 2475 | + } |
|
| 2476 | + // read the root node of the XML tree |
|
| 2477 | + if ( !($tree_response = $dom->document_element()) ) { |
|
| 2478 | + // read failed |
|
| 2479 | + $this->authError('PT not validated', |
|
| 2480 | + $validate_url, |
|
| 2481 | + FALSE/*$no_response*/, |
|
| 2482 | + TRUE/*$bad_response*/, |
|
| 2483 | + $text_response); |
|
| 2484 | + } |
|
| 2485 | + // insure that tag name is 'serviceResponse' |
|
| 2486 | + if ( $tree_response->node_name() != 'serviceResponse' ) { |
|
| 2487 | + // bad root node |
|
| 2488 | + $this->authError('PT not validated', |
|
| 2489 | + $validate_url, |
|
| 2490 | + FALSE/*$no_response*/, |
|
| 2491 | + TRUE/*$bad_response*/, |
|
| 2492 | + $text_response); |
|
| 2493 | + } |
|
| 2494 | + if ( sizeof($arr = $tree_response->get_elements_by_tagname("authenticationSuccess")) != 0) { |
|
| 2495 | + // authentication succeded, extract the user name |
|
| 2496 | + if ( sizeof($arr = $tree_response->get_elements_by_tagname("user")) == 0) { |
|
| 2497 | + // no user specified => error |
|
| 2498 | + $this->authError('PT not validated', |
|
| 2499 | + $validate_url, |
|
| 2500 | + FALSE/*$no_response*/, |
|
| 2501 | + TRUE/*$bad_response*/, |
|
| 2502 | + $text_response); |
|
| 2503 | + } |
|
| 2504 | + $this->setUser(trim($arr[0]->get_content())); |
|
| 2506 | 2505 | |
| 2507 | - } else if ( sizeof($arr = $tree_response->get_elements_by_tagname("authenticationFailure")) != 0) { |
|
| 2508 | - // authentication succeded, extract the error code and message |
|
| 2509 | - $this->authError('PT not validated', |
|
| 2510 | - $validate_url, |
|
| 2511 | - FALSE/*$no_response*/, |
|
| 2512 | - FALSE/*$bad_response*/, |
|
| 2513 | - $text_response, |
|
| 2514 | - $arr[0]->get_attribute('code')/*$err_code*/, |
|
| 2515 | - trim($arr[0]->get_content())/*$err_msg*/); |
|
| 2516 | - } else { |
|
| 2517 | - $this->authError('PT not validated', |
|
| 2518 | - $validate_url, |
|
| 2519 | - FALSE/*$no_response*/, |
|
| 2520 | - TRUE/*$bad_response*/, |
|
| 2521 | - $text_response); |
|
| 2522 | - } |
|
| 2523 | - |
|
| 2524 | - // at this step, PT has been validated and $this->_user has been set, |
|
| 2525 | - |
|
| 2526 | - phpCAS::traceEnd(TRUE); |
|
| 2527 | - return TRUE; |
|
| 2528 | - } |
|
| 2529 | - |
|
| 2530 | - /** @} */ |
|
| 2531 | - |
|
| 2532 | - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 2533 | - // XX XX |
|
| 2534 | - // XX MISC XX |
|
| 2535 | - // XX XX |
|
| 2536 | - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 2537 | - |
|
| 2538 | - /** |
|
| 2539 | - * @addtogroup internalMisc |
|
| 2540 | - * @{ |
|
| 2541 | - */ |
|
| 2542 | - |
|
| 2543 | - // ######################################################################## |
|
| 2544 | - // URL |
|
| 2545 | - // ######################################################################## |
|
| 2546 | - /** |
|
| 2547 | - * the URL of the current request (without any ticket CGI parameter). Written |
|
| 2548 | - * and read by CASClient::getURL(). |
|
| 2549 | - * |
|
| 2550 | - * @hideinitializer |
|
| 2551 | - * @private |
|
| 2552 | - */ |
|
| 2553 | - var $_url = ''; |
|
| 2554 | - |
|
| 2555 | - /** |
|
| 2556 | - * This method returns the URL of the current request (without any ticket |
|
| 2557 | - * CGI parameter). |
|
| 2558 | - * |
|
| 2559 | - * @return The URL |
|
| 2560 | - * |
|
| 2561 | - * @private |
|
| 2562 | - */ |
|
| 2563 | - function getURL() |
|
| 2564 | - { |
|
| 2565 | - phpCAS::traceBegin(); |
|
| 2566 | - // the URL is built when needed only |
|
| 2567 | - if ( empty($this->_url) ) { |
|
| 2568 | - $final_uri = ''; |
|
| 2569 | - // remove the ticket if present in the URL |
|
| 2570 | - $final_uri = ($this->isHttps()) ? 'https' : 'http'; |
|
| 2571 | - $final_uri .= '://'; |
|
| 2572 | - /* replaced by Julien Marchal - v0.4.6 |
|
| 2506 | + } else if ( sizeof($arr = $tree_response->get_elements_by_tagname("authenticationFailure")) != 0) { |
|
| 2507 | + // authentication succeded, extract the error code and message |
|
| 2508 | + $this->authError('PT not validated', |
|
| 2509 | + $validate_url, |
|
| 2510 | + FALSE/*$no_response*/, |
|
| 2511 | + FALSE/*$bad_response*/, |
|
| 2512 | + $text_response, |
|
| 2513 | + $arr[0]->get_attribute('code')/*$err_code*/, |
|
| 2514 | + trim($arr[0]->get_content())/*$err_msg*/); |
|
| 2515 | + } else { |
|
| 2516 | + $this->authError('PT not validated', |
|
| 2517 | + $validate_url, |
|
| 2518 | + FALSE/*$no_response*/, |
|
| 2519 | + TRUE/*$bad_response*/, |
|
| 2520 | + $text_response); |
|
| 2521 | + } |
|
| 2522 | + |
|
| 2523 | + // at this step, PT has been validated and $this->_user has been set, |
|
| 2524 | + |
|
| 2525 | + phpCAS::traceEnd(TRUE); |
|
| 2526 | + return TRUE; |
|
| 2527 | + } |
|
| 2528 | + |
|
| 2529 | + /** @} */ |
|
| 2530 | + |
|
| 2531 | + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 2532 | + // XX XX |
|
| 2533 | + // XX MISC XX |
|
| 2534 | + // XX XX |
|
| 2535 | + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
| 2536 | + |
|
| 2537 | + /** |
|
| 2538 | + * @addtogroup internalMisc |
|
| 2539 | + * @{ |
|
| 2540 | + */ |
|
| 2541 | + |
|
| 2542 | + // ######################################################################## |
|
| 2543 | + // URL |
|
| 2544 | + // ######################################################################## |
|
| 2545 | + /** |
|
| 2546 | + * the URL of the current request (without any ticket CGI parameter). Written |
|
| 2547 | + * and read by CASClient::getURL(). |
|
| 2548 | + * |
|
| 2549 | + * @hideinitializer |
|
| 2550 | + * @private |
|
| 2551 | + */ |
|
| 2552 | + var $_url = ''; |
|
| 2553 | + |
|
| 2554 | + /** |
|
| 2555 | + * This method returns the URL of the current request (without any ticket |
|
| 2556 | + * CGI parameter). |
|
| 2557 | + * |
|
| 2558 | + * @return The URL |
|
| 2559 | + * |
|
| 2560 | + * @private |
|
| 2561 | + */ |
|
| 2562 | + function getURL() |
|
| 2563 | + { |
|
| 2564 | + phpCAS::traceBegin(); |
|
| 2565 | + // the URL is built when needed only |
|
| 2566 | + if ( empty($this->_url) ) { |
|
| 2567 | + $final_uri = ''; |
|
| 2568 | + // remove the ticket if present in the URL |
|
| 2569 | + $final_uri = ($this->isHttps()) ? 'https' : 'http'; |
|
| 2570 | + $final_uri .= '://'; |
|
| 2571 | + /* replaced by Julien Marchal - v0.4.6 |
|
| 2573 | 2572 | * $this->_url .= $_SERVER['SERVER_NAME']; |
| 2574 | 2573 | */ |
| 2575 | - if(empty($_SERVER['HTTP_X_FORWARDED_SERVER'])){ |
|
| 2576 | - /* replaced by teedog - v0.4.12 |
|
| 2574 | + if(empty($_SERVER['HTTP_X_FORWARDED_SERVER'])){ |
|
| 2575 | + /* replaced by teedog - v0.4.12 |
|
| 2577 | 2576 | * $this->_url .= $_SERVER['SERVER_NAME']; |
| 2578 | 2577 | */ |
| 2579 | - if (empty($_SERVER['SERVER_NAME'])) { |
|
| 2580 | - $server_name = $_SERVER['HTTP_HOST']; |
|
| 2581 | - } else { |
|
| 2582 | - $server_name = $_SERVER['SERVER_NAME']; |
|
| 2583 | - } |
|
| 2584 | - } else { |
|
| 2585 | - $server_name = $_SERVER['HTTP_X_FORWARDED_SERVER']; |
|
| 2586 | - } |
|
| 2587 | - $final_uri .= $server_name; |
|
| 2588 | - if (!strpos($server_name, ':')) { |
|
| 2589 | - if ( ($this->isHttps() && $_SERVER['SERVER_PORT']!=443) |
|
| 2590 | - || (!$this->isHttps() && $_SERVER['SERVER_PORT']!=80) ) { |
|
| 2591 | - $final_uri .= ':'; |
|
| 2592 | - $final_uri .= $_SERVER['SERVER_PORT']; |
|
| 2593 | - } |
|
| 2594 | - } |
|
| 2578 | + if (empty($_SERVER['SERVER_NAME'])) { |
|
| 2579 | + $server_name = $_SERVER['HTTP_HOST']; |
|
| 2580 | + } else { |
|
| 2581 | + $server_name = $_SERVER['SERVER_NAME']; |
|
| 2582 | + } |
|
| 2583 | + } else { |
|
| 2584 | + $server_name = $_SERVER['HTTP_X_FORWARDED_SERVER']; |
|
| 2585 | + } |
|
| 2586 | + $final_uri .= $server_name; |
|
| 2587 | + if (!strpos($server_name, ':')) { |
|
| 2588 | + if ( ($this->isHttps() && $_SERVER['SERVER_PORT']!=443) |
|
| 2589 | + || (!$this->isHttps() && $_SERVER['SERVER_PORT']!=80) ) { |
|
| 2590 | + $final_uri .= ':'; |
|
| 2591 | + $final_uri .= $_SERVER['SERVER_PORT']; |
|
| 2592 | + } |
|
| 2593 | + } |
|
| 2595 | 2594 | |
| 2596 | - $request_uri = explode('?', $_SERVER['REQUEST_URI'], 2); |
|
| 2597 | - $final_uri .= $request_uri[0]; |
|
| 2595 | + $request_uri = explode('?', $_SERVER['REQUEST_URI'], 2); |
|
| 2596 | + $final_uri .= $request_uri[0]; |
|
| 2598 | 2597 | |
| 2599 | - if (isset($request_uri[1]) && $request_uri[1]) |
|
| 2600 | - { |
|
| 2601 | - $query_string = $this->removeParameterFromQueryString('ticket', $request_uri[1]); |
|
| 2598 | + if (isset($request_uri[1]) && $request_uri[1]) |
|
| 2599 | + { |
|
| 2600 | + $query_string = $this->removeParameterFromQueryString('ticket', $request_uri[1]); |
|
| 2602 | 2601 | |
| 2603 | - // If the query string still has anything left, append it to the final URI |
|
| 2604 | - if ($query_string !== '') |
|
| 2605 | - $final_uri .= "?$query_string"; |
|
| 2602 | + // If the query string still has anything left, append it to the final URI |
|
| 2603 | + if ($query_string !== '') |
|
| 2604 | + $final_uri .= "?$query_string"; |
|
| 2606 | 2605 | |
| 2607 | - } |
|
| 2606 | + } |
|
| 2608 | 2607 | |
| 2609 | - phpCAS::trace("Final URI: $final_uri"); |
|
| 2610 | - $this->setURL($final_uri); |
|
| 2611 | - } |
|
| 2612 | - phpCAS::traceEnd($this->_url); |
|
| 2613 | - return $this->_url; |
|
| 2614 | - } |
|
| 2608 | + phpCAS::trace("Final URI: $final_uri"); |
|
| 2609 | + $this->setURL($final_uri); |
|
| 2610 | + } |
|
| 2611 | + phpCAS::traceEnd($this->_url); |
|
| 2612 | + return $this->_url; |
|
| 2613 | + } |
|
| 2615 | 2614 | |
| 2616 | 2615 | |
| 2617 | 2616 | |
| 2618 | - /** |
|
| 2619 | - * Removes a parameter from a query string |
|
| 2620 | - * |
|
| 2621 | - * @param string $parameterName |
|
| 2622 | - * @param string $queryString |
|
| 2623 | - * @return string |
|
| 2624 | - * |
|
| 2625 | - * @link http://stackoverflow.com/questions/1842681/regular-expression-to-remove-one-parameter-from-query-string |
|
| 2626 | - */ |
|
| 2627 | - function removeParameterFromQueryString($parameterName, $queryString) |
|
| 2628 | - { |
|
| 2629 | - $parameterName = preg_quote($parameterName); |
|
| 2630 | - return preg_replace("/&$parameterName(=[^&]*)?|^$parameterName(=[^&]*)?&?/", '', $queryString); |
|
| 2631 | - } |
|
| 2617 | + /** |
|
| 2618 | + * Removes a parameter from a query string |
|
| 2619 | + * |
|
| 2620 | + * @param string $parameterName |
|
| 2621 | + * @param string $queryString |
|
| 2622 | + * @return string |
|
| 2623 | + * |
|
| 2624 | + * @link http://stackoverflow.com/questions/1842681/regular-expression-to-remove-one-parameter-from-query-string |
|
| 2625 | + */ |
|
| 2626 | + function removeParameterFromQueryString($parameterName, $queryString) |
|
| 2627 | + { |
|
| 2628 | + $parameterName = preg_quote($parameterName); |
|
| 2629 | + return preg_replace("/&$parameterName(=[^&]*)?|^$parameterName(=[^&]*)?&?/", '', $queryString); |
|
| 2630 | + } |
|
| 2632 | 2631 | |
| 2633 | 2632 | |
| 2634 | - /** |
|
| 2635 | - * This method sets the URL of the current request |
|
| 2636 | - * |
|
| 2637 | - * @param $url url to set for service |
|
| 2638 | - * |
|
| 2639 | - * @private |
|
| 2640 | - */ |
|
| 2641 | - function setURL($url) |
|
| 2642 | - { |
|
| 2643 | - $this->_url = $url; |
|
| 2644 | - } |
|
| 2645 | - |
|
| 2646 | - // ######################################################################## |
|
| 2647 | - // AUTHENTICATION ERROR HANDLING |
|
| 2648 | - // ######################################################################## |
|
| 2649 | - /** |
|
| 2650 | - * This method is used to print the HTML output when the user was not authenticated. |
|
| 2651 | - * |
|
| 2652 | - * @param $failure the failure that occured |
|
| 2653 | - * @param $cas_url the URL the CAS server was asked for |
|
| 2654 | - * @param $no_response the response from the CAS server (other |
|
| 2655 | - * parameters are ignored if TRUE) |
|
| 2656 | - * @param $bad_response bad response from the CAS server ($err_code |
|
| 2657 | - * and $err_msg ignored if TRUE) |
|
| 2658 | - * @param $cas_response the response of the CAS server |
|
| 2659 | - * @param $err_code the error code given by the CAS server |
|
| 2660 | - * @param $err_msg the error message given by the CAS server |
|
| 2661 | - * |
|
| 2662 | - * @private |
|
| 2663 | - */ |
|
| 2664 | - function authError($failure,$cas_url,$no_response,$bad_response='',$cas_response='',$err_code='',$err_msg='') |
|
| 2665 | - { |
|
| 2666 | - phpCAS::traceBegin(); |
|
| 2667 | - |
|
| 2668 | - $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_FAILED)); |
|
| 2669 | - printf($this->getString(CAS_STR_YOU_WERE_NOT_AUTHENTICATED),htmlentities($this->getURL()),$_SERVER['SERVER_ADMIN']); |
|
| 2670 | - phpCAS::trace('CAS URL: '.$cas_url); |
|
| 2671 | - phpCAS::trace('Authentication failure: '.$failure); |
|
| 2672 | - if ( $no_response ) { |
|
| 2673 | - phpCAS::trace('Reason: no response from the CAS server'); |
|
| 2674 | - } else { |
|
| 2675 | - if ( $bad_response ) { |
|
| 2676 | - phpCAS::trace('Reason: bad response from the CAS server'); |
|
| 2677 | - } else { |
|
| 2678 | - switch ($this->getServerVersion()) { |
|
| 2679 | - case CAS_VERSION_1_0: |
|
| 2680 | - phpCAS::trace('Reason: CAS error'); |
|
| 2681 | - break; |
|
| 2682 | - case CAS_VERSION_2_0: |
|
| 2683 | - if ( empty($err_code) ) |
|
| 2684 | - phpCAS::trace('Reason: no CAS error'); |
|
| 2685 | - else |
|
| 2686 | - phpCAS::trace('Reason: ['.$err_code.'] CAS error: '.$err_msg); |
|
| 2687 | - break; |
|
| 2688 | - } |
|
| 2689 | - } |
|
| 2690 | - phpCAS::trace('CAS response: '.$cas_response); |
|
| 2691 | - } |
|
| 2692 | - $this->printHTMLFooter(); |
|
| 2693 | - phpCAS::traceExit(); |
|
| 2694 | - exit(); |
|
| 2695 | - } |
|
| 2696 | - |
|
| 2697 | - /** @} */ |
|
| 2633 | + /** |
|
| 2634 | + * This method sets the URL of the current request |
|
| 2635 | + * |
|
| 2636 | + * @param $url url to set for service |
|
| 2637 | + * |
|
| 2638 | + * @private |
|
| 2639 | + */ |
|
| 2640 | + function setURL($url) |
|
| 2641 | + { |
|
| 2642 | + $this->_url = $url; |
|
| 2643 | + } |
|
| 2644 | + |
|
| 2645 | + // ######################################################################## |
|
| 2646 | + // AUTHENTICATION ERROR HANDLING |
|
| 2647 | + // ######################################################################## |
|
| 2648 | + /** |
|
| 2649 | + * This method is used to print the HTML output when the user was not authenticated. |
|
| 2650 | + * |
|
| 2651 | + * @param $failure the failure that occured |
|
| 2652 | + * @param $cas_url the URL the CAS server was asked for |
|
| 2653 | + * @param $no_response the response from the CAS server (other |
|
| 2654 | + * parameters are ignored if TRUE) |
|
| 2655 | + * @param $bad_response bad response from the CAS server ($err_code |
|
| 2656 | + * and $err_msg ignored if TRUE) |
|
| 2657 | + * @param $cas_response the response of the CAS server |
|
| 2658 | + * @param $err_code the error code given by the CAS server |
|
| 2659 | + * @param $err_msg the error message given by the CAS server |
|
| 2660 | + * |
|
| 2661 | + * @private |
|
| 2662 | + */ |
|
| 2663 | + function authError($failure,$cas_url,$no_response,$bad_response='',$cas_response='',$err_code='',$err_msg='') |
|
| 2664 | + { |
|
| 2665 | + phpCAS::traceBegin(); |
|
| 2666 | + |
|
| 2667 | + $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_FAILED)); |
|
| 2668 | + printf($this->getString(CAS_STR_YOU_WERE_NOT_AUTHENTICATED),htmlentities($this->getURL()),$_SERVER['SERVER_ADMIN']); |
|
| 2669 | + phpCAS::trace('CAS URL: '.$cas_url); |
|
| 2670 | + phpCAS::trace('Authentication failure: '.$failure); |
|
| 2671 | + if ( $no_response ) { |
|
| 2672 | + phpCAS::trace('Reason: no response from the CAS server'); |
|
| 2673 | + } else { |
|
| 2674 | + if ( $bad_response ) { |
|
| 2675 | + phpCAS::trace('Reason: bad response from the CAS server'); |
|
| 2676 | + } else { |
|
| 2677 | + switch ($this->getServerVersion()) { |
|
| 2678 | + case CAS_VERSION_1_0: |
|
| 2679 | + phpCAS::trace('Reason: CAS error'); |
|
| 2680 | + break; |
|
| 2681 | + case CAS_VERSION_2_0: |
|
| 2682 | + if ( empty($err_code) ) |
|
| 2683 | + phpCAS::trace('Reason: no CAS error'); |
|
| 2684 | + else |
|
| 2685 | + phpCAS::trace('Reason: ['.$err_code.'] CAS error: '.$err_msg); |
|
| 2686 | + break; |
|
| 2687 | + } |
|
| 2688 | + } |
|
| 2689 | + phpCAS::trace('CAS response: '.$cas_response); |
|
| 2690 | + } |
|
| 2691 | + $this->printHTMLFooter(); |
|
| 2692 | + phpCAS::traceExit(); |
|
| 2693 | + exit(); |
|
| 2694 | + } |
|
| 2695 | + |
|
| 2696 | + /** @} */ |
|
| 2698 | 2697 | } |
| 2699 | 2698 | |
| 2700 | 2699 | ?> |
