diff options
Diffstat (limited to 'plugins')
13 files changed, 4847 insertions, 4847 deletions
diff --git a/plugins/CasAuthentication/extlib/CAS.php b/plugins/CasAuthentication/extlib/CAS.php index 59238eb81..f5ea0b12a 100644 --- a/plugins/CasAuthentication/extlib/CAS.php +++ b/plugins/CasAuthentication/extlib/CAS.php @@ -1,1471 +1,1471 @@ -<?php
-
-// commented in 0.4.22-RC2 for Sylvain Derosiaux
-// error_reporting(E_ALL ^ E_NOTICE);
-
-//
-// hack by Vangelis Haniotakis to handle the absence of $_SERVER['REQUEST_URI'] in IIS
-//
-if (!$_SERVER['REQUEST_URI']) {
- $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING'];
-}
-
-//
-// another one by Vangelis Haniotakis also to make phpCAS work with PHP5
-//
-if (version_compare(PHP_VERSION,'5','>=')) {
- require_once(dirname(__FILE__).'/CAS/domxml-php4-php5.php');
-}
-
-/**
- * @file CAS/CAS.php
- * Interface class of the phpCAS library
- *
- * @ingroup public
- */
-
-// ########################################################################
-// CONSTANTS
-// ########################################################################
-
-// ------------------------------------------------------------------------
-// CAS VERSIONS
-// ------------------------------------------------------------------------
-
-/**
- * phpCAS version. accessible for the user by phpCAS::getVersion().
- */
-define('PHPCAS_VERSION','1.0.1');
-
-// ------------------------------------------------------------------------
-// CAS VERSIONS
-// ------------------------------------------------------------------------
- /**
- * @addtogroup public
- * @{
- */
-
-/**
- * CAS version 1.0
- */
-define("CAS_VERSION_1_0",'1.0');
-/*!
- * CAS version 2.0
- */
-define("CAS_VERSION_2_0",'2.0');
-
-/** @} */
- /**
- * @addtogroup publicPGTStorage
- * @{
- */
-// ------------------------------------------------------------------------
-// FILE PGT STORAGE
-// ------------------------------------------------------------------------
- /**
- * Default path used when storing PGT's to file
- */
-define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH",'/tmp');
-/**
- * phpCAS::setPGTStorageFile()'s 2nd parameter to write plain text files
- */
-define("CAS_PGT_STORAGE_FILE_FORMAT_PLAIN",'plain');
-/**
- * phpCAS::setPGTStorageFile()'s 2nd parameter to write xml files
- */
-define("CAS_PGT_STORAGE_FILE_FORMAT_XML",'xml');
-/**
- * Default format used when storing PGT's to file
- */
-define("CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT",CAS_PGT_STORAGE_FILE_FORMAT_PLAIN);
-// ------------------------------------------------------------------------
-// DATABASE PGT STORAGE
-// ------------------------------------------------------------------------
- /**
- * default database type when storing PGT's to database
- */
-define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE",'mysql');
-/**
- * default host when storing PGT's to database
- */
-define("CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME",'localhost');
-/**
- * default port when storing PGT's to database
- */
-define("CAS_PGT_STORAGE_DB_DEFAULT_PORT",'');
-/**
- * default database when storing PGT's to database
- */
-define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE",'phpCAS');
-/**
- * default table when storing PGT's to database
- */
-define("CAS_PGT_STORAGE_DB_DEFAULT_TABLE",'pgt');
-
-/** @} */
-// ------------------------------------------------------------------------
-// SERVICE ACCESS ERRORS
-// ------------------------------------------------------------------------
- /**
- * @addtogroup publicServices
- * @{
- */
-
-/**
- * phpCAS::service() error code on success
- */
-define("PHPCAS_SERVICE_OK",0);
-/**
- * phpCAS::service() error code when the PT could not retrieve because
- * the CAS server did not respond.
- */
-define("PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE",1);
-/**
- * phpCAS::service() error code when the PT could not retrieve because
- * the response of the CAS server was ill-formed.
- */
-define("PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE",2);
-/**
- * phpCAS::service() error code when the PT could not retrieve because
- * the CAS server did not want to.
- */
-define("PHPCAS_SERVICE_PT_FAILURE",3);
-/**
- * phpCAS::service() error code when the service was not available.
- */
-define("PHPCAS_SERVICE_NOT AVAILABLE",4);
-
-/** @} */
-// ------------------------------------------------------------------------
-// LANGUAGES
-// ------------------------------------------------------------------------
- /**
- * @addtogroup publicLang
- * @{
- */
-
-define("PHPCAS_LANG_ENGLISH", 'english');
-define("PHPCAS_LANG_FRENCH", 'french');
-define("PHPCAS_LANG_GREEK", 'greek');
-define("PHPCAS_LANG_GERMAN", 'german');
-define("PHPCAS_LANG_JAPANESE", 'japanese');
-define("PHPCAS_LANG_SPANISH", 'spanish');
-define("PHPCAS_LANG_CATALAN", 'catalan');
-
-/** @} */
-
-/**
- * @addtogroup internalLang
- * @{
- */
-
-/**
- * phpCAS default language (when phpCAS::setLang() is not used)
- */
-define("PHPCAS_LANG_DEFAULT", PHPCAS_LANG_ENGLISH);
-
-/** @} */
-// ------------------------------------------------------------------------
-// DEBUG
-// ------------------------------------------------------------------------
- /**
- * @addtogroup publicDebug
- * @{
- */
-
-/**
- * The default directory for the debug file under Unix.
- */
-define('DEFAULT_DEBUG_DIR','/tmp/');
-
-/** @} */
-// ------------------------------------------------------------------------
-// MISC
-// ------------------------------------------------------------------------
- /**
- * @addtogroup internalMisc
- * @{
- */
-
-/**
- * This global variable is used by the interface class phpCAS.
- *
- * @hideinitializer
- */
-$GLOBALS['PHPCAS_CLIENT'] = null;
-
-/**
- * This global variable is used to store where the initializer is called from
- * (to print a comprehensive error in case of multiple calls).
- *
- * @hideinitializer
- */
-$GLOBALS['PHPCAS_INIT_CALL'] = array('done' => FALSE,
- 'file' => '?',
- 'line' => -1,
- 'method' => '?');
-
-/**
- * This global variable is used to store where the method checking
- * the authentication is called from (to print comprehensive errors)
- *
- * @hideinitializer
- */
-$GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array('done' => FALSE,
- 'file' => '?',
- 'line' => -1,
- 'method' => '?',
- 'result' => FALSE);
-
-/**
- * This global variable is used to store phpCAS debug mode.
- *
- * @hideinitializer
- */
-$GLOBALS['PHPCAS_DEBUG'] = array('filename' => FALSE,
- 'indent' => 0,
- 'unique_id' => '');
-
-/** @} */
-
-// ########################################################################
-// CLIENT CLASS
-// ########################################################################
-
-// include client class
-include_once(dirname(__FILE__).'/CAS/client.php');
-
-// ########################################################################
-// INTERFACE CLASS
-// ########################################################################
-
-/**
- * @class phpCAS
- * The phpCAS class is a simple container for the phpCAS library. It provides CAS
- * authentication for web applications written in PHP.
- *
- * @ingroup public
- * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
- *
- * \internal All its methods access the same object ($PHPCAS_CLIENT, declared
- * at the end of CAS/client.php).
- */
-
-
-
-class phpCAS
-{
-
- // ########################################################################
- // INITIALIZATION
- // ########################################################################
-
- /**
- * @addtogroup publicInit
- * @{
- */
-
- /**
- * phpCAS client initializer.
- * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
- * called, only once, and before all other methods (except phpCAS::getVersion()
- * and phpCAS::setDebug()).
- *
- * @param $server_version the version of the CAS server
- * @param $server_hostname the hostname of the CAS server
- * @param $server_port the port the CAS server is running on
- * @param $server_uri the URI the CAS server is responding on
- * @param $start_session Have phpCAS start PHP sessions (default true)
- *
- * @return a newly created CASClient object
- */
- function client($server_version,
- $server_hostname,
- $server_port,
- $server_uri,
- $start_session = true)
- {
- global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;
-
- phpCAS::traceBegin();
- if ( is_object($PHPCAS_CLIENT) ) {
- phpCAS::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')');
- }
- if ( gettype($server_version) != 'string' ) {
- phpCAS::error('type mismatched for parameter $server_version (should be `string\')');
- }
- if ( gettype($server_hostname) != 'string' ) {
- phpCAS::error('type mismatched for parameter $server_hostname (should be `string\')');
- }
- if ( gettype($server_port) != 'integer' ) {
- phpCAS::error('type mismatched for parameter $server_port (should be `integer\')');
- }
- if ( gettype($server_uri) != 'string' ) {
- phpCAS::error('type mismatched for parameter $server_uri (should be `string\')');
- }
-
- // store where the initialzer is called from
- $dbg = phpCAS::backtrace();
- $PHPCAS_INIT_CALL = array('done' => TRUE,
- 'file' => $dbg[0]['file'],
- 'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__);
-
- // initialize the global object $PHPCAS_CLIENT
- $PHPCAS_CLIENT = new CASClient($server_version,FALSE/*proxy*/,$server_hostname,$server_port,$server_uri,$start_session);
- phpCAS::traceEnd();
- }
-
- /**
- * phpCAS proxy initializer.
- * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
- * called, only once, and before all other methods (except phpCAS::getVersion()
- * and phpCAS::setDebug()).
- *
- * @param $server_version the version of the CAS server
- * @param $server_hostname the hostname of the CAS server
- * @param $server_port the port the CAS server is running on
- * @param $server_uri the URI the CAS server is responding on
- * @param $start_session Have phpCAS start PHP sessions (default true)
- *
- * @return a newly created CASClient object
- */
- function proxy($server_version,
- $server_hostname,
- $server_port,
- $server_uri,
- $start_session = true)
- {
- global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;
-
- phpCAS::traceBegin();
- if ( is_object($PHPCAS_CLIENT) ) {
- phpCAS::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')');
- }
- if ( gettype($server_version) != 'string' ) {
- phpCAS::error('type mismatched for parameter $server_version (should be `string\')');
- }
- if ( gettype($server_hostname) != 'string' ) {
- phpCAS::error('type mismatched for parameter $server_hostname (should be `string\')');
- }
- if ( gettype($server_port) != 'integer' ) {
- phpCAS::error('type mismatched for parameter $server_port (should be `integer\')');
- }
- if ( gettype($server_uri) != 'string' ) {
- phpCAS::error('type mismatched for parameter $server_uri (should be `string\')');
- }
-
- // store where the initialzer is called from
- $dbg = phpCAS::backtrace();
- $PHPCAS_INIT_CALL = array('done' => TRUE,
- 'file' => $dbg[0]['file'],
- 'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__);
-
- // initialize the global object $PHPCAS_CLIENT
- $PHPCAS_CLIENT = new CASClient($server_version,TRUE/*proxy*/,$server_hostname,$server_port,$server_uri,$start_session);
- phpCAS::traceEnd();
- }
-
- /** @} */
- // ########################################################################
- // DEBUGGING
- // ########################################################################
-
- /**
- * @addtogroup publicDebug
- * @{
- */
-
- /**
- * Set/unset debug mode
- *
- * @param $filename the name of the file used for logging, or FALSE to stop debugging.
- */
- function setDebug($filename='')
- {
- global $PHPCAS_DEBUG;
-
- if ( $filename != FALSE && gettype($filename) != 'string' ) {
- phpCAS::error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)');
- }
-
- if ( empty($filename) ) {
- if ( preg_match('/^Win.*/',getenv('OS')) ) {
- if ( isset($_ENV['TMP']) ) {
- $debugDir = $_ENV['TMP'].'/';
- } else if ( isset($_ENV['TEMP']) ) {
- $debugDir = $_ENV['TEMP'].'/';
- } else {
- $debugDir = '';
- }
- } else {
- $debugDir = DEFAULT_DEBUG_DIR;
- }
- $filename = $debugDir . 'phpCAS.log';
- }
-
- if ( empty($PHPCAS_DEBUG['unique_id']) ) {
- $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))),0,4);
- }
-
- $PHPCAS_DEBUG['filename'] = $filename;
-
- phpCAS::trace('START ******************');
- }
-
- /** @} */
- /**
- * @addtogroup internalDebug
- * @{
- */
-
- /**
- * This method is a wrapper for debug_backtrace() that is not available
- * in all PHP versions (>= 4.3.0 only)
- */
- function backtrace()
- {
- if ( function_exists('debug_backtrace') ) {
- return debug_backtrace();
- } else {
- // poor man's hack ... but it does work ...
- return array();
- }
- }
-
- /**
- * Logs a string in debug mode.
- *
- * @param $str the string to write
- *
- * @private
- */
- function log($str)
- {
- $indent_str = ".";
- global $PHPCAS_DEBUG;
-
- if ( $PHPCAS_DEBUG['filename'] ) {
- for ($i=0;$i<$PHPCAS_DEBUG['indent'];$i++) {
- $indent_str .= '| ';
- }
- error_log($PHPCAS_DEBUG['unique_id'].' '.$indent_str.$str."\n",3,$PHPCAS_DEBUG['filename']);
- }
-
- }
-
- /**
- * This method is used by interface methods to print an error and where the function
- * was originally called from.
- *
- * @param $msg the message to print
- *
- * @private
- */
- function error($msg)
- {
- $dbg = phpCAS::backtrace();
- $function = '?';
- $file = '?';
- $line = '?';
- if ( is_array($dbg) ) {
- for ( $i=1; $i<sizeof($dbg); $i++) {
- if ( is_array($dbg[$i]) ) {
- if ( $dbg[$i]['class'] == __CLASS__ ) {
- $function = $dbg[$i]['function'];
- $file = $dbg[$i]['file'];
- $line = $dbg[$i]['line'];
- }
- }
- }
- }
- echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>".__CLASS__."::".$function.'(): '.htmlentities($msg)."</b></font> in <b>".$file."</b> on line <b>".$line."</b><br />\n";
- phpCAS::trace($msg);
- phpCAS::traceExit();
- exit();
- }
-
- /**
- * This method is used to log something in debug mode.
- */
- function trace($str)
- {
- $dbg = phpCAS::backtrace();
- phpCAS::log($str.' ['.basename($dbg[1]['file']).':'.$dbg[1]['line'].']');
- }
-
- /**
- * This method is used to indicate the start of the execution of a function in debug mode.
- */
- function traceBegin()
- {
- global $PHPCAS_DEBUG;
-
- $dbg = phpCAS::backtrace();
- $str = '=> ';
- if ( !empty($dbg[2]['class']) ) {
- $str .= $dbg[2]['class'].'::';
- }
- $str .= $dbg[2]['function'].'(';
- if ( is_array($dbg[2]['args']) ) {
- foreach ($dbg[2]['args'] as $index => $arg) {
- if ( $index != 0 ) {
- $str .= ', ';
- }
- $str .= str_replace("\n","",var_export($arg,TRUE));
- }
- }
- $str .= ') ['.basename($dbg[2]['file']).':'.$dbg[2]['line'].']';
- phpCAS::log($str);
- $PHPCAS_DEBUG['indent'] ++;
- }
-
- /**
- * This method is used to indicate the end of the execution of a function in debug mode.
- *
- * @param $res the result of the function
- */
- function traceEnd($res='')
- {
- global $PHPCAS_DEBUG;
-
- $PHPCAS_DEBUG['indent'] --;
- $dbg = phpCAS::backtrace();
- $str = '';
- $str .= '<= '.str_replace("\n","",var_export($res,TRUE));
- phpCAS::log($str);
- }
-
- /**
- * This method is used to indicate the end of the execution of the program
- */
- function traceExit()
- {
- global $PHPCAS_DEBUG;
-
- phpCAS::log('exit()');
- while ( $PHPCAS_DEBUG['indent'] > 0 ) {
- phpCAS::log('-');
- $PHPCAS_DEBUG['indent'] --;
- }
- }
-
- /** @} */
- // ########################################################################
- // INTERNATIONALIZATION
- // ########################################################################
- /**
- * @addtogroup publicLang
- * @{
- */
-
- /**
- * This method is used to set the language used by phpCAS.
- * @note Can be called only once.
- *
- * @param $lang a string representing the language.
- *
- * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH
- */
- function setLang($lang)
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- if ( gettype($lang) != 'string' ) {
- phpCAS::error('type mismatched for parameter $lang (should be `string\')');
- }
- $PHPCAS_CLIENT->setLang($lang);
- }
-
- /** @} */
- // ########################################################################
- // VERSION
- // ########################################################################
- /**
- * @addtogroup public
- * @{
- */
-
- /**
- * This method returns the phpCAS version.
- *
- * @return the phpCAS version.
- */
- function getVersion()
- {
- return PHPCAS_VERSION;
- }
-
- /** @} */
- // ########################################################################
- // HTML OUTPUT
- // ########################################################################
- /**
- * @addtogroup publicOutput
- * @{
- */
-
- /**
- * This method sets the HTML header used for all outputs.
- *
- * @param $header the HTML header.
- */
- function setHTMLHeader($header)
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- if ( gettype($header) != 'string' ) {
- phpCAS::error('type mismatched for parameter $header (should be `string\')');
- }
- $PHPCAS_CLIENT->setHTMLHeader($header);
- }
-
- /**
- * This method sets the HTML footer used for all outputs.
- *
- * @param $footer the HTML footer.
- */
- function setHTMLFooter($footer)
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- if ( gettype($footer) != 'string' ) {
- phpCAS::error('type mismatched for parameter $footer (should be `string\')');
- }
- $PHPCAS_CLIENT->setHTMLFooter($footer);
- }
-
- /** @} */
- // ########################################################################
- // PGT STORAGE
- // ########################################################################
- /**
- * @addtogroup publicPGTStorage
- * @{
- */
-
- /**
- * This method is used to tell phpCAS to store the response of the
- * CAS server to PGT requests onto the filesystem.
- *
- * @param $format the format used to store the PGT's (`plain' and `xml' allowed)
- * @param $path the path where the PGT's should be stored
- */
- function setPGTStorageFile($format='',
- $path='')
- {
- global $PHPCAS_CLIENT,$PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( !$PHPCAS_CLIENT->isProxy() ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( $PHPCAS_AUTH_CHECK_CALL['done'] ) {
- phpCAS::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')');
- }
- if ( gettype($format) != 'string' ) {
- phpCAS::error('type mismatched for parameter $format (should be `string\')');
- }
- if ( gettype($path) != 'string' ) {
- phpCAS::error('type mismatched for parameter $format (should be `string\')');
- }
- $PHPCAS_CLIENT->setPGTStorageFile($format,$path);
- phpCAS::traceEnd();
- }
-
- /**
- * This method is used to tell phpCAS to store the response of the
- * CAS server to PGT requests into a database.
- * @note The connection to the database is done only when needed.
- * As a consequence, bad parameters are detected only when
- * initializing PGT storage, except in debug mode.
- *
- * @param $user the user to access the data with
- * @param $password the user's password
- * @param $database_type the type of the database hosting the data
- * @param $hostname the server hosting the database
- * @param $port the port the server is listening on
- * @param $database the name of the database
- * @param $table the name of the table storing the data
- */
- function setPGTStorageDB($user,
- $password,
- $database_type='',
- $hostname='',
- $port=0,
- $database='',
- $table='')
- {
- global $PHPCAS_CLIENT,$PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( !$PHPCAS_CLIENT->isProxy() ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( $PHPCAS_AUTH_CHECK_CALL['done'] ) {
- phpCAS::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')');
- }
- if ( gettype($user) != 'string' ) {
- phpCAS::error('type mismatched for parameter $user (should be `string\')');
- }
- if ( gettype($password) != 'string' ) {
- phpCAS::error('type mismatched for parameter $password (should be `string\')');
- }
- if ( gettype($database_type) != 'string' ) {
- phpCAS::error('type mismatched for parameter $database_type (should be `string\')');
- }
- if ( gettype($hostname) != 'string' ) {
- phpCAS::error('type mismatched for parameter $hostname (should be `string\')');
- }
- if ( gettype($port) != 'integer' ) {
- phpCAS::error('type mismatched for parameter $port (should be `integer\')');
- }
- if ( gettype($database) != 'string' ) {
- phpCAS::error('type mismatched for parameter $database (should be `string\')');
- }
- if ( gettype($table) != 'string' ) {
- phpCAS::error('type mismatched for parameter $table (should be `string\')');
- }
- $PHPCAS_CLIENT->setPGTStorageDB($this,$user,$password,$hostname,$port,$database,$table);
- phpCAS::traceEnd();
- }
-
- /** @} */
- // ########################################################################
- // ACCESS TO EXTERNAL SERVICES
- // ########################################################################
- /**
- * @addtogroup publicServices
- * @{
- */
-
- /**
- * This method is used to access an HTTP[S] service.
- *
- * @param $url the service to access.
- * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
- * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
- * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
- * @param $output the output of the service (also used to give an error
- * message on failure).
- *
- * @return TRUE on success, FALSE otherwise (in this later case, $err_code
- * gives the reason why it failed and $output contains an error message).
- */
- function serviceWeb($url,&$err_code,&$output)
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( !$PHPCAS_CLIENT->isProxy() ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) {
- phpCAS::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()');
- }
- if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) {
- phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
- }
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be `string\')');
- }
-
- $res = $PHPCAS_CLIENT->serviceWeb($url,$err_code,$output);
-
- phpCAS::traceEnd($res);
- return $res;
- }
-
- /**
- * This method is used to access an IMAP/POP3/NNTP service.
- *
- * @param $url a string giving the URL of the service, including the mailing box
- * for IMAP URLs, as accepted by imap_open().
- * @param $flags options given to imap_open().
- * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
- * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
- * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
- * @param $err_msg an error message on failure
- * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL
- * on success, FALSE on error).
- *
- * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code
- * gives the reason why it failed and $err_msg contains an error message).
- */
- function serviceMail($url,$flags,&$err_code,&$err_msg,&$pt)
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( !$PHPCAS_CLIENT->isProxy() ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) {
- phpCAS::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()');
- }
- if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) {
- phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
- }
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be `string\')');
- }
-
- if ( gettype($flags) != 'integer' ) {
- phpCAS::error('type mismatched for parameter $flags (should be `integer\')');
- }
-
- $res = $PHPCAS_CLIENT->serviceMail($url,$flags,$err_code,$err_msg,$pt);
-
- phpCAS::traceEnd($res);
- return $res;
- }
-
- /** @} */
- // ########################################################################
- // AUTHENTICATION
- // ########################################################################
- /**
- * @addtogroup publicAuth
- * @{
- */
-
- /**
- * Set the times authentication will be cached before really accessing the CAS server in gateway mode:
- * - -1: check only once, and then never again (until you pree login)
- * - 0: always check
- * - n: check every "n" time
- *
- * @param $n an integer.
- */
- function setCacheTimesForAuthRecheck($n)
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- if ( gettype($n) != 'integer' ) {
- phpCAS::error('type mismatched for parameter $header (should be `string\')');
- }
- $PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n);
- }
-
- /**
- * This method is called to check if the user is authenticated (use the gateway feature).
- * @return TRUE when the user is authenticated; otherwise FALSE.
- */
- function checkAuthentication()
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
-
- $auth = $PHPCAS_CLIENT->checkAuthentication();
-
- // store where the authentication has been checked and the result
- $dbg = phpCAS::backtrace();
- $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE,
- 'file' => $dbg[0]['file'],
- 'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__,
- 'result' => $auth );
- phpCAS::traceEnd($auth);
- return $auth;
- }
-
- /**
- * This method is called to force authentication if the user was not already
- * authenticated. If the user is not authenticated, halt by redirecting to
- * the CAS server.
- */
- function forceAuthentication()
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
-
- $auth = $PHPCAS_CLIENT->forceAuthentication();
-
- // store where the authentication has been checked and the result
- $dbg = phpCAS::backtrace();
- $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE,
- 'file' => $dbg[0]['file'],
- 'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__,
- 'result' => $auth );
-
- if ( !$auth ) {
- phpCAS::trace('user is not authenticated, redirecting to the CAS server');
- $PHPCAS_CLIENT->forceAuthentication();
- } else {
- phpCAS::trace('no need to authenticate (user `'.phpCAS::getUser().'\' is already authenticated)');
- }
-
- phpCAS::traceEnd();
- return $auth;
- }
-
- /**
- * This method is called to renew the authentication.
- **/
- function renewAuthentication() {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before'.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
-
- // store where the authentication has been checked and the result
- $dbg = phpCAS::backtrace();
- $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], 'method' => __CLASS__.'::'.__FUNCTION__, 'result' => $auth );
-
- $PHPCAS_CLIENT->renewAuthentication();
- phpCAS::traceEnd();
- }
-
- /**
- * This method has been left from version 0.4.1 for compatibility reasons.
- */
- function authenticate()
- {
- phpCAS::error('this method is deprecated. You should use '.__CLASS__.'::forceAuthentication() instead');
- }
-
- /**
- * This method is called to check if the user is authenticated (previously or by
- * tickets given in the URL).
- *
- * @return TRUE when the user is authenticated.
- */
- function isAuthenticated()
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
-
- // call the isAuthenticated method of the global $PHPCAS_CLIENT object
- $auth = $PHPCAS_CLIENT->isAuthenticated();
-
- // store where the authentication has been checked and the result
- $dbg = phpCAS::backtrace();
- $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE,
- 'file' => $dbg[0]['file'],
- 'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__,
- 'result' => $auth );
- phpCAS::traceEnd($auth);
- return $auth;
- }
-
- /**
- * Checks whether authenticated based on $_SESSION. Useful to avoid
- * server calls.
- * @return true if authenticated, false otherwise.
- * @since 0.4.22 by Brendan Arnold
- */
- function isSessionAuthenticated ()
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- return($PHPCAS_CLIENT->isSessionAuthenticated());
- }
-
- /**
- * This method returns the CAS user's login name.
- * @warning should not be called only after phpCAS::forceAuthentication()
- * or phpCAS::checkAuthentication().
- *
- * @return the login name of the authenticated user
- */
- function getUser()
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
- }
- if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) {
- phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
- }
- return $PHPCAS_CLIENT->getUser();
- }
-
- /**
- * Handle logout requests.
- */
- function handleLogoutRequests($check_client=true, $allowed_clients=false)
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- return($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients));
- }
-
- /**
- * This method returns the URL to be used to login.
- * or phpCAS::isAuthenticated().
- *
- * @return the login name of the authenticated user
- */
- function getServerLoginURL()
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- return $PHPCAS_CLIENT->getServerLoginURL();
- }
-
- /**
- * Set the login URL of the CAS server.
- * @param $url the login URL
- * @since 0.4.21 by Wyman Chan
- */
- function setServerLoginURL($url='')
- {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after
- '.__CLASS__.'::client()');
- }
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be
- `string\')');
- }
- $PHPCAS_CLIENT->setServerLoginURL($url);
- phpCAS::traceEnd();
- }
-
- /**
- * This method returns the URL to be used to login.
- * or phpCAS::isAuthenticated().
- *
- * @return the login name of the authenticated user
- */
- function getServerLogoutURL()
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- return $PHPCAS_CLIENT->getServerLogoutURL();
- }
-
- /**
- * Set the logout URL of the CAS server.
- * @param $url the logout URL
- * @since 0.4.21 by Wyman Chan
- */
- function setServerLogoutURL($url='')
- {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after
- '.__CLASS__.'::client()');
- }
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be
- `string\')');
- }
- $PHPCAS_CLIENT->setServerLogoutURL($url);
- phpCAS::traceEnd();
- }
-
- /**
- * This method is used to logout from CAS.
- * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server
- * @public
- */
- function logout($params = "") {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- $parsedParams = array();
- if ($params != "") {
- if (is_string($params)) {
- phpCAS::error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead');
- }
- if (!is_array($params)) {
- phpCAS::error('type mismatched for parameter $params (should be `array\')');
- }
- foreach ($params as $key => $value) {
- if ($key != "service" && $key != "url") {
- phpCAS::error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\'');
- }
- $parsedParams[$key] = $value;
- }
- }
- $PHPCAS_CLIENT->logout($parsedParams);
- // never reached
- phpCAS::traceEnd();
- }
-
- /**
- * This method is used to logout from CAS. Halts by redirecting to the CAS server.
- * @param $service a URL that will be transmitted to the CAS server
- */
- function logoutWithRedirectService($service) {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- if (!is_string($service)) {
- phpCAS::error('type mismatched for parameter $service (should be `string\')');
- }
- $PHPCAS_CLIENT->logout(array("service" => $service));
- // never reached
- phpCAS::traceEnd();
- }
-
- /**
- * This method is used to logout from CAS. Halts by redirecting to the CAS server.
- * @param $url a URL that will be transmitted to the CAS server
- */
- function logoutWithUrl($url) {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- if (!is_string($url)) {
- phpCAS::error('type mismatched for parameter $url (should be `string\')');
- }
- $PHPCAS_CLIENT->logout(array("url" => $url));
- // never reached
- phpCAS::traceEnd();
- }
-
- /**
- * This method is used to logout from CAS. Halts by redirecting to the CAS server.
- * @param $service a URL that will be transmitted to the CAS server
- * @param $url a URL that will be transmitted to the CAS server
- */
- function logoutWithRedirectServiceAndUrl($service, $url) {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- if (!is_string($service)) {
- phpCAS::error('type mismatched for parameter $service (should be `string\')');
- }
- if (!is_string($url)) {
- phpCAS::error('type mismatched for parameter $url (should be `string\')');
- }
- $PHPCAS_CLIENT->logout(array("service" => $service, "url" => $url));
- // never reached
- phpCAS::traceEnd();
- }
-
- /**
- * Set the fixed URL that will be used by the CAS server to transmit the PGT.
- * When this method is not called, a phpCAS script uses its own URL for the callback.
- *
- * @param $url the URL
- */
- function setFixedCallbackURL($url='')
- {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( !$PHPCAS_CLIENT->isProxy() ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be `string\')');
- }
- $PHPCAS_CLIENT->setCallbackURL($url);
- phpCAS::traceEnd();
- }
-
- /**
- * Set the fixed URL that will be set as the CAS service parameter. When this
- * method is not called, a phpCAS script uses its own URL.
- *
- * @param $url the URL
- */
- function setFixedServiceURL($url)
- {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be `string\')');
- }
- $PHPCAS_CLIENT->setURL($url);
- phpCAS::traceEnd();
- }
-
- /**
- * Get the URL that is set as the CAS service parameter.
- */
- function getServiceURL()
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- return($PHPCAS_CLIENT->getURL());
- }
-
- /**
- * Retrieve a Proxy Ticket from the CAS server.
- */
- function retrievePT($target_service,&$err_code,&$err_msg)
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( gettype($target_service) != 'string' ) {
- phpCAS::error('type mismatched for parameter $target_service(should be `string\')');
- }
- return($PHPCAS_CLIENT->retrievePT($target_service,$err_code,$err_msg));
- }
-
- /**
- * Set the certificate of the CAS server.
- *
- * @param $cert the PEM certificate
- */
- function setCasServerCert($cert)
- {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- if ( gettype($cert) != 'string' ) {
- phpCAS::error('type mismatched for parameter $cert (should be `string\')');
- }
- $PHPCAS_CLIENT->setCasServerCert($cert);
- phpCAS::traceEnd();
- }
-
- /**
- * Set the certificate of the CAS server CA.
- *
- * @param $cert the CA certificate
- */
- function setCasServerCACert($cert)
- {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- if ( gettype($cert) != 'string' ) {
- phpCAS::error('type mismatched for parameter $cert (should be `string\')');
- }
- $PHPCAS_CLIENT->setCasServerCACert($cert);
- phpCAS::traceEnd();
- }
-
- /**
- * Set no SSL validation for the CAS server.
- */
- function setNoCasServerValidation()
- {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- $PHPCAS_CLIENT->setNoCasServerValidation();
- phpCAS::traceEnd();
- }
-
- /** @} */
-
- /**
- * Change CURL options.
- * CURL is used to connect through HTTPS to CAS server
- * @param $key the option key
- * @param $value the value to set
- */
- function setExtraCurlOption($key, $value)
- {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- $PHPCAS_CLIENT->setExtraCurlOption($key, $value);
- phpCAS::traceEnd();
- }
-
-}
-
-// ########################################################################
-// DOCUMENTATION
-// ########################################################################
-
-// ########################################################################
-// MAIN PAGE
-
-/**
- * @mainpage
- *
- * The following pages only show the source documentation.
- *
- */
-
-// ########################################################################
-// MODULES DEFINITION
-
-/** @defgroup public User interface */
-
-/** @defgroup publicInit Initialization
- * @ingroup public */
-
-/** @defgroup publicAuth Authentication
- * @ingroup public */
-
-/** @defgroup publicServices Access to external services
- * @ingroup public */
-
-/** @defgroup publicConfig Configuration
- * @ingroup public */
-
-/** @defgroup publicLang Internationalization
- * @ingroup publicConfig */
-
-/** @defgroup publicOutput HTML output
- * @ingroup publicConfig */
-
-/** @defgroup publicPGTStorage PGT storage
- * @ingroup publicConfig */
-
-/** @defgroup publicDebug Debugging
- * @ingroup public */
-
-
-/** @defgroup internal Implementation */
-
-/** @defgroup internalAuthentication Authentication
- * @ingroup internal */
-
-/** @defgroup internalBasic CAS Basic client features (CAS 1.0, Service Tickets)
- * @ingroup internal */
-
-/** @defgroup internalProxy CAS Proxy features (CAS 2.0, Proxy Granting Tickets)
- * @ingroup internal */
-
-/** @defgroup internalPGTStorage PGT storage
- * @ingroup internalProxy */
-
-/** @defgroup internalPGTStorageDB PGT storage in a database
- * @ingroup internalPGTStorage */
-
-/** @defgroup internalPGTStorageFile PGT storage on the filesystem
- * @ingroup internalPGTStorage */
-
-/** @defgroup internalCallback Callback from the CAS server
- * @ingroup internalProxy */
-
-/** @defgroup internalProxied CAS proxied client features (CAS 2.0, Proxy Tickets)
- * @ingroup internal */
-
-/** @defgroup internalConfig Configuration
- * @ingroup internal */
-
-/** @defgroup internalOutput HTML output
- * @ingroup internalConfig */
-
-/** @defgroup internalLang Internationalization
- * @ingroup internalConfig
- *
- * To add a new language:
- * - 1. define a new constant PHPCAS_LANG_XXXXXX in CAS/CAS.php
- * - 2. copy any file from CAS/languages to CAS/languages/XXXXXX.php
- * - 3. Make the translations
- */
-
-/** @defgroup internalDebug Debugging
- * @ingroup internal */
-
-/** @defgroup internalMisc Miscellaneous
- * @ingroup internal */
-
-// ########################################################################
-// EXAMPLES
-
-/**
- * @example example_simple.php
- */
- /**
- * @example example_proxy.php
- */
- /**
- * @example example_proxy2.php
- */
- /**
- * @example example_lang.php
- */
- /**
- * @example example_html.php
- */
- /**
- * @example example_file.php
- */
- /**
- * @example example_db.php
- */
- /**
- * @example example_service.php
- */
- /**
- * @example example_session_proxy.php
- */
- /**
- * @example example_session_service.php
- */
- /**
- * @example example_gateway.php
- */
-
-
-
-?>
+<?php + +// commented in 0.4.22-RC2 for Sylvain Derosiaux +// error_reporting(E_ALL ^ E_NOTICE); + +// +// hack by Vangelis Haniotakis to handle the absence of $_SERVER['REQUEST_URI'] in IIS +// +if (!$_SERVER['REQUEST_URI']) { + $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING']; +} + +// +// another one by Vangelis Haniotakis also to make phpCAS work with PHP5 +// +if (version_compare(PHP_VERSION,'5','>=')) { + require_once(dirname(__FILE__).'/CAS/domxml-php4-php5.php'); +} + +/** + * @file CAS/CAS.php + * Interface class of the phpCAS library + * + * @ingroup public + */ + +// ######################################################################## +// CONSTANTS +// ######################################################################## + +// ------------------------------------------------------------------------ +// CAS VERSIONS +// ------------------------------------------------------------------------ + +/** + * phpCAS version. accessible for the user by phpCAS::getVersion(). + */ +define('PHPCAS_VERSION','1.0.1'); + +// ------------------------------------------------------------------------ +// CAS VERSIONS +// ------------------------------------------------------------------------ + /** + * @addtogroup public + * @{ + */ + +/** + * CAS version 1.0 + */ +define("CAS_VERSION_1_0",'1.0'); +/*! + * CAS version 2.0 + */ +define("CAS_VERSION_2_0",'2.0'); + +/** @} */ + /** + * @addtogroup publicPGTStorage + * @{ + */ +// ------------------------------------------------------------------------ +// FILE PGT STORAGE +// ------------------------------------------------------------------------ + /** + * Default path used when storing PGT's to file + */ +define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH",'/tmp'); +/** + * phpCAS::setPGTStorageFile()'s 2nd parameter to write plain text files + */ +define("CAS_PGT_STORAGE_FILE_FORMAT_PLAIN",'plain'); +/** + * phpCAS::setPGTStorageFile()'s 2nd parameter to write xml files + */ +define("CAS_PGT_STORAGE_FILE_FORMAT_XML",'xml'); +/** + * Default format used when storing PGT's to file + */ +define("CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT",CAS_PGT_STORAGE_FILE_FORMAT_PLAIN); +// ------------------------------------------------------------------------ +// DATABASE PGT STORAGE +// ------------------------------------------------------------------------ + /** + * default database type when storing PGT's to database + */ +define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE",'mysql'); +/** + * default host when storing PGT's to database + */ +define("CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME",'localhost'); +/** + * default port when storing PGT's to database + */ +define("CAS_PGT_STORAGE_DB_DEFAULT_PORT",''); +/** + * default database when storing PGT's to database + */ +define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE",'phpCAS'); +/** + * default table when storing PGT's to database + */ +define("CAS_PGT_STORAGE_DB_DEFAULT_TABLE",'pgt'); + +/** @} */ +// ------------------------------------------------------------------------ +// SERVICE ACCESS ERRORS +// ------------------------------------------------------------------------ + /** + * @addtogroup publicServices + * @{ + */ + +/** + * phpCAS::service() error code on success + */ +define("PHPCAS_SERVICE_OK",0); +/** + * phpCAS::service() error code when the PT could not retrieve because + * the CAS server did not respond. + */ +define("PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE",1); +/** + * phpCAS::service() error code when the PT could not retrieve because + * the response of the CAS server was ill-formed. + */ +define("PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE",2); +/** + * phpCAS::service() error code when the PT could not retrieve because + * the CAS server did not want to. + */ +define("PHPCAS_SERVICE_PT_FAILURE",3); +/** + * phpCAS::service() error code when the service was not available. + */ +define("PHPCAS_SERVICE_NOT AVAILABLE",4); + +/** @} */ +// ------------------------------------------------------------------------ +// LANGUAGES +// ------------------------------------------------------------------------ + /** + * @addtogroup publicLang + * @{ + */ + +define("PHPCAS_LANG_ENGLISH", 'english'); +define("PHPCAS_LANG_FRENCH", 'french'); +define("PHPCAS_LANG_GREEK", 'greek'); +define("PHPCAS_LANG_GERMAN", 'german'); +define("PHPCAS_LANG_JAPANESE", 'japanese'); +define("PHPCAS_LANG_SPANISH", 'spanish'); +define("PHPCAS_LANG_CATALAN", 'catalan'); + +/** @} */ + +/** + * @addtogroup internalLang + * @{ + */ + +/** + * phpCAS default language (when phpCAS::setLang() is not used) + */ +define("PHPCAS_LANG_DEFAULT", PHPCAS_LANG_ENGLISH); + +/** @} */ +// ------------------------------------------------------------------------ +// DEBUG +// ------------------------------------------------------------------------ + /** + * @addtogroup publicDebug + * @{ + */ + +/** + * The default directory for the debug file under Unix. + */ +define('DEFAULT_DEBUG_DIR','/tmp/'); + +/** @} */ +// ------------------------------------------------------------------------ +// MISC +// ------------------------------------------------------------------------ + /** + * @addtogroup internalMisc + * @{ + */ + +/** + * This global variable is used by the interface class phpCAS. + * + * @hideinitializer + */ +$GLOBALS['PHPCAS_CLIENT'] = null; + +/** + * This global variable is used to store where the initializer is called from + * (to print a comprehensive error in case of multiple calls). + * + * @hideinitializer + */ +$GLOBALS['PHPCAS_INIT_CALL'] = array('done' => FALSE, + 'file' => '?', + 'line' => -1, + 'method' => '?'); + +/** + * This global variable is used to store where the method checking + * the authentication is called from (to print comprehensive errors) + * + * @hideinitializer + */ +$GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array('done' => FALSE, + 'file' => '?', + 'line' => -1, + 'method' => '?', + 'result' => FALSE); + +/** + * This global variable is used to store phpCAS debug mode. + * + * @hideinitializer + */ +$GLOBALS['PHPCAS_DEBUG'] = array('filename' => FALSE, + 'indent' => 0, + 'unique_id' => ''); + +/** @} */ + +// ######################################################################## +// CLIENT CLASS +// ######################################################################## + +// include client class +include_once(dirname(__FILE__).'/CAS/client.php'); + +// ######################################################################## +// INTERFACE CLASS +// ######################################################################## + +/** + * @class phpCAS + * The phpCAS class is a simple container for the phpCAS library. It provides CAS + * authentication for web applications written in PHP. + * + * @ingroup public + * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr> + * + * \internal All its methods access the same object ($PHPCAS_CLIENT, declared + * at the end of CAS/client.php). + */ + + + +class phpCAS +{ + + // ######################################################################## + // INITIALIZATION + // ######################################################################## + + /** + * @addtogroup publicInit + * @{ + */ + + /** + * phpCAS client initializer. + * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be + * called, only once, and before all other methods (except phpCAS::getVersion() + * and phpCAS::setDebug()). + * + * @param $server_version the version of the CAS server + * @param $server_hostname the hostname of the CAS server + * @param $server_port the port the CAS server is running on + * @param $server_uri the URI the CAS server is responding on + * @param $start_session Have phpCAS start PHP sessions (default true) + * + * @return a newly created CASClient object + */ + function client($server_version, + $server_hostname, + $server_port, + $server_uri, + $start_session = true) + { + global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL; + + phpCAS::traceBegin(); + if ( is_object($PHPCAS_CLIENT) ) { + phpCAS::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')'); + } + if ( gettype($server_version) != 'string' ) { + phpCAS::error('type mismatched for parameter $server_version (should be `string\')'); + } + if ( gettype($server_hostname) != 'string' ) { + phpCAS::error('type mismatched for parameter $server_hostname (should be `string\')'); + } + if ( gettype($server_port) != 'integer' ) { + phpCAS::error('type mismatched for parameter $server_port (should be `integer\')'); + } + if ( gettype($server_uri) != 'string' ) { + phpCAS::error('type mismatched for parameter $server_uri (should be `string\')'); + } + + // store where the initialzer is called from + $dbg = phpCAS::backtrace(); + $PHPCAS_INIT_CALL = array('done' => TRUE, + 'file' => $dbg[0]['file'], + 'line' => $dbg[0]['line'], + 'method' => __CLASS__.'::'.__FUNCTION__); + + // initialize the global object $PHPCAS_CLIENT + $PHPCAS_CLIENT = new CASClient($server_version,FALSE/*proxy*/,$server_hostname,$server_port,$server_uri,$start_session); + phpCAS::traceEnd(); + } + + /** + * phpCAS proxy initializer. + * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be + * called, only once, and before all other methods (except phpCAS::getVersion() + * and phpCAS::setDebug()). + * + * @param $server_version the version of the CAS server + * @param $server_hostname the hostname of the CAS server + * @param $server_port the port the CAS server is running on + * @param $server_uri the URI the CAS server is responding on + * @param $start_session Have phpCAS start PHP sessions (default true) + * + * @return a newly created CASClient object + */ + function proxy($server_version, + $server_hostname, + $server_port, + $server_uri, + $start_session = true) + { + global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL; + + phpCAS::traceBegin(); + if ( is_object($PHPCAS_CLIENT) ) { + phpCAS::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')'); + } + if ( gettype($server_version) != 'string' ) { + phpCAS::error('type mismatched for parameter $server_version (should be `string\')'); + } + if ( gettype($server_hostname) != 'string' ) { + phpCAS::error('type mismatched for parameter $server_hostname (should be `string\')'); + } + if ( gettype($server_port) != 'integer' ) { + phpCAS::error('type mismatched for parameter $server_port (should be `integer\')'); + } + if ( gettype($server_uri) != 'string' ) { + phpCAS::error('type mismatched for parameter $server_uri (should be `string\')'); + } + + // store where the initialzer is called from + $dbg = phpCAS::backtrace(); + $PHPCAS_INIT_CALL = array('done' => TRUE, + 'file' => $dbg[0]['file'], + 'line' => $dbg[0]['line'], + 'method' => __CLASS__.'::'.__FUNCTION__); + + // initialize the global object $PHPCAS_CLIENT + $PHPCAS_CLIENT = new CASClient($server_version,TRUE/*proxy*/,$server_hostname,$server_port,$server_uri,$start_session); + phpCAS::traceEnd(); + } + + /** @} */ + // ######################################################################## + // DEBUGGING + // ######################################################################## + + /** + * @addtogroup publicDebug + * @{ + */ + + /** + * Set/unset debug mode + * + * @param $filename the name of the file used for logging, or FALSE to stop debugging. + */ + function setDebug($filename='') + { + global $PHPCAS_DEBUG; + + if ( $filename != FALSE && gettype($filename) != 'string' ) { + phpCAS::error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)'); + } + + if ( empty($filename) ) { + if ( preg_match('/^Win.*/',getenv('OS')) ) { + if ( isset($_ENV['TMP']) ) { + $debugDir = $_ENV['TMP'].'/'; + } else if ( isset($_ENV['TEMP']) ) { + $debugDir = $_ENV['TEMP'].'/'; + } else { + $debugDir = ''; + } + } else { + $debugDir = DEFAULT_DEBUG_DIR; + } + $filename = $debugDir . 'phpCAS.log'; + } + + if ( empty($PHPCAS_DEBUG['unique_id']) ) { + $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))),0,4); + } + + $PHPCAS_DEBUG['filename'] = $filename; + + phpCAS::trace('START ******************'); + } + + /** @} */ + /** + * @addtogroup internalDebug + * @{ + */ + + /** + * This method is a wrapper for debug_backtrace() that is not available + * in all PHP versions (>= 4.3.0 only) + */ + function backtrace() + { + if ( function_exists('debug_backtrace') ) { + return debug_backtrace(); + } else { + // poor man's hack ... but it does work ... + return array(); + } + } + + /** + * Logs a string in debug mode. + * + * @param $str the string to write + * + * @private + */ + function log($str) + { + $indent_str = "."; + global $PHPCAS_DEBUG; + + if ( $PHPCAS_DEBUG['filename'] ) { + for ($i=0;$i<$PHPCAS_DEBUG['indent'];$i++) { + $indent_str .= '| '; + } + error_log($PHPCAS_DEBUG['unique_id'].' '.$indent_str.$str."\n",3,$PHPCAS_DEBUG['filename']); + } + + } + + /** + * This method is used by interface methods to print an error and where the function + * was originally called from. + * + * @param $msg the message to print + * + * @private + */ + function error($msg) + { + $dbg = phpCAS::backtrace(); + $function = '?'; + $file = '?'; + $line = '?'; + if ( is_array($dbg) ) { + for ( $i=1; $i<sizeof($dbg); $i++) { + if ( is_array($dbg[$i]) ) { + if ( $dbg[$i]['class'] == __CLASS__ ) { + $function = $dbg[$i]['function']; + $file = $dbg[$i]['file']; + $line = $dbg[$i]['line']; + } + } + } + } + echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>".__CLASS__."::".$function.'(): '.htmlentities($msg)."</b></font> in <b>".$file."</b> on line <b>".$line."</b><br />\n"; + phpCAS::trace($msg); + phpCAS::traceExit(); + exit(); + } + + /** + * This method is used to log something in debug mode. + */ + function trace($str) + { + $dbg = phpCAS::backtrace(); + phpCAS::log($str.' ['.basename($dbg[1]['file']).':'.$dbg[1]['line'].']'); + } + + /** + * This method is used to indicate the start of the execution of a function in debug mode. + */ + function traceBegin() + { + global $PHPCAS_DEBUG; + + $dbg = phpCAS::backtrace(); + $str = '=> '; + if ( !empty($dbg[2]['class']) ) { + $str .= $dbg[2]['class'].'::'; + } + $str .= $dbg[2]['function'].'('; + if ( is_array($dbg[2]['args']) ) { + foreach ($dbg[2]['args'] as $index => $arg) { + if ( $index != 0 ) { + $str .= ', '; + } + $str .= str_replace("\n","",var_export($arg,TRUE)); + } + } + $str .= ') ['.basename($dbg[2]['file']).':'.$dbg[2]['line'].']'; + phpCAS::log($str); + $PHPCAS_DEBUG['indent'] ++; + } + + /** + * This method is used to indicate the end of the execution of a function in debug mode. + * + * @param $res the result of the function + */ + function traceEnd($res='') + { + global $PHPCAS_DEBUG; + + $PHPCAS_DEBUG['indent'] --; + $dbg = phpCAS::backtrace(); + $str = ''; + $str .= '<= '.str_replace("\n","",var_export($res,TRUE)); + phpCAS::log($str); + } + + /** + * This method is used to indicate the end of the execution of the program + */ + function traceExit() + { + global $PHPCAS_DEBUG; + + phpCAS::log('exit()'); + while ( $PHPCAS_DEBUG['indent'] > 0 ) { + phpCAS::log('-'); + $PHPCAS_DEBUG['indent'] --; + } + } + + /** @} */ + // ######################################################################## + // INTERNATIONALIZATION + // ######################################################################## + /** + * @addtogroup publicLang + * @{ + */ + + /** + * This method is used to set the language used by phpCAS. + * @note Can be called only once. + * + * @param $lang a string representing the language. + * + * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH + */ + function setLang($lang) + { + global $PHPCAS_CLIENT; + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + } + if ( gettype($lang) != 'string' ) { + phpCAS::error('type mismatched for parameter $lang (should be `string\')'); + } + $PHPCAS_CLIENT->setLang($lang); + } + + /** @} */ + // ######################################################################## + // VERSION + // ######################################################################## + /** + * @addtogroup public + * @{ + */ + + /** + * This method returns the phpCAS version. + * + * @return the phpCAS version. + */ + function getVersion() + { + return PHPCAS_VERSION; + } + + /** @} */ + // ######################################################################## + // HTML OUTPUT + // ######################################################################## + /** + * @addtogroup publicOutput + * @{ + */ + + /** + * This method sets the HTML header used for all outputs. + * + * @param $header the HTML header. + */ + function setHTMLHeader($header) + { + global $PHPCAS_CLIENT; + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + } + if ( gettype($header) != 'string' ) { + phpCAS::error('type mismatched for parameter $header (should be `string\')'); + } + $PHPCAS_CLIENT->setHTMLHeader($header); + } + + /** + * This method sets the HTML footer used for all outputs. + * + * @param $footer the HTML footer. + */ + function setHTMLFooter($footer) + { + global $PHPCAS_CLIENT; + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + } + if ( gettype($footer) != 'string' ) { + phpCAS::error('type mismatched for parameter $footer (should be `string\')'); + } + $PHPCAS_CLIENT->setHTMLFooter($footer); + } + + /** @} */ + // ######################################################################## + // PGT STORAGE + // ######################################################################## + /** + * @addtogroup publicPGTStorage + * @{ + */ + + /** + * This method is used to tell phpCAS to store the response of the + * CAS server to PGT requests onto the filesystem. + * + * @param $format the format used to store the PGT's (`plain' and `xml' allowed) + * @param $path the path where the PGT's should be stored + */ + function setPGTStorageFile($format='', + $path='') + { + global $PHPCAS_CLIENT,$PHPCAS_AUTH_CHECK_CALL; + + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + } + if ( !$PHPCAS_CLIENT->isProxy() ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + } + if ( $PHPCAS_AUTH_CHECK_CALL['done'] ) { + phpCAS::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')'); + } + if ( gettype($format) != 'string' ) { + phpCAS::error('type mismatched for parameter $format (should be `string\')'); + } + if ( gettype($path) != 'string' ) { + phpCAS::error('type mismatched for parameter $format (should be `string\')'); + } + $PHPCAS_CLIENT->setPGTStorageFile($format,$path); + phpCAS::traceEnd(); + } + + /** + * This method is used to tell phpCAS to store the response of the + * CAS server to PGT requests into a database. + * @note The connection to the database is done only when needed. + * As a consequence, bad parameters are detected only when + * initializing PGT storage, except in debug mode. + * + * @param $user the user to access the data with + * @param $password the user's password + * @param $database_type the type of the database hosting the data + * @param $hostname the server hosting the database + * @param $port the port the server is listening on + * @param $database the name of the database + * @param $table the name of the table storing the data + */ + function setPGTStorageDB($user, + $password, + $database_type='', + $hostname='', + $port=0, + $database='', + $table='') + { + global $PHPCAS_CLIENT,$PHPCAS_AUTH_CHECK_CALL; + + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + } + if ( !$PHPCAS_CLIENT->isProxy() ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + } + if ( $PHPCAS_AUTH_CHECK_CALL['done'] ) { + phpCAS::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')'); + } + if ( gettype($user) != 'string' ) { + phpCAS::error('type mismatched for parameter $user (should be `string\')'); + } + if ( gettype($password) != 'string' ) { + phpCAS::error('type mismatched for parameter $password (should be `string\')'); + } + if ( gettype($database_type) != 'string' ) { + phpCAS::error('type mismatched for parameter $database_type (should be `string\')'); + } + if ( gettype($hostname) != 'string' ) { + phpCAS::error('type mismatched for parameter $hostname (should be `string\')'); + } + if ( gettype($port) != 'integer' ) { + phpCAS::error('type mismatched for parameter $port (should be `integer\')'); + } + if ( gettype($database) != 'string' ) { + phpCAS::error('type mismatched for parameter $database (should be `string\')'); + } + if ( gettype($table) != 'string' ) { + phpCAS::error('type mismatched for parameter $table (should be `string\')'); + } + $PHPCAS_CLIENT->setPGTStorageDB($this,$user,$password,$hostname,$port,$database,$table); + phpCAS::traceEnd(); + } + + /** @} */ + // ######################################################################## + // ACCESS TO EXTERNAL SERVICES + // ######################################################################## + /** + * @addtogroup publicServices + * @{ + */ + + /** + * This method is used to access an HTTP[S] service. + * + * @param $url the service to access. + * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on + * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, + * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE. + * @param $output the output of the service (also used to give an error + * message on failure). + * + * @return TRUE on success, FALSE otherwise (in this later case, $err_code + * gives the reason why it failed and $output contains an error message). + */ + function serviceWeb($url,&$err_code,&$output) + { + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; + + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + } + if ( !$PHPCAS_CLIENT->isProxy() ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + } + if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) { + phpCAS::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()'); + } + if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) { + phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE'); + } + if ( gettype($url) != 'string' ) { + phpCAS::error('type mismatched for parameter $url (should be `string\')'); + } + + $res = $PHPCAS_CLIENT->serviceWeb($url,$err_code,$output); + + phpCAS::traceEnd($res); + return $res; + } + + /** + * This method is used to access an IMAP/POP3/NNTP service. + * + * @param $url a string giving the URL of the service, including the mailing box + * for IMAP URLs, as accepted by imap_open(). + * @param $flags options given to imap_open(). + * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on + * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, + * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE. + * @param $err_msg an error message on failure + * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL + * on success, FALSE on error). + * + * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code + * gives the reason why it failed and $err_msg contains an error message). + */ + function serviceMail($url,$flags,&$err_code,&$err_msg,&$pt) + { + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; + + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + } + if ( !$PHPCAS_CLIENT->isProxy() ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + } + if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) { + phpCAS::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()'); + } + if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) { + phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE'); + } + if ( gettype($url) != 'string' ) { + phpCAS::error('type mismatched for parameter $url (should be `string\')'); + } + + if ( gettype($flags) != 'integer' ) { + phpCAS::error('type mismatched for parameter $flags (should be `integer\')'); + } + + $res = $PHPCAS_CLIENT->serviceMail($url,$flags,$err_code,$err_msg,$pt); + + phpCAS::traceEnd($res); + return $res; + } + + /** @} */ + // ######################################################################## + // AUTHENTICATION + // ######################################################################## + /** + * @addtogroup publicAuth + * @{ + */ + + /** + * Set the times authentication will be cached before really accessing the CAS server in gateway mode: + * - -1: check only once, and then never again (until you pree login) + * - 0: always check + * - n: check every "n" time + * + * @param $n an integer. + */ + function setCacheTimesForAuthRecheck($n) + { + global $PHPCAS_CLIENT; + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + } + if ( gettype($n) != 'integer' ) { + phpCAS::error('type mismatched for parameter $header (should be `string\')'); + } + $PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n); + } + + /** + * This method is called to check if the user is authenticated (use the gateway feature). + * @return TRUE when the user is authenticated; otherwise FALSE. + */ + function checkAuthentication() + { + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; + + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + } + + $auth = $PHPCAS_CLIENT->checkAuthentication(); + + // store where the authentication has been checked and the result + $dbg = phpCAS::backtrace(); + $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE, + 'file' => $dbg[0]['file'], + 'line' => $dbg[0]['line'], + 'method' => __CLASS__.'::'.__FUNCTION__, + 'result' => $auth ); + phpCAS::traceEnd($auth); + return $auth; + } + + /** + * This method is called to force authentication if the user was not already + * authenticated. If the user is not authenticated, halt by redirecting to + * the CAS server. + */ + function forceAuthentication() + { + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; + + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + } + + $auth = $PHPCAS_CLIENT->forceAuthentication(); + + // store where the authentication has been checked and the result + $dbg = phpCAS::backtrace(); + $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE, + 'file' => $dbg[0]['file'], + 'line' => $dbg[0]['line'], + 'method' => __CLASS__.'::'.__FUNCTION__, + 'result' => $auth ); + + if ( !$auth ) { + phpCAS::trace('user is not authenticated, redirecting to the CAS server'); + $PHPCAS_CLIENT->forceAuthentication(); + } else { + phpCAS::trace('no need to authenticate (user `'.phpCAS::getUser().'\' is already authenticated)'); + } + + phpCAS::traceEnd(); + return $auth; + } + + /** + * This method is called to renew the authentication. + **/ + function renewAuthentication() { + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; + + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should not be called before'.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + } + + // store where the authentication has been checked and the result + $dbg = phpCAS::backtrace(); + $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], 'method' => __CLASS__.'::'.__FUNCTION__, 'result' => $auth ); + + $PHPCAS_CLIENT->renewAuthentication(); + phpCAS::traceEnd(); + } + + /** + * This method has been left from version 0.4.1 for compatibility reasons. + */ + function authenticate() + { + phpCAS::error('this method is deprecated. You should use '.__CLASS__.'::forceAuthentication() instead'); + } + + /** + * This method is called to check if the user is authenticated (previously or by + * tickets given in the URL). + * + * @return TRUE when the user is authenticated. + */ + function isAuthenticated() + { + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; + + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + } + + // call the isAuthenticated method of the global $PHPCAS_CLIENT object + $auth = $PHPCAS_CLIENT->isAuthenticated(); + + // store where the authentication has been checked and the result + $dbg = phpCAS::backtrace(); + $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE, + 'file' => $dbg[0]['file'], + 'line' => $dbg[0]['line'], + 'method' => __CLASS__.'::'.__FUNCTION__, + 'result' => $auth ); + phpCAS::traceEnd($auth); + return $auth; + } + + /** + * Checks whether authenticated based on $_SESSION. Useful to avoid + * server calls. + * @return true if authenticated, false otherwise. + * @since 0.4.22 by Brendan Arnold + */ + function isSessionAuthenticated () + { + global $PHPCAS_CLIENT; + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + } + return($PHPCAS_CLIENT->isSessionAuthenticated()); + } + + /** + * This method returns the CAS user's login name. + * @warning should not be called only after phpCAS::forceAuthentication() + * or phpCAS::checkAuthentication(). + * + * @return the login name of the authenticated user + */ + function getUser() + { + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + } + if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'); + } + if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) { + phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE'); + } + return $PHPCAS_CLIENT->getUser(); + } + + /** + * Handle logout requests. + */ + function handleLogoutRequests($check_client=true, $allowed_clients=false) + { + global $PHPCAS_CLIENT; + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + } + return($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients)); + } + + /** + * This method returns the URL to be used to login. + * or phpCAS::isAuthenticated(). + * + * @return the login name of the authenticated user + */ + function getServerLoginURL() + { + global $PHPCAS_CLIENT; + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + } + return $PHPCAS_CLIENT->getServerLoginURL(); + } + + /** + * Set the login URL of the CAS server. + * @param $url the login URL + * @since 0.4.21 by Wyman Chan + */ + function setServerLoginURL($url='') + { + global $PHPCAS_CLIENT; + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should only be called after + '.__CLASS__.'::client()'); + } + if ( gettype($url) != 'string' ) { + phpCAS::error('type mismatched for parameter $url (should be + `string\')'); + } + $PHPCAS_CLIENT->setServerLoginURL($url); + phpCAS::traceEnd(); + } + + /** + * This method returns the URL to be used to login. + * or phpCAS::isAuthenticated(). + * + * @return the login name of the authenticated user + */ + function getServerLogoutURL() + { + global $PHPCAS_CLIENT; + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + } + return $PHPCAS_CLIENT->getServerLogoutURL(); + } + + /** + * Set the logout URL of the CAS server. + * @param $url the logout URL + * @since 0.4.21 by Wyman Chan + */ + function setServerLogoutURL($url='') + { + global $PHPCAS_CLIENT; + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should only be called after + '.__CLASS__.'::client()'); + } + if ( gettype($url) != 'string' ) { + phpCAS::error('type mismatched for parameter $url (should be + `string\')'); + } + $PHPCAS_CLIENT->setServerLogoutURL($url); + phpCAS::traceEnd(); + } + + /** + * This method is used to logout from CAS. + * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server + * @public + */ + function logout($params = "") { + global $PHPCAS_CLIENT; + phpCAS::traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); + } + $parsedParams = array(); + if ($params != "") { + if (is_string($params)) { + phpCAS::error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead'); + } + if (!is_array($params)) { + phpCAS::error('type mismatched for parameter $params (should be `array\')'); + } + foreach ($params as $key => $value) { + if ($key != "service" && $key != "url") { + phpCAS::error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\''); + } + $parsedParams[$key] = $value; + } + } + $PHPCAS_CLIENT->logout($parsedParams); + // never reached + phpCAS::traceEnd(); + } + + /** + * This method is used to logout from CAS. Halts by redirecting to the CAS server. + * @param $service a URL that will be transmitted to the CAS server + */ + function logoutWithRedirectService($service) { + global $PHPCAS_CLIENT; + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); + } + if (!is_string($service)) { + phpCAS::error('type mismatched for parameter $service (should be `string\')'); + } + $PHPCAS_CLIENT->logout(array("service" => $service)); + // never reached + phpCAS::traceEnd(); + } + + /** + * This method is used to logout from CAS. Halts by redirecting to the CAS server. + * @param $url a URL that will be transmitted to the CAS server + */ + function logoutWithUrl($url) { + global $PHPCAS_CLIENT; + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); + } + if (!is_string($url)) { + phpCAS::error('type mismatched for parameter $url (should be `string\')'); + } + $PHPCAS_CLIENT->logout(array("url" => $url)); + // never reached + phpCAS::traceEnd(); + } + + /** + * This method is used to logout from CAS. Halts by redirecting to the CAS server. + * @param $service a URL that will be transmitted to the CAS server + * @param $url a URL that will be transmitted to the CAS server + */ + function logoutWithRedirectServiceAndUrl($service, $url) { + global $PHPCAS_CLIENT; + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); + } + if (!is_string($service)) { + phpCAS::error('type mismatched for parameter $service (should be `string\')'); + } + if (!is_string($url)) { + phpCAS::error('type mismatched for parameter $url (should be `string\')'); + } + $PHPCAS_CLIENT->logout(array("service" => $service, "url" => $url)); + // never reached + phpCAS::traceEnd(); + } + + /** + * Set the fixed URL that will be used by the CAS server to transmit the PGT. + * When this method is not called, a phpCAS script uses its own URL for the callback. + * + * @param $url the URL + */ + function setFixedCallbackURL($url='') + { + global $PHPCAS_CLIENT; + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + } + if ( !$PHPCAS_CLIENT->isProxy() ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + } + if ( gettype($url) != 'string' ) { + phpCAS::error('type mismatched for parameter $url (should be `string\')'); + } + $PHPCAS_CLIENT->setCallbackURL($url); + phpCAS::traceEnd(); + } + + /** + * Set the fixed URL that will be set as the CAS service parameter. When this + * method is not called, a phpCAS script uses its own URL. + * + * @param $url the URL + */ + function setFixedServiceURL($url) + { + global $PHPCAS_CLIENT; + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + } + if ( gettype($url) != 'string' ) { + phpCAS::error('type mismatched for parameter $url (should be `string\')'); + } + $PHPCAS_CLIENT->setURL($url); + phpCAS::traceEnd(); + } + + /** + * Get the URL that is set as the CAS service parameter. + */ + function getServiceURL() + { + global $PHPCAS_CLIENT; + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + } + return($PHPCAS_CLIENT->getURL()); + } + + /** + * Retrieve a Proxy Ticket from the CAS server. + */ + function retrievePT($target_service,&$err_code,&$err_msg) + { + global $PHPCAS_CLIENT; + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + } + if ( gettype($target_service) != 'string' ) { + phpCAS::error('type mismatched for parameter $target_service(should be `string\')'); + } + return($PHPCAS_CLIENT->retrievePT($target_service,$err_code,$err_msg)); + } + + /** + * Set the certificate of the CAS server. + * + * @param $cert the PEM certificate + */ + function setCasServerCert($cert) + { + global $PHPCAS_CLIENT; + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); + } + if ( gettype($cert) != 'string' ) { + phpCAS::error('type mismatched for parameter $cert (should be `string\')'); + } + $PHPCAS_CLIENT->setCasServerCert($cert); + phpCAS::traceEnd(); + } + + /** + * Set the certificate of the CAS server CA. + * + * @param $cert the CA certificate + */ + function setCasServerCACert($cert) + { + global $PHPCAS_CLIENT; + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); + } + if ( gettype($cert) != 'string' ) { + phpCAS::error('type mismatched for parameter $cert (should be `string\')'); + } + $PHPCAS_CLIENT->setCasServerCACert($cert); + phpCAS::traceEnd(); + } + + /** + * Set no SSL validation for the CAS server. + */ + function setNoCasServerValidation() + { + global $PHPCAS_CLIENT; + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); + } + $PHPCAS_CLIENT->setNoCasServerValidation(); + phpCAS::traceEnd(); + } + + /** @} */ + + /** + * Change CURL options. + * CURL is used to connect through HTTPS to CAS server + * @param $key the option key + * @param $value the value to set + */ + function setExtraCurlOption($key, $value) + { + global $PHPCAS_CLIENT; + phpCAS::traceBegin(); + if ( !is_object($PHPCAS_CLIENT) ) { + phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); + } + $PHPCAS_CLIENT->setExtraCurlOption($key, $value); + phpCAS::traceEnd(); + } + +} + +// ######################################################################## +// DOCUMENTATION +// ######################################################################## + +// ######################################################################## +// MAIN PAGE + +/** + * @mainpage + * + * The following pages only show the source documentation. + * + */ + +// ######################################################################## +// MODULES DEFINITION + +/** @defgroup public User interface */ + +/** @defgroup publicInit Initialization + * @ingroup public */ + +/** @defgroup publicAuth Authentication + * @ingroup public */ + +/** @defgroup publicServices Access to external services + * @ingroup public */ + +/** @defgroup publicConfig Configuration + * @ingroup public */ + +/** @defgroup publicLang Internationalization + * @ingroup publicConfig */ + +/** @defgroup publicOutput HTML output + * @ingroup publicConfig */ + +/** @defgroup publicPGTStorage PGT storage + * @ingroup publicConfig */ + +/** @defgroup publicDebug Debugging + * @ingroup public */ + + +/** @defgroup internal Implementation */ + +/** @defgroup internalAuthentication Authentication + * @ingroup internal */ + +/** @defgroup internalBasic CAS Basic client features (CAS 1.0, Service Tickets) + * @ingroup internal */ + +/** @defgroup internalProxy CAS Proxy features (CAS 2.0, Proxy Granting Tickets) + * @ingroup internal */ + +/** @defgroup internalPGTStorage PGT storage + * @ingroup internalProxy */ + +/** @defgroup internalPGTStorageDB PGT storage in a database + * @ingroup internalPGTStorage */ + +/** @defgroup internalPGTStorageFile PGT storage on the filesystem + * @ingroup internalPGTStorage */ + +/** @defgroup internalCallback Callback from the CAS server + * @ingroup internalProxy */ + +/** @defgroup internalProxied CAS proxied client features (CAS 2.0, Proxy Tickets) + * @ingroup internal */ + +/** @defgroup internalConfig Configuration + * @ingroup internal */ + +/** @defgroup internalOutput HTML output + * @ingroup internalConfig */ + +/** @defgroup internalLang Internationalization + * @ingroup internalConfig + * + * To add a new language: + * - 1. define a new constant PHPCAS_LANG_XXXXXX in CAS/CAS.php + * - 2. copy any file from CAS/languages to CAS/languages/XXXXXX.php + * - 3. Make the translations + */ + +/** @defgroup internalDebug Debugging + * @ingroup internal */ + +/** @defgroup internalMisc Miscellaneous + * @ingroup internal */ + +// ######################################################################## +// EXAMPLES + +/** + * @example example_simple.php + */ + /** + * @example example_proxy.php + */ + /** + * @example example_proxy2.php + */ + /** + * @example example_lang.php + */ + /** + * @example example_html.php + */ + /** + * @example example_file.php + */ + /** + * @example example_db.php + */ + /** + * @example example_service.php + */ + /** + * @example example_session_proxy.php + */ + /** + * @example example_session_service.php + */ + /** + * @example example_gateway.php + */ + + + +?> diff --git a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php index 5a589e4b2..00797b9c5 100644 --- a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php +++ b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php @@ -1,190 +1,190 @@ -<?php
-
-/**
- * @file CAS/PGTStorage/pgt-db.php
- * Basic class for PGT database storage
- */
-
-/**
- * @class PGTStorageDB
- * The PGTStorageDB class is a class for PGT database storage. An instance of
- * this class is returned by CASClient::SetPGTStorageDB().
- *
- * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
- *
- * @ingroup internalPGTStorageDB
- */
-
-class PGTStorageDB extends PGTStorage
-{
- /**
- * @addtogroup internalPGTStorageDB
- * @{
- */
-
- /**
- * a string representing a PEAR DB URL to connect to the database. Written by
- * PGTStorageDB::PGTStorageDB(), read by getURL().
- *
- * @hideinitializer
- * @private
- */
- var $_url='';
-
- /**
- * This method returns the PEAR DB URL to use to connect to the database.
- *
- * @return a PEAR DB URL
- *
- * @private
- */
- function getURL()
- {
- return $this->_url;
- }
-
- /**
- * The handle of the connection to the database where PGT's are stored. Written by
- * PGTStorageDB::init(), read by getLink().
- *
- * @hideinitializer
- * @private
- */
- var $_link = null;
-
- /**
- * This method returns the handle of the connection to the database where PGT's are
- * stored.
- *
- * @return a handle of connection.
- *
- * @private
- */
- function getLink()
- {
- return $this->_link;
- }
-
- /**
- * The name of the table where PGT's are stored. Written by
- * PGTStorageDB::PGTStorageDB(), read by getTable().
- *
- * @hideinitializer
- * @private
- */
- var $_table = '';
-
- /**
- * This method returns the name of the table where PGT's are stored.
- *
- * @return the name of a table.
- *
- * @private
- */
- function getTable()
- {
- return $this->_table;
- }
-
- // ########################################################################
- // DEBUGGING
- // ########################################################################
-
- /**
- * This method returns an informational string giving the type of storage
- * used by the object (used for debugging purposes).
- *
- * @return an informational string.
- * @public
- */
- function getStorageType()
- {
- return "database";
- }
-
- /**
- * This method returns an informational string giving informations on the
- * parameters of the storage.(used for debugging purposes).
- *
- * @public
- */
- function getStorageInfo()
- {
- return 'url=`'.$this->getURL().'\', table=`'.$this->getTable().'\'';
- }
-
- // ########################################################################
- // CONSTRUCTOR
- // ########################################################################
-
- /**
- * The class constructor, called by CASClient::SetPGTStorageDB().
- *
- * @param $cas_parent the CASClient instance that creates the object.
- * @param $user the user to access the data with
- * @param $password the user's password
- * @param $database_type the type of the database hosting the data
- * @param $hostname the server hosting the database
- * @param $port the port the server is listening on
- * @param $database the name of the database
- * @param $table the name of the table storing the data
- *
- * @public
- */
- function PGTStorageDB($cas_parent,$user,$password,$database_type,$hostname,$port,$database,$table)
- {
- phpCAS::traceBegin();
-
- // call the ancestor's constructor
- $this->PGTStorage($cas_parent);
-
- if ( empty($database_type) ) $database_type = CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE;
- if ( empty($hostname) ) $hostname = CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME;
- if ( $port==0 ) $port = CAS_PGT_STORAGE_DB_DEFAULT_PORT;
- if ( empty($database) ) $database = CAS_PGT_STORAGE_DB_DEFAULT_DATABASE;
- if ( empty($table) ) $table = CAS_PGT_STORAGE_DB_DEFAULT_TABLE;
-
- // build and store the PEAR DB URL
- $this->_url = $database_type.':'.'//'.$user.':'.$password.'@'.$hostname.':'.$port.'/'.$database;
-
- // XXX should use setURL and setTable
- phpCAS::traceEnd();
- }
-
- // ########################################################################
- // INITIALIZATION
- // ########################################################################
-
- /**
- * This method is used to initialize the storage. Halts on error.
- *
- * @public
- */
- function init()
- {
- phpCAS::traceBegin();
- // if the storage has already been initialized, return immediatly
- if ( $this->isInitialized() )
- return;
- // call the ancestor's method (mark as initialized)
- parent::init();
-
- //include phpDB library (the test was introduced in release 0.4.8 for
- //the integration into Tikiwiki).
- if (!class_exists('DB')) {
- include_once('DB.php');
- }
-
- // try to connect to the database
- $this->_link = DB::connect($this->getURL());
- if ( DB::isError($this->_link) ) {
- phpCAS::error('could not connect to database ('.DB::errorMessage($this->_link).')');
- }
- var_dump($this->_link);
- phpCAS::traceBEnd();
- }
-
- /** @} */
-}
-
+<?php + +/** + * @file CAS/PGTStorage/pgt-db.php + * Basic class for PGT database storage + */ + +/** + * @class PGTStorageDB + * The PGTStorageDB class is a class for PGT database storage. An instance of + * this class is returned by CASClient::SetPGTStorageDB(). + * + * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr> + * + * @ingroup internalPGTStorageDB + */ + +class PGTStorageDB extends PGTStorage +{ + /** + * @addtogroup internalPGTStorageDB + * @{ + */ + + /** + * a string representing a PEAR DB URL to connect to the database. Written by + * PGTStorageDB::PGTStorageDB(), read by getURL(). + * + * @hideinitializer + * @private + */ + var $_url=''; + + /** + * This method returns the PEAR DB URL to use to connect to the database. + * + * @return a PEAR DB URL + * + * @private + */ + function getURL() + { + return $this->_url; + } + + /** + * The handle of the connection to the database where PGT's are stored. Written by + * PGTStorageDB::init(), read by getLink(). + * + * @hideinitializer + * @private + */ + var $_link = null; + + /** + * This method returns the handle of the connection to the database where PGT's are + * stored. + * + * @return a handle of connection. + * + * @private + */ + function getLink() + { + return $this->_link; + } + + /** + * The name of the table where PGT's are stored. Written by + * PGTStorageDB::PGTStorageDB(), read by getTable(). + * + * @hideinitializer + * @private + */ + var $_table = ''; + + /** + * This method returns the name of the table where PGT's are stored. + * + * @return the name of a table. + * + * @private + */ + function getTable() + { + return $this->_table; + } + + // ######################################################################## + // DEBUGGING + // ######################################################################## + + /** + * This method returns an informational string giving the type of storage + * used by the object (used for debugging purposes). + * + * @return an informational string. + * @public + */ + function getStorageType() + { + return "database"; + } + + /** + * This method returns an informational string giving informations on the + * parameters of the storage.(used for debugging purposes). + * + * @public + */ + function getStorageInfo() + { + return 'url=`'.$this->getURL().'\', table=`'.$this->getTable().'\''; + } + + // ######################################################################## + // CONSTRUCTOR + // ######################################################################## + + /** + * The class constructor, called by CASClient::SetPGTStorageDB(). + * + * @param $cas_parent the CASClient instance that creates the object. + * @param $user the user to access the data with + * @param $password the user's password + * @param $database_type the type of the database hosting the data + * @param $hostname the server hosting the database + * @param $port the port the server is listening on + * @param $database the name of the database + * @param $table the name of the table storing the data + * + * @public + */ + function PGTStorageDB($cas_parent,$user,$password,$database_type,$hostname,$port,$database,$table) + { + phpCAS::traceBegin(); + + // call the ancestor's constructor + $this->PGTStorage($cas_parent); + + if ( empty($database_type) ) $database_type = CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE; + if ( empty($hostname) ) $hostname = CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME; + if ( $port==0 ) $port = CAS_PGT_STORAGE_DB_DEFAULT_PORT; + if ( empty($database) ) $database = CAS_PGT_STORAGE_DB_DEFAULT_DATABASE; + if ( empty($table) ) $table = CAS_PGT_STORAGE_DB_DEFAULT_TABLE; + + // build and store the PEAR DB URL + $this->_url = $database_type.':'.'//'.$user.':'.$password.'@'.$hostname.':'.$port.'/'.$database; + + // XXX should use setURL and setTable + phpCAS::traceEnd(); + } + + // ######################################################################## + // INITIALIZATION + // ######################################################################## + + /** + * This method is used to initialize the storage. Halts on error. + * + * @public + */ + function init() + { + phpCAS::traceBegin(); + // if the storage has already been initialized, return immediatly + if ( $this->isInitialized() ) + return; + // call the ancestor's method (mark as initialized) + parent::init(); + + //include phpDB library (the test was introduced in release 0.4.8 for + //the integration into Tikiwiki). + if (!class_exists('DB')) { + include_once('DB.php'); + } + + // try to connect to the database + $this->_link = DB::connect($this->getURL()); + if ( DB::isError($this->_link) ) { + phpCAS::error('could not connect to database ('.DB::errorMessage($this->_link).')'); + } + var_dump($this->_link); + phpCAS::traceBEnd(); + } + + /** @} */ +} + ?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-file.php b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-file.php index bc07485b8..d48a60d67 100644 --- a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-file.php +++ b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-file.php @@ -1,249 +1,249 @@ -<?php
-
-/**
- * @file CAS/PGTStorage/pgt-file.php
- * Basic class for PGT file storage
- */
-
-/**
- * @class PGTStorageFile
- * The PGTStorageFile class is a class for PGT file storage. An instance of
- * this class is returned by CASClient::SetPGTStorageFile().
- *
- * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
- *
- * @ingroup internalPGTStorageFile
- */
-
-class PGTStorageFile extends PGTStorage
-{
- /**
- * @addtogroup internalPGTStorageFile
- * @{
- */
-
- /**
- * a string telling where PGT's should be stored on the filesystem. Written by
- * PGTStorageFile::PGTStorageFile(), read by getPath().
- *
- * @private
- */
- var $_path;
-
- /**
- * This method returns the name of the directory where PGT's should be stored
- * on the filesystem.
- *
- * @return the name of a directory (with leading and trailing '/')
- *
- * @private
- */
- function getPath()
- {
- return $this->_path;
- }
-
- /**
- * a string telling the format to use to store PGT's (plain or xml). Written by
- * PGTStorageFile::PGTStorageFile(), read by getFormat().
- *
- * @private
- */
- var $_format;
-
- /**
- * This method returns the format to use when storing PGT's on the filesystem.
- *
- * @return a string corresponding to the format used (plain or xml).
- *
- * @private
- */
- function getFormat()
- {
- return $this->_format;
- }
-
- // ########################################################################
- // DEBUGGING
- // ########################################################################
-
- /**
- * This method returns an informational string giving the type of storage
- * used by the object (used for debugging purposes).
- *
- * @return an informational string.
- * @public
- */
- function getStorageType()
- {
- return "file";
- }
-
- /**
- * This method returns an informational string giving informations on the
- * parameters of the storage.(used for debugging purposes).
- *
- * @return an informational string.
- * @public
- */
- function getStorageInfo()
- {
- return 'path=`'.$this->getPath().'\', format=`'.$this->getFormat().'\'';
- }
-
- // ########################################################################
- // CONSTRUCTOR
- // ########################################################################
-
- /**
- * The class constructor, called by CASClient::SetPGTStorageFile().
- *
- * @param $cas_parent the CASClient instance that creates the object.
- * @param $format the format used to store the PGT's (`plain' and `xml' allowed).
- * @param $path the path where the PGT's should be stored
- *
- * @public
- */
- function PGTStorageFile($cas_parent,$format,$path)
- {
- phpCAS::traceBegin();
- // call the ancestor's constructor
- $this->PGTStorage($cas_parent);
-
- if (empty($format) ) $format = CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT;
- if (empty($path) ) $path = CAS_PGT_STORAGE_FILE_DEFAULT_PATH;
-
- // check that the path is an absolute path
- if (getenv("OS")=="Windows_NT"){
-
- if (!preg_match('`^[a-zA-Z]:`', $path)) {
- phpCAS::error('an absolute path is needed for PGT storage to file');
- }
-
- }
- else
- {
-
- if ( $path[0] != '/' ) {
- phpCAS::error('an absolute path is needed for PGT storage to file');
- }
-
- // store the path (with a leading and trailing '/')
- $path = preg_replace('|[/]*$|','/',$path);
- $path = preg_replace('|^[/]*|','/',$path);
- }
-
- $this->_path = $path;
- // check the format and store it
- switch ($format) {
- case CAS_PGT_STORAGE_FILE_FORMAT_PLAIN:
- case CAS_PGT_STORAGE_FILE_FORMAT_XML:
- $this->_format = $format;
- break;
- default:
- phpCAS::error('unknown PGT file storage format (`'.CAS_PGT_STORAGE_FILE_FORMAT_PLAIN.'\' and `'.CAS_PGT_STORAGE_FILE_FORMAT_XML.'\' allowed)');
- }
- phpCAS::traceEnd();
- }
-
- // ########################################################################
- // INITIALIZATION
- // ########################################################################
-
- /**
- * This method is used to initialize the storage. Halts on error.
- *
- * @public
- */
- function init()
- {
- phpCAS::traceBegin();
- // if the storage has already been initialized, return immediatly
- if ( $this->isInitialized() )
- return;
- // call the ancestor's method (mark as initialized)
- parent::init();
- phpCAS::traceEnd();
- }
-
- // ########################################################################
- // PGT I/O
- // ########################################################################
-
- /**
- * This method returns the filename corresponding to a PGT Iou.
- *
- * @param $pgt_iou the PGT iou.
- *
- * @return a filename
- * @private
- */
- function getPGTIouFilename($pgt_iou)
- {
- phpCAS::traceBegin();
- $filename = $this->getPath().$pgt_iou.'.'.$this->getFormat();
- phpCAS::traceEnd($filename);
- return $filename;
- }
-
- /**
- * This method stores a PGT and its corresponding PGT Iou into a file. Echoes a
- * warning on error.
- *
- * @param $pgt the PGT
- * @param $pgt_iou the PGT iou
- *
- * @public
- */
- function write($pgt,$pgt_iou)
- {
- phpCAS::traceBegin();
- $fname = $this->getPGTIouFilename($pgt_iou);
- if ( $f=fopen($fname,"w") ) {
- if ( fputs($f,$pgt) === FALSE ) {
- phpCAS::error('could not write PGT to `'.$fname.'\'');
- }
- fclose($f);
- } else {
- phpCAS::error('could not open `'.$fname.'\'');
- }
- phpCAS::traceEnd();
- }
-
- /**
- * This method reads a PGT corresponding to a PGT Iou and deletes the
- * corresponding file.
- *
- * @param $pgt_iou the PGT iou
- *
- * @return the corresponding PGT, or FALSE on error
- *
- * @public
- */
- function read($pgt_iou)
- {
- phpCAS::traceBegin();
- $pgt = FALSE;
- $fname = $this->getPGTIouFilename($pgt_iou);
- if ( !($f=fopen($fname,"r")) ) {
- phpCAS::trace('could not open `'.$fname.'\'');
- } else {
- if ( ($pgt=fgets($f)) === FALSE ) {
- phpCAS::trace('could not read PGT from `'.$fname.'\'');
- }
- fclose($f);
- }
-
- // delete the PGT file
- @unlink($fname);
-
- phpCAS::traceEnd($pgt);
- return $pgt;
- }
-
- /** @} */
-
-}
-
-
+<?php + +/** + * @file CAS/PGTStorage/pgt-file.php + * Basic class for PGT file storage + */ + +/** + * @class PGTStorageFile + * The PGTStorageFile class is a class for PGT file storage. An instance of + * this class is returned by CASClient::SetPGTStorageFile(). + * + * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr> + * + * @ingroup internalPGTStorageFile + */ + +class PGTStorageFile extends PGTStorage +{ + /** + * @addtogroup internalPGTStorageFile + * @{ + */ + + /** + * a string telling where PGT's should be stored on the filesystem. Written by + * PGTStorageFile::PGTStorageFile(), read by getPath(). + * + * @private + */ + var $_path; + + /** + * This method returns the name of the directory where PGT's should be stored + * on the filesystem. + * + * @return the name of a directory (with leading and trailing '/') + * + * @private + */ + function getPath() + { + return $this->_path; + } + + /** + * a string telling the format to use to store PGT's (plain or xml). Written by + * PGTStorageFile::PGTStorageFile(), read by getFormat(). + * + * @private + */ + var $_format; + + /** + * This method returns the format to use when storing PGT's on the filesystem. + * + * @return a string corresponding to the format used (plain or xml). + * + * @private + */ + function getFormat() + { + return $this->_format; + } + + // ######################################################################## + // DEBUGGING + // ######################################################################## + + /** + * This method returns an informational string giving the type of storage + * used by the object (used for debugging purposes). + * + * @return an informational string. + * @public + */ + function getStorageType() + { + return "file"; + } + + /** + * This method returns an informational string giving informations on the + * parameters of the storage.(used for debugging purposes). + * + * @return an informational string. + * @public + */ + function getStorageInfo() + { + return 'path=`'.$this->getPath().'\', format=`'.$this->getFormat().'\''; + } + + // ######################################################################## + // CONSTRUCTOR + // ######################################################################## + + /** + * The class constructor, called by CASClient::SetPGTStorageFile(). + * + * @param $cas_parent the CASClient instance that creates the object. + * @param $format the format used to store the PGT's (`plain' and `xml' allowed). + * @param $path the path where the PGT's should be stored + * + * @public + */ + function PGTStorageFile($cas_parent,$format,$path) + { + phpCAS::traceBegin(); + // call the ancestor's constructor + $this->PGTStorage($cas_parent); + + if (empty($format) ) $format = CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT; + if (empty($path) ) $path = CAS_PGT_STORAGE_FILE_DEFAULT_PATH; + + // check that the path is an absolute path + if (getenv("OS")=="Windows_NT"){ + + if (!preg_match('`^[a-zA-Z]:`', $path)) { + phpCAS::error('an absolute path is needed for PGT storage to file'); + } + + } + else + { + + if ( $path[0] != '/' ) { + phpCAS::error('an absolute path is needed for PGT storage to file'); + } + + // store the path (with a leading and trailing '/') + $path = preg_replace('|[/]*$|','/',$path); + $path = preg_replace('|^[/]*|','/',$path); + } + + $this->_path = $path; + // check the format and store it + switch ($format) { + case CAS_PGT_STORAGE_FILE_FORMAT_PLAIN: + case CAS_PGT_STORAGE_FILE_FORMAT_XML: + $this->_format = $format; + break; + default: + phpCAS::error('unknown PGT file storage format (`'.CAS_PGT_STORAGE_FILE_FORMAT_PLAIN.'\' and `'.CAS_PGT_STORAGE_FILE_FORMAT_XML.'\' allowed)'); + } + phpCAS::traceEnd(); + } + + // ######################################################################## + // INITIALIZATION + // ######################################################################## + + /** + * This method is used to initialize the storage. Halts on error. + * + * @public + */ + function init() + { + phpCAS::traceBegin(); + // if the storage has already been initialized, return immediatly + if ( $this->isInitialized() ) + return; + // call the ancestor's method (mark as initialized) + parent::init(); + phpCAS::traceEnd(); + } + + // ######################################################################## + // PGT I/O + // ######################################################################## + + /** + * This method returns the filename corresponding to a PGT Iou. + * + * @param $pgt_iou the PGT iou. + * + * @return a filename + * @private + */ + function getPGTIouFilename($pgt_iou) + { + phpCAS::traceBegin(); + $filename = $this->getPath().$pgt_iou.'.'.$this->getFormat(); + phpCAS::traceEnd($filename); + return $filename; + } + + /** + * This method stores a PGT and its corresponding PGT Iou into a file. Echoes a + * warning on error. + * + * @param $pgt the PGT + * @param $pgt_iou the PGT iou + * + * @public + */ + function write($pgt,$pgt_iou) + { + phpCAS::traceBegin(); + $fname = $this->getPGTIouFilename($pgt_iou); + if ( $f=fopen($fname,"w") ) { + if ( fputs($f,$pgt) === FALSE ) { + phpCAS::error('could not write PGT to `'.$fname.'\''); + } + fclose($f); + } else { + phpCAS::error('could not open `'.$fname.'\''); + } + phpCAS::traceEnd(); + } + + /** + * This method reads a PGT corresponding to a PGT Iou and deletes the + * corresponding file. + * + * @param $pgt_iou the PGT iou + * + * @return the corresponding PGT, or FALSE on error + * + * @public + */ + function read($pgt_iou) + { + phpCAS::traceBegin(); + $pgt = FALSE; + $fname = $this->getPGTIouFilename($pgt_iou); + if ( !($f=fopen($fname,"r")) ) { + phpCAS::trace('could not open `'.$fname.'\''); + } else { + if ( ($pgt=fgets($f)) === FALSE ) { + phpCAS::trace('could not read PGT from `'.$fname.'\''); + } + fclose($f); + } + + // delete the PGT file + @unlink($fname); + + phpCAS::traceEnd($pgt); + return $pgt; + } + + /** @} */ + +} + + ?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-main.php b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-main.php index cd9b49967..8fd3c9e12 100644 --- a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-main.php +++ b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-main.php @@ -1,188 +1,188 @@ -<?php
-
-/**
- * @file CAS/PGTStorage/pgt-main.php
- * Basic class for PGT storage
- */
-
-/**
- * @class PGTStorage
- * The PGTStorage class is a generic class for PGT storage. This class should
- * not be instanciated itself but inherited by specific PGT storage classes.
- *
- * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
- *
- * @ingroup internalPGTStorage
- */
-
-class PGTStorage
-{
- /**
- * @addtogroup internalPGTStorage
- * @{
- */
-
- // ########################################################################
- // CONSTRUCTOR
- // ########################################################################
-
- /**
- * The constructor of the class, should be called only by inherited classes.
- *
- * @param $cas_parent the CASclient instance that creates the current object.
- *
- * @protected
- */
- function PGTStorage($cas_parent)
- {
- phpCAS::traceBegin();
- if ( !$cas_parent->isProxy() ) {
- phpCAS::error('defining PGT storage makes no sense when not using a CAS proxy');
- }
- phpCAS::traceEnd();
- }
-
- // ########################################################################
- // DEBUGGING
- // ########################################################################
-
- /**
- * This virtual method returns an informational string giving the type of storage
- * used by the object (used for debugging purposes).
- *
- * @public
- */
- function getStorageType()
- {
- phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
- }
-
- /**
- * This virtual method returns an informational string giving informations on the
- * parameters of the storage.(used for debugging purposes).
- *
- * @public
- */
- function getStorageInfo()
- {
- phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
- }
-
- // ########################################################################
- // ERROR HANDLING
- // ########################################################################
-
- /**
- * string used to store an error message. Written by PGTStorage::setErrorMessage(),
- * read by PGTStorage::getErrorMessage().
- *
- * @hideinitializer
- * @private
- * @deprecated not used.
- */
- var $_error_message=FALSE;
-
- /**
- * This method sets en error message, which can be read later by
- * PGTStorage::getErrorMessage().
- *
- * @param $error_message an error message
- *
- * @protected
- * @deprecated not used.
- */
- function setErrorMessage($error_message)
- {
- $this->_error_message = $error_message;
- }
-
- /**
- * This method returns an error message set by PGTStorage::setErrorMessage().
- *
- * @return an error message when set by PGTStorage::setErrorMessage(), FALSE
- * otherwise.
- *
- * @public
- * @deprecated not used.
- */
- function getErrorMessage()
- {
- return $this->_error_message;
- }
-
- // ########################################################################
- // INITIALIZATION
- // ########################################################################
-
- /**
- * a boolean telling if the storage has already been initialized. Written by
- * PGTStorage::init(), read by PGTStorage::isInitialized().
- *
- * @hideinitializer
- * @private
- */
- var $_initialized = FALSE;
-
- /**
- * This method tells if the storage has already been intialized.
- *
- * @return a boolean
- *
- * @protected
- */
- function isInitialized()
- {
- return $this->_initialized;
- }
-
- /**
- * This virtual method initializes the object.
- *
- * @protected
- */
- function init()
- {
- $this->_initialized = TRUE;
- }
-
- // ########################################################################
- // PGT I/O
- // ########################################################################
-
- /**
- * This virtual method stores a PGT and its corresponding PGT Iuo.
- * @note Should never be called.
- *
- * @param $pgt the PGT
- * @param $pgt_iou the PGT iou
- *
- * @protected
- */
- function write($pgt,$pgt_iou)
- {
- phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
- }
-
- /**
- * This virtual method reads a PGT corresponding to a PGT Iou and deletes
- * the corresponding storage entry.
- * @note Should never be called.
- *
- * @param $pgt_iou the PGT iou
- *
- * @protected
- */
- function read($pgt_iou)
- {
- phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
- }
-
- /** @} */
-
-}
-
-// include specific PGT storage classes
-include_once(dirname(__FILE__).'/pgt-file.php');
-include_once(dirname(__FILE__).'/pgt-db.php');
-
+<?php + +/** + * @file CAS/PGTStorage/pgt-main.php + * Basic class for PGT storage + */ + +/** + * @class PGTStorage + * The PGTStorage class is a generic class for PGT storage. This class should + * not be instanciated itself but inherited by specific PGT storage classes. + * + * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr> + * + * @ingroup internalPGTStorage + */ + +class PGTStorage +{ + /** + * @addtogroup internalPGTStorage + * @{ + */ + + // ######################################################################## + // CONSTRUCTOR + // ######################################################################## + + /** + * The constructor of the class, should be called only by inherited classes. + * + * @param $cas_parent the CASclient instance that creates the current object. + * + * @protected + */ + function PGTStorage($cas_parent) + { + phpCAS::traceBegin(); + if ( !$cas_parent->isProxy() ) { + phpCAS::error('defining PGT storage makes no sense when not using a CAS proxy'); + } + phpCAS::traceEnd(); + } + + // ######################################################################## + // DEBUGGING + // ######################################################################## + + /** + * This virtual method returns an informational string giving the type of storage + * used by the object (used for debugging purposes). + * + * @public + */ + function getStorageType() + { + phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); + } + + /** + * This virtual method returns an informational string giving informations on the + * parameters of the storage.(used for debugging purposes). + * + * @public + */ + function getStorageInfo() + { + phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); + } + + // ######################################################################## + // ERROR HANDLING + // ######################################################################## + + /** + * string used to store an error message. Written by PGTStorage::setErrorMessage(), + * read by PGTStorage::getErrorMessage(). + * + * @hideinitializer + * @private + * @deprecated not used. + */ + var $_error_message=FALSE; + + /** + * This method sets en error message, which can be read later by + * PGTStorage::getErrorMessage(). + * + * @param $error_message an error message + * + * @protected + * @deprecated not used. + */ + function setErrorMessage($error_message) + { + $this->_error_message = $error_message; + } + + /** + * This method returns an error message set by PGTStorage::setErrorMessage(). + * + * @return an error message when set by PGTStorage::setErrorMessage(), FALSE + * otherwise. + * + * @public + * @deprecated not used. + */ + function getErrorMessage() + { + return $this->_error_message; + } + + // ######################################################################## + // INITIALIZATION + // ######################################################################## + + /** + * a boolean telling if the storage has already been initialized. Written by + * PGTStorage::init(), read by PGTStorage::isInitialized(). + * + * @hideinitializer + * @private + */ + var $_initialized = FALSE; + + /** + * This method tells if the storage has already been intialized. + * + * @return a boolean + * + * @protected + */ + function isInitialized() + { + return $this->_initialized; + } + + /** + * This virtual method initializes the object. + * + * @protected + */ + function init() + { + $this->_initialized = TRUE; + } + + // ######################################################################## + // PGT I/O + // ######################################################################## + + /** + * This virtual method stores a PGT and its corresponding PGT Iuo. + * @note Should never be called. + * + * @param $pgt the PGT + * @param $pgt_iou the PGT iou + * + * @protected + */ + function write($pgt,$pgt_iou) + { + phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); + } + + /** + * This virtual method reads a PGT corresponding to a PGT Iou and deletes + * the corresponding storage entry. + * @note Should never be called. + * + * @param $pgt_iou the PGT iou + * + * @protected + */ + function read($pgt_iou) + { + phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); + } + + /** @} */ + +} + +// include specific PGT storage classes +include_once(dirname(__FILE__).'/pgt-file.php'); +include_once(dirname(__FILE__).'/pgt-db.php'); + ?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/client.php b/plugins/CasAuthentication/extlib/CAS/client.php index bfea59052..bbde55a28 100644 --- a/plugins/CasAuthentication/extlib/CAS/client.php +++ b/plugins/CasAuthentication/extlib/CAS/client.php @@ -1,2297 +1,2297 @@ -<?php
-
-/**
- * @file CAS/client.php
- * Main class of the phpCAS library
- */
-
-// include internationalization stuff
-include_once(dirname(__FILE__).'/languages/languages.php');
-
-// include PGT storage classes
-include_once(dirname(__FILE__).'/PGTStorage/pgt-main.php');
-
-/**
- * @class CASClient
- * The CASClient class is a client interface that provides CAS authentication
- * to PHP applications.
- *
- * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
- */
-
-class CASClient
-{
-
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- // XX XX
- // XX CONFIGURATION XX
- // XX XX
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-
- // ########################################################################
- // HTML OUTPUT
- // ########################################################################
- /**
- * @addtogroup internalOutput
- * @{
- */
-
- /**
- * This method filters a string by replacing special tokens by appropriate values
- * and prints it. The corresponding tokens are taken into account:
- * - __CAS_VERSION__
- * - __PHPCAS_VERSION__
- * - __SERVER_BASE_URL__
- *
- * Used by CASClient::PrintHTMLHeader() and CASClient::printHTMLFooter().
- *
- * @param $str the string to filter and output
- *
- * @private
- */
- function HTMLFilterOutput($str)
- {
- $str = str_replace('__CAS_VERSION__',$this->getServerVersion(),$str);
- $str = str_replace('__PHPCAS_VERSION__',phpCAS::getVersion(),$str);
- $str = str_replace('__SERVER_BASE_URL__',$this->getServerBaseURL(),$str);
- echo $str;
- }
-
- /**
- * A string used to print the header of HTML pages. Written by CASClient::setHTMLHeader(),
- * read by CASClient::printHTMLHeader().
- *
- * @hideinitializer
- * @private
- * @see CASClient::setHTMLHeader, CASClient::printHTMLHeader()
- */
- var $_output_header = '';
-
- /**
- * This method prints the header of the HTML output (after filtering). If
- * CASClient::setHTMLHeader() was not used, a default header is output.
- *
- * @param $title the title of the page
- *
- * @see HTMLFilterOutput()
- * @private
- */
- function printHTMLHeader($title)
- {
- $this->HTMLFilterOutput(str_replace('__TITLE__',
- $title,
- (empty($this->_output_header)
- ? '<html><head><title>__TITLE__</title></head><body><h1>__TITLE__</h1>'
- : $this->_output_header)
- )
- );
- }
-
- /**
- * A string used to print the footer of HTML pages. Written by CASClient::setHTMLFooter(),
- * read by printHTMLFooter().
- *
- * @hideinitializer
- * @private
- * @see CASClient::setHTMLFooter, CASClient::printHTMLFooter()
- */
- var $_output_footer = '';
-
- /**
- * This method prints the footer of the HTML output (after filtering). If
- * CASClient::setHTMLFooter() was not used, a default footer is output.
- *
- * @see HTMLFilterOutput()
- * @private
- */
- function printHTMLFooter()
- {
- $this->HTMLFilterOutput(empty($this->_output_footer)
- ?('<hr><address>phpCAS __PHPCAS_VERSION__ '.$this->getString(CAS_STR_USING_SERVER).' <a href="__SERVER_BASE_URL__">__SERVER_BASE_URL__</a> (CAS __CAS_VERSION__)</a></address></body></html>')
- :$this->_output_footer);
- }
-
- /**
- * This method set the HTML header used for all outputs.
- *
- * @param $header the HTML header.
- *
- * @public
- */
- function setHTMLHeader($header)
- {
- $this->_output_header = $header;
- }
-
- /**
- * This method set the HTML footer used for all outputs.
- *
- * @param $footer the HTML footer.
- *
- * @public
- */
- function setHTMLFooter($footer)
- {
- $this->_output_footer = $footer;
- }
-
- /** @} */
- // ########################################################################
- // INTERNATIONALIZATION
- // ########################################################################
- /**
- * @addtogroup internalLang
- * @{
- */
- /**
- * A string corresponding to the language used by phpCAS. Written by
- * CASClient::setLang(), read by CASClient::getLang().
-
- * @note debugging information is always in english (debug purposes only).
- *
- * @hideinitializer
- * @private
- * @sa CASClient::_strings, CASClient::getString()
- */
- var $_lang = '';
-
- /**
- * This method returns the language used by phpCAS.
- *
- * @return a string representing the language
- *
- * @private
- */
- function getLang()
- {
- if ( empty($this->_lang) )
- $this->setLang(PHPCAS_LANG_DEFAULT);
- return $this->_lang;
- }
-
- /**
- * array containing the strings used by phpCAS. Written by CASClient::setLang(), read by
- * CASClient::getString() and used by CASClient::setLang().
- *
- * @note This array is filled by instructions in CAS/languages/<$this->_lang>.php
- *
- * @private
- * @see CASClient::_lang, CASClient::getString(), CASClient::setLang(), CASClient::getLang()
- */
- var $_strings;
-
- /**
- * This method returns a string depending on the language.
- *
- * @param $str the index of the string in $_string.
- *
- * @return the string corresponding to $index in $string.
- *
- * @private
- */
- function getString($str)
- {
- // call CASclient::getLang() to be sure the language is initialized
- $this->getLang();
-
- if ( !isset($this->_strings[$str]) ) {
- trigger_error('string `'.$str.'\' not defined for language `'.$this->getLang().'\'',E_USER_ERROR);
- }
- return $this->_strings[$str];
- }
-
- /**
- * This method is used to set the language used by phpCAS.
- * @note Can be called only once.
- *
- * @param $lang a string representing the language.
- *
- * @public
- * @sa CAS_LANG_FRENCH, CAS_LANG_ENGLISH
- */
- function setLang($lang)
- {
- // include the corresponding language file
- include_once(dirname(__FILE__).'/languages/'.$lang.'.php');
-
- if ( !is_array($this->_strings) ) {
- trigger_error('language `'.$lang.'\' is not implemented',E_USER_ERROR);
- }
- $this->_lang = $lang;
- }
-
- /** @} */
- // ########################################################################
- // CAS SERVER CONFIG
- // ########################################################################
- /**
- * @addtogroup internalConfig
- * @{
- */
-
- /**
- * a record to store information about the CAS server.
- * - $_server["version"]: the version of the CAS server
- * - $_server["hostname"]: the hostname of the CAS server
- * - $_server["port"]: the port the CAS server is running on
- * - $_server["uri"]: the base URI the CAS server is responding on
- * - $_server["base_url"]: the base URL of the CAS server
- * - $_server["login_url"]: the login URL of the CAS server
- * - $_server["service_validate_url"]: the service validating URL of the CAS server
- * - $_server["proxy_url"]: the proxy URL of the CAS server
- * - $_server["proxy_validate_url"]: the proxy validating URL of the CAS server
- * - $_server["logout_url"]: the logout URL of the CAS server
- *
- * $_server["version"], $_server["hostname"], $_server["port"] and $_server["uri"]
- * are written by CASClient::CASClient(), read by CASClient::getServerVersion(),
- * CASClient::getServerHostname(), CASClient::getServerPort() and CASClient::getServerURI().
- *
- * The other fields are written and read by CASClient::getServerBaseURL(),
- * CASClient::getServerLoginURL(), CASClient::getServerServiceValidateURL(),
- * CASClient::getServerProxyValidateURL() and CASClient::getServerLogoutURL().
- *
- * @hideinitializer
- * @private
- */
- var $_server = array(
- 'version' => -1,
- 'hostname' => 'none',
- 'port' => -1,
- 'uri' => 'none'
- );
-
- /**
- * This method is used to retrieve the version of the CAS server.
- * @return the version of the CAS server.
- * @private
- */
- function getServerVersion()
- {
- return $this->_server['version'];
- }
-
- /**
- * This method is used to retrieve the hostname of the CAS server.
- * @return the hostname of the CAS server.
- * @private
- */
- function getServerHostname()
- { return $this->_server['hostname']; }
-
- /**
- * This method is used to retrieve the port of the CAS server.
- * @return the port of the CAS server.
- * @private
- */
- function getServerPort()
- { return $this->_server['port']; }
-
- /**
- * This method is used to retrieve the URI of the CAS server.
- * @return a URI.
- * @private
- */
- function getServerURI()
- { return $this->_server['uri']; }
-
- /**
- * This method is used to retrieve the base URL of the CAS server.
- * @return a URL.
- * @private
- */
- function getServerBaseURL()
- {
- // the URL is build only when needed
- if ( empty($this->_server['base_url']) ) {
- $this->_server['base_url'] = 'https://'
- .$this->getServerHostname()
- .':'
- .$this->getServerPort()
- .$this->getServerURI();
- }
- return $this->_server['base_url'];
- }
-
- /**
- * This method is used to retrieve the login URL of the CAS server.
- * @param $gateway true to check authentication, false to force it
- * @param $renew true to force the authentication with the CAS server
- * NOTE : It is recommended that CAS implementations ignore the
- "gateway" parameter if "renew" is set
- * @return a URL.
- * @private
- */
- function getServerLoginURL($gateway=false,$renew=false) {
- phpCAS::traceBegin();
- // the URL is build only when needed
- if ( empty($this->_server['login_url']) ) {
- $this->_server['login_url'] = $this->getServerBaseURL();
- $this->_server['login_url'] .= 'login?service=';
- // $this->_server['login_url'] .= preg_replace('/&/','%26',$this->getURL());
- $this->_server['login_url'] .= urlencode($this->getURL());
- if($renew) {
- // It is recommended that when the "renew" parameter is set, its value be "true"
- $this->_server['login_url'] .= '&renew=true';
- } elseif ($gateway) {
- // It is recommended that when the "gateway" parameter is set, its value be "true"
- $this->_server['login_url'] .= '&gateway=true';
- }
- }
- phpCAS::traceEnd($this->_server['login_url']);
- return $this->_server['login_url'];
- }
-
- /**
- * This method sets the login URL of the CAS server.
- * @param $url the login URL
- * @private
- * @since 0.4.21 by Wyman Chan
- */
- function setServerLoginURL($url)
- {
- return $this->_server['login_url'] = $url;
- }
-
- /**
- * This method is used to retrieve the service validating URL of the CAS server.
- * @return a URL.
- * @private
- */
- function getServerServiceValidateURL()
- {
- // the URL is build only when needed
- if ( empty($this->_server['service_validate_url']) ) {
- switch ($this->getServerVersion()) {
- case CAS_VERSION_1_0:
- $this->_server['service_validate_url'] = $this->getServerBaseURL().'validate';
- break;
- case CAS_VERSION_2_0:
- $this->_server['service_validate_url'] = $this->getServerBaseURL().'serviceValidate';
- break;
- }
- }
- // return $this->_server['service_validate_url'].'?service='.preg_replace('/&/','%26',$this->getURL());
- return $this->_server['service_validate_url'].'?service='.urlencode($this->getURL());
- }
-
- /**
- * This method is used to retrieve the proxy validating URL of the CAS server.
- * @return a URL.
- * @private
- */
- function getServerProxyValidateURL()
- {
- // the URL is build only when needed
- if ( empty($this->_server['proxy_validate_url']) ) {
- switch ($this->getServerVersion()) {
- case CAS_VERSION_1_0:
- $this->_server['proxy_validate_url'] = '';
- break;
- case CAS_VERSION_2_0:
- $this->_server['proxy_validate_url'] = $this->getServerBaseURL().'proxyValidate';
- break;
- }
- }
- // return $this->_server['proxy_validate_url'].'?service='.preg_replace('/&/','%26',$this->getURL());
- return $this->_server['proxy_validate_url'].'?service='.urlencode($this->getURL());
- }
-
- /**
- * This method is used to retrieve the proxy URL of the CAS server.
- * @return a URL.
- * @private
- */
- function getServerProxyURL()
- {
- // the URL is build only when needed
- if ( empty($this->_server['proxy_url']) ) {
- switch ($this->getServerVersion()) {
- case CAS_VERSION_1_0:
- $this->_server['proxy_url'] = '';
- break;
- case CAS_VERSION_2_0:
- $this->_server['proxy_url'] = $this->getServerBaseURL().'proxy';
- break;
- }
- }
- return $this->_server['proxy_url'];
- }
-
- /**
- * This method is used to retrieve the logout URL of the CAS server.
- * @return a URL.
- * @private
- */
- function getServerLogoutURL()
- {
- // the URL is build only when needed
- if ( empty($this->_server['logout_url']) ) {
- $this->_server['logout_url'] = $this->getServerBaseURL().'logout';
- }
- return $this->_server['logout_url'];
- }
-
- /**
- * This method sets the logout URL of the CAS server.
- * @param $url the logout URL
- * @private
- * @since 0.4.21 by Wyman Chan
- */
- function setServerLogoutURL($url)
- {
- return $this->_server['logout_url'] = $url;
- }
-
- /**
- * An array to store extra curl options.
- */
- var $_curl_options = array();
-
- /**
- * This method is used to set additional user curl options.
- */
- function setExtraCurlOption($key, $value)
- {
- $this->_curl_options[$key] = $value;
- }
-
- /**
- * This method checks to see if the request is secured via HTTPS
- * @return true if https, false otherwise
- * @private
- */
- function isHttps() {
- //if ( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) ) {
- //0.4.24 by Hinnack
- if ( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
- return true;
- } else {
- return false;
- }
- }
-
- // ########################################################################
- // CONSTRUCTOR
- // ########################################################################
- /**
- * CASClient constructor.
- *
- * @param $server_version the version of the CAS server
- * @param $proxy TRUE if the CAS client is a CAS proxy, FALSE otherwise
- * @param $server_hostname the hostname of the CAS server
- * @param $server_port the port the CAS server is running on
- * @param $server_uri the URI the CAS server is responding on
- * @param $start_session Have phpCAS start PHP sessions (default true)
- *
- * @return a newly created CASClient object
- *
- * @public
- */
- function CASClient(
- $server_version,
- $proxy,
- $server_hostname,
- $server_port,
- $server_uri,
- $start_session = true) {
-
- phpCAS::traceBegin();
-
- if (!$this->isLogoutRequest() && !empty($_GET['ticket']) && $start_session) {
- // copy old session vars and destroy the current session
- if (!isset($_SESSION)) {
- session_start();
- }
- $old_session = $_SESSION;
- session_destroy();
- // set up a new session, of name based on the ticket
- $session_id = preg_replace('/[^\w]/','',$_GET['ticket']);
- phpCAS::LOG("Session ID: " . $session_id);
- session_id($session_id);
- if (!isset($_SESSION)) {
- session_start();
- }
- // restore old session vars
+<?php + +/** + * @file CAS/client.php + * Main class of the phpCAS library + */ + +// include internationalization stuff +include_once(dirname(__FILE__).'/languages/languages.php'); + +// include PGT storage classes +include_once(dirname(__FILE__).'/PGTStorage/pgt-main.php'); + +/** + * @class CASClient + * The CASClient class is a client interface that provides CAS authentication + * to PHP applications. + * + * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr> + */ + +class CASClient +{ + + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + // XX XX + // XX CONFIGURATION XX + // XX XX + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + + // ######################################################################## + // HTML OUTPUT + // ######################################################################## + /** + * @addtogroup internalOutput + * @{ + */ + + /** + * This method filters a string by replacing special tokens by appropriate values + * and prints it. The corresponding tokens are taken into account: + * - __CAS_VERSION__ + * - __PHPCAS_VERSION__ + * - __SERVER_BASE_URL__ + * + * Used by CASClient::PrintHTMLHeader() and CASClient::printHTMLFooter(). + * + * @param $str the string to filter and output + * + * @private + */ + function HTMLFilterOutput($str) + { + $str = str_replace('__CAS_VERSION__',$this->getServerVersion(),$str); + $str = str_replace('__PHPCAS_VERSION__',phpCAS::getVersion(),$str); + $str = str_replace('__SERVER_BASE_URL__',$this->getServerBaseURL(),$str); + echo $str; + } + + /** + * A string used to print the header of HTML pages. Written by CASClient::setHTMLHeader(), + * read by CASClient::printHTMLHeader(). + * + * @hideinitializer + * @private + * @see CASClient::setHTMLHeader, CASClient::printHTMLHeader() + */ + var $_output_header = ''; + + /** + * This method prints the header of the HTML output (after filtering). If + * CASClient::setHTMLHeader() was not used, a default header is output. + * + * @param $title the title of the page + * + * @see HTMLFilterOutput() + * @private + */ + function printHTMLHeader($title) + { + $this->HTMLFilterOutput(str_replace('__TITLE__', + $title, + (empty($this->_output_header) + ? '<html><head><title>__TITLE__</title></head><body><h1>__TITLE__</h1>' + : $this->_output_header) + ) + ); + } + + /** + * A string used to print the footer of HTML pages. Written by CASClient::setHTMLFooter(), + * read by printHTMLFooter(). + * + * @hideinitializer + * @private + * @see CASClient::setHTMLFooter, CASClient::printHTMLFooter() + */ + var $_output_footer = ''; + + /** + * This method prints the footer of the HTML output (after filtering). If + * CASClient::setHTMLFooter() was not used, a default footer is output. + * + * @see HTMLFilterOutput() + * @private + */ + function printHTMLFooter() + { + $this->HTMLFilterOutput(empty($this->_output_footer) + ?('<hr><address>phpCAS __PHPCAS_VERSION__ '.$this->getString(CAS_STR_USING_SERVER).' <a href="__SERVER_BASE_URL__">__SERVER_BASE_URL__</a> (CAS __CAS_VERSION__)</a></address></body></html>') + :$this->_output_footer); + } + + /** + * This method set the HTML header used for all outputs. + * + * @param $header the HTML header. + * + * @public + */ + function setHTMLHeader($header) + { + $this->_output_header = $header; + } + + /** + * This method set the HTML footer used for all outputs. + * + * @param $footer the HTML footer. + * + * @public + */ + function setHTMLFooter($footer) + { + $this->_output_footer = $footer; + } + + /** @} */ + // ######################################################################## + // INTERNATIONALIZATION + // ######################################################################## + /** + * @addtogroup internalLang + * @{ + */ + /** + * A string corresponding to the language used by phpCAS. Written by + * CASClient::setLang(), read by CASClient::getLang(). + + * @note debugging information is always in english (debug purposes only). + * + * @hideinitializer + * @private + * @sa CASClient::_strings, CASClient::getString() + */ + var $_lang = ''; + + /** + * This method returns the language used by phpCAS. + * + * @return a string representing the language + * + * @private + */ + function getLang() + { + if ( empty($this->_lang) ) + $this->setLang(PHPCAS_LANG_DEFAULT); + return $this->_lang; + } + + /** + * array containing the strings used by phpCAS. Written by CASClient::setLang(), read by + * CASClient::getString() and used by CASClient::setLang(). + * + * @note This array is filled by instructions in CAS/languages/<$this->_lang>.php + * + * @private + * @see CASClient::_lang, CASClient::getString(), CASClient::setLang(), CASClient::getLang() + */ + var $_strings; + + /** + * This method returns a string depending on the language. + * + * @param $str the index of the string in $_string. + * + * @return the string corresponding to $index in $string. + * + * @private + */ + function getString($str) + { + // call CASclient::getLang() to be sure the language is initialized + $this->getLang(); + + if ( !isset($this->_strings[$str]) ) { + trigger_error('string `'.$str.'\' not defined for language `'.$this->getLang().'\'',E_USER_ERROR); + } + return $this->_strings[$str]; + } + + /** + * This method is used to set the language used by phpCAS. + * @note Can be called only once. + * + * @param $lang a string representing the language. + * + * @public + * @sa CAS_LANG_FRENCH, CAS_LANG_ENGLISH + */ + function setLang($lang) + { + // include the corresponding language file + include_once(dirname(__FILE__).'/languages/'.$lang.'.php'); + + if ( !is_array($this->_strings) ) { + trigger_error('language `'.$lang.'\' is not implemented',E_USER_ERROR); + } + $this->_lang = $lang; + } + + /** @} */ + // ######################################################################## + // CAS SERVER CONFIG + // ######################################################################## + /** + * @addtogroup internalConfig + * @{ + */ + + /** + * a record to store information about the CAS server. + * - $_server["version"]: the version of the CAS server + * - $_server["hostname"]: the hostname of the CAS server + * - $_server["port"]: the port the CAS server is running on + * - $_server["uri"]: the base URI the CAS server is responding on + * - $_server["base_url"]: the base URL of the CAS server + * - $_server["login_url"]: the login URL of the CAS server + * - $_server["service_validate_url"]: the service validating URL of the CAS server + * - $_server["proxy_url"]: the proxy URL of the CAS server + * - $_server["proxy_validate_url"]: the proxy validating URL of the CAS server + * - $_server["logout_url"]: the logout URL of the CAS server + * + * $_server["version"], $_server["hostname"], $_server["port"] and $_server["uri"] + * are written by CASClient::CASClient(), read by CASClient::getServerVersion(), + * CASClient::getServerHostname(), CASClient::getServerPort() and CASClient::getServerURI(). + * + * The other fields are written and read by CASClient::getServerBaseURL(), + * CASClient::getServerLoginURL(), CASClient::getServerServiceValidateURL(), + * CASClient::getServerProxyValidateURL() and CASClient::getServerLogoutURL(). + * + * @hideinitializer + * @private + */ + var $_server = array( + 'version' => -1, + 'hostname' => 'none', + 'port' => -1, + 'uri' => 'none' + ); + + /** + * This method is used to retrieve the version of the CAS server. + * @return the version of the CAS server. + * @private + */ + function getServerVersion() + { + return $this->_server['version']; + } + + /** + * This method is used to retrieve the hostname of the CAS server. + * @return the hostname of the CAS server. + * @private + */ + function getServerHostname() + { return $this->_server['hostname']; } + + /** + * This method is used to retrieve the port of the CAS server. + * @return the port of the CAS server. + * @private + */ + function getServerPort() + { return $this->_server['port']; } + + /** + * This method is used to retrieve the URI of the CAS server. + * @return a URI. + * @private + */ + function getServerURI() + { return $this->_server['uri']; } + + /** + * This method is used to retrieve the base URL of the CAS server. + * @return a URL. + * @private + */ + function getServerBaseURL() + { + // the URL is build only when needed + if ( empty($this->_server['base_url']) ) { + $this->_server['base_url'] = 'https://' + .$this->getServerHostname() + .':' + .$this->getServerPort() + .$this->getServerURI(); + } + return $this->_server['base_url']; + } + + /** + * This method is used to retrieve the login URL of the CAS server. + * @param $gateway true to check authentication, false to force it + * @param $renew true to force the authentication with the CAS server + * NOTE : It is recommended that CAS implementations ignore the + "gateway" parameter if "renew" is set + * @return a URL. + * @private + */ + function getServerLoginURL($gateway=false,$renew=false) { + phpCAS::traceBegin(); + // the URL is build only when needed + if ( empty($this->_server['login_url']) ) { + $this->_server['login_url'] = $this->getServerBaseURL(); + $this->_server['login_url'] .= 'login?service='; + // $this->_server['login_url'] .= preg_replace('/&/','%26',$this->getURL()); + $this->_server['login_url'] .= urlencode($this->getURL()); + if($renew) { + // It is recommended that when the "renew" parameter is set, its value be "true" + $this->_server['login_url'] .= '&renew=true'; + } elseif ($gateway) { + // It is recommended that when the "gateway" parameter is set, its value be "true" + $this->_server['login_url'] .= '&gateway=true'; + } + } + phpCAS::traceEnd($this->_server['login_url']); + return $this->_server['login_url']; + } + + /** + * This method sets the login URL of the CAS server. + * @param $url the login URL + * @private + * @since 0.4.21 by Wyman Chan + */ + function setServerLoginURL($url) + { + return $this->_server['login_url'] = $url; + } + + /** + * This method is used to retrieve the service validating URL of the CAS server. + * @return a URL. + * @private + */ + function getServerServiceValidateURL() + { + // the URL is build only when needed + if ( empty($this->_server['service_validate_url']) ) { + switch ($this->getServerVersion()) { + case CAS_VERSION_1_0: + $this->_server['service_validate_url'] = $this->getServerBaseURL().'validate'; + break; + case CAS_VERSION_2_0: + $this->_server['service_validate_url'] = $this->getServerBaseURL().'serviceValidate'; + break; + } + } + // return $this->_server['service_validate_url'].'?service='.preg_replace('/&/','%26',$this->getURL()); + return $this->_server['service_validate_url'].'?service='.urlencode($this->getURL()); + } + + /** + * This method is used to retrieve the proxy validating URL of the CAS server. + * @return a URL. + * @private + */ + function getServerProxyValidateURL() + { + // the URL is build only when needed + if ( empty($this->_server['proxy_validate_url']) ) { + switch ($this->getServerVersion()) { + case CAS_VERSION_1_0: + $this->_server['proxy_validate_url'] = ''; + break; + case CAS_VERSION_2_0: + $this->_server['proxy_validate_url'] = $this->getServerBaseURL().'proxyValidate'; + break; + } + } + // return $this->_server['proxy_validate_url'].'?service='.preg_replace('/&/','%26',$this->getURL()); + return $this->_server['proxy_validate_url'].'?service='.urlencode($this->getURL()); + } + + /** + * This method is used to retrieve the proxy URL of the CAS server. + * @return a URL. + * @private + */ + function getServerProxyURL() + { + // the URL is build only when needed + if ( empty($this->_server['proxy_url']) ) { + switch ($this->getServerVersion()) { + case CAS_VERSION_1_0: + $this->_server['proxy_url'] = ''; + break; + case CAS_VERSION_2_0: + $this->_server['proxy_url'] = $this->getServerBaseURL().'proxy'; + break; + } + } + return $this->_server['proxy_url']; + } + + /** + * This method is used to retrieve the logout URL of the CAS server. + * @return a URL. + * @private + */ + function getServerLogoutURL() + { + // the URL is build only when needed + if ( empty($this->_server['logout_url']) ) { + $this->_server['logout_url'] = $this->getServerBaseURL().'logout'; + } + return $this->_server['logout_url']; + } + + /** + * This method sets the logout URL of the CAS server. + * @param $url the logout URL + * @private + * @since 0.4.21 by Wyman Chan + */ + function setServerLogoutURL($url) + { + return $this->_server['logout_url'] = $url; + } + + /** + * An array to store extra curl options. + */ + var $_curl_options = array(); + + /** + * This method is used to set additional user curl options. + */ + function setExtraCurlOption($key, $value) + { + $this->_curl_options[$key] = $value; + } + + /** + * This method checks to see if the request is secured via HTTPS + * @return true if https, false otherwise + * @private + */ + function isHttps() { + //if ( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) ) { + //0.4.24 by Hinnack + if ( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { + return true; + } else { + return false; + } + } + + // ######################################################################## + // CONSTRUCTOR + // ######################################################################## + /** + * CASClient constructor. + * + * @param $server_version the version of the CAS server + * @param $proxy TRUE if the CAS client is a CAS proxy, FALSE otherwise + * @param $server_hostname the hostname of the CAS server + * @param $server_port the port the CAS server is running on + * @param $server_uri the URI the CAS server is responding on + * @param $start_session Have phpCAS start PHP sessions (default true) + * + * @return a newly created CASClient object + * + * @public + */ + function CASClient( + $server_version, + $proxy, + $server_hostname, + $server_port, + $server_uri, + $start_session = true) { + + phpCAS::traceBegin(); + + if (!$this->isLogoutRequest() && !empty($_GET['ticket']) && $start_session) { + // copy old session vars and destroy the current session + if (!isset($_SESSION)) { + session_start(); + } + $old_session = $_SESSION; + session_destroy(); + // set up a new session, of name based on the ticket + $session_id = preg_replace('/[^\w]/','',$_GET['ticket']); + phpCAS::LOG("Session ID: " . $session_id); + session_id($session_id); + if (!isset($_SESSION)) { + session_start(); + } + // restore old session vars $_SESSION = $old_session; // Redirect to location without ticket. - header('Location: '.$this->getURL());
- }
-
- //activate session mechanism if desired
- if (!$this->isLogoutRequest() && $start_session) {
- session_start();
- }
-
- $this->_proxy = $proxy;
-
- //check version
- switch ($server_version) {
- case CAS_VERSION_1_0:
- if ( $this->isProxy() )
- phpCAS::error('CAS proxies are not supported in CAS '
- .$server_version);
- break;
- case CAS_VERSION_2_0:
- break;
- default:
- phpCAS::error('this version of CAS (`'
- .$server_version
- .'\') is not supported by phpCAS '
- .phpCAS::getVersion());
- }
- $this->_server['version'] = $server_version;
-
- //check hostname
- if ( empty($server_hostname)
- || !preg_match('/[\.\d\-abcdefghijklmnopqrstuvwxyz]*/',$server_hostname) ) {
- phpCAS::error('bad CAS server hostname (`'.$server_hostname.'\')');
- }
- $this->_server['hostname'] = $server_hostname;
-
- //check port
- if ( $server_port == 0
- || !is_int($server_port) ) {
- phpCAS::error('bad CAS server port (`'.$server_hostname.'\')');
- }
- $this->_server['port'] = $server_port;
-
- //check URI
- if ( !preg_match('/[\.\d\-_abcdefghijklmnopqrstuvwxyz\/]*/',$server_uri) ) {
- phpCAS::error('bad CAS server URI (`'.$server_uri.'\')');
- }
- //add leading and trailing `/' and remove doubles
- $server_uri = preg_replace('/\/\//','/','/'.$server_uri.'/');
- $this->_server['uri'] = $server_uri;
-
- //set to callback mode if PgtIou and PgtId CGI GET parameters are provided
- if ( $this->isProxy() ) {
- $this->setCallbackMode(!empty($_GET['pgtIou'])&&!empty($_GET['pgtId']));
- }
-
- if ( $this->isCallbackMode() ) {
- //callback mode: check that phpCAS is secured
- if ( !$this->isHttps() ) {
- phpCAS::error('CAS proxies must be secured to use phpCAS; PGT\'s will not be received from the CAS server');
- }
- } else {
- //normal mode: get ticket and remove it from CGI parameters for developpers
- $ticket = (isset($_GET['ticket']) ? $_GET['ticket'] : null);
- switch ($this->getServerVersion()) {
- case CAS_VERSION_1_0: // check for a Service Ticket
- if( preg_match('/^ST-/',$ticket) ) {
- phpCAS::trace('ST \''.$ticket.'\' found');
- //ST present
- $this->setST($ticket);
- //ticket has been taken into account, unset it to hide it to applications
- unset($_GET['ticket']);
- } else if ( !empty($ticket) ) {
- //ill-formed ticket, halt
- phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')');
- }
- break;
- case CAS_VERSION_2_0: // check for a Service or Proxy Ticket
- if( preg_match('/^[SP]T-/',$ticket) ) {
- phpCAS::trace('ST or PT \''.$ticket.'\' found');
- $this->setPT($ticket);
- unset($_GET['ticket']);
- } else if ( !empty($ticket) ) {
- //ill-formed ticket, halt
- phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')');
- }
- break;
- }
- }
- phpCAS::traceEnd();
- }
-
- /** @} */
-
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- // XX XX
- // XX AUTHENTICATION XX
- // XX XX
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-
- /**
- * @addtogroup internalAuthentication
- * @{
- */
-
- /**
- * The Authenticated user. Written by CASClient::setUser(), read by CASClient::getUser().
- * @attention client applications should use phpCAS::getUser().
- *
- * @hideinitializer
- * @private
- */
- var $_user = '';
-
- /**
- * This method sets the CAS user's login name.
- *
- * @param $user the login name of the authenticated user.
- *
- * @private
- */
- function setUser($user)
- {
- $this->_user = $user;
- }
-
- /**
- * This method returns the CAS user's login name.
- * @warning should be called only after CASClient::forceAuthentication() or
- * CASClient::isAuthenticated(), otherwise halt with an error.
- *
- * @return the login name of the authenticated user
- */
- function getUser()
- {
- if ( empty($this->_user) ) {
- phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
- }
- return $this->_user;
- }
-
- /**
- * This method is called to renew the authentication of the user
- * If the user is authenticated, renew the connection
- * If not, redirect to CAS
- * @public
- */
- function renewAuthentication(){
- phpCAS::traceBegin();
- // Either way, the user is authenticated by CAS
- if( isset( $_SESSION['phpCAS']['auth_checked'] ) )
- unset($_SESSION['phpCAS']['auth_checked']);
- if ( $this->isAuthenticated() ) {
- phpCAS::trace('user already authenticated; renew');
- $this->redirectToCas(false,true);
- } else {
- $this->redirectToCas();
- }
- phpCAS::traceEnd();
- }
-
- /**
- * This method is called to be sure that the user is authenticated. When not
- * authenticated, halt by redirecting to the CAS server; otherwise return TRUE.
- * @return TRUE when the user is authenticated; otherwise halt.
- * @public
- */
- function forceAuthentication()
- {
- phpCAS::traceBegin();
-
- if ( $this->isAuthenticated() ) {
- // the user is authenticated, nothing to be done.
- phpCAS::trace('no need to authenticate');
- $res = TRUE;
- } else {
- // the user is not authenticated, redirect to the CAS server
- if (isset($_SESSION['phpCAS']['auth_checked'])) {
- unset($_SESSION['phpCAS']['auth_checked']);
- }
- $this->redirectToCas(FALSE/* no gateway */);
- // never reached
- $res = FALSE;
- }
- phpCAS::traceEnd($res);
- return $res;
- }
-
- /**
- * An integer that gives the number of times authentication will be cached before rechecked.
- *
- * @hideinitializer
- * @private
- */
- var $_cache_times_for_auth_recheck = 0;
-
- /**
- * Set the number of times authentication will be cached before rechecked.
- *
- * @param $n an integer.
- *
- * @public
- */
- function setCacheTimesForAuthRecheck($n)
- {
- $this->_cache_times_for_auth_recheck = $n;
- }
-
- /**
- * This method is called to check whether the user is authenticated or not.
- * @return TRUE when the user is authenticated, FALSE otherwise.
- * @public
- */
- function checkAuthentication()
- {
- phpCAS::traceBegin();
-
- if ( $this->isAuthenticated() ) {
- phpCAS::trace('user is authenticated');
- $res = TRUE;
- } else if (isset($_SESSION['phpCAS']['auth_checked'])) {
- // the previous request has redirected the client to the CAS server with gateway=true
- unset($_SESSION['phpCAS']['auth_checked']);
- $res = FALSE;
- } else {
- // $_SESSION['phpCAS']['auth_checked'] = true;
- // $this->redirectToCas(TRUE/* gateway */);
- // // never reached
- // $res = FALSE;
- // avoid a check against CAS on every request
- if (! isset($_SESSION['phpCAS']['unauth_count']) )
- $_SESSION['phpCAS']['unauth_count'] = -2; // uninitialized
-
- if (($_SESSION['phpCAS']['unauth_count'] != -2 && $this->_cache_times_for_auth_recheck == -1)
- || ($_SESSION['phpCAS']['unauth_count'] >= 0 && $_SESSION['phpCAS']['unauth_count'] < $this->_cache_times_for_auth_recheck))
- {
- $res = FALSE;
-
- if ($this->_cache_times_for_auth_recheck != -1)
- {
- $_SESSION['phpCAS']['unauth_count']++;
- phpCAS::trace('user is not authenticated (cached for '.$_SESSION['phpCAS']['unauth_count'].' times of '.$this->_cache_times_for_auth_recheck.')');
- }
- else
- {
- phpCAS::trace('user is not authenticated (cached for until login pressed)');
- }
- }
- else
- {
- $_SESSION['phpCAS']['unauth_count'] = 0;
- $_SESSION['phpCAS']['auth_checked'] = true;
- phpCAS::trace('user is not authenticated (cache reset)');
- $this->redirectToCas(TRUE/* gateway */);
- // never reached
- $res = FALSE;
- }
- }
- phpCAS::traceEnd($res);
- return $res;
- }
-
- /**
- * This method is called to check if the user is authenticated (previously or by
- * tickets given in the URL).
- *
- * @return TRUE when the user is authenticated.
- *
- * @public
- */
- function isAuthenticated()
- {
- phpCAS::traceBegin();
- $res = FALSE;
- $validate_url = '';
-
- if ( $this->wasPreviouslyAuthenticated() ) {
- // the user has already (previously during the session) been
- // authenticated, nothing to be done.
- phpCAS::trace('user was already authenticated, no need to look for tickets');
- $res = TRUE;
- }
- elseif ( $this->hasST() ) {
- // if a Service Ticket was given, validate it
- phpCAS::trace('ST `'.$this->getST().'\' is present');
- $this->validateST($validate_url,$text_response,$tree_response); // if it fails, it halts
- phpCAS::trace('ST `'.$this->getST().'\' was validated');
- if ( $this->isProxy() ) {
- $this->validatePGT($validate_url,$text_response,$tree_response); // idem
- phpCAS::trace('PGT `'.$this->getPGT().'\' was validated');
- $_SESSION['phpCAS']['pgt'] = $this->getPGT();
- }
- $_SESSION['phpCAS']['user'] = $this->getUser();
- $res = TRUE;
- }
- elseif ( $this->hasPT() ) {
- // if a Proxy Ticket was given, validate it
- phpCAS::trace('PT `'.$this->getPT().'\' is present');
- $this->validatePT($validate_url,$text_response,$tree_response); // note: if it fails, it halts
- phpCAS::trace('PT `'.$this->getPT().'\' was validated');
- if ( $this->isProxy() ) {
- $this->validatePGT($validate_url,$text_response,$tree_response); // idem
- phpCAS::trace('PGT `'.$this->getPGT().'\' was validated');
- $_SESSION['phpCAS']['pgt'] = $this->getPGT();
- }
- $_SESSION['phpCAS']['user'] = $this->getUser();
- $res = TRUE;
- }
- else {
- // no ticket given, not authenticated
- phpCAS::trace('no ticket found');
- }
-
- phpCAS::traceEnd($res);
- return $res;
- }
-
- /**
- * This method tells if the current session is authenticated.
- * @return true if authenticated based soley on $_SESSION variable
- * @since 0.4.22 by Brendan Arnold
- */
- function isSessionAuthenticated ()
- {
- return !empty($_SESSION['phpCAS']['user']);
- }
-
- /**
- * This method tells if the user has already been (previously) authenticated
- * by looking into the session variables.
- *
- * @note This function switches to callback mode when needed.
- *
- * @return TRUE when the user has already been authenticated; FALSE otherwise.
- *
- * @private
- */
- function wasPreviouslyAuthenticated()
- {
- phpCAS::traceBegin();
-
- if ( $this->isCallbackMode() ) {
- $this->callback();
- }
-
- $auth = FALSE;
-
- if ( $this->isProxy() ) {
- // CAS proxy: username and PGT must be present
- if ( $this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt']) ) {
- // authentication already done
- $this->setUser($_SESSION['phpCAS']['user']);
- $this->setPGT($_SESSION['phpCAS']['pgt']);
- phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\', PGT = `'.$_SESSION['phpCAS']['pgt'].'\'');
- $auth = TRUE;
- } elseif ( $this->isSessionAuthenticated() && empty($_SESSION['phpCAS']['pgt']) ) {
- // these two variables should be empty or not empty at the same time
- phpCAS::trace('username found (`'.$_SESSION['phpCAS']['user'].'\') but PGT is empty');
- // unset all tickets to enforce authentication
- unset($_SESSION['phpCAS']);
- $this->setST('');
- $this->setPT('');
- } elseif ( !$this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt']) ) {
- // these two variables should be empty or not empty at the same time
- phpCAS::trace('PGT found (`'.$_SESSION['phpCAS']['pgt'].'\') but username is empty');
- // unset all tickets to enforce authentication
- unset($_SESSION['phpCAS']);
- $this->setST('');
- $this->setPT('');
- } else {
- phpCAS::trace('neither user not PGT found');
- }
- } else {
- // `simple' CAS client (not a proxy): username must be present
- if ( $this->isSessionAuthenticated() ) {
- // authentication already done
- $this->setUser($_SESSION['phpCAS']['user']);
- phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\'');
- $auth = TRUE;
- } else {
- phpCAS::trace('no user found');
- }
- }
-
- phpCAS::traceEnd($auth);
- return $auth;
- }
-
- /**
- * This method is used to redirect the client to the CAS server.
- * It is used by CASClient::forceAuthentication() and CASClient::checkAuthentication().
- * @param $gateway true to check authentication, false to force it
- * @param $renew true to force the authentication with the CAS server
- * @public
- */
- function redirectToCas($gateway=false,$renew=false){
- phpCAS::traceBegin();
- $cas_url = $this->getServerLoginURL($gateway,$renew);
- header('Location: '.$cas_url);
- phpCAS::log( "Redirect to : ".$cas_url );
-
- $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_WANTED));
-
- printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url);
- $this->printHTMLFooter();
- phpCAS::traceExit();
- exit();
- }
-
-// /**
-// * This method is used to logout from CAS.
-// * @param $url a URL that will be transmitted to the CAS server (to come back to when logged out)
-// * @public
-// */
-// function logout($url = "") {
-// phpCAS::traceBegin();
-// $cas_url = $this->getServerLogoutURL();
-// // v0.4.14 sebastien.gougeon at univ-rennes1.fr
-// // header('Location: '.$cas_url);
-// if ( $url != "" ) {
-// // Adam Moore 1.0.0RC2
-// $url = '?service=' . $url . '&url=' . $url;
-// }
-// header('Location: '.$cas_url . $url);
-// session_unset();
-// session_destroy();
-// $this->printHTMLHeader($this->getString(CAS_STR_LOGOUT));
-// printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url);
-// $this->printHTMLFooter();
-// phpCAS::traceExit();
-// exit();
-// }
-
- /**
- * This method is used to logout from CAS.
- * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server
- * @public
- */
- function logout($params) {
- phpCAS::traceBegin();
- $cas_url = $this->getServerLogoutURL();
- $paramSeparator = '?';
- if (isset($params['url'])) {
- $cas_url = $cas_url . $paramSeparator . "url=" . urlencode($params['url']);
- $paramSeparator = '&';
- }
- if (isset($params['service'])) {
- $cas_url = $cas_url . $paramSeparator . "service=" . urlencode($params['service']);
- }
- header('Location: '.$cas_url);
- session_unset();
- session_destroy();
- $this->printHTMLHeader($this->getString(CAS_STR_LOGOUT));
- printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url);
- $this->printHTMLFooter();
- phpCAS::traceExit();
- exit();
- }
-
- /**
- * @return true if the current request is a logout request.
- * @private
- */
- function isLogoutRequest() {
- return !empty($_POST['logoutRequest']);
- }
-
- /**
- * @return true if a logout request is allowed.
- * @private
- */
- function isLogoutRequestAllowed() {
- }
-
- /**
- * This method handles logout requests.
- * @param $check_client true to check the client bofore handling the request,
- * false not to perform any access control. True by default.
- * @param $allowed_clients an array of host names allowed to send logout requests.
- * By default, only the CAs server (declared in the constructor) will be allowed.
- * @public
- */
- function handleLogoutRequests($check_client=true, $allowed_clients=false) {
- phpCAS::traceBegin();
- if (!$this->isLogoutRequest()) {
- phpCAS::log("Not a logout request");
- phpCAS::traceEnd();
- return;
- }
- phpCAS::log("Logout requested");
- phpCAS::log("SAML REQUEST: ".$_POST['logoutRequest']);
- if ($check_client) {
- if (!$allowed_clients) {
- $allowed_clients = array( $this->getServerHostname() );
- }
- $client_ip = $_SERVER['REMOTE_ADDR'];
- $client = gethostbyaddr($client_ip);
- phpCAS::log("Client: ".$client);
- $allowed = false;
- foreach ($allowed_clients as $allowed_client) {
- if ($client == $allowed_client) {
- phpCAS::log("Allowed client '".$allowed_client."' matches, logout request is allowed");
- $allowed = true;
- break;
- } else {
- phpCAS::log("Allowed client '".$allowed_client."' does not match");
- }
- }
- if (!$allowed) {
- phpCAS::error("Unauthorized logout request from client '".$client."'");
- printf("Unauthorized!");
- phpCAS::traceExit();
- exit();
- }
- } else {
- phpCAS::log("No access control set");
- }
- // Extract the ticket from the SAML Request
- preg_match("|<samlp:SessionIndex>(.*)</samlp:SessionIndex>|", $_POST['logoutRequest'], $tick, PREG_OFFSET_CAPTURE, 3);
- $wrappedSamlSessionIndex = preg_replace('|<samlp:SessionIndex>|','',$tick[0][0]);
- $ticket2logout = preg_replace('|</samlp:SessionIndex>|','',$wrappedSamlSessionIndex);
- phpCAS::log("Ticket to logout: ".$ticket2logout);
- $session_id = preg_replace('/[^\w]/','',$ticket2logout);
- phpCAS::log("Session id: ".$session_id);
-
- // fix New session ID
- session_id($session_id);
- $_COOKIE[session_name()]=$session_id;
- $_GET[session_name()]=$session_id;
-
- // Overwrite session
- session_start();
- session_unset();
- session_destroy();
- printf("Disconnected!");
- phpCAS::traceExit();
- exit();
- }
-
- /** @} */
-
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- // XX XX
- // XX BASIC CLIENT FEATURES (CAS 1.0) XX
- // XX XX
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-
- // ########################################################################
- // ST
- // ########################################################################
- /**
- * @addtogroup internalBasic
- * @{
- */
-
- /**
- * the Service Ticket provided in the URL of the request if present
- * (empty otherwise). Written by CASClient::CASClient(), read by
- * CASClient::getST() and CASClient::hasPGT().
- *
- * @hideinitializer
- * @private
- */
- var $_st = '';
-
- /**
- * This method returns the Service Ticket provided in the URL of the request.
- * @return The service ticket.
- * @private
- */
- function getST()
- { return $this->_st; }
-
- /**
- * This method stores the Service Ticket.
- * @param $st The Service Ticket.
- * @private
- */
- function setST($st)
- { $this->_st = $st; }
-
- /**
- * This method tells if a Service Ticket was stored.
- * @return TRUE if a Service Ticket has been stored.
- * @private
- */
- function hasST()
- { return !empty($this->_st); }
-
- /** @} */
-
- // ########################################################################
- // ST VALIDATION
- // ########################################################################
- /**
- * @addtogroup internalBasic
- * @{
- */
-
- /**
- * the certificate of the CAS server.
- *
- * @hideinitializer
- * @private
- */
- var $_cas_server_cert = '';
-
- /**
- * the certificate of the CAS server CA.
- *
- * @hideinitializer
- * @private
- */
- var $_cas_server_ca_cert = '';
-
- /**
- * Set to true not to validate the CAS server.
- *
- * @hideinitializer
- * @private
- */
- var $_no_cas_server_validation = false;
-
- /**
- * Set the certificate of the CAS server.
- *
- * @param $cert the PEM certificate
- */
- function setCasServerCert($cert)
- {
- $this->_cas_server_cert = $cert;
- }
-
- /**
- * Set the CA certificate of the CAS server.
- *
- * @param $cert the PEM certificate of the CA that emited the cert of the server
- */
- function setCasServerCACert($cert)
- {
- $this->_cas_server_ca_cert = $cert;
- }
-
- /**
- * Set no SSL validation for the CAS server.
- */
- function setNoCasServerValidation()
- {
- $this->_no_cas_server_validation = true;
- }
-
- /**
- * This method is used to validate a ST; halt on failure, and sets $validate_url,
- * $text_reponse and $tree_response on success. These parameters are used later
- * by CASClient::validatePGT() for CAS proxies.
- *
- * @param $validate_url the URL of the request to the CAS server.
- * @param $text_response the response of the CAS server, as is (XML text).
- * @param $tree_response the response of the CAS server, as a DOM XML tree.
- *
- * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError().
- *
- * @private
- */
- function validateST($validate_url,&$text_response,&$tree_response)
- {
- phpCAS::traceBegin();
- // build the URL to validate the ticket
- $validate_url = $this->getServerServiceValidateURL().'&ticket='.$this->getST();
- if ( $this->isProxy() ) {
- // pass the callback url for CAS proxies
- $validate_url .= '&pgtUrl='.$this->getCallbackURL();
- }
-
- // open and read the URL
- if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) {
- phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')');
- $this->authError('ST not validated',
- $validate_url,
- TRUE/*$no_response*/);
- }
-
- // analyze the result depending on the version
- switch ($this->getServerVersion()) {
- case CAS_VERSION_1_0:
- if (preg_match('/^no\n/',$text_response)) {
- phpCAS::trace('ST has not been validated');
- $this->authError('ST not validated',
- $validate_url,
- FALSE/*$no_response*/,
- FALSE/*$bad_response*/,
- $text_response);
- }
- if (!preg_match('/^yes\n/',$text_response)) {
- phpCAS::trace('ill-formed response');
- $this->authError('ST not validated',
- $validate_url,
- FALSE/*$no_response*/,
- TRUE/*$bad_response*/,
- $text_response);
- }
- // ST has been validated, extract the user name
- $arr = preg_split('/\n/',$text_response);
- $this->setUser(trim($arr[1]));
- break;
- case CAS_VERSION_2_0:
- // read the response of the CAS server into a DOM object
- if ( !($dom = domxml_open_mem($text_response))) {
- phpCAS::trace('domxml_open_mem() failed');
- $this->authError('ST not validated',
- $validate_url,
- FALSE/*$no_response*/,
- TRUE/*$bad_response*/,
- $text_response);
- }
- // read the root node of the XML tree
- if ( !($tree_response = $dom->document_element()) ) {
- phpCAS::trace('document_element() failed');
- $this->authError('ST not validated',
- $validate_url,
- FALSE/*$no_response*/,
- TRUE/*$bad_response*/,
- $text_response);
- }
- // insure that tag name is 'serviceResponse'
- if ( $tree_response->node_name() != 'serviceResponse' ) {
- phpCAS::trace('bad XML root node (should be `serviceResponse\' instead of `'.$tree_response->node_name().'\'');
- $this->authError('ST not validated',
- $validate_url,
- FALSE/*$no_response*/,
- TRUE/*$bad_response*/,
- $text_response);
- }
- if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("authenticationSuccess")) != 0) {
- // authentication succeded, extract the user name
- if ( sizeof($user_elements = $success_elements[0]->get_elements_by_tagname("user")) == 0) {
- phpCAS::trace('<authenticationSuccess> found, but no <user>');
- $this->authError('ST not validated',
- $validate_url,
- FALSE/*$no_response*/,
- TRUE/*$bad_response*/,
- $text_response);
- }
- $user = trim($user_elements[0]->get_content());
- phpCAS::trace('user = `'.$user);
- $this->setUser($user);
-
- } else if ( sizeof($failure_elements = $tree_response->get_elements_by_tagname("authenticationFailure")) != 0) {
- phpCAS::trace('<authenticationFailure> found');
- // authentication failed, extract the error code and message
- $this->authError('ST not validated',
- $validate_url,
- FALSE/*$no_response*/,
- FALSE/*$bad_response*/,
- $text_response,
- $failure_elements[0]->get_attribute('code')/*$err_code*/,
- trim($failure_elements[0]->get_content())/*$err_msg*/);
- } else {
- phpCAS::trace('neither <authenticationSuccess> nor <authenticationFailure> found');
- $this->authError('ST not validated',
- $validate_url,
- FALSE/*$no_response*/,
- TRUE/*$bad_response*/,
- $text_response);
- }
- break;
- }
-
- // at this step, ST has been validated and $this->_user has been set,
- phpCAS::traceEnd(TRUE);
- return TRUE;
- }
-
- /** @} */
-
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- // XX XX
- // XX PROXY FEATURES (CAS 2.0) XX
- // XX XX
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-
- // ########################################################################
- // PROXYING
- // ########################################################################
- /**
- * @addtogroup internalProxy
- * @{
- */
-
- /**
- * A boolean telling if the client is a CAS proxy or not. Written by CASClient::CASClient(),
- * read by CASClient::isProxy().
- *
- * @private
- */
- var $_proxy;
-
- /**
- * Tells if a CAS client is a CAS proxy or not
- *
- * @return TRUE when the CAS client is a CAs proxy, FALSE otherwise
- *
- * @private
- */
- function isProxy()
- {
- return $this->_proxy;
- }
-
- /** @} */
- // ########################################################################
- // PGT
- // ########################################################################
- /**
- * @addtogroup internalProxy
- * @{
- */
-
- /**
- * the Proxy Grnting Ticket given by the CAS server (empty otherwise).
- * Written by CASClient::setPGT(), read by CASClient::getPGT() and CASClient::hasPGT().
- *
- * @hideinitializer
- * @private
- */
- var $_pgt = '';
-
- /**
- * This method returns the Proxy Granting Ticket given by the CAS server.
- * @return The Proxy Granting Ticket.
- * @private
- */
- function getPGT()
- { return $this->_pgt; }
-
- /**
- * This method stores the Proxy Granting Ticket.
- * @param $pgt The Proxy Granting Ticket.
- * @private
- */
- function setPGT($pgt)
- { $this->_pgt = $pgt; }
-
- /**
- * This method tells if a Proxy Granting Ticket was stored.
- * @return TRUE if a Proxy Granting Ticket has been stored.
- * @private
- */
- function hasPGT()
- { return !empty($this->_pgt); }
-
- /** @} */
-
- // ########################################################################
- // CALLBACK MODE
- // ########################################################################
- /**
- * @addtogroup internalCallback
- * @{
- */
- /**
- * each PHP script using phpCAS in proxy mode is its own callback to get the
- * PGT back from the CAS server. callback_mode is detected by the constructor
- * thanks to the GET parameters.
- */
-
- /**
- * a boolean to know if the CAS client is running in callback mode. Written by
- * CASClient::setCallBackMode(), read by CASClient::isCallbackMode().
- *
- * @hideinitializer
- * @private
- */
- var $_callback_mode = FALSE;
-
- /**
- * This method sets/unsets callback mode.
- *
- * @param $callback_mode TRUE to set callback mode, FALSE otherwise.
- *
- * @private
- */
- function setCallbackMode($callback_mode)
- {
- $this->_callback_mode = $callback_mode;
- }
-
- /**
- * This method returns TRUE when the CAs client is running i callback mode,
- * FALSE otherwise.
- *
- * @return A boolean.
- *
- * @private
- */
- function isCallbackMode()
- {
- return $this->_callback_mode;
- }
-
- /**
- * the URL that should be used for the PGT callback (in fact the URL of the
- * current request without any CGI parameter). Written and read by
- * CASClient::getCallbackURL().
- *
- * @hideinitializer
- * @private
- */
- var $_callback_url = '';
-
- /**
- * This method returns the URL that should be used for the PGT callback (in
- * fact the URL of the current request without any CGI parameter, except if
- * phpCAS::setFixedCallbackURL() was used).
- *
- * @return The callback URL
- *
- * @private
- */
- function getCallbackURL()
- {
- // the URL is built when needed only
- if ( empty($this->_callback_url) ) {
- $final_uri = '';
- // remove the ticket if present in the URL
- $final_uri = 'https://';
- /* replaced by Julien Marchal - v0.4.6
- * $this->uri .= $_SERVER['SERVER_NAME'];
- */
- if(empty($_SERVER['HTTP_X_FORWARDED_SERVER'])){
- /* replaced by teedog - v0.4.12
- * $final_uri .= $_SERVER['SERVER_NAME'];
- */
- if (empty($_SERVER['SERVER_NAME'])) {
- $final_uri .= $_SERVER['HTTP_HOST'];
- } else {
- $final_uri .= $_SERVER['SERVER_NAME'];
- }
- } else {
- $final_uri .= $_SERVER['HTTP_X_FORWARDED_SERVER'];
- }
- if ( ($this->isHttps() && $_SERVER['SERVER_PORT']!=443)
- || (!$this->isHttps() && $_SERVER['SERVER_PORT']!=80) ) {
- $final_uri .= ':';
- $final_uri .= $_SERVER['SERVER_PORT'];
- }
- $request_uri = $_SERVER['REQUEST_URI'];
- $request_uri = preg_replace('/\?.*$/','',$request_uri);
- $final_uri .= $request_uri;
- $this->setCallbackURL($final_uri);
- }
- return $this->_callback_url;
- }
-
- /**
- * This method sets the callback url.
- *
- * @param $callback_url url to set callback
- *
- * @private
- */
- function setCallbackURL($url)
- {
- return $this->_callback_url = $url;
- }
-
- /**
- * This method is called by CASClient::CASClient() when running in callback
- * mode. It stores the PGT and its PGT Iou, prints its output and halts.
- *
- * @private
- */
- function callback()
- {
- phpCAS::traceBegin();
- $this->printHTMLHeader('phpCAS callback');
- $pgt_iou = $_GET['pgtIou'];
- $pgt = $_GET['pgtId'];
- phpCAS::trace('Storing PGT `'.$pgt.'\' (id=`'.$pgt_iou.'\')');
- echo '<p>Storing PGT `'.$pgt.'\' (id=`'.$pgt_iou.'\').</p>';
- $this->storePGT($pgt,$pgt_iou);
- $this->printHTMLFooter();
- phpCAS::traceExit();
- }
-
- /** @} */
-
- // ########################################################################
- // PGT STORAGE
- // ########################################################################
- /**
- * @addtogroup internalPGTStorage
- * @{
- */
-
- /**
- * an instance of a class inheriting of PGTStorage, used to deal with PGT
- * storage. Created by CASClient::setPGTStorageFile() or CASClient::setPGTStorageDB(), used
- * by CASClient::setPGTStorageFile(), CASClient::setPGTStorageDB() and CASClient::initPGTStorage().
- *
- * @hideinitializer
- * @private
- */
- var $_pgt_storage = null;
-
- /**
- * This method is used to initialize the storage of PGT's.
- * Halts on error.
- *
- * @private
- */
- function initPGTStorage()
- {
- // if no SetPGTStorageXxx() has been used, default to file
- if ( !is_object($this->_pgt_storage) ) {
- $this->setPGTStorageFile();
- }
-
- // initializes the storage
- $this->_pgt_storage->init();
- }
-
- /**
- * This method stores a PGT. Halts on error.
- *
- * @param $pgt the PGT to store
- * @param $pgt_iou its corresponding Iou
- *
- * @private
- */
- function storePGT($pgt,$pgt_iou)
- {
- // ensure that storage is initialized
- $this->initPGTStorage();
- // writes the PGT
- $this->_pgt_storage->write($pgt,$pgt_iou);
- }
-
- /**
- * This method reads a PGT from its Iou and deletes the corresponding storage entry.
- *
- * @param $pgt_iou the PGT Iou
- *
- * @return The PGT corresponding to the Iou, FALSE when not found.
- *
- * @private
- */
- function loadPGT($pgt_iou)
- {
- // ensure that storage is initialized
- $this->initPGTStorage();
- // read the PGT
- return $this->_pgt_storage->read($pgt_iou);
- }
-
- /**
- * This method is used to tell phpCAS to store the response of the
- * CAS server to PGT requests onto the filesystem.
- *
- * @param $format the format used to store the PGT's (`plain' and `xml' allowed)
- * @param $path the path where the PGT's should be stored
- *
- * @public
- */
- function setPGTStorageFile($format='',
- $path='')
- {
- // check that the storage has not already been set
- if ( is_object($this->_pgt_storage) ) {
- phpCAS::error('PGT storage already defined');
- }
-
- // create the storage object
- $this->_pgt_storage = &new PGTStorageFile($this,$format,$path);
- }
-
- /**
- * This method is used to tell phpCAS to store the response of the
- * CAS server to PGT requests into a database.
- * @note The connection to the database is done only when needed.
- * As a consequence, bad parameters are detected only when
- * initializing PGT storage.
- *
- * @param $user the user to access the data with
- * @param $password the user's password
- * @param $database_type the type of the database hosting the data
- * @param $hostname the server hosting the database
- * @param $port the port the server is listening on
- * @param $database the name of the database
- * @param $table the name of the table storing the data
- *
- * @public
- */
- function setPGTStorageDB($user,
- $password,
- $database_type,
- $hostname,
- $port,
- $database,
- $table)
- {
- // check that the storage has not already been set
- if ( is_object($this->_pgt_storage) ) {
- phpCAS::error('PGT storage already defined');
- }
-
- // warn the user that he should use file storage...
- trigger_error('PGT storage into database is an experimental feature, use at your own risk',E_USER_WARNING);
-
- // create the storage object
- $this->_pgt_storage = & new PGTStorageDB($this,$user,$password,$database_type,$hostname,$port,$database,$table);
- }
-
- // ########################################################################
- // PGT VALIDATION
- // ########################################################################
- /**
- * This method is used to validate a PGT; halt on failure.
- *
- * @param $validate_url the URL of the request to the CAS server.
- * @param $text_response the response of the CAS server, as is (XML text); result
- * of CASClient::validateST() or CASClient::validatePT().
- * @param $tree_response the response of the CAS server, as a DOM XML tree; result
- * of CASClient::validateST() or CASClient::validatePT().
- *
- * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError().
- *
- * @private
- */
- function validatePGT(&$validate_url,$text_response,$tree_response)
- {
- phpCAS::traceBegin();
- if ( sizeof($arr = $tree_response->get_elements_by_tagname("proxyGrantingTicket")) == 0) {
- phpCAS::trace('<proxyGrantingTicket> not found');
- // authentication succeded, but no PGT Iou was transmitted
- $this->authError('Ticket validated but no PGT Iou transmitted',
- $validate_url,
- FALSE/*$no_response*/,
- FALSE/*$bad_response*/,
- $text_response);
- } else {
- // PGT Iou transmitted, extract it
- $pgt_iou = trim($arr[0]->get_content());
- $pgt = $this->loadPGT($pgt_iou);
- if ( $pgt == FALSE ) {
- phpCAS::trace('could not load PGT');
- $this->authError('PGT Iou was transmitted but PGT could not be retrieved',
- $validate_url,
- FALSE/*$no_response*/,
- FALSE/*$bad_response*/,
- $text_response);
- }
- $this->setPGT($pgt);
- }
- phpCAS::traceEnd(TRUE);
- return TRUE;
- }
-
- // ########################################################################
- // PGT VALIDATION
- // ########################################################################
-
- /**
- * This method is used to retrieve PT's from the CAS server thanks to a PGT.
- *
- * @param $target_service the service to ask for with the PT.
- * @param $err_code an error code (PHPCAS_SERVICE_OK on success).
- * @param $err_msg an error message (empty on success).
- *
- * @return a Proxy Ticket, or FALSE on error.
- *
- * @private
- */
- function retrievePT($target_service,&$err_code,&$err_msg)
- {
- phpCAS::traceBegin();
-
- // by default, $err_msg is set empty and $pt to TRUE. On error, $pt is
- // set to false and $err_msg to an error message. At the end, if $pt is FALSE
- // and $error_msg is still empty, it is set to 'invalid response' (the most
- // commonly encountered error).
- $err_msg = '';
-
- // build the URL to retrieve the PT
- // $cas_url = $this->getServerProxyURL().'?targetService='.preg_replace('/&/','%26',$target_service).'&pgt='.$this->getPGT();
- $cas_url = $this->getServerProxyURL().'?targetService='.urlencode($target_service).'&pgt='.$this->getPGT();
-
- // open and read the URL
- if ( !$this->readURL($cas_url,''/*cookies*/,$headers,$cas_response,$err_msg) ) {
- phpCAS::trace('could not open URL \''.$cas_url.'\' to validate ('.$err_msg.')');
- $err_code = PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE;
- $err_msg = 'could not retrieve PT (no response from the CAS server)';
- phpCAS::traceEnd(FALSE);
- return FALSE;
- }
-
- $bad_response = FALSE;
-
- if ( !$bad_response ) {
- // read the response of the CAS server into a DOM object
- if ( !($dom = @domxml_open_mem($cas_response))) {
- phpCAS::trace('domxml_open_mem() failed');
- // read failed
- $bad_response = TRUE;
- }
- }
-
- if ( !$bad_response ) {
- // read the root node of the XML tree
- if ( !($root = $dom->document_element()) ) {
- phpCAS::trace('document_element() failed');
- // read failed
- $bad_response = TRUE;
- }
- }
-
- if ( !$bad_response ) {
- // insure that tag name is 'serviceResponse'
- if ( $root->node_name() != 'serviceResponse' ) {
- phpCAS::trace('node_name() failed');
- // bad root node
- $bad_response = TRUE;
- }
- }
-
- if ( !$bad_response ) {
- // look for a proxySuccess tag
- if ( sizeof($arr = $root->get_elements_by_tagname("proxySuccess")) != 0) {
- // authentication succeded, look for a proxyTicket tag
- if ( sizeof($arr = $root->get_elements_by_tagname("proxyTicket")) != 0) {
- $err_code = PHPCAS_SERVICE_OK;
- $err_msg = '';
- phpCAS::trace('original PT: '.trim($arr[0]->get_content()));
- $pt = trim($arr[0]->get_content());
- phpCAS::traceEnd($pt);
- return $pt;
- } else {
- phpCAS::trace('<proxySuccess> was found, but not <proxyTicket>');
- }
- }
- // look for a proxyFailure tag
- else if ( sizeof($arr = $root->get_elements_by_tagname("proxyFailure")) != 0) {
- // authentication failed, extract the error
- $err_code = PHPCAS_SERVICE_PT_FAILURE;
- $err_msg = 'PT retrieving failed (code=`'
- .$arr[0]->get_attribute('code')
- .'\', message=`'
- .trim($arr[0]->get_content())
- .'\')';
- phpCAS::traceEnd(FALSE);
- return FALSE;
- } else {
- phpCAS::trace('neither <proxySuccess> nor <proxyFailure> found');
- }
- }
-
- // at this step, we are sure that the response of the CAS server was ill-formed
- $err_code = PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE;
- $err_msg = 'Invalid response from the CAS server (response=`'.$cas_response.'\')';
-
- phpCAS::traceEnd(FALSE);
- return FALSE;
- }
-
- // ########################################################################
- // ACCESS TO EXTERNAL SERVICES
- // ########################################################################
-
- /**
- * This method is used to acces a remote URL.
- *
- * @param $url the URL to access.
- * @param $cookies an array containing cookies strings such as 'name=val'
- * @param $headers an array containing the HTTP header lines of the response
- * (an empty array on failure).
- * @param $body the body of the response, as a string (empty on failure).
- * @param $err_msg an error message, filled on failure.
- *
- * @return TRUE on success, FALSE otherwise (in this later case, $err_msg
- * contains an error message).
- *
- * @private
- */
- function readURL($url,$cookies,&$headers,&$body,&$err_msg)
- {
- phpCAS::traceBegin();
- $headers = '';
- $body = '';
- $err_msg = '';
-
- $res = TRUE;
-
- // initialize the CURL session
- $ch = curl_init($url);
-
- if (version_compare(PHP_VERSION,'5.1.3','>=')) {
- //only avaible in php5
- curl_setopt_array($ch, $this->_curl_options);
- } else {
- foreach ($this->_curl_options as $key => $value) {
- curl_setopt($ch, $key, $value);
- }
- }
-
- if ($this->_cas_server_cert == '' && $this->_cas_server_ca_cert == '' && !$this->_no_cas_server_validation) {
- phpCAS::error('one of the methods phpCAS::setCasServerCert(), phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.');
- }
- if ($this->_cas_server_cert != '' ) {
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
- curl_setopt($ch, CURLOPT_SSLCERT, $this->_cas_server_cert);
- } else if ($this->_cas_server_ca_cert != '') {
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
- curl_setopt($ch, CURLOPT_CAINFO, $this->_cas_server_ca_cert);
- } else {
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
- }
-
- // return the CURL output into a variable
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- // get the HTTP header with a callback
- $this->_curl_headers = array(); // empty the headers array
- curl_setopt($ch, CURLOPT_HEADERFUNCTION, array($this, '_curl_read_headers'));
- // add cookies headers
- if ( is_array($cookies) ) {
- curl_setopt($ch,CURLOPT_COOKIE,implode(';',$cookies));
- }
- // perform the query
- $buf = curl_exec ($ch);
- if ( $buf === FALSE ) {
- phpCAS::trace('curl_exec() failed');
- $err_msg = 'CURL error #'.curl_errno($ch).': '.curl_error($ch);
- // close the CURL session
- curl_close ($ch);
- $res = FALSE;
- } else {
- // close the CURL session
- curl_close ($ch);
-
- $headers = $this->_curl_headers;
- $body = $buf;
- }
-
- phpCAS::traceEnd($res);
- return $res;
- }
-
- /**
- * This method is the callback used by readURL method to request HTTP headers.
- */
- var $_curl_headers = array();
- function _curl_read_headers($ch, $header)
- {
- $this->_curl_headers[] = $header;
- return strlen($header);
- }
-
- /**
- * This method is used to access an HTTP[S] service.
- *
- * @param $url the service to access.
- * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
- * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
- * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
- * @param $output the output of the service (also used to give an error
- * message on failure).
- *
- * @return TRUE on success, FALSE otherwise (in this later case, $err_code
- * gives the reason why it failed and $output contains an error message).
- *
- * @public
- */
- function serviceWeb($url,&$err_code,&$output)
- {
- phpCAS::traceBegin();
- // at first retrieve a PT
- $pt = $this->retrievePT($url,$err_code,$output);
-
- $res = TRUE;
-
- // test if PT was retrieved correctly
- if ( !$pt ) {
- // note: $err_code and $err_msg are filled by CASClient::retrievePT()
- phpCAS::trace('PT was not retrieved correctly');
- $res = FALSE;
- } else {
- // add cookies if necessary
- if ( is_array($_SESSION['phpCAS']['services'][$url]['cookies']) ) {
- foreach ( $_SESSION['phpCAS']['services'][$url]['cookies'] as $name => $val ) {
- $cookies[] = $name.'='.$val;
- }
- }
-
- // build the URL including the PT
- if ( strstr($url,'?') === FALSE ) {
- $service_url = $url.'?ticket='.$pt;
- } else {
- $service_url = $url.'&ticket='.$pt;
- }
-
- phpCAS::trace('reading URL`'.$service_url.'\'');
- if ( !$this->readURL($service_url,$cookies,$headers,$output,$err_msg) ) {
- phpCAS::trace('could not read URL`'.$service_url.'\'');
- $err_code = PHPCAS_SERVICE_NOT_AVAILABLE;
- // give an error message
- $output = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE),
- $service_url,
- $err_msg);
- $res = FALSE;
- } else {
- // URL has been fetched, extract the cookies
- phpCAS::trace('URL`'.$service_url.'\' has been read, storing cookies:');
- foreach ( $headers as $header ) {
- // test if the header is a cookie
- if ( preg_match('/^Set-Cookie:/',$header) ) {
- // the header is a cookie, remove the beginning
- $header_val = preg_replace('/^Set-Cookie: */','',$header);
- // extract interesting information
- $name_val = strtok($header_val,'; ');
- // extract the name and the value of the cookie
- $cookie_name = strtok($name_val,'=');
- $cookie_val = strtok('=');
- // store the cookie
- $_SESSION['phpCAS']['services'][$url]['cookies'][$cookie_name] = $cookie_val;
- phpCAS::trace($cookie_name.' -> '.$cookie_val);
- }
- }
- }
- }
-
- phpCAS::traceEnd($res);
- return $res;
- }
-
- /**
- * This method is used to access an IMAP/POP3/NNTP service.
- *
- * @param $url a string giving the URL of the service, including the mailing box
- * for IMAP URLs, as accepted by imap_open().
- * @param $flags options given to imap_open().
- * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
- * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
- * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
- * @param $err_msg an error message on failure
- * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL
- * on success, FALSE on error).
- *
- * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code
- * gives the reason why it failed and $err_msg contains an error message).
- *
- * @public
- */
- function serviceMail($url,$flags,&$err_code,&$err_msg,&$pt)
- {
- phpCAS::traceBegin();
- // at first retrieve a PT
- $pt = $this->retrievePT($target_service,$err_code,$output);
-
- $stream = FALSE;
-
- // test if PT was retrieved correctly
- if ( !$pt ) {
- // note: $err_code and $err_msg are filled by CASClient::retrievePT()
- phpCAS::trace('PT was not retrieved correctly');
- } else {
- phpCAS::trace('opening IMAP URL `'.$url.'\'...');
- $stream = @imap_open($url,$this->getUser(),$pt,$flags);
- if ( !$stream ) {
- phpCAS::trace('could not open URL');
- $err_code = PHPCAS_SERVICE_NOT_AVAILABLE;
- // give an error message
- $err_msg = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE),
- $service_url,
- var_export(imap_errors(),TRUE));
- $pt = FALSE;
- $stream = FALSE;
- } else {
- phpCAS::trace('ok');
- }
- }
-
- phpCAS::traceEnd($stream);
- return $stream;
- }
-
- /** @} */
-
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- // XX XX
- // XX PROXIED CLIENT FEATURES (CAS 2.0) XX
- // XX XX
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-
- // ########################################################################
- // PT
- // ########################################################################
- /**
- * @addtogroup internalProxied
- * @{
- */
-
- /**
- * the Proxy Ticket provided in the URL of the request if present
- * (empty otherwise). Written by CASClient::CASClient(), read by
- * CASClient::getPT() and CASClient::hasPGT().
- *
- * @hideinitializer
- * @private
- */
- var $_pt = '';
-
- /**
- * This method returns the Proxy Ticket provided in the URL of the request.
- * @return The proxy ticket.
- * @private
- */
- function getPT()
- {
- // return 'ST'.substr($this->_pt, 2);
- return $this->_pt;
- }
-
- /**
- * This method stores the Proxy Ticket.
- * @param $pt The Proxy Ticket.
- * @private
- */
- function setPT($pt)
- { $this->_pt = $pt; }
-
- /**
- * This method tells if a Proxy Ticket was stored.
- * @return TRUE if a Proxy Ticket has been stored.
- * @private
- */
- function hasPT()
- { return !empty($this->_pt); }
-
- /** @} */
- // ########################################################################
- // PT VALIDATION
- // ########################################################################
- /**
- * @addtogroup internalProxied
- * @{
- */
-
- /**
- * This method is used to validate a PT; halt on failure
- *
- * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError().
- *
- * @private
- */
- function validatePT(&$validate_url,&$text_response,&$tree_response)
- {
- phpCAS::traceBegin();
- // build the URL to validate the ticket
- $validate_url = $this->getServerProxyValidateURL().'&ticket='.$this->getPT();
-
- if ( $this->isProxy() ) {
- // pass the callback url for CAS proxies
- $validate_url .= '&pgtUrl='.$this->getCallbackURL();
- }
-
- // open and read the URL
- if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) {
- phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')');
- $this->authError('PT not validated',
- $validate_url,
- TRUE/*$no_response*/);
- }
-
- // read the response of the CAS server into a DOM object
- if ( !($dom = domxml_open_mem($text_response))) {
- // read failed
- $this->authError('PT not validated',
- $validate_url,
- FALSE/*$no_response*/,
- TRUE/*$bad_response*/,
- $text_response);
- }
- // read the root node of the XML tree
- if ( !($tree_response = $dom->document_element()) ) {
- // read failed
- $this->authError('PT not validated',
- $validate_url,
- FALSE/*$no_response*/,
- TRUE/*$bad_response*/,
- $text_response);
- }
- // insure that tag name is 'serviceResponse'
- if ( $tree_response->node_name() != 'serviceResponse' ) {
- // bad root node
- $this->authError('PT not validated',
- $validate_url,
- FALSE/*$no_response*/,
- TRUE/*$bad_response*/,
- $text_response);
- }
- if ( sizeof($arr = $tree_response->get_elements_by_tagname("authenticationSuccess")) != 0) {
- // authentication succeded, extract the user name
- if ( sizeof($arr = $tree_response->get_elements_by_tagname("user")) == 0) {
- // no user specified => error
- $this->authError('PT not validated',
- $validate_url,
- FALSE/*$no_response*/,
- TRUE/*$bad_response*/,
- $text_response);
- }
- $this->setUser(trim($arr[0]->get_content()));
-
- } else if ( sizeof($arr = $tree_response->get_elements_by_tagname("authenticationFailure")) != 0) {
- // authentication succeded, extract the error code and message
- $this->authError('PT not validated',
- $validate_url,
- FALSE/*$no_response*/,
- FALSE/*$bad_response*/,
- $text_response,
- $arr[0]->get_attribute('code')/*$err_code*/,
- trim($arr[0]->get_content())/*$err_msg*/);
- } else {
- $this->authError('PT not validated',
- $validate_url,
- FALSE/*$no_response*/,
- TRUE/*$bad_response*/,
- $text_response);
- }
-
- // at this step, PT has been validated and $this->_user has been set,
-
- phpCAS::traceEnd(TRUE);
- return TRUE;
- }
-
- /** @} */
-
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- // XX XX
- // XX MISC XX
- // XX XX
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-
- /**
- * @addtogroup internalMisc
- * @{
- */
-
- // ########################################################################
- // URL
- // ########################################################################
- /**
- * the URL of the current request (without any ticket CGI parameter). Written
- * and read by CASClient::getURL().
- *
- * @hideinitializer
- * @private
- */
- var $_url = '';
-
- /**
- * This method returns the URL of the current request (without any ticket
- * CGI parameter).
- *
- * @return The URL
- *
- * @private
- */
- function getURL()
- {
- phpCAS::traceBegin();
- // the URL is built when needed only
- if ( empty($this->_url) ) {
- $final_uri = '';
- // remove the ticket if present in the URL
- $final_uri = ($this->isHttps()) ? 'https' : 'http';
- $final_uri .= '://';
- /* replaced by Julien Marchal - v0.4.6
- * $this->_url .= $_SERVER['SERVER_NAME'];
- */
- if(empty($_SERVER['HTTP_X_FORWARDED_SERVER'])){
- /* replaced by teedog - v0.4.12
- * $this->_url .= $_SERVER['SERVER_NAME'];
- */
- if (empty($_SERVER['SERVER_NAME'])) {
- $server_name = $_SERVER['HTTP_HOST'];
- } else {
- $server_name = $_SERVER['SERVER_NAME'];
- }
- } else {
- $server_name = $_SERVER['HTTP_X_FORWARDED_SERVER'];
- }
- $final_uri .= $server_name;
- if (!strpos($server_name, ':')) {
- if ( ($this->isHttps() && $_SERVER['SERVER_PORT']!=443)
- || (!$this->isHttps() && $_SERVER['SERVER_PORT']!=80) ) {
- $final_uri .= ':';
- $final_uri .= $_SERVER['SERVER_PORT'];
- }
- }
-
- $final_uri .= strtok($_SERVER['REQUEST_URI'],"?");
- $cgi_params = '?'.strtok("?");
- // remove the ticket if present in the CGI parameters
- $cgi_params = preg_replace('/&ticket=[^&]*/','',$cgi_params);
- $cgi_params = preg_replace('/\?ticket=[^&;]*/','?',$cgi_params);
- $cgi_params = preg_replace('/\?%26/','?',$cgi_params);
- $cgi_params = preg_replace('/\?&/','?',$cgi_params);
- $cgi_params = preg_replace('/\?$/','',$cgi_params);
- $final_uri .= $cgi_params;
- $this->setURL($final_uri);
- }
- phpCAS::traceEnd($this->_url);
- return $this->_url;
- }
-
- /**
- * This method sets the URL of the current request
- *
- * @param $url url to set for service
- *
- * @private
- */
- function setURL($url)
- {
- $this->_url = $url;
- }
-
- // ########################################################################
- // AUTHENTICATION ERROR HANDLING
- // ########################################################################
- /**
- * This method is used to print the HTML output when the user was not authenticated.
- *
- * @param $failure the failure that occured
- * @param $cas_url the URL the CAS server was asked for
- * @param $no_response the response from the CAS server (other
- * parameters are ignored if TRUE)
- * @param $bad_response bad response from the CAS server ($err_code
- * and $err_msg ignored if TRUE)
- * @param $cas_response the response of the CAS server
- * @param $err_code the error code given by the CAS server
- * @param $err_msg the error message given by the CAS server
- *
- * @private
- */
- function authError($failure,$cas_url,$no_response,$bad_response='',$cas_response='',$err_code='',$err_msg='')
- {
- phpCAS::traceBegin();
-
- $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_FAILED));
- printf($this->getString(CAS_STR_YOU_WERE_NOT_AUTHENTICATED),$this->getURL(),$_SERVER['SERVER_ADMIN']);
- phpCAS::trace('CAS URL: '.$cas_url);
- phpCAS::trace('Authentication failure: '.$failure);
- if ( $no_response ) {
- phpCAS::trace('Reason: no response from the CAS server');
- } else {
- if ( $bad_response ) {
- phpCAS::trace('Reason: bad response from the CAS server');
- } else {
- switch ($this->getServerVersion()) {
- case CAS_VERSION_1_0:
- phpCAS::trace('Reason: CAS error');
- break;
- case CAS_VERSION_2_0:
- if ( empty($err_code) )
- phpCAS::trace('Reason: no CAS error');
- else
- phpCAS::trace('Reason: ['.$err_code.'] CAS error: '.$err_msg);
- break;
- }
- }
- phpCAS::trace('CAS response: '.$cas_response);
- }
- $this->printHTMLFooter();
- phpCAS::traceExit();
- exit();
- }
-
- /** @} */
-}
-
+ header('Location: '.$this->getURL()); + } + + //activate session mechanism if desired + if (!$this->isLogoutRequest() && $start_session) { + session_start(); + } + + $this->_proxy = $proxy; + + //check version + switch ($server_version) { + case CAS_VERSION_1_0: + if ( $this->isProxy() ) + phpCAS::error('CAS proxies are not supported in CAS ' + .$server_version); + break; + case CAS_VERSION_2_0: + break; + default: + phpCAS::error('this version of CAS (`' + .$server_version + .'\') is not supported by phpCAS ' + .phpCAS::getVersion()); + } + $this->_server['version'] = $server_version; + + //check hostname + if ( empty($server_hostname) + || !preg_match('/[\.\d\-abcdefghijklmnopqrstuvwxyz]*/',$server_hostname) ) { + phpCAS::error('bad CAS server hostname (`'.$server_hostname.'\')'); + } + $this->_server['hostname'] = $server_hostname; + + //check port + if ( $server_port == 0 + || !is_int($server_port) ) { + phpCAS::error('bad CAS server port (`'.$server_hostname.'\')'); + } + $this->_server['port'] = $server_port; + + //check URI + if ( !preg_match('/[\.\d\-_abcdefghijklmnopqrstuvwxyz\/]*/',$server_uri) ) { + phpCAS::error('bad CAS server URI (`'.$server_uri.'\')'); + } + //add leading and trailing `/' and remove doubles + $server_uri = preg_replace('/\/\//','/','/'.$server_uri.'/'); + $this->_server['uri'] = $server_uri; + + //set to callback mode if PgtIou and PgtId CGI GET parameters are provided + if ( $this->isProxy() ) { + $this->setCallbackMode(!empty($_GET['pgtIou'])&&!empty($_GET['pgtId'])); + } + + if ( $this->isCallbackMode() ) { + //callback mode: check that phpCAS is secured + if ( !$this->isHttps() ) { + phpCAS::error('CAS proxies must be secured to use phpCAS; PGT\'s will not be received from the CAS server'); + } + } else { + //normal mode: get ticket and remove it from CGI parameters for developpers + $ticket = (isset($_GET['ticket']) ? $_GET['ticket'] : null); + switch ($this->getServerVersion()) { + case CAS_VERSION_1_0: // check for a Service Ticket + if( preg_match('/^ST-/',$ticket) ) { + phpCAS::trace('ST \''.$ticket.'\' found'); + //ST present + $this->setST($ticket); + //ticket has been taken into account, unset it to hide it to applications + unset($_GET['ticket']); + } else if ( !empty($ticket) ) { + //ill-formed ticket, halt + phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')'); + } + break; + case CAS_VERSION_2_0: // check for a Service or Proxy Ticket + if( preg_match('/^[SP]T-/',$ticket) ) { + phpCAS::trace('ST or PT \''.$ticket.'\' found'); + $this->setPT($ticket); + unset($_GET['ticket']); + } else if ( !empty($ticket) ) { + //ill-formed ticket, halt + phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')'); + } + break; + } + } + phpCAS::traceEnd(); + } + + /** @} */ + + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + // XX XX + // XX AUTHENTICATION XX + // XX XX + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + + /** + * @addtogroup internalAuthentication + * @{ + */ + + /** + * The Authenticated user. Written by CASClient::setUser(), read by CASClient::getUser(). + * @attention client applications should use phpCAS::getUser(). + * + * @hideinitializer + * @private + */ + var $_user = ''; + + /** + * This method sets the CAS user's login name. + * + * @param $user the login name of the authenticated user. + * + * @private + */ + function setUser($user) + { + $this->_user = $user; + } + + /** + * This method returns the CAS user's login name. + * @warning should be called only after CASClient::forceAuthentication() or + * CASClient::isAuthenticated(), otherwise halt with an error. + * + * @return the login name of the authenticated user + */ + function getUser() + { + if ( empty($this->_user) ) { + phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'); + } + return $this->_user; + } + + /** + * This method is called to renew the authentication of the user + * If the user is authenticated, renew the connection + * If not, redirect to CAS + * @public + */ + function renewAuthentication(){ + phpCAS::traceBegin(); + // Either way, the user is authenticated by CAS + if( isset( $_SESSION['phpCAS']['auth_checked'] ) ) + unset($_SESSION['phpCAS']['auth_checked']); + if ( $this->isAuthenticated() ) { + phpCAS::trace('user already authenticated; renew'); + $this->redirectToCas(false,true); + } else { + $this->redirectToCas(); + } + phpCAS::traceEnd(); + } + + /** + * This method is called to be sure that the user is authenticated. When not + * authenticated, halt by redirecting to the CAS server; otherwise return TRUE. + * @return TRUE when the user is authenticated; otherwise halt. + * @public + */ + function forceAuthentication() + { + phpCAS::traceBegin(); + + if ( $this->isAuthenticated() ) { + // the user is authenticated, nothing to be done. + phpCAS::trace('no need to authenticate'); + $res = TRUE; + } else { + // the user is not authenticated, redirect to the CAS server + if (isset($_SESSION['phpCAS']['auth_checked'])) { + unset($_SESSION['phpCAS']['auth_checked']); + } + $this->redirectToCas(FALSE/* no gateway */); + // never reached + $res = FALSE; + } + phpCAS::traceEnd($res); + return $res; + } + + /** + * An integer that gives the number of times authentication will be cached before rechecked. + * + * @hideinitializer + * @private + */ + var $_cache_times_for_auth_recheck = 0; + + /** + * Set the number of times authentication will be cached before rechecked. + * + * @param $n an integer. + * + * @public + */ + function setCacheTimesForAuthRecheck($n) + { + $this->_cache_times_for_auth_recheck = $n; + } + + /** + * This method is called to check whether the user is authenticated or not. + * @return TRUE when the user is authenticated, FALSE otherwise. + * @public + */ + function checkAuthentication() + { + phpCAS::traceBegin(); + + if ( $this->isAuthenticated() ) { + phpCAS::trace('user is authenticated'); + $res = TRUE; + } else if (isset($_SESSION['phpCAS']['auth_checked'])) { + // the previous request has redirected the client to the CAS server with gateway=true + unset($_SESSION['phpCAS']['auth_checked']); + $res = FALSE; + } else { + // $_SESSION['phpCAS']['auth_checked'] = true; + // $this->redirectToCas(TRUE/* gateway */); + // // never reached + // $res = FALSE; + // avoid a check against CAS on every request + if (! isset($_SESSION['phpCAS']['unauth_count']) ) + $_SESSION['phpCAS']['unauth_count'] = -2; // uninitialized + + if (($_SESSION['phpCAS']['unauth_count'] != -2 && $this->_cache_times_for_auth_recheck == -1) + || ($_SESSION['phpCAS']['unauth_count'] >= 0 && $_SESSION['phpCAS']['unauth_count'] < $this->_cache_times_for_auth_recheck)) + { + $res = FALSE; + + if ($this->_cache_times_for_auth_recheck != -1) + { + $_SESSION['phpCAS']['unauth_count']++; + phpCAS::trace('user is not authenticated (cached for '.$_SESSION['phpCAS']['unauth_count'].' times of '.$this->_cache_times_for_auth_recheck.')'); + } + else + { + phpCAS::trace('user is not authenticated (cached for until login pressed)'); + } + } + else + { + $_SESSION['phpCAS']['unauth_count'] = 0; + $_SESSION['phpCAS']['auth_checked'] = true; + phpCAS::trace('user is not authenticated (cache reset)'); + $this->redirectToCas(TRUE/* gateway */); + // never reached + $res = FALSE; + } + } + phpCAS::traceEnd($res); + return $res; + } + + /** + * This method is called to check if the user is authenticated (previously or by + * tickets given in the URL). + * + * @return TRUE when the user is authenticated. + * + * @public + */ + function isAuthenticated() + { + phpCAS::traceBegin(); + $res = FALSE; + $validate_url = ''; + + if ( $this->wasPreviouslyAuthenticated() ) { + // the user has already (previously during the session) been + // authenticated, nothing to be done. + phpCAS::trace('user was already authenticated, no need to look for tickets'); + $res = TRUE; + } + elseif ( $this->hasST() ) { + // if a Service Ticket was given, validate it + phpCAS::trace('ST `'.$this->getST().'\' is present'); + $this->validateST($validate_url,$text_response,$tree_response); // if it fails, it halts + phpCAS::trace('ST `'.$this->getST().'\' was validated'); + if ( $this->isProxy() ) { + $this->validatePGT($validate_url,$text_response,$tree_response); // idem + phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); + $_SESSION['phpCAS']['pgt'] = $this->getPGT(); + } + $_SESSION['phpCAS']['user'] = $this->getUser(); + $res = TRUE; + } + elseif ( $this->hasPT() ) { + // if a Proxy Ticket was given, validate it + phpCAS::trace('PT `'.$this->getPT().'\' is present'); + $this->validatePT($validate_url,$text_response,$tree_response); // note: if it fails, it halts + phpCAS::trace('PT `'.$this->getPT().'\' was validated'); + if ( $this->isProxy() ) { + $this->validatePGT($validate_url,$text_response,$tree_response); // idem + phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); + $_SESSION['phpCAS']['pgt'] = $this->getPGT(); + } + $_SESSION['phpCAS']['user'] = $this->getUser(); + $res = TRUE; + } + else { + // no ticket given, not authenticated + phpCAS::trace('no ticket found'); + } + + phpCAS::traceEnd($res); + return $res; + } + + /** + * This method tells if the current session is authenticated. + * @return true if authenticated based soley on $_SESSION variable + * @since 0.4.22 by Brendan Arnold + */ + function isSessionAuthenticated () + { + return !empty($_SESSION['phpCAS']['user']); + } + + /** + * This method tells if the user has already been (previously) authenticated + * by looking into the session variables. + * + * @note This function switches to callback mode when needed. + * + * @return TRUE when the user has already been authenticated; FALSE otherwise. + * + * @private + */ + function wasPreviouslyAuthenticated() + { + phpCAS::traceBegin(); + + if ( $this->isCallbackMode() ) { + $this->callback(); + } + + $auth = FALSE; + + if ( $this->isProxy() ) { + // CAS proxy: username and PGT must be present + if ( $this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt']) ) { + // authentication already done + $this->setUser($_SESSION['phpCAS']['user']); + $this->setPGT($_SESSION['phpCAS']['pgt']); + phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\', PGT = `'.$_SESSION['phpCAS']['pgt'].'\''); + $auth = TRUE; + } elseif ( $this->isSessionAuthenticated() && empty($_SESSION['phpCAS']['pgt']) ) { + // these two variables should be empty or not empty at the same time + phpCAS::trace('username found (`'.$_SESSION['phpCAS']['user'].'\') but PGT is empty'); + // unset all tickets to enforce authentication + unset($_SESSION['phpCAS']); + $this->setST(''); + $this->setPT(''); + } elseif ( !$this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt']) ) { + // these two variables should be empty or not empty at the same time + phpCAS::trace('PGT found (`'.$_SESSION['phpCAS']['pgt'].'\') but username is empty'); + // unset all tickets to enforce authentication + unset($_SESSION['phpCAS']); + $this->setST(''); + $this->setPT(''); + } else { + phpCAS::trace('neither user not PGT found'); + } + } else { + // `simple' CAS client (not a proxy): username must be present + if ( $this->isSessionAuthenticated() ) { + // authentication already done + $this->setUser($_SESSION['phpCAS']['user']); + phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\''); + $auth = TRUE; + } else { + phpCAS::trace('no user found'); + } + } + + phpCAS::traceEnd($auth); + return $auth; + } + + /** + * This method is used to redirect the client to the CAS server. + * It is used by CASClient::forceAuthentication() and CASClient::checkAuthentication(). + * @param $gateway true to check authentication, false to force it + * @param $renew true to force the authentication with the CAS server + * @public + */ + function redirectToCas($gateway=false,$renew=false){ + phpCAS::traceBegin(); + $cas_url = $this->getServerLoginURL($gateway,$renew); + header('Location: '.$cas_url); + phpCAS::log( "Redirect to : ".$cas_url ); + + $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_WANTED)); + + printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url); + $this->printHTMLFooter(); + phpCAS::traceExit(); + exit(); + } + +// /** +// * This method is used to logout from CAS. +// * @param $url a URL that will be transmitted to the CAS server (to come back to when logged out) +// * @public +// */ +// function logout($url = "") { +// phpCAS::traceBegin(); +// $cas_url = $this->getServerLogoutURL(); +// // v0.4.14 sebastien.gougeon at univ-rennes1.fr +// // header('Location: '.$cas_url); +// if ( $url != "" ) { +// // Adam Moore 1.0.0RC2 +// $url = '?service=' . $url . '&url=' . $url; +// } +// header('Location: '.$cas_url . $url); +// session_unset(); +// session_destroy(); +// $this->printHTMLHeader($this->getString(CAS_STR_LOGOUT)); +// printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url); +// $this->printHTMLFooter(); +// phpCAS::traceExit(); +// exit(); +// } + + /** + * This method is used to logout from CAS. + * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server + * @public + */ + function logout($params) { + phpCAS::traceBegin(); + $cas_url = $this->getServerLogoutURL(); + $paramSeparator = '?'; + if (isset($params['url'])) { + $cas_url = $cas_url . $paramSeparator . "url=" . urlencode($params['url']); + $paramSeparator = '&'; + } + if (isset($params['service'])) { + $cas_url = $cas_url . $paramSeparator . "service=" . urlencode($params['service']); + } + header('Location: '.$cas_url); + session_unset(); + session_destroy(); + $this->printHTMLHeader($this->getString(CAS_STR_LOGOUT)); + printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url); + $this->printHTMLFooter(); + phpCAS::traceExit(); + exit(); + } + + /** + * @return true if the current request is a logout request. + * @private + */ + function isLogoutRequest() { + return !empty($_POST['logoutRequest']); + } + + /** + * @return true if a logout request is allowed. + * @private + */ + function isLogoutRequestAllowed() { + } + + /** + * This method handles logout requests. + * @param $check_client true to check the client bofore handling the request, + * false not to perform any access control. True by default. + * @param $allowed_clients an array of host names allowed to send logout requests. + * By default, only the CAs server (declared in the constructor) will be allowed. + * @public + */ + function handleLogoutRequests($check_client=true, $allowed_clients=false) { + phpCAS::traceBegin(); + if (!$this->isLogoutRequest()) { + phpCAS::log("Not a logout request"); + phpCAS::traceEnd(); + return; + } + phpCAS::log("Logout requested"); + phpCAS::log("SAML REQUEST: ".$_POST['logoutRequest']); + if ($check_client) { + if (!$allowed_clients) { + $allowed_clients = array( $this->getServerHostname() ); + } + $client_ip = $_SERVER['REMOTE_ADDR']; + $client = gethostbyaddr($client_ip); + phpCAS::log("Client: ".$client); + $allowed = false; + foreach ($allowed_clients as $allowed_client) { + if ($client == $allowed_client) { + phpCAS::log("Allowed client '".$allowed_client."' matches, logout request is allowed"); + $allowed = true; + break; + } else { + phpCAS::log("Allowed client '".$allowed_client."' does not match"); + } + } + if (!$allowed) { + phpCAS::error("Unauthorized logout request from client '".$client."'"); + printf("Unauthorized!"); + phpCAS::traceExit(); + exit(); + } + } else { + phpCAS::log("No access control set"); + } + // Extract the ticket from the SAML Request + preg_match("|<samlp:SessionIndex>(.*)</samlp:SessionIndex>|", $_POST['logoutRequest'], $tick, PREG_OFFSET_CAPTURE, 3); + $wrappedSamlSessionIndex = preg_replace('|<samlp:SessionIndex>|','',$tick[0][0]); + $ticket2logout = preg_replace('|</samlp:SessionIndex>|','',$wrappedSamlSessionIndex); + phpCAS::log("Ticket to logout: ".$ticket2logout); + $session_id = preg_replace('/[^\w]/','',$ticket2logout); + phpCAS::log("Session id: ".$session_id); + + // fix New session ID + session_id($session_id); + $_COOKIE[session_name()]=$session_id; + $_GET[session_name()]=$session_id; + + // Overwrite session + session_start(); + session_unset(); + session_destroy(); + printf("Disconnected!"); + phpCAS::traceExit(); + exit(); + } + + /** @} */ + + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + // XX XX + // XX BASIC CLIENT FEATURES (CAS 1.0) XX + // XX XX + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + + // ######################################################################## + // ST + // ######################################################################## + /** + * @addtogroup internalBasic + * @{ + */ + + /** + * the Service Ticket provided in the URL of the request if present + * (empty otherwise). Written by CASClient::CASClient(), read by + * CASClient::getST() and CASClient::hasPGT(). + * + * @hideinitializer + * @private + */ + var $_st = ''; + + /** + * This method returns the Service Ticket provided in the URL of the request. + * @return The service ticket. + * @private + */ + function getST() + { return $this->_st; } + + /** + * This method stores the Service Ticket. + * @param $st The Service Ticket. + * @private + */ + function setST($st) + { $this->_st = $st; } + + /** + * This method tells if a Service Ticket was stored. + * @return TRUE if a Service Ticket has been stored. + * @private + */ + function hasST() + { return !empty($this->_st); } + + /** @} */ + + // ######################################################################## + // ST VALIDATION + // ######################################################################## + /** + * @addtogroup internalBasic + * @{ + */ + + /** + * the certificate of the CAS server. + * + * @hideinitializer + * @private + */ + var $_cas_server_cert = ''; + + /** + * the certificate of the CAS server CA. + * + * @hideinitializer + * @private + */ + var $_cas_server_ca_cert = ''; + + /** + * Set to true not to validate the CAS server. + * + * @hideinitializer + * @private + */ + var $_no_cas_server_validation = false; + + /** + * Set the certificate of the CAS server. + * + * @param $cert the PEM certificate + */ + function setCasServerCert($cert) + { + $this->_cas_server_cert = $cert; + } + + /** + * Set the CA certificate of the CAS server. + * + * @param $cert the PEM certificate of the CA that emited the cert of the server + */ + function setCasServerCACert($cert) + { + $this->_cas_server_ca_cert = $cert; + } + + /** + * Set no SSL validation for the CAS server. + */ + function setNoCasServerValidation() + { + $this->_no_cas_server_validation = true; + } + + /** + * This method is used to validate a ST; halt on failure, and sets $validate_url, + * $text_reponse and $tree_response on success. These parameters are used later + * by CASClient::validatePGT() for CAS proxies. + * + * @param $validate_url the URL of the request to the CAS server. + * @param $text_response the response of the CAS server, as is (XML text). + * @param $tree_response the response of the CAS server, as a DOM XML tree. + * + * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). + * + * @private + */ + function validateST($validate_url,&$text_response,&$tree_response) + { + phpCAS::traceBegin(); + // build the URL to validate the ticket + $validate_url = $this->getServerServiceValidateURL().'&ticket='.$this->getST(); + if ( $this->isProxy() ) { + // pass the callback url for CAS proxies + $validate_url .= '&pgtUrl='.$this->getCallbackURL(); + } + + // open and read the URL + if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) { + phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')'); + $this->authError('ST not validated', + $validate_url, + TRUE/*$no_response*/); + } + + // analyze the result depending on the version + switch ($this->getServerVersion()) { + case CAS_VERSION_1_0: + if (preg_match('/^no\n/',$text_response)) { + phpCAS::trace('ST has not been validated'); + $this->authError('ST not validated', + $validate_url, + FALSE/*$no_response*/, + FALSE/*$bad_response*/, + $text_response); + } + if (!preg_match('/^yes\n/',$text_response)) { + phpCAS::trace('ill-formed response'); + $this->authError('ST not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + // ST has been validated, extract the user name + $arr = preg_split('/\n/',$text_response); + $this->setUser(trim($arr[1])); + break; + case CAS_VERSION_2_0: + // read the response of the CAS server into a DOM object + if ( !($dom = domxml_open_mem($text_response))) { + phpCAS::trace('domxml_open_mem() failed'); + $this->authError('ST not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + // read the root node of the XML tree + if ( !($tree_response = $dom->document_element()) ) { + phpCAS::trace('document_element() failed'); + $this->authError('ST not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + // insure that tag name is 'serviceResponse' + if ( $tree_response->node_name() != 'serviceResponse' ) { + phpCAS::trace('bad XML root node (should be `serviceResponse\' instead of `'.$tree_response->node_name().'\''); + $this->authError('ST not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("authenticationSuccess")) != 0) { + // authentication succeded, extract the user name + if ( sizeof($user_elements = $success_elements[0]->get_elements_by_tagname("user")) == 0) { + phpCAS::trace('<authenticationSuccess> found, but no <user>'); + $this->authError('ST not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + $user = trim($user_elements[0]->get_content()); + phpCAS::trace('user = `'.$user); + $this->setUser($user); + + } else if ( sizeof($failure_elements = $tree_response->get_elements_by_tagname("authenticationFailure")) != 0) { + phpCAS::trace('<authenticationFailure> found'); + // authentication failed, extract the error code and message + $this->authError('ST not validated', + $validate_url, + FALSE/*$no_response*/, + FALSE/*$bad_response*/, + $text_response, + $failure_elements[0]->get_attribute('code')/*$err_code*/, + trim($failure_elements[0]->get_content())/*$err_msg*/); + } else { + phpCAS::trace('neither <authenticationSuccess> nor <authenticationFailure> found'); + $this->authError('ST not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + break; + } + + // at this step, ST has been validated and $this->_user has been set, + phpCAS::traceEnd(TRUE); + return TRUE; + } + + /** @} */ + + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + // XX XX + // XX PROXY FEATURES (CAS 2.0) XX + // XX XX + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + + // ######################################################################## + // PROXYING + // ######################################################################## + /** + * @addtogroup internalProxy + * @{ + */ + + /** + * A boolean telling if the client is a CAS proxy or not. Written by CASClient::CASClient(), + * read by CASClient::isProxy(). + * + * @private + */ + var $_proxy; + + /** + * Tells if a CAS client is a CAS proxy or not + * + * @return TRUE when the CAS client is a CAs proxy, FALSE otherwise + * + * @private + */ + function isProxy() + { + return $this->_proxy; + } + + /** @} */ + // ######################################################################## + // PGT + // ######################################################################## + /** + * @addtogroup internalProxy + * @{ + */ + + /** + * the Proxy Grnting Ticket given by the CAS server (empty otherwise). + * Written by CASClient::setPGT(), read by CASClient::getPGT() and CASClient::hasPGT(). + * + * @hideinitializer + * @private + */ + var $_pgt = ''; + + /** + * This method returns the Proxy Granting Ticket given by the CAS server. + * @return The Proxy Granting Ticket. + * @private + */ + function getPGT() + { return $this->_pgt; } + + /** + * This method stores the Proxy Granting Ticket. + * @param $pgt The Proxy Granting Ticket. + * @private + */ + function setPGT($pgt) + { $this->_pgt = $pgt; } + + /** + * This method tells if a Proxy Granting Ticket was stored. + * @return TRUE if a Proxy Granting Ticket has been stored. + * @private + */ + function hasPGT() + { return !empty($this->_pgt); } + + /** @} */ + + // ######################################################################## + // CALLBACK MODE + // ######################################################################## + /** + * @addtogroup internalCallback + * @{ + */ + /** + * each PHP script using phpCAS in proxy mode is its own callback to get the + * PGT back from the CAS server. callback_mode is detected by the constructor + * thanks to the GET parameters. + */ + + /** + * a boolean to know if the CAS client is running in callback mode. Written by + * CASClient::setCallBackMode(), read by CASClient::isCallbackMode(). + * + * @hideinitializer + * @private + */ + var $_callback_mode = FALSE; + + /** + * This method sets/unsets callback mode. + * + * @param $callback_mode TRUE to set callback mode, FALSE otherwise. + * + * @private + */ + function setCallbackMode($callback_mode) + { + $this->_callback_mode = $callback_mode; + } + + /** + * This method returns TRUE when the CAs client is running i callback mode, + * FALSE otherwise. + * + * @return A boolean. + * + * @private + */ + function isCallbackMode() + { + return $this->_callback_mode; + } + + /** + * the URL that should be used for the PGT callback (in fact the URL of the + * current request without any CGI parameter). Written and read by + * CASClient::getCallbackURL(). + * + * @hideinitializer + * @private + */ + var $_callback_url = ''; + + /** + * This method returns the URL that should be used for the PGT callback (in + * fact the URL of the current request without any CGI parameter, except if + * phpCAS::setFixedCallbackURL() was used). + * + * @return The callback URL + * + * @private + */ + function getCallbackURL() + { + // the URL is built when needed only + if ( empty($this->_callback_url) ) { + $final_uri = ''; + // remove the ticket if present in the URL + $final_uri = 'https://'; + /* replaced by Julien Marchal - v0.4.6 + * $this->uri .= $_SERVER['SERVER_NAME']; + */ + if(empty($_SERVER['HTTP_X_FORWARDED_SERVER'])){ + /* replaced by teedog - v0.4.12 + * $final_uri .= $_SERVER['SERVER_NAME']; + */ + if (empty($_SERVER['SERVER_NAME'])) { + $final_uri .= $_SERVER['HTTP_HOST']; + } else { + $final_uri .= $_SERVER['SERVER_NAME']; + } + } else { + $final_uri .= $_SERVER['HTTP_X_FORWARDED_SERVER']; + } + if ( ($this->isHttps() && $_SERVER['SERVER_PORT']!=443) + || (!$this->isHttps() && $_SERVER['SERVER_PORT']!=80) ) { + $final_uri .= ':'; + $final_uri .= $_SERVER['SERVER_PORT']; + } + $request_uri = $_SERVER['REQUEST_URI']; + $request_uri = preg_replace('/\?.*$/','',$request_uri); + $final_uri .= $request_uri; + $this->setCallbackURL($final_uri); + } + return $this->_callback_url; + } + + /** + * This method sets the callback url. + * + * @param $callback_url url to set callback + * + * @private + */ + function setCallbackURL($url) + { + return $this->_callback_url = $url; + } + + /** + * This method is called by CASClient::CASClient() when running in callback + * mode. It stores the PGT and its PGT Iou, prints its output and halts. + * + * @private + */ + function callback() + { + phpCAS::traceBegin(); + $this->printHTMLHeader('phpCAS callback'); + $pgt_iou = $_GET['pgtIou']; + $pgt = $_GET['pgtId']; + phpCAS::trace('Storing PGT `'.$pgt.'\' (id=`'.$pgt_iou.'\')'); + echo '<p>Storing PGT `'.$pgt.'\' (id=`'.$pgt_iou.'\').</p>'; + $this->storePGT($pgt,$pgt_iou); + $this->printHTMLFooter(); + phpCAS::traceExit(); + } + + /** @} */ + + // ######################################################################## + // PGT STORAGE + // ######################################################################## + /** + * @addtogroup internalPGTStorage + * @{ + */ + + /** + * an instance of a class inheriting of PGTStorage, used to deal with PGT + * storage. Created by CASClient::setPGTStorageFile() or CASClient::setPGTStorageDB(), used + * by CASClient::setPGTStorageFile(), CASClient::setPGTStorageDB() and CASClient::initPGTStorage(). + * + * @hideinitializer + * @private + */ + var $_pgt_storage = null; + + /** + * This method is used to initialize the storage of PGT's. + * Halts on error. + * + * @private + */ + function initPGTStorage() + { + // if no SetPGTStorageXxx() has been used, default to file + if ( !is_object($this->_pgt_storage) ) { + $this->setPGTStorageFile(); + } + + // initializes the storage + $this->_pgt_storage->init(); + } + + /** + * This method stores a PGT. Halts on error. + * + * @param $pgt the PGT to store + * @param $pgt_iou its corresponding Iou + * + * @private + */ + function storePGT($pgt,$pgt_iou) + { + // ensure that storage is initialized + $this->initPGTStorage(); + // writes the PGT + $this->_pgt_storage->write($pgt,$pgt_iou); + } + + /** + * This method reads a PGT from its Iou and deletes the corresponding storage entry. + * + * @param $pgt_iou the PGT Iou + * + * @return The PGT corresponding to the Iou, FALSE when not found. + * + * @private + */ + function loadPGT($pgt_iou) + { + // ensure that storage is initialized + $this->initPGTStorage(); + // read the PGT + return $this->_pgt_storage->read($pgt_iou); + } + + /** + * This method is used to tell phpCAS to store the response of the + * CAS server to PGT requests onto the filesystem. + * + * @param $format the format used to store the PGT's (`plain' and `xml' allowed) + * @param $path the path where the PGT's should be stored + * + * @public + */ + function setPGTStorageFile($format='', + $path='') + { + // check that the storage has not already been set + if ( is_object($this->_pgt_storage) ) { + phpCAS::error('PGT storage already defined'); + } + + // create the storage object + $this->_pgt_storage = &new PGTStorageFile($this,$format,$path); + } + + /** + * This method is used to tell phpCAS to store the response of the + * CAS server to PGT requests into a database. + * @note The connection to the database is done only when needed. + * As a consequence, bad parameters are detected only when + * initializing PGT storage. + * + * @param $user the user to access the data with + * @param $password the user's password + * @param $database_type the type of the database hosting the data + * @param $hostname the server hosting the database + * @param $port the port the server is listening on + * @param $database the name of the database + * @param $table the name of the table storing the data + * + * @public + */ + function setPGTStorageDB($user, + $password, + $database_type, + $hostname, + $port, + $database, + $table) + { + // check that the storage has not already been set + if ( is_object($this->_pgt_storage) ) { + phpCAS::error('PGT storage already defined'); + } + + // warn the user that he should use file storage... + trigger_error('PGT storage into database is an experimental feature, use at your own risk',E_USER_WARNING); + + // create the storage object + $this->_pgt_storage = & new PGTStorageDB($this,$user,$password,$database_type,$hostname,$port,$database,$table); + } + + // ######################################################################## + // PGT VALIDATION + // ######################################################################## + /** + * This method is used to validate a PGT; halt on failure. + * + * @param $validate_url the URL of the request to the CAS server. + * @param $text_response the response of the CAS server, as is (XML text); result + * of CASClient::validateST() or CASClient::validatePT(). + * @param $tree_response the response of the CAS server, as a DOM XML tree; result + * of CASClient::validateST() or CASClient::validatePT(). + * + * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). + * + * @private + */ + function validatePGT(&$validate_url,$text_response,$tree_response) + { + phpCAS::traceBegin(); + if ( sizeof($arr = $tree_response->get_elements_by_tagname("proxyGrantingTicket")) == 0) { + phpCAS::trace('<proxyGrantingTicket> not found'); + // authentication succeded, but no PGT Iou was transmitted + $this->authError('Ticket validated but no PGT Iou transmitted', + $validate_url, + FALSE/*$no_response*/, + FALSE/*$bad_response*/, + $text_response); + } else { + // PGT Iou transmitted, extract it + $pgt_iou = trim($arr[0]->get_content()); + $pgt = $this->loadPGT($pgt_iou); + if ( $pgt == FALSE ) { + phpCAS::trace('could not load PGT'); + $this->authError('PGT Iou was transmitted but PGT could not be retrieved', + $validate_url, + FALSE/*$no_response*/, + FALSE/*$bad_response*/, + $text_response); + } + $this->setPGT($pgt); + } + phpCAS::traceEnd(TRUE); + return TRUE; + } + + // ######################################################################## + // PGT VALIDATION + // ######################################################################## + + /** + * This method is used to retrieve PT's from the CAS server thanks to a PGT. + * + * @param $target_service the service to ask for with the PT. + * @param $err_code an error code (PHPCAS_SERVICE_OK on success). + * @param $err_msg an error message (empty on success). + * + * @return a Proxy Ticket, or FALSE on error. + * + * @private + */ + function retrievePT($target_service,&$err_code,&$err_msg) + { + phpCAS::traceBegin(); + + // by default, $err_msg is set empty and $pt to TRUE. On error, $pt is + // set to false and $err_msg to an error message. At the end, if $pt is FALSE + // and $error_msg is still empty, it is set to 'invalid response' (the most + // commonly encountered error). + $err_msg = ''; + + // build the URL to retrieve the PT + // $cas_url = $this->getServerProxyURL().'?targetService='.preg_replace('/&/','%26',$target_service).'&pgt='.$this->getPGT(); + $cas_url = $this->getServerProxyURL().'?targetService='.urlencode($target_service).'&pgt='.$this->getPGT(); + + // open and read the URL + if ( !$this->readURL($cas_url,''/*cookies*/,$headers,$cas_response,$err_msg) ) { + phpCAS::trace('could not open URL \''.$cas_url.'\' to validate ('.$err_msg.')'); + $err_code = PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE; + $err_msg = 'could not retrieve PT (no response from the CAS server)'; + phpCAS::traceEnd(FALSE); + return FALSE; + } + + $bad_response = FALSE; + + if ( !$bad_response ) { + // read the response of the CAS server into a DOM object + if ( !($dom = @domxml_open_mem($cas_response))) { + phpCAS::trace('domxml_open_mem() failed'); + // read failed + $bad_response = TRUE; + } + } + + if ( !$bad_response ) { + // read the root node of the XML tree + if ( !($root = $dom->document_element()) ) { + phpCAS::trace('document_element() failed'); + // read failed + $bad_response = TRUE; + } + } + + if ( !$bad_response ) { + // insure that tag name is 'serviceResponse' + if ( $root->node_name() != 'serviceResponse' ) { + phpCAS::trace('node_name() failed'); + // bad root node + $bad_response = TRUE; + } + } + + if ( !$bad_response ) { + // look for a proxySuccess tag + if ( sizeof($arr = $root->get_elements_by_tagname("proxySuccess")) != 0) { + // authentication succeded, look for a proxyTicket tag + if ( sizeof($arr = $root->get_elements_by_tagname("proxyTicket")) != 0) { + $err_code = PHPCAS_SERVICE_OK; + $err_msg = ''; + phpCAS::trace('original PT: '.trim($arr[0]->get_content())); + $pt = trim($arr[0]->get_content()); + phpCAS::traceEnd($pt); + return $pt; + } else { + phpCAS::trace('<proxySuccess> was found, but not <proxyTicket>'); + } + } + // look for a proxyFailure tag + else if ( sizeof($arr = $root->get_elements_by_tagname("proxyFailure")) != 0) { + // authentication failed, extract the error + $err_code = PHPCAS_SERVICE_PT_FAILURE; + $err_msg = 'PT retrieving failed (code=`' + .$arr[0]->get_attribute('code') + .'\', message=`' + .trim($arr[0]->get_content()) + .'\')'; + phpCAS::traceEnd(FALSE); + return FALSE; + } else { + phpCAS::trace('neither <proxySuccess> nor <proxyFailure> found'); + } + } + + // at this step, we are sure that the response of the CAS server was ill-formed + $err_code = PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE; + $err_msg = 'Invalid response from the CAS server (response=`'.$cas_response.'\')'; + + phpCAS::traceEnd(FALSE); + return FALSE; + } + + // ######################################################################## + // ACCESS TO EXTERNAL SERVICES + // ######################################################################## + + /** + * This method is used to acces a remote URL. + * + * @param $url the URL to access. + * @param $cookies an array containing cookies strings such as 'name=val' + * @param $headers an array containing the HTTP header lines of the response + * (an empty array on failure). + * @param $body the body of the response, as a string (empty on failure). + * @param $err_msg an error message, filled on failure. + * + * @return TRUE on success, FALSE otherwise (in this later case, $err_msg + * contains an error message). + * + * @private + */ + function readURL($url,$cookies,&$headers,&$body,&$err_msg) + { + phpCAS::traceBegin(); + $headers = ''; + $body = ''; + $err_msg = ''; + + $res = TRUE; + + // initialize the CURL session + $ch = curl_init($url); + + if (version_compare(PHP_VERSION,'5.1.3','>=')) { + //only avaible in php5 + curl_setopt_array($ch, $this->_curl_options); + } else { + foreach ($this->_curl_options as $key => $value) { + curl_setopt($ch, $key, $value); + } + } + + if ($this->_cas_server_cert == '' && $this->_cas_server_ca_cert == '' && !$this->_no_cas_server_validation) { + phpCAS::error('one of the methods phpCAS::setCasServerCert(), phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.'); + } + if ($this->_cas_server_cert != '' ) { + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); + curl_setopt($ch, CURLOPT_SSLCERT, $this->_cas_server_cert); + } else if ($this->_cas_server_ca_cert != '') { + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); + curl_setopt($ch, CURLOPT_CAINFO, $this->_cas_server_ca_cert); + } else { + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); + } + + // return the CURL output into a variable + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + // get the HTTP header with a callback + $this->_curl_headers = array(); // empty the headers array + curl_setopt($ch, CURLOPT_HEADERFUNCTION, array($this, '_curl_read_headers')); + // add cookies headers + if ( is_array($cookies) ) { + curl_setopt($ch,CURLOPT_COOKIE,implode(';',$cookies)); + } + // perform the query + $buf = curl_exec ($ch); + if ( $buf === FALSE ) { + phpCAS::trace('curl_exec() failed'); + $err_msg = 'CURL error #'.curl_errno($ch).': '.curl_error($ch); + // close the CURL session + curl_close ($ch); + $res = FALSE; + } else { + // close the CURL session + curl_close ($ch); + + $headers = $this->_curl_headers; + $body = $buf; + } + + phpCAS::traceEnd($res); + return $res; + } + + /** + * This method is the callback used by readURL method to request HTTP headers. + */ + var $_curl_headers = array(); + function _curl_read_headers($ch, $header) + { + $this->_curl_headers[] = $header; + return strlen($header); + } + + /** + * This method is used to access an HTTP[S] service. + * + * @param $url the service to access. + * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on + * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, + * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE. + * @param $output the output of the service (also used to give an error + * message on failure). + * + * @return TRUE on success, FALSE otherwise (in this later case, $err_code + * gives the reason why it failed and $output contains an error message). + * + * @public + */ + function serviceWeb($url,&$err_code,&$output) + { + phpCAS::traceBegin(); + // at first retrieve a PT + $pt = $this->retrievePT($url,$err_code,$output); + + $res = TRUE; + + // test if PT was retrieved correctly + if ( !$pt ) { + // note: $err_code and $err_msg are filled by CASClient::retrievePT() + phpCAS::trace('PT was not retrieved correctly'); + $res = FALSE; + } else { + // add cookies if necessary + if ( is_array($_SESSION['phpCAS']['services'][$url]['cookies']) ) { + foreach ( $_SESSION['phpCAS']['services'][$url]['cookies'] as $name => $val ) { + $cookies[] = $name.'='.$val; + } + } + + // build the URL including the PT + if ( strstr($url,'?') === FALSE ) { + $service_url = $url.'?ticket='.$pt; + } else { + $service_url = $url.'&ticket='.$pt; + } + + phpCAS::trace('reading URL`'.$service_url.'\''); + if ( !$this->readURL($service_url,$cookies,$headers,$output,$err_msg) ) { + phpCAS::trace('could not read URL`'.$service_url.'\''); + $err_code = PHPCAS_SERVICE_NOT_AVAILABLE; + // give an error message + $output = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE), + $service_url, + $err_msg); + $res = FALSE; + } else { + // URL has been fetched, extract the cookies + phpCAS::trace('URL`'.$service_url.'\' has been read, storing cookies:'); + foreach ( $headers as $header ) { + // test if the header is a cookie + if ( preg_match('/^Set-Cookie:/',$header) ) { + // the header is a cookie, remove the beginning + $header_val = preg_replace('/^Set-Cookie: */','',$header); + // extract interesting information + $name_val = strtok($header_val,'; '); + // extract the name and the value of the cookie + $cookie_name = strtok($name_val,'='); + $cookie_val = strtok('='); + // store the cookie + $_SESSION['phpCAS']['services'][$url]['cookies'][$cookie_name] = $cookie_val; + phpCAS::trace($cookie_name.' -> '.$cookie_val); + } + } + } + } + + phpCAS::traceEnd($res); + return $res; + } + + /** + * This method is used to access an IMAP/POP3/NNTP service. + * + * @param $url a string giving the URL of the service, including the mailing box + * for IMAP URLs, as accepted by imap_open(). + * @param $flags options given to imap_open(). + * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on + * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, + * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE. + * @param $err_msg an error message on failure + * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL + * on success, FALSE on error). + * + * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code + * gives the reason why it failed and $err_msg contains an error message). + * + * @public + */ + function serviceMail($url,$flags,&$err_code,&$err_msg,&$pt) + { + phpCAS::traceBegin(); + // at first retrieve a PT + $pt = $this->retrievePT($target_service,$err_code,$output); + + $stream = FALSE; + + // test if PT was retrieved correctly + if ( !$pt ) { + // note: $err_code and $err_msg are filled by CASClient::retrievePT() + phpCAS::trace('PT was not retrieved correctly'); + } else { + phpCAS::trace('opening IMAP URL `'.$url.'\'...'); + $stream = @imap_open($url,$this->getUser(),$pt,$flags); + if ( !$stream ) { + phpCAS::trace('could not open URL'); + $err_code = PHPCAS_SERVICE_NOT_AVAILABLE; + // give an error message + $err_msg = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE), + $service_url, + var_export(imap_errors(),TRUE)); + $pt = FALSE; + $stream = FALSE; + } else { + phpCAS::trace('ok'); + } + } + + phpCAS::traceEnd($stream); + return $stream; + } + + /** @} */ + + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + // XX XX + // XX PROXIED CLIENT FEATURES (CAS 2.0) XX + // XX XX + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + + // ######################################################################## + // PT + // ######################################################################## + /** + * @addtogroup internalProxied + * @{ + */ + + /** + * the Proxy Ticket provided in the URL of the request if present + * (empty otherwise). Written by CASClient::CASClient(), read by + * CASClient::getPT() and CASClient::hasPGT(). + * + * @hideinitializer + * @private + */ + var $_pt = ''; + + /** + * This method returns the Proxy Ticket provided in the URL of the request. + * @return The proxy ticket. + * @private + */ + function getPT() + { + // return 'ST'.substr($this->_pt, 2); + return $this->_pt; + } + + /** + * This method stores the Proxy Ticket. + * @param $pt The Proxy Ticket. + * @private + */ + function setPT($pt) + { $this->_pt = $pt; } + + /** + * This method tells if a Proxy Ticket was stored. + * @return TRUE if a Proxy Ticket has been stored. + * @private + */ + function hasPT() + { return !empty($this->_pt); } + + /** @} */ + // ######################################################################## + // PT VALIDATION + // ######################################################################## + /** + * @addtogroup internalProxied + * @{ + */ + + /** + * This method is used to validate a PT; halt on failure + * + * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). + * + * @private + */ + function validatePT(&$validate_url,&$text_response,&$tree_response) + { + phpCAS::traceBegin(); + // build the URL to validate the ticket + $validate_url = $this->getServerProxyValidateURL().'&ticket='.$this->getPT(); + + if ( $this->isProxy() ) { + // pass the callback url for CAS proxies + $validate_url .= '&pgtUrl='.$this->getCallbackURL(); + } + + // open and read the URL + if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) { + phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')'); + $this->authError('PT not validated', + $validate_url, + TRUE/*$no_response*/); + } + + // read the response of the CAS server into a DOM object + if ( !($dom = domxml_open_mem($text_response))) { + // read failed + $this->authError('PT not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + // read the root node of the XML tree + if ( !($tree_response = $dom->document_element()) ) { + // read failed + $this->authError('PT not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + // insure that tag name is 'serviceResponse' + if ( $tree_response->node_name() != 'serviceResponse' ) { + // bad root node + $this->authError('PT not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + if ( sizeof($arr = $tree_response->get_elements_by_tagname("authenticationSuccess")) != 0) { + // authentication succeded, extract the user name + if ( sizeof($arr = $tree_response->get_elements_by_tagname("user")) == 0) { + // no user specified => error + $this->authError('PT not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + $this->setUser(trim($arr[0]->get_content())); + + } else if ( sizeof($arr = $tree_response->get_elements_by_tagname("authenticationFailure")) != 0) { + // authentication succeded, extract the error code and message + $this->authError('PT not validated', + $validate_url, + FALSE/*$no_response*/, + FALSE/*$bad_response*/, + $text_response, + $arr[0]->get_attribute('code')/*$err_code*/, + trim($arr[0]->get_content())/*$err_msg*/); + } else { + $this->authError('PT not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + + // at this step, PT has been validated and $this->_user has been set, + + phpCAS::traceEnd(TRUE); + return TRUE; + } + + /** @} */ + + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + // XX XX + // XX MISC XX + // XX XX + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + + /** + * @addtogroup internalMisc + * @{ + */ + + // ######################################################################## + // URL + // ######################################################################## + /** + * the URL of the current request (without any ticket CGI parameter). Written + * and read by CASClient::getURL(). + * + * @hideinitializer + * @private + */ + var $_url = ''; + + /** + * This method returns the URL of the current request (without any ticket + * CGI parameter). + * + * @return The URL + * + * @private + */ + function getURL() + { + phpCAS::traceBegin(); + // the URL is built when needed only + if ( empty($this->_url) ) { + $final_uri = ''; + // remove the ticket if present in the URL + $final_uri = ($this->isHttps()) ? 'https' : 'http'; + $final_uri .= '://'; + /* replaced by Julien Marchal - v0.4.6 + * $this->_url .= $_SERVER['SERVER_NAME']; + */ + if(empty($_SERVER['HTTP_X_FORWARDED_SERVER'])){ + /* replaced by teedog - v0.4.12 + * $this->_url .= $_SERVER['SERVER_NAME']; + */ + if (empty($_SERVER['SERVER_NAME'])) { + $server_name = $_SERVER['HTTP_HOST']; + } else { + $server_name = $_SERVER['SERVER_NAME']; + } + } else { + $server_name = $_SERVER['HTTP_X_FORWARDED_SERVER']; + } + $final_uri .= $server_name; + if (!strpos($server_name, ':')) { + if ( ($this->isHttps() && $_SERVER['SERVER_PORT']!=443) + || (!$this->isHttps() && $_SERVER['SERVER_PORT']!=80) ) { + $final_uri .= ':'; + $final_uri .= $_SERVER['SERVER_PORT']; + } + } + + $final_uri .= strtok($_SERVER['REQUEST_URI'],"?"); + $cgi_params = '?'.strtok("?"); + // remove the ticket if present in the CGI parameters + $cgi_params = preg_replace('/&ticket=[^&]*/','',$cgi_params); + $cgi_params = preg_replace('/\?ticket=[^&;]*/','?',$cgi_params); + $cgi_params = preg_replace('/\?%26/','?',$cgi_params); + $cgi_params = preg_replace('/\?&/','?',$cgi_params); + $cgi_params = preg_replace('/\?$/','',$cgi_params); + $final_uri .= $cgi_params; + $this->setURL($final_uri); + } + phpCAS::traceEnd($this->_url); + return $this->_url; + } + + /** + * This method sets the URL of the current request + * + * @param $url url to set for service + * + * @private + */ + function setURL($url) + { + $this->_url = $url; + } + + // ######################################################################## + // AUTHENTICATION ERROR HANDLING + // ######################################################################## + /** + * This method is used to print the HTML output when the user was not authenticated. + * + * @param $failure the failure that occured + * @param $cas_url the URL the CAS server was asked for + * @param $no_response the response from the CAS server (other + * parameters are ignored if TRUE) + * @param $bad_response bad response from the CAS server ($err_code + * and $err_msg ignored if TRUE) + * @param $cas_response the response of the CAS server + * @param $err_code the error code given by the CAS server + * @param $err_msg the error message given by the CAS server + * + * @private + */ + function authError($failure,$cas_url,$no_response,$bad_response='',$cas_response='',$err_code='',$err_msg='') + { + phpCAS::traceBegin(); + + $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_FAILED)); + printf($this->getString(CAS_STR_YOU_WERE_NOT_AUTHENTICATED),$this->getURL(),$_SERVER['SERVER_ADMIN']); + phpCAS::trace('CAS URL: '.$cas_url); + phpCAS::trace('Authentication failure: '.$failure); + if ( $no_response ) { + phpCAS::trace('Reason: no response from the CAS server'); + } else { + if ( $bad_response ) { + phpCAS::trace('Reason: bad response from the CAS server'); + } else { + switch ($this->getServerVersion()) { + case CAS_VERSION_1_0: + phpCAS::trace('Reason: CAS error'); + break; + case CAS_VERSION_2_0: + if ( empty($err_code) ) + phpCAS::trace('Reason: no CAS error'); + else + phpCAS::trace('Reason: ['.$err_code.'] CAS error: '.$err_msg); + break; + } + } + phpCAS::trace('CAS response: '.$cas_response); + } + $this->printHTMLFooter(); + phpCAS::traceExit(); + exit(); + } + + /** @} */ +} + ?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/domxml-php4-php5.php b/plugins/CasAuthentication/extlib/CAS/domxml-php4-php5.php index d64747514..a0dfb99c7 100644 --- a/plugins/CasAuthentication/extlib/CAS/domxml-php4-php5.php +++ b/plugins/CasAuthentication/extlib/CAS/domxml-php4-php5.php @@ -1,277 +1,277 @@ -<?php
-/**
- * @file domxml-php4-php5.php
- * Require PHP5, uses built-in DOM extension.
- * To be used in PHP4 scripts using DOMXML extension.
- * Allows PHP4/DOMXML scripts to run on PHP5/DOM.
- * (Requires PHP5/XSL extension for domxml_xslt functions)
- *
- * Typical use:
- * <pre>
- * {
- * if (version_compare(PHP_VERSION,'5','>='))
- * require_once('domxml-php4-to-php5.php');
- * }
- * </pre>
- *
- * Version 1.5.5, 2005-01-18, http://alexandre.alapetite.net/doc-alex/domxml-php4-php5/
- *
- * ------------------------------------------------------------------<br>
- * Written by Alexandre Alapetite, http://alexandre.alapetite.net/cv/
- *
- * Copyright 2004, Licence: Creative Commons "Attribution-ShareAlike 2.0 France" BY-SA (FR),
- * http://creativecommons.org/licenses/by-sa/2.0/fr/
- * http://alexandre.alapetite.net/divers/apropos/#by-sa
- * - Attribution. You must give the original author credit
- * - Share Alike. If you alter, transform, or build upon this work,
- * you may distribute the resulting work only under a license identical to this one
- * - The French law is authoritative
- * - Any of these conditions can be waived if you get permission from Alexandre Alapetite
- * - Please send to Alexandre Alapetite the modifications you make,
- * in order to improve this file for the benefit of everybody
- *
- * If you want to distribute this code, please do it as a link to:
- * http://alexandre.alapetite.net/doc-alex/domxml-php4-php5/
- */
-
-function domxml_new_doc($version) {return new php4DOMDocument('');}
-function domxml_open_file($filename) {return new php4DOMDocument($filename);}
-function domxml_open_mem($str)
-{
- $dom=new php4DOMDocument('');
- $dom->myDOMNode->loadXML($str);
- return $dom;
-}
-function xpath_eval($xpath_context,$eval_str,$contextnode=null) {return $xpath_context->query($eval_str,$contextnode);}
-function xpath_new_context($dom_document) {return new php4DOMXPath($dom_document);}
-
-class php4DOMAttr extends php4DOMNode
-{
- function php4DOMAttr($aDOMAttr) {$this->myDOMNode=$aDOMAttr;}
- function Name() {return $this->myDOMNode->name;}
- function Specified() {return $this->myDOMNode->specified;}
- function Value() {return $this->myDOMNode->value;}
-}
-
-class php4DOMDocument extends php4DOMNode
-{
- function php4DOMDocument($filename='')
- {
- $this->myDOMNode=new DOMDocument();
- if ($filename!='') $this->myDOMNode->load($filename);
- }
- function create_attribute($name,$value)
- {
- $myAttr=$this->myDOMNode->createAttribute($name);
- $myAttr->value=$value;
- return new php4DOMAttr($myAttr,$this);
- }
- function create_cdata_section($content) {return new php4DOMNode($this->myDOMNode->createCDATASection($content),$this);}
- function create_comment($data) {return new php4DOMNode($this->myDOMNode->createComment($data),$this);}
- function create_element($name) {return new php4DOMElement($this->myDOMNode->createElement($name),$this);}
- function create_text_node($content) {return new php4DOMNode($this->myDOMNode->createTextNode($content),$this);}
- function document_element() {return new php4DOMElement($this->myDOMNode->documentElement,$this);}
- function dump_file($filename,$compressionmode=false,$format=false) {return $this->myDOMNode->save($filename);}
- function dump_mem($format=false,$encoding=false) {return $this->myDOMNode->saveXML();}
- function get_element_by_id($id) {return new php4DOMElement($this->myDOMNode->getElementById($id),$this);}
- function get_elements_by_tagname($name)
- {
- $myDOMNodeList=$this->myDOMNode->getElementsByTagName($name);
- $nodeSet=array();
- $i=0;
- if (isset($myDOMNodeList))
- while ($node=$myDOMNodeList->item($i))
- {
- $nodeSet[]=new php4DOMElement($node,$this);
- $i++;
- }
- return $nodeSet;
- }
- function html_dump_mem() {return $this->myDOMNode->saveHTML();}
- function root() {return new php4DOMElement($this->myDOMNode->documentElement,$this);}
-}
-
-class php4DOMElement extends php4DOMNode
-{
- function get_attribute($name) {return $this->myDOMNode->getAttribute($name);}
- function get_elements_by_tagname($name)
- {
- $myDOMNodeList=$this->myDOMNode->getElementsByTagName($name);
- $nodeSet=array();
- $i=0;
- if (isset($myDOMNodeList))
- while ($node=$myDOMNodeList->item($i))
- {
- $nodeSet[]=new php4DOMElement($node,$this->myOwnerDocument);
- $i++;
- }
- return $nodeSet;
- }
- function has_attribute($name) {return $this->myDOMNode->hasAttribute($name);}
- function remove_attribute($name) {return $this->myDOMNode->removeAttribute($name);}
- function set_attribute($name,$value) {return $this->myDOMNode->setAttribute($name,$value);}
- function tagname() {return $this->myDOMNode->tagName;}
-}
-
-class php4DOMNode
-{
- var $myDOMNode;
- var $myOwnerDocument;
- function php4DOMNode($aDomNode,$aOwnerDocument)
- {
- $this->myDOMNode=$aDomNode;
- $this->myOwnerDocument=$aOwnerDocument;
- }
- function __get($name)
- {
- if ($name=='type') return $this->myDOMNode->nodeType;
- elseif ($name=='tagname') return $this->myDOMNode->tagName;
- elseif ($name=='content') return $this->myDOMNode->textContent;
- else
- {
- $myErrors=debug_backtrace();
- trigger_error('Undefined property: '.get_class($this).'::$'.$name.' ['.$myErrors[0]['file'].':'.$myErrors[0]['line'].']',E_USER_NOTICE);
- return false;
- }
- }
- function append_child($newnode) {return new php4DOMElement($this->myDOMNode->appendChild($newnode->myDOMNode),$this->myOwnerDocument);}
- function append_sibling($newnode) {return new php4DOMElement($this->myDOMNode->parentNode->appendChild($newnode->myDOMNode),$this->myOwnerDocument);}
- function attributes()
- {
- $myDOMNodeList=$this->myDOMNode->attributes;
- $nodeSet=array();
- $i=0;
- if (isset($myDOMNodeList))
- while ($node=$myDOMNodeList->item($i))
- {
- $nodeSet[]=new php4DOMAttr($node,$this->myOwnerDocument);
- $i++;
- }
- return $nodeSet;
- }
- function child_nodes()
- {
- $myDOMNodeList=$this->myDOMNode->childNodes;
- $nodeSet=array();
- $i=0;
- if (isset($myDOMNodeList))
- while ($node=$myDOMNodeList->item($i))
- {
- $nodeSet[]=new php4DOMElement($node,$this->myOwnerDocument);
- $i++;
- }
- return $nodeSet;
- }
- function children() {return $this->child_nodes();}
- function clone_node($deep=false) {return new php4DOMElement($this->myDOMNode->cloneNode($deep),$this->myOwnerDocument);}
- function first_child() {return new php4DOMElement($this->myDOMNode->firstChild,$this->myOwnerDocument);}
- function get_content() {return $this->myDOMNode->textContent;}
- function has_attributes() {return $this->myDOMNode->hasAttributes();}
- function has_child_nodes() {return $this->myDOMNode->hasChildNodes();}
- function insert_before($newnode,$refnode) {return new php4DOMElement($this->myDOMNode->insertBefore($newnode->myDOMNode,$refnode->myDOMNode),$this->myOwnerDocument);}
- function is_blank_node()
- {
- $myDOMNodeList=$this->myDOMNode->childNodes;
- $i=0;
- if (isset($myDOMNodeList))
- while ($node=$myDOMNodeList->item($i))
- {
- if (($node->nodeType==XML_ELEMENT_NODE)||
- (($node->nodeType==XML_TEXT_NODE)&&!ereg('^([[:cntrl:]]|[[:space:]])*$',$node->nodeValue)))
- return false;
- $i++;
- }
- return true;
- }
- function last_child() {return new php4DOMElement($this->myDOMNode->lastChild,$this->myOwnerDocument);}
- function new_child($name,$content)
- {
- $mySubNode=$this->myDOMNode->ownerDocument->createElement($name);
- $mySubNode->appendChild($this->myDOMNode->ownerDocument->createTextNode($content));
- $this->myDOMNode->appendChild($mySubNode);
- return new php4DOMElement($mySubNode,$this->myOwnerDocument);
- }
- function next_sibling() {return new php4DOMElement($this->myDOMNode->nextSibling,$this->myOwnerDocument);}
- function node_name() {return $this->myDOMNode->localName;}
- function node_type() {return $this->myDOMNode->nodeType;}
- function node_value() {return $this->myDOMNode->nodeValue;}
- function owner_document() {return $this->myOwnerDocument;}
- function parent_node() {return new php4DOMElement($this->myDOMNode->parentNode,$this->myOwnerDocument);}
- function prefix() {return $this->myDOMNode->prefix;}
- function previous_sibling() {return new php4DOMElement($this->myDOMNode->previousSibling,$this->myOwnerDocument);}
- function remove_child($oldchild) {return new php4DOMElement($this->myDOMNode->removeChild($oldchild->myDOMNode),$this->myOwnerDocument);}
- function replace_child($oldnode,$newnode) {return new php4DOMElement($this->myDOMNode->replaceChild($oldnode->myDOMNode,$newnode->myDOMNode),$this->myOwnerDocument);}
- function set_content($text)
- {
- if (($this->myDOMNode->hasChildNodes())&&($this->myDOMNode->firstChild->nodeType==XML_TEXT_NODE))
- $this->myDOMNode->removeChild($this->myDOMNode->firstChild);
- return $this->myDOMNode->appendChild($this->myDOMNode->ownerDocument->createTextNode($text));
- }
-}
-
-class php4DOMNodelist
-{
- var $myDOMNodelist;
- var $nodeset;
- function php4DOMNodelist($aDOMNodelist,$aOwnerDocument)
- {
- $this->myDOMNodelist=$aDOMNodelist;
- $this->nodeset=array();
- $i=0;
- if (isset($this->myDOMNodelist))
- while ($node=$this->myDOMNodelist->item($i))
- {
- $this->nodeset[]=new php4DOMElement($node,$aOwnerDocument);
- $i++;
- }
- }
-}
-
-class php4DOMXPath
-{
- var $myDOMXPath;
- var $myOwnerDocument;
- function php4DOMXPath($dom_document)
- {
- $this->myOwnerDocument=$dom_document;
- $this->myDOMXPath=new DOMXPath($dom_document->myDOMNode);
- }
- function query($eval_str,$contextnode)
- {
- if (isset($contextnode)) return new php4DOMNodelist($this->myDOMXPath->query($eval_str,$contextnode->myDOMNode),$this->myOwnerDocument);
- else return new php4DOMNodelist($this->myDOMXPath->query($eval_str),$this->myOwnerDocument);
- }
- function xpath_register_ns($prefix,$namespaceURI) {return $this->myDOMXPath->registerNamespace($prefix,$namespaceURI);}
-}
-
-if (extension_loaded('xsl'))
-{//See also: http://alexandre.alapetite.net/doc-alex/xslt-php4-php5/
- function domxml_xslt_stylesheet($xslstring) {return new php4DomXsltStylesheet(DOMDocument::loadXML($xslstring));}
- function domxml_xslt_stylesheet_doc($dom_document) {return new php4DomXsltStylesheet($dom_document);}
- function domxml_xslt_stylesheet_file($xslfile) {return new php4DomXsltStylesheet(DOMDocument::load($xslfile));}
- class php4DomXsltStylesheet
- {
- var $myxsltProcessor;
- function php4DomXsltStylesheet($dom_document)
- {
- $this->myxsltProcessor=new xsltProcessor();
- $this->myxsltProcessor->importStyleSheet($dom_document);
- }
- function process($dom_document,$xslt_parameters=array(),$param_is_xpath=false)
- {
- foreach ($xslt_parameters as $param=>$value)
- $this->myxsltProcessor->setParameter('',$param,$value);
- $myphp4DOMDocument=new php4DOMDocument();
- $myphp4DOMDocument->myDOMNode=$this->myxsltProcessor->transformToDoc($dom_document->myDOMNode);
- return $myphp4DOMDocument;
- }
- function result_dump_file($dom_document,$filename)
- {
- $html=$dom_document->myDOMNode->saveHTML();
- file_put_contents($filename,$html);
- return $html;
- }
- function result_dump_mem($dom_document) {return $dom_document->myDOMNode->saveHTML();}
- }
-}
+<?php +/** + * @file domxml-php4-php5.php + * Require PHP5, uses built-in DOM extension. + * To be used in PHP4 scripts using DOMXML extension. + * Allows PHP4/DOMXML scripts to run on PHP5/DOM. + * (Requires PHP5/XSL extension for domxml_xslt functions) + * + * Typical use: + * <pre> + * { + * if (version_compare(PHP_VERSION,'5','>=')) + * require_once('domxml-php4-to-php5.php'); + * } + * </pre> + * + * Version 1.5.5, 2005-01-18, http://alexandre.alapetite.net/doc-alex/domxml-php4-php5/ + * + * ------------------------------------------------------------------<br> + * Written by Alexandre Alapetite, http://alexandre.alapetite.net/cv/ + * + * Copyright 2004, Licence: Creative Commons "Attribution-ShareAlike 2.0 France" BY-SA (FR), + * http://creativecommons.org/licenses/by-sa/2.0/fr/ + * http://alexandre.alapetite.net/divers/apropos/#by-sa + * - Attribution. You must give the original author credit + * - Share Alike. If you alter, transform, or build upon this work, + * you may distribute the resulting work only under a license identical to this one + * - The French law is authoritative + * - Any of these conditions can be waived if you get permission from Alexandre Alapetite + * - Please send to Alexandre Alapetite the modifications you make, + * in order to improve this file for the benefit of everybody + * + * If you want to distribute this code, please do it as a link to: + * http://alexandre.alapetite.net/doc-alex/domxml-php4-php5/ + */ + +function domxml_new_doc($version) {return new php4DOMDocument('');} +function domxml_open_file($filename) {return new php4DOMDocument($filename);} +function domxml_open_mem($str) +{ + $dom=new php4DOMDocument(''); + $dom->myDOMNode->loadXML($str); + return $dom; +} +function xpath_eval($xpath_context,$eval_str,$contextnode=null) {return $xpath_context->query($eval_str,$contextnode);} +function xpath_new_context($dom_document) {return new php4DOMXPath($dom_document);} + +class php4DOMAttr extends php4DOMNode +{ + function php4DOMAttr($aDOMAttr) {$this->myDOMNode=$aDOMAttr;} + function Name() {return $this->myDOMNode->name;} + function Specified() {return $this->myDOMNode->specified;} + function Value() {return $this->myDOMNode->value;} +} + +class php4DOMDocument extends php4DOMNode +{ + function php4DOMDocument($filename='') + { + $this->myDOMNode=new DOMDocument(); + if ($filename!='') $this->myDOMNode->load($filename); + } + function create_attribute($name,$value) + { + $myAttr=$this->myDOMNode->createAttribute($name); + $myAttr->value=$value; + return new php4DOMAttr($myAttr,$this); + } + function create_cdata_section($content) {return new php4DOMNode($this->myDOMNode->createCDATASection($content),$this);} + function create_comment($data) {return new php4DOMNode($this->myDOMNode->createComment($data),$this);} + function create_element($name) {return new php4DOMElement($this->myDOMNode->createElement($name),$this);} + function create_text_node($content) {return new php4DOMNode($this->myDOMNode->createTextNode($content),$this);} + function document_element() {return new php4DOMElement($this->myDOMNode->documentElement,$this);} + function dump_file($filename,$compressionmode=false,$format=false) {return $this->myDOMNode->save($filename);} + function dump_mem($format=false,$encoding=false) {return $this->myDOMNode->saveXML();} + function get_element_by_id($id) {return new php4DOMElement($this->myDOMNode->getElementById($id),$this);} + function get_elements_by_tagname($name) + { + $myDOMNodeList=$this->myDOMNode->getElementsByTagName($name); + $nodeSet=array(); + $i=0; + if (isset($myDOMNodeList)) + while ($node=$myDOMNodeList->item($i)) + { + $nodeSet[]=new php4DOMElement($node,$this); + $i++; + } + return $nodeSet; + } + function html_dump_mem() {return $this->myDOMNode->saveHTML();} + function root() {return new php4DOMElement($this->myDOMNode->documentElement,$this);} +} + +class php4DOMElement extends php4DOMNode +{ + function get_attribute($name) {return $this->myDOMNode->getAttribute($name);} + function get_elements_by_tagname($name) + { + $myDOMNodeList=$this->myDOMNode->getElementsByTagName($name); + $nodeSet=array(); + $i=0; + if (isset($myDOMNodeList)) + while ($node=$myDOMNodeList->item($i)) + { + $nodeSet[]=new php4DOMElement($node,$this->myOwnerDocument); + $i++; + } + return $nodeSet; + } + function has_attribute($name) {return $this->myDOMNode->hasAttribute($name);} + function remove_attribute($name) {return $this->myDOMNode->removeAttribute($name);} + function set_attribute($name,$value) {return $this->myDOMNode->setAttribute($name,$value);} + function tagname() {return $this->myDOMNode->tagName;} +} + +class php4DOMNode +{ + var $myDOMNode; + var $myOwnerDocument; + function php4DOMNode($aDomNode,$aOwnerDocument) + { + $this->myDOMNode=$aDomNode; + $this->myOwnerDocument=$aOwnerDocument; + } + function __get($name) + { + if ($name=='type') return $this->myDOMNode->nodeType; + elseif ($name=='tagname') return $this->myDOMNode->tagName; + elseif ($name=='content') return $this->myDOMNode->textContent; + else + { + $myErrors=debug_backtrace(); + trigger_error('Undefined property: '.get_class($this).'::$'.$name.' ['.$myErrors[0]['file'].':'.$myErrors[0]['line'].']',E_USER_NOTICE); + return false; + } + } + function append_child($newnode) {return new php4DOMElement($this->myDOMNode->appendChild($newnode->myDOMNode),$this->myOwnerDocument);} + function append_sibling($newnode) {return new php4DOMElement($this->myDOMNode->parentNode->appendChild($newnode->myDOMNode),$this->myOwnerDocument);} + function attributes() + { + $myDOMNodeList=$this->myDOMNode->attributes; + $nodeSet=array(); + $i=0; + if (isset($myDOMNodeList)) + while ($node=$myDOMNodeList->item($i)) + { + $nodeSet[]=new php4DOMAttr($node,$this->myOwnerDocument); + $i++; + } + return $nodeSet; + } + function child_nodes() + { + $myDOMNodeList=$this->myDOMNode->childNodes; + $nodeSet=array(); + $i=0; + if (isset($myDOMNodeList)) + while ($node=$myDOMNodeList->item($i)) + { + $nodeSet[]=new php4DOMElement($node,$this->myOwnerDocument); + $i++; + } + return $nodeSet; + } + function children() {return $this->child_nodes();} + function clone_node($deep=false) {return new php4DOMElement($this->myDOMNode->cloneNode($deep),$this->myOwnerDocument);} + function first_child() {return new php4DOMElement($this->myDOMNode->firstChild,$this->myOwnerDocument);} + function get_content() {return $this->myDOMNode->textContent;} + function has_attributes() {return $this->myDOMNode->hasAttributes();} + function has_child_nodes() {return $this->myDOMNode->hasChildNodes();} + function insert_before($newnode,$refnode) {return new php4DOMElement($this->myDOMNode->insertBefore($newnode->myDOMNode,$refnode->myDOMNode),$this->myOwnerDocument);} + function is_blank_node() + { + $myDOMNodeList=$this->myDOMNode->childNodes; + $i=0; + if (isset($myDOMNodeList)) + while ($node=$myDOMNodeList->item($i)) + { + if (($node->nodeType==XML_ELEMENT_NODE)|| + (($node->nodeType==XML_TEXT_NODE)&&!ereg('^([[:cntrl:]]|[[:space:]])*$',$node->nodeValue))) + return false; + $i++; + } + return true; + } + function last_child() {return new php4DOMElement($this->myDOMNode->lastChild,$this->myOwnerDocument);} + function new_child($name,$content) + { + $mySubNode=$this->myDOMNode->ownerDocument->createElement($name); + $mySubNode->appendChild($this->myDOMNode->ownerDocument->createTextNode($content)); + $this->myDOMNode->appendChild($mySubNode); + return new php4DOMElement($mySubNode,$this->myOwnerDocument); + } + function next_sibling() {return new php4DOMElement($this->myDOMNode->nextSibling,$this->myOwnerDocument);} + function node_name() {return $this->myDOMNode->localName;} + function node_type() {return $this->myDOMNode->nodeType;} + function node_value() {return $this->myDOMNode->nodeValue;} + function owner_document() {return $this->myOwnerDocument;} + function parent_node() {return new php4DOMElement($this->myDOMNode->parentNode,$this->myOwnerDocument);} + function prefix() {return $this->myDOMNode->prefix;} + function previous_sibling() {return new php4DOMElement($this->myDOMNode->previousSibling,$this->myOwnerDocument);} + function remove_child($oldchild) {return new php4DOMElement($this->myDOMNode->removeChild($oldchild->myDOMNode),$this->myOwnerDocument);} + function replace_child($oldnode,$newnode) {return new php4DOMElement($this->myDOMNode->replaceChild($oldnode->myDOMNode,$newnode->myDOMNode),$this->myOwnerDocument);} + function set_content($text) + { + if (($this->myDOMNode->hasChildNodes())&&($this->myDOMNode->firstChild->nodeType==XML_TEXT_NODE)) + $this->myDOMNode->removeChild($this->myDOMNode->firstChild); + return $this->myDOMNode->appendChild($this->myDOMNode->ownerDocument->createTextNode($text)); + } +} + +class php4DOMNodelist +{ + var $myDOMNodelist; + var $nodeset; + function php4DOMNodelist($aDOMNodelist,$aOwnerDocument) + { + $this->myDOMNodelist=$aDOMNodelist; + $this->nodeset=array(); + $i=0; + if (isset($this->myDOMNodelist)) + while ($node=$this->myDOMNodelist->item($i)) + { + $this->nodeset[]=new php4DOMElement($node,$aOwnerDocument); + $i++; + } + } +} + +class php4DOMXPath +{ + var $myDOMXPath; + var $myOwnerDocument; + function php4DOMXPath($dom_document) + { + $this->myOwnerDocument=$dom_document; + $this->myDOMXPath=new DOMXPath($dom_document->myDOMNode); + } + function query($eval_str,$contextnode) + { + if (isset($contextnode)) return new php4DOMNodelist($this->myDOMXPath->query($eval_str,$contextnode->myDOMNode),$this->myOwnerDocument); + else return new php4DOMNodelist($this->myDOMXPath->query($eval_str),$this->myOwnerDocument); + } + function xpath_register_ns($prefix,$namespaceURI) {return $this->myDOMXPath->registerNamespace($prefix,$namespaceURI);} +} + +if (extension_loaded('xsl')) +{//See also: http://alexandre.alapetite.net/doc-alex/xslt-php4-php5/ + function domxml_xslt_stylesheet($xslstring) {return new php4DomXsltStylesheet(DOMDocument::loadXML($xslstring));} + function domxml_xslt_stylesheet_doc($dom_document) {return new php4DomXsltStylesheet($dom_document);} + function domxml_xslt_stylesheet_file($xslfile) {return new php4DomXsltStylesheet(DOMDocument::load($xslfile));} + class php4DomXsltStylesheet + { + var $myxsltProcessor; + function php4DomXsltStylesheet($dom_document) + { + $this->myxsltProcessor=new xsltProcessor(); + $this->myxsltProcessor->importStyleSheet($dom_document); + } + function process($dom_document,$xslt_parameters=array(),$param_is_xpath=false) + { + foreach ($xslt_parameters as $param=>$value) + $this->myxsltProcessor->setParameter('',$param,$value); + $myphp4DOMDocument=new php4DOMDocument(); + $myphp4DOMDocument->myDOMNode=$this->myxsltProcessor->transformToDoc($dom_document->myDOMNode); + return $myphp4DOMDocument; + } + function result_dump_file($dom_document,$filename) + { + $html=$dom_document->myDOMNode->saveHTML(); + file_put_contents($filename,$html); + return $html; + } + function result_dump_mem($dom_document) {return $dom_document->myDOMNode->saveHTML();} + } +} ?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/languages/catalan.php b/plugins/CasAuthentication/extlib/CAS/languages/catalan.php index 3d67473d9..0b139c7ca 100644 --- a/plugins/CasAuthentication/extlib/CAS/languages/catalan.php +++ b/plugins/CasAuthentication/extlib/CAS/languages/catalan.php @@ -1,27 +1,27 @@ -<?php
-
-/**
- * @file languages/spanish.php
- * @author Iván-BenjamÃn GarcÃa Torà <ivaniclixx AT gmail DOT com>
- * @sa @link internalLang Internationalization @endlink
- * @ingroup internalLang
- */
-
-$this->_strings = array(
- CAS_STR_USING_SERVER
- => 'usant servidor',
- CAS_STR_AUTHENTICATION_WANTED
- => 'Autentificació CAS necessà ria!',
- CAS_STR_LOGOUT
- => 'Sortida de CAS necessà ria!',
- CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
- => 'Ja hauria d\ haver estat redireccionat al servidor CAS. Feu click <a href="%s">aquÃ</a> per a continuar.',
- CAS_STR_AUTHENTICATION_FAILED
- => 'Autentificació CAS fallida!',
- CAS_STR_YOU_WERE_NOT_AUTHENTICATED
- => '<p>No està s autentificat.</p><p>Pots tornar a intentar-ho fent click <a href="%s">aquÃ</a>.</p><p>Si el problema persisteix haurÃa de contactar amb l\'<a href="mailto:%s">administrador d\'aquest llocc</a>.</p>',
- CAS_STR_SERVICE_UNAVAILABLE
- => 'El servei `<b>%s</b>\' no està disponible (<b>%s</b>).'
-);
-
-?>
+<?php + +/** + * @file languages/spanish.php + * @author Iván-BenjamÃn GarcÃa Torà <ivaniclixx AT gmail DOT com> + * @sa @link internalLang Internationalization @endlink + * @ingroup internalLang + */ + +$this->_strings = array( + CAS_STR_USING_SERVER + => 'usant servidor', + CAS_STR_AUTHENTICATION_WANTED + => 'Autentificació CAS necessà ria!', + CAS_STR_LOGOUT + => 'Sortida de CAS necessà ria!', + CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED + => 'Ja hauria d\ haver estat redireccionat al servidor CAS. Feu click <a href="%s">aquÃ</a> per a continuar.', + CAS_STR_AUTHENTICATION_FAILED + => 'Autentificació CAS fallida!', + CAS_STR_YOU_WERE_NOT_AUTHENTICATED + => '<p>No està s autentificat.</p><p>Pots tornar a intentar-ho fent click <a href="%s">aquÃ</a>.</p><p>Si el problema persisteix haurÃa de contactar amb l\'<a href="mailto:%s">administrador d\'aquest llocc</a>.</p>', + CAS_STR_SERVICE_UNAVAILABLE + => 'El servei `<b>%s</b>\' no està disponible (<b>%s</b>).' +); + +?> diff --git a/plugins/CasAuthentication/extlib/CAS/languages/english.php b/plugins/CasAuthentication/extlib/CAS/languages/english.php index c14345031..d38d42c1f 100644 --- a/plugins/CasAuthentication/extlib/CAS/languages/english.php +++ b/plugins/CasAuthentication/extlib/CAS/languages/english.php @@ -1,27 +1,27 @@ -<?php
-
-/**
- * @file languages/english.php
- * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
- * @sa @link internalLang Internationalization @endlink
- * @ingroup internalLang
- */
-
-$this->_strings = array(
- CAS_STR_USING_SERVER
- => 'using server',
- CAS_STR_AUTHENTICATION_WANTED
- => 'CAS Authentication wanted!',
- CAS_STR_LOGOUT
- => 'CAS logout wanted!',
- CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
- => 'You should already have been redirected to the CAS server. Click <a href="%s">here</a> to continue.',
- CAS_STR_AUTHENTICATION_FAILED
- => 'CAS Authentication failed!',
- CAS_STR_YOU_WERE_NOT_AUTHENTICATED
- => '<p>You were not authenticated.</p><p>You may submit your request again by clicking <a href="%s">here</a>.</p><p>If the problem persists, you may contact <a href="mailto:%s">the administrator of this site</a>.</p>',
- CAS_STR_SERVICE_UNAVAILABLE
- => 'The service `<b>%s</b>\' is not available (<b>%s</b>).'
-);
-
+<?php + +/** + * @file languages/english.php + * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr> + * @sa @link internalLang Internationalization @endlink + * @ingroup internalLang + */ + +$this->_strings = array( + CAS_STR_USING_SERVER + => 'using server', + CAS_STR_AUTHENTICATION_WANTED + => 'CAS Authentication wanted!', + CAS_STR_LOGOUT + => 'CAS logout wanted!', + CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED + => 'You should already have been redirected to the CAS server. Click <a href="%s">here</a> to continue.', + CAS_STR_AUTHENTICATION_FAILED + => 'CAS Authentication failed!', + CAS_STR_YOU_WERE_NOT_AUTHENTICATED + => '<p>You were not authenticated.</p><p>You may submit your request again by clicking <a href="%s">here</a>.</p><p>If the problem persists, you may contact <a href="mailto:%s">the administrator of this site</a>.</p>', + CAS_STR_SERVICE_UNAVAILABLE + => 'The service `<b>%s</b>\' is not available (<b>%s</b>).' +); + ?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/languages/french.php b/plugins/CasAuthentication/extlib/CAS/languages/french.php index 675a7fc04..32d141685 100644 --- a/plugins/CasAuthentication/extlib/CAS/languages/french.php +++ b/plugins/CasAuthentication/extlib/CAS/languages/french.php @@ -1,28 +1,28 @@ -<?php
-
-/**
- * @file languages/english.php
- * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
- * @sa @link internalLang Internationalization @endlink
- * @ingroup internalLang
- */
-
-$this->_strings = array(
- CAS_STR_USING_SERVER
- => 'utilisant le serveur',
- CAS_STR_AUTHENTICATION_WANTED
- => 'Authentication CAS nécessaire !',
- CAS_STR_LOGOUT
- => 'Déconnexion demandée !',
- CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
- => 'Vous auriez du etre redirigé(e) vers le serveur CAS. Cliquez <a href="%s">ici</a> pour continuer.',
- CAS_STR_AUTHENTICATION_FAILED
- => 'Authentification CAS infructueuse !',
- CAS_STR_YOU_WERE_NOT_AUTHENTICATED
- => '<p>Vous n\'avez pas été authentifié(e).</p><p>Vous pouvez soumettre votre requete à nouveau en cliquant <a href="%s">ici</a>.</p><p>Si le problème persiste, vous pouvez contacter <a href="mailto:%s">l\'administrateur de ce site</a>.</p>',
- CAS_STR_SERVICE_UNAVAILABLE
- => 'Le service `<b>%s</b>\' est indisponible (<b>%s</b>)'
-
-);
-
+<?php + +/** + * @file languages/english.php + * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr> + * @sa @link internalLang Internationalization @endlink + * @ingroup internalLang + */ + +$this->_strings = array( + CAS_STR_USING_SERVER + => 'utilisant le serveur', + CAS_STR_AUTHENTICATION_WANTED + => 'Authentication CAS nécessaire !', + CAS_STR_LOGOUT + => 'Déconnexion demandée !', + CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED + => 'Vous auriez du etre redirigé(e) vers le serveur CAS. Cliquez <a href="%s">ici</a> pour continuer.', + CAS_STR_AUTHENTICATION_FAILED + => 'Authentification CAS infructueuse !', + CAS_STR_YOU_WERE_NOT_AUTHENTICATED + => '<p>Vous n\'avez pas été authentifié(e).</p><p>Vous pouvez soumettre votre requete à nouveau en cliquant <a href="%s">ici</a>.</p><p>Si le problème persiste, vous pouvez contacter <a href="mailto:%s">l\'administrateur de ce site</a>.</p>', + CAS_STR_SERVICE_UNAVAILABLE + => 'Le service `<b>%s</b>\' est indisponible (<b>%s</b>)' + +); + ?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/languages/german.php b/plugins/CasAuthentication/extlib/CAS/languages/german.php index 29daeb35d..55c3238fd 100644 --- a/plugins/CasAuthentication/extlib/CAS/languages/german.php +++ b/plugins/CasAuthentication/extlib/CAS/languages/german.php @@ -1,27 +1,27 @@ -<?php
-
-/**
- * @file languages/german.php
- * @author Henrik Genssen <hg at mediafactory.de>
- * @sa @link internalLang Internationalization @endlink
- * @ingroup internalLang
- */
-
-$this->_strings = array(
- CAS_STR_USING_SERVER
- => 'via Server',
- CAS_STR_AUTHENTICATION_WANTED
- => 'CAS Authentifizierung erforderlich!',
- CAS_STR_LOGOUT
- => 'CAS Abmeldung!',
- CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
- => 'eigentlich häten Sie zum CAS Server weitergeleitet werden sollen. Drücken Sie <a href="%s">hier</a> um fortzufahren.',
- CAS_STR_AUTHENTICATION_FAILED
- => 'CAS Anmeldung fehlgeschlagen!',
- CAS_STR_YOU_WERE_NOT_AUTHENTICATED
- => '<p>Sie wurden nicht angemeldet.</p><p>Um es erneut zu versuchen klicken Sie <a href="%s">hier</a>.</p><p>Wenn das Problem bestehen bleibt, kontkatieren Sie den <a href="mailto:%s">Administrator</a> dieser Seite.</p>',
- CAS_STR_SERVICE_UNAVAILABLE
- => 'Der Dienst `<b>%s</b>\' ist nicht verfügbar (<b>%s</b>).'
-);
-
+<?php + +/** + * @file languages/german.php + * @author Henrik Genssen <hg at mediafactory.de> + * @sa @link internalLang Internationalization @endlink + * @ingroup internalLang + */ + +$this->_strings = array( + CAS_STR_USING_SERVER + => 'via Server', + CAS_STR_AUTHENTICATION_WANTED + => 'CAS Authentifizierung erforderlich!', + CAS_STR_LOGOUT + => 'CAS Abmeldung!', + CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED + => 'eigentlich häten Sie zum CAS Server weitergeleitet werden sollen. Drücken Sie <a href="%s">hier</a> um fortzufahren.', + CAS_STR_AUTHENTICATION_FAILED + => 'CAS Anmeldung fehlgeschlagen!', + CAS_STR_YOU_WERE_NOT_AUTHENTICATED + => '<p>Sie wurden nicht angemeldet.</p><p>Um es erneut zu versuchen klicken Sie <a href="%s">hier</a>.</p><p>Wenn das Problem bestehen bleibt, kontkatieren Sie den <a href="mailto:%s">Administrator</a> dieser Seite.</p>', + CAS_STR_SERVICE_UNAVAILABLE + => 'Der Dienst `<b>%s</b>\' ist nicht verfügbar (<b>%s</b>).' +); + ?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/languages/greek.php b/plugins/CasAuthentication/extlib/CAS/languages/greek.php index c17b1d663..d41bf783b 100644 --- a/plugins/CasAuthentication/extlib/CAS/languages/greek.php +++ b/plugins/CasAuthentication/extlib/CAS/languages/greek.php @@ -1,27 +1,27 @@ -<?php
-
-/**
- * @file languages/greek.php
- * @author Vangelis Haniotakis <haniotak at ucnet.uoc.gr>
- * @sa @link internalLang Internationalization @endlink
- * @ingroup internalLang
- */
-
-$this->_strings = array(
- CAS_STR_USING_SERVER
- => '÷ñçóéìïðïéåßôáé ï åîõðçñåôçôÞò',
- CAS_STR_AUTHENTICATION_WANTED
- => 'Áðáéôåßôáé ç ôáõôïðïßçóç CAS!',
- CAS_STR_LOGOUT
- => 'Áðáéôåßôáé ç áðïóýíäåóç áðü CAS!',
- CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
- => 'Èá Ýðñåðå íá åß÷áôå áíáêáôåõèõíèåß óôïí åîõðçñåôçôÞ CAS. ÊÜíôå êëßê <a href="%s">åäþ</a> ãéá íá óõíå÷ßóåôå.',
- CAS_STR_AUTHENTICATION_FAILED
- => 'Ç ôáõôïðïßçóç CAS áðÝôõ÷å!',
- CAS_STR_YOU_WERE_NOT_AUTHENTICATED
- => '<p>Äåí ôáõôïðïéçèÞêáôå.</p><p>Ìðïñåßôå íá îáíáðñïóðáèÞóåôå, êÜíïíôáò êëßê <a href="%s">åäþ</a>.</p><p>Åáí ôï ðñüâëçìá åðéìåßíåé, åëÜôå óå åðáöÞ ìå ôïí <a href="mailto:%s">äéá÷åéñéóôÞ</a>.</p>',
- CAS_STR_SERVICE_UNAVAILABLE
- => 'Ç õðçñåóßá `<b>%s</b>\' äåí åßíáé äéáèÝóéìç (<b>%s</b>).'
-);
-
+<?php + +/** + * @file languages/greek.php + * @author Vangelis Haniotakis <haniotak at ucnet.uoc.gr> + * @sa @link internalLang Internationalization @endlink + * @ingroup internalLang + */ + +$this->_strings = array( + CAS_STR_USING_SERVER + => '÷ñçóéìïðïéåßôáé ï åîõðçñåôçôÞò', + CAS_STR_AUTHENTICATION_WANTED + => 'Áðáéôåßôáé ç ôáõôïðïßçóç CAS!', + CAS_STR_LOGOUT + => 'Áðáéôåßôáé ç áðïóýíäåóç áðü CAS!', + CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED + => 'Èá Ýðñåðå íá åß÷áôå áíáêáôåõèõíèåß óôïí åîõðçñåôçôÞ CAS. ÊÜíôå êëßê <a href="%s">åäþ</a> ãéá íá óõíå÷ßóåôå.', + CAS_STR_AUTHENTICATION_FAILED + => 'Ç ôáõôïðïßçóç CAS áðÝôõ÷å!', + CAS_STR_YOU_WERE_NOT_AUTHENTICATED + => '<p>Äåí ôáõôïðïéçèÞêáôå.</p><p>Ìðïñåßôå íá îáíáðñïóðáèÞóåôå, êÜíïíôáò êëßê <a href="%s">åäþ</a>.</p><p>Åáí ôï ðñüâëçìá åðéìåßíåé, åëÜôå óå åðáöÞ ìå ôïí <a href="mailto:%s">äéá÷åéñéóôÞ</a>.</p>', + CAS_STR_SERVICE_UNAVAILABLE + => 'Ç õðçñåóßá `<b>%s</b>\' äåí åßíáé äéáèÝóéìç (<b>%s</b>).' +); + ?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/languages/languages.php b/plugins/CasAuthentication/extlib/CAS/languages/languages.php index 2c6f8bb3b..001cfe445 100644 --- a/plugins/CasAuthentication/extlib/CAS/languages/languages.php +++ b/plugins/CasAuthentication/extlib/CAS/languages/languages.php @@ -1,24 +1,24 @@ -<?php
-
-/**
- * @file languages/languages.php
- * Internationalization constants
- * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
- * @sa @link internalLang Internationalization @endlink
- * @ingroup internalLang
- */
-
-//@{
-/**
- * a phpCAS string index
- */
-define("CAS_STR_USING_SERVER", 1);
-define("CAS_STR_AUTHENTICATION_WANTED", 2);
-define("CAS_STR_LOGOUT", 3);
-define("CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED", 4);
-define("CAS_STR_AUTHENTICATION_FAILED", 5);
-define("CAS_STR_YOU_WERE_NOT_AUTHENTICATED", 6);
-define("CAS_STR_SERVICE_UNAVAILABLE", 7);
-//@}
-
+<?php + +/** + * @file languages/languages.php + * Internationalization constants + * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr> + * @sa @link internalLang Internationalization @endlink + * @ingroup internalLang + */ + +//@{ +/** + * a phpCAS string index + */ +define("CAS_STR_USING_SERVER", 1); +define("CAS_STR_AUTHENTICATION_WANTED", 2); +define("CAS_STR_LOGOUT", 3); +define("CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED", 4); +define("CAS_STR_AUTHENTICATION_FAILED", 5); +define("CAS_STR_YOU_WERE_NOT_AUTHENTICATED", 6); +define("CAS_STR_SERVICE_UNAVAILABLE", 7); +//@} + ?>
\ No newline at end of file diff --git a/plugins/CasAuthentication/extlib/CAS/languages/spanish.php b/plugins/CasAuthentication/extlib/CAS/languages/spanish.php index 3a8ffc253..04067ca03 100644 --- a/plugins/CasAuthentication/extlib/CAS/languages/spanish.php +++ b/plugins/CasAuthentication/extlib/CAS/languages/spanish.php @@ -1,27 +1,27 @@ -<?php
-
-/**
- * @file languages/spanish.php
- * @author Iván-BenjamÃn GarcÃa Torà <ivaniclixx AT gmail DOT com>
- * @sa @link internalLang Internationalization @endlink
- * @ingroup internalLang
- */
-
-$this->_strings = array(
- CAS_STR_USING_SERVER
- => 'usando servidor',
- CAS_STR_AUTHENTICATION_WANTED
- => '¡Autentificación CAS necesaria!',
- CAS_STR_LOGOUT
- => '¡Salida CAS necesaria!',
- CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
- => 'Ya deberÃa haber sido redireccionado al servidor CAS. Haga click <a href="%s">aquÃ</a> para continuar.',
- CAS_STR_AUTHENTICATION_FAILED
- => '¡Autentificación CAS fallida!',
- CAS_STR_YOU_WERE_NOT_AUTHENTICATED
- => '<p>No estás autentificado.</p><p>Puedes volver a intentarlo haciendo click <a href="%s">aquÃ</a>.</p><p>Si el problema persiste deberÃa contactar con el <a href="mailto:%s">administrador de este sitio</a>.</p>',
- CAS_STR_SERVICE_UNAVAILABLE
- => 'El servicio `<b>%s</b>\' no está disponible (<b>%s</b>).'
-);
-
-?>
+<?php + +/** + * @file languages/spanish.php + * @author Iván-BenjamÃn GarcÃa Torà <ivaniclixx AT gmail DOT com> + * @sa @link internalLang Internationalization @endlink + * @ingroup internalLang + */ + +$this->_strings = array( + CAS_STR_USING_SERVER + => 'usando servidor', + CAS_STR_AUTHENTICATION_WANTED + => '¡Autentificación CAS necesaria!', + CAS_STR_LOGOUT + => '¡Salida CAS necesaria!', + CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED + => 'Ya deberÃa haber sido redireccionado al servidor CAS. Haga click <a href="%s">aquÃ</a> para continuar.', + CAS_STR_AUTHENTICATION_FAILED + => '¡Autentificación CAS fallida!', + CAS_STR_YOU_WERE_NOT_AUTHENTICATED + => '<p>No estás autentificado.</p><p>Puedes volver a intentarlo haciendo click <a href="%s">aquÃ</a>.</p><p>Si el problema persiste deberÃa contactar con el <a href="mailto:%s">administrador de este sitio</a>.</p>', + CAS_STR_SERVICE_UNAVAILABLE + => 'El servicio `<b>%s</b>\' no está disponible (<b>%s</b>).' +); + +?> |