diff options
Diffstat (limited to 'plugins/CasAuthentication')
-rw-r--r-- | plugins/CasAuthentication/caslogin.php | 2 | ||||
-rw-r--r-- | plugins/CasAuthentication/extlib/CAS.php | 1397 | ||||
-rw-r--r-- | plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php | 28 | ||||
-rw-r--r-- | plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-file.php | 27 | ||||
-rw-r--r-- | plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-main.php | 29 | ||||
-rw-r--r-- | plugins/CasAuthentication/extlib/CAS/client.php | 861 |
6 files changed, 1245 insertions, 1099 deletions
diff --git a/plugins/CasAuthentication/caslogin.php b/plugins/CasAuthentication/caslogin.php index 846774e7c..3301ce582 100644 --- a/plugins/CasAuthentication/caslogin.php +++ b/plugins/CasAuthentication/caslogin.php @@ -28,7 +28,7 @@ class CasloginAction extends Action $this->clientError(_m('Already logged in.')); } else { global $casSettings; - phpCAS::client(CAS_VERSION_2_0,$casSettings['server'],$casSettings['port'],$casSettings['path']); + phpCAS::client(CAS_VERSION_2_0,$casSettings['server'],$casSettings['port'],$casSettings['path'],false); phpCAS::setNoCasServerValidation(); phpCAS::handleLogoutRequests(); phpCAS::forceAuthentication(); diff --git a/plugins/CasAuthentication/extlib/CAS.php b/plugins/CasAuthentication/extlib/CAS.php index e75437419..62a617579 100644 --- a/plugins/CasAuthentication/extlib/CAS.php +++ b/plugins/CasAuthentication/extlib/CAS.php @@ -1,20 +1,46 @@ <?php
-// commented in 0.4.22-RC2 for Sylvain Derosiaux
-// error_reporting(E_ALL ^ E_NOTICE);
+/*
+ * Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * * Neither the name of the ESUP-Portail consortium & the JA-SIG
+ * Collaborative nor the names of its contributors may be used to endorse or
+ * promote products derived from this software without specific prior
+ * written permission.
+
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
//
// hack by Vangelis Haniotakis to handle the absence of $_SERVER['REQUEST_URI'] in IIS
//
if (!$_SERVER['REQUEST_URI']) {
- $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING'];
+ $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
}
//
// another one by Vangelis Haniotakis also to make phpCAS work with PHP5
//
-if (version_compare(PHP_VERSION,'5','>=')) {
- require_once(dirname(__FILE__).'/CAS/domxml-php4-to-php5.php');
+if (version_compare(PHP_VERSION, '5', '>=') && !(function_exists('domxml_new_doc'))) {
+ require_once (dirname(__FILE__) . '/CAS/domxml-php4-to-php5.php');
}
/**
@@ -35,24 +61,24 @@ if (version_compare(PHP_VERSION,'5','>=')) { /**
* phpCAS version. accessible for the user by phpCAS::getVersion().
*/
-define('PHPCAS_VERSION','1.1.0RC6');
+define('PHPCAS_VERSION', '1.1.2');
// ------------------------------------------------------------------------
// CAS VERSIONS
// ------------------------------------------------------------------------
- /**
- * @addtogroup public
- * @{
- */
+/**
+ * @addtogroup public
+ * @{
+ */
/**
* CAS version 1.0
*/
-define("CAS_VERSION_1_0",'1.0');
+define("CAS_VERSION_1_0", '1.0');
/*!
* CAS version 2.0
*/
-define("CAS_VERSION_2_0",'2.0');
+define("CAS_VERSION_2_0", '2.0');
// ------------------------------------------------------------------------
// SAML defines
@@ -71,143 +97,141 @@ define("SAML_XML_HEADER", '<?xml version="1.0" encoding="UTF-8"?>'); /**
* SOAP envelope for SAML POST
*/
-define ("SAML_SOAP_ENV", '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/>');
+define("SAML_SOAP_ENV", '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/>');
/**
* SOAP body for SAML POST
*/
-define ("SAML_SOAP_BODY", '<SOAP-ENV:Body>');
+define("SAML_SOAP_BODY", '<SOAP-ENV:Body>');
/**
* SAMLP request
*/
-define ("SAMLP_REQUEST", '<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="_192.168.16.51.1024506224022" IssueInstant="2002-06-19T17:03:44.022Z">');
-define ("SAMLP_REQUEST_CLOSE", '</samlp:Request>');
+define("SAMLP_REQUEST", '<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="_192.168.16.51.1024506224022" IssueInstant="2002-06-19T17:03:44.022Z">');
+define("SAMLP_REQUEST_CLOSE", '</samlp:Request>');
/**
* SAMLP artifact tag (for the ticket)
*/
-define ("SAML_ASSERTION_ARTIFACT", '<samlp:AssertionArtifact>');
+define("SAML_ASSERTION_ARTIFACT", '<samlp:AssertionArtifact>');
/**
* SAMLP close
*/
-define ("SAML_ASSERTION_ARTIFACT_CLOSE", '</samlp:AssertionArtifact>');
+define("SAML_ASSERTION_ARTIFACT_CLOSE", '</samlp:AssertionArtifact>');
/**
* SOAP body close
*/
-define ("SAML_SOAP_BODY_CLOSE", '</SOAP-ENV:Body>');
+define("SAML_SOAP_BODY_CLOSE", '</SOAP-ENV:Body>');
/**
* SOAP envelope close
*/
-define ("SAML_SOAP_ENV_CLOSE", '</SOAP-ENV:Envelope>');
+define("SAML_SOAP_ENV_CLOSE", '</SOAP-ENV:Envelope>');
/**
* SAML Attributes
*/
define("SAML_ATTRIBUTES", 'SAMLATTRIBS');
-
-
/** @} */
- /**
- * @addtogroup publicPGTStorage
- * @{
- */
+/**
+ * @addtogroup publicPGTStorage
+ * @{
+ */
// ------------------------------------------------------------------------
// FILE PGT STORAGE
// ------------------------------------------------------------------------
- /**
- * Default path used when storing PGT's to file
- */
-define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH",'/tmp');
+/**
+ * Default path used when storing PGT's to file
+ */
+define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH", '/tmp');
/**
* phpCAS::setPGTStorageFile()'s 2nd parameter to write plain text files
*/
-define("CAS_PGT_STORAGE_FILE_FORMAT_PLAIN",'plain');
+define("CAS_PGT_STORAGE_FILE_FORMAT_PLAIN", 'plain');
/**
* phpCAS::setPGTStorageFile()'s 2nd parameter to write xml files
*/
-define("CAS_PGT_STORAGE_FILE_FORMAT_XML",'xml');
+define("CAS_PGT_STORAGE_FILE_FORMAT_XML", 'xml');
/**
* Default format used when storing PGT's to file
*/
-define("CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT",CAS_PGT_STORAGE_FILE_FORMAT_PLAIN);
+define("CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT", CAS_PGT_STORAGE_FILE_FORMAT_PLAIN);
// ------------------------------------------------------------------------
// DATABASE PGT STORAGE
// ------------------------------------------------------------------------
- /**
- * default database type when storing PGT's to database
- */
-define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE",'mysql');
+/**
+ * default database type when storing PGT's to database
+ */
+define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE", 'mysql');
/**
* default host when storing PGT's to database
*/
-define("CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME",'localhost');
+define("CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME", 'localhost');
/**
* default port when storing PGT's to database
*/
-define("CAS_PGT_STORAGE_DB_DEFAULT_PORT",'');
+define("CAS_PGT_STORAGE_DB_DEFAULT_PORT", '');
/**
* default database when storing PGT's to database
*/
-define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE",'phpCAS');
+define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE", 'phpCAS');
/**
* default table when storing PGT's to database
*/
-define("CAS_PGT_STORAGE_DB_DEFAULT_TABLE",'pgt');
+define("CAS_PGT_STORAGE_DB_DEFAULT_TABLE", 'pgt');
/** @} */
// ------------------------------------------------------------------------
// SERVICE ACCESS ERRORS
// ------------------------------------------------------------------------
- /**
- * @addtogroup publicServices
- * @{
- */
+/**
+ * @addtogroup publicServices
+ * @{
+ */
/**
* phpCAS::service() error code on success
*/
-define("PHPCAS_SERVICE_OK",0);
+define("PHPCAS_SERVICE_OK", 0);
/**
* phpCAS::service() error code when the PT could not retrieve because
* the CAS server did not respond.
*/
-define("PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE",1);
+define("PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE", 1);
/**
* phpCAS::service() error code when the PT could not retrieve because
* the response of the CAS server was ill-formed.
*/
-define("PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE",2);
+define("PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE", 2);
/**
* phpCAS::service() error code when the PT could not retrieve because
* the CAS server did not want to.
*/
-define("PHPCAS_SERVICE_PT_FAILURE",3);
+define("PHPCAS_SERVICE_PT_FAILURE", 3);
/**
* phpCAS::service() error code when the service was not available.
*/
-define("PHPCAS_SERVICE_NOT AVAILABLE",4);
+define("PHPCAS_SERVICE_NOT AVAILABLE", 4);
/** @} */
// ------------------------------------------------------------------------
// LANGUAGES
// ------------------------------------------------------------------------
- /**
- * @addtogroup publicLang
- * @{
- */
-
-define("PHPCAS_LANG_ENGLISH", 'english');
-define("PHPCAS_LANG_FRENCH", 'french');
-define("PHPCAS_LANG_GREEK", 'greek');
-define("PHPCAS_LANG_GERMAN", 'german');
-define("PHPCAS_LANG_JAPANESE", 'japanese');
-define("PHPCAS_LANG_SPANISH", 'spanish');
-define("PHPCAS_LANG_CATALAN", 'catalan');
+/**
+ * @addtogroup publicLang
+ * @{
+ */
+
+define("PHPCAS_LANG_ENGLISH", 'english');
+define("PHPCAS_LANG_FRENCH", 'french');
+define("PHPCAS_LANG_GREEK", 'greek');
+define("PHPCAS_LANG_GERMAN", 'german');
+define("PHPCAS_LANG_JAPANESE", 'japanese');
+define("PHPCAS_LANG_SPANISH", 'spanish');
+define("PHPCAS_LANG_CATALAN", 'catalan');
/** @} */
@@ -225,31 +249,31 @@ define("PHPCAS_LANG_DEFAULT", PHPCAS_LANG_ENGLISH); // ------------------------------------------------------------------------
// DEBUG
// ------------------------------------------------------------------------
- /**
- * @addtogroup publicDebug
- * @{
- */
+/**
+ * @addtogroup publicDebug
+ * @{
+ */
/**
* The default directory for the debug file under Unix.
*/
-define('DEFAULT_DEBUG_DIR','/tmp/');
+define('DEFAULT_DEBUG_DIR', '/tmp/');
/** @} */
// ------------------------------------------------------------------------
// MISC
// ------------------------------------------------------------------------
- /**
- * @addtogroup internalMisc
- * @{
- */
+/**
+ * @addtogroup internalMisc
+ * @{
+ */
/**
* This global variable is used by the interface class phpCAS.
*
* @hideinitializer
*/
-$GLOBALS['PHPCAS_CLIENT'] = null;
+$GLOBALS['PHPCAS_CLIENT'] = null;
/**
* This global variable is used to store where the initializer is called from
@@ -257,10 +281,12 @@ $GLOBALS['PHPCAS_CLIENT'] = null; *
* @hideinitializer
*/
-$GLOBALS['PHPCAS_INIT_CALL'] = array('done' => FALSE,
+$GLOBALS['PHPCAS_INIT_CALL'] = array (
+ 'done' => FALSE,
'file' => '?',
'line' => -1,
- 'method' => '?');
+ 'method' => '?'
+);
/**
* This global variable is used to store where the method checking
@@ -268,20 +294,24 @@ $GLOBALS['PHPCAS_INIT_CALL'] = array('done' => FALSE, *
* @hideinitializer
*/
-$GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array('done' => FALSE,
+$GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array (
+ 'done' => FALSE,
'file' => '?',
'line' => -1,
'method' => '?',
- 'result' => FALSE);
+ 'result' => FALSE
+);
/**
* This global variable is used to store phpCAS debug mode.
*
* @hideinitializer
*/
-$GLOBALS['PHPCAS_DEBUG'] = array('filename' => FALSE,
+$GLOBALS['PHPCAS_DEBUG'] = array (
+ 'filename' => FALSE,
'indent' => 0,
- 'unique_id' => '');
+ 'unique_id' => ''
+);
/** @} */
@@ -290,7 +320,7 @@ $GLOBALS['PHPCAS_DEBUG'] = array('filename' => FALSE, // ########################################################################
// include client class
-include_once(dirname(__FILE__).'/CAS/client.php');
+include_once (dirname(__FILE__) . '/CAS/client.php');
// ########################################################################
// INTERFACE CLASS
@@ -308,20 +338,17 @@ include_once(dirname(__FILE__).'/CAS/client.php'); * at the end of CAS/client.php).
*/
+class phpCAS {
-
-class phpCAS
-{
-
// ########################################################################
// INITIALIZATION
// ########################################################################
-
+
/**
* @addtogroup publicInit
* @{
*/
-
+
/**
* phpCAS client initializer.
* @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
@@ -336,43 +363,41 @@ class phpCAS *
* @return a newly created CASClient object
*/
- function client($server_version,
- $server_hostname,
- $server_port,
- $server_uri,
- $start_session = true)
- {
+ function client($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) {
global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;
-
- phpCAS::traceBegin();
- if ( is_object($PHPCAS_CLIENT) ) {
- phpCAS::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')');
+
+ phpCAS :: traceBegin();
+ if (is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error($PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . $PHPCAS_INIT_CALL['file'] . ':' . $PHPCAS_INIT_CALL['line'] . ')');
}
- if ( gettype($server_version) != 'string' ) {
- phpCAS::error('type mismatched for parameter $server_version (should be `string\')');
+ if (gettype($server_version) != 'string') {
+ phpCAS :: error('type mismatched for parameter $server_version (should be `string\')');
}
- if ( gettype($server_hostname) != 'string' ) {
- phpCAS::error('type mismatched for parameter $server_hostname (should be `string\')');
+ if (gettype($server_hostname) != 'string') {
+ phpCAS :: error('type mismatched for parameter $server_hostname (should be `string\')');
}
- if ( gettype($server_port) != 'integer' ) {
- phpCAS::error('type mismatched for parameter $server_port (should be `integer\')');
+ if (gettype($server_port) != 'integer') {
+ phpCAS :: error('type mismatched for parameter $server_port (should be `integer\')');
}
- if ( gettype($server_uri) != 'string' ) {
- phpCAS::error('type mismatched for parameter $server_uri (should be `string\')');
+ if (gettype($server_uri) != 'string') {
+ phpCAS :: error('type mismatched for parameter $server_uri (should be `string\')');
}
-
+
// store where the initializer is called from
- $dbg = phpCAS::backtrace();
- $PHPCAS_INIT_CALL = array('done' => TRUE,
+ $dbg = phpCAS :: backtrace();
+ $PHPCAS_INIT_CALL = array (
+ 'done' => TRUE,
'file' => $dbg[0]['file'],
'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__);
-
+ 'method' => __CLASS__ . '::' . __FUNCTION__
+ );
+
// initialize the global object $PHPCAS_CLIENT
- $PHPCAS_CLIENT = new CASClient($server_version,FALSE/*proxy*/,$server_hostname,$server_port,$server_uri,$start_session);
- phpCAS::traceEnd();
- }
-
+ $PHPCAS_CLIENT = new CASClient($server_version, FALSE /*proxy*/
+ , $server_hostname, $server_port, $server_uri, $start_session);
+ phpCAS :: traceEnd();
+ }
+
/**
* phpCAS proxy initializer.
* @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
@@ -387,110 +412,107 @@ class phpCAS *
* @return a newly created CASClient object
*/
- function proxy($server_version,
- $server_hostname,
- $server_port,
- $server_uri,
- $start_session = true)
- {
+ function proxy($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) {
global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;
-
- phpCAS::traceBegin();
- if ( is_object($PHPCAS_CLIENT) ) {
- phpCAS::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')');
+
+ phpCAS :: traceBegin();
+ if (is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error($PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . $PHPCAS_INIT_CALL['file'] . ':' . $PHPCAS_INIT_CALL['line'] . ')');
}
- if ( gettype($server_version) != 'string' ) {
- phpCAS::error('type mismatched for parameter $server_version (should be `string\')');
+ if (gettype($server_version) != 'string') {
+ phpCAS :: error('type mismatched for parameter $server_version (should be `string\')');
}
- if ( gettype($server_hostname) != 'string' ) {
- phpCAS::error('type mismatched for parameter $server_hostname (should be `string\')');
+ if (gettype($server_hostname) != 'string') {
+ phpCAS :: error('type mismatched for parameter $server_hostname (should be `string\')');
}
- if ( gettype($server_port) != 'integer' ) {
- phpCAS::error('type mismatched for parameter $server_port (should be `integer\')');
+ if (gettype($server_port) != 'integer') {
+ phpCAS :: error('type mismatched for parameter $server_port (should be `integer\')');
}
- if ( gettype($server_uri) != 'string' ) {
- phpCAS::error('type mismatched for parameter $server_uri (should be `string\')');
+ if (gettype($server_uri) != 'string') {
+ phpCAS :: error('type mismatched for parameter $server_uri (should be `string\')');
}
-
+
// store where the initialzer is called from
- $dbg = phpCAS::backtrace();
- $PHPCAS_INIT_CALL = array('done' => TRUE,
+ $dbg = phpCAS :: backtrace();
+ $PHPCAS_INIT_CALL = array (
+ 'done' => TRUE,
'file' => $dbg[0]['file'],
'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__);
-
+ 'method' => __CLASS__ . '::' . __FUNCTION__
+ );
+
// initialize the global object $PHPCAS_CLIENT
- $PHPCAS_CLIENT = new CASClient($server_version,TRUE/*proxy*/,$server_hostname,$server_port,$server_uri,$start_session);
- phpCAS::traceEnd();
- }
-
+ $PHPCAS_CLIENT = new CASClient($server_version, TRUE /*proxy*/
+ , $server_hostname, $server_port, $server_uri, $start_session);
+ phpCAS :: traceEnd();
+ }
+
/** @} */
// ########################################################################
// DEBUGGING
// ########################################################################
-
+
/**
* @addtogroup publicDebug
* @{
*/
-
+
/**
* Set/unset debug mode
*
* @param $filename the name of the file used for logging, or FALSE to stop debugging.
*/
- function setDebug($filename='')
- {
+ function setDebug($filename = '') {
global $PHPCAS_DEBUG;
-
- if ( $filename != FALSE && gettype($filename) != 'string' ) {
- phpCAS::error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)');
- }
-
- if ( empty($filename) ) {
- if ( preg_match('/^Win.*/',getenv('OS')) ) {
- if ( isset($_ENV['TMP']) ) {
- $debugDir = $_ENV['TMP'].'/';
- } else if ( isset($_ENV['TEMP']) ) {
- $debugDir = $_ENV['TEMP'].'/';
- } else {
- $debugDir = '';
- }
+
+ if ($filename != FALSE && gettype($filename) != 'string') {
+ phpCAS :: error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)');
+ }
+
+ if (empty ($filename)) {
+ if (preg_match('/^Win.*/', getenv('OS'))) {
+ if (isset ($_ENV['TMP'])) {
+ $debugDir = $_ENV['TMP'] . '/';
+ } else
+ if (isset ($_ENV['TEMP'])) {
+ $debugDir = $_ENV['TEMP'] . '/';
+ } else {
+ $debugDir = '';
+ }
} else {
$debugDir = DEFAULT_DEBUG_DIR;
}
$filename = $debugDir . 'phpCAS.log';
}
-
- if ( empty($PHPCAS_DEBUG['unique_id']) ) {
- $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))),0,4);
+
+ if (empty ($PHPCAS_DEBUG['unique_id'])) {
+ $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))), 0, 4);
}
-
+
$PHPCAS_DEBUG['filename'] = $filename;
-
- phpCAS::trace('START ******************');
- }
-
+
+ phpCAS :: trace('START phpCAS-' . PHPCAS_VERSION . ' ******************');
+ }
+
/** @} */
/**
* @addtogroup internalDebug
* @{
*/
-
+
/**
* This method is a wrapper for debug_backtrace() that is not available
* in all PHP versions (>= 4.3.0 only)
*/
- function backtrace()
- {
- if ( function_exists('debug_backtrace') ) {
+ function backtrace() {
+ if (function_exists('debug_backtrace')) {
return debug_backtrace();
} else {
// poor man's hack ... but it does work ...
- return array();
- }
+ return array ();
}
-
+ }
+
/**
* Logs a string in debug mode.
*
@@ -498,20 +520,19 @@ class phpCAS *
* @private
*/
- function log($str)
- {
+ function log($str) {
$indent_str = ".";
global $PHPCAS_DEBUG;
-
- if ( $PHPCAS_DEBUG['filename'] ) {
- for ($i=0;$i<$PHPCAS_DEBUG['indent'];$i++) {
+
+ if ($PHPCAS_DEBUG['filename']) {
+ for ($i = 0; $i < $PHPCAS_DEBUG['indent']; $i++) {
$indent_str .= '| ';
}
- error_log($PHPCAS_DEBUG['unique_id'].' '.$indent_str.$str."\n",3,$PHPCAS_DEBUG['filename']);
- }
-
+ error_log($PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str . $str . "\n", 3, $PHPCAS_DEBUG['filename']);
}
-
+
+ }
+
/**
* This method is used by interface methods to print an error and where the function
* was originally called from.
@@ -520,16 +541,15 @@ class phpCAS *
* @private
*/
- function error($msg)
- {
- $dbg = phpCAS::backtrace();
+ function error($msg) {
+ $dbg = phpCAS :: backtrace();
$function = '?';
$file = '?';
$line = '?';
- if ( is_array($dbg) ) {
- for ( $i=1; $i<sizeof($dbg); $i++) {
- if ( is_array($dbg[$i]) ) {
- if ( $dbg[$i]['class'] == __CLASS__ ) {
+ if (is_array($dbg)) {
+ for ($i = 1; $i < sizeof($dbg); $i++) {
+ if (is_array($dbg[$i])) {
+ if ($dbg[$i]['class'] == __CLASS__) {
$function = $dbg[$i]['function'];
$file = $dbg[$i]['file'];
$line = $dbg[$i]['line'];
@@ -537,77 +557,73 @@ class phpCAS }
}
}
- echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>".__CLASS__."::".$function.'(): '.htmlentities($msg)."</b></font> in <b>".$file."</b> on line <b>".$line."</b><br />\n";
- phpCAS::trace($msg);
- phpCAS::traceExit();
- exit();
- }
-
+ echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>" . __CLASS__ . "::" . $function . '(): ' . htmlentities($msg) . "</b></font> in <b>" . $file . "</b> on line <b>" . $line . "</b><br />\n";
+ phpCAS :: trace($msg);
+ phpCAS :: traceExit();
+ exit ();
+ }
+
/**
* This method is used to log something in debug mode.
*/
- function trace($str)
- {
- $dbg = phpCAS::backtrace();
- phpCAS::log($str.' ['.basename($dbg[1]['file']).':'.$dbg[1]['line'].']');
- }
-
+ function trace($str) {
+ $dbg = phpCAS :: backtrace();
+ phpCAS :: log($str . ' [' . basename($dbg[1]['file']) . ':' . $dbg[1]['line'] . ']');
+ }
+
/**
* This method is used to indicate the start of the execution of a function in debug mode.
*/
- function traceBegin()
- {
+ function traceBegin() {
global $PHPCAS_DEBUG;
-
- $dbg = phpCAS::backtrace();
+
+ $dbg = phpCAS :: backtrace();
$str = '=> ';
- if ( !empty($dbg[2]['class']) ) {
- $str .= $dbg[2]['class'].'::';
+ if (!empty ($dbg[2]['class'])) {
+ $str .= $dbg[2]['class'] . '::';
}
- $str .= $dbg[2]['function'].'(';
- if ( is_array($dbg[2]['args']) ) {
+ $str .= $dbg[2]['function'] . '(';
+ if (is_array($dbg[2]['args'])) {
foreach ($dbg[2]['args'] as $index => $arg) {
- if ( $index != 0 ) {
+ if ($index != 0) {
$str .= ', ';
}
- $str .= str_replace("\n","",var_export($arg,TRUE));
+ $str .= str_replace("\n", "", var_export($arg, TRUE));
}
}
- $str .= ') ['.basename($dbg[2]['file']).':'.$dbg[2]['line'].']';
- phpCAS::log($str);
- $PHPCAS_DEBUG['indent'] ++;
- }
-
+ $str .= ') [' . basename($dbg[2]['file']) . ':' . $dbg[2]['line'] . ']';
+ phpCAS :: log($str);
+ $PHPCAS_DEBUG['indent']++;
+ }
+
/**
* This method is used to indicate the end of the execution of a function in debug mode.
*
* @param $res the result of the function
*/
- function traceEnd($res='')
- {
+ function traceEnd($res = '') {
global $PHPCAS_DEBUG;
-
- $PHPCAS_DEBUG['indent'] --;
- $dbg = phpCAS::backtrace();
+
+ $PHPCAS_DEBUG['indent']--;
+ $dbg = phpCAS :: backtrace();
$str = '';
- $str .= '<= '.str_replace("\n","",var_export($res,TRUE));
- phpCAS::log($str);
- }
-
+ $str .= '<= ' . str_replace("\n", "", var_export($res, TRUE));
+ phpCAS :: log($str);
+ }
+
/**
* This method is used to indicate the end of the execution of the program
*/
- function traceExit()
- {
+ function traceExit() {
global $PHPCAS_DEBUG;
-
- phpCAS::log('exit()');
- while ( $PHPCAS_DEBUG['indent'] > 0 ) {
- phpCAS::log('-');
- $PHPCAS_DEBUG['indent'] --;
- }
+
+ phpCAS :: log('exit()');
+ while ($PHPCAS_DEBUG['indent'] > 0) {
+ phpCAS :: log('-');
+ $PHPCAS_DEBUG['indent']--;
}
-
+ }
+
/** @} */
// ########################################################################
// INTERNATIONALIZATION
@@ -616,7 +632,7 @@ class phpCAS * @addtogroup publicLang
* @{
*/
-
+
/**
* This method is used to set the language used by phpCAS.
* @note Can be called only once.
@@ -625,18 +641,17 @@ class phpCAS *
* @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH
*/
- function setLang($lang)
- {
+ function setLang($lang) {
global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
}
- if ( gettype($lang) != 'string' ) {
- phpCAS::error('type mismatched for parameter $lang (should be `string\')');
+ if (gettype($lang) != 'string') {
+ phpCAS :: error('type mismatched for parameter $lang (should be `string\')');
}
$PHPCAS_CLIENT->setLang($lang);
- }
-
+ }
+
/** @} */
// ########################################################################
// VERSION
@@ -645,17 +660,16 @@ class phpCAS * @addtogroup public
* @{
*/
-
+
/**
* This method returns the phpCAS version.
*
* @return the phpCAS version.
*/
- function getVersion()
- {
+ function getVersion() {
return PHPCAS_VERSION;
- }
-
+ }
+
/** @} */
// ########################################################################
// HTML OUTPUT
@@ -664,41 +678,39 @@ class phpCAS * @addtogroup publicOutput
* @{
*/
-
+
/**
* This method sets the HTML header used for all outputs.
*
* @param $header the HTML header.
*/
- function setHTMLHeader($header)
- {
+ function setHTMLHeader($header) {
global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
}
- if ( gettype($header) != 'string' ) {
- phpCAS::error('type mismatched for parameter $header (should be `string\')');
+ if (gettype($header) != 'string') {
+ phpCAS :: error('type mismatched for parameter $header (should be `string\')');
}
$PHPCAS_CLIENT->setHTMLHeader($header);
- }
-
+ }
+
/**
* This method sets the HTML footer used for all outputs.
*
* @param $footer the HTML footer.
*/
- function setHTMLFooter($footer)
- {
+ function setHTMLFooter($footer) {
global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
}
- if ( gettype($footer) != 'string' ) {
- phpCAS::error('type mismatched for parameter $footer (should be `string\')');
+ if (gettype($footer) != 'string') {
+ phpCAS :: error('type mismatched for parameter $footer (should be `string\')');
}
$PHPCAS_CLIENT->setHTMLFooter($footer);
- }
-
+ }
+
/** @} */
// ########################################################################
// PGT STORAGE
@@ -707,7 +719,7 @@ class phpCAS * @addtogroup publicPGTStorage
* @{
*/
-
+
/**
* This method is used to tell phpCAS to store the response of the
* CAS server to PGT requests onto the filesystem.
@@ -715,31 +727,29 @@ class phpCAS * @param $format the format used to store the PGT's (`plain' and `xml' allowed)
* @param $path the path where the PGT's should be stored
*/
- function setPGTStorageFile($format='',
- $path='')
- {
- global $PHPCAS_CLIENT,$PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( !$PHPCAS_CLIENT->isProxy() ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ function setPGTStorageFile($format = '', $path = '') {
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
+
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
}
- if ( $PHPCAS_AUTH_CHECK_CALL['done'] ) {
- phpCAS::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')');
+ if (!$PHPCAS_CLIENT->isProxy()) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
}
- if ( gettype($format) != 'string' ) {
- phpCAS::error('type mismatched for parameter $format (should be `string\')');
+ if ($PHPCAS_AUTH_CHECK_CALL['done']) {
+ phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')');
}
- if ( gettype($path) != 'string' ) {
- phpCAS::error('type mismatched for parameter $format (should be `string\')');
+ if (gettype($format) != 'string') {
+ phpCAS :: error('type mismatched for parameter $format (should be `string\')');
}
- $PHPCAS_CLIENT->setPGTStorageFile($format,$path);
- phpCAS::traceEnd();
+ if (gettype($path) != 'string') {
+ phpCAS :: error('type mismatched for parameter $format (should be `string\')');
}
-
+ $PHPCAS_CLIENT->setPGTStorageFile($format, $path);
+ phpCAS :: traceEnd();
+ }
+
/**
* This method is used to tell phpCAS to store the response of the
* CAS server to PGT requests into a database.
@@ -755,51 +765,44 @@ class phpCAS * @param $database the name of the database
* @param $table the name of the table storing the data
*/
- function setPGTStorageDB($user,
- $password,
- $database_type='',
- $hostname='',
- $port=0,
- $database='',
- $table='')
- {
- global $PHPCAS_CLIENT,$PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( !$PHPCAS_CLIENT->isProxy() ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ function setPGTStorageDB($user, $password, $database_type = '', $hostname = '', $port = 0, $database = '', $table = '') {
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
+
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
}
- if ( $PHPCAS_AUTH_CHECK_CALL['done'] ) {
- phpCAS::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')');
+ if (!$PHPCAS_CLIENT->isProxy()) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
}
- if ( gettype($user) != 'string' ) {
- phpCAS::error('type mismatched for parameter $user (should be `string\')');
+ if ($PHPCAS_AUTH_CHECK_CALL['done']) {
+ phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')');
}
- if ( gettype($password) != 'string' ) {
- phpCAS::error('type mismatched for parameter $password (should be `string\')');
+ if (gettype($user) != 'string') {
+ phpCAS :: error('type mismatched for parameter $user (should be `string\')');
}
- if ( gettype($database_type) != 'string' ) {
- phpCAS::error('type mismatched for parameter $database_type (should be `string\')');
+ if (gettype($password) != 'string') {
+ phpCAS :: error('type mismatched for parameter $password (should be `string\')');
}
- if ( gettype($hostname) != 'string' ) {
- phpCAS::error('type mismatched for parameter $hostname (should be `string\')');
+ if (gettype($database_type) != 'string') {
+ phpCAS :: error('type mismatched for parameter $database_type (should be `string\')');
}
- if ( gettype($port) != 'integer' ) {
- phpCAS::error('type mismatched for parameter $port (should be `integer\')');
+ if (gettype($hostname) != 'string') {
+ phpCAS :: error('type mismatched for parameter $hostname (should be `string\')');
}
- if ( gettype($database) != 'string' ) {
- phpCAS::error('type mismatched for parameter $database (should be `string\')');
+ if (gettype($port) != 'integer') {
+ phpCAS :: error('type mismatched for parameter $port (should be `integer\')');
}
- if ( gettype($table) != 'string' ) {
- phpCAS::error('type mismatched for parameter $table (should be `string\')');
+ if (gettype($database) != 'string') {
+ phpCAS :: error('type mismatched for parameter $database (should be `string\')');
}
- $PHPCAS_CLIENT->setPGTStorageDB($user,$password,$database_type,$hostname,$port,$database,$table);
- phpCAS::traceEnd();
+ if (gettype($table) != 'string') {
+ phpCAS :: error('type mismatched for parameter $table (should be `string\')');
}
-
+ $PHPCAS_CLIENT->setPGTStorageDB($user, $password, $database_type, $hostname, $port, $database, $table);
+ phpCAS :: traceEnd();
+ }
+
/** @} */
// ########################################################################
// ACCESS TO EXTERNAL SERVICES
@@ -808,7 +811,7 @@ class phpCAS * @addtogroup publicServices
* @{
*/
-
+
/**
* This method is used to access an HTTP[S] service.
*
@@ -822,33 +825,32 @@ class phpCAS * @return TRUE on success, FALSE otherwise (in this later case, $err_code
* gives the reason why it failed and $output contains an error message).
*/
- function serviceWeb($url,&$err_code,&$output)
- {
+ function serviceWeb($url, & $err_code, & $output) {
global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
}
- if ( !$PHPCAS_CLIENT->isProxy() ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ if (!$PHPCAS_CLIENT->isProxy()) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
}
- if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) {
- phpCAS::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()');
+ if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
+ phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()');
}
- if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) {
- phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
+ if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
+ phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');
}
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be `string\')');
+ if (gettype($url) != 'string') {
+ phpCAS :: error('type mismatched for parameter $url (should be `string\')');
}
-
- $res = $PHPCAS_CLIENT->serviceWeb($url,$err_code,$output);
-
- phpCAS::traceEnd($res);
+
+ $res = $PHPCAS_CLIENT->serviceWeb($url, $err_code, $output);
+
+ phpCAS :: traceEnd($res);
return $res;
- }
-
+ }
+
/**
* This method is used to access an IMAP/POP3/NNTP service.
*
@@ -866,37 +868,36 @@ class phpCAS * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code
* gives the reason why it failed and $err_msg contains an error message).
*/
- function serviceMail($url,$service,$flags,&$err_code,&$err_msg,&$pt)
- {
+ function serviceMail($url, $service, $flags, & $err_code, & $err_msg, & $pt) {
global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
}
- if ( !$PHPCAS_CLIENT->isProxy() ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ if (!$PHPCAS_CLIENT->isProxy()) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
}
- if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) {
- phpCAS::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()');
+ if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
+ phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()');
}
- if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) {
- phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
+ if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
+ phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');
}
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be `string\')');
+ if (gettype($url) != 'string') {
+ phpCAS :: error('type mismatched for parameter $url (should be `string\')');
}
-
- if ( gettype($flags) != 'integer' ) {
- phpCAS::error('type mismatched for parameter $flags (should be `integer\')');
+
+ if (gettype($flags) != 'integer') {
+ phpCAS :: error('type mismatched for parameter $flags (should be `integer\')');
}
-
- $res = $PHPCAS_CLIENT->serviceMail($url,$service,$flags,$err_code,$err_msg,$pt);
-
- phpCAS::traceEnd($res);
+
+ $res = $PHPCAS_CLIENT->serviceMail($url, $service, $flags, $err_code, $err_msg, $pt);
+
+ phpCAS :: traceEnd($res);
return $res;
- }
-
+ }
+
/** @} */
// ########################################################################
// AUTHENTICATION
@@ -905,7 +906,7 @@ class phpCAS * @addtogroup publicAuth
* @{
*/
-
+
/**
* Set the times authentication will be cached before really accessing the CAS server in gateway mode:
* - -1: check only once, and then never again (until you pree login)
@@ -914,150 +915,156 @@ class phpCAS *
* @param $n an integer.
*/
- function setCacheTimesForAuthRecheck($n)
- {
+ function setCacheTimesForAuthRecheck($n) {
global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
}
- if ( gettype($n) != 'integer' ) {
- phpCAS::error('type mismatched for parameter $header (should be `string\')');
+ if (gettype($n) != 'integer') {
+ phpCAS :: error('type mismatched for parameter $header (should be `string\')');
}
$PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n);
- }
-
+ }
+
/**
* This method is called to check if the user is authenticated (use the gateway feature).
* @return TRUE when the user is authenticated; otherwise FALSE.
*/
- function checkAuthentication()
- {
+ function checkAuthentication() {
global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
}
-
+
$auth = $PHPCAS_CLIENT->checkAuthentication();
-
+
// store where the authentication has been checked and the result
- $dbg = phpCAS::backtrace();
- $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE,
+ $dbg = phpCAS :: backtrace();
+ $PHPCAS_AUTH_CHECK_CALL = array (
+ 'done' => TRUE,
'file' => $dbg[0]['file'],
'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__,
- 'result' => $auth );
- phpCAS::traceEnd($auth);
- return $auth;
- }
+ 'method' => __CLASS__ . '::' . __FUNCTION__,
+ 'result' => $auth
+ );
+ phpCAS :: traceEnd($auth);
+ return $auth;
+ }
/**
* This method is called to force authentication if the user was not already
* authenticated. If the user is not authenticated, halt by redirecting to
* the CAS server.
*/
- function forceAuthentication()
- {
+ function forceAuthentication() {
global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
}
-
+
$auth = $PHPCAS_CLIENT->forceAuthentication();
-
+
// store where the authentication has been checked and the result
- $dbg = phpCAS::backtrace();
- $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE,
+ $dbg = phpCAS :: backtrace();
+ $PHPCAS_AUTH_CHECK_CALL = array (
+ 'done' => TRUE,
'file' => $dbg[0]['file'],
'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__,
- 'result' => $auth );
-
- if ( !$auth ) {
- phpCAS::trace('user is not authenticated, redirecting to the CAS server');
+ 'method' => __CLASS__ . '::' . __FUNCTION__,
+ 'result' => $auth
+ );
+
+ if (!$auth) {
+ phpCAS :: trace('user is not authenticated, redirecting to the CAS server');
$PHPCAS_CLIENT->forceAuthentication();
} else {
- phpCAS::trace('no need to authenticate (user `'.phpCAS::getUser().'\' is already authenticated)');
+ phpCAS :: trace('no need to authenticate (user `' . phpCAS :: getUser() . '\' is already authenticated)');
}
-
- phpCAS::traceEnd();
- return $auth;
- }
-
+
+ phpCAS :: traceEnd();
+ return $auth;
+ }
+
/**
* This method is called to renew the authentication.
**/
function renewAuthentication() {
global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before'.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should not be called before' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
}
-
+
// store where the authentication has been checked and the result
- $dbg = phpCAS::backtrace();
- $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], 'method' => __CLASS__.'::'.__FUNCTION__, 'result' => $auth );
-
+ $dbg = phpCAS :: backtrace();
+ $PHPCAS_AUTH_CHECK_CALL = array (
+ 'done' => TRUE,
+ 'file' => $dbg[0]['file'],
+ 'line' => $dbg[0]['line'],
+ 'method' => __CLASS__ . '::' . __FUNCTION__,
+ 'result' => $auth
+ );
+
$PHPCAS_CLIENT->renewAuthentication();
- phpCAS::traceEnd();
+ phpCAS :: traceEnd();
}
/**
* This method has been left from version 0.4.1 for compatibility reasons.
*/
- function authenticate()
- {
- phpCAS::error('this method is deprecated. You should use '.__CLASS__.'::forceAuthentication() instead');
- }
-
+ function authenticate() {
+ phpCAS :: error('this method is deprecated. You should use ' . __CLASS__ . '::forceAuthentication() instead');
+ }
+
/**
* This method is called to check if the user is authenticated (previously or by
* tickets given in the URL).
*
* @return TRUE when the user is authenticated.
*/
- function isAuthenticated()
- {
+ function isAuthenticated() {
global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
}
-
+
// call the isAuthenticated method of the global $PHPCAS_CLIENT object
$auth = $PHPCAS_CLIENT->isAuthenticated();
-
+
// store where the authentication has been checked and the result
- $dbg = phpCAS::backtrace();
- $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE,
+ $dbg = phpCAS :: backtrace();
+ $PHPCAS_AUTH_CHECK_CALL = array (
+ 'done' => TRUE,
'file' => $dbg[0]['file'],
'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__,
- 'result' => $auth );
- phpCAS::traceEnd($auth);
+ 'method' => __CLASS__ . '::' . __FUNCTION__,
+ 'result' => $auth
+ );
+ phpCAS :: traceEnd($auth);
return $auth;
- }
-
+ }
+
/**
* Checks whether authenticated based on $_SESSION. Useful to avoid
* server calls.
* @return true if authenticated, false otherwise.
* @since 0.4.22 by Brendan Arnold
*/
- function isSessionAuthenticated ()
- {
+ function isSessionAuthenticated() {
global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- return($PHPCAS_CLIENT->isSessionAuthenticated());
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
}
-
+ return ($PHPCAS_CLIENT->isSessionAuthenticated());
+ }
+
/**
* This method returns the CAS user's login name.
* @warning should not be called only after phpCAS::forceAuthentication()
@@ -1065,21 +1072,20 @@ class phpCAS *
* @return the login name of the authenticated user
*/
- function getUser()
- {
+ function getUser() {
global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
}
- if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
+ if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()');
}
- if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) {
- phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
+ if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
+ phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');
}
return $PHPCAS_CLIENT->getUser();
- }
-
+ }
+
/**
* This method returns the CAS user's login name.
* @warning should not be called only after phpCAS::forceAuthentication()
@@ -1087,169 +1093,160 @@ class phpCAS *
* @return the login name of the authenticated user
*/
- function getAttributes()
- {
+ function getAttributes() {
global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
}
- if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
+ if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()');
}
- if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) {
- phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
+ if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
+ phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');
}
return $PHPCAS_CLIENT->getAttributes();
+ }
+ /**
+ * Handle logout requests.
+ */
+ function handleLogoutRequests($check_client = true, $allowed_clients = false) {
+ global $PHPCAS_CLIENT;
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
}
- /**
- * Handle logout requests.
- */
- function handleLogoutRequests($check_client=true, $allowed_clients=false)
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- return($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients));
- }
-
+ return ($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients));
+ }
+
/**
* This method returns the URL to be used to login.
* or phpCAS::isAuthenticated().
*
* @return the login name of the authenticated user
*/
- function getServerLoginURL()
- {
+ function getServerLoginURL() {
global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
}
return $PHPCAS_CLIENT->getServerLoginURL();
- }
-
+ }
+
/**
* Set the login URL of the CAS server.
* @param $url the login URL
* @since 0.4.21 by Wyman Chan
*/
- function setServerLoginURL($url='')
- {
+ function setServerLoginURL($url = '') {
global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after
- '.__CLASS__.'::client()');
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after
+ ' . __CLASS__ . '::client()');
}
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be
- `string\')');
+ if (gettype($url) != 'string') {
+ phpCAS :: error('type mismatched for parameter $url (should be
+ `string\')');
}
$PHPCAS_CLIENT->setServerLoginURL($url);
- phpCAS::traceEnd();
- }
-
-
+ phpCAS :: traceEnd();
+ }
+
/**
* Set the serviceValidate URL of the CAS server.
+ * Used only in CAS 1.0 validations
* @param $url the serviceValidate URL
* @since 1.1.0 by Joachim Fritschi
*/
- function setServerServiceValidateURL($url='')
- {
+ function setServerServiceValidateURL($url = '') {
global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after
- '.__CLASS__.'::client()');
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after
+ ' . __CLASS__ . '::client()');
}
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be
- `string\')');
+ if (gettype($url) != 'string') {
+ phpCAS :: error('type mismatched for parameter $url (should be
+ `string\')');
}
$PHPCAS_CLIENT->setServerServiceValidateURL($url);
- phpCAS::traceEnd();
- }
-
-
- /**
+ phpCAS :: traceEnd();
+ }
+
+ /**
* Set the proxyValidate URL of the CAS server.
+ * Used for all CAS 2.0 validations
* @param $url the proxyValidate URL
* @since 1.1.0 by Joachim Fritschi
*/
- function setServerProxyValidateURL($url='')
- {
+ function setServerProxyValidateURL($url = '') {
global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after
- '.__CLASS__.'::client()');
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after
+ ' . __CLASS__ . '::client()');
}
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be
- `string\')');
+ if (gettype($url) != 'string') {
+ phpCAS :: error('type mismatched for parameter $url (should be
+ `string\')');
}
$PHPCAS_CLIENT->setServerProxyValidateURL($url);
- phpCAS::traceEnd();
- }
-
- /**
+ phpCAS :: traceEnd();
+ }
+
+ /**
* Set the samlValidate URL of the CAS server.
* @param $url the samlValidate URL
* @since 1.1.0 by Joachim Fritschi
*/
- function setServerSamlValidateURL($url='')
- {
+ function setServerSamlValidateURL($url = '') {
global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after
- '.__CLASS__.'::client()');
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after
+ ' . __CLASS__ . '::client()');
}
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be
- `string\')');
+ if (gettype($url) != 'string') {
+ phpCAS :: error('type mismatched for parameter $url (should be
+ `string\')');
}
$PHPCAS_CLIENT->setServerSamlValidateURL($url);
- phpCAS::traceEnd();
- }
-
+ phpCAS :: traceEnd();
+ }
+
/**
* This method returns the URL to be used to login.
* or phpCAS::isAuthenticated().
*
* @return the login name of the authenticated user
*/
- function getServerLogoutURL()
- {
+ function getServerLogoutURL() {
global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
}
return $PHPCAS_CLIENT->getServerLogoutURL();
- }
-
+ }
+
/**
* Set the logout URL of the CAS server.
* @param $url the logout URL
* @since 0.4.21 by Wyman Chan
*/
- function setServerLogoutURL($url='')
- {
+ function setServerLogoutURL($url = '') {
global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after
- '.__CLASS__.'::client()');
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after
+ ' . __CLASS__ . '::client()');
}
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be
- `string\')');
+ if (gettype($url) != 'string') {
+ phpCAS :: error('type mismatched for parameter $url (should be
+ `string\')');
}
$PHPCAS_CLIENT->setServerLogoutURL($url);
- phpCAS::traceEnd();
- }
-
+ phpCAS :: traceEnd();
+ }
+
/**
* This method is used to logout from CAS.
* @params $params an array that contains the optional url and service parameters that will be passed to the CAS server
@@ -1257,66 +1254,70 @@ class phpCAS */
function logout($params = "") {
global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
+ phpCAS :: traceBegin();
if (!is_object($PHPCAS_CLIENT)) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
}
- $parsedParams = array();
+ $parsedParams = array ();
if ($params != "") {
if (is_string($params)) {
- phpCAS::error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead');
+ phpCAS :: error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead');
}
if (!is_array($params)) {
- phpCAS::error('type mismatched for parameter $params (should be `array\')');
+ phpCAS :: error('type mismatched for parameter $params (should be `array\')');
}
foreach ($params as $key => $value) {
if ($key != "service" && $key != "url") {
- phpCAS::error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\'');
+ phpCAS :: error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\'');
}
$parsedParams[$key] = $value;
}
}
$PHPCAS_CLIENT->logout($parsedParams);
// never reached
- phpCAS::traceEnd();
+ phpCAS :: traceEnd();
}
-
+
/**
* This method is used to logout from CAS. Halts by redirecting to the CAS server.
* @param $service a URL that will be transmitted to the CAS server
*/
function logoutWithRedirectService($service) {
global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
}
if (!is_string($service)) {
- phpCAS::error('type mismatched for parameter $service (should be `string\')');
+ phpCAS :: error('type mismatched for parameter $service (should be `string\')');
}
- $PHPCAS_CLIENT->logout(array("service" => $service));
+ $PHPCAS_CLIENT->logout(array (
+ "service" => $service
+ ));
// never reached
- phpCAS::traceEnd();
+ phpCAS :: traceEnd();
}
-
+
/**
* This method is used to logout from CAS. Halts by redirecting to the CAS server.
* @param $url a URL that will be transmitted to the CAS server
*/
function logoutWithUrl($url) {
global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
}
if (!is_string($url)) {
- phpCAS::error('type mismatched for parameter $url (should be `string\')');
+ phpCAS :: error('type mismatched for parameter $url (should be `string\')');
}
- $PHPCAS_CLIENT->logout(array("url" => $url));
+ $PHPCAS_CLIENT->logout(array (
+ "url" => $url
+ ));
// never reached
- phpCAS::traceEnd();
+ phpCAS :: traceEnd();
}
-
+
/**
* This method is used to logout from CAS. Halts by redirecting to the CAS server.
* @param $service a URL that will be transmitted to the CAS server
@@ -1324,161 +1325,156 @@ class phpCAS */
function logoutWithRedirectServiceAndUrl($service, $url) {
global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
}
if (!is_string($service)) {
- phpCAS::error('type mismatched for parameter $service (should be `string\')');
+ phpCAS :: error('type mismatched for parameter $service (should be `string\')');
}
if (!is_string($url)) {
- phpCAS::error('type mismatched for parameter $url (should be `string\')');
+ phpCAS :: error('type mismatched for parameter $url (should be `string\')');
}
- $PHPCAS_CLIENT->logout(array("service" => $service, "url" => $url));
+ $PHPCAS_CLIENT->logout(array (
+ "service" => $service,
+ "url" => $url
+ ));
// never reached
- phpCAS::traceEnd();
+ phpCAS :: traceEnd();
}
-
+
/**
* Set the fixed URL that will be used by the CAS server to transmit the PGT.
* When this method is not called, a phpCAS script uses its own URL for the callback.
*
* @param $url the URL
*/
- function setFixedCallbackURL($url='')
- {
+ function setFixedCallbackURL($url = '') {
global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
}
- if ( !$PHPCAS_CLIENT->isProxy() ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
+ if (!$PHPCAS_CLIENT->isProxy()) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
}
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be `string\')');
+ if (gettype($url) != 'string') {
+ phpCAS :: error('type mismatched for parameter $url (should be `string\')');
}
$PHPCAS_CLIENT->setCallbackURL($url);
- phpCAS::traceEnd();
- }
-
+ phpCAS :: traceEnd();
+ }
+
/**
* Set the fixed URL that will be set as the CAS service parameter. When this
* method is not called, a phpCAS script uses its own URL.
*
* @param $url the URL
*/
- function setFixedServiceURL($url)
- {
+ function setFixedServiceURL($url) {
global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be `string\')');
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
}
- $PHPCAS_CLIENT->setURL($url);
- phpCAS::traceEnd();
+ if (gettype($url) != 'string') {
+ phpCAS :: error('type mismatched for parameter $url (should be `string\')');
}
-
+ $PHPCAS_CLIENT->setURL($url);
+ phpCAS :: traceEnd();
+ }
+
/**
* Get the URL that is set as the CAS service parameter.
*/
- function getServiceURL()
- {
+ function getServiceURL() {
global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- return($PHPCAS_CLIENT->getURL());
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
}
-
+ return ($PHPCAS_CLIENT->getURL());
+ }
+
/**
* Retrieve a Proxy Ticket from the CAS server.
*/
- function retrievePT($target_service,&$err_code,&$err_msg)
- {
+ function retrievePT($target_service, & $err_code, & $err_msg) {
global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( gettype($target_service) != 'string' ) {
- phpCAS::error('type mismatched for parameter $target_service(should be `string\')');
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
}
- return($PHPCAS_CLIENT->retrievePT($target_service,$err_code,$err_msg));
+ if (gettype($target_service) != 'string') {
+ phpCAS :: error('type mismatched for parameter $target_service(should be `string\')');
}
-
+ return ($PHPCAS_CLIENT->retrievePT($target_service, $err_code, $err_msg));
+ }
+
/**
* Set the certificate of the CAS server.
*
* @param $cert the PEM certificate
*/
- function setCasServerCert($cert)
- {
+ function setCasServerCert($cert) {
global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- if ( gettype($cert) != 'string' ) {
- phpCAS::error('type mismatched for parameter $cert (should be `string\')');
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
}
- $PHPCAS_CLIENT->setCasServerCert($cert);
- phpCAS::traceEnd();
+ if (gettype($cert) != 'string') {
+ phpCAS :: error('type mismatched for parameter $cert (should be `string\')');
}
-
+ $PHPCAS_CLIENT->setCasServerCert($cert);
+ phpCAS :: traceEnd();
+ }
+
/**
* Set the certificate of the CAS server CA.
*
* @param $cert the CA certificate
*/
- function setCasServerCACert($cert)
- {
+ function setCasServerCACert($cert) {
global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- if ( gettype($cert) != 'string' ) {
- phpCAS::error('type mismatched for parameter $cert (should be `string\')');
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
}
- $PHPCAS_CLIENT->setCasServerCACert($cert);
- phpCAS::traceEnd();
+ if (gettype($cert) != 'string') {
+ phpCAS :: error('type mismatched for parameter $cert (should be `string\')');
}
-
+ $PHPCAS_CLIENT->setCasServerCACert($cert);
+ phpCAS :: traceEnd();
+ }
+
/**
* Set no SSL validation for the CAS server.
*/
- function setNoCasServerValidation()
- {
+ function setNoCasServerValidation() {
global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- $PHPCAS_CLIENT->setNoCasServerValidation();
- phpCAS::traceEnd();
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
}
-
+ $PHPCAS_CLIENT->setNoCasServerValidation();
+ phpCAS :: traceEnd();
+ }
+
/** @} */
-
- /**
- * Change CURL options.
- * CURL is used to connect through HTTPS to CAS server
- * @param $key the option key
- * @param $value the value to set
- */
- function setExtraCurlOption($key, $value)
- {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- $PHPCAS_CLIENT->setExtraCurlOption($key, $value);
- phpCAS::traceEnd();
+
+ /**
+ * Change CURL options.
+ * CURL is used to connect through HTTPS to CAS server
+ * @param $key the option key
+ * @param $value the value to set
+ */
+ function setExtraCurlOption($key, $value) {
+ global $PHPCAS_CLIENT;
+ phpCAS :: traceBegin();
+ if (!is_object($PHPCAS_CLIENT)) {
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
}
+ $PHPCAS_CLIENT->setExtraCurlOption($key, $value);
+ phpCAS :: traceEnd();
+ }
}
@@ -1525,7 +1521,6 @@ class phpCAS /** @defgroup publicDebug Debugging
* @ingroup public */
-
/** @defgroup internal Implementation */
/** @defgroup internalAuthentication Authentication
@@ -1579,37 +1574,37 @@ class phpCAS /**
* @example example_simple.php
*/
- /**
- * @example example_proxy.php
- */
- /**
- * @example example_proxy2.php
- */
- /**
- * @example example_lang.php
- */
- /**
- * @example example_html.php
- */
- /**
- * @example example_file.php
- */
- /**
- * @example example_db.php
- */
- /**
- * @example example_service.php
- */
- /**
- * @example example_session_proxy.php
- */
- /**
- * @example example_session_service.php
- */
- /**
- * @example example_gateway.php
- */
-
-
-
+/**
+ * @example example_proxy.php
+ */
+/**
+ * @example example_proxy2.php
+ */
+/**
+ * @example example_lang.php
+ */
+/**
+ * @example example_html.php
+ */
+/**
+ * @example example_file.php
+ */
+/**
+ * @example example_db.php
+ */
+/**
+ * @example example_service.php
+ */
+/**
+ * @example example_session_proxy.php
+ */
+/**
+ * @example example_session_service.php
+ */
+/**
+ * @example example_gateway.php
+ */
+/**
+ * @example example_custom_urls.php
+ */
?>
diff --git a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php index 5a589e4b2..1e316b6f6 100644 --- a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php +++ b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php @@ -1,4 +1,32 @@ <?php
+/*
+ * Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * * Neither the name of the ESUP-Portail consortium & the JA-SIG
+ * Collaborative nor the names of its contributors may be used to endorse or
+ * promote products derived from this software without specific prior
+ * written permission.
+
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
/**
* @file CAS/PGTStorage/pgt-db.php
diff --git a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-file.php b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-file.php index bc07485b8..983e557c5 100644 --- a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-file.php +++ b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-file.php @@ -1,5 +1,32 @@ <?php
+/*
+ * Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * * Neither the name of the ESUP-Portail consortium & the JA-SIG
+ * Collaborative nor the names of its contributors may be used to endorse or
+ * promote products derived from this software without specific prior
+ * written permission.
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
/**
* @file CAS/PGTStorage/pgt-file.php
* Basic class for PGT file storage
diff --git a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-main.php b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-main.php index cd9b49967..cf4c4ed0f 100644 --- a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-main.php +++ b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-main.php @@ -1,5 +1,32 @@ <?php
-
+/*
+ * Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * * Neither the name of the ESUP-Portail consortium & the JA-SIG
+ * Collaborative nor the names of its contributors may be used to endorse or
+ * promote products derived from this software without specific prior
+ * written permission.
+
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
/**
* @file CAS/PGTStorage/pgt-main.php
* Basic class for PGT storage
diff --git a/plugins/CasAuthentication/extlib/CAS/client.php b/plugins/CasAuthentication/extlib/CAS/client.php index ad5a23f83..d38c24d36 100644 --- a/plugins/CasAuthentication/extlib/CAS/client.php +++ b/plugins/CasAuthentication/extlib/CAS/client.php @@ -1,5 +1,34 @@ <?php +/* + * Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * * Neither the name of the ESUP-Portail consortium & the JA-SIG + * Collaborative nor the names of its contributors may be used to endorse or + * promote products derived from this software without specific prior + * written permission. + + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + /** * @file CAS/client.php * Main class of the phpCAS library @@ -351,8 +380,8 @@ class CASClient { return $this->_server['login_url'] = $url; } - - + + /** * This method sets the serviceValidate URL of the CAS server. * @param $url the serviceValidate URL @@ -363,8 +392,8 @@ class CASClient { return $this->_server['service_validate_url'] = $url; } - - + + /** * This method sets the proxyValidate URL of the CAS server. * @param $url the proxyValidate URL @@ -375,8 +404,8 @@ class CASClient { return $this->_server['proxy_validate_url'] = $url; } - - + + /** * This method sets the samlValidate URL of the CAS server. * @param $url the samlValidate URL @@ -387,7 +416,7 @@ class CASClient { return $this->_server['saml_validate_url'] = $url; } - + /** * This method is used to retrieve the service validating URL of the CAS server. @@ -411,24 +440,24 @@ class CASClient return $this->_server['service_validate_url'].'?service='.urlencode($this->getURL()); } /** - * This method is used to retrieve the SAML validating URL of the CAS server. - * @return a URL. - * @private - */ + * This method is used to retrieve the SAML validating URL of the CAS server. + * @return a URL. + * @private + */ function getServerSamlValidateURL() - { - phpCAS::traceBegin(); - // the URL is build only when needed - if ( empty($this->_server['saml_validate_url']) ) { - switch ($this->getServerVersion()) { - case SAML_VERSION_1_1: - $this->_server['saml_validate_url'] = $this->getServerBaseURL().'samlValidate'; - break; + { + phpCAS::traceBegin(); + // the URL is build only when needed + if ( empty($this->_server['saml_validate_url']) ) { + switch ($this->getServerVersion()) { + case SAML_VERSION_1_1: + $this->_server['saml_validate_url'] = $this->getServerBaseURL().'samlValidate'; + break; } - } - phpCAS::traceEnd($this->_server['saml_validate_url'].'?TARGET='.urlencode($this->getURL())); - return $this->_server['saml_validate_url'].'?TARGET='.urlencode($this->getURL()); - } + } + phpCAS::traceEnd($this->_server['saml_validate_url'].'?TARGET='.urlencode($this->getURL())); + return $this->_server['saml_validate_url'].'?TARGET='.urlencode($this->getURL()); + } /** * This method is used to retrieve the proxy validating URL of the CAS server. * @return a URL. @@ -496,20 +525,20 @@ class CASClient { return $this->_server['logout_url'] = $url; } - + /** * An array to store extra curl options. */ var $_curl_options = array(); - + /** * This method is used to set additional user curl options. */ function setExtraCurlOption($key, $value) - { + { $this->_curl_options[$key] = $value; - } - + } + /** * This method checks to see if the request is secured via HTTPS * @return true if https, false otherwise @@ -556,45 +585,21 @@ class CASClient if (version_compare(PHP_VERSION,'5','>=') && ini_get('zend.ze1_compatibility_mode')) { phpCAS::error('phpCAS cannot support zend.ze1_compatibility_mode. Sorry.'); } + $this->_start_session = $start_session; + + if ($this->_start_session && session_id()) + { + phpCAS :: error("Another session was started before phpcas. Either disable the session" . + " handling for phpcas in the client() call or modify your application to leave" . + " session handling to phpcas"); + } // skip Session Handling for logout requests and if don't want it' - if ($start_session && !$this->isLogoutRequest()) { - phpCAS::trace("Starting session handling"); - // Check for Tickets from the CAS server - if (empty($_GET['ticket'])){ - phpCAS::trace("No ticket found"); - // only create a session if necessary - if (!isset($_SESSION)) { - phpCAS::trace("No session found, creating new session"); - session_start(); - } - }else{ - phpCAS::trace("Ticket found"); - // We have to copy any old data before renaming the session - if (isset($_SESSION)) { - phpCAS::trace("Old active session found, saving old data and destroying session"); - $old_session = $_SESSION; - session_destroy(); - }else{ - session_start(); - phpCAS::trace("Starting possible old session to copy variables"); - $old_session = $_SESSION; - session_destroy(); - } - // set up a new session, of name based on the ticket - $session_id = preg_replace('/[^\w]/','',$_GET['ticket']); - phpCAS::LOG("Session ID: " . $session_id); - session_id($session_id); - session_start(); - // restore old session vars - if(isset($old_session)){ - phpCAS::trace("Restoring old session vars"); - $_SESSION = $old_session; - } - } - }else{ - phpCAS::trace("Skipping session creation"); + if ($start_session && !$this->isLogoutRequest()) + { + phpCAS :: trace("Starting a new session"); + session_start(); } - + // are we in proxy mode ? $this->_proxy = $proxy; @@ -667,12 +672,8 @@ class CASClient } break; case CAS_VERSION_2_0: // check for a Service or Proxy Ticket - if (preg_match('/^ST-/', $ticket)) { - phpCAS::trace('ST \'' . $ticket . '\' found'); - $this->setST($ticket); - unset ($_GET['ticket']); - } else if (preg_match('/^PT-/', $ticket)) { - phpCAS::trace('PT \'' . $ticket . '\' found'); + if( preg_match('/^[SP]T-/',$ticket) ) { + phpCAS::trace('ST or PT \''.$ticket.'\' found'); $this->setPT($ticket); unset($_GET['ticket']); } else if ( !empty($ticket) ) { @@ -682,9 +683,9 @@ class CASClient break; case SAML_VERSION_1_1: // SAML just does Service Tickets if( preg_match('/^[SP]T-/',$ticket) ) { - phpCAS::trace('SA \''.$ticket.'\' found'); - $this->setSA($ticket); - unset($_GET['ticket']); + phpCAS::trace('SA \''.$ticket.'\' found'); + $this->setSA($ticket); + unset($_GET['ticket']); } else if ( !empty($ticket) ) { //ill-formed ticket, halt phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')'); @@ -699,6 +700,57 @@ class CASClient // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX // XX XX + // XX Session Handling XX + // XX XX + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + + /** + * A variable to whether phpcas will use its own session handling. Default = true + * @hideinitializer + * @private + */ + var $_start_session = true; + + function setStartSession($session) + { + $this->_start_session = session; + } + + function getStartSession($session) + { + $this->_start_session = session; + } + + /** + * Renaming the session + */ + function renameSession($ticket) + { + phpCAS::traceBegin(); + if($this->_start_session){ + if (!empty ($this->_user)) + { + $old_session = $_SESSION; + session_destroy(); + // set up a new session, of name based on the ticket + $session_id = preg_replace('/[^\w]/', '', $ticket); + phpCAS :: trace("Session ID: ".$session_id); + session_id($session_id); + session_start(); + phpCAS :: trace("Restoring old session vars"); + $_SESSION = $old_session; + } else + { + phpCAS :: error('Session should only be renamed after successfull authentication'); + } + }else{ + phpCAS :: trace("Skipping session rename since phpCAS is not handling the session."); + } + phpCAS::traceEnd(); + } + + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + // XX XX // XX AUTHENTICATION XX // XX XX // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX @@ -743,8 +795,8 @@ class CASClient } return $this->_user; } - - + + /*********************************************************************************************************************** * Atrributes section @@ -760,23 +812,23 @@ class CASClient * @private */ var $_attributes = array(); - + function setAttributes($attributes) { $this->_attributes = $attributes; } - + function getAttributes() { if ( empty($this->_user) ) { // if no user is set, there shouldn't be any attributes also... phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'); } return $this->_attributes; } - + function hasAttributes() { return !empty($this->_attributes); } - + function hasAttribute($key) { return (is_array($this->_attributes) && array_key_exists($key, $this->_attributes)); } - + function getAttribute($key) { if($this->hasAttribute($key)) { return $this->_attributes[$key]; @@ -802,7 +854,7 @@ class CASClient } phpCAS::traceEnd(); } - + /** * This method is called to be sure that the user is authenticated. When not * authenticated, halt by redirecting to the CAS server; otherwise return TRUE. @@ -914,66 +966,73 @@ class CASClient */ function isAuthenticated() { - phpCAS::traceBegin(); - $res = FALSE; - $validate_url = ''; - - if ( $this->wasPreviouslyAuthenticated() ) { + phpCAS::traceBegin(); + $res = FALSE; + $validate_url = ''; + + if ( $this->wasPreviouslyAuthenticated() ) { + if($this->hasST() || $this->hasPT() || $this->hasSA()){ + // User has a additional ticket but was already authenticated + phpCAS::trace('ticket was present and will be discarded, use renewAuthenticate()'); + header('Location: '.$this->getURL()); + phpCAS::log( "Prepare redirect to remove ticket: ".$this->getURL() ); + }else{ // the user has already (previously during the session) been // authenticated, nothing to be done. phpCAS::trace('user was already authenticated, no need to look for tickets'); - $res = TRUE; } - else { - if ( $this->hasST() ) { - // if a Service Ticket was given, validate it - phpCAS::trace('ST `'.$this->getST().'\' is present'); - $this->validateST($validate_url,$text_response,$tree_response); // if it fails, it halts - phpCAS::trace('ST `'.$this->getST().'\' was validated'); - if ( $this->isProxy() ) { - $this->validatePGT($validate_url,$text_response,$tree_response); // idem - phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); - $_SESSION['phpCAS']['pgt'] = $this->getPGT(); - } - $_SESSION['phpCAS']['user'] = $this->getUser(); - $res = TRUE; - } - elseif ( $this->hasPT() ) { - // if a Proxy Ticket was given, validate it - phpCAS::trace('PT `'.$this->getPT().'\' is present'); - $this->validatePT($validate_url,$text_response,$tree_response); // note: if it fails, it halts - phpCAS::trace('PT `'.$this->getPT().'\' was validated'); - if ( $this->isProxy() ) { - $this->validatePGT($validate_url,$text_response,$tree_response); // idem - phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); - $_SESSION['phpCAS']['pgt'] = $this->getPGT(); - } - $_SESSION['phpCAS']['user'] = $this->getUser(); - $res = TRUE; - } - elseif ( $this->hasSA() ) { - // if we have a SAML ticket, validate it. - phpCAS::trace('SA `'.$this->getSA().'\' is present'); - $this->validateSA($validate_url,$text_response,$tree_response); // if it fails, it halts - phpCAS::trace('SA `'.$this->getSA().'\' was validated'); - $_SESSION['phpCAS']['user'] = $this->getUser(); - $_SESSION['phpCAS']['attributes'] = $this->getAttributes(); - $res = TRUE; - } - else { - // no ticket given, not authenticated - phpCAS::trace('no ticket found'); + $res = TRUE; + } + else { + if ( $this->hasST() ) { + // if a Service Ticket was given, validate it + phpCAS::trace('ST `'.$this->getST().'\' is present'); + $this->validateST($validate_url,$text_response,$tree_response); // if it fails, it halts + phpCAS::trace('ST `'.$this->getST().'\' was validated'); + if ( $this->isProxy() ) { + $this->validatePGT($validate_url,$text_response,$tree_response); // idem + phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); + $_SESSION['phpCAS']['pgt'] = $this->getPGT(); } - if ($res) { - // if called with a ticket parameter, we need to redirect to the app without the ticket so that CAS-ification is transparent to the browser (for later POSTS) - // most of the checks and errors should have been made now, so we're safe for redirect without masking error messages. - header('Location: '.$this->getURL()); - phpCAS::log( "Prepare redirect to : ".$this->getURL() ); + $_SESSION['phpCAS']['user'] = $this->getUser(); + $res = TRUE; + } + elseif ( $this->hasPT() ) { + // if a Proxy Ticket was given, validate it + phpCAS::trace('PT `'.$this->getPT().'\' is present'); + $this->validatePT($validate_url,$text_response,$tree_response); // note: if it fails, it halts + phpCAS::trace('PT `'.$this->getPT().'\' was validated'); + if ( $this->isProxy() ) { + $this->validatePGT($validate_url,$text_response,$tree_response); // idem + phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); + $_SESSION['phpCAS']['pgt'] = $this->getPGT(); } + $_SESSION['phpCAS']['user'] = $this->getUser(); + $res = TRUE; + } + elseif ( $this->hasSA() ) { + // if we have a SAML ticket, validate it. + phpCAS::trace('SA `'.$this->getSA().'\' is present'); + $this->validateSA($validate_url,$text_response,$tree_response); // if it fails, it halts + phpCAS::trace('SA `'.$this->getSA().'\' was validated'); + $_SESSION['phpCAS']['user'] = $this->getUser(); + $_SESSION['phpCAS']['attributes'] = $this->getAttributes(); + $res = TRUE; + } + else { + // no ticket given, not authenticated + phpCAS::trace('no ticket found'); + } + if ($res) { + // if called with a ticket parameter, we need to redirect to the app without the ticket so that CAS-ification is transparent to the browser (for later POSTS) + // most of the checks and errors should have been made now, so we're safe for redirect without masking error messages. + header('Location: '.$this->getURL()); + phpCAS::log( "Prepare redirect to : ".$this->getURL() ); } - - phpCAS::traceEnd($res); - return $res; + } + + phpCAS::traceEnd($res); + return $res; } /** @@ -1071,30 +1130,7 @@ class CASClient phpCAS::traceExit(); exit(); } - -// /** -// * This method is used to logout from CAS. -// * @param $url a URL that will be transmitted to the CAS server (to come back to when logged out) -// * @public -// */ -// function logout($url = "") { -// phpCAS::traceBegin(); -// $cas_url = $this->getServerLogoutURL(); -// // v0.4.14 sebastien.gougeon at univ-rennes1.fr -// // header('Location: '.$cas_url); -// if ( $url != "" ) { -// // Adam Moore 1.0.0RC2 -// $url = '?service=' . $url . '&url=' . $url; -// } -// header('Location: '.$cas_url . $url); -// session_unset(); -// session_destroy(); -// $this->printHTMLHeader($this->getString(CAS_STR_LOGOUT)); -// printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url); -// $this->printHTMLFooter(); -// phpCAS::traceExit(); -// exit(); -// } + /** * This method is used to logout from CAS. @@ -1114,7 +1150,7 @@ class CASClient } header('Location: '.$cas_url); phpCAS::log( "Prepare redirect to : ".$cas_url ); - + session_unset(); session_destroy(); @@ -1156,6 +1192,9 @@ class CASClient phpCAS::traceEnd(); return; } + if(!$this->_start_session){ + phpCAS::log("phpCAS can't handle logout requests if it does not manage the session."); + } phpCAS::log("Logout requested"); phpCAS::log("SAML REQUEST: ".$_POST['logoutRequest']); if ($check_client) { @@ -1177,7 +1216,7 @@ class CASClient } if (!$allowed) { phpCAS::error("Unauthorized logout request from client '".$client."'"); - printf("Unauthorized!"); + printf("Unauthorized!"); phpCAS::traceExit(); exit(); } @@ -1191,8 +1230,13 @@ class CASClient phpCAS::log("Ticket to logout: ".$ticket2logout); $session_id = preg_replace('/[^\w]/','',$ticket2logout); phpCAS::log("Session id: ".$session_id); - - // fix New session ID + + // destroy a possible application session created before phpcas + if(session_id()){ + session_unset(); + session_destroy(); + } + // fix session ID session_id($session_id); $_COOKIE[session_name()]=$session_id; $_GET[session_name()]=$session_id; @@ -1200,8 +1244,8 @@ class CASClient // Overwrite session session_start(); session_unset(); - session_destroy(); - printf("Disconnected!"); + session_destroy(); + printf("Disconnected!"); phpCAS::traceExit(); exit(); } @@ -1322,7 +1366,7 @@ class CASClient * This method is used to validate a ST; halt on failure, and sets $validate_url, * $text_reponse and $tree_response on success. These parameters are used later * by CASClient::validatePGT() for CAS proxies. - * + * Used for all CAS 1.0 validations * @param $validate_url the URL of the request to the CAS server. * @param $text_response the response of the CAS server, as is (XML text). * @param $tree_response the response of the CAS server, as a DOM XML tree. @@ -1338,7 +1382,7 @@ class CASClient $validate_url = $this->getServerServiceValidateURL().'&ticket='.$this->getST(); if ( $this->isProxy() ) { // pass the callback url for CAS proxies - $validate_url .= '&pgtUrl='.$this->getCallbackURL(); + $validate_url .= '&pgtUrl='.urlencode($this->getCallbackURL()); } // open and read the URL @@ -1434,156 +1478,160 @@ class CASClient } break; } + $this->renameSession($this->getST()); + // at this step, ST has been validated and $this->_user has been set, + phpCAS::traceEnd(TRUE); + return TRUE; + } + + // ######################################################################## + // SAML VALIDATION + // ######################################################################## + /** + * @addtogroup internalBasic + * @{ + */ + + /** + * This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, + * $text_reponse and $tree_response on success. These parameters are used later + * by CASClient::validatePGT() for CAS proxies. + * + * @param $validate_url the URL of the request to the CAS server. + * @param $text_response the response of the CAS server, as is (XML text). + * @param $tree_response the response of the CAS server, as a DOM XML tree. + * + * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). + * + * @private + */ + function validateSA($validate_url,&$text_response,&$tree_response) + { + phpCAS::traceBegin(); + + // build the URL to validate the ticket + $validate_url = $this->getServerSamlValidateURL(); + + // open and read the URL + if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) { + phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')'); + $this->authError('SA not validated', $validate_url, TRUE/*$no_response*/); + } + + phpCAS::trace('server version: '.$this->getServerVersion()); + // analyze the result depending on the version + switch ($this->getServerVersion()) { + case SAML_VERSION_1_1: + + // read the response of the CAS server into a DOM object + if ( !($dom = domxml_open_mem($text_response))) { + phpCAS::trace('domxml_open_mem() failed'); + $this->authError('SA not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + // read the root node of the XML tree + if ( !($tree_response = $dom->document_element()) ) { + phpCAS::trace('document_element() failed'); + $this->authError('SA not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + // insure that tag name is 'Envelope' + if ( $tree_response->node_name() != 'Envelope' ) { + phpCAS::trace('bad XML root node (should be `Envelope\' instead of `'.$tree_response->node_name().'\''); + $this->authError('SA not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + // check for the NameIdentifier tag in the SAML response + if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("NameIdentifier")) != 0) { + phpCAS::trace('NameIdentifier found'); + $user = trim($success_elements[0]->get_content()); + phpCAS::trace('user = `'.$user.'`'); + $this->setUser($user); + $this->setSessionAttributes($text_response); + } else { + phpCAS::trace('no <NameIdentifier> tag found in SAML payload'); + $this->authError('SA not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + break; + } + $this->renameSession($this->getSA()); // at this step, ST has been validated and $this->_user has been set, phpCAS::traceEnd(TRUE); return TRUE; } - - // ######################################################################## - // SAML VALIDATION - // ######################################################################## - /** - * @addtogroup internalBasic - * @{ - */ - - /** - * This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, - * $text_reponse and $tree_response on success. These parameters are used later - * by CASClient::validatePGT() for CAS proxies. - * - * @param $validate_url the URL of the request to the CAS server. - * @param $text_response the response of the CAS server, as is (XML text). - * @param $tree_response the response of the CAS server, as a DOM XML tree. - * - * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). - * - * @private - */ - function validateSA($validate_url,&$text_response,&$tree_response) - { - phpCAS::traceBegin(); - - // build the URL to validate the ticket - $validate_url = $this->getServerSamlValidateURL(); - - // open and read the URL - if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) { - phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')'); - $this->authError('SA not validated', $validate_url, TRUE/*$no_response*/); - } - - phpCAS::trace('server version: '.$this->getServerVersion()); - - // analyze the result depending on the version - switch ($this->getServerVersion()) { - case SAML_VERSION_1_1: - - // read the response of the CAS server into a DOM object - if ( !($dom = domxml_open_mem($text_response))) { - phpCAS::trace('domxml_open_mem() failed'); - $this->authError('SA not validated', - $validate_url, - FALSE/*$no_response*/, - TRUE/*$bad_response*/, - $text_response); - } - // read the root node of the XML tree - if ( !($tree_response = $dom->document_element()) ) { - phpCAS::trace('document_element() failed'); - $this->authError('SA not validated', - $validate_url, - FALSE/*$no_response*/, - TRUE/*$bad_response*/, - $text_response); - } - // insure that tag name is 'Envelope' - if ( $tree_response->node_name() != 'Envelope' ) { - phpCAS::trace('bad XML root node (should be `Envelope\' instead of `'.$tree_response->node_name().'\''); - $this->authError('SA not validated', - $validate_url, - FALSE/*$no_response*/, - TRUE/*$bad_response*/, - $text_response); - } - // check for the NameIdentifier tag in the SAML response - if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("NameIdentifier")) != 0) { - phpCAS::trace('NameIdentifier found'); - $user = trim($success_elements[0]->get_content()); - phpCAS::trace('user = `'.$user.'`'); - $this->setUser($user); - $this->setSessionAttributes($text_response); - } else { - phpCAS::trace('no <NameIdentifier> tag found in SAML payload'); - $this->authError('SA not validated', - $validate_url, - FALSE/*$no_response*/, - TRUE/*$bad_response*/, - $text_response); - } - break; - } - - // at this step, ST has been validated and $this->_user has been set, - phpCAS::traceEnd(TRUE); - return TRUE; - } - - /** - * This method will parse the DOM and pull out the attributes from the SAML - * payload and put them into an array, then put the array into the session. - * - * @param $text_response the SAML payload. - * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). - * - * @private - */ - function setSessionAttributes($text_response) - { - phpCAS::traceBegin(); - - $result = FALSE; - - if (isset($_SESSION[SAML_ATTRIBUTES])) { - phpCAS::trace("session attrs already set."); //testbml - do we care? - } - - $attr_array = array(); - - if (($dom = domxml_open_mem($text_response))) { - $xPath = $dom->xpath_new_context(); - $xPath->xpath_register_ns('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol'); - $xPath->xpath_register_ns('saml', 'urn:oasis:names:tc:SAML:1.0:assertion'); - $nodelist = $xPath->xpath_eval("//saml:Attribute"); - $attrs = $nodelist->nodeset; - phpCAS::trace($text_response); - foreach($attrs as $attr){ - $xres = $xPath->xpath_eval("saml:AttributeValue", $attr); - $name = $attr->get_attribute("AttributeName"); - $value_array = array(); - foreach($xres->nodeset as $node){ - $value_array[] = $node->get_content(); - - } - phpCAS::trace("* " . $name . "=" . $value_array); - $attr_array[$name] = $value_array; - } - $_SESSION[SAML_ATTRIBUTES] = $attr_array; - // UGent addition... - foreach($attr_array as $attr_key => $attr_value) { - if(count($attr_value) > 1) { - $this->_attributes[$attr_key] = $attr_value; - } - else { - $this->_attributes[$attr_key] = $attr_value[0]; - } - } - $result = TRUE; - } - phpCAS::traceEnd($result); - return $result; - } + + /** + * This method will parse the DOM and pull out the attributes from the SAML + * payload and put them into an array, then put the array into the session. + * + * @param $text_response the SAML payload. + * @return bool TRUE when successfull and FALSE if no attributes a found + * + * @private + */ + function setSessionAttributes($text_response) + { + phpCAS::traceBegin(); + + $result = FALSE; + + if (isset($_SESSION[SAML_ATTRIBUTES])) { + phpCAS::trace("session attrs already set."); //testbml - do we care? + } + + $attr_array = array(); + + if (($dom = domxml_open_mem($text_response))) { + $xPath = $dom->xpath_new_context(); + $xPath->xpath_register_ns('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol'); + $xPath->xpath_register_ns('saml', 'urn:oasis:names:tc:SAML:1.0:assertion'); + $nodelist = $xPath->xpath_eval("//saml:Attribute"); + if($nodelist){ + $attrs = $nodelist->nodeset; + foreach($attrs as $attr){ + $xres = $xPath->xpath_eval("saml:AttributeValue", $attr); + $name = $attr->get_attribute("AttributeName"); + $value_array = array(); + foreach($xres->nodeset as $node){ + $value_array[] = $node->get_content(); + } + $attr_array[$name] = $value_array; + } + $_SESSION[SAML_ATTRIBUTES] = $attr_array; + // UGent addition... + foreach($attr_array as $attr_key => $attr_value) { + if(count($attr_value) > 1) { + $this->_attributes[$attr_key] = $attr_value; + phpCAS::trace("* " . $attr_key . "=" . $attr_value); + } + else { + $this->_attributes[$attr_key] = $attr_value[0]; + phpCAS::trace("* " . $attr_key . "=" . $attr_value[0]); + } + } + $result = TRUE; + }else{ + phpCAS::trace("SAML Attributes are empty"); + $result = FALSE; + } + } + phpCAS::traceEnd($result); + return $result; + } /** @} */ @@ -2118,7 +2166,7 @@ class CASClient curl_setopt($ch, $key, $value); } } - + if ($this->_cas_server_cert == '' && $this->_cas_server_ca_cert == '' && !$this->_no_cas_server_validation) { phpCAS::error('one of the methods phpCAS::setCasServerCert(), phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.'); } @@ -2150,21 +2198,21 @@ class CASClient if ( is_array($cookies) ) { curl_setopt($ch,CURLOPT_COOKIE,implode(';',$cookies)); } - // add extra stuff if SAML - if ($this->hasSA()) { - $more_headers = array ("soapaction: http://www.oasis-open.org/committees/security", - "cache-control: no-cache", - "pragma: no-cache", - "accept: text/xml", - "connection: keep-alive", - "content-type: text/xml"); - - curl_setopt($ch, CURLOPT_HTTPHEADER, $more_headers); - curl_setopt($ch, CURLOPT_POST, 1); - $data = $this->buildSAMLPayload(); - //phpCAS::trace('SAML Payload: '.print_r($data, TRUE)); - curl_setopt($ch, CURLOPT_POSTFIELDS, $data); - } + // add extra stuff if SAML + if ($this->hasSA()) { + $more_headers = array ("soapaction: http://www.oasis-open.org/committees/security", + "cache-control: no-cache", + "pragma: no-cache", + "accept: text/xml", + "connection: keep-alive", + "content-type: text/xml"); + + curl_setopt($ch, CURLOPT_HTTPHEADER, $more_headers); + curl_setopt($ch, CURLOPT_POST, 1); + $data = $this->buildSAMLPayload(); + //phpCAS::trace('SAML Payload: '.print_r($data, TRUE)); + curl_setopt($ch, CURLOPT_POSTFIELDS, $data); + } // perform the query $buf = curl_exec ($ch); //phpCAS::trace('CURL: Call completed. Response body is: \''.$buf.'\''); @@ -2185,39 +2233,39 @@ class CASClient phpCAS::traceEnd($res); return $res; - } - - /** - * This method is used to build the SAML POST body sent to /samlValidate URL. - * - * @return the SOAP-encased SAMLP artifact (the ticket). - * - * @private - */ - function buildSAMLPayload() - { - phpCAS::traceBegin(); - - //get the ticket - $sa = $this->getSA(); - //phpCAS::trace("SA: ".$sa); - - $body=SAML_SOAP_ENV.SAML_SOAP_BODY.SAMLP_REQUEST.SAML_ASSERTION_ARTIFACT.$sa.SAML_ASSERTION_ARTIFACT_CLOSE.SAMLP_REQUEST_CLOSE.SAML_SOAP_BODY_CLOSE.SAML_SOAP_ENV_CLOSE; - - phpCAS::traceEnd($body); - return ($body); - } - + } + + /** + * This method is used to build the SAML POST body sent to /samlValidate URL. + * + * @return the SOAP-encased SAMLP artifact (the ticket). + * + * @private + */ + function buildSAMLPayload() + { + phpCAS::traceBegin(); + + //get the ticket + $sa = $this->getSA(); + //phpCAS::trace("SA: ".$sa); + + $body=SAML_SOAP_ENV.SAML_SOAP_BODY.SAMLP_REQUEST.SAML_ASSERTION_ARTIFACT.$sa.SAML_ASSERTION_ARTIFACT_CLOSE.SAMLP_REQUEST_CLOSE.SAML_SOAP_BODY_CLOSE.SAML_SOAP_ENV_CLOSE; + + phpCAS::traceEnd($body); + return ($body); + } + /** * This method is the callback used by readURL method to request HTTP headers. */ var $_curl_headers = array(); function _curl_read_headers($ch, $header) - { + { $this->_curl_headers[] = $header; return strlen($header); - } - + } + /** * This method is used to access an HTTP[S] service. * @@ -2236,6 +2284,7 @@ class CASClient function serviceWeb($url,&$err_code,&$output) { phpCAS::traceBegin(); + $cookies = array(); // at first retrieve a PT $pt = $this->retrievePT($url,$err_code,$output); @@ -2248,7 +2297,8 @@ class CASClient $res = FALSE; } else { // add cookies if necessary - if ( is_array($_SESSION['phpCAS']['services'][$url]['cookies']) ) { + if ( isset($_SESSION['phpCAS']['services'][$url]['cookies']) && + is_array($_SESSION['phpCAS']['services'][$url]['cookies']) ) { foreach ( $_SESSION['phpCAS']['services'][$url]['cookies'] as $name => $val ) { $cookies[] = $name.'='.$val; } @@ -2400,29 +2450,29 @@ class CASClient function hasPT() { return !empty($this->_pt); } /** - * This method returns the SAML Ticket provided in the URL of the request. - * @return The SAML ticket. - * @private - */ - function getSA() - { return 'ST'.substr($this->_sa, 2); } - - /** - * This method stores the SAML Ticket. - * @param $sa The SAML Ticket. - * @private - */ - function setSA($sa) - { $this->_sa = $sa; } - - /** - * This method tells if a SAML Ticket was stored. - * @return TRUE if a SAML Ticket has been stored. - * @private - */ - function hasSA() - { return !empty($this->_sa); } - + * This method returns the SAML Ticket provided in the URL of the request. + * @return The SAML ticket. + * @private + */ + function getSA() + { return 'ST'.substr($this->_sa, 2); } + + /** + * This method stores the SAML Ticket. + * @param $sa The SAML Ticket. + * @private + */ + function setSA($sa) + { $this->_sa = $sa; } + + /** + * This method tells if a SAML Ticket was stored. + * @return TRUE if a SAML Ticket has been stored. + * @private + */ + function hasSA() + { return !empty($this->_sa); } + /** @} */ // ######################################################################## // PT VALIDATION @@ -2433,8 +2483,8 @@ class CASClient */ /** - * This method is used to validate a PT; halt on failure - * + * This method is used to validate a ST or PT; halt on failure + * Used for all CAS 2.0 validations * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). * * @private @@ -2447,7 +2497,7 @@ class CASClient if ( $this->isProxy() ) { // pass the callback url for CAS proxies - $validate_url .= '&pgtUrl='.$this->getCallbackURL(); + $validate_url .= '&pgtUrl='.urlencode($this->getCallbackURL()); } // open and read the URL @@ -2514,6 +2564,7 @@ class CASClient $text_response); } + $this->renameSession($this->getPT()); // at this step, PT has been validated and $this->_user has been set, phpCAS::traceEnd(TRUE); @@ -2586,25 +2637,43 @@ class CASClient } } - $php_is_for_sissies = split("\?", $_SERVER['REQUEST_URI'], 2); - $final_uri .= $php_is_for_sissies[0]; - if(sizeof($php_is_for_sissies) > 1){ - $cgi_params = '?' . $php_is_for_sissies[1]; - } else { - $cgi_params = '?'; + $request_uri = explode('?', $_SERVER['REQUEST_URI'], 2); + $final_uri .= $request_uri[0]; + + if (isset($request_uri[1]) && $request_uri[1]) + { + $query_string = $this->removeParameterFromQueryString('ticket', $request_uri[1]); + + // If the query string still has anything left, append it to the final URI + if ($query_string !== '') + $final_uri .= "?$query_string"; + } - // remove the ticket if present in the CGI parameters - $cgi_params = preg_replace('/&ticket=[^&]*/','',$cgi_params); - $cgi_params = preg_replace('/\?ticket=[^&;]*/','?',$cgi_params); - $cgi_params = preg_replace('/\?%26/','?',$cgi_params); - $cgi_params = preg_replace('/\?&/','?',$cgi_params); - $cgi_params = preg_replace('/\?$/','',$cgi_params); - $final_uri .= $cgi_params; + + phpCAS::trace("Final URI: $final_uri"); $this->setURL($final_uri); } phpCAS::traceEnd($this->_url); return $this->_url; - } + } + + + + /** + * Removes a parameter from a query string + * + * @param string $parameterName + * @param string $queryString + * @return string + * + * @link http://stackoverflow.com/questions/1842681/regular-expression-to-remove-one-parameter-from-query-string + */ + function removeParameterFromQueryString($parameterName, $queryString) + { + $parameterName = preg_quote($parameterName); + return preg_replace("/&$parameterName(=[^&]*)?|^$parameterName(=[^&]*)?&?/", '', $queryString); + } + /** * This method sets the URL of the current request @@ -2641,7 +2710,7 @@ class CASClient phpCAS::traceBegin(); $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_FAILED)); - printf($this->getString(CAS_STR_YOU_WERE_NOT_AUTHENTICATED),$this->getURL(),$_SERVER['SERVER_ADMIN']); + printf($this->getString(CAS_STR_YOU_WERE_NOT_AUTHENTICATED),htmlentities($this->getURL()),$_SERVER['SERVER_ADMIN']); phpCAS::trace('CAS URL: '.$cas_url); phpCAS::trace('Authentication failure: '.$failure); if ( $no_response ) { |