--- /dev/null
+<?php
+/**
+ * Piwik - Open source web analytics
+ *
+ * @link http://piwik.org
+ * @license http://www.gnu.org/licenses/gpl-3.0.html Gpl v3 or later
+ * @version $Id:$
+ *
+ * @package Piwik_CASLogin
+ */
+
+/**
+ * Class that implements an authentication mechanism via CAS (Central Authentication Services)
+ *
+ * @package Piwik_CASLogin
+ */
+class Piwik_CASLogin_Auth implements Piwik_Auth
+{
+ protected $login = null;
+ protected $token_auth = null;
+
+ public function getName()
+ {
+ return 'CASLogin';
+ }
+
+ public function authenticate()
+ {
+ $user = '';
+ $rootLogin = Zend_Registry::get('config')->superuser->login;
+
+ $additionalSuperUsers = array();
+ $oAdditionalSuperUsers = Zend_Registry::get('config')->caslogin->additionalsuperusers;
+ if(is_object($oAdditionalSuperUsers)) {
+ $additionalSuperUsers = $oAdditionalSuperUsers->toArray();
+ }
+
+ require_once PIWIK_INCLUDE_PATH . '/plugins/CASLogin/CAS/CAS.php';
+
+ // initialize phpCAS
+
+ // What happens here: in some piwik functionality, some additional API-style calls are
+ // made from a controller action, where the authenticate() method will be called *again*.
+ // This happens for instance when an admin changes some permissions in Settings->Users.
+ // The first authenticate() is from the page, and the second is due to an API call.
+ // This checks if there was already a phpcas instance already initialized, otherwize
+ // phpCAS::client() would fail.
+ global $PHPCAS_CLIENT;
+ if(!is_object($PHPCAS_CLIENT)) {
+ phpCAS::client(
+ constant( Zend_Registry::get('config')->caslogin->protocol ),
+ Zend_Registry::get('config')->caslogin->host,
+ (integer) Zend_Registry::get('config')->caslogin->port,
+ '',
+ false
+ );
+ }
+
+ // no SSL validation for the CAS server
+ phpCAS::setNoCasServerValidation();
+
+ // Handle single signout requests from CAS server
+ phpCAS::handleLogoutRequests();
+
+ // force CAS authentication only if it has been requested by action argument
+ $action = Piwik::getAction();
+
+ $auth = phpCAS::checkAuthentication();
+ if(!$auth) {
+ if($action == 'redirectToCAS') {
+ phpCAS::forceAuthentication();
+ }
+
+ if($action != 'login' && Piwik::getModule() != 'CoreUpdater') {
+ Piwik::redirectToModule('CASLogin', 'login');
+ return;
+ } elseif($action == 'redirectToCAS') {
+ phpCAS::forceAuthentication();
+ } else {
+ return new Piwik_Auth_Result( Piwik_Auth_Result::FAILURE, $user, NULL );
+ }
+ }
+
+ // Additional Attributes
+ // For future retrieval of attributes; they _might_ be of some use, but are highly
+ // dependable on a specific installation. CAS|piwik hackers can do some magic
+ // here with SAML attributes etc.
+ /*
+ foreach (phpCAS::getAttributes() as $key => $value) {
+ // syslog(LOG_DEBUG, "attribute: $key - ". print_r($value, true));
+ }
+ */
+
+ if (isset($_SESSION['phpCAS']) && isset($_SESSION['phpCAS']['user'])) {
+ $user = $_SESSION['phpCAS']['user'];
+ }
+
+ if($user) {
+ if($user == $rootLogin || in_array($user, $additionalSuperUsers)) {
+ // Root / Admin login
+ return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS_SUPERUSER_AUTH_CODE, $user, NULL );
+ }
+
+ $login = Zend_Registry::get('db')->fetchOne(
+ 'SELECT login FROM '.Piwik_Common::prefixTable('user').' WHERE login = ?',
+ array($user)
+ );
+ if($login === false) {
+ // ***User Autocreate***
+ // We can either add the authenticated but not-yet-authorized user to the piwik users
+ // database, or ignore that.
+ // TODO: make this a config option
+ // $this->_populateDb($user);
+ $login = $user;
+ }
+
+ if($login == $user)
+ {
+ return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS, $login, NULL );
+ }
+ }
+
+ return new Piwik_Auth_Result( Piwik_Auth_Result::FAILURE, $user, NULL );
+ }
+
+ public function setLogin($login)
+ {
+ $this->login = $login;
+ }
+
+ public function setTokenAuth($token_auth)
+ {
+ $this->token_auth = $token_auth;
+ }
+
+ /**
+ * This method is used to inject user into Piwik's tables.
+ * @todo Alias could be the 'cn' returned from CAS attributes.
+ */
+ private function _populateDb($user)
+ {
+ $result = null;
+ $dummy = md5('abcd1234');
+ if ($this->_helper_userExists($user)) {
+ $this->_helper_updateUser($user, $dummy, '', 'alias');
+ } else {
+ $this->_helper_addUser($user, $dummy, '', 'alias');
+ }
+ }
+
+
+ ///// The following methods are taken from Piwik's UserManager, but in order to inject data into piwik's user and access tables, we need
+ ///// to make sure we don't wreck things. The UserManager API uses authenticate() to check if we're eligable to look this up,
+ ///// soi we can't use it - we need superuser permissions anyway.
+ //
+ ///// Warning - these methods are of course under Piwik's license.
+ private function _helper_userExists($name)
+ {
+ $count = Zend_Registry::get('db')->fetchOne("SELECT count(*)
+ FROM ".Piwik_Common::prefixTable("user"). "
+ WHERE login = ?", $name);
+ return $count > 0;
+ }
+
+ private function _helper_updateUser( $userLogin, $password = false, $email = false, $alias = false )
+ {
+ $token_auth = Piwik_UsersManager_API::getTokenAuth($userLogin, $password);
+
+ $db = Zend_Registry::get('db');
+
+ $db->update( Piwik_Common::prefixTable("user"),
+ array(
+ 'password' => $password,
+ 'alias' => $alias,
+ 'email' => $email,
+ 'token_auth' => $token_auth,
+ ),
+ "login = '$userLogin'"
+ );
+ }
+
+ private function _helper_addUser( $userLogin, $password, $email, $alias = false )
+ {
+ $token_auth = Piwik_UsersManager_API::getTokenAuth($userLogin, $password);
+
+ $db = Zend_Registry::get('db');
+
+ $db->insert( Piwik_Common::prefixTable("user"), array(
+ 'login' => $userLogin,
+ 'password' => $password,
+ 'alias' => $alias,
+ 'email' => $email,
+ 'token_auth' => $token_auth,
+ )
+ );
+ }
+
+}
+
--- /dev/null
+<?php\r
+\r
+/*\r
+ * Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.\r
+ * All rights reserved.\r
+ * \r
+ * Redistribution and use in source and binary forms, with or without\r
+ * modification, are permitted provided that the following conditions are met:\r
+ * \r
+ * * Redistributions of source code must retain the above copyright notice,\r
+ * this list of conditions and the following disclaimer.\r
+ * * Redistributions in binary form must reproduce the above copyright notice,\r
+ * this list of conditions and the following disclaimer in the documentation\r
+ * and/or other materials provided with the distribution.\r
+ * * Neither the name of the ESUP-Portail consortium & the JA-SIG\r
+ * Collaborative nor the names of its contributors may be used to endorse or\r
+ * promote products derived from this software without specific prior\r
+ * written permission.\r
+\r
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND\r
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\r
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\r
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR\r
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\r
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\r
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON\r
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\r
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\r
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\r
+ */\r
+\r
+//\r
+// hack by Vangelis Haniotakis to handle the absence of $_SERVER['REQUEST_URI'] in IIS\r
+//\r
+if (!isset($_SERVER['REQUEST_URI'])) {\r
+ $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];\r
+}\r
+\r
+//\r
+// another one by Vangelis Haniotakis also to make phpCAS work with PHP5\r
+//\r
+if (version_compare(PHP_VERSION, '5', '>=') && !(function_exists('domxml_new_doc'))) {\r
+ require_once (dirname(__FILE__) . '/CAS/domxml-php4-to-php5.php');\r
+}\r
+\r
+/**\r
+ * @file CAS/CAS.php\r
+ * Interface class of the phpCAS library\r
+ *\r
+ * @ingroup public\r
+ */\r
+\r
+// ########################################################################\r
+// CONSTANTS\r
+// ########################################################################\r
+\r
+// ------------------------------------------------------------------------\r
+// CAS VERSIONS\r
+// ------------------------------------------------------------------------\r
+\r
+/**\r
+ * phpCAS version. accessible for the user by phpCAS::getVersion().\r
+ */\r
+define('PHPCAS_VERSION', '1.1.3');\r
+\r
+// ------------------------------------------------------------------------\r
+// CAS VERSIONS\r
+// ------------------------------------------------------------------------\r
+/**\r
+ * @addtogroup public\r
+ * @{\r
+ */\r
+\r
+/**\r
+ * CAS version 1.0\r
+ */\r
+define("CAS_VERSION_1_0", '1.0');\r
+/*!\r
+ * CAS version 2.0\r
+ */\r
+define("CAS_VERSION_2_0", '2.0');\r
+\r
+// ------------------------------------------------------------------------\r
+// SAML defines\r
+// ------------------------------------------------------------------------\r
+\r
+/**\r
+ * SAML protocol\r
+ */\r
+define("SAML_VERSION_1_1", 'S1');\r
+\r
+/**\r
+ * XML header for SAML POST\r
+ */\r
+define("SAML_XML_HEADER", '<?xml version="1.0" encoding="UTF-8"?>');\r
+\r
+/**\r
+ * SOAP envelope for SAML POST\r
+ */\r
+define("SAML_SOAP_ENV", '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/>');\r
+\r
+/**\r
+ * SOAP body for SAML POST\r
+ */\r
+define("SAML_SOAP_BODY", '<SOAP-ENV:Body>');\r
+\r
+/**\r
+ * SAMLP request\r
+ */\r
+define("SAMLP_REQUEST", '<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="_192.168.16.51.1024506224022" IssueInstant="2002-06-19T17:03:44.022Z">');\r
+define("SAMLP_REQUEST_CLOSE", '</samlp:Request>');\r
+\r
+/**\r
+ * SAMLP artifact tag (for the ticket)\r
+ */\r
+define("SAML_ASSERTION_ARTIFACT", '<samlp:AssertionArtifact>');\r
+\r
+/**\r
+ * SAMLP close\r
+ */\r
+define("SAML_ASSERTION_ARTIFACT_CLOSE", '</samlp:AssertionArtifact>');\r
+\r
+/**\r
+ * SOAP body close\r
+ */\r
+define("SAML_SOAP_BODY_CLOSE", '</SOAP-ENV:Body>');\r
+\r
+/**\r
+ * SOAP envelope close\r
+ */\r
+define("SAML_SOAP_ENV_CLOSE", '</SOAP-ENV:Envelope>');\r
+\r
+/**\r
+ * SAML Attributes\r
+ */\r
+define("SAML_ATTRIBUTES", 'SAMLATTRIBS');\r
+\r
+/** @} */\r
+/**\r
+ * @addtogroup publicPGTStorage\r
+ * @{\r
+ */\r
+// ------------------------------------------------------------------------\r
+// FILE PGT STORAGE\r
+// ------------------------------------------------------------------------\r
+/**\r
+ * Default path used when storing PGT's to file\r
+ */\r
+define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH", '/tmp');\r
+/**\r
+ * phpCAS::setPGTStorageFile()'s 2nd parameter to write plain text files\r
+ */\r
+define("CAS_PGT_STORAGE_FILE_FORMAT_PLAIN", 'plain');\r
+/**\r
+ * phpCAS::setPGTStorageFile()'s 2nd parameter to write xml files\r
+ */\r
+define("CAS_PGT_STORAGE_FILE_FORMAT_XML", 'xml');\r
+/**\r
+ * Default format used when storing PGT's to file\r
+ */\r
+define("CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT", CAS_PGT_STORAGE_FILE_FORMAT_PLAIN);\r
+/** @} */\r
+// ------------------------------------------------------------------------\r
+// SERVICE ACCESS ERRORS\r
+// ------------------------------------------------------------------------\r
+/**\r
+ * @addtogroup publicServices\r
+ * @{\r
+ */\r
+\r
+/**\r
+ * phpCAS::service() error code on success\r
+ */\r
+define("PHPCAS_SERVICE_OK", 0);\r
+/**\r
+ * phpCAS::service() error code when the PT could not retrieve because\r
+ * the CAS server did not respond.\r
+ */\r
+define("PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE", 1);\r
+/**\r
+ * phpCAS::service() error code when the PT could not retrieve because\r
+ * the response of the CAS server was ill-formed.\r
+ */\r
+define("PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE", 2);\r
+/**\r
+ * phpCAS::service() error code when the PT could not retrieve because\r
+ * the CAS server did not want to.\r
+ */\r
+define("PHPCAS_SERVICE_PT_FAILURE", 3);\r
+/**\r
+ * phpCAS::service() error code when the service was not available.\r
+ */\r
+define("PHPCAS_SERVICE_NOT AVAILABLE", 4);\r
+\r
+/** @} */\r
+// ------------------------------------------------------------------------\r
+// LANGUAGES\r
+// ------------------------------------------------------------------------\r
+/**\r
+ * @addtogroup publicLang\r
+ * @{\r
+ */\r
+\r
+define("PHPCAS_LANG_ENGLISH", 'english');\r
+define("PHPCAS_LANG_FRENCH", 'french');\r
+define("PHPCAS_LANG_GREEK", 'greek');\r
+define("PHPCAS_LANG_GERMAN", 'german');\r
+define("PHPCAS_LANG_JAPANESE", 'japanese');\r
+define("PHPCAS_LANG_SPANISH", 'spanish');\r
+define("PHPCAS_LANG_CATALAN", 'catalan');\r
+\r
+/** @} */\r
+\r
+/**\r
+ * @addtogroup internalLang\r
+ * @{\r
+ */\r
+\r
+/**\r
+ * phpCAS default language (when phpCAS::setLang() is not used)\r
+ */\r
+define("PHPCAS_LANG_DEFAULT", PHPCAS_LANG_ENGLISH);\r
+\r
+/** @} */\r
+// ------------------------------------------------------------------------\r
+// DEBUG\r
+// ------------------------------------------------------------------------\r
+/**\r
+ * @addtogroup publicDebug\r
+ * @{\r
+ */\r
+\r
+/**\r
+ * The default directory for the debug file under Unix.\r
+ */\r
+define('DEFAULT_DEBUG_DIR', '/tmp/');\r
+\r
+/** @} */\r
+// ------------------------------------------------------------------------\r
+// MISC\r
+// ------------------------------------------------------------------------\r
+/**\r
+ * @addtogroup internalMisc\r
+ * @{\r
+ */\r
+\r
+/**\r
+ * This global variable is used by the interface class phpCAS.\r
+ *\r
+ * @hideinitializer\r
+ */\r
+$GLOBALS['PHPCAS_CLIENT'] = null;\r
+\r
+/**\r
+ * This global variable is used to store where the initializer is called from \r
+ * (to print a comprehensive error in case of multiple calls).\r
+ *\r
+ * @hideinitializer\r
+ */\r
+$GLOBALS['PHPCAS_INIT_CALL'] = array (\r
+ 'done' => FALSE,\r
+ 'file' => '?',\r
+ 'line' => -1,\r
+ 'method' => '?'\r
+);\r
+\r
+/**\r
+ * This global variable is used to store where the method checking\r
+ * the authentication is called from (to print comprehensive errors)\r
+ *\r
+ * @hideinitializer\r
+ */\r
+$GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array (\r
+ 'done' => FALSE,\r
+ 'file' => '?',\r
+ 'line' => -1,\r
+ 'method' => '?',\r
+ 'result' => FALSE\r
+);\r
+\r
+/**\r
+ * This global variable is used to store phpCAS debug mode.\r
+ *\r
+ * @hideinitializer\r
+ */\r
+$GLOBALS['PHPCAS_DEBUG'] = array (\r
+ 'filename' => FALSE,\r
+ 'indent' => 0,\r
+ 'unique_id' => ''\r
+);\r
+\r
+/** @} */\r
+\r
+// ########################################################################\r
+// CLIENT CLASS\r
+// ########################################################################\r
+\r
+// include client class\r
+include_once (dirname(__FILE__) . '/CAS/client.php');\r
+\r
+// ########################################################################\r
+// INTERFACE CLASS\r
+// ########################################################################\r
+\r
+/**\r
+ * @class phpCAS\r
+ * The phpCAS class is a simple container for the phpCAS library. It provides CAS\r
+ * authentication for web applications written in PHP.\r
+ *\r
+ * @ingroup public\r
+ * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>\r
+ *\r
+ * \internal All its methods access the same object ($PHPCAS_CLIENT, declared \r
+ * at the end of CAS/client.php).\r
+ */\r
+\r
+class phpCAS {\r
+\r
+ // ########################################################################\r
+ // INITIALIZATION\r
+ // ########################################################################\r
+\r
+ /**\r
+ * @addtogroup publicInit\r
+ * @{\r
+ */\r
+\r
+ /**\r
+ * phpCAS client initializer.\r
+ * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be\r
+ * called, only once, and before all other methods (except phpCAS::getVersion()\r
+ * and phpCAS::setDebug()).\r
+ *\r
+ * @param $server_version the version of the CAS server\r
+ * @param $server_hostname the hostname of the CAS server\r
+ * @param $server_port the port the CAS server is running on\r
+ * @param $server_uri the URI the CAS server is responding on\r
+ * @param $start_session Have phpCAS start PHP sessions (default true)\r
+ *\r
+ * @return a newly created CASClient object\r
+ */\r
+ function client($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) {\r
+ global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error($PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . $PHPCAS_INIT_CALL['file'] . ':' . $PHPCAS_INIT_CALL['line'] . ')');\r
+ }\r
+ if (gettype($server_version) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $server_version (should be `string\')');\r
+ }\r
+ if (gettype($server_hostname) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $server_hostname (should be `string\')');\r
+ }\r
+ if (gettype($server_port) != 'integer') {\r
+ phpCAS :: error('type mismatched for parameter $server_port (should be `integer\')');\r
+ }\r
+ if (gettype($server_uri) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $server_uri (should be `string\')');\r
+ }\r
+\r
+ // store where the initializer is called from\r
+ $dbg = phpCAS :: backtrace();\r
+ $PHPCAS_INIT_CALL = array (\r
+ 'done' => TRUE,\r
+ 'file' => $dbg[0]['file'],\r
+ 'line' => $dbg[0]['line'],\r
+ 'method' => __CLASS__ . '::' . __FUNCTION__\r
+ );\r
+\r
+ // initialize the global object $PHPCAS_CLIENT\r
+ $PHPCAS_CLIENT = new CASClient($server_version, FALSE /*proxy*/\r
+ , $server_hostname, $server_port, $server_uri, $start_session);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * phpCAS proxy initializer.\r
+ * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be\r
+ * called, only once, and before all other methods (except phpCAS::getVersion()\r
+ * and phpCAS::setDebug()).\r
+ *\r
+ * @param $server_version the version of the CAS server\r
+ * @param $server_hostname the hostname of the CAS server\r
+ * @param $server_port the port the CAS server is running on\r
+ * @param $server_uri the URI the CAS server is responding on\r
+ * @param $start_session Have phpCAS start PHP sessions (default true)\r
+ *\r
+ * @return a newly created CASClient object\r
+ */\r
+ function proxy($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) {\r
+ global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error($PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . $PHPCAS_INIT_CALL['file'] . ':' . $PHPCAS_INIT_CALL['line'] . ')');\r
+ }\r
+ if (gettype($server_version) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $server_version (should be `string\')');\r
+ }\r
+ if (gettype($server_hostname) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $server_hostname (should be `string\')');\r
+ }\r
+ if (gettype($server_port) != 'integer') {\r
+ phpCAS :: error('type mismatched for parameter $server_port (should be `integer\')');\r
+ }\r
+ if (gettype($server_uri) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $server_uri (should be `string\')');\r
+ }\r
+\r
+ // store where the initialzer is called from\r
+ $dbg = phpCAS :: backtrace();\r
+ $PHPCAS_INIT_CALL = array (\r
+ 'done' => TRUE,\r
+ 'file' => $dbg[0]['file'],\r
+ 'line' => $dbg[0]['line'],\r
+ 'method' => __CLASS__ . '::' . __FUNCTION__\r
+ );\r
+\r
+ // initialize the global object $PHPCAS_CLIENT\r
+ $PHPCAS_CLIENT = new CASClient($server_version, TRUE /*proxy*/\r
+ , $server_hostname, $server_port, $server_uri, $start_session);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /** @} */\r
+ // ########################################################################\r
+ // DEBUGGING\r
+ // ########################################################################\r
+\r
+ /**\r
+ * @addtogroup publicDebug\r
+ * @{\r
+ */\r
+\r
+ /**\r
+ * Set/unset debug mode\r
+ *\r
+ * @param $filename the name of the file used for logging, or FALSE to stop debugging.\r
+ */\r
+ function setDebug($filename = '') {\r
+ global $PHPCAS_DEBUG;\r
+\r
+ if ($filename != FALSE && gettype($filename) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)');\r
+ }\r
+\r
+ if (empty ($filename)) {\r
+ if (preg_match('/^Win.*/', getenv('OS'))) {\r
+ if (isset ($_ENV['TMP'])) {\r
+ $debugDir = $_ENV['TMP'] . '/';\r
+ } else\r
+ if (isset ($_ENV['TEMP'])) {\r
+ $debugDir = $_ENV['TEMP'] . '/';\r
+ } else {\r
+ $debugDir = '';\r
+ }\r
+ } else {\r
+ $debugDir = DEFAULT_DEBUG_DIR;\r
+ }\r
+ $filename = $debugDir . 'phpCAS.log';\r
+ }\r
+\r
+ if (empty ($PHPCAS_DEBUG['unique_id'])) {\r
+ $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))), 0, 4);\r
+ }\r
+\r
+ $PHPCAS_DEBUG['filename'] = $filename;\r
+\r
+ phpCAS :: trace('START phpCAS-' . PHPCAS_VERSION . ' ******************');\r
+ }\r
+\r
+ /** @} */\r
+ /**\r
+ * @addtogroup internalDebug\r
+ * @{\r
+ */\r
+\r
+ /**\r
+ * This method is a wrapper for debug_backtrace() that is not available \r
+ * in all PHP versions (>= 4.3.0 only)\r
+ */\r
+ function backtrace() {\r
+ if (function_exists('debug_backtrace')) {\r
+ return debug_backtrace();\r
+ } else {\r
+ // poor man's hack ... but it does work ...\r
+ return array ();\r
+ }\r
+ }\r
+\r
+ /**\r
+ * Logs a string in debug mode.\r
+ *\r
+ * @param $str the string to write\r
+ *\r
+ * @private\r
+ */\r
+ function log($str) {\r
+ $indent_str = ".";\r
+ global $PHPCAS_DEBUG;\r
+\r
+ if ($PHPCAS_DEBUG['filename']) {\r
+ for ($i = 0; $i < $PHPCAS_DEBUG['indent']; $i++) {\r
+ $indent_str .= '| ';\r
+ }\r
+ error_log($PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str . $str . "\n", 3, $PHPCAS_DEBUG['filename']);\r
+ }\r
+\r
+ }\r
+\r
+ /**\r
+ * This method is used by interface methods to print an error and where the function\r
+ * was originally called from.\r
+ *\r
+ * @param $msg the message to print\r
+ *\r
+ * @private\r
+ */\r
+ function error($msg) {\r
+ $dbg = phpCAS :: backtrace();\r
+ $function = '?';\r
+ $file = '?';\r
+ $line = '?';\r
+ if (is_array($dbg)) {\r
+ for ($i = 1; $i < sizeof($dbg); $i++) {\r
+ if (is_array($dbg[$i])) {\r
+ if ($dbg[$i]['class'] == __CLASS__) {\r
+ $function = $dbg[$i]['function'];\r
+ $file = $dbg[$i]['file'];\r
+ $line = $dbg[$i]['line'];\r
+ }\r
+ }\r
+ }\r
+ }\r
+ echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>" . __CLASS__ . "::" . $function . '(): ' . htmlentities($msg) . "</b></font> in <b>" . $file . "</b> on line <b>" . $line . "</b><br />\n";\r
+ phpCAS :: trace($msg);\r
+ phpCAS :: traceExit();\r
+ exit ();\r
+ }\r
+\r
+ /**\r
+ * This method is used to log something in debug mode.\r
+ */\r
+ function trace($str) {\r
+ $dbg = phpCAS :: backtrace();\r
+ phpCAS :: log($str . ' [' . basename($dbg[1]['file']) . ':' . $dbg[1]['line'] . ']');\r
+ }\r
+\r
+ /**\r
+ * This method is used to indicate the start of the execution of a function in debug mode.\r
+ */\r
+ function traceBegin() {\r
+ global $PHPCAS_DEBUG;\r
+\r
+ $dbg = phpCAS :: backtrace();\r
+ $str = '=> ';\r
+ if (!empty ($dbg[2]['class'])) {\r
+ $str .= $dbg[2]['class'] . '::';\r
+ }\r
+ $str .= $dbg[2]['function'] . '(';\r
+ if (is_array($dbg[2]['args'])) {\r
+ foreach ($dbg[2]['args'] as $index => $arg) {\r
+ if ($index != 0) {\r
+ $str .= ', ';\r
+ }\r
+ $str .= str_replace("\n", "", var_export($arg, TRUE));\r
+ }\r
+ }\r
+ $str .= ') [' . basename($dbg[2]['file']) . ':' . $dbg[2]['line'] . ']';\r
+ phpCAS :: log($str);\r
+ $PHPCAS_DEBUG['indent']++;\r
+ }\r
+\r
+ /**\r
+ * This method is used to indicate the end of the execution of a function in debug mode.\r
+ *\r
+ * @param $res the result of the function\r
+ */\r
+ function traceEnd($res = '') {\r
+ global $PHPCAS_DEBUG;\r
+\r
+ $PHPCAS_DEBUG['indent']--;\r
+ $dbg = phpCAS :: backtrace();\r
+ $str = '';\r
+ $str .= '<= ' . str_replace("\n", "", var_export($res, TRUE));\r
+ phpCAS :: log($str);\r
+ }\r
+\r
+ /**\r
+ * This method is used to indicate the end of the execution of the program\r
+ */\r
+ function traceExit() {\r
+ global $PHPCAS_DEBUG;\r
+\r
+ phpCAS :: log('exit()');\r
+ while ($PHPCAS_DEBUG['indent'] > 0) {\r
+ phpCAS :: log('-');\r
+ $PHPCAS_DEBUG['indent']--;\r
+ }\r
+ }\r
+\r
+ /** @} */\r
+ // ########################################################################\r
+ // INTERNATIONALIZATION\r
+ // ########################################################################\r
+ /**\r
+ * @addtogroup publicLang\r
+ * @{\r
+ */\r
+\r
+ /**\r
+ * This method is used to set the language used by phpCAS. \r
+ * @note Can be called only once.\r
+ *\r
+ * @param $lang a string representing the language.\r
+ *\r
+ * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH\r
+ */\r
+ function setLang($lang) {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (gettype($lang) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $lang (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setLang($lang);\r
+ }\r
+\r
+ /** @} */\r
+ // ########################################################################\r
+ // VERSION\r
+ // ########################################################################\r
+ /**\r
+ * @addtogroup public\r
+ * @{\r
+ */\r
+\r
+ /**\r
+ * This method returns the phpCAS version.\r
+ *\r
+ * @return the phpCAS version.\r
+ */\r
+ function getVersion() {\r
+ return PHPCAS_VERSION;\r
+ }\r
+\r
+ /** @} */\r
+ // ########################################################################\r
+ // HTML OUTPUT\r
+ // ########################################################################\r
+ /**\r
+ * @addtogroup publicOutput\r
+ * @{\r
+ */\r
+\r
+ /**\r
+ * This method sets the HTML header used for all outputs.\r
+ *\r
+ * @param $header the HTML header.\r
+ */\r
+ function setHTMLHeader($header) {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (gettype($header) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $header (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setHTMLHeader($header);\r
+ }\r
+\r
+ /**\r
+ * This method sets the HTML footer used for all outputs.\r
+ *\r
+ * @param $footer the HTML footer.\r
+ */\r
+ function setHTMLFooter($footer) {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (gettype($footer) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $footer (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setHTMLFooter($footer);\r
+ }\r
+\r
+ /** @} */\r
+ // ########################################################################\r
+ // PGT STORAGE\r
+ // ########################################################################\r
+ /**\r
+ * @addtogroup publicPGTStorage\r
+ * @{\r
+ */\r
+\r
+ /**\r
+ * This method is used to tell phpCAS to store the response of the\r
+ * CAS server to PGT requests onto the filesystem. \r
+ *\r
+ * @param $format the format used to store the PGT's (`plain' and `xml' allowed)\r
+ * @param $path the path where the PGT's should be stored\r
+ */\r
+ function setPGTStorageFile($format = '', $path = '') {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!$PHPCAS_CLIENT->isProxy()) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if ($PHPCAS_AUTH_CHECK_CALL['done']) {\r
+ phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')');\r
+ }\r
+ if (gettype($format) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $format (should be `string\')');\r
+ }\r
+ if (gettype($path) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $format (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setPGTStorageFile($format, $path);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+\r
+ /** @} */\r
+ // ########################################################################\r
+ // ACCESS TO EXTERNAL SERVICES\r
+ // ########################################################################\r
+ /**\r
+ * @addtogroup publicServices\r
+ * @{\r
+ */\r
+\r
+ /**\r
+ * This method is used to access an HTTP[S] service.\r
+ * \r
+ * @param $url the service to access.\r
+ * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on\r
+ * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,\r
+ * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.\r
+ * @param $output the output of the service (also used to give an error\r
+ * message on failure).\r
+ *\r
+ * @return TRUE on success, FALSE otherwise (in this later case, $err_code\r
+ * gives the reason why it failed and $output contains an error message).\r
+ */\r
+ function serviceWeb($url, & $err_code, & $output) {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!$PHPCAS_CLIENT->isProxy()) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!$PHPCAS_AUTH_CHECK_CALL['done']) {\r
+ phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()');\r
+ }\r
+ if (!$PHPCAS_AUTH_CHECK_CALL['result']) {\r
+ phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');\r
+ }\r
+ if (gettype($url) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $url (should be `string\')');\r
+ }\r
+\r
+ $res = $PHPCAS_CLIENT->serviceWeb($url, $err_code, $output);\r
+\r
+ phpCAS :: traceEnd($res);\r
+ return $res;\r
+ }\r
+\r
+ /**\r
+ * This method is used to access an IMAP/POP3/NNTP service.\r
+ * \r
+ * @param $url a string giving the URL of the service, including the mailing box\r
+ * for IMAP URLs, as accepted by imap_open().\r
+ * @param $service a string giving for CAS retrieve Proxy ticket\r
+ * @param $flags options given to imap_open().\r
+ * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on\r
+ * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,\r
+ * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.\r
+ * @param $err_msg an error message on failure\r
+ * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL\r
+ * on success, FALSE on error).\r
+ *\r
+ * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code\r
+ * gives the reason why it failed and $err_msg contains an error message).\r
+ */\r
+ function serviceMail($url, $service, $flags, & $err_code, & $err_msg, & $pt) {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!$PHPCAS_CLIENT->isProxy()) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!$PHPCAS_AUTH_CHECK_CALL['done']) {\r
+ phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()');\r
+ }\r
+ if (!$PHPCAS_AUTH_CHECK_CALL['result']) {\r
+ phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');\r
+ }\r
+ if (gettype($url) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $url (should be `string\')');\r
+ }\r
+\r
+ if (gettype($flags) != 'integer') {\r
+ phpCAS :: error('type mismatched for parameter $flags (should be `integer\')');\r
+ }\r
+\r
+ $res = $PHPCAS_CLIENT->serviceMail($url, $service, $flags, $err_code, $err_msg, $pt);\r
+\r
+ phpCAS :: traceEnd($res);\r
+ return $res;\r
+ }\r
+\r
+ /** @} */\r
+ // ########################################################################\r
+ // AUTHENTICATION\r
+ // ########################################################################\r
+ /**\r
+ * @addtogroup publicAuth\r
+ * @{\r
+ */\r
+\r
+ /**\r
+ * Set the times authentication will be cached before really accessing the CAS server in gateway mode: \r
+ * - -1: check only once, and then never again (until you pree login)\r
+ * - 0: always check\r
+ * - n: check every "n" time\r
+ *\r
+ * @param $n an integer.\r
+ */\r
+ function setCacheTimesForAuthRecheck($n) {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (gettype($n) != 'integer') {\r
+ phpCAS :: error('type mismatched for parameter $header (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n);\r
+ }\r
+\r
+ /**\r
+ * This method is called to check if the user is authenticated (use the gateway feature).\r
+ * @return TRUE when the user is authenticated; otherwise FALSE.\r
+ */\r
+ function checkAuthentication() {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+\r
+ $auth = $PHPCAS_CLIENT->checkAuthentication();\r
+\r
+ // store where the authentication has been checked and the result\r
+ $dbg = phpCAS :: backtrace();\r
+ $PHPCAS_AUTH_CHECK_CALL = array (\r
+ 'done' => TRUE,\r
+ 'file' => $dbg[0]['file'],\r
+ 'line' => $dbg[0]['line'],\r
+ 'method' => __CLASS__ . '::' . __FUNCTION__,\r
+ 'result' => $auth\r
+ );\r
+ phpCAS :: traceEnd($auth);\r
+ return $auth;\r
+ }\r
+\r
+ /**\r
+ * This method is called to force authentication if the user was not already \r
+ * authenticated. If the user is not authenticated, halt by redirecting to \r
+ * the CAS server.\r
+ */\r
+ function forceAuthentication() {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+\r
+ $auth = $PHPCAS_CLIENT->forceAuthentication();\r
+\r
+ // store where the authentication has been checked and the result\r
+ $dbg = phpCAS :: backtrace();\r
+ $PHPCAS_AUTH_CHECK_CALL = array (\r
+ 'done' => TRUE,\r
+ 'file' => $dbg[0]['file'],\r
+ 'line' => $dbg[0]['line'],\r
+ 'method' => __CLASS__ . '::' . __FUNCTION__,\r
+ 'result' => $auth\r
+ );\r
+\r
+ if (!$auth) {\r
+ phpCAS :: trace('user is not authenticated, redirecting to the CAS server');\r
+ $PHPCAS_CLIENT->forceAuthentication();\r
+ } else {\r
+ phpCAS :: trace('no need to authenticate (user `' . phpCAS :: getUser() . '\' is already authenticated)');\r
+ }\r
+\r
+ phpCAS :: traceEnd();\r
+ return $auth;\r
+ }\r
+\r
+ /**\r
+ * This method is called to renew the authentication.\r
+ **/\r
+ function renewAuthentication() {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+\r
+ // store where the authentication has been checked and the result\r
+ $dbg = phpCAS :: backtrace();\r
+ $PHPCAS_AUTH_CHECK_CALL = array (\r
+ 'done' => TRUE,\r
+ 'file' => $dbg[0]['file'],\r
+ 'line' => $dbg[0]['line'],\r
+ 'method' => __CLASS__ . '::' . __FUNCTION__,\r
+ 'result' => $auth\r
+ );\r
+\r
+ $PHPCAS_CLIENT->renewAuthentication();\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * This method has been left from version 0.4.1 for compatibility reasons.\r
+ */\r
+ function authenticate() {\r
+ phpCAS :: error('this method is deprecated. You should use ' . __CLASS__ . '::forceAuthentication() instead');\r
+ }\r
+\r
+ /**\r
+ * This method is called to check if the user is authenticated (previously or by\r
+ * tickets given in the URL).\r
+ *\r
+ * @return TRUE when the user is authenticated.\r
+ */\r
+ function isAuthenticated() {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+\r
+ // call the isAuthenticated method of the global $PHPCAS_CLIENT object\r
+ $auth = $PHPCAS_CLIENT->isAuthenticated();\r
+\r
+ // store where the authentication has been checked and the result\r
+ $dbg = phpCAS :: backtrace();\r
+ $PHPCAS_AUTH_CHECK_CALL = array (\r
+ 'done' => TRUE,\r
+ 'file' => $dbg[0]['file'],\r
+ 'line' => $dbg[0]['line'],\r
+ 'method' => __CLASS__ . '::' . __FUNCTION__,\r
+ 'result' => $auth\r
+ );\r
+ phpCAS :: traceEnd($auth);\r
+ return $auth;\r
+ }\r
+\r
+ /**\r
+ * Checks whether authenticated based on $_SESSION. Useful to avoid\r
+ * server calls.\r
+ * @return true if authenticated, false otherwise.\r
+ * @since 0.4.22 by Brendan Arnold\r
+ */\r
+ function isSessionAuthenticated() {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ return ($PHPCAS_CLIENT->isSessionAuthenticated());\r
+ }\r
+\r
+ /**\r
+ * This method returns the CAS user's login name.\r
+ * @warning should not be called only after phpCAS::forceAuthentication()\r
+ * or phpCAS::checkAuthentication().\r
+ *\r
+ * @return the login name of the authenticated user\r
+ */\r
+ function getUser() {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!$PHPCAS_AUTH_CHECK_CALL['done']) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()');\r
+ }\r
+ if (!$PHPCAS_AUTH_CHECK_CALL['result']) {\r
+ phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');\r
+ }\r
+ return $PHPCAS_CLIENT->getUser();\r
+ }\r
+\r
+ /**\r
+ * This method returns the CAS user's login name.\r
+ * @warning should not be called only after phpCAS::forceAuthentication()\r
+ * or phpCAS::checkAuthentication().\r
+ *\r
+ * @return the login name of the authenticated user\r
+ */\r
+ function getAttributes() {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!$PHPCAS_AUTH_CHECK_CALL['done']) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()');\r
+ }\r
+ if (!$PHPCAS_AUTH_CHECK_CALL['result']) {\r
+ phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');\r
+ }\r
+ return $PHPCAS_CLIENT->getAttributes();\r
+ }\r
+ /**\r
+ * Handle logout requests.\r
+ */\r
+ function handleLogoutRequests($check_client = true, $allowed_clients = false) {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ return ($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients));\r
+ }\r
+\r
+ /**\r
+ * This method returns the URL to be used to login.\r
+ * or phpCAS::isAuthenticated().\r
+ *\r
+ * @return the login name of the authenticated user\r
+ */\r
+ function getServerLoginURL() {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ return $PHPCAS_CLIENT->getServerLoginURL();\r
+ }\r
+\r
+ /**\r
+ * Set the login URL of the CAS server.\r
+ * @param $url the login URL\r
+ * @since 0.4.21 by Wyman Chan\r
+ */\r
+ function setServerLoginURL($url = '') {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after\r
+ ' . __CLASS__ . '::client()');\r
+ }\r
+ if (gettype($url) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $url (should be\r
+ `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setServerLoginURL($url);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * Set the serviceValidate URL of the CAS server.\r
+ * Used only in CAS 1.0 validations\r
+ * @param $url the serviceValidate URL\r
+ * @since 1.1.0 by Joachim Fritschi\r
+ */\r
+ function setServerServiceValidateURL($url = '') {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after\r
+ ' . __CLASS__ . '::client()');\r
+ }\r
+ if (gettype($url) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $url (should be\r
+ `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setServerServiceValidateURL($url);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * Set the proxyValidate URL of the CAS server.\r
+ * Used for all CAS 2.0 validations\r
+ * @param $url the proxyValidate URL\r
+ * @since 1.1.0 by Joachim Fritschi\r
+ */\r
+ function setServerProxyValidateURL($url = '') {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after\r
+ ' . __CLASS__ . '::client()');\r
+ }\r
+ if (gettype($url) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $url (should be\r
+ `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setServerProxyValidateURL($url);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * Set the samlValidate URL of the CAS server.\r
+ * @param $url the samlValidate URL\r
+ * @since 1.1.0 by Joachim Fritschi\r
+ */\r
+ function setServerSamlValidateURL($url = '') {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after\r
+ ' . __CLASS__ . '::client()');\r
+ }\r
+ if (gettype($url) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $url (should be\r
+ `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setServerSamlValidateURL($url);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * This method returns the URL to be used to login.\r
+ * or phpCAS::isAuthenticated().\r
+ *\r
+ * @return the login name of the authenticated user\r
+ */\r
+ function getServerLogoutURL() {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ return $PHPCAS_CLIENT->getServerLogoutURL();\r
+ }\r
+\r
+ /**\r
+ * Set the logout URL of the CAS server.\r
+ * @param $url the logout URL\r
+ * @since 0.4.21 by Wyman Chan\r
+ */\r
+ function setServerLogoutURL($url = '') {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after\r
+ ' . __CLASS__ . '::client()');\r
+ }\r
+ if (gettype($url) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $url (should be\r
+ `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setServerLogoutURL($url);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * This method is used to logout from CAS.\r
+ * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server\r
+ * @public\r
+ */\r
+ function logout($params = "") {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');\r
+ }\r
+ $parsedParams = array ();\r
+ if ($params != "") {\r
+ if (is_string($params)) {\r
+ phpCAS :: error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead');\r
+ }\r
+ if (!is_array($params)) {\r
+ phpCAS :: error('type mismatched for parameter $params (should be `array\')');\r
+ }\r
+ foreach ($params as $key => $value) {\r
+ if ($key != "service" && $key != "url") {\r
+ phpCAS :: error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\'');\r
+ }\r
+ $parsedParams[$key] = $value;\r
+ }\r
+ }\r
+ $PHPCAS_CLIENT->logout($parsedParams);\r
+ // never reached\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * This method is used to logout from CAS. Halts by redirecting to the CAS server.\r
+ * @param $service a URL that will be transmitted to the CAS server\r
+ */\r
+ function logoutWithRedirectService($service) {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!is_string($service)) {\r
+ phpCAS :: error('type mismatched for parameter $service (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->logout(array (\r
+ "service" => $service\r
+ ));\r
+ // never reached\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * This method is used to logout from CAS. Halts by redirecting to the CAS server.\r
+ * @param $url a URL that will be transmitted to the CAS server\r
+ */\r
+ function logoutWithUrl($url) {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!is_string($url)) {\r
+ phpCAS :: error('type mismatched for parameter $url (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->logout(array (\r
+ "url" => $url\r
+ ));\r
+ // never reached\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * This method is used to logout from CAS. Halts by redirecting to the CAS server.\r
+ * @param $service a URL that will be transmitted to the CAS server\r
+ * @param $url a URL that will be transmitted to the CAS server\r
+ */\r
+ function logoutWithRedirectServiceAndUrl($service, $url) {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!is_string($service)) {\r
+ phpCAS :: error('type mismatched for parameter $service (should be `string\')');\r
+ }\r
+ if (!is_string($url)) {\r
+ phpCAS :: error('type mismatched for parameter $url (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->logout(array (\r
+ "service" => $service,\r
+ "url" => $url\r
+ ));\r
+ // never reached\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * Set the fixed URL that will be used by the CAS server to transmit the PGT.\r
+ * When this method is not called, a phpCAS script uses its own URL for the callback.\r
+ *\r
+ * @param $url the URL\r
+ */\r
+ function setFixedCallbackURL($url = '') {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!$PHPCAS_CLIENT->isProxy()) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (gettype($url) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $url (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setCallbackURL($url);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * Set the fixed URL that will be set as the CAS service parameter. When this\r
+ * method is not called, a phpCAS script uses its own URL.\r
+ *\r
+ * @param $url the URL\r
+ */\r
+ function setFixedServiceURL($url) {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (gettype($url) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $url (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setURL($url);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * Get the URL that is set as the CAS service parameter.\r
+ */\r
+ function getServiceURL() {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ return ($PHPCAS_CLIENT->getURL());\r
+ }\r
+\r
+ /**\r
+ * Retrieve a Proxy Ticket from the CAS server.\r
+ */\r
+ function retrievePT($target_service, & $err_code, & $err_msg) {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (gettype($target_service) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $target_service(should be `string\')');\r
+ }\r
+ return ($PHPCAS_CLIENT->retrievePT($target_service, $err_code, $err_msg));\r
+ }\r
+\r
+ /**\r
+ * Set the certificate of the CAS server.\r
+ *\r
+ * @param $cert the PEM certificate\r
+ */\r
+ function setCasServerCert($cert) {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (gettype($cert) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $cert (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setCasServerCert($cert);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * Set the certificate of the CAS server CA.\r
+ *\r
+ * @param $cert the CA certificate\r
+ */\r
+ function setCasServerCACert($cert) {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (gettype($cert) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $cert (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setCasServerCACert($cert);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * Set no SSL validation for the CAS server.\r
+ */\r
+ function setNoCasServerValidation() {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');\r
+ }\r
+ $PHPCAS_CLIENT->setNoCasServerValidation();\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /** @} */\r
+\r
+ /**\r
+ * Change CURL options.\r
+ * CURL is used to connect through HTTPS to CAS server\r
+ * @param $key the option key\r
+ * @param $value the value to set\r
+ */\r
+ function setExtraCurlOption($key, $value) {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');\r
+ }\r
+ $PHPCAS_CLIENT->setExtraCurlOption($key, $value);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+}\r
+\r
+// ########################################################################\r
+// DOCUMENTATION\r
+// ########################################################################\r
+\r
+// ########################################################################\r
+// MAIN PAGE\r
+\r
+/**\r
+ * @mainpage\r
+ *\r
+ * The following pages only show the source documentation.\r
+ *\r
+ */\r
+\r
+// ########################################################################\r
+// MODULES DEFINITION\r
+\r
+/** @defgroup public User interface */\r
+\r
+/** @defgroup publicInit Initialization\r
+ * @ingroup public */\r
+\r
+/** @defgroup publicAuth Authentication\r
+ * @ingroup public */\r
+\r
+/** @defgroup publicServices Access to external services\r
+ * @ingroup public */\r
+\r
+/** @defgroup publicConfig Configuration\r
+ * @ingroup public */\r
+\r
+/** @defgroup publicLang Internationalization\r
+ * @ingroup publicConfig */\r
+\r
+/** @defgroup publicOutput HTML output\r
+ * @ingroup publicConfig */\r
+\r
+/** @defgroup publicPGTStorage PGT storage\r
+ * @ingroup publicConfig */\r
+\r
+/** @defgroup publicDebug Debugging\r
+ * @ingroup public */\r
+\r
+/** @defgroup internal Implementation */\r
+\r
+/** @defgroup internalAuthentication Authentication\r
+ * @ingroup internal */\r
+\r
+/** @defgroup internalBasic CAS Basic client features (CAS 1.0, Service Tickets)\r
+ * @ingroup internal */\r
+\r
+/** @defgroup internalProxy CAS Proxy features (CAS 2.0, Proxy Granting Tickets)\r
+ * @ingroup internal */\r
+\r
+/** @defgroup internalPGTStorage PGT storage\r
+ * @ingroup internalProxy */\r
+\r
+/** @defgroup internalPGTStorageFile PGT storage on the filesystem\r
+ * @ingroup internalPGTStorage */\r
+\r
+/** @defgroup internalCallback Callback from the CAS server\r
+ * @ingroup internalProxy */\r
+\r
+/** @defgroup internalProxied CAS proxied client features (CAS 2.0, Proxy Tickets)\r
+ * @ingroup internal */\r
+\r
+/** @defgroup internalConfig Configuration\r
+ * @ingroup internal */\r
+\r
+/** @defgroup internalOutput HTML output\r
+ * @ingroup internalConfig */\r
+\r
+/** @defgroup internalLang Internationalization\r
+ * @ingroup internalConfig\r
+ *\r
+ * To add a new language:\r
+ * - 1. define a new constant PHPCAS_LANG_XXXXXX in CAS/CAS.php\r
+ * - 2. copy any file from CAS/languages to CAS/languages/XXXXXX.php\r
+ * - 3. Make the translations\r
+ */\r
+\r
+/** @defgroup internalDebug Debugging\r
+ * @ingroup internal */\r
+\r
+/** @defgroup internalMisc Miscellaneous\r
+ * @ingroup internal */\r
+\r
+// ########################################################################\r
+// EXAMPLES\r
+\r
+/**\r
+ * @example example_simple.php\r
+ */\r
+/**\r
+ * @example example_proxy.php\r
+ */\r
+/**\r
+ * @example example_proxy2.php\r
+ */\r
+/**\r
+ * @example example_lang.php\r
+ */\r
+/**\r
+ * @example example_html.php\r
+ */\r
+/**\r
+ * @example example_file.php\r
+ */\r
+/**\r
+ * @example example_db.php\r
+ */\r
+/**\r
+ * @example example_service.php\r
+ */\r
+/**\r
+ * @example example_session_proxy.php\r
+ */\r
+/**\r
+ * @example example_session_service.php\r
+ */\r
+/**\r
+ * @example example_gateway.php\r
+ */\r
+/**\r
+ * @example example_custom_urls.php\r
+ */\r
+?>\r
--- /dev/null
+<?php\r
+/*\r
+ * Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.\r
+ * All rights reserved.\r
+ * \r
+ * Redistribution and use in source and binary forms, with or without\r
+ * modification, are permitted provided that the following conditions are met:\r
+ * \r
+ * * Redistributions of source code must retain the above copyright notice,\r
+ * this list of conditions and the following disclaimer.\r
+ * * Redistributions in binary form must reproduce the above copyright notice,\r
+ * this list of conditions and the following disclaimer in the documentation\r
+ * and/or other materials provided with the distribution.\r
+ * * Neither the name of the ESUP-Portail consortium & the JA-SIG\r
+ * Collaborative nor the names of its contributors may be used to endorse or\r
+ * promote products derived from this software without specific prior\r
+ * written permission.\r
+\r
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND\r
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\r
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\r
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR\r
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\r
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\r
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON\r
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\r
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\r
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\r
+ */\r
+/**\r
+ * @file CAS/PGTStorage/pgt-file.php\r
+ * Basic class for PGT file storage\r
+ */\r
+\r
+/**\r
+ * @class PGTStorageFile\r
+ * The PGTStorageFile class is a class for PGT file storage. An instance of \r
+ * this class is returned by CASClient::SetPGTStorageFile().\r
+ *\r
+ * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>\r
+ *\r
+ * @ingroup internalPGTStorageFile\r
+ */\r
+\r
+class PGTStorageFile extends PGTStorage\r
+{\r
+ /** \r
+ * @addtogroup internalPGTStorageFile \r
+ * @{ \r
+ */\r
+\r
+ /**\r
+ * a string telling where PGT's should be stored on the filesystem. Written by\r
+ * PGTStorageFile::PGTStorageFile(), read by getPath().\r
+ *\r
+ * @private\r
+ */\r
+ var $_path;\r
+\r
+ /**\r
+ * This method returns the name of the directory where PGT's should be stored \r
+ * on the filesystem.\r
+ *\r
+ * @return the name of a directory (with leading and trailing '/')\r
+ *\r
+ * @private\r
+ */\r
+ function getPath()\r
+ {\r
+ return $this->_path;\r
+ }\r
+\r
+ /**\r
+ * a string telling the format to use to store PGT's (plain or xml). Written by\r
+ * PGTStorageFile::PGTStorageFile(), read by getFormat().\r
+ *\r
+ * @private\r
+ */\r
+ var $_format;\r
+\r
+ /**\r
+ * This method returns the format to use when storing PGT's on the filesystem.\r
+ *\r
+ * @return a string corresponding to the format used (plain or xml).\r
+ *\r
+ * @private\r
+ */\r
+ function getFormat()\r
+ {\r
+ return $this->_format;\r
+ }\r
+\r
+ // ########################################################################\r
+ // DEBUGGING\r
+ // ########################################################################\r
+ \r
+ /**\r
+ * This method returns an informational string giving the type of storage\r
+ * used by the object (used for debugging purposes).\r
+ *\r
+ * @return an informational string.\r
+ * @public\r
+ */\r
+ function getStorageType()\r
+ {\r
+ return "file";\r
+ }\r
+\r
+ /**\r
+ * This method returns an informational string giving informations on the\r
+ * parameters of the storage.(used for debugging purposes).\r
+ *\r
+ * @return an informational string.\r
+ * @public\r
+ */\r
+ function getStorageInfo()\r
+ {\r
+ return 'path=`'.$this->getPath().'\', format=`'.$this->getFormat().'\'';\r
+ }\r
+\r
+ // ########################################################################\r
+ // CONSTRUCTOR\r
+ // ########################################################################\r
+ \r
+ /**\r
+ * The class constructor, called by CASClient::SetPGTStorageFile().\r
+ *\r
+ * @param $cas_parent the CASClient instance that creates the object.\r
+ * @param $format the format used to store the PGT's (`plain' and `xml' allowed).\r
+ * @param $path the path where the PGT's should be stored\r
+ *\r
+ * @public\r
+ */\r
+ function PGTStorageFile($cas_parent,$format,$path)\r
+ {\r
+ phpCAS::traceBegin();\r
+ // call the ancestor's constructor\r
+ $this->PGTStorage($cas_parent);\r
+\r
+ if (empty($format) ) $format = CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT;\r
+ if (empty($path) ) $path = CAS_PGT_STORAGE_FILE_DEFAULT_PATH;\r
+\r
+ // check that the path is an absolute path\r
+ if (getenv("OS")=="Windows_NT"){\r
+ \r
+ if (!preg_match('`^[a-zA-Z]:`', $path)) {\r
+ phpCAS::error('an absolute path is needed for PGT storage to file');\r
+ }\r
+ \r
+ }\r
+ else\r
+ {\r
+ \r
+ if ( $path[0] != '/' ) {\r
+ phpCAS::error('an absolute path is needed for PGT storage to file');\r
+ }\r
+\r
+ // store the path (with a leading and trailing '/') \r
+ $path = preg_replace('|[/]*$|','/',$path);\r
+ $path = preg_replace('|^[/]*|','/',$path);\r
+ }\r
+ \r
+ $this->_path = $path;\r
+ // check the format and store it\r
+ switch ($format) {\r
+ case CAS_PGT_STORAGE_FILE_FORMAT_PLAIN:\r
+ case CAS_PGT_STORAGE_FILE_FORMAT_XML:\r
+ $this->_format = $format;\r
+ break;\r
+ default:\r
+ phpCAS::error('unknown PGT file storage format (`'.CAS_PGT_STORAGE_FILE_FORMAT_PLAIN.'\' and `'.CAS_PGT_STORAGE_FILE_FORMAT_XML.'\' allowed)');\r
+ }\r
+ phpCAS::traceEnd(); \r
+ }\r
+\r
+ // ########################################################################\r
+ // INITIALIZATION\r
+ // ########################################################################\r
+ \r
+ /**\r
+ * This method is used to initialize the storage. Halts on error.\r
+ *\r
+ * @public\r
+ */\r
+ function init()\r
+ {\r
+ phpCAS::traceBegin();\r
+ // if the storage has already been initialized, return immediatly\r
+ if ( $this->isInitialized() )\r
+ return;\r
+ // call the ancestor's method (mark as initialized)\r
+ parent::init();\r
+ phpCAS::traceEnd(); \r
+ }\r
+\r
+ // ########################################################################\r
+ // PGT I/O\r
+ // ########################################################################\r
+\r
+ /**\r
+ * This method returns the filename corresponding to a PGT Iou.\r
+ *\r
+ * @param $pgt_iou the PGT iou.\r
+ *\r
+ * @return a filename\r
+ * @private\r
+ */\r
+ function getPGTIouFilename($pgt_iou)\r
+ {\r
+ phpCAS::traceBegin();\r
+ $filename = $this->getPath().$pgt_iou.'.'.$this->getFormat();\r
+ phpCAS::traceEnd($filename);\r
+ return $filename;\r
+ }\r
+ \r
+ /**\r
+ * This method stores a PGT and its corresponding PGT Iou into a file. Echoes a\r
+ * warning on error.\r
+ *\r
+ * @param $pgt the PGT\r
+ * @param $pgt_iou the PGT iou\r
+ *\r
+ * @public\r
+ */\r
+ function write($pgt,$pgt_iou)\r
+ {\r
+ phpCAS::traceBegin();\r
+ $fname = $this->getPGTIouFilename($pgt_iou);\r
+ if(!file_exists($fname)){\r
+ if ( $f=fopen($fname,"w") ) {\r
+ if ( fputs($f,$pgt) === FALSE ) {\r
+ phpCAS::error('could not write PGT to `'.$fname.'\'');\r
+ }\r
+ fclose($f);\r
+ } else {\r
+ phpCAS::error('could not open `'.$fname.'\'');\r
+ }\r
+ }else{\r
+ phpCAS::error('File exists: `'.$fname.'\'');\r
+ }\r
+ phpCAS::traceEnd(); \r
+ }\r
+\r
+ /**\r
+ * This method reads a PGT corresponding to a PGT Iou and deletes the \r
+ * corresponding file.\r
+ *\r
+ * @param $pgt_iou the PGT iou\r
+ *\r
+ * @return the corresponding PGT, or FALSE on error\r
+ *\r
+ * @public\r
+ */\r
+ function read($pgt_iou)\r
+ {\r
+ phpCAS::traceBegin();\r
+ $pgt = FALSE;\r
+ $fname = $this->getPGTIouFilename($pgt_iou);\r
+ if (file_exists($fname)){\r
+ if ( !($f=fopen($fname,"r")) ) {\r
+ phpCAS::trace('could not open `'.$fname.'\'');\r
+ } else {\r
+ if ( ($pgt=fgets($f)) === FALSE ) {\r
+ phpCAS::trace('could not read PGT from `'.$fname.'\'');\r
+ } \r
+ fclose($f);\r
+ }\r
+ \r
+ // delete the PGT file\r
+ @unlink($fname);\r
+ }else{\r
+ phpCAS::trace('No such file `'.$fname.'\'');\r
+ }\r
+ phpCAS::traceEnd($pgt);\r
+ return $pgt;\r
+ }\r
+ \r
+ /** @} */\r
+ \r
+}\r
+\r
+ \r
+?>
\ No newline at end of file
--- /dev/null
+<?php\r
+/*\r
+ * Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.\r
+ * All rights reserved.\r
+ * \r
+ * Redistribution and use in source and binary forms, with or without\r
+ * modification, are permitted provided that the following conditions are met:\r
+ * \r
+ * * Redistributions of source code must retain the above copyright notice,\r
+ * this list of conditions and the following disclaimer.\r
+ * * Redistributions in binary form must reproduce the above copyright notice,\r
+ * this list of conditions and the following disclaimer in the documentation\r
+ * and/or other materials provided with the distribution.\r
+ * * Neither the name of the ESUP-Portail consortium & the JA-SIG\r
+ * Collaborative nor the names of its contributors may be used to endorse or\r
+ * promote products derived from this software without specific prior\r
+ * written permission.\r
+\r
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND\r
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\r
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\r
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR\r
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\r
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\r
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON\r
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\r
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\r
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\r
+ */\r
+/**\r
+ * @file CAS/PGTStorage/pgt-main.php\r
+ * Basic class for PGT storage\r
+ */\r
+\r
+/**\r
+ * @class PGTStorage\r
+ * The PGTStorage class is a generic class for PGT storage. This class should\r
+ * not be instanciated itself but inherited by specific PGT storage classes.\r
+ *\r
+ * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>\r
+ *\r
+ * @ingroup internalPGTStorage\r
+ */\r
+\r
+class PGTStorage\r
+{\r
+ /** \r
+ * @addtogroup internalPGTStorage\r
+ * @{ \r
+ */\r
+\r
+ // ########################################################################\r
+ // CONSTRUCTOR\r
+ // ########################################################################\r
+ \r
+ /**\r
+ * The constructor of the class, should be called only by inherited classes.\r
+ *\r
+ * @param $cas_parent the CASclient instance that creates the current object.\r
+ *\r
+ * @protected\r
+ */\r
+ function PGTStorage($cas_parent)\r
+ {\r
+ phpCAS::traceBegin();\r
+ if ( !$cas_parent->isProxy() ) {\r
+ phpCAS::error('defining PGT storage makes no sense when not using a CAS proxy'); \r
+ }\r
+ phpCAS::traceEnd();\r
+ }\r
+\r
+ // ########################################################################\r
+ // DEBUGGING\r
+ // ########################################################################\r
+ \r
+ /**\r
+ * This virtual method returns an informational string giving the type of storage\r
+ * used by the object (used for debugging purposes).\r
+ *\r
+ * @public\r
+ */\r
+ function getStorageType()\r
+ {\r
+ phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); \r
+ }\r
+\r
+ /**\r
+ * This virtual method returns an informational string giving informations on the\r
+ * parameters of the storage.(used for debugging purposes).\r
+ *\r
+ * @public\r
+ */\r
+ function getStorageInfo()\r
+ {\r
+ phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); \r
+ }\r
+\r
+ // ########################################################################\r
+ // ERROR HANDLING\r
+ // ########################################################################\r
+ \r
+ /**\r
+ * string used to store an error message. Written by PGTStorage::setErrorMessage(),\r
+ * read by PGTStorage::getErrorMessage().\r
+ *\r
+ * @hideinitializer\r
+ * @private\r
+ * @deprecated not used.\r
+ */\r
+ var $_error_message=FALSE;\r
+\r
+ /**\r
+ * This method sets en error message, which can be read later by \r
+ * PGTStorage::getErrorMessage().\r
+ *\r
+ * @param $error_message an error message\r
+ *\r
+ * @protected\r
+ * @deprecated not used.\r
+ */\r
+ function setErrorMessage($error_message)\r
+ {\r
+ $this->_error_message = $error_message;\r
+ }\r
+\r
+ /**\r
+ * This method returns an error message set by PGTStorage::setErrorMessage().\r
+ *\r
+ * @return an error message when set by PGTStorage::setErrorMessage(), FALSE\r
+ * otherwise.\r
+ *\r
+ * @public\r
+ * @deprecated not used.\r
+ */\r
+ function getErrorMessage()\r
+ {\r
+ return $this->_error_message;\r
+ }\r
+\r
+ // ########################################################################\r
+ // INITIALIZATION\r
+ // ########################################################################\r
+\r
+ /**\r
+ * a boolean telling if the storage has already been initialized. Written by \r
+ * PGTStorage::init(), read by PGTStorage::isInitialized().\r
+ *\r
+ * @hideinitializer\r
+ * @private\r
+ */\r
+ var $_initialized = FALSE;\r
+\r
+ /**\r
+ * This method tells if the storage has already been intialized.\r
+ *\r
+ * @return a boolean\r
+ *\r
+ * @protected\r
+ */\r
+ function isInitialized()\r
+ {\r
+ return $this->_initialized;\r
+ }\r
+\r
+ /**\r
+ * This virtual method initializes the object.\r
+ *\r
+ * @protected\r
+ */\r
+ function init()\r
+ {\r
+ $this->_initialized = TRUE;\r
+ }\r
+\r
+ // ########################################################################\r
+ // PGT I/O\r
+ // ########################################################################\r
+\r
+ /**\r
+ * This virtual method stores a PGT and its corresponding PGT Iuo.\r
+ * @note Should never be called.\r
+ *\r
+ * @param $pgt the PGT\r
+ * @param $pgt_iou the PGT iou\r
+ *\r
+ * @protected\r
+ */\r
+ function write($pgt,$pgt_iou)\r
+ {\r
+ phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); \r
+ }\r
+\r
+ /**\r
+ * This virtual method reads a PGT corresponding to a PGT Iou and deletes\r
+ * the corresponding storage entry.\r
+ * @note Should never be called.\r
+ *\r
+ * @param $pgt_iou the PGT iou\r
+ *\r
+ * @protected\r
+ */\r
+ function read($pgt_iou)\r
+ {\r
+ phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); \r
+ }\r
+\r
+ /** @} */\r
+ \r
+} \r
+\r
+// include specific PGT storage classes\r
+include_once(dirname(__FILE__).'/pgt-file.php'); \r
+ \r
+?>
\ No newline at end of file
--- /dev/null
+<?php
+
+/*
+ * Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * * Neither the name of the ESUP-Portail consortium & the JA-SIG
+ * Collaborative nor the names of its contributors may be used to endorse or
+ * promote products derived from this software without specific prior
+ * written permission.
+
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file CAS/client.php
+ * Main class of the phpCAS library
+ */
+
+// include internationalization stuff
+include_once(dirname(__FILE__).'/languages/languages.php');
+
+// include PGT storage classes
+include_once(dirname(__FILE__).'/PGTStorage/pgt-main.php');
+
+/**
+ * @class CASClient
+ * The CASClient class is a client interface that provides CAS authentication
+ * to PHP applications.
+ *
+ * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
+ */
+
+class CASClient
+{
+
+ // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ // XX XX
+ // XX CONFIGURATION XX
+ // XX XX
+ // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+ // ########################################################################
+ // HTML OUTPUT
+ // ########################################################################
+ /**
+ * @addtogroup internalOutput
+ * @{
+ */
+
+ /**
+ * This method filters a string by replacing special tokens by appropriate values
+ * and prints it. The corresponding tokens are taken into account:
+ * - __CAS_VERSION__
+ * - __PHPCAS_VERSION__
+ * - __SERVER_BASE_URL__
+ *
+ * Used by CASClient::PrintHTMLHeader() and CASClient::printHTMLFooter().
+ *
+ * @param $str the string to filter and output
+ *
+ * @private
+ */
+ function HTMLFilterOutput($str)
+ {
+ $str = str_replace('__CAS_VERSION__',$this->getServerVersion(),$str);
+ $str = str_replace('__PHPCAS_VERSION__',phpCAS::getVersion(),$str);
+ $str = str_replace('__SERVER_BASE_URL__',$this->getServerBaseURL(),$str);
+ echo $str;
+ }
+
+ /**
+ * A string used to print the header of HTML pages. Written by CASClient::setHTMLHeader(),
+ * read by CASClient::printHTMLHeader().
+ *
+ * @hideinitializer
+ * @private
+ * @see CASClient::setHTMLHeader, CASClient::printHTMLHeader()
+ */
+ var $_output_header = '';
+
+ /**
+ * This method prints the header of the HTML output (after filtering). If
+ * CASClient::setHTMLHeader() was not used, a default header is output.
+ *
+ * @param $title the title of the page
+ *
+ * @see HTMLFilterOutput()
+ * @private
+ */
+ function printHTMLHeader($title)
+ {
+ $this->HTMLFilterOutput(str_replace('__TITLE__',
+ $title,
+ (empty($this->_output_header)
+ ? '<html><head><title>__TITLE__</title></head><body><h1>__TITLE__</h1>'
+ : $this->_output_header)
+ )
+ );
+ }
+
+ /**
+ * A string used to print the footer of HTML pages. Written by CASClient::setHTMLFooter(),
+ * read by printHTMLFooter().
+ *
+ * @hideinitializer
+ * @private
+ * @see CASClient::setHTMLFooter, CASClient::printHTMLFooter()
+ */
+ var $_output_footer = '';
+
+ /**
+ * This method prints the footer of the HTML output (after filtering). If
+ * CASClient::setHTMLFooter() was not used, a default footer is output.
+ *
+ * @see HTMLFilterOutput()
+ * @private
+ */
+ function printHTMLFooter()
+ {
+ $this->HTMLFilterOutput(empty($this->_output_footer)
+ ?('<hr><address>phpCAS __PHPCAS_VERSION__ '.$this->getString(CAS_STR_USING_SERVER).' <a href="__SERVER_BASE_URL__">__SERVER_BASE_URL__</a> (CAS __CAS_VERSION__)</a></address></body></html>')
+ :$this->_output_footer);
+ }
+
+ /**
+ * This method set the HTML header used for all outputs.
+ *
+ * @param $header the HTML header.
+ *
+ * @public
+ */
+ function setHTMLHeader($header)
+ {
+ $this->_output_header = $header;
+ }
+
+ /**
+ * This method set the HTML footer used for all outputs.
+ *
+ * @param $footer the HTML footer.
+ *
+ * @public
+ */
+ function setHTMLFooter($footer)
+ {
+ $this->_output_footer = $footer;
+ }
+
+ /** @} */
+ // ########################################################################
+ // INTERNATIONALIZATION
+ // ########################################################################
+ /**
+ * @addtogroup internalLang
+ * @{
+ */
+ /**
+ * A string corresponding to the language used by phpCAS. Written by
+ * CASClient::setLang(), read by CASClient::getLang().
+
+ * @note debugging information is always in english (debug purposes only).
+ *
+ * @hideinitializer
+ * @private
+ * @sa CASClient::_strings, CASClient::getString()
+ */
+ var $_lang = '';
+
+ /**
+ * This method returns the language used by phpCAS.
+ *
+ * @return a string representing the language
+ *
+ * @private
+ */
+ function getLang()
+ {
+ if ( empty($this->_lang) )
+ $this->setLang(PHPCAS_LANG_DEFAULT);
+ return $this->_lang;
+ }
+
+ /**
+ * array containing the strings used by phpCAS. Written by CASClient::setLang(), read by
+ * CASClient::getString() and used by CASClient::setLang().
+ *
+ * @note This array is filled by instructions in CAS/languages/<$this->_lang>.php
+ *
+ * @private
+ * @see CASClient::_lang, CASClient::getString(), CASClient::setLang(), CASClient::getLang()
+ */
+ var $_strings;
+
+ /**
+ * This method returns a string depending on the language.
+ *
+ * @param $str the index of the string in $_string.
+ *
+ * @return the string corresponding to $index in $string.
+ *
+ * @private
+ */
+ function getString($str)
+ {
+ // call CASclient::getLang() to be sure the language is initialized
+ $this->getLang();
+
+ if ( !isset($this->_strings[$str]) ) {
+ trigger_error('string `'.$str.'\' not defined for language `'.$this->getLang().'\'',E_USER_ERROR);
+ }
+ return $this->_strings[$str];
+ }
+
+ /**
+ * This method is used to set the language used by phpCAS.
+ * @note Can be called only once.
+ *
+ * @param $lang a string representing the language.
+ *
+ * @public
+ * @sa CAS_LANG_FRENCH, CAS_LANG_ENGLISH
+ */
+ function setLang($lang)
+ {
+ // include the corresponding language file
+ include_once(dirname(__FILE__).'/languages/'.$lang.'.php');
+
+ if ( !is_array($this->_strings) ) {
+ trigger_error('language `'.$lang.'\' is not implemented',E_USER_ERROR);
+ }
+ $this->_lang = $lang;
+ }
+
+ /** @} */
+ // ########################################################################
+ // CAS SERVER CONFIG
+ // ########################################################################
+ /**
+ * @addtogroup internalConfig
+ * @{
+ */
+
+ /**
+ * a record to store information about the CAS server.
+ * - $_server["version"]: the version of the CAS server
+ * - $_server["hostname"]: the hostname of the CAS server
+ * - $_server["port"]: the port the CAS server is running on
+ * - $_server["uri"]: the base URI the CAS server is responding on
+ * - $_server["base_url"]: the base URL of the CAS server
+ * - $_server["login_url"]: the login URL of the CAS server
+ * - $_server["service_validate_url"]: the service validating URL of the CAS server
+ * - $_server["proxy_url"]: the proxy URL of the CAS server
+ * - $_server["proxy_validate_url"]: the proxy validating URL of the CAS server
+ * - $_server["logout_url"]: the logout URL of the CAS server
+ *
+ * $_server["version"], $_server["hostname"], $_server["port"] and $_server["uri"]
+ * are written by CASClient::CASClient(), read by CASClient::getServerVersion(),
+ * CASClient::getServerHostname(), CASClient::getServerPort() and CASClient::getServerURI().
+ *
+ * The other fields are written and read by CASClient::getServerBaseURL(),
+ * CASClient::getServerLoginURL(), CASClient::getServerServiceValidateURL(),
+ * CASClient::getServerProxyValidateURL() and CASClient::getServerLogoutURL().
+ *
+ * @hideinitializer
+ * @private
+ */
+ var $_server = array(
+ 'version' => -1,
+ 'hostname' => 'none',
+ 'port' => -1,
+ 'uri' => 'none'
+ );
+
+ /**
+ * This method is used to retrieve the version of the CAS server.
+ * @return the version of the CAS server.
+ * @private
+ */
+ function getServerVersion()
+ {
+ return $this->_server['version'];
+ }
+
+ /**
+ * This method is used to retrieve the hostname of the CAS server.
+ * @return the hostname of the CAS server.
+ * @private
+ */
+ function getServerHostname()
+ { return $this->_server['hostname']; }
+
+ /**
+ * This method is used to retrieve the port of the CAS server.
+ * @return the port of the CAS server.
+ * @private
+ */
+ function getServerPort()
+ { return $this->_server['port']; }
+
+ /**
+ * This method is used to retrieve the URI of the CAS server.
+ * @return a URI.
+ * @private
+ */
+ function getServerURI()
+ { return $this->_server['uri']; }
+
+ /**
+ * This method is used to retrieve the base URL of the CAS server.
+ * @return a URL.
+ * @private
+ */
+ function getServerBaseURL()
+ {
+ // the URL is build only when needed
+ if ( empty($this->_server['base_url']) ) {
+ $this->_server['base_url'] = 'https://' . $this->getServerHostname();
+ if ($this->getServerPort()!=443) {
+ $this->_server['base_url'] .= ':'
+ .$this->getServerPort();
+ }
+ $this->_server['base_url'] .= $this->getServerURI();
+ }
+ return $this->_server['base_url'];
+ }
+
+ /**
+ * This method is used to retrieve the login URL of the CAS server.
+ * @param $gateway true to check authentication, false to force it
+ * @param $renew true to force the authentication with the CAS server
+ * NOTE : It is recommended that CAS implementations ignore the
+ "gateway" parameter if "renew" is set
+ * @return a URL.
+ * @private
+ */
+ function getServerLoginURL($gateway=false,$renew=false) {
+ phpCAS::traceBegin();
+ // the URL is build only when needed
+ if ( empty($this->_server['login_url']) ) {
+ $this->_server['login_url'] = $this->getServerBaseURL();
+ $this->_server['login_url'] .= 'login?service=';
+ // $this->_server['login_url'] .= preg_replace('/&/','%26',$this->getURL());
+ $this->_server['login_url'] .= urlencode($this->getURL());
+ if($renew) {
+ // It is recommended that when the "renew" parameter is set, its value be "true"
+ $this->_server['login_url'] .= '&renew=true';
+ } elseif ($gateway) {
+ // It is recommended that when the "gateway" parameter is set, its value be "true"
+ $this->_server['login_url'] .= '&gateway=true';
+ }
+ }
+ phpCAS::traceEnd($this->_server['login_url']);
+ return $this->_server['login_url'];
+ }
+
+ /**
+ * This method sets the login URL of the CAS server.
+ * @param $url the login URL
+ * @private
+ * @since 0.4.21 by Wyman Chan
+ */
+ function setServerLoginURL($url)
+ {
+ return $this->_server['login_url'] = $url;
+ }
+
+
+ /**
+ * This method sets the serviceValidate URL of the CAS server.
+ * @param $url the serviceValidate URL
+ * @private
+ * @since 1.1.0 by Joachim Fritschi
+ */
+ function setServerServiceValidateURL($url)
+ {
+ return $this->_server['service_validate_url'] = $url;
+ }
+
+
+ /**
+ * This method sets the proxyValidate URL of the CAS server.
+ * @param $url the proxyValidate URL
+ * @private
+ * @since 1.1.0 by Joachim Fritschi
+ */
+ function setServerProxyValidateURL($url)
+ {
+ return $this->_server['proxy_validate_url'] = $url;
+ }
+
+
+ /**
+ * This method sets the samlValidate URL of the CAS server.
+ * @param $url the samlValidate URL
+ * @private
+ * @since 1.1.0 by Joachim Fritschi
+ */
+ function setServerSamlValidateURL($url)
+ {
+ return $this->_server['saml_validate_url'] = $url;
+ }
+
+
+ /**
+ * This method is used to retrieve the service validating URL of the CAS server.
+ * @return a URL.
+ * @private
+ */
+ function getServerServiceValidateURL()
+ {
+ // the URL is build only when needed
+ if ( empty($this->_server['service_validate_url']) ) {
+ switch ($this->getServerVersion()) {
+ case CAS_VERSION_1_0:
+ $this->_server['service_validate_url'] = $this->getServerBaseURL().'validate';
+ break;
+ case CAS_VERSION_2_0:
+ $this->_server['service_validate_url'] = $this->getServerBaseURL().'serviceValidate';
+ break;
+ }
+ }
+ // return $this->_server['service_validate_url'].'?service='.preg_replace('/&/','%26',$this->getURL());
+ return $this->_server['service_validate_url'].'?service='.urlencode($this->getURL());
+ }
+ /**
+ * This method is used to retrieve the SAML validating URL of the CAS server.
+ * @return a URL.
+ * @private
+ */
+ function getServerSamlValidateURL()
+ {
+ phpCAS::traceBegin();
+ // the URL is build only when needed
+ if ( empty($this->_server['saml_validate_url']) ) {
+ switch ($this->getServerVersion()) {
+ case SAML_VERSION_1_1:
+ $this->_server['saml_validate_url'] = $this->getServerBaseURL().'samlValidate';
+ break;
+ }
+ }
+ phpCAS::traceEnd($this->_server['saml_validate_url'].'?TARGET='.urlencode($this->getURL()));
+ return $this->_server['saml_validate_url'].'?TARGET='.urlencode($this->getURL());
+ }
+ /**
+ * This method is used to retrieve the proxy validating URL of the CAS server.
+ * @return a URL.
+ * @private
+ */
+ function getServerProxyValidateURL()
+ {
+ // the URL is build only when needed
+ if ( empty($this->_server['proxy_validate_url']) ) {
+ switch ($this->getServerVersion()) {
+ case CAS_VERSION_1_0:
+ $this->_server['proxy_validate_url'] = '';
+ break;
+ case CAS_VERSION_2_0:
+ $this->_server['proxy_validate_url'] = $this->getServerBaseURL().'proxyValidate';
+ break;
+ }
+ }
+ // return $this->_server['proxy_validate_url'].'?service='.preg_replace('/&/','%26',$this->getURL());
+ return $this->_server['proxy_validate_url'].'?service='.urlencode($this->getURL());
+ }
+
+ /**
+ * This method is used to retrieve the proxy URL of the CAS server.
+ * @return a URL.
+ * @private
+ */
+ function getServerProxyURL()
+ {
+ // the URL is build only when needed
+ if ( empty($this->_server['proxy_url']) ) {
+ switch ($this->getServerVersion()) {
+ case CAS_VERSION_1_0:
+ $this->_server['proxy_url'] = '';
+ break;
+ case CAS_VERSION_2_0:
+ $this->_server['proxy_url'] = $this->getServerBaseURL().'proxy';
+ break;
+ }
+ }
+ return $this->_server['proxy_url'];
+ }
+
+ /**
+ * This method is used to retrieve the logout URL of the CAS server.
+ * @return a URL.
+ * @private
+ */
+ function getServerLogoutURL()
+ {
+ // the URL is build only when needed
+ if ( empty($this->_server['logout_url']) ) {
+ $this->_server['logout_url'] = $this->getServerBaseURL().'logout';
+ }
+ return $this->_server['logout_url'];
+ }
+
+ /**
+ * This method sets the logout URL of the CAS server.
+ * @param $url the logout URL
+ * @private
+ * @since 0.4.21 by Wyman Chan
+ */
+ function setServerLogoutURL($url)
+ {
+ return $this->_server['logout_url'] = $url;
+ }
+
+ /**
+ * An array to store extra curl options.
+ */
+ var $_curl_options = array();
+
+ /**
+ * This method is used to set additional user curl options.
+ */
+ function setExtraCurlOption($key, $value)
+ {
+ $this->_curl_options[$key] = $value;
+ }
+
+ /**
+ * This method checks to see if the request is secured via HTTPS
+ * @return true if https, false otherwise
+ * @private
+ */
+ function isHttps() {
+ //if ( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) ) {
+ //0.4.24 by Hinnack
+ if ( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ // ########################################################################
+ // CONSTRUCTOR
+ // ########################################################################
+ /**
+ * CASClient constructor.
+ *
+ * @param $server_version the version of the CAS server
+ * @param $proxy TRUE if the CAS client is a CAS proxy, FALSE otherwise
+ * @param $server_hostname the hostname of the CAS server
+ * @param $server_port the port the CAS server is running on
+ * @param $server_uri the URI the CAS server is responding on
+ * @param $start_session Have phpCAS start PHP sessions (default true)
+ *
+ * @return a newly created CASClient object
+ *
+ * @public
+ */
+ function CASClient(
+ $server_version,
+ $proxy,
+ $server_hostname,
+ $server_port,
+ $server_uri,
+ $start_session = true) {
+
+ phpCAS::traceBegin();
+
+ // the redirect header() call and DOM parsing code from domxml-php4-php5.php won't work in PHP4 compatibility mode
+ if (version_compare(PHP_VERSION,'5','>=') && ini_get('zend.ze1_compatibility_mode')) {
+ phpCAS::error('phpCAS cannot support zend.ze1_compatibility_mode. Sorry.');
+ }
+ $this->_start_session = $start_session;
+
+ if ($this->_start_session && session_id() !== "")
+ {
+ phpCAS :: error("Another session was started before phpcas. Either disable the session" .
+ " handling for phpcas in the client() call or modify your application to leave" .
+ " session handling to phpcas");
+ }
+ // skip Session Handling for logout requests and if don't want it'
+ if ($start_session && !$this->isLogoutRequest())
+ {
+ phpCAS :: trace("Starting a new session");
+ session_start();
+ }
+
+
+ // are we in proxy mode ?
+ $this->_proxy = $proxy;
+
+ //check version
+ switch ($server_version) {
+ case CAS_VERSION_1_0:
+ if ( $this->isProxy() )
+ phpCAS::error('CAS proxies are not supported in CAS '
+ .$server_version);
+ break;
+ case CAS_VERSION_2_0:
+ break;
+ case SAML_VERSION_1_1:
+ break;
+ default:
+ phpCAS::error('this version of CAS (`'
+ .$server_version
+ .'\') is not supported by phpCAS '
+ .phpCAS::getVersion());
+ }
+ $this->_server['version'] = $server_version;
+
+ // check hostname
+ if ( empty($server_hostname)
+ || !preg_match('/[\.\d\-abcdefghijklmnopqrstuvwxyz]*/',$server_hostname) ) {
+ phpCAS::error('bad CAS server hostname (`'.$server_hostname.'\')');
+ }
+ $this->_server['hostname'] = $server_hostname;
+
+ // check port
+ if ( $server_port == 0
+ || !is_int($server_port) ) {
+ phpCAS::error('bad CAS server port (`'.$server_hostname.'\')');
+ }
+ $this->_server['port'] = $server_port;
+
+ // check URI
+ if ( !preg_match('/[\.\d\-_abcdefghijklmnopqrstuvwxyz\/]*/',$server_uri) ) {
+ phpCAS::error('bad CAS server URI (`'.$server_uri.'\')');
+ }
+ // add leading and trailing `/' and remove doubles
+ $server_uri = preg_replace('/\/\//','/','/'.$server_uri.'/');
+ $this->_server['uri'] = $server_uri;
+
+ // set to callback mode if PgtIou and PgtId CGI GET parameters are provided
+ if ( $this->isProxy() ) {
+ $this->setCallbackMode(!empty($_GET['pgtIou'])&&!empty($_GET['pgtId']));
+ }
+
+ if ( $this->isCallbackMode() ) {
+ //callback mode: check that phpCAS is secured
+ if ( !$this->isHttps() ) {
+ phpCAS::error('CAS proxies must be secured to use phpCAS; PGT\'s will not be received from the CAS server');
+ }
+ } else {
+ //normal mode: get ticket and remove it from CGI parameters for developpers
+ $ticket = (isset($_GET['ticket']) ? $_GET['ticket'] : null);
+ switch ($this->getServerVersion()) {
+ case CAS_VERSION_1_0: // check for a Service Ticket
+ if( preg_match('/^ST-/',$ticket) ) {
+ phpCAS::trace('ST \''.$ticket.'\' found');
+ //ST present
+ $this->setST($ticket);
+ //ticket has been taken into account, unset it to hide it to applications
+ unset($_GET['ticket']);
+ } else if ( !empty($ticket) ) {
+ //ill-formed ticket, halt
+ phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')');
+ }
+ break;
+ case CAS_VERSION_2_0: // check for a Service or Proxy Ticket
+ if( preg_match('/^[SP]T-/',$ticket) ) {
+ phpCAS::trace('ST or PT \''.$ticket.'\' found');
+ $this->setPT($ticket);
+ unset($_GET['ticket']);
+ } else if ( !empty($ticket) ) {
+ //ill-formed ticket, halt
+ phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')');
+ }
+ break;
+ case SAML_VERSION_1_1: // SAML just does Service Tickets
+ if( preg_match('/^[SP]T-/',$ticket) ) {
+ phpCAS::trace('SA \''.$ticket.'\' found');
+ $this->setSA($ticket);
+ unset($_GET['ticket']);
+ } else if ( !empty($ticket) ) {
+ //ill-formed ticket, halt
+ phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')');
+ }
+ break;
+ }
+ }
+ phpCAS::traceEnd();
+ }
+
+ /** @} */
+
+ // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ // XX XX
+ // XX Session Handling XX
+ // XX XX
+ // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+ /**
+ * A variable to whether phpcas will use its own session handling. Default = true
+ * @hideinitializer
+ * @private
+ */
+ var $_start_session = true;
+
+ function setStartSession($session)
+ {
+ $this->_start_session = session;
+ }
+
+ function getStartSession($session)
+ {
+ $this->_start_session = session;
+ }
+
+ /**
+ * Renaming the session
+ */
+ function renameSession($ticket)
+ {
+ phpCAS::traceBegin();
+ if($this->_start_session){
+ if (!empty ($this->_user))
+ {
+ $old_session = $_SESSION;
+ session_destroy();
+ // set up a new session, of name based on the ticket
+ $session_id = preg_replace('/[^\w]/', '', $ticket);
+ phpCAS :: trace("Session ID: ".$session_id);
+ session_id($session_id);
+ session_start();
+ phpCAS :: trace("Restoring old session vars");
+ $_SESSION = $old_session;
+ } else
+ {
+ phpCAS :: error('Session should only be renamed after successfull authentication');
+ }
+ }else{
+ phpCAS :: trace("Skipping session rename since phpCAS is not handling the session.");
+ }
+ phpCAS::traceEnd();
+ }
+
+ // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ // XX XX
+ // XX AUTHENTICATION XX
+ // XX XX
+ // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+ /**
+ * @addtogroup internalAuthentication
+ * @{
+ */
+
+ /**
+ * The Authenticated user. Written by CASClient::setUser(), read by CASClient::getUser().
+ * @attention client applications should use phpCAS::getUser().
+ *
+ * @hideinitializer
+ * @private
+ */
+ var $_user = '';
+
+ /**
+ * This method sets the CAS user's login name.
+ *
+ * @param $user the login name of the authenticated user.
+ *
+ * @private
+ */
+ function setUser($user)
+ {
+ $this->_user = $user;
+ }
+
+ /**
+ * This method returns the CAS user's login name.
+ * @warning should be called only after CASClient::forceAuthentication() or
+ * CASClient::isAuthenticated(), otherwise halt with an error.
+ *
+ * @return the login name of the authenticated user
+ */
+ function getUser()
+ {
+ if ( empty($this->_user) ) {
+ phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
+ }
+ return $this->_user;
+ }
+
+
+
+ /***********************************************************************************************************************
+ * Atrributes section
+ *
+ * @author Matthias Crauwels <matthias.crauwels@ugent.be>, Ghent University, Belgium
+ *
+ ***********************************************************************************************************************/
+ /**
+ * The Authenticated users attributes. Written by CASClient::setAttributes(), read by CASClient::getAttributes().
+ * @attention client applications should use phpCAS::getAttributes().
+ *
+ * @hideinitializer
+ * @private
+ */
+ var $_attributes = array();
+
+ function setAttributes($attributes)
+ { $this->_attributes = $attributes; }
+
+ function getAttributes() {
+ if ( empty($this->_user) ) { // if no user is set, there shouldn't be any attributes also...
+ phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
+ }
+ return $this->_attributes;
+ }
+
+ function hasAttributes()
+ { return !empty($this->_attributes); }
+
+ function hasAttribute($key)
+ { return (is_array($this->_attributes) && array_key_exists($key, $this->_attributes)); }
+
+ function getAttribute($key) {
+ if($this->hasAttribute($key)) {
+ return $this->_attributes[$key];
+ }
+ }
+
+ /**
+ * This method is called to renew the authentication of the user
+ * If the user is authenticated, renew the connection
+ * If not, redirect to CAS
+ * @public
+ */
+ function renewAuthentication(){
+ phpCAS::traceBegin();
+ // Either way, the user is authenticated by CAS
+ if( isset( $_SESSION['phpCAS']['auth_checked'] ) )
+ unset($_SESSION['phpCAS']['auth_checked']);
+ if ( $this->isAuthenticated() ) {
+ phpCAS::trace('user already authenticated; renew');
+ $this->redirectToCas(false,true);
+ } else {
+ $this->redirectToCas();
+ }
+ phpCAS::traceEnd();
+ }
+
+ /**
+ * This method is called to be sure that the user is authenticated. When not
+ * authenticated, halt by redirecting to the CAS server; otherwise return TRUE.
+ * @return TRUE when the user is authenticated; otherwise halt.
+ * @public
+ */
+ function forceAuthentication()
+ {
+ phpCAS::traceBegin();
+
+ if ( $this->isAuthenticated() ) {
+ // the user is authenticated, nothing to be done.
+ phpCAS::trace('no need to authenticate');
+ $res = TRUE;
+ } else {
+ // the user is not authenticated, redirect to the CAS server
+ if (isset($_SESSION['phpCAS']['auth_checked'])) {
+ unset($_SESSION['phpCAS']['auth_checked']);
+ }
+ $this->redirectToCas(FALSE/* no gateway */);
+ // never reached
+ $res = FALSE;
+ }
+ phpCAS::traceEnd($res);
+ return $res;
+ }
+
+ /**
+ * An integer that gives the number of times authentication will be cached before rechecked.
+ *
+ * @hideinitializer
+ * @private
+ */
+ var $_cache_times_for_auth_recheck = 0;
+
+ /**
+ * Set the number of times authentication will be cached before rechecked.
+ *
+ * @param $n an integer.
+ *
+ * @public
+ */
+ function setCacheTimesForAuthRecheck($n)
+ {
+ $this->_cache_times_for_auth_recheck = $n;
+ }
+
+ /**
+ * This method is called to check whether the user is authenticated or not.
+ * @return TRUE when the user is authenticated, FALSE otherwise.
+ * @public
+ */
+ function checkAuthentication()
+ {
+ phpCAS::traceBegin();
+
+ if ( $this->isAuthenticated() ) {
+ phpCAS::trace('user is authenticated');
+ $res = TRUE;
+ } else if (isset($_SESSION['phpCAS']['auth_checked'])) {
+ // the previous request has redirected the client to the CAS server with gateway=true
+ unset($_SESSION['phpCAS']['auth_checked']);
+ $res = FALSE;
+ } else {
+ // $_SESSION['phpCAS']['auth_checked'] = true;
+ // $this->redirectToCas(TRUE/* gateway */);
+ // // never reached
+ // $res = FALSE;
+ // avoid a check against CAS on every request
+ if (! isset($_SESSION['phpCAS']['unauth_count']) )
+ $_SESSION['phpCAS']['unauth_count'] = -2; // uninitialized
+
+ if (($_SESSION['phpCAS']['unauth_count'] != -2 && $this->_cache_times_for_auth_recheck == -1)
+ || ($_SESSION['phpCAS']['unauth_count'] >= 0 && $_SESSION['phpCAS']['unauth_count'] < $this->_cache_times_for_auth_recheck))
+ {
+ $res = FALSE;
+
+ if ($this->_cache_times_for_auth_recheck != -1)
+ {
+ $_SESSION['phpCAS']['unauth_count']++;
+ phpCAS::trace('user is not authenticated (cached for '.$_SESSION['phpCAS']['unauth_count'].' times of '.$this->_cache_times_for_auth_recheck.')');
+ }
+ else
+ {
+ phpCAS::trace('user is not authenticated (cached for until login pressed)');
+ }
+ }
+ else
+ {
+ $_SESSION['phpCAS']['unauth_count'] = 0;
+ $_SESSION['phpCAS']['auth_checked'] = true;
+ phpCAS::trace('user is not authenticated (cache reset)');
+ $this->redirectToCas(TRUE/* gateway */);
+ // never reached
+ $res = FALSE;
+ }
+ }
+ phpCAS::traceEnd($res);
+ return $res;
+ }
+
+ /**
+ * This method is called to check if the user is authenticated (previously or by
+ * tickets given in the URL).
+ *
+ * @return TRUE when the user is authenticated. Also may redirect to the same URL without the ticket.
+ *
+ * @public
+ */
+ function isAuthenticated()
+ {
+ phpCAS::traceBegin();
+ $res = FALSE;
+ $validate_url = '';
+
+ if ( $this->wasPreviouslyAuthenticated() ) {
+ if($this->hasST() || $this->hasPT() || $this->hasSA()){
+ // User has a additional ticket but was already authenticated
+ phpCAS::trace('ticket was present and will be discarded, use renewAuthenticate()');
+ header('Location: '.$this->getURL());
+ phpCAS::log( "Prepare redirect to remove ticket: ".$this->getURL() );
+ phpCAS::traceExit();
+ exit();
+ }else{
+ // the user has already (previously during the session) been
+ // authenticated, nothing to be done.
+ phpCAS::trace('user was already authenticated, no need to look for tickets');
+ $res = TRUE;
+ }
+ }
+ else {
+ if ( $this->hasST() ) {
+ // if a Service Ticket was given, validate it
+ phpCAS::trace('ST `'.$this->getST().'\' is present');
+ $this->validateST($validate_url,$text_response,$tree_response); // if it fails, it halts
+ phpCAS::trace('ST `'.$this->getST().'\' was validated');
+ if ( $this->isProxy() ) {
+ $this->validatePGT($validate_url,$text_response,$tree_response); // idem
+ phpCAS::trace('PGT `'.$this->getPGT().'\' was validated');
+ $_SESSION['phpCAS']['pgt'] = $this->getPGT();
+ }
+ $_SESSION['phpCAS']['user'] = $this->getUser();
+ $res = TRUE;
+ }
+ elseif ( $this->hasPT() ) {
+ // if a Proxy Ticket was given, validate it
+ phpCAS::trace('PT `'.$this->getPT().'\' is present');
+ $this->validatePT($validate_url,$text_response,$tree_response); // note: if it fails, it halts
+ phpCAS::trace('PT `'.$this->getPT().'\' was validated');
+ if ( $this->isProxy() ) {
+ $this->validatePGT($validate_url,$text_response,$tree_response); // idem
+ phpCAS::trace('PGT `'.$this->getPGT().'\' was validated');
+ $_SESSION['phpCAS']['pgt'] = $this->getPGT();
+ }
+ $_SESSION['phpCAS']['user'] = $this->getUser();
+ $res = TRUE;
+ }
+ elseif ( $this->hasSA() ) {
+ // if we have a SAML ticket, validate it.
+ phpCAS::trace('SA `'.$this->getSA().'\' is present');
+ $this->validateSA($validate_url,$text_response,$tree_response); // if it fails, it halts
+ phpCAS::trace('SA `'.$this->getSA().'\' was validated');
+ $_SESSION['phpCAS']['user'] = $this->getUser();
+ $_SESSION['phpCAS']['attributes'] = $this->getAttributes();
+ $res = TRUE;
+ }
+ else {
+ // no ticket given, not authenticated
+ phpCAS::trace('no ticket found');
+ }
+ if ($res) {
+ // if called with a ticket parameter, we need to redirect to the app without the ticket so that CAS-ification is transparent to the browser (for later POSTS)
+ // most of the checks and errors should have been made now, so we're safe for redirect without masking error messages.
+ // remove the ticket as a security precaution to prevent a ticket in the HTTP_REFERRER
+ header('Location: '.$this->getURL());
+ phpCAS::log( "Prepare redirect to : ".$this->getURL() );
+ phpCAS::traceExit();
+ exit();
+ }
+ }
+
+ phpCAS::traceEnd($res);
+ return $res;
+ }
+
+ /**
+ * This method tells if the current session is authenticated.
+ * @return true if authenticated based soley on $_SESSION variable
+ * @since 0.4.22 by Brendan Arnold
+ */
+ function isSessionAuthenticated ()
+ {
+ return !empty($_SESSION['phpCAS']['user']);
+ }
+
+ /**
+ * This method tells if the user has already been (previously) authenticated
+ * by looking into the session variables.
+ *
+ * @note This function switches to callback mode when needed.
+ *
+ * @return TRUE when the user has already been authenticated; FALSE otherwise.
+ *
+ * @private
+ */
+ function wasPreviouslyAuthenticated()
+ {
+ phpCAS::traceBegin();
+
+ if ( $this->isCallbackMode() ) {
+ $this->callback();
+ }
+
+ $auth = FALSE;
+
+ if ( $this->isProxy() ) {
+ // CAS proxy: username and PGT must be present
+ if ( $this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt']) ) {
+ // authentication already done
+ $this->setUser($_SESSION['phpCAS']['user']);
+ $this->setPGT($_SESSION['phpCAS']['pgt']);
+ phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\', PGT = `'.$_SESSION['phpCAS']['pgt'].'\'');
+ $auth = TRUE;
+ } elseif ( $this->isSessionAuthenticated() && empty($_SESSION['phpCAS']['pgt']) ) {
+ // these two variables should be empty or not empty at the same time
+ phpCAS::trace('username found (`'.$_SESSION['phpCAS']['user'].'\') but PGT is empty');
+ // unset all tickets to enforce authentication
+ unset($_SESSION['phpCAS']);
+ $this->setST('');
+ $this->setPT('');
+ } elseif ( !$this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt']) ) {
+ // these two variables should be empty or not empty at the same time
+ phpCAS::trace('PGT found (`'.$_SESSION['phpCAS']['pgt'].'\') but username is empty');
+ // unset all tickets to enforce authentication
+ unset($_SESSION['phpCAS']);
+ $this->setST('');
+ $this->setPT('');
+ } else {
+ phpCAS::trace('neither user not PGT found');
+ }
+ } else {
+ // `simple' CAS client (not a proxy): username must be present
+ if ( $this->isSessionAuthenticated() ) {
+ // authentication already done
+ $this->setUser($_SESSION['phpCAS']['user']);
+ if(isset($_SESSION['phpCAS']['attributes'])){
+ $this->setAttributes($_SESSION['phpCAS']['attributes']);
+ }
+ phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\'');
+ $auth = TRUE;
+ } else {
+ phpCAS::trace('no user found');
+ }
+ }
+
+ phpCAS::traceEnd($auth);
+ return $auth;
+ }
+
+ /**
+ * This method is used to redirect the client to the CAS server.
+ * It is used by CASClient::forceAuthentication() and CASClient::checkAuthentication().
+ * @param $gateway true to check authentication, false to force it
+ * @param $renew true to force the authentication with the CAS server
+ * @public
+ */
+ function redirectToCas($gateway=false,$renew=false){
+ phpCAS::traceBegin();
+ $cas_url = $this->getServerLoginURL($gateway,$renew);
+ header('Location: '.$cas_url);
+ phpCAS::log( "Redirect to : ".$cas_url );
+
+ $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_WANTED));
+
+ printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url);
+ $this->printHTMLFooter();
+
+ phpCAS::traceExit();
+ exit();
+ }
+
+
+ /**
+ * This method is used to logout from CAS.
+ * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server
+ * @public
+ */
+ function logout($params) {
+ phpCAS::traceBegin();
+ $cas_url = $this->getServerLogoutURL();
+ $paramSeparator = '?';
+ if (isset($params['url'])) {
+ $cas_url = $cas_url . $paramSeparator . "url=" . urlencode($params['url']);
+ $paramSeparator = '&';
+ }
+ if (isset($params['service'])) {
+ $cas_url = $cas_url . $paramSeparator . "service=" . urlencode($params['service']);
+ }
+ header('Location: '.$cas_url);
+ phpCAS::log( "Prepare redirect to : ".$cas_url );
+
+ session_unset();
+ session_destroy();
+
+ $this->printHTMLHeader($this->getString(CAS_STR_LOGOUT));
+ printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url);
+ $this->printHTMLFooter();
+
+ phpCAS::traceExit();
+ exit();
+ }
+
+ /**
+ * @return true if the current request is a logout request.
+ * @private
+ */
+ function isLogoutRequest() {
+ return !empty($_POST['logoutRequest']);
+ }
+
+ /**
+ * @return true if a logout request is allowed.
+ * @private
+ */
+ function isLogoutRequestAllowed() {
+ }
+
+ /**
+ * This method handles logout requests.
+ * @param $check_client true to check the client bofore handling the request,
+ * false not to perform any access control. True by default.
+ * @param $allowed_clients an array of host names allowed to send logout requests.
+ * By default, only the CAs server (declared in the constructor) will be allowed.
+ * @public
+ */
+ function handleLogoutRequests($check_client=true, $allowed_clients=false) {
+ phpCAS::traceBegin();
+ if (!$this->isLogoutRequest()) {
+ phpCAS::log("Not a logout request");
+ phpCAS::traceEnd();
+ return;
+ }
+ if(!$this->_start_session){
+ phpCAS::log("phpCAS can't handle logout requests if it does not manage the session.");
+ }
+ phpCAS::log("Logout requested");
+ phpCAS::log("SAML REQUEST: ".$_POST['logoutRequest']);
+ if ($check_client) {
+ if (!$allowed_clients) {
+ $allowed_clients = array( $this->getServerHostname() );
+ }
+ $client_ip = $_SERVER['REMOTE_ADDR'];
+ $client = gethostbyaddr($client_ip);
+ phpCAS::log("Client: ".$client."/".$client_ip);
+ $allowed = false;
+ foreach ($allowed_clients as $allowed_client) {
+ if (($client == $allowed_client) or ($client_ip == $allowed_client)) {
+ phpCAS::log("Allowed client '".$allowed_client."' matches, logout request is allowed");
+ $allowed = true;
+ break;
+ } else {
+ phpCAS::log("Allowed client '".$allowed_client."' does not match");
+ }
+ }
+ if (!$allowed) {
+ phpCAS::error("Unauthorized logout request from client '".$client."'");
+ printf("Unauthorized!");
+ phpCAS::traceExit();
+ exit();
+ }
+ } else {
+ phpCAS::log("No access control set");
+ }
+ // Extract the ticket from the SAML Request
+ preg_match("|<samlp:SessionIndex>(.*)</samlp:SessionIndex>|", $_POST['logoutRequest'], $tick, PREG_OFFSET_CAPTURE, 3);
+ $wrappedSamlSessionIndex = preg_replace('|<samlp:SessionIndex>|','',$tick[0][0]);
+ $ticket2logout = preg_replace('|</samlp:SessionIndex>|','',$wrappedSamlSessionIndex);
+ phpCAS::log("Ticket to logout: ".$ticket2logout);
+ $session_id = preg_replace('/[^\w]/','',$ticket2logout);
+ phpCAS::log("Session id: ".$session_id);
+
+ // destroy a possible application session created before phpcas
+ if(session_id() !== ""){
+ session_unset();
+ session_destroy();
+ }
+ // fix session ID
+ session_id($session_id);
+ $_COOKIE[session_name()]=$session_id;
+ $_GET[session_name()]=$session_id;
+
+ // Overwrite session
+ session_start();
+ session_unset();
+ session_destroy();
+ printf("Disconnected!");
+ phpCAS::traceExit();
+ exit();
+ }
+
+ /** @} */
+
+ // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ // XX XX
+ // XX BASIC CLIENT FEATURES (CAS 1.0) XX
+ // XX XX
+ // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+ // ########################################################################
+ // ST
+ // ########################################################################
+ /**
+ * @addtogroup internalBasic
+ * @{
+ */
+
+ /**
+ * the Service Ticket provided in the URL of the request if present
+ * (empty otherwise). Written by CASClient::CASClient(), read by
+ * CASClient::getST() and CASClient::hasPGT().
+ *
+ * @hideinitializer
+ * @private
+ */
+ var $_st = '';
+
+ /**
+ * This method returns the Service Ticket provided in the URL of the request.
+ * @return The service ticket.
+ * @private
+ */
+ function getST()
+ { return $this->_st; }
+
+ /**
+ * This method stores the Service Ticket.
+ * @param $st The Service Ticket.
+ * @private
+ */
+ function setST($st)
+ { $this->_st = $st; }
+
+ /**
+ * This method tells if a Service Ticket was stored.
+ * @return TRUE if a Service Ticket has been stored.
+ * @private
+ */
+ function hasST()
+ { return !empty($this->_st); }
+
+ /** @} */
+
+ // ########################################################################
+ // ST VALIDATION
+ // ########################################################################
+ /**
+ * @addtogroup internalBasic
+ * @{
+ */
+
+ /**
+ * the certificate of the CAS server.
+ *
+ * @hideinitializer
+ * @private
+ */
+ var $_cas_server_cert = '';
+
+ /**
+ * the certificate of the CAS server CA.
+ *
+ * @hideinitializer
+ * @private
+ */
+ var $_cas_server_ca_cert = '';
+
+ /**
+ * Set to true not to validate the CAS server.
+ *
+ * @hideinitializer
+ * @private
+ */
+ var $_no_cas_server_validation = false;
+
+ /**
+ * Set the certificate of the CAS server.
+ *
+ * @param $cert the PEM certificate
+ */
+ function setCasServerCert($cert)
+ {
+ $this->_cas_server_cert = $cert;
+ }
+
+ /**
+ * Set the CA certificate of the CAS server.
+ *
+ * @param $cert the PEM certificate of the CA that emited the cert of the server
+ */
+ function setCasServerCACert($cert)
+ {
+ $this->_cas_server_ca_cert = $cert;
+ }
+
+ /**
+ * Set no SSL validation for the CAS server.
+ */
+ function setNoCasServerValidation()
+ {
+ $this->_no_cas_server_validation = true;
+ }
+
+ /**
+ * This method is used to validate a ST; halt on failure, and sets $validate_url,
+ * $text_reponse and $tree_response on success. These parameters are used later
+ * by CASClient::validatePGT() for CAS proxies.
+ * Used for all CAS 1.0 validations
+ * @param $validate_url the URL of the request to the CAS server.
+ * @param $text_response the response of the CAS server, as is (XML text).
+ * @param $tree_response the response of the CAS server, as a DOM XML tree.
+ *
+ * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError().
+ *
+ * @private
+ */
+ function validateST($validate_url,&$text_response,&$tree_response)
+ {
+ phpCAS::traceBegin();
+ // build the URL to validate the ticket
+ $validate_url = $this->getServerServiceValidateURL().'&ticket='.$this->getST();
+ if ( $this->isProxy() ) {
+ // pass the callback url for CAS proxies
+ $validate_url .= '&pgtUrl='.urlencode($this->getCallbackURL());
+ }
+
+ // open and read the URL
+ if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) {
+ phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')');
+ $this->authError('ST not validated',
+ $validate_url,
+ TRUE/*$no_response*/);
+ }
+
+ // analyze the result depending on the version
+ switch ($this->getServerVersion()) {
+ case CAS_VERSION_1_0:
+ if (preg_match('/^no\n/',$text_response)) {
+ phpCAS::trace('ST has not been validated');
+ $this->authError('ST not validated',
+ $validate_url,
+ FALSE/*$no_response*/,
+ FALSE/*$bad_response*/,
+ $text_response);
+ }
+ if (!preg_match('/^yes\n/',$text_response)) {
+ phpCAS::trace('ill-formed response');
+ $this->authError('ST not validated',
+ $validate_url,
+ FALSE/*$no_response*/,
+ TRUE/*$bad_response*/,
+ $text_response);
+ }
+ // ST has been validated, extract the user name
+ $arr = preg_split('/\n/',$text_response);
+ $this->setUser(trim($arr[1]));
+ break;
+ case CAS_VERSION_2_0:
+ // read the response of the CAS server into a DOM object
+ if ( !($dom = domxml_open_mem($text_response))) {
+ phpCAS::trace('domxml_open_mem() failed');
+ $this->authError('ST not validated',
+ $validate_url,
+ FALSE/*$no_response*/,
+ TRUE/*$bad_response*/,
+ $text_response);
+ }
+ // read the root node of the XML tree
+ if ( !($tree_response = $dom->document_element()) ) {
+ phpCAS::trace('document_element() failed');
+ $this->authError('ST not validated',
+ $validate_url,
+ FALSE/*$no_response*/,
+ TRUE/*$bad_response*/,
+ $text_response);
+ }
+ // insure that tag name is 'serviceResponse'
+ if ( $tree_response->node_name() != 'serviceResponse' ) {
+ phpCAS::trace('bad XML root node (should be `serviceResponse\' instead of `'.$tree_response->node_name().'\'');
+ $this->authError('ST not validated',
+ $validate_url,
+ FALSE/*$no_response*/,
+ TRUE/*$bad_response*/,
+ $text_response);
+ }
+ if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("authenticationSuccess")) != 0) {
+ // authentication succeded, extract the user name
+ if ( sizeof($user_elements = $success_elements[0]->get_elements_by_tagname("user")) == 0) {
+ phpCAS::trace('<authenticationSuccess> found, but no <user>');
+ $this->authError('ST not validated',
+ $validate_url,
+ FALSE/*$no_response*/,
+ TRUE/*$bad_response*/,
+ $text_response);
+ }
+ $user = trim($user_elements[0]->get_content());
+ phpCAS::trace('user = `'.$user);
+ $this->setUser($user);
+
+ } else if ( sizeof($failure_elements = $tree_response->get_elements_by_tagname("authenticationFailure")) != 0) {
+ phpCAS::trace('<authenticationFailure> found');
+ // authentication failed, extract the error code and message
+ $this->authError('ST not validated',
+ $validate_url,
+ FALSE/*$no_response*/,
+ FALSE/*$bad_response*/,
+ $text_response,
+ $failure_elements[0]->get_attribute('code')/*$err_code*/,
+ trim($failure_elements[0]->get_content())/*$err_msg*/);
+ } else {
+ phpCAS::trace('neither <authenticationSuccess> nor <authenticationFailure> found');
+ $this->authError('ST not validated',
+ $validate_url,
+ FALSE/*$no_response*/,
+ TRUE/*$bad_response*/,
+ $text_response);
+ }
+ break;
+ }
+ $this->renameSession($this->getST());
+ // at this step, ST has been validated and $this->_user has been set,
+ phpCAS::traceEnd(TRUE);
+ return TRUE;
+ }
+
+ // ########################################################################
+ // SAML VALIDATION
+ // ########################################################################
+ /**
+ * @addtogroup internalBasic
+ * @{
+ */
+
+ /**
+ * This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url,
+ * $text_reponse and $tree_response on success. These parameters are used later
+ * by CASClient::validatePGT() for CAS proxies.
+ *
+ * @param $validate_url the URL of the request to the CAS server.
+ * @param $text_response the response of the CAS server, as is (XML text).
+ * @param $tree_response the response of the CAS server, as a DOM XML tree.
+ *
+ * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError().
+ *
+ * @private
+ */
+ function validateSA($validate_url,&$text_response,&$tree_response)
+ {
+ phpCAS::traceBegin();
+
+ // build the URL to validate the ticket
+ $validate_url = $this->getServerSamlValidateURL();
+
+ // open and read the URL
+ if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) {
+ phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')');
+ $this->authError('SA not validated', $validate_url, TRUE/*$no_response*/);
+ }
+
+ phpCAS::trace('server version: '.$this->getServerVersion());
+
+ // analyze the result depending on the version
+ switch ($this->getServerVersion()) {
+ case SAML_VERSION_1_1:
+
+ // read the response of the CAS server into a DOM object
+ if ( !($dom = domxml_open_mem($text_response))) {
+ phpCAS::trace('domxml_open_mem() failed');
+ $this->authError('SA not validated',
+ $validate_url,
+ FALSE/*$no_response*/,
+ TRUE/*$bad_response*/,
+ $text_response);
+ }
+ // read the root node of the XML tree
+ if ( !($tree_response = $dom->document_element()) ) {
+ phpCAS::trace('document_element() failed');
+ $this->authError('SA not validated',
+ $validate_url,
+ FALSE/*$no_response*/,
+ TRUE/*$bad_response*/,
+ $text_response);
+ }
+ // insure that tag name is 'Envelope'
+ if ( $tree_response->node_name() != 'Envelope' ) {
+ phpCAS::trace('bad XML root node (should be `Envelope\' instead of `'.$tree_response->node_name().'\'');
+ $this->authError('SA not validated',
+ $validate_url,
+ FALSE/*$no_response*/,
+ TRUE/*$bad_response*/,
+ $text_response);
+ }
+ // check for the NameIdentifier tag in the SAML response
+ if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("NameIdentifier")) != 0) {
+ phpCAS::trace('NameIdentifier found');
+ $user = trim($success_elements[0]->get_content());
+ phpCAS::trace('user = `'.$user.'`');
+ $this->setUser($user);
+ $this->setSessionAttributes($text_response);
+ } else {
+ phpCAS::trace('no <NameIdentifier> tag found in SAML payload');
+ $this->authError('SA not validated',
+ $validate_url,
+ FALSE/*$no_response*/,
+ TRUE/*$bad_response*/,
+ $text_response);
+ }
+ break;
+ }
+ $this->renameSession($this->getSA());
+ // at this step, ST has been validated and $this->_user has been set,
+ phpCAS::traceEnd(TRUE);
+ return TRUE;
+ }
+
+ /**
+ * This method will parse the DOM and pull out the attributes from the SAML
+ * payload and put them into an array, then put the array into the session.
+ *
+ * @param $text_response the SAML payload.
+ * @return bool TRUE when successfull and FALSE if no attributes a found
+ *
+ * @private
+ */
+ function setSessionAttributes($text_response)
+ {
+ phpCAS::traceBegin();
+
+ $result = FALSE;
+
+ if (isset($_SESSION[SAML_ATTRIBUTES])) {
+ phpCAS::trace("session attrs already set."); //testbml - do we care?
+ }
+
+ $attr_array = array();
+
+ if (($dom = domxml_open_mem($text_response))) {
+ $xPath = $dom->xpath_new_context();
+ $xPath->xpath_register_ns('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol');
+ $xPath->xpath_register_ns('saml', 'urn:oasis:names:tc:SAML:1.0:assertion');
+ $nodelist = $xPath->xpath_eval("//saml:Attribute");
+ if($nodelist){
+ $attrs = $nodelist->nodeset;
+ foreach($attrs as $attr){
+ $xres = $xPath->xpath_eval("saml:AttributeValue", $attr);
+ $name = $attr->get_attribute("AttributeName");
+ $value_array = array();
+ foreach($xres->nodeset as $node){
+ $value_array[] = $node->get_content();
+ }
+ $attr_array[$name] = $value_array;
+ }
+ $_SESSION[SAML_ATTRIBUTES] = $attr_array;
+ // UGent addition...
+ foreach($attr_array as $attr_key => $attr_value) {
+ if(count($attr_value) > 1) {
+ $this->_attributes[$attr_key] = $attr_value;
+ phpCAS::trace("* " . $attr_key . "=" . $attr_value);
+ }
+ else {
+ $this->_attributes[$attr_key] = $attr_value[0];
+ phpCAS::trace("* " . $attr_key . "=" . $attr_value[0]);
+ }
+ }
+ $result = TRUE;
+ }else{
+ phpCAS::trace("SAML Attributes are empty");
+ $result = FALSE;
+ }
+ }
+ phpCAS::traceEnd($result);
+ return $result;
+ }
+
+ /** @} */
+
+ // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ // XX XX
+ // XX PROXY FEATURES (CAS 2.0) XX
+ // XX XX
+ // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+ // ########################################################################
+ // PROXYING
+ // ########################################################################
+ /**
+ * @addtogroup internalProxy
+ * @{
+ */
+
+ /**
+ * A boolean telling if the client is a CAS proxy or not. Written by CASClient::CASClient(),
+ * read by CASClient::isProxy().
+ *
+ * @private
+ */
+ var $_proxy;
+
+ /**
+ * Tells if a CAS client is a CAS proxy or not
+ *
+ * @return TRUE when the CAS client is a CAs proxy, FALSE otherwise
+ *
+ * @private
+ */
+ function isProxy()
+ {
+ return $this->_proxy;
+ }
+
+ /** @} */
+ // ########################################################################
+ // PGT
+ // ########################################################################
+ /**
+ * @addtogroup internalProxy
+ * @{
+ */
+
+ /**
+ * the Proxy Grnting Ticket given by the CAS server (empty otherwise).
+ * Written by CASClient::setPGT(), read by CASClient::getPGT() and CASClient::hasPGT().
+ *
+ * @hideinitializer
+ * @private
+ */
+ var $_pgt = '';
+
+ /**
+ * This method returns the Proxy Granting Ticket given by the CAS server.
+ * @return The Proxy Granting Ticket.
+ * @private
+ */
+ function getPGT()
+ { return $this->_pgt; }
+
+ /**
+ * This method stores the Proxy Granting Ticket.
+ * @param $pgt The Proxy Granting Ticket.
+ * @private
+ */
+ function setPGT($pgt)
+ { $this->_pgt = $pgt; }
+
+ /**
+ * This method tells if a Proxy Granting Ticket was stored.
+ * @return TRUE if a Proxy Granting Ticket has been stored.
+ * @private
+ */
+ function hasPGT()
+ { return !empty($this->_pgt); }
+
+ /** @} */
+
+ // ########################################################################
+ // CALLBACK MODE
+ // ########################################################################
+ /**
+ * @addtogroup internalCallback
+ * @{
+ */
+ /**
+ * each PHP script using phpCAS in proxy mode is its own callback to get the
+ * PGT back from the CAS server. callback_mode is detected by the constructor
+ * thanks to the GET parameters.
+ */
+
+ /**
+ * a boolean to know if the CAS client is running in callback mode. Written by
+ * CASClient::setCallBackMode(), read by CASClient::isCallbackMode().
+ *
+ * @hideinitializer
+ * @private
+ */
+ var $_callback_mode = FALSE;
+
+ /**
+ * This method sets/unsets callback mode.
+ *
+ * @param $callback_mode TRUE to set callback mode, FALSE otherwise.
+ *
+ * @private
+ */
+ function setCallbackMode($callback_mode)
+ {
+ $this->_callback_mode = $callback_mode;
+ }
+
+ /**
+ * This method returns TRUE when the CAs client is running i callback mode,
+ * FALSE otherwise.
+ *
+ * @return A boolean.
+ *
+ * @private
+ */
+ function isCallbackMode()
+ {
+ return $this->_callback_mode;
+ }
+
+ /**
+ * the URL that should be used for the PGT callback (in fact the URL of the
+ * current request without any CGI parameter). Written and read by
+ * CASClient::getCallbackURL().
+ *
+ * @hideinitializer
+ * @private
+ */
+ var $_callback_url = '';
+
+ /**
+ * This method returns the URL that should be used for the PGT callback (in
+ * fact the URL of the current request without any CGI parameter, except if
+ * phpCAS::setFixedCallbackURL() was used).
+ *
+ * @return The callback URL
+ *
+ * @private
+ */
+ function getCallbackURL()
+ {
+ // the URL is built when needed only
+ if ( empty($this->_callback_url) ) {
+ $final_uri = '';
+ // remove the ticket if present in the URL
+ $final_uri = 'https://';
+ /* replaced by Julien Marchal - v0.4.6
+ * $this->uri .= $_SERVER['SERVER_NAME'];
+ */
+ if(empty($_SERVER['HTTP_X_FORWARDED_SERVER'])){
+ /* replaced by teedog - v0.4.12
+ * $final_uri .= $_SERVER['SERVER_NAME'];
+ */
+ if (empty($_SERVER['SERVER_NAME'])) {
+ $final_uri .= $_SERVER['HTTP_HOST'];
+ } else {
+ $final_uri .= $_SERVER['SERVER_NAME'];
+ }
+ } else {
+ $final_uri .= $_SERVER['HTTP_X_FORWARDED_SERVER'];
+ }
+ if ( ($this->isHttps() && $_SERVER['SERVER_PORT']!=443)
+ || (!$this->isHttps() && $_SERVER['SERVER_PORT']!=80) ) {
+ $final_uri .= ':';
+ $final_uri .= $_SERVER['SERVER_PORT'];
+ }
+ $request_uri = $_SERVER['REQUEST_URI'];
+ $request_uri = preg_replace('/\?.*$/','',$request_uri);
+ $final_uri .= $request_uri;
+ $this->setCallbackURL($final_uri);
+ }
+ return $this->_callback_url;
+ }
+
+ /**
+ * This method sets the callback url.
+ *
+ * @param $callback_url url to set callback
+ *
+ * @private
+ */
+ function setCallbackURL($url)
+ {
+ return $this->_callback_url = $url;
+ }
+
+ /**
+ * This method is called by CASClient::CASClient() when running in callback
+ * mode. It stores the PGT and its PGT Iou, prints its output and halts.
+ *
+ * @private
+ */
+ function callback()
+ {
+ phpCAS::traceBegin();
+ if (preg_match('/PGTIOU-[\.\-\w]/', $_GET['pgtIou'])){
+ if(preg_match('/[PT]GT-[\.\-\w]/', $_GET['pgtId'])){
+ $this->printHTMLHeader('phpCAS callback');
+ $pgt_iou = $_GET['pgtIou'];
+ $pgt = $_GET['pgtId'];
+ phpCAS::trace('Storing PGT `'.$pgt.'\' (id=`'.$pgt_iou.'\')');
+ echo '<p>Storing PGT `'.$pgt.'\' (id=`'.$pgt_iou.'\').</p>';
+ $this->storePGT($pgt,$pgt_iou);
+ $this->printHTMLFooter();
+ }else{
+ phpCAS::error('PGT format invalid' . $_GET['pgtId']);
+ }
+ }else{
+ phpCAS::error('PGTiou format invalid' . $_GET['pgtIou']);
+ }
+ phpCAS::traceExit();
+ exit();
+ }
+
+ /** @} */
+
+ // ########################################################################
+ // PGT STORAGE
+ // ########################################################################
+ /**
+ * @addtogroup internalPGTStorage
+ * @{
+ */
+
+ /**
+ * an instance of a class inheriting of PGTStorage, used to deal with PGT
+ * storage. Created by CASClient::setPGTStorageFile() or CASClient::setPGTStorageDB(), used
+ * by CASClient::setPGTStorageFile(), CASClient::setPGTStorageDB() and CASClient::initPGTStorage().
+ *
+ * @hideinitializer
+ * @private
+ */
+ var $_pgt_storage = null;
+
+ /**
+ * This method is used to initialize the storage of PGT's.
+ * Halts on error.
+ *
+ * @private
+ */
+ function initPGTStorage()
+ {
+ // if no SetPGTStorageXxx() has been used, default to file
+ if ( !is_object($this->_pgt_storage) ) {
+ $this->setPGTStorageFile();
+ }
+
+ // initializes the storage
+ $this->_pgt_storage->init();
+ }
+
+ /**
+ * This method stores a PGT. Halts on error.
+ *
+ * @param $pgt the PGT to store
+ * @param $pgt_iou its corresponding Iou
+ *
+ * @private
+ */
+ function storePGT($pgt,$pgt_iou)
+ {
+ // ensure that storage is initialized
+ $this->initPGTStorage();
+ // writes the PGT
+ $this->_pgt_storage->write($pgt,$pgt_iou);
+ }
+
+ /**
+ * This method reads a PGT from its Iou and deletes the corresponding storage entry.
+ *
+ * @param $pgt_iou the PGT Iou
+ *
+ * @return The PGT corresponding to the Iou, FALSE when not found.
+ *
+ * @private
+ */
+ function loadPGT($pgt_iou)
+ {
+ // ensure that storage is initialized
+ $this->initPGTStorage();
+ // read the PGT
+ return $this->_pgt_storage->read($pgt_iou);
+ }
+
+ /**
+ * This method is used to tell phpCAS to store the response of the
+ * CAS server to PGT requests onto the filesystem.
+ *
+ * @param $format the format used to store the PGT's (`plain' and `xml' allowed)
+ * @param $path the path where the PGT's should be stored
+ *
+ * @public
+ */
+ function setPGTStorageFile($format='',
+ $path='')
+ {
+ // check that the storage has not already been set
+ if ( is_object($this->_pgt_storage) ) {
+ phpCAS::error('PGT storage already defined');
+ }
+
+ // create the storage object
+ $this->_pgt_storage = new PGTStorageFile($this,$format,$path);
+ }
+
+ // ########################################################################
+ // PGT VALIDATION
+ // ########################################################################
+ /**
+ * This method is used to validate a PGT; halt on failure.
+ *
+ * @param $validate_url the URL of the request to the CAS server.
+ * @param $text_response the response of the CAS server, as is (XML text); result
+ * of CASClient::validateST() or CASClient::validatePT().
+ * @param $tree_response the response of the CAS server, as a DOM XML tree; result
+ * of CASClient::validateST() or CASClient::validatePT().
+ *
+ * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError().
+ *
+ * @private
+ */
+ function validatePGT(&$validate_url,$text_response,$tree_response)
+ {
+ // here cannot use phpCAS::traceBegin(); alongside domxml-php4-to-php5.php
+ phpCAS::log('start validatePGT()');
+ if ( sizeof($arr = $tree_response->get_elements_by_tagname("proxyGrantingTicket")) == 0) {
+ phpCAS::trace('<proxyGrantingTicket> not found');
+ // authentication succeded, but no PGT Iou was transmitted
+ $this->authError('Ticket validated but no PGT Iou transmitted',
+ $validate_url,
+ FALSE/*$no_response*/,
+ FALSE/*$bad_response*/,
+ $text_response);
+ } else {
+ // PGT Iou transmitted, extract it
+ $pgt_iou = trim($arr[0]->get_content());
+ if(preg_match('/PGTIOU-[\.\-\w]/',$pgt_iou)){
+ $pgt = $this->loadPGT($pgt_iou);
+ if ( $pgt == FALSE ) {
+ phpCAS::trace('could not load PGT');
+ $this->authError('PGT Iou was transmitted but PGT could not be retrieved',
+ $validate_url,
+ FALSE/*$no_response*/,
+ FALSE/*$bad_response*/,
+ $text_response);
+ }
+ $this->setPGT($pgt);
+ }else{
+ phpCAS::trace('PGTiou format error');
+ $this->authError('PGT Iou was transmitted but has wrong fromat',
+ $validate_url,
+ FALSE/*$no_response*/,
+ FALSE/*$bad_response*/,
+ $text_response);
+ }
+
+ }
+ // here, cannot use phpCAS::traceEnd(TRUE); alongside domxml-php4-to-php5.php
+ phpCAS::log('end validatePGT()');
+ return TRUE;
+ }
+
+ // ########################################################################
+ // PGT VALIDATION
+ // ########################################################################
+
+ /**
+ * This method is used to retrieve PT's from the CAS server thanks to a PGT.
+ *
+ * @param $target_service the service to ask for with the PT.
+ * @param $err_code an error code (PHPCAS_SERVICE_OK on success).
+ * @param $err_msg an error message (empty on success).
+ *
+ * @return a Proxy Ticket, or FALSE on error.
+ *
+ * @private
+ */
+ function retrievePT($target_service,&$err_code,&$err_msg)
+ {
+ phpCAS::traceBegin();
+
+ // by default, $err_msg is set empty and $pt to TRUE. On error, $pt is
+ // set to false and $err_msg to an error message. At the end, if $pt is FALSE
+ // and $error_msg is still empty, it is set to 'invalid response' (the most
+ // commonly encountered error).
+ $err_msg = '';
+
+ // build the URL to retrieve the PT
+ // $cas_url = $this->getServerProxyURL().'?targetService='.preg_replace('/&/','%26',$target_service).'&pgt='.$this->getPGT();
+ $cas_url = $this->getServerProxyURL().'?targetService='.urlencode($target_service).'&pgt='.$this->getPGT();
+
+ // open and read the URL
+ if ( !$this->readURL($cas_url,''/*cookies*/,$headers,$cas_response,$err_msg) ) {
+ phpCAS::trace('could not open URL \''.$cas_url.'\' to validate ('.$err_msg.')');
+ $err_code = PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE;
+ $err_msg = 'could not retrieve PT (no response from the CAS server)';
+ phpCAS::traceEnd(FALSE);
+ return FALSE;
+ }
+
+ $bad_response = FALSE;
+
+ if ( !$bad_response ) {
+ // read the response of the CAS server into a DOM object
+ if ( !($dom = @domxml_open_mem($cas_response))) {
+ phpCAS::trace('domxml_open_mem() failed');
+ // read failed
+ $bad_response = TRUE;
+ }
+ }
+
+ if ( !$bad_response ) {
+ // read the root node of the XML tree
+ if ( !($root = $dom->document_element()) ) {
+ phpCAS::trace('document_element() failed');
+ // read failed
+ $bad_response = TRUE;
+ }
+ }
+
+ if ( !$bad_response ) {
+ // insure that tag name is 'serviceResponse'
+ if ( $root->node_name() != 'serviceResponse' ) {
+ phpCAS::trace('node_name() failed');
+ // bad root node
+ $bad_response = TRUE;
+ }
+ }
+
+ if ( !$bad_response ) {
+ // look for a proxySuccess tag
+ if ( sizeof($arr = $root->get_elements_by_tagname("proxySuccess")) != 0) {
+ // authentication succeded, look for a proxyTicket tag
+ if ( sizeof($arr = $root->get_elements_by_tagname("proxyTicket")) != 0) {
+ $err_code = PHPCAS_SERVICE_OK;
+ $err_msg = '';
+ phpCAS::trace('original PT: '.trim($arr[0]->get_content()));
+ $pt = trim($arr[0]->get_content());
+ phpCAS::traceEnd($pt);
+ return $pt;
+ } else {
+ phpCAS::trace('<proxySuccess> was found, but not <proxyTicket>');
+ }
+ }
+ // look for a proxyFailure tag
+ else if ( sizeof($arr = $root->get_elements_by_tagname("proxyFailure")) != 0) {
+ // authentication failed, extract the error
+ $err_code = PHPCAS_SERVICE_PT_FAILURE;
+ $err_msg = 'PT retrieving failed (code=`'
+ .$arr[0]->get_attribute('code')
+ .'\', message=`'
+ .trim($arr[0]->get_content())
+ .'\')';
+ phpCAS::traceEnd(FALSE);
+ return FALSE;
+ } else {
+ phpCAS::trace('neither <proxySuccess> nor <proxyFailure> found');
+ }
+ }
+
+ // at this step, we are sure that the response of the CAS server was ill-formed
+ $err_code = PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE;
+ $err_msg = 'Invalid response from the CAS server (response=`'.$cas_response.'\')';
+
+ phpCAS::traceEnd(FALSE);
+ return FALSE;
+ }
+
+ // ########################################################################
+ // ACCESS TO EXTERNAL SERVICES
+ // ########################################################################
+
+ /**
+ * This method is used to acces a remote URL.
+ *
+ * @param $url the URL to access.
+ * @param $cookies an array containing cookies strings such as 'name=val'
+ * @param $headers an array containing the HTTP header lines of the response
+ * (an empty array on failure).
+ * @param $body the body of the response, as a string (empty on failure).
+ * @param $err_msg an error message, filled on failure.
+ *
+ * @return TRUE on success, FALSE otherwise (in this later case, $err_msg
+ * contains an error message).
+ *
+ * @private
+ */
+ function readURL($url,$cookies,&$headers,&$body,&$err_msg)
+ {
+ phpCAS::traceBegin();
+ $headers = '';
+ $body = '';
+ $err_msg = '';
+
+ $res = TRUE;
+
+ // initialize the CURL session
+ $ch = curl_init($url);
+
+ if (version_compare(PHP_VERSION,'5.1.3','>=')) {
+ //only avaible in php5
+ curl_setopt_array($ch, $this->_curl_options);
+ } else {
+ foreach ($this->_curl_options as $key => $value) {
+ curl_setopt($ch, $key, $value);
+ }
+ }
+
+ if ($this->_cas_server_cert == '' && $this->_cas_server_ca_cert == '' && !$this->_no_cas_server_validation) {
+ phpCAS::error('one of the methods phpCAS::setCasServerCert(), phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.');
+ }
+ if ($this->_cas_server_cert != '' && $this->_cas_server_ca_cert != '') {
+ // This branch added by IDMS. Seems phpCAS implementor got a bit confused about the curl options CURLOPT_SSLCERT and CURLOPT_CAINFO
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
+ curl_setopt($ch, CURLOPT_SSLCERT, $this->_cas_server_cert);
+ curl_setopt($ch, CURLOPT_CAINFO, $this->_cas_server_ca_cert);
+ curl_setopt($ch, CURLOPT_VERBOSE, '1');
+ phpCAS::trace('CURL: Set all required opts for mutual authentication ------');
+ } else if ($this->_cas_server_cert != '' ) {
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
+ curl_setopt($ch, CURLOPT_SSLCERT, $this->_cas_server_cert);
+ } else if ($this->_cas_server_ca_cert != '') {
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
+ curl_setopt($ch, CURLOPT_CAINFO, $this->_cas_server_ca_cert);
+ } else {
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
+ }
+
+ // return the CURL output into a variable
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+ // get the HTTP header with a callback
+ $this->_curl_headers = array(); // empty the headers array
+ curl_setopt($ch, CURLOPT_HEADERFUNCTION, array($this, '_curl_read_headers'));
+ // add cookies headers
+ if ( is_array($cookies) ) {
+ curl_setopt($ch,CURLOPT_COOKIE,implode(';',$cookies));
+ }
+ // add extra stuff if SAML
+ if ($this->hasSA()) {
+ $more_headers = array ("soapaction: http://www.oasis-open.org/committees/security",
+ "cache-control: no-cache",
+ "pragma: no-cache",
+ "accept: text/xml",
+ "connection: keep-alive",
+ "content-type: text/xml");
+
+ curl_setopt($ch, CURLOPT_HTTPHEADER, $more_headers);
+ curl_setopt($ch, CURLOPT_POST, 1);
+ $data = $this->buildSAMLPayload();
+ //phpCAS::trace('SAML Payload: '.print_r($data, TRUE));
+ curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
+ }
+ // perform the query
+ $buf = curl_exec ($ch);
+ //phpCAS::trace('CURL: Call completed. Response body is: \''.$buf.'\'');
+ if ( $buf === FALSE ) {
+ phpCAS::trace('curl_exec() failed');
+ $err_msg = 'CURL error #'.curl_errno($ch).': '.curl_error($ch);
+ //phpCAS::trace('curl error: '.$err_msg);
+ // close the CURL session
+ curl_close ($ch);
+ $res = FALSE;
+ } else {
+ // close the CURL session
+ curl_close ($ch);
+
+ $headers = $this->_curl_headers;
+ $body = $buf;
+ }
+
+ phpCAS::traceEnd($res);
+ return $res;
+ }
+
+ /**
+ * This method is used to build the SAML POST body sent to /samlValidate URL.
+ *
+ * @return the SOAP-encased SAMLP artifact (the ticket).
+ *
+ * @private
+ */
+ function buildSAMLPayload()
+ {
+ phpCAS::traceBegin();
+
+ //get the ticket
+ $sa = $this->getSA();
+ //phpCAS::trace("SA: ".$sa);
+
+ $body=SAML_SOAP_ENV.SAML_SOAP_BODY.SAMLP_REQUEST.SAML_ASSERTION_ARTIFACT.$sa.SAML_ASSERTION_ARTIFACT_CLOSE.SAMLP_REQUEST_CLOSE.SAML_SOAP_BODY_CLOSE.SAML_SOAP_ENV_CLOSE;
+
+ phpCAS::traceEnd($body);
+ return ($body);
+ }
+
+ /**
+ * This method is the callback used by readURL method to request HTTP headers.
+ */
+ var $_curl_headers = array();
+ function _curl_read_headers($ch, $header)
+ {
+ $this->_curl_headers[] = $header;
+ return strlen($header);
+ }
+
+ /**
+ * This method is used to access an HTTP[S] service.
+ *
+ * @param $url the service to access.
+ * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
+ * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
+ * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
+ * @param $output the output of the service (also used to give an error
+ * message on failure).
+ *
+ * @return TRUE on success, FALSE otherwise (in this later case, $err_code
+ * gives the reason why it failed and $output contains an error message).
+ *
+ * @public
+ */
+ function serviceWeb($url,&$err_code,&$output)
+ {
+ phpCAS::traceBegin();
+ // at first retrieve a PT
+ $pt = $this->retrievePT($url,$err_code,$output);
+
+ $res = TRUE;
+
+ // test if PT was retrieved correctly
+ if ( !$pt ) {
+ // note: $err_code and $err_msg are filled by CASClient::retrievePT()
+ phpCAS::trace('PT was not retrieved correctly');
+ $res = FALSE;
+ } else {
+ // add cookies if necessary
+ $cookies = $this->getCookies($url);
+
+ // build the URL including the PT
+ if ( strstr($url,'?') === FALSE ) {
+ $service_url = $url.'?ticket='.$pt;
+ } else {
+ $service_url = $url.'&ticket='.$pt;
+ }
+
+ phpCAS::trace('reading URL`'.$service_url.'\'');
+ if ( !$this->readURL($service_url,$cookies,$headers,$output,$err_msg) ) {
+ phpCAS::trace('could not read URL`'.$service_url.'\'');
+ $err_code = PHPCAS_SERVICE_NOT_AVAILABLE;
+ // give an error message
+ $output = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE),
+ $service_url,
+ $err_msg);
+ $res = FALSE;
+ } else {
+ // URL has been fetched, extract the cookies
+ phpCAS::trace('URL`'.$service_url.'\' has been read, storing cookies:');
+ $this->setCookies($headers,$url);
+ // Check for a possible redirect (phpCAS authenticiation redirect after ticket removal)
+ foreach($headers as $header){
+ if (preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches))
+ {
+ $redirect_url = trim(array_pop($matches));
+ phpCAS :: trace('Found redirect:'.$redirect_url);
+ $cookies = $this->getCookies($redirect_url);
+ phpCAS::trace('reading URL`'.$redirect_url.'\'');
+ if ( !$this->readURL($redirect_url,$cookies,$headers,$output,$err_msg) ) {
+ phpCAS::trace('could not read URL`'.$redirect_url.'\'');
+ $err_code = PHPCAS_SERVICE_NOT_AVAILABLE;
+ // give an error message
+ $output = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE),
+ $service_url,
+ $err_msg);
+ $res = FALSE;
+ } else {
+ // URL has been fetched, extract the cookies
+ phpCAS::trace('URL`'.$redirect_url.'\' has been read, storing cookies:');
+ $this->setCookies($headers,$redirect_url);
+ }
+ break;
+ }
+ }
+ }
+ }
+
+ phpCAS::traceEnd($res);
+ return $res;
+ }
+
+ /**
+ * This method stores cookies from a HTTP Header in the session
+ * @param $header HTTP Header
+ * @param $url the url the Header is from
+ */
+
+ function setCookies($headers,$url){
+ phpCAS::traceBegin();
+ foreach ( $headers as $header ) {
+ // test if the header is a cookie
+ if ( preg_match('/^Set-Cookie:/',$header) ) {
+ // the header is a cookie, remove the beginning
+ $header_val = preg_replace('/^Set-Cookie: */','',$header);
+ // extract interesting information
+ $name_val = strtok($header_val,'; ');
+ // extract the name and the value of the cookie
+ $cookie_name = strtok($name_val,'=');
+ $cookie_val = strtok('=');
+ // store the cookie
+ $_SESSION['phpCAS']['services'][$url]['cookies'][$cookie_name] = $cookie_val;
+ phpCAS::trace($cookie_name.' -> '.$cookie_val);
+ }
+ }
+ phpCAS::traceEnd();
+ }
+
+ /**
+ * This method get the cookies from the session
+ */
+
+ function getCookies($url){
+ $cookies = array();
+ if ( isset($_SESSION['phpCAS']['services'][$url]['cookies']) &&
+ is_array($_SESSION['phpCAS']['services'][$url]['cookies']) ) {
+ foreach ( $_SESSION['phpCAS']['services'][$url]['cookies'] as $name => $val ) {
+ $cookies[] = $name.'='.$val;
+ }
+ }
+ return $cookies;
+ }
+
+ /**
+ * This method is used to access an IMAP/POP3/NNTP service.
+ *
+ * @param $url a string giving the URL of the service, including the mailing box
+ * for IMAP URLs, as accepted by imap_open().
+ * @param $service a string giving for CAS retrieve Proxy ticket
+ * @param $flags options given to imap_open().
+ * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
+ * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
+ * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
+ * @param $err_msg an error message on failure
+ * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL
+ * on success, FALSE on error).
+ *
+ * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code
+ * gives the reason why it failed and $err_msg contains an error message).
+ *
+ * @public
+ */
+ function serviceMail($url,$service,$flags,&$err_code,&$err_msg,&$pt)
+ {
+ phpCAS::traceBegin();
+ // at first retrieve a PT
+ $pt = $this->retrievePT($service,$err_code,$output);
+
+ $stream = FALSE;
+
+ // test if PT was retrieved correctly
+ if ( !$pt ) {
+ // note: $err_code and $err_msg are filled by CASClient::retrievePT()
+ phpCAS::trace('PT was not retrieved correctly');
+ } else {
+ phpCAS::trace('opening IMAP URL `'.$url.'\'...');
+ $stream = @imap_open($url,$this->getUser(),$pt,$flags);
+ if ( !$stream ) {
+ phpCAS::trace('could not open URL');
+ $err_code = PHPCAS_SERVICE_NOT_AVAILABLE;
+ // give an error message
+ $err_msg = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE),
+ $service_url,
+ var_export(imap_errors(),TRUE));
+ $pt = FALSE;
+ $stream = FALSE;
+ } else {
+ phpCAS::trace('ok');
+ }
+ }
+
+ phpCAS::traceEnd($stream);
+ return $stream;
+ }
+
+ /** @} */
+
+ // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ // XX XX
+ // XX PROXIED CLIENT FEATURES (CAS 2.0) XX
+ // XX XX
+ // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+ // ########################################################################
+ // PT
+ // ########################################################################
+ /**
+ * @addtogroup internalProxied
+ * @{
+ */
+
+ /**
+ * the Proxy Ticket provided in the URL of the request if present
+ * (empty otherwise). Written by CASClient::CASClient(), read by
+ * CASClient::getPT() and CASClient::hasPGT().
+ *
+ * @hideinitializer
+ * @private
+ */
+ var $_pt = '';
+
+ /**
+ * This method returns the Proxy Ticket provided in the URL of the request.
+ * @return The proxy ticket.
+ * @private
+ */
+ function getPT()
+ {
+ // return 'ST'.substr($this->_pt, 2);
+ return $this->_pt;
+ }
+
+ /**
+ * This method stores the Proxy Ticket.
+ * @param $pt The Proxy Ticket.
+ * @private
+ */
+ function setPT($pt)
+ { $this->_pt = $pt; }
+
+ /**
+ * This method tells if a Proxy Ticket was stored.
+ * @return TRUE if a Proxy Ticket has been stored.
+ * @private
+ */
+ function hasPT()
+ { return !empty($this->_pt); }
+ /**
+ * This method returns the SAML Ticket provided in the URL of the request.
+ * @return The SAML ticket.
+ * @private
+ */
+ function getSA()
+ { return 'ST'.substr($this->_sa, 2); }
+
+ /**
+ * This method stores the SAML Ticket.
+ * @param $sa The SAML Ticket.
+ * @private
+ */
+ function setSA($sa)
+ { $this->_sa = $sa; }
+
+ /**
+ * This method tells if a SAML Ticket was stored.
+ * @return TRUE if a SAML Ticket has been stored.
+ * @private
+ */
+ function hasSA()
+ { return !empty($this->_sa); }
+
+ /** @} */
+ // ########################################################################
+ // PT VALIDATION
+ // ########################################################################
+ /**
+ * @addtogroup internalProxied
+ * @{
+ */
+
+ /**
+ * This method is used to validate a ST or PT; halt on failure
+ * Used for all CAS 2.0 validations
+ * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError().
+ *
+ * @private
+ */
+ function validatePT(&$validate_url,&$text_response,&$tree_response)
+ {
+ phpCAS::traceBegin();
+ // build the URL to validate the ticket
+ $validate_url = $this->getServerProxyValidateURL().'&ticket='.$this->getPT();
+
+ if ( $this->isProxy() ) {
+ // pass the callback url for CAS proxies
+ $validate_url .= '&pgtUrl='.urlencode($this->getCallbackURL());
+ }
+
+ // open and read the URL
+ if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) {
+ phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')');
+ $this->authError('PT not validated',
+ $validate_url,
+ TRUE/*$no_response*/);
+ }
+
+ // read the response of the CAS server into a DOM object
+ if ( !($dom = domxml_open_mem($text_response))) {
+ // read failed
+ $this->authError('PT not validated',
+ $validate_url,
+ FALSE/*$no_response*/,
+ TRUE/*$bad_response*/,
+ $text_response);
+ }
+ // read the root node of the XML tree
+ if ( !($tree_response = $dom->document_element()) ) {
+ // read failed
+ $this->authError('PT not validated',
+ $validate_url,
+ FALSE/*$no_response*/,
+ TRUE/*$bad_response*/,
+ $text_response);
+ }
+ // insure that tag name is 'serviceResponse'
+ if ( $tree_response->node_name() != 'serviceResponse' ) {
+ // bad root node
+ $this->authError('PT not validated',
+ $validate_url,
+ FALSE/*$no_response*/,
+ TRUE/*$bad_response*/,
+ $text_response);
+ }
+ if ( sizeof($arr = $tree_response->get_elements_by_tagname("authenticationSuccess")) != 0) {
+ // authentication succeded, extract the user name
+ if ( sizeof($arr = $tree_response->get_elements_by_tagname("user")) == 0) {
+ // no user specified => error
+ $this->authError('PT not validated',
+ $validate_url,
+ FALSE/*$no_response*/,
+ TRUE/*$bad_response*/,
+ $text_response);
+ }
+ $this->setUser(trim($arr[0]->get_content()));
+
+ } else if ( sizeof($arr = $tree_response->get_elements_by_tagname("authenticationFailure")) != 0) {
+ // authentication succeded, extract the error code and message
+ $this->authError('PT not validated',
+ $validate_url,
+ FALSE/*$no_response*/,
+ FALSE/*$bad_response*/,
+ $text_response,
+ $arr[0]->get_attribute('code')/*$err_code*/,
+ trim($arr[0]->get_content())/*$err_msg*/);
+ } else {
+ $this->authError('PT not validated',
+ $validate_url,
+ FALSE/*$no_response*/,
+ TRUE/*$bad_response*/,
+ $text_response);
+ }
+
+ $this->renameSession($this->getPT());
+ // at this step, PT has been validated and $this->_user has been set,
+
+ phpCAS::traceEnd(TRUE);
+ return TRUE;
+ }
+
+ /** @} */
+
+ // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ // XX XX
+ // XX MISC XX
+ // XX XX
+ // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+ /**
+ * @addtogroup internalMisc
+ * @{
+ */
+
+ // ########################################################################
+ // URL
+ // ########################################################################
+ /**
+ * the URL of the current request (without any ticket CGI parameter). Written
+ * and read by CASClient::getURL().
+ *
+ * @hideinitializer
+ * @private
+ */
+ var $_url = '';
+
+ /**
+ * This method returns the URL of the current request (without any ticket
+ * CGI parameter).
+ *
+ * @return The URL
+ *
+ * @private
+ */
+ function getURL()
+ {
+ phpCAS::traceBegin();
+ // the URL is built when needed only
+ if ( empty($this->_url) ) {
+ $final_uri = '';
+ // remove the ticket if present in the URL
+ $final_uri = ($this->isHttps()) ? 'https' : 'http';
+ $final_uri .= '://';
+ /* replaced by Julien Marchal - v0.4.6
+ * $this->_url .= $_SERVER['SERVER_NAME'];
+ */
+ if(empty($_SERVER['HTTP_X_FORWARDED_SERVER'])){
+ /* replaced by teedog - v0.4.12
+ * $this->_url .= $_SERVER['SERVER_NAME'];
+ */
+ if (empty($_SERVER['SERVER_NAME'])) {
+ $server_name = $_SERVER['HTTP_HOST'];
+ } else {
+ $server_name = $_SERVER['SERVER_NAME'];
+ }
+ } else {
+ $server_name = $_SERVER['HTTP_X_FORWARDED_SERVER'];
+ }
+ $final_uri .= $server_name;
+ if (!strpos($server_name, ':')) {
+ if ( ($this->isHttps() && $_SERVER['SERVER_PORT']!=443)
+ || (!$this->isHttps() && $_SERVER['SERVER_PORT']!=80) ) {
+ $final_uri .= ':';
+ $final_uri .= $_SERVER['SERVER_PORT'];
+ }
+ }
+
+ $request_uri = explode('?', $_SERVER['REQUEST_URI'], 2);
+ $final_uri .= $request_uri[0];
+
+ if (isset($request_uri[1]) && $request_uri[1])
+ {
+ $query_string = $this->removeParameterFromQueryString('ticket', $request_uri[1]);
+
+ // If the query string still has anything left, append it to the final URI
+ if ($query_string !== '')
+ $final_uri .= "?$query_string";
+
+ }
+
+ phpCAS::trace("Final URI: $final_uri");
+ $this->setURL($final_uri);
+ }
+ phpCAS::traceEnd($this->_url);
+ return $this->_url;
+ }
+
+
+
+ /**
+ * Removes a parameter from a query string
+ *
+ * @param string $parameterName
+ * @param string $queryString
+ * @return string
+ *
+ * @link http://stackoverflow.com/questions/1842681/regular-expression-to-remove-one-parameter-from-query-string
+ */
+ function removeParameterFromQueryString($parameterName, $queryString)
+ {
+ $parameterName = preg_quote($parameterName);
+ return preg_replace("/&$parameterName(=[^&]*)?|^$parameterName(=[^&]*)?&?/", '', $queryString);
+ }
+
+
+ /**
+ * This method sets the URL of the current request
+ *
+ * @param $url url to set for service
+ *
+ * @private
+ */
+ function setURL($url)
+ {
+ $this->_url = $url;
+ }
+
+ // ########################################################################
+ // AUTHENTICATION ERROR HANDLING
+ // ########################################################################
+ /**
+ * This method is used to print the HTML output when the user was not authenticated.
+ *
+ * @param $failure the failure that occured
+ * @param $cas_url the URL the CAS server was asked for
+ * @param $no_response the response from the CAS server (other
+ * parameters are ignored if TRUE)
+ * @param $bad_response bad response from the CAS server ($err_code
+ * and $err_msg ignored if TRUE)
+ * @param $cas_response the response of the CAS server
+ * @param $err_code the error code given by the CAS server
+ * @param $err_msg the error message given by the CAS server
+ *
+ * @private
+ */
+ function authError($failure,$cas_url,$no_response,$bad_response='',$cas_response='',$err_code='',$err_msg='')
+ {
+ phpCAS::traceBegin();
+
+ $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_FAILED));
+ printf($this->getString(CAS_STR_YOU_WERE_NOT_AUTHENTICATED),htmlentities($this->getURL()),$_SERVER['SERVER_ADMIN']);
+ phpCAS::trace('CAS URL: '.$cas_url);
+ phpCAS::trace('Authentication failure: '.$failure);
+ if ( $no_response ) {
+ phpCAS::trace('Reason: no response from the CAS server');
+ } else {
+ if ( $bad_response ) {
+ phpCAS::trace('Reason: bad response from the CAS server');
+ } else {
+ switch ($this->getServerVersion()) {
+ case CAS_VERSION_1_0:
+ phpCAS::trace('Reason: CAS error');
+ break;
+ case CAS_VERSION_2_0:
+ if ( empty($err_code) )
+ phpCAS::trace('Reason: no CAS error');
+ else
+ phpCAS::trace('Reason: ['.$err_code.'] CAS error: '.$err_msg);
+ break;
+ }
+ }
+ phpCAS::trace('CAS response: '.$cas_response);
+ }
+ $this->printHTMLFooter();
+ phpCAS::traceExit();
+ exit();
+ }
+
+ /** @} */
+}
+
+?>
--- /dev/null
+<?php
+/*
+ Requires PHP5, uses built-in DOM extension.
+ To be used in PHP4 scripts using DOMXML extension: allows PHP4/DOMXML scripts to run on PHP5/DOM.
+ (Optional: requires PHP5/XSL extension for domxml_xslt functions, PHP>=5.1 for XPath evaluation functions, and PHP>=5.1/libxml for DOMXML error reports)
+
+ Typical use:
+ {
+ if (PHP_VERSION>='5')
+ require_once('domxml-php4-to-php5.php');
+ }
+
+ Version 1.21.1a, 2009-03-13, http://alexandre.alapetite.fr/doc-alex/domxml-php4-php5/
+
+ ------------------------------------------------------------------
+ Written by Alexandre Alapetite, http://alexandre.alapetite.fr/cv/
+
+ Copyright 2004-2009, GNU Lesser General Public License,
+ http://www.gnu.org/licenses/lgpl.html
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/lgpl.html>
+
+ == Rights and obligations ==
+ - Attribution: You must give the original author credit.
+ - Share Alike: If you alter or transform this library,
+ you may distribute the resulting library only under the same license GNU/LGPL.
+ - In case of jurisdiction dispute, the French law is authoritative.
+ - Any of these conditions can be waived if you get permission from Alexandre Alapetite.
+ - Not required, but please send to Alexandre Alapetite the modifications you make,
+ in order to improve this file for the benefit of everybody.
+
+ If you want to distribute this code, please do it as a link to:
+ http://alexandre.alapetite.fr/doc-alex/domxml-php4-php5/
+*/
+
+define('DOMXML_LOAD_PARSING',0);
+define('DOMXML_LOAD_VALIDATING',1);
+define('DOMXML_LOAD_RECOVERING',2);
+define('DOMXML_LOAD_SUBSTITUTE_ENTITIES',4);
+//define('DOMXML_LOAD_COMPLETE_ATTRS',8);
+define('DOMXML_LOAD_DONT_KEEP_BLANKS',16);
+
+function domxml_new_doc($version) {return new php4DOMDocument();}
+function domxml_new_xmldoc($version) {return new php4DOMDocument();}
+function domxml_open_file($filename,$mode=DOMXML_LOAD_PARSING,&$error=null)
+{
+ $dom=new php4DOMDocument($mode);
+ $errorMode=(func_num_args()>2)&&defined('LIBXML_VERSION');
+ if ($errorMode) libxml_use_internal_errors(true);
+ if (!$dom->myDOMNode->load($filename)) $dom=null;
+ if ($errorMode)
+ {
+ $error=array_map('_error_report',libxml_get_errors());
+ libxml_clear_errors();
+ }
+ return $dom;
+}
+function domxml_open_mem($str,$mode=DOMXML_LOAD_PARSING,&$error=null)
+{
+ $dom=new php4DOMDocument($mode);
+ $errorMode=(func_num_args()>2)&&defined('LIBXML_VERSION');
+ if ($errorMode) libxml_use_internal_errors(true);
+ if (!$dom->myDOMNode->loadXML($str)) $dom=null;
+ if ($errorMode)
+ {
+ $error=array_map('_error_report',libxml_get_errors());
+ libxml_clear_errors();
+ }
+ return $dom;
+}
+function html_doc($html_doc,$from_file=false)
+{
+ $dom=new php4DOMDocument();
+ if ($from_file) $result=$dom->myDOMNode->loadHTMLFile($html_doc);
+ else $result=$dom->myDOMNode->loadHTML($html_doc);
+ return $result ? $dom : null;
+}
+function html_doc_file($filename) {return html_doc($filename,true);}
+function xmldoc($str) {return domxml_open_mem($str);}
+function xmldocfile($filename) {return domxml_open_file($filename);}
+function xpath_eval($xpath_context,$eval_str,$contextnode=null) {return $xpath_context->xpath_eval($eval_str,$contextnode);}
+function xpath_new_context($dom_document) {return new php4DOMXPath($dom_document);}
+function xpath_register_ns($xpath_context,$prefix,$namespaceURI) {return $xpath_context->myDOMXPath->registerNamespace($prefix,$namespaceURI);}
+function _entityDecode($text) {return html_entity_decode(strtr($text,array('''=>'\'')),ENT_QUOTES,'UTF-8');}
+function _error_report($error) {return array('errormessage'=>$error->message,'nodename'=>'','line'=>$error->line,'col'=>$error->column)+($error->file==''?array():array('directory'=>dirname($error->file),'file'=>basename($error->file)));}
+
+class php4DOMAttr extends php4DOMNode
+{
+ function __get($name)
+ {
+ if ($name==='name') return $this->myDOMNode->name;
+ else return parent::__get($name);
+ }
+ function name() {return $this->myDOMNode->name;}
+ function set_content($text) {}
+ //function set_value($content) {return $this->myDOMNode->value=htmlspecialchars($content,ENT_QUOTES);}
+ function specified() {return $this->myDOMNode->specified;}
+ function value() {return $this->myDOMNode->value;}
+}
+
+class php4DOMDocument extends php4DOMNode
+{
+ function php4DOMDocument($mode=DOMXML_LOAD_PARSING)
+ {
+ $this->myDOMNode=new DOMDocument();
+ $this->myOwnerDocument=$this;
+ if ($mode & DOMXML_LOAD_VALIDATING) $this->myDOMNode->validateOnParse=true;
+ if ($mode & DOMXML_LOAD_RECOVERING) $this->myDOMNode->recover=true;
+ if ($mode & DOMXML_LOAD_SUBSTITUTE_ENTITIES) $this->myDOMNode->substituteEntities=true;
+ if ($mode & DOMXML_LOAD_DONT_KEEP_BLANKS) $this->myDOMNode->preserveWhiteSpace=false;
+ }
+ function add_root($name)
+ {
+ if ($this->myDOMNode->hasChildNodes()) $this->myDOMNode->removeChild($this->myDOMNode->firstChild);
+ return new php4DOMElement($this->myDOMNode->appendChild($this->myDOMNode->createElement($name)),$this->myOwnerDocument);
+ }
+ function create_attribute($name,$value)
+ {
+ $myAttr=$this->myDOMNode->createAttribute($name);
+ $myAttr->value=htmlspecialchars($value,ENT_QUOTES);
+ return new php4DOMAttr($myAttr,$this);
+ }
+ function create_cdata_section($content) {return new php4DOMNode($this->myDOMNode->createCDATASection($content),$this);}
+ function create_comment($data) {return new php4DOMNode($this->myDOMNode->createComment($data),$this);}
+ function create_element($name) {return new php4DOMElement($this->myDOMNode->createElement($name),$this);}
+ function create_element_ns($uri,$name,$prefix=null)
+ {
+ if ($prefix==null) $prefix=$this->myDOMNode->lookupPrefix($uri);
+ if (($prefix==null)&&(($this->myDOMNode->documentElement==null)||(!$this->myDOMNode->documentElement->isDefaultNamespace($uri)))) $prefix='a'.sprintf('%u',crc32($uri));
+ return new php4DOMElement($this->myDOMNode->createElementNS($uri,$prefix==null ? $name : $prefix.':'.$name),$this);
+ }
+ function create_entity_reference($content) {return new php4DOMNode($this->myDOMNode->createEntityReference($content),$this);} //By Walter Ebert 2007-01-22
+ function create_processing_instruction($target,$data=''){return new php4DomProcessingInstruction($this->myDOMNode->createProcessingInstruction($target,$data),$this);}
+ function create_text_node($content) {return new php4DOMText($this->myDOMNode->createTextNode($content),$this);}
+ function document_element() {return parent::_newDOMElement($this->myDOMNode->documentElement,$this);}
+ function dump_file($filename,$compressionmode=false,$format=false)
+ {
+ $format0=$this->myDOMNode->formatOutput;
+ $this->myDOMNode->formatOutput=$format;
+ $res=$this->myDOMNode->save($filename);
+ $this->myDOMNode->formatOutput=$format0;
+ return $res;
+ }
+ function dump_mem($format=false,$encoding=false)
+ {
+ $format0=$this->myDOMNode->formatOutput;
+ $this->myDOMNode->formatOutput=$format;
+ $encoding0=$this->myDOMNode->encoding;
+ if ($encoding) $this->myDOMNode->encoding=$encoding;
+ $dump=$this->myDOMNode->saveXML();
+ $this->myDOMNode->formatOutput=$format0;
+ if ($encoding) $this->myDOMNode->encoding= $encoding0=='' ? 'UTF-8' : $encoding0; //UTF-8 is XML default encoding
+ return $dump;
+ }
+ function free()
+ {
+ if ($this->myDOMNode->hasChildNodes()) $this->myDOMNode->removeChild($this->myDOMNode->firstChild);
+ $this->myDOMNode=null;
+ $this->myOwnerDocument=null;
+ }
+ function get_element_by_id($id) {return parent::_newDOMElement($this->myDOMNode->getElementById($id),$this);}
+ function get_elements_by_tagname($name)
+ {
+ $myDOMNodeList=$this->myDOMNode->getElementsByTagName($name);
+ $nodeSet=array();
+ $i=0;
+ if (isset($myDOMNodeList))
+ while ($node=$myDOMNodeList->item($i++)) $nodeSet[]=new php4DOMElement($node,$this);
+ return $nodeSet;
+ }
+ function html_dump_mem() {return $this->myDOMNode->saveHTML();}
+ function root() {return parent::_newDOMElement($this->myDOMNode->documentElement,$this);}
+ function xinclude() {return $this->myDOMNode->xinclude();}
+ function xpath_new_context() {return new php4DOMXPath($this);}
+}
+
+class php4DOMElement extends php4DOMNode
+{
+ function add_namespace($uri,$prefix)
+ {
+ if ($this->myDOMNode->hasAttributeNS('http://www.w3.org/2000/xmlns/',$prefix)) return false;
+ else
+ {
+ $this->myDOMNode->setAttributeNS('http://www.w3.org/2000/xmlns/','xmlns:'.$prefix,$uri); //By Daniel Walker 2006-09-08
+ return true;
+ }
+ }
+ function get_attribute($name) {return $this->myDOMNode->getAttribute($name);}
+ function get_attribute_node($name) {return parent::_newDOMElement($this->myDOMNode->getAttributeNode($name),$this->myOwnerDocument);}
+ function get_elements_by_tagname($name)
+ {
+ $myDOMNodeList=$this->myDOMNode->getElementsByTagName($name);
+ $nodeSet=array();
+ $i=0;
+ if (isset($myDOMNodeList))
+ while ($node=$myDOMNodeList->item($i++)) $nodeSet[]=new php4DOMElement($node,$this->myOwnerDocument);
+ return $nodeSet;
+ }
+ function has_attribute($name) {return $this->myDOMNode->hasAttribute($name);}
+ function remove_attribute($name) {return $this->myDOMNode->removeAttribute($name);}
+ function set_attribute($name,$value)
+ {
+ //return $this->myDOMNode->setAttribute($name,$value); //Does not return a DomAttr
+ $myAttr=$this->myDOMNode->ownerDocument->createAttribute($name);
+ $myAttr->value=htmlspecialchars($value,ENT_QUOTES); //Entity problem reported by AL-DesignWorks 2007-09-07
+ $this->myDOMNode->setAttributeNode($myAttr);
+ return new php4DOMAttr($myAttr,$this->myOwnerDocument);
+ }
+ /*function set_attribute_node($attr)
+ {
+ $this->myDOMNode->setAttributeNode($this->_importNode($attr));
+ return $attr;
+ }*/
+ function set_name($name)
+ {
+ if ($this->myDOMNode->prefix=='') $newNode=$this->myDOMNode->ownerDocument->createElement($name);
+ else $newNode=$this->myDOMNode->ownerDocument->createElementNS($this->myDOMNode->namespaceURI,$this->myDOMNode->prefix.':'.$name);
+ $myDOMNodeList=$this->myDOMNode->attributes;
+ $i=0;
+ if (isset($myDOMNodeList))
+ while ($node=$myDOMNodeList->item($i++))
+ if ($node->namespaceURI=='') $newNode->setAttribute($node->name,$node->value);
+ else $newNode->setAttributeNS($node->namespaceURI,$node->nodeName,$node->value);
+ $myDOMNodeList=$this->myDOMNode->childNodes;
+ if (isset($myDOMNodeList))
+ while ($node=$myDOMNodeList->item(0)) $newNode->appendChild($node);
+ $this->myDOMNode->parentNode->replaceChild($newNode,$this->myDOMNode);
+ $this->myDOMNode=$newNode;
+ return true;
+ }
+ function tagname() {return $this->tagname;}
+}
+
+class php4DOMNode
+{
+ public $myDOMNode;
+ public $myOwnerDocument;
+ function php4DOMNode($aDomNode,$aOwnerDocument)
+ {
+ $this->myDOMNode=$aDomNode;
+ $this->myOwnerDocument=$aOwnerDocument;
+ }
+ function __get($name)
+ {
+ switch ($name)
+ {
+ case 'type': return $this->myDOMNode->nodeType;
+ case 'tagname': return ($this->myDOMNode->nodeType===XML_ELEMENT_NODE) ? $this->myDOMNode->localName : $this->myDOMNode->tagName; //Avoid namespace prefix for DOMElement
+ case 'content': return $this->myDOMNode->textContent;
+ case 'value': return $this->myDOMNode->value;
+ default:
+ $myErrors=debug_backtrace();
+ trigger_error('Undefined property: '.get_class($this).'::$'.$name.' ['.$myErrors[0]['file'].':'.$myErrors[0]['line'].']',E_USER_NOTICE);
+ return false;
+ }
+ }
+ function add_child($newnode) {return $this->append_child($newnode);}
+ function add_namespace($uri,$prefix) {return false;}
+ function append_child($newnode) {return self::_newDOMElement($this->myDOMNode->appendChild($this->_importNode($newnode)),$this->myOwnerDocument);}
+ function append_sibling($newnode) {return self::_newDOMElement($this->myDOMNode->parentNode->appendChild($this->_importNode($newnode)),$this->myOwnerDocument);}
+ function attributes()
+ {
+ $myDOMNodeList=$this->myDOMNode->attributes;
+ if (!(isset($myDOMNodeList)&&$this->myDOMNode->hasAttributes())) return null;
+ $nodeSet=array();
+ $i=0;
+ while ($node=$myDOMNodeList->item($i++)) $nodeSet[]=new php4DOMAttr($node,$this->myOwnerDocument);
+ return $nodeSet;
+ }
+ function child_nodes()
+ {
+ $myDOMNodeList=$this->myDOMNode->childNodes;
+ $nodeSet=array();
+ $i=0;
+ if (isset($myDOMNodeList))
+ while ($node=$myDOMNodeList->item($i++)) $nodeSet[]=self::_newDOMElement($node,$this->myOwnerDocument);
+ return $nodeSet;
+ }
+ function children() {return $this->child_nodes();}
+ function clone_node($deep=false) {return self::_newDOMElement($this->myDOMNode->cloneNode($deep),$this->myOwnerDocument);}
+ //dump_node($node) should only be called on php4DOMDocument
+ function dump_node($node=null) {return $node==null ? $this->myOwnerDocument->myDOMNode->saveXML($this->myDOMNode) : $this->myOwnerDocument->myDOMNode->saveXML($node->myDOMNode);}
+ function first_child() {return self::_newDOMElement($this->myDOMNode->firstChild,$this->myOwnerDocument);}
+ function get_content() {return $this->myDOMNode->textContent;}
+ function has_attributes() {return $this->myDOMNode->hasAttributes();}
+ function has_child_nodes() {return $this->myDOMNode->hasChildNodes();}
+ function insert_before($newnode,$refnode) {return self::_newDOMElement($this->myDOMNode->insertBefore($this->_importNode($newnode),$refnode==null?null:$refnode->myDOMNode),$this->myOwnerDocument);}
+ function is_blank_node() {return ($this->myDOMNode->nodeType===XML_TEXT_NODE)&&preg_match('%^\s*$%',$this->myDOMNode->nodeValue);}
+ function last_child() {return self::_newDOMElement($this->myDOMNode->lastChild,$this->myOwnerDocument);}
+ function new_child($name,$content)
+ {
+ $mySubNode=$this->myDOMNode->ownerDocument->createElement($name);
+ $mySubNode->appendChild($this->myDOMNode->ownerDocument->createTextNode(_entityDecode($content)));
+ $this->myDOMNode->appendChild($mySubNode);
+ return new php4DOMElement($mySubNode,$this->myOwnerDocument);
+ }
+ function next_sibling() {return self::_newDOMElement($this->myDOMNode->nextSibling,$this->myOwnerDocument);}
+ function node_name() {return ($this->myDOMNode->nodeType===XML_ELEMENT_NODE) ? $this->myDOMNode->localName : $this->myDOMNode->nodeName;} //Avoid namespace prefix for DOMElement
+ function node_type() {return $this->myDOMNode->nodeType;}
+ function node_value() {return $this->myDOMNode->nodeValue;}
+ function owner_document() {return $this->myOwnerDocument;}
+ function parent_node() {return self::_newDOMElement($this->myDOMNode->parentNode,$this->myOwnerDocument);}
+ function prefix() {return $this->myDOMNode->prefix;}
+ function previous_sibling() {return self::_newDOMElement($this->myDOMNode->previousSibling,$this->myOwnerDocument);}
+ function remove_child($oldchild) {return self::_newDOMElement($this->myDOMNode->removeChild($oldchild->myDOMNode),$this->myOwnerDocument);}
+ function replace_child($newnode,$oldnode) {return self::_newDOMElement($this->myDOMNode->replaceChild($this->_importNode($newnode),$oldnode->myDOMNode),$this->myOwnerDocument);}
+ function replace_node($newnode) {return self::_newDOMElement($this->myDOMNode->parentNode->replaceChild($this->_importNode($newnode),$this->myDOMNode),$this->myOwnerDocument);}
+ function set_content($text) {return $this->myDOMNode->appendChild($this->myDOMNode->ownerDocument->createTextNode(_entityDecode($text)));} //Entity problem reported by AL-DesignWorks 2007-09-07
+ //function set_name($name) {return $this->myOwnerDocument->renameNode($this->myDOMNode,$this->myDOMNode->namespaceURI,$name);}
+ function set_namespace($uri,$prefix=null)
+ {//Contributions by Daniel Walker 2006-09-08
+ $nsprefix=$this->myDOMNode->lookupPrefix($uri);
+ if ($nsprefix==null)
+ {
+ $nsprefix= $prefix==null ? $nsprefix='a'.sprintf('%u',crc32($uri)) : $prefix;
+ if ($this->myDOMNode->nodeType===XML_ATTRIBUTE_NODE)
+ {
+ if (($prefix!=null)&&$this->myDOMNode->ownerElement->hasAttributeNS('http://www.w3.org/2000/xmlns/',$nsprefix)&&
+ ($this->myDOMNode->ownerElement->getAttributeNS('http://www.w3.org/2000/xmlns/',$nsprefix)!=$uri))
+ {//Remove namespace
+ $parent=$this->myDOMNode->ownerElement;
+ $parent->removeAttributeNode($this->myDOMNode);
+ $parent->setAttribute($this->myDOMNode->localName,$this->myDOMNode->nodeValue);
+ $this->myDOMNode=$parent->getAttributeNode($this->myDOMNode->localName);
+ return;
+ }
+ $this->myDOMNode->ownerElement->setAttributeNS('http://www.w3.org/2000/xmlns/','xmlns:'.$nsprefix,$uri);
+ }
+ }
+ if ($this->myDOMNode->nodeType===XML_ATTRIBUTE_NODE)
+ {
+ $parent=$this->myDOMNode->ownerElement;
+ $parent->removeAttributeNode($this->myDOMNode);
+ $parent->setAttributeNS($uri,$nsprefix.':'.$this->myDOMNode->localName,$this->myDOMNode->nodeValue);
+ $this->myDOMNode=$parent->getAttributeNodeNS($uri,$this->myDOMNode->localName);
+ }
+ elseif ($this->myDOMNode->nodeType===XML_ELEMENT_NODE)
+ {
+ $NewNode=$this->myDOMNode->ownerDocument->createElementNS($uri,$nsprefix.':'.$this->myDOMNode->localName);
+ foreach ($this->myDOMNode->attributes as $n) $NewNode->appendChild($n->cloneNode(true));
+ foreach ($this->myDOMNode->childNodes as $n) $NewNode->appendChild($n->cloneNode(true));
+ $xpath=new DOMXPath($this->myDOMNode->ownerDocument);
+ $myDOMNodeList=$xpath->query('namespace::*[name()!="xml"]',$this->myDOMNode); //Add old namespaces
+ foreach ($myDOMNodeList as $n) $NewNode->setAttributeNS('http://www.w3.org/2000/xmlns/',$n->nodeName,$n->nodeValue);
+ $this->myDOMNode->parentNode->replaceChild($NewNode,$this->myDOMNode);
+ $this->myDOMNode=$NewNode;
+ }
+ }
+ function unlink_node()
+ {
+ if ($this->myDOMNode->parentNode!=null)
+ {
+ if ($this->myDOMNode->nodeType===XML_ATTRIBUTE_NODE) $this->myDOMNode->parentNode->removeAttributeNode($this->myDOMNode);
+ else $this->myDOMNode->parentNode->removeChild($this->myDOMNode);
+ }
+ }
+ protected function _importNode($newnode) {return $this->myOwnerDocument===$newnode->myOwnerDocument ? $newnode->myDOMNode : $this->myOwnerDocument->myDOMNode->importNode($newnode->myDOMNode,true);} //To import DOMNode from another DOMDocument
+ static function _newDOMElement($aDOMNode,$aOwnerDocument)
+ {//Check the PHP5 DOMNode before creating a new associated PHP4 DOMNode wrapper
+ if ($aDOMNode==null) return null;
+ switch ($aDOMNode->nodeType)
+ {
+ case XML_ELEMENT_NODE: return new php4DOMElement($aDOMNode,$aOwnerDocument);
+ case XML_TEXT_NODE: return new php4DOMText($aDOMNode,$aOwnerDocument);
+ case XML_ATTRIBUTE_NODE: return new php4DOMAttr($aDOMNode,$aOwnerDocument);
+ case XML_PI_NODE: return new php4DomProcessingInstruction($aDOMNode,$aOwnerDocument);
+ default: return new php4DOMNode($aDOMNode,$aOwnerDocument);
+ }
+ }
+}
+
+class php4DomProcessingInstruction extends php4DOMNode
+{
+ function data() {return $this->myDOMNode->data;}
+ function target() {return $this->myDOMNode->target;}
+}
+
+class php4DOMText extends php4DOMNode
+{
+ function __get($name)
+ {
+ if ($name==='tagname') return '#text';
+ else return parent::__get($name);
+ }
+ function tagname() {return '#text';}
+ function set_content($text) {$this->myDOMNode->nodeValue=$text; return true;}
+}
+
+if (!defined('XPATH_NODESET'))
+{
+ define('XPATH_UNDEFINED',0);
+ define('XPATH_NODESET',1);
+ define('XPATH_BOOLEAN',2);
+ define('XPATH_NUMBER',3);
+ define('XPATH_STRING',4);
+ /*define('XPATH_POINT',5);
+ define('XPATH_RANGE',6);
+ define('XPATH_LOCATIONSET',7);
+ define('XPATH_USERS',8);
+ define('XPATH_XSLT_TREE',9);*/
+}
+
+class php4DOMNodelist
+{
+ private $myDOMNodelist;
+ public $nodeset;
+ public $type=XPATH_UNDEFINED;
+ public $value;
+ function php4DOMNodelist($aDOMNodelist,$aOwnerDocument)
+ {
+ if (!isset($aDOMNodelist)) return;
+ elseif (is_object($aDOMNodelist)||is_array($aDOMNodelist))
+ {
+ if ($aDOMNodelist->length>0)
+ {
+ $this->myDOMNodelist=$aDOMNodelist;
+ $this->nodeset=array();
+ $this->type=XPATH_NODESET;
+ $i=0;
+ while ($node=$this->myDOMNodelist->item($i++)) $this->nodeset[]=php4DOMNode::_newDOMElement($node,$aOwnerDocument);
+ }
+ }
+ elseif (is_int($aDOMNodelist)||is_float($aDOMNodelist))
+ {
+ $this->type=XPATH_NUMBER;
+ $this->value=$aDOMNodelist;
+ }
+ elseif (is_bool($aDOMNodelist))
+ {
+ $this->type=XPATH_BOOLEAN;
+ $this->value=$aDOMNodelist;
+ }
+ elseif (is_string($aDOMNodelist))
+ {
+ $this->type=XPATH_STRING;
+ $this->value=$aDOMNodelist;
+ }
+ }
+}
+
+class php4DOMXPath
+{
+ public $myDOMXPath;
+ private $myOwnerDocument;
+ function php4DOMXPath($dom_document)
+ {
+ //TODO: If $dom_document is a DomElement, make that default $contextnode and modify XPath. Ex: '/test'
+ $this->myOwnerDocument=$dom_document->myOwnerDocument;
+ $this->myDOMXPath=new DOMXPath($this->myOwnerDocument->myDOMNode);
+ }
+ function xpath_eval($eval_str,$contextnode=null)
+ {
+ if (method_exists($this->myDOMXPath,'evaluate')) $xp=isset($contextnode->myDOMNode) ? $this->myDOMXPath->evaluate($eval_str,$contextnode->myDOMNode) : $this->myDOMXPath->evaluate($eval_str);
+ else $xp=isset($contextnode->myDOMNode) ? $this->myDOMXPath->query($eval_str,$contextnode->myDOMNode) : $this->myDOMXPath->query($eval_str);
+ $xp=new php4DOMNodelist($xp,$this->myOwnerDocument);
+ return ($xp->type===XPATH_UNDEFINED) ? false : $xp;
+ }
+ function xpath_register_ns($prefix,$namespaceURI) {return $this->myDOMXPath->registerNamespace($prefix,$namespaceURI);}
+}
+
+if (extension_loaded('xsl'))
+{//See also: http://alexandre.alapetite.fr/doc-alex/xslt-php4-php5/
+ function domxml_xslt_stylesheet($xslstring) {return new php4DomXsltStylesheet(DOMDocument::loadXML($xslstring));}
+ function domxml_xslt_stylesheet_doc($dom_document) {return new php4DomXsltStylesheet($dom_document);}
+ function domxml_xslt_stylesheet_file($xslfile) {return new php4DomXsltStylesheet(DOMDocument::load($xslfile));}
+ class php4DomXsltStylesheet
+ {
+ private $myxsltProcessor;
+ function php4DomXsltStylesheet($dom_document)
+ {
+ $this->myxsltProcessor=new xsltProcessor();
+ $this->myxsltProcessor->importStyleSheet($dom_document);
+ }
+ function process($dom_document,$xslt_parameters=array(),$param_is_xpath=false)
+ {
+ foreach ($xslt_parameters as $param=>$value) $this->myxsltProcessor->setParameter('',$param,$value);
+ $myphp4DOMDocument=new php4DOMDocument();
+ $myphp4DOMDocument->myDOMNode=$this->myxsltProcessor->transformToDoc($dom_document->myDOMNode);
+ return $myphp4DOMDocument;
+ }
+ function result_dump_file($dom_document,$filename)
+ {
+ $html=$dom_document->myDOMNode->saveHTML();
+ file_put_contents($filename,$html);
+ return $html;
+ }
+ function result_dump_mem($dom_document) {return $dom_document->myDOMNode->saveHTML();}
+ }
+}
+?>
--- /dev/null
+<?php\r
+\r
+/**\r
+ * @file languages/spanish.php\r
+ * @author Iván-Benjamín García Torà <ivaniclixx AT gmail DOT com>\r
+ * @sa @link internalLang Internationalization @endlink\r
+ * @ingroup internalLang\r
+ */\r
+\r
+$this->_strings = array(\r
+ CAS_STR_USING_SERVER \r
+ => 'usant servidor',\r
+ CAS_STR_AUTHENTICATION_WANTED \r
+ => 'Autentificació CAS necessària!',\r
+ CAS_STR_LOGOUT \r
+ => 'Sortida de CAS necessària!',\r
+ CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED \r
+ => 'Ja hauria d\ haver estat redireccionat al servidor CAS. Feu click <a href="%s">aquí</a> per a continuar.',\r
+ CAS_STR_AUTHENTICATION_FAILED \r
+ => 'Autentificació CAS fallida!',\r
+ CAS_STR_YOU_WERE_NOT_AUTHENTICATED \r
+ => '<p>No estàs autentificat.</p><p>Pots tornar a intentar-ho fent click <a href="%s">aquí</a>.</p><p>Si el problema persisteix hauría de contactar amb l\'<a href="mailto:%s">administrador d\'aquest llocc</a>.</p>',\r
+ CAS_STR_SERVICE_UNAVAILABLE\r
+ => 'El servei `<b>%s</b>\' no està disponible (<b>%s</b>).'\r
+);\r
+\r
+?>\r
--- /dev/null
+<?php\r
+\r
+/**\r
+ * @file languages/english.php\r
+ * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>\r
+ * @sa @link internalLang Internationalization @endlink\r
+ * @ingroup internalLang\r
+ */\r
+\r
+$this->_strings = array(\r
+ CAS_STR_USING_SERVER \r
+ => 'using server',\r
+ CAS_STR_AUTHENTICATION_WANTED \r
+ => 'CAS Authentication wanted!',\r
+ CAS_STR_LOGOUT \r
+ => 'CAS logout wanted!',\r
+ CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED \r
+ => 'You should already have been redirected to the CAS server. Click <a href="%s">here</a> to continue.',\r
+ CAS_STR_AUTHENTICATION_FAILED \r
+ => 'CAS Authentication failed!',\r
+ CAS_STR_YOU_WERE_NOT_AUTHENTICATED \r
+ => '<p>You were not authenticated.</p><p>You may submit your request again by clicking <a href="%s">here</a>.</p><p>If the problem persists, you may contact <a href="mailto:%s">the administrator of this site</a>.</p>',\r
+ CAS_STR_SERVICE_UNAVAILABLE\r
+ => 'The service `<b>%s</b>\' is not available (<b>%s</b>).'\r
+);\r
+\r
+?>
\ No newline at end of file
--- /dev/null
+<?php\r
+\r
+/**\r
+ * @file languages/english.php\r
+ * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>\r
+ * @sa @link internalLang Internationalization @endlink\r
+ * @ingroup internalLang\r
+ */\r
+\r
+$this->_strings = array(\r
+ CAS_STR_USING_SERVER \r
+ => 'utilisant le serveur',\r
+ CAS_STR_AUTHENTICATION_WANTED \r
+ => 'Authentication CAS n�cessaire !',\r
+ CAS_STR_LOGOUT \r
+ => 'D�connexion demand�e !',\r
+ CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED \r
+ => 'Vous auriez du etre redirig�(e) vers le serveur CAS. Cliquez <a href="%s">ici</a> pour continuer.',\r
+ CAS_STR_AUTHENTICATION_FAILED \r
+ => 'Authentification CAS infructueuse !',\r
+ CAS_STR_YOU_WERE_NOT_AUTHENTICATED \r
+ => '<p>Vous n\'avez pas �t� authentifi�(e).</p><p>Vous pouvez soumettre votre requete � nouveau en cliquant <a href="%s">ici</a>.</p><p>Si le probl�me persiste, vous pouvez contacter <a href="mailto:%s">l\'administrateur de ce site</a>.</p>',\r
+ CAS_STR_SERVICE_UNAVAILABLE\r
+ => 'Le service `<b>%s</b>\' est indisponible (<b>%s</b>)'\r
+\r
+);\r
+\r
+?>
\ No newline at end of file
--- /dev/null
+<?php\r
+\r
+/**\r
+ * @file languages/german.php\r
+ * @author Henrik Genssen <hg at mediafactory.de>\r
+ * @sa @link internalLang Internationalization @endlink\r
+ * @ingroup internalLang\r
+ */\r
+\r
+$this->_strings = array(\r
+ CAS_STR_USING_SERVER \r
+ => 'via Server',\r
+ CAS_STR_AUTHENTICATION_WANTED \r
+ => 'CAS Authentifizierung erforderlich!',\r
+ CAS_STR_LOGOUT \r
+ => 'CAS Abmeldung!',\r
+ CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED \r
+ => 'eigentlich häten Sie zum CAS Server weitergeleitet werden sollen. Drücken Sie <a href="%s">hier</a> um fortzufahren.',\r
+ CAS_STR_AUTHENTICATION_FAILED \r
+ => 'CAS Anmeldung fehlgeschlagen!',\r
+ CAS_STR_YOU_WERE_NOT_AUTHENTICATED \r
+ => '<p>Sie wurden nicht angemeldet.</p><p>Um es erneut zu versuchen klicken Sie <a href="%s">hier</a>.</p><p>Wenn das Problem bestehen bleibt, kontkatieren Sie den <a href="mailto:%s">Administrator</a> dieser Seite.</p>',\r
+ CAS_STR_SERVICE_UNAVAILABLE\r
+ => 'Der Dienst `<b>%s</b>\' ist nicht verfügbar (<b>%s</b>).'\r
+);\r
+\r
+?>
\ No newline at end of file
--- /dev/null
+<?php\r
+\r
+/**\r
+ * @file languages/greek.php\r
+ * @author Vangelis Haniotakis <haniotak at ucnet.uoc.gr>\r
+ * @sa @link internalLang Internationalization @endlink\r
+ * @ingroup internalLang\r
+ */\r
+\r
+$this->_strings = array(\r
+ CAS_STR_USING_SERVER \r
+ => '��������������� � ������������',\r
+ CAS_STR_AUTHENTICATION_WANTED \r
+ => '���������� � ����������� CAS!',\r
+ CAS_STR_LOGOUT \r
+ => '���������� � ���������� ��� CAS!',\r
+ CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED \r
+ => '�� ������ �� ������ �������������� ���� ����������� CAS. ����� ���� <a href="%s">���</a> ��� �� ����������.',\r
+ CAS_STR_AUTHENTICATION_FAILED \r
+ => '� ����������� CAS �������!',\r
+ CAS_STR_YOU_WERE_NOT_AUTHENTICATED \r
+ => '<p>��� ���������������.</p><p>�������� �� ����������������, �������� ���� <a href="%s">���</a>.</p><p>��� �� �������� ���������, ����� �� ����� �� ��� <a href="mailto:%s">�����������</a>.</p>',\r
+ CAS_STR_SERVICE_UNAVAILABLE\r
+ => '� �������� `<b>%s</b>\' ��� ����� ��������� (<b>%s</b>).'\r
+);\r
+\r
+?>
\ No newline at end of file
--- /dev/null
+<?php
+
+/**
+ * @file languages/japanese.php
+ * @author fnorif (fnorif@yahoo.co.jp)
+ *
+ * Now Encoding is EUC-JP and LF
+ **/
+
+$this->_strings = array(
+ CAS_STR_USING_SERVER
+ => 'using server',
+ CAS_STR_AUTHENTICATION_WANTED
+ => 'CAS�ˤ��ǧ�ڤ�Ԥ��ޤ�',
+ CAS_STR_LOGOUT
+ => 'CAS����?�����Ȥ��ޤ�!',
+ CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
+ => 'CAS�����Ф˹Ԥ�ɬ�פ�����ޤ�����ưŪ��ž������ʤ����� <a href="%s">������</a> ��å�����³�Ԥ��ޤ���',
+ CAS_STR_AUTHENTICATION_FAILED
+ => 'CAS�ˤ��ǧ�ڤ˼��Ԥ��ޤ���',
+ CAS_STR_YOU_WERE_NOT_AUTHENTICATED
+ => '<p>ǧ�ڤǤ��ޤ���Ǥ���.</p><p>�⤦���٥ꥯ�����Ȥ������������<a href="%s">������</a>��å�.</p><p>���꤬��褷�ʤ����� <a href="mailto:%s">���Υ����Ȥδ����</a>���䤤��碌�Ƥ�������.</p>',
+ CAS_STR_SERVICE_UNAVAILABLE
+ => '�����ӥ� `<b>%s</b>\' �����ѤǤ��ޤ��� (<b>%s</b>).'
+);
+
+?>
\ No newline at end of file
--- /dev/null
+<?php\r
+\r
+/**\r
+ * @file languages/languages.php\r
+ * Internationalization constants\r
+ * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>\r
+ * @sa @link internalLang Internationalization @endlink\r
+ * @ingroup internalLang\r
+ */\r
+\r
+//@{\r
+/**\r
+ * a phpCAS string index\r
+ */\r
+define("CAS_STR_USING_SERVER", 1);\r
+define("CAS_STR_AUTHENTICATION_WANTED", 2);\r
+define("CAS_STR_LOGOUT", 3);\r
+define("CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED", 4);\r
+define("CAS_STR_AUTHENTICATION_FAILED", 5);\r
+define("CAS_STR_YOU_WERE_NOT_AUTHENTICATED", 6);\r
+define("CAS_STR_SERVICE_UNAVAILABLE", 7);\r
+//@}\r
+\r
+?>
\ No newline at end of file
--- /dev/null
+<?php\r
+\r
+/**\r
+ * @file languages/spanish.php\r
+ * @author Iván-Benjamín García Torà <ivaniclixx AT gmail DOT com>\r
+ * @sa @link internalLang Internationalization @endlink\r
+ * @ingroup internalLang\r
+ */\r
+\r
+$this->_strings = array(\r
+ CAS_STR_USING_SERVER \r
+ => 'usando servidor',\r
+ CAS_STR_AUTHENTICATION_WANTED \r
+ => '¡Autentificación CAS necesaria!',\r
+ CAS_STR_LOGOUT \r
+ => '¡Salida CAS necesaria!',\r
+ CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED \r
+ => 'Ya debería haber sido redireccionado al servidor CAS. Haga click <a href="%s">aquí</a> para continuar.',\r
+ CAS_STR_AUTHENTICATION_FAILED \r
+ => '¡Autentificación CAS fallida!',\r
+ CAS_STR_YOU_WERE_NOT_AUTHENTICATED \r
+ => '<p>No estás autentificado.</p><p>Puedes volver a intentarlo haciendo click <a href="%s">aquí</a>.</p><p>Si el problema persiste debería contactar con el <a href="mailto:%s">administrador de este sitio</a>.</p>',\r
+ CAS_STR_SERVICE_UNAVAILABLE\r
+ => 'El servicio `<b>%s</b>\' no está disponible (<b>%s</b>).'\r
+);\r
+\r
+?>\r
--- /dev/null
+<?php
+/**
+ * Piwik - Open source web analytics
+ *
+ * @link http://piwik.org
+ * @license http://www.gnu.org/licenses/gpl-3.0.html Gpl v3 or later
+ * @version $Id: ExamplePlugin.php 838 2008-12-17 17:26:15Z matt $
+ *
+ * @package Piwik_CASLogin
+ */
+
+require PIWIK_INCLUDE_PATH . '/plugins/CASLogin/Auth.php';
+
+class Piwik_CASLogin extends Piwik_Plugin
+{
+ public function getInformation()
+ {
+ return array(
+ 'name' => 'CAS Login',
+ 'description' => 'CAS Login plugin. It uses JA-SIG Central Authentication Services to authenticate users and grant them access to piwik.',
+ 'author' => 'OW',
+ 'homepage' => 'http://dev.piwik.org/trac/ticket/598/',
+ 'version' => '0.6',
+ );
+ }
+
+ function getListHooksRegistered()
+ {
+ $hooks = array(
+ 'FrontController.initAuthenticationObject' => 'initAuthenticationObject',
+ );
+ return $hooks;
+ }
+
+ function initAuthenticationObject($notification)
+ {
+ set_include_path(get_include_path() . PATH_SEPARATOR . PIWIK_INCLUDE_PATH . '/plugins/CASLogin/CAS');
+ require_once('CAS/CAS.php');
+ $auth = new Piwik_CASLogin_Auth();
+ Zend_Registry::set('auth', $auth);
+ }
+}
--- /dev/null
+== Changelog ==
+0.6.3
+ * Bugfix: Added $this->setBasicVariablesView($view) to Controller.php to fix missing variables issue
+ after upgrading to Piwik 1.6
+
+0.6:
+ * Security : Upgraded bundled phpCAS to version 1.1.3. See CVE-2010-3690, CVE-2010-3691, CVE-2010-3692
+ * Work with Piwik 1.1.1 (Fixed bug with enableFramedlogins)
+
+0.5:
+ * Bugfix: Rename Piwik:prefixTable() to Piwik_Common:prefixTable()
+
+0.4:
+ * Security: Upgraded bundled phpCAS to version 1.1.2. See CVE-2010-2795, CVE-2010-2796.
+ * Works with Piwik 0.8.
+
+0.3:
+ * Enabled single signout feature
+ * Upgraded to phpCAS library 1.1.0RC8
+ * Slightly modified phpCAS so as not to emit any PHP 5.3 warnings / deprecated messages.
+ * Compatible with Piwik 0.6.x.
+ * Allows use of CoreUpdater without signing in via CAS. (Fixed bug with endless loop redirects).
+
+
+0.2: Fixes and slight improvements
+ * Added the config option "additional root logins"
+ * Bugfix in login template
+ * Cleanups
+ * Coding style fixes
+
+0.1: Initial release
--- /dev/null
+<?php
+/**
+ * Piwik - Open source web analytics
+ *
+ * @link http://piwik.org
+ * @license http://www.gnu.org/licenses/gpl-3.0.html Gpl v3 or later
+ * @version $Id: Controller.php 943 2009-03-01 23:36:36Z matt $
+ *
+ * @package Piwik_CASLogin
+ */
+
+require PIWIK_INCLUDE_PATH . '/plugins/UsersManager/API.php';
+require PIWIK_INCLUDE_PATH . '/core/View.php';
+
+/**
+ * @package Piwik_CASLogin
+ */
+class Piwik_CASLogin_Controller extends Piwik_Controller
+{
+ public function index()
+ {
+ Piwik::redirectToModule('CoreHome');
+ }
+
+ /**
+ * Configure common view properties
+ *
+ * @param Piwik_View $view
+ */
+ private function configureView($view)
+ {
+
+ $this->setBasicVariablesView($view);
+ $view->linkTitle = Piwik::getRandomTitle();
+
+ $enableFramedLogins = Zend_Registry::get('config')->General->enable_framed_logins;
+ $view->enableFramedLogins = $enableFramedLogins;
+ if(!$enableFramedLogins)
+ {
+ $view->setXFrameOptions('sameorigin');
+ }
+ $view->forceSslLogin = Zend_Registry::get('config')->General->force_ssl_login;
+ // crsf token: don't trust the submitted value; generate/fetch it from session data
+ $view->nonce = Piwik_Nonce::getNonce('Piwik_Login.login');
+ }
+
+ /**
+ * Login form
+ *
+ * @param string $messageNoAccess Access error message
+ * @param string $currentUrl Current URL
+ * @return void
+ */
+ function login($messageNoAccess = null)
+ {
+ $view = Piwik_View::factory('login');
+ $view->AccessErrorString = $messageNoAccess;
+ $view->linkTitle = Piwik::getRandomTitle();
+ $view->subTemplate = 'genericForm.tpl';
+ $this->configureView($view);
+ echo $view->render();
+ }
+
+ public function redirectToCAS() {
+ // This is simply if we are coming back from CAS.
+ // the actual redirect happens in the authentication class.
+ if(Piwik::getCurrentUserLogin() != 'anonymous') {
+ Piwik::redirectToModule('CoreHome');
+ }
+ }
+
+ private function clearSession()
+ {
+ /* Note: some browsers don't respect server revokation */
+ $auth = Zend_Registry::get('auth');
+ $auth->setLogin(null);
+ $auth->setTokenAuth(null);
+
+ $access = Zend_Registry::get('access');
+ $access->reloadAccess($auth);
+
+ $authCookieName = Zend_Registry::get('config')->General->login_cookie_name;
+ $cookie = new Piwik_Cookie($authCookieName);
+ $cookie->delete();
+
+ @Zend_Session::destroy(true);
+ }
+
+ public function logout()
+ {
+ phpCAS::logoutWithUrl(Piwik_Url::getCurrentUrlWithoutQueryString() );
+ }
+}
--- /dev/null
+== Introduction ==
+
+This plugin allows users to login to piwik using a CAS central login service.
+
+
+== User Provisioning Rationale ==
+
+CASLogin currently authenticates users against the CAS service, but then
+authorizes them to piwik according to the user configuration tables inside
+piwik itself.
+
+To make this work, first you need to make sure that the user that logs in
+also exists in piwik user tables and has some rights to view or edit sites.
+
+The superuser login value in piwik itself should also correspond to a proper
+user in CAS.
+
+So a way to make this work in *new* piwik installations is:
+
+ * In main piwik configuration, set the "login" in [superuser] section to
+ correspond to an actual CAS user.
+ * Enable the CASLogin plugin (see "Installation" below).
+ * Log in as the superuser. Go to Settings -> Users. Add a username (just
+ the actual username is needed, other data can be left empty). And for that
+ username, add some rights.
+
+A further authorization and auto-provisioning mechanism can be written based
+on specific SAML attributes or any other data. See "Further Customization,
+Hacking" below.
+
+
+== Installation ==
+
+ * Disable the "Login" plugin in administration panel.
+ * Enable the "CASLogin" plugin.
+ * In your main config/config.ini.php piwik configuration file, add a section that reads like this:
+
+{{{
+[caslogin]
+protocol = SAML_VERSION_1_1
+host = login.example.org
+port = 443
+}}}
+
+Option "protocol" is one of CAS_VERSION_1_0, CAS_VERSION_2_0 or SAML_VERSION_1_1 .
+
+
+== Additional Options ==
+
+By default, only the user defined in piwik configuration (config/config.ini.php) in
+the [superuser] section is regarded as a superuser / root administrator.
+
+However, with the CAS Login scheme, you might need to add additional accounts as
+superusers, each one of them logging in as normal with their own password.
+
+If you'd like to do that, add these accounts in section [caslogin] as follows:
+
+{{{
+additionalsuperusers[] = uid1
+additionalsuperusers[] = uid2
+}}}
+
+
+== Further Customization, Hacking ==
+
+If you want to grab some additional attributes, e.g. SAML, from your login
+server, then you can edit the file Auth.php. Search for "Additional
+Attributes", that's where they can be added to the session and made available
+to piwik.
+
+If you want a user to be added automatically to the piwik users database, edit
+Auth.php and search for "User Autocreate". This is the place where you can
+enable adding to the database and probably add some default ACLs later,
+depending on specific SAML attributes or anything else you use in your CAS
+solution. The superuser can add rights by hand, or you can choose to add
+them at this step using the piwik API.
+
+
+== TODO ==
+
+ * Credit the authors of the plugins CASLogin was based on
+ * Remove some duplicate functions
+ * Allow more configurable provisioning
+ * Make default login page somewhat more elegant
+
+
+== Author ==
+
+Alexandros Vellis
+National & Kapodistrian University of Athens
+Network Operations Centre
+avel at noc.uoa.gr
+http://www.noc.uoa.gr
+http://email.uoa.gr
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
+<head>
+ <title>Piwik › Login</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <link rel="shortcut icon" href="plugins/CoreHome/templates/images/favicon.ico" />
+
+ <link rel="stylesheet" type="text/css" href="plugins/CASLogin/templates/login.css" media="screen" />
+ {postEvent name="template_css_import"}
+
+ {literal}
+ <script type="text/javascript">
+ function focusit() {
+ var formLogin = document.getElementById('form_login');
+ if(formLogin)
+ {
+ formLogin.focus();
+ }
+ }
+ window.onload = focusit;
+ </script>
+ {/literal}
+ <script type="text/javascript" src="libs/jquery/jquery.js"></script>
+ {postEvent name="template_js_import"}
+</head>
+
+<body class="login">
+<!-- shamelessly taken from wordpress 2.5 - thank you guys!!! -->
+
+<div id="logo">
+ <a href="http://piwik.org" title="{$linkTitle}"><span class="h1"><span style="color: rgb(245, 223, 114);">P</span><span style="color: rgb(241, 175, 108);">i</span><span style="color: rgb(241, 117, 117);">w</span><span style="color: rgb(155, 106, 58);">i</span><span style="color: rgb(107, 50, 11);">k</span> <span class="description"># {'General_OpenSourceWebAnalytics'|translate}</span></span></a>
+</div>
--- /dev/null
+/* shamelessly taken from wordpress 2.5 - thank you guys!!! */
+* {
+ margin: 0;
+ padding: 0;
+}
+
+body {
+ font: 12px "Lucida Grande", "Lucida Sans Unicode", Tahoma, Verdana,
+ sans-serif;
+}
+
+#loginbox {
+ margin-left: 8px;
+ padding: 16px 16px 40px 16px;
+ font-weight: bold;
+ -moz-border-radius: 5px;
+ -khtml-border-radius: 5px;
+ -webkit-border-radius: 5px;
+ border-radius: 5px;
+}
+
+#loginlink {
+ font-family: "Lucida Grande", "Lucida Sans Unicode", Tahoma, Verdana,
+ sans-serif;
+ padding: 3px 5px;
+ border: none;
+ border-width: 1px;
+ border-style: solid;
+ -moz-border-radius: 3px;
+ -khtml-border-radius: 3px;
+ -webkit-border-radius: 3px;
+ border-radius: 3px;
+ cursor: default;
+ text-decoration: none;
+ margin-top: -6px;
+ font-size: 1.8em;
+ font-weight: bold;
+}
+
+.updated,.login #login_error,.login .message {
+ background-color: #ffffe0;
+ border-color: #e6db55;
+}
+
+#login {
+ width: 292px;
+ margin: 7em auto;
+ margin-top: 20px;
+}
+
+#login_error,.message {
+ margin: 0 0 16px 8px;
+ border-width: 1px;
+ border-style: solid;
+ padding: 12px;
+}
+
+#nav {
+ margin: 0 0 0 8px;
+ padding: 16px;
+}
+
+#loginbox {
+ background-color: #eaf3fa;
+}
+
+#login #login_error {
+ background-color: #ffebe8;
+ border-color: #c00;
+}
+
+#login form .submit input {
+ background-color: #e5e5e5;
+ color: #246;
+ border-color: #80b5d0;
+}
+
+#login form .submit input:hover {
+ color: #d54e21;
+}
+
+#login form .submit input:hover {
+ border-color: #328ab2;
+}
+
+.login #login_error {
+ background-color: #ffffe0;
+ border-color: #e6db55;
+}
+
+.login #nav a {
+ color: #777;
+}
+
+body.login {
+ border-top-color: #464646;
+}
+
+#login form input {
+ color: #555;
+}
+
+a {
+ text-decoration: none;
+}
+
+#logo {
+ margin-left: 38%;
+ margin-top: 100px;
+}
+
+#logo .h1 {
+ font-family: Georgia, "Times New Roman", Times, serif;
+ font-weight: normal;
+ color: #136F8B;
+ font-size: 45pt;
+ text-transform: none;
+}
+
+#logo .description {
+ font-family: Georgia, "Times New Roman", Times, serif;
+ font-weight: normal;
+ color: #879dbd;
+ font-size: 19pt;
+}
--- /dev/null
+{include file="Login/templates/header.tpl"}
+
+<div id="login">
+
+{if $AccessErrorString}
+<div id="login_error"><strong>{'General_Error'|translate}</strong>: {$AccessErrorString}<br /></div>
+{/if}
+
+<div id="loginbox">
+ <div id="loginlink">
+ <a href="index.php?module=CASLogin&action=redirectToCAS">{'Login_LogIn'|translate}</a>
+ </div>
+</div>
+
+</div>
+
+</body>
+</html>
fnp / piwik-CASLogin.git / commitdiff