root / drupal7 / sites / all / libraries / CAS.dgeo / CAS.php @ 64ad485a
1 | 85ad3d82 | Assos Assos | <?php
|
---|---|---|---|
2 | |||
3 | |||
4 | /*
|
||
5 | * Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.
|
||
6 | * All rights reserved.
|
||
7 | *
|
||
8 | * Redistribution and use in source and binary forms, with or without
|
||
9 | * modification, are permitted provided that the following conditions are met:
|
||
10 | *
|
||
11 | * * Redistributions of source code must retain the above copyright notice,
|
||
12 | * this list of conditions and the following disclaimer.
|
||
13 | * * Redistributions in binary form must reproduce the above copyright notice,
|
||
14 | * this list of conditions and the following disclaimer in the documentation
|
||
15 | * and/or other materials provided with the distribution.
|
||
16 | * * Neither the name of the ESUP-Portail consortium & the JA-SIG
|
||
17 | * Collaborative nor the names of its contributors may be used to endorse or
|
||
18 | * promote products derived from this software without specific prior
|
||
19 | * written permission.
|
||
20 | |||
21 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||
22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||
23 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||
24 | * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
|
||
25 | * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||
26 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||
27 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||
28 | * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||
29 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||
30 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||
31 | */
|
||
32 | |||
33 | //
|
||
34 | // hack by Vangelis Haniotakis to handle the absence of $_SERVER['REQUEST_URI'] in IIS
|
||
35 | //
|
||
36 | if (php_sapi_name() != 'cli') { |
||
37 | if (!isset($_SERVER['REQUEST_URI'])) { |
||
38 | $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING']; |
||
39 | } |
||
40 | } |
||
41 | |||
42 | // Add a E_USER_DEPRECATED for php versions <= 5.2
|
||
43 | if (!defined('E_USER_DEPRECATED')){ |
||
44 | define('E_USER_DEPRECATED', E_USER_NOTICE); |
||
45 | } |
||
46 | |||
47 | /**
|
||
48 | * @file CAS/CAS.php
|
||
49 | * Interface class of the phpCAS library
|
||
50 | *
|
||
51 | * @ingroup public
|
||
52 | */
|
||
53 | |||
54 | // ########################################################################
|
||
55 | // CONSTANTS
|
||
56 | // ########################################################################
|
||
57 | |||
58 | // ------------------------------------------------------------------------
|
||
59 | // CAS VERSIONS
|
||
60 | // ------------------------------------------------------------------------
|
||
61 | |||
62 | /**
|
||
63 | * phpCAS version. accessible for the user by phpCAS::getVersion().
|
||
64 | */
|
||
65 | define('PHPCAS_VERSION', '1.2.2'); |
||
66 | |||
67 | // ------------------------------------------------------------------------
|
||
68 | // CAS VERSIONS
|
||
69 | // ------------------------------------------------------------------------
|
||
70 | /**
|
||
71 | * @addtogroup public
|
||
72 | * @{
|
||
73 | */
|
||
74 | |||
75 | /**
|
||
76 | * CAS version 1.0
|
||
77 | */
|
||
78 | define("CAS_VERSION_1_0", '1.0'); |
||
79 | /*!
|
||
80 | * CAS version 2.0
|
||
81 | */
|
||
82 | define("CAS_VERSION_2_0", '2.0'); |
||
83 | |||
84 | // ------------------------------------------------------------------------
|
||
85 | // SAML defines
|
||
86 | // ------------------------------------------------------------------------
|
||
87 | |||
88 | /**
|
||
89 | * SAML protocol
|
||
90 | */
|
||
91 | define("SAML_VERSION_1_1", 'S1'); |
||
92 | |||
93 | /**
|
||
94 | * XML header for SAML POST
|
||
95 | */
|
||
96 | define("SAML_XML_HEADER", '<?xml version="1.0" encoding="UTF-8"?>'); |
||
97 | |||
98 | /**
|
||
99 | * SOAP envelope for SAML POST
|
||
100 | */
|
||
101 | define("SAML_SOAP_ENV", '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/>'); |
||
102 | |||
103 | /**
|
||
104 | * SOAP body for SAML POST
|
||
105 | */
|
||
106 | define("SAML_SOAP_BODY", '<SOAP-ENV:Body>'); |
||
107 | |||
108 | /**
|
||
109 | * SAMLP request
|
||
110 | */
|
||
111 | define("SAMLP_REQUEST", '<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="_192.168.16.51.1024506224022" IssueInstant="2002-06-19T17:03:44.022Z">'); |
||
112 | define("SAMLP_REQUEST_CLOSE", '</samlp:Request>'); |
||
113 | |||
114 | /**
|
||
115 | * SAMLP artifact tag (for the ticket)
|
||
116 | */
|
||
117 | define("SAML_ASSERTION_ARTIFACT", '<samlp:AssertionArtifact>'); |
||
118 | |||
119 | /**
|
||
120 | * SAMLP close
|
||
121 | */
|
||
122 | define("SAML_ASSERTION_ARTIFACT_CLOSE", '</samlp:AssertionArtifact>'); |
||
123 | |||
124 | /**
|
||
125 | * SOAP body close
|
||
126 | */
|
||
127 | define("SAML_SOAP_BODY_CLOSE", '</SOAP-ENV:Body>'); |
||
128 | |||
129 | /**
|
||
130 | * SOAP envelope close
|
||
131 | */
|
||
132 | define("SAML_SOAP_ENV_CLOSE", '</SOAP-ENV:Envelope>'); |
||
133 | |||
134 | /**
|
||
135 | * SAML Attributes
|
||
136 | */
|
||
137 | define("SAML_ATTRIBUTES", 'SAMLATTRIBS'); |
||
138 | |||
139 | /** @} */
|
||
140 | /**
|
||
141 | * @addtogroup publicPGTStorage
|
||
142 | * @{
|
||
143 | */
|
||
144 | // ------------------------------------------------------------------------
|
||
145 | // FILE PGT STORAGE
|
||
146 | // ------------------------------------------------------------------------
|
||
147 | /**
|
||
148 | * Default path used when storing PGT's to file
|
||
149 | */
|
||
150 | define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH", '/tmp'); |
||
151 | /** @} */
|
||
152 | // ------------------------------------------------------------------------
|
||
153 | // SERVICE ACCESS ERRORS
|
||
154 | // ------------------------------------------------------------------------
|
||
155 | /**
|
||
156 | * @addtogroup publicServices
|
||
157 | * @{
|
||
158 | */
|
||
159 | |||
160 | /**
|
||
161 | * phpCAS::service() error code on success
|
||
162 | */
|
||
163 | define("PHPCAS_SERVICE_OK", 0); |
||
164 | /**
|
||
165 | * phpCAS::service() error code when the PT could not retrieve because
|
||
166 | * the CAS server did not respond.
|
||
167 | */
|
||
168 | define("PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE", 1); |
||
169 | /**
|
||
170 | * phpCAS::service() error code when the PT could not retrieve because
|
||
171 | * the response of the CAS server was ill-formed.
|
||
172 | */
|
||
173 | define("PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE", 2); |
||
174 | /**
|
||
175 | * phpCAS::service() error code when the PT could not retrieve because
|
||
176 | * the CAS server did not want to.
|
||
177 | */
|
||
178 | define("PHPCAS_SERVICE_PT_FAILURE", 3); |
||
179 | /**
|
||
180 | * phpCAS::service() error code when the service was not available.
|
||
181 | */
|
||
182 | define("PHPCAS_SERVICE_NOT_AVAILABLE", 4); |
||
183 | |||
184 | // ------------------------------------------------------------------------
|
||
185 | // SERVICE TYPES
|
||
186 | // ------------------------------------------------------------------------
|
||
187 | /**
|
||
188 | * phpCAS::getProxiedService() type for HTTP GET
|
||
189 | */
|
||
190 | define("PHPCAS_PROXIED_SERVICE_HTTP_GET", 'CAS_ProxiedService_Http_Get'); |
||
191 | /**
|
||
192 | * phpCAS::getProxiedService() type for HTTP POST
|
||
193 | */
|
||
194 | define("PHPCAS_PROXIED_SERVICE_HTTP_POST", 'CAS_ProxiedService_Http_Post'); |
||
195 | /**
|
||
196 | * phpCAS::getProxiedService() type for IMAP
|
||
197 | */
|
||
198 | define("PHPCAS_PROXIED_SERVICE_IMAP", 'CAS_ProxiedService_Imap'); |
||
199 | |||
200 | |||
201 | /** @} */
|
||
202 | // ------------------------------------------------------------------------
|
||
203 | // LANGUAGES
|
||
204 | // ------------------------------------------------------------------------
|
||
205 | /**
|
||
206 | * @addtogroup publicLang
|
||
207 | * @{
|
||
208 | */
|
||
209 | |||
210 | define("PHPCAS_LANG_ENGLISH", 'english'); |
||
211 | define("PHPCAS_LANG_FRENCH", 'french'); |
||
212 | define("PHPCAS_LANG_GREEK", 'greek'); |
||
213 | define("PHPCAS_LANG_GERMAN", 'german'); |
||
214 | define("PHPCAS_LANG_JAPANESE", 'japanese'); |
||
215 | define("PHPCAS_LANG_SPANISH", 'spanish'); |
||
216 | define("PHPCAS_LANG_CATALAN", 'catalan'); |
||
217 | |||
218 | /** @} */
|
||
219 | |||
220 | /**
|
||
221 | * @addtogroup internalLang
|
||
222 | * @{
|
||
223 | */
|
||
224 | |||
225 | /**
|
||
226 | * phpCAS default language (when phpCAS::setLang() is not used)
|
||
227 | */
|
||
228 | define("PHPCAS_LANG_DEFAULT", PHPCAS_LANG_ENGLISH); |
||
229 | |||
230 | /** @} */
|
||
231 | // ------------------------------------------------------------------------
|
||
232 | // DEBUG
|
||
233 | // ------------------------------------------------------------------------
|
||
234 | /**
|
||
235 | * @addtogroup publicDebug
|
||
236 | * @{
|
||
237 | */
|
||
238 | |||
239 | /**
|
||
240 | * The default directory for the debug file under Unix.
|
||
241 | */
|
||
242 | define('DEFAULT_DEBUG_DIR', '/tmp/'); |
||
243 | |||
244 | /** @} */
|
||
245 | // ------------------------------------------------------------------------
|
||
246 | // MISC
|
||
247 | // ------------------------------------------------------------------------
|
||
248 | /**
|
||
249 | * @addtogroup internalMisc
|
||
250 | * @{
|
||
251 | */
|
||
252 | |||
253 | /**
|
||
254 | * This global variable is used by the interface class phpCAS.
|
||
255 | *
|
||
256 | * @hideinitializer
|
||
257 | */
|
||
258 | $GLOBALS['PHPCAS_CLIENT'] = null; |
||
259 | |||
260 | /**
|
||
261 | * This global variable is used to store where the initializer is called from
|
||
262 | * (to print a comprehensive error in case of multiple calls).
|
||
263 | *
|
||
264 | * @hideinitializer
|
||
265 | */
|
||
266 | $GLOBALS['PHPCAS_INIT_CALL'] = array ( |
||
267 | 'done' => FALSE, |
||
268 | 'file' => '?', |
||
269 | 'line' => -1, |
||
270 | 'method' => '?' |
||
271 | ); |
||
272 | |||
273 | /**
|
||
274 | * This global variable is used to store where the method checking
|
||
275 | * the authentication is called from (to print comprehensive errors)
|
||
276 | *
|
||
277 | * @hideinitializer
|
||
278 | */
|
||
279 | $GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array ( |
||
280 | 'done' => FALSE, |
||
281 | 'file' => '?', |
||
282 | 'line' => -1, |
||
283 | 'method' => '?', |
||
284 | 'result' => FALSE |
||
285 | ); |
||
286 | |||
287 | /**
|
||
288 | * This global variable is used to store phpCAS debug mode.
|
||
289 | *
|
||
290 | * @hideinitializer
|
||
291 | */
|
||
292 | $GLOBALS['PHPCAS_DEBUG'] = array ( |
||
293 | 'filename' => FALSE, |
||
294 | 'indent' => 0, |
||
295 | 'unique_id' => '' |
||
296 | ); |
||
297 | |||
298 | /** @} */
|
||
299 | |||
300 | // ########################################################################
|
||
301 | // CLIENT CLASS
|
||
302 | // ########################################################################
|
||
303 | |||
304 | // include client class
|
||
305 | include_once (dirname(__FILE__) . '/CAS/Client.php'); |
||
306 | |||
307 | // ########################################################################
|
||
308 | // INTERFACE CLASS
|
||
309 | // ########################################################################
|
||
310 | |||
311 | /**
|
||
312 | * @class phpCAS
|
||
313 | * The phpCAS class is a simple container for the phpCAS library. It provides CAS
|
||
314 | * authentication for web applications written in PHP.
|
||
315 | *
|
||
316 | * @ingroup public
|
||
317 | * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
|
||
318 | *
|
||
319 | * \internal All its methods access the same object ($PHPCAS_CLIENT, declared
|
||
320 | * at the end of CAS/Client.php).
|
||
321 | */
|
||
322 | |||
323 | class phpCAS { |
||
324 | |||
325 | // ########################################################################
|
||
326 | // INITIALIZATION
|
||
327 | // ########################################################################
|
||
328 | |||
329 | /**
|
||
330 | * @addtogroup publicInit
|
||
331 | * @{
|
||
332 | */
|
||
333 | |||
334 | /**
|
||
335 | * phpCAS client initializer.
|
||
336 | * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
|
||
337 | * called, only once, and before all other methods (except phpCAS::getVersion()
|
||
338 | * and phpCAS::setDebug()).
|
||
339 | *
|
||
340 | * @param $server_version the version of the CAS server
|
||
341 | * @param $server_hostname the hostname of the CAS server
|
||
342 | * @param $server_port the port the CAS server is running on
|
||
343 | * @param $server_uri the URI the CAS server is responding on
|
||
344 | * @param $start_session Have phpCAS start PHP sessions (default true)
|
||
345 | *
|
||
346 | * @return a newly created CAS_Client object
|
||
347 | */
|
||
348 | public static function client($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) { |
||
349 | global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL; |
||
350 | |||
351 | phpCAS :: traceBegin(); |
||
352 | if (is_object($PHPCAS_CLIENT)) { |
||
353 | phpCAS :: error($PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . $PHPCAS_INIT_CALL['file'] . ':' . $PHPCAS_INIT_CALL['line'] . ')'); |
||
354 | } |
||
355 | if (gettype($server_version) != 'string') { |
||
356 | phpCAS :: error('type mismatched for parameter $server_version (should be `string\')');
|
||
357 | } |
||
358 | if (gettype($server_hostname) != 'string') { |
||
359 | phpCAS :: error('type mismatched for parameter $server_hostname (should be `string\')');
|
||
360 | } |
||
361 | if (gettype($server_port) != 'integer') { |
||
362 | phpCAS :: error('type mismatched for parameter $server_port (should be `integer\')');
|
||
363 | } |
||
364 | if (gettype($server_uri) != 'string') { |
||
365 | phpCAS :: error('type mismatched for parameter $server_uri (should be `string\')');
|
||
366 | } |
||
367 | |||
368 | // store where the initializer is called from
|
||
369 | $dbg = debug_backtrace(); |
||
370 | $PHPCAS_INIT_CALL = array ( |
||
371 | 'done' => TRUE, |
||
372 | 'file' => $dbg[0]['file'], |
||
373 | 'line' => $dbg[0]['line'], |
||
374 | 'method' => __CLASS__ . '::' . __FUNCTION__ |
||
375 | ); |
||
376 | |||
377 | // initialize the global object $PHPCAS_CLIENT
|
||
378 | $PHPCAS_CLIENT = new CAS_Client($server_version, FALSE /*proxy*/ |
||
379 | , $server_hostname, $server_port, $server_uri, $start_session); |
||
380 | phpCAS :: traceEnd(); |
||
381 | } |
||
382 | |||
383 | /**
|
||
384 | * phpCAS proxy initializer.
|
||
385 | * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
|
||
386 | * called, only once, and before all other methods (except phpCAS::getVersion()
|
||
387 | * and phpCAS::setDebug()).
|
||
388 | *
|
||
389 | * @param $server_version the version of the CAS server
|
||
390 | * @param $server_hostname the hostname of the CAS server
|
||
391 | * @param $server_port the port the CAS server is running on
|
||
392 | * @param $server_uri the URI the CAS server is responding on
|
||
393 | * @param $start_session Have phpCAS start PHP sessions (default true)
|
||
394 | *
|
||
395 | * @return a newly created CAS_Client object
|
||
396 | */
|
||
397 | public static function proxy($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) { |
||
398 | global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL; |
||
399 | |||
400 | phpCAS :: traceBegin(); |
||
401 | if (is_object($PHPCAS_CLIENT)) { |
||
402 | phpCAS :: error($PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . $PHPCAS_INIT_CALL['file'] . ':' . $PHPCAS_INIT_CALL['line'] . ')'); |
||
403 | } |
||
404 | if (gettype($server_version) != 'string') { |
||
405 | phpCAS :: error('type mismatched for parameter $server_version (should be `string\')');
|
||
406 | } |
||
407 | if (gettype($server_hostname) != 'string') { |
||
408 | phpCAS :: error('type mismatched for parameter $server_hostname (should be `string\')');
|
||
409 | } |
||
410 | if (gettype($server_port) != 'integer') { |
||
411 | phpCAS :: error('type mismatched for parameter $server_port (should be `integer\')');
|
||
412 | } |
||
413 | if (gettype($server_uri) != 'string') { |
||
414 | phpCAS :: error('type mismatched for parameter $server_uri (should be `string\')');
|
||
415 | } |
||
416 | |||
417 | // store where the initialzer is called from
|
||
418 | $dbg = debug_backtrace(); |
||
419 | $PHPCAS_INIT_CALL = array ( |
||
420 | 'done' => TRUE, |
||
421 | 'file' => $dbg[0]['file'], |
||
422 | 'line' => $dbg[0]['line'], |
||
423 | 'method' => __CLASS__ . '::' . __FUNCTION__ |
||
424 | ); |
||
425 | |||
426 | // initialize the global object $PHPCAS_CLIENT
|
||
427 | $PHPCAS_CLIENT = new CAS_Client($server_version, TRUE /*proxy*/ |
||
428 | , $server_hostname, $server_port, $server_uri, $start_session); |
||
429 | phpCAS :: traceEnd(); |
||
430 | } |
||
431 | |||
432 | /** @} */
|
||
433 | // ########################################################################
|
||
434 | // DEBUGGING
|
||
435 | // ########################################################################
|
||
436 | |||
437 | /**
|
||
438 | * @addtogroup publicDebug
|
||
439 | * @{
|
||
440 | */
|
||
441 | |||
442 | /**
|
||
443 | * Set/unset debug mode
|
||
444 | *
|
||
445 | * @param $filename the name of the file used for logging, or FALSE to stop debugging.
|
||
446 | */
|
||
447 | public static function setDebug($filename = '') { |
||
448 | global $PHPCAS_DEBUG; |
||
449 | |||
450 | if ($filename != FALSE && gettype($filename) != 'string') { |
||
451 | phpCAS :: error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)');
|
||
452 | } |
||
453 | if ($filename === FALSE){ |
||
454 | unset($PHPCAS_DEBUG['filename']); |
||
455 | }else{
|
||
456 | if (empty ($filename)) { |
||
457 | if (preg_match('/^Win.*/', getenv('OS'))) { |
||
458 | if (isset ($_ENV['TMP'])) { |
||
459 | $debugDir = $_ENV['TMP'] . '/'; |
||
460 | } else
|
||
461 | if (isset ($_ENV['TEMP'])) { |
||
462 | $debugDir = $_ENV['TEMP'] . '/'; |
||
463 | } else {
|
||
464 | $debugDir = ''; |
||
465 | } |
||
466 | } else {
|
||
467 | $debugDir = DEFAULT_DEBUG_DIR; |
||
468 | } |
||
469 | $filename = $debugDir . 'phpCAS.log'; |
||
470 | } |
||
471 | |||
472 | if (empty ($PHPCAS_DEBUG['unique_id'])) { |
||
473 | $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))), 0, 4); |
||
474 | } |
||
475 | |||
476 | $PHPCAS_DEBUG['filename'] = $filename; |
||
477 | |||
478 | phpCAS :: trace('START phpCAS-' . PHPCAS_VERSION . ' ******************'); |
||
479 | } |
||
480 | } |
||
481 | |||
482 | |||
483 | /**
|
||
484 | * Logs a string in debug mode.
|
||
485 | *
|
||
486 | * @param $str the string to write
|
||
487 | *
|
||
488 | * @private
|
||
489 | */
|
||
490 | public static function log($str) { |
||
491 | $indent_str = "."; |
||
492 | global $PHPCAS_DEBUG; |
||
493 | |||
494 | if ($PHPCAS_DEBUG['filename']) { |
||
495 | for ($i = 0; $i < $PHPCAS_DEBUG['indent']; $i++) { |
||
496 | $indent_str .= '| '; |
||
497 | } |
||
498 | // allow for multiline output with proper identing. Usefull for dumping cas answers etc.
|
||
499 | $str2 = str_replace("\n", "\n" . $PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str, $str); |
||
500 | error_log($PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str . $str2 . "\n", 3, $PHPCAS_DEBUG['filename']); |
||
501 | } |
||
502 | |||
503 | } |
||
504 | |||
505 | /**
|
||
506 | * This method is used by interface methods to print an error and where the function
|
||
507 | * was originally called from.
|
||
508 | *
|
||
509 | * @param $msg the message to print
|
||
510 | *
|
||
511 | * @private
|
||
512 | */
|
||
513 | public static function error($msg) { |
||
514 | $dbg = debug_backtrace(); |
||
515 | $function = '?'; |
||
516 | $file = '?'; |
||
517 | $line = '?'; |
||
518 | if (is_array($dbg)) { |
||
519 | for ($i = 1; $i < sizeof($dbg); $i++) { |
||
520 | if (is_array($dbg[$i]) && isset($dbg[$i]['class']) ) { |
||
521 | if ($dbg[$i]['class'] == __CLASS__) { |
||
522 | $function = $dbg[$i]['function']; |
||
523 | $file = $dbg[$i]['file']; |
||
524 | $line = $dbg[$i]['line']; |
||
525 | } |
||
526 | } |
||
527 | } |
||
528 | } |
||
529 | echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>" . __CLASS__ . "::" . $function . '(): ' . htmlentities($msg) . "</b></font> in <b>" . $file . "</b> on line <b>" . $line . "</b><br />\n"; |
||
530 | phpCAS :: trace($msg);
|
||
531 | phpCAS :: traceExit(); |
||
532 | exit ();
|
||
533 | } |
||
534 | |||
535 | /**
|
||
536 | * This method is used to log something in debug mode.
|
||
537 | */
|
||
538 | public static function trace($str) { |
||
539 | $dbg = debug_backtrace(); |
||
540 | phpCAS :: log($str . ' [' . basename($dbg[0]['file']) . ':' . $dbg[0]['line'] . ']'); |
||
541 | } |
||
542 | |||
543 | /**
|
||
544 | * This method is used to indicate the start of the execution of a function in debug mode.
|
||
545 | */
|
||
546 | public static function traceBegin() { |
||
547 | global $PHPCAS_DEBUG; |
||
548 | |||
549 | $dbg = debug_backtrace(); |
||
550 | $str = '=> '; |
||
551 | if (!empty ($dbg[1]['class'])) { |
||
552 | $str .= $dbg[1]['class'] . '::'; |
||
553 | } |
||
554 | $str .= $dbg[1]['function'] . '('; |
||
555 | if (is_array($dbg[1]['args'])) { |
||
556 | foreach ($dbg[1]['args'] as $index => $arg) { |
||
557 | if ($index != 0) { |
||
558 | $str .= ', '; |
||
559 | } |
||
560 | if(is_object($arg)){ |
||
561 | $str .= get_class($arg); |
||
562 | }else{
|
||
563 | $str .= str_replace(array("\r\n", "\n", "\r"), "", var_export($arg, TRUE)); |
||
564 | } |
||
565 | } |
||
566 | } |
||
567 | if (isset($dbg[1]['file'])) |
||
568 | $file = basename($dbg[1]['file']); |
||
569 | else
|
||
570 | $file = 'unknown_file'; |
||
571 | if (isset($dbg[1]['line'])) |
||
572 | $line = $dbg[1]['line']; |
||
573 | else
|
||
574 | $line = 'unknown_line'; |
||
575 | $str .= ') [' . $file . ':' . $line . ']'; |
||
576 | phpCAS :: log($str); |
||
577 | $PHPCAS_DEBUG['indent']++; |
||
578 | } |
||
579 | |||
580 | /**
|
||
581 | * This method is used to indicate the end of the execution of a function in debug mode.
|
||
582 | *
|
||
583 | * @param $res the result of the function
|
||
584 | */
|
||
585 | public static function traceEnd($res = '') { |
||
586 | global $PHPCAS_DEBUG; |
||
587 | |||
588 | $PHPCAS_DEBUG['indent']--; |
||
589 | $dbg = debug_backtrace(); |
||
590 | $str = ''; |
||
591 | if(is_object($res)){ |
||
592 | $str .= '<= ' . get_class($arg); |
||
593 | }else{
|
||
594 | $str .= '<= ' . str_replace(array("\r\n", "\n", "\r"), "", var_export($res, TRUE)); |
||
595 | } |
||
596 | |||
597 | phpCAS :: log($str); |
||
598 | } |
||
599 | |||
600 | /**
|
||
601 | * This method is used to indicate the end of the execution of the program
|
||
602 | */
|
||
603 | public static function traceExit() { |
||
604 | global $PHPCAS_DEBUG; |
||
605 | |||
606 | phpCAS :: log('exit()'); |
||
607 | while ($PHPCAS_DEBUG['indent'] > 0) { |
||
608 | phpCAS :: log('-'); |
||
609 | $PHPCAS_DEBUG['indent']--; |
||
610 | } |
||
611 | } |
||
612 | |||
613 | /** @} */
|
||
614 | // ########################################################################
|
||
615 | // INTERNATIONALIZATION
|
||
616 | // ########################################################################
|
||
617 | /**
|
||
618 | * @addtogroup publicLang
|
||
619 | * @{
|
||
620 | */
|
||
621 | |||
622 | /**
|
||
623 | * This method is used to set the language used by phpCAS.
|
||
624 | * @note Can be called only once.
|
||
625 | *
|
||
626 | * @param $lang a string representing the language.
|
||
627 | *
|
||
628 | * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH
|
||
629 | */
|
||
630 | public static function setLang($lang) { |
||
631 | global $PHPCAS_CLIENT; |
||
632 | if (!is_object($PHPCAS_CLIENT)) { |
||
633 | phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
634 | } |
||
635 | if (gettype($lang) != 'string') { |
||
636 | phpCAS :: error('type mismatched for parameter $lang (should be `string\')');
|
||
637 | } |
||
638 | $PHPCAS_CLIENT->setLang($lang); |
||
639 | } |
||
640 | |||
641 | /** @} */
|
||
642 | // ########################################################################
|
||
643 | // VERSION
|
||
644 | // ########################################################################
|
||
645 | /**
|
||
646 | * @addtogroup public
|
||
647 | * @{
|
||
648 | */
|
||
649 | |||
650 | /**
|
||
651 | * This method returns the phpCAS version.
|
||
652 | *
|
||
653 | * @return the phpCAS version.
|
||
654 | */
|
||
655 | public static function getVersion() { |
||
656 | return PHPCAS_VERSION; |
||
657 | } |
||
658 | |||
659 | /** @} */
|
||
660 | // ########################################################################
|
||
661 | // HTML OUTPUT
|
||
662 | // ########################################################################
|
||
663 | /**
|
||
664 | * @addtogroup publicOutput
|
||
665 | * @{
|
||
666 | */
|
||
667 | |||
668 | /**
|
||
669 | * This method sets the HTML header used for all outputs.
|
||
670 | *
|
||
671 | * @param $header the HTML header.
|
||
672 | */
|
||
673 | public static function setHTMLHeader($header) { |
||
674 | global $PHPCAS_CLIENT; |
||
675 | if (!is_object($PHPCAS_CLIENT)) { |
||
676 | phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
677 | } |
||
678 | if (gettype($header) != 'string') { |
||
679 | phpCAS :: error('type mismatched for parameter $header (should be `string\')');
|
||
680 | } |
||
681 | $PHPCAS_CLIENT->setHTMLHeader($header); |
||
682 | } |
||
683 | |||
684 | /**
|
||
685 | * This method sets the HTML footer used for all outputs.
|
||
686 | *
|
||
687 | * @param $footer the HTML footer.
|
||
688 | */
|
||
689 | public static function setHTMLFooter($footer) { |
||
690 | global $PHPCAS_CLIENT; |
||
691 | if (!is_object($PHPCAS_CLIENT)) { |
||
692 | phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
693 | } |
||
694 | if (gettype($footer) != 'string') { |
||
695 | phpCAS :: error('type mismatched for parameter $footer (should be `string\')');
|
||
696 | } |
||
697 | $PHPCAS_CLIENT->setHTMLFooter($footer); |
||
698 | } |
||
699 | |||
700 | /** @} */
|
||
701 | // ########################################################################
|
||
702 | // PGT STORAGE
|
||
703 | // ########################################################################
|
||
704 | /**
|
||
705 | * @addtogroup publicPGTStorage
|
||
706 | * @{
|
||
707 | */
|
||
708 | |||
709 | /**
|
||
710 | * This method can be used to set a custom PGT storage object.
|
||
711 | *
|
||
712 | * @param $storage a PGT storage object that inherits from the CAS_PGTStorage class
|
||
713 | */
|
||
714 | public static function setPGTStorage($storage) { |
||
715 | global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
||
716 | |||
717 | phpCAS :: traceBegin(); |
||
718 | if (!is_object($PHPCAS_CLIENT)) { |
||
719 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
720 | } |
||
721 | if (!$PHPCAS_CLIENT->isProxy()) { |
||
722 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
723 | } |
||
724 | if ($PHPCAS_AUTH_CHECK_CALL['done']) { |
||
725 | phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')'); |
||
726 | } |
||
727 | if ( !($storage instanceof CAS_PGTStorage) ) { |
||
728 | phpCAS :: error('type mismatched for parameter $storage (should be a CAS_PGTStorage `object\')');
|
||
729 | } |
||
730 | $PHPCAS_CLIENT->setPGTStorage($storage); |
||
731 | phpCAS :: traceEnd(); |
||
732 | } |
||
733 | |||
734 | /**
|
||
735 | * This method is used to tell phpCAS to store the response of the
|
||
736 | * CAS server to PGT requests in a database.
|
||
737 | *
|
||
738 | * @param $dsn_or_pdo a dsn string to use for creating a PDO object or a PDO object
|
||
739 | * @param $username the username to use when connecting to the database
|
||
740 | * @param $password the password to use when connecting to the database
|
||
741 | * @param $table the table to use for storing and retrieving PGT's
|
||
742 | * @param $driver_options any driver options to use when connecting to the database
|
||
743 | */
|
||
744 | public static function setPGTStorageDb($dsn_or_pdo, $username='', $password='', $table='', $driver_options=null) { |
||
745 | global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
||
746 | |||
747 | phpCAS :: traceBegin(); |
||
748 | if (!is_object($PHPCAS_CLIENT)) { |
||
749 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
750 | } |
||
751 | if (!$PHPCAS_CLIENT->isProxy()) { |
||
752 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
753 | } |
||
754 | if ($PHPCAS_AUTH_CHECK_CALL['done']) { |
||
755 | phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')'); |
||
756 | } |
||
757 | if (gettype($username) != 'string') { |
||
758 | phpCAS :: error('type mismatched for parameter $username (should be `string\')');
|
||
759 | } |
||
760 | if (gettype($password) != 'string') { |
||
761 | phpCAS :: error('type mismatched for parameter $password (should be `string\')');
|
||
762 | } |
||
763 | if (gettype($table) != 'string') { |
||
764 | phpCAS :: error('type mismatched for parameter $table (should be `string\')');
|
||
765 | } |
||
766 | $PHPCAS_CLIENT->setPGTStorageDb($dsn_or_pdo, $username, $password, $table, $driver_options); |
||
767 | phpCAS :: traceEnd(); |
||
768 | } |
||
769 | |||
770 | /**
|
||
771 | * This method is used to tell phpCAS to store the response of the
|
||
772 | * CAS server to PGT requests onto the filesystem.
|
||
773 | * @param $format the format used to store the PGT's. This parameter has no effect and is only for backwards compatibility
|
||
774 | * @param $path the path where the PGT's should be stored
|
||
775 | */
|
||
776 | public static function setPGTStorageFile($format = '', $path = '') { |
||
777 | global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
||
778 | |||
779 | phpCAS :: traceBegin(); |
||
780 | if (!is_object($PHPCAS_CLIENT)) { |
||
781 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
782 | } |
||
783 | if (!$PHPCAS_CLIENT->isProxy()) { |
||
784 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
785 | } |
||
786 | if ($PHPCAS_AUTH_CHECK_CALL['done']) { |
||
787 | phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')'); |
||
788 | } |
||
789 | if (gettype($format) != 'string') { |
||
790 | phpCAS :: error('type mismatched for parameter $format (should be `string\')');
|
||
791 | } |
||
792 | if (gettype($path) != 'string') { |
||
793 | phpCAS :: error('type mismatched for parameter $format (should be `string\')');
|
||
794 | } |
||
795 | $PHPCAS_CLIENT->setPGTStorageFile($path); |
||
796 | phpCAS :: traceEnd(); |
||
797 | } |
||
798 | |||
799 | /** @} */
|
||
800 | // ########################################################################
|
||
801 | // ACCESS TO EXTERNAL SERVICES
|
||
802 | // ########################################################################
|
||
803 | /**
|
||
804 | * @addtogroup publicServices
|
||
805 | * @{
|
||
806 | */
|
||
807 | |||
808 | /**
|
||
809 | * Answer a proxy-authenticated service handler.
|
||
810 | *
|
||
811 | * @param string $type The service type. One of:
|
||
812 | * PHPCAS_PROXIED_SERVICE_HTTP_GET
|
||
813 | * PHPCAS_PROXIED_SERVICE_HTTP_POST
|
||
814 | * PHPCAS_PROXIED_SERVICE_IMAP
|
||
815 | *
|
||
816 | *
|
||
817 | * @return CAS_ProxiedService
|
||
818 | * @throws InvalidArgumentException If the service type is unknown.
|
||
819 | */
|
||
820 | public static function getProxiedService ($type) { |
||
821 | global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
||
822 | |||
823 | phpCAS :: traceBegin(); |
||
824 | if (!is_object($PHPCAS_CLIENT)) { |
||
825 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
826 | } |
||
827 | if (!$PHPCAS_CLIENT->isProxy()) { |
||
828 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
829 | } |
||
830 | if (!$PHPCAS_AUTH_CHECK_CALL['done']) { |
||
831 | phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()'); |
||
832 | } |
||
833 | if (!$PHPCAS_AUTH_CHECK_CALL['result']) { |
||
834 | phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); |
||
835 | } |
||
836 | if (gettype($type) != 'string') { |
||
837 | phpCAS :: error('type mismatched for parameter $type (should be `string\')');
|
||
838 | } |
||
839 | |||
840 | $res = $PHPCAS_CLIENT->getProxiedService($type); |
||
841 | |||
842 | phpCAS :: traceEnd(); |
||
843 | return $res; |
||
844 | } |
||
845 | |||
846 | /**
|
||
847 | * Initialize a proxied-service handler with the proxy-ticket it should use.
|
||
848 | *
|
||
849 | * @param CAS_ProxiedService $proxiedService
|
||
850 | * @return void
|
||
851 | * @throws CAS_ProxyTicketException If there is a proxy-ticket failure.
|
||
852 | * The code of the Exception will be one of:
|
||
853 | * PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE
|
||
854 | * PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE
|
||
855 | * PHPCAS_SERVICE_PT_FAILURE
|
||
856 | */
|
||
857 | public static function initializeProxiedService (CAS_ProxiedService $proxiedService) { |
||
858 | global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
||
859 | |||
860 | if (!is_object($PHPCAS_CLIENT)) { |
||
861 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
862 | } |
||
863 | if (!$PHPCAS_CLIENT->isProxy()) { |
||
864 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
865 | } |
||
866 | if (!$PHPCAS_AUTH_CHECK_CALL['done']) { |
||
867 | phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()'); |
||
868 | } |
||
869 | if (!$PHPCAS_AUTH_CHECK_CALL['result']) { |
||
870 | phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); |
||
871 | } |
||
872 | |||
873 | $PHPCAS_CLIENT->initializeProxiedService($proxiedService); |
||
874 | } |
||
875 | |||
876 | /**
|
||
877 | * This method is used to access an HTTP[S] service.
|
||
878 | *
|
||
879 | * @param $url the service to access.
|
||
880 | * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
|
||
881 | * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
|
||
882 | * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT_AVAILABLE.
|
||
883 | * @param $output the output of the service (also used to give an error
|
||
884 | * message on failure).
|
||
885 | *
|
||
886 | * @return TRUE on success, FALSE otherwise (in this later case, $err_code
|
||
887 | * gives the reason why it failed and $output contains an error message).
|
||
888 | */
|
||
889 | public static function serviceWeb($url, & $err_code, & $output) { |
||
890 | global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
||
891 | |||
892 | phpCAS :: traceBegin(); |
||
893 | if (!is_object($PHPCAS_CLIENT)) { |
||
894 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
895 | } |
||
896 | if (!$PHPCAS_CLIENT->isProxy()) { |
||
897 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
898 | } |
||
899 | if (!$PHPCAS_AUTH_CHECK_CALL['done']) { |
||
900 | phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()'); |
||
901 | } |
||
902 | if (!$PHPCAS_AUTH_CHECK_CALL['result']) { |
||
903 | phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); |
||
904 | } |
||
905 | if (gettype($url) != 'string') { |
||
906 | phpCAS :: error('type mismatched for parameter $url (should be `string\')');
|
||
907 | } |
||
908 | |||
909 | $res = $PHPCAS_CLIENT->serviceWeb($url, $err_code, $output); |
||
910 | |||
911 | phpCAS :: traceEnd($res);
|
||
912 | return $res; |
||
913 | } |
||
914 | |||
915 | /**
|
||
916 | * This method is used to access an IMAP/POP3/NNTP service.
|
||
917 | *
|
||
918 | * @param $url a string giving the URL of the service, including the mailing box
|
||
919 | * for IMAP URLs, as accepted by imap_open().
|
||
920 | * @param $service a string giving for CAS retrieve Proxy ticket
|
||
921 | * @param $flags options given to imap_open().
|
||
922 | * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
|
||
923 | * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
|
||
924 | * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT_AVAILABLE.
|
||
925 | * @param $err_msg an error message on failure
|
||
926 | * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL
|
||
927 | * on success, FALSE on error).
|
||
928 | *
|
||
929 | * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code
|
||
930 | * gives the reason why it failed and $err_msg contains an error message).
|
||
931 | */
|
||
932 | public static function serviceMail($url, $service, $flags, & $err_code, & $err_msg, & $pt) { |
||
933 | global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
||
934 | |||
935 | phpCAS :: traceBegin(); |
||
936 | if (!is_object($PHPCAS_CLIENT)) { |
||
937 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
938 | } |
||
939 | if (!$PHPCAS_CLIENT->isProxy()) { |
||
940 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
941 | } |
||
942 | if (!$PHPCAS_AUTH_CHECK_CALL['done']) { |
||
943 | phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()'); |
||
944 | } |
||
945 | if (!$PHPCAS_AUTH_CHECK_CALL['result']) { |
||
946 | phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); |
||
947 | } |
||
948 | if (gettype($url) != 'string') { |
||
949 | phpCAS :: error('type mismatched for parameter $url (should be `string\')');
|
||
950 | } |
||
951 | |||
952 | if (gettype($flags) != 'integer') { |
||
953 | phpCAS :: error('type mismatched for parameter $flags (should be `integer\')');
|
||
954 | } |
||
955 | |||
956 | $res = $PHPCAS_CLIENT->serviceMail($url, $service, $flags, $err_code, $err_msg, $pt); |
||
957 | |||
958 | phpCAS :: traceEnd($res);
|
||
959 | return $res; |
||
960 | } |
||
961 | |||
962 | /** @} */
|
||
963 | // ########################################################################
|
||
964 | // AUTHENTICATION
|
||
965 | // ########################################################################
|
||
966 | /**
|
||
967 | * @addtogroup publicAuth
|
||
968 | * @{
|
||
969 | */
|
||
970 | |||
971 | /**
|
||
972 | * Set the times authentication will be cached before really accessing the CAS server in gateway mode:
|
||
973 | * - -1: check only once, and then never again (until you pree login)
|
||
974 | * - 0: always check
|
||
975 | * - n: check every "n" time
|
||
976 | *
|
||
977 | * @param $n an integer.
|
||
978 | */
|
||
979 | public static function setCacheTimesForAuthRecheck($n) { |
||
980 | global $PHPCAS_CLIENT; |
||
981 | if (!is_object($PHPCAS_CLIENT)) { |
||
982 | phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
983 | } |
||
984 | if (gettype($n) != 'integer') { |
||
985 | phpCAS :: error('type mismatched for parameter $header (should be `string\')');
|
||
986 | } |
||
987 | $PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n); |
||
988 | } |
||
989 | |||
990 | /**
|
||
991 | * Set a callback function to be run when a user authenticates.
|
||
992 | *
|
||
993 | * The callback function will be passed a $logoutTicket as its first parameter,
|
||
994 | * followed by any $additionalArgs you pass. The $logoutTicket parameter is an
|
||
995 | * opaque string that can be used to map the session-id to logout request in order
|
||
996 | * to support single-signout in applications that manage their own sessions
|
||
997 | * (rather than letting phpCAS start the session).
|
||
998 | *
|
||
999 | * phpCAS::forceAuthentication() will always exit and forward client unless
|
||
1000 | * they are already authenticated. To perform an action at the moment the user
|
||
1001 | * logs in (such as registering an account, performing logging, etc), register
|
||
1002 | * a callback function here.
|
||
1003 | *
|
||
1004 | * @param callback $function
|
||
1005 | * @param optional array $additionalArgs
|
||
1006 | * @return void
|
||
1007 | */
|
||
1008 | public static function setPostAuthenticateCallback ($function, array $additionalArgs = array()) { |
||
1009 | global $PHPCAS_CLIENT; |
||
1010 | if (!is_object($PHPCAS_CLIENT)) { |
||
1011 | phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
1012 | } |
||
1013 | |||
1014 | $PHPCAS_CLIENT->setPostAuthenticateCallback($function, $additionalArgs); |
||
1015 | } |
||
1016 | |||
1017 | /**
|
||
1018 | * Set a callback function to be run when a single-signout request is received.
|
||
1019 | *
|
||
1020 | * The callback function will be passed a $logoutTicket as its first parameter,
|
||
1021 | * followed by any $additionalArgs you pass. The $logoutTicket parameter is an
|
||
1022 | * opaque string that can be used to map a session-id to the logout request in order
|
||
1023 | * to support single-signout in applications that manage their own sessions
|
||
1024 | * (rather than letting phpCAS start and destroy the session).
|
||
1025 | *
|
||
1026 | * @param callback $function
|
||
1027 | * @param optional array $additionalArgs
|
||
1028 | * @return void
|
||
1029 | */
|
||
1030 | public static function setSingleSignoutCallback ($function, array $additionalArgs = array()) { |
||
1031 | global $PHPCAS_CLIENT; |
||
1032 | if (!is_object($PHPCAS_CLIENT)) { |
||
1033 | phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
1034 | } |
||
1035 | |||
1036 | $PHPCAS_CLIENT->setSingleSignoutCallback($function, $additionalArgs); |
||
1037 | } |
||
1038 | |||
1039 | /**
|
||
1040 | * This method is called to check if the user is already authenticated locally or has a global cas session. A already
|
||
1041 | * existing cas session is determined by a cas gateway call.(cas login call without any interactive prompt)
|
||
1042 | * @return TRUE when the user is authenticated, FALSE when a previous gateway login failed or
|
||
1043 | * the function will not return if the user is redirected to the cas server for a gateway login attempt
|
||
1044 | */
|
||
1045 | public static function checkAuthentication() { |
||
1046 | global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
||
1047 | |||
1048 | phpCAS :: traceBegin(); |
||
1049 | if (!is_object($PHPCAS_CLIENT)) { |
||
1050 | phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
1051 | } |
||
1052 | |||
1053 | $auth = $PHPCAS_CLIENT->checkAuthentication(); |
||
1054 | |||
1055 | // store where the authentication has been checked and the result
|
||
1056 | $dbg = debug_backtrace(); |
||
1057 | $PHPCAS_AUTH_CHECK_CALL = array ( |
||
1058 | 'done' => TRUE, |
||
1059 | 'file' => $dbg[0]['file'], |
||
1060 | 'line' => $dbg[0]['line'], |
||
1061 | 'method' => __CLASS__ . '::' . __FUNCTION__, |
||
1062 | 'result' => $auth |
||
1063 | ); |
||
1064 | phpCAS :: traceEnd($auth);
|
||
1065 | return $auth; |
||
1066 | } |
||
1067 | |||
1068 | /**
|
||
1069 | * This method is called to force authentication if the user was not already
|
||
1070 | * authenticated. If the user is not authenticated, halt by redirecting to
|
||
1071 | * the CAS server.
|
||
1072 | */
|
||
1073 | public static function forceAuthentication() { |
||
1074 | global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
||
1075 | |||
1076 | phpCAS :: traceBegin(); |
||
1077 | if (!is_object($PHPCAS_CLIENT)) { |
||
1078 | phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
1079 | } |
||
1080 | |||
1081 | $auth = $PHPCAS_CLIENT->forceAuthentication(); |
||
1082 | |||
1083 | // store where the authentication has been checked and the result
|
||
1084 | $dbg = debug_backtrace(); |
||
1085 | $PHPCAS_AUTH_CHECK_CALL = array ( |
||
1086 | 'done' => TRUE, |
||
1087 | 'file' => $dbg[0]['file'], |
||
1088 | 'line' => $dbg[0]['line'], |
||
1089 | 'method' => __CLASS__ . '::' . __FUNCTION__, |
||
1090 | 'result' => $auth |
||
1091 | ); |
||
1092 | |||
1093 | if (!$auth) { |
||
1094 | phpCAS :: trace('user is not authenticated, redirecting to the CAS server');
|
||
1095 | $PHPCAS_CLIENT->forceAuthentication();
|
||
1096 | } else {
|
||
1097 | phpCAS :: trace('no need to authenticate (user `' . phpCAS :: getUser() . '\' is already authenticated)'); |
||
1098 | } |
||
1099 | |||
1100 | phpCAS :: traceEnd(); |
||
1101 | return $auth; |
||
1102 | } |
||
1103 | |||
1104 | /**
|
||
1105 | * This method is called to renew the authentication.
|
||
1106 | **/
|
||
1107 | public static function renewAuthentication() { |
||
1108 | global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
||
1109 | |||
1110 | phpCAS :: traceBegin(); |
||
1111 | if (!is_object($PHPCAS_CLIENT)) { |
||
1112 | phpCAS :: error('this method should not be called before' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
1113 | } |
||
1114 | $auth = $PHPCAS_CLIENT->renewAuthentication(); |
||
1115 | // store where the authentication has been checked and the result
|
||
1116 | $dbg = debug_backtrace(); |
||
1117 | $PHPCAS_AUTH_CHECK_CALL = array ( |
||
1118 | 'done' => TRUE, |
||
1119 | 'file' => $dbg[0]['file'], |
||
1120 | 'line' => $dbg[0]['line'], |
||
1121 | 'method' => __CLASS__ . '::' . __FUNCTION__, |
||
1122 | 'result' => $auth |
||
1123 | ); |
||
1124 | |||
1125 | //$PHPCAS_CLIENT->renewAuthentication();
|
||
1126 | phpCAS :: traceEnd(); |
||
1127 | } |
||
1128 | |||
1129 | /**
|
||
1130 | * This method is called to check if the user is authenticated (previously or by
|
||
1131 | * tickets given in the URL).
|
||
1132 | *
|
||
1133 | * @return TRUE when the user is authenticated.
|
||
1134 | */
|
||
1135 | public static function isAuthenticated() { |
||
1136 | global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
||
1137 | |||
1138 | phpCAS :: traceBegin(); |
||
1139 | if (!is_object($PHPCAS_CLIENT)) { |
||
1140 | phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
1141 | } |
||
1142 | |||
1143 | // call the isAuthenticated method of the global $PHPCAS_CLIENT object
|
||
1144 | $auth = $PHPCAS_CLIENT->isAuthenticated(); |
||
1145 | |||
1146 | // store where the authentication has been checked and the result
|
||
1147 | $dbg = debug_backtrace(); |
||
1148 | $PHPCAS_AUTH_CHECK_CALL = array ( |
||
1149 | 'done' => TRUE, |
||
1150 | 'file' => $dbg[0]['file'], |
||
1151 | 'line' => $dbg[0]['line'], |
||
1152 | 'method' => __CLASS__ . '::' . __FUNCTION__, |
||
1153 | 'result' => $auth |
||
1154 | ); |
||
1155 | phpCAS :: traceEnd($auth);
|
||
1156 | return $auth; |
||
1157 | } |
||
1158 | |||
1159 | /**
|
||
1160 | * Checks whether authenticated based on $_SESSION. Useful to avoid
|
||
1161 | * server calls.
|
||
1162 | * @return true if authenticated, false otherwise.
|
||
1163 | * @since 0.4.22 by Brendan Arnold
|
||
1164 | */
|
||
1165 | public static function isSessionAuthenticated() { |
||
1166 | global $PHPCAS_CLIENT; |
||
1167 | if (!is_object($PHPCAS_CLIENT)) { |
||
1168 | phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
1169 | } |
||
1170 | return ($PHPCAS_CLIENT->isSessionAuthenticated()); |
||
1171 | } |
||
1172 | |||
1173 | /**
|
||
1174 | * This method returns the CAS user's login name.
|
||
1175 | * @warning should not be called only after phpCAS::forceAuthentication()
|
||
1176 | * or phpCAS::checkAuthentication().
|
||
1177 | *
|
||
1178 | * @return the login name of the authenticated user
|
||
1179 | */
|
||
1180 | public static function getUser() { |
||
1181 | global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
||
1182 | if (!is_object($PHPCAS_CLIENT)) { |
||
1183 | phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
1184 | } |
||
1185 | if (!$PHPCAS_AUTH_CHECK_CALL['done']) { |
||
1186 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); |
||
1187 | } |
||
1188 | if (!$PHPCAS_AUTH_CHECK_CALL['result']) { |
||
1189 | phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); |
||
1190 | } |
||
1191 | return $PHPCAS_CLIENT->getUser(); |
||
1192 | } |
||
1193 | |||
1194 | /**
|
||
1195 | * Answer attributes about the authenticated user.
|
||
1196 | *
|
||
1197 | * @warning should not be called only after phpCAS::forceAuthentication()
|
||
1198 | * or phpCAS::checkAuthentication().
|
||
1199 | *
|
||
1200 | * @return array
|
||
1201 | */
|
||
1202 | public static function getAttributes() { |
||
1203 | global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
||
1204 | if (!is_object($PHPCAS_CLIENT)) { |
||
1205 | phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
1206 | } |
||
1207 | if (!$PHPCAS_AUTH_CHECK_CALL['done']) { |
||
1208 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); |
||
1209 | } |
||
1210 | if (!$PHPCAS_AUTH_CHECK_CALL['result']) { |
||
1211 | phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); |
||
1212 | } |
||
1213 | return $PHPCAS_CLIENT->getAttributes(); |
||
1214 | } |
||
1215 | |||
1216 | /**
|
||
1217 | * Answer true if there are attributes for the authenticated user.
|
||
1218 | *
|
||
1219 | * @warning should not be called only after phpCAS::forceAuthentication()
|
||
1220 | * or phpCAS::checkAuthentication().
|
||
1221 | *
|
||
1222 | * @return boolean
|
||
1223 | */
|
||
1224 | public static function hasAttributes() { |
||
1225 | global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
||
1226 | if (!is_object($PHPCAS_CLIENT)) { |
||
1227 | phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
1228 | } |
||
1229 | if (!$PHPCAS_AUTH_CHECK_CALL['done']) { |
||
1230 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); |
||
1231 | } |
||
1232 | if (!$PHPCAS_AUTH_CHECK_CALL['result']) { |
||
1233 | phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); |
||
1234 | } |
||
1235 | return $PHPCAS_CLIENT->hasAttributes(); |
||
1236 | } |
||
1237 | |||
1238 | /**
|
||
1239 | * Answer true if an attribute exists for the authenticated user.
|
||
1240 | *
|
||
1241 | * @warning should not be called only after phpCAS::forceAuthentication()
|
||
1242 | * or phpCAS::checkAuthentication().
|
||
1243 | *
|
||
1244 | * @param string $key
|
||
1245 | * @return boolean
|
||
1246 | */
|
||
1247 | public static function hasAttribute($key) { |
||
1248 | global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
||
1249 | if (!is_object($PHPCAS_CLIENT)) { |
||
1250 | phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
1251 | } |
||
1252 | if (!$PHPCAS_AUTH_CHECK_CALL['done']) { |
||
1253 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); |
||
1254 | } |
||
1255 | if (!$PHPCAS_AUTH_CHECK_CALL['result']) { |
||
1256 | phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); |
||
1257 | } |
||
1258 | return $PHPCAS_CLIENT->hasAttribute($key); |
||
1259 | } |
||
1260 | |||
1261 | /**
|
||
1262 | * Answer an attribute for the authenticated user.
|
||
1263 | *
|
||
1264 | * @warning should not be called only after phpCAS::forceAuthentication()
|
||
1265 | * or phpCAS::checkAuthentication().
|
||
1266 | *
|
||
1267 | * @param string $key
|
||
1268 | * @return mixed string for a single value or an array if multiple values exist.
|
||
1269 | */
|
||
1270 | public static function getAttribute($key) { |
||
1271 | global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; |
||
1272 | if (!is_object($PHPCAS_CLIENT)) { |
||
1273 | phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
1274 | } |
||
1275 | if (!$PHPCAS_AUTH_CHECK_CALL['done']) { |
||
1276 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); |
||
1277 | } |
||
1278 | if (!$PHPCAS_AUTH_CHECK_CALL['result']) { |
||
1279 | phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); |
||
1280 | } |
||
1281 | return $PHPCAS_CLIENT->getAttribute($key); |
||
1282 | } |
||
1283 | |||
1284 | /**
|
||
1285 | * Handle logout requests.
|
||
1286 | */
|
||
1287 | public static function handleLogoutRequests($check_client = true, $allowed_clients = false) { |
||
1288 | global $PHPCAS_CLIENT; |
||
1289 | if (!is_object($PHPCAS_CLIENT)) { |
||
1290 | phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
1291 | } |
||
1292 | return ($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients)); |
||
1293 | } |
||
1294 | |||
1295 | /**
|
||
1296 | * This method returns the URL to be used to login.
|
||
1297 | * or phpCAS::isAuthenticated().
|
||
1298 | *
|
||
1299 | * @return the login name of the authenticated user
|
||
1300 | */
|
||
1301 | public static function getServerLoginURL() { |
||
1302 | global $PHPCAS_CLIENT; |
||
1303 | if (!is_object($PHPCAS_CLIENT)) { |
||
1304 | phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
1305 | } |
||
1306 | return $PHPCAS_CLIENT->getServerLoginURL(); |
||
1307 | } |
||
1308 | |||
1309 | /**
|
||
1310 | * Set the login URL of the CAS server.
|
||
1311 | * @param $url the login URL
|
||
1312 | * @since 0.4.21 by Wyman Chan
|
||
1313 | */
|
||
1314 | public static function setServerLoginURL($url = '') { |
||
1315 | global $PHPCAS_CLIENT; |
||
1316 | phpCAS :: traceBegin(); |
||
1317 | if (!is_object($PHPCAS_CLIENT)) { |
||
1318 | phpCAS :: error('this method should only be called after
|
||
1319 | ' . __CLASS__ . '::client()'); |
||
1320 | } |
||
1321 | if (gettype($url) != 'string') { |
||
1322 | phpCAS :: error('type mismatched for parameter $url (should be
|
||
1323 | `string\')');
|
||
1324 | } |
||
1325 | $PHPCAS_CLIENT->setServerLoginURL($url); |
||
1326 | phpCAS :: traceEnd(); |
||
1327 | } |
||
1328 | |||
1329 | /**
|
||
1330 | * Set the serviceValidate URL of the CAS server.
|
||
1331 | * Used only in CAS 1.0 validations
|
||
1332 | * @param $url the serviceValidate URL
|
||
1333 | * @since 1.1.0 by Joachim Fritschi
|
||
1334 | */
|
||
1335 | public static function setServerServiceValidateURL($url = '') { |
||
1336 | global $PHPCAS_CLIENT; |
||
1337 | phpCAS :: traceBegin(); |
||
1338 | if (!is_object($PHPCAS_CLIENT)) { |
||
1339 | phpCAS :: error('this method should only be called after
|
||
1340 | ' . __CLASS__ . '::client()'); |
||
1341 | } |
||
1342 | if (gettype($url) != 'string') { |
||
1343 | phpCAS :: error('type mismatched for parameter $url (should be
|
||
1344 | `string\')');
|
||
1345 | } |
||
1346 | $PHPCAS_CLIENT->setServerServiceValidateURL($url); |
||
1347 | phpCAS :: traceEnd(); |
||
1348 | } |
||
1349 | |||
1350 | /**
|
||
1351 | * Set the proxyValidate URL of the CAS server.
|
||
1352 | * Used for all CAS 2.0 validations
|
||
1353 | * @param $url the proxyValidate URL
|
||
1354 | * @since 1.1.0 by Joachim Fritschi
|
||
1355 | */
|
||
1356 | public static function setServerProxyValidateURL($url = '') { |
||
1357 | global $PHPCAS_CLIENT; |
||
1358 | phpCAS :: traceBegin(); |
||
1359 | if (!is_object($PHPCAS_CLIENT)) { |
||
1360 | phpCAS :: error('this method should only be called after
|
||
1361 | ' . __CLASS__ . '::client()'); |
||
1362 | } |
||
1363 | if (gettype($url) != 'string') { |
||
1364 | phpCAS :: error('type mismatched for parameter $url (should be
|
||
1365 | `string\')');
|
||
1366 | } |
||
1367 | $PHPCAS_CLIENT->setServerProxyValidateURL($url); |
||
1368 | phpCAS :: traceEnd(); |
||
1369 | } |
||
1370 | |||
1371 | /**
|
||
1372 | * Set the samlValidate URL of the CAS server.
|
||
1373 | * @param $url the samlValidate URL
|
||
1374 | * @since 1.1.0 by Joachim Fritschi
|
||
1375 | */
|
||
1376 | public static function setServerSamlValidateURL($url = '') { |
||
1377 | global $PHPCAS_CLIENT; |
||
1378 | phpCAS :: traceBegin(); |
||
1379 | if (!is_object($PHPCAS_CLIENT)) { |
||
1380 | phpCAS :: error('this method should only be called after
|
||
1381 | ' . __CLASS__ . '::client()'); |
||
1382 | } |
||
1383 | if (gettype($url) != 'string') { |
||
1384 | phpCAS :: error('type mismatched for parameter $url (should be
|
||
1385 | `string\')');
|
||
1386 | } |
||
1387 | $PHPCAS_CLIENT->setServerSamlValidateURL($url); |
||
1388 | phpCAS :: traceEnd(); |
||
1389 | } |
||
1390 | |||
1391 | /**
|
||
1392 | * This method returns the URL to be used to login.
|
||
1393 | * or phpCAS::isAuthenticated().
|
||
1394 | *
|
||
1395 | * @return the login name of the authenticated user
|
||
1396 | */
|
||
1397 | public static function getServerLogoutURL() { |
||
1398 | global $PHPCAS_CLIENT; |
||
1399 | if (!is_object($PHPCAS_CLIENT)) { |
||
1400 | phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); |
||
1401 | } |
||
1402 | return $PHPCAS_CLIENT->getServerLogoutURL(); |
||
1403 | } |
||
1404 | |||
1405 | /**
|
||
1406 | * Set the logout URL of the CAS server.
|
||
1407 | * @param $url the logout URL
|
||
1408 | * @since 0.4.21 by Wyman Chan
|
||
1409 | */
|
||
1410 | public static function setServerLogoutURL($url = '') { |
||
1411 | global $PHPCAS_CLIENT; |
||
1412 | phpCAS :: traceBegin(); |
||
1413 | if (!is_object($PHPCAS_CLIENT)) { |
||
1414 | phpCAS :: error('this method should only be called after
|
||
1415 | ' . __CLASS__ . '::client()'); |
||
1416 | } |
||
1417 | if (gettype($url) != 'string') { |
||
1418 | phpCAS :: error('type mismatched for parameter $url (should be
|
||
1419 | `string\')');
|
||
1420 | } |
||
1421 | $PHPCAS_CLIENT->setServerLogoutURL($url); |
||
1422 | phpCAS :: traceEnd(); |
||
1423 | } |
||
1424 | |||
1425 | /**
|
||
1426 | * This method is used to logout from CAS.
|
||
1427 | * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server
|
||
1428 | * @public
|
||
1429 | */
|
||
1430 | public static function logout($params = "") { |
||
1431 | global $PHPCAS_CLIENT; |
||
1432 | phpCAS :: traceBegin(); |
||
1433 | if (!is_object($PHPCAS_CLIENT)) { |
||
1434 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); |
||
1435 | } |
||
1436 | $parsedParams = array (); |
||
1437 | if ($params != "") { |
||
1438 | if (is_string($params)) { |
||
1439 | phpCAS :: error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead');
|
||
1440 | } |
||
1441 | if (!is_array($params)) { |
||
1442 | phpCAS :: error('type mismatched for parameter $params (should be `array\')');
|
||
1443 | } |
||
1444 | foreach ($params as $key => $value) { |
||
1445 | if ($key != "service" && $key != "url") { |
||
1446 | phpCAS :: error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\'');
|
||
1447 | } |
||
1448 | $parsedParams[$key] = $value; |
||
1449 | } |
||
1450 | } |
||
1451 | $PHPCAS_CLIENT->logout($parsedParams); |
||
1452 | // never reached
|
||
1453 | phpCAS :: traceEnd(); |
||
1454 | } |
||
1455 | |||
1456 | /**
|
||
1457 | * This method is used to logout from CAS. Halts by redirecting to the CAS server.
|
||
1458 | * @param $service a URL that will be transmitted to the CAS server
|
||
1459 | */
|
||
1460 | public static function logoutWithRedirectService($service) { |
||
1461 | global $PHPCAS_CLIENT; |
||
1462 | phpCAS :: traceBegin(); |
||
1463 | if (!is_object($PHPCAS_CLIENT)) { |
||
1464 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); |
||
1465 | } |
||
1466 | if (!is_string($service)) { |
||
1467 | phpCAS :: error('type mismatched for parameter $service (should be `string\')');
|
||
1468 | } |
||
1469 | $PHPCAS_CLIENT->logout(array ( |
||
1470 | "service" => $service |
||
1471 | )); |
||
1472 | // never reached
|
||
1473 | phpCAS :: traceEnd(); |
||
1474 | } |
||
1475 | |||
1476 | /**
|
||
1477 | * This method is used to logout from CAS. Halts by redirecting to the CAS server.
|
||
1478 | * @param $url a URL that will be transmitted to the CAS server
|
||
1479 | * @deprecated The url parameter has been removed from the CAS server as of version 3.3.5.1
|
||
1480 | */
|
||
1481 | public static function logoutWithUrl($url) { |
||
1482 | trigger_error('Function deprecated for cas servers >= 3.3.5.1', E_USER_DEPRECATED); |
||
1483 | global $PHPCAS_CLIENT; |
||
1484 | phpCAS :: traceBegin(); |
||
1485 | if (!is_object($PHPCAS_CLIENT)) { |
||
1486 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); |
||
1487 | } |
||
1488 | if (!is_string($url)) { |
||
1489 | phpCAS :: error('type mismatched for parameter $url (should be `string\')');
|
||
1490 | } |
||
1491 | $PHPCAS_CLIENT->logout(array ( |
||
1492 | "url" => $url |
||
1493 | )); |
||
1494 | // never reached
|
||
1495 | phpCAS :: traceEnd(); |
||
1496 | } |
||
1497 | |||
1498 | /**
|
||
1499 | * This method is used to logout from CAS. Halts by redirecting to the CAS server.
|
||
1500 | * @param $service a URL that will be transmitted to the CAS server
|
||
1501 | * @param $url a URL that will be transmitted to the CAS server
|
||
1502 | * @deprecated The url parameter has been removed from the CAS server as of version 3.3.5.1
|
||
1503 | */
|
||
1504 | public static function logoutWithRedirectServiceAndUrl($service, $url) { |
||
1505 | trigger_error('Function deprecated for cas servers >= 3.3.5.1', E_USER_DEPRECATED); |
||
1506 | global $PHPCAS_CLIENT; |
||
1507 | phpCAS :: traceBegin(); |
||
1508 | if (!is_object($PHPCAS_CLIENT)) { |
||
1509 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); |
||
1510 | } |
||
1511 | if (!is_string($service)) { |
||
1512 | phpCAS :: error('type mismatched for parameter $service (should be `string\')');
|
||
1513 | } |
||
1514 | if (!is_string($url)) { |
||
1515 | phpCAS :: error('type mismatched for parameter $url (should be `string\')');
|
||
1516 | } |
||
1517 | $PHPCAS_CLIENT->logout(array ( |
||
1518 | "service" => $service, |
||
1519 | "url" => $url |
||
1520 | )); |
||
1521 | // never reached
|
||
1522 | phpCAS :: traceEnd(); |
||
1523 | } |
||
1524 | |||
1525 | /**
|
||
1526 | * Set the fixed URL that will be used by the CAS server to transmit the PGT.
|
||
1527 | * When this method is not called, a phpCAS script uses its own URL for the callback.
|
||
1528 | *
|
||
1529 | * @param $url the URL
|
||
1530 | */
|
||
1531 | public static function setFixedCallbackURL($url = '') { |
||
1532 | global $PHPCAS_CLIENT; |
||
1533 | phpCAS :: traceBegin(); |
||
1534 | if (!is_object($PHPCAS_CLIENT)) { |
||
1535 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
1536 | } |
||
1537 | if (!$PHPCAS_CLIENT->isProxy()) { |
||
1538 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
1539 | } |
||
1540 | if (gettype($url) != 'string') { |
||
1541 | phpCAS :: error('type mismatched for parameter $url (should be `string\')');
|
||
1542 | } |
||
1543 | $PHPCAS_CLIENT->setCallbackURL($url); |
||
1544 | phpCAS :: traceEnd(); |
||
1545 | } |
||
1546 | |||
1547 | /**
|
||
1548 | * Set the fixed URL that will be set as the CAS service parameter. When this
|
||
1549 | * method is not called, a phpCAS script uses its own URL.
|
||
1550 | *
|
||
1551 | * @param $url the URL
|
||
1552 | */
|
||
1553 | public static function setFixedServiceURL($url) { |
||
1554 | global $PHPCAS_CLIENT; |
||
1555 | phpCAS :: traceBegin(); |
||
1556 | if (!is_object($PHPCAS_CLIENT)) { |
||
1557 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
1558 | } |
||
1559 | if (gettype($url) != 'string') { |
||
1560 | phpCAS :: error('type mismatched for parameter $url (should be `string\')');
|
||
1561 | } |
||
1562 | $PHPCAS_CLIENT->setURL($url); |
||
1563 | phpCAS :: traceEnd(); |
||
1564 | } |
||
1565 | |||
1566 | /**
|
||
1567 | * Get the URL that is set as the CAS service parameter.
|
||
1568 | */
|
||
1569 | public static function getServiceURL() { |
||
1570 | global $PHPCAS_CLIENT; |
||
1571 | if (!is_object($PHPCAS_CLIENT)) { |
||
1572 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
1573 | } |
||
1574 | return ($PHPCAS_CLIENT->getURL()); |
||
1575 | } |
||
1576 | |||
1577 | /**
|
||
1578 | * Retrieve a Proxy Ticket from the CAS server.
|
||
1579 | */
|
||
1580 | public static function retrievePT($target_service, & $err_code, & $err_msg) { |
||
1581 | global $PHPCAS_CLIENT; |
||
1582 | if (!is_object($PHPCAS_CLIENT)) { |
||
1583 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); |
||
1584 | } |
||
1585 | if (gettype($target_service) != 'string') { |
||
1586 | phpCAS :: error('type mismatched for parameter $target_service(should be `string\')');
|
||
1587 | } |
||
1588 | return ($PHPCAS_CLIENT->retrievePT($target_service, $err_code, $err_msg)); |
||
1589 | } |
||
1590 | |||
1591 | /**
|
||
1592 | * Set the certificate of the CAS server CA.
|
||
1593 | *
|
||
1594 | * @param $cert the CA certificate
|
||
1595 | */
|
||
1596 | public static function setCasServerCACert($cert) { |
||
1597 | global $PHPCAS_CLIENT; |
||
1598 | phpCAS :: traceBegin(); |
||
1599 | if (!is_object($PHPCAS_CLIENT)) { |
||
1600 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); |
||
1601 | } |
||
1602 | if (gettype($cert) != 'string') { |
||
1603 | phpCAS :: error('type mismatched for parameter $cert (should be `string\')');
|
||
1604 | } |
||
1605 | $PHPCAS_CLIENT->setCasServerCACert($cert); |
||
1606 | phpCAS :: traceEnd(); |
||
1607 | } |
||
1608 | |||
1609 | /**
|
||
1610 | * Set no SSL validation for the CAS server.
|
||
1611 | */
|
||
1612 | public static function setNoCasServerValidation() { |
||
1613 | global $PHPCAS_CLIENT; |
||
1614 | phpCAS :: traceBegin(); |
||
1615 | if (!is_object($PHPCAS_CLIENT)) { |
||
1616 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); |
||
1617 | } |
||
1618 | $PHPCAS_CLIENT->setNoCasServerValidation();
|
||
1619 | phpCAS :: traceEnd(); |
||
1620 | } |
||
1621 | |||
1622 | |||
1623 | /**
|
||
1624 | * Disable the removal of a CAS-Ticket from the URL when authenticating
|
||
1625 | * DISABLING POSES A SECURITY RISK:
|
||
1626 | * We normally remove the ticket by an additional redirect as a security precaution
|
||
1627 | * to prevent a ticket in the HTTP_REFERRER or be carried over in the URL parameter
|
||
1628 | */
|
||
1629 | public static function setNoClearTicketsFromUrl() { |
||
1630 | global $PHPCAS_CLIENT; |
||
1631 | phpCAS :: traceBegin(); |
||
1632 | if (!is_object($PHPCAS_CLIENT)) { |
||
1633 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); |
||
1634 | } |
||
1635 | $PHPCAS_CLIENT->setNoClearTicketsFromUrl();
|
||
1636 | phpCAS :: traceEnd(); |
||
1637 | } |
||
1638 | |||
1639 | /** @} */
|
||
1640 | |||
1641 | /**
|
||
1642 | * Change CURL options.
|
||
1643 | * CURL is used to connect through HTTPS to CAS server
|
||
1644 | * @param $key the option key
|
||
1645 | * @param $value the value to set
|
||
1646 | */
|
||
1647 | public static function setExtraCurlOption($key, $value) { |
||
1648 | global $PHPCAS_CLIENT; |
||
1649 | phpCAS :: traceBegin(); |
||
1650 | if (!is_object($PHPCAS_CLIENT)) { |
||
1651 | phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); |
||
1652 | } |
||
1653 | $PHPCAS_CLIENT->setExtraCurlOption($key, $value); |
||
1654 | phpCAS :: traceEnd(); |
||
1655 | } |
||
1656 | |||
1657 | |||
1658 | /**
|
||
1659 | * Answer an array of proxies that are sitting in front of this application.
|
||
1660 | *
|
||
1661 | * This method will only return a non-empty array if we have received and validated
|
||
1662 | * a Proxy Ticket.
|
||
1663 | *
|
||
1664 | * @return array
|
||
1665 | * @access public
|
||
1666 | * @since 6/25/09
|
||
1667 | */
|
||
1668 | public static function getProxies () { |
||
1669 | global $PHPCAS_CLIENT; |
||
1670 | if ( !is_object($PHPCAS_CLIENT) ) { |
||
1671 | phpCAS::error('this method should only be called after '.__CLASS__.'::client()'); |
||
1672 | } |
||
1673 | |||
1674 | return($PHPCAS_CLIENT->getProxies()); |
||
1675 | } |
||
1676 | |||
1677 | } |
||
1678 | |||
1679 | // ########################################################################
|
||
1680 | // DOCUMENTATION
|
||
1681 | // ########################################################################
|
||
1682 | |||
1683 | // ########################################################################
|
||
1684 | // MAIN PAGE
|
||
1685 | |||
1686 | /**
|
||
1687 | * @mainpage
|
||
1688 | *
|
||
1689 | * The following pages only show the source documentation.
|
||
1690 | *
|
||
1691 | */
|
||
1692 | |||
1693 | // ########################################################################
|
||
1694 | // MODULES DEFINITION
|
||
1695 | |||
1696 | /** @defgroup public User interface */
|
||
1697 | |||
1698 | /** @defgroup publicInit Initialization
|
||
1699 | * @ingroup public */
|
||
1700 | |||
1701 | /** @defgroup publicAuth Authentication
|
||
1702 | * @ingroup public */
|
||
1703 | |||
1704 | /** @defgroup publicServices Access to external services
|
||
1705 | * @ingroup public */
|
||
1706 | |||
1707 | /** @defgroup publicConfig Configuration
|
||
1708 | * @ingroup public */
|
||
1709 | |||
1710 | /** @defgroup publicLang Internationalization
|
||
1711 | * @ingroup publicConfig */
|
||
1712 | |||
1713 | /** @defgroup publicOutput HTML output
|
||
1714 | * @ingroup publicConfig */
|
||
1715 | |||
1716 | /** @defgroup publicPGTStorage PGT storage
|
||
1717 | * @ingroup publicConfig */
|
||
1718 | |||
1719 | /** @defgroup publicDebug Debugging
|
||
1720 | * @ingroup public */
|
||
1721 | |||
1722 | /** @defgroup internal Implementation */
|
||
1723 | |||
1724 | /** @defgroup internalAuthentication Authentication
|
||
1725 | * @ingroup internal */
|
||
1726 | |||
1727 | /** @defgroup internalBasic CAS Basic client features (CAS 1.0, Service Tickets)
|
||
1728 | * @ingroup internal */
|
||
1729 | |||
1730 | /** @defgroup internalProxy CAS Proxy features (CAS 2.0, Proxy Granting Tickets)
|
||
1731 | * @ingroup internal */
|
||
1732 | |||
1733 | /** @defgroup internalSAML CAS SAML features (SAML 1.1)
|
||
1734 | * @ingroup internal */
|
||
1735 | |||
1736 | /** @defgroup internalPGTStorage PGT storage
|
||
1737 | * @ingroup internalProxy */
|
||
1738 | |||
1739 | /** @defgroup internalPGTStorageDb PGT storage in a database
|
||
1740 | * @ingroup internalPGTStorage */
|
||
1741 | |||
1742 | /** @defgroup internalPGTStorageFile PGT storage on the filesystem
|
||
1743 | * @ingroup internalPGTStorage */
|
||
1744 | |||
1745 | /** @defgroup internalCallback Callback from the CAS server
|
||
1746 | * @ingroup internalProxy */
|
||
1747 | |||
1748 | /** @defgroup internalProxyServices Proxy other services
|
||
1749 | * @ingroup internalProxy */
|
||
1750 | |||
1751 | /** @defgroup internalProxied CAS proxied client features (CAS 2.0, Proxy Tickets)
|
||
1752 | * @ingroup internal */
|
||
1753 | |||
1754 | /** @defgroup internalConfig Configuration
|
||
1755 | * @ingroup internal */
|
||
1756 | |||
1757 | /** @defgroup internalBehave Internal behaviour of phpCAS
|
||
1758 | * @ingroup internalConfig */
|
||
1759 | |||
1760 | /** @defgroup internalOutput HTML output
|
||
1761 | * @ingroup internalConfig */
|
||
1762 | |||
1763 | /** @defgroup internalLang Internationalization
|
||
1764 | * @ingroup internalConfig
|
||
1765 | *
|
||
1766 | * To add a new language:
|
||
1767 | * - 1. define a new constant PHPCAS_LANG_XXXXXX in CAS/CAS.php
|
||
1768 | * - 2. copy any file from CAS/languages to CAS/languages/XXXXXX.php
|
||
1769 | * - 3. Make the translations
|
||
1770 | */
|
||
1771 | |||
1772 | /** @defgroup internalDebug Debugging
|
||
1773 | * @ingroup internal */
|
||
1774 | |||
1775 | /** @defgroup internalMisc Miscellaneous
|
||
1776 | * @ingroup internal */
|
||
1777 | |||
1778 | // ########################################################################
|
||
1779 | // EXAMPLES
|
||
1780 | |||
1781 | /**
|
||
1782 | * @example example_simple.php
|
||
1783 | */
|
||
1784 | /**
|
||
1785 | * @example example_service.php
|
||
1786 | */
|
||
1787 | /**
|
||
1788 | * @example example_service_that_proxies.php
|
||
1789 | */
|
||
1790 | /**
|
||
1791 | * @example example_service_POST.php
|
||
1792 | */
|
||
1793 | /**
|
||
1794 | * @example example_proxy_serviceWeb.php
|
||
1795 | */
|
||
1796 | /**
|
||
1797 | * @example example_proxy_serviceWeb_chaining.php
|
||
1798 | */
|
||
1799 | /**
|
||
1800 | * @example example_proxy_POST.php
|
||
1801 | */
|
||
1802 | /**
|
||
1803 | * @example example_proxy_GET.php
|
||
1804 | */
|
||
1805 | /**
|
||
1806 | * @example example_lang.php
|
||
1807 | */
|
||
1808 | /**
|
||
1809 | * @example example_html.php
|
||
1810 | */
|
||
1811 | /**
|
||
1812 | * @example example_pgt_storage_file.php
|
||
1813 | */
|
||
1814 | /**
|
||
1815 | * @example example_gateway.php
|
||
1816 | */
|
||
1817 | /**
|
||
1818 | * @example example_logout.php
|
||
1819 | */
|
||
1820 | /**
|
||
1821 | * @example example_custom_urls.php
|
||
1822 | */
|
||
1823 | /**
|
||
1824 | * @example example_advanced_saml11.php
|
||
1825 | */
|
||
1826 | ?>
|