diff --git a/main/auth/cas/authcas.php b/main/auth/cas/authcas.php
deleted file mode 100755
index e98e2fa70a..0000000000
--- a/main/auth/cas/authcas.php
+++ /dev/null
@@ -1,228 +0,0 @@
- for the paris5 university
-
-* Checks if the user is already logged in via the cas system
-* Gets all the info via the ldap module (ldap has to work)
-
-*/
-require_once api_get_path(SYS_PATH).'main/auth/cas/cas_var.inc.php';
-require_once api_get_path(SYS_PATH).'main/auth/external_login/ldap.inc.php';
-require_once api_get_path(SYS_PATH).'main/auth/external_login/functions.inc.php';
-
-/**
- * @return true if cas is configured
- */
-function cas_configured()
-{
- global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
- $res = false;
- if (!empty($cas_auth_ver) && !empty($cas_auth_server) && !empty($cas_auth_port)) {
- $res = true;
- }
-
- return $res;
-}
-
-/**
- * checks if the user already get a session.
- *
- * @return the user login if the user already has a session ,false otherwise
- */
-function cas_is_authenticated()
-{
- global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
- global $PHPCAS_CLIENT;
- global $logout;
-
- if (!cas_configured()) {
- return;
- }
-
- if (!is_object($PHPCAS_CLIENT)) {
- phpCAS::client($cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri);
- phpCAS::setNoCasServerValidation();
- }
- $auth = phpCAS::checkAuthentication();
-
- if ($auth) {
- $login = trim(phpCAS::getUser());
- /*
- Get user attributes. Here are the attributes for crdp platform
- sn => name
- ENTPersonMailInterne => mail
- ENTPersonAlias => login
- ENTPersonProfils => profil
- givenName => first name
- */
- /*$user=phpCAS::getAttributes();
- $firstName = trim($user['givenName']);
- $lastName = trim($user['sn']);
- $login = trim($user['ENTPersonAlias']);
- $profil = trim($user['ENTPersonProfils']);
- $email = trim($user['ENTPersonMailInterne']);
- $satus=5;
- switch ($profil){
- case 'admin_etab':
- $status=3; //Session admin
- break;
- case 'admin_sie':
- $status=3; //Session admin
- break;
- case 'National_3':
- $status=1; // Teacher
- break;
- case 'National_1':
- $status=5; // Student
- break;
- default:
- $status=5; // Student
- }*/
- if (!$logout) {
- // get user info from username
- $tab_user_info = api_get_user_info($login);
-
- // user found in the chamilo database
- if (is_array($tab_user_info)) {
- // if option is on we update user automatically from ldap server
- if (api_get_setting("update_user_info_cas_with_ldap") == "true") {
- $ldapuser = extldap_authenticate($login, 'nopass', true);
- if ($ldapuser !== false) {
- $chamilo_user = extldap_get_chamilo_user($ldapuser);
- $chamilo_user['user_id'] = $tab_user_info['user_id'];
- $chamilo_user['status'] = $tab_user_info['status'];
- UserManager::update_user(
- $chamilo_user["user_id"],
- $chamilo_user["firstname"],
- $chamilo_user["lastname"],
- $login,
- null,
- null,
- $chamilo_user["email"],
- $chamilo_user["status"],
- '',
- '',
- '',
- '',
- 1,
- null,
- 0,
- null,
- ''
- );
- }
- }
-
- return $login;
- } // user not found
- else {
- // if option is on we can ADD user automatically from ldap server or by modify own profil
- $user_added = false;
- switch (api_get_setting("cas_add_user_activate")) {
- case PLATFORM_AUTH_SOURCE:
- // user will have to modify firstname, lastname, email in chamilo profil edit
- $userdata = get_lang("EditInProfil");
- UserManager::create_user(
- $userdata,
- $userdata,
- '5',
- $userdata,
- $login,
- 'casplaceholder',
- '',
- '',
- '',
- '',
- CAS_AUTH_SOURCE
- );
- $user_added = $login;
- break;
- case LDAP_AUTH_SOURCE:
- // user info are read from ldap connexion
- // get user info from ldap server
- // user has already been authenticated by CAS
- // If user not found in LDAP, user not created
- $ldapuser = extldap_authenticate($login, 'nopass', true);
- if ($ldapuser !== false) {
- $chamilo_user = extldap_get_chamilo_user($ldapuser);
- $chamilo_user['username'] = $login;
- $chamilo_user['auth_source'] = CAS_AUTH_SOURCE;
- $chamilo_uid = external_add_user($chamilo_user);
- $user_added = $login;
- }
- break;
- default:
- break;
- }
-
- return $user_added;
- }
- }
- // //If the user is in the dokeos database and we are ,not in a logout request, we upgrade his infomration by ldap
- // if (! $logout){
- // $user_table = Database::get_main_table(TABLE_MAIN_USER);
- // $sql = "SELECT user_id, username, password, auth_source, active, expiration_date ".
- // "FROM $user_table ".
- // "WHERE username = '$login' ";
-//
- // $result = Database::query($sql,__FILE__,__LINE__);
- // if(mysql_num_rows($result) == 0) {
- // require_once(api_get_path(SYS_PATH).'main/inc/lib/usermanager.lib.php');
- // $rnumber=rand(0,256000);
- // UserManager::create_user($firstName, $lastName, $status, $email, $login, md5('casplaceholder'.$rnumber), $official_code='',$language='',$phone='',$picture_uri='',$auth_source = PLATFORM_AUTH_SOURCE);
- // }
- // else {
- // $user = mysql_fetch_assoc($result);
- // $user_id = intval($user['user_id']);
- // //echo "deb : $status";
- // UserManager::update_user ($user_id, $firstname, $lastname, $login, null, null, $email, $status, '', '', '', '', 1, null, 0, null,'') ;
-//
- // }
- // }
- return $login;
- } else {
- return false;
- }
-}
-
-/**
- * Logs out the user of the cas
- * The user MUST be logged in with cas to use this function.
- *
- * @param $uinfo array user info (not needed)
- * @param $location string redirect url
- *
- * @see online_logout()
- */
-function cas_logout($uinfo = null, $location = null)
-{
- global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
- global $PHPCAS_CLIENT;
- if (!is_object($PHPCAS_CLIENT)) {
- phpCAS::client($cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri);
- phpCAS::setNoCasServerValidation();
- }
-
- if (!isset($location)) {
- $location = api_get_path(WEB_PATH);
- }
-
- phpCAS::logoutWithRedirectService($location);
-}
-
-/*
- * Return the direct URL to a course code with CAS login
- */
-function get_cas_direct_URL($in_course_code)
-{
- return api_get_path(WEB_PATH).'main/auth/cas/logincas.php?firstpage='.$in_course_code;
-}
-
-function getCASLogoHTML()
-{
- $out_res = "";
- if (api_get_setting("casLogoURL") != "") {
- $out_res = "";
- }
-
- return $out_res;
-}
diff --git a/main/auth/cas/cas_var.inc.php b/main/auth/cas/cas_var.inc.php
deleted file mode 100755
index b4fbfb9ed5..0000000000
--- a/main/auth/cas/cas_var.inc.php
+++ /dev/null
@@ -1,31 +0,0 @@
-=')) {
- require_once __DIR__.'/CAS/domxml-php4-to-php5.php';
-}
-
-/**
- * @file CAS/CAS.php
- * Interface class of the phpCAS library
- *
- * @ingroup public
- */
-
-// ########################################################################
-// CONSTANTS
-// ########################################################################
-
-// ------------------------------------------------------------------------
-// CAS VERSIONS
-// ------------------------------------------------------------------------
-
-/**
- * phpCAS version. accessible for the user by phpCAS::getVersion().
- */
-define('PHPCAS_VERSION', '1.1.1');
-
-// ------------------------------------------------------------------------
-// CAS VERSIONS
-// ------------------------------------------------------------------------
-/**
- * @addtogroup public
- * @{
- */
-
-/**
- * CAS version 1.0
- */
-define("CAS_VERSION_1_0", '1.0');
-/*!
- * CAS version 2.0
- */
-define("CAS_VERSION_2_0", '2.0');
-
-// ------------------------------------------------------------------------
-// SAML defines
-// ------------------------------------------------------------------------
-
-/**
- * SAML protocol
- */
-define("SAML_VERSION_1_1", 'S1');
-
-/**
- * XML header for SAML POST
- */
-define("SAML_XML_HEADER", '');
-
-/**
- * SOAP envelope for SAML POST
- */
-define("SAML_SOAP_ENV",
- '');
-
-/**
- * SOAP body for SAML POST
- */
-define("SAML_SOAP_BODY", '');
-
-/**
- * SAMLP request
- */
-define("SAMLP_REQUEST",
- '');
-define("SAMLP_REQUEST_CLOSE", '');
-
-/**
- * SAMLP artifact tag (for the ticket)
- */
-define("SAML_ASSERTION_ARTIFACT", '');
-
-/**
- * SAMLP close
- */
-define("SAML_ASSERTION_ARTIFACT_CLOSE", '');
-
-/**
- * SOAP body close
- */
-define("SAML_SOAP_BODY_CLOSE", '');
-
-/**
- * SOAP envelope close
- */
-define("SAML_SOAP_ENV_CLOSE", '');
-
-/**
- * SAML Attributes
- */
-define("SAML_ATTRIBUTES", 'SAMLATTRIBS');
-
-/** @} */
-/**
- * @addtogroup publicPGTStorage
- * @{
- */
-// ------------------------------------------------------------------------
-// FILE PGT STORAGE
-// ------------------------------------------------------------------------
-/**
- * Default path used when storing PGT's to file
- */
-define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH", '/tmp');
-/**
- * phpCAS::setPGTStorageFile()'s 2nd parameter to write plain text files
- */
-define("CAS_PGT_STORAGE_FILE_FORMAT_PLAIN", 'plain');
-/**
- * phpCAS::setPGTStorageFile()'s 2nd parameter to write xml files
- */
-define("CAS_PGT_STORAGE_FILE_FORMAT_XML", 'xml');
-/**
- * Default format used when storing PGT's to file
- */
-define("CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT", CAS_PGT_STORAGE_FILE_FORMAT_PLAIN);
-// ------------------------------------------------------------------------
-// DATABASE PGT STORAGE
-// ------------------------------------------------------------------------
-/**
- * default database type when storing PGT's to database
- */
-define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE", 'mysql');
-/**
- * default host when storing PGT's to database
- */
-define("CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME", 'localhost');
-/**
- * default port when storing PGT's to database
- */
-define("CAS_PGT_STORAGE_DB_DEFAULT_PORT", '');
-/**
- * default database when storing PGT's to database
- */
-define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE", 'phpCAS');
-/**
- * default table when storing PGT's to database
- */
-define("CAS_PGT_STORAGE_DB_DEFAULT_TABLE", 'pgt');
-
-/** @} */
-// ------------------------------------------------------------------------
-// SERVICE ACCESS ERRORS
-// ------------------------------------------------------------------------
-/**
- * @addtogroup publicServices
- * @{
- */
-
-/**
- * phpCAS::service() error code on success
- */
-define("PHPCAS_SERVICE_OK", 0);
-/**
- * phpCAS::service() error code when the PT could not retrieve because
- * the CAS server did not respond.
- */
-define("PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE", 1);
-/**
- * phpCAS::service() error code when the PT could not retrieve because
- * the response of the CAS server was ill-formed.
- */
-define("PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE", 2);
-/**
- * phpCAS::service() error code when the PT could not retrieve because
- * the CAS server did not want to.
- */
-define("PHPCAS_SERVICE_PT_FAILURE", 3);
-/**
- * phpCAS::service() error code when the service was not available.
- */
-define("PHPCAS_SERVICE_NOT AVAILABLE", 4);
-
-/** @} */
-// ------------------------------------------------------------------------
-// LANGUAGES
-// ------------------------------------------------------------------------
-/**
- * @addtogroup publicLang
- * @{
- */
-
-define("PHPCAS_LANG_ENGLISH", 'english');
-define("PHPCAS_LANG_FRENCH", 'french');
-define("PHPCAS_LANG_GREEK", 'greek');
-define("PHPCAS_LANG_GERMAN", 'german');
-define("PHPCAS_LANG_JAPANESE", 'japanese');
-define("PHPCAS_LANG_SPANISH", 'spanish');
-define("PHPCAS_LANG_CATALAN", 'catalan');
-
-/** @} */
-
-/**
- * @addtogroup internalLang
- * @{
- */
-
-/**
- * phpCAS default language (when phpCAS::setLang() is not used)
- */
-define("PHPCAS_LANG_DEFAULT", PHPCAS_LANG_ENGLISH);
-
-/** @} */
-// ------------------------------------------------------------------------
-// DEBUG
-// ------------------------------------------------------------------------
-/**
- * @addtogroup publicDebug
- * @{
- */
-
-/**
- * The default directory for the debug file under Unix.
- */
-define('DEFAULT_DEBUG_DIR', '/tmp/');
-
-/** @} */
-// ------------------------------------------------------------------------
-// MISC
-// ------------------------------------------------------------------------
-/**
- * @addtogroup internalMisc
- * @{
- */
-
-/**
- * This global variable is used by the interface class phpCAS.
- *
- * @hideinitializer
- */
-$GLOBALS['PHPCAS_CLIENT'] = null;
-
-/**
- * This global variable is used to store where the initializer is called from
- * (to print a comprehensive error in case of multiple calls).
- *
- * @hideinitializer
- */
-$GLOBALS['PHPCAS_INIT_CALL'] = array(
- 'done' => false,
- 'file' => '?',
- 'line' => -1,
- 'method' => '?'
-);
-
-/**
- * This global variable is used to store where the method checking
- * the authentication is called from (to print comprehensive errors)
- *
- * @hideinitializer
- */
-$GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array(
- 'done' => false,
- 'file' => '?',
- 'line' => -1,
- 'method' => '?',
- 'result' => false
-);
-
-/**
- * This global variable is used to store phpCAS debug mode.
- *
- * @hideinitializer
- */
-$GLOBALS['PHPCAS_DEBUG'] = array(
- 'filename' => '/tmp/cas.log',
- 'indent' => 0,
- 'unique_id' => ''
-);
-
-/** @} */
-
-// ########################################################################
-// CLIENT CLASS
-// ########################################################################
-
-// include client class
-include_once __DIR__.'/CAS/client.php';
-
-// ########################################################################
-// INTERFACE CLASS
-// ########################################################################
-
-/**
- * @class phpCAS
- * The phpCAS class is a simple container for the phpCAS library. It provides CAS
- * authentication for web applications written in PHP.
- *
- * @ingroup public
- * @author Pascal Aubry
- *
- * \internal All its methods access the same object ($PHPCAS_CLIENT, declared
- * at the end of CAS/client.php).
- */
-class phpCAS
-{
-
- // ########################################################################
- // INITIALIZATION
- // ########################################################################
-
- /**
- * @addtogroup publicInit
- * @{
- */
-
- /**
- * phpCAS client initializer.
- * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
- * called, only once, and before all other methods (except phpCAS::getVersion()
- * and phpCAS::setDebug()).
- *
- * @param $server_version the version of the CAS server
- * @param $server_hostname the hostname of the CAS server
- * @param $server_port the port the CAS server is running on
- * @param $server_uri the URI the CAS server is responding on
- * @param $start_session Have phpCAS start PHP sessions (default true)
- *
- * @return a newly created CASClient object
- */
- public function client($server_version, $server_hostname, $server_port, $server_uri, $start_session = true)
- {
- global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;
-
- self::traceBegin();
- if (is_object($PHPCAS_CLIENT)) {
- self::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')');
- }
- if (gettype($server_version) != 'string') {
- self::error('type mismatched for parameter $server_version (should be `string\')');
- }
- if (gettype($server_hostname) != 'string') {
- self::error('type mismatched for parameter $server_hostname (should be `string\')');
- }
- if (gettype($server_port) != 'integer') {
- self::error('type mismatched for parameter $server_port (should be `integer\')');
- }
- if (gettype($server_uri) != 'string') {
- self::error('type mismatched for parameter $server_uri (should be `string\')');
- }
-
- // store where the initializer is called from
- $dbg = self::backtrace();
- $PHPCAS_INIT_CALL = array(
- 'done' => true,
- 'file' => $dbg[0]['file'],
- 'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__
- );
-
- // initialize the global object $PHPCAS_CLIENT
- $PHPCAS_CLIENT = new CASClient($server_version, false /*proxy*/
- , $server_hostname, $server_port, $server_uri, $start_session);
- self::traceEnd();
- }
-
- /**
- * phpCAS proxy initializer.
- * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
- * called, only once, and before all other methods (except phpCAS::getVersion()
- * and phpCAS::setDebug()).
- *
- * @param $server_version the version of the CAS server
- * @param $server_hostname the hostname of the CAS server
- * @param $server_port the port the CAS server is running on
- * @param $server_uri the URI the CAS server is responding on
- * @param $start_session Have phpCAS start PHP sessions (default true)
- *
- * @return a newly created CASClient object
- */
- public function proxy($server_version, $server_hostname, $server_port, $server_uri, $start_session = true)
- {
- global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;
-
- self::traceBegin();
- if (is_object($PHPCAS_CLIENT)) {
- self::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')');
- }
- if (gettype($server_version) != 'string') {
- self::error('type mismatched for parameter $server_version (should be `string\')');
- }
- if (gettype($server_hostname) != 'string') {
- self::error('type mismatched for parameter $server_hostname (should be `string\')');
- }
- if (gettype($server_port) != 'integer') {
- self::error('type mismatched for parameter $server_port (should be `integer\')');
- }
- if (gettype($server_uri) != 'string') {
- self::error('type mismatched for parameter $server_uri (should be `string\')');
- }
-
- // store where the initialzer is called from
- $dbg = self::backtrace();
- $PHPCAS_INIT_CALL = array(
- 'done' => true,
- 'file' => $dbg[0]['file'],
- 'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__
- );
-
- // initialize the global object $PHPCAS_CLIENT
- $PHPCAS_CLIENT = new CASClient($server_version, true /*proxy*/
- , $server_hostname, $server_port, $server_uri, $start_session);
- self::traceEnd();
- }
-
- /** @} */
- // ########################################################################
- // DEBUGGING
- // ########################################################################
-
- /**
- * @addtogroup publicDebug
- * @{
- */
-
- /**
- * Set/unset debug mode
- *
- * @param $filename the name of the file used for logging, or FALSE to stop debugging.
- */
- public function setDebug($filename = '')
- {
- global $PHPCAS_DEBUG;
-
- if ($filename != false && gettype($filename) != 'string') {
- self::error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)');
- }
-
- if (empty ($filename)) {
- if (preg_match('/^Win.*/', getenv('OS'))) {
- if (isset ($_ENV['TMP'])) {
- $debugDir = $_ENV['TMP'].'/';
- } else {
- if (isset ($_ENV['TEMP'])) {
- $debugDir = $_ENV['TEMP'].'/';
- } else {
- $debugDir = '';
- }
- }
- } else {
- $debugDir = DEFAULT_DEBUG_DIR;
- }
- $filename = $debugDir.'phpCAS.log';
- }
-
- if (empty ($PHPCAS_DEBUG['unique_id'])) {
- $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))), 0, 4);
- }
-
- $PHPCAS_DEBUG['filename'] = $filename;
-
- self::trace('START ******************');
- }
-
- /** @} */
- /**
- * @addtogroup internalDebug
- * @{
- */
-
- /**
- * This method is a wrapper for debug_backtrace() that is not available
- * in all PHP versions (>= 4.3.0 only)
- */
- public function backtrace()
- {
- if (function_exists('debug_backtrace')) {
- return debug_backtrace();
- } else {
- // poor man's hack ... but it does work ...
- return array();
- }
- }
-
- /**
- * Logs a string in debug mode.
- *
- * @param $str the string to write
- *
- * @private
- */
- public function log($str)
- {
- $indent_str = ".";
- global $PHPCAS_DEBUG;
-
- if ($PHPCAS_DEBUG['filename']) {
- for ($i = 0; $i < $PHPCAS_DEBUG['indent']; $i++) {
- $indent_str .= '| ';
- }
- error_log($PHPCAS_DEBUG['unique_id'].' '.$indent_str.$str."\n", 3, $PHPCAS_DEBUG['filename']);
- }
-
- }
-
- /**
- * This method is used by interface methods to print an error and where the function
- * was originally called from.
- *
- * @param $msg the message to print
- *
- * @private
- */
- public function error($msg)
- {
- $dbg = self::backtrace();
- $function = '?';
- $file = '?';
- $line = '?';
- if (is_array($dbg)) {
- for ($i = 1; $i < sizeof($dbg); $i++) {
- if (is_array($dbg[$i])) {
- if ($dbg[$i]['class'] == __CLASS__) {
- $function = $dbg[$i]['function'];
- $file = $dbg[$i]['file'];
- $line = $dbg[$i]['line'];
- }
- }
- }
- }
- echo " \nphpCAS error: ".__CLASS__."::".$function.'(): '.htmlentities($msg)." in ".$file." on line ".$line." \n";
- self::trace($msg);
- self::traceExit();
- exit ();
- }
-
- /**
- * This method is used to log something in debug mode.
- */
- public function trace($str)
- {
- $dbg = self::backtrace();
- self::log($str.' ['.basename($dbg[1]['file']).':'.$dbg[1]['line'].']');
- }
-
- /**
- * This method is used to indicate the start of the execution of a function in debug mode.
- */
- public function traceBegin()
- {
- global $PHPCAS_DEBUG;
-
- $dbg = self::backtrace();
- $str = '=> ';
- if (!empty ($dbg[2]['class'])) {
- $str .= $dbg[2]['class'].'::';
- }
- $str .= $dbg[2]['function'].'(';
- if (is_array($dbg[2]['args'])) {
- foreach ($dbg[2]['args'] as $index => $arg) {
- if ($index != 0) {
- $str .= ', ';
- }
- $str .= str_replace("\n", "", var_export($arg, true));
- }
- }
- $str .= ') ['.basename($dbg[2]['file']).':'.$dbg[2]['line'].']';
- self::log($str);
- $PHPCAS_DEBUG['indent']++;
- }
-
- /**
- * This method is used to indicate the end of the execution of a function in debug mode.
- *
- * @param string $res The result of the function
- */
- public function traceEnd($res = '')
- {
- global $PHPCAS_DEBUG;
-
- $PHPCAS_DEBUG['indent']--;
- $dbg = self::backtrace();
- $str = '';
- $str .= '<= '.str_replace("\n", "", var_export($res, true));
- self::log($str);
- }
-
- /**
- * This method is used to indicate the end of the execution of the program
- */
- public function traceExit()
- {
- global $PHPCAS_DEBUG;
-
- self::log('exit()');
- while ($PHPCAS_DEBUG['indent'] > 0) {
- self::log('-');
- $PHPCAS_DEBUG['indent']--;
- }
- }
-
- /** @} */
- // ########################################################################
- // INTERNATIONALIZATION
- // ########################################################################
- /**
- * @addtogroup publicLang
- * @{
- */
-
- /**
- * This method is used to set the language used by phpCAS.
- * @note Can be called only once.
- *
- * @param $lang a string representing the language.
- *
- * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH
- */
- public function setLang($lang)
- {
- global $PHPCAS_CLIENT;
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- if (gettype($lang) != 'string') {
- self::error('type mismatched for parameter $lang (should be `string\')');
- }
- $PHPCAS_CLIENT->setLang($lang);
- }
-
- /** @} */
- // ########################################################################
- // VERSION
- // ########################################################################
- /**
- * @addtogroup public
- * @{
- */
-
- /**
- * This method returns the phpCAS version.
- *
- * @return the phpCAS version.
- */
- public function getVersion()
- {
- return PHPCAS_VERSION;
- }
-
- /** @} */
- // ########################################################################
- // HTML OUTPUT
- // ########################################################################
- /**
- * @addtogroup publicOutput
- * @{
- */
-
- /**
- * This method sets the HTML header used for all outputs.
- *
- * @param $header the HTML header.
- */
- public function setHTMLHeader($header)
- {
- global $PHPCAS_CLIENT;
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- if (gettype($header) != 'string') {
- self::error('type mismatched for parameter $header (should be `string\')');
- }
- $PHPCAS_CLIENT->setHTMLHeader($header);
- }
-
- /**
- * This method sets the HTML footer used for all outputs.
- *
- * @param $footer the HTML footer.
- */
- public function setHTMLFooter($footer)
- {
- global $PHPCAS_CLIENT;
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- if (gettype($footer) != 'string') {
- self::error('type mismatched for parameter $footer (should be `string\')');
- }
- $PHPCAS_CLIENT->setHTMLFooter($footer);
- }
-
- /** @} */
- // ########################################################################
- // PGT STORAGE
- // ########################################################################
- /**
- * @addtogroup publicPGTStorage
- * @{
- */
-
- /**
- * This method is used to tell phpCAS to store the response of the
- * CAS server to PGT requests onto the filesystem.
- *
- * @param string $format the format used to store the PGT's (`plain' and `xml' allowed)
- * @param string $path the path where the PGT's should be stored
- */
- public function setPGTStorageFile($format = '', $path = '')
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if (!$PHPCAS_CLIENT->isProxy()) {
- self::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ($PHPCAS_AUTH_CHECK_CALL['done']) {
- self::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')');
- }
- if (gettype($format) != 'string') {
- self::error('type mismatched for parameter $format (should be `string\')');
- }
- if (gettype($path) != 'string') {
- self::error('type mismatched for parameter $format (should be `string\')');
- }
- $PHPCAS_CLIENT->setPGTStorageFile($format, $path);
- self::traceEnd();
- }
-
- /**
- * This method is used to tell phpCAS to store the response of the
- * CAS server to PGT requests into a database.
- * @note The connection to the database is done only when needed.
- * As a consequence, bad parameters are detected only when
- * initializing PGT storage, except in debug mode.
- *
- * @param $user the user to access the data with
- * @param $password the user's password
- * @param $database_type the type of the database hosting the data
- * @param $hostname the server hosting the database
- * @param $port the port the server is listening on
- * @param $database the name of the database
- * @param $table the name of the table storing the data
- */
- public function setPGTStorageDB(
- $user,
- $password,
- $database_type = '',
- $hostname = '',
- $port = 0,
- $database = '',
- $table = ''
- ) {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if (!$PHPCAS_CLIENT->isProxy()) {
- self::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ($PHPCAS_AUTH_CHECK_CALL['done']) {
- self::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')');
- }
- if (gettype($user) != 'string') {
- self::error('type mismatched for parameter $user (should be `string\')');
- }
- if (gettype($password) != 'string') {
- self::error('type mismatched for parameter $password (should be `string\')');
- }
- if (gettype($database_type) != 'string') {
- self::error('type mismatched for parameter $database_type (should be `string\')');
- }
- if (gettype($hostname) != 'string') {
- self::error('type mismatched for parameter $hostname (should be `string\')');
- }
- if (gettype($port) != 'integer') {
- self::error('type mismatched for parameter $port (should be `integer\')');
- }
- if (gettype($database) != 'string') {
- self::error('type mismatched for parameter $database (should be `string\')');
- }
- if (gettype($table) != 'string') {
- self::error('type mismatched for parameter $table (should be `string\')');
- }
- $PHPCAS_CLIENT->setPGTStorageDB($user, $password, $database_type, $hostname, $port, $database, $table);
- self::traceEnd();
- }
-
- /** @} */
- // ########################################################################
- // ACCESS TO EXTERNAL SERVICES
- // ########################################################################
- /**
- * @addtogroup publicServices
- * @{
- */
-
- /**
- * This method is used to access an HTTP[S] service.
- *
- * @param $url the service to access.
- * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
- * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
- * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
- * @param $output the output of the service (also used to give an error
- * message on failure).
- *
- * @return TRUE on success, FALSE otherwise (in this later case, $err_code
- * gives the reason why it failed and $output contains an error message).
- */
- public function serviceWeb($url, & $err_code, & $output)
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if (!$PHPCAS_CLIENT->isProxy()) {
- self::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
- self::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()');
- }
- if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
- self::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
- }
- if (gettype($url) != 'string') {
- self::error('type mismatched for parameter $url (should be `string\')');
- }
-
- $res = $PHPCAS_CLIENT->serviceWeb($url, $err_code, $output);
-
- self::traceEnd($res);
- return $res;
- }
-
- /**
- * This method is used to access an IMAP/POP3/NNTP service.
- *
- * @param $url a string giving the URL of the service, including the mailing box
- * for IMAP URLs, as accepted by imap_open().
- * @param $service a string giving for CAS retrieve Proxy ticket
- * @param $flags options given to imap_open().
- * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
- * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
- * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
- * @param $err_msg an error message on failure
- * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL
- * on success, FALSE on error).
- *
- * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code
- * gives the reason why it failed and $err_msg contains an error message).
- */
- public function serviceMail($url, $service, $flags, & $err_code, & $err_msg, & $pt)
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if (!$PHPCAS_CLIENT->isProxy()) {
- self::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
- self::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()');
- }
- if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
- self::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
- }
- if (gettype($url) != 'string') {
- self::error('type mismatched for parameter $url (should be `string\')');
- }
-
- if (gettype($flags) != 'integer') {
- self::error('type mismatched for parameter $flags (should be `integer\')');
- }
-
- $res = $PHPCAS_CLIENT->serviceMail($url, $service, $flags, $err_code, $err_msg, $pt);
-
- self::traceEnd($res);
- return $res;
- }
-
- /** @} */
- // ########################################################################
- // AUTHENTICATION
- // ########################################################################
- /**
- * @addtogroup publicAuth
- * @{
- */
-
- /**
- * Set the times authentication will be cached before really accessing the CAS server in gateway mode:
- * - -1: check only once, and then never again (until you pree login)
- * - 0: always check
- * - n: check every "n" time
- *
- * @param $n an integer.
- */
- public function setCacheTimesForAuthRecheck($n)
- {
- global $PHPCAS_CLIENT;
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- if (gettype($n) != 'integer') {
- self::error('type mismatched for parameter $header (should be `string\')');
- }
- $PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n);
- }
-
- /**
- * This method is called to check if the user is authenticated (use the gateway feature).
- * @return TRUE when the user is authenticated; otherwise FALSE.
- */
- public function checkAuthentication()
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
-
- $auth = $PHPCAS_CLIENT->checkAuthentication();
-
- // store where the authentication has been checked and the result
- $dbg = self::backtrace();
- $PHPCAS_AUTH_CHECK_CALL = array(
- 'done' => true,
- 'file' => $dbg[0]['file'],
- 'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__,
- 'result' => $auth
- );
- self::traceEnd($auth);
- return $auth;
- }
-
- /**
- * This method is called to force authentication if the user was not already
- * authenticated. If the user is not authenticated, halt by redirecting to
- * the CAS server.
- */
- public function forceAuthentication()
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
-
- $auth = $PHPCAS_CLIENT->forceAuthentication();
-
- // store where the authentication has been checked and the result
- $dbg = self::backtrace();
- $PHPCAS_AUTH_CHECK_CALL = array(
- 'done' => true,
- 'file' => $dbg[0]['file'],
- 'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__,
- 'result' => $auth
- );
-
- if (!$auth) {
- self::trace('user is not authenticated, redirecting to the CAS server');
- $PHPCAS_CLIENT->forceAuthentication();
- } else {
- self::trace('no need to authenticate (user `'.self::getUser().'\' is already authenticated)');
- }
-
- self::traceEnd();
- return $auth;
- }
-
- /**
- * This method is called to renew the authentication.
- **/
- public function renewAuthentication()
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should not be called before'.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
-
- // store where the authentication has been checked and the result
- $dbg = self::backtrace();
- $PHPCAS_AUTH_CHECK_CALL = array(
- 'done' => true,
- 'file' => $dbg[0]['file'],
- 'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__,
- 'result' => $auth
- );
-
- $PHPCAS_CLIENT->renewAuthentication();
- self::traceEnd();
- }
-
- /**
- * This method has been left from version 0.4.1 for compatibility reasons.
- */
- public function authenticate()
- {
- self::error('this method is deprecated. You should use '.__CLASS__.'::forceAuthentication() instead');
- }
-
- /**
- * This method is called to check if the user is authenticated (previously or by
- * tickets given in the URL).
- *
- * @return TRUE when the user is authenticated.
- */
- public function isAuthenticated()
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
-
- // call the isAuthenticated method of the global $PHPCAS_CLIENT object
- $auth = $PHPCAS_CLIENT->isAuthenticated();
-
- // store where the authentication has been checked and the result
- $dbg = self::backtrace();
- $PHPCAS_AUTH_CHECK_CALL = array(
- 'done' => true,
- 'file' => $dbg[0]['file'],
- 'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__,
- 'result' => $auth
- );
- self::traceEnd($auth);
- return $auth;
- }
-
- /**
- * Checks whether authenticated based on $_SESSION. Useful to avoid
- * server calls.
- * @return true if authenticated, false otherwise.
- * @since 0.4.22 by Brendan Arnold
- */
- public function isSessionAuthenticated()
- {
- global $PHPCAS_CLIENT;
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- return ($PHPCAS_CLIENT->isSessionAuthenticated());
- }
-
- /**
- * This method returns the CAS user's login name.
- * @warning should not be called only after phpCAS::forceAuthentication()
- * or phpCAS::checkAuthentication().
- *
- * @return the login name of the authenticated user
- */
- public function getUser()
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
- self::error('this method should only be called after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
- }
- if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
- self::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
- }
- return $PHPCAS_CLIENT->getUser();
- }
-
- /**
- * This method returns the CAS user's login name.
- * @warning should not be called only after phpCAS::forceAuthentication()
- * or phpCAS::checkAuthentication().
- *
- * @return the login name of the authenticated user
- */
- public function getAttributes()
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
- self::error('this method should only be called after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
- }
- if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
- self::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
- }
- return $PHPCAS_CLIENT->getAttributes();
- }
-
- /**
- * Handle logout requests.
- */
- public function handleLogoutRequests($check_client = true, $allowed_clients = false)
- {
- global $PHPCAS_CLIENT;
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- return ($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients));
- }
-
- /**
- * This method returns the URL to be used to login.
- * or phpCAS::isAuthenticated().
- *
- * @return the login name of the authenticated user
- */
- public function getServerLoginURL()
- {
- global $PHPCAS_CLIENT;
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- return $PHPCAS_CLIENT->getServerLoginURL();
- }
-
- /**
- * Set the login URL of the CAS server.
- * @param string $url the login URL
- * @since 0.4.21 by Wyman Chan
- */
- public function setServerLoginURL($url = '')
- {
- global $PHPCAS_CLIENT;
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after
- ' . __CLASS__.'::client()');
- }
- if (gettype($url) != 'string') {
- self::error('type mismatched for parameter $url (should be
- `string\')');
- }
- $PHPCAS_CLIENT->setServerLoginURL($url);
- self::traceEnd();
- }
-
- /**
- * Set the serviceValidate URL of the CAS server.
- * Used only in CAS 1.0 validations
- * @param string $url the serviceValidate URL
- * @since 1.1.0 by Joachim Fritschi
- */
- public function setServerServiceValidateURL($url = '')
- {
- global $PHPCAS_CLIENT;
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after
- ' . __CLASS__.'::client()');
- }
- if (gettype($url) != 'string') {
- self::error('type mismatched for parameter $url (should be
- `string\')');
- }
- $PHPCAS_CLIENT->setServerServiceValidateURL($url);
- self::traceEnd();
- }
-
- /**
- * Set the proxyValidate URL of the CAS server.
- * Used for all CAS 2.0 validations
- * @param string $url the proxyValidate URL
- * @since 1.1.0 by Joachim Fritschi
- */
- public function setServerProxyValidateURL($url = '')
- {
- global $PHPCAS_CLIENT;
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after
- ' . __CLASS__.'::client()');
- }
- if (gettype($url) != 'string') {
- self::error('type mismatched for parameter $url (should be
- `string\')');
- }
- $PHPCAS_CLIENT->setServerProxyValidateURL($url);
- self::traceEnd();
- }
-
- /**
- * Set the samlValidate URL of the CAS server.
- * @param string $url the samlValidate URL
- * @since 1.1.0 by Joachim Fritschi
- */
- public function setServerSamlValidateURL($url = '')
- {
- global $PHPCAS_CLIENT;
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after
- ' . __CLASS__.'::client()');
- }
- if (gettype($url) != 'string') {
- self::error('type mismatched for parameter $url (should be
- `string\')');
- }
- $PHPCAS_CLIENT->setServerSamlValidateURL($url);
- self::traceEnd();
- }
-
- /**
- * This method returns the URL to be used to login.
- * or phpCAS::isAuthenticated().
- *
- * @return the login name of the authenticated user
- */
- public function getServerLogoutURL()
- {
- global $PHPCAS_CLIENT;
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- return $PHPCAS_CLIENT->getServerLogoutURL();
- }
-
- /**
- * Set the logout URL of the CAS server.
- * @param string $url the logout URL
- * @since 0.4.21 by Wyman Chan
- */
- public function setServerLogoutURL($url = '')
- {
- global $PHPCAS_CLIENT;
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after
- ' . __CLASS__.'::client()');
- }
- if (gettype($url) != 'string') {
- self::error('type mismatched for parameter $url (should be
- `string\')');
- }
- $PHPCAS_CLIENT->setServerLogoutURL($url);
- self::traceEnd();
- }
-
- /**
- * This method is used to logout from CAS.
- * @params string $params an array that contains the optional url and service parameters that will be passed to the CAS server
- * @public
- */
- public function logout($params = "")
- {
- global $PHPCAS_CLIENT;
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- $parsedParams = array();
- if ($params != "") {
- if (is_string($params)) {
- self::error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead');
- }
- if (!is_array($params)) {
- self::error('type mismatched for parameter $params (should be `array\')');
- }
- foreach ($params as $key => $value) {
- if ($key != "service" && $key != "url") {
- self::error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\'');
- }
- $parsedParams[$key] = $value;
- }
- }
- $PHPCAS_CLIENT->logout($parsedParams);
- // never reached
- self::traceEnd();
- }
-
- /**
- * This method is used to logout from CAS. Halts by redirecting to the CAS server.
- * @param string $service a URL that will be transmitted to the CAS server
- */
- public function logoutWithRedirectService($service)
- {
- global $PHPCAS_CLIENT;
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- if (!is_string($service)) {
- self::error('type mismatched for parameter $service (should be `string\')');
- }
- $PHPCAS_CLIENT->logout(array(
- "service" => $service
- ));
- // never reached
- self::traceEnd();
- }
-
- /**
- * This method is used to logout from CAS. Halts by redirecting to the CAS server.
- * @param string $url a URL that will be transmitted to the CAS server
- */
- public function logoutWithUrl($url)
- {
- global $PHPCAS_CLIENT;
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- if (!is_string($url)) {
- self::error('type mismatched for parameter $url (should be `string\')');
- }
- $PHPCAS_CLIENT->logout(array(
- "url" => $url
- ));
- // never reached
- self::traceEnd();
- }
-
- /**
- * This method is used to logout from CAS. Halts by redirecting to the CAS server.
- * @param string $service a URL that will be transmitted to the CAS server
- * @param string $url a URL that will be transmitted to the CAS server
- */
- public function logoutWithRedirectServiceAndUrl($service, $url)
- {
- global $PHPCAS_CLIENT;
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- if (!is_string($service)) {
- self::error('type mismatched for parameter $service (should be `string\')');
- }
- if (!is_string($url)) {
- self::error('type mismatched for parameter $url (should be `string\')');
- }
- $PHPCAS_CLIENT->logout(array(
- "service" => $service,
- "url" => $url
- ));
- // never reached
- self::traceEnd();
- }
-
- /**
- * Set the fixed URL that will be used by the CAS server to transmit the PGT.
- * When this method is not called, a phpCAS script uses its own URL for the callback.
- *
- * @param string $url the URL
- */
- public function setFixedCallbackURL($url = '')
- {
- global $PHPCAS_CLIENT;
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if (!$PHPCAS_CLIENT->isProxy()) {
- self::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if (gettype($url) != 'string') {
- self::error('type mismatched for parameter $url (should be `string\')');
- }
- $PHPCAS_CLIENT->setCallbackURL($url);
- self::traceEnd();
- }
-
- /**
- * Set the fixed URL that will be set as the CAS service parameter. When this
- * method is not called, a phpCAS script uses its own URL.
- *
- * @param string $url the URL
- */
- public function setFixedServiceURL($url)
- {
- global $PHPCAS_CLIENT;
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if (gettype($url) != 'string') {
- self::error('type mismatched for parameter $url (should be `string\')');
- }
- $PHPCAS_CLIENT->setURL($url);
- self::traceEnd();
- }
-
- /**
- * Get the URL that is set as the CAS service parameter.
- */
- public function getServiceURL()
- {
- global $PHPCAS_CLIENT;
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- return ($PHPCAS_CLIENT->getURL());
- }
-
- /**
- * Retrieve a Proxy Ticket from the CAS server.
- */
- public function retrievePT($target_service, & $err_code, & $err_msg)
- {
- global $PHPCAS_CLIENT;
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if (gettype($target_service) != 'string') {
- self::error('type mismatched for parameter $target_service(should be `string\')');
- }
- return ($PHPCAS_CLIENT->retrievePT($target_service, $err_code, $err_msg));
- }
-
- /**
- * Set the certificate of the CAS server.
- *
- * @param $cert the PEM certificate
- */
- public function setCasServerCert($cert)
- {
- global $PHPCAS_CLIENT;
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- if (gettype($cert) != 'string') {
- self::error('type mismatched for parameter $cert (should be `string\')');
- }
- $PHPCAS_CLIENT->setCasServerCert($cert);
- self::traceEnd();
- }
-
- /**
- * Set the certificate of the CAS server CA.
- *
- * @param $cert the CA certificate
- */
- public function setCasServerCACert($cert)
- {
- global $PHPCAS_CLIENT;
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- if (gettype($cert) != 'string') {
- self::error('type mismatched for parameter $cert (should be `string\')');
- }
- $PHPCAS_CLIENT->setCasServerCACert($cert);
- self::traceEnd();
- }
-
- /**
- * Set no SSL validation for the CAS server.
- */
- public function setNoCasServerValidation()
- {
- global $PHPCAS_CLIENT;
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- $PHPCAS_CLIENT->setNoCasServerValidation();
- self::traceEnd();
- }
-
- /** @} */
-
- /**
- * Change CURL options.
- * CURL is used to connect through HTTPS to CAS server
- * @param string $key the option key
- * @param string $value the value to set
- */
- public function setExtraCurlOption($key, $value)
- {
- global $PHPCAS_CLIENT;
- self::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- self::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- $PHPCAS_CLIENT->setExtraCurlOption($key, $value);
- self::traceEnd();
- }
-
-}
-
-// ########################################################################
-// DOCUMENTATION
-// ########################################################################
-
-// ########################################################################
-// MAIN PAGE
-
-/**
- * @mainpage
- *
- * The following pages only show the source documentation.
- *
- */
-
-// ########################################################################
-// MODULES DEFINITION
-
-/** @defgroup public User interface */
-
-/** @defgroup publicInit Initialization
- * @ingroup public
- */
-
-/** @defgroup publicAuth Authentication
- * @ingroup public
- */
-
-/** @defgroup publicServices Access to external services
- * @ingroup public
- */
-
-/** @defgroup publicConfig Configuration
- * @ingroup public
- */
-
-/** @defgroup publicLang Internationalization
- * @ingroup publicConfig
- */
-
-/** @defgroup publicOutput HTML output
- * @ingroup publicConfig
- */
-
-/** @defgroup publicPGTStorage PGT storage
- * @ingroup publicConfig
- */
-
-/** @defgroup publicDebug Debugging
- * @ingroup public
- */
-
-/** @defgroup internal Implementation */
-
-/** @defgroup internalAuthentication Authentication
- * @ingroup internal
- */
-
-/** @defgroup internalBasic CAS Basic client features (CAS 1.0, Service Tickets)
- * @ingroup internal
- */
-
-/** @defgroup internalProxy CAS Proxy features (CAS 2.0, Proxy Granting Tickets)
- * @ingroup internal
- */
-
-/** @defgroup internalPGTStorage PGT storage
- * @ingroup internalProxy
- */
-
-/** @defgroup internalPGTStorageDB PGT storage in a database
- * @ingroup internalPGTStorage
- */
-
-/** @defgroup internalPGTStorageFile PGT storage on the filesystem
- * @ingroup internalPGTStorage
- */
-
-/** @defgroup internalCallback Callback from the CAS server
- * @ingroup internalProxy
- */
-
-/** @defgroup internalProxied CAS proxied client features (CAS 2.0, Proxy Tickets)
- * @ingroup internal
- */
-
-/** @defgroup internalConfig Configuration
- * @ingroup internal
- */
-
-/** @defgroup internalOutput HTML output
- * @ingroup internalConfig
- */
-
-/** @defgroup internalLang Internationalization
- * @ingroup internalConfig
- *
- * To add a new language:
- * - 1. define a new constant PHPCAS_LANG_XXXXXX in CAS/CAS.php
- * - 2. copy any file from CAS/languages to CAS/languages/XXXXXX.php
- * - 3. Make the translations
- */
-
-/** @defgroup internalDebug Debugging
- * @ingroup internal
- */
-
-/** @defgroup internalMisc Miscellaneous
- * @ingroup internal
- */
-
-// ########################################################################
-// EXAMPLES
-
-/**
- * @example example_simple.php
- */
-/**
- * @example example_proxy.php
- */
-/**
- * @example example_proxy2.php
- */
-/**
- * @example example_lang.php
- */
-/**
- * @example example_html.php
- */
-/**
- * @example example_file.php
- */
-/**
- * @example example_db.php
- */
-/**
- * @example example_service.php
- */
-/**
- * @example example_session_proxy.php
- */
-/**
- * @example example_session_service.php
- */
-/**
- * @example example_gateway.php
- */
-/**
- * @example example_custom_urls.php
- */
diff --git a/main/auth/cas/lib/CAS/PGTStorage/pgt-db.php b/main/auth/cas/lib/CAS/PGTStorage/pgt-db.php
deleted file mode 100755
index acf3eeb757..0000000000
--- a/main/auth/cas/lib/CAS/PGTStorage/pgt-db.php
+++ /dev/null
@@ -1,219 +0,0 @@
-
- *
- * @ingroup internalPGTStorageDB
- */
-
-class PGTStorageDB extends PGTStorage
-{
- /**
- * @addtogroup internalPGTStorageDB
- * @{
- */
-
- /**
- * a string representing a PEAR DB URL to connect to the database. Written by
- * PGTStorageDB::PGTStorageDB(), read by getURL().
- *
- * @hideinitializer
- * @private
- */
- var $_url='';
-
- /**
- * This method returns the PEAR DB URL to use to connect to the database.
- *
- * @return string PEAR DB URL
- *
- * @private
- */
- function getURL()
- {
- return $this->_url;
- }
-
- /**
- * The handle of the connection to the database where PGT's are stored. Written by
- * PGTStorageDB::init(), read by getLink().
- *
- * @hideinitializer
- * @private
- */
- var $_link = null;
-
- /**
- * This method returns the handle of the connection to the database where PGT's are
- * stored.
- *
- * @return a handle of connection.
- *
- * @private
- */
- function getLink()
- {
- return $this->_link;
- }
-
- /**
- * The name of the table where PGT's are stored. Written by
- * PGTStorageDB::PGTStorageDB(), read by getTable().
- *
- * @hideinitializer
- * @private
- */
- var $_table = '';
-
- /**
- * This method returns the name of the table where PGT's are stored.
- *
- * @return string name of a table.
- *
- * @private
- */
- function getTable()
- {
- return $this->_table;
- }
-
- // ########################################################################
- // DEBUGGING
- // ########################################################################
-
- /**
- * This method returns an informational string giving the type of storage
- * used by the object (used for debugging purposes).
- *
- * @return string informational string.
- * @public
- */
- function getStorageType()
- {
- return "database";
- }
-
- /**
- * This method returns an informational string giving informations on the
- * parameters of the storage.(used for debugging purposes).
- *
- * @public
- */
- function getStorageInfo()
- {
- return 'url=`'.$this->getURL().'\', table=`'.$this->getTable().'\'';
- }
-
- // ########################################################################
- // CONSTRUCTOR
- // ########################################################################
-
- /**
- * The class constructor, called by CASClient::SetPGTStorageDB().
- *
- * @param CASClient $cas_parent the CASClient instance that creates the object.
- * @param $user the user to access the data with
- * @param $password the user's password
- * @param $database_type the type of the database hosting the data
- * @param $hostname the server hosting the database
- * @param $port the port the server is listening on
- * @param $database the name of the database
- * @param $table the name of the table storing the data
- *
- * @public
- */
- function PGTStorageDB($cas_parent,$user,$password,$database_type,$hostname,$port,$database,$table)
- {
- phpCAS::traceBegin();
-
- // call the ancestor's constructor
- $this->PGTStorage($cas_parent);
-
- if ( empty($database_type) ) $database_type = CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE;
- if ( empty($hostname) ) $hostname = CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME;
- if ( $port==0 ) $port = CAS_PGT_STORAGE_DB_DEFAULT_PORT;
- if ( empty($database) ) $database = CAS_PGT_STORAGE_DB_DEFAULT_DATABASE;
- if ( empty($table) ) $table = CAS_PGT_STORAGE_DB_DEFAULT_TABLE;
-
- // build and store the PEAR DB URL
- $this->_url = $database_type.':'.'//'.$user.':'.$password.'@'.$hostname.':'.$port.'/'.$database;
-
- // XXX should use setURL and setTable
- phpCAS::traceEnd();
- }
-
- // ########################################################################
- // INITIALIZATION
- // ########################################################################
-
- /**
- * This method is used to initialize the storage. Halts on error.
- *
- * @public
- */
- function init()
- {
- phpCAS::traceBegin();
- // if the storage has already been initialized, return immediatly
- if ( $this->isInitialized() )
- return;
- // call the ancestor's method (mark as initialized)
- parent::init();
-
- //include phpDB library (the test was introduced in release 0.4.8 for
- //the integration into Tikiwiki).
- if (!class_exists('DB')) {
- include_once('DB.php');
- }
-
- // try to connect to the database
- $this->_link = DB::connect($this->getURL());
- if ( DB::isError($this->_link) ) {
- phpCAS::error('could not connect to database ('.DB::errorMessage($this->_link).')');
- }
- // Dump into trace
- var_dump($this->_link);
- phpCAS::traceBEnd();
- }
-
- /** @} */
-}
-
-?>
\ No newline at end of file
diff --git a/main/auth/cas/lib/CAS/PGTStorage/pgt-file.php b/main/auth/cas/lib/CAS/PGTStorage/pgt-file.php
deleted file mode 100755
index d12d12a316..0000000000
--- a/main/auth/cas/lib/CAS/PGTStorage/pgt-file.php
+++ /dev/null
@@ -1,276 +0,0 @@
-
- *
- * @ingroup internalPGTStorageFile
- */
-
-class PGTStorageFile extends PGTStorage
-{
- /**
- * @addtogroup internalPGTStorageFile
- * @{
- */
-
- /**
- * a string telling where PGT's should be stored on the filesystem. Written by
- * PGTStorageFile::PGTStorageFile(), read by getPath().
- *
- * @private
- */
- var $_path;
-
- /**
- * This method returns the name of the directory where PGT's should be stored
- * on the filesystem.
- *
- * @return the name of a directory (with leading and trailing '/')
- *
- * @private
- */
- function getPath()
- {
- return $this->_path;
- }
-
- /**
- * a string telling the format to use to store PGT's (plain or xml). Written by
- * PGTStorageFile::PGTStorageFile(), read by getFormat().
- *
- * @private
- */
- var $_format;
-
- /**
- * This method returns the format to use when storing PGT's on the filesystem.
- *
- * @return a string corresponding to the format used (plain or xml).
- *
- * @private
- */
- function getFormat()
- {
- return $this->_format;
- }
-
- // ########################################################################
- // DEBUGGING
- // ########################################################################
-
- /**
- * This method returns an informational string giving the type of storage
- * used by the object (used for debugging purposes).
- *
- * @return string informational string.
- * @public
- */
- function getStorageType()
- {
- return "file";
- }
-
- /**
- * This method returns an informational string giving informations on the
- * parameters of the storage.(used for debugging purposes).
- *
- * @return string informational string.
- * @public
- */
- function getStorageInfo()
- {
- return 'path=`'.$this->getPath().'\', format=`'.$this->getFormat().'\'';
- }
-
- // ########################################################################
- // CONSTRUCTOR
- // ########################################################################
-
- /**
- * The class constructor, called by CASClient::SetPGTStorageFile().
- *
- * @param CASClient $cas_parent the CASClient instance that creates the object.
- * @param string $format the format used to store the PGT's (`plain' and `xml' allowed).
- * @param string $path the path where the PGT's should be stored
- *
- * @public
- */
- function PGTStorageFile($cas_parent,$format,$path)
- {
- phpCAS::traceBegin();
- // call the ancestor's constructor
- $this->PGTStorage($cas_parent);
-
- if (empty($format) ) $format = CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT;
- if (empty($path) ) $path = CAS_PGT_STORAGE_FILE_DEFAULT_PATH;
-
- // check that the path is an absolute path
- if (getenv("OS")=="Windows_NT"){
-
- if (!preg_match('`^[a-zA-Z]:`', $path)) {
- phpCAS::error('an absolute path is needed for PGT storage to file');
- }
-
- }
- else
- {
-
- if ( $path[0] != '/' ) {
- phpCAS::error('an absolute path is needed for PGT storage to file');
- }
-
- // store the path (with a leading and trailing '/')
- $path = preg_replace('|[/]*$|','/',$path);
- $path = preg_replace('|^[/]*|','/',$path);
- }
-
- $this->_path = $path;
- // check the format and store it
- switch ($format) {
- case CAS_PGT_STORAGE_FILE_FORMAT_PLAIN:
- case CAS_PGT_STORAGE_FILE_FORMAT_XML:
- $this->_format = $format;
- break;
- default:
- phpCAS::error('unknown PGT file storage format (`'.CAS_PGT_STORAGE_FILE_FORMAT_PLAIN.'\' and `'.CAS_PGT_STORAGE_FILE_FORMAT_XML.'\' allowed)');
- }
- phpCAS::traceEnd();
- }
-
- // ########################################################################
- // INITIALIZATION
- // ########################################################################
-
- /**
- * This method is used to initialize the storage. Halts on error.
- *
- * @public
- */
- function init()
- {
- phpCAS::traceBegin();
- // if the storage has already been initialized, return immediatly
- if ( $this->isInitialized() )
- return;
- // call the ancestor's method (mark as initialized)
- parent::init();
- phpCAS::traceEnd();
- }
-
- // ########################################################################
- // PGT I/O
- // ########################################################################
-
- /**
- * This method returns the filename corresponding to a PGT Iou.
- *
- * @param $pgt_iou the PGT iou.
- *
- * @return string filename
- * @private
- */
- function getPGTIouFilename($pgt_iou)
- {
- phpCAS::traceBegin();
- $filename = $this->getPath().$pgt_iou.'.'.$this->getFormat();
- phpCAS::traceEnd($filename);
- return $filename;
- }
-
- /**
- * This method stores a PGT and its corresponding PGT Iou into a file. Echoes a
- * warning on error.
- *
- * @param $pgt the PGT
- * @param $pgt_iou the PGT iou
- *
- * @public
- */
- function write($pgt,$pgt_iou)
- {
- phpCAS::traceBegin();
- $fname = $this->getPGTIouFilename($pgt_iou);
- if ( $f=fopen($fname,"w") ) {
- if ( fputs($f,$pgt) === FALSE ) {
- phpCAS::error('could not write PGT to `'.$fname.'\'');
- }
- fclose($f);
- } else {
- phpCAS::error('could not open `'.$fname.'\'');
- }
- phpCAS::traceEnd();
- }
-
- /**
- * This method reads a PGT corresponding to a PGT Iou and deletes the
- * corresponding file.
- *
- * @param $pgt_iou the PGT iou
- *
- * @return false|string corresponding PGT, or FALSE on error
- *
- * @public
- */
- function read($pgt_iou)
- {
- phpCAS::traceBegin();
- $pgt = FALSE;
- $fname = $this->getPGTIouFilename($pgt_iou);
- if ( !($f=fopen($fname,"r")) ) {
- phpCAS::trace('could not open `'.$fname.'\'');
- } else {
- if ( ($pgt=fgets($f)) === FALSE ) {
- phpCAS::trace('could not read PGT from `'.$fname.'\'');
- }
- fclose($f);
- }
-
- // delete the PGT file
- @unlink($fname);
-
- phpCAS::traceEnd($pgt);
- return $pgt;
- }
-
- /** @} */
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/main/auth/cas/lib/CAS/PGTStorage/pgt-main.php b/main/auth/cas/lib/CAS/PGTStorage/pgt-main.php
deleted file mode 100755
index a5106dee75..0000000000
--- a/main/auth/cas/lib/CAS/PGTStorage/pgt-main.php
+++ /dev/null
@@ -1,215 +0,0 @@
-
- *
- * @ingroup internalPGTStorage
- */
-
-class PGTStorage
-{
- /**
- * @addtogroup internalPGTStorage
- * @{
- */
-
- // ########################################################################
- // CONSTRUCTOR
- // ########################################################################
-
- /**
- * The constructor of the class, should be called only by inherited classes.
- *
- * @param $cas_parent the CASclient instance that creates the current object.
- *
- * @protected
- */
- function PGTStorage($cas_parent)
- {
- phpCAS::traceBegin();
- if ( !$cas_parent->isProxy() ) {
- phpCAS::error('defining PGT storage makes no sense when not using a CAS proxy');
- }
- phpCAS::traceEnd();
- }
-
- // ########################################################################
- // DEBUGGING
- // ########################################################################
-
- /**
- * This virtual method returns an informational string giving the type of storage
- * used by the object (used for debugging purposes).
- *
- * @public
- */
- function getStorageType()
- {
- phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
- }
-
- /**
- * This virtual method returns an informational string giving informations on the
- * parameters of the storage.(used for debugging purposes).
- *
- * @public
- */
- function getStorageInfo()
- {
- phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
- }
-
- // ########################################################################
- // ERROR HANDLING
- // ########################################################################
-
- /**
- * string used to store an error message. Written by PGTStorage::setErrorMessage(),
- * read by PGTStorage::getErrorMessage().
- *
- * @hideinitializer
- * @private
- * @deprecated not used.
- */
- var $_error_message=FALSE;
-
- /**
- * This method sets en error message, which can be read later by
- * PGTStorage::getErrorMessage().
- *
- * @param $error_message an error message
- *
- * @protected
- * @deprecated not used.
- */
- function setErrorMessage($error_message)
- {
- $this->_error_message = $error_message;
- }
-
- /**
- * This method returns an error message set by PGTStorage::setErrorMessage().
- *
- * @return boolean error message when set by PGTStorage::setErrorMessage(), FALSE
- * otherwise.
- *
- * @public
- * @deprecated not used.
- */
- function getErrorMessage()
- {
- return $this->_error_message;
- }
-
- // ########################################################################
- // INITIALIZATION
- // ########################################################################
-
- /**
- * a boolean telling if the storage has already been initialized. Written by
- * PGTStorage::init(), read by PGTStorage::isInitialized().
- *
- * @hideinitializer
- * @private
- */
- var $_initialized = FALSE;
-
- /**
- * This method tells if the storage has already been intialized.
- *
- * @return boolean boolean
- *
- * @protected
- */
- function isInitialized()
- {
- return $this->_initialized;
- }
-
- /**
- * This virtual method initializes the object.
- *
- * @protected
- */
- function init()
- {
- $this->_initialized = TRUE;
- }
-
- // ########################################################################
- // PGT I/O
- // ########################################################################
-
- /**
- * This virtual method stores a PGT and its corresponding PGT Iuo.
- * @note Should never be called.
- *
- * @param $pgt the PGT
- * @param $pgt_iou the PGT iou
- *
- * @protected
- */
- function write($pgt,$pgt_iou)
- {
- phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
- }
-
- /**
- * This virtual method reads a PGT corresponding to a PGT Iou and deletes
- * the corresponding storage entry.
- * @note Should never be called.
- *
- * @param $pgt_iou the PGT iou
- *
- * @protected
- */
- function read($pgt_iou)
- {
- phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
- }
-
- /** @} */
-
-}
-
-// include specific PGT storage classes
-include_once __DIR__.'/pgt-file.php';
-include_once __DIR__.'/pgt-db.php';
-
-?>
\ No newline at end of file
diff --git a/main/auth/cas/lib/CAS/client.php b/main/auth/cas/lib/CAS/client.php
deleted file mode 100755
index caf866b05b..0000000000
--- a/main/auth/cas/lib/CAS/client.php
+++ /dev/null
@@ -1,2774 +0,0 @@
-
- */
-class CASClient
-{
-
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- // XX XX
- // XX CONFIGURATION XX
- // XX XX
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-
- // ########################################################################
- // HTML OUTPUT
- // ########################################################################
- /**
- * @addtogroup internalOutput
- * @{
- */
-
- /**
- * This method filters a string by replacing special tokens by appropriate values
- * and prints it. The corresponding tokens are taken into account:
- * - __CAS_VERSION__
- * - __PHPCAS_VERSION__
- * - __SERVER_BASE_URL__
- *
- * Used by CASClient::PrintHTMLHeader() and CASClient::printHTMLFooter().
- *
- * @param $str the string to filter and output
- *
- * @private
- */
- function HTMLFilterOutput($str)
- {
- $str = str_replace('__CAS_VERSION__', $this->getServerVersion(), $str);
- $str = str_replace('__PHPCAS_VERSION__', phpCAS::getVersion(), $str);
- $str = str_replace('__SERVER_BASE_URL__', $this->getServerBaseURL(), $str);
- echo $str;
- }
-
- /**
- * A string used to print the header of HTML pages. Written by CASClient::setHTMLHeader(),
- * read by CASClient::printHTMLHeader().
- *
- * @hideinitializer
- * @private
- * @see CASClient::setHTMLHeader, CASClient::printHTMLHeader()
- */
- var $_output_header = '';
-
- /**
- * This method prints the header of the HTML output (after filtering). If
- * CASClient::setHTMLHeader() was not used, a default header is output.
- *
- * @param $title the title of the page
- *
- * @see HTMLFilterOutput()
- * @private
- */
- function printHTMLHeader($title)
- {
- $this->HTMLFilterOutput(str_replace('__TITLE__',
- $title,
- (empty($this->_output_header)
- ? '__TITLE__
__TITLE__
'
- : $this->_output_header)
- )
- );
- }
-
- /**
- * A string used to print the footer of HTML pages. Written by CASClient::setHTMLFooter(),
- * read by printHTMLFooter().
- *
- * @hideinitializer
- * @private
- * @see CASClient::setHTMLFooter, CASClient::printHTMLFooter()
- */
- var $_output_footer = '';
-
- /**
- * This method prints the footer of the HTML output (after filtering). If
- * CASClient::setHTMLFooter() was not used, a default footer is output.
- *
- * @see HTMLFilterOutput()
- * @private
- */
- function printHTMLFooter()
- {
- $this->HTMLFilterOutput(empty($this->_output_footer)
- ? ('phpCAS __PHPCAS_VERSION__ ' . $this->getString(CAS_STR_USING_SERVER) . ' __SERVER_BASE_URL__ (CAS __CAS_VERSION__)')
- : $this->_output_footer);
- }
-
- /**
- * This method set the HTML header used for all outputs.
- *
- * @param $header the HTML header.
- *
- * @public
- */
- function setHTMLHeader($header)
- {
- $this->_output_header = $header;
- }
-
- /**
- * This method set the HTML footer used for all outputs.
- *
- * @param $footer the HTML footer.
- *
- * @public
- */
- function setHTMLFooter($footer)
- {
- $this->_output_footer = $footer;
- }
-
- /** @} */
- // ########################################################################
- // INTERNATIONALIZATION
- // ########################################################################
- /**
- * @addtogroup internalLang
- * @{
- */
- /**
- * A string corresponding to the language used by phpCAS. Written by
- * CASClient::setLang(), read by CASClient::getLang().
- * @note debugging information is always in english (debug purposes only).
- *
- * @hideinitializer
- * @private
- * @sa CASClient::_strings, CASClient::getString()
- */
- var $_lang = '';
-
- /**
- * This method returns the language used by phpCAS.
- *
- * @return a string representing the language
- *
- * @private
- */
- function getLang()
- {
- if (empty($this->_lang)) {
- $this->setLang(PHPCAS_LANG_DEFAULT);
- }
- return $this->_lang;
- }
-
- /**
- * array containing the strings used by phpCAS. Written by CASClient::setLang(), read by
- * CASClient::getString() and used by CASClient::setLang().
- *
- * @note This array is filled by instructions in CAS/languages/<$this->_lang>.php
- *
- * @private
- * @see CASClient::_lang, CASClient::getString(), CASClient::setLang(), CASClient::getLang()
- */
- var $_strings;
-
- /**
- * This method returns a string depending on the language.
- *
- * @param $str the index of the string in $_string.
- *
- * @return the string corresponding to $index in $string.
- *
- * @private
- */
- function getString($str)
- {
- // call CASclient::getLang() to be sure the language is initialized
- $this->getLang();
-
- if (!isset($this->_strings[$str])) {
- trigger_error('string `' . $str . '\' not defined for language `' . $this->getLang() . '\'', E_USER_ERROR);
- }
- return $this->_strings[$str];
- }
-
- /**
- * This method is used to set the language used by phpCAS.
- * @note Can be called only once.
- *
- * @param $lang a string representing the language.
- *
- * @public
- * @sa CAS_LANG_FRENCH, CAS_LANG_ENGLISH
- */
- function setLang($lang)
- {
- // include the corresponding language file
- include_once __DIR__.'/languages/'.$lang.'.php';
-
- if (!is_array($this->_strings)) {
- trigger_error('language `'.$lang.'\' is not implemented', E_USER_ERROR);
- }
- $this->_lang = $lang;
- }
-
- /** @} */
- // ########################################################################
- // CAS SERVER CONFIG
- // ########################################################################
- /**
- * @addtogroup internalConfig
- * @{
- */
-
- /**
- * a record to store information about the CAS server.
- * - $_server["version"]: the version of the CAS server
- * - $_server["hostname"]: the hostname of the CAS server
- * - $_server["port"]: the port the CAS server is running on
- * - $_server["uri"]: the base URI the CAS server is responding on
- * - $_server["base_url"]: the base URL of the CAS server
- * - $_server["login_url"]: the login URL of the CAS server
- * - $_server["service_validate_url"]: the service validating URL of the CAS server
- * - $_server["proxy_url"]: the proxy URL of the CAS server
- * - $_server["proxy_validate_url"]: the proxy validating URL of the CAS server
- * - $_server["logout_url"]: the logout URL of the CAS server
- *
- * $_server["version"], $_server["hostname"], $_server["port"] and $_server["uri"]
- * are written by CASClient::CASClient(), read by CASClient::getServerVersion(),
- * CASClient::getServerHostname(), CASClient::getServerPort() and CASClient::getServerURI().
- *
- * The other fields are written and read by CASClient::getServerBaseURL(),
- * CASClient::getServerLoginURL(), CASClient::getServerServiceValidateURL(),
- * CASClient::getServerProxyValidateURL() and CASClient::getServerLogoutURL().
- *
- * @hideinitializer
- * @private
- */
- var $_server = array(
- 'version' => -1,
- 'hostname' => 'none',
- 'port' => -1,
- 'uri' => 'none'
- );
-
- /**
- * This method is used to retrieve the version of the CAS server.
- * @return the version of the CAS server.
- * @private
- */
- function getServerVersion()
- {
- return $this->_server['version'];
- }
-
- /**
- * This method is used to retrieve the hostname of the CAS server.
- * @return the hostname of the CAS server.
- * @private
- */
- function getServerHostname()
- {
- return $this->_server['hostname'];
- }
-
- /**
- * This method is used to retrieve the port of the CAS server.
- * @return the port of the CAS server.
- * @private
- */
- function getServerPort()
- {
- return $this->_server['port'];
- }
-
- /**
- * This method is used to retrieve the URI of the CAS server.
- * @return a URI.
- * @private
- */
- function getServerURI()
- {
- return $this->_server['uri'];
- }
-
- /**
- * This method is used to retrieve the base URL of the CAS server.
- * @return a URL.
- * @private
- */
- function getServerBaseURL()
- {
- // the URL is build only when needed
- if (empty($this->_server['base_url'])) {
- $this->_server['base_url'] = 'https://'
- . $this->getServerHostname()
- . ':'
- . $this->getServerPort()
- . $this->getServerURI();
- }
- return $this->_server['base_url'];
- }
-
- /**
- * This method is used to retrieve the login URL of the CAS server.
- * @param $gateway true to check authentication, false to force it
- * @param $renew true to force the authentication with the CAS server
- * NOTE : It is recommended that CAS implementations ignore the
- * "gateway" parameter if "renew" is set
- * @return a URL.
- * @private
- */
- function getServerLoginURL($gateway = false, $renew = false)
- {
- phpCAS::traceBegin();
- // the URL is build only when needed
- if (empty($this->_server['login_url'])) {
- $this->_server['login_url'] = $this->getServerBaseURL();
- $this->_server['login_url'] .= 'login?service=';
- // $this->_server['login_url'] .= preg_replace('/&/','%26',$this->getURL());
- $this->_server['login_url'] .= urlencode($this->getURL());
- if ($renew) {
- // It is recommended that when the "renew" parameter is set, its value be "true"
- $this->_server['login_url'] .= '&renew=true';
- } elseif ($gateway) {
- // It is recommended that when the "gateway" parameter is set, its value be "true"
- $this->_server['login_url'] .= '&gateway=true';
- }
- }
- phpCAS::traceEnd($this->_server['login_url']);
- return $this->_server['login_url'];
- }
-
- /**
- * This method sets the login URL of the CAS server.
- * @param $url the login URL
- * @private
- * @since 0.4.21 by Wyman Chan
- */
- function setServerLoginURL($url)
- {
- return $this->_server['login_url'] = $url;
- }
-
-
- /**
- * This method sets the serviceValidate URL of the CAS server.
- * @param $url the serviceValidate URL
- * @private
- * @since 1.1.0 by Joachim Fritschi
- */
- function setServerServiceValidateURL($url)
- {
- return $this->_server['service_validate_url'] = $url;
- }
-
-
- /**
- * This method sets the proxyValidate URL of the CAS server.
- * @param $url the proxyValidate URL
- * @private
- * @since 1.1.0 by Joachim Fritschi
- */
- function setServerProxyValidateURL($url)
- {
- return $this->_server['proxy_validate_url'] = $url;
- }
-
-
- /**
- * This method sets the samlValidate URL of the CAS server.
- * @param $url the samlValidate URL
- * @private
- * @since 1.1.0 by Joachim Fritschi
- */
- function setServerSamlValidateURL($url)
- {
- return $this->_server['saml_validate_url'] = $url;
- }
-
-
- /**
- * This method is used to retrieve the service validating URL of the CAS server.
- * @return a URL.
- * @private
- */
- function getServerServiceValidateURL()
- {
- // the URL is build only when needed
- if (empty($this->_server['service_validate_url'])) {
- switch ($this->getServerVersion()) {
- case CAS_VERSION_1_0:
- $this->_server['service_validate_url'] = $this->getServerBaseURL() . 'validate';
- break;
- case CAS_VERSION_2_0:
- $this->_server['service_validate_url'] = $this->getServerBaseURL() . 'serviceValidate';
- break;
- }
- }
- // return $this->_server['service_validate_url'].'?service='.preg_replace('/&/','%26',$this->getURL());
- return $this->_server['service_validate_url'] . '?service=' . urlencode($this->getURL());
- }
-
- /**
- * This method is used to retrieve the SAML validating URL of the CAS server.
- * @return a URL.
- * @private
- */
- function getServerSamlValidateURL()
- {
- phpCAS::traceBegin();
- // the URL is build only when needed
- if (empty($this->_server['saml_validate_url'])) {
- switch ($this->getServerVersion()) {
- case SAML_VERSION_1_1:
- $this->_server['saml_validate_url'] = $this->getServerBaseURL() . 'samlValidate';
- break;
- }
- }
- phpCAS::traceEnd($this->_server['saml_validate_url'] . '?TARGET=' . urlencode($this->getURL()));
- return $this->_server['saml_validate_url'] . '?TARGET=' . urlencode($this->getURL());
- }
-
- /**
- * This method is used to retrieve the proxy validating URL of the CAS server.
- * @return a URL.
- * @private
- */
- function getServerProxyValidateURL()
- {
- // the URL is build only when needed
- if (empty($this->_server['proxy_validate_url'])) {
- switch ($this->getServerVersion()) {
- case CAS_VERSION_1_0:
- $this->_server['proxy_validate_url'] = '';
- break;
- case CAS_VERSION_2_0:
- $this->_server['proxy_validate_url'] = $this->getServerBaseURL() . 'proxyValidate';
- break;
- }
- }
- // return $this->_server['proxy_validate_url'].'?service='.preg_replace('/&/','%26',$this->getURL());
- return $this->_server['proxy_validate_url'] . '?service=' . urlencode($this->getURL());
- }
-
- /**
- * This method is used to retrieve the proxy URL of the CAS server.
- * @return a URL.
- * @private
- */
- function getServerProxyURL()
- {
- // the URL is build only when needed
- if (empty($this->_server['proxy_url'])) {
- switch ($this->getServerVersion()) {
- case CAS_VERSION_1_0:
- $this->_server['proxy_url'] = '';
- break;
- case CAS_VERSION_2_0:
- $this->_server['proxy_url'] = $this->getServerBaseURL() . 'proxy';
- break;
- }
- }
- return $this->_server['proxy_url'];
- }
-
- /**
- * This method is used to retrieve the logout URL of the CAS server.
- * @return a URL.
- * @private
- */
- function getServerLogoutURL()
- {
- // the URL is build only when needed
- if (empty($this->_server['logout_url'])) {
- $this->_server['logout_url'] = $this->getServerBaseURL() . 'logout';
- }
- return $this->_server['logout_url'];
- }
-
- /**
- * This method sets the logout URL of the CAS server.
- * @param $url the logout URL
- * @private
- * @since 0.4.21 by Wyman Chan
- */
- function setServerLogoutURL($url)
- {
- return $this->_server['logout_url'] = $url;
- }
-
- /**
- * An array to store extra curl options.
- */
- var $_curl_options = array();
-
- /**
- * This method is used to set additional user curl options.
- */
- function setExtraCurlOption($key, $value)
- {
- $this->_curl_options[$key] = $value;
- }
-
- /**
- * This method checks to see if the request is secured via HTTPS
- * @return true if https, false otherwise
- * @private
- */
- function isHttps()
- {
- //if ( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) ) {
- //0.4.24 by Hinnack
- if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
- return true;
- } else {
- return false;
- }
- }
-
- // ########################################################################
- // CONSTRUCTOR
- // ########################################################################
- /**
- * CASClient constructor.
- *
- * @param $server_version the version of the CAS server
- * @param $proxy TRUE if the CAS client is a CAS proxy, FALSE otherwise
- * @param $server_hostname the hostname of the CAS server
- * @param $server_port the port the CAS server is running on
- * @param $server_uri the URI the CAS server is responding on
- * @param $start_session Have phpCAS start PHP sessions (default true)
- *
- * @return a newly created CASClient object
- *
- * @public
- */
- function CASClient(
- $server_version,
- $proxy,
- $server_hostname,
- $server_port,
- $server_uri,
- $start_session = true
- ) {
-
- phpCAS::traceBegin();
-
- // the redirect header() call and DOM parsing code from domxml-php4-php5.php won't work in PHP4 compatibility mode
- if (version_compare(PHP_VERSION, '5', '>=') && ini_get('zend.ze1_compatibility_mode')) {
- phpCAS::error('phpCAS cannot support zend.ze1_compatibility_mode. Sorry.');
- }
- // skip Session Handling for logout requests and if don't want it'
- if ($start_session && !$this->isLogoutRequest()) {
- phpCAS::trace("Starting session handling");
- // Check for Tickets from the CAS server
- if (empty($_GET['ticket'])) {
- phpCAS::trace("No ticket found");
- // only create a session if necessary
- if (!session_id()) {
- phpCAS::trace("No session found, creating new session");
- session_start();
- }
- } else {
- phpCAS::trace("Ticket found");
- // We have to copy any old data before renaming the session
- if (session_id()) {
- phpCAS::trace("Old active session found, saving old data and destroying session");
- $old_session = $_SESSION;
- session_destroy();
- } else {
- session_start();
- phpCAS::trace("Starting possible old session to copy variables");
- $old_session = $_SESSION;
- session_destroy();
- }
- // set up a new session, of name based on the ticket
- $session_id = preg_replace('/[^\w]/', '', $_GET['ticket']);
- phpCAS::LOG("Session ID: " . $session_id);
- session_id($session_id);
- session_start();
- // restore old session vars
- if (isset($old_session)) {
- phpCAS::trace("Restoring old session vars");
- $_SESSION = $old_session;
- }
- }
- } else {
- phpCAS::trace("Skipping session creation");
- }
-
-
- // are we in proxy mode ?
- $this->_proxy = $proxy;
-
- //check version
- switch ($server_version) {
- case CAS_VERSION_1_0:
- if ($this->isProxy()) {
- phpCAS::error('CAS proxies are not supported in CAS '
- . $server_version);
- }
- break;
- case CAS_VERSION_2_0:
- break;
- case SAML_VERSION_1_1:
- break;
- default:
- phpCAS::error('this version of CAS (`'
- . $server_version
- . '\') is not supported by phpCAS '
- . phpCAS::getVersion());
- }
- $this->_server['version'] = $server_version;
-
- // check hostname
- if (empty($server_hostname)
- || !preg_match('/[\.\d\-abcdefghijklmnopqrstuvwxyz]*/', $server_hostname)
- ) {
- phpCAS::error('bad CAS server hostname (`' . $server_hostname . '\')');
- }
- $this->_server['hostname'] = $server_hostname;
-
- // check port
- if ($server_port == 0
- || !is_int($server_port)
- ) {
- phpCAS::error('bad CAS server port (`' . $server_hostname . '\')');
- }
- $this->_server['port'] = $server_port;
-
- // check URI
- if (!preg_match('/[\.\d\-_abcdefghijklmnopqrstuvwxyz\/]*/', $server_uri)) {
- phpCAS::error('bad CAS server URI (`' . $server_uri . '\')');
- }
- // add leading and trailing `/' and remove doubles
- $server_uri = preg_replace('/\/\//', '/', '/' . $server_uri . '/');
- $this->_server['uri'] = $server_uri;
-
- // set to callback mode if PgtIou and PgtId CGI GET parameters are provided
- if ($this->isProxy()) {
- $this->setCallbackMode(!empty($_GET['pgtIou']) && !empty($_GET['pgtId']));
- }
-
- if ($this->isCallbackMode()) {
- //callback mode: check that phpCAS is secured
- if (!$this->isHttps()) {
- phpCAS::error('CAS proxies must be secured to use phpCAS; PGT\'s will not be received from the CAS server');
- }
- } else {
- //normal mode: get ticket and remove it from CGI parameters for developpers
- $ticket = (isset($_GET['ticket']) ? $_GET['ticket'] : null);
- switch ($this->getServerVersion()) {
- case CAS_VERSION_1_0: // check for a Service Ticket
- if (preg_match('/^ST-/', $ticket)) {
- phpCAS::trace('ST \'' . $ticket . '\' found');
- //ST present
- $this->setST($ticket);
- //ticket has been taken into account, unset it to hide it to applications
- unset($_GET['ticket']);
- } else {
- if (!empty($ticket)) {
- //ill-formed ticket, halt
- phpCAS::error('ill-formed ticket found in the URL (ticket=`' . htmlentities($ticket) . '\')');
- }
- }
- break;
- case CAS_VERSION_2_0: // check for a Service or Proxy Ticket
- if (preg_match('/^[SP]T-/', $ticket)) {
- phpCAS::trace('ST or PT \'' . $ticket . '\' found');
- $this->setPT($ticket);
- unset($_GET['ticket']);
- } else {
- if (!empty($ticket)) {
- //ill-formed ticket, halt
- phpCAS::error('ill-formed ticket found in the URL (ticket=`' . htmlentities($ticket) . '\')');
- }
- }
- break;
- case SAML_VERSION_1_1: // SAML just does Service Tickets
- if (preg_match('/^[SP]T-/', $ticket)) {
- phpCAS::trace('SA \'' . $ticket . '\' found');
- $this->setSA($ticket);
- unset($_GET['ticket']);
- } else {
- if (!empty($ticket)) {
- //ill-formed ticket, halt
- phpCAS::error('ill-formed ticket found in the URL (ticket=`' . htmlentities($ticket) . '\')');
- }
- }
- break;
- }
- }
- phpCAS::traceEnd();
- }
-
- /** @} */
-
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- // XX XX
- // XX AUTHENTICATION XX
- // XX XX
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-
- /**
- * @addtogroup internalAuthentication
- * @{
- */
-
- /**
- * The Authenticated user. Written by CASClient::setUser(), read by CASClient::getUser().
- * @attention client applications should use phpCAS::getUser().
- *
- * @hideinitializer
- * @private
- */
- var $_user = '';
-
- /**
- * This method sets the CAS user's login name.
- *
- * @param $user the login name of the authenticated user.
- *
- * @private
- */
- function setUser($user)
- {
- $this->_user = $user;
- }
-
- /**
- * This method returns the CAS user's login name.
- * @warning should be called only after CASClient::forceAuthentication() or
- * CASClient::isAuthenticated(), otherwise halt with an error.
- *
- * @return the login name of the authenticated user
- */
- function getUser()
- {
- if (empty($this->_user)) {
- phpCAS::error('this method should be used only after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()');
- }
- return $this->_user;
- }
-
-
-
- /***********************************************************************************************************************
- * Atrributes section
- *
- * @author Matthias Crauwels , Ghent University, Belgium
- *
- ***********************************************************************************************************************/
- /**
- * The Authenticated users attributes. Written by CASClient::setAttributes(), read by CASClient::getAttributes().
- * @attention client applications should use phpCAS::getAttributes().
- *
- * @hideinitializer
- * @private
- */
- var $_attributes = array();
-
- function setAttributes($attributes)
- {
- $this->_attributes = $attributes;
- }
-
- function getAttributes()
- {
- if (empty($this->_user)) { // if no user is set, there shouldn't be any attributes also...
- phpCAS::error('this method should be used only after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()');
- }
- return $this->_attributes;
- }
-
- function hasAttributes()
- {
- return !empty($this->_attributes);
- }
-
- function hasAttribute($key)
- {
- return (is_array($this->_attributes) && array_key_exists($key, $this->_attributes));
- }
-
- function getAttribute($key)
- {
- if ($this->hasAttribute($key)) {
- return $this->_attributes[$key];
- }
- }
-
- /**
- * This method is called to renew the authentication of the user
- * If the user is authenticated, renew the connection
- * If not, redirect to CAS
- * @public
- */
- function renewAuthentication()
- {
- phpCAS::traceBegin();
- // Either way, the user is authenticated by CAS
- if (isset($_SESSION['phpCAS']['auth_checked'])) {
- unset($_SESSION['phpCAS']['auth_checked']);
- }
- if ($this->isAuthenticated()) {
- phpCAS::trace('user already authenticated; renew');
- $this->redirectToCas(false, true);
- } else {
- $this->redirectToCas();
- }
- phpCAS::traceEnd();
- }
-
- /**
- * This method is called to be sure that the user is authenticated. When not
- * authenticated, halt by redirecting to the CAS server; otherwise return TRUE.
- * @return TRUE when the user is authenticated; otherwise halt.
- * @public
- */
- function forceAuthentication()
- {
- phpCAS::traceBegin();
-
- if ($this->isAuthenticated()) {
- // the user is authenticated, nothing to be done.
- phpCAS::trace('no need to authenticate');
- $res = true;
- } else {
- // the user is not authenticated, redirect to the CAS server
- if (isset($_SESSION['phpCAS']['auth_checked'])) {
- unset($_SESSION['phpCAS']['auth_checked']);
- }
- $this->redirectToCas(false/* no gateway */);
- // never reached
- $res = false;
- }
- phpCAS::traceEnd($res);
- return $res;
- }
-
- /**
- * An integer that gives the number of times authentication will be cached before rechecked.
- *
- * @hideinitializer
- * @private
- */
- var $_cache_times_for_auth_recheck = 0;
-
- /**
- * Set the number of times authentication will be cached before rechecked.
- *
- * @param $n an integer.
- *
- * @public
- */
- function setCacheTimesForAuthRecheck($n)
- {
- $this->_cache_times_for_auth_recheck = $n;
- }
-
- /**
- * This method is called to check whether the user is authenticated or not.
- * @return TRUE when the user is authenticated, FALSE otherwise.
- * @public
- */
- function checkAuthentication()
- {
- phpCAS::traceBegin();
- if ($this->isAuthenticated()) {
- phpCAS::trace('user is authenticated');
- $res = true;
- } else {
- if (isset($_SESSION['phpCAS']['auth_checked'])) {
- // the previous request has redirected the client to the CAS server with gateway=true
- // comment line bellow to
-// unset($_SESSION['phpCAS']['auth_checked']);
- $res = false;
- } else {
-// $_SESSION['phpCAS']['auth_checked'] = true;
- // $this->redirectToCas(TRUE/* gateway */);
- // // never reached
- // $res = FALSE;
- // avoid a check against CAS on every request
- if (!isset($_SESSION['phpCAS']['unauth_count'])) {
- $_SESSION['phpCAS']['unauth_count'] = -2;
- } // uninitialized
-
- if (($_SESSION['phpCAS']['unauth_count'] != -2 && $this->_cache_times_for_auth_recheck == -1)
- || ($_SESSION['phpCAS']['unauth_count'] >= 0 && $_SESSION['phpCAS']['unauth_count'] < $this->_cache_times_for_auth_recheck)
- ) {
- $res = false;
-
- if ($this->_cache_times_for_auth_recheck != -1) {
- $_SESSION['phpCAS']['unauth_count']++;
- phpCAS::trace('user is not authenticated (cached for ' . $_SESSION['phpCAS']['unauth_count'] . ' times of ' . $this->_cache_times_for_auth_recheck . ')');
- } else {
- phpCAS::trace('user is not authenticated (cached for until login pressed)');
- }
- } else {
- $_SESSION['phpCAS']['unauth_count'] = 0;
- $_SESSION['phpCAS']['auth_checked'] = true;
- phpCAS::trace('user is not authenticated (cache reset)');
- // $this->redirectToCas(TRUE/* gateway */);
- // never reached
- $res = false;
- }
- }
- }
- phpCAS::traceEnd($res);
- return $res;
- }
-
- /**
- * This method is called to check if the user is authenticated (previously or by
- * tickets given in the URL).
- *
- * @return TRUE when the user is authenticated. Also may redirect to the same URL without the ticket.
- *
- * @public
- */
- function isAuthenticated()
- {
- phpCAS::traceBegin();
- $res = false;
- $validate_url = '';
-
- if ($this->wasPreviouslyAuthenticated()) {
- // the user has already (previously during the session) been
- // authenticated, nothing to be done.
- phpCAS::trace('user was already authenticated, no need to look for tickets');
- $res = true;
- } else {
- if ($this->hasST()) {
- // if a Service Ticket was given, validate it
- phpCAS::trace('ST `' . $this->getST() . '\' is present');
- $this->validateST($validate_url, $text_response, $tree_response); // if it fails, it halts
- phpCAS::trace('ST `' . $this->getST() . '\' was validated');
- if ($this->isProxy()) {
- $this->validatePGT($validate_url, $text_response, $tree_response); // idem
- phpCAS::trace('PGT `' . $this->getPGT() . '\' was validated');
- $_SESSION['phpCAS']['pgt'] = $this->getPGT();
- }
- $_SESSION['phpCAS']['user'] = $this->getUser();
- $res = true;
- } elseif ($this->hasPT()) {
- // if a Proxy Ticket was given, validate it
- phpCAS::trace('PT `' . $this->getPT() . '\' is present');
- $this->validatePT($validate_url, $text_response, $tree_response); // note: if it fails, it halts
- phpCAS::trace('PT `' . $this->getPT() . '\' was validated');
- if ($this->isProxy()) {
- $this->validatePGT($validate_url, $text_response, $tree_response); // idem
- phpCAS::trace('PGT `' . $this->getPGT() . '\' was validated');
- $_SESSION['phpCAS']['pgt'] = $this->getPGT();
- }
- $_SESSION['phpCAS']['user'] = $this->getUser();
- $res = true;
- } elseif ($this->hasSA()) {
- // if we have a SAML ticket, validate it.
- phpCAS::trace('SA `' . $this->getSA() . '\' is present');
- $this->validateSA($validate_url, $text_response, $tree_response); // if it fails, it halts
- phpCAS::trace('SA `' . $this->getSA() . '\' was validated');
- $_SESSION['phpCAS']['user'] = $this->getUser();
- $_SESSION['phpCAS']['attributes'] = $this->getAttributes();
- $res = true;
- } else {
- // no ticket given, not authenticated
- phpCAS::trace('no ticket found');
- }
- if ($res) {
- // if called with a ticket parameter, we need to redirect to the app without the ticket so that CAS-ification is transparent to the browser (for later POSTS)
- // most of the checks and errors should have been made now, so we're safe for redirect without masking error messages.
- header('Location: ' . $this->getURL());
- phpCAS::log("Prepare redirect to : " . $this->getURL());
- }
- }
-
- phpCAS::traceEnd($res);
- return $res;
- }
-
- /**
- * This method tells if the current session is authenticated.
- * @return true if authenticated based soley on $_SESSION variable
- * @since 0.4.22 by Brendan Arnold
- */
- function isSessionAuthenticated()
- {
- return !empty($_SESSION['phpCAS']['user']);
- }
-
- /**
- * This method tells if the user has already been (previously) authenticated
- * by looking into the session variables.
- *
- * @note This function switches to callback mode when needed.
- *
- * @return TRUE when the user has already been authenticated; FALSE otherwise.
- *
- * @private
- */
- function wasPreviouslyAuthenticated()
- {
- phpCAS::traceBegin();
-
- if ($this->isCallbackMode()) {
- $this->callback();
- }
-
- $auth = false;
-
- if ($this->isProxy()) {
- // CAS proxy: username and PGT must be present
- if ($this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt'])) {
- // authentication already done
- $this->setUser($_SESSION['phpCAS']['user']);
- $this->setPGT($_SESSION['phpCAS']['pgt']);
- phpCAS::trace('user = `' . $_SESSION['phpCAS']['user'] . '\', PGT = `' . $_SESSION['phpCAS']['pgt'] . '\'');
- $auth = true;
- } elseif ($this->isSessionAuthenticated() && empty($_SESSION['phpCAS']['pgt'])) {
- // these two variables should be empty or not empty at the same time
- phpCAS::trace('username found (`' . $_SESSION['phpCAS']['user'] . '\') but PGT is empty');
- // unset all tickets to enforce authentication
- unset($_SESSION['phpCAS']);
- $this->setST('');
- $this->setPT('');
- } elseif (!$this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt'])) {
- // these two variables should be empty or not empty at the same time
- phpCAS::trace('PGT found (`' . $_SESSION['phpCAS']['pgt'] . '\') but username is empty');
- // unset all tickets to enforce authentication
- unset($_SESSION['phpCAS']);
- $this->setST('');
- $this->setPT('');
- } else {
- phpCAS::trace('neither user not PGT found');
- }
- } else {
- // `simple' CAS client (not a proxy): username must be present
- if ($this->isSessionAuthenticated()) {
- // authentication already done
- $this->setUser($_SESSION['phpCAS']['user']);
- if (isset($_SESSION['phpCAS']['attributes'])) {
- $this->setAttributes($_SESSION['phpCAS']['attributes']);
- }
- phpCAS::trace('user = `' . $_SESSION['phpCAS']['user'] . '\'');
- $auth = true;
- } else {
- phpCAS::trace('no user found');
- }
- }
-
- phpCAS::traceEnd($auth);
- return $auth;
- }
-
- /**
- * This method is used to redirect the client to the CAS server.
- * It is used by CASClient::forceAuthentication() and CASClient::checkAuthentication().
- * @param $gateway true to check authentication, false to force it
- * @param $renew true to force the authentication with the CAS server
- * @public
- */
- function redirectToCas($gateway = false, $renew = false)
- {
- phpCAS::traceBegin();
- $cas_url = $this->getServerLoginURL($gateway, $renew);
- header('Location: ' . $cas_url);
- phpCAS::log("Redirect to : " . $cas_url);
-
- $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_WANTED));
-
- printf('
', $cas_url);
- $this->printHTMLFooter();
-
- phpCAS::traceExit();
- exit();
- }
-
- /**
- * @return true if the current request is a logout request.
- * @private
- */
- function isLogoutRequest()
- {
- return !empty($_POST['logoutRequest']);
- }
-
- /**
- * @return true if a logout request is allowed.
- * @private
- */
- function isLogoutRequestAllowed()
- {
- }
-
- /**
- * This method handles logout requests.
- * @param $check_client true to check the client bofore handling the request,
- * false not to perform any access control. True by default.
- * @param $allowed_clients an array of host names allowed to send logout requests.
- * By default, only the CAs server (declared in the constructor) will be allowed.
- * @public
- */
- function handleLogoutRequests($check_client = true, $allowed_clients = false)
- {
- phpCAS::traceBegin();
- if (!$this->isLogoutRequest()) {
- phpCAS::log("Not a logout request");
- phpCAS::traceEnd();
- return;
- }
- phpCAS::log("Logout requested");
- phpCAS::log("SAML REQUEST: " . $_POST['logoutRequest']);
- if ($check_client) {
- if (!$allowed_clients) {
- $allowed_clients = array($this->getServerHostname());
- }
- $client_ip = $_SERVER['REMOTE_ADDR'];
- $client = gethostbyaddr($client_ip);
- phpCAS::log("Client: " . $client . "/" . $client_ip);
- $allowed = false;
- foreach ($allowed_clients as $allowed_client) {
- if (($client == $allowed_client) or ($client_ip == $allowed_client)) {
- phpCAS::log("Allowed client '" . $allowed_client . "' matches, logout request is allowed");
- $allowed = true;
- break;
- } else {
- phpCAS::log("Allowed client '" . $allowed_client . "' does not match");
- }
- }
- if (!$allowed) {
- phpCAS::error("Unauthorized logout request from client '" . $client . "'");
- printf("Unauthorized!");
- phpCAS::traceExit();
- exit();
- }
- } else {
- phpCAS::log("No access control set");
- }
- // Extract the ticket from the SAML Request
- preg_match("|(.*)|", $_POST['logoutRequest'], $tick,
- PREG_OFFSET_CAPTURE, 3);
- $wrappedSamlSessionIndex = preg_replace('||', '', $tick[0][0]);
- $ticket2logout = preg_replace('||', '', $wrappedSamlSessionIndex);
- phpCAS::log("Ticket to logout: " . $ticket2logout);
- $session_id = preg_replace('/[^\w]/', '', $ticket2logout);
- phpCAS::log("Session id: " . $session_id);
-
- // destroy a possible application session created before phpcas
- if (session_id()) {
- session_unset();
- session_destroy();
- }
- // fix session ID
- session_id($session_id);
- $_COOKIE[session_name()] = $session_id;
- $_GET[session_name()] = $session_id;
-
- // Overwrite session
- session_start();
- session_unset();
- session_destroy();
- printf("Disconnected!");
- phpCAS::traceExit();
- exit();
- }
-
- /** @} */
-
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- // XX XX
- // XX BASIC CLIENT FEATURES (CAS 1.0) XX
- // XX XX
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-
- // ########################################################################
- // ST
- // ########################################################################
- /**
- * @addtogroup internalBasic
- * @{
- */
-
- /**
- * the Service Ticket provided in the URL of the request if present
- * (empty otherwise). Written by CASClient::CASClient(), read by
- * CASClient::getST() and CASClient::hasPGT().
- *
- * @hideinitializer
- * @private
- */
- var $_st = '';
-
- /**
- * This method returns the Service Ticket provided in the URL of the request.
- * @return The service ticket.
- * @private
- */
- function getST()
- {
- return $this->_st;
- }
-
- /**
- * This method stores the Service Ticket.
- * @param $st The Service Ticket.
- * @private
- */
- function setST($st)
- {
- $this->_st = $st;
- }
-
- /**
- * This method tells if a Service Ticket was stored.
- * @return TRUE if a Service Ticket has been stored.
- * @private
- */
- function hasST()
- {
- return !empty($this->_st);
- }
-
- /** @} */
-
- // ########################################################################
- // ST VALIDATION
- // ########################################################################
- /**
- * @addtogroup internalBasic
- * @{
- */
-
- /**
- * the certificate of the CAS server.
- *
- * @hideinitializer
- * @private
- */
- var $_cas_server_cert = '';
-
- /**
- * the certificate of the CAS server CA.
- *
- * @hideinitializer
- * @private
- */
- var $_cas_server_ca_cert = '';
-
- /**
- * Set to true not to validate the CAS server.
- *
- * @hideinitializer
- * @private
- */
- var $_no_cas_server_validation = false;
-
- /**
- * Set the certificate of the CAS server.
- *
- * @param $cert the PEM certificate
- */
- function setCasServerCert($cert)
- {
- $this->_cas_server_cert = $cert;
- }
-
- /**
- * Set the CA certificate of the CAS server.
- *
- * @param $cert the PEM certificate of the CA that emited the cert of the server
- */
- function setCasServerCACert($cert)
- {
- $this->_cas_server_ca_cert = $cert;
- }
-
- /**
- * Set no SSL validation for the CAS server.
- */
- function setNoCasServerValidation()
- {
- $this->_no_cas_server_validation = true;
- }
-
- /**
- * This method is used to validate a ST; halt on failure, and sets $validate_url,
- * $text_reponse and $tree_response on success. These parameters are used later
- * by CASClient::validatePGT() for CAS proxies.
- * Used for all CAS 1.0 validations
- * @param $validate_url the URL of the request to the CAS server.
- * @param $text_response the response of the CAS server, as is (XML text).
- * @param $tree_response the response of the CAS server, as a DOM XML tree.
- *
- * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError().
- *
- * @private
- */
- function validateST($validate_url, &$text_response, &$tree_response)
- {
- phpCAS::traceBegin();
- // build the URL to validate the ticket
- $validate_url = $this->getServerServiceValidateURL() . '&ticket=' . $this->getST();
- if ($this->isProxy()) {
- // pass the callback url for CAS proxies
- $validate_url .= '&pgtUrl=' . $this->getCallbackURL();
- }
-
- // open and read the URL
- if (!$this->readURL($validate_url, ''/*cookies*/, $headers, $text_response, $err_msg)) {
- phpCAS::trace('could not open URL \'' . $validate_url . '\' to validate (' . $err_msg . ')');
- $this->authError('ST not validated',
- $validate_url,
- true/*$no_response*/);
- }
-
- // analyze the result depending on the version
- switch ($this->getServerVersion()) {
- case CAS_VERSION_1_0:
- if (preg_match('/^no\n/', $text_response)) {
- phpCAS::trace('ST has not been validated');
- $this->authError('ST not validated',
- $validate_url,
- false/*$no_response*/,
- false/*$bad_response*/,
- $text_response);
- }
- if (!preg_match('/^yes\n/', $text_response)) {
- phpCAS::trace('ill-formed response');
- $this->authError('ST not validated',
- $validate_url,
- false/*$no_response*/,
- true/*$bad_response*/,
- $text_response);
- }
- // ST has been validated, extract the user name
- $arr = preg_split('/\n/', $text_response);
- $this->setUser(trim($arr[1]));
- break;
- case CAS_VERSION_2_0:
- // read the response of the CAS server into a DOM object
- if (!($dom = domxml_open_mem($text_response))) {
- phpCAS::trace('domxml_open_mem() failed');
- $this->authError('ST not validated',
- $validate_url,
- false/*$no_response*/,
- true/*$bad_response*/,
- $text_response);
- }
- // read the root node of the XML tree
- if (!($tree_response = $dom->document_element())) {
- phpCAS::trace('document_element() failed');
- $this->authError('ST not validated',
- $validate_url,
- false/*$no_response*/,
- true/*$bad_response*/,
- $text_response);
- }
- // insure that tag name is 'serviceResponse'
- if ($tree_response->node_name() != 'serviceResponse') {
- phpCAS::trace('bad XML root node (should be `serviceResponse\' instead of `' . $tree_response->node_name() . '\'');
- $this->authError('ST not validated',
- $validate_url,
- false/*$no_response*/,
- true/*$bad_response*/,
- $text_response);
- }
- if (sizeof($success_elements = $tree_response->get_elements_by_tagname("authenticationSuccess")) != 0) {
- // authentication succeded, extract the user name
- if (sizeof($user_elements = $success_elements[0]->get_elements_by_tagname("user")) == 0) {
- phpCAS::trace(' found, but no ');
- $this->authError('ST not validated',
- $validate_url,
- false/*$no_response*/,
- true/*$bad_response*/,
- $text_response);
- }
- $user = trim($user_elements[0]->get_content());
- phpCAS::trace('user = `' . $user);
- $this->setUser($user);
-
- } else {
- if (sizeof($failure_elements = $tree_response->get_elements_by_tagname("authenticationFailure")) != 0) {
- phpCAS::trace(' found');
- // authentication failed, extract the error code and message
- $this->authError('ST not validated',
- $validate_url,
- false/*$no_response*/,
- false/*$bad_response*/,
- $text_response,
- $failure_elements[0]->get_attribute('code')/*$err_code*/,
- trim($failure_elements[0]->get_content())/*$err_msg*/);
- } else {
- phpCAS::trace('neither nor found');
- $this->authError('ST not validated',
- $validate_url,
- false/*$no_response*/,
- true/*$bad_response*/,
- $text_response);
- }
- }
- break;
- }
-
- // at this step, ST has been validated and $this->_user has been set,
- phpCAS::traceEnd(true);
- return true;
- }
-
- // ########################################################################
- // SAML VALIDATION
- // ########################################################################
- /**
- * @addtogroup internalBasic
- * @{
- */
-
- /**
- * This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url,
- * $text_reponse and $tree_response on success. These parameters are used later
- * by CASClient::validatePGT() for CAS proxies.
- *
- * @param $validate_url the URL of the request to the CAS server.
- * @param $text_response the response of the CAS server, as is (XML text).
- * @param $tree_response the response of the CAS server, as a DOM XML tree.
- *
- * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError().
- *
- * @private
- */
- function validateSA($validate_url, &$text_response, &$tree_response)
- {
- phpCAS::traceBegin();
-
- // build the URL to validate the ticket
- $validate_url = $this->getServerSamlValidateURL();
-
- // open and read the URL
- if (!$this->readURL($validate_url, ''/*cookies*/, $headers, $text_response, $err_msg)) {
- phpCAS::trace('could not open URL \'' . $validate_url . '\' to validate (' . $err_msg . ')');
- $this->authError('SA not validated', $validate_url, true/*$no_response*/);
- }
-
- phpCAS::trace('server version: ' . $this->getServerVersion());
-
- // analyze the result depending on the version
- switch ($this->getServerVersion()) {
- case SAML_VERSION_1_1:
-
- // read the response of the CAS server into a DOM object
- if (!($dom = domxml_open_mem($text_response))) {
- phpCAS::trace('domxml_open_mem() failed');
- $this->authError('SA not validated',
- $validate_url,
- false/*$no_response*/,
- true/*$bad_response*/,
- $text_response);
- }
- // read the root node of the XML tree
- if (!($tree_response = $dom->document_element())) {
- phpCAS::trace('document_element() failed');
- $this->authError('SA not validated',
- $validate_url,
- false/*$no_response*/,
- true/*$bad_response*/,
- $text_response);
- }
- // insure that tag name is 'Envelope'
- if ($tree_response->node_name() != 'Envelope') {
- phpCAS::trace('bad XML root node (should be `Envelope\' instead of `' . $tree_response->node_name() . '\'');
- $this->authError('SA not validated',
- $validate_url,
- false/*$no_response*/,
- true/*$bad_response*/,
- $text_response);
- }
- // check for the NameIdentifier tag in the SAML response
- if (sizeof($success_elements = $tree_response->get_elements_by_tagname("NameIdentifier")) != 0) {
- phpCAS::trace('NameIdentifier found');
- $user = trim($success_elements[0]->get_content());
- phpCAS::trace('user = `' . $user . '`');
- $this->setUser($user);
- $this->setSessionAttributes($text_response);
- } else {
- phpCAS::trace('no tag found in SAML payload');
- $this->authError('SA not validated',
- $validate_url,
- false/*$no_response*/,
- true/*$bad_response*/,
- $text_response);
- }
- break;
- }
-
- // at this step, ST has been validated and $this->_user has been set,
- phpCAS::traceEnd(true);
- return true;
- }
-
- /**
- * This method will parse the DOM and pull out the attributes from the SAML
- * payload and put them into an array, then put the array into the session.
- *
- * @param $text_response the SAML payload.
- * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError().
- *
- * @private
- */
- function setSessionAttributes($text_response)
- {
- phpCAS::traceBegin();
-
- $result = false;
-
- if (isset($_SESSION[SAML_ATTRIBUTES])) {
- phpCAS::trace("session attrs already set."); //testbml - do we care?
- }
-
- $attr_array = array();
-
- if (($dom = domxml_open_mem($text_response))) {
- $xPath = $dom->xpath_new_context();
- $xPath->xpath_register_ns('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol');
- $xPath->xpath_register_ns('saml', 'urn:oasis:names:tc:SAML:1.0:assertion');
- $nodelist = $xPath->xpath_eval("//saml:Attribute");
- $attrs = $nodelist->nodeset;
- phpCAS::trace($text_response);
- foreach ($attrs as $attr) {
- $xres = $xPath->xpath_eval("saml:AttributeValue", $attr);
- $name = $attr->get_attribute("AttributeName");
- $value_array = array();
- foreach ($xres->nodeset as $node) {
- $value_array[] = $node->get_content();
-
- }
- phpCAS::trace("* " . $name . "=" . $value_array);
- $attr_array[$name] = $value_array;
- }
- $_SESSION[SAML_ATTRIBUTES] = $attr_array;
- // UGent addition...
- foreach ($attr_array as $attr_key => $attr_value) {
- if (count($attr_value) > 1) {
- $this->_attributes[$attr_key] = $attr_value;
- } else {
- $this->_attributes[$attr_key] = $attr_value[0];
- }
- }
- $result = true;
- }
- phpCAS::traceEnd($result);
- return $result;
- }
-
- /** @} */
-
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- // XX XX
- // XX PROXY FEATURES (CAS 2.0) XX
- // XX XX
- // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-
- // ########################################################################
- // PROXYING
- // ########################################################################
- /**
- * @addtogroup internalProxy
- * @{
- */
-
- /**
- * A boolean telling if the client is a CAS proxy or not. Written by CASClient::CASClient(),
- * read by CASClient::isProxy().
- *
- * @private
- */
- var $_proxy;
-
- /**
- * Tells if a CAS client is a CAS proxy or not
- *
- * @return TRUE when the CAS client is a CAs proxy, FALSE otherwise
- *
- * @private
- */
- function isProxy()
- {
- return $this->_proxy;
- }
-
- /** @} */
- // ########################################################################
- // PGT
- // ########################################################################
- /**
- * @addtogroup internalProxy
- * @{
- */
-
- /**
- * the Proxy Grnting Ticket given by the CAS server (empty otherwise).
- * Written by CASClient::setPGT(), read by CASClient::getPGT() and CASClient::hasPGT().
- *
- * @hideinitializer
- * @private
- */
- var $_pgt = '';
-
- /**
- * This method returns the Proxy Granting Ticket given by the CAS server.
- * @return The Proxy Granting Ticket.
- * @private
- */
- function getPGT()
- {
- return $this->_pgt;
- }
-
- /**
- * This method stores the Proxy Granting Ticket.
- * @param $pgt The Proxy Granting Ticket.
- * @private
- */
- function setPGT($pgt)
- {
- $this->_pgt = $pgt;
- }
-
- /**
- * This method tells if a Proxy Granting Ticket was stored.
- * @return TRUE if a Proxy Granting Ticket has been stored.
- * @private
- */
- function hasPGT()
- {
- return !empty($this->_pgt);
- }
-
- /** @} */
-
- // ########################################################################
- // CALLBACK MODE
- // ########################################################################
- /**
- * @addtogroup internalCallback
- * @{
- */
- /**
- * each PHP script using phpCAS in proxy mode is its own callback to get the
- * PGT back from the CAS server. callback_mode is detected by the constructor
- * thanks to the GET parameters.
- */
-
- /**
- * a boolean to know if the CAS client is running in callback mode. Written by
- * CASClient::setCallBackMode(), read by CASClient::isCallbackMode().
- *
- * @hideinitializer
- * @private
- */
- var $_callback_mode = false;
-
- /**
- * This method sets/unsets callback mode.
- *
- * @param $callback_mode TRUE to set callback mode, FALSE otherwise.
- *
- * @private
- */
- function setCallbackMode($callback_mode)
- {
- $this->_callback_mode = $callback_mode;
- }
-
- /**
- * This method returns TRUE when the CAs client is running i callback mode,
- * FALSE otherwise.
- *
- * @return A boolean.
- *
- * @private
- */
- function isCallbackMode()
- {
- return $this->_callback_mode;
- }
-
- /**
- * the URL that should be used for the PGT callback (in fact the URL of the
- * current request without any CGI parameter). Written and read by
- * CASClient::getCallbackURL().
- *
- * @hideinitializer
- * @private
- */
- var $_callback_url = '';
-
- /**
- * This method returns the URL that should be used for the PGT callback (in
- * fact the URL of the current request without any CGI parameter, except if
- * phpCAS::setFixedCallbackURL() was used).
- *
- * @return The callback URL
- *
- * @private
- */
- function getCallbackURL()
- {
- // the URL is built when needed only
- if (empty($this->_callback_url)) {
- $final_uri = '';
- // remove the ticket if present in the URL
- $final_uri = 'https://';
- /* replaced by Julien Marchal - v0.4.6
- * $this->uri .= $_SERVER['SERVER_NAME'];
- */
- if (empty($_SERVER['HTTP_X_FORWARDED_SERVER'])) {
- /* replaced by teedog - v0.4.12
- * $final_uri .= $_SERVER['SERVER_NAME'];
- */
- if (empty($_SERVER['SERVER_NAME'])) {
- $final_uri .= $_SERVER['HTTP_HOST'];
- } else {
- $final_uri .= $_SERVER['SERVER_NAME'];
- }
- } else {
- $final_uri .= $_SERVER['HTTP_X_FORWARDED_SERVER'];
- }
- if (($this->isHttps() && $_SERVER['SERVER_PORT'] != 443)
- || (!$this->isHttps() && $_SERVER['SERVER_PORT'] != 80)
- ) {
- $final_uri .= ':';
- $final_uri .= $_SERVER['SERVER_PORT'];
- }
- $request_uri = $_SERVER['REQUEST_URI'];
- $request_uri = preg_replace('/\?.*$/', '', $request_uri);
- $final_uri .= $request_uri;
- $this->setCallbackURL($final_uri);
- }
- return $this->_callback_url;
- }
-
- /**
- * This method sets the callback url.
- *
- * @param $callback_url url to set callback
- *
- * @private
- */
- function setCallbackURL($url)
- {
- return $this->_callback_url = $url;
- }
-
- /**
- * This method is called by CASClient::CASClient() when running in callback
- * mode. It stores the PGT and its PGT Iou, prints its output and halts.
- *
- * @private
- */
- function callback()
- {
- phpCAS::traceBegin();
- $this->printHTMLHeader('phpCAS callback');
- $pgt_iou = $_GET['pgtIou'];
- $pgt = $_GET['pgtId'];
- phpCAS::trace('Storing PGT `' . $pgt . '\' (id=`' . $pgt_iou . '\')');
- echo '