From 758e98e81c0059358474a977f48ad039607e35c7 Mon Sep 17 00:00:00 2001 From: Julio Date: Tue, 18 Sep 2018 19:42:11 +0200 Subject: [PATCH] Remove deprecated auth code see #2645 --- main/auth/cas/authcas.php | 228 -- main/auth/cas/cas_var.inc.php | 31 - main/auth/cas/lib/CAS.php | 1687 ---------- main/auth/cas/lib/CAS/PGTStorage/pgt-db.php | 219 -- main/auth/cas/lib/CAS/PGTStorage/pgt-file.php | 276 -- main/auth/cas/lib/CAS/PGTStorage/pgt-main.php | 215 -- main/auth/cas/lib/CAS/client.php | 2774 ----------------- main/auth/cas/lib/CAS/domxml-php4-to-php5.php | 881 ------ main/auth/cas/lib/CAS/languages/catalan.php | 27 - main/auth/cas/lib/CAS/languages/english.php | 27 - main/auth/cas/lib/CAS/languages/french.php | 28 - main/auth/cas/lib/CAS/languages/german.php | 27 - main/auth/cas/lib/CAS/languages/greek.php | 27 - main/auth/cas/lib/CAS/languages/japanese.php | 27 - main/auth/cas/lib/CAS/languages/languages.php | 24 - main/auth/cas/lib/CAS/languages/spanish.php | 27 - main/auth/cas/logincas.php | 56 - main/auth/cas/logout.php | 13 - main/auth/external_login/facebook.inc.php | 220 -- main/auth/external_login/facebook.init.php | 24 - main/auth/external_login/functions.inc.php | 231 -- main/auth/external_login/ldap.inc.php | 407 --- .../external_login/ldap_import_all_users.php | 22 - main/auth/external_login/login.ldap.php | 85 - main/auth/external_login/login.ws.php | 107 - main/auth/external_login/newUser.ldap.php | 71 - main/auth/external_login/newUser.php | 54 - main/auth/external_login/updateUser.php | 41 - main/auth/ldap/authldap.php | 800 ----- main/auth/ldap/index.html | 6 - main/auth/ldap/ldap_var.inc.php | 47 - main/auth/ldap/login.php | 44 - main/auth/ldap/newUser.php | 36 - main/auth/ldap/syncro_users.php | 6 - main/auth/shibboleth/_readme.txt | 10 - .../shibboleth_controller.class.php | 158 - .../auth/shibboleth/app/model/admin.class.php | 44 - .../app/model/scaffold/admin.class.php | 134 - .../app/model/scaffold/user.class.php | 185 -- .../app/model/shibboleth_store.class.php | 197 -- .../app/model/shibboleth_user.class.php | 33 - main/auth/shibboleth/app/model/user.class.php | 95 - main/auth/shibboleth/app/shibboleth.class.php | 266 -- main/auth/shibboleth/app/view/admin_login.php | 18 - main/auth/shibboleth/app/view/request.php | 20 - .../app/view/shibboleth_display.class.php | 66 - .../app/view/shibboleth_email_form.class.php | 51 - .../shibboleth_status_request_form.class.php | 97 - main/auth/shibboleth/config-dist.php | 16 - main/auth/shibboleth/config/aai.class.php | 69 - .../db/shibboleth_upgrade.class.php | 85 - main/auth/shibboleth/index.php | 8 - main/auth/shibboleth/init.php | 23 - main/auth/shibboleth/lib/model.class.php | 14 - .../lib/scaffolder/scaffolder.class.php | 64 - .../lib/scaffolder/template/default.php | 146 - .../lib/scaffolder/template/model.php | 146 - .../lib/scaffolder/template/public.php | 39 - .../lib/shibboleth_config.class.php | 61 - .../lib/shibboleth_session.class.php | 100 - main/auth/shibboleth/lib/store.class.php | 357 --- main/auth/shibboleth/login.php | 35 - main/auth/shibboleth/script/scaffold.php | 36 - .../shibboleth/test/shibboleth_test.class.php | 218 -- .../test/shibboleth_test_helper.class.php | 133 - main/auth/shibboleth/test/test.php | 32 - main/auth/shibboleth/test/test_no_email.php | 20 - 67 files changed, 11771 deletions(-) delete mode 100755 main/auth/cas/authcas.php delete mode 100755 main/auth/cas/cas_var.inc.php delete mode 100755 main/auth/cas/lib/CAS.php delete mode 100755 main/auth/cas/lib/CAS/PGTStorage/pgt-db.php delete mode 100755 main/auth/cas/lib/CAS/PGTStorage/pgt-file.php delete mode 100755 main/auth/cas/lib/CAS/PGTStorage/pgt-main.php delete mode 100755 main/auth/cas/lib/CAS/client.php delete mode 100755 main/auth/cas/lib/CAS/domxml-php4-to-php5.php delete mode 100755 main/auth/cas/lib/CAS/languages/catalan.php delete mode 100755 main/auth/cas/lib/CAS/languages/english.php delete mode 100755 main/auth/cas/lib/CAS/languages/french.php delete mode 100755 main/auth/cas/lib/CAS/languages/german.php delete mode 100755 main/auth/cas/lib/CAS/languages/greek.php delete mode 100755 main/auth/cas/lib/CAS/languages/japanese.php delete mode 100755 main/auth/cas/lib/CAS/languages/languages.php delete mode 100755 main/auth/cas/lib/CAS/languages/spanish.php delete mode 100755 main/auth/cas/logincas.php delete mode 100755 main/auth/cas/logout.php delete mode 100755 main/auth/external_login/facebook.inc.php delete mode 100755 main/auth/external_login/facebook.init.php delete mode 100755 main/auth/external_login/functions.inc.php delete mode 100755 main/auth/external_login/ldap.inc.php delete mode 100755 main/auth/external_login/ldap_import_all_users.php delete mode 100755 main/auth/external_login/login.ldap.php delete mode 100755 main/auth/external_login/login.ws.php delete mode 100755 main/auth/external_login/newUser.ldap.php delete mode 100755 main/auth/external_login/newUser.php delete mode 100755 main/auth/external_login/updateUser.php delete mode 100755 main/auth/ldap/authldap.php delete mode 100755 main/auth/ldap/index.html delete mode 100755 main/auth/ldap/ldap_var.inc.php delete mode 100755 main/auth/ldap/login.php delete mode 100755 main/auth/ldap/newUser.php delete mode 100755 main/auth/ldap/syncro_users.php delete mode 100755 main/auth/shibboleth/_readme.txt delete mode 100755 main/auth/shibboleth/app/controller/shibboleth_controller.class.php delete mode 100755 main/auth/shibboleth/app/model/admin.class.php delete mode 100755 main/auth/shibboleth/app/model/scaffold/admin.class.php delete mode 100755 main/auth/shibboleth/app/model/scaffold/user.class.php delete mode 100755 main/auth/shibboleth/app/model/shibboleth_store.class.php delete mode 100755 main/auth/shibboleth/app/model/shibboleth_user.class.php delete mode 100755 main/auth/shibboleth/app/model/user.class.php delete mode 100755 main/auth/shibboleth/app/shibboleth.class.php delete mode 100755 main/auth/shibboleth/app/view/admin_login.php delete mode 100755 main/auth/shibboleth/app/view/request.php delete mode 100755 main/auth/shibboleth/app/view/shibboleth_display.class.php delete mode 100755 main/auth/shibboleth/app/view/shibboleth_email_form.class.php delete mode 100755 main/auth/shibboleth/app/view/shibboleth_status_request_form.class.php delete mode 100755 main/auth/shibboleth/config-dist.php delete mode 100755 main/auth/shibboleth/config/aai.class.php delete mode 100755 main/auth/shibboleth/db/shibboleth_upgrade.class.php delete mode 100755 main/auth/shibboleth/index.php delete mode 100755 main/auth/shibboleth/init.php delete mode 100755 main/auth/shibboleth/lib/model.class.php delete mode 100755 main/auth/shibboleth/lib/scaffolder/scaffolder.class.php delete mode 100755 main/auth/shibboleth/lib/scaffolder/template/default.php delete mode 100755 main/auth/shibboleth/lib/scaffolder/template/model.php delete mode 100755 main/auth/shibboleth/lib/scaffolder/template/public.php delete mode 100755 main/auth/shibboleth/lib/shibboleth_config.class.php delete mode 100755 main/auth/shibboleth/lib/shibboleth_session.class.php delete mode 100755 main/auth/shibboleth/lib/store.class.php delete mode 100755 main/auth/shibboleth/login.php delete mode 100755 main/auth/shibboleth/script/scaffold.php delete mode 100755 main/auth/shibboleth/test/shibboleth_test.class.php delete mode 100755 main/auth/shibboleth/test/shibboleth_test_helper.class.php delete mode 100755 main/auth/shibboleth/test/test.php delete mode 100755 main/auth/shibboleth/test/test_no_email.php diff --git a/main/auth/cas/authcas.php b/main/auth/cas/authcas.php deleted file mode 100755 index e98e2fa70a..0000000000 --- a/main/auth/cas/authcas.php +++ /dev/null @@ -1,228 +0,0 @@ - for the paris5 university - -* Checks if the user is already logged in via the cas system -* Gets all the info via the ldap module (ldap has to work) - -*/ -require_once api_get_path(SYS_PATH).'main/auth/cas/cas_var.inc.php'; -require_once api_get_path(SYS_PATH).'main/auth/external_login/ldap.inc.php'; -require_once api_get_path(SYS_PATH).'main/auth/external_login/functions.inc.php'; - -/** - * @return true if cas is configured - */ -function cas_configured() -{ - global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri; - $res = false; - if (!empty($cas_auth_ver) && !empty($cas_auth_server) && !empty($cas_auth_port)) { - $res = true; - } - - return $res; -} - -/** - * checks if the user already get a session. - * - * @return the user login if the user already has a session ,false otherwise - */ -function cas_is_authenticated() -{ - global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri; - global $PHPCAS_CLIENT; - global $logout; - - if (!cas_configured()) { - return; - } - - if (!is_object($PHPCAS_CLIENT)) { - phpCAS::client($cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri); - phpCAS::setNoCasServerValidation(); - } - $auth = phpCAS::checkAuthentication(); - - if ($auth) { - $login = trim(phpCAS::getUser()); - /* - Get user attributes. Here are the attributes for crdp platform - sn => name - ENTPersonMailInterne => mail - ENTPersonAlias => login - ENTPersonProfils => profil - givenName => first name - */ - /*$user=phpCAS::getAttributes(); - $firstName = trim($user['givenName']); - $lastName = trim($user['sn']); - $login = trim($user['ENTPersonAlias']); - $profil = trim($user['ENTPersonProfils']); - $email = trim($user['ENTPersonMailInterne']); - $satus=5; - switch ($profil){ - case 'admin_etab': - $status=3; //Session admin - break; - case 'admin_sie': - $status=3; //Session admin - break; - case 'National_3': - $status=1; // Teacher - break; - case 'National_1': - $status=5; // Student - break; - default: - $status=5; // Student - }*/ - if (!$logout) { - // get user info from username - $tab_user_info = api_get_user_info($login); - - // user found in the chamilo database - if (is_array($tab_user_info)) { - // if option is on we update user automatically from ldap server - if (api_get_setting("update_user_info_cas_with_ldap") == "true") { - $ldapuser = extldap_authenticate($login, 'nopass', true); - if ($ldapuser !== false) { - $chamilo_user = extldap_get_chamilo_user($ldapuser); - $chamilo_user['user_id'] = $tab_user_info['user_id']; - $chamilo_user['status'] = $tab_user_info['status']; - UserManager::update_user( - $chamilo_user["user_id"], - $chamilo_user["firstname"], - $chamilo_user["lastname"], - $login, - null, - null, - $chamilo_user["email"], - $chamilo_user["status"], - '', - '', - '', - '', - 1, - null, - 0, - null, - '' - ); - } - } - - return $login; - } // user not found - else { - // if option is on we can ADD user automatically from ldap server or by modify own profil - $user_added = false; - switch (api_get_setting("cas_add_user_activate")) { - case PLATFORM_AUTH_SOURCE: - // user will have to modify firstname, lastname, email in chamilo profil edit - $userdata = get_lang("EditInProfil"); - UserManager::create_user( - $userdata, - $userdata, - '5', - $userdata, - $login, - 'casplaceholder', - '', - '', - '', - '', - CAS_AUTH_SOURCE - ); - $user_added = $login; - break; - case LDAP_AUTH_SOURCE: - // user info are read from ldap connexion - // get user info from ldap server - // user has already been authenticated by CAS - // If user not found in LDAP, user not created - $ldapuser = extldap_authenticate($login, 'nopass', true); - if ($ldapuser !== false) { - $chamilo_user = extldap_get_chamilo_user($ldapuser); - $chamilo_user['username'] = $login; - $chamilo_user['auth_source'] = CAS_AUTH_SOURCE; - $chamilo_uid = external_add_user($chamilo_user); - $user_added = $login; - } - break; - default: - break; - } - - return $user_added; - } - } - // //If the user is in the dokeos database and we are ,not in a logout request, we upgrade his infomration by ldap - // if (! $logout){ - // $user_table = Database::get_main_table(TABLE_MAIN_USER); - // $sql = "SELECT user_id, username, password, auth_source, active, expiration_date ". - // "FROM $user_table ". - // "WHERE username = '$login' "; -// - // $result = Database::query($sql,__FILE__,__LINE__); - // if(mysql_num_rows($result) == 0) { - // require_once(api_get_path(SYS_PATH).'main/inc/lib/usermanager.lib.php'); - // $rnumber=rand(0,256000); - // UserManager::create_user($firstName, $lastName, $status, $email, $login, md5('casplaceholder'.$rnumber), $official_code='',$language='',$phone='',$picture_uri='',$auth_source = PLATFORM_AUTH_SOURCE); - // } - // else { - // $user = mysql_fetch_assoc($result); - // $user_id = intval($user['user_id']); - // //echo "deb : $status"; - // UserManager::update_user ($user_id, $firstname, $lastname, $login, null, null, $email, $status, '', '', '', '', 1, null, 0, null,'') ; -// - // } - // } - return $login; - } else { - return false; - } -} - -/** - * Logs out the user of the cas - * The user MUST be logged in with cas to use this function. - * - * @param $uinfo array user info (not needed) - * @param $location string redirect url - * - * @see online_logout() - */ -function cas_logout($uinfo = null, $location = null) -{ - global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri; - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { - phpCAS::client($cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri); - phpCAS::setNoCasServerValidation(); - } - - if (!isset($location)) { - $location = api_get_path(WEB_PATH); - } - - phpCAS::logoutWithRedirectService($location); -} - -/* - * Return the direct URL to a course code with CAS login - */ -function get_cas_direct_URL($in_course_code) -{ - return api_get_path(WEB_PATH).'main/auth/cas/logincas.php?firstpage='.$in_course_code; -} - -function getCASLogoHTML() -{ - $out_res = ""; - if (api_get_setting("casLogoURL") != "") { - $out_res = "CAS Logo"; - } - - return $out_res; -} diff --git a/main/auth/cas/cas_var.inc.php b/main/auth/cas/cas_var.inc.php deleted file mode 100755 index b4fbfb9ed5..0000000000 --- a/main/auth/cas/cas_var.inc.php +++ /dev/null @@ -1,31 +0,0 @@ -=')) { - require_once __DIR__.'/CAS/domxml-php4-to-php5.php'; -} - -/** - * @file CAS/CAS.php - * Interface class of the phpCAS library - * - * @ingroup public - */ - -// ######################################################################## -// CONSTANTS -// ######################################################################## - -// ------------------------------------------------------------------------ -// CAS VERSIONS -// ------------------------------------------------------------------------ - -/** - * phpCAS version. accessible for the user by phpCAS::getVersion(). - */ -define('PHPCAS_VERSION', '1.1.1'); - -// ------------------------------------------------------------------------ -// CAS VERSIONS -// ------------------------------------------------------------------------ -/** - * @addtogroup public - * @{ - */ - -/** - * CAS version 1.0 - */ -define("CAS_VERSION_1_0", '1.0'); -/*! - * CAS version 2.0 - */ -define("CAS_VERSION_2_0", '2.0'); - -// ------------------------------------------------------------------------ -// SAML defines -// ------------------------------------------------------------------------ - -/** - * SAML protocol - */ -define("SAML_VERSION_1_1", 'S1'); - -/** - * XML header for SAML POST - */ -define("SAML_XML_HEADER", ''); - -/** - * SOAP envelope for SAML POST - */ -define("SAML_SOAP_ENV", - ''); - -/** - * SOAP body for SAML POST - */ -define("SAML_SOAP_BODY", ''); - -/** - * SAMLP request - */ -define("SAMLP_REQUEST", - ''); -define("SAMLP_REQUEST_CLOSE", ''); - -/** - * SAMLP artifact tag (for the ticket) - */ -define("SAML_ASSERTION_ARTIFACT", ''); - -/** - * SAMLP close - */ -define("SAML_ASSERTION_ARTIFACT_CLOSE", ''); - -/** - * SOAP body close - */ -define("SAML_SOAP_BODY_CLOSE", ''); - -/** - * SOAP envelope close - */ -define("SAML_SOAP_ENV_CLOSE", ''); - -/** - * SAML Attributes - */ -define("SAML_ATTRIBUTES", 'SAMLATTRIBS'); - -/** @} */ -/** - * @addtogroup publicPGTStorage - * @{ - */ -// ------------------------------------------------------------------------ -// FILE PGT STORAGE -// ------------------------------------------------------------------------ -/** - * Default path used when storing PGT's to file - */ -define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH", '/tmp'); -/** - * phpCAS::setPGTStorageFile()'s 2nd parameter to write plain text files - */ -define("CAS_PGT_STORAGE_FILE_FORMAT_PLAIN", 'plain'); -/** - * phpCAS::setPGTStorageFile()'s 2nd parameter to write xml files - */ -define("CAS_PGT_STORAGE_FILE_FORMAT_XML", 'xml'); -/** - * Default format used when storing PGT's to file - */ -define("CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT", CAS_PGT_STORAGE_FILE_FORMAT_PLAIN); -// ------------------------------------------------------------------------ -// DATABASE PGT STORAGE -// ------------------------------------------------------------------------ -/** - * default database type when storing PGT's to database - */ -define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE", 'mysql'); -/** - * default host when storing PGT's to database - */ -define("CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME", 'localhost'); -/** - * default port when storing PGT's to database - */ -define("CAS_PGT_STORAGE_DB_DEFAULT_PORT", ''); -/** - * default database when storing PGT's to database - */ -define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE", 'phpCAS'); -/** - * default table when storing PGT's to database - */ -define("CAS_PGT_STORAGE_DB_DEFAULT_TABLE", 'pgt'); - -/** @} */ -// ------------------------------------------------------------------------ -// SERVICE ACCESS ERRORS -// ------------------------------------------------------------------------ -/** - * @addtogroup publicServices - * @{ - */ - -/** - * phpCAS::service() error code on success - */ -define("PHPCAS_SERVICE_OK", 0); -/** - * phpCAS::service() error code when the PT could not retrieve because - * the CAS server did not respond. - */ -define("PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE", 1); -/** - * phpCAS::service() error code when the PT could not retrieve because - * the response of the CAS server was ill-formed. - */ -define("PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE", 2); -/** - * phpCAS::service() error code when the PT could not retrieve because - * the CAS server did not want to. - */ -define("PHPCAS_SERVICE_PT_FAILURE", 3); -/** - * phpCAS::service() error code when the service was not available. - */ -define("PHPCAS_SERVICE_NOT AVAILABLE", 4); - -/** @} */ -// ------------------------------------------------------------------------ -// LANGUAGES -// ------------------------------------------------------------------------ -/** - * @addtogroup publicLang - * @{ - */ - -define("PHPCAS_LANG_ENGLISH", 'english'); -define("PHPCAS_LANG_FRENCH", 'french'); -define("PHPCAS_LANG_GREEK", 'greek'); -define("PHPCAS_LANG_GERMAN", 'german'); -define("PHPCAS_LANG_JAPANESE", 'japanese'); -define("PHPCAS_LANG_SPANISH", 'spanish'); -define("PHPCAS_LANG_CATALAN", 'catalan'); - -/** @} */ - -/** - * @addtogroup internalLang - * @{ - */ - -/** - * phpCAS default language (when phpCAS::setLang() is not used) - */ -define("PHPCAS_LANG_DEFAULT", PHPCAS_LANG_ENGLISH); - -/** @} */ -// ------------------------------------------------------------------------ -// DEBUG -// ------------------------------------------------------------------------ -/** - * @addtogroup publicDebug - * @{ - */ - -/** - * The default directory for the debug file under Unix. - */ -define('DEFAULT_DEBUG_DIR', '/tmp/'); - -/** @} */ -// ------------------------------------------------------------------------ -// MISC -// ------------------------------------------------------------------------ -/** - * @addtogroup internalMisc - * @{ - */ - -/** - * This global variable is used by the interface class phpCAS. - * - * @hideinitializer - */ -$GLOBALS['PHPCAS_CLIENT'] = null; - -/** - * This global variable is used to store where the initializer is called from - * (to print a comprehensive error in case of multiple calls). - * - * @hideinitializer - */ -$GLOBALS['PHPCAS_INIT_CALL'] = array( - 'done' => false, - 'file' => '?', - 'line' => -1, - 'method' => '?' -); - -/** - * This global variable is used to store where the method checking - * the authentication is called from (to print comprehensive errors) - * - * @hideinitializer - */ -$GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array( - 'done' => false, - 'file' => '?', - 'line' => -1, - 'method' => '?', - 'result' => false -); - -/** - * This global variable is used to store phpCAS debug mode. - * - * @hideinitializer - */ -$GLOBALS['PHPCAS_DEBUG'] = array( - 'filename' => '/tmp/cas.log', - 'indent' => 0, - 'unique_id' => '' -); - -/** @} */ - -// ######################################################################## -// CLIENT CLASS -// ######################################################################## - -// include client class -include_once __DIR__.'/CAS/client.php'; - -// ######################################################################## -// INTERFACE CLASS -// ######################################################################## - -/** - * @class phpCAS - * The phpCAS class is a simple container for the phpCAS library. It provides CAS - * authentication for web applications written in PHP. - * - * @ingroup public - * @author Pascal Aubry - * - * \internal All its methods access the same object ($PHPCAS_CLIENT, declared - * at the end of CAS/client.php). - */ -class phpCAS -{ - - // ######################################################################## - // INITIALIZATION - // ######################################################################## - - /** - * @addtogroup publicInit - * @{ - */ - - /** - * phpCAS client initializer. - * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be - * called, only once, and before all other methods (except phpCAS::getVersion() - * and phpCAS::setDebug()). - * - * @param $server_version the version of the CAS server - * @param $server_hostname the hostname of the CAS server - * @param $server_port the port the CAS server is running on - * @param $server_uri the URI the CAS server is responding on - * @param $start_session Have phpCAS start PHP sessions (default true) - * - * @return a newly created CASClient object - */ - public function client($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) - { - global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL; - - self::traceBegin(); - if (is_object($PHPCAS_CLIENT)) { - self::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')'); - } - if (gettype($server_version) != 'string') { - self::error('type mismatched for parameter $server_version (should be `string\')'); - } - if (gettype($server_hostname) != 'string') { - self::error('type mismatched for parameter $server_hostname (should be `string\')'); - } - if (gettype($server_port) != 'integer') { - self::error('type mismatched for parameter $server_port (should be `integer\')'); - } - if (gettype($server_uri) != 'string') { - self::error('type mismatched for parameter $server_uri (should be `string\')'); - } - - // store where the initializer is called from - $dbg = self::backtrace(); - $PHPCAS_INIT_CALL = array( - 'done' => true, - 'file' => $dbg[0]['file'], - 'line' => $dbg[0]['line'], - 'method' => __CLASS__.'::'.__FUNCTION__ - ); - - // initialize the global object $PHPCAS_CLIENT - $PHPCAS_CLIENT = new CASClient($server_version, false /*proxy*/ - , $server_hostname, $server_port, $server_uri, $start_session); - self::traceEnd(); - } - - /** - * phpCAS proxy initializer. - * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be - * called, only once, and before all other methods (except phpCAS::getVersion() - * and phpCAS::setDebug()). - * - * @param $server_version the version of the CAS server - * @param $server_hostname the hostname of the CAS server - * @param $server_port the port the CAS server is running on - * @param $server_uri the URI the CAS server is responding on - * @param $start_session Have phpCAS start PHP sessions (default true) - * - * @return a newly created CASClient object - */ - public function proxy($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) - { - global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL; - - self::traceBegin(); - if (is_object($PHPCAS_CLIENT)) { - self::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')'); - } - if (gettype($server_version) != 'string') { - self::error('type mismatched for parameter $server_version (should be `string\')'); - } - if (gettype($server_hostname) != 'string') { - self::error('type mismatched for parameter $server_hostname (should be `string\')'); - } - if (gettype($server_port) != 'integer') { - self::error('type mismatched for parameter $server_port (should be `integer\')'); - } - if (gettype($server_uri) != 'string') { - self::error('type mismatched for parameter $server_uri (should be `string\')'); - } - - // store where the initialzer is called from - $dbg = self::backtrace(); - $PHPCAS_INIT_CALL = array( - 'done' => true, - 'file' => $dbg[0]['file'], - 'line' => $dbg[0]['line'], - 'method' => __CLASS__.'::'.__FUNCTION__ - ); - - // initialize the global object $PHPCAS_CLIENT - $PHPCAS_CLIENT = new CASClient($server_version, true /*proxy*/ - , $server_hostname, $server_port, $server_uri, $start_session); - self::traceEnd(); - } - - /** @} */ - // ######################################################################## - // DEBUGGING - // ######################################################################## - - /** - * @addtogroup publicDebug - * @{ - */ - - /** - * Set/unset debug mode - * - * @param $filename the name of the file used for logging, or FALSE to stop debugging. - */ - public function setDebug($filename = '') - { - global $PHPCAS_DEBUG; - - if ($filename != false && gettype($filename) != 'string') { - self::error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)'); - } - - if (empty ($filename)) { - if (preg_match('/^Win.*/', getenv('OS'))) { - if (isset ($_ENV['TMP'])) { - $debugDir = $_ENV['TMP'].'/'; - } else { - if (isset ($_ENV['TEMP'])) { - $debugDir = $_ENV['TEMP'].'/'; - } else { - $debugDir = ''; - } - } - } else { - $debugDir = DEFAULT_DEBUG_DIR; - } - $filename = $debugDir.'phpCAS.log'; - } - - if (empty ($PHPCAS_DEBUG['unique_id'])) { - $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))), 0, 4); - } - - $PHPCAS_DEBUG['filename'] = $filename; - - self::trace('START ******************'); - } - - /** @} */ - /** - * @addtogroup internalDebug - * @{ - */ - - /** - * This method is a wrapper for debug_backtrace() that is not available - * in all PHP versions (>= 4.3.0 only) - */ - public function backtrace() - { - if (function_exists('debug_backtrace')) { - return debug_backtrace(); - } else { - // poor man's hack ... but it does work ... - return array(); - } - } - - /** - * Logs a string in debug mode. - * - * @param $str the string to write - * - * @private - */ - public function log($str) - { - $indent_str = "."; - global $PHPCAS_DEBUG; - - if ($PHPCAS_DEBUG['filename']) { - for ($i = 0; $i < $PHPCAS_DEBUG['indent']; $i++) { - $indent_str .= '| '; - } - error_log($PHPCAS_DEBUG['unique_id'].' '.$indent_str.$str."\n", 3, $PHPCAS_DEBUG['filename']); - } - - } - - /** - * This method is used by interface methods to print an error and where the function - * was originally called from. - * - * @param $msg the message to print - * - * @private - */ - public function error($msg) - { - $dbg = self::backtrace(); - $function = '?'; - $file = '?'; - $line = '?'; - if (is_array($dbg)) { - for ($i = 1; $i < sizeof($dbg); $i++) { - if (is_array($dbg[$i])) { - if ($dbg[$i]['class'] == __CLASS__) { - $function = $dbg[$i]['function']; - $file = $dbg[$i]['file']; - $line = $dbg[$i]['line']; - } - } - } - } - echo "
\nphpCAS error: ".__CLASS__."::".$function.'(): '.htmlentities($msg)." in ".$file." on line ".$line."
\n"; - self::trace($msg); - self::traceExit(); - exit (); - } - - /** - * This method is used to log something in debug mode. - */ - public function trace($str) - { - $dbg = self::backtrace(); - self::log($str.' ['.basename($dbg[1]['file']).':'.$dbg[1]['line'].']'); - } - - /** - * This method is used to indicate the start of the execution of a function in debug mode. - */ - public function traceBegin() - { - global $PHPCAS_DEBUG; - - $dbg = self::backtrace(); - $str = '=> '; - if (!empty ($dbg[2]['class'])) { - $str .= $dbg[2]['class'].'::'; - } - $str .= $dbg[2]['function'].'('; - if (is_array($dbg[2]['args'])) { - foreach ($dbg[2]['args'] as $index => $arg) { - if ($index != 0) { - $str .= ', '; - } - $str .= str_replace("\n", "", var_export($arg, true)); - } - } - $str .= ') ['.basename($dbg[2]['file']).':'.$dbg[2]['line'].']'; - self::log($str); - $PHPCAS_DEBUG['indent']++; - } - - /** - * This method is used to indicate the end of the execution of a function in debug mode. - * - * @param string $res The result of the function - */ - public function traceEnd($res = '') - { - global $PHPCAS_DEBUG; - - $PHPCAS_DEBUG['indent']--; - $dbg = self::backtrace(); - $str = ''; - $str .= '<= '.str_replace("\n", "", var_export($res, true)); - self::log($str); - } - - /** - * This method is used to indicate the end of the execution of the program - */ - public function traceExit() - { - global $PHPCAS_DEBUG; - - self::log('exit()'); - while ($PHPCAS_DEBUG['indent'] > 0) { - self::log('-'); - $PHPCAS_DEBUG['indent']--; - } - } - - /** @} */ - // ######################################################################## - // INTERNATIONALIZATION - // ######################################################################## - /** - * @addtogroup publicLang - * @{ - */ - - /** - * This method is used to set the language used by phpCAS. - * @note Can be called only once. - * - * @param $lang a string representing the language. - * - * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH - */ - public function setLang($lang) - { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - if (gettype($lang) != 'string') { - self::error('type mismatched for parameter $lang (should be `string\')'); - } - $PHPCAS_CLIENT->setLang($lang); - } - - /** @} */ - // ######################################################################## - // VERSION - // ######################################################################## - /** - * @addtogroup public - * @{ - */ - - /** - * This method returns the phpCAS version. - * - * @return the phpCAS version. - */ - public function getVersion() - { - return PHPCAS_VERSION; - } - - /** @} */ - // ######################################################################## - // HTML OUTPUT - // ######################################################################## - /** - * @addtogroup publicOutput - * @{ - */ - - /** - * This method sets the HTML header used for all outputs. - * - * @param $header the HTML header. - */ - public function setHTMLHeader($header) - { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - if (gettype($header) != 'string') { - self::error('type mismatched for parameter $header (should be `string\')'); - } - $PHPCAS_CLIENT->setHTMLHeader($header); - } - - /** - * This method sets the HTML footer used for all outputs. - * - * @param $footer the HTML footer. - */ - public function setHTMLFooter($footer) - { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - if (gettype($footer) != 'string') { - self::error('type mismatched for parameter $footer (should be `string\')'); - } - $PHPCAS_CLIENT->setHTMLFooter($footer); - } - - /** @} */ - // ######################################################################## - // PGT STORAGE - // ######################################################################## - /** - * @addtogroup publicPGTStorage - * @{ - */ - - /** - * This method is used to tell phpCAS to store the response of the - * CAS server to PGT requests onto the filesystem. - * - * @param string $format the format used to store the PGT's (`plain' and `xml' allowed) - * @param string $path the path where the PGT's should be stored - */ - public function setPGTStorageFile($format = '', $path = '') - { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if (!$PHPCAS_CLIENT->isProxy()) { - self::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if ($PHPCAS_AUTH_CHECK_CALL['done']) { - self::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')'); - } - if (gettype($format) != 'string') { - self::error('type mismatched for parameter $format (should be `string\')'); - } - if (gettype($path) != 'string') { - self::error('type mismatched for parameter $format (should be `string\')'); - } - $PHPCAS_CLIENT->setPGTStorageFile($format, $path); - self::traceEnd(); - } - - /** - * This method is used to tell phpCAS to store the response of the - * CAS server to PGT requests into a database. - * @note The connection to the database is done only when needed. - * As a consequence, bad parameters are detected only when - * initializing PGT storage, except in debug mode. - * - * @param $user the user to access the data with - * @param $password the user's password - * @param $database_type the type of the database hosting the data - * @param $hostname the server hosting the database - * @param $port the port the server is listening on - * @param $database the name of the database - * @param $table the name of the table storing the data - */ - public function setPGTStorageDB( - $user, - $password, - $database_type = '', - $hostname = '', - $port = 0, - $database = '', - $table = '' - ) { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if (!$PHPCAS_CLIENT->isProxy()) { - self::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if ($PHPCAS_AUTH_CHECK_CALL['done']) { - self::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')'); - } - if (gettype($user) != 'string') { - self::error('type mismatched for parameter $user (should be `string\')'); - } - if (gettype($password) != 'string') { - self::error('type mismatched for parameter $password (should be `string\')'); - } - if (gettype($database_type) != 'string') { - self::error('type mismatched for parameter $database_type (should be `string\')'); - } - if (gettype($hostname) != 'string') { - self::error('type mismatched for parameter $hostname (should be `string\')'); - } - if (gettype($port) != 'integer') { - self::error('type mismatched for parameter $port (should be `integer\')'); - } - if (gettype($database) != 'string') { - self::error('type mismatched for parameter $database (should be `string\')'); - } - if (gettype($table) != 'string') { - self::error('type mismatched for parameter $table (should be `string\')'); - } - $PHPCAS_CLIENT->setPGTStorageDB($user, $password, $database_type, $hostname, $port, $database, $table); - self::traceEnd(); - } - - /** @} */ - // ######################################################################## - // ACCESS TO EXTERNAL SERVICES - // ######################################################################## - /** - * @addtogroup publicServices - * @{ - */ - - /** - * This method is used to access an HTTP[S] service. - * - * @param $url the service to access. - * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on - * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, - * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE. - * @param $output the output of the service (also used to give an error - * message on failure). - * - * @return TRUE on success, FALSE otherwise (in this later case, $err_code - * gives the reason why it failed and $output contains an error message). - */ - public function serviceWeb($url, & $err_code, & $output) - { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if (!$PHPCAS_CLIENT->isProxy()) { - self::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if (!$PHPCAS_AUTH_CHECK_CALL['done']) { - self::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()'); - } - if (!$PHPCAS_AUTH_CHECK_CALL['result']) { - self::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE'); - } - if (gettype($url) != 'string') { - self::error('type mismatched for parameter $url (should be `string\')'); - } - - $res = $PHPCAS_CLIENT->serviceWeb($url, $err_code, $output); - - self::traceEnd($res); - return $res; - } - - /** - * This method is used to access an IMAP/POP3/NNTP service. - * - * @param $url a string giving the URL of the service, including the mailing box - * for IMAP URLs, as accepted by imap_open(). - * @param $service a string giving for CAS retrieve Proxy ticket - * @param $flags options given to imap_open(). - * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on - * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, - * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE. - * @param $err_msg an error message on failure - * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL - * on success, FALSE on error). - * - * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code - * gives the reason why it failed and $err_msg contains an error message). - */ - public function serviceMail($url, $service, $flags, & $err_code, & $err_msg, & $pt) - { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if (!$PHPCAS_CLIENT->isProxy()) { - self::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if (!$PHPCAS_AUTH_CHECK_CALL['done']) { - self::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()'); - } - if (!$PHPCAS_AUTH_CHECK_CALL['result']) { - self::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE'); - } - if (gettype($url) != 'string') { - self::error('type mismatched for parameter $url (should be `string\')'); - } - - if (gettype($flags) != 'integer') { - self::error('type mismatched for parameter $flags (should be `integer\')'); - } - - $res = $PHPCAS_CLIENT->serviceMail($url, $service, $flags, $err_code, $err_msg, $pt); - - self::traceEnd($res); - return $res; - } - - /** @} */ - // ######################################################################## - // AUTHENTICATION - // ######################################################################## - /** - * @addtogroup publicAuth - * @{ - */ - - /** - * Set the times authentication will be cached before really accessing the CAS server in gateway mode: - * - -1: check only once, and then never again (until you pree login) - * - 0: always check - * - n: check every "n" time - * - * @param $n an integer. - */ - public function setCacheTimesForAuthRecheck($n) - { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - if (gettype($n) != 'integer') { - self::error('type mismatched for parameter $header (should be `string\')'); - } - $PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n); - } - - /** - * This method is called to check if the user is authenticated (use the gateway feature). - * @return TRUE when the user is authenticated; otherwise FALSE. - */ - public function checkAuthentication() - { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - - $auth = $PHPCAS_CLIENT->checkAuthentication(); - - // store where the authentication has been checked and the result - $dbg = self::backtrace(); - $PHPCAS_AUTH_CHECK_CALL = array( - 'done' => true, - 'file' => $dbg[0]['file'], - 'line' => $dbg[0]['line'], - 'method' => __CLASS__.'::'.__FUNCTION__, - 'result' => $auth - ); - self::traceEnd($auth); - return $auth; - } - - /** - * This method is called to force authentication if the user was not already - * authenticated. If the user is not authenticated, halt by redirecting to - * the CAS server. - */ - public function forceAuthentication() - { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - - $auth = $PHPCAS_CLIENT->forceAuthentication(); - - // store where the authentication has been checked and the result - $dbg = self::backtrace(); - $PHPCAS_AUTH_CHECK_CALL = array( - 'done' => true, - 'file' => $dbg[0]['file'], - 'line' => $dbg[0]['line'], - 'method' => __CLASS__.'::'.__FUNCTION__, - 'result' => $auth - ); - - if (!$auth) { - self::trace('user is not authenticated, redirecting to the CAS server'); - $PHPCAS_CLIENT->forceAuthentication(); - } else { - self::trace('no need to authenticate (user `'.self::getUser().'\' is already authenticated)'); - } - - self::traceEnd(); - return $auth; - } - - /** - * This method is called to renew the authentication. - **/ - public function renewAuthentication() - { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should not be called before'.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - - // store where the authentication has been checked and the result - $dbg = self::backtrace(); - $PHPCAS_AUTH_CHECK_CALL = array( - 'done' => true, - 'file' => $dbg[0]['file'], - 'line' => $dbg[0]['line'], - 'method' => __CLASS__.'::'.__FUNCTION__, - 'result' => $auth - ); - - $PHPCAS_CLIENT->renewAuthentication(); - self::traceEnd(); - } - - /** - * This method has been left from version 0.4.1 for compatibility reasons. - */ - public function authenticate() - { - self::error('this method is deprecated. You should use '.__CLASS__.'::forceAuthentication() instead'); - } - - /** - * This method is called to check if the user is authenticated (previously or by - * tickets given in the URL). - * - * @return TRUE when the user is authenticated. - */ - public function isAuthenticated() - { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - - // call the isAuthenticated method of the global $PHPCAS_CLIENT object - $auth = $PHPCAS_CLIENT->isAuthenticated(); - - // store where the authentication has been checked and the result - $dbg = self::backtrace(); - $PHPCAS_AUTH_CHECK_CALL = array( - 'done' => true, - 'file' => $dbg[0]['file'], - 'line' => $dbg[0]['line'], - 'method' => __CLASS__.'::'.__FUNCTION__, - 'result' => $auth - ); - self::traceEnd($auth); - return $auth; - } - - /** - * Checks whether authenticated based on $_SESSION. Useful to avoid - * server calls. - * @return true if authenticated, false otherwise. - * @since 0.4.22 by Brendan Arnold - */ - public function isSessionAuthenticated() - { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - return ($PHPCAS_CLIENT->isSessionAuthenticated()); - } - - /** - * This method returns the CAS user's login name. - * @warning should not be called only after phpCAS::forceAuthentication() - * or phpCAS::checkAuthentication(). - * - * @return the login name of the authenticated user - */ - public function getUser() - { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - if (!$PHPCAS_AUTH_CHECK_CALL['done']) { - self::error('this method should only be called after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'); - } - if (!$PHPCAS_AUTH_CHECK_CALL['result']) { - self::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE'); - } - return $PHPCAS_CLIENT->getUser(); - } - - /** - * This method returns the CAS user's login name. - * @warning should not be called only after phpCAS::forceAuthentication() - * or phpCAS::checkAuthentication(). - * - * @return the login name of the authenticated user - */ - public function getAttributes() - { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - if (!$PHPCAS_AUTH_CHECK_CALL['done']) { - self::error('this method should only be called after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'); - } - if (!$PHPCAS_AUTH_CHECK_CALL['result']) { - self::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE'); - } - return $PHPCAS_CLIENT->getAttributes(); - } - - /** - * Handle logout requests. - */ - public function handleLogoutRequests($check_client = true, $allowed_clients = false) - { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - return ($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients)); - } - - /** - * This method returns the URL to be used to login. - * or phpCAS::isAuthenticated(). - * - * @return the login name of the authenticated user - */ - public function getServerLoginURL() - { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - return $PHPCAS_CLIENT->getServerLoginURL(); - } - - /** - * Set the login URL of the CAS server. - * @param string $url the login URL - * @since 0.4.21 by Wyman Chan - */ - public function setServerLoginURL($url = '') - { - global $PHPCAS_CLIENT; - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after - ' . __CLASS__.'::client()'); - } - if (gettype($url) != 'string') { - self::error('type mismatched for parameter $url (should be - `string\')'); - } - $PHPCAS_CLIENT->setServerLoginURL($url); - self::traceEnd(); - } - - /** - * Set the serviceValidate URL of the CAS server. - * Used only in CAS 1.0 validations - * @param string $url the serviceValidate URL - * @since 1.1.0 by Joachim Fritschi - */ - public function setServerServiceValidateURL($url = '') - { - global $PHPCAS_CLIENT; - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after - ' . __CLASS__.'::client()'); - } - if (gettype($url) != 'string') { - self::error('type mismatched for parameter $url (should be - `string\')'); - } - $PHPCAS_CLIENT->setServerServiceValidateURL($url); - self::traceEnd(); - } - - /** - * Set the proxyValidate URL of the CAS server. - * Used for all CAS 2.0 validations - * @param string $url the proxyValidate URL - * @since 1.1.0 by Joachim Fritschi - */ - public function setServerProxyValidateURL($url = '') - { - global $PHPCAS_CLIENT; - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after - ' . __CLASS__.'::client()'); - } - if (gettype($url) != 'string') { - self::error('type mismatched for parameter $url (should be - `string\')'); - } - $PHPCAS_CLIENT->setServerProxyValidateURL($url); - self::traceEnd(); - } - - /** - * Set the samlValidate URL of the CAS server. - * @param string $url the samlValidate URL - * @since 1.1.0 by Joachim Fritschi - */ - public function setServerSamlValidateURL($url = '') - { - global $PHPCAS_CLIENT; - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after - ' . __CLASS__.'::client()'); - } - if (gettype($url) != 'string') { - self::error('type mismatched for parameter $url (should be - `string\')'); - } - $PHPCAS_CLIENT->setServerSamlValidateURL($url); - self::traceEnd(); - } - - /** - * This method returns the URL to be used to login. - * or phpCAS::isAuthenticated(). - * - * @return the login name of the authenticated user - */ - public function getServerLogoutURL() - { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - return $PHPCAS_CLIENT->getServerLogoutURL(); - } - - /** - * Set the logout URL of the CAS server. - * @param string $url the logout URL - * @since 0.4.21 by Wyman Chan - */ - public function setServerLogoutURL($url = '') - { - global $PHPCAS_CLIENT; - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after - ' . __CLASS__.'::client()'); - } - if (gettype($url) != 'string') { - self::error('type mismatched for parameter $url (should be - `string\')'); - } - $PHPCAS_CLIENT->setServerLogoutURL($url); - self::traceEnd(); - } - - /** - * This method is used to logout from CAS. - * @params string $params an array that contains the optional url and service parameters that will be passed to the CAS server - * @public - */ - public function logout($params = "") - { - global $PHPCAS_CLIENT; - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - $parsedParams = array(); - if ($params != "") { - if (is_string($params)) { - self::error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead'); - } - if (!is_array($params)) { - self::error('type mismatched for parameter $params (should be `array\')'); - } - foreach ($params as $key => $value) { - if ($key != "service" && $key != "url") { - self::error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\''); - } - $parsedParams[$key] = $value; - } - } - $PHPCAS_CLIENT->logout($parsedParams); - // never reached - self::traceEnd(); - } - - /** - * This method is used to logout from CAS. Halts by redirecting to the CAS server. - * @param string $service a URL that will be transmitted to the CAS server - */ - public function logoutWithRedirectService($service) - { - global $PHPCAS_CLIENT; - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - if (!is_string($service)) { - self::error('type mismatched for parameter $service (should be `string\')'); - } - $PHPCAS_CLIENT->logout(array( - "service" => $service - )); - // never reached - self::traceEnd(); - } - - /** - * This method is used to logout from CAS. Halts by redirecting to the CAS server. - * @param string $url a URL that will be transmitted to the CAS server - */ - public function logoutWithUrl($url) - { - global $PHPCAS_CLIENT; - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - if (!is_string($url)) { - self::error('type mismatched for parameter $url (should be `string\')'); - } - $PHPCAS_CLIENT->logout(array( - "url" => $url - )); - // never reached - self::traceEnd(); - } - - /** - * This method is used to logout from CAS. Halts by redirecting to the CAS server. - * @param string $service a URL that will be transmitted to the CAS server - * @param string $url a URL that will be transmitted to the CAS server - */ - public function logoutWithRedirectServiceAndUrl($service, $url) - { - global $PHPCAS_CLIENT; - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - if (!is_string($service)) { - self::error('type mismatched for parameter $service (should be `string\')'); - } - if (!is_string($url)) { - self::error('type mismatched for parameter $url (should be `string\')'); - } - $PHPCAS_CLIENT->logout(array( - "service" => $service, - "url" => $url - )); - // never reached - self::traceEnd(); - } - - /** - * Set the fixed URL that will be used by the CAS server to transmit the PGT. - * When this method is not called, a phpCAS script uses its own URL for the callback. - * - * @param string $url the URL - */ - public function setFixedCallbackURL($url = '') - { - global $PHPCAS_CLIENT; - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if (!$PHPCAS_CLIENT->isProxy()) { - self::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if (gettype($url) != 'string') { - self::error('type mismatched for parameter $url (should be `string\')'); - } - $PHPCAS_CLIENT->setCallbackURL($url); - self::traceEnd(); - } - - /** - * Set the fixed URL that will be set as the CAS service parameter. When this - * method is not called, a phpCAS script uses its own URL. - * - * @param string $url the URL - */ - public function setFixedServiceURL($url) - { - global $PHPCAS_CLIENT; - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if (gettype($url) != 'string') { - self::error('type mismatched for parameter $url (should be `string\')'); - } - $PHPCAS_CLIENT->setURL($url); - self::traceEnd(); - } - - /** - * Get the URL that is set as the CAS service parameter. - */ - public function getServiceURL() - { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - return ($PHPCAS_CLIENT->getURL()); - } - - /** - * Retrieve a Proxy Ticket from the CAS server. - */ - public function retrievePT($target_service, & $err_code, & $err_msg) - { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if (gettype($target_service) != 'string') { - self::error('type mismatched for parameter $target_service(should be `string\')'); - } - return ($PHPCAS_CLIENT->retrievePT($target_service, $err_code, $err_msg)); - } - - /** - * Set the certificate of the CAS server. - * - * @param $cert the PEM certificate - */ - public function setCasServerCert($cert) - { - global $PHPCAS_CLIENT; - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - if (gettype($cert) != 'string') { - self::error('type mismatched for parameter $cert (should be `string\')'); - } - $PHPCAS_CLIENT->setCasServerCert($cert); - self::traceEnd(); - } - - /** - * Set the certificate of the CAS server CA. - * - * @param $cert the CA certificate - */ - public function setCasServerCACert($cert) - { - global $PHPCAS_CLIENT; - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - if (gettype($cert) != 'string') { - self::error('type mismatched for parameter $cert (should be `string\')'); - } - $PHPCAS_CLIENT->setCasServerCACert($cert); - self::traceEnd(); - } - - /** - * Set no SSL validation for the CAS server. - */ - public function setNoCasServerValidation() - { - global $PHPCAS_CLIENT; - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - $PHPCAS_CLIENT->setNoCasServerValidation(); - self::traceEnd(); - } - - /** @} */ - - /** - * Change CURL options. - * CURL is used to connect through HTTPS to CAS server - * @param string $key the option key - * @param string $value the value to set - */ - public function setExtraCurlOption($key, $value) - { - global $PHPCAS_CLIENT; - self::traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { - self::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - $PHPCAS_CLIENT->setExtraCurlOption($key, $value); - self::traceEnd(); - } - -} - -// ######################################################################## -// DOCUMENTATION -// ######################################################################## - -// ######################################################################## -// MAIN PAGE - -/** - * @mainpage - * - * The following pages only show the source documentation. - * - */ - -// ######################################################################## -// MODULES DEFINITION - -/** @defgroup public User interface */ - -/** @defgroup publicInit Initialization - * @ingroup public - */ - -/** @defgroup publicAuth Authentication - * @ingroup public - */ - -/** @defgroup publicServices Access to external services - * @ingroup public - */ - -/** @defgroup publicConfig Configuration - * @ingroup public - */ - -/** @defgroup publicLang Internationalization - * @ingroup publicConfig - */ - -/** @defgroup publicOutput HTML output - * @ingroup publicConfig - */ - -/** @defgroup publicPGTStorage PGT storage - * @ingroup publicConfig - */ - -/** @defgroup publicDebug Debugging - * @ingroup public - */ - -/** @defgroup internal Implementation */ - -/** @defgroup internalAuthentication Authentication - * @ingroup internal - */ - -/** @defgroup internalBasic CAS Basic client features (CAS 1.0, Service Tickets) - * @ingroup internal - */ - -/** @defgroup internalProxy CAS Proxy features (CAS 2.0, Proxy Granting Tickets) - * @ingroup internal - */ - -/** @defgroup internalPGTStorage PGT storage - * @ingroup internalProxy - */ - -/** @defgroup internalPGTStorageDB PGT storage in a database - * @ingroup internalPGTStorage - */ - -/** @defgroup internalPGTStorageFile PGT storage on the filesystem - * @ingroup internalPGTStorage - */ - -/** @defgroup internalCallback Callback from the CAS server - * @ingroup internalProxy - */ - -/** @defgroup internalProxied CAS proxied client features (CAS 2.0, Proxy Tickets) - * @ingroup internal - */ - -/** @defgroup internalConfig Configuration - * @ingroup internal - */ - -/** @defgroup internalOutput HTML output - * @ingroup internalConfig - */ - -/** @defgroup internalLang Internationalization - * @ingroup internalConfig - * - * To add a new language: - * - 1. define a new constant PHPCAS_LANG_XXXXXX in CAS/CAS.php - * - 2. copy any file from CAS/languages to CAS/languages/XXXXXX.php - * - 3. Make the translations - */ - -/** @defgroup internalDebug Debugging - * @ingroup internal - */ - -/** @defgroup internalMisc Miscellaneous - * @ingroup internal - */ - -// ######################################################################## -// EXAMPLES - -/** - * @example example_simple.php - */ -/** - * @example example_proxy.php - */ -/** - * @example example_proxy2.php - */ -/** - * @example example_lang.php - */ -/** - * @example example_html.php - */ -/** - * @example example_file.php - */ -/** - * @example example_db.php - */ -/** - * @example example_service.php - */ -/** - * @example example_session_proxy.php - */ -/** - * @example example_session_service.php - */ -/** - * @example example_gateway.php - */ -/** - * @example example_custom_urls.php - */ diff --git a/main/auth/cas/lib/CAS/PGTStorage/pgt-db.php b/main/auth/cas/lib/CAS/PGTStorage/pgt-db.php deleted file mode 100755 index acf3eeb757..0000000000 --- a/main/auth/cas/lib/CAS/PGTStorage/pgt-db.php +++ /dev/null @@ -1,219 +0,0 @@ - - * - * @ingroup internalPGTStorageDB - */ - -class PGTStorageDB extends PGTStorage -{ - /** - * @addtogroup internalPGTStorageDB - * @{ - */ - - /** - * a string representing a PEAR DB URL to connect to the database. Written by - * PGTStorageDB::PGTStorageDB(), read by getURL(). - * - * @hideinitializer - * @private - */ - var $_url=''; - - /** - * This method returns the PEAR DB URL to use to connect to the database. - * - * @return string PEAR DB URL - * - * @private - */ - function getURL() - { - return $this->_url; - } - - /** - * The handle of the connection to the database where PGT's are stored. Written by - * PGTStorageDB::init(), read by getLink(). - * - * @hideinitializer - * @private - */ - var $_link = null; - - /** - * This method returns the handle of the connection to the database where PGT's are - * stored. - * - * @return a handle of connection. - * - * @private - */ - function getLink() - { - return $this->_link; - } - - /** - * The name of the table where PGT's are stored. Written by - * PGTStorageDB::PGTStorageDB(), read by getTable(). - * - * @hideinitializer - * @private - */ - var $_table = ''; - - /** - * This method returns the name of the table where PGT's are stored. - * - * @return string name of a table. - * - * @private - */ - function getTable() - { - return $this->_table; - } - - // ######################################################################## - // DEBUGGING - // ######################################################################## - - /** - * This method returns an informational string giving the type of storage - * used by the object (used for debugging purposes). - * - * @return string informational string. - * @public - */ - function getStorageType() - { - return "database"; - } - - /** - * This method returns an informational string giving informations on the - * parameters of the storage.(used for debugging purposes). - * - * @public - */ - function getStorageInfo() - { - return 'url=`'.$this->getURL().'\', table=`'.$this->getTable().'\''; - } - - // ######################################################################## - // CONSTRUCTOR - // ######################################################################## - - /** - * The class constructor, called by CASClient::SetPGTStorageDB(). - * - * @param CASClient $cas_parent the CASClient instance that creates the object. - * @param $user the user to access the data with - * @param $password the user's password - * @param $database_type the type of the database hosting the data - * @param $hostname the server hosting the database - * @param $port the port the server is listening on - * @param $database the name of the database - * @param $table the name of the table storing the data - * - * @public - */ - function PGTStorageDB($cas_parent,$user,$password,$database_type,$hostname,$port,$database,$table) - { - phpCAS::traceBegin(); - - // call the ancestor's constructor - $this->PGTStorage($cas_parent); - - if ( empty($database_type) ) $database_type = CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE; - if ( empty($hostname) ) $hostname = CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME; - if ( $port==0 ) $port = CAS_PGT_STORAGE_DB_DEFAULT_PORT; - if ( empty($database) ) $database = CAS_PGT_STORAGE_DB_DEFAULT_DATABASE; - if ( empty($table) ) $table = CAS_PGT_STORAGE_DB_DEFAULT_TABLE; - - // build and store the PEAR DB URL - $this->_url = $database_type.':'.'//'.$user.':'.$password.'@'.$hostname.':'.$port.'/'.$database; - - // XXX should use setURL and setTable - phpCAS::traceEnd(); - } - - // ######################################################################## - // INITIALIZATION - // ######################################################################## - - /** - * This method is used to initialize the storage. Halts on error. - * - * @public - */ - function init() - { - phpCAS::traceBegin(); - // if the storage has already been initialized, return immediatly - if ( $this->isInitialized() ) - return; - // call the ancestor's method (mark as initialized) - parent::init(); - - //include phpDB library (the test was introduced in release 0.4.8 for - //the integration into Tikiwiki). - if (!class_exists('DB')) { - include_once('DB.php'); - } - - // try to connect to the database - $this->_link = DB::connect($this->getURL()); - if ( DB::isError($this->_link) ) { - phpCAS::error('could not connect to database ('.DB::errorMessage($this->_link).')'); - } - // Dump into trace - var_dump($this->_link); - phpCAS::traceBEnd(); - } - - /** @} */ -} - -?> \ No newline at end of file diff --git a/main/auth/cas/lib/CAS/PGTStorage/pgt-file.php b/main/auth/cas/lib/CAS/PGTStorage/pgt-file.php deleted file mode 100755 index d12d12a316..0000000000 --- a/main/auth/cas/lib/CAS/PGTStorage/pgt-file.php +++ /dev/null @@ -1,276 +0,0 @@ - - * - * @ingroup internalPGTStorageFile - */ - -class PGTStorageFile extends PGTStorage -{ - /** - * @addtogroup internalPGTStorageFile - * @{ - */ - - /** - * a string telling where PGT's should be stored on the filesystem. Written by - * PGTStorageFile::PGTStorageFile(), read by getPath(). - * - * @private - */ - var $_path; - - /** - * This method returns the name of the directory where PGT's should be stored - * on the filesystem. - * - * @return the name of a directory (with leading and trailing '/') - * - * @private - */ - function getPath() - { - return $this->_path; - } - - /** - * a string telling the format to use to store PGT's (plain or xml). Written by - * PGTStorageFile::PGTStorageFile(), read by getFormat(). - * - * @private - */ - var $_format; - - /** - * This method returns the format to use when storing PGT's on the filesystem. - * - * @return a string corresponding to the format used (plain or xml). - * - * @private - */ - function getFormat() - { - return $this->_format; - } - - // ######################################################################## - // DEBUGGING - // ######################################################################## - - /** - * This method returns an informational string giving the type of storage - * used by the object (used for debugging purposes). - * - * @return string informational string. - * @public - */ - function getStorageType() - { - return "file"; - } - - /** - * This method returns an informational string giving informations on the - * parameters of the storage.(used for debugging purposes). - * - * @return string informational string. - * @public - */ - function getStorageInfo() - { - return 'path=`'.$this->getPath().'\', format=`'.$this->getFormat().'\''; - } - - // ######################################################################## - // CONSTRUCTOR - // ######################################################################## - - /** - * The class constructor, called by CASClient::SetPGTStorageFile(). - * - * @param CASClient $cas_parent the CASClient instance that creates the object. - * @param string $format the format used to store the PGT's (`plain' and `xml' allowed). - * @param string $path the path where the PGT's should be stored - * - * @public - */ - function PGTStorageFile($cas_parent,$format,$path) - { - phpCAS::traceBegin(); - // call the ancestor's constructor - $this->PGTStorage($cas_parent); - - if (empty($format) ) $format = CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT; - if (empty($path) ) $path = CAS_PGT_STORAGE_FILE_DEFAULT_PATH; - - // check that the path is an absolute path - if (getenv("OS")=="Windows_NT"){ - - if (!preg_match('`^[a-zA-Z]:`', $path)) { - phpCAS::error('an absolute path is needed for PGT storage to file'); - } - - } - else - { - - if ( $path[0] != '/' ) { - phpCAS::error('an absolute path is needed for PGT storage to file'); - } - - // store the path (with a leading and trailing '/') - $path = preg_replace('|[/]*$|','/',$path); - $path = preg_replace('|^[/]*|','/',$path); - } - - $this->_path = $path; - // check the format and store it - switch ($format) { - case CAS_PGT_STORAGE_FILE_FORMAT_PLAIN: - case CAS_PGT_STORAGE_FILE_FORMAT_XML: - $this->_format = $format; - break; - default: - phpCAS::error('unknown PGT file storage format (`'.CAS_PGT_STORAGE_FILE_FORMAT_PLAIN.'\' and `'.CAS_PGT_STORAGE_FILE_FORMAT_XML.'\' allowed)'); - } - phpCAS::traceEnd(); - } - - // ######################################################################## - // INITIALIZATION - // ######################################################################## - - /** - * This method is used to initialize the storage. Halts on error. - * - * @public - */ - function init() - { - phpCAS::traceBegin(); - // if the storage has already been initialized, return immediatly - if ( $this->isInitialized() ) - return; - // call the ancestor's method (mark as initialized) - parent::init(); - phpCAS::traceEnd(); - } - - // ######################################################################## - // PGT I/O - // ######################################################################## - - /** - * This method returns the filename corresponding to a PGT Iou. - * - * @param $pgt_iou the PGT iou. - * - * @return string filename - * @private - */ - function getPGTIouFilename($pgt_iou) - { - phpCAS::traceBegin(); - $filename = $this->getPath().$pgt_iou.'.'.$this->getFormat(); - phpCAS::traceEnd($filename); - return $filename; - } - - /** - * This method stores a PGT and its corresponding PGT Iou into a file. Echoes a - * warning on error. - * - * @param $pgt the PGT - * @param $pgt_iou the PGT iou - * - * @public - */ - function write($pgt,$pgt_iou) - { - phpCAS::traceBegin(); - $fname = $this->getPGTIouFilename($pgt_iou); - if ( $f=fopen($fname,"w") ) { - if ( fputs($f,$pgt) === FALSE ) { - phpCAS::error('could not write PGT to `'.$fname.'\''); - } - fclose($f); - } else { - phpCAS::error('could not open `'.$fname.'\''); - } - phpCAS::traceEnd(); - } - - /** - * This method reads a PGT corresponding to a PGT Iou and deletes the - * corresponding file. - * - * @param $pgt_iou the PGT iou - * - * @return false|string corresponding PGT, or FALSE on error - * - * @public - */ - function read($pgt_iou) - { - phpCAS::traceBegin(); - $pgt = FALSE; - $fname = $this->getPGTIouFilename($pgt_iou); - if ( !($f=fopen($fname,"r")) ) { - phpCAS::trace('could not open `'.$fname.'\''); - } else { - if ( ($pgt=fgets($f)) === FALSE ) { - phpCAS::trace('could not read PGT from `'.$fname.'\''); - } - fclose($f); - } - - // delete the PGT file - @unlink($fname); - - phpCAS::traceEnd($pgt); - return $pgt; - } - - /** @} */ - -} - - -?> \ No newline at end of file diff --git a/main/auth/cas/lib/CAS/PGTStorage/pgt-main.php b/main/auth/cas/lib/CAS/PGTStorage/pgt-main.php deleted file mode 100755 index a5106dee75..0000000000 --- a/main/auth/cas/lib/CAS/PGTStorage/pgt-main.php +++ /dev/null @@ -1,215 +0,0 @@ - - * - * @ingroup internalPGTStorage - */ - -class PGTStorage -{ - /** - * @addtogroup internalPGTStorage - * @{ - */ - - // ######################################################################## - // CONSTRUCTOR - // ######################################################################## - - /** - * The constructor of the class, should be called only by inherited classes. - * - * @param $cas_parent the CASclient instance that creates the current object. - * - * @protected - */ - function PGTStorage($cas_parent) - { - phpCAS::traceBegin(); - if ( !$cas_parent->isProxy() ) { - phpCAS::error('defining PGT storage makes no sense when not using a CAS proxy'); - } - phpCAS::traceEnd(); - } - - // ######################################################################## - // DEBUGGING - // ######################################################################## - - /** - * This virtual method returns an informational string giving the type of storage - * used by the object (used for debugging purposes). - * - * @public - */ - function getStorageType() - { - phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); - } - - /** - * This virtual method returns an informational string giving informations on the - * parameters of the storage.(used for debugging purposes). - * - * @public - */ - function getStorageInfo() - { - phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); - } - - // ######################################################################## - // ERROR HANDLING - // ######################################################################## - - /** - * string used to store an error message. Written by PGTStorage::setErrorMessage(), - * read by PGTStorage::getErrorMessage(). - * - * @hideinitializer - * @private - * @deprecated not used. - */ - var $_error_message=FALSE; - - /** - * This method sets en error message, which can be read later by - * PGTStorage::getErrorMessage(). - * - * @param $error_message an error message - * - * @protected - * @deprecated not used. - */ - function setErrorMessage($error_message) - { - $this->_error_message = $error_message; - } - - /** - * This method returns an error message set by PGTStorage::setErrorMessage(). - * - * @return boolean error message when set by PGTStorage::setErrorMessage(), FALSE - * otherwise. - * - * @public - * @deprecated not used. - */ - function getErrorMessage() - { - return $this->_error_message; - } - - // ######################################################################## - // INITIALIZATION - // ######################################################################## - - /** - * a boolean telling if the storage has already been initialized. Written by - * PGTStorage::init(), read by PGTStorage::isInitialized(). - * - * @hideinitializer - * @private - */ - var $_initialized = FALSE; - - /** - * This method tells if the storage has already been intialized. - * - * @return boolean boolean - * - * @protected - */ - function isInitialized() - { - return $this->_initialized; - } - - /** - * This virtual method initializes the object. - * - * @protected - */ - function init() - { - $this->_initialized = TRUE; - } - - // ######################################################################## - // PGT I/O - // ######################################################################## - - /** - * This virtual method stores a PGT and its corresponding PGT Iuo. - * @note Should never be called. - * - * @param $pgt the PGT - * @param $pgt_iou the PGT iou - * - * @protected - */ - function write($pgt,$pgt_iou) - { - phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); - } - - /** - * This virtual method reads a PGT corresponding to a PGT Iou and deletes - * the corresponding storage entry. - * @note Should never be called. - * - * @param $pgt_iou the PGT iou - * - * @protected - */ - function read($pgt_iou) - { - phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); - } - - /** @} */ - -} - -// include specific PGT storage classes -include_once __DIR__.'/pgt-file.php'; -include_once __DIR__.'/pgt-db.php'; - -?> \ No newline at end of file diff --git a/main/auth/cas/lib/CAS/client.php b/main/auth/cas/lib/CAS/client.php deleted file mode 100755 index caf866b05b..0000000000 --- a/main/auth/cas/lib/CAS/client.php +++ /dev/null @@ -1,2774 +0,0 @@ - - */ -class CASClient -{ - - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - // XX XX - // XX CONFIGURATION XX - // XX XX - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - - // ######################################################################## - // HTML OUTPUT - // ######################################################################## - /** - * @addtogroup internalOutput - * @{ - */ - - /** - * This method filters a string by replacing special tokens by appropriate values - * and prints it. The corresponding tokens are taken into account: - * - __CAS_VERSION__ - * - __PHPCAS_VERSION__ - * - __SERVER_BASE_URL__ - * - * Used by CASClient::PrintHTMLHeader() and CASClient::printHTMLFooter(). - * - * @param $str the string to filter and output - * - * @private - */ - function HTMLFilterOutput($str) - { - $str = str_replace('__CAS_VERSION__', $this->getServerVersion(), $str); - $str = str_replace('__PHPCAS_VERSION__', phpCAS::getVersion(), $str); - $str = str_replace('__SERVER_BASE_URL__', $this->getServerBaseURL(), $str); - echo $str; - } - - /** - * A string used to print the header of HTML pages. Written by CASClient::setHTMLHeader(), - * read by CASClient::printHTMLHeader(). - * - * @hideinitializer - * @private - * @see CASClient::setHTMLHeader, CASClient::printHTMLHeader() - */ - var $_output_header = ''; - - /** - * This method prints the header of the HTML output (after filtering). If - * CASClient::setHTMLHeader() was not used, a default header is output. - * - * @param $title the title of the page - * - * @see HTMLFilterOutput() - * @private - */ - function printHTMLHeader($title) - { - $this->HTMLFilterOutput(str_replace('__TITLE__', - $title, - (empty($this->_output_header) - ? '__TITLE__

__TITLE__

' - : $this->_output_header) - ) - ); - } - - /** - * A string used to print the footer of HTML pages. Written by CASClient::setHTMLFooter(), - * read by printHTMLFooter(). - * - * @hideinitializer - * @private - * @see CASClient::setHTMLFooter, CASClient::printHTMLFooter() - */ - var $_output_footer = ''; - - /** - * This method prints the footer of the HTML output (after filtering). If - * CASClient::setHTMLFooter() was not used, a default footer is output. - * - * @see HTMLFilterOutput() - * @private - */ - function printHTMLFooter() - { - $this->HTMLFilterOutput(empty($this->_output_footer) - ? ('
phpCAS __PHPCAS_VERSION__ ' . $this->getString(CAS_STR_USING_SERVER) . ' __SERVER_BASE_URL__ (CAS __CAS_VERSION__)
') - : $this->_output_footer); - } - - /** - * This method set the HTML header used for all outputs. - * - * @param $header the HTML header. - * - * @public - */ - function setHTMLHeader($header) - { - $this->_output_header = $header; - } - - /** - * This method set the HTML footer used for all outputs. - * - * @param $footer the HTML footer. - * - * @public - */ - function setHTMLFooter($footer) - { - $this->_output_footer = $footer; - } - - /** @} */ - // ######################################################################## - // INTERNATIONALIZATION - // ######################################################################## - /** - * @addtogroup internalLang - * @{ - */ - /** - * A string corresponding to the language used by phpCAS. Written by - * CASClient::setLang(), read by CASClient::getLang(). - * @note debugging information is always in english (debug purposes only). - * - * @hideinitializer - * @private - * @sa CASClient::_strings, CASClient::getString() - */ - var $_lang = ''; - - /** - * This method returns the language used by phpCAS. - * - * @return a string representing the language - * - * @private - */ - function getLang() - { - if (empty($this->_lang)) { - $this->setLang(PHPCAS_LANG_DEFAULT); - } - return $this->_lang; - } - - /** - * array containing the strings used by phpCAS. Written by CASClient::setLang(), read by - * CASClient::getString() and used by CASClient::setLang(). - * - * @note This array is filled by instructions in CAS/languages/<$this->_lang>.php - * - * @private - * @see CASClient::_lang, CASClient::getString(), CASClient::setLang(), CASClient::getLang() - */ - var $_strings; - - /** - * This method returns a string depending on the language. - * - * @param $str the index of the string in $_string. - * - * @return the string corresponding to $index in $string. - * - * @private - */ - function getString($str) - { - // call CASclient::getLang() to be sure the language is initialized - $this->getLang(); - - if (!isset($this->_strings[$str])) { - trigger_error('string `' . $str . '\' not defined for language `' . $this->getLang() . '\'', E_USER_ERROR); - } - return $this->_strings[$str]; - } - - /** - * This method is used to set the language used by phpCAS. - * @note Can be called only once. - * - * @param $lang a string representing the language. - * - * @public - * @sa CAS_LANG_FRENCH, CAS_LANG_ENGLISH - */ - function setLang($lang) - { - // include the corresponding language file - include_once __DIR__.'/languages/'.$lang.'.php'; - - if (!is_array($this->_strings)) { - trigger_error('language `'.$lang.'\' is not implemented', E_USER_ERROR); - } - $this->_lang = $lang; - } - - /** @} */ - // ######################################################################## - // CAS SERVER CONFIG - // ######################################################################## - /** - * @addtogroup internalConfig - * @{ - */ - - /** - * a record to store information about the CAS server. - * - $_server["version"]: the version of the CAS server - * - $_server["hostname"]: the hostname of the CAS server - * - $_server["port"]: the port the CAS server is running on - * - $_server["uri"]: the base URI the CAS server is responding on - * - $_server["base_url"]: the base URL of the CAS server - * - $_server["login_url"]: the login URL of the CAS server - * - $_server["service_validate_url"]: the service validating URL of the CAS server - * - $_server["proxy_url"]: the proxy URL of the CAS server - * - $_server["proxy_validate_url"]: the proxy validating URL of the CAS server - * - $_server["logout_url"]: the logout URL of the CAS server - * - * $_server["version"], $_server["hostname"], $_server["port"] and $_server["uri"] - * are written by CASClient::CASClient(), read by CASClient::getServerVersion(), - * CASClient::getServerHostname(), CASClient::getServerPort() and CASClient::getServerURI(). - * - * The other fields are written and read by CASClient::getServerBaseURL(), - * CASClient::getServerLoginURL(), CASClient::getServerServiceValidateURL(), - * CASClient::getServerProxyValidateURL() and CASClient::getServerLogoutURL(). - * - * @hideinitializer - * @private - */ - var $_server = array( - 'version' => -1, - 'hostname' => 'none', - 'port' => -1, - 'uri' => 'none' - ); - - /** - * This method is used to retrieve the version of the CAS server. - * @return the version of the CAS server. - * @private - */ - function getServerVersion() - { - return $this->_server['version']; - } - - /** - * This method is used to retrieve the hostname of the CAS server. - * @return the hostname of the CAS server. - * @private - */ - function getServerHostname() - { - return $this->_server['hostname']; - } - - /** - * This method is used to retrieve the port of the CAS server. - * @return the port of the CAS server. - * @private - */ - function getServerPort() - { - return $this->_server['port']; - } - - /** - * This method is used to retrieve the URI of the CAS server. - * @return a URI. - * @private - */ - function getServerURI() - { - return $this->_server['uri']; - } - - /** - * This method is used to retrieve the base URL of the CAS server. - * @return a URL. - * @private - */ - function getServerBaseURL() - { - // the URL is build only when needed - if (empty($this->_server['base_url'])) { - $this->_server['base_url'] = 'https://' - . $this->getServerHostname() - . ':' - . $this->getServerPort() - . $this->getServerURI(); - } - return $this->_server['base_url']; - } - - /** - * This method is used to retrieve the login URL of the CAS server. - * @param $gateway true to check authentication, false to force it - * @param $renew true to force the authentication with the CAS server - * NOTE : It is recommended that CAS implementations ignore the - * "gateway" parameter if "renew" is set - * @return a URL. - * @private - */ - function getServerLoginURL($gateway = false, $renew = false) - { - phpCAS::traceBegin(); - // the URL is build only when needed - if (empty($this->_server['login_url'])) { - $this->_server['login_url'] = $this->getServerBaseURL(); - $this->_server['login_url'] .= 'login?service='; - // $this->_server['login_url'] .= preg_replace('/&/','%26',$this->getURL()); - $this->_server['login_url'] .= urlencode($this->getURL()); - if ($renew) { - // It is recommended that when the "renew" parameter is set, its value be "true" - $this->_server['login_url'] .= '&renew=true'; - } elseif ($gateway) { - // It is recommended that when the "gateway" parameter is set, its value be "true" - $this->_server['login_url'] .= '&gateway=true'; - } - } - phpCAS::traceEnd($this->_server['login_url']); - return $this->_server['login_url']; - } - - /** - * This method sets the login URL of the CAS server. - * @param $url the login URL - * @private - * @since 0.4.21 by Wyman Chan - */ - function setServerLoginURL($url) - { - return $this->_server['login_url'] = $url; - } - - - /** - * This method sets the serviceValidate URL of the CAS server. - * @param $url the serviceValidate URL - * @private - * @since 1.1.0 by Joachim Fritschi - */ - function setServerServiceValidateURL($url) - { - return $this->_server['service_validate_url'] = $url; - } - - - /** - * This method sets the proxyValidate URL of the CAS server. - * @param $url the proxyValidate URL - * @private - * @since 1.1.0 by Joachim Fritschi - */ - function setServerProxyValidateURL($url) - { - return $this->_server['proxy_validate_url'] = $url; - } - - - /** - * This method sets the samlValidate URL of the CAS server. - * @param $url the samlValidate URL - * @private - * @since 1.1.0 by Joachim Fritschi - */ - function setServerSamlValidateURL($url) - { - return $this->_server['saml_validate_url'] = $url; - } - - - /** - * This method is used to retrieve the service validating URL of the CAS server. - * @return a URL. - * @private - */ - function getServerServiceValidateURL() - { - // the URL is build only when needed - if (empty($this->_server['service_validate_url'])) { - switch ($this->getServerVersion()) { - case CAS_VERSION_1_0: - $this->_server['service_validate_url'] = $this->getServerBaseURL() . 'validate'; - break; - case CAS_VERSION_2_0: - $this->_server['service_validate_url'] = $this->getServerBaseURL() . 'serviceValidate'; - break; - } - } - // return $this->_server['service_validate_url'].'?service='.preg_replace('/&/','%26',$this->getURL()); - return $this->_server['service_validate_url'] . '?service=' . urlencode($this->getURL()); - } - - /** - * This method is used to retrieve the SAML validating URL of the CAS server. - * @return a URL. - * @private - */ - function getServerSamlValidateURL() - { - phpCAS::traceBegin(); - // the URL is build only when needed - if (empty($this->_server['saml_validate_url'])) { - switch ($this->getServerVersion()) { - case SAML_VERSION_1_1: - $this->_server['saml_validate_url'] = $this->getServerBaseURL() . 'samlValidate'; - break; - } - } - phpCAS::traceEnd($this->_server['saml_validate_url'] . '?TARGET=' . urlencode($this->getURL())); - return $this->_server['saml_validate_url'] . '?TARGET=' . urlencode($this->getURL()); - } - - /** - * This method is used to retrieve the proxy validating URL of the CAS server. - * @return a URL. - * @private - */ - function getServerProxyValidateURL() - { - // the URL is build only when needed - if (empty($this->_server['proxy_validate_url'])) { - switch ($this->getServerVersion()) { - case CAS_VERSION_1_0: - $this->_server['proxy_validate_url'] = ''; - break; - case CAS_VERSION_2_0: - $this->_server['proxy_validate_url'] = $this->getServerBaseURL() . 'proxyValidate'; - break; - } - } - // return $this->_server['proxy_validate_url'].'?service='.preg_replace('/&/','%26',$this->getURL()); - return $this->_server['proxy_validate_url'] . '?service=' . urlencode($this->getURL()); - } - - /** - * This method is used to retrieve the proxy URL of the CAS server. - * @return a URL. - * @private - */ - function getServerProxyURL() - { - // the URL is build only when needed - if (empty($this->_server['proxy_url'])) { - switch ($this->getServerVersion()) { - case CAS_VERSION_1_0: - $this->_server['proxy_url'] = ''; - break; - case CAS_VERSION_2_0: - $this->_server['proxy_url'] = $this->getServerBaseURL() . 'proxy'; - break; - } - } - return $this->_server['proxy_url']; - } - - /** - * This method is used to retrieve the logout URL of the CAS server. - * @return a URL. - * @private - */ - function getServerLogoutURL() - { - // the URL is build only when needed - if (empty($this->_server['logout_url'])) { - $this->_server['logout_url'] = $this->getServerBaseURL() . 'logout'; - } - return $this->_server['logout_url']; - } - - /** - * This method sets the logout URL of the CAS server. - * @param $url the logout URL - * @private - * @since 0.4.21 by Wyman Chan - */ - function setServerLogoutURL($url) - { - return $this->_server['logout_url'] = $url; - } - - /** - * An array to store extra curl options. - */ - var $_curl_options = array(); - - /** - * This method is used to set additional user curl options. - */ - function setExtraCurlOption($key, $value) - { - $this->_curl_options[$key] = $value; - } - - /** - * This method checks to see if the request is secured via HTTPS - * @return true if https, false otherwise - * @private - */ - function isHttps() - { - //if ( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) ) { - //0.4.24 by Hinnack - if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { - return true; - } else { - return false; - } - } - - // ######################################################################## - // CONSTRUCTOR - // ######################################################################## - /** - * CASClient constructor. - * - * @param $server_version the version of the CAS server - * @param $proxy TRUE if the CAS client is a CAS proxy, FALSE otherwise - * @param $server_hostname the hostname of the CAS server - * @param $server_port the port the CAS server is running on - * @param $server_uri the URI the CAS server is responding on - * @param $start_session Have phpCAS start PHP sessions (default true) - * - * @return a newly created CASClient object - * - * @public - */ - function CASClient( - $server_version, - $proxy, - $server_hostname, - $server_port, - $server_uri, - $start_session = true - ) { - - phpCAS::traceBegin(); - - // the redirect header() call and DOM parsing code from domxml-php4-php5.php won't work in PHP4 compatibility mode - if (version_compare(PHP_VERSION, '5', '>=') && ini_get('zend.ze1_compatibility_mode')) { - phpCAS::error('phpCAS cannot support zend.ze1_compatibility_mode. Sorry.'); - } - // skip Session Handling for logout requests and if don't want it' - if ($start_session && !$this->isLogoutRequest()) { - phpCAS::trace("Starting session handling"); - // Check for Tickets from the CAS server - if (empty($_GET['ticket'])) { - phpCAS::trace("No ticket found"); - // only create a session if necessary - if (!session_id()) { - phpCAS::trace("No session found, creating new session"); - session_start(); - } - } else { - phpCAS::trace("Ticket found"); - // We have to copy any old data before renaming the session - if (session_id()) { - phpCAS::trace("Old active session found, saving old data and destroying session"); - $old_session = $_SESSION; - session_destroy(); - } else { - session_start(); - phpCAS::trace("Starting possible old session to copy variables"); - $old_session = $_SESSION; - session_destroy(); - } - // set up a new session, of name based on the ticket - $session_id = preg_replace('/[^\w]/', '', $_GET['ticket']); - phpCAS::LOG("Session ID: " . $session_id); - session_id($session_id); - session_start(); - // restore old session vars - if (isset($old_session)) { - phpCAS::trace("Restoring old session vars"); - $_SESSION = $old_session; - } - } - } else { - phpCAS::trace("Skipping session creation"); - } - - - // are we in proxy mode ? - $this->_proxy = $proxy; - - //check version - switch ($server_version) { - case CAS_VERSION_1_0: - if ($this->isProxy()) { - phpCAS::error('CAS proxies are not supported in CAS ' - . $server_version); - } - break; - case CAS_VERSION_2_0: - break; - case SAML_VERSION_1_1: - break; - default: - phpCAS::error('this version of CAS (`' - . $server_version - . '\') is not supported by phpCAS ' - . phpCAS::getVersion()); - } - $this->_server['version'] = $server_version; - - // check hostname - if (empty($server_hostname) - || !preg_match('/[\.\d\-abcdefghijklmnopqrstuvwxyz]*/', $server_hostname) - ) { - phpCAS::error('bad CAS server hostname (`' . $server_hostname . '\')'); - } - $this->_server['hostname'] = $server_hostname; - - // check port - if ($server_port == 0 - || !is_int($server_port) - ) { - phpCAS::error('bad CAS server port (`' . $server_hostname . '\')'); - } - $this->_server['port'] = $server_port; - - // check URI - if (!preg_match('/[\.\d\-_abcdefghijklmnopqrstuvwxyz\/]*/', $server_uri)) { - phpCAS::error('bad CAS server URI (`' . $server_uri . '\')'); - } - // add leading and trailing `/' and remove doubles - $server_uri = preg_replace('/\/\//', '/', '/' . $server_uri . '/'); - $this->_server['uri'] = $server_uri; - - // set to callback mode if PgtIou and PgtId CGI GET parameters are provided - if ($this->isProxy()) { - $this->setCallbackMode(!empty($_GET['pgtIou']) && !empty($_GET['pgtId'])); - } - - if ($this->isCallbackMode()) { - //callback mode: check that phpCAS is secured - if (!$this->isHttps()) { - phpCAS::error('CAS proxies must be secured to use phpCAS; PGT\'s will not be received from the CAS server'); - } - } else { - //normal mode: get ticket and remove it from CGI parameters for developpers - $ticket = (isset($_GET['ticket']) ? $_GET['ticket'] : null); - switch ($this->getServerVersion()) { - case CAS_VERSION_1_0: // check for a Service Ticket - if (preg_match('/^ST-/', $ticket)) { - phpCAS::trace('ST \'' . $ticket . '\' found'); - //ST present - $this->setST($ticket); - //ticket has been taken into account, unset it to hide it to applications - unset($_GET['ticket']); - } else { - if (!empty($ticket)) { - //ill-formed ticket, halt - phpCAS::error('ill-formed ticket found in the URL (ticket=`' . htmlentities($ticket) . '\')'); - } - } - break; - case CAS_VERSION_2_0: // check for a Service or Proxy Ticket - if (preg_match('/^[SP]T-/', $ticket)) { - phpCAS::trace('ST or PT \'' . $ticket . '\' found'); - $this->setPT($ticket); - unset($_GET['ticket']); - } else { - if (!empty($ticket)) { - //ill-formed ticket, halt - phpCAS::error('ill-formed ticket found in the URL (ticket=`' . htmlentities($ticket) . '\')'); - } - } - break; - case SAML_VERSION_1_1: // SAML just does Service Tickets - if (preg_match('/^[SP]T-/', $ticket)) { - phpCAS::trace('SA \'' . $ticket . '\' found'); - $this->setSA($ticket); - unset($_GET['ticket']); - } else { - if (!empty($ticket)) { - //ill-formed ticket, halt - phpCAS::error('ill-formed ticket found in the URL (ticket=`' . htmlentities($ticket) . '\')'); - } - } - break; - } - } - phpCAS::traceEnd(); - } - - /** @} */ - - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - // XX XX - // XX AUTHENTICATION XX - // XX XX - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - - /** - * @addtogroup internalAuthentication - * @{ - */ - - /** - * The Authenticated user. Written by CASClient::setUser(), read by CASClient::getUser(). - * @attention client applications should use phpCAS::getUser(). - * - * @hideinitializer - * @private - */ - var $_user = ''; - - /** - * This method sets the CAS user's login name. - * - * @param $user the login name of the authenticated user. - * - * @private - */ - function setUser($user) - { - $this->_user = $user; - } - - /** - * This method returns the CAS user's login name. - * @warning should be called only after CASClient::forceAuthentication() or - * CASClient::isAuthenticated(), otherwise halt with an error. - * - * @return the login name of the authenticated user - */ - function getUser() - { - if (empty($this->_user)) { - phpCAS::error('this method should be used only after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); - } - return $this->_user; - } - - - - /*********************************************************************************************************************** - * Atrributes section - * - * @author Matthias Crauwels , Ghent University, Belgium - * - ***********************************************************************************************************************/ - /** - * The Authenticated users attributes. Written by CASClient::setAttributes(), read by CASClient::getAttributes(). - * @attention client applications should use phpCAS::getAttributes(). - * - * @hideinitializer - * @private - */ - var $_attributes = array(); - - function setAttributes($attributes) - { - $this->_attributes = $attributes; - } - - function getAttributes() - { - if (empty($this->_user)) { // if no user is set, there shouldn't be any attributes also... - phpCAS::error('this method should be used only after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); - } - return $this->_attributes; - } - - function hasAttributes() - { - return !empty($this->_attributes); - } - - function hasAttribute($key) - { - return (is_array($this->_attributes) && array_key_exists($key, $this->_attributes)); - } - - function getAttribute($key) - { - if ($this->hasAttribute($key)) { - return $this->_attributes[$key]; - } - } - - /** - * This method is called to renew the authentication of the user - * If the user is authenticated, renew the connection - * If not, redirect to CAS - * @public - */ - function renewAuthentication() - { - phpCAS::traceBegin(); - // Either way, the user is authenticated by CAS - if (isset($_SESSION['phpCAS']['auth_checked'])) { - unset($_SESSION['phpCAS']['auth_checked']); - } - if ($this->isAuthenticated()) { - phpCAS::trace('user already authenticated; renew'); - $this->redirectToCas(false, true); - } else { - $this->redirectToCas(); - } - phpCAS::traceEnd(); - } - - /** - * This method is called to be sure that the user is authenticated. When not - * authenticated, halt by redirecting to the CAS server; otherwise return TRUE. - * @return TRUE when the user is authenticated; otherwise halt. - * @public - */ - function forceAuthentication() - { - phpCAS::traceBegin(); - - if ($this->isAuthenticated()) { - // the user is authenticated, nothing to be done. - phpCAS::trace('no need to authenticate'); - $res = true; - } else { - // the user is not authenticated, redirect to the CAS server - if (isset($_SESSION['phpCAS']['auth_checked'])) { - unset($_SESSION['phpCAS']['auth_checked']); - } - $this->redirectToCas(false/* no gateway */); - // never reached - $res = false; - } - phpCAS::traceEnd($res); - return $res; - } - - /** - * An integer that gives the number of times authentication will be cached before rechecked. - * - * @hideinitializer - * @private - */ - var $_cache_times_for_auth_recheck = 0; - - /** - * Set the number of times authentication will be cached before rechecked. - * - * @param $n an integer. - * - * @public - */ - function setCacheTimesForAuthRecheck($n) - { - $this->_cache_times_for_auth_recheck = $n; - } - - /** - * This method is called to check whether the user is authenticated or not. - * @return TRUE when the user is authenticated, FALSE otherwise. - * @public - */ - function checkAuthentication() - { - phpCAS::traceBegin(); - if ($this->isAuthenticated()) { - phpCAS::trace('user is authenticated'); - $res = true; - } else { - if (isset($_SESSION['phpCAS']['auth_checked'])) { - // the previous request has redirected the client to the CAS server with gateway=true - // comment line bellow to -// unset($_SESSION['phpCAS']['auth_checked']); - $res = false; - } else { -// $_SESSION['phpCAS']['auth_checked'] = true; - // $this->redirectToCas(TRUE/* gateway */); - // // never reached - // $res = FALSE; - // avoid a check against CAS on every request - if (!isset($_SESSION['phpCAS']['unauth_count'])) { - $_SESSION['phpCAS']['unauth_count'] = -2; - } // uninitialized - - if (($_SESSION['phpCAS']['unauth_count'] != -2 && $this->_cache_times_for_auth_recheck == -1) - || ($_SESSION['phpCAS']['unauth_count'] >= 0 && $_SESSION['phpCAS']['unauth_count'] < $this->_cache_times_for_auth_recheck) - ) { - $res = false; - - if ($this->_cache_times_for_auth_recheck != -1) { - $_SESSION['phpCAS']['unauth_count']++; - phpCAS::trace('user is not authenticated (cached for ' . $_SESSION['phpCAS']['unauth_count'] . ' times of ' . $this->_cache_times_for_auth_recheck . ')'); - } else { - phpCAS::trace('user is not authenticated (cached for until login pressed)'); - } - } else { - $_SESSION['phpCAS']['unauth_count'] = 0; - $_SESSION['phpCAS']['auth_checked'] = true; - phpCAS::trace('user is not authenticated (cache reset)'); - // $this->redirectToCas(TRUE/* gateway */); - // never reached - $res = false; - } - } - } - phpCAS::traceEnd($res); - return $res; - } - - /** - * This method is called to check if the user is authenticated (previously or by - * tickets given in the URL). - * - * @return TRUE when the user is authenticated. Also may redirect to the same URL without the ticket. - * - * @public - */ - function isAuthenticated() - { - phpCAS::traceBegin(); - $res = false; - $validate_url = ''; - - if ($this->wasPreviouslyAuthenticated()) { - // the user has already (previously during the session) been - // authenticated, nothing to be done. - phpCAS::trace('user was already authenticated, no need to look for tickets'); - $res = true; - } else { - if ($this->hasST()) { - // if a Service Ticket was given, validate it - phpCAS::trace('ST `' . $this->getST() . '\' is present'); - $this->validateST($validate_url, $text_response, $tree_response); // if it fails, it halts - phpCAS::trace('ST `' . $this->getST() . '\' was validated'); - if ($this->isProxy()) { - $this->validatePGT($validate_url, $text_response, $tree_response); // idem - phpCAS::trace('PGT `' . $this->getPGT() . '\' was validated'); - $_SESSION['phpCAS']['pgt'] = $this->getPGT(); - } - $_SESSION['phpCAS']['user'] = $this->getUser(); - $res = true; - } elseif ($this->hasPT()) { - // if a Proxy Ticket was given, validate it - phpCAS::trace('PT `' . $this->getPT() . '\' is present'); - $this->validatePT($validate_url, $text_response, $tree_response); // note: if it fails, it halts - phpCAS::trace('PT `' . $this->getPT() . '\' was validated'); - if ($this->isProxy()) { - $this->validatePGT($validate_url, $text_response, $tree_response); // idem - phpCAS::trace('PGT `' . $this->getPGT() . '\' was validated'); - $_SESSION['phpCAS']['pgt'] = $this->getPGT(); - } - $_SESSION['phpCAS']['user'] = $this->getUser(); - $res = true; - } elseif ($this->hasSA()) { - // if we have a SAML ticket, validate it. - phpCAS::trace('SA `' . $this->getSA() . '\' is present'); - $this->validateSA($validate_url, $text_response, $tree_response); // if it fails, it halts - phpCAS::trace('SA `' . $this->getSA() . '\' was validated'); - $_SESSION['phpCAS']['user'] = $this->getUser(); - $_SESSION['phpCAS']['attributes'] = $this->getAttributes(); - $res = true; - } else { - // no ticket given, not authenticated - phpCAS::trace('no ticket found'); - } - if ($res) { - // if called with a ticket parameter, we need to redirect to the app without the ticket so that CAS-ification is transparent to the browser (for later POSTS) - // most of the checks and errors should have been made now, so we're safe for redirect without masking error messages. - header('Location: ' . $this->getURL()); - phpCAS::log("Prepare redirect to : " . $this->getURL()); - } - } - - phpCAS::traceEnd($res); - return $res; - } - - /** - * This method tells if the current session is authenticated. - * @return true if authenticated based soley on $_SESSION variable - * @since 0.4.22 by Brendan Arnold - */ - function isSessionAuthenticated() - { - return !empty($_SESSION['phpCAS']['user']); - } - - /** - * This method tells if the user has already been (previously) authenticated - * by looking into the session variables. - * - * @note This function switches to callback mode when needed. - * - * @return TRUE when the user has already been authenticated; FALSE otherwise. - * - * @private - */ - function wasPreviouslyAuthenticated() - { - phpCAS::traceBegin(); - - if ($this->isCallbackMode()) { - $this->callback(); - } - - $auth = false; - - if ($this->isProxy()) { - // CAS proxy: username and PGT must be present - if ($this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt'])) { - // authentication already done - $this->setUser($_SESSION['phpCAS']['user']); - $this->setPGT($_SESSION['phpCAS']['pgt']); - phpCAS::trace('user = `' . $_SESSION['phpCAS']['user'] . '\', PGT = `' . $_SESSION['phpCAS']['pgt'] . '\''); - $auth = true; - } elseif ($this->isSessionAuthenticated() && empty($_SESSION['phpCAS']['pgt'])) { - // these two variables should be empty or not empty at the same time - phpCAS::trace('username found (`' . $_SESSION['phpCAS']['user'] . '\') but PGT is empty'); - // unset all tickets to enforce authentication - unset($_SESSION['phpCAS']); - $this->setST(''); - $this->setPT(''); - } elseif (!$this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt'])) { - // these two variables should be empty or not empty at the same time - phpCAS::trace('PGT found (`' . $_SESSION['phpCAS']['pgt'] . '\') but username is empty'); - // unset all tickets to enforce authentication - unset($_SESSION['phpCAS']); - $this->setST(''); - $this->setPT(''); - } else { - phpCAS::trace('neither user not PGT found'); - } - } else { - // `simple' CAS client (not a proxy): username must be present - if ($this->isSessionAuthenticated()) { - // authentication already done - $this->setUser($_SESSION['phpCAS']['user']); - if (isset($_SESSION['phpCAS']['attributes'])) { - $this->setAttributes($_SESSION['phpCAS']['attributes']); - } - phpCAS::trace('user = `' . $_SESSION['phpCAS']['user'] . '\''); - $auth = true; - } else { - phpCAS::trace('no user found'); - } - } - - phpCAS::traceEnd($auth); - return $auth; - } - - /** - * This method is used to redirect the client to the CAS server. - * It is used by CASClient::forceAuthentication() and CASClient::checkAuthentication(). - * @param $gateway true to check authentication, false to force it - * @param $renew true to force the authentication with the CAS server - * @public - */ - function redirectToCas($gateway = false, $renew = false) - { - phpCAS::traceBegin(); - $cas_url = $this->getServerLoginURL($gateway, $renew); - header('Location: ' . $cas_url); - phpCAS::log("Redirect to : " . $cas_url); - - $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_WANTED)); - - printf('

' . $this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED) . '

', $cas_url); - $this->printHTMLFooter(); - - phpCAS::traceExit(); - exit(); - } - - - /** - * This method is used to logout from CAS. - * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server - * @public - */ - function logout($params) - { - phpCAS::traceBegin(); - $cas_url = $this->getServerLogoutURL(); - $paramSeparator = '?'; - if (isset($params['url'])) { - $cas_url = $cas_url . $paramSeparator . "url=" . urlencode($params['url']); - $paramSeparator = '&'; - } - if (isset($params['service'])) { - $cas_url = $cas_url . $paramSeparator . "service=" . urlencode($params['service']); - } - header('Location: ' . $cas_url); - phpCAS::log("Prepare redirect to : " . $cas_url); - - session_unset(); - session_destroy(); - - $this->printHTMLHeader($this->getString(CAS_STR_LOGOUT)); - printf('

' . $this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED) . '

', $cas_url); - $this->printHTMLFooter(); - - phpCAS::traceExit(); - exit(); - } - - /** - * @return true if the current request is a logout request. - * @private - */ - function isLogoutRequest() - { - return !empty($_POST['logoutRequest']); - } - - /** - * @return true if a logout request is allowed. - * @private - */ - function isLogoutRequestAllowed() - { - } - - /** - * This method handles logout requests. - * @param $check_client true to check the client bofore handling the request, - * false not to perform any access control. True by default. - * @param $allowed_clients an array of host names allowed to send logout requests. - * By default, only the CAs server (declared in the constructor) will be allowed. - * @public - */ - function handleLogoutRequests($check_client = true, $allowed_clients = false) - { - phpCAS::traceBegin(); - if (!$this->isLogoutRequest()) { - phpCAS::log("Not a logout request"); - phpCAS::traceEnd(); - return; - } - phpCAS::log("Logout requested"); - phpCAS::log("SAML REQUEST: " . $_POST['logoutRequest']); - if ($check_client) { - if (!$allowed_clients) { - $allowed_clients = array($this->getServerHostname()); - } - $client_ip = $_SERVER['REMOTE_ADDR']; - $client = gethostbyaddr($client_ip); - phpCAS::log("Client: " . $client . "/" . $client_ip); - $allowed = false; - foreach ($allowed_clients as $allowed_client) { - if (($client == $allowed_client) or ($client_ip == $allowed_client)) { - phpCAS::log("Allowed client '" . $allowed_client . "' matches, logout request is allowed"); - $allowed = true; - break; - } else { - phpCAS::log("Allowed client '" . $allowed_client . "' does not match"); - } - } - if (!$allowed) { - phpCAS::error("Unauthorized logout request from client '" . $client . "'"); - printf("Unauthorized!"); - phpCAS::traceExit(); - exit(); - } - } else { - phpCAS::log("No access control set"); - } - // Extract the ticket from the SAML Request - preg_match("|(.*)|", $_POST['logoutRequest'], $tick, - PREG_OFFSET_CAPTURE, 3); - $wrappedSamlSessionIndex = preg_replace('||', '', $tick[0][0]); - $ticket2logout = preg_replace('||', '', $wrappedSamlSessionIndex); - phpCAS::log("Ticket to logout: " . $ticket2logout); - $session_id = preg_replace('/[^\w]/', '', $ticket2logout); - phpCAS::log("Session id: " . $session_id); - - // destroy a possible application session created before phpcas - if (session_id()) { - session_unset(); - session_destroy(); - } - // fix session ID - session_id($session_id); - $_COOKIE[session_name()] = $session_id; - $_GET[session_name()] = $session_id; - - // Overwrite session - session_start(); - session_unset(); - session_destroy(); - printf("Disconnected!"); - phpCAS::traceExit(); - exit(); - } - - /** @} */ - - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - // XX XX - // XX BASIC CLIENT FEATURES (CAS 1.0) XX - // XX XX - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - - // ######################################################################## - // ST - // ######################################################################## - /** - * @addtogroup internalBasic - * @{ - */ - - /** - * the Service Ticket provided in the URL of the request if present - * (empty otherwise). Written by CASClient::CASClient(), read by - * CASClient::getST() and CASClient::hasPGT(). - * - * @hideinitializer - * @private - */ - var $_st = ''; - - /** - * This method returns the Service Ticket provided in the URL of the request. - * @return The service ticket. - * @private - */ - function getST() - { - return $this->_st; - } - - /** - * This method stores the Service Ticket. - * @param $st The Service Ticket. - * @private - */ - function setST($st) - { - $this->_st = $st; - } - - /** - * This method tells if a Service Ticket was stored. - * @return TRUE if a Service Ticket has been stored. - * @private - */ - function hasST() - { - return !empty($this->_st); - } - - /** @} */ - - // ######################################################################## - // ST VALIDATION - // ######################################################################## - /** - * @addtogroup internalBasic - * @{ - */ - - /** - * the certificate of the CAS server. - * - * @hideinitializer - * @private - */ - var $_cas_server_cert = ''; - - /** - * the certificate of the CAS server CA. - * - * @hideinitializer - * @private - */ - var $_cas_server_ca_cert = ''; - - /** - * Set to true not to validate the CAS server. - * - * @hideinitializer - * @private - */ - var $_no_cas_server_validation = false; - - /** - * Set the certificate of the CAS server. - * - * @param $cert the PEM certificate - */ - function setCasServerCert($cert) - { - $this->_cas_server_cert = $cert; - } - - /** - * Set the CA certificate of the CAS server. - * - * @param $cert the PEM certificate of the CA that emited the cert of the server - */ - function setCasServerCACert($cert) - { - $this->_cas_server_ca_cert = $cert; - } - - /** - * Set no SSL validation for the CAS server. - */ - function setNoCasServerValidation() - { - $this->_no_cas_server_validation = true; - } - - /** - * This method is used to validate a ST; halt on failure, and sets $validate_url, - * $text_reponse and $tree_response on success. These parameters are used later - * by CASClient::validatePGT() for CAS proxies. - * Used for all CAS 1.0 validations - * @param $validate_url the URL of the request to the CAS server. - * @param $text_response the response of the CAS server, as is (XML text). - * @param $tree_response the response of the CAS server, as a DOM XML tree. - * - * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). - * - * @private - */ - function validateST($validate_url, &$text_response, &$tree_response) - { - phpCAS::traceBegin(); - // build the URL to validate the ticket - $validate_url = $this->getServerServiceValidateURL() . '&ticket=' . $this->getST(); - if ($this->isProxy()) { - // pass the callback url for CAS proxies - $validate_url .= '&pgtUrl=' . $this->getCallbackURL(); - } - - // open and read the URL - if (!$this->readURL($validate_url, ''/*cookies*/, $headers, $text_response, $err_msg)) { - phpCAS::trace('could not open URL \'' . $validate_url . '\' to validate (' . $err_msg . ')'); - $this->authError('ST not validated', - $validate_url, - true/*$no_response*/); - } - - // analyze the result depending on the version - switch ($this->getServerVersion()) { - case CAS_VERSION_1_0: - if (preg_match('/^no\n/', $text_response)) { - phpCAS::trace('ST has not been validated'); - $this->authError('ST not validated', - $validate_url, - false/*$no_response*/, - false/*$bad_response*/, - $text_response); - } - if (!preg_match('/^yes\n/', $text_response)) { - phpCAS::trace('ill-formed response'); - $this->authError('ST not validated', - $validate_url, - false/*$no_response*/, - true/*$bad_response*/, - $text_response); - } - // ST has been validated, extract the user name - $arr = preg_split('/\n/', $text_response); - $this->setUser(trim($arr[1])); - break; - case CAS_VERSION_2_0: - // read the response of the CAS server into a DOM object - if (!($dom = domxml_open_mem($text_response))) { - phpCAS::trace('domxml_open_mem() failed'); - $this->authError('ST not validated', - $validate_url, - false/*$no_response*/, - true/*$bad_response*/, - $text_response); - } - // read the root node of the XML tree - if (!($tree_response = $dom->document_element())) { - phpCAS::trace('document_element() failed'); - $this->authError('ST not validated', - $validate_url, - false/*$no_response*/, - true/*$bad_response*/, - $text_response); - } - // insure that tag name is 'serviceResponse' - if ($tree_response->node_name() != 'serviceResponse') { - phpCAS::trace('bad XML root node (should be `serviceResponse\' instead of `' . $tree_response->node_name() . '\''); - $this->authError('ST not validated', - $validate_url, - false/*$no_response*/, - true/*$bad_response*/, - $text_response); - } - if (sizeof($success_elements = $tree_response->get_elements_by_tagname("authenticationSuccess")) != 0) { - // authentication succeded, extract the user name - if (sizeof($user_elements = $success_elements[0]->get_elements_by_tagname("user")) == 0) { - phpCAS::trace(' found, but no '); - $this->authError('ST not validated', - $validate_url, - false/*$no_response*/, - true/*$bad_response*/, - $text_response); - } - $user = trim($user_elements[0]->get_content()); - phpCAS::trace('user = `' . $user); - $this->setUser($user); - - } else { - if (sizeof($failure_elements = $tree_response->get_elements_by_tagname("authenticationFailure")) != 0) { - phpCAS::trace(' found'); - // authentication failed, extract the error code and message - $this->authError('ST not validated', - $validate_url, - false/*$no_response*/, - false/*$bad_response*/, - $text_response, - $failure_elements[0]->get_attribute('code')/*$err_code*/, - trim($failure_elements[0]->get_content())/*$err_msg*/); - } else { - phpCAS::trace('neither nor found'); - $this->authError('ST not validated', - $validate_url, - false/*$no_response*/, - true/*$bad_response*/, - $text_response); - } - } - break; - } - - // at this step, ST has been validated and $this->_user has been set, - phpCAS::traceEnd(true); - return true; - } - - // ######################################################################## - // SAML VALIDATION - // ######################################################################## - /** - * @addtogroup internalBasic - * @{ - */ - - /** - * This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, - * $text_reponse and $tree_response on success. These parameters are used later - * by CASClient::validatePGT() for CAS proxies. - * - * @param $validate_url the URL of the request to the CAS server. - * @param $text_response the response of the CAS server, as is (XML text). - * @param $tree_response the response of the CAS server, as a DOM XML tree. - * - * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). - * - * @private - */ - function validateSA($validate_url, &$text_response, &$tree_response) - { - phpCAS::traceBegin(); - - // build the URL to validate the ticket - $validate_url = $this->getServerSamlValidateURL(); - - // open and read the URL - if (!$this->readURL($validate_url, ''/*cookies*/, $headers, $text_response, $err_msg)) { - phpCAS::trace('could not open URL \'' . $validate_url . '\' to validate (' . $err_msg . ')'); - $this->authError('SA not validated', $validate_url, true/*$no_response*/); - } - - phpCAS::trace('server version: ' . $this->getServerVersion()); - - // analyze the result depending on the version - switch ($this->getServerVersion()) { - case SAML_VERSION_1_1: - - // read the response of the CAS server into a DOM object - if (!($dom = domxml_open_mem($text_response))) { - phpCAS::trace('domxml_open_mem() failed'); - $this->authError('SA not validated', - $validate_url, - false/*$no_response*/, - true/*$bad_response*/, - $text_response); - } - // read the root node of the XML tree - if (!($tree_response = $dom->document_element())) { - phpCAS::trace('document_element() failed'); - $this->authError('SA not validated', - $validate_url, - false/*$no_response*/, - true/*$bad_response*/, - $text_response); - } - // insure that tag name is 'Envelope' - if ($tree_response->node_name() != 'Envelope') { - phpCAS::trace('bad XML root node (should be `Envelope\' instead of `' . $tree_response->node_name() . '\''); - $this->authError('SA not validated', - $validate_url, - false/*$no_response*/, - true/*$bad_response*/, - $text_response); - } - // check for the NameIdentifier tag in the SAML response - if (sizeof($success_elements = $tree_response->get_elements_by_tagname("NameIdentifier")) != 0) { - phpCAS::trace('NameIdentifier found'); - $user = trim($success_elements[0]->get_content()); - phpCAS::trace('user = `' . $user . '`'); - $this->setUser($user); - $this->setSessionAttributes($text_response); - } else { - phpCAS::trace('no tag found in SAML payload'); - $this->authError('SA not validated', - $validate_url, - false/*$no_response*/, - true/*$bad_response*/, - $text_response); - } - break; - } - - // at this step, ST has been validated and $this->_user has been set, - phpCAS::traceEnd(true); - return true; - } - - /** - * This method will parse the DOM and pull out the attributes from the SAML - * payload and put them into an array, then put the array into the session. - * - * @param $text_response the SAML payload. - * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). - * - * @private - */ - function setSessionAttributes($text_response) - { - phpCAS::traceBegin(); - - $result = false; - - if (isset($_SESSION[SAML_ATTRIBUTES])) { - phpCAS::trace("session attrs already set."); //testbml - do we care? - } - - $attr_array = array(); - - if (($dom = domxml_open_mem($text_response))) { - $xPath = $dom->xpath_new_context(); - $xPath->xpath_register_ns('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol'); - $xPath->xpath_register_ns('saml', 'urn:oasis:names:tc:SAML:1.0:assertion'); - $nodelist = $xPath->xpath_eval("//saml:Attribute"); - $attrs = $nodelist->nodeset; - phpCAS::trace($text_response); - foreach ($attrs as $attr) { - $xres = $xPath->xpath_eval("saml:AttributeValue", $attr); - $name = $attr->get_attribute("AttributeName"); - $value_array = array(); - foreach ($xres->nodeset as $node) { - $value_array[] = $node->get_content(); - - } - phpCAS::trace("* " . $name . "=" . $value_array); - $attr_array[$name] = $value_array; - } - $_SESSION[SAML_ATTRIBUTES] = $attr_array; - // UGent addition... - foreach ($attr_array as $attr_key => $attr_value) { - if (count($attr_value) > 1) { - $this->_attributes[$attr_key] = $attr_value; - } else { - $this->_attributes[$attr_key] = $attr_value[0]; - } - } - $result = true; - } - phpCAS::traceEnd($result); - return $result; - } - - /** @} */ - - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - // XX XX - // XX PROXY FEATURES (CAS 2.0) XX - // XX XX - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - - // ######################################################################## - // PROXYING - // ######################################################################## - /** - * @addtogroup internalProxy - * @{ - */ - - /** - * A boolean telling if the client is a CAS proxy or not. Written by CASClient::CASClient(), - * read by CASClient::isProxy(). - * - * @private - */ - var $_proxy; - - /** - * Tells if a CAS client is a CAS proxy or not - * - * @return TRUE when the CAS client is a CAs proxy, FALSE otherwise - * - * @private - */ - function isProxy() - { - return $this->_proxy; - } - - /** @} */ - // ######################################################################## - // PGT - // ######################################################################## - /** - * @addtogroup internalProxy - * @{ - */ - - /** - * the Proxy Grnting Ticket given by the CAS server (empty otherwise). - * Written by CASClient::setPGT(), read by CASClient::getPGT() and CASClient::hasPGT(). - * - * @hideinitializer - * @private - */ - var $_pgt = ''; - - /** - * This method returns the Proxy Granting Ticket given by the CAS server. - * @return The Proxy Granting Ticket. - * @private - */ - function getPGT() - { - return $this->_pgt; - } - - /** - * This method stores the Proxy Granting Ticket. - * @param $pgt The Proxy Granting Ticket. - * @private - */ - function setPGT($pgt) - { - $this->_pgt = $pgt; - } - - /** - * This method tells if a Proxy Granting Ticket was stored. - * @return TRUE if a Proxy Granting Ticket has been stored. - * @private - */ - function hasPGT() - { - return !empty($this->_pgt); - } - - /** @} */ - - // ######################################################################## - // CALLBACK MODE - // ######################################################################## - /** - * @addtogroup internalCallback - * @{ - */ - /** - * each PHP script using phpCAS in proxy mode is its own callback to get the - * PGT back from the CAS server. callback_mode is detected by the constructor - * thanks to the GET parameters. - */ - - /** - * a boolean to know if the CAS client is running in callback mode. Written by - * CASClient::setCallBackMode(), read by CASClient::isCallbackMode(). - * - * @hideinitializer - * @private - */ - var $_callback_mode = false; - - /** - * This method sets/unsets callback mode. - * - * @param $callback_mode TRUE to set callback mode, FALSE otherwise. - * - * @private - */ - function setCallbackMode($callback_mode) - { - $this->_callback_mode = $callback_mode; - } - - /** - * This method returns TRUE when the CAs client is running i callback mode, - * FALSE otherwise. - * - * @return A boolean. - * - * @private - */ - function isCallbackMode() - { - return $this->_callback_mode; - } - - /** - * the URL that should be used for the PGT callback (in fact the URL of the - * current request without any CGI parameter). Written and read by - * CASClient::getCallbackURL(). - * - * @hideinitializer - * @private - */ - var $_callback_url = ''; - - /** - * This method returns the URL that should be used for the PGT callback (in - * fact the URL of the current request without any CGI parameter, except if - * phpCAS::setFixedCallbackURL() was used). - * - * @return The callback URL - * - * @private - */ - function getCallbackURL() - { - // the URL is built when needed only - if (empty($this->_callback_url)) { - $final_uri = ''; - // remove the ticket if present in the URL - $final_uri = 'https://'; - /* replaced by Julien Marchal - v0.4.6 - * $this->uri .= $_SERVER['SERVER_NAME']; - */ - if (empty($_SERVER['HTTP_X_FORWARDED_SERVER'])) { - /* replaced by teedog - v0.4.12 - * $final_uri .= $_SERVER['SERVER_NAME']; - */ - if (empty($_SERVER['SERVER_NAME'])) { - $final_uri .= $_SERVER['HTTP_HOST']; - } else { - $final_uri .= $_SERVER['SERVER_NAME']; - } - } else { - $final_uri .= $_SERVER['HTTP_X_FORWARDED_SERVER']; - } - if (($this->isHttps() && $_SERVER['SERVER_PORT'] != 443) - || (!$this->isHttps() && $_SERVER['SERVER_PORT'] != 80) - ) { - $final_uri .= ':'; - $final_uri .= $_SERVER['SERVER_PORT']; - } - $request_uri = $_SERVER['REQUEST_URI']; - $request_uri = preg_replace('/\?.*$/', '', $request_uri); - $final_uri .= $request_uri; - $this->setCallbackURL($final_uri); - } - return $this->_callback_url; - } - - /** - * This method sets the callback url. - * - * @param $callback_url url to set callback - * - * @private - */ - function setCallbackURL($url) - { - return $this->_callback_url = $url; - } - - /** - * This method is called by CASClient::CASClient() when running in callback - * mode. It stores the PGT and its PGT Iou, prints its output and halts. - * - * @private - */ - function callback() - { - phpCAS::traceBegin(); - $this->printHTMLHeader('phpCAS callback'); - $pgt_iou = $_GET['pgtIou']; - $pgt = $_GET['pgtId']; - phpCAS::trace('Storing PGT `' . $pgt . '\' (id=`' . $pgt_iou . '\')'); - echo '

Storing PGT `' . $pgt . '\' (id=`' . $pgt_iou . '\').

'; - $this->storePGT($pgt, $pgt_iou); - $this->printHTMLFooter(); - phpCAS::traceExit(); - exit(); - } - - /** @} */ - - // ######################################################################## - // PGT STORAGE - // ######################################################################## - /** - * @addtogroup internalPGTStorage - * @{ - */ - - /** - * an instance of a class inheriting of PGTStorage, used to deal with PGT - * storage. Created by CASClient::setPGTStorageFile() or CASClient::setPGTStorageDB(), used - * by CASClient::setPGTStorageFile(), CASClient::setPGTStorageDB() and CASClient::initPGTStorage(). - * - * @hideinitializer - * @private - */ - var $_pgt_storage = null; - - /** - * This method is used to initialize the storage of PGT's. - * Halts on error. - * - * @private - */ - function initPGTStorage() - { - // if no SetPGTStorageXxx() has been used, default to file - if (!is_object($this->_pgt_storage)) { - $this->setPGTStorageFile(); - } - - // initializes the storage - $this->_pgt_storage->init(); - } - - /** - * This method stores a PGT. Halts on error. - * - * @param $pgt the PGT to store - * @param $pgt_iou its corresponding Iou - * - * @private - */ - function storePGT($pgt, $pgt_iou) - { - // ensure that storage is initialized - $this->initPGTStorage(); - // writes the PGT - $this->_pgt_storage->write($pgt, $pgt_iou); - } - - /** - * This method reads a PGT from its Iou and deletes the corresponding storage entry. - * - * @param $pgt_iou the PGT Iou - * - * @return The PGT corresponding to the Iou, FALSE when not found. - * - * @private - */ - function loadPGT($pgt_iou) - { - // ensure that storage is initialized - $this->initPGTStorage(); - // read the PGT - return $this->_pgt_storage->read($pgt_iou); - } - - /** - * This method is used to tell phpCAS to store the response of the - * CAS server to PGT requests onto the filesystem. - * - * @param $format the format used to store the PGT's (`plain' and `xml' allowed) - * @param $path the path where the PGT's should be stored - * - * @public - */ - function setPGTStorageFile( - $format = '', - $path = '' - ) { - // check that the storage has not already been set - if (is_object($this->_pgt_storage)) { - phpCAS::error('PGT storage already defined'); - } - - // create the storage object - $this->_pgt_storage = new PGTStorageFile($this, $format, $path); - } - - /** - * This method is used to tell phpCAS to store the response of the - * CAS server to PGT requests into a database. - * @note The connection to the database is done only when needed. - * As a consequence, bad parameters are detected only when - * initializing PGT storage. - * - * @param $user the user to access the data with - * @param $password the user's password - * @param $database_type the type of the database hosting the data - * @param $hostname the server hosting the database - * @param $port the port the server is listening on - * @param $database the name of the database - * @param $table the name of the table storing the data - * - * @public - */ - function setPGTStorageDB( - $user, - $password, - $database_type, - $hostname, - $port, - $database, - $table - ) { - // check that the storage has not already been set - if (is_object($this->_pgt_storage)) { - phpCAS::error('PGT storage already defined'); - } - - // warn the user that he should use file storage... - trigger_error('PGT storage into database is an experimental feature, use at your own risk', E_USER_WARNING); - - // create the storage object - $this->_pgt_storage = new PGTStorageDB($this, $user, $password, $database_type, $hostname, $port, $database, - $table); - } - - // ######################################################################## - // PGT VALIDATION - // ######################################################################## - /** - * This method is used to validate a PGT; halt on failure. - * - * @param $validate_url the URL of the request to the CAS server. - * @param $text_response the response of the CAS server, as is (XML text); result - * of CASClient::validateST() or CASClient::validatePT(). - * @param $tree_response the response of the CAS server, as a DOM XML tree; result - * of CASClient::validateST() or CASClient::validatePT(). - * - * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). - * - * @private - */ - function validatePGT(&$validate_url, $text_response, $tree_response) - { - // here cannot use phpCAS::traceBegin(); alongside domxml-php4-to-php5.php - phpCAS::log('start validatePGT()'); - if (sizeof($arr = $tree_response->get_elements_by_tagname("proxyGrantingTicket")) == 0) { - phpCAS::trace(' not found'); - // authentication succeded, but no PGT Iou was transmitted - $this->authError('Ticket validated but no PGT Iou transmitted', - $validate_url, - false/*$no_response*/, - false/*$bad_response*/, - $text_response); - } else { - // PGT Iou transmitted, extract it - $pgt_iou = trim($arr[0]->get_content()); - $pgt = $this->loadPGT($pgt_iou); - if ($pgt == false) { - phpCAS::trace('could not load PGT'); - $this->authError('PGT Iou was transmitted but PGT could not be retrieved', - $validate_url, - false/*$no_response*/, - false/*$bad_response*/, - $text_response); - } - $this->setPGT($pgt); - } - // here, cannot use phpCAS::traceEnd(TRUE); alongside domxml-php4-to-php5.php - phpCAS::log('end validatePGT()'); - return true; - } - - // ######################################################################## - // PGT VALIDATION - // ######################################################################## - - /** - * This method is used to retrieve PT's from the CAS server thanks to a PGT. - * - * @param $target_service the service to ask for with the PT. - * @param $err_code an error code (PHPCAS_SERVICE_OK on success). - * @param $err_msg an error message (empty on success). - * - * @return a Proxy Ticket, or FALSE on error. - * - * @private - */ - function retrievePT($target_service, &$err_code, &$err_msg) - { - phpCAS::traceBegin(); - - // by default, $err_msg is set empty and $pt to TRUE. On error, $pt is - // set to false and $err_msg to an error message. At the end, if $pt is FALSE - // and $error_msg is still empty, it is set to 'invalid response' (the most - // commonly encountered error). - $err_msg = ''; - - // build the URL to retrieve the PT - // $cas_url = $this->getServerProxyURL().'?targetService='.preg_replace('/&/','%26',$target_service).'&pgt='.$this->getPGT(); - $cas_url = $this->getServerProxyURL() . '?targetService=' . urlencode($target_service) . '&pgt=' . $this->getPGT(); - - // open and read the URL - if (!$this->readURL($cas_url, ''/*cookies*/, $headers, $cas_response, $err_msg)) { - phpCAS::trace('could not open URL \'' . $cas_url . '\' to validate (' . $err_msg . ')'); - $err_code = PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE; - $err_msg = 'could not retrieve PT (no response from the CAS server)'; - phpCAS::traceEnd(false); - return false; - } - - $bad_response = false; - - if (!$bad_response) { - // read the response of the CAS server into a DOM object - if (!($dom = @domxml_open_mem($cas_response))) { - phpCAS::trace('domxml_open_mem() failed'); - // read failed - $bad_response = true; - } - } - - if (!$bad_response) { - // read the root node of the XML tree - if (!($root = $dom->document_element())) { - phpCAS::trace('document_element() failed'); - // read failed - $bad_response = true; - } - } - - if (!$bad_response) { - // insure that tag name is 'serviceResponse' - if ($root->node_name() != 'serviceResponse') { - phpCAS::trace('node_name() failed'); - // bad root node - $bad_response = true; - } - } - - if (!$bad_response) { - // look for a proxySuccess tag - if (sizeof($arr = $root->get_elements_by_tagname("proxySuccess")) != 0) { - // authentication succeded, look for a proxyTicket tag - if (sizeof($arr = $root->get_elements_by_tagname("proxyTicket")) != 0) { - $err_code = PHPCAS_SERVICE_OK; - $err_msg = ''; - phpCAS::trace('original PT: ' . trim($arr[0]->get_content())); - $pt = trim($arr[0]->get_content()); - phpCAS::traceEnd($pt); - return $pt; - } else { - phpCAS::trace(' was found, but not '); - } - } // look for a proxyFailure tag - else { - if (sizeof($arr = $root->get_elements_by_tagname("proxyFailure")) != 0) { - // authentication failed, extract the error - $err_code = PHPCAS_SERVICE_PT_FAILURE; - $err_msg = 'PT retrieving failed (code=`' - . $arr[0]->get_attribute('code') - . '\', message=`' - . trim($arr[0]->get_content()) - . '\')'; - phpCAS::traceEnd(false); - return false; - } else { - phpCAS::trace('neither nor found'); - } - } - } - - // at this step, we are sure that the response of the CAS server was ill-formed - $err_code = PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE; - $err_msg = 'Invalid response from the CAS server (response=`' . $cas_response . '\')'; - - phpCAS::traceEnd(false); - return false; - } - - // ######################################################################## - // ACCESS TO EXTERNAL SERVICES - // ######################################################################## - - /** - * This method is used to acces a remote URL. - * - * @param $url the URL to access. - * @param $cookies an array containing cookies strings such as 'name=val' - * @param $headers an array containing the HTTP header lines of the response - * (an empty array on failure). - * @param $body the body of the response, as a string (empty on failure). - * @param $err_msg an error message, filled on failure. - * - * @return TRUE on success, FALSE otherwise (in this later case, $err_msg - * contains an error message). - * - * @private - */ - function readURL($url, $cookies, &$headers, &$body, &$err_msg) - { - phpCAS::traceBegin(); - $headers = ''; - $body = ''; - $err_msg = ''; - - $res = true; - - // initialize the CURL session - $ch = curl_init($url); - - if (version_compare(PHP_VERSION, '5.1.3', '>=')) { - //only avaible in php5 - curl_setopt_array($ch, $this->_curl_options); - } else { - foreach ($this->_curl_options as $key => $value) { - curl_setopt($ch, $key, $value); - } - } - - if ($this->_cas_server_cert == '' && $this->_cas_server_ca_cert == '' && !$this->_no_cas_server_validation) { - phpCAS::error('one of the methods phpCAS::setCasServerCert(), phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.'); - } - if ($this->_cas_server_cert != '' && $this->_cas_server_ca_cert != '') { - // This branch added by IDMS. Seems phpCAS implementor got a bit confused about the curl options CURLOPT_SSLCERT and CURLOPT_CAINFO - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); - curl_setopt($ch, CURLOPT_SSLCERT, $this->_cas_server_cert); - curl_setopt($ch, CURLOPT_CAINFO, $this->_cas_server_ca_cert); - curl_setopt($ch, CURLOPT_VERBOSE, '1'); - phpCAS::trace('CURL: Set all required opts for mutual authentication ------'); - } else { - if ($this->_cas_server_cert != '') { - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); - curl_setopt($ch, CURLOPT_SSLCERT, $this->_cas_server_cert); - } else { - if ($this->_cas_server_ca_cert != '') { - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); - curl_setopt($ch, CURLOPT_CAINFO, $this->_cas_server_ca_cert); - } else { - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); - } - } - } - - // return the CURL output into a variable - curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); - // get the HTTP header with a callback - $this->_curl_headers = array(); // empty the headers array - curl_setopt($ch, CURLOPT_HEADERFUNCTION, array($this, '_curl_read_headers')); - // add cookies headers - if (is_array($cookies)) { - curl_setopt($ch, CURLOPT_COOKIE, implode(';', $cookies)); - } - // add extra stuff if SAML - if ($this->hasSA()) { - $more_headers = array( - "soapaction: http://www.oasis-open.org/committees/security", - "cache-control: no-cache", - "pragma: no-cache", - "accept: text/xml", - "connection: keep-alive", - "content-type: text/xml" - ); - - curl_setopt($ch, CURLOPT_HTTPHEADER, $more_headers); - curl_setopt($ch, CURLOPT_POST, 1); - $data = $this->buildSAMLPayload(); - //phpCAS::trace('SAML Payload: '.print_r($data, TRUE)); - curl_setopt($ch, CURLOPT_POSTFIELDS, $data); - } - // perform the query - $buf = curl_exec($ch); - //phpCAS::trace('CURL: Call completed. Response body is: \''.$buf.'\''); - if ($buf === false) { - phpCAS::trace('curl_exec() failed'); - $err_msg = 'CURL error #' . curl_errno($ch) . ': ' . curl_error($ch); - //phpCAS::trace('curl error: '.$err_msg); - // close the CURL session - curl_close($ch); - $res = false; - } else { - // close the CURL session - curl_close($ch); - - $headers = $this->_curl_headers; - $body = $buf; - } - - phpCAS::traceEnd($res); - return $res; - } - - /** - * This method is used to build the SAML POST body sent to /samlValidate URL. - * - * @return the SOAP-encased SAMLP artifact (the ticket). - * - * @private - */ - function buildSAMLPayload() - { - phpCAS::traceBegin(); - - //get the ticket - $sa = $this->getSA(); - //phpCAS::trace("SA: ".$sa); - - $body = SAML_SOAP_ENV . SAML_SOAP_BODY . SAMLP_REQUEST . SAML_ASSERTION_ARTIFACT . $sa . SAML_ASSERTION_ARTIFACT_CLOSE . SAMLP_REQUEST_CLOSE . SAML_SOAP_BODY_CLOSE . SAML_SOAP_ENV_CLOSE; - - phpCAS::traceEnd($body); - return ($body); - } - - /** - * This method is the callback used by readURL method to request HTTP headers. - */ - var $_curl_headers = array(); - - function _curl_read_headers($ch, $header) - { - $this->_curl_headers[] = $header; - return strlen($header); - } - - /** - * This method is used to access an HTTP[S] service. - * - * @param $url the service to access. - * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on - * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, - * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE. - * @param $output the output of the service (also used to give an error - * message on failure). - * - * @return TRUE on success, FALSE otherwise (in this later case, $err_code - * gives the reason why it failed and $output contains an error message). - * - * @public - */ - function serviceWeb($url, &$err_code, &$output) - { - phpCAS::traceBegin(); - // at first retrieve a PT - $pt = $this->retrievePT($url, $err_code, $output); - - $res = true; - - // test if PT was retrieved correctly - if (!$pt) { - // note: $err_code and $err_msg are filled by CASClient::retrievePT() - phpCAS::trace('PT was not retrieved correctly'); - $res = false; - } else { - // add cookies if necessary - if (is_array($_SESSION['phpCAS']['services'][$url]['cookies'])) { - foreach ($_SESSION['phpCAS']['services'][$url]['cookies'] as $name => $val) { - $cookies[] = $name . '=' . $val; - } - } - - // build the URL including the PT - if (strstr($url, '?') === false) { - $service_url = $url . '?ticket=' . $pt; - } else { - $service_url = $url . '&ticket=' . $pt; - } - - phpCAS::trace('reading URL`' . $service_url . '\''); - if (!$this->readURL($service_url, $cookies, $headers, $output, $err_msg)) { - phpCAS::trace('could not read URL`' . $service_url . '\''); - $err_code = PHPCAS_SERVICE_NOT_AVAILABLE; - // give an error message - $output = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE), - $service_url, - $err_msg); - $res = false; - } else { - // URL has been fetched, extract the cookies - phpCAS::trace('URL`' . $service_url . '\' has been read, storing cookies:'); - foreach ($headers as $header) { - // test if the header is a cookie - if (preg_match('/^Set-Cookie:/', $header)) { - // the header is a cookie, remove the beginning - $header_val = preg_replace('/^Set-Cookie: */', '', $header); - // extract interesting information - $name_val = strtok($header_val, '; '); - // extract the name and the value of the cookie - $cookie_name = strtok($name_val, '='); - $cookie_val = strtok('='); - // store the cookie - $_SESSION['phpCAS']['services'][$url]['cookies'][$cookie_name] = $cookie_val; - phpCAS::trace($cookie_name . ' -> ' . $cookie_val); - } - } - } - } - - phpCAS::traceEnd($res); - return $res; - } - - /** - * This method is used to access an IMAP/POP3/NNTP service. - * - * @param $url a string giving the URL of the service, including the mailing box - * for IMAP URLs, as accepted by imap_open(). - * @param $service a string giving for CAS retrieve Proxy ticket - * @param $flags options given to imap_open(). - * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on - * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, - * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE. - * @param $err_msg an error message on failure - * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL - * on success, FALSE on error). - * - * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code - * gives the reason why it failed and $err_msg contains an error message). - * - * @public - */ - function serviceMail($url, $service, $flags, &$err_code, &$err_msg, &$pt) - { - phpCAS::traceBegin(); - // at first retrieve a PT - $pt = $this->retrievePT($service, $err_code, $output); - - $stream = false; - - // test if PT was retrieved correctly - if (!$pt) { - // note: $err_code and $err_msg are filled by CASClient::retrievePT() - phpCAS::trace('PT was not retrieved correctly'); - } else { - phpCAS::trace('opening IMAP URL `' . $url . '\'...'); - $stream = @imap_open($url, $this->getUser(), $pt, $flags); - if (!$stream) { - phpCAS::trace('could not open URL'); - $err_code = PHPCAS_SERVICE_NOT_AVAILABLE; - // give an error message - $err_msg = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE), - $service_url, - var_export(imap_errors(), true)); - $pt = false; - $stream = false; - } else { - phpCAS::trace('ok'); - } - } - - phpCAS::traceEnd($stream); - return $stream; - } - - /** @} */ - - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - // XX XX - // XX PROXIED CLIENT FEATURES (CAS 2.0) XX - // XX XX - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - - // ######################################################################## - // PT - // ######################################################################## - /** - * @addtogroup internalProxied - * @{ - */ - - /** - * the Proxy Ticket provided in the URL of the request if present - * (empty otherwise). Written by CASClient::CASClient(), read by - * CASClient::getPT() and CASClient::hasPGT(). - * - * @hideinitializer - * @private - */ - var $_pt = ''; - - /** - * This method returns the Proxy Ticket provided in the URL of the request. - * @return The proxy ticket. - * @private - */ - function getPT() - { - // return 'ST'.substr($this->_pt, 2); - return $this->_pt; - } - - /** - * This method stores the Proxy Ticket. - * @param $pt The Proxy Ticket. - * @private - */ - function setPT($pt) - { - $this->_pt = $pt; - } - - /** - * This method tells if a Proxy Ticket was stored. - * @return TRUE if a Proxy Ticket has been stored. - * @private - */ - function hasPT() - { - return !empty($this->_pt); - } - - /** - * This method returns the SAML Ticket provided in the URL of the request. - * @return The SAML ticket. - * @private - */ - function getSA() - { - return 'ST' . substr($this->_sa, 2); - } - - /** - * This method stores the SAML Ticket. - * @param $sa The SAML Ticket. - * @private - */ - function setSA($sa) - { - $this->_sa = $sa; - } - - /** - * This method tells if a SAML Ticket was stored. - * @return TRUE if a SAML Ticket has been stored. - * @private - */ - function hasSA() - { - return !empty($this->_sa); - } - - /** @} */ - // ######################################################################## - // PT VALIDATION - // ######################################################################## - /** - * @addtogroup internalProxied - * @{ - */ - - /** - * This method is used to validate a ST or PT; halt on failure - * Used for all CAS 2.0 validations - * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). - * - * @private - */ - function validatePT(&$validate_url, &$text_response, &$tree_response) - { - phpCAS::traceBegin(); - // build the URL to validate the ticket - $validate_url = $this->getServerProxyValidateURL() . '&ticket=' . $this->getPT(); - - if ($this->isProxy()) { - // pass the callback url for CAS proxies - $validate_url .= '&pgtUrl=' . $this->getCallbackURL(); - } - - // open and read the URL - if (!$this->readURL($validate_url, ''/*cookies*/, $headers, $text_response, $err_msg)) { - phpCAS::trace('could not open URL \'' . $validate_url . '\' to validate (' . $err_msg . ')'); - $this->authError('PT not validated', - $validate_url, - true/*$no_response*/); - } - - // read the response of the CAS server into a DOM object - if (!($dom = domxml_open_mem($text_response))) { - // read failed - $this->authError('PT not validated', - $validate_url, - false/*$no_response*/, - true/*$bad_response*/, - $text_response); - } - // read the root node of the XML tree - if (!($tree_response = $dom->document_element())) { - // read failed - $this->authError('PT not validated', - $validate_url, - false/*$no_response*/, - true/*$bad_response*/, - $text_response); - } - // insure that tag name is 'serviceResponse' - if ($tree_response->node_name() != 'serviceResponse') { - // bad root node - $this->authError('PT not validated', - $validate_url, - false/*$no_response*/, - true/*$bad_response*/, - $text_response); - } - if (sizeof($arr = $tree_response->get_elements_by_tagname("authenticationSuccess")) != 0) { - // authentication succeded, extract the user name - if (sizeof($arr = $tree_response->get_elements_by_tagname("user")) == 0) { - // no user specified => error - $this->authError('PT not validated', - $validate_url, - false/*$no_response*/, - true/*$bad_response*/, - $text_response); - } - $this->setUser(trim($arr[0]->get_content())); - - } else { - if (sizeof($arr = $tree_response->get_elements_by_tagname("authenticationFailure")) != 0) { - // authentication succeded, extract the error code and message - $this->authError('PT not validated', - $validate_url, - false/*$no_response*/, - false/*$bad_response*/, - $text_response, - $arr[0]->get_attribute('code')/*$err_code*/, - trim($arr[0]->get_content())/*$err_msg*/); - } else { - $this->authError('PT not validated', - $validate_url, - false/*$no_response*/, - true/*$bad_response*/, - $text_response); - } - } - - // at this step, PT has been validated and $this->_user has been set, - - phpCAS::traceEnd(true); - return true; - } - - /** @} */ - - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - // XX XX - // XX MISC XX - // XX XX - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - - /** - * @addtogroup internalMisc - * @{ - */ - - // ######################################################################## - // URL - // ######################################################################## - /** - * the URL of the current request (without any ticket CGI parameter). Written - * and read by CASClient::getURL(). - * - * @hideinitializer - * @private - */ - var $_url = ''; - - /** - * This method returns the URL of the current request (without any ticket - * CGI parameter). - * - * @return The URL - * - * @private - */ - function getURL() - { - phpCAS::traceBegin(); - // the URL is built when needed only - if (empty($this->_url)) { - $final_uri = ''; - // remove the ticket if present in the URL - $final_uri = ($this->isHttps()) ? 'https' : 'http'; - $final_uri .= '://'; - /* replaced by Julien Marchal - v0.4.6 - * $this->_url .= $_SERVER['SERVER_NAME']; - */ - if (empty($_SERVER['HTTP_X_FORWARDED_SERVER'])) { - /* replaced by teedog - v0.4.12 - * $this->_url .= $_SERVER['SERVER_NAME']; - */ - if (empty($_SERVER['SERVER_NAME'])) { - $server_name = $_SERVER['HTTP_HOST']; - } else { - $server_name = $_SERVER['SERVER_NAME']; - } - } else { - $server_name = $_SERVER['HTTP_X_FORWARDED_SERVER']; - } - $final_uri .= $server_name; - if (!strpos($server_name, ':')) { - if (($this->isHttps() && $_SERVER['SERVER_PORT'] != 443) - || (!$this->isHttps() && $_SERVER['SERVER_PORT'] != 80) - ) { - $final_uri .= ':'; - $final_uri .= $_SERVER['SERVER_PORT']; - } - } - - $request_uri = explode('?', $_SERVER['REQUEST_URI'], 2); - $final_uri .= $request_uri[0]; - - if (isset($request_uri[1]) && $request_uri[1]) { - $query_string = $this->removeParameterFromQueryString('ticket', $request_uri[1]); - - // If the query string still has anything left, append it to the final URI - if ($query_string !== '') { - $final_uri .= "?$query_string"; - } - - } - - phpCAS::trace("Final URI: $final_uri"); - $this->setURL($final_uri); - } - phpCAS::traceEnd($this->_url); - return $this->_url; - } - - - /** - * Removes a parameter from a query string - * - * @param string $parameterName - * @param string $queryString - * @return string - * - * @link http://stackoverflow.com/questions/1842681/regular-expression-to-remove-one-parameter-from-query-string - */ - function removeParameterFromQueryString($parameterName, $queryString) - { - $parameterName = preg_quote($parameterName); - return preg_replace("/&$parameterName(=[^&]*)?|^$parameterName(=[^&]*)?&?/", '', $queryString); - } - - - /** - * This method sets the URL of the current request - * - * @param $url url to set for service - * - * @private - */ - function setURL($url) - { - $this->_url = $url; - } - - // ######################################################################## - // AUTHENTICATION ERROR HANDLING - // ######################################################################## - /** - * This method is used to print the HTML output when the user was not authenticated. - * - * @param $failure the failure that occured - * @param $cas_url the URL the CAS server was asked for - * @param $no_response the response from the CAS server (other - * parameters are ignored if TRUE) - * @param $bad_response bad response from the CAS server ($err_code - * and $err_msg ignored if TRUE) - * @param $cas_response the response of the CAS server - * @param $err_code the error code given by the CAS server - * @param $err_msg the error message given by the CAS server - * - * @private - */ - function authError( - $failure, - $cas_url, - $no_response, - $bad_response = '', - $cas_response = '', - $err_code = '', - $err_msg = '' - ) { - phpCAS::traceBegin(); - - $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_FAILED)); - printf($this->getString(CAS_STR_YOU_WERE_NOT_AUTHENTICATED), htmlentities($this->getURL()), - $_SERVER['SERVER_ADMIN']); - phpCAS::trace('CAS URL: ' . $cas_url); - phpCAS::trace('Authentication failure: ' . $failure); - if ($no_response) { - phpCAS::trace('Reason: no response from the CAS server'); - } else { - if ($bad_response) { - phpCAS::trace('Reason: bad response from the CAS server'); - } else { - switch ($this->getServerVersion()) { - case CAS_VERSION_1_0: - phpCAS::trace('Reason: CAS error'); - break; - case CAS_VERSION_2_0: - if (empty($err_code)) { - phpCAS::trace('Reason: no CAS error'); - } else { - phpCAS::trace('Reason: [' . $err_code . '] CAS error: ' . $err_msg); - } - break; - } - } - phpCAS::trace('CAS response: ' . $cas_response); - } - $this->printHTMLFooter(); - phpCAS::traceExit(); - exit(); - } - - /** @} */ -} diff --git a/main/auth/cas/lib/CAS/domxml-php4-to-php5.php b/main/auth/cas/lib/CAS/domxml-php4-to-php5.php deleted file mode 100755 index b33989fdb7..0000000000 --- a/main/auth/cas/lib/CAS/domxml-php4-to-php5.php +++ /dev/null @@ -1,881 +0,0 @@ -=5.1 for XPath evaluation functions, and PHP>=5.1/libxml for DOMXML error reports) - - Typical use: - { - if (PHP_VERSION>='5') - require_once('domxml-php4-to-php5.php'); - } - - Version 1.21, 2008-12-05, http://alexandre.alapetite.net/doc-alex/domxml-php4-php5/ - - ------------------------------------------------------------------ - Written by Alexandre Alapetite, http://alexandre.alapetite.net/cv/ - - Copyright 2004-2008, GNU Lesser General Public License, - http://www.gnu.org/licenses/lgpl.html - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Lesser General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Lesser General Public License for more details. - You should have received a copy of the GNU Lesser General Public License - along with this program. If not, see - - == Rights and obligations == - - Attribution: You must give the original author credit. - - Share Alike: If you alter or transform this library, - you may distribute the resulting library only under the same license GNU/LGPL. - - In case of jurisdiction dispute, the French law is authoritative. - - Any of these conditions can be waived if you get permission from Alexandre Alapetite. - - Not required, but please send to Alexandre Alapetite the modifications you make, - in order to improve this file for the benefit of everybody. - - If you want to distribute this code, please do it as a link to: - http://alexandre.alapetite.net/doc-alex/domxml-php4-php5/ -*/ - -define('DOMXML_LOAD_PARSING', 0); -define('DOMXML_LOAD_VALIDATING', 1); -define('DOMXML_LOAD_RECOVERING', 2); -define('DOMXML_LOAD_SUBSTITUTE_ENTITIES', 4); -//define('DOMXML_LOAD_COMPLETE_ATTRS',8); -define('DOMXML_LOAD_DONT_KEEP_BLANKS', 16); - -function domxml_new_doc($version) -{ - return new php4DOMDocument(); -} - -function domxml_new_xmldoc($version) -{ - return new php4DOMDocument(); -} - -function domxml_open_file($filename, $mode = DOMXML_LOAD_PARSING, &$error = null) -{ - $dom = new php4DOMDocument($mode); - $errorMode = (func_num_args() > 2) && defined('LIBXML_VERSION'); - if ($errorMode) { - libxml_use_internal_errors(true); - } - if (!$dom->myDOMNode->load($filename)) { - $dom = null; - } - if ($errorMode) { - $error = array_map('_error_report', libxml_get_errors()); - libxml_clear_errors(); - } - return $dom; -} - -function domxml_open_mem($str, $mode = DOMXML_LOAD_PARSING, &$error = null) -{ - $dom = new php4DOMDocument($mode); - $errorMode = (func_num_args() > 2) && defined('LIBXML_VERSION'); - if ($errorMode) { - libxml_use_internal_errors(true); - } - if (!$dom->myDOMNode->loadXML($str)) { - $dom = null; - } - if ($errorMode) { - $error = array_map('_error_report', libxml_get_errors()); - libxml_clear_errors(); - } - return $dom; -} - -function html_doc($html_doc, $from_file = false) -{ - $dom = new php4DOMDocument(); - if ($from_file) { - $result = $dom->myDOMNode->loadHTMLFile($html_doc); - } else { - $result = $dom->myDOMNode->loadHTML($html_doc); - } - return $result ? $dom : null; -} - -function html_doc_file($filename) -{ - return html_doc($filename, true); -} - -function xmldoc($str) -{ - return domxml_open_mem($str); -} - -function xmldocfile($filename) -{ - return domxml_open_file($filename); -} - -function xpath_eval($xpath_context, $eval_str, $contextnode = null) -{ - return $xpath_context->xpath_eval($eval_str, $contextnode); -} - -function xpath_new_context($dom_document) -{ - return new php4DOMXPath($dom_document); -} - -function xpath_register_ns($xpath_context, $prefix, $namespaceURI) -{ - return $xpath_context->myDOMXPath->registerNamespace($prefix, $namespaceURI); -} - -function _entityDecode($text) -{ - return html_entity_decode(strtr($text, array(''' => '\'')), ENT_QUOTES, 'UTF-8'); -} - -function _error_report($error) -{ - return array( - 'errormessage' => $error->message, - 'nodename' => '', - 'line' => $error->line, - 'col' => $error->column - ) + ($error->file == '' ? array() : array('directory' => dirname($error->file), 'file' => basename($error->file))); -} - -class php4DOMAttr extends php4DOMNode -{ - function __get($name) - { - if ($name === 'name') { - return $this->myDOMNode->name; - } else { - return parent::__get($name); - } - } - - function name() - { - return $this->myDOMNode->name; - } - - function set_content($text) - { - } - - //function set_value($content) {return $this->myDOMNode->value=htmlspecialchars($content,ENT_QUOTES);} - function specified() - { - return $this->myDOMNode->specified; - } - - function value() - { - return $this->myDOMNode->value; - } -} - -class php4DOMDocument extends php4DOMNode -{ - function php4DOMDocument($mode = DOMXML_LOAD_PARSING) - { - $this->myDOMNode = new DOMDocument(); - $this->myOwnerDocument = $this; - if ($mode & DOMXML_LOAD_VALIDATING) { - $this->myDOMNode->validateOnParse = true; - } - if ($mode & DOMXML_LOAD_RECOVERING) { - $this->myDOMNode->recover = true; - } - if ($mode & DOMXML_LOAD_SUBSTITUTE_ENTITIES) { - $this->myDOMNode->substituteEntities = true; - } - if ($mode & DOMXML_LOAD_DONT_KEEP_BLANKS) { - $this->myDOMNode->preserveWhiteSpace = false; - } - } - - function add_root($name) - { - if ($this->myDOMNode->hasChildNodes()) { - $this->myDOMNode->removeChild($this->myDOMNode->firstChild); - } - return new php4DOMElement($this->myDOMNode->appendChild($this->myDOMNode->createElement($name)), - $this->myOwnerDocument); - } - - function create_attribute($name, $value) - { - $myAttr = $this->myDOMNode->createAttribute($name); - $myAttr->value = htmlspecialchars($value, ENT_QUOTES); - return new php4DOMAttr($myAttr, $this); - } - - function create_cdata_section($content) - { - return new php4DOMNode($this->myDOMNode->createCDATASection($content), $this); - } - - function create_comment($data) - { - return new php4DOMNode($this->myDOMNode->createComment($data), $this); - } - - function create_element($name) - { - return new php4DOMElement($this->myDOMNode->createElement($name), $this); - } - - function create_element_ns($uri, $name, $prefix = null) - { - if ($prefix == null) { - $prefix = $this->myDOMNode->lookupPrefix($uri); - } - if (($prefix == null) && (($this->myDOMNode->documentElement == null) || (!$this->myDOMNode->documentElement->isDefaultNamespace($uri)))) { - $prefix = 'a' . sprintf('%u', crc32($uri)); - } - return new php4DOMElement($this->myDOMNode->createElementNS($uri, - $prefix == null ? $name : $prefix . ':' . $name), $this); - } - - function create_entity_reference($content) - { - return new php4DOMNode($this->myDOMNode->createEntityReference($content), $this); - } //By Walter Ebert 2007-01-22 - - function create_processing_instruction($target, $data = '') - { - return new php4DomProcessingInstruction($this->myDOMNode->createProcessingInstruction($target, $data), $this); - } - - function create_text_node($content) - { - return new php4DOMText($this->myDOMNode->createTextNode($content), $this); - } - - function document_element() - { - return parent::_newDOMElement($this->myDOMNode->documentElement, $this); - } - - function dump_file($filename, $compressionmode = false, $format = false) - { - $format0 = $this->myDOMNode->formatOutput; - $this->myDOMNode->formatOutput = $format; - $res = $this->myDOMNode->save($filename); - $this->myDOMNode->formatOutput = $format0; - return $res; - } - - function dump_mem($format = false, $encoding = false) - { - $format0 = $this->myDOMNode->formatOutput; - $this->myDOMNode->formatOutput = $format; - $encoding0 = $this->myDOMNode->encoding; - if ($encoding) { - $this->myDOMNode->encoding = $encoding; - } - $dump = $this->myDOMNode->saveXML(); - $this->myDOMNode->formatOutput = $format0; - if ($encoding) { - $this->myDOMNode->encoding = $encoding0 == '' ? 'UTF-8' : $encoding0; - } //UTF-8 is XML default encoding - return $dump; - } - - function free() - { - if ($this->myDOMNode->hasChildNodes()) { - $this->myDOMNode->removeChild($this->myDOMNode->firstChild); - } - $this->myDOMNode = null; - $this->myOwnerDocument = null; - } - - function get_element_by_id($id) - { - return parent::_newDOMElement($this->myDOMNode->getElementById($id), $this); - } - - function get_elements_by_tagname($name) - { - $myDOMNodeList = $this->myDOMNode->getElementsByTagName($name); - $nodeSet = array(); - $i = 0; - if (isset($myDOMNodeList)) { - while ($node = $myDOMNodeList->item($i++)) { - $nodeSet[] = new php4DOMElement($node, $this); - } - } - return $nodeSet; - } - - function html_dump_mem() - { - return $this->myDOMNode->saveHTML(); - } - - function root() - { - return parent::_newDOMElement($this->myDOMNode->documentElement, $this); - } - - function xinclude() - { - return $this->myDOMNode->xinclude(); - } - - function xpath_new_context() - { - return new php4DOMXPath($this); - } -} - -class php4DOMElement extends php4DOMNode -{ - function add_namespace($uri, $prefix) - { - if ($this->myDOMNode->hasAttributeNS('http://www.w3.org/2000/xmlns/', $prefix)) { - return false; - } else { - $this->myDOMNode->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:' . $prefix, - $uri); //By Daniel Walker 2006-09-08 - return true; - } - } - - function get_attribute($name) - { - return $this->myDOMNode->getAttribute($name); - } - - function get_attribute_node($name) - { - return parent::_newDOMElement($this->myDOMNode->getAttributeNode($name), $this->myOwnerDocument); - } - - function get_elements_by_tagname($name) - { - $myDOMNodeList = $this->myDOMNode->getElementsByTagName($name); - $nodeSet = array(); - $i = 0; - if (isset($myDOMNodeList)) { - while ($node = $myDOMNodeList->item($i++)) { - $nodeSet[] = new php4DOMElement($node, $this->myOwnerDocument); - } - } - return $nodeSet; - } - - function has_attribute($name) - { - return $this->myDOMNode->hasAttribute($name); - } - - function remove_attribute($name) - { - return $this->myDOMNode->removeAttribute($name); - } - - function set_attribute($name, $value) - { - //return $this->myDOMNode->setAttribute($name,$value); //Does not return a DomAttr - $myAttr = $this->myDOMNode->ownerDocument->createAttribute($name); - $myAttr->value = htmlspecialchars($value, ENT_QUOTES); //Entity problem reported by AL-DesignWorks 2007-09-07 - $this->myDOMNode->setAttributeNode($myAttr); - return new php4DOMAttr($myAttr, $this->myOwnerDocument); - } - - /*function set_attribute_node($attr) - { - $this->myDOMNode->setAttributeNode($this->_importNode($attr)); - return $attr; - }*/ - function set_name($name) - { - if ($this->myDOMNode->prefix == '') { - $newNode = $this->myDOMNode->ownerDocument->createElement($name); - } else { - $newNode = $this->myDOMNode->ownerDocument->createElementNS($this->myDOMNode->namespaceURI, - $this->myDOMNode->prefix . ':' . $name); - } - $myDOMNodeList = $this->myDOMNode->attributes; - $i = 0; - if (isset($myDOMNodeList)) { - while ($node = $myDOMNodeList->item($i++)) { - if ($node->namespaceURI == '') { - $newNode->setAttribute($node->name, $node->value); - } else { - $newNode->setAttributeNS($node->namespaceURI, $node->nodeName, $node->value); - } - } - } - $myDOMNodeList = $this->myDOMNode->childNodes; - if (isset($myDOMNodeList)) { - while ($node = $myDOMNodeList->item(0)) { - $newNode->appendChild($node); - } - } - $this->myDOMNode->parentNode->replaceChild($newNode, $this->myDOMNode); - $this->myDOMNode = $newNode; - return true; - } - - function tagname() - { - return $this->tagname; - } -} - -class php4DOMNode -{ - public $myDOMNode; - public $myOwnerDocument; - - function php4DOMNode($aDomNode, $aOwnerDocument) - { - $this->myDOMNode = $aDomNode; - $this->myOwnerDocument = $aOwnerDocument; - } - - function __get($name) - { - switch ($name) { - case 'type': - return $this->myDOMNode->nodeType; - case 'tagname': - return ($this->myDOMNode->nodeType === XML_ELEMENT_NODE) ? $this->myDOMNode->localName : $this->myDOMNode->tagName; //Avoid namespace prefix for DOMElement - case 'content': - return $this->myDOMNode->textContent; - case 'value': - return $this->myDOMNode->value; - default: - $myErrors = debug_backtrace(); - trigger_error('Undefined property: ' . get_class($this) . '::$' . $name . ' [' . $myErrors[0]['file'] . ':' . $myErrors[0]['line'] . ']', - E_USER_NOTICE); - return false; - } - } - - function add_child($newnode) - { - return append_child($newnode); - } - - function add_namespace($uri, $prefix) - { - return false; - } - - function append_child($newnode) - { - return self::_newDOMElement($this->myDOMNode->appendChild($this->_importNode($newnode)), - $this->myOwnerDocument); - } - - function append_sibling($newnode) - { - return self::_newDOMElement($this->myDOMNode->parentNode->appendChild($this->_importNode($newnode)), - $this->myOwnerDocument); - } - - function attributes() - { - $myDOMNodeList = $this->myDOMNode->attributes; - if (!(isset($myDOMNodeList) && $this->myDOMNode->hasAttributes())) { - return null; - } - $nodeSet = array(); - $i = 0; - while ($node = $myDOMNodeList->item($i++)) { - $nodeSet[] = new php4DOMAttr($node, $this->myOwnerDocument); - } - return $nodeSet; - } - - function child_nodes() - { - $myDOMNodeList = $this->myDOMNode->childNodes; - $nodeSet = array(); - $i = 0; - if (isset($myDOMNodeList)) { - while ($node = $myDOMNodeList->item($i++)) { - $nodeSet[] = self::_newDOMElement($node, $this->myOwnerDocument); - } - } - return $nodeSet; - } - - function children() - { - return $this->child_nodes(); - } - - function clone_node($deep = false) - { - return self::_newDOMElement($this->myDOMNode->cloneNode($deep), $this->myOwnerDocument); - } - - //dump_node($node) should only be called on php4DOMDocument - function dump_node($node = null) - { - return $node == null ? $this->myOwnerDocument->myDOMNode->saveXML($this->myDOMNode) : $this->myOwnerDocument->myDOMNode->saveXML($node->myDOMNode); - } - - function first_child() - { - return self::_newDOMElement($this->myDOMNode->firstChild, $this->myOwnerDocument); - } - - function get_content() - { - return $this->myDOMNode->textContent; - } - - function has_attributes() - { - return $this->myDOMNode->hasAttributes(); - } - - function has_child_nodes() - { - return $this->myDOMNode->hasChildNodes(); - } - - function insert_before($newnode, $refnode) - { - return self::_newDOMElement($this->myDOMNode->insertBefore($this->_importNode($newnode), - $refnode == null ? null : $refnode->myDOMNode), $this->myOwnerDocument); - } - - function is_blank_node() - { - return ($this->myDOMNode->nodeType === XML_TEXT_NODE) && preg_match('%^\s*$%', $this->myDOMNode->nodeValue); - } - - function last_child() - { - return self::_newDOMElement($this->myDOMNode->lastChild, $this->myOwnerDocument); - } - - function new_child($name, $content) - { - $mySubNode = $this->myDOMNode->ownerDocument->createElement($name); - $mySubNode->appendChild($this->myDOMNode->ownerDocument->createTextNode(_entityDecode($content))); - $this->myDOMNode->appendChild($mySubNode); - return new php4DOMElement($mySubNode, $this->myOwnerDocument); - } - - function next_sibling() - { - return self::_newDOMElement($this->myDOMNode->nextSibling, $this->myOwnerDocument); - } - - function node_name() - { - return ($this->myDOMNode->nodeType === XML_ELEMENT_NODE) ? $this->myDOMNode->localName : $this->myDOMNode->nodeName; - } //Avoid namespace prefix for DOMElement - - function node_type() - { - return $this->myDOMNode->nodeType; - } - - function node_value() - { - return $this->myDOMNode->nodeValue; - } - - function owner_document() - { - return $this->myOwnerDocument; - } - - function parent_node() - { - return self::_newDOMElement($this->myDOMNode->parentNode, $this->myOwnerDocument); - } - - function prefix() - { - return $this->myDOMNode->prefix; - } - - function previous_sibling() - { - return self::_newDOMElement($this->myDOMNode->previousSibling, $this->myOwnerDocument); - } - - function remove_child($oldchild) - { - return self::_newDOMElement($this->myDOMNode->removeChild($oldchild->myDOMNode), $this->myOwnerDocument); - } - - function replace_child($newnode, $oldnode) - { - return self::_newDOMElement($this->myDOMNode->replaceChild($this->_importNode($newnode), $oldnode->myDOMNode), - $this->myOwnerDocument); - } - - function replace_node($newnode) - { - return self::_newDOMElement($this->myDOMNode->parentNode->replaceChild($this->_importNode($newnode), - $this->myDOMNode), $this->myOwnerDocument); - } - - function set_content($text) - { - return $this->myDOMNode->appendChild($this->myDOMNode->ownerDocument->createTextNode(_entityDecode($text))); - } //Entity problem reported by AL-DesignWorks 2007-09-07 - - //function set_name($name) {return $this->myOwnerDocument->renameNode($this->myDOMNode,$this->myDOMNode->namespaceURI,$name);} - function set_namespace($uri, $prefix = null) - {//Contributions by Daniel Walker 2006-09-08 - $nsprefix = $this->myDOMNode->lookupPrefix($uri); - if ($nsprefix == null) { - $nsprefix = $prefix == null ? $nsprefix = 'a' . sprintf('%u', crc32($uri)) : $prefix; - if ($this->myDOMNode->nodeType === XML_ATTRIBUTE_NODE) { - if (($prefix != null) && $this->myDOMNode->ownerElement->hasAttributeNS('http://www.w3.org/2000/xmlns/', - $nsprefix) && - ($this->myDOMNode->ownerElement->getAttributeNS('http://www.w3.org/2000/xmlns/', $nsprefix) != $uri) - ) {//Remove namespace - $parent = $this->myDOMNode->ownerElement; - $parent->removeAttributeNode($this->myDOMNode); - $parent->setAttribute($this->myDOMNode->localName, $this->myDOMNode->nodeValue); - $this->myDOMNode = $parent->getAttributeNode($this->myDOMNode->localName); - return; - } - $this->myDOMNode->ownerElement->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:' . $nsprefix, - $uri); - } - } - if ($this->myDOMNode->nodeType === XML_ATTRIBUTE_NODE) { - $parent = $this->myDOMNode->ownerElement; - $parent->removeAttributeNode($this->myDOMNode); - $parent->setAttributeNS($uri, $nsprefix . ':' . $this->myDOMNode->localName, $this->myDOMNode->nodeValue); - $this->myDOMNode = $parent->getAttributeNodeNS($uri, $this->myDOMNode->localName); - } elseif ($this->myDOMNode->nodeType === XML_ELEMENT_NODE) { - $NewNode = $this->myDOMNode->ownerDocument->createElementNS($uri, - $nsprefix . ':' . $this->myDOMNode->localName); - foreach ($this->myDOMNode->attributes as $n) { - $NewNode->appendChild($n->cloneNode(true)); - } - foreach ($this->myDOMNode->childNodes as $n) { - $NewNode->appendChild($n->cloneNode(true)); - } - $xpath = new DOMXPath($this->myDOMNode->ownerDocument); - $myDOMNodeList = $xpath->query('namespace::*[name()!="xml"]', $this->myDOMNode); //Add old namespaces - foreach ($myDOMNodeList as $n) { - $NewNode->setAttributeNS('http://www.w3.org/2000/xmlns/', $n->nodeName, $n->nodeValue); - } - $this->myDOMNode->parentNode->replaceChild($NewNode, $this->myDOMNode); - $this->myDOMNode = $NewNode; - } - } - - function unlink_node() - { - if ($this->myDOMNode->parentNode != null) { - if ($this->myDOMNode->nodeType === XML_ATTRIBUTE_NODE) { - $this->myDOMNode->parentNode->removeAttributeNode($this->myDOMNode); - } else { - $this->myDOMNode->parentNode->removeChild($this->myDOMNode); - } - } - } - - protected function _importNode($newnode) - { - return $this->myOwnerDocument === $newnode->myOwnerDocument ? $newnode->myDOMNode : $this->myOwnerDocument->myDOMNode->importNode($newnode->myDOMNode, - true); - } //To import DOMNode from another DOMDocument - - static function _newDOMElement($aDOMNode, $aOwnerDocument) - {//Check the PHP5 DOMNode before creating a new associated PHP4 DOMNode wrapper - if ($aDOMNode == null) { - return null; - } - switch ($aDOMNode->nodeType) { - case XML_ELEMENT_NODE: - return new php4DOMElement($aDOMNode, $aOwnerDocument); - case XML_TEXT_NODE: - return new php4DOMText($aDOMNode, $aOwnerDocument); - case XML_ATTRIBUTE_NODE: - return new php4DOMAttr($aDOMNode, $aOwnerDocument); - case XML_PI_NODE: - return new php4DomProcessingInstruction($aDOMNode, $aOwnerDocument); - default: - return new php4DOMNode($aDOMNode, $aOwnerDocument); - } - } -} - -class php4DomProcessingInstruction extends php4DOMNode -{ - function data() - { - return $this->myDOMNode->data; - } - - function target() - { - return $this->myDOMNode->target; - } -} - -class php4DOMText extends php4DOMNode -{ - function __get($name) - { - if ($name === 'tagname') { - return '#text'; - } else { - return parent::__get($name); - } - } - - function tagname() - { - return '#text'; - } - - function set_content($text) - { - $this->myDOMNode->nodeValue = $text; - return true; - } -} - -if (!defined('XPATH_NODESET')) { - define('XPATH_UNDEFINED', 0); - define('XPATH_NODESET', 1); - define('XPATH_BOOLEAN', 2); - define('XPATH_NUMBER', 3); - define('XPATH_STRING', 4); - /*define('XPATH_POINT',5); - define('XPATH_RANGE',6); - define('XPATH_LOCATIONSET',7); - define('XPATH_USERS',8); - define('XPATH_XSLT_TREE',9);*/ -} - -class php4DOMNodelist -{ - private $myDOMNodelist; - public $nodeset; - public $type = XPATH_UNDEFINED; - public $value; - - function php4DOMNodelist($aDOMNodelist, $aOwnerDocument) - { - if (!isset($aDOMNodelist)) { - return; - } elseif (is_object($aDOMNodelist) || is_array($aDOMNodelist)) { - if ($aDOMNodelist->length > 0) { - $this->myDOMNodelist = $aDOMNodelist; - $this->nodeset = array(); - $this->type = XPATH_NODESET; - $i = 0; - while ($node = $this->myDOMNodelist->item($i++)) { - $this->nodeset[] = php4DOMNode::_newDOMElement($node, $aOwnerDocument); - } - } - } elseif (is_int($aDOMNodelist) || is_float($aDOMNodelist)) { - $this->type = XPATH_NUMBER; - $this->value = $aDOMNodelist; - } elseif (is_bool($aDOMNodelist)) { - $this->type = XPATH_BOOLEAN; - $this->value = $aDOMNodelist; - } elseif (is_string($aDOMNodelist)) { - $this->type = XPATH_STRING; - $this->value = $aDOMNodelist; - } - } -} - -class php4DOMXPath -{ - public $myDOMXPath; - private $myOwnerDocument; - - function php4DOMXPath($dom_document) - { - //TODO: If $dom_document is a DomElement, make that default $contextnode and modify XPath. Ex: '/test' - $this->myOwnerDocument = $dom_document->myOwnerDocument; - $this->myDOMXPath = new DOMXPath($this->myOwnerDocument->myDOMNode); - } - - function xpath_eval($eval_str, $contextnode = null) - { - if (method_exists($this->myDOMXPath, 'evaluate')) { - $xp = isset($contextnode) ? $this->myDOMXPath->evaluate($eval_str, - $contextnode->myDOMNode) : $this->myDOMXPath->evaluate($eval_str); - } else { - $xp = isset($contextnode) ? $this->myDOMXPath->query($eval_str, - $contextnode->myDOMNode) : $this->myDOMXPath->query($eval_str); - } - $xp = new php4DOMNodelist($xp, $this->myOwnerDocument); - return ($xp->type === XPATH_UNDEFINED) ? false : $xp; - } - - function xpath_register_ns($prefix, $namespaceURI) - { - return $this->myDOMXPath->registerNamespace($prefix, $namespaceURI); - } -} - -if (extension_loaded('xsl')) {//See also: http://alexandre.alapetite.net/doc-alex/xslt-php4-php5/ - function domxml_xslt_stylesheet($xslstring) - { - return new php4DomXsltStylesheet(DOMDocument::loadXML($xslstring)); - } - - function domxml_xslt_stylesheet_doc($dom_document) - { - return new php4DomXsltStylesheet($dom_document); - } - - function domxml_xslt_stylesheet_file($xslfile) - { - return new php4DomXsltStylesheet(DOMDocument::load($xslfile)); - } - - class php4DomXsltStylesheet - { - private $myxsltProcessor; - - function php4DomXsltStylesheet($dom_document) - { - $this->myxsltProcessor = new xsltProcessor(); - $this->myxsltProcessor->importStyleSheet($dom_document); - } - - function process($dom_document, $xslt_parameters = array(), $param_is_xpath = false) - { - foreach ($xslt_parameters as $param => $value) { - $this->myxsltProcessor->setParameter('', $param, $value); - } - $myphp4DOMDocument = new php4DOMDocument(); - $myphp4DOMDocument->myDOMNode = $this->myxsltProcessor->transformToDoc($dom_document->myDOMNode); - return $myphp4DOMDocument; - } - - function result_dump_file($dom_document, $filename) - { - $html = $dom_document->myDOMNode->saveHTML(); - file_put_contents($filename, $html); - return $html; - } - - function result_dump_mem($dom_document) - { - return $dom_document->myDOMNode->saveHTML(); - } - } -} diff --git a/main/auth/cas/lib/CAS/languages/catalan.php b/main/auth/cas/lib/CAS/languages/catalan.php deleted file mode 100755 index 3d67473d98..0000000000 --- a/main/auth/cas/lib/CAS/languages/catalan.php +++ /dev/null @@ -1,27 +0,0 @@ - - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ - -$this->_strings = array( - CAS_STR_USING_SERVER - => 'usant servidor', - CAS_STR_AUTHENTICATION_WANTED - => 'Autentificació CAS necessària!', - CAS_STR_LOGOUT - => 'Sortida de CAS necessària!', - CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED - => 'Ja hauria d\ haver estat redireccionat al servidor CAS. Feu click aquí per a continuar.', - CAS_STR_AUTHENTICATION_FAILED - => 'Autentificació CAS fallida!', - CAS_STR_YOU_WERE_NOT_AUTHENTICATED - => '

No estàs autentificat.

Pots tornar a intentar-ho fent click aquí.

Si el problema persisteix hauría de contactar amb l\'administrador d\'aquest llocc.

', - CAS_STR_SERVICE_UNAVAILABLE - => 'El servei `%s\' no està disponible (%s).' -); - -?> diff --git a/main/auth/cas/lib/CAS/languages/english.php b/main/auth/cas/lib/CAS/languages/english.php deleted file mode 100755 index c143450314..0000000000 --- a/main/auth/cas/lib/CAS/languages/english.php +++ /dev/null @@ -1,27 +0,0 @@ - - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ - -$this->_strings = array( - CAS_STR_USING_SERVER - => 'using server', - CAS_STR_AUTHENTICATION_WANTED - => 'CAS Authentication wanted!', - CAS_STR_LOGOUT - => 'CAS logout wanted!', - CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED - => 'You should already have been redirected to the CAS server. Click here to continue.', - CAS_STR_AUTHENTICATION_FAILED - => 'CAS Authentication failed!', - CAS_STR_YOU_WERE_NOT_AUTHENTICATED - => '

You were not authenticated.

You may submit your request again by clicking here.

If the problem persists, you may contact the administrator of this site.

', - CAS_STR_SERVICE_UNAVAILABLE - => 'The service `%s\' is not available (%s).' -); - -?> \ No newline at end of file diff --git a/main/auth/cas/lib/CAS/languages/french.php b/main/auth/cas/lib/CAS/languages/french.php deleted file mode 100755 index b077ec02e9..0000000000 --- a/main/auth/cas/lib/CAS/languages/french.php +++ /dev/null @@ -1,28 +0,0 @@ - - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ - -$this->_strings = array( - CAS_STR_USING_SERVER - => 'utilisant le serveur', - CAS_STR_AUTHENTICATION_WANTED - => 'Authentication CAS n�cessaire !', - CAS_STR_LOGOUT - => 'D�connexion demand�e !', - CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED - => 'Vous auriez du etre redirig�(e) vers le serveur CAS. Cliquez ici pour continuer.', - CAS_STR_AUTHENTICATION_FAILED - => 'Authentification CAS infructueuse !', - CAS_STR_YOU_WERE_NOT_AUTHENTICATED - => '

Vous n\'avez pas �t� authentifi�(e).

Vous pouvez soumettre votre requete � nouveau en cliquant ici.

Si le probl�me persiste, vous pouvez contacter l\'administrateur de ce site.

', - CAS_STR_SERVICE_UNAVAILABLE - => 'Le service `%s\' est indisponible (%s)' - -); - -?> \ No newline at end of file diff --git a/main/auth/cas/lib/CAS/languages/german.php b/main/auth/cas/lib/CAS/languages/german.php deleted file mode 100755 index 29daeb35dd..0000000000 --- a/main/auth/cas/lib/CAS/languages/german.php +++ /dev/null @@ -1,27 +0,0 @@ - - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ - -$this->_strings = array( - CAS_STR_USING_SERVER - => 'via Server', - CAS_STR_AUTHENTICATION_WANTED - => 'CAS Authentifizierung erforderlich!', - CAS_STR_LOGOUT - => 'CAS Abmeldung!', - CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED - => 'eigentlich häten Sie zum CAS Server weitergeleitet werden sollen. Drücken Sie hier um fortzufahren.', - CAS_STR_AUTHENTICATION_FAILED - => 'CAS Anmeldung fehlgeschlagen!', - CAS_STR_YOU_WERE_NOT_AUTHENTICATED - => '

Sie wurden nicht angemeldet.

Um es erneut zu versuchen klicken Sie hier.

Wenn das Problem bestehen bleibt, kontkatieren Sie den Administrator dieser Seite.

', - CAS_STR_SERVICE_UNAVAILABLE - => 'Der Dienst `%s\' ist nicht verfügbar (%s).' -); - -?> \ No newline at end of file diff --git a/main/auth/cas/lib/CAS/languages/greek.php b/main/auth/cas/lib/CAS/languages/greek.php deleted file mode 100755 index fdff77e4e5..0000000000 --- a/main/auth/cas/lib/CAS/languages/greek.php +++ /dev/null @@ -1,27 +0,0 @@ - - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ - -$this->_strings = array( - CAS_STR_USING_SERVER - => '��������������� � ������������', - CAS_STR_AUTHENTICATION_WANTED - => '���������� � ����������� CAS!', - CAS_STR_LOGOUT - => '���������� � ���������� ��� CAS!', - CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED - => '�� ������ �� ������ �������������� ���� ����������� CAS. ����� ���� ��� ��� �� ����������.', - CAS_STR_AUTHENTICATION_FAILED - => '� ����������� CAS �������!', - CAS_STR_YOU_WERE_NOT_AUTHENTICATED - => '

��� ���������������.

�������� �� ����������������, �������� ���� ���.

��� �� �������� ���������, ����� �� ����� �� ��� �����������.

', - CAS_STR_SERVICE_UNAVAILABLE - => '� �������� `%s\' ��� ����� ��������� (%s).' -); - -?> \ No newline at end of file diff --git a/main/auth/cas/lib/CAS/languages/japanese.php b/main/auth/cas/lib/CAS/languages/japanese.php deleted file mode 100755 index 76ebe77bcf..0000000000 --- a/main/auth/cas/lib/CAS/languages/japanese.php +++ /dev/null @@ -1,27 +0,0 @@ -_strings = array( - CAS_STR_USING_SERVER - => 'using server', - CAS_STR_AUTHENTICATION_WANTED - => 'CAS�ˤ��ǧ�ڤ�Ԥ��ޤ�', - CAS_STR_LOGOUT - => 'CAS����?�����Ȥ��ޤ�!', - CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED - => 'CAS�����Ф˹Ԥ�ɬ�פ�����ޤ�����ưŪ��ž������ʤ����� ������ �򥯥�å�����³�Ԥ��ޤ���', - CAS_STR_AUTHENTICATION_FAILED - => 'CAS�ˤ��ǧ�ڤ˼��Ԥ��ޤ���', - CAS_STR_YOU_WERE_NOT_AUTHENTICATED - => '

ǧ�ڤǤ��ޤ���Ǥ���.

�⤦���٥ꥯ�����Ȥ�������������������򥯥�å�.

���꤬��褷�ʤ����� ���Υ����Ȥδ�������䤤��碌�Ƥ�������.

', - CAS_STR_SERVICE_UNAVAILABLE - => '�����ӥ� `%s\' �����ѤǤ��ޤ��� (%s).' -); - -?> \ No newline at end of file diff --git a/main/auth/cas/lib/CAS/languages/languages.php b/main/auth/cas/lib/CAS/languages/languages.php deleted file mode 100755 index 2c6f8bb3b3..0000000000 --- a/main/auth/cas/lib/CAS/languages/languages.php +++ /dev/null @@ -1,24 +0,0 @@ - - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ - -//@{ -/** - * a phpCAS string index - */ -define("CAS_STR_USING_SERVER", 1); -define("CAS_STR_AUTHENTICATION_WANTED", 2); -define("CAS_STR_LOGOUT", 3); -define("CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED", 4); -define("CAS_STR_AUTHENTICATION_FAILED", 5); -define("CAS_STR_YOU_WERE_NOT_AUTHENTICATED", 6); -define("CAS_STR_SERVICE_UNAVAILABLE", 7); -//@} - -?> \ No newline at end of file diff --git a/main/auth/cas/lib/CAS/languages/spanish.php b/main/auth/cas/lib/CAS/languages/spanish.php deleted file mode 100755 index 3a8ffc2535..0000000000 --- a/main/auth/cas/lib/CAS/languages/spanish.php +++ /dev/null @@ -1,27 +0,0 @@ - - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ - -$this->_strings = array( - CAS_STR_USING_SERVER - => 'usando servidor', - CAS_STR_AUTHENTICATION_WANTED - => '¡Autentificación CAS necesaria!', - CAS_STR_LOGOUT - => '¡Salida CAS necesaria!', - CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED - => 'Ya debería haber sido redireccionado al servidor CAS. Haga click aquí para continuar.', - CAS_STR_AUTHENTICATION_FAILED - => '¡Autentificación CAS fallida!', - CAS_STR_YOU_WERE_NOT_AUTHENTICATED - => '

No estás autentificado.

Puedes volver a intentarlo haciendo click aquí.

Si el problema persiste debería contactar con el administrador de este sitio.

', - CAS_STR_SERVICE_UNAVAILABLE - => 'El servicio `%s\' no está disponible (%s).' -); - -?> diff --git a/main/auth/cas/logincas.php b/main/auth/cas/logincas.php deleted file mode 100755 index 4d426cb3ba..0000000000 --- a/main/auth/cas/logincas.php +++ /dev/null @@ -1,56 +0,0 @@ - You are not allowed to see this page. -> Sorry, you are not allowed to access this page, or maybe your connection has expired. -> Please click your browser's \"Back\" button or follow the link below to return to the previous page -If we click on the link to go to homepage, some datas are entered in $_SESSION and if we enter our CAS login, -we go to api_not_allowad_page again and again -As a result, if we are not logged on, we have to destroy the session variables, before calling CAS page -*/ -if (api_is_anonymous()) { - Session::destroy(); -} - -if (cas_configured()) { - $firstpage = ""; - if (isset($_GET['firstpage'])) { - $firstpage = $_GET['firstpage']; - setcookie("GotoCourse", $firstpage); - } - if (!is_object($PHPCAS_CLIENT)) { - phpCAS::client( - $cas_auth_ver, - $cas_auth_server, - $cas_auth_port, - $cas_auth_uri - ); - phpCAS::setNoCasServerValidation(); - } - phpCAS::forceAuthentication(); - header('Location: '.api_get_path(WEB_PATH).api_get_setting('page_after_login')); -} else { - header('Location: '.api_get_path(WEB_PATH)); -} diff --git a/main/auth/cas/logout.php b/main/auth/cas/logout.php deleted file mode 100755 index d3fd03b5c8..0000000000 --- a/main/auth/cas/logout.php +++ /dev/null @@ -1,13 +0,0 @@ - $GLOBALS['facebook_config']['appId'], - 'app_secret' => $GLOBALS['facebook_config']['secret'], - 'default_graph_version' => 'v2.2', - ]); - - $helper = $fb->getRedirectLoginHelper(); - - try { - $accessToken = $helper->getAccessToken(); - } catch (Facebook\Exceptions\FacebookResponseException $e) { - Display::addFlash( - Display::return_message('Facebook Graph returned an error: '.$e->getMessage(), 'error') - ); - - header('Location: '.api_get_path(WEB_PATH)); - exit; - } catch (Facebook\Exceptions\FacebookSDKException $e) { - Display::addFlash( - Display::return_message('Facebook SDK returned an error: '.$e->getMessage(), 'error') - ); - - header('Location: '.api_get_path(WEB_PATH)); - exit; - } - - if (!isset($accessToken)) { - if (!$helper->getError()) { - return; - } - - if (isset($_GET['loginFailed'])) { - return; - } - - $error = implode('
', [ - 'Error: '.$helper->getError(), - 'Error Code: '.$helper->getErrorCode(), - 'Error Reason: '.$helper->getErrorReason(), - 'Error Description: '.$helper->getErrorDescription(), - ]); - - Display::addFlash( - Display::return_message($error, 'error', false) - ); - - header('Location: '.api_get_path(WEB_PATH)); - exit; - } - - $oAuth2Client = $fb->getOAuth2Client(); - $tokenMetadata = $oAuth2Client->debugToken($accessToken); - $tokenMetadata->validateAppId($GLOBALS['facebook_config']['appId']); - $tokenMetadata->validateExpiration(); - - if (!$accessToken->isLongLived()) { - try { - $accessToken = $oAuth2Client->getLongLivedAccessToken($accessToken); - } catch (Facebook\Exceptions\FacebookSDKException $e) { - Display::addFlash( - Display::return_message('Error getting long-lived access token: '.$e->getMessage(), 'error') - ); - - header('Location: '.api_get_path(WEB_PATH)); - exit; - } - } - - try { - $response = $fb->get('/me?fields=id,first_name,last_name,locale,email', $accessToken->getValue()); - } catch (Facebook\Exceptions\FacebookResponseException $e) { - Display::addFlash( - Display::return_message('Graph returned an error: '.$e->getMessage(), 'error') - ); - - header('Location: '.api_get_path(WEB_PATH)); - exit; - } catch (Facebook\Exceptions\FacebookSDKException $e) { - Display::addFlash( - Display::return_message('Facebook SDK returned an error: '.$e->getMessage(), 'error') - ); - - header('Location: '.api_get_path(WEB_PATH)); - exit; - } - - $user = $response->getGraphUser(); - $language = facebookPluginGetLanguage($user['locale']); - - if (!$language) { - $language = 'en_US'; - } - - $u = [ - 'firstname' => $user->getFirstName(), - 'lastname' => $user->getLastName(), - 'status' => STUDENT, - 'email' => $user->getEmail(), - 'username' => changeToValidChamiloLogin($user->getEmail()), - 'language' => $language, - 'password' => 'facebook', - 'auth_source' => 'facebook', - 'extra' => [], - ]; - $chamiloUinfo = api_get_user_info_from_email($user->getEmail()); - - $_user['uidReset'] = true; - $_user['language'] = $language; - - if ($chamiloUinfo === false) { - // We have to create the user - $chamilo_uid = external_add_user($u); - - if ($chamilo_uid === false) { - Display::addFlash( - Display::return_message(get_lang('UserNotRegistered'), 'error') - ); - - header('Location: '.api_get_path(WEB_PATH)); - exit; - } - - $_user['user_id'] = $chamilo_uid; - $_SESSION['_user'] = $_user; - - header('Location: '.api_get_path(WEB_PATH)); - exit(); - } - - // User already exists, update info and login - $chamilo_uid = $chamiloUinfo['user_id']; - $u['user_id'] = $chamilo_uid; - external_update_user($u); - $_user['user_id'] = $chamilo_uid; - $_SESSION['_user'] = $_user; - - header('Location: '.api_get_path(WEB_PATH)); - exit(); -} - -/** - * Get facebook login url for the platform. - * - * @return string - */ -function facebookGetLoginUrl() -{ - $fb = new \Facebook\Facebook([ - 'app_id' => $GLOBALS['facebook_config']['appId'], - 'app_secret' => $GLOBALS['facebook_config']['secret'], - 'default_graph_version' => 'v2.2', - ]); - - $helper = $fb->getRedirectLoginHelper(); - $loginUrl = $helper->getLoginUrl(api_get_path(WEB_PATH).'?action=fbconnect', [ - 'email', - ]); - - return $loginUrl; -} - -/** - * Return a valid Chamilo login - * Chamilo login only use characters lettres, des chiffres et les signes _ . -. - * - * @param $in_txt - * - * @return mixed - */ -function changeToValidChamiloLogin($in_txt) -{ - return preg_replace("/[^a-zA-Z1-9_\-.]/", "_", $in_txt); -} - -/** - * Get user language. - * - * @param string $language - * - * @return bool - */ -function facebookPluginGetLanguage($language = 'en_US') -{ - $language = substr($language, 0, 2); - $sqlResult = Database::query( - "SELECT english_name FROM ". - Database::get_main_table(TABLE_MAIN_LANGUAGE). - " WHERE available = 1 AND isocode = '$language'" - ); - if (Database::num_rows($sqlResult)) { - $result = Database::fetch_array($sqlResult); - - return $result['english_name']; - } - - return false; -} diff --git a/main/auth/external_login/facebook.init.php b/main/auth/external_login/facebook.init.php deleted file mode 100755 index ed03719cdd..0000000000 --- a/main/auth/external_login/facebook.init.php +++ /dev/null @@ -1,24 +0,0 @@ - $user_info['firstname'], - 'lastname' => $user_info['lastname'], - 'status' => $status, - 'admin' => $admin, - 'email' => $user_info['email'], - 'username' => $user_info['username'], - 'language' => $language, - 'password' => DEFAULT_PASSWORD, - 'courses' => $user_info['courses'], - 'profile_link' => $user_info['profile_link'], - 'worldwide_bu' => $user_info['worlwide_bu'], - 'manager' => $user_info['manager'], - 'extra' => [ - 'position_title' => $user_info['position_title'], - 'country' => $user_info['country'], - 'job_family' => $user_info['job_family'], - 'country_bu' => $user_info['country_bu'], - 'worldwide_bu' => $user_info['worldwide_bu'], - 'profile_link' => $user_info['profile_link'], - 'can_send_message' => $can_send_message, - 'update_type' => 'external_logininfo', ], - ]; - - return $u; //Please return false if user does not exist - //return false; -} - -/** - * Return an array with all user info. - * - * @param associative array with at least thes fields setted : - firstname, lastname, status, email, login, password - * @return mixed new user id - if the new user creation succeeds, false otherwise - * */ -function external_add_user($u) -{ - //Setting default - if (empty($u['password'])) { - $u['password'] = null; - } - if (empty($u['status'])) { - $u['status'] = 5; - } - if (!isset($u['official_code'])) { - $u['official_code'] = ''; - } - if (!isset($u['language'])) { - $u['language'] = ''; - } - if (!isset($u['phone'])) { - $u['phone'] = ''; - } - if (!isset($u['picture_uri'])) { - $u['picture_uri'] = ''; - } - if (!isset($u['auth_source'])) { - $u['auth_source'] = PLATFORM_AUTH_SOURCE; - } - if (!isset($u['expiration_date'])) { - $u['expiration_date'] = ''; - } - if (!isset($u['active'])) { - $u['active'] = 1; - } - if (!isset($u['hr_dept_id'])) { - $u['hr_dept_id'] = 0; - } //id of responsible HR - if (!isset($u['extra'])) { - $u['extra'] = null; - } - if (!isset($u['encrypt_method'])) { - $u['encrypt_method'] = ''; - } - - $chamilo_uid = UserManager::create_user( - $u['firstname'], - $u['lastname'], - $u['status'], - $u['email'], - $u['username'], - $u['password'], - $u['official_code'], - $u['language'], - $u['phone'], - $u['picture_uri'], - $u['auth_source'], - $u['expiration_date'], - $u['active'], - $u['hr_dept_id'], - $u['extra'], - $u['encrypt_method'] - ); - - return $chamilo_uid; -} - -/** - * Update the user in chamilo database. It upgrade only info that is present in the - * new_user array. - * - * @param $new_user associative array with the value to upgrade - * WARNING user_id key is MANDATORY - * Possible keys are : - * - firstname - * - lastname - * - username - * - auth_source - * - email - * - status - * - official_code - * - phone - * - picture_uri - * - expiration_date - * - active - * - creator_id - * - hr_dept_id - * - extra : array of custom fields - * - language - * - courses : string of all courses code separated by '|' - * - admin : boolean - * - * @return bool|null - * - * @author ndiechburg - * */ -function external_update_user($new_user) -{ - $old_user = api_get_user_info($new_user['user_id']); - $u = array_merge($old_user, $new_user); - $updated = UserManager::update_user( - $u['user_id'], - $u['firstname'], - $u['lastname'], - $u['username'], - null, - $u['auth_source'], - $u['email'], - $u['status'], - $u['official_code'], - $u['phone'], - $u['picture_uri'], - $u['expiration_date'], - $u['active'], - $u['creator_id'], - $u['hr_dept_id'], - $u['extra'], - $u['language'], - '' - ); - if (isset($u['courses']) && !empty($u['courses'])) { - $autoSubscribe = explode('|', $u['courses']); - foreach ($autoSubscribe as $code) { - if (CourseManager::course_exists($code)) { - CourseManager::subscribe_user($u['user_id'], $code); - } - } - } - // Is User Admin ? - //TODO decomments and check that user_is is not already in admin table - /* - if (isset($u['admin']) && $u['admin']){ - - $table = Database::get_main_table(TABLE_MAIN_ADMIN); - $res = Database::query("SELECT * from $table WHERE user_id = ".$u['user_id']); - } */ -} diff --git a/main/auth/external_login/ldap.inc.php b/main/auth/external_login/ldap.inc.php deleted file mode 100755 index e010db9325..0000000000 --- a/main/auth/external_login/ldap.inc.php +++ /dev/null @@ -1,407 +0,0 @@ - - * */ -function extldap_purify_string($string) -{ - global $extldap_config; - if (isset($extldap_config['encoding'])) { - return trim(api_to_system_encoding($string, $extldap_config['encoding'])); - } else { - return trim($string); - } -} - -/** - * Establishes a connection to the LDAP server and sets the protocol version. - * - * @return bool ldap link identifier or false - * - * @author ndiechburg - * */ -function extldap_connect() -{ - global $extldap_config, $debug; - - if (!is_array($extldap_config['host'])) { - $extldap_config['host'] = [$extldap_config['host']]; - } - - foreach ($extldap_config['host'] as $host) { - //Trying to connect - if (isset($extldap_config['port'])) { - $ds = ldap_connect($host, $extldap_config['port']); - } else { - $ds = ldap_connect($host); - } - if (!$ds) { - $port = isset($extldap_config['port']) ? $extldap_config['port'] : 389; - if ($debug) { - error_log( - 'EXTLDAP ERROR : cannot connect to '.$extldap_config['host'].':'.$port - ); - } - } else { - break; - } - } - if (!$ds) { - if ($debug) { - error_log('EXTLDAP ERROR : no valid server found'); - } - - return false; - } - // Setting protocol version - if (isset($extldap_config['protocol_version'])) { - if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $extldap_config['protocol_version'])) { - ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 2); - } - } - - // Setting protocol version - if (isset($extldap_config['referrals'])) { - if (!ldap_set_option($ds, LDAP_OPT_REFERRALS, $extldap_config['referrals'])) { - ldap_set_option($ds, LDAP_OPT_REFERRALS, $extldap_config['referrals']); - } - } - - return $ds; -} - -/** - * Authenticate user on external ldap server and return user ldap entry if that succeeds. - * - * @param string $password - * - * @return mixed false if user cannot authenticate on ldap, user ldap entry if tha succeeds - * - * @author ndiechburg - * Modified by hubert.borderiou@grenet.fr - * Add possibility to get user info from LDAP without check password (if CAS auth and LDAP profil update) - * - * */ -function extldap_authenticate($username, $password, $in_auth_with_no_password = false) -{ - global $extldap_config, $debug; - - if (empty($username) || empty($password)) { - return false; - } - - $ds = extldap_connect(); - if (!$ds) { - return false; - } - - // Connection as admin to search dn of user - $ldapbind = @ldap_bind($ds, $extldap_config['admin_dn'], $extldap_config['admin_password']); - if ($ldapbind === false) { - if ($debug) { - error_log( - 'EXTLDAP ERROR : cannot connect with admin login/password' - ); - } - - return false; - } - $user_search = extldap_get_user_search_string($username); - // Search distinguish name of user - $sr = ldap_search($ds, $extldap_config['base_dn'], $user_search); - if (!$sr) { - if ($debug) { - error_log( - 'EXTLDAP ERROR : ldap_search('.$ds.', '.$extldap_config['base_dn'].", $user_search) failed" - ); - } - - return false; - } - - $entries_count = ldap_count_entries($ds, $sr); - - if ($entries_count > 1) { - if ($debug) { - error_log( - 'EXTLDAP ERROR : more than one entry for that user ( ldap_search(ds, '.$extldap_config['base_dn'].", $user_search) )" - ); - } - - return false; - } - if ($entries_count < 1) { - if ($debug) { - error_log( - 'EXTLDAP ERROR : No entry for that user ( ldap_search(ds, '.$extldap_config['base_dn'].", $user_search) )" - ); - } - - return false; - } - $users = ldap_get_entries($ds, $sr); - $user = $users[0]; - - // If we just want to have user info from LDAP and not to check password - if ($in_auth_with_no_password) { - return $user; - } - - // now we try to autenthicate the user in the ldap - $ubind = @ldap_bind($ds, $user['dn'], $password); - if ($ubind !== false) { - return $user; - } else { - if ($debug) { - error_log('EXTLDAP : Wrong password for '.$user['dn']); - } - - return false; - } -} - -/** - * Return an array with userinfo compatible with chamilo using $extldap_user_correspondance - * configuration array declared in ldap.conf.php file. - * - * @param array ldap user - * @param array correspondance array (if not set use extldap_user_correspondance declared in auth.conf.php - * - * @return array userinfo array - * - * @author ndiechburg - * */ -function extldap_get_chamilo_user($ldap_user, $cor = null) -{ - global $extldap_user_correspondance, $debug; - if (is_null($cor)) { - $cor = $extldap_user_correspondance; - } - - $chamilo_user = []; - foreach ($cor as $chamilo_field => $ldap_field) { - if (is_array($ldap_field)) { - $chamilo_user[$chamilo_field] = extldap_get_chamilo_user($ldap_user, $ldap_field); - continue; - } - - switch ($ldap_field) { - case 'func': - $func = "extldap_get_$chamilo_field"; - if (function_exists($func)) { - $chamilo_user[$chamilo_field] = extldap_purify_string($func($ldap_user)); - } else { - if ($debug) { - error_log( - "EXTLDAP WARNING : You forgot to declare $func" - ); - } - } - break; - default: - //if string begins with "!", then this is a constant - if ($ldap_field[0] === '!') { - $chamilo_user[$chamilo_field] = trim($ldap_field, "!\t\n\r\0"); - break; - } - if (isset($ldap_user[$ldap_field][0])) { - $chamilo_user[$chamilo_field] = extldap_purify_string($ldap_user[$ldap_field][0]); - } else { - if ($debug) { - error_log( - 'EXTLDAP WARNING : '.$ldap_field.'[0] field is not set in ldap array' - ); - } - } - break; - } - } - - return $chamilo_user; -} - -/** - * Please declare here all the function you use in extldap_user_correspondance - * All these functions must have an $ldap_user parameter. This parameter is the - * array returned by the ldap for the user. - * */ -function extldap_get_status($ldap_user) -{ - return STUDENT; -} - -function extldap_get_admin($ldap_user) -{ - return false; -} - -/** - * return the string used to search a user in ldap. - * - * @param string username - * - * @return string the serach string - * - * @author ndiechburg - * */ -function extldap_get_user_search_string($username) -{ - global $extldap_config; - // init - $filter = '('.$extldap_config['user_search'].')'; - // replacing %username% by the actual username - $filter = str_replace('%username%', $username, $filter); - // append a global filter if needed - if (isset($extldap_config['filter']) && $extldap_config['filter'] != "") { - $filter = '(&'.$filter.'('.$extldap_config['filter'].'))'; - } - - return $filter; -} - -/** - * Imports all LDAP users into Chamilo. - * - * @return false|null false on error, true otherwise - */ -function extldap_import_all_users() -{ - global $extldap_config, $debug; - //echo "Connecting...\n"; - $ds = extldap_connect(); - if (!$ds) { - return false; - } - //echo "Binding...\n"; - $ldapbind = false; - //Connection as admin to search dn of user - $ldapbind = @ldap_bind($ds, $extldap_config['admin_dn'], $extldap_config['admin_password']); - if ($ldapbind === false) { - if ($debug) { - error_log( - 'EXTLDAP ERROR : cannot connect with admin login/password' - ); - } - - return false; - } - //browse ASCII values from a to z to avoid 1000 results limit of LDAP - $count = 0; - $alphanum = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9']; - for ($a = 97; $a <= 122; $a++) { - $alphanum[] = chr($a); - } - foreach ($alphanum as $char1) { - foreach ($alphanum as $char2) { - //$user_search = "uid=*"; - $user_search = "sAMAccountName=$char1$char2*"; - //Search distinguish name of user - $sr = ldap_search($ds, $extldap_config['base_dn'], $user_search); - if (!$sr) { - if ($debug) { - error_log( - 'EXTLDAP ERROR : ldap_search('.$ds.', '.$extldap_config['base_dn'].", $user_search) failed" - ); - } - - return false; - } - //echo "Getting entries\n"; - $users = ldap_get_entries($ds, $sr); - //echo "Entries: ".$users['count']."\n"; - for ($key = 0; $key < $users['count']; $key++) { - $user_id = extldap_add_user_by_array($users[$key], true); - $count++; - } - } - } - //echo "Found $count users in total\n"; - @ldap_close($ds); -} - -/** - * Insert users from an array of user fields. - */ -function extldap_add_user_by_array($data, $update_if_exists = true) -{ - global $extldap_user_correspondance; - - $lastname = api_convert_encoding($data[$extldap_user_correspondance['lastname']][0], api_get_system_encoding(), 'UTF-8'); - $firstname = api_convert_encoding($data[$extldap_user_correspondance['firstname']][0], api_get_system_encoding(), 'UTF-8'); - $email = $data[$extldap_user_correspondance['email']][0]; - $username = $data[$extldap_user_correspondance['username']][0]; - - // TODO the password, if encrypted at the source, will be encrypted twice, which makes it useless. Try to fix that. - $passwordKey = isset($extldap_user_correspondance['password']) ? $extldap_user_correspondance['password'] : 'userPassword'; - $password = $data[$passwordKey][0]; - - // To ease management, we add the step-year (etape-annee) code - //$official_code = $etape."-".$annee; - $official_code = api_convert_encoding($data[$extldap_user_correspondance['official_code']][0], api_get_system_encoding(), 'UTF-8'); - $auth_source = 'ldap'; - - // No expiration date for students (recover from LDAP's shadow expiry) - $expiration_date = ''; - $active = 1; - $status = 5; - $phone = ''; - $picture_uri = ''; - // Adding user - $user_id = 0; - if (UserManager::is_username_available($username)) { - //echo "$username\n"; - $user_id = UserManager::create_user( - $firstname, - $lastname, - $status, - $email, - $username, - $password, - $official_code, - api_get_setting('platformLanguage'), - $phone, - $picture_uri, - $auth_source, - $expiration_date, - $active - ); - } else { - if ($update_if_exists) { - $user = api_get_user_info($username); - $user_id = $user['user_id']; - //echo "$username\n"; - UserManager::update_user( - $user_id, - $firstname, - $lastname, - $username, - null, - null, - $email, - $status, - $official_code, - $phone, - $picture_uri, - $expiration_date, - $active - ); - } - } - - return $user_id; -} diff --git a/main/auth/external_login/ldap_import_all_users.php b/main/auth/external_login/ldap_import_all_users.php deleted file mode 100755 index 3192eef4d3..0000000000 --- a/main/auth/external_login/ldap_import_all_users.php +++ /dev/null @@ -1,22 +0,0 @@ -setKeyLength(128); - $cipher->setKey($key); - $cipher->setIV($key); - - $cipheredPass = $cipher->encrypt($password); - // Mcrypt call left for documentation purposes - broken, see https://bugs.php.net/bug.php?id=51146 - //$cipheredPass = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $password, MCRYPT_MODE_CFB, $key); - - // Following lines present for debug purposes only - /* - $arr = preg_split('//', $cipheredPass, -1, PREG_SPLIT_NO_EMPTY); - foreach ($arr as $char) { - error_log(ord($char)); - } - */ - // Change to base64 to avoid communication alteration - $passCrypted = base64_encode($cipheredPass); - // The call to the webservice will change depending on your definition - try { - $response = $client->validateUser( - [ - 'user' => $username, - 'pass' => $passCrypted, - 'system' => 'chamilo', - ] - ); - } catch (SoapFault $fault) { - error_log('Caught something'); - if ($fault->faultstring != 'Could not connect to host') { - error_log('Not a connection problem'); - throw $fault; - } else { - error_log('Could not connect to WS host'); - } - - return 0; - } - - return $response->validateUserResult; -} diff --git a/main/auth/external_login/newUser.ldap.php b/main/auth/external_login/newUser.ldap.php deleted file mode 100755 index 7eb6979e27..0000000000 --- a/main/auth/external_login/newUser.ldap.php +++ /dev/null @@ -1,71 +0,0 @@ -getId(); - $_user['status'] = $chamiloUser->getStatus(); - $_user['uidReset'] = true; - Session::write('_user', $_user); - $uidReset = true; - // Is user admin? - if ($chamilo_user['admin'] === true) { - $is_platformAdmin = true; - Database::query("INSERT INTO admin values ('{$chamiloUser->getId()}')"); - } - Event::eventLogin($chamiloUser->getId()); - - MessageManager::sendNotificationByRegisteredUser($chamiloUser); - } -} else { - $loginFailed = true; - $uidReset = false; -} diff --git a/main/auth/external_login/newUser.php b/main/auth/external_login/newUser.php deleted file mode 100755 index 81701327d4..0000000000 --- a/main/auth/external_login/newUser.php +++ /dev/null @@ -1,54 +0,0 @@ - the user does not exist in the ldap database - // res=1 -> invalid password (user does exist) - - if ($res == 1) { //WRONG PASSWORD - //$errorMessage = "LDAP User or password incorrect, try again.
"; - if (isset($log)) { - unset($log); - } - if (isset($uid)) { - unset($uid); - } - $loginLdapSucces = false; - } - if ($res == -1) { //WRONG USERNAME - //$errorMessage = "LDAP User or password incorrect, try again.
"; - $login_ldap_success = false; - } - if ($res == 0) { //LOGIN & PASSWORD OK - SUCCES - //$errorMessage = "Successful login w/ LDAP.
"; - $login_ldap_success = true; - } - - //$result = "This is the result: $errorMessage"; - $result = $login_ldap_success; - - return $result; -} - -/** - * Find user info in LDAP. - * - * @return array Array with indexes: "firstname", "name", "email", "employeenumber" - * - * @author Stefan De Wannemacker - * @author Roan Embrechts - */ -function ldap_find_user_info($login) -{ - //error_log('Entering ldap_find_user_info('.$login.')',0); - global $ldap_host, $ldap_port, $ldap_basedn, $ldap_rdn, $ldap_pass, $ldap_search_dn; - // basic sequence with LDAP is connect, bind, search, - // interpret search result, close connection - - //echo "Connecting ..."; - $ldap_connect = ldap_connect($ldap_host, $ldap_port); - ldap_set_version($ldap_connect); - if ($ldap_connect) { - //echo " Connect to LDAP server successful "; - //echo "Binding ..."; - $ldap_bind = false; - $ldap_bind_res = ldap_handle_bind($ldap_connect, $ldap_bind); - if ($ldap_bind_res) { - //echo " LDAP bind successful... "; - //echo " Searching for uid... "; - // Search surname entry - //OLD: $sr=ldap_search($ldapconnect,"dc=rug, dc=ac, dc=be", "uid=$login"); - //echo "

ldapDc = '$LDAPbasedn'

"; - if (!empty($ldap_search_dn)) { - $sr = ldap_search($ldap_connect, $ldap_search_dn, "uid=$login"); - } else { - $sr = ldap_search($ldap_connect, $ldap_basedn, "uid=$login"); - } - //echo " Search result is ".$sr; - //echo " Number of entries returned is ".ldap_count_entries($ldapconnect,$sr); - //echo " Getting entries ..."; - $info = ldap_get_entries($ldap_connect, $sr); - //echo "Data for ".$info["count"]." items returned:

"; - } // else could echo "LDAP bind failed..."; - //echo "Closing LDAP connection

"; - ldap_close($ldap_connect); - } // else could echo "

Unable to connect to LDAP server

"; - //DEBUG: $result["firstname"] = "Jan"; $result["name"] = "De Test"; $result["email"] = "email@ugent.be"; - $result["firstname"] = $info[0]["cn"][0]; - $result["name"] = $info[0]["sn"][0]; - $result["email"] = $info[0]["mail"][0]; - $tutor_field = api_get_setting('ldap_filled_tutor_field'); - $result[$tutor_field] = $info[0][$tutor_field]; //employeenumber by default - - return $result; -} - -/** - * This function uses the data from ldap_find_user_info() - * to add the userdata to Chamilo - * "firstname", "name", "email", "isEmployee". - * - * @author Roan Embrechts - */ -function ldap_put_user_info_locally($login, $info_array) -{ - //error_log('Entering ldap_put_user_info_locally('.$login.',info_array)',0); - global $ldap_pass_placeholder; - global $submitRegistration, $submit, $uname, $email, - $nom, $prenom, $password, $password1, $status; - global $platformLanguage; - global $loginFailed, $uidReset, $_user; - - /*---------------------------------------------------------- - 1. set the necessary variables - ------------------------------------------------------------ */ - $uname = $login; - $email = $info_array["email"]; - $nom = $info_array["name"]; - $prenom = $info_array["firstname"]; - $password = $ldap_pass_placeholder; - $password1 = $ldap_pass_placeholder; - $official_code = ''; - - define("STUDENT", 5); - define("COURSEMANAGER", 1); - - $tutor_field = api_get_setting('ldap_filled_tutor_field'); - $tutor_value = api_get_setting('ldap_filled_tutor_field_value'); - if (empty($tutor_field)) { - $status = STUDENT; - } else { - if (empty($tutor_value)) { - //in this case, we are assuming that the admin didn't give a criteria - // so that if the field is not empty, it is a tutor - if (!empty($info_array[$tutor_field])) { - $status = COURSEMANAGER; - } else { - $status = STUDENT; - } - } else { - //the tutor_value is filled, so we need to check the contents of the LDAP field - if (is_array($info_array[$tutor_field]) && in_array($tutor_value, $info_array[$tutor_field])) { - $status = COURSEMANAGER; - } else { - $status = STUDENT; - } - } - } - //$official_code = xxx; //example: choose an attribute - - /*---------------------------------------------------------- - 2. add info to Chamilo - ------------------------------------------------------------ */ - - $language = api_get_setting('platformLanguage'); - if (empty($language)) { - $language = 'english'; - } - $_userId = UserManager::create_user( - $prenom, - $nom, - $status, - $email, - $uname, - $password, - $official_code, - $language, - '', - '', - 'ldap' - ); - - //echo "new user added to Chamilo, id = $_userId"; - - //user_id, username, password, auth_source - - /*---------------------------------------------------------- - 3. register session - ------------------------------------------------------------ */ - - $uData['user_id'] = $_userId; - $uData['username'] = $uname; - $uData['auth_source'] = "ldap"; - - $loginFailed = false; - $uidReset = true; - $_user['user_id'] = $uData['user_id']; - Session::write('_uid', $_user['user_id']); -} - -/** - * The code of UGent uses these functions to authenticate. - * function AuthVerifEnseignant ($uname, $passwd) - * function AuthVerifEtudiant ($uname, $passwd) - * function Authentif ($uname, $passwd). - * - * @todo translate the comments and code to english - * @todo let these functions use the variables in config.inc instead of ldap_var.inc - */ -/** - * Checks the existence of a member in LDAP. - * - * @param string username input on keyboard - * @param string password given by user - * - * @return int 0 if authentication succeeded, 1 if password was incorrect, -1 if it didn't belong to LDAP - */ -function ldap_authentication_check($uname, $passwd) -{ - //error_log('Entering ldap_authentication_check('.$uname.','.$passwd.')',0); - global $ldap_host, $ldap_port, $ldap_basedn, $ldap_host2, $ldap_port2, $ldap_rdn, $ldap_pass; - //error_log('Entering ldap_authentication_check('.$uname.','.$passwd.')',0); - // Establish anonymous connection with LDAP server - // Etablissement de la connexion anonyme avec le serveur LDAP - $ds = ldap_connect($ldap_host, $ldap_port); - ldap_set_version($ds); - - $test_bind = false; - $test_bind_res = ldap_handle_bind($ds, $test_bind); - //if problem, use the replica - if ($test_bind_res === false) { - $ds = ldap_connect($ldap_host2, $ldap_port2); - ldap_set_version($ds); - } // else: error_log('Connected to server '.$ldap_host); - if ($ds !== false) { - //Creation of filter containing values input by the user - // Here it might be necessary to use $filter="(samaccountName=$uname)"; - see http://support.chamilo.org/issues/4675 - $filter = "(uid=$uname)"; - // Open anonymous LDAP connection - $result = false; - $ldap_bind_res = ldap_handle_bind($ds, $result); - // Executing the search with the $filter parametr - //error_log('Searching for '.$filter.' on LDAP server',0); - $sr = ldap_search($ds, $ldap_basedn, $filter); - $info = ldap_get_entries($ds, $sr); - $dn = ($info[0]["dn"]); - // debug !! echo"
dn = $dn
pass = $passwd
"; - // closing 1st connection - ldap_close($ds); - } - - // test the Distinguish Name from the 1st connection - if ($dn == "") { - return -1; // doesn't belong to the addressbook - } - //bug ldap.. if password empty, return 1! - if ($passwd == "") { - return 1; - } - // Opening 2nd LDAP connection : Connection user for password check - $ds = ldap_connect($ldap_host, $ldap_port); - ldap_set_version($ds); - if (!$test_bind) { - $ds = ldap_connect($ldap_host2, $ldap_port2); - ldap_set_version($ds); - } - // return in case of wrong password connection error - if (@ldap_bind($ds, $dn, $passwd) === false) { - return 1; // invalid password - } else {// connection successfull - return 0; - } -} // end of check -/** - * Set the protocol version with version from config file (enables LDAP version 3). - * - * @param resource resource LDAP connexion resource, passed by reference - */ -function ldap_set_version(&$resource) -{ - //error_log('Entering ldap_set_version(&$resource)',0); - global $ldap_version; - if ($ldap_version > 2) { - ldap_set_option($resource, LDAP_OPT_PROTOCOL_VERSION, 3); - //ok - don't do anything - //failure - should switch back to version 2 by default - } -} -/** - * Handle bind (whether authenticated or not). - * - * @param resource The LDAP handler to which we are connecting (by reference) - * @param resource The LDAP bind handler we will be modifying - * @param bool $ldap_bind - * - * @return bool Status of the bind assignment. True for success, false for failure. - */ -function ldap_handle_bind(&$ldap_handler, &$ldap_bind) -{ - //error_log('Entering ldap_handle_bind(&$ldap_handler,&$ldap_bind)',0); - global $ldap_rdn, $ldap_pass, $extldap_config; - $ldap_rdn = $extldap_config['admin_dn']; - $ldap_pass = $extldap_config['admin_password']; - if (!empty($ldap_rdn) and !empty($ldap_pass)) { - //error_log('Trying authenticated login :'.$ldap_rdn.'/'.$ldap_pass,0); - $ldap_bind = ldap_bind($ldap_handler, $ldap_rdn, $ldap_pass); - if (!$ldap_bind) { - //error_log('Authenticated login failed',0); - //try in anonymous mode, you never know... - $ldap_bind = ldap_bind($ldap_handler); - } - } else { - // this is an "anonymous" bind, typically read-only access: - $ldap_bind = ldap_bind($ldap_handler); - } - if (!$ldap_bind) { - return false; - } else { - //error_log('Login finally OK',0); - return true; - } -} -/** - * Get the total number of users on the platform. - * - * @see SortableTable#get_total_number_of_items() - * - * @author Mustapha Alouani - */ -function ldap_get_users() -{ - global $ldap_basedn, $ldap_host, $ldap_port, $ldap_rdn, $ldap_pass, $ldap_search_dn, $extldap_user_correspondance; - - $keyword_firstname = isset($_GET['keyword_firstname']) ? trim(Database::escape_string($_GET['keyword_firstname'])) : ''; - $keyword_lastname = isset($_GET['keyword_lastname']) ? trim(Database::escape_string($_GET['keyword_lastname'])) : ''; - $keyword_username = isset($_GET['keyword_username']) ? trim(Database::escape_string($_GET['keyword_username'])) : ''; - $keyword_type = isset($_GET['keyword_type']) ? Database::escape_string($_GET['keyword_type']) : ''; - - $ldap_query = []; - - if ($keyword_username != "") { - $ldap_query[] = str_replace('%username%', $keyword_username, $ldap_search_dn); - } else { - if ($keyword_lastname != "") { - $ldap_query[] = "(".$extldap_user_correspondance['lastname']."=".$keyword_lastname."*)"; - } - if ($keyword_firstname != "") { - $ldap_query[] = "(".$extldap_user_correspondance['firstname']."=".$keyword_firstname."*)"; - } - } - if ($keyword_type != "" && $keyword_type != "all") { - $ldap_query[] = "(employeeType=".$keyword_type.")"; - } - - if (count($ldap_query) > 1) { - $str_query = "(& "; - foreach ($ldap_query as $query) { - $str_query .= " $query"; - } - $str_query .= " )"; - } else { - $str_query = count($ldap_query) > 0 ? $ldap_query[0] : null; - } - - $ds = ldap_connect($ldap_host, $ldap_port); - ldap_set_version($ds); - if ($ds && count($ldap_query) > 0) { - $r = false; - $res = ldap_handle_bind($ds, $r); - //$sr = ldap_search($ds, "ou=test-ou,$ldap_basedn", $str_query); - $sr = ldap_search($ds, $ldap_basedn, $str_query); - //echo "Le nombre de resultats est : ".ldap_count_entries($ds,$sr)."

"; - $info = ldap_get_entries($ds, $sr); - - return $info; - } else { - if (count($ldap_query) != 0) { - echo Display::return_message(get_lang('LDAPConnectionError'), 'error'); - } - - return []; - } -} - -/** - * Get the total number of users on the platform. - * - * @see SortableTable#get_total_number_of_items() - * - * @author Mustapha Alouani - */ -function ldap_get_number_of_users() -{ - $info = ldap_get_users(); - if (count($info) > 0) { - return $info['count']; - } else { - return 0; - } -} - -/** - * Get the users to display on the current page. - * - * @see SortableTable#get_table_data($from) - * - * @author Mustapha Alouani - */ -function ldap_get_user_data($from, $number_of_items, $column, $direction) -{ - global $extldap_user_correspondance; - - $users = []; - $is_western_name_order = api_is_western_name_order(); - if (isset($_GET['submit'])) { - $info = ldap_get_users(); - if ($info['count'] > 0) { - for ($key = 0; $key < $info["count"]; $key++) { - $user = []; - // Get uid from dn - //YW: this might be a variation between LDAP 2 and LDAP 3, but in LDAP 3, the uid is in - //the corresponding index of the array - //$dn_array=ldap_explode_dn($info[$key]["dn"],1); - //$user[] = $dn_array[0]; // uid is first key - //$user[] = $dn_array[0]; // uid is first key - $user[] = $info[$key][$extldap_user_correspondance['username']][0]; - $user[] = $info[$key][$extldap_user_correspondance['username']][0]; - if ($is_western_name_order) { - $user[] = api_convert_encoding($info[$key][$extldap_user_correspondance['firstname']][0], api_get_system_encoding(), 'UTF-8'); - $user[] = api_convert_encoding($info[$key][$extldap_user_correspondance['lastname']][0], api_get_system_encoding(), 'UTF-8'); - } else { - $user[] = api_convert_encoding($info[$key][$extldap_user_correspondance['firstname']][0], api_get_system_encoding(), 'UTF-8'); - $user[] = api_convert_encoding($info[$key][$extldap_user_correspondance['lastname']][0], api_get_system_encoding(), 'UTF-8'); - } - $user[] = $info[$key]['mail'][0]; - $user[] = $info[$key][$extldap_user_correspondance['username']][0]; - $users[] = $user; - } - } else { - echo Display::return_message(get_lang('NoUser'), 'error'); - } - } - - return $users; -} - -/** - * Build the modify-column of the table. - * - * @param int $user_id The user id - * @param string $url_params - * - * @return string Some HTML-code with modify-buttons - * - * @author Mustapha Alouani - */ -function modify_filter($user_id, $url_params, $row) -{ - $query_string = "id[]=".$row[0]; - if (!empty($_GET['id_session'])) { - $query_string .= '&id_session='.Security::remove_XSS($_GET['id_session']); - } - $icon = ''; - if (UserManager::is_username_available($user_id)) { - $icon = 'invitation_friend.png'; - } else { - $icon = 'reload.png'; - } - //$url_params_id="id=".$row[0]; - $result = ''.Display::return_icon($icon, get_lang('AddUsers')).''; - - return $result; -} - -/** - * Adds a user to the Chamilo database or updates its data. - * - * @param string username (and uid inside LDAP) - * - * @author Mustapha Alouani - */ -function ldap_add_user($login) -{ - if ($ldap_user = extldap_authenticate($login, 'nopass', true)) { - return extldap_add_user_by_array($ldap_user); - } -} - -function ldap_add_user_by_array($data, $update_if_exists = true) -{ - $lastname = api_convert_encoding($data['sn'][0], api_get_system_encoding(), 'UTF-8'); - $firstname = api_convert_encoding($data['cn'][0], api_get_system_encoding(), 'UTF-8'); - $email = $data['mail'][0]; - // Get uid from dn - $dn_array = ldap_explode_dn($data['dn'], 1); - $username = $dn_array[0]; // uid is first key - $outab[] = $data['edupersonprimaryaffiliation'][0]; // Here, "student" - //$val = ldap_get_values_len($ds, $entry, "userPassword"); - //$val = ldap_get_values_len($ds, $data, "userPassword"); - //$password = $val[0]; - // TODO the password, if encrypted at the source, will be encrypted twice, which makes it useless. Try to fix that. - $password = $data['userPassword'][0]; - $structure = $data['edupersonprimaryorgunitdn'][0]; - $array_structure = explode(",", $structure); - $array_val = explode("=", $array_structure[0]); - $etape = $array_val[1]; - $array_val = explode("=", $array_structure[1]); - $annee = $array_val[1]; - // To ease management, we add the step-year (etape-annee) code - $official_code = $etape."-".$annee; - $auth_source = 'ldap'; - // No expiration date for students (recover from LDAP's shadow expiry) - $expiration_date = ''; - $active = 1; - if (empty($status)) { - $status = 5; - } - if (empty($phone)) { - $phone = ''; - } - if (empty($picture_uri)) { - $picture_uri = ''; - } - // Adding user - $user_id = 0; - if (UserManager::is_username_available($username)) { - $user_id = UserManager::create_user( - $firstname, - $lastname, - $status, - $email, - $username, - $password, - $official_code, - api_get_setting('platformLanguage'), - $phone, - $picture_uri, - $auth_source, - $expiration_date, - $active - ); - } else { - if ($update_if_exists) { - $user = api_get_user_info($username); - $user_id = $user['user_id']; - UserManager::update_user( - $user_id, - $firstname, - $lastname, - $username, - null, - null, - $email, - $status, - $official_code, - $phone, - $picture_uri, - $expiration_date, - $active - ); - } - } - - return $user_id; -} - -/** - * Adds a list of users to one session. - * - * @param array Array of user ids - * @param string Course code - */ -function ldap_add_user_to_session($UserList, $id_session) -{ - // Database Table Definitions - $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); - $tbl_session_rel_class = Database::get_main_table(TABLE_MAIN_SESSION_CLASS); - $tbl_session_rel_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE); - $tbl_session_rel_course_rel_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER); - $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE); - $tbl_user = Database::get_main_table(TABLE_MAIN_USER); - $tbl_session_rel_user = Database::get_main_table(TABLE_MAIN_SESSION_USER); - $tbl_class = Database::get_main_table(TABLE_MAIN_CLASS); - $tbl_class_user = Database::get_main_table(TABLE_MAIN_CLASS_USER); - - $id_session = (int) $id_session; - // Once users are imported in the users base, we can assign them to the session - $result = Database::query("SELECT c_id FROM $tbl_session_rel_course WHERE session_id ='$id_session'"); - $CourseList = []; - while ($row = Database::fetch_array($result)) { - $CourseList[] = $row['c_id']; - } - foreach ($CourseList as $enreg_course) { - foreach ($UserList as $enreg_user) { - $enreg_user = (int) $enreg_user; - Database::query("INSERT IGNORE ". - " INTO $tbl_session_rel_course_rel_user ". - "(session_id,c_id,user_id) VALUES ". - "('$id_session','$enreg_course','$enreg_user')"); - } - $sql = "SELECT COUNT(user_id) as nbUsers ". - " FROM $tbl_session_rel_course_rel_user ". - " WHERE session_id='$id_session' ". - " AND c_id='$enreg_course'"; - $rs = Database::query($sql); - list($nbr_users) = Database::fetch_array($rs); - Database::query("UPDATE $tbl_session_rel_course ". - " SET nbr_users=$nbr_users ". - " WHERE session_id='$id_session' ". - " AND c_id='$enreg_course'"); - } - foreach ($UserList as $enreg_user) { - $enreg_user = (int) $enreg_user; - Database::query("INSERT IGNORE INTO $tbl_session_rel_user ". - " (session_id, user_id, registered_at) ". - " VALUES('$id_session','$enreg_user', '".api_get_utc_datetime()."')"); - } - // We update the number of users in the session - $sql = "SELECT COUNT(user_id) as nbUsers FROM $tbl_session_rel_user ". - " WHERE session_id='$id_session' ". - " AND relation_type<>".SESSION_RELATION_TYPE_RRHH." "; - $rs = Database::query($sql); - list($nbr_users) = Database::fetch_array($rs); - Database::query("UPDATE $tbl_session SET nbr_users=$nbr_users ". - " WHERE id='$id_session'"); -} - -/** - * Synchronize users from the configured LDAP connection (in auth.conf.php). If - * configured to disable old users,. - * - * @param bool $disableOldUsers Whether to disable users who have disappeared from LDAP (true) or just leave them be (default: false) - * @param bool $deleteStudents Go one step further and delete completely students missing from LDAP - * @param bool $deleteTeachers Go even one step further and also delete completely teachers missing from LDAP - * - * @return int Total number of users added (not counting possible removals) - */ -function syncro_users( - $disableOldUsers = false, - $deleteStudents = false, - $deleteTeachers = false -) { - global $ldap_basedn, $ldap_host, $ldap_port, $ldap_rdn, $ldap_pass, $ldap_search_dn, $debug; - $i = 0; - if ($debug) { - error_log('Connecting... ('.__FUNCTION__.')'); - } - $ldapConnect = ldap_connect($ldap_host, $ldap_port); - ldap_set_version($ldapConnect); - if ($ldapConnect) { - if ($debug) { - error_log('Connected to LDAP server successfully! Binding... ('.__FUNCTION__.')'); - } - $ldapBind = false; - $ldapBindRes = ldap_handle_bind($ldapConnect, $ldapBind); - if ($ldapBindRes) { - if ($debug) { - error_log('Bind successful! Searching for uid in LDAP DC: '.$ldap_search_dn); - } - $allUserQuery = "uid=*"; - if (!empty($ldap_search_dn)) { - $sr = ldap_search($ldapConnect, $ldap_search_dn, $allUserQuery); - } else { - //OLD: $sr=ldap_search($ldapconnect,"dc=rug, dc=ac, dc=be", "uid=$login"); - $sr = ldap_search($ldapConnect, $ldap_basedn, $allUserQuery); - } - if ($debug) { - error_log('Entries returned: '.ldap_count_entries($ldapConnect, $sr)); - } - $info = ldap_get_entries($ldapConnect, $sr); - for ($key = 0; $key < $info['count']; $key++) { - $user_id = ldap_add_user_by_array($info[$key], false); - if ($user_id) { - if ($debug) { - error_log('User #'.$user_id.' created from LDAP'); - } - $i++; - } else { - if ($debug) { - error_log('User '.$info[$key]['sn'][0].' ('.$info[$key]['mail'][0].') could not be created'); - } - } - } - if ($disableOldUsers === true) { - if ($debug) { - error_log('Disable mode selected in '.__FUNCTION__); - if ($deleteStudents) { - error_log('...with complete deletion of users if disabled'); - } - } - // Get a big array of all user IDs, usernames only if they are - // registered as auth_source = 'ldap' - // This array will take about 60 bytes per user in memory, so - // having 100K users should only take a few (6?) MB and will - // highly reduce the number of DB queries - $usersDBShortList = []; - $usersLDAPShortList = []; - $sql = "SELECT id, username, status FROM user WHERE auth_source = 'ldap' ORDER BY username"; - $res = Database::query($sql); - if ($res !== false) { - // First build a list of users present in LDAP - for ($key = 0; $key < $info['count']; $key++) { - $dn_array = ldap_explode_dn($info[$key]['dn'], 1); - $usersLDAPShortList[$dn_array[0]] = 1; - } - // Go through all 'extldap' users. For any that cannot - // be found in the LDAP list, disable - while ($row = Database::fetch_assoc($res)) { - $usersDBShortList[$row['username']] = $row['id']; - // If any of those users is NOT in LDAP, disable or remove - if (empty($usersLDAPShortList[$row['username']])) { - if ($deleteStudents === true && $row['status'] == 5) { - UserManager::delete_user($usersDBShortList[$row['username']]); - if ($debug) { - error_log('Student '.$row['username'].' removed from Chamilo'); - } - } elseif ($deleteTeachers === true && $row['status'] == 1) { - UserManager::delete_user($usersDBShortList[$row['username']]); - if ($debug) { - error_log('Teacher '.$row['username'].' removed from Chamilo'); - } - } else { - UserManager::disable($usersDBShortList[$row['username']]); - if ($debug) { - error_log('User '.$row['username'].' disabled in Chamilo'); - } - } - } - } - } - } - if ($debug) { - error_log('Data for '.$info['count'].' items processed'); - } - //echo "Data for ".$info["count"]." items returned:

"; - } else { - error_log('Could not bind to LDAP server'); - } - ldap_close($ldapConnect); - } else { - error_log('Could not connect to LDAP server'); - } - error_log('Ended execution of function '.__FUNCTION__); -} diff --git a/main/auth/ldap/index.html b/main/auth/ldap/index.html deleted file mode 100755 index aa7b9c934b..0000000000 --- a/main/auth/ldap/index.html +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - \ No newline at end of file diff --git a/main/auth/ldap/ldap_var.inc.php b/main/auth/ldap/ldap_var.inc.php deleted file mode 100755 index ba839e80dc..0000000000 --- a/main/auth/ldap/ldap_var.inc.php +++ /dev/null @@ -1,47 +0,0 @@ - 1 ? $extldap_config['host'][1] : null; -$ldap_port2 = $extldap_config['port']; - -//protocol version - set to 3 for LDAP 3 -$ldap_version = $extldap_config['protocol_version']; - -//non-anonymous LDAP mode -$ldap_rdn = $extldap_config['admin_dn']; -$ldap_pass = $extldap_config['admin_password']; - -$ldap_pass_placeholder = "PLACEHOLDER"; diff --git a/main/auth/ldap/login.php b/main/auth/ldap/login.php deleted file mode 100755 index 24a4f707ed..0000000000 --- a/main/auth/ldap/login.php +++ /dev/null @@ -1,44 +0,0 @@ -, Nicolas Rod for the University of Geneva - -To use install Shibboleth on your web server and secure the application url -with a web server security directive. - -Modify configuration to your federation's needs. - diff --git a/main/auth/shibboleth/app/controller/shibboleth_controller.class.php b/main/auth/shibboleth/app/controller/shibboleth_controller.class.php deleted file mode 100755 index 6382bc4a19..0000000000 --- a/main/auth/shibboleth/app/controller/shibboleth_controller.class.php +++ /dev/null @@ -1,158 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class ShibbolethController -{ - - /** - * - * @return ShibbolethController - */ - public static function instance() - { - static $result = false; - if (empty($result)) - { - $result = new self(); - } - return $result; - } - - /** - * Log user in with Shibboleth authentication - */ - function login() - { - - if (Shibboleth::session()->is_logged_in()) - { - Redirect::home(); - } - - $user = Shibboleth::store()->get_user(); - - if ($user->is_empty()) - { - $message = get_lang('SystemCouldNotLogYouIn'); - Shibboleth::display()->error_page($message); - } - - $is_new_user = !User::store()->shibboleth_id_exists($user->unique_id); - - if ($is_new_user && empty($user->email) && Shibboleth::config()->is_email_mandatory) - { - $form = ShibbolethEmailForm::instance(); - if ($email = $form->get_email()) - { - $user->email = $email; - } - else - { - $content = $form->display(); - Shibboleth::display()->page($content); - } - } - - Shibboleth::save($user); - $chamilo_user = User::store()->get_by_shibboleth_id($user->unique_id); - Shibboleth::session()->login($chamilo_user->user_id); - - if ($is_new_user && $user->status_request) - { - Shibboleth::redirect('/main/auth/shibboleth/app/view/request.php'); - } - else - { - Shibboleth::redirect(); - } - } - - /** - * Log user in using the standard Chamilo way of logging in. - * Useful when the normal login screen is removed from the user interface - * - replaced by Shibboleth login - and user want to login using a standard - * account - */ - public function admin_login() - { - $title = get_lang('InternalLogin'); - if (Shibboleth::session()->is_logged_in()) - { - $message = get_lang('AlreadyLoggedIn'); - Shibboleth::display()->message_page($message, $title); - } - $index_manager = new IndexManager(''); - $html = $index_manager->display_login_form(); - Shibboleth::display()->page($html, $title); - } - - /** - * Display the request new status page to administrator for new users. - */ - public function request_status() - { - /* - * That may happen if a user visit that url again. - */ - if (!Shibboleth::session()->is_logged_in()) - { - Shibboleth::redirect(); - } - $user = Shibboleth::session()->user(); - if ($user['status'] == Shibboleth::TEACHER_STATUS) - { - //Maximum user right is reached. - Shibboleth::redirect(); - } - - $form = ShibbolethStatusRequestForm::instance(); - - if ($form->cancelled()) - { - Shibboleth::redirect(); - } - - if ($reason = $form->get_reason()) - { - $subject = get_lang('RequestStatus'); - $status = $form->get_status(); - $status = Shibboleth::format_status($status); - - $message = <<message_page($request_submitted); - } - else - { - $request_failed = get_lang('RequestFailed'); - Shibboleth::display()->error_page($request_failed); - } - } - - $title = get_lang('RequestStatus'); - Display :: display_header($title); - echo $form->display(); - Display :: display_footer(); - } - -} diff --git a/main/auth/shibboleth/app/model/admin.class.php b/main/auth/shibboleth/app/model/admin.class.php deleted file mode 100755 index 258fa08da4..0000000000 --- a/main/auth/shibboleth/app/model/admin.class.php +++ /dev/null @@ -1,44 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class Admin extends _Admin -{ - -} - -/** - * Store for Admin objects. Interact with the database. Allows to save and retrieve - * admin objects. - * - * Should be moved to the core. It only exists because it is not available through - * the API. - * - * The _AdminStore objet is generated by the scaffolder. This class inherits from it to allow - * modifications without touching the generated file. Don't modify the _ object as - * it may change in the future. Instead add modifications to this class. - * - * @copyright (c) 2012 University of Geneva - * @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html - * @author Laurent Opprecht - */ -class AdminStore extends _AdminStore -{ - - -} \ No newline at end of file diff --git a/main/auth/shibboleth/app/model/scaffold/admin.class.php b/main/auth/shibboleth/app/model/scaffold/admin.class.php deleted file mode 100755 index c938dd4089..0000000000 --- a/main/auth/shibboleth/app/model/scaffold/admin.class.php +++ /dev/null @@ -1,134 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class _Admin -{ - - /** - * Store for Admin objects. Interact with the database. - * - * @return AdminStore - */ - public static function store() - { - static $result = false; - if (empty($result)) - { - $result = new AdminStore(); - } - return $result; - } - - /** - * - * @return Admin - */ - public static function create($data = null) - { - return self::store()->create_object($data); - } - - public $user_id = null; - - - /** - * - * @return bool - */ - public function save() - { - return self::store()->save($this); - } - -} - -/** - * Store for Admin objects. Interact with the database. - * - * @copyright (c) 2012 University of Geneva - * @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html - * @author Laurent Opprecht - */ -class _AdminStore extends Store -{ - - /** - * - * @return AdminStore - */ - public static function instance() - { - static $result = false; - if (empty($result)) - { - $result = new self(); - } - return $result; - } - - public function __construct() - { - parent::__construct('admin', '\Shibboleth\Admin', 'user_id'); - } - - /** - * - * @return Admin - */ - public function get($w) - { - $args = func_get_args(); - $f = array('parent', 'get'); - return call_user_func_array($f, $args); - } - - /** - * - * @return Admin - */ - public function create_object($data) - { - return parent::create_object($data); - } - - /** - * - * @return Admin - */ - public function get_by_user_id($value) - { - return $this->get(array('user_id' => $value)); - } - - /** - * - * @return bool - */ - public function user_id_exists($value) - { - return $this->exist(array('user_id' => $value)); - } - - /** - * - * @return bool - */ - public function delete_by_user_id($value) - { - return $this->delete(array('user_id' => $value)); - } - - -} \ No newline at end of file diff --git a/main/auth/shibboleth/app/model/scaffold/user.class.php b/main/auth/shibboleth/app/model/scaffold/user.class.php deleted file mode 100755 index 792b58a793..0000000000 --- a/main/auth/shibboleth/app/model/scaffold/user.class.php +++ /dev/null @@ -1,185 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class _User -{ - - /** - * Store for User objects. Interact with the database. - * - * @return UserStore - */ - public static function store() - { - static $result = false; - if (empty($result)) - { - $result = new UserStore(); - } - return $result; - } - - /** - * - * @return User - */ - public static function create($data = null) - { - return self::store()->create_object($data); - } - - public $user_id = null; - public $lastname = null; - public $firstname = null; - public $username = null; - public $password = null; - public $auth_source = null; - public $shibb_unique_id = null; - public $email = null; - public $status = null; - public $official_code = null; - public $phone = null; - public $picture_uri = null; - public $creator_id = null; - public $competences = null; - public $diplomas = null; - public $openarea = null; - public $teach = null; - public $productions = null; - public $language = null; - public $registration_date = null; - public $expiration_date = null; - public $active = null; - public $openid = null; - public $theme = null; - public $hr_dept_id = null; - public $shibb_persistent_id = null; - - - /** - * - * @return bool - */ - public function save() - { - return self::store()->save($this); - } - -} - -/** - * Store for User objects. Interact with the database. - * - * @copyright (c) 2012 University of Geneva - * @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html - * @author Laurent Opprecht - */ -class _UserStore extends Store -{ - - /** - * - * @return UserStore - */ - public static function instance() - { - static $result = false; - if (empty($result)) - { - $result = new self(); - } - return $result; - } - - public function __construct() - { - parent::__construct('user', '\Shibboleth\User', 'user_id'); - } - - /** - * - * @return User - */ - public function get($w) - { - $args = func_get_args(); - $f = array('parent', 'get'); - return call_user_func_array($f, $args); - } - - /** - * - * @return User - */ - public function create_object($data) - { - return parent::create_object($data); - } - - /** - * - * @return User - */ - public function get_by_user_id($value) - { - return $this->get(array('user_id' => $value)); - } - - /** - * - * @return bool - */ - public function user_id_exists($value) - { - return $this->exist(array('user_id' => $value)); - } - - /** - * - * @return bool - */ - public function delete_by_user_id($value) - { - return $this->delete(array('user_id' => $value)); - } - - /** - * - * @return User - */ - public function get_by_username($value) - { - return $this->get(array('username' => $value)); - } - - /** - * - * @return bool - */ - public function username_exists($value) - { - return $this->exist(array('username' => $value)); - } - - /** - * - * @return bool - */ - public function delete_by_username($value) - { - return $this->delete(array('username' => $value)); - } - -} \ No newline at end of file diff --git a/main/auth/shibboleth/app/model/shibboleth_store.class.php b/main/auth/shibboleth/app/model/shibboleth_store.class.php deleted file mode 100755 index e0672ccb45..0000000000 --- a/main/auth/shibboleth/app/model/shibboleth_store.class.php +++ /dev/null @@ -1,197 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class ShibbolethStore -{ - - /** - * - * @return ShibbolethStore - */ - public static function instance() - { - static $result = false; - if (empty($result)) - { - $result = new self(); - } - return $result; - } - - /** - * - * @return ShibbolethConfig - */ - public static function config() - { - return Shibboleth::config(); - } - - public function get_unique_id() - { - return $this->get(__FUNCTION__); - } - - /** - * If the user has more than one surname, it is possible depending of the user - * home organization that they are all given to the resource. - * In the case of the University of Geneva, with two surnames, three different values - * for the surname are sent. They are: - * 1) "givenname1" - * 2) "givenname2" - * 3) "givenname1 givenname2" - * meaning the string is as follow: "givenname1;givenname2;givenname1 givenname2" - * - * In such a case, the correct surname is the one which is followed by a space. - * This function tests if such a situation is encountered, and returns the first given name. - * - * @author Nicolas Rod - */ - public function get_firstname() - { - $result = $this->get(__FUNCTION__); - - if (!is_array($result)) - { - $result = ucfirst($result); - return $result; - } - foreach ($result as $name) - { - $parts = explode(' ', $name); - - if (count($parts) > 1) - { - $result = reset($parts); - $result = ucfirst($result); - return $result; - } - } - $result = reset($result); - $result = ucfirst($result); - return $result; - } - - public function get_lastname() - { - $result = $this->get(__FUNCTION__); - $result = ucfirst($result); - return $result; - } - - public function get_email() - { - return $this->get(__FUNCTION__); - } - - public function get_language() - { - return $this->get(__FUNCTION__); - } - - public function get_gender() - { - return $this->get(__FUNCTION__); - } - - public function get_address() - { - return $this->get(__FUNCTION__); - } - - public function get_staff_category() - { - return $this->get(__FUNCTION__); - } - - public function get_home_organization_type() - { - return $this->get(__FUNCTION__); - } - - public function get_home_organization() - { - return $this->get(__FUNCTION__); - } - - public function get_affiliation() - { - return $this->get(__FUNCTION__); - } - - /** - * @return ShibbolethUser - */ - public function get_user() - { - $result = new ShibbolethUser(); - foreach ($result as $key => $val) - { - $f = array($this, "get_$key"); - if (is_callable($f)) - { - $result->{$key} = call_user_func($f); - } - } - return $result; - } - - /** - * Returns the shibboleth value stored in $_SERVER if it exists or $default if it is not the case. - * - * @param string $name the generic name. I.e. one of the class const. - * @param string $default default value if it is not provided by Shibboleth - * @return string - */ - public function get($name = '', $default = '') - { - $config = (array) Shibboleth::config(); - if ($name) - { - $name = str_replace('get_', '', $name); - $shib_name = isset($config[$name]) ? $config[$name] : ''; - if ($shib_name) - { - $result = isset($_SERVER[$shib_name]) ? $_SERVER[$shib_name] : $default; - $result = explode(';', $result); - if (empty($result)) - { - $result = $default; - } - else if (count($result) == 1) - { - $result = reset($result); - } - else - { - $result = $result; - } - return $result; - } - } - - $result = array(); - foreach ($config as $key => $val) - { - $f = array($this, "get_$key"); - if (is_callable($f)) - { - $result[$key] = call_user_func($f); - } - } - - return $result; - } - -} \ No newline at end of file diff --git a/main/auth/shibboleth/app/model/shibboleth_user.class.php b/main/auth/shibboleth/app/model/shibboleth_user.class.php deleted file mode 100755 index 7065bbf7f1..0000000000 --- a/main/auth/shibboleth/app/model/shibboleth_user.class.php +++ /dev/null @@ -1,33 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class ShibbolethUser -{ - - public $unique_id = ''; - public $firstname = ''; - public $lastname = ''; - public $email = ''; - public $language = ''; - public $gender = ''; - public $address = ''; - public $staff_category = ''; - public $home_organization_type = ''; - public $home_organization = ''; - public $affiliation = ''; - public $persistent_id = ''; - - public function is_empty() - { - return empty($this->unique_id); - } - -} \ No newline at end of file diff --git a/main/auth/shibboleth/app/model/user.class.php b/main/auth/shibboleth/app/model/user.class.php deleted file mode 100755 index f8031fa16d..0000000000 --- a/main/auth/shibboleth/app/model/user.class.php +++ /dev/null @@ -1,95 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class User extends _User -{ - -} - -/** - * Store for User objects. Interact with the database. Allows to save and retrieve - * user objects. - * - * Should be moved to the core. It only exists because it is not available through - * the API. - * - * The _UserStore objet is generated by the scaffolder. This class inherits from it to allow - * modifications without touching the generated file. Don't modify the _ object as - * it may change in the future. Instead add modifications to this class. - * - * @copyright (c) 2012 University of Geneva - * @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html - * @author Laurent Opprecht - */ -class UserStore extends _UserStore -{ - - function __construct() - { - parent::__construct(); - ShibbolethUpgrade::update(); - } - - /** - * - * @param string $id - * @return User - */ - public function get_by_shibboleth_id($id) - { - return $this->get(array('shibb_unique_id' => $id)); - } - - /** - * @param string $id - */ - public function shibboleth_id_exists($id) - { - return $this->exist(array('shibb_unique_id' => $id)); - } - - /** - * - * @param User $object - */ - protected function before_save($object) - { - $object->username = $object->username ? $object->username : $this->generate_username(); - $object->password = $object->password ? $object->password : api_generate_password(); - $object->language = $object->language ? $object->language : $this->default_language(); - } - - function default_language() - { - return api_get_setting('platformLanguage'); - } - - function generate_username() - { - $result = uniqid('s', true); - $result = str_replace('.', '', $result); - while ($this->username_exists($result)) - { - $result = uniqid('s', true); - $result = str_replace('.', '', $result); - } - return $result; - } - -} \ No newline at end of file diff --git a/main/auth/shibboleth/app/shibboleth.class.php b/main/auth/shibboleth/app/shibboleth.class.php deleted file mode 100755 index 5def41c70d..0000000000 --- a/main/auth/shibboleth/app/shibboleth.class.php +++ /dev/null @@ -1,266 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class Shibboleth -{ - - const NAME = 'shibboleth'; - const UNKNOWN_STATUS = -1; - const TEACHER_STATUS = 1; - const STUDENT_STATUS = 5; - - static $config = null; - - public static function format_status($status) - { - if ($status == Shibboleth::TEACHER_STATUS) { - return 'Teacher'; - } else if ($status == Shibboleth::STUDENT_STATUS) { - return 'Student'; - } else if ($status == Shibboleth::UNKNOWN_STATUS) { - return 'Unknown'; - } else { - return '???'; - } - } - - /** - * - * @return ShibbolethConfig - */ - public static function config() - { - self::$config = self::$config ? self::$config : new ShibbolethConfig(); - return self::$config; - } - - public static function set_config($config) - { - self::$config = $config; - } - - /** - * - * @return ShibbolethSession - */ - public static function session() - { - return ShibbolethSession::instance(); - } - - /** - * - * @return ShibbolethStore - */ - public static function store() - { - return ShibbolethStore::instance(); - } - - /** - * - * @return ShibbolethDisplay - */ - public static function display() - { - return ShibbolethDisplay::instance(); - } - - public static function sys_path() - { - $path = __DIR__.'/../'; - return $path; - } - - public static function url($path = '') - { - $result = api_get_path('WEB_PATH'); - $result .= '/main/auth/shibboleth/' . $path; - return $result; - } - - public static function redirect($url = '') - { - if (empty($url)) { - $url = isset($_SESSION['shibb_direct_url']) ? $_SESSION['shibb_direct_url'] : ''; - unset($_SESSION['shibb_direct_url']); - - /* - * Tests if the user tried to login directly in a protected course before to come here - * (this variable could be set in the modified code of /chamilo/inc/lib/main_api.lib.php) - * - * Note: - * this part was added to give the possibility to access Chamilo directly on a course URL from a link diplayed in a portal. - * This is not a direct Shibboleth related functionnality, but this could be used in a shibbolethized - * Dokeos installation, mainly if you have a SSO system in your network. - * Please note that the file /claroline/inc/lib/main_api.lib.php must be adapted to your Shibboleth settings - * If any interest or question, please contact Nicolas.Rod_at_adm.unige.ch - * - */ - } - if ($url) { - //needed to log the user in his courses. Normally it is done by visiting /chamilo/index.php -// $include_path = api_get_path(INCLUDE_PATH); -// require("$include_path/local.inc.php"); -// -// if (strpos($url, '?') === false) { -// $url = "$url?"; -// } -// -// $rootWeb = api_get_path('WEB_PATH'); -// $first_slash_pos = strpos($rootWeb, '/', 8); -// $rootWeb_wo_uri = substr($rootWeb, 0, $first_slash_pos); -// $url = $rootWeb_wo_uri . $course_url . '_stop'; - Redirect::go($url); - } - Redirect::home(); - } - - /** - * - * @param ShibbolethUser $shibb_user - */ - public static function save($shibb_user) - { - $shibb_user->status = self::infer_user_status($shibb_user); - $shibb_user->status_request = self::infer_status_request($shibb_user); - $shibb_user->shibb_unique_id = $shibb_user->unique_id; - $shibb_user->shibb_persistent_id = $shibb_user->persistent_id; - - $user = User::store()->get_by_shibboleth_id($shibb_user->unique_id); - if (empty($user)) { - $shibb_user->auth_source == self::NAME; - return User::create($shibb_user)->save(); - } - - $shibb_user->status_request = false; - $fields = self::config()->update_fields; - foreach ($fields as $key => $updatable) { - if ($updatable) { - $user->{$key} = $shibb_user->{$key}; - } - } - $user->auth_source == self::NAME; - $user->shibb_unique_id = $shibb_user->shibb_unique_id; - $user->shibb_persistent_id = $shibb_user->shibb_persistent_id; - $user->save(); - return $result; - } - - /** - * Infer the rights/status the user can have in Chamilo based on his affiliation attribute - * - * @param ShibbolethUser $user - * @return The Chamilo user status, one of TEACHER, STUDENT or UNKNOWN - */ - public static function infer_user_status($user) - { - $affiliations = $user->affiliation; - $affiliations = is_array($affiliations) ? $affiliations : array($affiliations); - - $map = self::config()->affiliation_status; - - $rights = array(); - foreach ($affiliations as $affiliation) { - $affiliation = strtolower($affiliation); - if (isset($map[$affiliation])) { - $right = $map[$affiliation]; - $rights[$right] = $right; - } - } - - $teacher_status = isset($rights[self::TEACHER_STATUS]); - $student_status = isset($rights[self::STUDENT_STATUS]); - - //if the user has got teacher rights, we doesn't check anything else - if ($teacher_status) { - return self::TEACHER_STATUS; - } - - if ($student_status) { - return self::STUDENT_STATUS; - } - - $result = self::config()->default_status; - $result = (int) $result; - $result = ($result == Shibboleth::TEACHER_STATUS || $result == Shibboleth::STUDENT_STATUS) ? $result : Shibboleth::UNKNOWN_STATUS; - return $result; - } - - /** - * Return true if the user can ask for a greater status than student. - * This happens for staff members. - * - * @param ShibbolethUser $user - * @return boolean - */ - public static function infer_status_request($user) - { - if ($user->status == self::TEACHER_STATUS) { - return false; - } - if ($user->status == self::UNKNOWN_STATUS) { - return true; - } - - $config = Shibboleth::config(); - $affiliations = $user->affiliation; - $affiliations = is_array($affiliations) ? $affiliations : array($affiliations); - foreach ($affiliations as $affiliation) { - $result = isset($config->affiliation_status_request[$affiliation]) ? $config->affiliation_status_request[$affiliation] : false; - if ($result) { - return true; - } - } - - return false; - } - - /** - * Sends an email to the Chamilo and Shibboleth administrators in the name - * of the logged-in user. - * - * @param string $subject - */ - public static function email_admin($subject, $message) - { - $user = Shibboleth::session()->user(); - $firstname = $user['firstname']; - $lastname = $user['lastname']; - $email = $user['email']; - $status = $user['status']; - $status = self::format_status($status); - - $signagure = <<admnistrator_email; - if ($shibb_admin_email) { - $header .= "Cc: $shibb_admin_email"; - } - - $administrator_email = api_get_setting('emailAdministrator'); - $result = mail($administrator_email, $subject, $message); - return (bool) $result; - } - -} diff --git a/main/auth/shibboleth/app/view/admin_login.php b/main/auth/shibboleth/app/view/admin_login.php deleted file mode 100755 index 1a22004e08..0000000000 --- a/main/auth/shibboleth/app/view/admin_login.php +++ /dev/null @@ -1,18 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -$dir = __DIR__; -include_once "$dir/../../init.php"; - -ShibbolethController::instance()->admin_login(); diff --git a/main/auth/shibboleth/app/view/request.php b/main/auth/shibboleth/app/view/request.php deleted file mode 100755 index 920f44c6e3..0000000000 --- a/main/auth/shibboleth/app/view/request.php +++ /dev/null @@ -1,20 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -$dir = __DIR__; -include_once "$dir/../../init.php"; - -ShibbolethController::instance()->request_status(); \ No newline at end of file diff --git a/main/auth/shibboleth/app/view/shibboleth_display.class.php b/main/auth/shibboleth/app/view/shibboleth_display.class.php deleted file mode 100755 index 833f87f3b9..0000000000 --- a/main/auth/shibboleth/app/view/shibboleth_display.class.php +++ /dev/null @@ -1,66 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class ShibbolethDisplay -{ - - /** - * - * @return ShibbolethDisplay - */ - public static function instance() - { - static $result = false; - if (empty($result)) - { - $result = new self(); - } - return $result; - } - - /** - * @param string $message - */ - public function error_page($message) - { - $page_title = get_lang('ShibbolethLogin'); - - Display :: display_header($page_title); - echo Display::return_message($message, 'error'); - Display :: display_footer(); - die; - } - - /** - * @param string $message - */ - public function message_page($message, $title = '') - { - $title = $title ? $title : get_lang('ShibbolethLogin'); - - Display::display_header($title); - echo Display::return_message($message, 'confirm'); - Display::display_footer(); - die; - } - - public function page($content, $title = '') - { - $title = $title ? $title : get_lang('ShibbolethLogin'); - - Display :: display_header($title); - echo $content; - Display :: display_footer(); - die; - } - -} diff --git a/main/auth/shibboleth/app/view/shibboleth_email_form.class.php b/main/auth/shibboleth/app/view/shibboleth_email_form.class.php deleted file mode 100755 index 3e323f2bb1..0000000000 --- a/main/auth/shibboleth/app/view/shibboleth_email_form.class.php +++ /dev/null @@ -1,51 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class ShibbolethEmailForm -{ - - /** - * - * @return ShibbolethEmailForm - */ - public static function instance() - { - static $result = false; - if (empty($result)) - { - $result = new self(); - } - return $result; - } - - function display() - { - - $email = get_lang('Email'); - $submit = get_lang('Submit'); - return << - -
- - - -EOT; - } - - function get_email() - { - return isset($_POST['email']) ? $_POST['email'] : ''; - } - -} diff --git a/main/auth/shibboleth/app/view/shibboleth_status_request_form.class.php b/main/auth/shibboleth/app/view/shibboleth_status_request_form.class.php deleted file mode 100755 index 09547eed1e..0000000000 --- a/main/auth/shibboleth/app/view/shibboleth_status_request_form.class.php +++ /dev/null @@ -1,97 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class ShibbolethStatusRequestForm -{ - - /** - * - * @return ShibbolethStatusRequestForm - */ - public static function instance() - { - static $result = false; - if (empty($result)) - { - $result = new self(); - } - return $result; - } - - function display() - { - if ($this->is_submitted() && $this->get_reason() == '') - { - $reason_is_mandatory = get_lang('ReasonIsMandatory'); - echo Display::return_message($reason_is_mandatory, 'error'); - } - - $status_request_message = get_lang('StatusRequestMessage'); - $label_new_status = get_lang('NewStatus'); - $label_reason = get_lang('Reason'); - $label_ok = get_lang('Ok'); - $label_cancel = get_lang('Cancel'); - - $user = Shibboleth::session()->user(); - $items = array(); - if ($user['status'] == Shibboleth::UNKNOWN_STATUS) - { - $items[Shibboleth::STUDENT_STATUS] = get_lang('Student'); - } - $items[Shibboleth::TEACHER_STATUS] = get_lang('Teacher'); - $status_options = ''; - foreach ($items as $key => $value) - { - $status_options.= ""; - } - - return << -

$status_request_message

- -
- - - - - - - -

-
-EOT; - } - - public function is_submitted() - { - return isset($_POST['submit']) ? $_POST['submit'] : false; - } - - public function cancelled() - { - return isset($_POST['cancel']) ? $_POST['cancel'] : false; - } - - function get_reason() - { - return isset($_POST['reason']) ? $_POST['reason'] : ''; - } - - function get_status() - { - return isset($_POST['status']) ? $_POST['status'] : ''; - } - -} diff --git a/main/auth/shibboleth/config-dist.php b/main/auth/shibboleth/config-dist.php deleted file mode 100755 index 98d206895a..0000000000 --- a/main/auth/shibboleth/config-dist.php +++ /dev/null @@ -1,16 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -require_once __DIR__.'/config/aai.class.php'; - -Shibboleth::set_config(aai::config()); \ No newline at end of file diff --git a/main/auth/shibboleth/config/aai.class.php b/main/auth/shibboleth/config/aai.class.php deleted file mode 100755 index 882a9a8f70..0000000000 --- a/main/auth/shibboleth/config/aai.class.php +++ /dev/null @@ -1,69 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class aai -{ - - /** - * - * @return ShibbolethConfig - */ - public static function config() - { - $result = new ShibbolethConfig(); - $result->unique_id = 'Shib-SwissEP-UniqueID'; - $result->firstname = 'Shib-InetOrgPerson-givenName'; - $result->lastname = 'Shib-Person-surname'; - $result->email = 'Shib-InetOrgPerson-mail'; - $result->language = 'Shib-InetOrgPerson-preferredLanguage'; - $result->gender = 'Shib-SwissEP-Gender'; - $result->address = 'Shib-OrgPerson-postalAddress'; - $result->staff_category = 'Shib-SwissEP-StaffCategory'; - $result->home_organization_type = 'Shib-SwissEP-HomeOrganizationType'; - $result->home_organization = 'Shib-SwissEP-HomeOrganization'; - $result->affiliation = 'Shib-EP-Affiliation'; - $result->persistent_id = 'persistent-id'; - - $result->default_status = Shibboleth::STUDENT_STATUS; - - $result->affiliation_status = array( - 'faculty' => Shibboleth::TEACHER_STATUS, - 'member' => Shibboleth::STUDENT_STATUS, - 'staff' => Shibboleth::STUDENT_STATUS, - 'student' => Shibboleth::STUDENT_STATUS, - ); - - $result->update_fields = array( - 'firstname' => true, - 'lastname' => true, - 'email' => true, - 'status' => false, - 'persistent_id' => true, - ); - /* - * Persistent id should never change but it was introduced after unique id. - * So we update persistent id on login for those users who are still missing it. - */ - - $result->is_email_mandatory = true; - - - $result->affiliation_status_request = array( - 'faculty' => false, - 'member' => false, - 'staff' => true, - 'student' => false, - ); - $result->admnistrator_email = ''; - - return $result; - } - -} \ No newline at end of file diff --git a/main/auth/shibboleth/db/shibboleth_upgrade.class.php b/main/auth/shibboleth/db/shibboleth_upgrade.class.php deleted file mode 100755 index dd5b7c18df..0000000000 --- a/main/auth/shibboleth/db/shibboleth_upgrade.class.php +++ /dev/null @@ -1,85 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class ShibbolethUpgrade -{ - - /** - * Create additional fields required by the shibboleth plugin if those - * are missing. - */ - public static function update() - { - static $done = false; - if ($done) - { - return false; - } - $done = true; - self::create_shibb_unique_id_field_if_missing(); - self::create_shibb_persistent_id_field_if_missing(); - } - - /** - * Creates the 'shibb_unique_id' field in the table 'user' of the main Chamilo database if it doesn't exist yet - * - * @author Nicolas Rod - * @return false|null - */ - public static function create_shibb_unique_id_field_if_missing() - { - $db_name = Database :: get_main_database(); - - $sql = "SELECT * FROM `$db_name`.`user` LIMIT 1"; - $result = Database::query($sql); - $row = mysql_fetch_assoc($result); - - $exists = array_key_exists('shibb_unique_id', $row); - if ($exists) - { - return false; - } - - //create the 'shibb_unique_id' field - $sql = "ALTER TABLE `$db_name`.`user` ADD `shibb_unique_id` VARCHAR( 60 ) AFTER `auth_source`"; - $result_alter = Database::query($sql); - - /* - * Index cannot be a UNIQUE index as it may exist users which don't log in through Shibboleth - * and therefore don't have any value for 'shibb_unique_id' - */ - $sql = "ALTER TABLE `$db_name`.`user` ADD INDEX ( `shibb_unique_id` )"; - $result_alter = Database::query($sql); - } - - public static function create_shibb_persistent_id_field_if_missing() - { - $db_name = Database :: get_main_database(); - - $sql = "SELECT * FROM $db_name.user LIMIT 1"; - $result = Database::query($sql); - $row = mysql_fetch_assoc($result); - $exists = array_key_exists('shibb_persistent_id', $row); - - if ($exists) - { - return false; - } - - $sql = "ALTER table $db_name.user ADD COLUMN shibb_persistent_id varchar(255) NULL DEFAULT NULL;"; - $result = Database::query($sql); - return (bool) $result; - } - -} diff --git a/main/auth/shibboleth/index.php b/main/auth/shibboleth/index.php deleted file mode 100755 index 6de1992fba..0000000000 --- a/main/auth/shibboleth/index.php +++ /dev/null @@ -1,8 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ \ No newline at end of file diff --git a/main/auth/shibboleth/init.php b/main/auth/shibboleth/init.php deleted file mode 100755 index d62230d0a8..0000000000 --- a/main/auth/shibboleth/init.php +++ /dev/null @@ -1,23 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ - -$__dir = __DIR__.'/'; -$no_redirection = true; //no redirection in global. -include_once($__dir . '/../../inc/global.inc.php'); - -require_once $__dir . 'config.php'; - -if (api_get_setting('server_type') == 'test') -{ - include_once $__dir . '/test/shibboleth_test_helper.class.php'; - include_once $__dir . '/test/shibboleth_test.class.php'; -} diff --git a/main/auth/shibboleth/lib/model.class.php b/main/auth/shibboleth/lib/model.class.php deleted file mode 100755 index 22f3678494..0000000000 --- a/main/auth/shibboleth/lib/model.class.php +++ /dev/null @@ -1,14 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class Model -{ - -} \ No newline at end of file diff --git a/main/auth/shibboleth/lib/scaffolder/scaffolder.class.php b/main/auth/shibboleth/lib/scaffolder/scaffolder.class.php deleted file mode 100755 index c56332a9b3..0000000000 --- a/main/auth/shibboleth/lib/scaffolder/scaffolder.class.php +++ /dev/null @@ -1,64 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class Scaffolder -{ - - /** - * - * @staticvar boolean $result - * @return Scaffolder - */ - public static function instance() - { - static $result = false; - if (empty($result)) - { - $result = new self(); - } - return $result; - } - - public function scaffold($table_name, $class_name = '', $prefix = '_') - { - $db_name = Database :: get_main_database(); - $sql = "SELECT * FROM `$db_name`.`$table_name` LIMIT 1"; - - $fields = array(); - $unique_fields = array(); - $rs = Database::query($sql, null, __FILE__); - while ($field = mysql_fetch_field($rs)) - { - $fields[] = $field; - if ($field->primary_key) - { - /** - * Could move that to an array to support multiple keys - */ - $id_name = $field->name; - } - if ($field->unique_key | $field->primary_key) - { - $keys[] = $field->name; - } - } - $name = $table_name; - $class_name = ucfirst($table_name); - - - - ob_start(); - include __DIR__.'/template/model.php'; - $result = ob_get_clean(); - return $result; - } - -} \ No newline at end of file diff --git a/main/auth/shibboleth/lib/scaffolder/template/default.php b/main/auth/shibboleth/lib/scaffolder/template/default.php deleted file mode 100755 index dee30c4a91..0000000000 --- a/main/auth/shibboleth/lib/scaffolder/template/default.php +++ /dev/null @@ -1,146 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ - -echo ' - -namespace Shibboleth; - -/** - * This file is autogenerated. Do not modifiy it. - */ - -/** - * - * Model for table - * - * @copyright (c) 2012 University of Geneva - * @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html - * @author Laurent Opprecht - */ -class - -{ - - /** - * Store for objects. Interact with the database. - * - * @return Store - */ - public static function store() - { - static $result = false; - if (empty($result)) - { - $result = new Store(); - } - return $result; - } - - /** - * - * @return - */ - public static function create($data = null) - { - return self::store()->create_object($data); - } - - - public $name; ?> = def ? $field->def : 'null'; ?>; - - - /** - * - * @return bool - */ - public function save() - { - return self::store()->save($this); - } - -} - -/** - * Store for objects. Interact with the database. - * - * @copyright (c) 2012 University of Geneva - * @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html - * @author Laurent Opprecht - */ -class Store extends Store -{ - - /** - * - * @return Store - */ - public static function instance() - { - static $result = false; - if (empty($result)) - { - $result = new self(); - } - return $result; - } - - public function __construct() - { - parent::__construct('', '', ''); - } - - /** - * - * @return - */ - public function get($w) - { - $args = func_get_args(); - $f = array('parent', 'get'); - return call_user_func_array($f, $args); - } - - /** - * - * @return - */ - public function create_object($data) - { - return parent::create_object($data); - } - - - /** - * - * @return - */ - public function get_by_($value) - { - return $this->get(array('' => $value)); - } - - /** - * - * @return bool - */ - public function _exists($value) - { - return $this->exist(array('' => $value)); - } - - /** - * - * @return bool - */ - public function delete_by_($value) - { - return $this->delete(array('' => $value)); - } - -} \ No newline at end of file diff --git a/main/auth/shibboleth/lib/scaffolder/template/model.php b/main/auth/shibboleth/lib/scaffolder/template/model.php deleted file mode 100755 index dee30c4a91..0000000000 --- a/main/auth/shibboleth/lib/scaffolder/template/model.php +++ /dev/null @@ -1,146 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ - -echo ' - -namespace Shibboleth; - -/** - * This file is autogenerated. Do not modifiy it. - */ - -/** - * - * Model for table - * - * @copyright (c) 2012 University of Geneva - * @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html - * @author Laurent Opprecht - */ -class - -{ - - /** - * Store for objects. Interact with the database. - * - * @return Store - */ - public static function store() - { - static $result = false; - if (empty($result)) - { - $result = new Store(); - } - return $result; - } - - /** - * - * @return - */ - public static function create($data = null) - { - return self::store()->create_object($data); - } - - - public $name; ?> = def ? $field->def : 'null'; ?>; - - - /** - * - * @return bool - */ - public function save() - { - return self::store()->save($this); - } - -} - -/** - * Store for objects. Interact with the database. - * - * @copyright (c) 2012 University of Geneva - * @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html - * @author Laurent Opprecht - */ -class Store extends Store -{ - - /** - * - * @return Store - */ - public static function instance() - { - static $result = false; - if (empty($result)) - { - $result = new self(); - } - return $result; - } - - public function __construct() - { - parent::__construct('', '', ''); - } - - /** - * - * @return - */ - public function get($w) - { - $args = func_get_args(); - $f = array('parent', 'get'); - return call_user_func_array($f, $args); - } - - /** - * - * @return - */ - public function create_object($data) - { - return parent::create_object($data); - } - - - /** - * - * @return - */ - public function get_by_($value) - { - return $this->get(array('' => $value)); - } - - /** - * - * @return bool - */ - public function _exists($value) - { - return $this->exist(array('' => $value)); - } - - /** - * - * @return bool - */ - public function delete_by_($value) - { - return $this->delete(array('' => $value)); - } - -} \ No newline at end of file diff --git a/main/auth/shibboleth/lib/scaffolder/template/public.php b/main/auth/shibboleth/lib/scaffolder/template/public.php deleted file mode 100755 index 4bb8d414ff..0000000000 --- a/main/auth/shibboleth/lib/scaffolder/template/public.php +++ /dev/null @@ -1,39 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ - -echo ' - -namespace Shibboleth; - -/** - * - * Model for table - * - * @copyright (c) 2012 University of Geneva - * @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html - * @author Laurent Opprecht - */ -class - -{ - - -} - -/** - * Store for objects. Interact with the database. - * - * @copyright (c) 2012 University of Geneva - * @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html - * @author Laurent Opprecht - */ -class Store extends Store -{ - -} \ No newline at end of file diff --git a/main/auth/shibboleth/lib/shibboleth_config.class.php b/main/auth/shibboleth/lib/shibboleth_config.class.php deleted file mode 100755 index 94a9d2f691..0000000000 --- a/main/auth/shibboleth/lib/shibboleth_config.class.php +++ /dev/null @@ -1,61 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class ShibbolethConfig -{ - public $unique_id = ''; - public $firstname = ''; - public $lastname = ''; - public $email = ''; - public $language = ''; - public $gender = ''; - public $address = ''; - public $staff_category = ''; - public $home_organization_type = ''; - public $home_organization = ''; - public $affiliation = ''; - public $persistent_id = ''; - - public $default_status = Shibboleth::UNKNOWN_STATUS; - - /** - * Mapping of affiliation => right - * @var array - */ - public $affiliation_status = array(); - - /** - * Mapping of affiliation => bool. Display the request status form. - * @var array - */ - public $affiliation_status_request = array(); - - /** - * List of fields to update when the user already exists field_name => boolean. - * @var array - */ - public $update_fields = array(); - - /* - * True if email is mandatory. False otherwise. - */ - public $is_email_mandatory = true; - - /** - * The email of the shibboleth administrator. - * - * @var string - */ - public $admnistrator_email = ''; - - - -} \ No newline at end of file diff --git a/main/auth/shibboleth/lib/shibboleth_session.class.php b/main/auth/shibboleth/lib/shibboleth_session.class.php deleted file mode 100755 index 3972551756..0000000000 --- a/main/auth/shibboleth/lib/shibboleth_session.class.php +++ /dev/null @@ -1,100 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class ShibbolethSession -{ - /** - * @return ShibbolethSession - */ - public static function instance() - { - static $result = false; - if (empty($result)) { - $result = new self(); - } - return $result; - } - - function is_logged_in() - { - return isset($_SESSION['_user']['user_id']); - } - - function user() - { - return $_SESSION['_user']; - } - - function logout() - { - $_SESSION['_user'] = array(); - online_logout(null, false); - global $logoutInfo; - Event::courseLogout($logoutInfo); - } - - /** - * Create a Shibboleth session for the user ID - * - * @param string $uid The user ID - * @return array $_user The user infos array created when the user logs in - */ - function login($uid) - { - /* This must be set for local.inc.php to register correctly the global variables in session - * This is BAD. Logic should be migrated into a function and stop relying on global variables. - */ - global $_uid, $is_allowedCreateCourse, $is_platformAdmin, $_real_cid, $is_courseAdmin; - global $is_courseMember, $is_courseTutor, $is_session_general_coach, $is_allowed_in_course, $is_sessionAdmin, $_gid; - $_uid = $uid; - - //is_allowedCreateCourse - $user = User::store()->get_by_user_id($uid); - if (empty($user)) { - return; - } - - $this->logout(); - - Session::instance(); - Session::write('_uid', $_uid); - - global $_user; - $_user = (array) $user; - - $_SESSION['_user'] = $_user; - $_SESSION['_user']['user_id'] = $_uid; - $_SESSION['noredirection'] = true; - - //must be called before 'init_local.inc.php' - Event::eventLogin($_uid); - - //used in 'init_local.inc.php' this is BAD but and should be changed - $loginFailed = false; - $uidReset = true; - - $gidReset = true; - $cidReset = false; //FALSE !! - - $mainDbName = Database :: get_main_database(); - $includePath = api_get_path(SYS_INC_PATH); - - $no_redirection = true; - require("$includePath/local.inc.php"); - - return $_user; - } - -} diff --git a/main/auth/shibboleth/lib/store.class.php b/main/auth/shibboleth/lib/store.class.php deleted file mode 100755 index 7eacfedc43..0000000000 --- a/main/auth/shibboleth/lib/store.class.php +++ /dev/null @@ -1,357 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class Store -{ - - /** - * - * @return Store - */ - public static function create($table_name, $class_name = '', $id_name = 'id', $db_name = '') - { - return new self($table_name, $class_name, $id_name, $db_name); - } - - protected $db_name = ''; - protected $table_name = ''; - protected $id_name = ''; - protected $class_name = ''; - - function __construct($table_name, $class_name = '', $id_name = 'id', $db_name = '') - { - $this->db_name = $db_name ? $db_name : Database::get_main_database(); - $this->table_name = $table_name; - $this->class_name = $class_name; - $this->id_name = $id_name; - } - - function get_db_name($object = '') - { - if ($this->db_name) - { - return $this->db_name; - } - if ($object) - { - $result = isset($object->{db_name}) ? $object->{db_name} : ''; - $result = $result ? $result : Database :: get_main_database(); - return $result; - } - - return Database::get_main_database(); - } - - function get($w) - { - $args = func_get_args(); - $f = array($this, 'get_where'); - $db_name = $this->get_db_name(); - $where = call_user_func_array($f, $args); - $sql = "SELECT * - FROM `{$db_name}`.`{$this->table_name}` - WHERE $where"; - - $items = $this->query($sql); - return (count($items) == 1) ? reset($items) : null; - } - - function select($w) - { - $args = func_get_args(); - $f = array($this, 'get_where'); - $db_name = $this->get_db_name(); - $where = call_user_func_array($f, $args); - $sql = "SELECT * - FROM `{$db_name}`.`{$this->table_name}` - WHERE $where"; - - $result = $this->query($sql); - return $result; - } - - function exist($w) - { - $args = func_get_args(); - $f = array($this, 'get'); - $object = call_user_func_array($f, $args); - return !empty($object); - } - - function is_new($object) - { - $id_name = $this->id_name; - $id = isset($object->{$id_name}) ? $object->{$id_name} : false; - return empty($id); - } - - function save($object) - { - if (empty($object)) - { - return false; - } - $object = is_array($object) ? $this->create_object($object) : $object; - $this->before_save($object); - if ($this->is_new($object)) - { - $result = $this->insert($object); - } - else - { - $result = $this->update($object); - } - return $result; - } - - function delete($object) - { - $args = func_get_args(); - $f = array($this, 'get_where'); - $db_name = $this->get_db_name(); - $where = call_user_func_array($f, $args); - $sql = "DELETE - FROM `{$db_name - } - -`.`{$this->table_name - } - -` - WHERE $where"; - - $result = $this->query($sql); - return $result; - } - - /** - * - * @param array|object $data - * @return object - */ - public function create_object($data = array()) - { - $data = $data ? $data : array(); - $data = (object) $data; - $class = $this->class_name; - if (empty($class)) - { - return clone $data; - } - $result = new $class(); - - foreach ($result as $key => $value) - { - $result->{$key} = property_exists($data, $key) ? $data->{$key} : null; - } - return $result; - } - - public function fields($object) - { - static $result = array(); - if (!empty($result)) - { - return $result; - } - - $db_name = $this->get_db_name($object); - $sql = "SELECT * - FROM `{$db_name}`.`{$this->table_name}` - LIMIT 1"; - $rs = Database::query($sql, null, __FILE__); - while ($field = mysql_fetch_field($rs)) - { - $result[] = $field; - } - return $result; - } - - protected function before_save($object) - { -//hook - } - - protected function update($object) - { - $id = isset($object->{$this->id_name}) ? $object->{$this->id_name} : false; - if (empty($id)) - { - return false; - } - $items = array(); - $fields = $this->fields($object); - foreach ($fields as $field) - { - $name = $field->name; - if ($name != $this->id_name) - { - if (property_exists($object, $name)) - { - $value = $object->{$name}; - $value = $this->format_value($value); - $items[] = "$name=$value"; - } - } - } - - $db_name = $this->get_db_name($object); - $sql = "UPDATE `{$db_name}`.`{$this->table_name}` SET "; - $sql .= join(', ', $items); - $sql .= " WHERE {$this->id_name}=$id"; - - $result = $this->execute($sql); - if ($result) - { - $object->{db_name} = $db_name; - } - return (bool) $result; - } - - protected function insert($object) - { - $id = isset($object->{$this->id_name}) ? $object->{$this->id_name} : false; - if (empty($object)) - { - return false; - } - $values = array(); - $keys = array(); - $fields = $this->fields($object); - foreach ($fields as $field) - { - $name = $field->name; - if ($name != $this->id_name) - { - if (property_exists($object, $name)) - { - $value = $object->{$name}; - $value = is_null($value) ? 'DEFAULT' : $this->format_value($value); - $values[] = $value; - $keys[] = $name; - } - } - } - - $db_name = $this->get_db_name($object); - $sql = "INSERT INTO `{$db_name}`.`{$this->table_name}` "; - $sql .= ' (' . join(', ', $keys) . ') '; - $sql .= 'VALUES'; - $sql .= ' (' . join(', ', $values) . ') '; - - $result = $this->execute($sql); - if ($result) - { - $id = mysql_insert_id(); - $object->{$this->id_name} = $id; - $object->{db_name} = $db_name; - return $id; - } - else - { - return false; - } - } - - protected function get_where($_) - { - $args = func_get_args(); - if (count($args) == 1) - { - $arg = reset($args); - if (is_numeric($arg)) - { - $id = (int) $arg; - if (empty($id)) - { - return ''; - } - $args = array($this->pk_name, $arg); - } - else if (is_string($arg)) - { - return $arg; - } - else if (is_array($arg)) - { - $args = $arg; - } - else - { - return $arg; - } - } - $items = array(); - foreach ($args as $key => $val) - { - $items[] = $key . ' = ' . $this->format_value($val); - } - return implode(' AND ', $items); - } - - protected function format_value($value) - { - if (is_null($value)) - { - return 'NULL'; - } - if (is_bool($var)) - { - return $value ? '1' : '0'; - } - else if (is_numeric($value)) - { - return empty($value) ? '0' : $value; - } - else if (is_string($value)) - { - $value = mysql_escape_string($value); - return "'$value'"; - } - else - { - return $value; - } - } - - /** - * - * @param string $sql - * @return array - */ - protected function query($sql) - { - $resource = Database::query($sql, null, __FILE__); - if ($resource == false) - { - return array(); - } - - $result = array(); - while ($data = mysql_fetch_assoc($resource)) - { - $result[] = $this->create_object($data); - } - return $result; - } - - /** - * @param string $sql - */ - protected function execute($sql) - { - return Database::query($sql, null, __FILE__); - } - -} \ No newline at end of file diff --git a/main/auth/shibboleth/login.php b/main/auth/shibboleth/login.php deleted file mode 100755 index 6b75d0d8ac..0000000000 --- a/main/auth/shibboleth/login.php +++ /dev/null @@ -1,35 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -include_once __DIR__.'/init.php'; - -/* - ============================================================================== - TEST SECTION - ============================================================================== - * - * @todo: Only for testing. Comment that out for production - * - */ -//Shibboleth::session()->logout(); -//ShibbolethTest::helper()->setup_new_student_no_email(); -//ShibbolethTest::helper()->setup_staff(); -//ShibbolethTest::helper()->setup_new_teacher(); -//ShibbolethTest::helper()->setup_new_student(); -//ShibbolethTest::helper()->setup_new_minimal_data(); - -ShibbolethController::instance()->login(); \ No newline at end of file diff --git a/main/auth/shibboleth/script/scaffold.php b/main/auth/shibboleth/script/scaffold.php deleted file mode 100755 index 9664edff41..0000000000 --- a/main/auth/shibboleth/script/scaffold.php +++ /dev/null @@ -1,36 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -$dir = __DIR__; -include_once $dir.'/../init.php'; -include_once $dir.'/../app/lib/scaffolder/scaffolder.class.php'; - -if (!ShibbolethTest::is_enabled()) -{ - echo 'This is not a test server'; - die; -} - -if (!Shibboleth::session()->is_logged_in()) -{ - echo 'Not authorized'; - die; -} - -$name = 'user'; -$result = Scaffolder::instance()->scaffold($name); - -file_put_contents("$dir/output/$name.class.php", $result); - -header('content-type: text/plain'); -echo $result; diff --git a/main/auth/shibboleth/test/shibboleth_test.class.php b/main/auth/shibboleth/test/shibboleth_test.class.php deleted file mode 100755 index 5c10ea2146..0000000000 --- a/main/auth/shibboleth/test/shibboleth_test.class.php +++ /dev/null @@ -1,218 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class ShibbolethTest -{ - - static function is_enabled() - { - return api_get_setting('server_type') == 'test'; - } - - /** - * @return ShibbolethTestHelper - */ - static function helper() - { - return ShibbolethTestHelper::instance(); - } - - static function init() - { - if (!self::is_enabled()) - { - die; - } - } - - static function test_new_teacher() - { - self::init(); - - self::helper()->setup_new_teacher(); - $shib_user = Shibboleth::store()->get_user(); - self::assert(!User::store()->shibboleth_id_exists($shib_user->unique_id)); - - Shibboleth::save($shib_user); - - $user = User::store()->get_by_shibboleth_id($shib_user->unique_id); - self::assert($user->email == $shib_user->email); - self::assert($user->firstname == $shib_user->firstname); - self::assert($user->lastname == $shib_user->lastname); - self::assert($user->persistent_id == $shib_user->persistent_id); - self::assert($user->status == Shibboleth::TEACHER_STATUS); - self::assert(!empty($user->password)); - self::assert(!empty($user->username)); - } - - static function test_new_student() - { - self::init(); - - self::helper()->setup_new_student(); - - $shib_user = Shibboleth::store()->get_user(); - self::assert(!User::store()->shibboleth_id_exists($shib_user->unique_id)); - - Shibboleth::save($shib_user); - - $user = User::store()->get_by_shibboleth_id($shib_user->unique_id); - self::assert($user->email == $shib_user->email); - self::assert($user->firstname == $shib_user->firstname); - self::assert($user->lastname == $shib_user->lastname); - self::assert($user->persistent_id == $shib_user->persistent_id); - self::assert($user->status == Shibboleth::STUDENT_STATUS); - self::assert(!empty($user->password)); - self::assert(!empty($user->username)); - } - - static function test_new_staff() - { - self::init(); - - self::helper()->setup_new_staff(); - - $shib_user = Shibboleth::store()->get_user(); - self::assert(!User::store()->shibboleth_id_exists($shib_user->unique_id)); - - Shibboleth::save($shib_user); - - $user = User::store()->get_by_shibboleth_id($shib_user->unique_id); - self::assert($user->email == $shib_user->email); - self::assert($user->firstname == $shib_user->firstname); - self::assert($user->lastname == $shib_user->lastname); - self::assert($user->persistent_id == $shib_user->persistent_id); - self::assert($user->status == Shibboleth::STUDENT_STATUS); - self::assert(!empty($user->password)); - self::assert(!empty($user->username)); - } - - static function test_new_infer_status_request() - { - self::init(); - - self::helper()->setup_new_staff(); - $shib_user = Shibboleth::store()->get_user(); - Shibboleth::save($shib_user); - self::assert($shib_user->status_request); - - self::helper()->setup_new_teacher(); - $shib_user = Shibboleth::store()->get_user(); - Shibboleth::save($shib_user); - - self::assert(!$shib_user->status_request); - - self::helper()->setup_new_student(); - $shib_user = Shibboleth::store()->get_user(); - Shibboleth::save($shib_user); - - self::assert(!$shib_user->status_request); - } - - static function test_update_teacher() - { - self::init(); - - $fields = Shibboleth::config()->update_fields; - self::assert($fields['email']); - self::assert($fields['persistent_id']); - self::assert($fields['firstname']); - self::assert($fields['lastname']); - self::assert(!$fields['status']); - - self::helper()->setup_teacher(); - $shib_user = Shibboleth::store()->get_user(); - Shibboleth::save($shib_user); - - $new_shib_user = clone($shib_user); - - $new_shib_user->firstname = 'frs'; - $new_shib_user->lastname = 'ls'; - $new_shib_user->email = 'em'; - $new_shib_user->status = 10; - $new_shib_user->persistent_id = 'per'; - - Shibboleth::save($new_shib_user); - $user = User::store()->get_by_shibboleth_id($shib_user->unique_id); - - self::assert($user->email == $new_shib_user->email); - self::assert($value = ($user->shibb_persistent_id == $new_shib_user->persistent_id)); - - self::assert($user->firstname == $new_shib_user->firstname); - self::assert($user->lastname == $new_shib_user->lastname); - self::assert($user->status == $shib_user->status); - self::assert(!empty($user->password)); - self::assert(!empty($user->username)); - } - - static function test_new_student_multiple_givenname() - { - self::init(); - - self::helper()->setup_new_student_multiple_givenname(); - - $shib_user = Shibboleth::store()->get_user(); - self::assert(!User::store()->shibboleth_id_exists($shib_user->unique_id)); - - Shibboleth::save($shib_user); - - $user = User::store()->get_by_shibboleth_id($shib_user->unique_id); - - self::assert($user->email == $shib_user->email); - self::assert($user->firstname == 'John'); - self::assert($user->lastname == $shib_user->lastname); - self::assert($user->persistent_id == $shib_user->persistent_id); - self::assert($user->status == Shibboleth::STUDENT_STATUS); - self::assert(!empty($user->password)); - self::assert(!empty($user->username)); - } - - static function test_new_no_affiliation_default() - { - self::init(); - - self::helper()->setup_new_no_affiliation(); - $shib_user = Shibboleth::store()->get_user(); - self::assert($config = Shibboleth::config()->default_status == Shibboleth::STUDENT_STATUS); - self::assert(!User::store()->shibboleth_id_exists($shib_user->unique_id)); - self::assert($shib_user->affiliation == ''); - - Shibboleth::save($shib_user); - - $user = User::store()->get_by_shibboleth_id($shib_user->unique_id); - - self::assert($user->email == $shib_user->email); - self::assert($user->firstname == 'John'); - self::assert($user->lastname == $shib_user->lastname); - self::assert($user->persistent_id == $shib_user->persistent_id); - self::assert($user->status == Shibboleth::STUDENT_STATUS); - self::assert(!empty($user->password)); - self::assert(!empty($user->username)); - } - - static function assert($assertion, $message = '') - { - if (!$assertion) - { - $message = "Assert failed $message
"; - echo $message; - // Dump variable for debug - error_log(print_r(debug_backtrace(), 1)); - die; - } - else - { - $message = "Assert successful $message
"; - echo $message; - } - } - -} \ No newline at end of file diff --git a/main/auth/shibboleth/test/shibboleth_test_helper.class.php b/main/auth/shibboleth/test/shibboleth_test_helper.class.php deleted file mode 100755 index aa0c8dd0ba..0000000000 --- a/main/auth/shibboleth/test/shibboleth_test_helper.class.php +++ /dev/null @@ -1,133 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -class ShibbolethTestHelper -{ - - /** - * - * @return ShibbolethTestHelper - */ - public static function instance() - { - static $result = false; - if (empty($result)) - { - $result = new self(); - } - return $result; - } - - public function setup_teacher() - { - $_SERVER['Shib-SwissEP-UniqueID'] = 'usr_1'; - $_SERVER['Shib-EP-Affiliation'] = 'member;staff;faculty'; - $_SERVER['Shib-InetOrgPerson-givenName'] = 'John'; - $_SERVER['Shib-Person-surname'] = 'Doe'; - $_SERVER['Shib-InetOrgPerson-mail'] = 'john.doe@localhost.org'; - $_SERVER['persistent-id'] = 'idp!viewer!drea34çcv3d'; - } - - public function setup_student() - { - $_SERVER['Shib-SwissEP-UniqueID'] = 'usr_1'; - $_SERVER['Shib-EP-Affiliation'] = 'member'; - $_SERVER['Shib-InetOrgPerson-givenName'] = 'John'; - $_SERVER['Shib-Person-surname'] = 'Doe'; - $_SERVER['Shib-InetOrgPerson-mail'] = 'john.doe@localhost.org'; - $_SERVER['persistent-id'] = 'idp!viewer!drea34çcv3d'; - } - - public function setup_staff() - { - $id = uniqid(); - $_SERVER['Shib-SwissEP-UniqueID'] = 'usr_123456'; - $_SERVER['Shib-EP-Affiliation'] = 'member;staff'; - $_SERVER['Shib-InetOrgPerson-givenName'] = 'John Staff'; - $_SERVER['Shib-Person-surname'] = 'Doe'; - $_SERVER['Shib-InetOrgPerson-mail'] = 'john.staff.doe@localhost.org'; - $_SERVER['persistent-id'] = 'idp!viewer!usr_123456'; - } - - public function setup_new_student() - { - $id = uniqid(); - $_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id; - $_SERVER['Shib-EP-Affiliation'] = 'member'; - $_SERVER['Shib-InetOrgPerson-givenName'] = 'John'; - $_SERVER['Shib-Person-surname'] = 'Doe' . $id; - $_SERVER['Shib-InetOrgPerson-mail'] = 'john.' . $id . 'Doe@localhost.org'; - $_SERVER['persistent-id'] = 'idp!viewer!' . md5($id); - } - - public function setup_new_student_no_email() - { - $id = uniqid(); - $_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id; - $_SERVER['Shib-EP-Affiliation'] = 'member'; - $_SERVER['Shib-InetOrgPerson-givenName'] = 'John'; - $_SERVER['Shib-Person-surname'] = 'Doe' . $id; - $_SERVER['Shib-InetOrgPerson-mail'] = ''; - $_SERVER['persistent-id'] = 'idp!viewer!' . md5($id); - } - - public function setup_new_student_multiple_givenname() - { - $id = uniqid(); - $_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id; - $_SERVER['Shib-EP-Affiliation'] = 'member'; - $_SERVER['Shib-InetOrgPerson-givenName'] = 'John;Alex;John Alex'; - $_SERVER['Shib-Person-surname'] = 'Doe' . $id; - $_SERVER['Shib-InetOrgPerson-mail'] = 'john.' . $id . 'Doe@localhost.org'; - $_SERVER['persistent-id'] = 'idp!viewer!' . md5($id); - } - - public function setup_new_teacher() - { - $id = uniqid(); - $_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id; - $_SERVER['Shib-EP-Affiliation'] = 'member;staff;faculty'; - $_SERVER['Shib-InetOrgPerson-givenName'] = 'John'; - $_SERVER['Shib-Person-surname'] = 'Doe' . $id; - $_SERVER['Shib-InetOrgPerson-mail'] = 'john.' . $id . 'Doe@localhost.org'; - $_SERVER['persistent-id'] = 'idp!viewer!' . md5($id); - } - - public function setup_new_staff() - { - $id = uniqid(); - $_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id; - $_SERVER['Shib-EP-Affiliation'] = 'member;staff'; - $_SERVER['Shib-InetOrgPerson-givenName'] = 'John'; - $_SERVER['Shib-Person-surname'] = 'Doe' . $id; - $_SERVER['Shib-InetOrgPerson-mail'] = 'john.' . $id . 'Doe@localhost.org'; - $_SERVER['persistent-id'] = 'idp!viewer!' . md5($id); - } - - public function setup_new_no_affiliation() - { - $id = uniqid(); - $_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id; - $_SERVER['Shib-EP-Affiliation'] = ''; - $_SERVER['Shib-InetOrgPerson-givenName'] = 'John'; - $_SERVER['Shib-Person-surname'] = 'Doe' . $id; - $_SERVER['Shib-InetOrgPerson-mail'] = 'john.' . $id . 'Doe@localhost.org'; - $_SERVER['persistent-id'] = 'idp!viewer!' . md5($id); - } - - public function setup_new_minimal_data() - { - $id = uniqid(); - $_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id; - $_SERVER['Shib-InetOrgPerson-givenName'] = 'John'; - $_SERVER['Shib-Person-surname'] = 'Doe' . $id; - } - -} \ No newline at end of file diff --git a/main/auth/shibboleth/test/test.php b/main/auth/shibboleth/test/test.php deleted file mode 100755 index 9e9d4a1770..0000000000 --- a/main/auth/shibboleth/test/test.php +++ /dev/null @@ -1,32 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -include_once __DIR__.'/../init.php'; - -if (!ShibbolethTest::is_enabled()) -{ - echo 'This is not a test server'; - die; -} - -echo 'Test started
-------------------
'; - -ShibbolethTest::test_new_teacher(); -ShibbolethTest::test_new_student(); -ShibbolethTest::test_update_teacher(); -ShibbolethTest::test_new_student_multiple_givenname(); -ShibbolethTest::test_new_no_affiliation_default(); -ShibbolethTest::test_new_staff(); -ShibbolethTest::test_new_infer_status_request(); - -echo '-------------------
Done!'; - - - diff --git a/main/auth/shibboleth/test/test_no_email.php b/main/auth/shibboleth/test/test_no_email.php deleted file mode 100755 index 129d5d85f1..0000000000 --- a/main/auth/shibboleth/test/test_no_email.php +++ /dev/null @@ -1,20 +0,0 @@ -, Nicolas Rod for the University of Geneva - */ -include_once __DIR__.'/../init.php'; - -if (!ShibbolethTest::is_enabled()) -{ - echo 'This is not a test server'; - die; -} - -Shibboleth::session()->logout(); -ShibbolethTest::helper()->setup_new_student_no_email(); - -require_once __DIR__.'/../login.php'; \ No newline at end of file