From 6b4607f0736a2a750881f89a42822925ce53ff16 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Mon, 30 Aug 2010 16:53:32 -0400 Subject: [PATCH] Upgrade from CAS 1.1.0RC6 to 1.1.2 --- plugins/CasAuthentication/extlib/CAS.php | 1393 ++++++++--------- .../extlib/CAS/PGTStorage/pgt-db.php | 28 + .../extlib/CAS/PGTStorage/pgt-file.php | 27 + .../extlib/CAS/PGTStorage/pgt-main.php | 27 + .../CasAuthentication/extlib/CAS/client.php | 865 +++++----- 5 files changed, 1243 insertions(+), 1097 deletions(-) diff --git a/plugins/CasAuthentication/extlib/CAS.php b/plugins/CasAuthentication/extlib/CAS.php index e754374198..62a6175794 100644 --- a/plugins/CasAuthentication/extlib/CAS.php +++ b/plugins/CasAuthentication/extlib/CAS.php @@ -1,20 +1,46 @@ =')) { - require_once(dirname(__FILE__).'/CAS/domxml-php4-to-php5.php'); +if (version_compare(PHP_VERSION, '5', '>=') && !(function_exists('domxml_new_doc'))) { + require_once (dirname(__FILE__) . '/CAS/domxml-php4-to-php5.php'); } /** @@ -35,24 +61,24 @@ if (version_compare(PHP_VERSION,'5','>=')) { /** * phpCAS version. accessible for the user by phpCAS::getVersion(). */ -define('PHPCAS_VERSION','1.1.0RC6'); +define('PHPCAS_VERSION', '1.1.2'); // ------------------------------------------------------------------------ // CAS VERSIONS // ------------------------------------------------------------------------ - /** - * @addtogroup public - * @{ - */ +/** + * @addtogroup public + * @{ + */ /** * CAS version 1.0 */ -define("CAS_VERSION_1_0",'1.0'); +define("CAS_VERSION_1_0", '1.0'); /*! * CAS version 2.0 */ -define("CAS_VERSION_2_0",'2.0'); +define("CAS_VERSION_2_0", '2.0'); // ------------------------------------------------------------------------ // SAML defines @@ -71,143 +97,141 @@ define("SAML_XML_HEADER", ''); /** * SOAP envelope for SAML POST */ -define ("SAML_SOAP_ENV", ''); +define("SAML_SOAP_ENV", ''); /** * SOAP body for SAML POST */ -define ("SAML_SOAP_BODY", ''); +define("SAML_SOAP_BODY", ''); /** * SAMLP request */ -define ("SAMLP_REQUEST", ''); -define ("SAMLP_REQUEST_CLOSE", ''); +define("SAMLP_REQUEST", ''); +define("SAMLP_REQUEST_CLOSE", ''); /** * SAMLP artifact tag (for the ticket) */ -define ("SAML_ASSERTION_ARTIFACT", ''); +define("SAML_ASSERTION_ARTIFACT", ''); /** * SAMLP close */ -define ("SAML_ASSERTION_ARTIFACT_CLOSE", ''); +define("SAML_ASSERTION_ARTIFACT_CLOSE", ''); /** * SOAP body close */ -define ("SAML_SOAP_BODY_CLOSE", ''); +define("SAML_SOAP_BODY_CLOSE", ''); /** * SOAP envelope close */ -define ("SAML_SOAP_ENV_CLOSE", ''); +define("SAML_SOAP_ENV_CLOSE", ''); /** * SAML Attributes */ define("SAML_ATTRIBUTES", 'SAMLATTRIBS'); - - /** @} */ - /** - * @addtogroup publicPGTStorage - * @{ - */ +/** + * @addtogroup publicPGTStorage + * @{ + */ // ------------------------------------------------------------------------ // FILE PGT STORAGE // ------------------------------------------------------------------------ - /** - * Default path used when storing PGT's to file - */ -define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH",'/tmp'); +/** + * Default path used when storing PGT's to file + */ +define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH", '/tmp'); /** * phpCAS::setPGTStorageFile()'s 2nd parameter to write plain text files */ -define("CAS_PGT_STORAGE_FILE_FORMAT_PLAIN",'plain'); +define("CAS_PGT_STORAGE_FILE_FORMAT_PLAIN", 'plain'); /** * phpCAS::setPGTStorageFile()'s 2nd parameter to write xml files */ -define("CAS_PGT_STORAGE_FILE_FORMAT_XML",'xml'); +define("CAS_PGT_STORAGE_FILE_FORMAT_XML", 'xml'); /** * Default format used when storing PGT's to file */ -define("CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT",CAS_PGT_STORAGE_FILE_FORMAT_PLAIN); +define("CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT", CAS_PGT_STORAGE_FILE_FORMAT_PLAIN); // ------------------------------------------------------------------------ // DATABASE PGT STORAGE // ------------------------------------------------------------------------ - /** - * default database type when storing PGT's to database - */ -define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE",'mysql'); +/** + * default database type when storing PGT's to database + */ +define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE", 'mysql'); /** * default host when storing PGT's to database */ -define("CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME",'localhost'); +define("CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME", 'localhost'); /** * default port when storing PGT's to database */ -define("CAS_PGT_STORAGE_DB_DEFAULT_PORT",''); +define("CAS_PGT_STORAGE_DB_DEFAULT_PORT", ''); /** * default database when storing PGT's to database */ -define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE",'phpCAS'); +define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE", 'phpCAS'); /** * default table when storing PGT's to database */ -define("CAS_PGT_STORAGE_DB_DEFAULT_TABLE",'pgt'); +define("CAS_PGT_STORAGE_DB_DEFAULT_TABLE", 'pgt'); /** @} */ // ------------------------------------------------------------------------ // SERVICE ACCESS ERRORS // ------------------------------------------------------------------------ - /** - * @addtogroup publicServices - * @{ - */ +/** + * @addtogroup publicServices + * @{ + */ /** * phpCAS::service() error code on success */ -define("PHPCAS_SERVICE_OK",0); +define("PHPCAS_SERVICE_OK", 0); /** * phpCAS::service() error code when the PT could not retrieve because * the CAS server did not respond. */ -define("PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE",1); +define("PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE", 1); /** * phpCAS::service() error code when the PT could not retrieve because * the response of the CAS server was ill-formed. */ -define("PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE",2); +define("PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE", 2); /** * phpCAS::service() error code when the PT could not retrieve because * the CAS server did not want to. */ -define("PHPCAS_SERVICE_PT_FAILURE",3); +define("PHPCAS_SERVICE_PT_FAILURE", 3); /** * phpCAS::service() error code when the service was not available. */ -define("PHPCAS_SERVICE_NOT AVAILABLE",4); +define("PHPCAS_SERVICE_NOT AVAILABLE", 4); /** @} */ // ------------------------------------------------------------------------ // LANGUAGES // ------------------------------------------------------------------------ - /** - * @addtogroup publicLang - * @{ - */ +/** + * @addtogroup publicLang + * @{ + */ -define("PHPCAS_LANG_ENGLISH", 'english'); -define("PHPCAS_LANG_FRENCH", 'french'); -define("PHPCAS_LANG_GREEK", 'greek'); -define("PHPCAS_LANG_GERMAN", 'german'); -define("PHPCAS_LANG_JAPANESE", 'japanese'); -define("PHPCAS_LANG_SPANISH", 'spanish'); -define("PHPCAS_LANG_CATALAN", 'catalan'); +define("PHPCAS_LANG_ENGLISH", 'english'); +define("PHPCAS_LANG_FRENCH", 'french'); +define("PHPCAS_LANG_GREEK", 'greek'); +define("PHPCAS_LANG_GERMAN", 'german'); +define("PHPCAS_LANG_JAPANESE", 'japanese'); +define("PHPCAS_LANG_SPANISH", 'spanish'); +define("PHPCAS_LANG_CATALAN", 'catalan'); /** @} */ @@ -225,31 +249,31 @@ define("PHPCAS_LANG_DEFAULT", PHPCAS_LANG_ENGLISH); // ------------------------------------------------------------------------ // DEBUG // ------------------------------------------------------------------------ - /** - * @addtogroup publicDebug - * @{ - */ +/** + * @addtogroup publicDebug + * @{ + */ /** * The default directory for the debug file under Unix. */ -define('DEFAULT_DEBUG_DIR','/tmp/'); +define('DEFAULT_DEBUG_DIR', '/tmp/'); /** @} */ // ------------------------------------------------------------------------ // MISC // ------------------------------------------------------------------------ - /** - * @addtogroup internalMisc - * @{ - */ +/** + * @addtogroup internalMisc + * @{ + */ /** * This global variable is used by the interface class phpCAS. * * @hideinitializer */ -$GLOBALS['PHPCAS_CLIENT'] = null; +$GLOBALS['PHPCAS_CLIENT'] = null; /** * This global variable is used to store where the initializer is called from @@ -257,10 +281,12 @@ $GLOBALS['PHPCAS_CLIENT'] = null; * * @hideinitializer */ -$GLOBALS['PHPCAS_INIT_CALL'] = array('done' => FALSE, +$GLOBALS['PHPCAS_INIT_CALL'] = array ( + 'done' => FALSE, 'file' => '?', 'line' => -1, - 'method' => '?'); + 'method' => '?' +); /** * This global variable is used to store where the method checking @@ -268,20 +294,24 @@ $GLOBALS['PHPCAS_INIT_CALL'] = array('done' => FALSE, * * @hideinitializer */ -$GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array('done' => FALSE, +$GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array ( + 'done' => FALSE, 'file' => '?', 'line' => -1, 'method' => '?', - 'result' => FALSE); + 'result' => FALSE +); /** * This global variable is used to store phpCAS debug mode. * * @hideinitializer */ -$GLOBALS['PHPCAS_DEBUG'] = array('filename' => FALSE, +$GLOBALS['PHPCAS_DEBUG'] = array ( + 'filename' => FALSE, 'indent' => 0, - 'unique_id' => ''); + 'unique_id' => '' +); /** @} */ @@ -290,7 +320,7 @@ $GLOBALS['PHPCAS_DEBUG'] = array('filename' => FALSE, // ######################################################################## // include client class -include_once(dirname(__FILE__).'/CAS/client.php'); +include_once (dirname(__FILE__) . '/CAS/client.php'); // ######################################################################## // INTERFACE CLASS @@ -308,20 +338,17 @@ include_once(dirname(__FILE__).'/CAS/client.php'); * at the end of CAS/client.php). */ +class phpCAS { - -class phpCAS -{ - // ######################################################################## // INITIALIZATION // ######################################################################## - + /** * @addtogroup publicInit * @{ */ - + /** * phpCAS client initializer. * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be @@ -336,43 +363,41 @@ class phpCAS * * @return a newly created CASClient object */ - function client($server_version, - $server_hostname, - $server_port, - $server_uri, - $start_session = true) - { + function client($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) { global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL; - - phpCAS::traceBegin(); - if ( is_object($PHPCAS_CLIENT) ) { - phpCAS::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')'); + + phpCAS :: traceBegin(); + if (is_object($PHPCAS_CLIENT)) { + phpCAS :: error($PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . $PHPCAS_INIT_CALL['file'] . ':' . $PHPCAS_INIT_CALL['line'] . ')'); } - if ( gettype($server_version) != 'string' ) { - phpCAS::error('type mismatched for parameter $server_version (should be `string\')'); + if (gettype($server_version) != 'string') { + phpCAS :: error('type mismatched for parameter $server_version (should be `string\')'); } - if ( gettype($server_hostname) != 'string' ) { - phpCAS::error('type mismatched for parameter $server_hostname (should be `string\')'); + if (gettype($server_hostname) != 'string') { + phpCAS :: error('type mismatched for parameter $server_hostname (should be `string\')'); } - if ( gettype($server_port) != 'integer' ) { - phpCAS::error('type mismatched for parameter $server_port (should be `integer\')'); + if (gettype($server_port) != 'integer') { + phpCAS :: error('type mismatched for parameter $server_port (should be `integer\')'); } - if ( gettype($server_uri) != 'string' ) { - phpCAS::error('type mismatched for parameter $server_uri (should be `string\')'); + if (gettype($server_uri) != 'string') { + phpCAS :: error('type mismatched for parameter $server_uri (should be `string\')'); } - + // store where the initializer is called from - $dbg = phpCAS::backtrace(); - $PHPCAS_INIT_CALL = array('done' => TRUE, + $dbg = phpCAS :: backtrace(); + $PHPCAS_INIT_CALL = array ( + 'done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], - 'method' => __CLASS__.'::'.__FUNCTION__); - + 'method' => __CLASS__ . '::' . __FUNCTION__ + ); + // initialize the global object $PHPCAS_CLIENT - $PHPCAS_CLIENT = new CASClient($server_version,FALSE/*proxy*/,$server_hostname,$server_port,$server_uri,$start_session); - phpCAS::traceEnd(); - } - + $PHPCAS_CLIENT = new CASClient($server_version, FALSE /*proxy*/ + , $server_hostname, $server_port, $server_uri, $start_session); + phpCAS :: traceEnd(); + } + /** * phpCAS proxy initializer. * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be @@ -387,110 +412,107 @@ class phpCAS * * @return a newly created CASClient object */ - function proxy($server_version, - $server_hostname, - $server_port, - $server_uri, - $start_session = true) - { + function proxy($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) { global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL; - - phpCAS::traceBegin(); - if ( is_object($PHPCAS_CLIENT) ) { - phpCAS::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')'); + + phpCAS :: traceBegin(); + if (is_object($PHPCAS_CLIENT)) { + phpCAS :: error($PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . $PHPCAS_INIT_CALL['file'] . ':' . $PHPCAS_INIT_CALL['line'] . ')'); } - if ( gettype($server_version) != 'string' ) { - phpCAS::error('type mismatched for parameter $server_version (should be `string\')'); + if (gettype($server_version) != 'string') { + phpCAS :: error('type mismatched for parameter $server_version (should be `string\')'); } - if ( gettype($server_hostname) != 'string' ) { - phpCAS::error('type mismatched for parameter $server_hostname (should be `string\')'); + if (gettype($server_hostname) != 'string') { + phpCAS :: error('type mismatched for parameter $server_hostname (should be `string\')'); } - if ( gettype($server_port) != 'integer' ) { - phpCAS::error('type mismatched for parameter $server_port (should be `integer\')'); + if (gettype($server_port) != 'integer') { + phpCAS :: error('type mismatched for parameter $server_port (should be `integer\')'); } - if ( gettype($server_uri) != 'string' ) { - phpCAS::error('type mismatched for parameter $server_uri (should be `string\')'); + if (gettype($server_uri) != 'string') { + phpCAS :: error('type mismatched for parameter $server_uri (should be `string\')'); } - + // store where the initialzer is called from - $dbg = phpCAS::backtrace(); - $PHPCAS_INIT_CALL = array('done' => TRUE, + $dbg = phpCAS :: backtrace(); + $PHPCAS_INIT_CALL = array ( + 'done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], - 'method' => __CLASS__.'::'.__FUNCTION__); - + 'method' => __CLASS__ . '::' . __FUNCTION__ + ); + // initialize the global object $PHPCAS_CLIENT - $PHPCAS_CLIENT = new CASClient($server_version,TRUE/*proxy*/,$server_hostname,$server_port,$server_uri,$start_session); - phpCAS::traceEnd(); - } - + $PHPCAS_CLIENT = new CASClient($server_version, TRUE /*proxy*/ + , $server_hostname, $server_port, $server_uri, $start_session); + phpCAS :: traceEnd(); + } + /** @} */ // ######################################################################## // DEBUGGING // ######################################################################## - + /** * @addtogroup publicDebug * @{ */ - + /** * Set/unset debug mode * * @param $filename the name of the file used for logging, or FALSE to stop debugging. */ - function setDebug($filename='') - { + function setDebug($filename = '') { global $PHPCAS_DEBUG; - - if ( $filename != FALSE && gettype($filename) != 'string' ) { - phpCAS::error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)'); + + if ($filename != FALSE && gettype($filename) != 'string') { + phpCAS :: error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)'); } - - if ( empty($filename) ) { - if ( preg_match('/^Win.*/',getenv('OS')) ) { - if ( isset($_ENV['TMP']) ) { - $debugDir = $_ENV['TMP'].'/'; - } else if ( isset($_ENV['TEMP']) ) { - $debugDir = $_ENV['TEMP'].'/'; - } else { - $debugDir = ''; - } + + if (empty ($filename)) { + if (preg_match('/^Win.*/', getenv('OS'))) { + if (isset ($_ENV['TMP'])) { + $debugDir = $_ENV['TMP'] . '/'; + } else + if (isset ($_ENV['TEMP'])) { + $debugDir = $_ENV['TEMP'] . '/'; + } else { + $debugDir = ''; + } } else { $debugDir = DEFAULT_DEBUG_DIR; } $filename = $debugDir . 'phpCAS.log'; } - - if ( empty($PHPCAS_DEBUG['unique_id']) ) { - $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))),0,4); + + if (empty ($PHPCAS_DEBUG['unique_id'])) { + $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))), 0, 4); } - + $PHPCAS_DEBUG['filename'] = $filename; - - phpCAS::trace('START ******************'); - } - + + phpCAS :: trace('START phpCAS-' . PHPCAS_VERSION . ' ******************'); + } + /** @} */ /** * @addtogroup internalDebug * @{ */ - + /** * This method is a wrapper for debug_backtrace() that is not available * in all PHP versions (>= 4.3.0 only) */ - function backtrace() - { - if ( function_exists('debug_backtrace') ) { + function backtrace() { + if (function_exists('debug_backtrace')) { return debug_backtrace(); } else { // poor man's hack ... but it does work ... - return array(); + return array (); } - } - + } + /** * Logs a string in debug mode. * @@ -498,20 +520,19 @@ class phpCAS * * @private */ - function log($str) - { + function log($str) { $indent_str = "."; global $PHPCAS_DEBUG; - - if ( $PHPCAS_DEBUG['filename'] ) { - for ($i=0;$i<$PHPCAS_DEBUG['indent'];$i++) { + + if ($PHPCAS_DEBUG['filename']) { + for ($i = 0; $i < $PHPCAS_DEBUG['indent']; $i++) { $indent_str .= '| '; } - error_log($PHPCAS_DEBUG['unique_id'].' '.$indent_str.$str."\n",3,$PHPCAS_DEBUG['filename']); + error_log($PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str . $str . "\n", 3, $PHPCAS_DEBUG['filename']); } - - } - + + } + /** * This method is used by interface methods to print an error and where the function * was originally called from. @@ -520,16 +541,15 @@ class phpCAS * * @private */ - function error($msg) - { - $dbg = phpCAS::backtrace(); + function error($msg) { + $dbg = phpCAS :: backtrace(); $function = '?'; $file = '?'; $line = '?'; - if ( is_array($dbg) ) { - for ( $i=1; $i\nphpCAS error: ".__CLASS__."::".$function.'(): '.htmlentities($msg)." in ".$file." on line ".$line."
\n"; - phpCAS::trace($msg); - phpCAS::traceExit(); - exit(); - } - + echo "
\nphpCAS error: " . __CLASS__ . "::" . $function . '(): ' . htmlentities($msg) . " in " . $file . " on line " . $line . "
\n"; + phpCAS :: trace($msg); + phpCAS :: traceExit(); + exit (); + } + /** * This method is used to log something in debug mode. */ - function trace($str) - { - $dbg = phpCAS::backtrace(); - phpCAS::log($str.' ['.basename($dbg[1]['file']).':'.$dbg[1]['line'].']'); - } - + function trace($str) { + $dbg = phpCAS :: backtrace(); + phpCAS :: log($str . ' [' . basename($dbg[1]['file']) . ':' . $dbg[1]['line'] . ']'); + } + /** * This method is used to indicate the start of the execution of a function in debug mode. */ - function traceBegin() - { + function traceBegin() { global $PHPCAS_DEBUG; - - $dbg = phpCAS::backtrace(); + + $dbg = phpCAS :: backtrace(); $str = '=> '; - if ( !empty($dbg[2]['class']) ) { - $str .= $dbg[2]['class'].'::'; + if (!empty ($dbg[2]['class'])) { + $str .= $dbg[2]['class'] . '::'; } - $str .= $dbg[2]['function'].'('; - if ( is_array($dbg[2]['args']) ) { + $str .= $dbg[2]['function'] . '('; + if (is_array($dbg[2]['args'])) { foreach ($dbg[2]['args'] as $index => $arg) { - if ( $index != 0 ) { + if ($index != 0) { $str .= ', '; } - $str .= str_replace("\n","",var_export($arg,TRUE)); + $str .= str_replace("\n", "", var_export($arg, TRUE)); } } - $str .= ') ['.basename($dbg[2]['file']).':'.$dbg[2]['line'].']'; - phpCAS::log($str); - $PHPCAS_DEBUG['indent'] ++; - } - + $str .= ') [' . basename($dbg[2]['file']) . ':' . $dbg[2]['line'] . ']'; + phpCAS :: log($str); + $PHPCAS_DEBUG['indent']++; + } + /** * This method is used to indicate the end of the execution of a function in debug mode. * * @param $res the result of the function */ - function traceEnd($res='') - { + function traceEnd($res = '') { global $PHPCAS_DEBUG; - - $PHPCAS_DEBUG['indent'] --; - $dbg = phpCAS::backtrace(); + + $PHPCAS_DEBUG['indent']--; + $dbg = phpCAS :: backtrace(); $str = ''; - $str .= '<= '.str_replace("\n","",var_export($res,TRUE)); - phpCAS::log($str); - } - + $str .= '<= ' . str_replace("\n", "", var_export($res, TRUE)); + phpCAS :: log($str); + } + /** * This method is used to indicate the end of the execution of the program */ - function traceExit() - { + function traceExit() { global $PHPCAS_DEBUG; - - phpCAS::log('exit()'); - while ( $PHPCAS_DEBUG['indent'] > 0 ) { - phpCAS::log('-'); - $PHPCAS_DEBUG['indent'] --; + + phpCAS :: log('exit()'); + while ($PHPCAS_DEBUG['indent'] > 0) { + phpCAS :: log('-'); + $PHPCAS_DEBUG['indent']--; } - } - + } + /** @} */ // ######################################################################## // INTERNATIONALIZATION @@ -616,7 +632,7 @@ class phpCAS * @addtogroup publicLang * @{ */ - + /** * This method is used to set the language used by phpCAS. * @note Can be called only once. @@ -625,18 +641,17 @@ class phpCAS * * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH */ - function setLang($lang) - { + function setLang($lang) { global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - if ( gettype($lang) != 'string' ) { - phpCAS::error('type mismatched for parameter $lang (should be `string\')'); + if (gettype($lang) != 'string') { + phpCAS :: error('type mismatched for parameter $lang (should be `string\')'); } $PHPCAS_CLIENT->setLang($lang); - } - + } + /** @} */ // ######################################################################## // VERSION @@ -645,17 +660,16 @@ class phpCAS * @addtogroup public * @{ */ - + /** * This method returns the phpCAS version. * * @return the phpCAS version. */ - function getVersion() - { + function getVersion() { return PHPCAS_VERSION; - } - + } + /** @} */ // ######################################################################## // HTML OUTPUT @@ -664,41 +678,39 @@ class phpCAS * @addtogroup publicOutput * @{ */ - + /** * This method sets the HTML header used for all outputs. * * @param $header the HTML header. */ - function setHTMLHeader($header) - { + function setHTMLHeader($header) { global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - if ( gettype($header) != 'string' ) { - phpCAS::error('type mismatched for parameter $header (should be `string\')'); + if (gettype($header) != 'string') { + phpCAS :: error('type mismatched for parameter $header (should be `string\')'); } $PHPCAS_CLIENT->setHTMLHeader($header); - } - + } + /** * This method sets the HTML footer used for all outputs. * * @param $footer the HTML footer. */ - function setHTMLFooter($footer) - { + function setHTMLFooter($footer) { global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - if ( gettype($footer) != 'string' ) { - phpCAS::error('type mismatched for parameter $footer (should be `string\')'); + if (gettype($footer) != 'string') { + phpCAS :: error('type mismatched for parameter $footer (should be `string\')'); } $PHPCAS_CLIENT->setHTMLFooter($footer); - } - + } + /** @} */ // ######################################################################## // PGT STORAGE @@ -707,7 +719,7 @@ class phpCAS * @addtogroup publicPGTStorage * @{ */ - + /** * This method is used to tell phpCAS to store the response of the * CAS server to PGT requests onto the filesystem. @@ -715,31 +727,29 @@ class phpCAS * @param $format the format used to store the PGT's (`plain' and `xml' allowed) * @param $path the path where the PGT's should be stored */ - function setPGTStorageFile($format='', - $path='') - { - global $PHPCAS_CLIENT,$PHPCAS_AUTH_CHECK_CALL; - - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + function setPGTStorageFile($format = '', $path = '') { + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; + + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if ( !$PHPCAS_CLIENT->isProxy() ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + if (!$PHPCAS_CLIENT->isProxy()) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if ( $PHPCAS_AUTH_CHECK_CALL['done'] ) { - phpCAS::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')'); + if ($PHPCAS_AUTH_CHECK_CALL['done']) { + phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')'); } - if ( gettype($format) != 'string' ) { - phpCAS::error('type mismatched for parameter $format (should be `string\')'); + if (gettype($format) != 'string') { + phpCAS :: error('type mismatched for parameter $format (should be `string\')'); } - if ( gettype($path) != 'string' ) { - phpCAS::error('type mismatched for parameter $format (should be `string\')'); + if (gettype($path) != 'string') { + phpCAS :: error('type mismatched for parameter $format (should be `string\')'); } - $PHPCAS_CLIENT->setPGTStorageFile($format,$path); - phpCAS::traceEnd(); - } - + $PHPCAS_CLIENT->setPGTStorageFile($format, $path); + phpCAS :: traceEnd(); + } + /** * This method is used to tell phpCAS to store the response of the * CAS server to PGT requests into a database. @@ -755,51 +765,44 @@ class phpCAS * @param $database the name of the database * @param $table the name of the table storing the data */ - function setPGTStorageDB($user, - $password, - $database_type='', - $hostname='', - $port=0, - $database='', - $table='') - { - global $PHPCAS_CLIENT,$PHPCAS_AUTH_CHECK_CALL; - - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + function setPGTStorageDB($user, $password, $database_type = '', $hostname = '', $port = 0, $database = '', $table = '') { + global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; + + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if ( !$PHPCAS_CLIENT->isProxy() ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + if (!$PHPCAS_CLIENT->isProxy()) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if ( $PHPCAS_AUTH_CHECK_CALL['done'] ) { - phpCAS::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')'); + if ($PHPCAS_AUTH_CHECK_CALL['done']) { + phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')'); } - if ( gettype($user) != 'string' ) { - phpCAS::error('type mismatched for parameter $user (should be `string\')'); + if (gettype($user) != 'string') { + phpCAS :: error('type mismatched for parameter $user (should be `string\')'); } - if ( gettype($password) != 'string' ) { - phpCAS::error('type mismatched for parameter $password (should be `string\')'); + if (gettype($password) != 'string') { + phpCAS :: error('type mismatched for parameter $password (should be `string\')'); } - if ( gettype($database_type) != 'string' ) { - phpCAS::error('type mismatched for parameter $database_type (should be `string\')'); + if (gettype($database_type) != 'string') { + phpCAS :: error('type mismatched for parameter $database_type (should be `string\')'); } - if ( gettype($hostname) != 'string' ) { - phpCAS::error('type mismatched for parameter $hostname (should be `string\')'); + if (gettype($hostname) != 'string') { + phpCAS :: error('type mismatched for parameter $hostname (should be `string\')'); } - if ( gettype($port) != 'integer' ) { - phpCAS::error('type mismatched for parameter $port (should be `integer\')'); + if (gettype($port) != 'integer') { + phpCAS :: error('type mismatched for parameter $port (should be `integer\')'); } - if ( gettype($database) != 'string' ) { - phpCAS::error('type mismatched for parameter $database (should be `string\')'); + if (gettype($database) != 'string') { + phpCAS :: error('type mismatched for parameter $database (should be `string\')'); } - if ( gettype($table) != 'string' ) { - phpCAS::error('type mismatched for parameter $table (should be `string\')'); + if (gettype($table) != 'string') { + phpCAS :: error('type mismatched for parameter $table (should be `string\')'); } - $PHPCAS_CLIENT->setPGTStorageDB($user,$password,$database_type,$hostname,$port,$database,$table); - phpCAS::traceEnd(); - } - + $PHPCAS_CLIENT->setPGTStorageDB($user, $password, $database_type, $hostname, $port, $database, $table); + phpCAS :: traceEnd(); + } + /** @} */ // ######################################################################## // ACCESS TO EXTERNAL SERVICES @@ -808,7 +811,7 @@ class phpCAS * @addtogroup publicServices * @{ */ - + /** * This method is used to access an HTTP[S] service. * @@ -822,33 +825,32 @@ class phpCAS * @return TRUE on success, FALSE otherwise (in this later case, $err_code * gives the reason why it failed and $output contains an error message). */ - function serviceWeb($url,&$err_code,&$output) - { + function serviceWeb($url, & $err_code, & $output) { global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if ( !$PHPCAS_CLIENT->isProxy() ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + if (!$PHPCAS_CLIENT->isProxy()) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) { - phpCAS::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()'); + if (!$PHPCAS_AUTH_CHECK_CALL['done']) { + phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()'); } - if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) { - phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE'); + if (!$PHPCAS_AUTH_CHECK_CALL['result']) { + phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); } - if ( gettype($url) != 'string' ) { - phpCAS::error('type mismatched for parameter $url (should be `string\')'); + if (gettype($url) != 'string') { + phpCAS :: error('type mismatched for parameter $url (should be `string\')'); } - - $res = $PHPCAS_CLIENT->serviceWeb($url,$err_code,$output); - - phpCAS::traceEnd($res); + + $res = $PHPCAS_CLIENT->serviceWeb($url, $err_code, $output); + + phpCAS :: traceEnd($res); return $res; - } - + } + /** * This method is used to access an IMAP/POP3/NNTP service. * @@ -866,37 +868,36 @@ class phpCAS * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code * gives the reason why it failed and $err_msg contains an error message). */ - function serviceMail($url,$service,$flags,&$err_code,&$err_msg,&$pt) - { + function serviceMail($url, $service, $flags, & $err_code, & $err_msg, & $pt) { global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if ( !$PHPCAS_CLIENT->isProxy() ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + if (!$PHPCAS_CLIENT->isProxy()) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) { - phpCAS::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()'); + if (!$PHPCAS_AUTH_CHECK_CALL['done']) { + phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()'); } - if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) { - phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE'); + if (!$PHPCAS_AUTH_CHECK_CALL['result']) { + phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); } - if ( gettype($url) != 'string' ) { - phpCAS::error('type mismatched for parameter $url (should be `string\')'); + if (gettype($url) != 'string') { + phpCAS :: error('type mismatched for parameter $url (should be `string\')'); } - - if ( gettype($flags) != 'integer' ) { - phpCAS::error('type mismatched for parameter $flags (should be `integer\')'); + + if (gettype($flags) != 'integer') { + phpCAS :: error('type mismatched for parameter $flags (should be `integer\')'); } - - $res = $PHPCAS_CLIENT->serviceMail($url,$service,$flags,$err_code,$err_msg,$pt); - - phpCAS::traceEnd($res); + + $res = $PHPCAS_CLIENT->serviceMail($url, $service, $flags, $err_code, $err_msg, $pt); + + phpCAS :: traceEnd($res); return $res; - } - + } + /** @} */ // ######################################################################## // AUTHENTICATION @@ -905,7 +906,7 @@ class phpCAS * @addtogroup publicAuth * @{ */ - + /** * Set the times authentication will be cached before really accessing the CAS server in gateway mode: * - -1: check only once, and then never again (until you pree login) @@ -914,150 +915,156 @@ class phpCAS * * @param $n an integer. */ - function setCacheTimesForAuthRecheck($n) - { + function setCacheTimesForAuthRecheck($n) { global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - if ( gettype($n) != 'integer' ) { - phpCAS::error('type mismatched for parameter $header (should be `string\')'); + if (gettype($n) != 'integer') { + phpCAS :: error('type mismatched for parameter $header (should be `string\')'); } $PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n); - } - + } + /** * This method is called to check if the user is authenticated (use the gateway feature). * @return TRUE when the user is authenticated; otherwise FALSE. */ - function checkAuthentication() - { + function checkAuthentication() { global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - + $auth = $PHPCAS_CLIENT->checkAuthentication(); - + // store where the authentication has been checked and the result - $dbg = phpCAS::backtrace(); - $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE, + $dbg = phpCAS :: backtrace(); + $PHPCAS_AUTH_CHECK_CALL = array ( + 'done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], - 'method' => __CLASS__.'::'.__FUNCTION__, - 'result' => $auth ); - phpCAS::traceEnd($auth); - return $auth; - } + 'method' => __CLASS__ . '::' . __FUNCTION__, + 'result' => $auth + ); + phpCAS :: traceEnd($auth); + return $auth; + } /** * This method is called to force authentication if the user was not already * authenticated. If the user is not authenticated, halt by redirecting to * the CAS server. */ - function forceAuthentication() - { + function forceAuthentication() { global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - + $auth = $PHPCAS_CLIENT->forceAuthentication(); - + // store where the authentication has been checked and the result - $dbg = phpCAS::backtrace(); - $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE, + $dbg = phpCAS :: backtrace(); + $PHPCAS_AUTH_CHECK_CALL = array ( + 'done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], - 'method' => __CLASS__.'::'.__FUNCTION__, - 'result' => $auth ); - - if ( !$auth ) { - phpCAS::trace('user is not authenticated, redirecting to the CAS server'); + 'method' => __CLASS__ . '::' . __FUNCTION__, + 'result' => $auth + ); + + if (!$auth) { + phpCAS :: trace('user is not authenticated, redirecting to the CAS server'); $PHPCAS_CLIENT->forceAuthentication(); } else { - phpCAS::trace('no need to authenticate (user `'.phpCAS::getUser().'\' is already authenticated)'); + phpCAS :: trace('no need to authenticate (user `' . phpCAS :: getUser() . '\' is already authenticated)'); } - - phpCAS::traceEnd(); - return $auth; - } - + + phpCAS :: traceEnd(); + return $auth; + } + /** * This method is called to renew the authentication. **/ function renewAuthentication() { global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before'.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should not be called before' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - + // store where the authentication has been checked and the result - $dbg = phpCAS::backtrace(); - $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], 'method' => __CLASS__.'::'.__FUNCTION__, 'result' => $auth ); - + $dbg = phpCAS :: backtrace(); + $PHPCAS_AUTH_CHECK_CALL = array ( + 'done' => TRUE, + 'file' => $dbg[0]['file'], + 'line' => $dbg[0]['line'], + 'method' => __CLASS__ . '::' . __FUNCTION__, + 'result' => $auth + ); + $PHPCAS_CLIENT->renewAuthentication(); - phpCAS::traceEnd(); + phpCAS :: traceEnd(); } /** * This method has been left from version 0.4.1 for compatibility reasons. */ - function authenticate() - { - phpCAS::error('this method is deprecated. You should use '.__CLASS__.'::forceAuthentication() instead'); - } - + function authenticate() { + phpCAS :: error('this method is deprecated. You should use ' . __CLASS__ . '::forceAuthentication() instead'); + } + /** * This method is called to check if the user is authenticated (previously or by * tickets given in the URL). * * @return TRUE when the user is authenticated. */ - function isAuthenticated() - { + function isAuthenticated() { global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - + // call the isAuthenticated method of the global $PHPCAS_CLIENT object $auth = $PHPCAS_CLIENT->isAuthenticated(); - + // store where the authentication has been checked and the result - $dbg = phpCAS::backtrace(); - $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE, + $dbg = phpCAS :: backtrace(); + $PHPCAS_AUTH_CHECK_CALL = array ( + 'done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], - 'method' => __CLASS__.'::'.__FUNCTION__, - 'result' => $auth ); - phpCAS::traceEnd($auth); + 'method' => __CLASS__ . '::' . __FUNCTION__, + 'result' => $auth + ); + phpCAS :: traceEnd($auth); return $auth; - } - + } + /** * Checks whether authenticated based on $_SESSION. Useful to avoid * server calls. * @return true if authenticated, false otherwise. * @since 0.4.22 by Brendan Arnold */ - function isSessionAuthenticated () - { + function isSessionAuthenticated() { global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - return($PHPCAS_CLIENT->isSessionAuthenticated()); - } - + return ($PHPCAS_CLIENT->isSessionAuthenticated()); + } + /** * This method returns the CAS user's login name. * @warning should not be called only after phpCAS::forceAuthentication() @@ -1065,21 +1072,20 @@ class phpCAS * * @return the login name of the authenticated user */ - function getUser() - { + function getUser() { global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'); + if (!$PHPCAS_AUTH_CHECK_CALL['done']) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); } - if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) { - phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE'); + if (!$PHPCAS_AUTH_CHECK_CALL['result']) { + phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); } return $PHPCAS_CLIENT->getUser(); - } - + } + /** * This method returns the CAS user's login name. * @warning should not be called only after phpCAS::forceAuthentication() @@ -1087,169 +1093,160 @@ class phpCAS * * @return the login name of the authenticated user */ - function getAttributes() - { + function getAttributes() { global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'); + if (!$PHPCAS_AUTH_CHECK_CALL['done']) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); } - if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) { - phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE'); + if (!$PHPCAS_AUTH_CHECK_CALL['result']) { + phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); } return $PHPCAS_CLIENT->getAttributes(); + } + /** + * Handle logout requests. + */ + function handleLogoutRequests($check_client = true, $allowed_clients = false) { + global $PHPCAS_CLIENT; + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - /** - * Handle logout requests. - */ - function handleLogoutRequests($check_client=true, $allowed_clients=false) - { - global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); - } - return($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients)); - } - + return ($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients)); + } + /** * This method returns the URL to be used to login. * or phpCAS::isAuthenticated(). * * @return the login name of the authenticated user */ - function getServerLoginURL() - { + function getServerLoginURL() { global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } return $PHPCAS_CLIENT->getServerLoginURL(); - } - + } + /** * Set the login URL of the CAS server. * @param $url the login URL * @since 0.4.21 by Wyman Chan */ - function setServerLoginURL($url='') - { + function setServerLoginURL($url = '') { global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after - '.__CLASS__.'::client()'); + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after + ' . __CLASS__ . '::client()'); } - if ( gettype($url) != 'string' ) { - phpCAS::error('type mismatched for parameter $url (should be - `string\')'); + if (gettype($url) != 'string') { + phpCAS :: error('type mismatched for parameter $url (should be + `string\')'); } $PHPCAS_CLIENT->setServerLoginURL($url); - phpCAS::traceEnd(); - } - - + phpCAS :: traceEnd(); + } + /** * Set the serviceValidate URL of the CAS server. + * Used only in CAS 1.0 validations * @param $url the serviceValidate URL * @since 1.1.0 by Joachim Fritschi */ - function setServerServiceValidateURL($url='') - { + function setServerServiceValidateURL($url = '') { global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after - '.__CLASS__.'::client()'); + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after + ' . __CLASS__ . '::client()'); } - if ( gettype($url) != 'string' ) { - phpCAS::error('type mismatched for parameter $url (should be - `string\')'); + if (gettype($url) != 'string') { + phpCAS :: error('type mismatched for parameter $url (should be + `string\')'); } $PHPCAS_CLIENT->setServerServiceValidateURL($url); - phpCAS::traceEnd(); - } - - - /** + phpCAS :: traceEnd(); + } + + /** * Set the proxyValidate URL of the CAS server. + * Used for all CAS 2.0 validations * @param $url the proxyValidate URL * @since 1.1.0 by Joachim Fritschi */ - function setServerProxyValidateURL($url='') - { + function setServerProxyValidateURL($url = '') { global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after - '.__CLASS__.'::client()'); + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after + ' . __CLASS__ . '::client()'); } - if ( gettype($url) != 'string' ) { - phpCAS::error('type mismatched for parameter $url (should be - `string\')'); + if (gettype($url) != 'string') { + phpCAS :: error('type mismatched for parameter $url (should be + `string\')'); } $PHPCAS_CLIENT->setServerProxyValidateURL($url); - phpCAS::traceEnd(); - } - - /** + phpCAS :: traceEnd(); + } + + /** * Set the samlValidate URL of the CAS server. * @param $url the samlValidate URL * @since 1.1.0 by Joachim Fritschi */ - function setServerSamlValidateURL($url='') - { + function setServerSamlValidateURL($url = '') { global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after - '.__CLASS__.'::client()'); + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after + ' . __CLASS__ . '::client()'); } - if ( gettype($url) != 'string' ) { - phpCAS::error('type mismatched for parameter $url (should be - `string\')'); + if (gettype($url) != 'string') { + phpCAS :: error('type mismatched for parameter $url (should be + `string\')'); } $PHPCAS_CLIENT->setServerSamlValidateURL($url); - phpCAS::traceEnd(); - } - + phpCAS :: traceEnd(); + } + /** * This method returns the URL to be used to login. * or phpCAS::isAuthenticated(). * * @return the login name of the authenticated user */ - function getServerLogoutURL() - { + function getServerLogoutURL() { global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()'); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } return $PHPCAS_CLIENT->getServerLogoutURL(); - } - + } + /** * Set the logout URL of the CAS server. * @param $url the logout URL * @since 0.4.21 by Wyman Chan */ - function setServerLogoutURL($url='') - { + function setServerLogoutURL($url = '') { global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after - '.__CLASS__.'::client()'); + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after + ' . __CLASS__ . '::client()'); } - if ( gettype($url) != 'string' ) { - phpCAS::error('type mismatched for parameter $url (should be - `string\')'); + if (gettype($url) != 'string') { + phpCAS :: error('type mismatched for parameter $url (should be + `string\')'); } $PHPCAS_CLIENT->setServerLogoutURL($url); - phpCAS::traceEnd(); - } - + phpCAS :: traceEnd(); + } + /** * This method is used to logout from CAS. * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server @@ -1257,66 +1254,70 @@ class phpCAS */ function logout($params = "") { global $PHPCAS_CLIENT; - phpCAS::traceBegin(); + phpCAS :: traceBegin(); if (!is_object($PHPCAS_CLIENT)) { - phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } - $parsedParams = array(); + $parsedParams = array (); if ($params != "") { if (is_string($params)) { - phpCAS::error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead'); + phpCAS :: error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead'); } if (!is_array($params)) { - phpCAS::error('type mismatched for parameter $params (should be `array\')'); + phpCAS :: error('type mismatched for parameter $params (should be `array\')'); } foreach ($params as $key => $value) { if ($key != "service" && $key != "url") { - phpCAS::error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\''); + phpCAS :: error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\''); } $parsedParams[$key] = $value; } } $PHPCAS_CLIENT->logout($parsedParams); // never reached - phpCAS::traceEnd(); + phpCAS :: traceEnd(); } - + /** * This method is used to logout from CAS. Halts by redirecting to the CAS server. * @param $service a URL that will be transmitted to the CAS server */ function logoutWithRedirectService($service) { global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } if (!is_string($service)) { - phpCAS::error('type mismatched for parameter $service (should be `string\')'); + phpCAS :: error('type mismatched for parameter $service (should be `string\')'); } - $PHPCAS_CLIENT->logout(array("service" => $service)); + $PHPCAS_CLIENT->logout(array ( + "service" => $service + )); // never reached - phpCAS::traceEnd(); + phpCAS :: traceEnd(); } - + /** * This method is used to logout from CAS. Halts by redirecting to the CAS server. * @param $url a URL that will be transmitted to the CAS server */ function logoutWithUrl($url) { global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } if (!is_string($url)) { - phpCAS::error('type mismatched for parameter $url (should be `string\')'); + phpCAS :: error('type mismatched for parameter $url (should be `string\')'); } - $PHPCAS_CLIENT->logout(array("url" => $url)); + $PHPCAS_CLIENT->logout(array ( + "url" => $url + )); // never reached - phpCAS::traceEnd(); + phpCAS :: traceEnd(); } - + /** * This method is used to logout from CAS. Halts by redirecting to the CAS server. * @param $service a URL that will be transmitted to the CAS server @@ -1324,161 +1325,156 @@ class phpCAS */ function logoutWithRedirectServiceAndUrl($service, $url) { global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } if (!is_string($service)) { - phpCAS::error('type mismatched for parameter $service (should be `string\')'); + phpCAS :: error('type mismatched for parameter $service (should be `string\')'); } if (!is_string($url)) { - phpCAS::error('type mismatched for parameter $url (should be `string\')'); + phpCAS :: error('type mismatched for parameter $url (should be `string\')'); } - $PHPCAS_CLIENT->logout(array("service" => $service, "url" => $url)); + $PHPCAS_CLIENT->logout(array ( + "service" => $service, + "url" => $url + )); // never reached - phpCAS::traceEnd(); + phpCAS :: traceEnd(); } - + /** * Set the fixed URL that will be used by the CAS server to transmit the PGT. * When this method is not called, a phpCAS script uses its own URL for the callback. * * @param $url the URL */ - function setFixedCallbackURL($url='') - { + function setFixedCallbackURL($url = '') { global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if ( !$PHPCAS_CLIENT->isProxy() ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); + if (!$PHPCAS_CLIENT->isProxy()) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if ( gettype($url) != 'string' ) { - phpCAS::error('type mismatched for parameter $url (should be `string\')'); + if (gettype($url) != 'string') { + phpCAS :: error('type mismatched for parameter $url (should be `string\')'); } $PHPCAS_CLIENT->setCallbackURL($url); - phpCAS::traceEnd(); - } - + phpCAS :: traceEnd(); + } + /** * Set the fixed URL that will be set as the CAS service parameter. When this * method is not called, a phpCAS script uses its own URL. * * @param $url the URL */ - function setFixedServiceURL($url) - { + function setFixedServiceURL($url) { global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if ( gettype($url) != 'string' ) { - phpCAS::error('type mismatched for parameter $url (should be `string\')'); + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); + } + if (gettype($url) != 'string') { + phpCAS :: error('type mismatched for parameter $url (should be `string\')'); } $PHPCAS_CLIENT->setURL($url); - phpCAS::traceEnd(); - } - + phpCAS :: traceEnd(); + } + /** * Get the URL that is set as the CAS service parameter. */ - function getServiceURL() - { + function getServiceURL() { global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - return($PHPCAS_CLIENT->getURL()); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - + return ($PHPCAS_CLIENT->getURL()); + } + /** * Retrieve a Proxy Ticket from the CAS server. */ - function retrievePT($target_service,&$err_code,&$err_msg) - { + function retrievePT($target_service, & $err_code, & $err_msg) { global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()'); - } - if ( gettype($target_service) != 'string' ) { - phpCAS::error('type mismatched for parameter $target_service(should be `string\')'); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - return($PHPCAS_CLIENT->retrievePT($target_service,$err_code,$err_msg)); + if (gettype($target_service) != 'string') { + phpCAS :: error('type mismatched for parameter $target_service(should be `string\')'); } - + return ($PHPCAS_CLIENT->retrievePT($target_service, $err_code, $err_msg)); + } + /** * Set the certificate of the CAS server. * * @param $cert the PEM certificate */ - function setCasServerCert($cert) - { + function setCasServerCert($cert) { global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - if ( gettype($cert) != 'string' ) { - phpCAS::error('type mismatched for parameter $cert (should be `string\')'); + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); + } + if (gettype($cert) != 'string') { + phpCAS :: error('type mismatched for parameter $cert (should be `string\')'); } $PHPCAS_CLIENT->setCasServerCert($cert); - phpCAS::traceEnd(); - } - + phpCAS :: traceEnd(); + } + /** * Set the certificate of the CAS server CA. * * @param $cert the CA certificate */ - function setCasServerCACert($cert) - { + function setCasServerCACert($cert) { global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - if ( gettype($cert) != 'string' ) { - phpCAS::error('type mismatched for parameter $cert (should be `string\')'); + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); + } + if (gettype($cert) != 'string') { + phpCAS :: error('type mismatched for parameter $cert (should be `string\')'); } $PHPCAS_CLIENT->setCasServerCACert($cert); - phpCAS::traceEnd(); - } - + phpCAS :: traceEnd(); + } + /** * Set no SSL validation for the CAS server. */ - function setNoCasServerValidation() - { + function setNoCasServerValidation() { global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); + } $PHPCAS_CLIENT->setNoCasServerValidation(); - phpCAS::traceEnd(); - } - + phpCAS :: traceEnd(); + } + /** @} */ - - /** - * Change CURL options. - * CURL is used to connect through HTTPS to CAS server - * @param $key the option key - * @param $value the value to set - */ - function setExtraCurlOption($key, $value) - { - global $PHPCAS_CLIENT; - phpCAS::traceBegin(); - if ( !is_object($PHPCAS_CLIENT) ) { - phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()'); - } - $PHPCAS_CLIENT->setExtraCurlOption($key, $value); - phpCAS::traceEnd(); + + /** + * Change CURL options. + * CURL is used to connect through HTTPS to CAS server + * @param $key the option key + * @param $value the value to set + */ + function setExtraCurlOption($key, $value) { + global $PHPCAS_CLIENT; + phpCAS :: traceBegin(); + if (!is_object($PHPCAS_CLIENT)) { + phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } + $PHPCAS_CLIENT->setExtraCurlOption($key, $value); + phpCAS :: traceEnd(); + } } @@ -1525,7 +1521,6 @@ class phpCAS /** @defgroup publicDebug Debugging * @ingroup public */ - /** @defgroup internal Implementation */ /** @defgroup internalAuthentication Authentication @@ -1579,37 +1574,37 @@ class phpCAS /** * @example example_simple.php */ - /** - * @example example_proxy.php - */ - /** - * @example example_proxy2.php - */ - /** - * @example example_lang.php - */ - /** - * @example example_html.php - */ - /** - * @example example_file.php - */ - /** - * @example example_db.php - */ - /** - * @example example_service.php - */ - /** - * @example example_session_proxy.php - */ - /** - * @example example_session_service.php - */ - /** - * @example example_gateway.php - */ - - - +/** + * @example example_proxy.php + */ +/** + * @example example_proxy2.php + */ +/** + * @example example_lang.php + */ +/** + * @example example_html.php + */ +/** + * @example example_file.php + */ +/** + * @example example_db.php + */ +/** + * @example example_service.php + */ +/** + * @example example_session_proxy.php + */ +/** + * @example example_session_service.php + */ +/** + * @example example_gateway.php + */ +/** + * @example example_custom_urls.php + */ ?> diff --git a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php index 5a589e4b28..1e316b6f6a 100644 --- a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php +++ b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php @@ -1,4 +1,32 @@ _server['login_url'] = $url; } - - + + /** * This method sets the serviceValidate URL of the CAS server. * @param $url the serviceValidate URL @@ -363,8 +392,8 @@ class CASClient { return $this->_server['service_validate_url'] = $url; } - - + + /** * This method sets the proxyValidate URL of the CAS server. * @param $url the proxyValidate URL @@ -375,8 +404,8 @@ class CASClient { return $this->_server['proxy_validate_url'] = $url; } - - + + /** * This method sets the samlValidate URL of the CAS server. * @param $url the samlValidate URL @@ -387,7 +416,7 @@ class CASClient { return $this->_server['saml_validate_url'] = $url; } - + /** * This method is used to retrieve the service validating URL of the CAS server. @@ -411,24 +440,24 @@ class CASClient return $this->_server['service_validate_url'].'?service='.urlencode($this->getURL()); } /** - * This method is used to retrieve the SAML validating URL of the CAS server. - * @return a URL. - * @private - */ + * This method is used to retrieve the SAML validating URL of the CAS server. + * @return a URL. + * @private + */ function getServerSamlValidateURL() - { - phpCAS::traceBegin(); - // the URL is build only when needed - if ( empty($this->_server['saml_validate_url']) ) { - switch ($this->getServerVersion()) { - case SAML_VERSION_1_1: - $this->_server['saml_validate_url'] = $this->getServerBaseURL().'samlValidate'; - break; + { + phpCAS::traceBegin(); + // the URL is build only when needed + if ( empty($this->_server['saml_validate_url']) ) { + switch ($this->getServerVersion()) { + case SAML_VERSION_1_1: + $this->_server['saml_validate_url'] = $this->getServerBaseURL().'samlValidate'; + break; } - } - phpCAS::traceEnd($this->_server['saml_validate_url'].'?TARGET='.urlencode($this->getURL())); - return $this->_server['saml_validate_url'].'?TARGET='.urlencode($this->getURL()); - } + } + phpCAS::traceEnd($this->_server['saml_validate_url'].'?TARGET='.urlencode($this->getURL())); + return $this->_server['saml_validate_url'].'?TARGET='.urlencode($this->getURL()); + } /** * This method is used to retrieve the proxy validating URL of the CAS server. * @return a URL. @@ -496,20 +525,20 @@ class CASClient { return $this->_server['logout_url'] = $url; } - + /** * An array to store extra curl options. */ var $_curl_options = array(); - + /** * This method is used to set additional user curl options. */ function setExtraCurlOption($key, $value) - { + { $this->_curl_options[$key] = $value; - } - + } + /** * This method checks to see if the request is secured via HTTPS * @return true if https, false otherwise @@ -556,45 +585,21 @@ class CASClient if (version_compare(PHP_VERSION,'5','>=') && ini_get('zend.ze1_compatibility_mode')) { phpCAS::error('phpCAS cannot support zend.ze1_compatibility_mode. Sorry.'); } - // skip Session Handling for logout requests and if don't want it' - if ($start_session && !$this->isLogoutRequest()) { - phpCAS::trace("Starting session handling"); - // Check for Tickets from the CAS server - if (empty($_GET['ticket'])){ - phpCAS::trace("No ticket found"); - // only create a session if necessary - if (!isset($_SESSION)) { - phpCAS::trace("No session found, creating new session"); - session_start(); - } - }else{ - phpCAS::trace("Ticket found"); - // We have to copy any old data before renaming the session - if (isset($_SESSION)) { - phpCAS::trace("Old active session found, saving old data and destroying session"); - $old_session = $_SESSION; - session_destroy(); - }else{ - session_start(); - phpCAS::trace("Starting possible old session to copy variables"); - $old_session = $_SESSION; - session_destroy(); - } - // set up a new session, of name based on the ticket - $session_id = preg_replace('/[^\w]/','',$_GET['ticket']); - phpCAS::LOG("Session ID: " . $session_id); - session_id($session_id); - session_start(); - // restore old session vars - if(isset($old_session)){ - phpCAS::trace("Restoring old session vars"); - $_SESSION = $old_session; - } - } - }else{ - phpCAS::trace("Skipping session creation"); - } + $this->_start_session = $start_session; + if ($this->_start_session && session_id()) + { + phpCAS :: error("Another session was started before phpcas. Either disable the session" . + " handling for phpcas in the client() call or modify your application to leave" . + " session handling to phpcas"); + } + // skip Session Handling for logout requests and if don't want it' + if ($start_session && !$this->isLogoutRequest()) + { + phpCAS :: trace("Starting a new session"); + session_start(); + } + // are we in proxy mode ? $this->_proxy = $proxy; @@ -667,12 +672,8 @@ class CASClient } break; case CAS_VERSION_2_0: // check for a Service or Proxy Ticket - if (preg_match('/^ST-/', $ticket)) { - phpCAS::trace('ST \'' . $ticket . '\' found'); - $this->setST($ticket); - unset ($_GET['ticket']); - } else if (preg_match('/^PT-/', $ticket)) { - phpCAS::trace('PT \'' . $ticket . '\' found'); + if( preg_match('/^[SP]T-/',$ticket) ) { + phpCAS::trace('ST or PT \''.$ticket.'\' found'); $this->setPT($ticket); unset($_GET['ticket']); } else if ( !empty($ticket) ) { @@ -682,9 +683,9 @@ class CASClient break; case SAML_VERSION_1_1: // SAML just does Service Tickets if( preg_match('/^[SP]T-/',$ticket) ) { - phpCAS::trace('SA \''.$ticket.'\' found'); - $this->setSA($ticket); - unset($_GET['ticket']); + phpCAS::trace('SA \''.$ticket.'\' found'); + $this->setSA($ticket); + unset($_GET['ticket']); } else if ( !empty($ticket) ) { //ill-formed ticket, halt phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')'); @@ -697,6 +698,57 @@ class CASClient /** @} */ + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + // XX XX + // XX Session Handling XX + // XX XX + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + + /** + * A variable to whether phpcas will use its own session handling. Default = true + * @hideinitializer + * @private + */ + var $_start_session = true; + + function setStartSession($session) + { + $this->_start_session = session; + } + + function getStartSession($session) + { + $this->_start_session = session; + } + + /** + * Renaming the session + */ + function renameSession($ticket) + { + phpCAS::traceBegin(); + if($this->_start_session){ + if (!empty ($this->_user)) + { + $old_session = $_SESSION; + session_destroy(); + // set up a new session, of name based on the ticket + $session_id = preg_replace('/[^\w]/', '', $ticket); + phpCAS :: trace("Session ID: ".$session_id); + session_id($session_id); + session_start(); + phpCAS :: trace("Restoring old session vars"); + $_SESSION = $old_session; + } else + { + phpCAS :: error('Session should only be renamed after successfull authentication'); + } + }else{ + phpCAS :: trace("Skipping session rename since phpCAS is not handling the session."); + } + phpCAS::traceEnd(); + } + // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX // XX XX // XX AUTHENTICATION XX @@ -743,8 +795,8 @@ class CASClient } return $this->_user; } - - + + /*********************************************************************************************************************** * Atrributes section @@ -760,23 +812,23 @@ class CASClient * @private */ var $_attributes = array(); - + function setAttributes($attributes) { $this->_attributes = $attributes; } - + function getAttributes() { if ( empty($this->_user) ) { // if no user is set, there shouldn't be any attributes also... phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'); } return $this->_attributes; } - + function hasAttributes() { return !empty($this->_attributes); } - + function hasAttribute($key) { return (is_array($this->_attributes) && array_key_exists($key, $this->_attributes)); } - + function getAttribute($key) { if($this->hasAttribute($key)) { return $this->_attributes[$key]; @@ -802,7 +854,7 @@ class CASClient } phpCAS::traceEnd(); } - + /** * This method is called to be sure that the user is authenticated. When not * authenticated, halt by redirecting to the CAS server; otherwise return TRUE. @@ -914,66 +966,73 @@ class CASClient */ function isAuthenticated() { - phpCAS::traceBegin(); - $res = FALSE; - $validate_url = ''; - - if ( $this->wasPreviouslyAuthenticated() ) { + phpCAS::traceBegin(); + $res = FALSE; + $validate_url = ''; + + if ( $this->wasPreviouslyAuthenticated() ) { + if($this->hasST() || $this->hasPT() || $this->hasSA()){ + // User has a additional ticket but was already authenticated + phpCAS::trace('ticket was present and will be discarded, use renewAuthenticate()'); + header('Location: '.$this->getURL()); + phpCAS::log( "Prepare redirect to remove ticket: ".$this->getURL() ); + }else{ // the user has already (previously during the session) been // authenticated, nothing to be done. phpCAS::trace('user was already authenticated, no need to look for tickets'); + } + $res = TRUE; + } + else { + if ( $this->hasST() ) { + // if a Service Ticket was given, validate it + phpCAS::trace('ST `'.$this->getST().'\' is present'); + $this->validateST($validate_url,$text_response,$tree_response); // if it fails, it halts + phpCAS::trace('ST `'.$this->getST().'\' was validated'); + if ( $this->isProxy() ) { + $this->validatePGT($validate_url,$text_response,$tree_response); // idem + phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); + $_SESSION['phpCAS']['pgt'] = $this->getPGT(); + } + $_SESSION['phpCAS']['user'] = $this->getUser(); + $res = TRUE; + } + elseif ( $this->hasPT() ) { + // if a Proxy Ticket was given, validate it + phpCAS::trace('PT `'.$this->getPT().'\' is present'); + $this->validatePT($validate_url,$text_response,$tree_response); // note: if it fails, it halts + phpCAS::trace('PT `'.$this->getPT().'\' was validated'); + if ( $this->isProxy() ) { + $this->validatePGT($validate_url,$text_response,$tree_response); // idem + phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); + $_SESSION['phpCAS']['pgt'] = $this->getPGT(); + } + $_SESSION['phpCAS']['user'] = $this->getUser(); + $res = TRUE; + } + elseif ( $this->hasSA() ) { + // if we have a SAML ticket, validate it. + phpCAS::trace('SA `'.$this->getSA().'\' is present'); + $this->validateSA($validate_url,$text_response,$tree_response); // if it fails, it halts + phpCAS::trace('SA `'.$this->getSA().'\' was validated'); + $_SESSION['phpCAS']['user'] = $this->getUser(); + $_SESSION['phpCAS']['attributes'] = $this->getAttributes(); $res = TRUE; } else { - if ( $this->hasST() ) { - // if a Service Ticket was given, validate it - phpCAS::trace('ST `'.$this->getST().'\' is present'); - $this->validateST($validate_url,$text_response,$tree_response); // if it fails, it halts - phpCAS::trace('ST `'.$this->getST().'\' was validated'); - if ( $this->isProxy() ) { - $this->validatePGT($validate_url,$text_response,$tree_response); // idem - phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); - $_SESSION['phpCAS']['pgt'] = $this->getPGT(); - } - $_SESSION['phpCAS']['user'] = $this->getUser(); - $res = TRUE; - } - elseif ( $this->hasPT() ) { - // if a Proxy Ticket was given, validate it - phpCAS::trace('PT `'.$this->getPT().'\' is present'); - $this->validatePT($validate_url,$text_response,$tree_response); // note: if it fails, it halts - phpCAS::trace('PT `'.$this->getPT().'\' was validated'); - if ( $this->isProxy() ) { - $this->validatePGT($validate_url,$text_response,$tree_response); // idem - phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); - $_SESSION['phpCAS']['pgt'] = $this->getPGT(); - } - $_SESSION['phpCAS']['user'] = $this->getUser(); - $res = TRUE; - } - elseif ( $this->hasSA() ) { - // if we have a SAML ticket, validate it. - phpCAS::trace('SA `'.$this->getSA().'\' is present'); - $this->validateSA($validate_url,$text_response,$tree_response); // if it fails, it halts - phpCAS::trace('SA `'.$this->getSA().'\' was validated'); - $_SESSION['phpCAS']['user'] = $this->getUser(); - $_SESSION['phpCAS']['attributes'] = $this->getAttributes(); - $res = TRUE; - } - else { - // no ticket given, not authenticated - phpCAS::trace('no ticket found'); - } - if ($res) { - // if called with a ticket parameter, we need to redirect to the app without the ticket so that CAS-ification is transparent to the browser (for later POSTS) - // most of the checks and errors should have been made now, so we're safe for redirect without masking error messages. - header('Location: '.$this->getURL()); - phpCAS::log( "Prepare redirect to : ".$this->getURL() ); - } + // no ticket given, not authenticated + phpCAS::trace('no ticket found'); } - - phpCAS::traceEnd($res); - return $res; + if ($res) { + // if called with a ticket parameter, we need to redirect to the app without the ticket so that CAS-ification is transparent to the browser (for later POSTS) + // most of the checks and errors should have been made now, so we're safe for redirect without masking error messages. + header('Location: '.$this->getURL()); + phpCAS::log( "Prepare redirect to : ".$this->getURL() ); + } + } + + phpCAS::traceEnd($res); + return $res; } /** @@ -1071,30 +1130,7 @@ class CASClient phpCAS::traceExit(); exit(); } - -// /** -// * This method is used to logout from CAS. -// * @param $url a URL that will be transmitted to the CAS server (to come back to when logged out) -// * @public -// */ -// function logout($url = "") { -// phpCAS::traceBegin(); -// $cas_url = $this->getServerLogoutURL(); -// // v0.4.14 sebastien.gougeon at univ-rennes1.fr -// // header('Location: '.$cas_url); -// if ( $url != "" ) { -// // Adam Moore 1.0.0RC2 -// $url = '?service=' . $url . '&url=' . $url; -// } -// header('Location: '.$cas_url . $url); -// session_unset(); -// session_destroy(); -// $this->printHTMLHeader($this->getString(CAS_STR_LOGOUT)); -// printf('

'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'

',$cas_url); -// $this->printHTMLFooter(); -// phpCAS::traceExit(); -// exit(); -// } + /** * This method is used to logout from CAS. @@ -1114,7 +1150,7 @@ class CASClient } header('Location: '.$cas_url); phpCAS::log( "Prepare redirect to : ".$cas_url ); - + session_unset(); session_destroy(); @@ -1156,6 +1192,9 @@ class CASClient phpCAS::traceEnd(); return; } + if(!$this->_start_session){ + phpCAS::log("phpCAS can't handle logout requests if it does not manage the session."); + } phpCAS::log("Logout requested"); phpCAS::log("SAML REQUEST: ".$_POST['logoutRequest']); if ($check_client) { @@ -1177,7 +1216,7 @@ class CASClient } if (!$allowed) { phpCAS::error("Unauthorized logout request from client '".$client."'"); - printf("Unauthorized!"); + printf("Unauthorized!"); phpCAS::traceExit(); exit(); } @@ -1191,8 +1230,13 @@ class CASClient phpCAS::log("Ticket to logout: ".$ticket2logout); $session_id = preg_replace('/[^\w]/','',$ticket2logout); phpCAS::log("Session id: ".$session_id); - - // fix New session ID + + // destroy a possible application session created before phpcas + if(session_id()){ + session_unset(); + session_destroy(); + } + // fix session ID session_id($session_id); $_COOKIE[session_name()]=$session_id; $_GET[session_name()]=$session_id; @@ -1200,8 +1244,8 @@ class CASClient // Overwrite session session_start(); session_unset(); - session_destroy(); - printf("Disconnected!"); + session_destroy(); + printf("Disconnected!"); phpCAS::traceExit(); exit(); } @@ -1322,7 +1366,7 @@ class CASClient * This method is used to validate a ST; halt on failure, and sets $validate_url, * $text_reponse and $tree_response on success. These parameters are used later * by CASClient::validatePGT() for CAS proxies. - * + * Used for all CAS 1.0 validations * @param $validate_url the URL of the request to the CAS server. * @param $text_response the response of the CAS server, as is (XML text). * @param $tree_response the response of the CAS server, as a DOM XML tree. @@ -1338,7 +1382,7 @@ class CASClient $validate_url = $this->getServerServiceValidateURL().'&ticket='.$this->getST(); if ( $this->isProxy() ) { // pass the callback url for CAS proxies - $validate_url .= '&pgtUrl='.$this->getCallbackURL(); + $validate_url .= '&pgtUrl='.urlencode($this->getCallbackURL()); } // open and read the URL @@ -1434,156 +1478,160 @@ class CASClient } break; } - + $this->renameSession($this->getST()); // at this step, ST has been validated and $this->_user has been set, phpCAS::traceEnd(TRUE); return TRUE; } - - // ######################################################################## - // SAML VALIDATION - // ######################################################################## - /** - * @addtogroup internalBasic - * @{ - */ - - /** - * This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, - * $text_reponse and $tree_response on success. These parameters are used later - * by CASClient::validatePGT() for CAS proxies. - * - * @param $validate_url the URL of the request to the CAS server. - * @param $text_response the response of the CAS server, as is (XML text). - * @param $tree_response the response of the CAS server, as a DOM XML tree. - * - * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). - * - * @private - */ - function validateSA($validate_url,&$text_response,&$tree_response) - { - phpCAS::traceBegin(); - - // build the URL to validate the ticket - $validate_url = $this->getServerSamlValidateURL(); - - // open and read the URL - if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) { - phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')'); - $this->authError('SA not validated', $validate_url, TRUE/*$no_response*/); - } - - phpCAS::trace('server version: '.$this->getServerVersion()); - - // analyze the result depending on the version - switch ($this->getServerVersion()) { - case SAML_VERSION_1_1: - - // read the response of the CAS server into a DOM object - if ( !($dom = domxml_open_mem($text_response))) { - phpCAS::trace('domxml_open_mem() failed'); - $this->authError('SA not validated', - $validate_url, - FALSE/*$no_response*/, - TRUE/*$bad_response*/, - $text_response); - } - // read the root node of the XML tree - if ( !($tree_response = $dom->document_element()) ) { - phpCAS::trace('document_element() failed'); - $this->authError('SA not validated', - $validate_url, - FALSE/*$no_response*/, - TRUE/*$bad_response*/, - $text_response); - } - // insure that tag name is 'Envelope' - if ( $tree_response->node_name() != 'Envelope' ) { - phpCAS::trace('bad XML root node (should be `Envelope\' instead of `'.$tree_response->node_name().'\''); - $this->authError('SA not validated', - $validate_url, - FALSE/*$no_response*/, - TRUE/*$bad_response*/, - $text_response); - } - // check for the NameIdentifier tag in the SAML response - if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("NameIdentifier")) != 0) { - phpCAS::trace('NameIdentifier found'); - $user = trim($success_elements[0]->get_content()); - phpCAS::trace('user = `'.$user.'`'); - $this->setUser($user); - $this->setSessionAttributes($text_response); - } else { - phpCAS::trace('no tag found in SAML payload'); - $this->authError('SA not validated', - $validate_url, - FALSE/*$no_response*/, - TRUE/*$bad_response*/, - $text_response); - } - break; - } - - // at this step, ST has been validated and $this->_user has been set, - phpCAS::traceEnd(TRUE); - return TRUE; - } - - /** - * This method will parse the DOM and pull out the attributes from the SAML - * payload and put them into an array, then put the array into the session. - * - * @param $text_response the SAML payload. - * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). - * - * @private - */ - function setSessionAttributes($text_response) - { - phpCAS::traceBegin(); - - $result = FALSE; - - if (isset($_SESSION[SAML_ATTRIBUTES])) { - phpCAS::trace("session attrs already set."); //testbml - do we care? - } - - $attr_array = array(); - - if (($dom = domxml_open_mem($text_response))) { - $xPath = $dom->xpath_new_context(); - $xPath->xpath_register_ns('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol'); - $xPath->xpath_register_ns('saml', 'urn:oasis:names:tc:SAML:1.0:assertion'); - $nodelist = $xPath->xpath_eval("//saml:Attribute"); - $attrs = $nodelist->nodeset; - phpCAS::trace($text_response); - foreach($attrs as $attr){ - $xres = $xPath->xpath_eval("saml:AttributeValue", $attr); - $name = $attr->get_attribute("AttributeName"); - $value_array = array(); - foreach($xres->nodeset as $node){ - $value_array[] = $node->get_content(); - - } - phpCAS::trace("* " . $name . "=" . $value_array); - $attr_array[$name] = $value_array; - } - $_SESSION[SAML_ATTRIBUTES] = $attr_array; - // UGent addition... - foreach($attr_array as $attr_key => $attr_value) { - if(count($attr_value) > 1) { - $this->_attributes[$attr_key] = $attr_value; - } - else { - $this->_attributes[$attr_key] = $attr_value[0]; - } - } - $result = TRUE; - } - phpCAS::traceEnd($result); - return $result; - } + + // ######################################################################## + // SAML VALIDATION + // ######################################################################## + /** + * @addtogroup internalBasic + * @{ + */ + + /** + * This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, + * $text_reponse and $tree_response on success. These parameters are used later + * by CASClient::validatePGT() for CAS proxies. + * + * @param $validate_url the URL of the request to the CAS server. + * @param $text_response the response of the CAS server, as is (XML text). + * @param $tree_response the response of the CAS server, as a DOM XML tree. + * + * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). + * + * @private + */ + function validateSA($validate_url,&$text_response,&$tree_response) + { + phpCAS::traceBegin(); + + // build the URL to validate the ticket + $validate_url = $this->getServerSamlValidateURL(); + + // open and read the URL + if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) { + phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')'); + $this->authError('SA not validated', $validate_url, TRUE/*$no_response*/); + } + + phpCAS::trace('server version: '.$this->getServerVersion()); + + // analyze the result depending on the version + switch ($this->getServerVersion()) { + case SAML_VERSION_1_1: + + // read the response of the CAS server into a DOM object + if ( !($dom = domxml_open_mem($text_response))) { + phpCAS::trace('domxml_open_mem() failed'); + $this->authError('SA not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + // read the root node of the XML tree + if ( !($tree_response = $dom->document_element()) ) { + phpCAS::trace('document_element() failed'); + $this->authError('SA not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + // insure that tag name is 'Envelope' + if ( $tree_response->node_name() != 'Envelope' ) { + phpCAS::trace('bad XML root node (should be `Envelope\' instead of `'.$tree_response->node_name().'\''); + $this->authError('SA not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + // check for the NameIdentifier tag in the SAML response + if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("NameIdentifier")) != 0) { + phpCAS::trace('NameIdentifier found'); + $user = trim($success_elements[0]->get_content()); + phpCAS::trace('user = `'.$user.'`'); + $this->setUser($user); + $this->setSessionAttributes($text_response); + } else { + phpCAS::trace('no tag found in SAML payload'); + $this->authError('SA not validated', + $validate_url, + FALSE/*$no_response*/, + TRUE/*$bad_response*/, + $text_response); + } + break; + } + $this->renameSession($this->getSA()); + // at this step, ST has been validated and $this->_user has been set, + phpCAS::traceEnd(TRUE); + return TRUE; + } + + /** + * This method will parse the DOM and pull out the attributes from the SAML + * payload and put them into an array, then put the array into the session. + * + * @param $text_response the SAML payload. + * @return bool TRUE when successfull and FALSE if no attributes a found + * + * @private + */ + function setSessionAttributes($text_response) + { + phpCAS::traceBegin(); + + $result = FALSE; + + if (isset($_SESSION[SAML_ATTRIBUTES])) { + phpCAS::trace("session attrs already set."); //testbml - do we care? + } + + $attr_array = array(); + + if (($dom = domxml_open_mem($text_response))) { + $xPath = $dom->xpath_new_context(); + $xPath->xpath_register_ns('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol'); + $xPath->xpath_register_ns('saml', 'urn:oasis:names:tc:SAML:1.0:assertion'); + $nodelist = $xPath->xpath_eval("//saml:Attribute"); + if($nodelist){ + $attrs = $nodelist->nodeset; + foreach($attrs as $attr){ + $xres = $xPath->xpath_eval("saml:AttributeValue", $attr); + $name = $attr->get_attribute("AttributeName"); + $value_array = array(); + foreach($xres->nodeset as $node){ + $value_array[] = $node->get_content(); + } + $attr_array[$name] = $value_array; + } + $_SESSION[SAML_ATTRIBUTES] = $attr_array; + // UGent addition... + foreach($attr_array as $attr_key => $attr_value) { + if(count($attr_value) > 1) { + $this->_attributes[$attr_key] = $attr_value; + phpCAS::trace("* " . $attr_key . "=" . $attr_value); + } + else { + $this->_attributes[$attr_key] = $attr_value[0]; + phpCAS::trace("* " . $attr_key . "=" . $attr_value[0]); + } + } + $result = TRUE; + }else{ + phpCAS::trace("SAML Attributes are empty"); + $result = FALSE; + } + } + phpCAS::traceEnd($result); + return $result; + } /** @} */ @@ -2118,7 +2166,7 @@ class CASClient curl_setopt($ch, $key, $value); } } - + if ($this->_cas_server_cert == '' && $this->_cas_server_ca_cert == '' && !$this->_no_cas_server_validation) { phpCAS::error('one of the methods phpCAS::setCasServerCert(), phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.'); } @@ -2150,21 +2198,21 @@ class CASClient if ( is_array($cookies) ) { curl_setopt($ch,CURLOPT_COOKIE,implode(';',$cookies)); } - // add extra stuff if SAML - if ($this->hasSA()) { - $more_headers = array ("soapaction: http://www.oasis-open.org/committees/security", - "cache-control: no-cache", - "pragma: no-cache", - "accept: text/xml", - "connection: keep-alive", - "content-type: text/xml"); - - curl_setopt($ch, CURLOPT_HTTPHEADER, $more_headers); - curl_setopt($ch, CURLOPT_POST, 1); - $data = $this->buildSAMLPayload(); - //phpCAS::trace('SAML Payload: '.print_r($data, TRUE)); - curl_setopt($ch, CURLOPT_POSTFIELDS, $data); - } + // add extra stuff if SAML + if ($this->hasSA()) { + $more_headers = array ("soapaction: http://www.oasis-open.org/committees/security", + "cache-control: no-cache", + "pragma: no-cache", + "accept: text/xml", + "connection: keep-alive", + "content-type: text/xml"); + + curl_setopt($ch, CURLOPT_HTTPHEADER, $more_headers); + curl_setopt($ch, CURLOPT_POST, 1); + $data = $this->buildSAMLPayload(); + //phpCAS::trace('SAML Payload: '.print_r($data, TRUE)); + curl_setopt($ch, CURLOPT_POSTFIELDS, $data); + } // perform the query $buf = curl_exec ($ch); //phpCAS::trace('CURL: Call completed. Response body is: \''.$buf.'\''); @@ -2185,39 +2233,39 @@ class CASClient phpCAS::traceEnd($res); return $res; - } - - /** - * This method is used to build the SAML POST body sent to /samlValidate URL. - * - * @return the SOAP-encased SAMLP artifact (the ticket). - * - * @private - */ - function buildSAMLPayload() - { - phpCAS::traceBegin(); - - //get the ticket - $sa = $this->getSA(); - //phpCAS::trace("SA: ".$sa); - - $body=SAML_SOAP_ENV.SAML_SOAP_BODY.SAMLP_REQUEST.SAML_ASSERTION_ARTIFACT.$sa.SAML_ASSERTION_ARTIFACT_CLOSE.SAMLP_REQUEST_CLOSE.SAML_SOAP_BODY_CLOSE.SAML_SOAP_ENV_CLOSE; - - phpCAS::traceEnd($body); - return ($body); - } - + } + + /** + * This method is used to build the SAML POST body sent to /samlValidate URL. + * + * @return the SOAP-encased SAMLP artifact (the ticket). + * + * @private + */ + function buildSAMLPayload() + { + phpCAS::traceBegin(); + + //get the ticket + $sa = $this->getSA(); + //phpCAS::trace("SA: ".$sa); + + $body=SAML_SOAP_ENV.SAML_SOAP_BODY.SAMLP_REQUEST.SAML_ASSERTION_ARTIFACT.$sa.SAML_ASSERTION_ARTIFACT_CLOSE.SAMLP_REQUEST_CLOSE.SAML_SOAP_BODY_CLOSE.SAML_SOAP_ENV_CLOSE; + + phpCAS::traceEnd($body); + return ($body); + } + /** * This method is the callback used by readURL method to request HTTP headers. */ var $_curl_headers = array(); function _curl_read_headers($ch, $header) - { + { $this->_curl_headers[] = $header; return strlen($header); - } - + } + /** * This method is used to access an HTTP[S] service. * @@ -2236,6 +2284,7 @@ class CASClient function serviceWeb($url,&$err_code,&$output) { phpCAS::traceBegin(); + $cookies = array(); // at first retrieve a PT $pt = $this->retrievePT($url,$err_code,$output); @@ -2248,7 +2297,8 @@ class CASClient $res = FALSE; } else { // add cookies if necessary - if ( is_array($_SESSION['phpCAS']['services'][$url]['cookies']) ) { + if ( isset($_SESSION['phpCAS']['services'][$url]['cookies']) && + is_array($_SESSION['phpCAS']['services'][$url]['cookies']) ) { foreach ( $_SESSION['phpCAS']['services'][$url]['cookies'] as $name => $val ) { $cookies[] = $name.'='.$val; } @@ -2400,29 +2450,29 @@ class CASClient function hasPT() { return !empty($this->_pt); } /** - * This method returns the SAML Ticket provided in the URL of the request. - * @return The SAML ticket. - * @private - */ - function getSA() - { return 'ST'.substr($this->_sa, 2); } - - /** - * This method stores the SAML Ticket. - * @param $sa The SAML Ticket. - * @private - */ - function setSA($sa) - { $this->_sa = $sa; } - - /** - * This method tells if a SAML Ticket was stored. - * @return TRUE if a SAML Ticket has been stored. - * @private - */ - function hasSA() - { return !empty($this->_sa); } - + * This method returns the SAML Ticket provided in the URL of the request. + * @return The SAML ticket. + * @private + */ + function getSA() + { return 'ST'.substr($this->_sa, 2); } + + /** + * This method stores the SAML Ticket. + * @param $sa The SAML Ticket. + * @private + */ + function setSA($sa) + { $this->_sa = $sa; } + + /** + * This method tells if a SAML Ticket was stored. + * @return TRUE if a SAML Ticket has been stored. + * @private + */ + function hasSA() + { return !empty($this->_sa); } + /** @} */ // ######################################################################## // PT VALIDATION @@ -2433,8 +2483,8 @@ class CASClient */ /** - * This method is used to validate a PT; halt on failure - * + * This method is used to validate a ST or PT; halt on failure + * Used for all CAS 2.0 validations * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError(). * * @private @@ -2447,7 +2497,7 @@ class CASClient if ( $this->isProxy() ) { // pass the callback url for CAS proxies - $validate_url .= '&pgtUrl='.$this->getCallbackURL(); + $validate_url .= '&pgtUrl='.urlencode($this->getCallbackURL()); } // open and read the URL @@ -2514,6 +2564,7 @@ class CASClient $text_response); } + $this->renameSession($this->getPT()); // at this step, PT has been validated and $this->_user has been set, phpCAS::traceEnd(TRUE); @@ -2586,25 +2637,43 @@ class CASClient } } - $php_is_for_sissies = split("\?", $_SERVER['REQUEST_URI'], 2); - $final_uri .= $php_is_for_sissies[0]; - if(sizeof($php_is_for_sissies) > 1){ - $cgi_params = '?' . $php_is_for_sissies[1]; - } else { - $cgi_params = '?'; + $request_uri = explode('?', $_SERVER['REQUEST_URI'], 2); + $final_uri .= $request_uri[0]; + + if (isset($request_uri[1]) && $request_uri[1]) + { + $query_string = $this->removeParameterFromQueryString('ticket', $request_uri[1]); + + // If the query string still has anything left, append it to the final URI + if ($query_string !== '') + $final_uri .= "?$query_string"; + } - // remove the ticket if present in the CGI parameters - $cgi_params = preg_replace('/&ticket=[^&]*/','',$cgi_params); - $cgi_params = preg_replace('/\?ticket=[^&;]*/','?',$cgi_params); - $cgi_params = preg_replace('/\?%26/','?',$cgi_params); - $cgi_params = preg_replace('/\?&/','?',$cgi_params); - $cgi_params = preg_replace('/\?$/','',$cgi_params); - $final_uri .= $cgi_params; + + phpCAS::trace("Final URI: $final_uri"); $this->setURL($final_uri); } phpCAS::traceEnd($this->_url); return $this->_url; - } + } + + + + /** + * Removes a parameter from a query string + * + * @param string $parameterName + * @param string $queryString + * @return string + * + * @link http://stackoverflow.com/questions/1842681/regular-expression-to-remove-one-parameter-from-query-string + */ + function removeParameterFromQueryString($parameterName, $queryString) + { + $parameterName = preg_quote($parameterName); + return preg_replace("/&$parameterName(=[^&]*)?|^$parameterName(=[^&]*)?&?/", '', $queryString); + } + /** * This method sets the URL of the current request @@ -2641,7 +2710,7 @@ class CASClient phpCAS::traceBegin(); $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_FAILED)); - printf($this->getString(CAS_STR_YOU_WERE_NOT_AUTHENTICATED),$this->getURL(),$_SERVER['SERVER_ADMIN']); + printf($this->getString(CAS_STR_YOU_WERE_NOT_AUTHENTICATED),htmlentities($this->getURL()),$_SERVER['SERVER_ADMIN']); phpCAS::trace('CAS URL: '.$cas_url); phpCAS::trace('Authentication failure: '.$failure); if ( $no_response ) {