CAS.php 50 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611
  1. <?php
  2. /*
  3. * Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without
  7. * modification, are permitted provided that the following conditions are met:
  8. *
  9. * * Redistributions of source code must retain the above copyright notice,
  10. * this list of conditions and the following disclaimer.
  11. * * Redistributions in binary form must reproduce the above copyright notice,
  12. * this list of conditions and the following disclaimer in the documentation
  13. * and/or other materials provided with the distribution.
  14. * * Neither the name of the ESUP-Portail consortium & the JA-SIG
  15. * Collaborative nor the names of its contributors may be used to endorse or
  16. * promote products derived from this software without specific prior
  17. * written permission.
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
  19. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  20. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  21. * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
  22. * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  23. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  24. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
  25. * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  26. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  27. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  28. */
  29. //
  30. // hack by Vangelis Haniotakis to handle the absence of $_SERVER['REQUEST_URI'] in IIS
  31. //
  32. if (!$_SERVER['REQUEST_URI']) {
  33. $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
  34. }
  35. //
  36. // another one by Vangelis Haniotakis also to make phpCAS work with PHP5
  37. //
  38. if (version_compare(PHP_VERSION, '5', '>=') && !(function_exists('domxml_new_doc'))) {
  39. require_once (dirname(__FILE__) . '/CAS/domxml-php4-to-php5.php');
  40. }
  41. /**
  42. * @file CAS/CAS.php
  43. * Interface class of the phpCAS library
  44. *
  45. * @ingroup public
  46. */
  47. // ########################################################################
  48. // CONSTANTS
  49. // ########################################################################
  50. // ------------------------------------------------------------------------
  51. // CAS VERSIONS
  52. // ------------------------------------------------------------------------
  53. /**
  54. * phpCAS version. accessible for the user by phpCAS::getVersion().
  55. */
  56. define('PHPCAS_VERSION', '1.1.2');
  57. // ------------------------------------------------------------------------
  58. // CAS VERSIONS
  59. // ------------------------------------------------------------------------
  60. /**
  61. * @addtogroup public
  62. * @{
  63. */
  64. /**
  65. * CAS version 1.0
  66. */
  67. define("CAS_VERSION_1_0", '1.0');
  68. /*!
  69. * CAS version 2.0
  70. */
  71. define("CAS_VERSION_2_0", '2.0');
  72. // ------------------------------------------------------------------------
  73. // SAML defines
  74. // ------------------------------------------------------------------------
  75. /**
  76. * SAML protocol
  77. */
  78. define("SAML_VERSION_1_1", 'S1');
  79. /**
  80. * XML header for SAML POST
  81. */
  82. define("SAML_XML_HEADER", '<?xml version="1.0" encoding="UTF-8"?>');
  83. /**
  84. * SOAP envelope for SAML POST
  85. */
  86. define("SAML_SOAP_ENV", '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/>');
  87. /**
  88. * SOAP body for SAML POST
  89. */
  90. define("SAML_SOAP_BODY", '<SOAP-ENV:Body>');
  91. /**
  92. * SAMLP request
  93. */
  94. define("SAMLP_REQUEST", '<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="_192.168.16.51.1024506224022" IssueInstant="2002-06-19T17:03:44.022Z">');
  95. define("SAMLP_REQUEST_CLOSE", '</samlp:Request>');
  96. /**
  97. * SAMLP artifact tag (for the ticket)
  98. */
  99. define("SAML_ASSERTION_ARTIFACT", '<samlp:AssertionArtifact>');
  100. /**
  101. * SAMLP close
  102. */
  103. define("SAML_ASSERTION_ARTIFACT_CLOSE", '</samlp:AssertionArtifact>');
  104. /**
  105. * SOAP body close
  106. */
  107. define("SAML_SOAP_BODY_CLOSE", '</SOAP-ENV:Body>');
  108. /**
  109. * SOAP envelope close
  110. */
  111. define("SAML_SOAP_ENV_CLOSE", '</SOAP-ENV:Envelope>');
  112. /**
  113. * SAML Attributes
  114. */
  115. define("SAML_ATTRIBUTES", 'SAMLATTRIBS');
  116. /** @} */
  117. /**
  118. * @addtogroup publicPGTStorage
  119. * @{
  120. */
  121. // ------------------------------------------------------------------------
  122. // FILE PGT STORAGE
  123. // ------------------------------------------------------------------------
  124. /**
  125. * Default path used when storing PGT's to file
  126. */
  127. define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH", '/tmp');
  128. /**
  129. * phpCAS::setPGTStorageFile()'s 2nd parameter to write plain text files
  130. */
  131. define("CAS_PGT_STORAGE_FILE_FORMAT_PLAIN", 'plain');
  132. /**
  133. * phpCAS::setPGTStorageFile()'s 2nd parameter to write xml files
  134. */
  135. define("CAS_PGT_STORAGE_FILE_FORMAT_XML", 'xml');
  136. /**
  137. * Default format used when storing PGT's to file
  138. */
  139. define("CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT", CAS_PGT_STORAGE_FILE_FORMAT_PLAIN);
  140. // ------------------------------------------------------------------------
  141. // DATABASE PGT STORAGE
  142. // ------------------------------------------------------------------------
  143. /**
  144. * default database type when storing PGT's to database
  145. */
  146. define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE", 'mysql');
  147. /**
  148. * default host when storing PGT's to database
  149. */
  150. define("CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME", 'localhost');
  151. /**
  152. * default port when storing PGT's to database
  153. */
  154. define("CAS_PGT_STORAGE_DB_DEFAULT_PORT", '');
  155. /**
  156. * default database when storing PGT's to database
  157. */
  158. define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE", 'phpCAS');
  159. /**
  160. * default table when storing PGT's to database
  161. */
  162. define("CAS_PGT_STORAGE_DB_DEFAULT_TABLE", 'pgt');
  163. /** @} */
  164. // ------------------------------------------------------------------------
  165. // SERVICE ACCESS ERRORS
  166. // ------------------------------------------------------------------------
  167. /**
  168. * @addtogroup publicServices
  169. * @{
  170. */
  171. /**
  172. * phpCAS::service() error code on success
  173. */
  174. define("PHPCAS_SERVICE_OK", 0);
  175. /**
  176. * phpCAS::service() error code when the PT could not retrieve because
  177. * the CAS server did not respond.
  178. */
  179. define("PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE", 1);
  180. /**
  181. * phpCAS::service() error code when the PT could not retrieve because
  182. * the response of the CAS server was ill-formed.
  183. */
  184. define("PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE", 2);
  185. /**
  186. * phpCAS::service() error code when the PT could not retrieve because
  187. * the CAS server did not want to.
  188. */
  189. define("PHPCAS_SERVICE_PT_FAILURE", 3);
  190. /**
  191. * phpCAS::service() error code when the service was not available.
  192. */
  193. define("PHPCAS_SERVICE_NOT AVAILABLE", 4);
  194. /** @} */
  195. // ------------------------------------------------------------------------
  196. // LANGUAGES
  197. // ------------------------------------------------------------------------
  198. /**
  199. * @addtogroup publicLang
  200. * @{
  201. */
  202. define("PHPCAS_LANG_ENGLISH", 'english');
  203. define("PHPCAS_LANG_FRENCH", 'french');
  204. define("PHPCAS_LANG_GREEK", 'greek');
  205. define("PHPCAS_LANG_GERMAN", 'german');
  206. define("PHPCAS_LANG_JAPANESE", 'japanese');
  207. define("PHPCAS_LANG_SPANISH", 'spanish');
  208. define("PHPCAS_LANG_CATALAN", 'catalan');
  209. /** @} */
  210. /**
  211. * @addtogroup internalLang
  212. * @{
  213. */
  214. /**
  215. * phpCAS default language (when phpCAS::setLang() is not used)
  216. */
  217. define("PHPCAS_LANG_DEFAULT", PHPCAS_LANG_ENGLISH);
  218. /** @} */
  219. // ------------------------------------------------------------------------
  220. // DEBUG
  221. // ------------------------------------------------------------------------
  222. /**
  223. * @addtogroup publicDebug
  224. * @{
  225. */
  226. /**
  227. * The default directory for the debug file under Unix.
  228. */
  229. define('DEFAULT_DEBUG_DIR', '/tmp/');
  230. /** @} */
  231. // ------------------------------------------------------------------------
  232. // MISC
  233. // ------------------------------------------------------------------------
  234. /**
  235. * @addtogroup internalMisc
  236. * @{
  237. */
  238. /**
  239. * This global variable is used by the interface class phpCAS.
  240. *
  241. * @hideinitializer
  242. */
  243. $GLOBALS['PHPCAS_CLIENT'] = null;
  244. /**
  245. * This global variable is used to store where the initializer is called from
  246. * (to print a comprehensive error in case of multiple calls).
  247. *
  248. * @hideinitializer
  249. */
  250. $GLOBALS['PHPCAS_INIT_CALL'] = array (
  251. 'done' => FALSE,
  252. 'file' => '?',
  253. 'line' => -1,
  254. 'method' => '?'
  255. );
  256. /**
  257. * This global variable is used to store where the method checking
  258. * the authentication is called from (to print comprehensive errors)
  259. *
  260. * @hideinitializer
  261. */
  262. $GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array (
  263. 'done' => FALSE,
  264. 'file' => '?',
  265. 'line' => -1,
  266. 'method' => '?',
  267. 'result' => FALSE
  268. );
  269. /**
  270. * This global variable is used to store phpCAS debug mode.
  271. *
  272. * @hideinitializer
  273. */
  274. $GLOBALS['PHPCAS_DEBUG'] = array (
  275. 'filename' => FALSE,
  276. 'indent' => 0,
  277. 'unique_id' => ''
  278. );
  279. /** @} */
  280. // ########################################################################
  281. // CLIENT CLASS
  282. // ########################################################################
  283. // include client class
  284. include_once (dirname(__FILE__) . '/CAS/client.php');
  285. // ########################################################################
  286. // INTERFACE CLASS
  287. // ########################################################################
  288. /**
  289. * @class phpCAS
  290. * The phpCAS class is a simple container for the phpCAS library. It provides CAS
  291. * authentication for web applications written in PHP.
  292. *
  293. * @ingroup public
  294. * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
  295. *
  296. * \internal All its methods access the same object ($PHPCAS_CLIENT, declared
  297. * at the end of CAS/client.php).
  298. */
  299. class phpCAS {
  300. // ########################################################################
  301. // INITIALIZATION
  302. // ########################################################################
  303. /**
  304. * @addtogroup publicInit
  305. * @{
  306. */
  307. /**
  308. * phpCAS client initializer.
  309. * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
  310. * called, only once, and before all other methods (except phpCAS::getVersion()
  311. * and phpCAS::setDebug()).
  312. *
  313. * @param $server_version the version of the CAS server
  314. * @param $server_hostname the hostname of the CAS server
  315. * @param $server_port the port the CAS server is running on
  316. * @param $server_uri the URI the CAS server is responding on
  317. * @param $start_session Have phpCAS start PHP sessions (default true)
  318. *
  319. * @return a newly created CASClient object
  320. */
  321. function client($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) {
  322. global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;
  323. phpCAS :: traceBegin();
  324. if (is_object($PHPCAS_CLIENT)) {
  325. phpCAS :: error($PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . $PHPCAS_INIT_CALL['file'] . ':' . $PHPCAS_INIT_CALL['line'] . ')');
  326. }
  327. if (gettype($server_version) != 'string') {
  328. phpCAS :: error('type mismatched for parameter $server_version (should be `string\')');
  329. }
  330. if (gettype($server_hostname) != 'string') {
  331. phpCAS :: error('type mismatched for parameter $server_hostname (should be `string\')');
  332. }
  333. if (gettype($server_port) != 'integer') {
  334. phpCAS :: error('type mismatched for parameter $server_port (should be `integer\')');
  335. }
  336. if (gettype($server_uri) != 'string') {
  337. phpCAS :: error('type mismatched for parameter $server_uri (should be `string\')');
  338. }
  339. // store where the initializer is called from
  340. $dbg = phpCAS :: backtrace();
  341. $PHPCAS_INIT_CALL = array (
  342. 'done' => TRUE,
  343. 'file' => $dbg[0]['file'],
  344. 'line' => $dbg[0]['line'],
  345. 'method' => __CLASS__ . '::' . __FUNCTION__
  346. );
  347. // initialize the global object $PHPCAS_CLIENT
  348. $PHPCAS_CLIENT = new CASClient($server_version, FALSE /*proxy*/
  349. , $server_hostname, $server_port, $server_uri, $start_session);
  350. phpCAS :: traceEnd();
  351. }
  352. /**
  353. * phpCAS proxy initializer.
  354. * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
  355. * called, only once, and before all other methods (except phpCAS::getVersion()
  356. * and phpCAS::setDebug()).
  357. *
  358. * @param $server_version the version of the CAS server
  359. * @param $server_hostname the hostname of the CAS server
  360. * @param $server_port the port the CAS server is running on
  361. * @param $server_uri the URI the CAS server is responding on
  362. * @param $start_session Have phpCAS start PHP sessions (default true)
  363. *
  364. * @return a newly created CASClient object
  365. */
  366. function proxy($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) {
  367. global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;
  368. phpCAS :: traceBegin();
  369. if (is_object($PHPCAS_CLIENT)) {
  370. phpCAS :: error($PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . $PHPCAS_INIT_CALL['file'] . ':' . $PHPCAS_INIT_CALL['line'] . ')');
  371. }
  372. if (gettype($server_version) != 'string') {
  373. phpCAS :: error('type mismatched for parameter $server_version (should be `string\')');
  374. }
  375. if (gettype($server_hostname) != 'string') {
  376. phpCAS :: error('type mismatched for parameter $server_hostname (should be `string\')');
  377. }
  378. if (gettype($server_port) != 'integer') {
  379. phpCAS :: error('type mismatched for parameter $server_port (should be `integer\')');
  380. }
  381. if (gettype($server_uri) != 'string') {
  382. phpCAS :: error('type mismatched for parameter $server_uri (should be `string\')');
  383. }
  384. // store where the initialzer is called from
  385. $dbg = phpCAS :: backtrace();
  386. $PHPCAS_INIT_CALL = array (
  387. 'done' => TRUE,
  388. 'file' => $dbg[0]['file'],
  389. 'line' => $dbg[0]['line'],
  390. 'method' => __CLASS__ . '::' . __FUNCTION__
  391. );
  392. // initialize the global object $PHPCAS_CLIENT
  393. $PHPCAS_CLIENT = new CASClient($server_version, TRUE /*proxy*/
  394. , $server_hostname, $server_port, $server_uri, $start_session);
  395. phpCAS :: traceEnd();
  396. }
  397. /** @} */
  398. // ########################################################################
  399. // DEBUGGING
  400. // ########################################################################
  401. /**
  402. * @addtogroup publicDebug
  403. * @{
  404. */
  405. /**
  406. * Set/unset debug mode
  407. *
  408. * @param $filename the name of the file used for logging, or FALSE to stop debugging.
  409. */
  410. function setDebug($filename = '') {
  411. global $PHPCAS_DEBUG;
  412. if ($filename != FALSE && gettype($filename) != 'string') {
  413. phpCAS :: error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)');
  414. }
  415. if (empty ($filename)) {
  416. if (preg_match('/^Win.*/', getenv('OS'))) {
  417. if (isset ($_ENV['TMP'])) {
  418. $debugDir = $_ENV['TMP'] . '/';
  419. } else
  420. if (isset ($_ENV['TEMP'])) {
  421. $debugDir = $_ENV['TEMP'] . '/';
  422. } else {
  423. $debugDir = '';
  424. }
  425. } else {
  426. $debugDir = DEFAULT_DEBUG_DIR;
  427. }
  428. $filename = $debugDir . 'phpCAS.log';
  429. }
  430. if (empty ($PHPCAS_DEBUG['unique_id'])) {
  431. $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))), 0, 4);
  432. }
  433. $PHPCAS_DEBUG['filename'] = $filename;
  434. phpCAS :: trace('START phpCAS-' . PHPCAS_VERSION . ' ******************');
  435. }
  436. /** @} */
  437. /**
  438. * @addtogroup internalDebug
  439. * @{
  440. */
  441. /**
  442. * This method is a wrapper for debug_backtrace() that is not available
  443. * in all PHP versions (>= 4.3.0 only)
  444. */
  445. function backtrace() {
  446. if (function_exists('debug_backtrace')) {
  447. return debug_backtrace();
  448. } else {
  449. // poor man's hack ... but it does work ...
  450. return array ();
  451. }
  452. }
  453. /**
  454. * Logs a string in debug mode.
  455. *
  456. * @param $str the string to write
  457. *
  458. * @private
  459. */
  460. function log($str) {
  461. $indent_str = ".";
  462. global $PHPCAS_DEBUG;
  463. if ($PHPCAS_DEBUG['filename']) {
  464. for ($i = 0; $i < $PHPCAS_DEBUG['indent']; $i++) {
  465. $indent_str .= '| ';
  466. }
  467. error_log($PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str . $str . "\n", 3, $PHPCAS_DEBUG['filename']);
  468. }
  469. }
  470. /**
  471. * This method is used by interface methods to print an error and where the function
  472. * was originally called from.
  473. *
  474. * @param $msg the message to print
  475. *
  476. * @private
  477. */
  478. function error($msg) {
  479. $dbg = phpCAS :: backtrace();
  480. $function = '?';
  481. $file = '?';
  482. $line = '?';
  483. if (is_array($dbg)) {
  484. for ($i = 1; $i < sizeof($dbg); $i++) {
  485. if (is_array($dbg[$i])) {
  486. if ($dbg[$i]['class'] == __CLASS__) {
  487. $function = $dbg[$i]['function'];
  488. $file = $dbg[$i]['file'];
  489. $line = $dbg[$i]['line'];
  490. }
  491. }
  492. }
  493. }
  494. echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>" . __CLASS__ . "::" . $function . '(): ' . htmlentities($msg) . "</b></font> in <b>" . $file . "</b> on line <b>" . $line . "</b><br />\n";
  495. phpCAS :: trace($msg);
  496. phpCAS :: traceExit();
  497. exit ();
  498. }
  499. /**
  500. * This method is used to log something in debug mode.
  501. */
  502. function trace($str) {
  503. $dbg = phpCAS :: backtrace();
  504. phpCAS :: log($str . ' [' . basename($dbg[1]['file']) . ':' . $dbg[1]['line'] . ']');
  505. }
  506. /**
  507. * This method is used to indicate the start of the execution of a function in debug mode.
  508. */
  509. function traceBegin() {
  510. global $PHPCAS_DEBUG;
  511. $dbg = phpCAS :: backtrace();
  512. $str = '=> ';
  513. if (!empty ($dbg[2]['class'])) {
  514. $str .= $dbg[2]['class'] . '::';
  515. }
  516. $str .= $dbg[2]['function'] . '(';
  517. if (is_array($dbg[2]['args'])) {
  518. foreach ($dbg[2]['args'] as $index => $arg) {
  519. if ($index != 0) {
  520. $str .= ', ';
  521. }
  522. $str .= str_replace("\n", "", var_export($arg, TRUE));
  523. }
  524. }
  525. $str .= ') [' . basename($dbg[2]['file']) . ':' . $dbg[2]['line'] . ']';
  526. phpCAS :: log($str);
  527. $PHPCAS_DEBUG['indent']++;
  528. }
  529. /**
  530. * This method is used to indicate the end of the execution of a function in debug mode.
  531. *
  532. * @param $res the result of the function
  533. */
  534. function traceEnd($res = '') {
  535. global $PHPCAS_DEBUG;
  536. $PHPCAS_DEBUG['indent']--;
  537. $dbg = phpCAS :: backtrace();
  538. $str = '';
  539. $str .= '<= ' . str_replace("\n", "", var_export($res, TRUE));
  540. phpCAS :: log($str);
  541. }
  542. /**
  543. * This method is used to indicate the end of the execution of the program
  544. */
  545. function traceExit() {
  546. global $PHPCAS_DEBUG;
  547. phpCAS :: log('exit()');
  548. while ($PHPCAS_DEBUG['indent'] > 0) {
  549. phpCAS :: log('-');
  550. $PHPCAS_DEBUG['indent']--;
  551. }
  552. }
  553. /** @} */
  554. // ########################################################################
  555. // INTERNATIONALIZATION
  556. // ########################################################################
  557. /**
  558. * @addtogroup publicLang
  559. * @{
  560. */
  561. /**
  562. * This method is used to set the language used by phpCAS.
  563. * @note Can be called only once.
  564. *
  565. * @param $lang a string representing the language.
  566. *
  567. * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH
  568. */
  569. function setLang($lang) {
  570. global $PHPCAS_CLIENT;
  571. if (!is_object($PHPCAS_CLIENT)) {
  572. phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
  573. }
  574. if (gettype($lang) != 'string') {
  575. phpCAS :: error('type mismatched for parameter $lang (should be `string\')');
  576. }
  577. $PHPCAS_CLIENT->setLang($lang);
  578. }
  579. /** @} */
  580. // ########################################################################
  581. // VERSION
  582. // ########################################################################
  583. /**
  584. * @addtogroup public
  585. * @{
  586. */
  587. /**
  588. * This method returns the phpCAS version.
  589. *
  590. * @return the phpCAS version.
  591. */
  592. function getVersion() {
  593. return PHPCAS_VERSION;
  594. }
  595. /** @} */
  596. // ########################################################################
  597. // HTML OUTPUT
  598. // ########################################################################
  599. /**
  600. * @addtogroup publicOutput
  601. * @{
  602. */
  603. /**
  604. * This method sets the HTML header used for all outputs.
  605. *
  606. * @param $header the HTML header.
  607. */
  608. function setHTMLHeader($header) {
  609. global $PHPCAS_CLIENT;
  610. if (!is_object($PHPCAS_CLIENT)) {
  611. phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
  612. }
  613. if (gettype($header) != 'string') {
  614. phpCAS :: error('type mismatched for parameter $header (should be `string\')');
  615. }
  616. $PHPCAS_CLIENT->setHTMLHeader($header);
  617. }
  618. /**
  619. * This method sets the HTML footer used for all outputs.
  620. *
  621. * @param $footer the HTML footer.
  622. */
  623. function setHTMLFooter($footer) {
  624. global $PHPCAS_CLIENT;
  625. if (!is_object($PHPCAS_CLIENT)) {
  626. phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
  627. }
  628. if (gettype($footer) != 'string') {
  629. phpCAS :: error('type mismatched for parameter $footer (should be `string\')');
  630. }
  631. $PHPCAS_CLIENT->setHTMLFooter($footer);
  632. }
  633. /** @} */
  634. // ########################################################################
  635. // PGT STORAGE
  636. // ########################################################################
  637. /**
  638. * @addtogroup publicPGTStorage
  639. * @{
  640. */
  641. /**
  642. * This method is used to tell phpCAS to store the response of the
  643. * CAS server to PGT requests onto the filesystem.
  644. *
  645. * @param $format the format used to store the PGT's (`plain' and `xml' allowed)
  646. * @param $path the path where the PGT's should be stored
  647. */
  648. function setPGTStorageFile($format = '', $path = '') {
  649. global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
  650. phpCAS :: traceBegin();
  651. if (!is_object($PHPCAS_CLIENT)) {
  652. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
  653. }
  654. if (!$PHPCAS_CLIENT->isProxy()) {
  655. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
  656. }
  657. if ($PHPCAS_AUTH_CHECK_CALL['done']) {
  658. phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')');
  659. }
  660. if (gettype($format) != 'string') {
  661. phpCAS :: error('type mismatched for parameter $format (should be `string\')');
  662. }
  663. if (gettype($path) != 'string') {
  664. phpCAS :: error('type mismatched for parameter $format (should be `string\')');
  665. }
  666. $PHPCAS_CLIENT->setPGTStorageFile($format, $path);
  667. phpCAS :: traceEnd();
  668. }
  669. /**
  670. * This method is used to tell phpCAS to store the response of the
  671. * CAS server to PGT requests into a database.
  672. * @note The connection to the database is done only when needed.
  673. * As a consequence, bad parameters are detected only when
  674. * initializing PGT storage, except in debug mode.
  675. *
  676. * @param $user the user to access the data with
  677. * @param $password the user's password
  678. * @param $database_type the type of the database hosting the data
  679. * @param $hostname the server hosting the database
  680. * @param $port the port the server is listening on
  681. * @param $database the name of the database
  682. * @param $table the name of the table storing the data
  683. */
  684. function setPGTStorageDB($user, $password, $database_type = '', $hostname = '', $port = 0, $database = '', $table = '') {
  685. global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
  686. phpCAS :: traceBegin();
  687. if (!is_object($PHPCAS_CLIENT)) {
  688. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
  689. }
  690. if (!$PHPCAS_CLIENT->isProxy()) {
  691. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
  692. }
  693. if ($PHPCAS_AUTH_CHECK_CALL['done']) {
  694. phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')');
  695. }
  696. if (gettype($user) != 'string') {
  697. phpCAS :: error('type mismatched for parameter $user (should be `string\')');
  698. }
  699. if (gettype($password) != 'string') {
  700. phpCAS :: error('type mismatched for parameter $password (should be `string\')');
  701. }
  702. if (gettype($database_type) != 'string') {
  703. phpCAS :: error('type mismatched for parameter $database_type (should be `string\')');
  704. }
  705. if (gettype($hostname) != 'string') {
  706. phpCAS :: error('type mismatched for parameter $hostname (should be `string\')');
  707. }
  708. if (gettype($port) != 'integer') {
  709. phpCAS :: error('type mismatched for parameter $port (should be `integer\')');
  710. }
  711. if (gettype($database) != 'string') {
  712. phpCAS :: error('type mismatched for parameter $database (should be `string\')');
  713. }
  714. if (gettype($table) != 'string') {
  715. phpCAS :: error('type mismatched for parameter $table (should be `string\')');
  716. }
  717. $PHPCAS_CLIENT->setPGTStorageDB($user, $password, $database_type, $hostname, $port, $database, $table);
  718. phpCAS :: traceEnd();
  719. }
  720. /** @} */
  721. // ########################################################################
  722. // ACCESS TO EXTERNAL SERVICES
  723. // ########################################################################
  724. /**
  725. * @addtogroup publicServices
  726. * @{
  727. */
  728. /**
  729. * This method is used to access an HTTP[S] service.
  730. *
  731. * @param $url the service to access.
  732. * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
  733. * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
  734. * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
  735. * @param $output the output of the service (also used to give an error
  736. * message on failure).
  737. *
  738. * @return TRUE on success, FALSE otherwise (in this later case, $err_code
  739. * gives the reason why it failed and $output contains an error message).
  740. */
  741. function serviceWeb($url, & $err_code, & $output) {
  742. global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
  743. phpCAS :: traceBegin();
  744. if (!is_object($PHPCAS_CLIENT)) {
  745. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
  746. }
  747. if (!$PHPCAS_CLIENT->isProxy()) {
  748. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
  749. }
  750. if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
  751. phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()');
  752. }
  753. if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
  754. phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');
  755. }
  756. if (gettype($url) != 'string') {
  757. phpCAS :: error('type mismatched for parameter $url (should be `string\')');
  758. }
  759. $res = $PHPCAS_CLIENT->serviceWeb($url, $err_code, $output);
  760. phpCAS :: traceEnd($res);
  761. return $res;
  762. }
  763. /**
  764. * This method is used to access an IMAP/POP3/NNTP service.
  765. *
  766. * @param $url a string giving the URL of the service, including the mailing box
  767. * for IMAP URLs, as accepted by imap_open().
  768. * @param $service a string giving for CAS retrieve Proxy ticket
  769. * @param $flags options given to imap_open().
  770. * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
  771. * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
  772. * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
  773. * @param $err_msg an error message on failure
  774. * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL
  775. * on success, FALSE on error).
  776. *
  777. * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code
  778. * gives the reason why it failed and $err_msg contains an error message).
  779. */
  780. function serviceMail($url, $service, $flags, & $err_code, & $err_msg, & $pt) {
  781. global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
  782. phpCAS :: traceBegin();
  783. if (!is_object($PHPCAS_CLIENT)) {
  784. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
  785. }
  786. if (!$PHPCAS_CLIENT->isProxy()) {
  787. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
  788. }
  789. if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
  790. phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()');
  791. }
  792. if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
  793. phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');
  794. }
  795. if (gettype($url) != 'string') {
  796. phpCAS :: error('type mismatched for parameter $url (should be `string\')');
  797. }
  798. if (gettype($flags) != 'integer') {
  799. phpCAS :: error('type mismatched for parameter $flags (should be `integer\')');
  800. }
  801. $res = $PHPCAS_CLIENT->serviceMail($url, $service, $flags, $err_code, $err_msg, $pt);
  802. phpCAS :: traceEnd($res);
  803. return $res;
  804. }
  805. /** @} */
  806. // ########################################################################
  807. // AUTHENTICATION
  808. // ########################################################################
  809. /**
  810. * @addtogroup publicAuth
  811. * @{
  812. */
  813. /**
  814. * Set the times authentication will be cached before really accessing the CAS server in gateway mode:
  815. * - -1: check only once, and then never again (until you pree login)
  816. * - 0: always check
  817. * - n: check every "n" time
  818. *
  819. * @param $n an integer.
  820. */
  821. function setCacheTimesForAuthRecheck($n) {
  822. global $PHPCAS_CLIENT;
  823. if (!is_object($PHPCAS_CLIENT)) {
  824. phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
  825. }
  826. if (gettype($n) != 'integer') {
  827. phpCAS :: error('type mismatched for parameter $header (should be `string\')');
  828. }
  829. $PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n);
  830. }
  831. /**
  832. * This method is called to check if the user is authenticated (use the gateway feature).
  833. * @return TRUE when the user is authenticated; otherwise FALSE.
  834. */
  835. function checkAuthentication() {
  836. global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
  837. phpCAS :: traceBegin();
  838. if (!is_object($PHPCAS_CLIENT)) {
  839. phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
  840. }
  841. $auth = $PHPCAS_CLIENT->checkAuthentication();
  842. // store where the authentication has been checked and the result
  843. $dbg = phpCAS :: backtrace();
  844. $PHPCAS_AUTH_CHECK_CALL = array (
  845. 'done' => TRUE,
  846. 'file' => $dbg[0]['file'],
  847. 'line' => $dbg[0]['line'],
  848. 'method' => __CLASS__ . '::' . __FUNCTION__,
  849. 'result' => $auth
  850. );
  851. phpCAS :: traceEnd($auth);
  852. return $auth;
  853. }
  854. /**
  855. * This method is called to force authentication if the user was not already
  856. * authenticated. If the user is not authenticated, halt by redirecting to
  857. * the CAS server.
  858. */
  859. function forceAuthentication() {
  860. global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
  861. phpCAS :: traceBegin();
  862. if (!is_object($PHPCAS_CLIENT)) {
  863. phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
  864. }
  865. $auth = $PHPCAS_CLIENT->forceAuthentication();
  866. // store where the authentication has been checked and the result
  867. $dbg = phpCAS :: backtrace();
  868. $PHPCAS_AUTH_CHECK_CALL = array (
  869. 'done' => TRUE,
  870. 'file' => $dbg[0]['file'],
  871. 'line' => $dbg[0]['line'],
  872. 'method' => __CLASS__ . '::' . __FUNCTION__,
  873. 'result' => $auth
  874. );
  875. if (!$auth) {
  876. phpCAS :: trace('user is not authenticated, redirecting to the CAS server');
  877. $PHPCAS_CLIENT->forceAuthentication();
  878. } else {
  879. phpCAS :: trace('no need to authenticate (user `' . phpCAS :: getUser() . '\' is already authenticated)');
  880. }
  881. phpCAS :: traceEnd();
  882. return $auth;
  883. }
  884. /**
  885. * This method is called to renew the authentication.
  886. **/
  887. function renewAuthentication() {
  888. global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
  889. phpCAS :: traceBegin();
  890. if (!is_object($PHPCAS_CLIENT)) {
  891. phpCAS :: error('this method should not be called before' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
  892. }
  893. // store where the authentication has been checked and the result
  894. $dbg = phpCAS :: backtrace();
  895. $PHPCAS_AUTH_CHECK_CALL = array (
  896. 'done' => TRUE,
  897. 'file' => $dbg[0]['file'],
  898. 'line' => $dbg[0]['line'],
  899. 'method' => __CLASS__ . '::' . __FUNCTION__,
  900. 'result' => $auth
  901. );
  902. $PHPCAS_CLIENT->renewAuthentication();
  903. phpCAS :: traceEnd();
  904. }
  905. /**
  906. * This method has been left from version 0.4.1 for compatibility reasons.
  907. */
  908. function authenticate() {
  909. phpCAS :: error('this method is deprecated. You should use ' . __CLASS__ . '::forceAuthentication() instead');
  910. }
  911. /**
  912. * This method is called to check if the user is authenticated (previously or by
  913. * tickets given in the URL).
  914. *
  915. * @return TRUE when the user is authenticated.
  916. */
  917. function isAuthenticated() {
  918. global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
  919. phpCAS :: traceBegin();
  920. if (!is_object($PHPCAS_CLIENT)) {
  921. phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
  922. }
  923. // call the isAuthenticated method of the global $PHPCAS_CLIENT object
  924. $auth = $PHPCAS_CLIENT->isAuthenticated();
  925. // store where the authentication has been checked and the result
  926. $dbg = phpCAS :: backtrace();
  927. $PHPCAS_AUTH_CHECK_CALL = array (
  928. 'done' => TRUE,
  929. 'file' => $dbg[0]['file'],
  930. 'line' => $dbg[0]['line'],
  931. 'method' => __CLASS__ . '::' . __FUNCTION__,
  932. 'result' => $auth
  933. );
  934. phpCAS :: traceEnd($auth);
  935. return $auth;
  936. }
  937. /**
  938. * Checks whether authenticated based on $_SESSION. Useful to avoid
  939. * server calls.
  940. * @return true if authenticated, false otherwise.
  941. * @since 0.4.22 by Brendan Arnold
  942. */
  943. function isSessionAuthenticated() {
  944. global $PHPCAS_CLIENT;
  945. if (!is_object($PHPCAS_CLIENT)) {
  946. phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
  947. }
  948. return ($PHPCAS_CLIENT->isSessionAuthenticated());
  949. }
  950. /**
  951. * This method returns the CAS user's login name.
  952. * @warning should not be called only after phpCAS::forceAuthentication()
  953. * or phpCAS::checkAuthentication().
  954. *
  955. * @return the login name of the authenticated user
  956. */
  957. function getUser() {
  958. global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
  959. if (!is_object($PHPCAS_CLIENT)) {
  960. phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
  961. }
  962. if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
  963. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()');
  964. }
  965. if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
  966. phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');
  967. }
  968. return $PHPCAS_CLIENT->getUser();
  969. }
  970. /**
  971. * This method returns the CAS user's login name.
  972. * @warning should not be called only after phpCAS::forceAuthentication()
  973. * or phpCAS::checkAuthentication().
  974. *
  975. * @return the login name of the authenticated user
  976. */
  977. function getAttributes() {
  978. global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
  979. if (!is_object($PHPCAS_CLIENT)) {
  980. phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
  981. }
  982. if (!$PHPCAS_AUTH_CHECK_CALL['done']) {
  983. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()');
  984. }
  985. if (!$PHPCAS_AUTH_CHECK_CALL['result']) {
  986. phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');
  987. }
  988. return $PHPCAS_CLIENT->getAttributes();
  989. }
  990. /**
  991. * Handle logout requests.
  992. */
  993. function handleLogoutRequests($check_client = true, $allowed_clients = false) {
  994. global $PHPCAS_CLIENT;
  995. if (!is_object($PHPCAS_CLIENT)) {
  996. phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
  997. }
  998. return ($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients));
  999. }
  1000. /**
  1001. * This method returns the URL to be used to login.
  1002. * or phpCAS::isAuthenticated().
  1003. *
  1004. * @return the login name of the authenticated user
  1005. */
  1006. function getServerLoginURL() {
  1007. global $PHPCAS_CLIENT;
  1008. if (!is_object($PHPCAS_CLIENT)) {
  1009. phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
  1010. }
  1011. return $PHPCAS_CLIENT->getServerLoginURL();
  1012. }
  1013. /**
  1014. * Set the login URL of the CAS server.
  1015. * @param $url the login URL
  1016. * @since 0.4.21 by Wyman Chan
  1017. */
  1018. function setServerLoginURL($url = '') {
  1019. global $PHPCAS_CLIENT;
  1020. phpCAS :: traceBegin();
  1021. if (!is_object($PHPCAS_CLIENT)) {
  1022. phpCAS :: error('this method should only be called after
  1023. ' . __CLASS__ . '::client()');
  1024. }
  1025. if (gettype($url) != 'string') {
  1026. phpCAS :: error('type mismatched for parameter $url (should be
  1027. `string\')');
  1028. }
  1029. $PHPCAS_CLIENT->setServerLoginURL($url);
  1030. phpCAS :: traceEnd();
  1031. }
  1032. /**
  1033. * Set the serviceValidate URL of the CAS server.
  1034. * Used only in CAS 1.0 validations
  1035. * @param $url the serviceValidate URL
  1036. * @since 1.1.0 by Joachim Fritschi
  1037. */
  1038. function setServerServiceValidateURL($url = '') {
  1039. global $PHPCAS_CLIENT;
  1040. phpCAS :: traceBegin();
  1041. if (!is_object($PHPCAS_CLIENT)) {
  1042. phpCAS :: error('this method should only be called after
  1043. ' . __CLASS__ . '::client()');
  1044. }
  1045. if (gettype($url) != 'string') {
  1046. phpCAS :: error('type mismatched for parameter $url (should be
  1047. `string\')');
  1048. }
  1049. $PHPCAS_CLIENT->setServerServiceValidateURL($url);
  1050. phpCAS :: traceEnd();
  1051. }
  1052. /**
  1053. * Set the proxyValidate URL of the CAS server.
  1054. * Used for all CAS 2.0 validations
  1055. * @param $url the proxyValidate URL
  1056. * @since 1.1.0 by Joachim Fritschi
  1057. */
  1058. function setServerProxyValidateURL($url = '') {
  1059. global $PHPCAS_CLIENT;
  1060. phpCAS :: traceBegin();
  1061. if (!is_object($PHPCAS_CLIENT)) {
  1062. phpCAS :: error('this method should only be called after
  1063. ' . __CLASS__ . '::client()');
  1064. }
  1065. if (gettype($url) != 'string') {
  1066. phpCAS :: error('type mismatched for parameter $url (should be
  1067. `string\')');
  1068. }
  1069. $PHPCAS_CLIENT->setServerProxyValidateURL($url);
  1070. phpCAS :: traceEnd();
  1071. }
  1072. /**
  1073. * Set the samlValidate URL of the CAS server.
  1074. * @param $url the samlValidate URL
  1075. * @since 1.1.0 by Joachim Fritschi
  1076. */
  1077. function setServerSamlValidateURL($url = '') {
  1078. global $PHPCAS_CLIENT;
  1079. phpCAS :: traceBegin();
  1080. if (!is_object($PHPCAS_CLIENT)) {
  1081. phpCAS :: error('this method should only be called after
  1082. ' . __CLASS__ . '::client()');
  1083. }
  1084. if (gettype($url) != 'string') {
  1085. phpCAS :: error('type mismatched for parameter $url (should be
  1086. `string\')');
  1087. }
  1088. $PHPCAS_CLIENT->setServerSamlValidateURL($url);
  1089. phpCAS :: traceEnd();
  1090. }
  1091. /**
  1092. * This method returns the URL to be used to login.
  1093. * or phpCAS::isAuthenticated().
  1094. *
  1095. * @return the login name of the authenticated user
  1096. */
  1097. function getServerLogoutURL() {
  1098. global $PHPCAS_CLIENT;
  1099. if (!is_object($PHPCAS_CLIENT)) {
  1100. phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
  1101. }
  1102. return $PHPCAS_CLIENT->getServerLogoutURL();
  1103. }
  1104. /**
  1105. * Set the logout URL of the CAS server.
  1106. * @param $url the logout URL
  1107. * @since 0.4.21 by Wyman Chan
  1108. */
  1109. function setServerLogoutURL($url = '') {
  1110. global $PHPCAS_CLIENT;
  1111. phpCAS :: traceBegin();
  1112. if (!is_object($PHPCAS_CLIENT)) {
  1113. phpCAS :: error('this method should only be called after
  1114. ' . __CLASS__ . '::client()');
  1115. }
  1116. if (gettype($url) != 'string') {
  1117. phpCAS :: error('type mismatched for parameter $url (should be
  1118. `string\')');
  1119. }
  1120. $PHPCAS_CLIENT->setServerLogoutURL($url);
  1121. phpCAS :: traceEnd();
  1122. }
  1123. /**
  1124. * This method is used to logout from CAS.
  1125. * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server
  1126. * @public
  1127. */
  1128. function logout($params = "") {
  1129. global $PHPCAS_CLIENT;
  1130. phpCAS :: traceBegin();
  1131. if (!is_object($PHPCAS_CLIENT)) {
  1132. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
  1133. }
  1134. $parsedParams = array ();
  1135. if ($params != "") {
  1136. if (is_string($params)) {
  1137. phpCAS :: error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead');
  1138. }
  1139. if (!is_array($params)) {
  1140. phpCAS :: error('type mismatched for parameter $params (should be `array\')');
  1141. }
  1142. foreach ($params as $key => $value) {
  1143. if ($key != "service" && $key != "url") {
  1144. phpCAS :: error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\'');
  1145. }
  1146. $parsedParams[$key] = $value;
  1147. }
  1148. }
  1149. $PHPCAS_CLIENT->logout($parsedParams);
  1150. // never reached
  1151. phpCAS :: traceEnd();
  1152. }
  1153. /**
  1154. * This method is used to logout from CAS. Halts by redirecting to the CAS server.
  1155. * @param $service a URL that will be transmitted to the CAS server
  1156. */
  1157. function logoutWithRedirectService($service) {
  1158. global $PHPCAS_CLIENT;
  1159. phpCAS :: traceBegin();
  1160. if (!is_object($PHPCAS_CLIENT)) {
  1161. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
  1162. }
  1163. if (!is_string($service)) {
  1164. phpCAS :: error('type mismatched for parameter $service (should be `string\')');
  1165. }
  1166. $PHPCAS_CLIENT->logout(array (
  1167. "service" => $service
  1168. ));
  1169. // never reached
  1170. phpCAS :: traceEnd();
  1171. }
  1172. /**
  1173. * This method is used to logout from CAS. Halts by redirecting to the CAS server.
  1174. * @param $url a URL that will be transmitted to the CAS server
  1175. */
  1176. function logoutWithUrl($url) {
  1177. global $PHPCAS_CLIENT;
  1178. phpCAS :: traceBegin();
  1179. if (!is_object($PHPCAS_CLIENT)) {
  1180. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
  1181. }
  1182. if (!is_string($url)) {
  1183. phpCAS :: error('type mismatched for parameter $url (should be `string\')');
  1184. }
  1185. $PHPCAS_CLIENT->logout(array (
  1186. "url" => $url
  1187. ));
  1188. // never reached
  1189. phpCAS :: traceEnd();
  1190. }
  1191. /**
  1192. * This method is used to logout from CAS. Halts by redirecting to the CAS server.
  1193. * @param $service a URL that will be transmitted to the CAS server
  1194. * @param $url a URL that will be transmitted to the CAS server
  1195. */
  1196. function logoutWithRedirectServiceAndUrl($service, $url) {
  1197. global $PHPCAS_CLIENT;
  1198. phpCAS :: traceBegin();
  1199. if (!is_object($PHPCAS_CLIENT)) {
  1200. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
  1201. }
  1202. if (!is_string($service)) {
  1203. phpCAS :: error('type mismatched for parameter $service (should be `string\')');
  1204. }
  1205. if (!is_string($url)) {
  1206. phpCAS :: error('type mismatched for parameter $url (should be `string\')');
  1207. }
  1208. $PHPCAS_CLIENT->logout(array (
  1209. "service" => $service,
  1210. "url" => $url
  1211. ));
  1212. // never reached
  1213. phpCAS :: traceEnd();
  1214. }
  1215. /**
  1216. * Set the fixed URL that will be used by the CAS server to transmit the PGT.
  1217. * When this method is not called, a phpCAS script uses its own URL for the callback.
  1218. *
  1219. * @param $url the URL
  1220. */
  1221. function setFixedCallbackURL($url = '') {
  1222. global $PHPCAS_CLIENT;
  1223. phpCAS :: traceBegin();
  1224. if (!is_object($PHPCAS_CLIENT)) {
  1225. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
  1226. }
  1227. if (!$PHPCAS_CLIENT->isProxy()) {
  1228. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
  1229. }
  1230. if (gettype($url) != 'string') {
  1231. phpCAS :: error('type mismatched for parameter $url (should be `string\')');
  1232. }
  1233. $PHPCAS_CLIENT->setCallbackURL($url);
  1234. phpCAS :: traceEnd();
  1235. }
  1236. /**
  1237. * Set the fixed URL that will be set as the CAS service parameter. When this
  1238. * method is not called, a phpCAS script uses its own URL.
  1239. *
  1240. * @param $url the URL
  1241. */
  1242. function setFixedServiceURL($url) {
  1243. global $PHPCAS_CLIENT;
  1244. phpCAS :: traceBegin();
  1245. if (!is_object($PHPCAS_CLIENT)) {
  1246. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
  1247. }
  1248. if (gettype($url) != 'string') {
  1249. phpCAS :: error('type mismatched for parameter $url (should be `string\')');
  1250. }
  1251. $PHPCAS_CLIENT->setURL($url);
  1252. phpCAS :: traceEnd();
  1253. }
  1254. /**
  1255. * Get the URL that is set as the CAS service parameter.
  1256. */
  1257. function getServiceURL() {
  1258. global $PHPCAS_CLIENT;
  1259. if (!is_object($PHPCAS_CLIENT)) {
  1260. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
  1261. }
  1262. return ($PHPCAS_CLIENT->getURL());
  1263. }
  1264. /**
  1265. * Retrieve a Proxy Ticket from the CAS server.
  1266. */
  1267. function retrievePT($target_service, & $err_code, & $err_msg) {
  1268. global $PHPCAS_CLIENT;
  1269. if (!is_object($PHPCAS_CLIENT)) {
  1270. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
  1271. }
  1272. if (gettype($target_service) != 'string') {
  1273. phpCAS :: error('type mismatched for parameter $target_service(should be `string\')');
  1274. }
  1275. return ($PHPCAS_CLIENT->retrievePT($target_service, $err_code, $err_msg));
  1276. }
  1277. /**
  1278. * Set the certificate of the CAS server.
  1279. *
  1280. * @param $cert the PEM certificate
  1281. */
  1282. function setCasServerCert($cert) {
  1283. global $PHPCAS_CLIENT;
  1284. phpCAS :: traceBegin();
  1285. if (!is_object($PHPCAS_CLIENT)) {
  1286. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
  1287. }
  1288. if (gettype($cert) != 'string') {
  1289. phpCAS :: error('type mismatched for parameter $cert (should be `string\')');
  1290. }
  1291. $PHPCAS_CLIENT->setCasServerCert($cert);
  1292. phpCAS :: traceEnd();
  1293. }
  1294. /**
  1295. * Set the certificate of the CAS server CA.
  1296. *
  1297. * @param $cert the CA certificate
  1298. */
  1299. function setCasServerCACert($cert) {
  1300. global $PHPCAS_CLIENT;
  1301. phpCAS :: traceBegin();
  1302. if (!is_object($PHPCAS_CLIENT)) {
  1303. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
  1304. }
  1305. if (gettype($cert) != 'string') {
  1306. phpCAS :: error('type mismatched for parameter $cert (should be `string\')');
  1307. }
  1308. $PHPCAS_CLIENT->setCasServerCACert($cert);
  1309. phpCAS :: traceEnd();
  1310. }
  1311. /**
  1312. * Set no SSL validation for the CAS server.
  1313. */
  1314. function setNoCasServerValidation() {
  1315. global $PHPCAS_CLIENT;
  1316. phpCAS :: traceBegin();
  1317. if (!is_object($PHPCAS_CLIENT)) {
  1318. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
  1319. }
  1320. $PHPCAS_CLIENT->setNoCasServerValidation();
  1321. phpCAS :: traceEnd();
  1322. }
  1323. /** @} */
  1324. /**
  1325. * Change CURL options.
  1326. * CURL is used to connect through HTTPS to CAS server
  1327. * @param $key the option key
  1328. * @param $value the value to set
  1329. */
  1330. function setExtraCurlOption($key, $value) {
  1331. global $PHPCAS_CLIENT;
  1332. phpCAS :: traceBegin();
  1333. if (!is_object($PHPCAS_CLIENT)) {
  1334. phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
  1335. }
  1336. $PHPCAS_CLIENT->setExtraCurlOption($key, $value);
  1337. phpCAS :: traceEnd();
  1338. }
  1339. }
  1340. // ########################################################################
  1341. // DOCUMENTATION
  1342. // ########################################################################
  1343. // ########################################################################
  1344. // MAIN PAGE
  1345. /**
  1346. * @mainpage
  1347. *
  1348. * The following pages only show the source documentation.
  1349. *
  1350. */
  1351. // ########################################################################
  1352. // MODULES DEFINITION
  1353. /** @defgroup public User interface */
  1354. /** @defgroup publicInit Initialization
  1355. * @ingroup public */
  1356. /** @defgroup publicAuth Authentication
  1357. * @ingroup public */
  1358. /** @defgroup publicServices Access to external services
  1359. * @ingroup public */
  1360. /** @defgroup publicConfig Configuration
  1361. * @ingroup public */
  1362. /** @defgroup publicLang Internationalization
  1363. * @ingroup publicConfig */
  1364. /** @defgroup publicOutput HTML output
  1365. * @ingroup publicConfig */
  1366. /** @defgroup publicPGTStorage PGT storage
  1367. * @ingroup publicConfig */
  1368. /** @defgroup publicDebug Debugging
  1369. * @ingroup public */
  1370. /** @defgroup internal Implementation */
  1371. /** @defgroup internalAuthentication Authentication
  1372. * @ingroup internal */
  1373. /** @defgroup internalBasic CAS Basic client features (CAS 1.0, Service Tickets)
  1374. * @ingroup internal */
  1375. /** @defgroup internalProxy CAS Proxy features (CAS 2.0, Proxy Granting Tickets)
  1376. * @ingroup internal */
  1377. /** @defgroup internalPGTStorage PGT storage
  1378. * @ingroup internalProxy */
  1379. /** @defgroup internalPGTStorageDB PGT storage in a database
  1380. * @ingroup internalPGTStorage */
  1381. /** @defgroup internalPGTStorageFile PGT storage on the filesystem
  1382. * @ingroup internalPGTStorage */
  1383. /** @defgroup internalCallback Callback from the CAS server
  1384. * @ingroup internalProxy */
  1385. /** @defgroup internalProxied CAS proxied client features (CAS 2.0, Proxy Tickets)
  1386. * @ingroup internal */
  1387. /** @defgroup internalConfig Configuration
  1388. * @ingroup internal */
  1389. /** @defgroup internalOutput HTML output
  1390. * @ingroup internalConfig */
  1391. /** @defgroup internalLang Internationalization
  1392. * @ingroup internalConfig
  1393. *
  1394. * To add a new language:
  1395. * - 1. define a new constant PHPCAS_LANG_XXXXXX in CAS/CAS.php
  1396. * - 2. copy any file from CAS/languages to CAS/languages/XXXXXX.php
  1397. * - 3. Make the translations
  1398. */
  1399. /** @defgroup internalDebug Debugging
  1400. * @ingroup internal */
  1401. /** @defgroup internalMisc Miscellaneous
  1402. * @ingroup internal */
  1403. // ########################################################################
  1404. // EXAMPLES
  1405. /**
  1406. * @example example_simple.php
  1407. */
  1408. /**
  1409. * @example example_proxy.php
  1410. */
  1411. /**
  1412. * @example example_proxy2.php
  1413. */
  1414. /**
  1415. * @example example_lang.php
  1416. */
  1417. /**
  1418. * @example example_html.php
  1419. */
  1420. /**
  1421. * @example example_file.php
  1422. */
  1423. /**
  1424. * @example example_db.php
  1425. */
  1426. /**
  1427. * @example example_service.php
  1428. */
  1429. /**
  1430. * @example example_session_proxy.php
  1431. */
  1432. /**
  1433. * @example example_session_service.php
  1434. */
  1435. /**
  1436. * @example example_gateway.php
  1437. */
  1438. /**
  1439. * @example example_custom_urls.php
  1440. */
  1441. ?>