ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
client.php
Go to the documentation of this file.
1<?php
2
8// include internationalization stuff
9include_once(dirname(__FILE__).'/languages/languages.php');
10
11// include PGT storage classes
12include_once(dirname(__FILE__).'/PGTStorage/pgt-main.php');
13
22class CASClient
23{
24
25 // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
26 // XX XX
27 // XX CONFIGURATION XX
28 // XX XX
29 // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
30
31 // ########################################################################
32 // HTML OUTPUT
33 // ########################################################################
52 function HTMLFilterOutput($str)
53 {
54 $str = str_replace('__CAS_VERSION__',$this->getServerVersion(),$str);
55 $str = str_replace('__PHPCAS_VERSION__',phpCAS::getVersion(),$str);
56 $str = str_replace('__SERVER_BASE_URL__',$this->getServerBaseURL(),$str);
57 echo $str;
58 }
59
68 var $_output_header = '';
69
79 function printHTMLHeader($title)
80 {
81 $this->HTMLFilterOutput(str_replace('__TITLE__',
82 $title,
83 (empty($this->_output_header)
84 ? '<html><head><title>__TITLE__</title></head><body><h1>__TITLE__</h1>'
85 : $this->output_header)
86 )
87 );
88 }
89
98 var $_output_footer = '';
99
108 {
109 $this->HTMLFilterOutput(empty($this->_output_footer)
110 ?('<hr><address>phpCAS __PHPCAS_VERSION__ '.$this->getString(CAS_STR_USING_SERVER).' <a href="__SERVER_BASE_URL__">__SERVER_BASE_URL__</a> (CAS __CAS_VERSION__)</a></address></body></html>')
111 :$this->_output_footer);
112 }
113
122 {
123 $this->_output_header = $header;
124 }
125
133 function setHTMLFooter($footer)
134 {
135 $this->_output_footer = $footer;
136 }
137
139 // ########################################################################
140 // INTERNATIONALIZATION
141 // ########################################################################
156 var $_lang = '';
157
165 function getLang()
166 {
167 if ( empty($this->_lang) )
169 return $this->_lang;
170 }
171
181 var $_strings;
182
192 function getString($str)
193 {
194 // call CASclient::getLang() to be sure the language is initialized
195 $this->getLang();
196
197 if ( !isset($this->_strings[$str]) ) {
198 trigger_error('string `'.$str.'\' not defined for language `'.$this->getLang().'\'',E_USER_ERROR);
199 }
200 return $this->_strings[$str];
201 }
202
212 function setLang($lang)
213 {
214 // include the corresponding language file
215 include_once(dirname(__FILE__).'/languages/'.$lang.'.php');
216
217 if ( !is_array($this->_strings) ) {
218 trigger_error('language `'.$lang.'\' is not implemented',E_USER_ERROR);
219 }
220 $this->_lang = $lang;
221 }
222
224 // ########################################################################
225 // CAS SERVER CONFIG
226 // ########################################################################
256 var $_server = array(
257 'version' => -1,
258 'hostname' => 'none',
259 'port' => -1,
260 'uri' => 'none'
261 );
262
268 function getServerVersion()
269 {
270 return $this->_server['version'];
271 }
272
278 function getServerHostname()
279 { return $this->_server['hostname']; }
280
286 function getServerPort()
287 { return $this->_server['port']; }
288
294 function getServerURI()
295 { return $this->_server['uri']; }
296
302 function getServerBaseURL()
303 {
304 // the URL is build only when needed
305 if ( empty($this->_server['base_url']) ) {
306
307 // to do: undo this
308 //$this->_server['base_url'] = 'https://'
309 $this->_server['base_url'] = 'https://'
310 .$this->getServerHostname()
311 .':'
312 .$this->getServerPort()
313 .$this->getServerURI();
314 }
315//echo "-".$this->_server['base_url']."-";
316 return $this->_server['base_url'];
317 }
318
325 function getServerLoginURL($gateway)
326 {
328 // the URL is build only when needed
329 if ( empty($this->_server['login_url']) ) {
330 $this->_server['login_url'] = $this->getServerBaseURL();
331 $this->_server['login_url'] .= 'login?service=';
332 $this->_server['login_url'] .= preg_replace('/&/','%26',$this->getURL());
333 if ($gateway) {
334 $this->_server['login_url'] .= '&gateway=true';
335 }
336 }
337 phpCAS::traceEnd($this->_server['login_url']);
338 return $this->_server['login_url'];
339 }
340
347 {
348 // the URL is build only when needed
349 if ( empty($this->_server['service_validate_url']) ) {
350 switch ($this->getServerVersion()) {
351 case CAS_VERSION_1_0:
352 $this->_server['service_validate_url'] = $this->getServerBaseURL().'validate';
353 break;
354 case CAS_VERSION_2_0:
355 $this->_server['service_validate_url'] = $this->getServerBaseURL().'serviceValidate';
356 break;
357 }
358 }
359 return $this->_server['service_validate_url'].'?service='.preg_replace('/&/','%26',$this->getURL());
360 }
361
368 {
369 // the URL is build only when needed
370 if ( empty($this->_server['proxy_validate_url']) ) {
371 switch ($this->getServerVersion()) {
372 case CAS_VERSION_1_0:
373 $this->_server['proxy_validate_url'] = '';
374 break;
375 case CAS_VERSION_2_0:
376 $this->_server['proxy_validate_url'] = $this->getServerBaseURL().'proxyValidate';
377 break;
378 }
379 }
380 return $this->_server['proxy_validate_url'].'?service='.preg_replace('/&/','%26',$this->getURL());
381 }
382
389 {
390 // the URL is build only when needed
391 if ( empty($this->_server['proxy_url']) ) {
392 switch ($this->getServerVersion()) {
393 case CAS_VERSION_1_0:
394 $this->_server['proxy_url'] = '';
395 break;
396 case CAS_VERSION_2_0:
397 $this->_server['proxy_url'] = $this->getServerBaseURL().'proxy';
398 break;
399 }
400 }
401 return $this->_server['proxy_url'];
402 }
403
410 {
411 // the URL is build only when needed
412 if ( empty($this->_server['logout_url']) ) {
413 $this->_server['logout_url'] = $this->getServerBaseURL().'logout';
414 }
415 return $this->_server['logout_url'];
416 }
417
418 // ########################################################################
419 // CONSTRUCTOR
420 // ########################################################################
435 function CASClient($server_version,
436 $proxy,
437 $server_hostname,
438 $server_port,
439 $server_uri,
440 $start_session = true)
441 {
443
444 // activate session mechanism if desired
445 if ($start_session) {
446 session_start();
447 }
448
449 $this->_proxy = $proxy;
450
451 // check version
452 switch ($server_version) {
453 case CAS_VERSION_1_0:
454 if ( $this->isProxy() )
455 phpCAS::error('CAS proxies are not supported in CAS '
456 .$server_version);
457 break;
458 case CAS_VERSION_2_0:
459 break;
460 default:
461 phpCAS::error('this version of CAS (`'
462 .$server_version
463 .'\') is not supported by phpCAS '
464 .phpCAS::getVersion());
465 }
466 $this->_server['version'] = $server_version;
467
468 // check hostname
469 if ( empty($server_hostname)
470 || !preg_match('/[\.\d\-abcdefghijklmnopqrstuvwxyz]*/',$server_hostname) ) {
471 phpCAS::error('bad CAS server hostname (`'.$server_hostname.'\')');
472 }
473 $this->_server['hostname'] = $server_hostname;
474
475 // check port
476 if ( $server_port == 0
477 || !is_int($server_port) ) {
478 phpCAS::error('bad CAS server port (`'.$server_hostname.'\')');
479 }
480 $this->_server['port'] = $server_port;
481
482 // check URI
483 if ( !preg_match('/[\.\d\-_abcdefghijklmnopqrstuvwxyz\/]*/',$server_uri) ) {
484 phpCAS::error('bad CAS server URI (`'.$server_uri.'\')');
485 }
486 // add leading and trailing `/' and remove doubles
487 $server_uri = preg_replace('/\/\//','/','/'.$server_uri.'/');
488 $this->_server['uri'] = $server_uri;
489
490 // set to callback mode if PgtIou and PgtId CGI GET parameters are provided
491 if ( $this->isProxy() ) {
492 $this->setCallbackMode(!empty($_GET['pgtIou'])&&!empty($_GET['pgtId']));
493 }
494
495 if ( $this->isCallbackMode() ) {
496 // callback mode: check that phpCAS is secured
497 if ( $_SERVER['HTTPS'] != 'on' ) {
498 phpCAS::error('CAS proxies must be secured to use phpCAS; PGT\'s will not be received from the CAS server');
499 }
500 } else {
501 // normal mode: get ticket and remove it from CGI parameters for developpers
502 $ticket = $_GET['ticket'];
503 // at first check for a Service Ticket
504 if( preg_match('/^ST-/',$ticket)) {
505 phpCAS::trace('ST \''.$ticket.'\' found');
506 // ST present
507 $this->setST($ticket);
508 }
509 // in a second time check for a Proxy Ticket (CAS >= 2.0)
510 else if( ($this->getServerVersion()!=CAS_VERSION_1_0) && preg_match('/^PT-/',$ticket) ) {
511 phpCAS::trace('PT \''.$ticket.'\' found');
512 $this->setPT($ticket);
513 }
514 // ill-formed ticket, halt
515 else if ( !empty($ticket) ) {
516 phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')');
517 }
518 // ticket has been taken into account, unset it to hide it to applications
519 unset($_GET['ticket']);
520 }
522 }
523
526 // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
527 // XX XX
528 // XX AUTHENTICATION XX
529 // XX XX
530 // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
531
544 var $_user = '';
545
553 function setUser($user)
554 {
555 $this->_user = $user;
556 }
557
565 function getUser()
566 {
567 if ( empty($this->_user) ) {
568 phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
569 }
570 return $this->_user;
571 }
572
580 {
582
583 if ( $this->isAuthenticated() ) {
584 // the user is authenticated, nothing to be done.
585 phpCAS::trace('no need to authenticate');
586 $res = TRUE;
587 } else {
588 // the user is not authenticated, redirect to the CAS server
589 unset($_SESSION['phpCAS']['auth_checked']);
590 $this->redirectToCas(FALSE/* no gateway */);
591 // never reached
592 $res = FALSE;
593 }
595 return $res;
596 }
597
604 {
606
607 if ( $this->isAuthenticated() ) {
608 phpCAS::trace('user is authenticated');
609 $res = TRUE;
610 } else if (isset($_SESSION['phpCAS']['auth_checked'])) {
611 // the previous request has redirected the client to the CAS server with gateway=true
612 unset($_SESSION['phpCAS']['auth_checked']);
613 $res = FALSE;
614 } else {
615 $_SESSION['phpCAS']['auth_checked'] = true;
616 $this->redirectToCas(TRUE/* gateway */);
617 // never reached
618 $res = FALSE;
619 }
621 return $res;
622 }
623
633 {
635 $res = FALSE;
636 $validate_url = '';
637
638 if ( $this->wasPreviouslyAuthenticated() ) {
639 // the user has already (previously during the session) been
640 // authenticated, nothing to be done.
641 phpCAS::trace('user was already authenticated, no need to look for tickets');
642 $res = TRUE;
643 } elseif ( $this->hasST() ) {
644 // if a Service Ticket was given, validate it
645 phpCAS::trace('ST `'.$this->getST().'\' is present');
646 $this->validateST($validate_url,$text_response,$tree_response); // if it fails, it halts
647 phpCAS::trace('ST `'.$this->getST().'\' was validated');
648 if ( $this->isProxy() ) {
649 $this->validatePGT($validate_url,$text_response,$tree_response); // idem
650 phpCAS::trace('PGT `'.$this->getPGT().'\' was validated');
651 $_SESSION['phpCAS']['pgt'] = $this->getPGT();
652 }
653 $_SESSION['phpCAS']['user'] = $this->getUser();
654 $res = TRUE;
655 } elseif ( $this->hasPT() ) {
656 // if a Proxy Ticket was given, validate it
657 phpCAS::trace('PT `'.$this->getPT().'\' is present');
658 $this->validatePT($validate_url,$text_response,$tree_response); // note: if it fails, it halts
659 phpCAS::trace('PT `'.$this->getPT().'\' was validated');
660 if ( $this->isProxy() ) {
661 $this->validatePGT($validate_url,$text_response,$tree_response); // idem
662 phpCAS::trace('PGT `'.$this->getPGT().'\' was validated');
663 $_SESSION['phpCAS']['pgt'] = $this->getPGT();
664 }
665 $_SESSION['phpCAS']['user'] = $this->getUser();
666 $res = TRUE;
667 } else {
668 // no ticket given, not authenticated
669 phpCAS::trace('no ticket found');
670 }
671
673 return $res;
674 }
675
687 {
689
690 if ( $this->isCallbackMode() ) {
691 $this->callback();
692 }
693
694 $auth = FALSE;
695
696 if ( $this->isProxy() ) {
697 // CAS proxy: username and PGT must be present
698 if ( !empty($_SESSION['phpCAS']['user']) && !empty($_SESSION['phpCAS']['pgt']) ) {
699 // authentication already done
700 $this->setUser($_SESSION['phpCAS']['user']);
701 $this->setPGT($_SESSION['phpCAS']['pgt']);
702 phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\', PGT = `'.$_SESSION['phpCAS']['pgt'].'\'');
703 $auth = TRUE;
704 } elseif ( !empty($_SESSION['phpCAS']['user']) && empty($_SESSION['phpCAS']['pgt']) ) {
705 // these two variables should be empty or not empty at the same time
706 phpCAS::trace('username found (`'.$_SESSION['phpCAS']['user'].'\') but PGT is empty');
707 // unset all tickets to enforce authentication
708 unset($_SESSION['phpCAS']);
709 $this->setST('');
710 $this->setPT('');
711 } elseif ( empty($_SESSION['phpCAS']['user']) && !empty($_SESSION['phpCAS']['pgt']) ) {
712 // these two variables should be empty or not empty at the same time
713 phpCAS::trace('PGT found (`'.$_SESSION['phpCAS']['pgt'].'\') but username is empty');
714 // unset all tickets to enforce authentication
715 unset($_SESSION['phpCAS']);
716 $this->setST('');
717 $this->setPT('');
718 } else {
719 phpCAS::trace('neither user not PGT found');
720 }
721 } else {
722 // `simple' CAS client (not a proxy): username must be present
723 if ( !empty($_SESSION['phpCAS']['user']) ) {
724 // authentication already done
725 $this->setUser($_SESSION['phpCAS']['user']);
726 phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\'');
727 $auth = TRUE;
728 } else {
729 phpCAS::trace('no user found');
730 }
731 }
732
734 return $auth;
735 }
736
743 function redirectToCas($gateway)
744 {
746 $cas_url = $this->getServerLoginURL($gateway);
747 header('Location: '.$cas_url);
749 printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url);
750 $this->printHTMLFooter();
752 exit();
753 }
754
760 function logout($url = "")
761 {
763 $cas_url = $this->getServerLogoutURL();
764 // v0.4.14 sebastien.gougeon at univ-rennes1.fr
765 // header('Location: '.$cas_url);
766 if ( $url != "" ) {
767 $url = '?service=' . $url;
768 }
769 header('Location: '.$cas_url . $url);
770 session_unset();
771 session_destroy();
773 printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url);
774 $this->printHTMLFooter();
776 exit();
777 }
778
781 // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
782 // XX XX
783 // XX BASIC CLIENT FEATURES (CAS 1.0) XX
784 // XX XX
785 // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
786
787 // ########################################################################
788 // ST
789 // ########################################################################
803 var $_st = '';
804
810 function getST()
811 { return $this->_st; }
812
818 function setST($st)
819 { $this->_st = $st; }
820
826 function hasST()
827 { return !empty($this->_st); }
828
831 // ########################################################################
832 // ST VALIDATION
833 // ########################################################################
852 function validateST($validate_url,&$text_response,&$tree_response)
853 {
855 // build the URL to validate the ticket
856 $validate_url = $this->getServerServiceValidateURL().'&ticket='.$this->getST();
857 if ( $this->isProxy() ) {
858 // pass the callback url for CAS proxies
859 $validate_url .= '&pgtUrl='.$this->getCallbackURL();
860 }
861
862 // open and read the URL
863 if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) {
864 phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')');
865 $this->authError('ST not validated',
866 $validate_url,
867 TRUE/*$no_response*/);
868 }
869
870 // analyze the result depending on the version
871 switch ($this->getServerVersion()) {
872 case CAS_VERSION_1_0:
873 if (preg_match('/^no\n/',$text_response)) {
874 phpCAS::trace('ST has not been validated');
875 $this->authError('ST not validated',
876 $validate_url,
877 FALSE/*$no_response*/,
878 FALSE/*$bad_response*/,
879 $text_response);
880 }
881 if (!preg_match('/^yes\n/',$text_response)) {
882 phpCAS::trace('ill-formed response');
883 $this->authError('ST not validated',
884 $validate_url,
885 FALSE/*$no_response*/,
886 TRUE/*$bad_response*/,
887 $text_response);
888 }
889 // ST has been validated, extract the user name
890 $arr = preg_split('/\n/',$text_response);
891 $this->setUser(trim($arr[1]));
892 break;
893 case CAS_VERSION_2_0:
894 // read the response of the CAS server into a DOM object
895 if ( !($dom = domxml_open_mem($text_response))) {
896 phpCAS::trace('domxml_open_mem() failed');
897 $this->authError('ST not validated',
898 $validate_url,
899 FALSE/*$no_response*/,
900 TRUE/*$bad_response*/,
901 $text_response);
902 }
903 // read the root node of the XML tree
904 if ( !($tree_response = $dom->document_element()) ) {
905 phpCAS::trace('document_element() failed');
906 $this->authError('ST not validated',
907 $validate_url,
908 FALSE/*$no_response*/,
909 TRUE/*$bad_response*/,
910 $text_response);
911 }
912 // insure that tag name is 'serviceResponse'
913 if ( $tree_response->node_name(true) != 'serviceResponse' ) {
914 phpCAS::trace('bad XML root node (should be `serviceResponse\' instead of `'.$tree_response->node_name(true).'\'');
915 $this->authError('ST not validated',
916 $validate_url,
917 FALSE/*$no_response*/,
918 TRUE/*$bad_response*/,
919 $text_response);
920 }
921 if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("authenticationSuccess")) != 0) {
922 // authentication succeded, extract the user name
923 if ( sizeof($user_elements = $success_elements[0]->get_elements_by_tagname("user")) == 0) {
924 phpCAS::trace('<authenticationSuccess> found, but no <user>');
925 $this->authError('ST not validated',
926 $validate_url,
927 FALSE/*$no_response*/,
928 TRUE/*$bad_response*/,
929 $text_response);
930 }
931 $user = trim($user_elements[0]->get_content());
932 phpCAS::trace('user = `'.$user);
933 $this->setUser($user);
934
935 } else if ( sizeof($failure_elements = $tree_response->get_elements_by_tagname("authenticationFailure")) != 0) {
936 phpCAS::trace('<authenticationFailure> found');
937 // authentication failed, extract the error code and message
938 $this->authError('ST not validated',
939 $validate_url,
940 FALSE/*$no_response*/,
941 FALSE/*$bad_response*/,
942 $text_response,
943 $failure_elements[0]->get_attribute('code')/*$err_code*/,
944 trim($failure_elements[0]->get_content())/*$err_msg*/);
945 } else {
946 phpCAS::trace('neither <authenticationSuccess> nor <authenticationFailure> found');
947 $this->authError('ST not validated',
948 $validate_url,
949 FALSE/*$no_response*/,
950 TRUE/*$bad_response*/,
951 $text_response);
952 }
953 break;
954 }
955
956 // at this step, ST has been validated and $this->_user has been set,
957 phpCAS::traceEnd(TRUE);
958 return TRUE;
959 }
960
963 // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
964 // XX XX
965 // XX PROXY FEATURES (CAS 2.0) XX
966 // XX XX
967 // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
968
969 // ########################################################################
970 // PROXYING
971 // ########################################################################
983 var $_proxy;
984
992 function isProxy()
993 {
994 return $this->_proxy;
995 }
996
998 // ########################################################################
999 // PGT
1000 // ########################################################################
1013 var $_pgt = '';
1014
1020 function getPGT()
1021 { return $this->_pgt; }
1022
1028 function setPGT($pgt)
1029 { $this->_pgt = $pgt; }
1030
1036 function hasPGT()
1037 { return !empty($this->_pgt); }
1038
1041 // ########################################################################
1042 // CALLBACK MODE
1043 // ########################################################################
1061 var $_callback_mode = FALSE;
1062
1070 function setCallbackMode($callback_mode)
1071 {
1072 $this->_callback_mode = $callback_mode;
1073 }
1074
1084 {
1085 return $this->_callback_mode;
1086 }
1087
1096 var $_callback_url = '';
1097
1108 {
1109 // the URL is built when needed only
1110 if ( empty($this->_callback_url) ) {
1111 $final_uri = '';
1112 // remove the ticket if present in the URL
1113 $final_uri = 'https://';
1114
1115 /* replaced by Julien Marchal - v0.4.6
1116 * $this->uri .= $_SERVER['SERVER_NAME'];
1117 */
1118 if(empty($_SERVER['HTTP_X_FORWARDED_SERVER'])){
1119 /* replaced by teedog - v0.4.12
1120 * $final_uri .= $_SERVER['SERVER_NAME'];
1121 */
1122 if (empty($_SERVER['SERVER_NAME'])) {
1123 $final_uri .= $_SERVER['HTTP_HOST'];
1124 } else {
1125 $final_uri .= $_SERVER['SERVER_NAME'];
1126 }
1127 } else {
1128 $final_uri .= $_SERVER['HTTP_X_FORWARDED_SERVER'];
1129 }
1130 if ( ($_SERVER['HTTPS']=='on' && $_SERVER['SERVER_PORT']!=443)
1131 || ($_SERVER['HTTPS']!='on' && $_SERVER['SERVER_PORT']!=80) ) {
1132 $final_uri .= ':';
1133 $final_uri .= $_SERVER['SERVER_PORT'];
1134 }
1135 $request_uri = $_SERVER['REQUEST_URI'];
1136 $request_uri = preg_replace('/\?.*$/','',$request_uri);
1137 $final_uri .= $request_uri;
1138 $this->setCallbackURL($final_uri);
1139 }
1140 return $this->_callback_url;
1141 }
1142
1151 {
1152 return $this->_callback_url = $url;
1153 }
1154
1161 function callback()
1162 {
1164 $this->printHTMLHeader('phpCAS callback');
1165 $pgt_iou = $_GET['pgtIou'];
1166 $pgt = $_GET['pgtId'];
1167 phpCAS::trace('Storing PGT `'.$pgt.'\' (id=`'.$pgt_iou.'\')');
1168 echo '<p>Storing PGT `'.$pgt.'\' (id=`'.$pgt_iou.'\').</p>';
1169 $this->storePGT($pgt,$pgt_iou);
1170 $this->printHTMLFooter();
1172 }
1173
1176 // ########################################################################
1177 // PGT STORAGE
1178 // ########################################################################
1192 var $_pgt_storage = null;
1193
1201 {
1202 // if no SetPGTStorageXxx() has been used, default to file
1203 if ( !is_object($this->_pgt_storage) ) {
1204 $this->setPGTStorageFile();
1205 }
1206
1207 // initializes the storage
1208 $this->_pgt_storage->init();
1209 }
1210
1219 function storePGT($pgt,$pgt_iou)
1220 {
1221 // ensure that storage is initialized
1222 $this->initPGTStorage();
1223 // writes the PGT
1224 $this->_pgt_storage->write($pgt,$pgt_iou);
1225 }
1226
1236 function loadPGT($pgt_iou)
1237 {
1238 // ensure that storage is initialized
1239 $this->initPGTStorage();
1240 // read the PGT
1241 return $this->_pgt_storage->read($pgt_iou);
1242 }
1243
1253 function setPGTStorageFile($format='',
1254 $path='')
1255 {
1256 // check that the storage has not already been set
1257 if ( is_object($this->_pgt_storage) ) {
1258 phpCAS::error('PGT storage already defined');
1259 }
1260
1261 // create the storage object
1262 $this->_pgt_storage = &new PGTStorageFile($this,$format,$path);
1263 }
1264
1282 function setPGTStorageDB($user,
1283 $password,
1284 $database_type,
1285 $hostname,
1286 $port,
1287 $database,
1288 $table)
1289 {
1290 // check that the storage has not already been set
1291 if ( is_object($this->_pgt_storage) ) {
1292 phpCAS::error('PGT storage already defined');
1293 }
1294
1295 // warn the user that he should use file storage...
1296 trigger_error('PGT storage into database is an experimental feature, use at your own risk',E_USER_WARNING);
1297
1298 // create the storage object
1299 $this->_pgt_storage = & new PGTStorageDB($this,$user,$password,$database_type,$hostname,$port,$database,$table);
1300 }
1301
1302 // ########################################################################
1303 // PGT VALIDATION
1304 // ########################################################################
1318 function validatePGT(&$validate_url,$text_response,$tree_response)
1319 {
1321 if ( sizeof($arr = $tree_response->get_elements_by_tagname("proxyGrantingTicket")) == 0) {
1322 phpCAS::trace('<proxyGrantingTicket> not found');
1323 // authentication succeded, but no PGT Iou was transmitted
1324 $this->authError('Ticket validated but no PGT Iou transmitted',
1325 $validate_url,
1326 FALSE/*$no_response*/,
1327 FALSE/*$bad_response*/,
1328 $text_response);
1329 } else {
1330 // PGT Iou transmitted, extract it
1331 $pgt_iou = trim($arr[0]->get_content());
1332 $pgt = $this->loadPGT($pgt_iou);
1333 if ( $pgt == FALSE ) {
1334 phpCAS::trace('could not load PGT');
1335 $this->authError('PGT Iou was transmitted but PGT could not be retrieved',
1336 $validate_url,
1337 FALSE/*$no_response*/,
1338 FALSE/*$bad_response*/,
1339 $text_response);
1340 }
1341 $this->setPGT($pgt);
1342 }
1343 phpCAS::traceEnd(TRUE);
1344 return TRUE;
1345 }
1346
1347 // ########################################################################
1348 // PGT VALIDATION
1349 // ########################################################################
1350
1362 function retrievePT($target_service,&$err_code,&$err_msg)
1363 {
1365
1366 // by default, $err_msg is set empty and $pt to TRUE. On error, $pt is
1367 // set to false and $err_msg to an error message. At the end, if $pt is FALSE
1368 // and $error_msg is still empty, it is set to 'invalid response' (the most
1369 // commonly encountered error).
1370 $err_msg = '';
1371
1372 // build the URL to retrieve the PT
1373 $cas_url = $this->getServerProxyURL().'?targetService='.preg_replace('/&/','%26',$target_service).'&pgt='.$this->getPGT();
1374
1375 // open and read the URL
1376 if ( !$this->readURL($cas_url,''/*cookies*/,$headers,$cas_response,$err_msg) ) {
1377 phpCAS::trace('could not open URL \''.$cas_url.'\' to validate ('.$err_msg.')');
1378 $err_code = PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE;
1379 $err_msg = 'could not retrieve PT (no response from the CAS server)';
1380 phpCAS::traceEnd(FALSE);
1381 return FALSE;
1382 }
1383
1384 $bad_response = FALSE;
1385
1386 if ( !$bad_response ) {
1387 // read the response of the CAS server into a DOM object
1388 if ( !($dom = @domxml_open_mem($cas_response))) {
1389 phpCAS::trace('domxml_open_mem() failed');
1390 // read failed
1391 $bad_response = TRUE;
1392 }
1393 }
1394
1395 if ( !$bad_response ) {
1396 // read the root node of the XML tree
1397 if ( !($root = $dom->document_element()) ) {
1398 phpCAS::trace('document_element() failed');
1399 // read failed
1400 $bad_response = TRUE;
1401 }
1402 }
1403
1404 if ( !$bad_response ) {
1405 // insure that tag name is 'serviceResponse'
1406 if ( $root->node_name(true) != 'serviceResponse' ) {
1407 phpCAS::trace('node_name() failed');
1408 // bad root node
1409 $bad_response = TRUE;
1410 }
1411 }
1412
1413 if ( !$bad_response ) {
1414 // look for a proxySuccess tag
1415 if ( sizeof($arr = $root->get_elements_by_tagname("proxySuccess")) != 0) {
1416 // authentication succeded, look for a proxyTicket tag
1417 if ( sizeof($arr = $root->get_elements_by_tagname("proxyTicket")) != 0) {
1418 $err_code = PHPCAS_SERVICE_OK;
1419 $err_msg = '';
1420 $pt = trim($arr[0]->get_content());
1421 phpCAS::traceEnd($pt);
1422 return $pt;
1423 } else {
1424 phpCAS::trace('<proxySuccess> was found, but not <proxyTicket>');
1425 }
1426 }
1427 // look for a proxyFailure tag
1428 else if ( sizeof($arr = $root->get_elements_by_tagname("proxyFailure")) != 0) {
1429 // authentication failed, extract the error
1430 $err_code = PHPCAS_SERVICE_PT_FAILURE;
1431 $err_msg = 'PT retrieving failed (code=`'
1432 .$arr[0]->get_attribute('code')
1433 .'\', message=`'
1434 .trim($arr[0]->get_content())
1435 .'\')';
1436 phpCAS::traceEnd(FALSE);
1437 return FALSE;
1438 } else {
1439 phpCAS::trace('neither <proxySuccess> nor <proxyFailure> found');
1440 }
1441 }
1442
1443 // at this step, we are sure that the response of the CAS server was ill-formed
1444 $err_code = PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE;
1445 $err_msg = 'Invalid response from the CAS server (response=`'.$cas_response.'\')';
1446
1447 phpCAS::traceEnd(FALSE);
1448 return FALSE;
1449 }
1450
1451 // ########################################################################
1452 // ACCESS TO EXTERNAL SERVICES
1453 // ########################################################################
1454
1470 function readURL($url,$cookies,&$headers,&$body,&$err_msg)
1471 {
1473 $headers = '';
1474 $body = '';
1475 $err_msg = '';
1476
1477 $res = TRUE;
1478
1479 // initialize the CURL session
1480 $ch = curl_init($url);
1481
1482 // verify the the server's certificate corresponds to its name
1483 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
1484 // but do not verify the certificate itself
1485 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1486
1487 // return the CURL output into a variable
1488 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1489 // include the HTTP header with the body
1490 curl_setopt($ch, CURLOPT_HEADER, 1);
1491 // add cookies headers
1492 if ( is_array($cookies) ) {
1493 curl_setopt($ch,CURLOPT_COOKIE,implode(';',$cookies));
1494 }
1495 // perform the query
1496 $buf = curl_exec ($ch);
1497 if ( $buf === FALSE ) {
1498 phpCAS::trace('cur_exec() failed');
1499 $err_msg = 'CURL error #'.curl_errno($ch).': '.curl_error($ch);
1500 // close the CURL session
1501 curl_close ($ch);
1502 $res = FALSE;
1503 } else {
1504 // close the CURL session
1505 curl_close ($ch);
1506
1507 // find the end of the headers
1508 // note: strpos($str,"\n\r\n\r") does not work (?)
1509 $pos = FALSE;
1510 for ($i=0; $i<strlen($buf); $i++) {
1511 if ( $buf[$i] == chr(13) )
1512 if ( $buf[$i+1] == chr(10) )
1513 if ( $buf[$i+2] == chr(13) )
1514 if ( $buf[$i+3] == chr(10) ) {
1515 // header found
1516 $pos = $i;
1517 break;
1518 }
1519 }
1520
1521 if ( $pos === FALSE ) {
1522 // end of header not found
1523 $err_msg = 'no header found';
1524 phpCAS::trace($err_msg);
1525 $res = FALSE;
1526 } else {
1527 // extract headers into an array
1528 $headers = preg_split ("/[\n\r]+/",substr($buf,0,$pos));
1529 // extract body into a string
1530 $body = substr($buf,$pos+4);
1531 }
1532 }
1533
1535 return $res;
1536 }
1537
1553 function serviceWeb($url,&$err_code,&$output)
1554 {
1556 // at first retrieve a PT
1557 $pt = $this->retrievePT($url,$err_code,$output);
1558
1559 $res = TRUE;
1560
1561 // test if PT was retrieved correctly
1562 if ( !$pt ) {
1563 // note: $err_code and $err_msg are filled by CASClient::retrievePT()
1564 phpCAS::trace('PT was not retrieved correctly');
1565 $res = FALSE;
1566 } else {
1567 // add cookies if necessary
1568 if ( is_array($_SESSION['phpCAS']['services'][$url]['cookies']) ) {
1569 foreach ( $_SESSION['phpCAS']['services'][$url]['cookies'] as $name => $val ) {
1570 $cookies[] = $name.'='.$val;
1571 }
1572 }
1573
1574 // build the URL including the PT
1575 if ( strstr($url,'?') === FALSE ) {
1576 $service_url = $url.'?ticket='.$pt;
1577 } else {
1578 $service_url = $url.'&ticket='.$pt;
1579 }
1580
1581 phpCAS::trace('reading URL`'.$service_url.'\'');
1582 if ( !$this->readURL($service_url,$cookies,$headers,$output,$err_msg) ) {
1583 phpCAS::trace('could not read URL`'.$service_url.'\'');
1584 $err_code = PHPCAS_SERVICE_NOT_AVAILABLE;
1585 // give an error message
1586 $output = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE),
1587 $service_url,
1588 $err_msg);
1589 $res = FALSE;
1590 } else {
1591 // URL has been fetched, extract the cookies
1592 phpCAS::trace('URL`'.$service_url.'\' has been read, storing cookies:');
1593 foreach ( $headers as $header ) {
1594 // test if the header is a cookie
1595 if ( preg_match('/^Set-Cookie:/',$header) ) {
1596 // the header is a cookie, remove the beginning
1597 $header_val = preg_replace('/^Set-Cookie: */','',$header);
1598 // extract interesting information
1599 $name_val = strtok($header_val,'; ');
1600 // extract the name and the value of the cookie
1601 $cookie_name = strtok($name_val,'=');
1602 $cookie_val = strtok('=');
1603 // store the cookie
1604 $_SESSION['phpCAS']['services'][$url]['cookies'][$cookie_name] = $cookie_val;
1605 phpCAS::trace($cookie_name.' -> '.$cookie_val);
1606 }
1607 }
1608 }
1609 }
1610
1611 phpCAS::traceEnd($res);
1612 return $res;
1613 }
1614
1633 function serviceMail($url,$flags,&$err_code,&$err_msg,&$pt)
1634 {
1635 phpCAS::traceBegin();
1636 // at first retrieve a PT
1637 $pt = $this->retrievePT($target_service,$err_code,$output);
1638
1639 $stream = FALSE;
1640
1641 // test if PT was retrieved correctly
1642 if ( !$pt ) {
1643 // note: $err_code and $err_msg are filled by CASClient::retrievePT()
1644 phpCAS::trace('PT was not retrieved correctly');
1645 } else {
1646 phpCAS::trace('opening IMAP URL `'.$url.'\'...');
1647 $stream = @imap_open($url,$this->getUser(),$pt,$flags);
1648 if ( !$stream ) {
1649 phpCAS::trace('could not open URL');
1650 $err_code = PHPCAS_SERVICE_NOT_AVAILABLE;
1651 // give an error message
1652 $err_msg = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE),
1653 $service_url,
1654 var_export(imap_errors(),TRUE));
1655 $pt = FALSE;
1656 $stream = FALSE;
1657 } else {
1658 phpCAS::trace('ok');
1659 }
1660 }
1661
1662 phpCAS::traceEnd($stream);
1663 return $stream;
1664 }
1665
1668 // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
1669 // XX XX
1670 // XX PROXIED CLIENT FEATURES (CAS 2.0) XX
1671 // XX XX
1672 // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
1673
1674 // ########################################################################
1675 // PT
1676 // ########################################################################
1690 var $_pt = '';
1691
1697 function getPT()
1698 { return $this->_pt; }
1699
1705 function setPT($pt)
1706 { $this->_pt = $pt; }
1707
1713 function hasPT()
1714 { return !empty($this->_pt); }
1715
1717 // ########################################################################
1718 // PT VALIDATION
1719 // ########################################################################
1732 function validatePT(&$validate_url,&$text_response,&$tree_response)
1733 {
1735 // build the URL to validate the ticket
1736 $validate_url = $this->getServerProxyValidateURL().'&ticket='.$this->getPT();
1737
1738 if ( $this->isProxy() ) {
1739 // pass the callback url for CAS proxies
1740 $validate_url .= '&pgtUrl='.$this->getCallbackURL();
1741 }
1742
1743 // open and read the URL
1744 if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) {
1745 phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')');
1746 $this->authError('PT not validated',
1747 $validate_url,
1748 TRUE/*$no_response*/);
1749 }
1750
1751 // read the response of the CAS server into a DOM object
1752 if ( !($dom = domxml_open_mem($text_response))) {
1753 // read failed
1754 $this->authError('PT not validated',
1755 $alidate_url,
1756 FALSE/*$no_response*/,
1757 TRUE/*$bad_response*/,
1758 $text_response);
1759 }
1760 // read the root node of the XML tree
1761 if ( !($tree_response = $dom->document_element()) ) {
1762 // read failed
1763 $this->authError('PT not validated',
1764 $validate_url,
1765 FALSE/*$no_response*/,
1766 TRUE/*$bad_response*/,
1767 $text_response);
1768 }
1769 // insure that tag name is 'serviceResponse'
1770 if ( $tree_response->node_name(true) != 'serviceResponse' ) {
1771 // bad root node
1772 $this->authError('PT not validated',
1773 $validate_url,
1774 FALSE/*$no_response*/,
1775 TRUE/*$bad_response*/,
1776 $text_response);
1777 }
1778 if ( sizeof($arr = $tree_response->get_elements_by_tagname("authenticationSuccess")) != 0) {
1779 // authentication succeded, extract the user name
1780 if ( sizeof($arr = $tree_response->get_elements_by_tagname("user")) == 0) {
1781 // no user specified => error
1782 $this->authError('PT not validated',
1783 $validate_url,
1784 FALSE/*$no_response*/,
1785 TRUE/*$bad_response*/,
1786 $text_response);
1787 }
1788 $this->setUser(trim($arr[0]->get_content()));
1789
1790 } else if ( sizeof($arr = $tree_response->get_elements_by_tagname("authenticationFailure")) != 0) {
1791 // authentication succeded, extract the error code and message
1792 $this->authError('PT not validated',
1793 $validate_url,
1794 FALSE/*$no_response*/,
1795 FALSE/*$bad_response*/,
1796 $text_response,
1797 $arr[0]->get_attribute('code')/*$err_code*/,
1798 trim($arr[0]->get_content())/*$err_msg*/);
1799 } else {
1800 $this->authError('PT not validated',
1801 $validate_url,
1802 FALSE/*$no_response*/,
1803 TRUE/*$bad_response*/,
1804 $text_response);
1805 }
1806
1807 // at this step, PT has been validated and $this->_user has been set,
1808
1809 phpCAS::traceEnd(TRUE);
1810 return TRUE;
1811 }
1812
1815 // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
1816 // XX XX
1817 // XX MISC XX
1818 // XX XX
1819 // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
1820
1826 // ########################################################################
1827 // URL
1828 // ########################################################################
1836 var $_url = '';
1837
1846 function getURL()
1847 {
1848 phpCAS::traceBegin();
1849 // the URL is built when needed only
1850 if ( empty($this->_url) ) {
1851 $final_uri = '';
1852 // remove the ticket if present in the URL
1853 $final_uri = ($_SERVER['HTTPS'] == 'on') ? 'https' : 'http';
1854 $final_uri .= '://';
1855 /* replaced by Julien Marchal - v0.4.6
1856 * $this->_url .= $_SERVER['SERVER_NAME'];
1857 */
1858 if(empty($_SERVER['HTTP_X_FORWARDED_SERVER'])){
1859 /* replaced by teedog - v0.4.12
1860 * $this->_url .= $_SERVER['SERVER_NAME'];
1861 */
1862 if (empty($_SERVER['SERVER_NAME'])) {
1863 $final_uri .= $_SERVER['HTTP_HOST'];
1864 } else {
1865 $final_uri .= $_SERVER['SERVER_NAME'];
1866 }
1867 } else {
1868 $final_uri .= $_SERVER['HTTP_X_FORWARDED_SERVER'];
1869 }
1870 if ( ($_SERVER['HTTPS']=='on' && $_SERVER['SERVER_PORT']!=443)
1871 || ($_SERVER['HTTPS']!='on' && $_SERVER['SERVER_PORT']!=80) ) {
1872 $final_uri .= ':';
1873 $final_uri .= $_SERVER['SERVER_PORT'];
1874 }
1875
1876 $final_uri .= strtok($_SERVER['REQUEST_URI'],"?");
1877 $cgi_params = '?'.strtok("?");
1878 // remove the ticket if present in the CGI parameters
1879 $cgi_params = preg_replace('/&ticket=[^&]*/','',$cgi_params);
1880 $cgi_params = preg_replace('/\?ticket=[^&;]*/','?',$cgi_params);
1881 $cgi_params = preg_replace('/\?$/','',$cgi_params);
1882 $final_uri .= $cgi_params;
1883 $this->setURL($final_uri);
1884 }
1885 phpCAS::traceEnd($this->_url);
1886 return $this->_url;
1887 }
1888
1896 function setURL($url)
1897 {
1898 $this->_url = $url;
1899 }
1900
1901 // ########################################################################
1902 // AUTHENTICATION ERROR HANDLING
1903 // ########################################################################
1919 function authError($failure,$cas_url,$no_response,$bad_response='',$cas_response='',$err_code='',$err_msg='')
1920 {
1922
1923 $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_FAILED));
1924 printf($this->getString(CAS_STR_YOU_WERE_NOT_AUTHENTICATED),$this->getURL(),$_SERVER['SERVER_ADMIN']);
1925 phpCAS::trace('CAS URL: '.$cas_url);
1926 phpCAS::trace('Authentication failure: '.$failure);
1927 if ( $no_response ) {
1928 phpCAS::trace('Reason: no response from the CAS server');
1929 } else {
1930 if ( $bad_response ) {
1931 phpCAS::trace('Reason: bad response from the CAS server');
1932 } else {
1933 switch ($this->getServerVersion()) {
1934 case CAS_VERSION_1_0:
1935 phpCAS::trace('Reason: CAS error');
1936 break;
1937 case CAS_VERSION_2_0:
1938 if ( empty($err_code) )
1939 phpCAS::trace('Reason: no CAS error');
1940 else
1941 phpCAS::trace('Reason: ['.$err_code.'] CAS error: '.$err_msg);
1942 break;
1943 }
1944 }
1945 phpCAS::trace('CAS response: '.$cas_response);
1946 }
1947 $this->printHTMLFooter();
1949 exit();
1950 }
1951
1953}
1954
1955?>
$failure
$this _strings
Definition: catalan.php:10
$_GET["client_id"]
$_SESSION["AccountId"]
The CASClient class is a client interface that provides CAS authentication to PHP applications.
Definition: client.php:52
loadPGT($pgt_iou)
This method reads a PGT from its Iou and deletes the corresponding storage entry.
Definition: client.php:1236
checkAuthentication()
This method is called to check whether the ser is authenticated or not.
Definition: client.php:603
getCallbackURL()
This method returns the URL that should be used for the PGT callback (in fact the URL of the current ...
Definition: client.php:1107
HTMLFilterOutput($str)
This method filters a string by replacing special tokens by appropriate values and prints it.
Definition: client.php:52
logout($url="")
This method is used to logout from CAS.
Definition: client.php:760
serviceWeb($url, &$err_code, &$output)
This method is used to access an HTTP[S] service.
Definition: client.php:1553
setURL($url)
This method sets the URL of the current request.
Definition: client.php:1896
setPT($pt)
This method stores the Proxy Ticket.
Definition: client.php:1705
setPGTStorageFile($format='', $path='')
This method is used to tell phpCAS to store the response of the CAS server to PGT requests onto the f...
Definition: client.php:1253
getLang()
This method returns the language used by phpCAS.
Definition: client.php:165
isProxy()
Tells if a CAS client is a CAS proxy or not.
Definition: client.php:992
initPGTStorage()
This method is used to initialize the storage of PGT's.
Definition: client.php:1200
setCallbackMode($callback_mode)
This method sets/unsets callback mode.
Definition: client.php:1070
storePGT($pgt, $pgt_iou)
This method stores a PGT.
Definition: client.php:1219
hasPGT()
This method tells if a Proxy Granting Ticket was stored.
Definition: client.php:1036
setHTMLHeader($header)
This method set the HTML header used for all outputs.
Definition: client.php:121
authError($failure, $cas_url, $no_response, $bad_response='', $cas_response='', $err_code='', $err_msg='')
This method is used to print the HTML output when the user was not authenticated.
Definition: client.php:1919
CASClient($server_version, $proxy, $server_hostname, $server_port, $server_uri, $start_session=true)
CASClient constructor.
Definition: client.php:435
validatePT(&$validate_url, &$text_response, &$tree_response)
This method is used to validate a PT; halt on failure.
Definition: client.php:1732
retrievePT($target_service, &$err_code, &$err_msg)
This method is used to retrieve PT's from the CAS server thanks to a PGT.
Definition: client.php:1362
printHTMLHeader($title)
This method prints the header of the HTML output (after filtering).
Definition: client.php:79
hasPT()
This method tells if a Proxy Ticket was stored.
Definition: client.php:1713
hasST()
This method tells if a Service Ticket was stored.
Definition: client.php:826
setCallbackURL($url)
This method sets the callback url.
Definition: client.php:1150
setPGTStorageDB($user, $password, $database_type, $hostname, $port, $database, $table)
This method is used to tell phpCAS to store the response of the CAS server to PGT requests into a dat...
Definition: client.php:1282
isAuthenticated()
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
Definition: client.php:632
getServerProxyValidateURL()
This method is used to retrieve the proxy validating URL of the CAS server.
Definition: client.php:367
getServerProxyURL()
This method is used to retrieve the proxy URL of the CAS server.
Definition: client.php:388
getServerServiceValidateURL()
This method is used to retrieve the service validating URL of the CAS server.
Definition: client.php:346
setUser($user)
This method sets the CAS user's login name.
Definition: client.php:553
getUser()
This method returns the CAS user's login name.
Definition: client.php:565
forceAuthentication()
This method is called to be sure that the user is authenticated.
Definition: client.php:579
setHTMLFooter($footer)
This method set the HTML footer used for all outputs.
Definition: client.php:133
isCallbackMode()
This method returns TRUE when the CAs client is running i callback mode, FALSE otherwise.
Definition: client.php:1083
setST($st)
This method stores the Service Ticket.
Definition: client.php:818
getST()
This method returns the Service Ticket provided in the URL of the request.
Definition: client.php:810
validateST($validate_url, &$text_response, &$tree_response)
This method is used to validate a ST; halt on failure, and sets $validate_url, $text_reponse and $tre...
Definition: client.php:852
readURL($url, $cookies, &$headers, &$body, &$err_msg)
This method is used to acces a remote URL.
Definition: client.php:1470
callback()
This method is called by CASClient::CASClient() when running in callback mode.
Definition: client.php:1161
setLang($lang)
This method is used to set the language used by phpCAS.
Definition: client.php:212
getServerLogoutURL()
This method is used to retrieve the logout URL of the CAS server.
Definition: client.php:409
getString($str)
This method returns a string depending on the language.
Definition: client.php:192
setPGT($pgt)
This method stores the Proxy Granting Ticket.
Definition: client.php:1028
printHTMLFooter()
This method prints the footer of the HTML output (after filtering).
Definition: client.php:107
getPGT()
This method returns the Proxy Granting Ticket given by the CAS server.
Definition: client.php:1020
getPT()
This method returns the Proxy Ticket provided in the URL of the request.
Definition: client.php:1697
wasPreviouslyAuthenticated()
This method tells if the user has already been (previously) authenticated by looking into the session...
Definition: client.php:686
validatePGT(&$validate_url, $text_response, $tree_response)
This method is used to validate a PGT; halt on failure.
Definition: client.php:1318
The PGTStorageDB class is a class for PGT database storage.
Definition: pgt-db.php:47
The PGTStorageFile class is a class for PGT file storage.
Definition: pgt-file.php:46
The phpCAS class is a simple container for the phpCAS library.
Definition: CAS.php:341
$header
redirectToCas($gateway)
This method is used to redirect the client to the CAS server.
Definition: client.php:743
$_user
The Authenticated user.
Definition: client.php:784
isAuthenticated()
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
Definition: client.php:981
setUser($user)
This method sets the CAS user's login name.
Definition: client.php:793
getUser()
This method returns the CAS user's login name.
Definition: client.php:805
redirectToCas($gateway=false, $renew=false)
This method is used to redirect the client to the CAS server.
Definition: client.php:1133
wasPreviouslyAuthenticated()
This method tells if the user has already been (previously) authenticated by looking into the session...
Definition: client.php:1072
hasST()
This method tells if a Service Ticket was stored.
Definition: client.php:1314
setST($st)
This method stores the Service Ticket.
Definition: client.php:1306
getST()
This method returns the Service Ticket provided in the URL of the request.
Definition: client.php:1298
$_st
the Service Ticket provided in the URL of the request if present (empty otherwise).
Definition: client.php:1291
setCallbackMode($callback_mode)
This method sets/unsets callback mode.
Definition: client.php:1759
isCallbackMode()
This method returns TRUE when the CAs client is running i callback mode, FALSE otherwise.
Definition: client.php:1772
callback()
This method is called by CASClient::CASClient() when running in callback mode.
Definition: client.php:1849
getServerVersion()
This method is used to retrieve the version of the CAS server.
Definition: client.php:297
getServerLoginURL($gateway=false, $renew=false)
This method is used to retrieve the login URL of the CAS server.
Definition: client.php:353
getServerBaseURL()
This method is used to retrieve the base URL of the CAS server.
Definition: client.php:331
getServerServiceValidateURL()
This method is used to retrieve the service validating URL of the CAS server.
Definition: client.php:426
getServerLoginURL($gateway)
This method is used to retrieve the login URL of the CAS server.
Definition: client.php:325
getServerLogoutURL()
This method is used to retrieve the logout URL of the CAS server.
Definition: client.php:509
error($msg)
This method is used by interface methods to print an error and where the function was originally call...
Definition: CAS.php:544
traceExit()
This method is used to indicate the end of the execution of the program.
Definition: CAS.php:617
trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:569
traceBegin()
This method is used to indicate the start of the execution of a function in debug mode.
Definition: CAS.php:577
traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:604
$_lang
A string corresponding to the language used by phpCAS.
Definition: client.php:185
getLang()
This method returns the language used by phpCAS.
Definition: client.php:194
const PHPCAS_LANG_DEFAULT
phpCAS default language (when phpCAS::setLang() is not used)
Definition: CAS.php:246
$_strings
array containing the strings used by phpCAS.
Definition: client.php:210
setLang($lang)
This method is used to set the language used by phpCAS.
Definition: client.php:241
getString($str)
This method returns a string depending on the language.
Definition: client.php:221
authError($failure, $cas_url, $no_response, $bad_response='', $cas_response='', $err_code='', $err_msg='')
This method is used to print the HTML output when the user was not authenticated.
Definition: client.php:2722
getURL()
This method returns the URL of the current request (without any ticket CGI parameter).
Definition: client.php:2621
HTMLFilterOutput($str)
This method filters a string by replacing special tokens by appropriate values and prints it.
Definition: client.php:81
$_output_header
A string used to print the header of HTML pages.
Definition: client.php:97
printHTMLHeader($title)
This method prints the header of the HTML output (after filtering).
Definition: client.php:108
$_output_footer
A string used to print the footer of HTML pages.
Definition: client.php:127
printHTMLFooter()
This method prints the footer of the HTML output (after filtering).
Definition: client.php:136
readURL($url, $cookies, &$headers, &$body, &$err_msg)
This method is used to acces a remote URL.
Definition: client.php:2163
validatePGT(&$validate_url, $text_response, $tree_response)
This method is used to validate a PGT; halt on failure.
Definition: client.php:2007
setPT($pt)
This method stores the Proxy Ticket.
Definition: client.php:2456
validatePT(&$validate_url, &$text_response, &$tree_response)
This method is used to validate a ST or PT; halt on failure Used for all CAS 2.0 validations.
Definition: client.php:2506
getPT()
This method returns the Proxy Ticket provided in the URL of the request.
Definition: client.php:2445
isProxy()
Tells if a CAS client is a CAS proxy or not.
Definition: client.php:1681
setPGT($pgt)
This method stores the Proxy Granting Ticket.
Definition: client.php:1717
getPGT()
This method returns the Proxy Granting Ticket given by the CAS server.
Definition: client.php:1709
const CAS_VERSION_1_0
CAS version 1.0.
Definition: CAS.php:77
getVersion()
This method returns the phpCAS version.
Definition: CAS.php:669
const CAS_VERSION_2_0
Definition: CAS.php:81
domxml_open_mem($str, $mode=DOMXML_LOAD_PARSING, &$error=NULL)
const CAS_STR_LOGOUT
Definition: languages.php:17
const CAS_STR_USING_SERVER
a phpCAS string index
Definition: languages.php:15
const CAS_STR_AUTHENTICATION_FAILED
Definition: languages.php:19
const CAS_STR_SERVICE_UNAVAILABLE
Definition: languages.php:21
const CAS_STR_YOU_WERE_NOT_AUTHENTICATED
Definition: languages.php:20
const CAS_STR_AUTHENTICATION_WANTED
Definition: languages.php:16
const CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
Definition: languages.php:18
exit
Definition: login.php:54
$url
Definition: shib_logout.php:72
$path
Definition: index.php:22
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']