42if (version_compare(PHP_VERSION,
'5',
'>=') && !(function_exists(
'domxml_new_doc'))) {
43 require_once (dirname(__FILE__) .
'/CAS/domxml-php4-to-php5.php');
64define(
'PHPCAS_VERSION',
'1.1.2');
77define(
"CAS_VERSION_1_0",
'1.0');
81define(
"CAS_VERSION_2_0",
'2.0');
90define(
"SAML_VERSION_1_1",
'S1');
95define(
"SAML_XML_HEADER",
'<?xml version="1.0" encoding="UTF-8"?>');
100define(
"SAML_SOAP_ENV",
'<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/>');
105define(
"SAML_SOAP_BODY",
'<SOAP-ENV:Body>');
110define(
"SAMLP_REQUEST",
'<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="_192.168.16.51.1024506224022" IssueInstant="2002-06-19T17:03:44.022Z">');
111define(
"SAMLP_REQUEST_CLOSE",
'</samlp:Request>');
116define(
"SAML_ASSERTION_ARTIFACT",
'<samlp:AssertionArtifact>');
121define(
"SAML_ASSERTION_ARTIFACT_CLOSE",
'</samlp:AssertionArtifact>');
126define(
"SAML_SOAP_BODY_CLOSE",
'</SOAP-ENV:Body>');
131define(
"SAML_SOAP_ENV_CLOSE",
'</SOAP-ENV:Envelope>');
136define(
"SAML_ATTRIBUTES",
'SAMLATTRIBS');
149define(
"CAS_PGT_STORAGE_FILE_DEFAULT_PATH",
'/tmp');
153define(
"CAS_PGT_STORAGE_FILE_FORMAT_PLAIN",
'plain');
157define(
"CAS_PGT_STORAGE_FILE_FORMAT_XML",
'xml');
168define(
"CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE",
'mysql');
172define(
"CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME",
'localhost');
176define(
"CAS_PGT_STORAGE_DB_DEFAULT_PORT",
'');
180define(
"CAS_PGT_STORAGE_DB_DEFAULT_DATABASE",
'phpCAS');
184define(
"CAS_PGT_STORAGE_DB_DEFAULT_TABLE",
'pgt');
198define(
"PHPCAS_SERVICE_OK", 0);
203define(
"PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE", 1);
208define(
"PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE", 2);
213define(
"PHPCAS_SERVICE_PT_FAILURE", 3);
217define(
"PHPCAS_SERVICE_NOT AVAILABLE", 4);
228define(
"PHPCAS_LANG_ENGLISH",
'english');
229define(
"PHPCAS_LANG_FRENCH",
'french');
230define(
"PHPCAS_LANG_GREEK",
'greek');
231define(
"PHPCAS_LANG_GERMAN",
'german');
232define(
"PHPCAS_LANG_JAPANESE",
'japanese');
233define(
"PHPCAS_LANG_SPANISH",
'spanish');
234define(
"PHPCAS_LANG_CATALAN",
'catalan');
260define(
'DEFAULT_DEBUG_DIR',
'/tmp/');
323include_once (dirname(__FILE__) .
'/CAS/client.php');
366 function client($server_version, $server_hostname, $server_port, $server_uri, $start_session =
true) {
373 if (gettype($server_version) !=
'string') {
374 phpCAS :: error(
'type mismatched for parameter $server_version (should be `string\')');
376 if (gettype($server_hostname) !=
'string') {
377 phpCAS :: error(
'type mismatched for parameter $server_hostname (should be `string\')');
379 if (gettype($server_port) !=
'integer') {
380 phpCAS :: error(
'type mismatched for parameter $server_port (should be `integer\')');
382 if (gettype($server_uri) !=
'string') {
383 phpCAS :: error(
'type mismatched for parameter $server_uri (should be `string\')');
390 'file' => $dbg[0][
'file'],
391 'line' => $dbg[0][
'line'],
392 'method' => __CLASS__ .
'::' . __FUNCTION__
397 , $server_hostname, $server_port, $server_uri, $start_session);
415 function proxy($server_version, $server_hostname, $server_port, $server_uri, $start_session =
true) {
422 if (gettype($server_version) !=
'string') {
423 phpCAS :: error(
'type mismatched for parameter $server_version (should be `string\')');
425 if (gettype($server_hostname) !=
'string') {
426 phpCAS :: error(
'type mismatched for parameter $server_hostname (should be `string\')');
428 if (gettype($server_port) !=
'integer') {
429 phpCAS :: error(
'type mismatched for parameter $server_port (should be `integer\')');
431 if (gettype($server_uri) !=
'string') {
432 phpCAS :: error(
'type mismatched for parameter $server_uri (should be `string\')');
439 'file' => $dbg[0][
'file'],
440 'line' => $dbg[0][
'line'],
441 'method' => __CLASS__ .
'::' . __FUNCTION__
446 , $server_hostname, $server_port, $server_uri, $start_session);
469 phpCAS :: error(
'type mismatched for parameter $dbg (should be FALSE or the name of the log file)');
473 if (preg_match(
'/^Win.*/', getenv(
'OS'))) {
474 if (isset ($_ENV[
'TMP'])) {
475 $debugDir = $_ENV[
'TMP'] .
'/';
477 if (isset ($_ENV[
'TEMP'])) {
478 $debugDir = $_ENV[
'TEMP'] .
'/';
489 $PHPCAS_DEBUG[
'unique_id'] = substr(strtoupper(md5(uniqid(
''))), 0, 4);
508 if (function_exists(
'debug_backtrace')) {
509 return debug_backtrace();
549 if (is_array($dbg)) {
550 for ($i = 1; $i <
sizeof($dbg); $i++) {
551 if (is_array($dbg[$i])) {
552 if ($dbg[$i][
'class'] == __CLASS__) {
553 $function = $dbg[$i][
'function'];
554 $file = $dbg[$i][
'file'];
555 $line = $dbg[$i][
'line'];
560 echo
"<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>" . __CLASS__ .
"::" . $function .
'(): ' . htmlentities($msg) .
"</b></font> in <b>" .
$file .
"</b> on line <b>" . $line .
"</b><br />\n";
571 phpCAS :: log($str .
' [' . basename($dbg[1][
'file']) .
':' . $dbg[1][
'line'] .
']');
582 if (!empty ($dbg[2][
'class'])) {
583 $str .= $dbg[2][
'class'] .
'::';
585 $str .= $dbg[2][
'function'] .
'(';
586 if (is_array($dbg[2][
'args'])) {
587 foreach ($dbg[2][
'args'] as $index => $arg) {
591 $str .= str_replace(
"\n",
"", var_export($arg, TRUE));
594 $str .=
') [' . basename($dbg[2][
'file']) .
':' . $dbg[2][
'line'] .
']';
610 $str .=
'<= ' . str_replace(
"\n",
"", var_export(
$res, TRUE));
647 phpCAS :: error(
'this method should not be called before ' . __CLASS__ .
'::client() or ' . __CLASS__ .
'::proxy()');
649 if (gettype(
$lang) !=
'string') {
650 phpCAS :: error(
'type mismatched for parameter $lang (should be `string\')');
690 phpCAS :: error(
'this method should not be called before ' . __CLASS__ .
'::client() or ' . __CLASS__ .
'::proxy()');
692 if (gettype(
$header) !=
'string') {
693 phpCAS :: error(
'type mismatched for parameter $header (should be `string\')');
706 phpCAS :: error(
'this method should not be called before ' . __CLASS__ .
'::client() or ' . __CLASS__ .
'::proxy()');
708 if (gettype($footer) !=
'string') {
709 phpCAS :: error(
'type mismatched for parameter $footer (should be `string\')');
735 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::proxy()');
738 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::proxy()');
743 if (gettype($format) !=
'string') {
744 phpCAS :: error(
'type mismatched for parameter $format (should be `string\')');
746 if (gettype(
$path) !=
'string') {
747 phpCAS :: error(
'type mismatched for parameter $format (should be `string\')');
768 function setPGTStorageDB($user, $password, $database_type =
'', $hostname =
'', $port = 0, $database =
'', $table =
'') {
773 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::proxy()');
776 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::proxy()');
781 if (gettype($user) !=
'string') {
782 phpCAS :: error(
'type mismatched for parameter $user (should be `string\')');
784 if (gettype($password) !=
'string') {
785 phpCAS :: error(
'type mismatched for parameter $password (should be `string\')');
787 if (gettype($database_type) !=
'string') {
788 phpCAS :: error(
'type mismatched for parameter $database_type (should be `string\')');
790 if (gettype($hostname) !=
'string') {
791 phpCAS :: error(
'type mismatched for parameter $hostname (should be `string\')');
793 if (gettype($port) !=
'integer') {
794 phpCAS :: error(
'type mismatched for parameter $port (should be `integer\')');
796 if (gettype($database) !=
'string') {
797 phpCAS :: error(
'type mismatched for parameter $database (should be `string\')');
799 if (gettype($table) !=
'string') {
800 phpCAS :: error(
'type mismatched for parameter $table (should be `string\')');
802 $PHPCAS_CLIENT->setPGTStorageDB($user, $password, $database_type, $hostname, $port, $database, $table);
833 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::proxy()');
836 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::proxy()');
839 phpCAS :: error(
'this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ .
'::checkAuthentication() or ' . __CLASS__ .
'::forceAuthentication()');
844 if (gettype(
$url) !=
'string') {
845 phpCAS :: error(
'type mismatched for parameter $url (should be `string\')');
876 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::proxy()');
879 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::proxy()');
882 phpCAS :: error(
'this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ .
'::checkAuthentication() or ' . __CLASS__ .
'::forceAuthentication()');
887 if (gettype(
$url) !=
'string') {
888 phpCAS :: error(
'type mismatched for parameter $url (should be `string\')');
891 if (gettype($flags) !=
'integer') {
892 phpCAS :: error(
'type mismatched for parameter $flags (should be `integer\')');
921 phpCAS :: error(
'this method should not be called before ' . __CLASS__ .
'::client() or ' . __CLASS__ .
'::proxy()');
923 if (gettype(
$n) !=
'integer') {
924 phpCAS :: error(
'type mismatched for parameter $header (should be `string\')');
938 phpCAS :: error(
'this method should not be called before ' . __CLASS__ .
'::client() or ' . __CLASS__ .
'::proxy()');
947 'file' => $dbg[0][
'file'],
948 'line' => $dbg[0][
'line'],
949 'method' => __CLASS__ .
'::' . __FUNCTION__,
966 phpCAS :: error(
'this method should not be called before ' . __CLASS__ .
'::client() or ' . __CLASS__ .
'::proxy()');
975 'file' => $dbg[0][
'file'],
976 'line' => $dbg[0][
'line'],
977 'method' => __CLASS__ .
'::' . __FUNCTION__,
982 phpCAS :: trace(
'user is not authenticated, redirecting to the CAS server');
988 phpCAS :: traceEnd();
995 function renewAuthentication() {
996 global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
998 phpCAS :: traceBegin();
999 if (!is_object($PHPCAS_CLIENT)) {
1000 phpCAS :: error('this method should not be called before
' . __CLASS__ . '::client() or ' . __CLASS__ . '::
proxy()');
1007 'file' => $dbg[0]['file'],
1008 'line' => $dbg[0]['line'],
1009 'method' => __CLASS__ . '::' . __FUNCTION__,
1021 phpCAS :: error(
'this method is deprecated. You should use ' . __CLASS__ .
'::forceAuthentication() instead');
1035 phpCAS :: error(
'this method should not be called before ' . __CLASS__ .
'::client() or ' . __CLASS__ .
'::proxy()');
1045 'file' => $dbg[0][
'file'],
1046 'line' => $dbg[0][
'line'],
1047 'method' => __CLASS__ .
'::' . __FUNCTION__,
1063 phpCAS :: error(
'this method should not be called before ' . __CLASS__ .
'::client() or ' . __CLASS__ .
'::proxy()');
1078 phpCAS :: error(
'this method should not be called before ' . __CLASS__ .
'::client() or ' . __CLASS__ .
'::proxy()');
1081 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::forceAuthentication() or ' . __CLASS__ .
'::isAuthenticated()');
1099 phpCAS :: error(
'this method should not be called before ' . __CLASS__ .
'::client() or ' . __CLASS__ .
'::proxy()');
1102 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::forceAuthentication() or ' . __CLASS__ .
'::isAuthenticated()');
1115 phpCAS :: error(
'this method should not be called before ' . __CLASS__ .
'::client() or ' . __CLASS__ .
'::proxy()');
1117 return (
$PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients));
1129 phpCAS :: error(
'this method should not be called before ' . __CLASS__ .
'::client() or ' . __CLASS__ .
'::proxy()');
1144 ' . __CLASS__ .
'::client()');
1146 if (gettype(
$url) !=
'string') {
1165 ' . __CLASS__ .
'::client()');
1167 if (gettype(
$url) !=
'string') {
1186 ' . __CLASS__ .
'::client()');
1188 if (gettype(
$url) !=
'string') {
1206 ' . __CLASS__ .
'::client()');
1208 if (gettype(
$url) !=
'string') {
1225 phpCAS :: error(
'this method should not be called before ' . __CLASS__ .
'::client() or ' . __CLASS__ .
'::proxy()');
1240 ' . __CLASS__ .
'::client()');
1242 if (gettype(
$url) !=
'string') {
1259 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::client() or' . __CLASS__ .
'::proxy()');
1261 $parsedParams = array ();
1264 phpCAS :: error(
'method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead');
1267 phpCAS :: error(
'type mismatched for parameter $params (should be `array\')');
1269 foreach (
$params as $key => $value) {
1270 if ($key !=
"service" && $key !=
"url") {
1271 phpCAS :: error(
'only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\'');
1273 $parsedParams[$key] = $value;
1289 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::client() or' . __CLASS__ .
'::proxy()');
1291 if (!is_string($service)) {
1292 phpCAS :: error(
'type mismatched for parameter $service (should be `string\')');
1295 "service" => $service
1309 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::client() or' . __CLASS__ .
'::proxy()');
1311 if (!is_string(
$url)) {
1312 phpCAS :: error(
'type mismatched for parameter $url (should be `string\')');
1330 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::client() or' . __CLASS__ .
'::proxy()');
1332 if (!is_string($service)) {
1333 phpCAS :: error(
'type mismatched for parameter $service (should be `string\')');
1335 if (!is_string(
$url)) {
1336 phpCAS :: error(
'type mismatched for parameter $url (should be `string\')');
1339 "service" => $service,
1356 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::proxy()');
1359 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::proxy()');
1361 if (gettype(
$url) !=
'string') {
1362 phpCAS :: error(
'type mismatched for parameter $url (should be `string\')');
1378 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::proxy()');
1380 if (gettype(
$url) !=
'string') {
1381 phpCAS :: error(
'type mismatched for parameter $url (should be `string\')');
1393 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::proxy()');
1404 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::proxy()');
1406 if (gettype($target_service) !=
'string') {
1407 phpCAS :: error(
'type mismatched for parameter $target_service(should be `string\')');
1409 return (
$PHPCAS_CLIENT->retrievePT($target_service, $err_code, $err_msg));
1421 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::client() or' . __CLASS__ .
'::proxy()');
1423 if (gettype($cert) !=
'string') {
1424 phpCAS :: error(
'type mismatched for parameter $cert (should be `string\')');
1439 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::client() or' . __CLASS__ .
'::proxy()');
1441 if (gettype($cert) !=
'string') {
1442 phpCAS :: error(
'type mismatched for parameter $cert (should be `string\')');
1455 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::client() or' . __CLASS__ .
'::proxy()');
1473 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::client() or' . __CLASS__ .
'::proxy()');
The CASClient class is a client interface that provides CAS authentication to PHP applications.
The phpCAS class is a simple container for the phpCAS library.
setExtraCurlOption($key, $value)
Change CURL options.
error($msg)
This method is used by interface methods to print an error and where the function was originally call...
backtrace()
This method is a wrapper for debug_backtrace() that is not available in all PHP versions (>= 4....
traceExit()
This method is used to indicate the end of the execution of the program.
trace($str)
This method is used to log something in debug mode.
log($str)
Logs a string in debug mode.
traceBegin()
This method is used to indicate the start of the execution of a function in debug mode.
traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
$PHPCAS_DEBUG
This global variable is used to store phpCAS debug mode.
$PHPCAS_INIT_CALL
This global variable is used to store where the initializer is called from (to print a comprehensive ...
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
$PHPCAS_AUTH_CHECK_CALL
This global variable is used to store where the method checking the authentication is called from (to...
$PHPCAS_CLIENT
This global variable is used by the interface class phpCAS.
handleLogoutRequests($check_client=true, $allowed_clients=false)
Handle logout requests.
setCacheTimesForAuthRecheck($n)
Set the times authentication will be cached before really accessing the CAS server in gateway mode:
getAttributes()
This method returns the CAS user's login name.
logout($params="")
This method is used to logout from CAS.
setServerProxyValidateURL($url='')
Set the proxyValidate URL of the CAS server.
setServerSamlValidateURL($url='')
Set the samlValidate URL of the CAS server.
isAuthenticated()
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
setServerLoginURL($url='')
Set the login URL of the CAS server.
renewAuthentication()
This method is called to renew the authentication.
setServerLogoutURL($url='')
Set the logout URL of the CAS server.
setServerServiceValidateURL($url='')
Set the serviceValidate URL of the CAS server.
getServerLoginURL()
This method returns the URL to be used to login.
retrievePT($target_service, & $err_code, & $err_msg)
Retrieve a Proxy Ticket from the CAS server.
setCasServerCert($cert)
Set the certificate of the CAS server.
logoutWithRedirectService($service)
This method is used to logout from CAS.
getServiceURL()
Get the URL that is set as the CAS service parameter.
getServerLogoutURL()
This method returns the URL to be used to login.
setFixedCallbackURL($url='')
Set the fixed URL that will be used by the CAS server to transmit the PGT.
authenticate()
This method has been left from version 0.4.1 for compatibility reasons.
logoutWithRedirectServiceAndUrl($service, $url)
This method is used to logout from CAS.
checkAuthentication()
This method is called to check if the user is authenticated (use the gateway feature).
forceAuthentication()
This method is called to force authentication if the user was not already authenticated.
setNoCasServerValidation()
Set no SSL validation for the CAS server.
getUser()
This method returns the CAS user's login name.
setCasServerCACert($cert)
Set the certificate of the CAS server CA.
isSessionAuthenticated()
Checks whether authenticated based on $_SESSION.
setFixedServiceURL($url)
Set the fixed URL that will be set as the CAS service parameter.
logoutWithUrl($url)
This method is used to logout from CAS.
const DEFAULT_DEBUG_DIR
The default directory for the debug file under Unix.
setDebug($filename='')
Set/unset debug mode.
proxy($server_version, $server_hostname, $server_port, $server_uri, $start_session=true)
phpCAS proxy initializer.
client($server_version, $server_hostname, $server_port, $server_uri, $start_session=true)
phpCAS client initializer.
setLang($lang)
This method is used to set the language used by phpCAS.
const PHPCAS_LANG_ENGLISH
setHTMLHeader($header)
This method sets the HTML header used for all outputs.
setHTMLFooter($footer)
This method sets the HTML footer used for all outputs.
setPGTStorageDB($user, $password, $database_type='', $hostname='', $port=0, $database='', $table='')
This method is used to tell phpCAS to store the response of the CAS server to PGT requests into a dat...
setPGTStorageFile($format='', $path='')
This method is used to tell phpCAS to store the response of the CAS server to PGT requests onto the f...
const CAS_PGT_STORAGE_FILE_FORMAT_PLAIN
phpCAS::setPGTStorageFile()'s 2nd parameter to write plain text files
serviceWeb($url, & $err_code, & $output)
This method is used to access an HTTP[S] service.
serviceMail($url, $service, $flags, & $err_code, & $err_msg, & $pt)
This method is used to access an IMAP/POP3/NNTP service.
getVersion()
This method returns the phpCAS version.
const PHPCAS_VERSION
phpCAS version.
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']