106                (empty($this->_output_header)
 
  107                ? 
'<html><head><title>__TITLE__</title></head><body><h1>__TITLE__</h1>' 
  108                : $this->_output_header)
 
  133            empty($this->_output_footer)?
 
  134            (phpcas::getVerbose())?
 
  135                '<hr><address>phpCAS __PHPCAS_VERSION__ ' 
  136                .
$lang->getUsingServer()
 
  137                .
' <a href="__SERVER_BASE_URL__">__SERVER_BASE_URL__</a> (CAS __CAS_VERSION__)</a></address></body></html>' 
  139            :$this->_output_footer
 
  153        if (gettype(
$header) != 
'string')
 
  156        $this->_output_header = 
$header;
 
  169        if (gettype($footer) != 
'string')
 
  172        $this->_output_footer = $footer;
 
  204        if (gettype(
$lang) != 
'string')
 
  211                '$className must implement the CAS_Languages_LanguageInterface' 
  214        $this->_lang = 
$lang;
 
  225        return new $classname();
 
  264        'hostname' => 
'none',
 
  275        return $this->_server[
'version'];
 
  285        return $this->_server[
'hostname'];
 
  295        return $this->_server[
'port'];
 
  305        return $this->_server[
'uri'];
 
  316        if ( empty($this->_server[
'base_url']) ) {
 
  319                $this->_server[
'base_url'] .= 
':' 
  320                .$this->_getServerPort();
 
  324        return $this->_server[
'base_url'];
 
  341        if ( empty($this->_server[
'login_url']) ) {
 
  344        $url = $this->_server[
'login_url'];
 
  349        } elseif ($gateway) {
 
  368        if (gettype(
$url) != 
'string')
 
  371        return $this->_server[
'login_url'] = 
$url;
 
  385        if (gettype(
$url) != 
'string')
 
  388        return $this->_server[
'service_validate_url'] = 
$url;
 
  402        if (gettype(
$url) != 
'string')
 
  405        return $this->_server[
'proxy_validate_url'] = 
$url;
 
  419        if (gettype(
$url) != 
'string')
 
  422        return $this->_server[
'saml_validate_url'] = 
$url;
 
  435        if ( empty($this->_server[
'service_validate_url']) ) {
 
  447                .
'p3/serviceValidate';
 
  452            $this->_server[
'service_validate_url'],
 
  453            'service='.urlencode($this->
getURL())
 
  467        if ( empty($this->_server[
'saml_validate_url']) ) {
 
  476            $this->_server[
'saml_validate_url'],
 
  477            'TARGET='.urlencode($this->
getURL())
 
  492        if ( empty($this->_server[
'proxy_validate_url']) ) {
 
  495                $this->_server[
'proxy_validate_url'] = 
'';
 
  498                $this->_server[
'proxy_validate_url'] = $this->
_getServerBaseURL().
'proxyValidate';
 
  501                $this->_server[
'proxy_validate_url'] = $this->
_getServerBaseURL().
'p3/proxyValidate';
 
  506            $this->_server[
'proxy_validate_url'],
 
  507            'service='.urlencode($this->
getURL())
 
  522        if ( empty($this->_server[
'proxy_url']) ) {
 
  525                $this->_server[
'proxy_url'] = 
'';
 
  533        return $this->_server[
'proxy_url'];
 
  544        if ( empty($this->_server[
'logout_url']) ) {
 
  547        return $this->_server[
'logout_url'];
 
  560        if (gettype(
$url) != 
'string')
 
  563        return $this->_server[
'logout_url'] = 
$url;
 
  581        $this->_curl_options[
$key] = $value;
 
  613        $obj = 
new $className;
 
  616                '$className must implement the CAS_Request_RequestInterface' 
  619        $this->_requestImplementation = $className;
 
  640        $this->_clearTicketsFromUrl = 
false;
 
  666        $this->_casAttributeParserCallbackFunction = 
$function;
 
  667        $this->_casAttributeParserCallbackArgs = $additionalArgs;
 
  700        $this->_postAuthenticateCallbackFunction = 
$function;
 
  701        $this->_postAuthenticateCallbackArgs = $additionalArgs;
 
  730        $this->_signoutCallbackFunction = 
$function;
 
  731        $this->_signoutCallbackArgs = $additionalArgs;
 
  764        $dbg = debug_backtrace();
 
  765        $this->_authentication_caller = array (
 
  766            'file' => $dbg[1][
'file'],
 
  767            'line' => $dbg[1][
'line'],
 
  768            'method' => $dbg[1][
'class'] . 
'::' . $dbg[1][
'function'],
 
  769            'result' => (
boolean)
$auth 
  781        return !empty($this->_authentication_caller);
 
  810        return $this->_authentication_caller[
'result'];
 
  825        if (!$this->_authentication_caller[
'result']) {
 
  827                'authentication was checked (by ' 
  831                . 
') but the method returned false' 
  847        return $this->_authentication_caller[
'file'];
 
  861        return $this->_authentication_caller[
'line'];
 
  875        return $this->_authentication_caller[
'method'];
 
  908        $changeSessionID = 
true 
  911        if (gettype($server_version) != 
'string')
 
  913        if (gettype($proxy) != 
'boolean')
 
  915        if (gettype($server_hostname) != 
'string')
 
  917        if (gettype($server_port) != 
'integer')
 
  919        if (gettype($server_uri) != 
'string')
 
  921        if (gettype($changeSessionID) != 
'boolean')
 
  941        $this->_proxy = $proxy;
 
  948            if (!isset(
$_SESSION[
'phpCAS'][
'service_cookies'])) {
 
  949                $_SESSION[
'phpCAS'][
'service_cookies'] = array();
 
  957        switch ($server_version) {
 
  961                    'CAS proxies are not supported in CAS '.$server_version
 
  972                'this version of CAS (`'.$server_version
 
  973                .
'\') is not supported by 
phpCAS '.phpCAS::getVersion() 
  976        $this->_server['version
'] = $server_version; 
  979        if ( empty($server_hostname) 
  980            || !preg_match('/[\.\d\-abcdefghijklmnopqrstuvwxyz]*/
', $server_hostname) 
  982            phpCAS::error('bad 
CAS server hostname (`
'.$server_hostname.'\
')');
 
  984        $this->_server[
'hostname'] = $server_hostname;
 
  987        if ( $server_port == 0
 
  988            || !is_int($server_port)
 
  990            phpCAS::error(
'bad CAS server port (`'.$server_hostname.
'\')
'); 
  992        $this->_server['port
'] = $server_port; 
  995        if ( !preg_match('/[\.\d\-_abcdefghijklmnopqrstuvwxyz\/]*/
', $server_uri) ) { 
  996            phpCAS::error('bad 
CAS server URI (`
'.$server_uri.'\
')');
 
  999        if(strstr($server_uri, 
'?') === 
false) $server_uri .= 
'/';
 
 1000        $server_uri = preg_replace(
'/\/\//', 
'/', 
'/'.$server_uri);
 
 1001        $this->_server[
'uri'] = $server_uri;
 
 1012                    'CAS proxies must be secured to use phpCAS; PGT\'s will not be received from the CAS server' 
 1018            $ticket = (isset(
$_GET[
'ticket']) ? 
$_GET[
'ticket'] : 
null);
 
 1019            if (preg_match(
'/^[SP]T-/', $ticket) ) {
 
 1021                $this->setTicket($ticket); 
 1022                unset($_GET['ticket
']); 
 1023            } else if ( !empty($ticket) ) { 
 1024                //ill-formed ticket, halt 
 1026                    'ill-formed ticket found in the URL (ticket=`
' 
 1027                    .htmlentities($ticket).'\
')' 
 1064        $this->_change_session_id = $allowed;
 
 1107        $this->_user = $user;
 
 1137        if ( empty($this->_user) ) {
 
 1139                'this method should be used only after '.__CLASS__
 
 1140                .
'::forceAuthentication() or '.__CLASS__.
'::isAuthenticated()' 
 1177        if ( empty($this->_user) ) {
 
 1180                'this method should be used only after '.__CLASS__
 
 1181                .
'::forceAuthentication() or '.__CLASS__.
'::isAuthenticated()' 
 1197        return !empty($this->_attributes);
 
 1223        return (is_array($this->_attributes)
 
 1224            && array_key_exists(
$key, $this->_attributes));
 
 1240            return $this->_attributes[
$key];
 
 1255        if (isset( 
$_SESSION[
'phpCAS'][
'auth_checked'])) {
 
 1256            unset(
$_SESSION[
'phpCAS'][
'auth_checked']);
 
 1286            if (isset(
$_SESSION[
'phpCAS'][
'auth_checked'])) {
 
 1287                unset(
$_SESSION[
'phpCAS'][
'auth_checked']);
 
 1314        if (gettype(
$n) != 
'integer')
 
 1317        $this->_cache_times_for_auth_recheck = 
$n;
 
 1334            unset(
$_SESSION[
'phpCAS'][
'auth_checked']);
 
 1336        } 
else if (isset(
$_SESSION[
'phpCAS'][
'auth_checked'])) {
 
 1339            unset(
$_SESSION[
'phpCAS'][
'auth_checked']);
 
 1343            if (!isset(
$_SESSION[
'phpCAS'][
'unauth_count'])) {
 
 1344                $_SESSION[
'phpCAS'][
'unauth_count'] = -2; 
 
 1347            if ((
$_SESSION[
'phpCAS'][
'unauth_count'] != -2
 
 1348                && $this->_cache_times_for_auth_recheck == -1)
 
 1349                || (
$_SESSION[
'phpCAS'][
'unauth_count'] >= 0
 
 1350                && 
$_SESSION[
'phpCAS'][
'unauth_count'] < $this->_cache_times_for_auth_recheck)
 
 1354                if ($this->_cache_times_for_auth_recheck != -1) {
 
 1357                        'user is not authenticated (cached for ' 
 1358                        .
$_SESSION[
'phpCAS'][
'unauth_count'].
' times of ' 
 1359                        .$this->_cache_times_for_auth_recheck.
')' 
 1363                        'user is not authenticated (cached for until login pressed)' 
 1367                $_SESSION[
'phpCAS'][
'unauth_count'] = 0;
 
 1368                $_SESSION[
'phpCAS'][
'auth_checked'] = 
true;
 
 1397                    'ticket was present and will be discarded, use renewAuthenticate()' 
 1399                if ($this->_clearTicketsFromUrl) {
 
 1401                    session_write_close();
 
 1402                    header(
'Location: '.$this->
getURL());
 
 1408                        'Already authenticated, but skipping ticket clearing since setNoClearTicketsFromUrl() was used.' 
 1416                    'user was already authenticated, no need to look for tickets' 
 1430                        'CAS 1.0 ticket `'.$this->
getTicket().
'\' is present
' 
 1432                    $this->validateCAS10( 
 1433                        $validate_url, $text_response, $tree_response, $renew 
 1434                    ); // if it fails, it halts 
 1436                        'CAS 1.0 ticket `
'.$this->getTicket().'\
' was validated' 
 1448                    $this->validateCAS20( 
 1449                        $validate_url, $text_response, $tree_response, $renew 
 1450                    ); // note: if it fails, it halts 
 1452                        'CAS '.$this->getServerVersion().' ticket `
'.$this->getTicket().'\
' was validated' 
 1456                            $validate_url, $text_response, $tree_response
 
 1459                        $_SESSION['phpCAS']['pgt
'] = $this->_getPGT(); 
 1461                    $_SESSION['phpCAS']['user'] = $this->_getUser(); 
 1462                    if (!empty($this->_attributes)) { 
 1463                        $_SESSION['phpCAS']['attributes
'] = $this->_attributes; 
 1465                    $proxies = $this->getProxies(); 
 1466                    if (!empty($proxies)) { 
 1467                        $_SESSION['phpCAS']['proxies
'] = $this->getProxies(); 
 1470                    $logoutTicket = $this->getTicket(); 
 1472                case SAML_VERSION_1_1: 
 1473                    // if we have a SAML ticket, validate it. 
 1475                        'SAML 1.1 ticket `
'.$this->getTicket().'\
' is present' 
 1478                        $validate_url, $text_response, $tree_response, $renew
 
 1481                        'SAML 1.1 ticket `'.$this->
getTicket().
'\' was validated
' 
 1483                    $_SESSION['phpCAS']['user'] = $this->_getUser(); 
 1484                    $_SESSION['phpCAS']['attributes
'] = $this->_attributes; 
 1486                    $logoutTicket = $this->getTicket(); 
 1489                    phpCAS::trace('Protocoll 
error'); 
 1493                // no ticket given, not authenticated 
 1494                phpCAS::trace('no ticket found
'); 
 1497            // Mark the auth-check as complete to allow post-authentication 
 1498            // callbacks to make use of phpCAS::getUser() and similar methods 
 1499            $this->markAuthenticationCall($res); 
 1502                // call the post-authenticate callback if registered. 
 1503                if ($this->_postAuthenticateCallbackFunction) { 
 1504                    $args = $this->_postAuthenticateCallbackArgs; 
 1505                    array_unshift($args, $logoutTicket); 
 1506                    call_user_func_array( 
 1507                        $this->_postAuthenticateCallbackFunction, $args 
 1511                // if called with a ticket parameter, we need to redirect to the 
 1512                // app without the ticket so that CAS-ification is transparent 
 1513                // to the browser (for later POSTS) most of the checks and 
 1514                // errors should have been made now, so we're safe 
for redirect
 
 1517                if ($this->_clearTicketsFromUrl) {
 
 1519                    session_write_close();
 
 1520                    header(
'Location: '.$this->
getURL());
 
 1538        return !empty(
$_SESSION[
'phpCAS'][
'user']);
 
 1570                if (isset(
$_SESSION[
'phpCAS'][
'attributes'])) {
 
 1575                    'user = `'.
$_SESSION[
'phpCAS'][
'user'].
'\', PGT = `
' 
 1576                    .$_SESSION['phpCAS']['pgt
'].'\
'' 
 1580                if (isset(
$_SESSION[
'phpCAS'][
'proxies'])) {
 
 1584                        .implode(
'", "', 
$_SESSION[
'phpCAS'][
'proxies']).
'"' 
 1594                    'username found (`'.
$_SESSION[
'phpCAS'][
'user']
 
 1595                    .
'\') but PGT is empty
' 
 1597                // unset all tickets to enforce authentication 
 1598                unset($_SESSION['phpCAS']); 
 1599                $this->setTicket(''); 
 1600            } elseif ( !$this->isSessionAuthenticated() 
 1601                && !empty($_SESSION['phpCAS']['pgt
']) 
 1603                // these two variables should be empty or not empty at the same time 
 1605                    'PGT found (`
'.$_SESSION['phpCAS']['pgt
'] 
 1606                    .'\
') but username is empty' 
 1619                if (isset(
$_SESSION[
'phpCAS'][
'attributes'])) {
 
 1625                if (isset(
$_SESSION[
'phpCAS'][
'proxies'])) {
 
 1629                        .implode(
'", "', 
$_SESSION[
'phpCAS'][
'proxies']).
'"' 
 1657        session_write_close();
 
 1658        if (php_sapi_name() === 
'cli') {
 
 1659            @header(
'Location: '.$cas_url);
 
 1661            header(
'Location: '.$cas_url);
 
 1666        printf(
'<p>'. 
$lang->getShouldHaveBeenRedirected(). 
'</p>', $cas_url);
 
 1685        $paramSeparator = 
'?';
 
 1687            $cas_url = $cas_url . $paramSeparator . 
"url=" 
 1689            $paramSeparator = 
'&';
 
 1691        if (isset(
$params[
'service'])) {
 
 1692            $cas_url = $cas_url . $paramSeparator . 
"service=" 
 1693                . urlencode(
$params[
'service']);
 
 1695        header(
'Location: '.$cas_url);
 
 1701        if (session_status() === PHP_SESSION_NONE) {
 
 1709        printf(
'<p>'.
$lang->getShouldHaveBeenRedirected(). 
'</p>', $cas_url);
 
 1722        return !empty(
$_POST[
'logoutRequest']);
 
 1744            && is_null($this->_signoutCallbackFunction)
 
 1747                "phpCAS can't handle logout requests if it is not allowed to change session_id." 
 1751        $decoded_logout_rq = urldecode(
$_POST[
'logoutRequest']);
 
 1754        if ($check_client) {
 
 1755            if (!$allowed_clients) {
 
 1758            $client_ip = 
$_SERVER[
'REMOTE_ADDR'];
 
 1759            $client = gethostbyaddr($client_ip);
 
 1761            foreach ($allowed_clients as $allowed_client) {
 
 1762                if ((
$client == $allowed_client)
 
 1763                    || ($client_ip == $allowed_client)
 
 1766                        "Allowed client '".$allowed_client
 
 1767                        .
"' matches, logout request is allowed" 
 1773                        "Allowed client '".$allowed_client.
"' does not match" 
 1790                "|<samlp:SessionIndex>(.*)</samlp:SessionIndex>|",
 
 1791                $decoded_logout_rq, $tick, PREG_OFFSET_CAPTURE, 3
 
 1793            $wrappedSamlSessionIndex = preg_replace(
 
 1794                '|<samlp:SessionIndex>|', 
'', $tick[0][0]
 
 1796            $ticket2logout = preg_replace(
 
 1797                '|</samlp:SessionIndex>|', 
'', $wrappedSamlSessionIndex
 
 1802            if ($this->_signoutCallbackFunction) {
 
 1804                array_unshift($args, $ticket2logout);
 
 1805                call_user_func_array($this->_signoutCallbackFunction, $args);
 
 1811                $session_id = preg_replace(
'/[^a-zA-Z0-9\-]/', 
'', $ticket2logout);
 
 1815                if (session_id() !== 
"") {
 
 1820                session_id($session_id);
 
 1821                $_COOKIE[session_name()]=$session_id;
 
 1822                $_GET[session_name()]=$session_id;
 
 1884        $this->_ticket = $st;
 
 1894        return !empty($this->_ticket);
 
 1947        if (gettype($cert) != 
'string') {
 
 1950        if (gettype($validate_cn) != 
'boolean') {
 
 1953        if ( !file_exists($cert) && $this->_requestImplementation !== 
'CAS_TestHarness_DummyRequest'){
 
 1956        $this->_cas_server_ca_cert = $cert;
 
 1957        $this->_cas_server_cn_validate = $validate_cn;
 
 1967        $this->_no_cas_server_validation = 
true;
 
 1985    public function validateCAS10(&$validate_url,&$text_response,&$tree_response,$renew=
false)
 
 1991            .
'&ticket='.urlencode($this->
getTicket());
 
 1995            $validate_url .= 
'&renew=true';
 
 1999        if ( !$this->
_readURL($validate_url, $headers, $text_response, $err_msg) ) {
 
 2001                'could not open URL \''.$validate_url.
'\' to validate (
'.$err_msg.')
' 
 2003            throw new CAS_AuthenticationException( 
 2004                $this, 'CAS 1.0 ticket not validated
', $validate_url, 
 2005                true/*$no_response*/ 
 2010        if (preg_match('/^no\n/
', $text_response)) { 
 2011            phpCAS::trace('Ticket has not been validated
'); 
 2012            throw new CAS_AuthenticationException( 
 2013                $this, 'ST not validated
', $validate_url, false/*$no_response*/, 
 2014                false/*$bad_response*/, $text_response 
 2017        } else if (!preg_match('/^yes\n/
', $text_response)) { 
 2018            phpCAS::trace('ill-formed response
'); 
 2019            throw new CAS_AuthenticationException( 
 2020                $this, 'Ticket not validated
', $validate_url, 
 2021                false/*$no_response*/, true/*$bad_response*/, $text_response 
 2025        // ticket has been validated, extract the user name 
 2026        $arr = preg_split('/\n/
', $text_response); 
 2027        $this->_setUser(trim($arr[1])); 
 2031            $this->_renameSession($this->getTicket()); 
 2033        // at this step, ticket has been validated and $this->_user has been set, 
 2034        phpCAS::traceEnd(true); 
 2041    // ######################################################################## 
 2043    // ######################################################################## 
 2065    public function validateSA(&$validate_url,&$text_response,&$tree_response,$renew=false) 
 2067        phpCAS::traceBegin(); 
 2069        // build the URL to validate the ticket 
 2070        $validate_url = $this->getServerSamlValidateURL(); 
 2074            $validate_url .= '&renew=
true'; 
 2077        // open and read the URL 
 2078        if ( !$this->_readURL($validate_url, $headers, $text_response, $err_msg) ) { 
 2080                'could not open URL \
''.$validate_url.
'\' to validate (
'.$err_msg.')
' 
 2082            throw new CAS_AuthenticationException( 
 2083                $this, 'SA not validated
', $validate_url, true/*$no_response*/ 
 2087        phpCAS::trace('server version: 
'.$this->getServerVersion()); 
 2089        // analyze the result depending on the version 
 2090        switch ($this->getServerVersion()) { 
 2091        case SAML_VERSION_1_1: 
 2092            // create new DOMDocument Object 
 2093            $dom = new DOMDocument(); 
 2094            // Fix possible whitspace problems 
 2095            $dom->preserveWhiteSpace = false; 
 2096            // read the response of the CAS server into a DOM object 
 2097            if (!($dom->loadXML($text_response))) { 
 2098                phpCAS::trace('dom->loadXML() failed
'); 
 2099                throw new CAS_AuthenticationException( 
 2100                    $this, 'SA not validated
', $validate_url, 
 2101                    false/*$no_response*/, true/*$bad_response*/, 
 2106            // read the root node of the XML tree 
 2107            if (!($tree_response = $dom->documentElement)) { 
 2108                phpCAS::trace('documentElement() failed
'); 
 2109                throw new CAS_AuthenticationException( 
 2110                    $this, 'SA not validated
', $validate_url, 
 2111                    false/*$no_response*/, true/*$bad_response*/, 
 2115            } else if ( $tree_response->localName != 'Envelope
' ) { 
 2116                // insure that tag name is 'Envelope
' 
 2118                    'bad XML root node (should be `Envelope\
' instead of `' 
 2119                    .$tree_response->localName.
'\'' 
 2122                    $this, 
'SA not validated', $validate_url,
 
 2127            } 
else if ($tree_response->getElementsByTagName(
"NameIdentifier")->length != 0) {
 
 2129                $success_elements = $tree_response->getElementsByTagName(
"NameIdentifier");
 
 2130                phpCAS::trace(
'NameIdentifier found');
 
 2131                $user = trim($success_elements->item(0)->nodeValue);
 
 2132                phpCAS::trace(
'user = `'.$user.
'`');
 
 2133                $this->_setUser($user);
 
 2134                $this->_setSessionAttributes($text_response);
 
 2137                phpCAS::trace(
'no <NameIdentifier> tag found in SAML payload');
 
 2138                throw new CAS_AuthenticationException(
 
 2139                    $this, 
'SA not validated', $validate_url,
 
 2168        $attr_array = array();
 
 2171        $dom = 
new DOMDocument();
 
 2173        $dom->preserveWhiteSpace = 
false;
 
 2174        if (($dom->loadXML($text_response))) {
 
 2175            $xPath = 
new DOMXpath($dom);
 
 2176            $xPath->registerNamespace(
'samlp', 
'urn:oasis:names:tc:SAML:1.0:protocol');
 
 2177            $xPath->registerNamespace(
'saml', 
'urn:oasis:names:tc:SAML:1.0:assertion');
 
 2178            $nodelist = $xPath->query(
"//saml:Attribute");
 
 2181                foreach ($nodelist as $node) {
 
 2182                    $xres = $xPath->query(
"saml:AttributeValue", $node);
 
 2183                    $name = $node->getAttribute(
"AttributeName");
 
 2184                    $value_array = array();
 
 2185                    foreach ($xres as $node2) {
 
 2186                        $value_array[] = $node2->nodeValue;
 
 2188                    $attr_array[
$name] = $value_array;
 
 2191                foreach ($attr_array as $attr_key => $attr_value) {
 
 2192                    if (count($attr_value) > 1) {
 
 2193                        $this->_attributes[$attr_key] = $attr_value;
 
 2194                        phpCAS::trace(
"* " . $attr_key . 
"=" . print_r($attr_value, 
true));
 
 2196                        $this->_attributes[$attr_key] = $attr_value[0];
 
 2295        return !empty($this->_pgt);
 
 2330        $this->_callback_mode = $callback_mode;
 
 2363        if ( empty($this->_callback_url) ) {
 
 2366            $final_uri = 
'https://';
 
 2368            $request_uri = 
$_SERVER[
'REQUEST_URI'];
 
 2369            $request_uri = preg_replace(
'/\?.*$/', 
'', $request_uri);
 
 2370            $final_uri .= $request_uri;
 
 2371            $this->_callback_url = $final_uri;
 
 2388        if (gettype(
$url) != 
'string')
 
 2391        return $this->_callback_url = 
$url;
 
 2403        if (preg_match(
'/PGTIOU-[\.\-\w]/', 
$_GET[
'pgtIou'])) {
 
 2404            if (preg_match(
'/[PT]GT-[\.\-\w]/', 
$_GET[
'pgtId'])) {
 
 2406                $pgt_iou = 
$_GET[
'pgtIou'];
 
 2407                $pgt = 
$_GET[
'pgtId'];
 
 2408                phpCAS::trace(
'Storing PGT `'.$pgt.
'\' (
id=`
'.$pgt_iou.'\
')');
 
 2409                echo 
'<p>Storing PGT `'.$pgt.
'\' (
id=`
'.$pgt_iou.'\
').</p>';
 
 2410                $this->_storePGT($pgt, $pgt_iou);
 
 2411                $this->printHTMLFooter();
 
 2458        if ( !is_object($this->_pgt_storage) ) {
 
 2463        $this->_pgt_storage->init();
 
 2479        $this->_pgt_storage->write($pgt, $pgt_iou);
 
 2495        return $this->_pgt_storage->read($pgt_iou);
 
 2512        if ( is_object($this->_pgt_storage) ) {
 
 2521        $this->_pgt_storage = $storage;
 
 2542        $dsn_or_pdo, $username=
'', 
$password=
'', 
$table=
'', $driver_options=
null 
 2548        if ((is_object($dsn_or_pdo) && !($dsn_or_pdo instanceof PDO)) || gettype($dsn_or_pdo) != 
'string')
 
 2550        if (gettype($username) != 
'string')
 
 2554        if (gettype(
$table) != 
'string')
 
 2579        if (gettype(
$path) != 
'string')
 
 2604    private function _validatePGT(&$validate_url,$text_response,$tree_response)
 
 2607        if ( $tree_response->getElementsByTagName(
"proxyGrantingTicket")->length == 0) {
 
 2611                $this, 
'Ticket validated but no PGT Iou transmitted',
 
 2612                $validate_url, 
false, 
false,
 
 2618                $tree_response->getElementsByTagName(
"proxyGrantingTicket")->item(0)->nodeValue
 
 2620            if (preg_match(
'/PGTIOU-[\.\-\w]/', $pgt_iou)) {
 
 2622                if ( $pgt == 
false ) {
 
 2626                        'PGT Iou was transmitted but PGT could not be retrieved',
 
 2627                        $validate_url, 
false,
 
 2628                        false, $text_response
 
 2635                    $this, 
'PGT Iou was transmitted but has wrong format',
 
 2636                    $validate_url, 
false, 
false,
 
 2661        if (gettype($target_service) != 
'string')
 
 2674            .urlencode($target_service).
'&pgt='.$this->
_getPGT();
 
 2677        if ( !$this->
_readURL($cas_url, $headers, $cas_response, $err_msg) ) {
 
 2679                'could not open URL \''.$cas_url.
'\' to validate (
'.$err_msg.')
' 
 2681            $err_code = PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE; 
 2682            $err_msg = 'could not retrieve PT (no response from the 
CAS server)
'; 
 2683            phpCAS::traceEnd(false); 
 2687        $bad_response = false; 
 2689        if ( !$bad_response ) { 
 2690            // create new DOMDocument object 
 2691            $dom = new DOMDocument(); 
 2692            // Fix possible whitspace problems 
 2693            $dom->preserveWhiteSpace = false; 
 2694            // read the response of the CAS server into a DOM object 
 2695            if ( !($dom->loadXML($cas_response))) { 
 2696                phpCAS::trace('dom->loadXML() failed
'); 
 2698                $bad_response = true; 
 2702        if ( !$bad_response ) { 
 2703            // read the root node of the XML tree 
 2704            if ( !($root = $dom->documentElement) ) { 
 2705                phpCAS::trace('documentElement failed
'); 
 2707                $bad_response = true; 
 2711        if ( !$bad_response ) { 
 2712            // insure that tag name is 'serviceResponse
' 
 2713            if ( $root->localName != 'serviceResponse
' ) { 
 2714                phpCAS::trace('localName failed
'); 
 2716                $bad_response = true; 
 2720        if ( !$bad_response ) { 
 2721            // look for a proxySuccess tag 
 2722            if ( $root->getElementsByTagName("proxySuccess")->length != 0) { 
 2723                $proxy_success_list = $root->getElementsByTagName("proxySuccess"); 
 2725                // authentication succeded, look for a proxyTicket tag 
 2726                if ( $proxy_success_list->item(0)->getElementsByTagName("proxyTicket")->length != 0) { 
 2727                    $err_code = PHPCAS_SERVICE_OK; 
 2730                        $proxy_success_list->item(0)->getElementsByTagName("proxyTicket")->item(0)->nodeValue 
 2732                    phpCAS::trace('original PT: 
'.trim($pt)); 
 2733                    phpCAS::traceEnd($pt); 
 2736                    phpCAS::trace('<proxySuccess> was found, but not <proxyTicket>
'); 
 2738            } else if ($root->getElementsByTagName("proxyFailure")->length != 0) { 
 2739                // look for a proxyFailure tag 
 2740                $proxy_failure_list = $root->getElementsByTagName("proxyFailure"); 
 2742                // authentication failed, extract the error 
 2743                $err_code = PHPCAS_SERVICE_PT_FAILURE; 
 2744                $err_msg = 'PT retrieving failed (code=`
' 
 2745                .$proxy_failure_list->item(0)->getAttribute('code
') 
 2747                .trim($proxy_failure_list->item(0)->nodeValue)
 
 2749                phpCAS::traceEnd(false); 
 2752                phpCAS::trace('neither <proxySuccess> nor <proxyFailure> found
'); 
 2756        // at this step, we are sure that the response of the CAS server was 
 2758        $err_code = PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE; 
 2759        $err_msg = 'Invalid response from the 
CAS server (response=`
' 
 2760            .$cas_response.'\
')';
 
 2794        $request = 
new $className();
 
 2796        if (count($this->_curl_options)) {
 
 2797            $request->setCurlOptions($this->_curl_options);
 
 2800        $request->setUrl(
$url);
 
 2802        if (empty($this->_cas_server_ca_cert) && !$this->_no_cas_server_validation) {
 
 2804                'one of the methods phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.' 
 2807        if ($this->_cas_server_ca_cert != 
'') {
 
 2808            $request->setSslCaCert(
 
 2809                $this->_cas_server_ca_cert, $this->_cas_server_cn_validate
 
 2815            $request->addHeader(
"soapaction: http://www.oasis-open.org/committees/security");
 
 2816            $request->addHeader(
"cache-control: no-cache");
 
 2817            $request->addHeader(
"pragma: no-cache");
 
 2818            $request->addHeader(
"accept: text/xml");
 
 2819            $request->addHeader(
"connection: keep-alive");
 
 2820            $request->addHeader(
"content-type: text/xml");
 
 2821            $request->makePost();
 
 2825        if ($request->send()) {
 
 2826            $headers = $request->getResponseHeaders();
 
 2827            $body = $request->getResponseBody();
 
 2834            $err_msg = $request->getErrorMessage();
 
 2853            .SAML_ASSERTION_ARTIFACT.$sa.SAML_ASSERTION_ARTIFACT_CLOSE
 
 2854            .SAMLP_REQUEST_CLOSE.SAML_SOAP_BODY_CLOSE.SAML_SOAP_ENV_CLOSE;
 
 2889        if (gettype(
$type) != 
'string')
 
 2896            $request = 
new $requestClass();
 
 2897            if (count($this->_curl_options)) {
 
 2898                $request->setCurlOptions($this->_curl_options);
 
 2900            $proxiedService = 
new $type($request, $this->_serviceCookieJar);
 
 2902                $proxiedService->setCasClient($this);
 
 2904            return $proxiedService;
 
 2908                $proxiedService->setCasClient($this);
 
 2910            return $proxiedService;
 
 2913                "Unknown proxied-service type, $type." 
 2940        if (!is_string(
$url)) {
 
 2942                "Proxied Service ".get_class($proxiedService)
 
 2943                .
"->getServiceUrl() should have returned a string, returned a " 
 2944                .gettype(
$url).
" instead." 
 2975        if (gettype(
$url) != 
'string')
 
 2986            $err_code = $e->getCode();
 
 2992                $lang->getServiceUnavailable(), 
$url, $e->getMessage()
 
 3025        if (gettype(
$url) != 
'string')
 
 3027        if (gettype($serviceUrl) != 
'string')
 
 3029        if (gettype($flags) != 
'integer')
 
 3034            $service->setServiceUrl($serviceUrl);
 
 3040            $pt = 
$service->getImapProxyTicket();
 
 3043            $err_msg = $e->getMessage();
 
 3044            $err_code = $e->getCode();
 
 3050                $lang->getServiceUnavailable(),
 
 3112        $this->_proxies = $proxies;
 
 3113        if (!empty($proxies)) {
 
 3139        if (empty($this->_allowed_proxy_chains)) {
 
 3166    public function validateCAS20(&$validate_url,&$text_response,&$tree_response, $renew=
false)
 
 3187            $validate_url .= 
'&renew=true';
 
 3191        if ( !$this->
_readURL($validate_url, $headers, $text_response, $err_msg) ) {
 
 3193                'could not open URL \''.$validate_url.
'\' to validate (
'.$err_msg.')
' 
 3195            throw new CAS_AuthenticationException( 
 3196                $this, 'Ticket not validated
', $validate_url, 
 3197                true/*$no_response*/ 
 3202        // create new DOMDocument object 
 3203        $dom = new DOMDocument(); 
 3204        // Fix possible whitspace problems 
 3205        $dom->preserveWhiteSpace = false; 
 3206        // CAS servers should only return data in utf-8 
 3207        $dom->encoding = "utf-8"; 
 3208        // read the response of the CAS server into a DOMDocument object 
 3209        if ( !($dom->loadXML($text_response))) { 
 3211            throw new CAS_AuthenticationException( 
 3212                $this, 'Ticket not validated
', $validate_url, 
 3213                false/*$no_response*/, true/*$bad_response*/, $text_response 
 3216        } else if ( !($tree_response = $dom->documentElement) ) { 
 3217            // read the root node of the XML tree 
 3219            throw new CAS_AuthenticationException( 
 3220                $this, 'Ticket not validated
', $validate_url, 
 3221                false/*$no_response*/, true/*$bad_response*/, $text_response 
 3224        } else if ($tree_response->localName != 'serviceResponse
') { 
 3225            // insure that tag name is 'serviceResponse
' 
 3227            throw new CAS_AuthenticationException( 
 3228                $this, 'Ticket not validated
', $validate_url, 
 3229                false/*$no_response*/, true/*$bad_response*/, $text_response 
 3232        } else if ( $tree_response->getElementsByTagName("authenticationFailure")->length != 0) { 
 3233            // authentication failed, extract the error code and message and throw exception 
 3234            $auth_fail_list = $tree_response 
 3235                ->getElementsByTagName("authenticationFailure"); 
 3236            throw new CAS_AuthenticationException( 
 3237                $this, 'Ticket not validated
', $validate_url, 
 3238                false/*$no_response*/, false/*$bad_response*/, 
 3240                $auth_fail_list->item(0)->getAttribute('code
')/*$err_code*/, 
 3241                trim($auth_fail_list->item(0)->nodeValue)/*$err_msg*/ 
 3244        } else if ($tree_response->getElementsByTagName("authenticationSuccess")->length != 0) { 
 3245            // authentication succeded, extract the user name 
 3246            $success_elements = $tree_response 
 3247                ->getElementsByTagName("authenticationSuccess"); 
 3248            if ( $success_elements->item(0)->getElementsByTagName("user")->length == 0) { 
 3249                // no user specified => error 
 3250                throw new CAS_AuthenticationException( 
 3251                    $this, 'Ticket not validated
', $validate_url, 
 3252                    false/*$no_response*/, true/*$bad_response*/, $text_response 
 3258                        $success_elements->item(0)->getElementsByTagName("user")->item(0)->nodeValue 
 3261                $this->_readExtraAttributesCas20($success_elements); 
 3262                // Store the proxies we are sitting behind for authorization checking 
 3263                $proxyList = array(); 
 3264                if ( sizeof($arr = $success_elements->item(0)->getElementsByTagName("proxy")) > 0) { 
 3265                    foreach ($arr as $proxyElem) { 
 3266                        phpCAS::trace("Found Proxy: ".$proxyElem->nodeValue); 
 3267                        $proxyList[] = trim($proxyElem->nodeValue); 
 3269                    $this->_setProxies($proxyList); 
 3270                    phpCAS::trace("Storing Proxy List"); 
 3272                // Check if the proxies in front of us are allowed 
 3273                if (!$this->getAllowedProxyChains()->isProxyListAllowed($proxyList)) { 
 3274                    throw new CAS_AuthenticationException( 
 3275                        $this, 'Proxy not allowed
', $validate_url, 
 3276                        false/*$no_response*/, true/*$bad_response*/, 
 3285            throw new CAS_AuthenticationException( 
 3286                $this, 'Ticket not validated
', $validate_url, 
 3287                false/*$no_response*/, true/*$bad_response*/, 
 3293            $this->_renameSession($this->getTicket()); 
 3295        // at this step, Ticket has been validated and $this->_user has been set, 
 3297        phpCAS::traceEnd($result); 
 3311    private function _readExtraAttributesCas20($success_elements) 
 3313        phpCAS::traceBegin(); 
 3315        $extra_attributes = array(); 
 3317        // "Jasig Style" Attributes: 
 3319        //      <cas:serviceResponse xmlns:cas='http:
 
 3333        if ($this->_casAttributeParserCallbackFunction !== 
null 
 3334            && is_callable($this->_casAttributeParserCallbackFunction)
 
 3336            array_unshift($this->_casAttributeParserCallbackArgs, $success_elements->item(0));
 
 3337            phpCas :: trace(
"Calling attritubeParser callback");
 
 3338            $extra_attributes =  call_user_func_array(
 
 3339                $this->_casAttributeParserCallbackFunction,
 
 3340                $this->_casAttributeParserCallbackArgs
 
 3342        } elseif ( $success_elements->item(0)->getElementsByTagName(
"attributes")->length != 0) {
 
 3343            $attr_nodes = $success_elements->item(0)
 
 3344                ->getElementsByTagName(
"attributes");
 
 3345            phpCas :: trace(
"Found nested jasig style attributes");
 
 3346            if ($attr_nodes->item(0)->hasChildNodes()) {
 
 3348                foreach ($attr_nodes->item(0)->childNodes as $attr_child) {
 
 3350                        "Attribute [".$attr_child->localName.
"] = " 
 3351                        .$attr_child->nodeValue
 
 3354                        $extra_attributes, $attr_child->localName,
 
 3355                        $attr_child->nodeValue
 
 3376            phpCas :: trace(
"Testing for rubycas style attributes");
 
 3377            $childnodes = $success_elements->item(0)->childNodes;
 
 3378            foreach ($childnodes as $attr_node) {
 
 3379                switch ($attr_node->localName) {
 
 3382                case 'proxyGrantingTicket':
 
 3385                    if (strlen(trim($attr_node->nodeValue))) {
 
 3387                            "Attribute [".$attr_node->localName.
"] = ".$attr_node->nodeValue
 
 3390                            $extra_attributes, $attr_node->localName,
 
 3391                            $attr_node->nodeValue
 
 3418        if (!count($extra_attributes)
 
 3419            && $success_elements->item(0)->getElementsByTagName(
"attribute")->length != 0
 
 3421            $attr_nodes = $success_elements->item(0)
 
 3422                ->getElementsByTagName(
"attribute");
 
 3423            $firstAttr = $attr_nodes->item(0);
 
 3424            if (!$firstAttr->hasChildNodes()
 
 3425                && $firstAttr->hasAttribute(
'name')
 
 3426                && $firstAttr->hasAttribute(
'value')
 
 3428                phpCas :: trace(
"Found Name-Value style attributes");
 
 3430                foreach ($attr_nodes as $attr_node) {
 
 3431                    if ($attr_node->hasAttribute(
'name')
 
 3432                        && $attr_node->hasAttribute(
'value')
 
 3435                            "Attribute [".$attr_node->getAttribute(
'name')
 
 3436                            .
"] = ".$attr_node->getAttribute(
'value')
 
 3439                            $extra_attributes, $attr_node->getAttribute(
'name'),
 
 3440                            $attr_node->getAttribute(
'value')
 
 3464        if (isset($attributeArray[
$name])) {
 
 3466            if (!is_array($attributeArray[
$name])) {
 
 3467                $existingValue = $attributeArray[
$name];
 
 3468                $attributeArray[
$name] = array($existingValue);
 
 3471            $attributeArray[
$name][] = trim($value);
 
 3473            $attributeArray[
$name] = trim($value);
 
 3512        if (gettype(
$url) != 
'string')
 
 3528        if ( empty($this->_url) ) {
 
 3531            $final_uri = ($this->
_isHttps()) ? 
'https' : 
'http';
 
 3532            $final_uri .= 
'://';
 
 3535            $request_uri        = explode(
'?', 
$_SERVER[
'REQUEST_URI'], 2);
 
 3536            $final_uri          .= $request_uri[0];
 
 3538            if (isset($request_uri[1]) && $request_uri[1]) {
 
 3543                if ($query_string !== 
'') {
 
 3544                    $final_uri  .= 
"?$query_string";
 
 3549            $this->
setURL($final_uri);
 
 3565        if (gettype(
$url) != 
'string')
 
 3568        return $this->_server[
'base_url'] = 
$url;
 
 3580        if (!empty(
$_SERVER[
'HTTP_X_FORWARDED_HOST'])) {
 
 3582            $hosts = explode(
',', 
$_SERVER[
'HTTP_X_FORWARDED_HOST']);
 
 3585        } 
else if (!empty(
$_SERVER[
'HTTP_X_FORWARDED_SERVER'])) {
 
 3586            $server_url = 
$_SERVER[
'HTTP_X_FORWARDED_SERVER'];
 
 3588            if (empty(
$_SERVER[
'SERVER_NAME'])) {
 
 3589                $server_url = 
$_SERVER[
'HTTP_HOST'];
 
 3591                $server_url = 
$_SERVER[
'SERVER_NAME'];
 
 3594        if (!strpos($server_url, 
':')) {
 
 3595            if (empty(
$_SERVER[
'HTTP_X_FORWARDED_PORT'])) {
 
 3596                $server_port = 
$_SERVER[
'SERVER_PORT'];
 
 3598                $ports = explode(
',', 
$_SERVER[
'HTTP_X_FORWARDED_PORT']);
 
 3599                $server_port = $ports[0];
 
 3602            if ( ($this->
_isHttps() && $server_port!=443)
 
 3603                || (!$this->
_isHttps() && $server_port!=80)
 
 3606                $server_url .= $server_port;
 
 3619        if (!empty(
$_SERVER[
'HTTP_X_FORWARDED_PROTO'])) {
 
 3620            return (
$_SERVER[
'HTTP_X_FORWARDED_PROTO'] === 
'https');
 
 3621        } elseif (!empty(
$_SERVER[
'HTTP_X_FORWARDED_PROTOCOL'])) {
 
 3622            return (
$_SERVER[
'HTTP_X_FORWARDED_PROTOCOL'] === 
'https');
 
 3623        } elseif ( isset(
$_SERVER[
'HTTPS'])
 
 3625            && strcasecmp(
$_SERVER[
'HTTPS'], 
'off') !== 0
 
 3645        $parameterName  = preg_quote($parameterName);
 
 3646        return preg_replace(
 
 3647            "/&$parameterName(=[^&]*)?|^$parameterName(=[^&]*)?&?/",
 
 3664        $url .= (strstr(
$url, 
'?') === 
false) ? 
'?' : 
'&';
 
 3680            if (!empty($this->_user)) {
 
 3685                $session_id = preg_replace(
'/[^a-zA-Z0-9\-]/', 
'', $ticket);
 
 3687                session_id($session_id);
 
 3693                    'Session should only be renamed after successfull authentication' 
 3698                "Skipping session rename since phpCAS is not handling the session." 
 3737            $lang->getYouWereNotAuthenticated(), htmlentities($this->
getURL()),
 
 3742        if ( $no_response ) {
 
 3745            if ( $bad_response ) {
 
 3754                    if ( empty($err_code) ) {
 
 3758                            'Reason: ['.$err_code.
'] CAS error: '.$err_msg
 
 3799        if (preg_match(
"/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/", $nodeURL)) {
 
 3818        if ( !(
bool)preg_match(
"/^(http|https):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i", $rebroadcastNodeUrl))
 
 3823        $this->_rebroadcast_nodes[] = $rebroadcastNodeUrl;
 
 3841        if (gettype(
$header) != 
'string')
 
 3844        $this->_rebroadcast_headers[] = 
$header;
 
 3864        $rebroadcast_curl_options = array(
 
 3865        CURLOPT_FAILONERROR => 1,
 
 3866        CURLOPT_FOLLOWLOCATION => 1,
 
 3867        CURLOPT_RETURNTRANSFER => 1,
 
 3868        CURLOPT_CONNECTTIMEOUT => 1,
 
 3869        CURLOPT_TIMEOUT => 4);
 
 3872        if (!empty(
$_SERVER[
'SERVER_ADDR'])) {
 
 3874        } 
else if (!empty(
$_SERVER[
'LOCAL_ADDR'])) {
 
 3880            $dns = gethostbyaddr($ip);
 
 3882        $multiClassName = 
'CAS_Request_CurlMultiRequest';
 
 3883        $multiRequest = 
new $multiClassName();
 
 3886            if ((($this->
_getNodeType($this->_rebroadcast_nodes[
$i]) == self::HOSTNAME) && !empty($dns) && (stripos($this->_rebroadcast_nodes[
$i], $dns) === 
false))
 
 3887                || (($this->
_getNodeType($this->_rebroadcast_nodes[
$i]) == 
self::IP) && !empty($ip) && (stripos($this->_rebroadcast_nodes[
$i], $ip) === 
false))
 
 3890                    'Rebroadcast target URL: '.$this->_rebroadcast_nodes[
$i]
 
 3894                $request = 
new $className();
 
 3896                $url = $this->_rebroadcast_nodes[
$i].$_SERVER[
'REQUEST_URI'];
 
 3897                $request->setUrl(
$url);
 
 3899                if (count($this->_rebroadcast_headers)) {
 
 3900                    $request->addHeaders($this->_rebroadcast_headers);
 
 3903                $request->makePost();
 
 3904                if (
$type == self::LOGOUT) {
 
 3906                    $request->setPostBody(
 
 3907                        'rebroadcast=false&logoutRequest='.
$_POST[
'logoutRequest']
 
 3909                } 
else if (
$type == self::PGTIOU) {
 
 3911                    $request->setPostBody(
'rebroadcast=false');
 
 3914                $request->setCurlOptions($rebroadcast_curl_options);
 
 3916                $multiRequest->addRequest($request);
 
 3919                    'Rebroadcast not sent to self: ' 
 3920                    .$this->_rebroadcast_nodes[
$i].
' == '.(!empty($ip)?$ip:
'')
 
 3921                    .
'/'.(!empty($dns)?$dns:
'')
 
 3926        if ($multiRequest->getNumRequests() > 0) {
 
 3927            $multiRequest->send();
 
sprintf('%.4f', $callTime)
This interface defines methods that allow proxy-authenticated service handlers to interact with phpCA...
The CAS_Client class is a client interface that provides CAS authentication to PHP applications.
This class provides access to service cookies and handles parsing of response headers to pull out coo...
An exception for terminatinating execution or to throw for unit testing.
Exception that denotes invalid arguments were passed.
This class defines Exceptions that should be thrown when the sequence of operations is invalid.
This class defines Exceptions that should be thrown when the sequence of operations is invalid.
This class defines Exceptions that should be thrown when the sequence of operations is invalid.
Basic class for PGT storage The CAS_PGTStorage_AbstractStorage class is a generic class for PGT stora...
Basic class for PGT database storage The CAS_PGTStorage_Db class is a class for PGT database storage.
The CAS_PGTStorage_File class is a class for PGT file storage.
An Exception for problems communicating with a proxied service.
Provides access to a proxy-authenticated IMAP stream.
ProxyChain is a container for storing chains of valid proxies that can be used to validate proxied re...
An Exception for errors related to fetching or validating proxy tickets.
Licensed to Jasig under one or more contributor license agreements.
error($a_errmsg)
set error message @access public
The phpCAS class is a simple container for the phpCAS library.
if(!is_dir( $entity_dir)) exit("Fatal Error ([A-Za-z0-9]+)\s+" &#(? foreach( $entity_files as $file) $output
getUser()
This method returns the CAS user's login name.
$_user
The Authenticated user.
_hasAttribute($key)
Check whether a specific attribute with a name is available.
getAttributes()
Get an key values arry of attributes.
hasAttribute($key)
Check whether a specific attribute with a name is available.
checkAuthentication()
This method is called to check whether the user is authenticated or not.
isSessionAuthenticated()
This method tells if the current session is authenticated.
_setUser($user)
This method sets the CAS user's login name.
$_cache_times_for_auth_recheck
An integer that gives the number of times authentication will be cached before rechecked.
isAuthenticated($renew=false)
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
getAttribute($key)
Get a specific attribute by name.
setAttributes($attributes)
Set an array of attributes.
hasAttributes()
Check whether attributes are available.
_getUser()
This method returns the CAS user's login name.
_isLogoutRequest()
Check of the current request is a logout request.
setCacheTimesForAuthRecheck($n)
Set the number of times authentication will be cached before rechecked.
_wasPreviouslyAuthenticated()
This method tells if the user has already been (previously) authenticated by looking into the session...
$_attributes
The Authenticated users attributes.
redirectToCas($gateway=false, $renew=false)
This method is used to redirect the client to the CAS server.
logout($params)
This method is used to logout from CAS.
handleLogoutRequests($check_client=true, $allowed_clients=false)
This method handles logout requests.
forceAuthentication()
This method is called to be sure that the user is authenticated.
renewAuthentication()
This method is called to renew the authentication of the user If the user is authenticated,...
$_cas_server_ca_cert
the certificate of the CAS server CA.
hasTicket()
This method tells if a Service Ticket was stored.
getTicket()
This method returns the Service Ticket provided in the URL of the request.
$_ticket
The Ticket provided in the URL of the request if present (empty otherwise).
validateCAS10(&$validate_url, &$text_response, &$tree_response, $renew=false)
This method is used to validate a CAS 1,0 ticket; halt on failure, and sets $validate_url,...
$_cas_server_cn_validate
validate CN of the CAS server certificate
$_no_cas_server_validation
Set to true not to validate the CAS server.
setTicket($st)
This method stores the Service Ticket.
setCasServerCACert($cert, $validate_cn)
Set the CA certificate of the CAS server.
setNoCasServerValidation()
Set no SSL validation for the CAS server.
$_signoutCallbackFunction
$_casAttributeParserCallbackArgs
$_requestImplementation
The class to instantiate for making web requests in readUrl().
wasAuthenticationCallSuccessful()
Answer the result of the authentication call.
$_postAuthenticateCallbackArgs
setRequestImplementation($className)
Override the default implementation used to make web requests in readUrl().
setPostAuthenticateCallback($function, array $additionalArgs=array())
Set a callback function to be run when a user authenticates.
getAuthenticationCallerMethod()
Answer information about the authentication caller.
setSingleSignoutCallback($function, array $additionalArgs=array())
Set a callback function to be run when a single-signout request is received.
$_casAttributeParserCallbackFunction
getAuthenticationCallerFile()
Answer information about the authentication caller.
markAuthenticationCall($auth)
Mark the caller of authentication.
setCasAttributeParserCallback($function, array $additionalArgs=array())
Set a callback function to be run when parsing CAS attributes.
wasAuthenticationCalled()
Answer true if authentication has been checked.
_ensureAuthenticationCalled()
Ensure that authentication was checked.
getAuthenticationCallerLine()
Answer information about the authentication caller.
ensureAuthenticationCallSuccessful()
Ensure that authentication was checked.
$_postAuthenticateCallbackFunction
ensureIsProxy()
Ensure that this is actually a proxy object or fail with an exception.
setNoClearTicketsFromUrl()
Configure the client to not send redirect headers and call exit() on authentication success.
_setCallbackMode($callback_mode)
This method sets/unsets callback mode.
$_callback_url
the URL that should be used for the PGT callback (in fact the URL of the current request without any ...
_callback()
This method is called by CAS_Client::CAS_Client() when running in callback mode.
setCallbackURL($url)
This method sets the callback url.
_getCallbackURL()
This method returns the URL that should be used for the PGT callback (in fact the URL of the current ...
$_callback_mode
each PHP script using phpCAS in proxy mode is its own callback to get the PGT back from the CAS serve...
_isCallbackMode()
This method returns true when the CAs client is running i callback mode, false otherwise.
getServerServiceValidateURL()
This method is used to retrieve the service validating URL of the CAS server.
_getServerHostname()
This method is used to retrieve the hostname of the CAS server.
getServerVersion()
This method is used to retrieve the version of the CAS server.
getServerProxyValidateURL()
This method is used to retrieve the proxy validating URL of the CAS server.
_setChangeSessionID($allowed)
Set a parameter whether to allow phpCas to change session_id.
setServerServiceValidateURL($url)
This method sets the serviceValidate URL of the CAS server.
getChangeSessionID()
Get whether phpCas is allowed to change session_id.
getServerProxyURL()
This method is used to retrieve the proxy URL of the CAS server.
setServerSamlValidateURL($url)
This method sets the samlValidate URL of the CAS server.
getServerLogoutURL()
This method is used to retrieve the logout URL of the CAS server.
setServerLogoutURL($url)
This method sets the logout URL of the CAS server.
__construct( $server_version, $proxy, $server_hostname, $server_port, $server_uri, $changeSessionID=true)
CAS_Client constructor.
getServerLoginURL($gateway=false, $renew=false)
This method is used to retrieve the login URL of the CAS server.
_getServerURI()
This method is used to retrieve the URI of the CAS server.
setExtraCurlOption($key, $value)
This method is used to set additional user curl options.
$_server
a record to store information about the CAS server.
setServerLoginURL($url)
This method sets the login URL of the CAS server.
_getServerPort()
This method is used to retrieve the port of the CAS server.
setServerProxyValidateURL($url)
This method sets the proxyValidate URL of the CAS server.
getServerSamlValidateURL()
This method is used to retrieve the SAML validating URL of the CAS server.
_getServerBaseURL()
This method is used to retrieve the base URL of the CAS server.
$_change_session_id
A variable to whether phpcas will use its own session handling.
$_curl_options
An array to store extra curl options.
setLang($lang)
This method is used to set the language used by phpCAS.
$_lang
A string corresponding to the language used by phpCAS.
const PHPCAS_LANG_DEFAULT
phpCAS default language (when phpCAS::setLang() is not used)
getLangObj()
Create the language.
$_rebroadcast_headers
An array to store extra rebroadcast curl options.
_renameSession($ticket)
Renaming the session.
_buildQueryUrl($url, $query)
This method is used to append query parameters to an url.
_rebroadcast($type)
This method rebroadcasts logout/pgtIou requests.
const HOSTNAME
Constants used for determining rebroadcast node type.
$_rebroadcast
Boolean of whether to rebroadcast pgtIou/pgtId and logoutRequest, and array of the nodes.
const LOGOUT
Constants used for determining rebroadcast type (logout or pgtIou/pgtId).
addRebroadcastHeader($header)
This method is used to add header parameters when rebroadcasting pgtIou/pgtId or logoutRequest.
_authError( $failure, $cas_url, $no_response, $bad_response='', $cas_response='', $err_code='', $err_msg='')
This method is used to print the HTML output when the user was not authenticated.
_buildSAMLPayload()
This method is used to build the SAML POST body sent to /samlValidate URL.
_getNodeType($nodeURL)
Determine the node type from the URL.
setURL($url)
This method sets the URL of the current request.
setBaseURL($url)
This method sets the base URL of the CAS server.
addRebroadcastNode($rebroadcastNodeUrl)
Store the rebroadcast node for pgtIou/pgtId and logout requests.
getURL()
This method returns the URL of the current request (without any ticket CGI parameter).
_removeParameterFromQueryString($parameterName, $queryString)
Removes a parameter from a query string.
_isHttps()
This method checks to see if the request is secured via HTTPS.
_readURL($url, &$headers, &$body, &$err_msg)
This method is used to acces a remote URL.
$_url
the URL of the current request (without any ticket CGI parameter).
_getClientUrl()
Try to figure out the phpCas client URL with possible Proxys / Ports etc.
printHTMLFooter()
This method prints the footer of the HTML output (after filtering).
setHTMLFooter($footer)
This method set the HTML footer used for all outputs.
printHTMLHeader($title)
This method prints the header of the HTML output (after filtering).
setHTMLHeader($header)
This method set the HTML header used for all outputs.
_htmlFilterOutput($str)
This method filters a string by replacing special tokens by appropriate values and prints it.
$_output_footer
A string used to print the footer of HTML pages.
$_output_header
A string used to print the header of HTML pages.
_loadPGT($pgt_iou)
This method reads a PGT from its Iou and deletes the corresponding storage entry.
retrievePT($target_service, &$err_code, &$err_msg)
This method is used to retrieve PT's from the CAS server thanks to a PGT.
_validatePGT(&$validate_url, $text_response, $tree_response)
This method is used to validate a PGT; halt on failure.
setPGTStorage($storage)
This method can be used to set a custom PGT storage object.
_initPGTStorage()
This method is used to initialize the storage of PGT's.
setPGTStorageFile($path='')
This method is used to tell phpCAS to store the response of the CAS server to PGT requests onto the f...
$_pgt_storage
an instance of a class inheriting of PGTStorage, used to deal with PGT storage.
_storePGT($pgt, $pgt_iou)
This method stores a PGT.
setPGTStorageDb( $dsn_or_pdo, $username='', $password='', $table='', $driver_options=null)
This method is used to tell phpCAS to store the response of the CAS server to PGT requests in a datab...
validateCAS20(&$validate_url, &$text_response, &$tree_response, $renew=false)
This method is used to validate a cas 2.0 ST or PT; halt on failure Used for all CAS 2....
_addAttributeToArray(array &$attributeArray, $name, $value)
Add an attribute value to an array of attributes.
getProxiedService($type)
Answer a proxy-authenticated service handler.
serviceWeb($url, &$err_code, &$output)
This method is used to access an HTTP[S] service.
serviceMail($url, $serviceUrl, $flags, &$err_code, &$err_msg, &$pt)
This method is used to access an IMAP/POP3/NNTP service.
initializeProxiedService(CAS_ProxiedService $proxiedService)
Initialize a proxied-service handler with the proxy-ticket it should use.
isProxy()
Tells if a CAS client is a CAS proxy or not.
$_serviceCookieJar
Handler for managing service cookies.
$_pgt
the Proxy Grnting Ticket given by the CAS server (empty otherwise).
_setPGT($pgt)
This method stores the Proxy Granting Ticket.
$_proxy
A boolean telling if the client is a CAS proxy or not.
_hasPGT()
This method tells if a Proxy Granting Ticket was stored.
_getPGT()
This method returns the Proxy Granting Ticket given by the CAS server.
_setSessionAttributes($text_response)
This method will parse the DOM and pull out the attributes from the SAML payload and put them into an...
validateSA(&$validate_url, &$text_response, &$tree_response, $renew=false)
This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url,...
$_proxies
This array will store a list of proxies in front of this application.
getAllowedProxyChains()
Answer the CAS_ProxyChain_AllowedList object for this client.
_setProxies($proxies)
Set the Proxy array, probably from persistant storage.
getProxies()
Answer an array of proxies that are sitting in front of this application.
static trace($str)
This method is used to log something in debug mode.
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode.
static error($msg)
This method is used by interface methods to print an error and where the function was originally call...
static traceExit()
This method is used to indicate the end of the execution of the program.
const PHPCAS_PROXIED_SERVICE_HTTP_POST
phpCAS::getProxiedService() type for HTTP POST
const PHPCAS_PROXIED_SERVICE_HTTP_GET
phpCAS::getProxiedService() type for HTTP GET
const PHPCAS_SERVICE_OK
phpCAS::service() error code on success
const PHPCAS_SERVICE_NOT_AVAILABLE
phpCAS::service() error code when the service was not available.
const PHPCAS_PROXIED_SERVICE_IMAP
phpCAS::getProxiedService() type for IMAP
const CAS_VERSION_3_0
CAS version 3.0.
const SAML_SOAP_ENV
SOAP envelope for SAML POST.
static getVersion()
This method returns the phpCAS version.
const SAML_VERSION_1_1
SAML protocol.
const CAS_VERSION_1_0
CAS version 1.0.
Language Interface class for all internationalization files.
This interface defines methods that allow proxy-authenticated service handlers to interact with phpCA...
getServiceUrl()
Answer a service identifier (URL) for whom we should fetch a proxy ticket.
setProxyTicket($proxyTicket)
Register a proxy ticket with the ProxiedService that it can use when making requests.
This interface defines a class library for performing web requests.
$stream
PHP stream implementation.
static http()
Fetches the global http state from ILIAS.
if(empty($password)) $table
foreach($_POST as $key=> $value) $res
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']