48if (!
defined(
'E_USER_DEPRECATED')) {
49 define(
'E_USER_DEPRECATED', E_USER_NOTICE);
64define(
'PHPCAS_VERSION',
'1.3.5');
74define(
"CAS_VERSION_1_0",
'1.0');
78define(
"CAS_VERSION_2_0",
'2.0');
82define(
"CAS_VERSION_3_0",
'3.0');
91define(
"SAML_VERSION_1_1",
'S1');
96define(
"SAML_XML_HEADER",
'<?xml version="1.0" encoding="UTF-8"?>');
101define(
"SAML_SOAP_ENV",
'<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/>');
106define(
"SAML_SOAP_BODY",
'<SOAP-ENV:Body>');
111define(
"SAMLP_REQUEST",
'<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="_192.168.16.51.1024506224022" IssueInstant="2002-06-19T17:03:44.022Z">');
112define(
"SAMLP_REQUEST_CLOSE",
'</samlp:Request>');
117define(
"SAML_ASSERTION_ARTIFACT",
'<samlp:AssertionArtifact>');
122define(
"SAML_ASSERTION_ARTIFACT_CLOSE",
'</samlp:AssertionArtifact>');
127define(
"SAML_SOAP_BODY_CLOSE",
'</SOAP-ENV:Body>');
132define(
"SAML_SOAP_ENV_CLOSE",
'</SOAP-ENV:Envelope>');
137define(
"SAML_ATTRIBUTES",
'SAMLATTRIBS');
142define(
"DEFAULT_ERROR",
'Internal script failure');
155define(
"CAS_PGT_STORAGE_FILE_DEFAULT_PATH", session_save_path());
168define(
"PHPCAS_SERVICE_OK", 0);
173define(
"PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE", 1);
178define(
"PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE", 2);
183define(
"PHPCAS_SERVICE_PT_FAILURE", 3);
187define(
"PHPCAS_SERVICE_NOT_AVAILABLE", 4);
195define(
"PHPCAS_PROXIED_SERVICE_HTTP_GET",
'CAS_ProxiedService_Http_Get');
199define(
"PHPCAS_PROXIED_SERVICE_HTTP_POST",
'CAS_ProxiedService_Http_Post');
203define(
"PHPCAS_PROXIED_SERVICE_IMAP",
'CAS_ProxiedService_Imap');
215define(
"PHPCAS_LANG_ENGLISH",
'CAS_Languages_English');
216define(
"PHPCAS_LANG_FRENCH",
'CAS_Languages_French');
217define(
"PHPCAS_LANG_GREEK",
'CAS_Languages_Greek');
218define(
"PHPCAS_LANG_GERMAN",
'CAS_Languages_German');
219define(
"PHPCAS_LANG_JAPANESE",
'CAS_Languages_Japanese');
220define(
"PHPCAS_LANG_SPANISH",
'CAS_Languages_Spanish');
221define(
"PHPCAS_LANG_CATALAN",
'CAS_Languages_Catalan');
222define(
"PHPCAS_LANG_CHINESE_SIMPLIFIED",
'CAS_Languages_ChineseSimplified');
249if (!empty($_ENV[
'TMP'])) {
return realpath($_ENV[
'TMP']); }
250if (!empty($_ENV[
'TMPDIR'])) {
return realpath( $_ENV[
'TMPDIR']); }
251if (!empty($_ENV[
'TEMP'])) {
return realpath( $_ENV[
'TEMP']); }
259require_once dirname(__FILE__) .
'/CAS/Autoload.php';
338 public static function client($server_version, $server_hostname,
339 $server_port, $server_uri, $changeSessionID =
true
342 if (is_object(self::$_PHPCAS_CLIENT)) {
343 phpCAS :: error(self::$_PHPCAS_INIT_CALL[
'method'] .
'() has already been called (at ' . self::$_PHPCAS_INIT_CALL[
'file'] .
':' . self::$_PHPCAS_INIT_CALL[
'line'] .
')');
347 $dbg = debug_backtrace();
348 self::$_PHPCAS_INIT_CALL = array (
350 'file' => $dbg[0][
'file'],
351 'line' => $dbg[0][
'line'],
352 'method' => __CLASS__ .
'::' . __FUNCTION__
358 $server_version,
false, $server_hostname, $server_port, $server_uri,
361 }
catch (Exception $e) {
382 public static function proxy($server_version, $server_hostname,
383 $server_port, $server_uri, $changeSessionID =
true
386 if (is_object(self::$_PHPCAS_CLIENT)) {
387 phpCAS :: error(self::$_PHPCAS_INIT_CALL[
'method'] .
'() has already been called (at ' . self::$_PHPCAS_INIT_CALL[
'file'] .
':' . self::$_PHPCAS_INIT_CALL[
'line'] .
')');
391 $dbg = debug_backtrace();
392 self::$_PHPCAS_INIT_CALL = array (
394 'file' => $dbg[0][
'file'],
395 'line' => $dbg[0][
'line'],
396 'method' => __CLASS__ .
'::' . __FUNCTION__
402 $server_version,
true, $server_hostname, $server_port, $server_uri,
405 }
catch (Exception $e) {
418 return (is_object(self::$_PHPCAS_CLIENT));
442 phpCAS :: error(
'type mismatched for parameter $dbg (should be false or the name of the log file)');
445 self::$_PHPCAS_DEBUG[
'filename'] =
false;
449 if (preg_match(
'/^Win.*/', getenv(
'OS'))) {
450 if (isset ($_ENV[
'TMP'])) {
451 $debugDir = $_ENV[
'TMP'] .
'/';
461 if (empty (self::$_PHPCAS_DEBUG[
'unique_id'])) {
462 self::$_PHPCAS_DEBUG[
'unique_id'] = substr(strtoupper(md5(uniqid(
''))), 0, 4);
465 self::$_PHPCAS_DEBUG[
'filename'] =
$filename;
466 self::$_PHPCAS_DEBUG[
'indent'] = 0;
484 self::$_PHPCAS_VERBOSE =
true;
486 self::$_PHPCAS_VERBOSE =
false;
509 public static function log($str)
514 if (!empty(self::$_PHPCAS_DEBUG[
'filename'])) {
517 if (!file_exists(self::$_PHPCAS_DEBUG[
'filename'])) {
518 touch(self::$_PHPCAS_DEBUG[
'filename']);
520 @chmod(self::$_PHPCAS_DEBUG[
'filename'], 0600);
522 for (
$i = 0;
$i < self::$_PHPCAS_DEBUG[
'indent'];
$i++) {
528 $str2 = str_replace(
"\n",
"\n" . self::$_PHPCAS_DEBUG[
'unique_id'] .
' ' . $indent_str, $str);
529 error_log(self::$_PHPCAS_DEBUG[
'unique_id'] .
' ' . $indent_str . $str2 .
"\n", 3, self::$_PHPCAS_DEBUG[
'filename']);
546 $dbg = debug_backtrace();
550 if (is_array($dbg)) {
551 for (
$i = 1;
$i <
sizeof($dbg);
$i++) {
552 if (is_array($dbg[
$i]) && isset($dbg[
$i][
'class']) ) {
553 if ($dbg[
$i][
'class'] == __CLASS__) {
556 $line = $dbg[
$i][
'line'];
561 if (self::$_PHPCAS_VERBOSE) {
562 echo
"<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>" . __CLASS__ .
"::" .
$function .
'(): ' . htmlentities($msg) .
"</b></font> in <b>" .
$file .
"</b> on line <b>" . $line .
"</b><br />\n";
564 echo
"<br />\n<b>Error</b>: <font color=\"FF0000\"><b>".
DEFAULT_ERROR .
"</b><br />\n";
581 $dbg = debug_backtrace();
582 phpCAS :: log($str .
' [' . basename($dbg[0][
'file']) .
':' . $dbg[0][
'line'] .
']');
593 $dbg = debug_backtrace();
595 if (!empty ($dbg[1][
'class'])) {
596 $str .= $dbg[1][
'class'] .
'::';
598 $str .= $dbg[1][
'function'] .
'(';
599 if (is_array($dbg[1][
'args'])) {
600 foreach ($dbg[1][
'args'] as
$index => $arg) {
604 if (is_object($arg)) {
605 $str .= get_class($arg);
607 $str .= str_replace(array(
"\r\n",
"\n",
"\r"),
"", var_export($arg,
true));
611 if (isset($dbg[1][
'file'])) {
612 $file = basename($dbg[1][
'file']);
614 $file =
'unknown_file';
616 if (isset($dbg[1][
'line'])) {
617 $line = $dbg[1][
'line'];
619 $line =
'unknown_line';
621 $str .=
') [' .
$file .
':' . $line .
']';
623 if (!isset(self::$_PHPCAS_DEBUG[
'indent'])) {
624 self::$_PHPCAS_DEBUG[
'indent'] = 0;
626 self::$_PHPCAS_DEBUG[
'indent']++;
640 if (empty(self::$_PHPCAS_DEBUG[
'indent'])) {
641 self::$_PHPCAS_DEBUG[
'indent'] = 0;
643 self::$_PHPCAS_DEBUG[
'indent']--;
645 $dbg = debug_backtrace();
647 if (is_object(
$res)) {
648 $str .=
'<= ' . get_class(
$res);
650 $str .=
'<= ' . str_replace(array(
"\r\n",
"\n",
"\r"),
"", var_export(
$res,
true));
664 while (self::$_PHPCAS_DEBUG[
'indent'] > 0) {
666 self::$_PHPCAS_DEBUG[
'indent']--;
694 self::$_PHPCAS_CLIENT->setLang(
$lang);
695 }
catch (Exception $e) {
740 self::$_PHPCAS_CLIENT->setHTMLHeader(
$header);
741 }
catch (Exception $e) {
758 self::$_PHPCAS_CLIENT->setHTMLFooter($footer);
759 }
catch (Exception $e) {
787 self::$_PHPCAS_CLIENT->setPGTStorage($storage);
788 }
catch (Exception $e) {
818 self::$_PHPCAS_CLIENT->setPGTStorageDb($dsn_or_pdo, $username,
$password,
$table, $driver_options);
819 }
catch (Exception $e) {
839 self::$_PHPCAS_CLIENT->setPGTStorageFile(
$path);
840 }
catch (Exception $e) {
870 $res = self::$_PHPCAS_CLIENT->getProxiedService(
$type);
871 }
catch (Exception $e) {
896 self::$_PHPCAS_CLIENT->initializeProxiedService($proxiedService);
897 }
catch (Exception $e) {
924 }
catch (Exception $e) {
957 $res = self::$_PHPCAS_CLIENT->serviceMail(
$url,
$service, $flags, $err_code, $err_msg, $pt);
958 }
catch (Exception $e) {
991 self::$_PHPCAS_CLIENT->setCacheTimesForAuthRecheck(
$n);
992 }
catch (Exception $e) {
1013 self::$_PHPCAS_CLIENT->setCasAttributeParserCallback(
$function, $additionalArgs);
1039 self::$_PHPCAS_CLIENT->setPostAuthenticateCallback(
$function, $additionalArgs);
1060 self::$_PHPCAS_CLIENT->setSingleSignoutCallback(
$function, $additionalArgs);
1078 $auth = self::$_PHPCAS_CLIENT->checkAuthentication();
1081 self::$_PHPCAS_CLIENT->markAuthenticationCall(
$auth);
1098 $auth = self::$_PHPCAS_CLIENT->forceAuthentication();
1101 self::$_PHPCAS_CLIENT->markAuthenticationCall(
$auth);
1124 $auth = self::$_PHPCAS_CLIENT->renewAuthentication();
1127 self::$_PHPCAS_CLIENT->markAuthenticationCall(
$auth);
1145 $auth = self::$_PHPCAS_CLIENT->isAuthenticated();
1148 self::$_PHPCAS_CLIENT->markAuthenticationCall(
$auth);
1180 return self::$_PHPCAS_CLIENT->getUser();
1181 }
catch (Exception $e) {
1199 return self::$_PHPCAS_CLIENT->getAttributes();
1200 }
catch (Exception $e) {
1218 return self::$_PHPCAS_CLIENT->hasAttributes();
1219 }
catch (Exception $e) {
1238 return self::$_PHPCAS_CLIENT->hasAttribute(
$key);
1239 }
catch (Exception $e) {
1258 return self::$_PHPCAS_CLIENT->getAttribute(
$key);
1259 }
catch (Exception $e) {
1289 return self::$_PHPCAS_CLIENT->getServerLoginURL();
1306 self::$_PHPCAS_CLIENT->setServerLoginURL(
$url);
1307 }
catch (Exception $e) {
1332 self::$_PHPCAS_CLIENT->setServerServiceValidateURL(
$url);
1333 }
catch (Exception $e) {
1358 self::$_PHPCAS_CLIENT->setServerProxyValidateURL(
$url);
1359 }
catch (Exception $e) {
1379 self::$_PHPCAS_CLIENT->setServerSamlValidateURL(
$url);
1380 }
catch (Exception $e) {
1397 return self::$_PHPCAS_CLIENT->getServerLogoutURL();
1414 self::$_PHPCAS_CLIENT->setServerLogoutURL(
$url);
1415 }
catch (Exception $e) {
1435 $parsedParams = array ();
1438 phpCAS :: error(
'method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead');
1441 phpCAS :: error(
'type mismatched for parameter $params (should be `array\')');
1444 if (
$key !=
"service" &&
$key !=
"url") {
1445 phpCAS :: error(
'only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\'');
1447 $parsedParams[
$key] = $value;
1450 self::$_PHPCAS_CLIENT->logout($parsedParams);
1469 phpCAS :: error(
'type mismatched for parameter $service (should be `string\')');
1471 self::$_PHPCAS_CLIENT->logout(array (
"service" =>
$service ));
1488 trigger_error(
'Function deprecated for cas servers >= 3.3.5.1', E_USER_DEPRECATED);
1490 if (!is_object(self::$_PHPCAS_CLIENT)) {
1491 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::client() or' . __CLASS__ .
'::proxy()');
1493 if (!is_string(
$url)) {
1494 phpCAS :: error(
'type mismatched for parameter $url (should be `string\')');
1496 self::$_PHPCAS_CLIENT->logout(array (
"url" =>
$url ));
1515 trigger_error(
'Function deprecated for cas servers >= 3.3.5.1', E_USER_DEPRECATED);
1520 phpCAS :: error(
'type mismatched for parameter $service (should be `string\')');
1522 if (!is_string(
$url)) {
1523 phpCAS :: error(
'type mismatched for parameter $url (should be `string\')');
1525 self::$_PHPCAS_CLIENT->logout(
1550 self::$_PHPCAS_CLIENT->setCallbackURL(
$url);
1551 }
catch (Exception $e) {
1572 self::$_PHPCAS_CLIENT->setURL(
$url);
1573 }
catch (Exception $e) {
1588 return (self::$_PHPCAS_CLIENT->getURL());
1600 public static function retrievePT($target_service, & $err_code, & $err_msg)
1605 return (self::$_PHPCAS_CLIENT->
retrievePT($target_service, $err_code, $err_msg));
1606 }
catch (Exception $e) {
1626 self::$_PHPCAS_CLIENT->setCasServerCACert($cert, $validate_cn);
1627 }
catch (Exception $e) {
1644 phpCAS :: trace(
'You have configured no validation of the legitimacy of the cas server. This is not recommended for production use.');
1645 self::$_PHPCAS_CLIENT->setNoCasServerValidation();
1664 self::$_PHPCAS_CLIENT->setNoClearTicketsFromUrl();
1684 self::$_PHPCAS_CLIENT->setExtraCurlOption(
$key, $value);
1732 phpCAS :: error(
'this method can only be used with the cas 2.0/3.0 protocols');
1734 self::$_PHPCAS_CLIENT->getAllowedProxyChains()->allowProxyChain($proxy_chain);
1769 phpCAS::log(
'rebroadcastNodeUrl:'.$rebroadcastNodeUrl);
1773 self::$_PHPCAS_CLIENT->addRebroadcastNode($rebroadcastNodeUrl);
1774 }
catch (Exception $e) {
1795 self::$_PHPCAS_CLIENT->addRebroadcastHeader(
$header);
1796 }
catch (Exception $e) {
1812 if (!is_object(self::$_PHPCAS_CLIENT)) {
1826 if (!is_object(self::$_PHPCAS_CLIENT)) {
1838 self::$_PHPCAS_CLIENT =
$client;
date( 'd-M-Y', $objPHPExcel->getProperties() ->getCreated())
const PHPCAS_VERSION(!defined('E_USER_DEPRECATED'))
phpCAS version.
The CAS_Client class is a client interface that provides CAS authentication to PHP applications.
An exception for terminatinating execution or to throw for unit testing.
This class defines Exceptions that should be thrown when the sequence of operations is invalid.
This class defines Exceptions that should be thrown when the sequence of operations is invalid.
The phpCAS class is a simple container for the phpCAS library.
static $_PHPCAS_INIT_CALL
This variable is used to store where the initializer is called from (to print a comprehensive error i...
static $_PHPCAS_DEBUG
This variable is used to store phpCAS debug mode.
static setExtraCurlOption($key, $value)
Change CURL options.
static setCasClient(\CAS_Client $client)
For testing purposes, use this method to set the client to a test double.
static getProxies()
Answer an array of proxies that are sitting in front of this application.
static addRebroadcastNode($rebroadcastNodeUrl)
Add a pgtIou/pgtId and logoutRequest rebroadcast node.
static _validateProxyExists()
Checks of a proxy client aready exists.
static allowProxyChain(CAS_ProxyChain_Interface $proxy_chain)
If you want your service to be proxied you have to enable it (default disabled) and define an accepab...
static _validateClientExists()
Checks if a client already exists.
static addRebroadcastHeader($header)
This method is used to add header parameters when rebroadcasting pgtIou/pgtId or logoutRequest.
static $_PHPCAS_VERBOSE
This variable is used to enable verbose mode This pevents debug info to be show to the user.
if(!is_dir( $entity_dir)) exit("Fatal Error ([A-Za-z0-9]+)\s+" &#(? foreach( $entity_files as $file) $output
static logoutWithRedirectServiceAndUrl($service, $url)
This method is used to logout from CAS.
static checkAuthentication()
This method is called to check if the user is already authenticated locally or has a global cas sessi...
static hasAttribute($key)
Answer true if an attribute exists for the authenticated user.
static getServerLogoutURL()
This method returns the URL to be used to login.
static setCasAttributeParserCallback($function, array $additionalArgs=array())
Set a callback function to be run when receiving CAS attributes.
static setFixedCallbackURL($url='')
Set the fixed URL that will be used by the CAS server to transmit the PGT.
static handleLogoutRequests($check_client=true, $allowed_clients=false)
Handle logout requests.
static renewAuthentication()
This method is called to renew the authentication.
static getAttribute($key)
Answer an attribute for the authenticated user.
static isAuthenticated()
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
static getUser()
This method returns the CAS user's login name.
static setServerLogoutURL($url='')
Set the logout URL of the CAS server.
static setFixedServiceURL($url)
Set the fixed URL that will be set as the CAS service parameter.
static setCacheTimesForAuthRecheck($n)
Set the times authentication will be cached before really accessing the CAS server in gateway mode:
static forceAuthentication()
This method is called to force authentication if the user was not already authenticated.
static getServerLoginURL()
This method returns the URL to be used to login.
static logoutWithRedirectService($service)
This method is used to logout from CAS.
static getServiceURL()
Get the URL that is set as the CAS service parameter.
static setSingleSignoutCallback($function, array $additionalArgs=array())
Set a callback function to be run when a single-signout request is received.
static getAttributes()
Answer attributes about the authenticated user.
static logout($params="")
This method is used to logout from CAS.
static setServerLoginURL($url='')
Set the login URL of the CAS server.
static setServerServiceValidateURL($url='')
Set the serviceValidate URL of the CAS server.
static isSessionAuthenticated()
Checks whether authenticated based on $_SESSION.
static setNoClearTicketsFromUrl()
Disable the removal of a CAS-Ticket from the URL when authenticating DISABLING POSES A SECURITY RISK:...
static retrievePT($target_service, & $err_code, & $err_msg)
Retrieve a Proxy Ticket from the CAS server.
static setNoCasServerValidation()
Set no SSL validation for the CAS server.
static setServerSamlValidateURL($url='')
Set the samlValidate URL of the CAS server.
static setCasServerCACert($cert, $validate_cn=true)
Set the certificate of the CAS server CA and if the CN should be properly verified.
static hasAttributes()
Answer true if there are attributes for the authenticated user.
static setPostAuthenticateCallback($function, array $additionalArgs=array())
Set a callback function to be run when a user authenticates.
static logoutWithUrl($url)
This method is used to logout from CAS.
static setServerProxyValidateURL($url='')
Set the proxyValidate URL of the CAS server.
static trace($str)
This method is used to log something in debug mode.
static setDebug($filename='')
Set/unset debug mode.
static log($str)
Logs a string in debug mode.
static getVerbose()
Show is verbose mode is on.
static setVerbose($verbose)
Enable verbose errors messages in the website output This is a security relevant since internal statu...
gettmpdir()
The default directory for the debug file under Unix.
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode.
static error($msg)
This method is used by interface methods to print an error and where the function was originally call...
static traceExit()
This method is used to indicate the end of the execution of the program.
static client($server_version, $server_hostname, $server_port, $server_uri, $changeSessionID=true)
phpCAS client initializer.
static isInitialized()
Answer whether or not the client or proxy has been initialized.
static proxy($server_version, $server_hostname, $server_port, $server_uri, $changeSessionID=true)
phpCAS proxy initializer.
static setLang($lang)
This method is used to set the language used by phpCAS.
const PHPCAS_LANG_ENGLISH
static setHTMLFooter($footer)
This method sets the HTML footer used for all outputs.
static setHTMLHeader($header)
This method sets the HTML header used for all outputs.
static setPGTStorageDb($dsn_or_pdo, $username='', $password='', $table='', $driver_options=null)
This method is used to tell phpCAS to store the response of the CAS server to PGT requests in a datab...
static setPGTStorage($storage)
This method can be used to set a custom PGT storage object.
static setPGTStorageFile($path='')
This method is used to tell phpCAS to store the response of the CAS server to PGT requests onto the f...
static initializeProxiedService(CAS_ProxiedService $proxiedService)
Initialize a proxied-service handler with the proxy-ticket it should use.
static serviceMail($url, $service, $flags, & $err_code, & $err_msg, & $pt)
This method is used to access an IMAP/POP3/NNTP service.
static serviceWeb($url, & $err_code, & $output)
This method is used to access an HTTP[S] service.
static getProxiedService($type)
Answer a proxy-authenticated service handler.
const DEFAULT_ERROR
SAML Attributes.
const CAS_VERSION_3_0
CAS version 3.0.
static getVersion()
This method returns the phpCAS version.
This interface defines methods that allow proxy-authenticated service handlers to interact with phpCA...
An interface for classes that define a list of allowed proxies in front of the current application.
defined( 'APPLICATION_ENV')||define( 'APPLICATION_ENV'
if(empty($password)) $table
if(!file_exists("$old.txt")) if( $old===$new) if(file_exists("$new.txt")) $file
foreach($_POST as $key=> $value) $res
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
1.9.4 (using Doxyfile)