107                (empty($this->_output_header)
 
  108                ? 
'<html><head><title>__TITLE__</title></head><body><h1>__TITLE__</h1>' 
  109                : $this->_output_header)
 
  134            empty($this->_output_footer)?
 
  135            (phpcas::getVerbose())?
 
  136                '<hr><address>phpCAS __PHPCAS_VERSION__ ' 
  137                . 
$lang->getUsingServer()
 
  138                . 
' <a href="__SERVER_BASE_URL__">__SERVER_BASE_URL__</a> (CAS __CAS_VERSION__)</a></address></body></html>' 
  140            :$this->_output_footer
 
  154        if (gettype(
$header) != 
'string') {
 
  158        $this->_output_header = 
$header;
 
  171        if (gettype($footer) != 
'string') {
 
  175        $this->_output_footer = $footer;
 
  207        if (gettype(
$lang) != 
'string') {
 
  215                '$className must implement the CAS_Languages_LanguageInterface' 
  218        $this->_lang = 
$lang;
 
  229        return new $classname();
 
  268        'hostname' => 
'none',
 
  279        return $this->_server[
'version'];
 
  289        return $this->_server[
'hostname'];
 
  299        return $this->_server[
'port'];
 
  309        return $this->_server[
'uri'];
 
  320        if (empty($this->_server[
'base_url'])) {
 
  323                $this->_server[
'base_url'] .= 
':' 
  328        return $this->_server[
'base_url'];
 
  345        if (empty($this->_server[
'login_url'])) {
 
  348        $url = $this->_server[
'login_url'];
 
  353        } elseif ($gateway) {
 
  372        if (gettype(
$url) != 
'string') {
 
  376        return $this->_server[
'login_url'] = 
$url;
 
  390        if (gettype(
$url) != 
'string') {
 
  394        return $this->_server[
'service_validate_url'] = 
$url;
 
  408        if (gettype(
$url) != 
'string') {
 
  412        return $this->_server[
'proxy_validate_url'] = 
$url;
 
  426        if (gettype(
$url) != 
'string') {
 
  430        return $this->_server[
'saml_validate_url'] = 
$url;
 
  443        if (empty($this->_server[
'service_validate_url'])) {
 
  455                . 
'p3/serviceValidate';
 
  460            $this->_server[
'service_validate_url'],
 
  461            'service=' . urlencode($this->
getURL())
 
  475        if (empty($this->_server[
'saml_validate_url'])) {
 
  478                $this->_server[
'saml_validate_url'] = $this->
_getServerBaseURL() . 
'samlValidate';
 
  484            $this->_server[
'saml_validate_url'],
 
  485            'TARGET=' . urlencode($this->
getURL())
 
  500        if (empty($this->_server[
'proxy_validate_url'])) {
 
  503                $this->_server[
'proxy_validate_url'] = 
'';
 
  506                $this->_server[
'proxy_validate_url'] = $this->
_getServerBaseURL() . 
'proxyValidate';
 
  509                $this->_server[
'proxy_validate_url'] = $this->
_getServerBaseURL() . 
'p3/proxyValidate';
 
  514            $this->_server[
'proxy_validate_url'],
 
  515            'service=' . urlencode($this->
getURL())
 
  530        if (empty($this->_server[
'proxy_url'])) {
 
  533                $this->_server[
'proxy_url'] = 
'';
 
  541        return $this->_server[
'proxy_url'];
 
  552        if (empty($this->_server[
'logout_url'])) {
 
  555        return $this->_server[
'logout_url'];
 
  568        if (gettype(
$url) != 
'string') {
 
  572        return $this->_server[
'logout_url'] = 
$url;
 
  590        $this->_curl_options[
$key] = $value;
 
  622        $obj = 
new $className;
 
  625                '$className must implement the CAS_Request_RequestInterface' 
  628        $this->_requestImplementation = $className;
 
  649        $this->_clearTicketsFromUrl = 
false;
 
  675        $this->_casAttributeParserCallbackFunction = $function;
 
  676        $this->_casAttributeParserCallbackArgs = $additionalArgs;
 
  709        $this->_postAuthenticateCallbackFunction = $function;
 
  710        $this->_postAuthenticateCallbackArgs = $additionalArgs;
 
  739        $this->_signoutCallbackFunction = $function;
 
  740        $this->_signoutCallbackArgs = $additionalArgs;
 
  773        $dbg = debug_backtrace();
 
  774        $this->_authentication_caller = array(
 
  775            'file' => $dbg[1][
'file'],
 
  776            'line' => $dbg[1][
'line'],
 
  777            'method' => $dbg[1][
'class'] . 
'::' . $dbg[1][
'function'],
 
  778            'result' => (
boolean) 
$auth 
  790        return !empty($this->_authentication_caller);
 
  819        return $this->_authentication_caller[
'result'];
 
  834        if (!$this->_authentication_caller[
'result']) {
 
  836                'authentication was checked (by ' 
  840                . 
') but the method returned false' 
  856        return $this->_authentication_caller[
'file'];
 
  870        return $this->_authentication_caller[
'line'];
 
  884        return $this->_authentication_caller[
'method'];
 
  917        $changeSessionID = 
true 
  920        if (gettype($server_version) != 
'string') {
 
  923        if (gettype($proxy) != 
'boolean') {
 
  926        if (gettype($server_hostname) != 
'string') {
 
  929        if (gettype($server_port) != 
'integer') {
 
  932        if (gettype($server_uri) != 
'string') {
 
  935        if (gettype($changeSessionID) != 
'boolean') {
 
  956        $this->_proxy = $proxy;
 
  963            if (!isset(
$_SESSION[
'phpCAS'][
'service_cookies'])) {
 
  964                $_SESSION[
'phpCAS'][
'service_cookies'] = array();
 
  972        switch ($server_version) {
 
  976                    'CAS proxies are not supported in CAS ' . $server_version
 
  987                'this version of CAS (`' . $server_version
 
  988                . 
'\') is not supported by 
phpCAS ' . phpCAS::getVersion() 
  991        $this->_server['version
'] = $server_version; 
  994        if (empty($server_hostname) 
  995            || !preg_match('/[\.\d\-abcdefghijklmnopqrstuvwxyz]*/
', $server_hostname) 
  997            phpCAS::error('bad 
CAS server hostname (`
' . $server_hostname . '\
')');
 
  999        $this->_server[
'hostname'] = $server_hostname;
 
 1002        if ($server_port == 0
 
 1003            || !is_int($server_port)
 
 1005            phpCAS::error(
'bad CAS server port (`' . $server_hostname . 
'\')
'); 
 1007        $this->_server['port
'] = $server_port; 
 1010        if (!preg_match('/[\.\d\-_abcdefghijklmnopqrstuvwxyz\/]*/
', $server_uri)) { 
 1011            phpCAS::error('bad 
CAS server URI (`
' . $server_uri . '\
')');
 
 1014        if (strstr($server_uri, 
'?') === 
false) {
 
 1017        $server_uri = preg_replace(
'/\/\//', 
'/', 
'/' . $server_uri);
 
 1018        $this->_server[
'uri'] = $server_uri;
 
 1029                    'CAS proxies must be secured to use phpCAS; PGT\'s will not be received from the CAS server' 
 1035            $ticket = (isset(
$_GET[
'ticket']) ? 
$_GET[
'ticket'] : 
null);
 
 1036            if (preg_match(
'/^[SP]T-/', $ticket)) {
 
 1038                $this->setTicket($ticket); 
 1039                unset($_GET['ticket
']); 
 1040            } elseif (!empty($ticket)) { 
 1041                //ill-formed ticket, halt 
 1043                    'ill-formed ticket found in the URL (ticket=`
' 
 1044                    . htmlentities($ticket) . '\
')' 
 1080        $this->_change_session_id = $allowed;
 
 1123        $this->_user = 
$user;
 
 1153        if (empty($this->_user)) {
 
 1155                'this method should be used only after ' . __CLASS__
 
 1156                . 
'::forceAuthentication() or ' . __CLASS__ . 
'::isAuthenticated()' 
 1193        if (empty($this->_user)) {
 
 1196                'this method should be used only after ' . __CLASS__
 
 1197                . 
'::forceAuthentication() or ' . __CLASS__ . 
'::isAuthenticated()' 
 1213        return !empty($this->_attributes);
 
 1239        return (is_array($this->_attributes)
 
 1240            && array_key_exists(
$key, $this->_attributes));
 
 1256            return $this->_attributes[
$key];
 
 1271        if (isset(
$_SESSION[
'phpCAS'][
'auth_checked'])) {
 
 1272            unset(
$_SESSION[
'phpCAS'][
'auth_checked']);
 
 1302            if (isset(
$_SESSION[
'phpCAS'][
'auth_checked'])) {
 
 1303                unset(
$_SESSION[
'phpCAS'][
'auth_checked']);
 
 1330        if (gettype(
$n) != 
'integer') {
 
 1334        $this->_cache_times_for_auth_recheck = 
$n;
 
 1351            unset(
$_SESSION[
'phpCAS'][
'auth_checked']);
 
 1353        } elseif (isset(
$_SESSION[
'phpCAS'][
'auth_checked'])) {
 
 1356            unset(
$_SESSION[
'phpCAS'][
'auth_checked']);
 
 1360            if (!isset(
$_SESSION[
'phpCAS'][
'unauth_count'])) {
 
 1361                $_SESSION[
'phpCAS'][
'unauth_count'] = -2; 
 
 1364            if ((
$_SESSION[
'phpCAS'][
'unauth_count'] != -2
 
 1365                && $this->_cache_times_for_auth_recheck == -1)
 
 1366                || (
$_SESSION[
'phpCAS'][
'unauth_count'] >= 0
 
 1367                && 
$_SESSION[
'phpCAS'][
'unauth_count'] < $this->_cache_times_for_auth_recheck)
 
 1371                if ($this->_cache_times_for_auth_recheck != -1) {
 
 1374                        'user is not authenticated (cached for ' 
 1375                        . 
$_SESSION[
'phpCAS'][
'unauth_count'] . 
' times of ' 
 1376                        . $this->_cache_times_for_auth_recheck . 
')' 
 1380                        'user is not authenticated (cached for until login pressed)' 
 1384                $_SESSION[
'phpCAS'][
'unauth_count'] = 0;
 
 1385                $_SESSION[
'phpCAS'][
'auth_checked'] = 
true;
 
 1414                    'ticket was present and will be discarded, use renewAuthenticate()' 
 1416                if ($this->_clearTicketsFromUrl) {
 
 1418                    session_write_close();
 
 1419                    header(
'Location: ' . $this->
getURL());
 
 1425                        'Already authenticated, but skipping ticket clearing since setNoClearTicketsFromUrl() was used.' 
 1433                    'user was already authenticated, no need to look for tickets' 
 1447                        'CAS 1.0 ticket `' . $this->
getTicket() . 
'\' is present
' 
 1449                    $this->validateCAS10( 
 1454                    ); // if it fails, it halts 
 1456                        'CAS 1.0 ticket `
' . $this->getTicket() . '\
' was validated' 
 1468                    $this->validateCAS20( 
 1473                    ); // note: if it fails, it halts 
 1475                        'CAS ' . $this->getServerVersion() . ' ticket `
' . $this->getTicket() . '\
' was validated' 
 1484                        $_SESSION['phpCAS']['pgt
'] = $this->_getPGT(); 
 1486                    $_SESSION['phpCAS']['user'] = $this->_getUser(); 
 1487                    if (!empty($this->_attributes)) { 
 1488                        $_SESSION['phpCAS']['attributes
'] = $this->_attributes; 
 1490                    $proxies = $this->getProxies(); 
 1491                    if (!empty($proxies)) { 
 1492                        $_SESSION['phpCAS']['proxies
'] = $this->getProxies(); 
 1495                    $logoutTicket = $this->getTicket(); 
 1497                case SAML_VERSION_1_1: 
 1498                    // if we have a SAML ticket, validate it. 
 1500                        'SAML 1.1 ticket `
' . $this->getTicket() . '\
' is present' 
 1509                        'SAML 1.1 ticket `' . $this->
getTicket() . 
'\' was validated
' 
 1511                    $_SESSION['phpCAS']['user'] = $this->_getUser(); 
 1512                    $_SESSION['phpCAS']['attributes
'] = $this->_attributes; 
 1514                    $logoutTicket = $this->getTicket(); 
 1517                    phpCAS::trace('Protocoll 
error'); 
 1521                // no ticket given, not authenticated 
 1522                phpCAS::trace('no ticket found
'); 
 1525            // Mark the auth-check as complete to allow post-authentication 
 1526            // callbacks to make use of phpCAS::getUser() and similar methods 
 1527            $this->markAuthenticationCall($res); 
 1530                // call the post-authenticate callback if registered. 
 1531                if ($this->_postAuthenticateCallbackFunction) { 
 1532                    $args = $this->_postAuthenticateCallbackArgs; 
 1533                    array_unshift($args, $logoutTicket); 
 1534                    call_user_func_array( 
 1535                        $this->_postAuthenticateCallbackFunction, 
 1540                // if called with a ticket parameter, we need to redirect to the 
 1541                // app without the ticket so that CAS-ification is transparent 
 1542                // to the browser (for later POSTS) most of the checks and 
 1543                // errors should have been made now, so we're safe 
for redirect
 
 1546                if ($this->_clearTicketsFromUrl) {
 
 1548                    session_write_close();
 
 1549                    header(
'Location: ' . $this->
getURL());
 
 1567        return !empty(
$_SESSION[
'phpCAS'][
'user']);
 
 1599                if (isset(
$_SESSION[
'phpCAS'][
'attributes'])) {
 
 1604                    'user = `' . 
$_SESSION[
'phpCAS'][
'user'] . 
'\', PGT = `
' 
 1605                    . $_SESSION['phpCAS']['pgt
'] . '\
'' 
 1609                if (isset(
$_SESSION[
'phpCAS'][
'proxies'])) {
 
 1613                        . implode(
'", "', 
$_SESSION[
'phpCAS'][
'proxies']) . 
'"' 
 1623                    'username found (`' . 
$_SESSION[
'phpCAS'][
'user']
 
 1624                    . 
'\') but PGT is empty
' 
 1626                // unset all tickets to enforce authentication 
 1627                unset($_SESSION['phpCAS']); 
 1628                $this->setTicket(''); 
 1629            } elseif (!$this->isSessionAuthenticated() 
 1630                && !empty($_SESSION['phpCAS']['pgt
']) 
 1632                // these two variables should be empty or not empty at the same time 
 1634                    'PGT found (`
' . $_SESSION['phpCAS']['pgt
'] 
 1635                    . '\
') but username is empty' 
 1648                if (isset(
$_SESSION[
'phpCAS'][
'attributes'])) {
 
 1654                if (isset(
$_SESSION[
'phpCAS'][
'proxies'])) {
 
 1658                        . implode(
'", "', 
$_SESSION[
'phpCAS'][
'proxies']) . 
'"' 
 1686        session_write_close();
 
 1687        if (php_sapi_name() === 
'cli') {
 
 1688            @header(
'Location: ' . $cas_url);
 
 1690            header(
'Location: ' . $cas_url);
 
 1695        printf(
'<p>' . 
$lang->getShouldHaveBeenRedirected() . 
'</p>', $cas_url);
 
 1714        $paramSeparator = 
'?';
 
 1716            $cas_url = $cas_url . $paramSeparator . 
"url=" 
 1718            $paramSeparator = 
'&';
 
 1720        if (isset(
$params[
'service'])) {
 
 1721            $cas_url = $cas_url . $paramSeparator . 
"service=" 
 1722                . urlencode(
$params[
'service']);
 
 1724        header(
'Location: ' . $cas_url);
 
 1730        if (session_status() === PHP_SESSION_NONE) {
 
 1738        printf(
'<p>' . 
$lang->getShouldHaveBeenRedirected() . 
'</p>', $cas_url);
 
 1751        return !empty(
$_POST[
'logoutRequest']);
 
 1773            && is_null($this->_signoutCallbackFunction)
 
 1776                "phpCAS can't handle logout requests if it is not allowed to change session_id." 
 1780        $decoded_logout_rq = urldecode(
$_POST[
'logoutRequest']);
 
 1783        if ($check_client) {
 
 1784            if (!$allowed_clients) {
 
 1787            $client_ip = 
$_SERVER[
'REMOTE_ADDR'];
 
 1788            $client = gethostbyaddr($client_ip);
 
 1790            foreach ($allowed_clients as $allowed_client) {
 
 1791                if ((
$client == $allowed_client)
 
 1792                    || ($client_ip == $allowed_client)
 
 1795                        "Allowed client '" . $allowed_client
 
 1796                        . 
"' matches, logout request is allowed" 
 1802                        "Allowed client '" . $allowed_client . 
"' does not match" 
 1819                "|<samlp:SessionIndex>(.*)</samlp:SessionIndex>|",
 
 1822                PREG_OFFSET_CAPTURE,
 
 1825            $wrappedSamlSessionIndex = preg_replace(
 
 1826                '|<samlp:SessionIndex>|',
 
 1830            $ticket2logout = preg_replace(
 
 1831                '|</samlp:SessionIndex>|',
 
 1833                $wrappedSamlSessionIndex
 
 1838            if ($this->_signoutCallbackFunction) {
 
 1840                array_unshift($args, $ticket2logout);
 
 1841                call_user_func_array($this->_signoutCallbackFunction, $args);
 
 1847                $session_id = preg_replace(
'/[^a-zA-Z0-9\-]/', 
'', $ticket2logout);
 
 1851                if (session_id() !== 
"") {
 
 1856                session_id($session_id);
 
 1857                $_COOKIE[session_name()] = $session_id;
 
 1858                $_GET[session_name()] = $session_id;
 
 1919        $this->_ticket = $st;
 
 1929        return !empty($this->_ticket);
 
 1982        if (gettype($cert) != 
'string') {
 
 1985        if (gettype($validate_cn) != 
'boolean') {
 
 1988        if (!file_exists($cert) && $this->_requestImplementation !== 
'CAS_TestHarness_DummyRequest') {
 
 1991        $this->_cas_server_ca_cert = $cert;
 
 1992        $this->_cas_server_cn_validate = $validate_cn;
 
 2002        $this->_no_cas_server_validation = 
true;
 
 2020    public function validateCAS10(&$validate_url, &$text_response, &$tree_response, $renew = 
false)
 
 2026            . 
'&ticket=' . urlencode($this->
getTicket());
 
 2030            $validate_url .= 
'&renew=true';
 
 2034        if (!$this->
_readURL($validate_url, $headers, $text_response, $err_msg)) {
 
 2036                'could not open URL \'' . $validate_url . 
'\' to validate (
' . $err_msg . ')
' 
 2038            throw new CAS_AuthenticationException( 
 2040                'CAS 1.0 ticket not validated
', 
 2042                true/*$no_response*/ 
 2047        if (preg_match('/^no\n/
', $text_response)) { 
 2048            phpCAS::trace('Ticket has not been validated
'); 
 2049            throw new CAS_AuthenticationException( 
 2053                false/*$no_response*/, 
 2054                false/*$bad_response*/, 
 2058        } elseif (!preg_match('/^yes\n/
', $text_response)) { 
 2059            phpCAS::trace('ill-formed response
'); 
 2060            throw new CAS_AuthenticationException( 
 2062                'Ticket not validated
', 
 2064                false/*$no_response*/, 
 2065                true/*$bad_response*/, 
 2070        // ticket has been validated, extract the user name 
 2071        $arr = preg_split('/\n/
', $text_response); 
 2072        $this->_setUser(trim($arr[1])); 
 2076            $this->_renameSession($this->getTicket()); 
 2078        // at this step, ticket has been validated and $this->_user has been set, 
 2079        phpCAS::traceEnd(true); 
 2086    // ######################################################################## 
 2088    // ######################################################################## 
 2110    public function validateSA(&$validate_url, &$text_response, &$tree_response, $renew = false) 
 2112        phpCAS::traceBegin(); 
 2114        // build the URL to validate the ticket 
 2115        $validate_url = $this->getServerSamlValidateURL(); 
 2119            $validate_url .= '&renew=
true'; 
 2122        // open and read the URL 
 2123        if (!$this->_readURL($validate_url, $headers, $text_response, $err_msg)) { 
 2125                'could not open URL \
'' . $validate_url . 
'\' to validate (
' . $err_msg . ')
' 
 2127            throw new CAS_AuthenticationException( 
 2131                true/*$no_response*/ 
 2135        phpCAS::trace('server version: 
' . $this->getServerVersion()); 
 2137        // analyze the result depending on the version 
 2138        switch ($this->getServerVersion()) { 
 2139        case SAML_VERSION_1_1: 
 2140            // create new DOMDocument Object 
 2141            $dom = new DOMDocument(); 
 2142            // Fix possible whitspace problems 
 2143            $dom->preserveWhiteSpace = false; 
 2144            // read the response of the CAS server into a DOM object 
 2145            if (!($dom->loadXML($text_response))) { 
 2146                phpCAS::trace('dom->loadXML() failed
'); 
 2147                throw new CAS_AuthenticationException( 
 2151                    false/*$no_response*/, 
 2152                    true/*$bad_response*/, 
 2157            // read the root node of the XML tree 
 2158            if (!($tree_response = $dom->documentElement)) { 
 2159                phpCAS::trace('documentElement() failed
'); 
 2160                throw new CAS_AuthenticationException( 
 2164                    false/*$no_response*/, 
 2165                    true/*$bad_response*/, 
 2169            } elseif ($tree_response->localName != 'Envelope
') { 
 2170                // insure that tag name is 'Envelope
' 
 2172                    'bad XML root node (should be `Envelope\
' instead of `' 
 2173                    . $tree_response->localName . 
'\'' 
 2184            } elseif ($tree_response->getElementsByTagName(
"NameIdentifier")->length != 0) {
 
 2186                $success_elements = $tree_response->getElementsByTagName(
"NameIdentifier");
 
 2188                $user = trim($success_elements->item(0)->nodeValue);
 
 2194                phpCAS::trace(
'no <NameIdentifier> tag found in SAML payload');
 
 2228        $attr_array = array();
 
 2231        $dom = 
new DOMDocument();
 
 2233        $dom->preserveWhiteSpace = 
false;
 
 2234        if (($dom->loadXML($text_response))) {
 
 2235            $xPath = 
new DOMXpath($dom);
 
 2236            $xPath->registerNamespace(
'samlp', 
'urn:oasis:names:tc:SAML:1.0:protocol');
 
 2237            $xPath->registerNamespace(
'saml', 
'urn:oasis:names:tc:SAML:1.0:assertion');
 
 2238            $nodelist = $xPath->query(
"//saml:Attribute");
 
 2241                foreach ($nodelist as $node) {
 
 2242                    $xres = $xPath->query(
"saml:AttributeValue", $node);
 
 2243                    $name = $node->getAttribute(
"AttributeName");
 
 2244                    $value_array = array();
 
 2245                    foreach ($xres as $node2) {
 
 2246                        $value_array[] = $node2->nodeValue;
 
 2248                    $attr_array[
$name] = $value_array;
 
 2251                foreach ($attr_array as $attr_key => $attr_value) {
 
 2252                    if (count($attr_value) > 1) {
 
 2253                        $this->_attributes[$attr_key] = $attr_value;
 
 2254                        phpCAS::trace(
"* " . $attr_key . 
"=" . print_r($attr_value, 
true));
 
 2256                        $this->_attributes[$attr_key] = $attr_value[0];
 
 2355        return !empty($this->_pgt);
 
 2390        $this->_callback_mode = $callback_mode;
 
 2423        if (empty($this->_callback_url)) {
 
 2426            $final_uri = 
'https://';
 
 2428            $request_uri = 
$_SERVER[
'REQUEST_URI'];
 
 2429            $request_uri = preg_replace(
'/\?.*$/', 
'', $request_uri);
 
 2430            $final_uri .= $request_uri;
 
 2431            $this->_callback_url = $final_uri;
 
 2448        if (gettype(
$url) != 
'string') {
 
 2452        return $this->_callback_url = 
$url;
 
 2464        if (preg_match(
'/PGTIOU-[\.\-\w]/', 
$_GET[
'pgtIou'])) {
 
 2465            if (preg_match(
'/[PT]GT-[\.\-\w]/', 
$_GET[
'pgtId'])) {
 
 2467                $pgt_iou = 
$_GET[
'pgtIou'];
 
 2468                $pgt = 
$_GET[
'pgtId'];
 
 2469                phpCAS::trace(
'Storing PGT `' . $pgt . 
'\' (
id=`
' . $pgt_iou . '\
')');
 
 2470                echo 
'<p>Storing PGT `' . $pgt . 
'\' (
id=`
' . $pgt_iou . '\
').</p>';
 
 2519        if (!is_object($this->_pgt_storage)) {
 
 2524        $this->_pgt_storage->init();
 
 2540        $this->_pgt_storage->write($pgt, $pgt_iou);
 
 2556        return $this->_pgt_storage->read($pgt_iou);
 
 2573        if (is_object($this->_pgt_storage)) {
 
 2583        $this->_pgt_storage = $storage;
 
 2608        $driver_options = 
null 
 2614        if ((is_object($dsn_or_pdo) && !($dsn_or_pdo instanceof PDO)) || gettype($dsn_or_pdo) != 
'string') {
 
 2617        if (gettype($username) != 
'string') {
 
 2623        if (gettype(
$table) != 
'string') {
 
 2654        if (gettype(
$path) != 
'string') {
 
 2680    private function _validatePGT(&$validate_url, $text_response, $tree_response)
 
 2683        if ($tree_response->getElementsByTagName(
"proxyGrantingTicket")->length == 0) {
 
 2688                'Ticket validated but no PGT Iou transmitted',
 
 2697                $tree_response->getElementsByTagName(
"proxyGrantingTicket")->item(0)->nodeValue
 
 2699            if (preg_match(
'/PGTIOU-[\.\-\w]/', $pgt_iou)) {
 
 2701                if ($pgt == 
false) {
 
 2705                        'PGT Iou was transmitted but PGT could not be retrieved',
 
 2717                    'PGT Iou was transmitted but has wrong format',
 
 2742    public function retrievePT($target_service, &$err_code, &$err_msg)
 
 2745        if (gettype($target_service) != 
'string') {
 
 2759            . urlencode($target_service) . 
'&pgt=' . $this->
_getPGT();
 
 2762        if (!$this->
_readURL($cas_url, $headers, $cas_response, $err_msg)) {
 
 2764                'could not open URL \'' . $cas_url . 
'\' to validate (
' . $err_msg . ')
' 
 2766            $err_code = PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE; 
 2767            $err_msg = 'could not retrieve PT (no response from the 
CAS server)
'; 
 2768            phpCAS::traceEnd(false); 
 2772        $bad_response = false; 
 2774        if (!$bad_response) { 
 2775            // create new DOMDocument object 
 2776            $dom = new DOMDocument(); 
 2777            // Fix possible whitspace problems 
 2778            $dom->preserveWhiteSpace = false; 
 2779            // read the response of the CAS server into a DOM object 
 2780            if (!($dom->loadXML($cas_response))) { 
 2781                phpCAS::trace('dom->loadXML() failed
'); 
 2783                $bad_response = true; 
 2787        if (!$bad_response) { 
 2788            // read the root node of the XML tree 
 2789            if (!($root = $dom->documentElement)) { 
 2790                phpCAS::trace('documentElement failed
'); 
 2792                $bad_response = true; 
 2796        if (!$bad_response) { 
 2797            // insure that tag name is 'serviceResponse
' 
 2798            if ($root->localName != 'serviceResponse
') { 
 2799                phpCAS::trace('localName failed
'); 
 2801                $bad_response = true; 
 2805        if (!$bad_response) { 
 2806            // look for a proxySuccess tag 
 2807            if ($root->getElementsByTagName("proxySuccess")->length != 0) { 
 2808                $proxy_success_list = $root->getElementsByTagName("proxySuccess"); 
 2810                // authentication succeded, look for a proxyTicket tag 
 2811                if ($proxy_success_list->item(0)->getElementsByTagName("proxyTicket")->length != 0) { 
 2812                    $err_code = PHPCAS_SERVICE_OK; 
 2815                        $proxy_success_list->item(0)->getElementsByTagName("proxyTicket")->item(0)->nodeValue 
 2817                    phpCAS::trace('original PT: 
' . trim($pt)); 
 2818                    phpCAS::traceEnd($pt); 
 2821                    phpCAS::trace('<proxySuccess> was found, but not <proxyTicket>
'); 
 2823            } elseif ($root->getElementsByTagName("proxyFailure")->length != 0) { 
 2824                // look for a proxyFailure tag 
 2825                $proxy_failure_list = $root->getElementsByTagName("proxyFailure"); 
 2827                // authentication failed, extract the error 
 2828                $err_code = PHPCAS_SERVICE_PT_FAILURE; 
 2829                $err_msg = 'PT retrieving failed (code=`
' 
 2830                . $proxy_failure_list->item(0)->getAttribute('code
') 
 2832                . trim($proxy_failure_list->item(0)->nodeValue)
 
 2834                phpCAS::traceEnd(false); 
 2837                phpCAS::trace('neither <proxySuccess> nor <proxyFailure> found
'); 
 2841        // at this step, we are sure that the response of the CAS server was 
 2843        $err_code = PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE; 
 2844        $err_msg = 'Invalid response from the 
CAS server (response=`
' 
 2845            . $cas_response . '\
')';
 
 2881        if (count($this->_curl_options)) {
 
 2882            $request->setCurlOptions($this->_curl_options);
 
 2887        if (empty($this->_cas_server_ca_cert) && !$this->_no_cas_server_validation) {
 
 2889                'one of the methods phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.' 
 2892        if ($this->_cas_server_ca_cert != 
'') {
 
 2894                $this->_cas_server_ca_cert,
 
 2895                $this->_cas_server_cn_validate
 
 2901            $request->addHeader(
"soapaction: http://www.oasis-open.org/committees/security");
 
 2902            $request->addHeader(
"cache-control: no-cache");
 
 2903            $request->addHeader(
"pragma: no-cache");
 
 2904            $request->addHeader(
"accept: text/xml");
 
 2905            $request->addHeader(
"connection: keep-alive");
 
 2906            $request->addHeader(
"content-type: text/xml");
 
 2912            $headers = 
$request->getResponseHeaders();
 
 2913            $body = 
$request->getResponseBody();
 
 2920            $err_msg = 
$request->getErrorMessage();
 
 2975        if (gettype(
$type) != 
'string') {
 
 2984            if (count($this->_curl_options)) {
 
 2985                $request->setCurlOptions($this->_curl_options);
 
 2987            $proxiedService = 
new $type(
$request, $this->_serviceCookieJar);
 
 2989                $proxiedService->setCasClient($this);
 
 2991            return $proxiedService;
 
 2995                $proxiedService->setCasClient($this);
 
 2997            return $proxiedService;
 
 3000                "Unknown proxied-service type, $type." 
 3027        if (!is_string(
$url)) {
 
 3029                "Proxied Service " . get_class($proxiedService)
 
 3030                . 
"->getServiceUrl() should have returned a string, returned a " 
 3031                . gettype(
$url) . 
" instead." 
 3062        if (gettype(
$url) != 
'string') {
 
 3068            $service->setUrl(
$url);
 
 3070            $output = $service->getResponseBody();
 
 3074            $err_code = $e->getCode();
 
 3080                $lang->getServiceUnavailable(),
 
 3115        if (gettype(
$url) != 
'string') {
 
 3118        if (gettype($serviceUrl) != 
'string') {
 
 3121        if (gettype($flags) != 
'integer') {
 
 3127            $service->setServiceUrl($serviceUrl);
 
 3128            $service->setMailbox(
$url);
 
 3129            $service->setOptions($flags);
 
 3133            $pt = $service->getImapProxyTicket();
 
 3136            $err_msg = $e->getMessage();
 
 3137            $err_code = $e->getCode();
 
 3143                $lang->getServiceUnavailable(),
 
 3205        $this->_proxies = $proxies;
 
 3206        if (!empty($proxies)) {
 
 3232        if (empty($this->_allowed_proxy_chains)) {
 
 3259    public function validateCAS20(&$validate_url, &$text_response, &$tree_response, $renew = 
false)
 
 3280            $validate_url .= 
'&renew=true';
 
 3284        if (!$this->
_readURL($validate_url, $headers, $text_response, $err_msg)) {
 
 3286                'could not open URL \'' . $validate_url . 
'\' to validate (
' . $err_msg . ')
' 
 3288            throw new CAS_AuthenticationException( 
 3290                'Ticket not validated
', 
 3292                true/*$no_response*/ 
 3297        // create new DOMDocument object 
 3298        $dom = new DOMDocument(); 
 3299        // Fix possible whitspace problems 
 3300        $dom->preserveWhiteSpace = false; 
 3301        // CAS servers should only return data in utf-8 
 3302        $dom->encoding = "utf-8"; 
 3303        // read the response of the CAS server into a DOMDocument object 
 3304        if (!($dom->loadXML($text_response))) { 
 3306            throw new CAS_AuthenticationException( 
 3308                'Ticket not validated
', 
 3310                false/*$no_response*/, 
 3311                true/*$bad_response*/, 
 3315        } elseif (!($tree_response = $dom->documentElement)) { 
 3316            // read the root node of the XML tree 
 3318            throw new CAS_AuthenticationException( 
 3320                'Ticket not validated
', 
 3322                false/*$no_response*/, 
 3323                true/*$bad_response*/, 
 3327        } elseif ($tree_response->localName != 'serviceResponse
') { 
 3328            // insure that tag name is 'serviceResponse
' 
 3330            throw new CAS_AuthenticationException( 
 3332                'Ticket not validated
', 
 3334                false/*$no_response*/, 
 3335                true/*$bad_response*/, 
 3339        } elseif ($tree_response->getElementsByTagName("authenticationFailure")->length != 0) { 
 3340            // authentication failed, extract the error code and message and throw exception 
 3341            $auth_fail_list = $tree_response 
 3342                ->getElementsByTagName("authenticationFailure"); 
 3343            throw new CAS_AuthenticationException( 
 3345                'Ticket not validated
', 
 3347                false/*$no_response*/, 
 3348                false/*$bad_response*/, 
 3350                $auth_fail_list->item(0)->getAttribute('code
')/*$err_code*/, 
 3351                trim($auth_fail_list->item(0)->nodeValue)/*$err_msg*/ 
 3354        } elseif ($tree_response->getElementsByTagName("authenticationSuccess")->length != 0) { 
 3355            // authentication succeded, extract the user name 
 3356            $success_elements = $tree_response 
 3357                ->getElementsByTagName("authenticationSuccess"); 
 3358            if ($success_elements->item(0)->getElementsByTagName("user")->length == 0) { 
 3359                // no user specified => error 
 3360                throw new CAS_AuthenticationException( 
 3362                    'Ticket not validated
', 
 3364                    false/*$no_response*/, 
 3365                    true/*$bad_response*/, 
 3372                        $success_elements->item(0)->getElementsByTagName("user")->item(0)->nodeValue 
 3375                $this->_readExtraAttributesCas20($success_elements); 
 3376                // Store the proxies we are sitting behind for authorization checking 
 3377                $proxyList = array(); 
 3378                if (sizeof($arr = $success_elements->item(0)->getElementsByTagName("proxy")) > 0) { 
 3379                    foreach ($arr as $proxyElem) { 
 3380                        phpCAS::trace("Found Proxy: " . $proxyElem->nodeValue); 
 3381                        $proxyList[] = trim($proxyElem->nodeValue); 
 3383                    $this->_setProxies($proxyList); 
 3384                    phpCAS::trace("Storing Proxy List"); 
 3386                // Check if the proxies in front of us are allowed 
 3387                if (!$this->getAllowedProxyChains()->isProxyListAllowed($proxyList)) { 
 3388                    throw new CAS_AuthenticationException( 
 3390                        'Proxy not allowed
', 
 3392                        false/*$no_response*/, 
 3393                        true/*$bad_response*/, 
 3402            throw new CAS_AuthenticationException( 
 3404                'Ticket not validated
', 
 3406                false/*$no_response*/, 
 3407                true/*$bad_response*/, 
 3413            $this->_renameSession($this->getTicket()); 
 3415        // at this step, Ticket has been validated and $this->_user has been set, 
 3417        phpCAS::traceEnd($result); 
 3431    private function _readExtraAttributesCas20($success_elements) 
 3433        phpCAS::traceBegin(); 
 3435        $extra_attributes = array(); 
 3437        // "Jasig Style" Attributes: 
 3439        //      <cas:serviceResponse xmlns:cas='http:
 
 3453        if ($this->_casAttributeParserCallbackFunction !== 
null 
 3454            && is_callable($this->_casAttributeParserCallbackFunction)
 
 3456            array_unshift($this->_casAttributeParserCallbackArgs, $success_elements->item(0));
 
 3457            phpCas :: trace(
"Calling attritubeParser callback");
 
 3458            $extra_attributes = call_user_func_array(
 
 3459                $this->_casAttributeParserCallbackFunction,
 
 3460                $this->_casAttributeParserCallbackArgs
 
 3462        } elseif ($success_elements->item(0)->getElementsByTagName(
"attributes")->length != 0) {
 
 3463            $attr_nodes = $success_elements->item(0)
 
 3464                ->getElementsByTagName(
"attributes");
 
 3465            phpCas :: trace(
"Found nested jasig style attributes");
 
 3466            if ($attr_nodes->item(0)->hasChildNodes()) {
 
 3468                foreach ($attr_nodes->item(0)->childNodes as $attr_child) {
 
 3470                        "Attribute [" . $attr_child->localName . 
"] = " 
 3471                        . $attr_child->nodeValue
 
 3475                        $attr_child->localName,
 
 3476                        $attr_child->nodeValue
 
 3497            phpCas :: trace(
"Testing for rubycas style attributes");
 
 3498            $childnodes = $success_elements->item(0)->childNodes;
 
 3499            foreach ($childnodes as $attr_node) {
 
 3500                switch ($attr_node->localName) {
 
 3503                case 'proxyGrantingTicket':
 
 3506                    if (strlen(trim($attr_node->nodeValue))) {
 
 3508                            "Attribute [" . $attr_node->localName . 
"] = " . $attr_node->nodeValue
 
 3512                            $attr_node->localName,
 
 3513                            $attr_node->nodeValue
 
 3540        if (!count($extra_attributes)
 
 3541            && $success_elements->item(0)->getElementsByTagName(
"attribute")->length != 0
 
 3543            $attr_nodes = $success_elements->item(0)
 
 3544                ->getElementsByTagName(
"attribute");
 
 3545            $firstAttr = $attr_nodes->item(0);
 
 3546            if (!$firstAttr->hasChildNodes()
 
 3547                && $firstAttr->hasAttribute(
'name')
 
 3548                && $firstAttr->hasAttribute(
'value')
 
 3550                phpCas :: trace(
"Found Name-Value style attributes");
 
 3552                foreach ($attr_nodes as $attr_node) {
 
 3553                    if ($attr_node->hasAttribute(
'name')
 
 3554                        && $attr_node->hasAttribute(
'value')
 
 3557                            "Attribute [" . $attr_node->getAttribute(
'name')
 
 3558                            . 
"] = " . $attr_node->getAttribute(
'value')
 
 3562                            $attr_node->getAttribute(
'name'),
 
 3563                            $attr_node->getAttribute(
'value')
 
 3587        if (isset($attributeArray[
$name])) {
 
 3589            if (!is_array($attributeArray[
$name])) {
 
 3590                $existingValue = $attributeArray[
$name];
 
 3591                $attributeArray[
$name] = array($existingValue);
 
 3594            $attributeArray[
$name][] = trim($value);
 
 3596            $attributeArray[
$name] = trim($value);
 
 3635        if (gettype(
$url) != 
'string') {
 
 3652        if (empty($this->_url)) {
 
 3655            $final_uri = ($this->
_isHttps()) ? 
'https' : 
'http';
 
 3656            $final_uri .= 
'://';
 
 3659            $request_uri = explode(
'?', 
$_SERVER[
'REQUEST_URI'], 2);
 
 3660            $final_uri .= $request_uri[0];
 
 3662            if (isset($request_uri[1]) && $request_uri[1]) {
 
 3667                if ($query_string !== 
'') {
 
 3668                    $final_uri .= 
"?$query_string";
 
 3673            $this->
setURL($final_uri);
 
 3689        if (gettype(
$url) != 
'string') {
 
 3693        return $this->_server[
'base_url'] = 
$url;
 
 3705        if (!empty(
$_SERVER[
'HTTP_X_FORWARDED_HOST'])) {
 
 3707            $hosts = explode(
',', 
$_SERVER[
'HTTP_X_FORWARDED_HOST']);
 
 3710        } elseif (!empty(
$_SERVER[
'HTTP_X_FORWARDED_SERVER'])) {
 
 3711            $server_url = 
$_SERVER[
'HTTP_X_FORWARDED_SERVER'];
 
 3713            if (empty(
$_SERVER[
'SERVER_NAME'])) {
 
 3714                $server_url = 
$_SERVER[
'HTTP_HOST'];
 
 3716                $server_url = 
$_SERVER[
'SERVER_NAME'];
 
 3719        if (!strpos($server_url, 
':')) {
 
 3720            if (empty(
$_SERVER[
'HTTP_X_FORWARDED_PORT'])) {
 
 3721                $server_port = 
$_SERVER[
'SERVER_PORT'];
 
 3723                $ports = explode(
',', 
$_SERVER[
'HTTP_X_FORWARDED_PORT']);
 
 3724                $server_port = $ports[0];
 
 3727            if (($this->
_isHttps() && $server_port != 443)
 
 3728                || (!$this->
_isHttps() && $server_port != 80)
 
 3731                $server_url .= $server_port;
 
 3744        if (!empty(
$_SERVER[
'HTTP_X_FORWARDED_PROTO'])) {
 
 3745            return (
$_SERVER[
'HTTP_X_FORWARDED_PROTO'] === 
'https');
 
 3746        } elseif (!empty(
$_SERVER[
'HTTP_X_FORWARDED_PROTOCOL'])) {
 
 3747            return (
$_SERVER[
'HTTP_X_FORWARDED_PROTOCOL'] === 
'https');
 
 3750            && strcasecmp(
$_SERVER[
'HTTPS'], 
'off') !== 0
 
 3769        $parameterName = preg_quote($parameterName);
 
 3770        return preg_replace(
 
 3771            "/&$parameterName(=[^&]*)?|^$parameterName(=[^&]*)?&?/",
 
 3789        $url .= (strstr(
$url, 
'?') === 
false) ? 
'?' : 
'&';
 
 3805            if (!empty($this->_user)) {
 
 3810                $session_id = preg_replace(
'/[^a-zA-Z0-9\-]/', 
'', $ticket);
 
 3812                session_id($session_id);
 
 3818                    'Session should only be renamed after successfull authentication' 
 3823                "Skipping session rename since phpCAS is not handling the session." 
 3862            $lang->getYouWereNotAuthenticated(),
 
 3863            htmlentities($this->
getURL()),
 
 3871            if ($bad_response) {
 
 3880                    if (empty($err_code)) {
 
 3884                            'Reason: [' . $err_code . 
'] CAS error: ' . $err_msg
 
 3925        if (preg_match(
"/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/", $nodeURL)) {
 
 3944        if (!(
bool) preg_match(
"/^(http|https):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i", $rebroadcastNodeUrl)) {
 
 3950        $this->_rebroadcast_nodes[] = $rebroadcastNodeUrl;
 
 3968        if (gettype(
$header) != 
'string') {
 
 3972        $this->_rebroadcast_headers[] = 
$header;
 
 3992        $rebroadcast_curl_options = array(
 
 3993        CURLOPT_FAILONERROR => 1,
 
 3994        CURLOPT_FOLLOWLOCATION => 1,
 
 3995        CURLOPT_RETURNTRANSFER => 1,
 
 3996        CURLOPT_CONNECTTIMEOUT => 1,
 
 3997        CURLOPT_TIMEOUT => 4);
 
 4000        if (!empty(
$_SERVER[
'SERVER_ADDR'])) {
 
 4002        } elseif (!empty(
$_SERVER[
'LOCAL_ADDR'])) {
 
 4008            $dns = gethostbyaddr($ip);
 
 4010        $multiClassName = 
'CAS_Request_CurlMultiRequest';
 
 4011        $multiRequest = 
new $multiClassName();
 
 4014            if ((($this->
_getNodeType($this->_rebroadcast_nodes[
$i]) == self::HOSTNAME) && !empty($dns) && (stripos($this->_rebroadcast_nodes[
$i], $dns) === 
false))
 
 4015                || (($this->
_getNodeType($this->_rebroadcast_nodes[
$i]) == 
self::IP) && !empty($ip) && (stripos($this->_rebroadcast_nodes[
$i], $ip) === 
false))
 
 4018                    'Rebroadcast target URL: ' . $this->_rebroadcast_nodes[
$i]
 
 4027                if (count($this->_rebroadcast_headers)) {
 
 4028                    $request->addHeaders($this->_rebroadcast_headers);
 
 4032                if (
$type == self::LOGOUT) {
 
 4035                        'rebroadcast=false&logoutRequest=' . 
$_POST[
'logoutRequest']
 
 4037                } elseif (
$type == self::PGTIOU) {
 
 4039                    $request->setPostBody(
'rebroadcast=false');
 
 4042                $request->setCurlOptions($rebroadcast_curl_options);
 
 4044                $multiRequest->addRequest(
$request);
 
 4047                    'Rebroadcast not sent to self: ' 
 4048                    . $this->_rebroadcast_nodes[
$i] . 
' == ' . (!empty($ip)?$ip:
'')
 
 4049                    . 
'/' . (!empty($dns)?$dns:
'')
 
 4054        if ($multiRequest->getNumRequests() > 0) {
 
 4055            $multiRequest->send();
 
foreach($paths as $path) $request
This interface defines methods that allow proxy-authenticated service handlers to interact with phpCA...
The CAS_Client class is a client interface that provides CAS authentication to PHP applications.
This class provides access to service cookies and handles parsing of response headers to pull out coo...
An exception for terminatinating execution or to throw for unit testing.
Exception that denotes invalid arguments were passed.
This class defines Exceptions that should be thrown when the sequence of operations is invalid.
This class defines Exceptions that should be thrown when the sequence of operations is invalid.
This class defines Exceptions that should be thrown when the sequence of operations is invalid.
Basic class for PGT storage The CAS_PGTStorage_AbstractStorage class is a generic class for PGT stora...
Basic class for PGT database storage The CAS_PGTStorage_Db class is a class for PGT database storage.
The CAS_PGTStorage_File class is a class for PGT file storage.
An Exception for problems communicating with a proxied service.
Provides access to a proxy-authenticated IMAP stream.
ProxyChain is a container for storing chains of valid proxies that can be used to validate proxied re...
An Exception for errors related to fetching or validating proxy tickets.
Licensed to Jasig under one or more contributor license agreements.
error($a_errmsg)
set error message @access public
The phpCAS class is a simple container for the phpCAS library.
if($_SERVER['argc']< 4) $client
if(array_key_exists('yes', $_REQUEST)) $attributes
getUser()
This method returns the CAS user's login name.
$_user
The Authenticated user.
_hasAttribute($key)
Check whether a specific attribute with a name is available.
getAttributes()
Get an key values arry of attributes.
hasAttribute($key)
Check whether a specific attribute with a name is available.
checkAuthentication()
This method is called to check whether the user is authenticated or not.
isSessionAuthenticated()
This method tells if the current session is authenticated.
_setUser($user)
This method sets the CAS user's login name.
$_cache_times_for_auth_recheck
An integer that gives the number of times authentication will be cached before rechecked.
isAuthenticated($renew=false)
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
getAttribute($key)
Get a specific attribute by name.
setAttributes($attributes)
Set an array of attributes.
hasAttributes()
Check whether attributes are available.
_getUser()
This method returns the CAS user's login name.
_isLogoutRequest()
Check of the current request is a logout request.
setCacheTimesForAuthRecheck($n)
Set the number of times authentication will be cached before rechecked.
_wasPreviouslyAuthenticated()
This method tells if the user has already been (previously) authenticated by looking into the session...
$_attributes
The Authenticated users attributes.
redirectToCas($gateway=false, $renew=false)
This method is used to redirect the client to the CAS server.
logout($params)
This method is used to logout from CAS.
handleLogoutRequests($check_client=true, $allowed_clients=false)
This method handles logout requests.
forceAuthentication()
This method is called to be sure that the user is authenticated.
renewAuthentication()
This method is called to renew the authentication of the user If the user is authenticated,...
$_cas_server_ca_cert
the certificate of the CAS server CA.
hasTicket()
This method tells if a Service Ticket was stored.
getTicket()
This method returns the Service Ticket provided in the URL of the request.
$_ticket
The Ticket provided in the URL of the request if present (empty otherwise).
validateCAS10(&$validate_url, &$text_response, &$tree_response, $renew=false)
This method is used to validate a CAS 1,0 ticket; halt on failure, and sets $validate_url,...
$_cas_server_cn_validate
validate CN of the CAS server certificate
$_no_cas_server_validation
Set to true not to validate the CAS server.
setTicket($st)
This method stores the Service Ticket.
setCasServerCACert($cert, $validate_cn)
Set the CA certificate of the CAS server.
setNoCasServerValidation()
Set no SSL validation for the CAS server.
$_signoutCallbackFunction
$_casAttributeParserCallbackArgs
$_requestImplementation
The class to instantiate for making web requests in readUrl().
wasAuthenticationCallSuccessful()
Answer the result of the authentication call.
$_postAuthenticateCallbackArgs
setRequestImplementation($className)
Override the default implementation used to make web requests in readUrl().
setPostAuthenticateCallback($function, array $additionalArgs=array())
Set a callback function to be run when a user authenticates.
getAuthenticationCallerMethod()
Answer information about the authentication caller.
setSingleSignoutCallback($function, array $additionalArgs=array())
Set a callback function to be run when a single-signout request is received.
$_casAttributeParserCallbackFunction
getAuthenticationCallerFile()
Answer information about the authentication caller.
markAuthenticationCall($auth)
Mark the caller of authentication.
setCasAttributeParserCallback($function, array $additionalArgs=array())
Set a callback function to be run when parsing CAS attributes.
wasAuthenticationCalled()
Answer true if authentication has been checked.
_ensureAuthenticationCalled()
Ensure that authentication was checked.
getAuthenticationCallerLine()
Answer information about the authentication caller.
ensureAuthenticationCallSuccessful()
Ensure that authentication was checked.
$_postAuthenticateCallbackFunction
ensureIsProxy()
Ensure that this is actually a proxy object or fail with an exception.
setNoClearTicketsFromUrl()
Configure the client to not send redirect headers and call exit() on authentication success.
_setCallbackMode($callback_mode)
This method sets/unsets callback mode.
$_callback_url
the URL that should be used for the PGT callback (in fact the URL of the current request without any ...
_callback()
This method is called by CAS_Client::CAS_Client() when running in callback mode.
setCallbackURL($url)
This method sets the callback url.
_getCallbackURL()
This method returns the URL that should be used for the PGT callback (in fact the URL of the current ...
$_callback_mode
each PHP script using phpCAS in proxy mode is its own callback to get the PGT back from the CAS serve...
_isCallbackMode()
This method returns true when the CAs client is running i callback mode, false otherwise.
getServerServiceValidateURL()
This method is used to retrieve the service validating URL of the CAS server.
_getServerHostname()
This method is used to retrieve the hostname of the CAS server.
getServerVersion()
This method is used to retrieve the version of the CAS server.
getServerProxyValidateURL()
This method is used to retrieve the proxy validating URL of the CAS server.
_setChangeSessionID($allowed)
Set a parameter whether to allow phpCas to change session_id.
setServerServiceValidateURL($url)
This method sets the serviceValidate URL of the CAS server.
getChangeSessionID()
Get whether phpCas is allowed to change session_id.
getServerProxyURL()
This method is used to retrieve the proxy URL of the CAS server.
setServerSamlValidateURL($url)
This method sets the samlValidate URL of the CAS server.
getServerLogoutURL()
This method is used to retrieve the logout URL of the CAS server.
setServerLogoutURL($url)
This method sets the logout URL of the CAS server.
__construct( $server_version, $proxy, $server_hostname, $server_port, $server_uri, $changeSessionID=true)
CAS_Client constructor.
getServerLoginURL($gateway=false, $renew=false)
This method is used to retrieve the login URL of the CAS server.
_getServerURI()
This method is used to retrieve the URI of the CAS server.
setExtraCurlOption($key, $value)
This method is used to set additional user curl options.
$_server
a record to store information about the CAS server.
setServerLoginURL($url)
This method sets the login URL of the CAS server.
_getServerPort()
This method is used to retrieve the port of the CAS server.
setServerProxyValidateURL($url)
This method sets the proxyValidate URL of the CAS server.
getServerSamlValidateURL()
This method is used to retrieve the SAML validating URL of the CAS server.
_getServerBaseURL()
This method is used to retrieve the base URL of the CAS server.
$_change_session_id
A variable to whether phpcas will use its own session handling.
$_curl_options
An array to store extra curl options.
setLang($lang)
This method is used to set the language used by phpCAS.
$_lang
A string corresponding to the language used by phpCAS.
const PHPCAS_LANG_DEFAULT
phpCAS default language (when phpCAS::setLang() is not used)
getLangObj()
Create the language.
$_rebroadcast_headers
An array to store extra rebroadcast curl options.
_renameSession($ticket)
Renaming the session.
_buildQueryUrl($url, $query)
This method is used to append query parameters to an url.
_rebroadcast($type)
This method rebroadcasts logout/pgtIou requests.
const HOSTNAME
Constants used for determining rebroadcast node type.
$_rebroadcast
Boolean of whether to rebroadcast pgtIou/pgtId and logoutRequest, and array of the nodes.
const LOGOUT
Constants used for determining rebroadcast type (logout or pgtIou/pgtId).
addRebroadcastHeader($header)
This method is used to add header parameters when rebroadcasting pgtIou/pgtId or logoutRequest.
_authError( $failure, $cas_url, $no_response, $bad_response='', $cas_response='', $err_code='', $err_msg='')
This method is used to print the HTML output when the user was not authenticated.
_buildSAMLPayload()
This method is used to build the SAML POST body sent to /samlValidate URL.
_getNodeType($nodeURL)
Determine the node type from the URL.
setURL($url)
This method sets the URL of the current request.
setBaseURL($url)
This method sets the base URL of the CAS server.
addRebroadcastNode($rebroadcastNodeUrl)
Store the rebroadcast node for pgtIou/pgtId and logout requests.
getURL()
This method returns the URL of the current request (without any ticket CGI parameter).
_removeParameterFromQueryString($parameterName, $queryString)
Removes a parameter from a query string.
_isHttps()
This method checks to see if the request is secured via HTTPS.
_readURL($url, &$headers, &$body, &$err_msg)
This method is used to acces a remote URL.
$_url
the URL of the current request (without any ticket CGI parameter).
_getClientUrl()
Try to figure out the phpCas client URL with possible Proxys / Ports etc.
printHTMLFooter()
This method prints the footer of the HTML output (after filtering).
setHTMLFooter($footer)
This method set the HTML footer used for all outputs.
printHTMLHeader($title)
This method prints the header of the HTML output (after filtering).
setHTMLHeader($header)
This method set the HTML header used for all outputs.
_htmlFilterOutput($str)
This method filters a string by replacing special tokens by appropriate values and prints it.
$_output_footer
A string used to print the footer of HTML pages.
$_output_header
A string used to print the header of HTML pages.
_loadPGT($pgt_iou)
This method reads a PGT from its Iou and deletes the corresponding storage entry.
retrievePT($target_service, &$err_code, &$err_msg)
This method is used to retrieve PT's from the CAS server thanks to a PGT.
_validatePGT(&$validate_url, $text_response, $tree_response)
This method is used to validate a PGT; halt on failure.
setPGTStorage($storage)
This method can be used to set a custom PGT storage object.
_initPGTStorage()
This method is used to initialize the storage of PGT's.
setPGTStorageFile($path='')
This method is used to tell phpCAS to store the response of the CAS server to PGT requests onto the f...
$_pgt_storage
an instance of a class inheriting of PGTStorage, used to deal with PGT storage.
_storePGT($pgt, $pgt_iou)
This method stores a PGT.
setPGTStorageDb( $dsn_or_pdo, $username='', $password='', $table='', $driver_options=null)
This method is used to tell phpCAS to store the response of the CAS server to PGT requests in a datab...
validateCAS20(&$validate_url, &$text_response, &$tree_response, $renew=false)
This method is used to validate a cas 2.0 ST or PT; halt on failure Used for all CAS 2....
_addAttributeToArray(array &$attributeArray, $name, $value)
Add an attribute value to an array of attributes.
getProxiedService($type)
Answer a proxy-authenticated service handler.
serviceWeb($url, &$err_code, &$output)
This method is used to access an HTTP[S] service.
serviceMail($url, $serviceUrl, $flags, &$err_code, &$err_msg, &$pt)
This method is used to access an IMAP/POP3/NNTP service.
initializeProxiedService(CAS_ProxiedService $proxiedService)
Initialize a proxied-service handler with the proxy-ticket it should use.
isProxy()
Tells if a CAS client is a CAS proxy or not.
$_serviceCookieJar
Handler for managing service cookies.
$_pgt
the Proxy Grnting Ticket given by the CAS server (empty otherwise).
_setPGT($pgt)
This method stores the Proxy Granting Ticket.
$_proxy
A boolean telling if the client is a CAS proxy or not.
_hasPGT()
This method tells if a Proxy Granting Ticket was stored.
_getPGT()
This method returns the Proxy Granting Ticket given by the CAS server.
_setSessionAttributes($text_response)
This method will parse the DOM and pull out the attributes from the SAML payload and put them into an...
validateSA(&$validate_url, &$text_response, &$tree_response, $renew=false)
This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url,...
$_proxies
This array will store a list of proxies in front of this application.
getAllowedProxyChains()
Answer the CAS_ProxyChain_AllowedList object for this client.
_setProxies($proxies)
Set the Proxy array, probably from persistant storage.
getProxies()
Answer an array of proxies that are sitting in front of this application.
static trace($str)
This method is used to log something in debug mode.
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode.
static error($msg)
This method is used by interface methods to print an error and where the function was originally call...
static traceExit()
This method is used to indicate the end of the execution of the program.
const PHPCAS_PROXIED_SERVICE_HTTP_POST
phpCAS::getProxiedService() type for HTTP POST
const PHPCAS_PROXIED_SERVICE_HTTP_GET
phpCAS::getProxiedService() type for HTTP GET
const PHPCAS_SERVICE_OK
phpCAS::service() error code on success
const PHPCAS_SERVICE_NOT_AVAILABLE
phpCAS::service() error code when the service was not available.
const PHPCAS_PROXIED_SERVICE_IMAP
phpCAS::getProxiedService() type for IMAP
const SAML_ASSERTION_ARTIFACT_CLOSE
SAMLP close.
const SAML_ASSERTION_ARTIFACT
SAMLP artifact tag (for the ticket)
const CAS_VERSION_3_0
CAS version 3.0.
const SAML_SOAP_ENV
SOAP envelope for SAML POST.
const SAMLP_REQUEST
SAMLP request.
static getVersion()
This method returns the phpCAS version.
const SAML_VERSION_1_1
SAML protocol.
const SAML_SOAP_BODY
SOAP body for SAML POST.
const CAS_VERSION_1_0
CAS version 1.0.
const SAML_SOAP_BODY_CLOSE
SOAP body close.
const SAML_SOAP_ENV_CLOSE
SOAP envelope close.
const SAMLP_REQUEST_CLOSE
Language Interface class for all internationalization files.
This interface defines methods that allow proxy-authenticated service handlers to interact with phpCA...
getServiceUrl()
Answer a service identifier (URL) for whom we should fetch a proxy ticket.
setProxyTicket($proxyTicket)
Register a proxy ticket with the ProxiedService that it can use when making requests.
This interface defines a class library for performing web requests.
for($i=1; $i<=count($kw_cases_sel); $i+=1) $lang
$stream
PHP stream implementation.
static http()
Fetches the global http state from ILIAS.
if(empty($password)) $table
foreach($_POST as $key=> $value) $res
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']