48if (!defined(
'E_USER_DEPRECATED')) {
49 define(
'E_USER_DEPRECATED', E_USER_NOTICE);
64define(
'PHPCAS_VERSION',
'1.3.5');
74define(
"CAS_VERSION_1_0",
'1.0');
78define(
"CAS_VERSION_2_0",
'2.0');
82define(
"CAS_VERSION_3_0",
'3.0');
91define(
"SAML_VERSION_1_1",
'S1');
96define(
"SAML_XML_HEADER",
'<?xml version="1.0" encoding="UTF-8"?>');
101define(
"SAML_SOAP_ENV",
'<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/>');
106define(
"SAML_SOAP_BODY",
'<SOAP-ENV:Body>');
111define(
"SAMLP_REQUEST",
'<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="_192.168.16.51.1024506224022" IssueInstant="2002-06-19T17:03:44.022Z">');
112define(
"SAMLP_REQUEST_CLOSE",
'</samlp:Request>');
117define(
"SAML_ASSERTION_ARTIFACT",
'<samlp:AssertionArtifact>');
122define(
"SAML_ASSERTION_ARTIFACT_CLOSE",
'</samlp:AssertionArtifact>');
127define(
"SAML_SOAP_BODY_CLOSE",
'</SOAP-ENV:Body>');
132define(
"SAML_SOAP_ENV_CLOSE",
'</SOAP-ENV:Envelope>');
137define(
"SAML_ATTRIBUTES",
'SAMLATTRIBS');
142define(
"DEFAULT_ERROR",
'Internal script failure');
155define(
"CAS_PGT_STORAGE_FILE_DEFAULT_PATH", session_save_path());
168define(
"PHPCAS_SERVICE_OK", 0);
173define(
"PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE", 1);
178define(
"PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE", 2);
183define(
"PHPCAS_SERVICE_PT_FAILURE", 3);
187define(
"PHPCAS_SERVICE_NOT_AVAILABLE", 4);
195define(
"PHPCAS_PROXIED_SERVICE_HTTP_GET",
'CAS_ProxiedService_Http_Get');
199define(
"PHPCAS_PROXIED_SERVICE_HTTP_POST",
'CAS_ProxiedService_Http_Post');
203define(
"PHPCAS_PROXIED_SERVICE_IMAP",
'CAS_ProxiedService_Imap');
215define(
"PHPCAS_LANG_ENGLISH",
'CAS_Languages_English');
216define(
"PHPCAS_LANG_FRENCH",
'CAS_Languages_French');
217define(
"PHPCAS_LANG_GREEK",
'CAS_Languages_Greek');
218define(
"PHPCAS_LANG_GERMAN",
'CAS_Languages_German');
219define(
"PHPCAS_LANG_JAPANESE",
'CAS_Languages_Japanese');
220define(
"PHPCAS_LANG_SPANISH",
'CAS_Languages_Spanish');
221define(
"PHPCAS_LANG_CATALAN",
'CAS_Languages_Catalan');
222define(
"PHPCAS_LANG_CHINESE_SIMPLIFIED",
'CAS_Languages_ChineseSimplified');
250 if (!empty($_ENV[
'TMP'])) {
251 return realpath($_ENV[
'TMP']);
253 if (!empty($_ENV[
'TMPDIR'])) {
254 return realpath($_ENV[
'TMPDIR']);
256 if (!empty($_ENV[
'TEMP'])) {
257 return realpath($_ENV[
'TEMP']);
266require_once dirname(__FILE__) .
'/CAS/Autoload.php';
350 $changeSessionID =
true
353 if (is_object(self::$_PHPCAS_CLIENT)) {
354 phpCAS :: error(self::$_PHPCAS_INIT_CALL[
'method'] .
'() has already been called (at ' . self::$_PHPCAS_INIT_CALL[
'file'] .
':' . self::$_PHPCAS_INIT_CALL[
'line'] .
')');
358 $dbg = debug_backtrace();
359 self::$_PHPCAS_INIT_CALL = array(
361 'file' => $dbg[0][
'file'],
362 'line' => $dbg[0][
'line'],
363 'method' => __CLASS__ .
'::' . __FUNCTION__
376 }
catch (Exception $e) {
402 $changeSessionID =
true
405 if (is_object(self::$_PHPCAS_CLIENT)) {
406 phpCAS :: error(self::$_PHPCAS_INIT_CALL[
'method'] .
'() has already been called (at ' . self::$_PHPCAS_INIT_CALL[
'file'] .
':' . self::$_PHPCAS_INIT_CALL[
'line'] .
')');
410 $dbg = debug_backtrace();
411 self::$_PHPCAS_INIT_CALL = array(
413 'file' => $dbg[0][
'file'],
414 'line' => $dbg[0][
'line'],
415 'method' => __CLASS__ .
'::' . __FUNCTION__
428 }
catch (Exception $e) {
441 return (is_object(self::$_PHPCAS_CLIENT));
465 phpCAS :: error(
'type mismatched for parameter $dbg (should be false or the name of the log file)');
468 self::$_PHPCAS_DEBUG[
'filename'] =
false;
471 if (preg_match(
'/^Win.*/', getenv(
'OS'))) {
472 if (isset($_ENV[
'TMP'])) {
473 $debugDir = $_ENV[
'TMP'] .
'/';
483 if (empty(self::$_PHPCAS_DEBUG[
'unique_id'])) {
484 self::$_PHPCAS_DEBUG[
'unique_id'] = substr(strtoupper(md5(uniqid(
''))), 0, 4);
487 self::$_PHPCAS_DEBUG[
'filename'] =
$filename;
488 self::$_PHPCAS_DEBUG[
'indent'] = 0;
506 self::$_PHPCAS_VERBOSE =
true;
508 self::$_PHPCAS_VERBOSE =
false;
531 public static function log($str)
536 if (!empty(self::$_PHPCAS_DEBUG[
'filename'])) {
539 if (!file_exists(self::$_PHPCAS_DEBUG[
'filename'])) {
540 touch(self::$_PHPCAS_DEBUG[
'filename']);
542 @chmod(self::$_PHPCAS_DEBUG[
'filename'], 0600);
544 for (
$i = 0;
$i < self::$_PHPCAS_DEBUG[
'indent'];
$i++) {
549 $str2 = str_replace(
"\n",
"\n" . self::$_PHPCAS_DEBUG[
'unique_id'] .
' ' . $indent_str, $str);
550 error_log(self::$_PHPCAS_DEBUG[
'unique_id'] .
' ' . $indent_str . $str2 .
"\n", 3, self::$_PHPCAS_DEBUG[
'filename']);
566 $dbg = debug_backtrace();
570 if (is_array($dbg)) {
571 for (
$i = 1;
$i <
sizeof($dbg);
$i++) {
572 if (is_array($dbg[
$i]) && isset($dbg[
$i][
'class'])) {
573 if ($dbg[
$i][
'class'] == __CLASS__) {
574 $function = $dbg[
$i][
'function'];
575 $file = $dbg[
$i][
'file'];
576 $line = $dbg[
$i][
'line'];
581 if (self::$_PHPCAS_VERBOSE) {
582 echo
"<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>" . __CLASS__ .
"::" . $function .
'(): ' . htmlentities($msg) .
"</b></font> in <b>" . $file .
"</b> on line <b>" . $line .
"</b><br />\n";
584 echo
"<br />\n<b>Error</b>: <font color=\"FF0000\"><b>" .
DEFAULT_ERROR .
"</b><br />\n";
601 $dbg = debug_backtrace();
602 phpCAS :: log($str .
' [' . basename($dbg[0][
'file']) .
':' . $dbg[0][
'line'] .
']');
613 $dbg = debug_backtrace();
615 if (!empty($dbg[1][
'class'])) {
616 $str .= $dbg[1][
'class'] .
'::';
618 $str .= $dbg[1][
'function'] .
'(';
619 if (is_array($dbg[1][
'args'])) {
620 foreach ($dbg[1][
'args'] as
$index => $arg) {
624 if (is_object($arg)) {
625 $str .= get_class($arg);
627 $str .= str_replace(array(
"\r\n",
"\n",
"\r"),
"", var_export($arg,
true));
631 if (isset($dbg[1][
'file'])) {
632 $file = basename($dbg[1][
'file']);
634 $file =
'unknown_file';
636 if (isset($dbg[1][
'line'])) {
637 $line = $dbg[1][
'line'];
639 $line =
'unknown_line';
641 $str .=
') [' . $file .
':' . $line .
']';
643 if (!isset(self::$_PHPCAS_DEBUG[
'indent'])) {
644 self::$_PHPCAS_DEBUG[
'indent'] = 0;
646 self::$_PHPCAS_DEBUG[
'indent']++;
660 if (empty(self::$_PHPCAS_DEBUG[
'indent'])) {
661 self::$_PHPCAS_DEBUG[
'indent'] = 0;
663 self::$_PHPCAS_DEBUG[
'indent']--;
665 $dbg = debug_backtrace();
667 if (is_object(
$res)) {
668 $str .=
'<= ' . get_class(
$res);
670 $str .=
'<= ' . str_replace(array(
"\r\n",
"\n",
"\r"),
"", var_export(
$res,
true));
684 while (self::$_PHPCAS_DEBUG[
'indent'] > 0) {
686 self::$_PHPCAS_DEBUG[
'indent']--;
714 self::$_PHPCAS_CLIENT->setLang(
$lang);
715 }
catch (Exception $e) {
760 self::$_PHPCAS_CLIENT->setHTMLHeader(
$header);
761 }
catch (Exception $e) {
778 self::$_PHPCAS_CLIENT->setHTMLFooter($footer);
779 }
catch (Exception $e) {
807 self::$_PHPCAS_CLIENT->setPGTStorage($storage);
808 }
catch (Exception $e) {
836 $driver_options =
null
842 self::$_PHPCAS_CLIENT->setPGTStorageDb($dsn_or_pdo, $username,
$password,
$table, $driver_options);
843 }
catch (Exception $e) {
863 self::$_PHPCAS_CLIENT->setPGTStorageFile(
$path);
864 }
catch (Exception $e) {
894 $res = self::$_PHPCAS_CLIENT->getProxiedService(
$type);
895 }
catch (Exception $e) {
920 self::$_PHPCAS_CLIENT->initializeProxiedService($proxiedService);
921 }
catch (Exception $e) {
948 }
catch (Exception $e) {
975 public static function serviceMail(
$url, $service, $flags, &$err_code, &$err_msg, &$pt)
981 $res = self::$_PHPCAS_CLIENT->serviceMail(
$url, $service, $flags, $err_code, $err_msg, $pt);
982 }
catch (Exception $e) {
1015 self::$_PHPCAS_CLIENT->setCacheTimesForAuthRecheck(
$n);
1016 }
catch (Exception $e) {
1037 self::$_PHPCAS_CLIENT->setCasAttributeParserCallback($function, $additionalArgs);
1063 self::$_PHPCAS_CLIENT->setPostAuthenticateCallback($function, $additionalArgs);
1084 self::$_PHPCAS_CLIENT->setSingleSignoutCallback($function, $additionalArgs);
1102 $auth = self::$_PHPCAS_CLIENT->checkAuthentication();
1105 self::$_PHPCAS_CLIENT->markAuthenticationCall(
$auth);
1122 $auth = self::$_PHPCAS_CLIENT->forceAuthentication();
1125 self::$_PHPCAS_CLIENT->markAuthenticationCall(
$auth);
1148 $auth = self::$_PHPCAS_CLIENT->renewAuthentication();
1151 self::$_PHPCAS_CLIENT->markAuthenticationCall(
$auth);
1169 $auth = self::$_PHPCAS_CLIENT->isAuthenticated();
1172 self::$_PHPCAS_CLIENT->markAuthenticationCall(
$auth);
1204 return self::$_PHPCAS_CLIENT->getUser();
1205 }
catch (Exception $e) {
1223 return self::$_PHPCAS_CLIENT->getAttributes();
1224 }
catch (Exception $e) {
1242 return self::$_PHPCAS_CLIENT->hasAttributes();
1243 }
catch (Exception $e) {
1262 return self::$_PHPCAS_CLIENT->hasAttribute(
$key);
1263 }
catch (Exception $e) {
1282 return self::$_PHPCAS_CLIENT->getAttribute(
$key);
1283 }
catch (Exception $e) {
1313 return self::$_PHPCAS_CLIENT->getServerLoginURL();
1330 self::$_PHPCAS_CLIENT->setServerLoginURL(
$url);
1331 }
catch (Exception $e) {
1356 self::$_PHPCAS_CLIENT->setServerServiceValidateURL(
$url);
1357 }
catch (Exception $e) {
1382 self::$_PHPCAS_CLIENT->setServerProxyValidateURL(
$url);
1383 }
catch (Exception $e) {
1403 self::$_PHPCAS_CLIENT->setServerSamlValidateURL(
$url);
1404 }
catch (Exception $e) {
1421 return self::$_PHPCAS_CLIENT->getServerLogoutURL();
1438 self::$_PHPCAS_CLIENT->setServerLogoutURL(
$url);
1439 }
catch (Exception $e) {
1459 $parsedParams = array();
1462 phpCAS :: error(
'method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead');
1465 phpCAS :: error(
'type mismatched for parameter $params (should be `array\')');
1468 if (
$key !=
"service" &&
$key !=
"url") {
1469 phpCAS :: error(
'only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\'');
1471 $parsedParams[
$key] = $value;
1474 self::$_PHPCAS_CLIENT->logout($parsedParams);
1492 if (!is_string($service)) {
1493 phpCAS :: error(
'type mismatched for parameter $service (should be `string\')');
1495 self::$_PHPCAS_CLIENT->logout(array(
"service" => $service ));
1512 trigger_error(
'Function deprecated for cas servers >= 3.3.5.1', E_USER_DEPRECATED);
1514 if (!is_object(self::$_PHPCAS_CLIENT)) {
1515 phpCAS :: error(
'this method should only be called after ' . __CLASS__ .
'::client() or' . __CLASS__ .
'::proxy()');
1517 if (!is_string(
$url)) {
1518 phpCAS :: error(
'type mismatched for parameter $url (should be `string\')');
1520 self::$_PHPCAS_CLIENT->logout(array(
"url" =>
$url ));
1539 trigger_error(
'Function deprecated for cas servers >= 3.3.5.1', E_USER_DEPRECATED);
1543 if (!is_string($service)) {
1544 phpCAS :: error(
'type mismatched for parameter $service (should be `string\')');
1546 if (!is_string(
$url)) {
1547 phpCAS :: error(
'type mismatched for parameter $url (should be `string\')');
1549 self::$_PHPCAS_CLIENT->logout(
1551 "service" => $service,
1574 self::$_PHPCAS_CLIENT->setCallbackURL(
$url);
1575 }
catch (Exception $e) {
1596 self::$_PHPCAS_CLIENT->setURL(
$url);
1597 }
catch (Exception $e) {
1612 return (self::$_PHPCAS_CLIENT->getURL());
1624 public static function retrievePT($target_service, &$err_code, &$err_msg)
1629 return (self::$_PHPCAS_CLIENT->
retrievePT($target_service, $err_code, $err_msg));
1630 }
catch (Exception $e) {
1650 self::$_PHPCAS_CLIENT->setCasServerCACert($cert, $validate_cn);
1651 }
catch (Exception $e) {
1668 phpCAS :: trace(
'You have configured no validation of the legitimacy of the cas server. This is not recommended for production use.');
1669 self::$_PHPCAS_CLIENT->setNoCasServerValidation();
1688 self::$_PHPCAS_CLIENT->setNoClearTicketsFromUrl();
1708 self::$_PHPCAS_CLIENT->setExtraCurlOption(
$key, $value);
1756 phpCAS :: error(
'this method can only be used with the cas 2.0/3.0 protocols');
1758 self::$_PHPCAS_CLIENT->getAllowedProxyChains()->allowProxyChain($proxy_chain);
1793 phpCAS::log(
'rebroadcastNodeUrl:' . $rebroadcastNodeUrl);
1797 self::$_PHPCAS_CLIENT->addRebroadcastNode($rebroadcastNodeUrl);
1798 }
catch (Exception $e) {
1819 self::$_PHPCAS_CLIENT->addRebroadcastHeader(
$header);
1820 }
catch (Exception $e) {
1836 if (!is_object(self::$_PHPCAS_CLIENT)) {
1850 if (!is_object(self::$_PHPCAS_CLIENT)) {
1862 self::$_PHPCAS_CLIENT =
$client;
const PHPCAS_VERSION(!defined('E_USER_DEPRECATED'))
phpCAS version.
The CAS_Client class is a client interface that provides CAS authentication to PHP applications.
An exception for terminatinating execution or to throw for unit testing.
This class defines Exceptions that should be thrown when the sequence of operations is invalid.
This class defines Exceptions that should be thrown when the sequence of operations is invalid.
The phpCAS class is a simple container for the phpCAS library.
static $_PHPCAS_INIT_CALL
This variable is used to store where the initializer is called from (to print a comprehensive error i...
static $_PHPCAS_DEBUG
This variable is used to store phpCAS debug mode.
static setExtraCurlOption($key, $value)
Change CURL options.
static setCasClient(\CAS_Client $client)
For testing purposes, use this method to set the client to a test double.
static getProxies()
Answer an array of proxies that are sitting in front of this application.
static addRebroadcastNode($rebroadcastNodeUrl)
Add a pgtIou/pgtId and logoutRequest rebroadcast node.
static _validateProxyExists()
Checks of a proxy client aready exists.
static allowProxyChain(CAS_ProxyChain_Interface $proxy_chain)
If you want your service to be proxied you have to enable it (default disabled) and define an accepab...
static _validateClientExists()
Checks if a client already exists.
static addRebroadcastHeader($header)
This method is used to add header parameters when rebroadcasting pgtIou/pgtId or logoutRequest.
static $_PHPCAS_VERBOSE
This variable is used to enable verbose mode This pevents debug info to be show to the user.
if($_SERVER['argc']< 4) $client
static logoutWithRedirectServiceAndUrl($service, $url)
This method is used to logout from CAS.
static checkAuthentication()
This method is called to check if the user is already authenticated locally or has a global cas sessi...
static hasAttribute($key)
Answer true if an attribute exists for the authenticated user.
static getServerLogoutURL()
This method returns the URL to be used to login.
static setCasAttributeParserCallback($function, array $additionalArgs=array())
Set a callback function to be run when receiving CAS attributes.
static setFixedCallbackURL($url='')
Set the fixed URL that will be used by the CAS server to transmit the PGT.
static handleLogoutRequests($check_client=true, $allowed_clients=false)
Handle logout requests.
static renewAuthentication()
This method is called to renew the authentication.
static getAttribute($key)
Answer an attribute for the authenticated user.
static isAuthenticated()
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
static getUser()
This method returns the CAS user's login name.
static setServerLogoutURL($url='')
Set the logout URL of the CAS server.
static retrievePT($target_service, &$err_code, &$err_msg)
Retrieve a Proxy Ticket from the CAS server.
static setFixedServiceURL($url)
Set the fixed URL that will be set as the CAS service parameter.
static setCacheTimesForAuthRecheck($n)
Set the times authentication will be cached before really accessing the CAS server in gateway mode:
static forceAuthentication()
This method is called to force authentication if the user was not already authenticated.
static getServerLoginURL()
This method returns the URL to be used to login.
static logoutWithRedirectService($service)
This method is used to logout from CAS.
static getServiceURL()
Get the URL that is set as the CAS service parameter.
static setSingleSignoutCallback($function, array $additionalArgs=array())
Set a callback function to be run when a single-signout request is received.
static getAttributes()
Answer attributes about the authenticated user.
static logout($params="")
This method is used to logout from CAS.
static setServerLoginURL($url='')
Set the login URL of the CAS server.
static setServerServiceValidateURL($url='')
Set the serviceValidate URL of the CAS server.
static isSessionAuthenticated()
Checks whether authenticated based on $_SESSION.
static setNoClearTicketsFromUrl()
Disable the removal of a CAS-Ticket from the URL when authenticating DISABLING POSES A SECURITY RISK:...
static setNoCasServerValidation()
Set no SSL validation for the CAS server.
static setServerSamlValidateURL($url='')
Set the samlValidate URL of the CAS server.
static setCasServerCACert($cert, $validate_cn=true)
Set the certificate of the CAS server CA and if the CN should be properly verified.
static hasAttributes()
Answer true if there are attributes for the authenticated user.
static setPostAuthenticateCallback($function, array $additionalArgs=array())
Set a callback function to be run when a user authenticates.
static logoutWithUrl($url)
This method is used to logout from CAS.
static setServerProxyValidateURL($url='')
Set the proxyValidate URL of the CAS server.
static trace($str)
This method is used to log something in debug mode.
static setDebug($filename='')
Set/unset debug mode.
static log($str)
Logs a string in debug mode.
static getVerbose()
Show is verbose mode is on.
static setVerbose($verbose)
Enable verbose errors messages in the website output This is a security relevant since internal statu...
gettmpdir()
The default directory for the debug file under Unix.
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode.
static error($msg)
This method is used by interface methods to print an error and where the function was originally call...
static traceExit()
This method is used to indicate the end of the execution of the program.
static client( $server_version, $server_hostname, $server_port, $server_uri, $changeSessionID=true)
phpCAS client initializer.
static proxy( $server_version, $server_hostname, $server_port, $server_uri, $changeSessionID=true)
phpCAS proxy initializer.
static isInitialized()
Answer whether or not the client or proxy has been initialized.
static setLang($lang)
This method is used to set the language used by phpCAS.
const PHPCAS_LANG_ENGLISH
static setHTMLFooter($footer)
This method sets the HTML footer used for all outputs.
static setHTMLHeader($header)
This method sets the HTML header used for all outputs.
static setPGTStorage($storage)
This method can be used to set a custom PGT storage object.
static setPGTStorageDb( $dsn_or_pdo, $username='', $password='', $table='', $driver_options=null)
This method is used to tell phpCAS to store the response of the CAS server to PGT requests in a datab...
static setPGTStorageFile($path='')
This method is used to tell phpCAS to store the response of the CAS server to PGT requests onto the f...
static serviceWeb($url, &$err_code, &$output)
This method is used to access an HTTP[S] service.
static initializeProxiedService(CAS_ProxiedService $proxiedService)
Initialize a proxied-service handler with the proxy-ticket it should use.
static serviceMail($url, $service, $flags, &$err_code, &$err_msg, &$pt)
This method is used to access an IMAP/POP3/NNTP service.
static getProxiedService($type)
Answer a proxy-authenticated service handler.
const DEFAULT_ERROR
SAML Attributes.
const CAS_VERSION_3_0
CAS version 3.0.
static getVersion()
This method returns the phpCAS version.
This interface defines methods that allow proxy-authenticated service handlers to interact with phpCA...
An interface for classes that define a list of allowed proxies in front of the current application.
for($i=1; $i<=count($kw_cases_sel); $i+=1) $lang
if(empty($password)) $table
foreach($_POST as $key=> $value) $res
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']