3 // commented in 0.4.22-RC2 for Sylvain Derosiaux
4 // error_reporting(E_ALL ^ E_NOTICE);
7 // hack by Vangelis Haniotakis to handle the absence of $_SERVER['REQUEST_URI'] in IIS
9 if (!$_SERVER['REQUEST_URI']) {
10 $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING'];
14 // another one by Vangelis Haniotakis also to make phpCAS work with PHP5
16 if (version_compare(PHP_VERSION,'5','>=')) {
17 require_once(dirname(__FILE__).'/CAS/domxml-php4-php5.php');
22 * Interface class of the phpCAS library
27 // ########################################################################
29 // ########################################################################
31 // ------------------------------------------------------------------------
33 // ------------------------------------------------------------------------
36 * phpCAS version. accessible for the user by phpCAS::getVersion().
38 define('PHPCAS_VERSION','1.0.1');
40 // ------------------------------------------------------------------------
42 // ------------------------------------------------------------------------
51 define("CAS_VERSION_1_0",'1.0');
55 define("CAS_VERSION_2_0",'2.0');
59 * @addtogroup publicPGTStorage
62 // ------------------------------------------------------------------------
64 // ------------------------------------------------------------------------
66 * Default path used when storing PGT's to file
68 define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH",'/tmp');
70 * phpCAS::setPGTStorageFile()'s 2nd parameter to write plain text files
72 define("CAS_PGT_STORAGE_FILE_FORMAT_PLAIN",'plain');
74 * phpCAS::setPGTStorageFile()'s 2nd parameter to write xml files
76 define("CAS_PGT_STORAGE_FILE_FORMAT_XML",'xml');
78 * Default format used when storing PGT's to file
80 define("CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT",CAS_PGT_STORAGE_FILE_FORMAT_PLAIN);
81 // ------------------------------------------------------------------------
82 // DATABASE PGT STORAGE
83 // ------------------------------------------------------------------------
85 * default database type when storing PGT's to database
87 define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE",'mysql');
89 * default host when storing PGT's to database
91 define("CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME",'localhost');
93 * default port when storing PGT's to database
95 define("CAS_PGT_STORAGE_DB_DEFAULT_PORT",'');
97 * default database when storing PGT's to database
99 define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE",'phpCAS');
101 * default table when storing PGT's to database
103 define("CAS_PGT_STORAGE_DB_DEFAULT_TABLE",'pgt');
106 // ------------------------------------------------------------------------
107 // SERVICE ACCESS ERRORS
108 // ------------------------------------------------------------------------
110 * @addtogroup publicServices
115 * phpCAS::service() error code on success
117 define("PHPCAS_SERVICE_OK",0);
119 * phpCAS::service() error code when the PT could not retrieve because
120 * the CAS server did not respond.
122 define("PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE",1);
124 * phpCAS::service() error code when the PT could not retrieve because
125 * the response of the CAS server was ill-formed.
127 define("PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE",2);
129 * phpCAS::service() error code when the PT could not retrieve because
130 * the CAS server did not want to.
132 define("PHPCAS_SERVICE_PT_FAILURE",3);
134 * phpCAS::service() error code when the service was not available.
136 define("PHPCAS_SERVICE_NOT AVAILABLE",4);
139 // ------------------------------------------------------------------------
141 // ------------------------------------------------------------------------
143 * @addtogroup publicLang
147 define("PHPCAS_LANG_ENGLISH", 'english');
148 define("PHPCAS_LANG_FRENCH", 'french');
149 define("PHPCAS_LANG_GREEK", 'greek');
150 define("PHPCAS_LANG_GERMAN", 'german');
151 define("PHPCAS_LANG_JAPANESE", 'japanese');
152 define("PHPCAS_LANG_SPANISH", 'spanish');
153 define("PHPCAS_LANG_CATALAN", 'catalan');
158 * @addtogroup internalLang
163 * phpCAS default language (when phpCAS::setLang() is not used)
165 define("PHPCAS_LANG_DEFAULT", PHPCAS_LANG_ENGLISH);
168 // ------------------------------------------------------------------------
170 // ------------------------------------------------------------------------
172 * @addtogroup publicDebug
177 * The default directory for the debug file under Unix.
179 define('DEFAULT_DEBUG_DIR','/tmp/');
182 // ------------------------------------------------------------------------
184 // ------------------------------------------------------------------------
186 * @addtogroup internalMisc
191 * This global variable is used by the interface class phpCAS.
195 $GLOBALS['PHPCAS_CLIENT'] = null;
198 * This global variable is used to store where the initializer is called from
199 * (to print a comprehensive error in case of multiple calls).
203 $GLOBALS['PHPCAS_INIT_CALL'] = array('done' => FALSE,
209 * This global variable is used to store where the method checking
210 * the authentication is called from (to print comprehensive errors)
214 $GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array('done' => FALSE,
221 * This global variable is used to store phpCAS debug mode.
225 $GLOBALS['PHPCAS_DEBUG'] = array('filename' => FALSE,
231 // ########################################################################
233 // ########################################################################
235 // include client class
236 include_once(dirname(__FILE__).'/CAS/client.php');
238 // ########################################################################
240 // ########################################################################
244 * The phpCAS class is a simple container for the phpCAS library. It provides CAS
245 * authentication for web applications written in PHP.
248 * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
250 * \internal All its methods access the same object ($PHPCAS_CLIENT, declared
251 * at the end of CAS/client.php).
259 // ########################################################################
261 // ########################################################################
264 * @addtogroup publicInit
269 * phpCAS client initializer.
270 * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
271 * called, only once, and before all other methods (except phpCAS::getVersion()
272 * and phpCAS::setDebug()).
274 * @param $server_version the version of the CAS server
275 * @param $server_hostname the hostname of the CAS server
276 * @param $server_port the port the CAS server is running on
277 * @param $server_uri the URI the CAS server is responding on
278 * @param $start_session Have phpCAS start PHP sessions (default true)
280 * @return a newly created CASClient object
282 function client($server_version,
286 $start_session = true)
288 global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;
290 phpCAS::traceBegin();
291 if ( is_object($PHPCAS_CLIENT) ) {
292 phpCAS::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')');
294 if ( gettype($server_version) != 'string' ) {
295 phpCAS::error('type mismatched for parameter $server_version (should be `string\')');
297 if ( gettype($server_hostname) != 'string' ) {
298 phpCAS::error('type mismatched for parameter $server_hostname (should be `string\')');
300 if ( gettype($server_port) != 'integer' ) {
301 phpCAS::error('type mismatched for parameter $server_port (should be `integer\')');
303 if ( gettype($server_uri) != 'string' ) {
304 phpCAS::error('type mismatched for parameter $server_uri (should be `string\')');
307 // store where the initialzer is called from
308 $dbg = phpCAS::backtrace();
309 $PHPCAS_INIT_CALL = array('done' => TRUE,
310 'file' => $dbg[0]['file'],
311 'line' => $dbg[0]['line'],
312 'method' => __CLASS__.'::'.__FUNCTION__);
314 // initialize the global object $PHPCAS_CLIENT
315 $PHPCAS_CLIENT = new CASClient($server_version,FALSE/*proxy*/,$server_hostname,$server_port,$server_uri,$start_session);
320 * phpCAS proxy initializer.
321 * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
322 * called, only once, and before all other methods (except phpCAS::getVersion()
323 * and phpCAS::setDebug()).
325 * @param $server_version the version of the CAS server
326 * @param $server_hostname the hostname of the CAS server
327 * @param $server_port the port the CAS server is running on
328 * @param $server_uri the URI the CAS server is responding on
329 * @param $start_session Have phpCAS start PHP sessions (default true)
331 * @return a newly created CASClient object
333 function proxy($server_version,
337 $start_session = true)
339 global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;
341 phpCAS::traceBegin();
342 if ( is_object($PHPCAS_CLIENT) ) {
343 phpCAS::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')');
345 if ( gettype($server_version) != 'string' ) {
346 phpCAS::error('type mismatched for parameter $server_version (should be `string\')');
348 if ( gettype($server_hostname) != 'string' ) {
349 phpCAS::error('type mismatched for parameter $server_hostname (should be `string\')');
351 if ( gettype($server_port) != 'integer' ) {
352 phpCAS::error('type mismatched for parameter $server_port (should be `integer\')');
354 if ( gettype($server_uri) != 'string' ) {
355 phpCAS::error('type mismatched for parameter $server_uri (should be `string\')');
358 // store where the initialzer is called from
359 $dbg = phpCAS::backtrace();
360 $PHPCAS_INIT_CALL = array('done' => TRUE,
361 'file' => $dbg[0]['file'],
362 'line' => $dbg[0]['line'],
363 'method' => __CLASS__.'::'.__FUNCTION__);
365 // initialize the global object $PHPCAS_CLIENT
366 $PHPCAS_CLIENT = new CASClient($server_version,TRUE/*proxy*/,$server_hostname,$server_port,$server_uri,$start_session);
371 // ########################################################################
373 // ########################################################################
376 * @addtogroup publicDebug
381 * Set/unset debug mode
383 * @param $filename the name of the file used for logging, or FALSE to stop debugging.
385 function setDebug($filename='')
387 global $PHPCAS_DEBUG;
389 if ( $filename != FALSE && gettype($filename) != 'string' ) {
390 phpCAS::error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)');
393 if ( empty($filename) ) {
394 if ( preg_match('/^Win.*/',getenv('OS')) ) {
395 if ( isset($_ENV['TMP']) ) {
396 $debugDir = $_ENV['TMP'].'/';
397 } else if ( isset($_ENV['TEMP']) ) {
398 $debugDir = $_ENV['TEMP'].'/';
403 $debugDir = DEFAULT_DEBUG_DIR;
405 $filename = $debugDir . 'phpCAS.log';
408 if ( empty($PHPCAS_DEBUG['unique_id']) ) {
409 $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))),0,4);
412 $PHPCAS_DEBUG['filename'] = $filename;
414 phpCAS::trace('START ******************');
419 * @addtogroup internalDebug
424 * This method is a wrapper for debug_backtrace() that is not available
425 * in all PHP versions (>= 4.3.0 only)
429 if ( function_exists('debug_backtrace') ) {
430 return debug_backtrace();
432 // poor man's hack ... but it does work ...
438 * Logs a string in debug mode.
440 * @param $str the string to write
447 global $PHPCAS_DEBUG;
449 if ( $PHPCAS_DEBUG['filename'] ) {
450 for ($i=0;$i<$PHPCAS_DEBUG['indent'];$i++) {
453 error_log($PHPCAS_DEBUG['unique_id'].' '.$indent_str.$str."\n",3,$PHPCAS_DEBUG['filename']);
459 * This method is used by interface methods to print an error and where the function
460 * was originally called from.
462 * @param $msg the message to print
468 $dbg = phpCAS::backtrace();
472 if ( is_array($dbg) ) {
473 for ( $i=1; $i<sizeof($dbg); $i++) {
474 if ( is_array($dbg[$i]) ) {
475 if ( $dbg[$i]['class'] == __CLASS__ ) {
476 $function = $dbg[$i]['function'];
477 $file = $dbg[$i]['file'];
478 $line = $dbg[$i]['line'];
483 echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>".__CLASS__."::".$function.'(): '.htmlentities($msg)."</b></font> in <b>".$file."</b> on line <b>".$line."</b><br />\n";
490 * This method is used to log something in debug mode.
494 $dbg = phpCAS::backtrace();
495 phpCAS::log($str.' ['.basename($dbg[1]['file']).':'.$dbg[1]['line'].']');
499 * This method is used to indicate the start of the execution of a function in debug mode.
501 function traceBegin()
503 global $PHPCAS_DEBUG;
505 $dbg = phpCAS::backtrace();
507 if ( !empty($dbg[2]['class']) ) {
508 $str .= $dbg[2]['class'].'::';
510 $str .= $dbg[2]['function'].'(';
511 if ( is_array($dbg[2]['args']) ) {
512 foreach ($dbg[2]['args'] as $index => $arg) {
516 $str .= str_replace("\n","",var_export($arg,TRUE));
519 $str .= ') ['.basename($dbg[2]['file']).':'.$dbg[2]['line'].']';
521 $PHPCAS_DEBUG['indent'] ++;
525 * This method is used to indicate the end of the execution of a function in debug mode.
527 * @param $res the result of the function
529 function traceEnd($res='')
531 global $PHPCAS_DEBUG;
533 $PHPCAS_DEBUG['indent'] --;
534 $dbg = phpCAS::backtrace();
536 $str .= '<= '.str_replace("\n","",var_export($res,TRUE));
541 * This method is used to indicate the end of the execution of the program
545 global $PHPCAS_DEBUG;
547 phpCAS::log('exit()');
548 while ( $PHPCAS_DEBUG['indent'] > 0 ) {
550 $PHPCAS_DEBUG['indent'] --;
555 // ########################################################################
556 // INTERNATIONALIZATION
557 // ########################################################################
559 * @addtogroup publicLang
564 * This method is used to set the language used by phpCAS.
565 * @note Can be called only once.
567 * @param $lang a string representing the language.
569 * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH
571 function setLang($lang)
573 global $PHPCAS_CLIENT;
574 if ( !is_object($PHPCAS_CLIENT) ) {
575 phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
577 if ( gettype($lang) != 'string' ) {
578 phpCAS::error('type mismatched for parameter $lang (should be `string\')');
580 $PHPCAS_CLIENT->setLang($lang);
584 // ########################################################################
586 // ########################################################################
593 * This method returns the phpCAS version.
595 * @return the phpCAS version.
597 function getVersion()
599 return PHPCAS_VERSION;
603 // ########################################################################
605 // ########################################################################
607 * @addtogroup publicOutput
612 * This method sets the HTML header used for all outputs.
614 * @param $header the HTML header.
616 function setHTMLHeader($header)
618 global $PHPCAS_CLIENT;
619 if ( !is_object($PHPCAS_CLIENT) ) {
620 phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
622 if ( gettype($header) != 'string' ) {
623 phpCAS::error('type mismatched for parameter $header (should be `string\')');
625 $PHPCAS_CLIENT->setHTMLHeader($header);
629 * This method sets the HTML footer used for all outputs.
631 * @param $footer the HTML footer.
633 function setHTMLFooter($footer)
635 global $PHPCAS_CLIENT;
636 if ( !is_object($PHPCAS_CLIENT) ) {
637 phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
639 if ( gettype($footer) != 'string' ) {
640 phpCAS::error('type mismatched for parameter $footer (should be `string\')');
642 $PHPCAS_CLIENT->setHTMLFooter($footer);
646 // ########################################################################
648 // ########################################################################
650 * @addtogroup publicPGTStorage
655 * This method is used to tell phpCAS to store the response of the
656 * CAS server to PGT requests onto the filesystem.
658 * @param $format the format used to store the PGT's (`plain' and `xml' allowed)
659 * @param $path the path where the PGT's should be stored
661 function setPGTStorageFile($format='',
664 global $PHPCAS_CLIENT,$PHPCAS_AUTH_CHECK_CALL;
666 phpCAS::traceBegin();
667 if ( !is_object($PHPCAS_CLIENT) ) {
668 phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
670 if ( !$PHPCAS_CLIENT->isProxy() ) {
671 phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
673 if ( $PHPCAS_AUTH_CHECK_CALL['done'] ) {
674 phpCAS::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')');
676 if ( gettype($format) != 'string' ) {
677 phpCAS::error('type mismatched for parameter $format (should be `string\')');
679 if ( gettype($path) != 'string' ) {
680 phpCAS::error('type mismatched for parameter $format (should be `string\')');
682 $PHPCAS_CLIENT->setPGTStorageFile($format,$path);
687 * This method is used to tell phpCAS to store the response of the
688 * CAS server to PGT requests into a database.
689 * @note The connection to the database is done only when needed.
690 * As a consequence, bad parameters are detected only when
691 * initializing PGT storage, except in debug mode.
693 * @param $user the user to access the data with
694 * @param $password the user's password
695 * @param $database_type the type of the database hosting the data
696 * @param $hostname the server hosting the database
697 * @param $port the port the server is listening on
698 * @param $database the name of the database
699 * @param $table the name of the table storing the data
701 function setPGTStorageDB($user,
709 global $PHPCAS_CLIENT,$PHPCAS_AUTH_CHECK_CALL;
711 phpCAS::traceBegin();
712 if ( !is_object($PHPCAS_CLIENT) ) {
713 phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
715 if ( !$PHPCAS_CLIENT->isProxy() ) {
716 phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
718 if ( $PHPCAS_AUTH_CHECK_CALL['done'] ) {
719 phpCAS::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')');
721 if ( gettype($user) != 'string' ) {
722 phpCAS::error('type mismatched for parameter $user (should be `string\')');
724 if ( gettype($password) != 'string' ) {
725 phpCAS::error('type mismatched for parameter $password (should be `string\')');
727 if ( gettype($database_type) != 'string' ) {
728 phpCAS::error('type mismatched for parameter $database_type (should be `string\')');
730 if ( gettype($hostname) != 'string' ) {
731 phpCAS::error('type mismatched for parameter $hostname (should be `string\')');
733 if ( gettype($port) != 'integer' ) {
734 phpCAS::error('type mismatched for parameter $port (should be `integer\')');
736 if ( gettype($database) != 'string' ) {
737 phpCAS::error('type mismatched for parameter $database (should be `string\')');
739 if ( gettype($table) != 'string' ) {
740 phpCAS::error('type mismatched for parameter $table (should be `string\')');
742 $PHPCAS_CLIENT->setPGTStorageDB($this,$user,$password,$hostname,$port,$database,$table);
747 // ########################################################################
748 // ACCESS TO EXTERNAL SERVICES
749 // ########################################################################
751 * @addtogroup publicServices
756 * This method is used to access an HTTP[S] service.
758 * @param $url the service to access.
759 * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
760 * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
761 * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
762 * @param $output the output of the service (also used to give an error
763 * message on failure).
765 * @return TRUE on success, FALSE otherwise (in this later case, $err_code
766 * gives the reason why it failed and $output contains an error message).
768 function serviceWeb($url,&$err_code,&$output)
770 global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
772 phpCAS::traceBegin();
773 if ( !is_object($PHPCAS_CLIENT) ) {
774 phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
776 if ( !$PHPCAS_CLIENT->isProxy() ) {
777 phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
779 if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) {
780 phpCAS::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()');
782 if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) {
783 phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
785 if ( gettype($url) != 'string' ) {
786 phpCAS::error('type mismatched for parameter $url (should be `string\')');
789 $res = $PHPCAS_CLIENT->serviceWeb($url,$err_code,$output);
791 phpCAS::traceEnd($res);
796 * This method is used to access an IMAP/POP3/NNTP service.
798 * @param $url a string giving the URL of the service, including the mailing box
799 * for IMAP URLs, as accepted by imap_open().
800 * @param $flags options given to imap_open().
801 * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
802 * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
803 * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
804 * @param $err_msg an error message on failure
805 * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL
806 * on success, FALSE on error).
808 * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code
809 * gives the reason why it failed and $err_msg contains an error message).
811 function serviceMail($url,$flags,&$err_code,&$err_msg,&$pt)
813 global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
815 phpCAS::traceBegin();
816 if ( !is_object($PHPCAS_CLIENT) ) {
817 phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
819 if ( !$PHPCAS_CLIENT->isProxy() ) {
820 phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
822 if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) {
823 phpCAS::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()');
825 if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) {
826 phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
828 if ( gettype($url) != 'string' ) {
829 phpCAS::error('type mismatched for parameter $url (should be `string\')');
832 if ( gettype($flags) != 'integer' ) {
833 phpCAS::error('type mismatched for parameter $flags (should be `integer\')');
836 $res = $PHPCAS_CLIENT->serviceMail($url,$flags,$err_code,$err_msg,$pt);
838 phpCAS::traceEnd($res);
843 // ########################################################################
845 // ########################################################################
847 * @addtogroup publicAuth
852 * Set the times authentication will be cached before really accessing the CAS server in gateway mode:
853 * - -1: check only once, and then never again (until you pree login)
855 * - n: check every "n" time
857 * @param $n an integer.
859 function setCacheTimesForAuthRecheck($n)
861 global $PHPCAS_CLIENT;
862 if ( !is_object($PHPCAS_CLIENT) ) {
863 phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
865 if ( gettype($n) != 'integer' ) {
866 phpCAS::error('type mismatched for parameter $header (should be `string\')');
868 $PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n);
872 * This method is called to check if the user is authenticated (use the gateway feature).
873 * @return TRUE when the user is authenticated; otherwise FALSE.
875 function checkAuthentication()
877 global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
879 phpCAS::traceBegin();
880 if ( !is_object($PHPCAS_CLIENT) ) {
881 phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
884 $auth = $PHPCAS_CLIENT->checkAuthentication();
886 // store where the authentication has been checked and the result
887 $dbg = phpCAS::backtrace();
888 $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE,
889 'file' => $dbg[0]['file'],
890 'line' => $dbg[0]['line'],
891 'method' => __CLASS__.'::'.__FUNCTION__,
893 phpCAS::traceEnd($auth);
898 * This method is called to force authentication if the user was not already
899 * authenticated. If the user is not authenticated, halt by redirecting to
902 function forceAuthentication()
904 global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
906 phpCAS::traceBegin();
907 if ( !is_object($PHPCAS_CLIENT) ) {
908 phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
911 $auth = $PHPCAS_CLIENT->forceAuthentication();
913 // store where the authentication has been checked and the result
914 $dbg = phpCAS::backtrace();
915 $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE,
916 'file' => $dbg[0]['file'],
917 'line' => $dbg[0]['line'],
918 'method' => __CLASS__.'::'.__FUNCTION__,
922 phpCAS::trace('user is not authenticated, redirecting to the CAS server');
923 $PHPCAS_CLIENT->forceAuthentication();
925 phpCAS::trace('no need to authenticate (user `'.phpCAS::getUser().'\' is already authenticated)');
933 * This method is called to renew the authentication.
935 function renewAuthentication() {
936 global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
938 phpCAS::traceBegin();
939 if ( !is_object($PHPCAS_CLIENT) ) {
940 phpCAS::error('this method should not be called before'.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
943 // store where the authentication has been checked and the result
944 $dbg = phpCAS::backtrace();
945 $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], 'method' => __CLASS__.'::'.__FUNCTION__, 'result' => $auth );
947 $PHPCAS_CLIENT->renewAuthentication();
952 * This method has been left from version 0.4.1 for compatibility reasons.
954 function authenticate()
956 phpCAS::error('this method is deprecated. You should use '.__CLASS__.'::forceAuthentication() instead');
960 * This method is called to check if the user is authenticated (previously or by
961 * tickets given in the URL).
963 * @return TRUE when the user is authenticated.
965 function isAuthenticated()
967 global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
969 phpCAS::traceBegin();
970 if ( !is_object($PHPCAS_CLIENT) ) {
971 phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
974 // call the isAuthenticated method of the global $PHPCAS_CLIENT object
975 $auth = $PHPCAS_CLIENT->isAuthenticated();
977 // store where the authentication has been checked and the result
978 $dbg = phpCAS::backtrace();
979 $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE,
980 'file' => $dbg[0]['file'],
981 'line' => $dbg[0]['line'],
982 'method' => __CLASS__.'::'.__FUNCTION__,
984 phpCAS::traceEnd($auth);
989 * Checks whether authenticated based on $_SESSION. Useful to avoid
991 * @return true if authenticated, false otherwise.
992 * @since 0.4.22 by Brendan Arnold
994 function isSessionAuthenticated ()
996 global $PHPCAS_CLIENT;
997 if ( !is_object($PHPCAS_CLIENT) ) {
998 phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
1000 return($PHPCAS_CLIENT->isSessionAuthenticated());
1004 * This method returns the CAS user's login name.
1005 * @warning should not be called only after phpCAS::forceAuthentication()
1006 * or phpCAS::checkAuthentication().
1008 * @return the login name of the authenticated user
1012 global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
1013 if ( !is_object($PHPCAS_CLIENT) ) {
1014 phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
1016 if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) {
1017 phpCAS::error('this method should only be called after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
1019 if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) {
1020 phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
1022 return $PHPCAS_CLIENT->getUser();
1026 * Handle logout requests.
1028 function handleLogoutRequests($check_client=true, $allowed_clients=false)
1030 global $PHPCAS_CLIENT;
1031 if ( !is_object($PHPCAS_CLIENT) ) {
1032 phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
1034 return($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients));
1038 * This method returns the URL to be used to login.
1039 * or phpCAS::isAuthenticated().
1041 * @return the login name of the authenticated user
1043 function getServerLoginURL()
1045 global $PHPCAS_CLIENT;
1046 if ( !is_object($PHPCAS_CLIENT) ) {
1047 phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
1049 return $PHPCAS_CLIENT->getServerLoginURL();
1053 * Set the login URL of the CAS server.
1054 * @param $url the login URL
1055 * @since 0.4.21 by Wyman Chan
1057 function setServerLoginURL($url='')
1059 global $PHPCAS_CLIENT;
1060 phpCAS::traceBegin();
1061 if ( !is_object($PHPCAS_CLIENT) ) {
1062 phpCAS::error('this method should only be called after
1063 '.__CLASS__.'::client()');
1065 if ( gettype($url) != 'string' ) {
1066 phpCAS::error('type mismatched for parameter $url (should be
1069 $PHPCAS_CLIENT->setServerLoginURL($url);
1074 * This method returns the URL to be used to login.
1075 * or phpCAS::isAuthenticated().
1077 * @return the login name of the authenticated user
1079 function getServerLogoutURL()
1081 global $PHPCAS_CLIENT;
1082 if ( !is_object($PHPCAS_CLIENT) ) {
1083 phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
1085 return $PHPCAS_CLIENT->getServerLogoutURL();
1089 * Set the logout URL of the CAS server.
1090 * @param $url the logout URL
1091 * @since 0.4.21 by Wyman Chan
1093 function setServerLogoutURL($url='')
1095 global $PHPCAS_CLIENT;
1096 phpCAS::traceBegin();
1097 if ( !is_object($PHPCAS_CLIENT) ) {
1098 phpCAS::error('this method should only be called after
1099 '.__CLASS__.'::client()');
1101 if ( gettype($url) != 'string' ) {
1102 phpCAS::error('type mismatched for parameter $url (should be
1105 $PHPCAS_CLIENT->setServerLogoutURL($url);
1110 * This method is used to logout from CAS.
1111 * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server
1114 function logout($params = "") {
1115 global $PHPCAS_CLIENT;
1116 phpCAS::traceBegin();
1117 if (!is_object($PHPCAS_CLIENT)) {
1118 phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
1120 $parsedParams = array();
1121 if ($params != "") {
1122 if (is_string($params)) {
1123 phpCAS::error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead');
1125 if (!is_array($params)) {
1126 phpCAS::error('type mismatched for parameter $params (should be `array\')');
1128 foreach ($params as $key => $value) {
1129 if ($key != "service" && $key != "url") {
1130 phpCAS::error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\'');
1132 $parsedParams[$key] = $value;
1135 $PHPCAS_CLIENT->logout($parsedParams);
1141 * This method is used to logout from CAS. Halts by redirecting to the CAS server.
1142 * @param $service a URL that will be transmitted to the CAS server
1144 function logoutWithRedirectService($service) {
1145 global $PHPCAS_CLIENT;
1146 phpCAS::traceBegin();
1147 if ( !is_object($PHPCAS_CLIENT) ) {
1148 phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
1150 if (!is_string($service)) {
1151 phpCAS::error('type mismatched for parameter $service (should be `string\')');
1153 $PHPCAS_CLIENT->logout(array("service" => $service));
1159 * This method is used to logout from CAS. Halts by redirecting to the CAS server.
1160 * @param $url a URL that will be transmitted to the CAS server
1162 function logoutWithUrl($url) {
1163 global $PHPCAS_CLIENT;
1164 phpCAS::traceBegin();
1165 if ( !is_object($PHPCAS_CLIENT) ) {
1166 phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
1168 if (!is_string($url)) {
1169 phpCAS::error('type mismatched for parameter $url (should be `string\')');
1171 $PHPCAS_CLIENT->logout(array("url" => $url));
1177 * This method is used to logout from CAS. Halts by redirecting to the CAS server.
1178 * @param $service a URL that will be transmitted to the CAS server
1179 * @param $url a URL that will be transmitted to the CAS server
1181 function logoutWithRedirectServiceAndUrl($service, $url) {
1182 global $PHPCAS_CLIENT;
1183 phpCAS::traceBegin();
1184 if ( !is_object($PHPCAS_CLIENT) ) {
1185 phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
1187 if (!is_string($service)) {
1188 phpCAS::error('type mismatched for parameter $service (should be `string\')');
1190 if (!is_string($url)) {
1191 phpCAS::error('type mismatched for parameter $url (should be `string\')');
1193 $PHPCAS_CLIENT->logout(array("service" => $service, "url" => $url));
1199 * Set the fixed URL that will be used by the CAS server to transmit the PGT.
1200 * When this method is not called, a phpCAS script uses its own URL for the callback.
1202 * @param $url the URL
1204 function setFixedCallbackURL($url='')
1206 global $PHPCAS_CLIENT;
1207 phpCAS::traceBegin();
1208 if ( !is_object($PHPCAS_CLIENT) ) {
1209 phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
1211 if ( !$PHPCAS_CLIENT->isProxy() ) {
1212 phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
1214 if ( gettype($url) != 'string' ) {
1215 phpCAS::error('type mismatched for parameter $url (should be `string\')');
1217 $PHPCAS_CLIENT->setCallbackURL($url);
1222 * Set the fixed URL that will be set as the CAS service parameter. When this
1223 * method is not called, a phpCAS script uses its own URL.
1225 * @param $url the URL
1227 function setFixedServiceURL($url)
1229 global $PHPCAS_CLIENT;
1230 phpCAS::traceBegin();
1231 if ( !is_object($PHPCAS_CLIENT) ) {
1232 phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
1234 if ( gettype($url) != 'string' ) {
1235 phpCAS::error('type mismatched for parameter $url (should be `string\')');
1237 $PHPCAS_CLIENT->setURL($url);
1242 * Get the URL that is set as the CAS service parameter.
1244 function getServiceURL()
1246 global $PHPCAS_CLIENT;
1247 if ( !is_object($PHPCAS_CLIENT) ) {
1248 phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
1250 return($PHPCAS_CLIENT->getURL());
1254 * Retrieve a Proxy Ticket from the CAS server.
1256 function retrievePT($target_service,&$err_code,&$err_msg)
1258 global $PHPCAS_CLIENT;
1259 if ( !is_object($PHPCAS_CLIENT) ) {
1260 phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
1262 if ( gettype($target_service) != 'string' ) {
1263 phpCAS::error('type mismatched for parameter $target_service(should be `string\')');
1265 return($PHPCAS_CLIENT->retrievePT($target_service,$err_code,$err_msg));
1269 * Set the certificate of the CAS server.
1271 * @param $cert the PEM certificate
1273 function setCasServerCert($cert)
1275 global $PHPCAS_CLIENT;
1276 phpCAS::traceBegin();
1277 if ( !is_object($PHPCAS_CLIENT) ) {
1278 phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
1280 if ( gettype($cert) != 'string' ) {
1281 phpCAS::error('type mismatched for parameter $cert (should be `string\')');
1283 $PHPCAS_CLIENT->setCasServerCert($cert);
1288 * Set the certificate of the CAS server CA.
1290 * @param $cert the CA certificate
1292 function setCasServerCACert($cert)
1294 global $PHPCAS_CLIENT;
1295 phpCAS::traceBegin();
1296 if ( !is_object($PHPCAS_CLIENT) ) {
1297 phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
1299 if ( gettype($cert) != 'string' ) {
1300 phpCAS::error('type mismatched for parameter $cert (should be `string\')');
1302 $PHPCAS_CLIENT->setCasServerCACert($cert);
1307 * Set no SSL validation for the CAS server.
1309 function setNoCasServerValidation()
1311 global $PHPCAS_CLIENT;
1312 phpCAS::traceBegin();
1313 if ( !is_object($PHPCAS_CLIENT) ) {
1314 phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
1316 $PHPCAS_CLIENT->setNoCasServerValidation();
1323 * Change CURL options.
1324 * CURL is used to connect through HTTPS to CAS server
1325 * @param $key the option key
1326 * @param $value the value to set
1328 function setExtraCurlOption($key, $value)
1330 global $PHPCAS_CLIENT;
1331 phpCAS::traceBegin();
1332 if ( !is_object($PHPCAS_CLIENT) ) {
1333 phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
1335 $PHPCAS_CLIENT->setExtraCurlOption($key, $value);
1341 // ########################################################################
1343 // ########################################################################
1345 // ########################################################################
1351 * The following pages only show the source documentation.
1355 // ########################################################################
1356 // MODULES DEFINITION
1358 /** @defgroup public User interface */
1360 /** @defgroup publicInit Initialization
1361 * @ingroup public */
1363 /** @defgroup publicAuth Authentication
1364 * @ingroup public */
1366 /** @defgroup publicServices Access to external services
1367 * @ingroup public */
1369 /** @defgroup publicConfig Configuration
1370 * @ingroup public */
1372 /** @defgroup publicLang Internationalization
1373 * @ingroup publicConfig */
1375 /** @defgroup publicOutput HTML output
1376 * @ingroup publicConfig */
1378 /** @defgroup publicPGTStorage PGT storage
1379 * @ingroup publicConfig */
1381 /** @defgroup publicDebug Debugging
1382 * @ingroup public */
1385 /** @defgroup internal Implementation */
1387 /** @defgroup internalAuthentication Authentication
1388 * @ingroup internal */
1390 /** @defgroup internalBasic CAS Basic client features (CAS 1.0, Service Tickets)
1391 * @ingroup internal */
1393 /** @defgroup internalProxy CAS Proxy features (CAS 2.0, Proxy Granting Tickets)
1394 * @ingroup internal */
1396 /** @defgroup internalPGTStorage PGT storage
1397 * @ingroup internalProxy */
1399 /** @defgroup internalPGTStorageDB PGT storage in a database
1400 * @ingroup internalPGTStorage */
1402 /** @defgroup internalPGTStorageFile PGT storage on the filesystem
1403 * @ingroup internalPGTStorage */
1405 /** @defgroup internalCallback Callback from the CAS server
1406 * @ingroup internalProxy */
1408 /** @defgroup internalProxied CAS proxied client features (CAS 2.0, Proxy Tickets)
1409 * @ingroup internal */
1411 /** @defgroup internalConfig Configuration
1412 * @ingroup internal */
1414 /** @defgroup internalOutput HTML output
1415 * @ingroup internalConfig */
1417 /** @defgroup internalLang Internationalization
1418 * @ingroup internalConfig
1420 * To add a new language:
1421 * - 1. define a new constant PHPCAS_LANG_XXXXXX in CAS/CAS.php
1422 * - 2. copy any file from CAS/languages to CAS/languages/XXXXXX.php
1423 * - 3. Make the translations
1426 /** @defgroup internalDebug Debugging
1427 * @ingroup internal */
1429 /** @defgroup internalMisc Miscellaneous
1430 * @ingroup internal */
1432 // ########################################################################
1436 * @example example_simple.php
1439 * @example example_proxy.php
1442 * @example example_proxy2.php
1445 * @example example_lang.php
1448 * @example example_html.php
1451 * @example example_file.php
1454 * @example example_db.php
1457 * @example example_service.php
1460 * @example example_session_proxy.php
1463 * @example example_session_service.php
1466 * @example example_gateway.php