-<?php
-
-// commented in 0.4.22-RC2 for Sylvain Derosiaux
-// error_reporting(E_ALL ^ E_NOTICE);
-
-//
-// hack by Vangelis Haniotakis to handle the absence of $_SERVER['REQUEST_URI'] in IIS
-//
-if (!$_SERVER['REQUEST_URI']) {
- $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING'];
-}
-
-//
-// another one by Vangelis Haniotakis also to make phpCAS work with PHP5
-//
-if (version_compare(PHP_VERSION,'5','>=')) {
- require_once(dirname(__FILE__).'/CAS/domxml-php4-php5.php');
-}
-
-/**
- * @file CAS/CAS.php
- * Interface class of the phpCAS library
- *
- * @ingroup public
- */
-
-// ########################################################################
-// CONSTANTS
-// ########################################################################
-
-// ------------------------------------------------------------------------
-// CAS VERSIONS
-// ------------------------------------------------------------------------
-
-/**
- * phpCAS version. accessible for the user by phpCAS::getVersion().
- */
-define('PHPCAS_VERSION','1.0.1');
-
-// ------------------------------------------------------------------------
-// CAS VERSIONS
-// ------------------------------------------------------------------------
- /**
- * @addtogroup public
- * @{
- */
-
-/**
- * CAS version 1.0
- */
-define("CAS_VERSION_1_0",'1.0');
-/*!
- * CAS version 2.0
- */
-define("CAS_VERSION_2_0",'2.0');
-
-/** @} */
- /**
- * @addtogroup publicPGTStorage
- * @{
- */
-// ------------------------------------------------------------------------
-// FILE PGT STORAGE
-// ------------------------------------------------------------------------
- /**
- * Default path used when storing PGT's to file
- */
-define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH",'/tmp');
-/**
- * phpCAS::setPGTStorageFile()'s 2nd parameter to write plain text files
- */
-define("CAS_PGT_STORAGE_FILE_FORMAT_PLAIN",'plain');
-/**
- * phpCAS::setPGTStorageFile()'s 2nd parameter to write xml files
- */
-define("CAS_PGT_STORAGE_FILE_FORMAT_XML",'xml');
-/**
- * Default format used when storing PGT's to file
- */
-define("CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT",CAS_PGT_STORAGE_FILE_FORMAT_PLAIN);
-// ------------------------------------------------------------------------
-// DATABASE PGT STORAGE
-// ------------------------------------------------------------------------
- /**
- * default database type when storing PGT's to database
- */
-define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE",'mysql');
-/**
- * default host when storing PGT's to database
- */
-define("CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME",'localhost');
-/**
- * default port when storing PGT's to database
- */
-define("CAS_PGT_STORAGE_DB_DEFAULT_PORT",'');
-/**
- * default database when storing PGT's to database
- */
-define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE",'phpCAS');
-/**
- * default table when storing PGT's to database
- */
-define("CAS_PGT_STORAGE_DB_DEFAULT_TABLE",'pgt');
-
-/** @} */
-// ------------------------------------------------------------------------
-// SERVICE ACCESS ERRORS
-// ------------------------------------------------------------------------
- /**
- * @addtogroup publicServices
- * @{
- */
-
-/**
- * phpCAS::service() error code on success
- */
-define("PHPCAS_SERVICE_OK",0);
-/**
- * phpCAS::service() error code when the PT could not retrieve because
- * the CAS server did not respond.
- */
-define("PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE",1);
-/**
- * phpCAS::service() error code when the PT could not retrieve because
- * the response of the CAS server was ill-formed.
- */
-define("PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE",2);
-/**
- * phpCAS::service() error code when the PT could not retrieve because
- * the CAS server did not want to.
- */
-define("PHPCAS_SERVICE_PT_FAILURE",3);
-/**
- * phpCAS::service() error code when the service was not available.
- */
-define("PHPCAS_SERVICE_NOT AVAILABLE",4);
-
-/** @} */
-// ------------------------------------------------------------------------
-// LANGUAGES
-// ------------------------------------------------------------------------
- /**
- * @addtogroup publicLang
- * @{
- */
-
-define("PHPCAS_LANG_ENGLISH", 'english');
-define("PHPCAS_LANG_FRENCH", 'french');
-define("PHPCAS_LANG_GREEK", 'greek');
-define("PHPCAS_LANG_GERMAN", 'german');
-define("PHPCAS_LANG_JAPANESE", 'japanese');
-define("PHPCAS_LANG_SPANISH", 'spanish');
-define("PHPCAS_LANG_CATALAN", 'catalan');
-
-/** @} */
-
-/**
- * @addtogroup internalLang
- * @{
- */
-
-/**
- * phpCAS default language (when phpCAS::setLang() is not used)
- */
-define("PHPCAS_LANG_DEFAULT", PHPCAS_LANG_ENGLISH);
-
-/** @} */
-// ------------------------------------------------------------------------
-// DEBUG
-// ------------------------------------------------------------------------
- /**
- * @addtogroup publicDebug
- * @{
- */
-
-/**
- * The default directory for the debug file under Unix.
- */
-define('DEFAULT_DEBUG_DIR','/tmp/');
-
-/** @} */
-// ------------------------------------------------------------------------
-// MISC
-// ------------------------------------------------------------------------
- /**
- * @addtogroup internalMisc
- * @{
- */
-
-/**
- * This global variable is used by the interface class phpCAS.
- *
- * @hideinitializer
- */
-$GLOBALS['PHPCAS_CLIENT'] = null;
-
-/**
- * This global variable is used to store where the initializer is called from
- * (to print a comprehensive error in case of multiple calls).
- *
- * @hideinitializer
- */
-$GLOBALS['PHPCAS_INIT_CALL'] = array('done' => FALSE,
- 'file' => '?',
- 'line' => -1,
- 'method' => '?');
-
-/**
- * This global variable is used to store where the method checking
- * the authentication is called from (to print comprehensive errors)
- *
- * @hideinitializer
- */
-$GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array('done' => FALSE,
- 'file' => '?',
- 'line' => -1,
- 'method' => '?',
- 'result' => FALSE);
-
-/**
- * This global variable is used to store phpCAS debug mode.
- *
- * @hideinitializer
- */
-$GLOBALS['PHPCAS_DEBUG'] = array('filename' => FALSE,
- 'indent' => 0,
- 'unique_id' => '');
-
-/** @} */
-
-// ########################################################################
-// CLIENT CLASS
-// ########################################################################
-
-// include client class
-include_once(dirname(__FILE__).'/CAS/client.php');
-
-// ########################################################################
-// INTERFACE CLASS
-// ########################################################################
-
-/**
- * @class phpCAS
- * The phpCAS class is a simple container for the phpCAS library. It provides CAS
- * authentication for web applications written in PHP.
- *
- * @ingroup public
- * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
- *
- * \internal All its methods access the same object ($PHPCAS_CLIENT, declared
- * at the end of CAS/client.php).
- */
-
-
-
-class phpCAS
-{
-
- // ########################################################################
- // INITIALIZATION
- // ########################################################################
-
- /**
- * @addtogroup publicInit
- * @{
- */
-
- /**
- * phpCAS client initializer.
- * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
- * called, only once, and before all other methods (except phpCAS::getVersion()
- * and phpCAS::setDebug()).
- *
- * @param $server_version the version of the CAS server
- * @param $server_hostname the hostname of the CAS server
- * @param $server_port the port the CAS server is running on
- * @param $server_uri the URI the CAS server is responding on
- * @param $start_session Have phpCAS start PHP sessions (default true)
- *
- * @return a newly created CASClient object
- */
- function client($server_version,
- $server_hostname,
- $server_port,
- $server_uri,
- $start_session = true)
- {
- global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;
-
- phpCAS::traceBegin();
- if ( is_object($PHPCAS_CLIENT) ) {
- phpCAS::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')');
- }
- if ( gettype($server_version) != 'string' ) {
- phpCAS::error('type mismatched for parameter $server_version (should be `string\')');
- }
- if ( gettype($server_hostname) != 'string' ) {
- phpCAS::error('type mismatched for parameter $server_hostname (should be `string\')');
- }
- if ( gettype($server_port) != 'integer' ) {
- phpCAS::error('type mismatched for parameter $server_port (should be `integer\')');
- }
- if ( gettype($server_uri) != 'string' ) {
- phpCAS::error('type mismatched for parameter $server_uri (should be `string\')');
- }
-
- // store where the initialzer is called from
- $dbg = phpCAS::backtrace();
- $PHPCAS_INIT_CALL = array('done' => TRUE,
- 'file' => $dbg[0]['file'],
- 'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__);
-
- // initialize the global object $PHPCAS_CLIENT
- $PHPCAS_CLIENT = new CASClient($server_version,FALSE/*proxy*/,$server_hostname,$server_port,$server_uri,$start_session);
- phpCAS::traceEnd();
- }
-
- /**
- * phpCAS proxy initializer.
- * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
- * called, only once, and before all other methods (except phpCAS::getVersion()
- * and phpCAS::setDebug()).
- *
- * @param $server_version the version of the CAS server
- * @param $server_hostname the hostname of the CAS server
- * @param $server_port the port the CAS server is running on
- * @param $server_uri the URI the CAS server is responding on
- * @param $start_session Have phpCAS start PHP sessions (default true)
- *
- * @return a newly created CASClient object
- */
- function proxy($server_version,
- $server_hostname,
- $server_port,
- $server_uri,
- $start_session = true)
- {
- global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;
-
- phpCAS::traceBegin();
- if ( is_object($PHPCAS_CLIENT) ) {
- phpCAS::error($PHPCAS_INIT_CALL['method'].'() has already been called (at '.$PHPCAS_INIT_CALL['file'].':'.$PHPCAS_INIT_CALL['line'].')');
- }
- if ( gettype($server_version) != 'string' ) {
- phpCAS::error('type mismatched for parameter $server_version (should be `string\')');
- }
- if ( gettype($server_hostname) != 'string' ) {
- phpCAS::error('type mismatched for parameter $server_hostname (should be `string\')');
- }
- if ( gettype($server_port) != 'integer' ) {
- phpCAS::error('type mismatched for parameter $server_port (should be `integer\')');
- }
- if ( gettype($server_uri) != 'string' ) {
- phpCAS::error('type mismatched for parameter $server_uri (should be `string\')');
- }
-
- // store where the initialzer is called from
- $dbg = phpCAS::backtrace();
- $PHPCAS_INIT_CALL = array('done' => TRUE,
- 'file' => $dbg[0]['file'],
- 'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__);
-
- // initialize the global object $PHPCAS_CLIENT
- $PHPCAS_CLIENT = new CASClient($server_version,TRUE/*proxy*/,$server_hostname,$server_port,$server_uri,$start_session);
- phpCAS::traceEnd();
- }
-
- /** @} */
- // ########################################################################
- // DEBUGGING
- // ########################################################################
-
- /**
- * @addtogroup publicDebug
- * @{
- */
-
- /**
- * Set/unset debug mode
- *
- * @param $filename the name of the file used for logging, or FALSE to stop debugging.
- */
- function setDebug($filename='')
- {
- global $PHPCAS_DEBUG;
-
- if ( $filename != FALSE && gettype($filename) != 'string' ) {
- phpCAS::error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)');
- }
-
- if ( empty($filename) ) {
- if ( preg_match('/^Win.*/',getenv('OS')) ) {
- if ( isset($_ENV['TMP']) ) {
- $debugDir = $_ENV['TMP'].'/';
- } else if ( isset($_ENV['TEMP']) ) {
- $debugDir = $_ENV['TEMP'].'/';
- } else {
- $debugDir = '';
- }
- } else {
- $debugDir = DEFAULT_DEBUG_DIR;
- }
- $filename = $debugDir . 'phpCAS.log';
- }
-
- if ( empty($PHPCAS_DEBUG['unique_id']) ) {
- $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))),0,4);
- }
-
- $PHPCAS_DEBUG['filename'] = $filename;
-
- phpCAS::trace('START ******************');
- }
-
- /** @} */
- /**
- * @addtogroup internalDebug
- * @{
- */
-
- /**
- * This method is a wrapper for debug_backtrace() that is not available
- * in all PHP versions (>= 4.3.0 only)
- */
- function backtrace()
- {
- if ( function_exists('debug_backtrace') ) {
- return debug_backtrace();
- } else {
- // poor man's hack ... but it does work ...
- return array();
- }
- }
-
- /**
- * Logs a string in debug mode.
- *
- * @param $str the string to write
- *
- * @private
- */
- function log($str)
- {
- $indent_str = ".";
- global $PHPCAS_DEBUG;
-
- if ( $PHPCAS_DEBUG['filename'] ) {
- for ($i=0;$i<$PHPCAS_DEBUG['indent'];$i++) {
- $indent_str .= '| ';
- }
- error_log($PHPCAS_DEBUG['unique_id'].' '.$indent_str.$str."\n",3,$PHPCAS_DEBUG['filename']);
- }
-
- }
-
- /**
- * This method is used by interface methods to print an error and where the function
- * was originally called from.
- *
- * @param $msg the message to print
- *
- * @private
- */
- function error($msg)
- {
- $dbg = phpCAS::backtrace();
- $function = '?';
- $file = '?';
- $line = '?';
- if ( is_array($dbg) ) {
- for ( $i=1; $i<sizeof($dbg); $i++) {
- if ( is_array($dbg[$i]) ) {
- if ( $dbg[$i]['class'] == __CLASS__ ) {
- $function = $dbg[$i]['function'];
- $file = $dbg[$i]['file'];
- $line = $dbg[$i]['line'];
- }
- }
- }
- }
- echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>".__CLASS__."::".$function.'(): '.htmlentities($msg)."</b></font> in <b>".$file."</b> on line <b>".$line."</b><br />\n";
- phpCAS::trace($msg);
- phpCAS::traceExit();
- exit();
- }
-
- /**
- * This method is used to log something in debug mode.
- */
- function trace($str)
- {
- $dbg = phpCAS::backtrace();
- phpCAS::log($str.' ['.basename($dbg[1]['file']).':'.$dbg[1]['line'].']');
- }
-
- /**
- * This method is used to indicate the start of the execution of a function in debug mode.
- */
- function traceBegin()
- {
- global $PHPCAS_DEBUG;
-
- $dbg = phpCAS::backtrace();
- $str = '=> ';
- if ( !empty($dbg[2]['class']) ) {
- $str .= $dbg[2]['class'].'::';
- }
- $str .= $dbg[2]['function'].'(';
- if ( is_array($dbg[2]['args']) ) {
- foreach ($dbg[2]['args'] as $index => $arg) {
- if ( $index != 0 ) {
- $str .= ', ';
- }
- $str .= str_replace("\n","",var_export($arg,TRUE));
- }
- }
- $str .= ') ['.basename($dbg[2]['file']).':'.$dbg[2]['line'].']';
- phpCAS::log($str);
- $PHPCAS_DEBUG['indent'] ++;
- }
-
- /**
- * This method is used to indicate the end of the execution of a function in debug mode.
- *
- * @param $res the result of the function
- */
- function traceEnd($res='')
- {
- global $PHPCAS_DEBUG;
-
- $PHPCAS_DEBUG['indent'] --;
- $dbg = phpCAS::backtrace();
- $str = '';
- $str .= '<= '.str_replace("\n","",var_export($res,TRUE));
- phpCAS::log($str);
- }
-
- /**
- * This method is used to indicate the end of the execution of the program
- */
- function traceExit()
- {
- global $PHPCAS_DEBUG;
-
- phpCAS::log('exit()');
- while ( $PHPCAS_DEBUG['indent'] > 0 ) {
- phpCAS::log('-');
- $PHPCAS_DEBUG['indent'] --;
- }
- }
-
- /** @} */
- // ########################################################################
- // INTERNATIONALIZATION
- // ########################################################################
- /**
- * @addtogroup publicLang
- * @{
- */
-
- /**
- * This method is used to set the language used by phpCAS.
- * @note Can be called only once.
- *
- * @param $lang a string representing the language.
- *
- * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH
- */
- function setLang($lang)
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- if ( gettype($lang) != 'string' ) {
- phpCAS::error('type mismatched for parameter $lang (should be `string\')');
- }
- $PHPCAS_CLIENT->setLang($lang);
- }
-
- /** @} */
- // ########################################################################
- // VERSION
- // ########################################################################
- /**
- * @addtogroup public
- * @{
- */
-
- /**
- * This method returns the phpCAS version.
- *
- * @return the phpCAS version.
- */
- function getVersion()
- {
- return PHPCAS_VERSION;
- }
-
- /** @} */
- // ########################################################################
- // HTML OUTPUT
- // ########################################################################
- /**
- * @addtogroup publicOutput
- * @{
- */
-
- /**
- * This method sets the HTML header used for all outputs.
- *
- * @param $header the HTML header.
- */
- function setHTMLHeader($header)
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- if ( gettype($header) != 'string' ) {
- phpCAS::error('type mismatched for parameter $header (should be `string\')');
- }
- $PHPCAS_CLIENT->setHTMLHeader($header);
- }
-
- /**
- * This method sets the HTML footer used for all outputs.
- *
- * @param $footer the HTML footer.
- */
- function setHTMLFooter($footer)
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- if ( gettype($footer) != 'string' ) {
- phpCAS::error('type mismatched for parameter $footer (should be `string\')');
- }
- $PHPCAS_CLIENT->setHTMLFooter($footer);
- }
-
- /** @} */
- // ########################################################################
- // PGT STORAGE
- // ########################################################################
- /**
- * @addtogroup publicPGTStorage
- * @{
- */
-
- /**
- * This method is used to tell phpCAS to store the response of the
- * CAS server to PGT requests onto the filesystem.
- *
- * @param $format the format used to store the PGT's (`plain' and `xml' allowed)
- * @param $path the path where the PGT's should be stored
- */
- function setPGTStorageFile($format='',
- $path='')
- {
- global $PHPCAS_CLIENT,$PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( !$PHPCAS_CLIENT->isProxy() ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( $PHPCAS_AUTH_CHECK_CALL['done'] ) {
- phpCAS::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')');
- }
- if ( gettype($format) != 'string' ) {
- phpCAS::error('type mismatched for parameter $format (should be `string\')');
- }
- if ( gettype($path) != 'string' ) {
- phpCAS::error('type mismatched for parameter $format (should be `string\')');
- }
- $PHPCAS_CLIENT->setPGTStorageFile($format,$path);
- phpCAS::traceEnd();
- }
-
- /**
- * This method is used to tell phpCAS to store the response of the
- * CAS server to PGT requests into a database.
- * @note The connection to the database is done only when needed.
- * As a consequence, bad parameters are detected only when
- * initializing PGT storage, except in debug mode.
- *
- * @param $user the user to access the data with
- * @param $password the user's password
- * @param $database_type the type of the database hosting the data
- * @param $hostname the server hosting the database
- * @param $port the port the server is listening on
- * @param $database the name of the database
- * @param $table the name of the table storing the data
- */
- function setPGTStorageDB($user,
- $password,
- $database_type='',
- $hostname='',
- $port=0,
- $database='',
- $table='')
- {
- global $PHPCAS_CLIENT,$PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( !$PHPCAS_CLIENT->isProxy() ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( $PHPCAS_AUTH_CHECK_CALL['done'] ) {
- phpCAS::error('this method should only be called before '.$PHPCAS_AUTH_CHECK_CALL['method'].'() (called at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].')');
- }
- if ( gettype($user) != 'string' ) {
- phpCAS::error('type mismatched for parameter $user (should be `string\')');
- }
- if ( gettype($password) != 'string' ) {
- phpCAS::error('type mismatched for parameter $password (should be `string\')');
- }
- if ( gettype($database_type) != 'string' ) {
- phpCAS::error('type mismatched for parameter $database_type (should be `string\')');
- }
- if ( gettype($hostname) != 'string' ) {
- phpCAS::error('type mismatched for parameter $hostname (should be `string\')');
- }
- if ( gettype($port) != 'integer' ) {
- phpCAS::error('type mismatched for parameter $port (should be `integer\')');
- }
- if ( gettype($database) != 'string' ) {
- phpCAS::error('type mismatched for parameter $database (should be `string\')');
- }
- if ( gettype($table) != 'string' ) {
- phpCAS::error('type mismatched for parameter $table (should be `string\')');
- }
- $PHPCAS_CLIENT->setPGTStorageDB($this,$user,$password,$hostname,$port,$database,$table);
- phpCAS::traceEnd();
- }
-
- /** @} */
- // ########################################################################
- // ACCESS TO EXTERNAL SERVICES
- // ########################################################################
- /**
- * @addtogroup publicServices
- * @{
- */
-
- /**
- * This method is used to access an HTTP[S] service.
- *
- * @param $url the service to access.
- * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
- * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
- * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
- * @param $output the output of the service (also used to give an error
- * message on failure).
- *
- * @return TRUE on success, FALSE otherwise (in this later case, $err_code
- * gives the reason why it failed and $output contains an error message).
- */
- function serviceWeb($url,&$err_code,&$output)
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( !$PHPCAS_CLIENT->isProxy() ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) {
- phpCAS::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()');
- }
- if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) {
- phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
- }
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be `string\')');
- }
-
- $res = $PHPCAS_CLIENT->serviceWeb($url,$err_code,$output);
-
- phpCAS::traceEnd($res);
- return $res;
- }
-
- /**
- * This method is used to access an IMAP/POP3/NNTP service.
- *
- * @param $url a string giving the URL of the service, including the mailing box
- * for IMAP URLs, as accepted by imap_open().
- * @param $flags options given to imap_open().
- * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
- * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
- * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
- * @param $err_msg an error message on failure
- * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL
- * on success, FALSE on error).
- *
- * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code
- * gives the reason why it failed and $err_msg contains an error message).
- */
- function serviceMail($url,$flags,&$err_code,&$err_msg,&$pt)
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( !$PHPCAS_CLIENT->isProxy() ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) {
- phpCAS::error('this method should only be called after the programmer is sure the user has been authenticated (by calling '.__CLASS__.'::checkAuthentication() or '.__CLASS__.'::forceAuthentication()');
- }
- if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) {
- phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
- }
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be `string\')');
- }
-
- if ( gettype($flags) != 'integer' ) {
- phpCAS::error('type mismatched for parameter $flags (should be `integer\')');
- }
-
- $res = $PHPCAS_CLIENT->serviceMail($url,$flags,$err_code,$err_msg,$pt);
-
- phpCAS::traceEnd($res);
- return $res;
- }
-
- /** @} */
- // ########################################################################
- // AUTHENTICATION
- // ########################################################################
- /**
- * @addtogroup publicAuth
- * @{
- */
-
- /**
- * Set the times authentication will be cached before really accessing the CAS server in gateway mode:
- * - -1: check only once, and then never again (until you pree login)
- * - 0: always check
- * - n: check every "n" time
- *
- * @param $n an integer.
- */
- function setCacheTimesForAuthRecheck($n)
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- if ( gettype($n) != 'integer' ) {
- phpCAS::error('type mismatched for parameter $header (should be `string\')');
- }
- $PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n);
- }
-
- /**
- * This method is called to check if the user is authenticated (use the gateway feature).
- * @return TRUE when the user is authenticated; otherwise FALSE.
- */
- function checkAuthentication()
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
-
- $auth = $PHPCAS_CLIENT->checkAuthentication();
-
- // store where the authentication has been checked and the result
- $dbg = phpCAS::backtrace();
- $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE,
- 'file' => $dbg[0]['file'],
- 'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__,
- 'result' => $auth );
- phpCAS::traceEnd($auth);
- return $auth;
- }
-
- /**
- * This method is called to force authentication if the user was not already
- * authenticated. If the user is not authenticated, halt by redirecting to
- * the CAS server.
- */
- function forceAuthentication()
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
-
- $auth = $PHPCAS_CLIENT->forceAuthentication();
-
- // store where the authentication has been checked and the result
- $dbg = phpCAS::backtrace();
- $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE,
- 'file' => $dbg[0]['file'],
- 'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__,
- 'result' => $auth );
-
- if ( !$auth ) {
- phpCAS::trace('user is not authenticated, redirecting to the CAS server');
- $PHPCAS_CLIENT->forceAuthentication();
- } else {
- phpCAS::trace('no need to authenticate (user `'.phpCAS::getUser().'\' is already authenticated)');
- }
-
- phpCAS::traceEnd();
- return $auth;
- }
-
- /**
- * This method is called to renew the authentication.
- **/
- function renewAuthentication() {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before'.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
-
- // store where the authentication has been checked and the result
- $dbg = phpCAS::backtrace();
- $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], 'method' => __CLASS__.'::'.__FUNCTION__, 'result' => $auth );
-
- $PHPCAS_CLIENT->renewAuthentication();
- phpCAS::traceEnd();
- }
-
- /**
- * This method has been left from version 0.4.1 for compatibility reasons.
- */
- function authenticate()
- {
- phpCAS::error('this method is deprecated. You should use '.__CLASS__.'::forceAuthentication() instead');
- }
-
- /**
- * This method is called to check if the user is authenticated (previously or by
- * tickets given in the URL).
- *
- * @return TRUE when the user is authenticated.
- */
- function isAuthenticated()
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
-
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
-
- // call the isAuthenticated method of the global $PHPCAS_CLIENT object
- $auth = $PHPCAS_CLIENT->isAuthenticated();
-
- // store where the authentication has been checked and the result
- $dbg = phpCAS::backtrace();
- $PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE,
- 'file' => $dbg[0]['file'],
- 'line' => $dbg[0]['line'],
- 'method' => __CLASS__.'::'.__FUNCTION__,
- 'result' => $auth );
- phpCAS::traceEnd($auth);
- return $auth;
- }
-
- /**
- * Checks whether authenticated based on $_SESSION. Useful to avoid
- * server calls.
- * @return true if authenticated, false otherwise.
- * @since 0.4.22 by Brendan Arnold
- */
- function isSessionAuthenticated ()
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- return($PHPCAS_CLIENT->isSessionAuthenticated());
- }
-
- /**
- * This method returns the CAS user's login name.
- * @warning should not be called only after phpCAS::forceAuthentication()
- * or phpCAS::checkAuthentication().
- *
- * @return the login name of the authenticated user
- */
- function getUser()
- {
- global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- if ( !$PHPCAS_AUTH_CHECK_CALL['done'] ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
- }
- if ( !$PHPCAS_AUTH_CHECK_CALL['result'] ) {
- phpCAS::error('authentication was checked (by '.$PHPCAS_AUTH_CHECK_CALL['method'].'() at '.$PHPCAS_AUTH_CHECK_CALL['file'].':'.$PHPCAS_AUTH_CHECK_CALL['line'].') but the method returned FALSE');
- }
- return $PHPCAS_CLIENT->getUser();
- }
-
- /**
- * Handle logout requests.
- */
- function handleLogoutRequests($check_client=true, $allowed_clients=false)
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- return($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients));
- }
-
- /**
- * This method returns the URL to be used to login.
- * or phpCAS::isAuthenticated().
- *
- * @return the login name of the authenticated user
- */
- function getServerLoginURL()
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- return $PHPCAS_CLIENT->getServerLoginURL();
- }
-
- /**
- * Set the login URL of the CAS server.
- * @param $url the login URL
- * @since 0.4.21 by Wyman Chan
- */
- function setServerLoginURL($url='')
- {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after
- '.__CLASS__.'::client()');
- }
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be
- `string\')');
- }
- $PHPCAS_CLIENT->setServerLoginURL($url);
- phpCAS::traceEnd();
- }
-
- /**
- * This method returns the URL to be used to login.
- * or phpCAS::isAuthenticated().
- *
- * @return the login name of the authenticated user
- */
- function getServerLogoutURL()
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should not be called before '.__CLASS__.'::client() or '.__CLASS__.'::proxy()');
- }
- return $PHPCAS_CLIENT->getServerLogoutURL();
- }
-
- /**
- * Set the logout URL of the CAS server.
- * @param $url the logout URL
- * @since 0.4.21 by Wyman Chan
- */
- function setServerLogoutURL($url='')
- {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after
- '.__CLASS__.'::client()');
- }
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be
- `string\')');
- }
- $PHPCAS_CLIENT->setServerLogoutURL($url);
- phpCAS::traceEnd();
- }
-
- /**
- * This method is used to logout from CAS.
- * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server
- * @public
- */
- function logout($params = "") {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if (!is_object($PHPCAS_CLIENT)) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- $parsedParams = array();
- if ($params != "") {
- if (is_string($params)) {
- phpCAS::error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead');
- }
- if (!is_array($params)) {
- phpCAS::error('type mismatched for parameter $params (should be `array\')');
- }
- foreach ($params as $key => $value) {
- if ($key != "service" && $key != "url") {
- phpCAS::error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\'');
- }
- $parsedParams[$key] = $value;
- }
- }
- $PHPCAS_CLIENT->logout($parsedParams);
- // never reached
- phpCAS::traceEnd();
- }
-
- /**
- * This method is used to logout from CAS. Halts by redirecting to the CAS server.
- * @param $service a URL that will be transmitted to the CAS server
- */
- function logoutWithRedirectService($service) {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- if (!is_string($service)) {
- phpCAS::error('type mismatched for parameter $service (should be `string\')');
- }
- $PHPCAS_CLIENT->logout(array("service" => $service));
- // never reached
- phpCAS::traceEnd();
- }
-
- /**
- * This method is used to logout from CAS. Halts by redirecting to the CAS server.
- * @param $url a URL that will be transmitted to the CAS server
- */
- function logoutWithUrl($url) {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- if (!is_string($url)) {
- phpCAS::error('type mismatched for parameter $url (should be `string\')');
- }
- $PHPCAS_CLIENT->logout(array("url" => $url));
- // never reached
- phpCAS::traceEnd();
- }
-
- /**
- * This method is used to logout from CAS. Halts by redirecting to the CAS server.
- * @param $service a URL that will be transmitted to the CAS server
- * @param $url a URL that will be transmitted to the CAS server
- */
- function logoutWithRedirectServiceAndUrl($service, $url) {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- if (!is_string($service)) {
- phpCAS::error('type mismatched for parameter $service (should be `string\')');
- }
- if (!is_string($url)) {
- phpCAS::error('type mismatched for parameter $url (should be `string\')');
- }
- $PHPCAS_CLIENT->logout(array("service" => $service, "url" => $url));
- // never reached
- phpCAS::traceEnd();
- }
-
- /**
- * Set the fixed URL that will be used by the CAS server to transmit the PGT.
- * When this method is not called, a phpCAS script uses its own URL for the callback.
- *
- * @param $url the URL
- */
- function setFixedCallbackURL($url='')
- {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( !$PHPCAS_CLIENT->isProxy() ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be `string\')');
- }
- $PHPCAS_CLIENT->setCallbackURL($url);
- phpCAS::traceEnd();
- }
-
- /**
- * Set the fixed URL that will be set as the CAS service parameter. When this
- * method is not called, a phpCAS script uses its own URL.
- *
- * @param $url the URL
- */
- function setFixedServiceURL($url)
- {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( gettype($url) != 'string' ) {
- phpCAS::error('type mismatched for parameter $url (should be `string\')');
- }
- $PHPCAS_CLIENT->setURL($url);
- phpCAS::traceEnd();
- }
-
- /**
- * Get the URL that is set as the CAS service parameter.
- */
- function getServiceURL()
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- return($PHPCAS_CLIENT->getURL());
- }
-
- /**
- * Retrieve a Proxy Ticket from the CAS server.
- */
- function retrievePT($target_service,&$err_code,&$err_msg)
- {
- global $PHPCAS_CLIENT;
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::proxy()');
- }
- if ( gettype($target_service) != 'string' ) {
- phpCAS::error('type mismatched for parameter $target_service(should be `string\')');
- }
- return($PHPCAS_CLIENT->retrievePT($target_service,$err_code,$err_msg));
- }
-
- /**
- * Set the certificate of the CAS server.
- *
- * @param $cert the PEM certificate
- */
- function setCasServerCert($cert)
- {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- if ( gettype($cert) != 'string' ) {
- phpCAS::error('type mismatched for parameter $cert (should be `string\')');
- }
- $PHPCAS_CLIENT->setCasServerCert($cert);
- phpCAS::traceEnd();
- }
-
- /**
- * Set the certificate of the CAS server CA.
- *
- * @param $cert the CA certificate
- */
- function setCasServerCACert($cert)
- {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- if ( gettype($cert) != 'string' ) {
- phpCAS::error('type mismatched for parameter $cert (should be `string\')');
- }
- $PHPCAS_CLIENT->setCasServerCACert($cert);
- phpCAS::traceEnd();
- }
-
- /**
- * Set no SSL validation for the CAS server.
- */
- function setNoCasServerValidation()
- {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- $PHPCAS_CLIENT->setNoCasServerValidation();
- phpCAS::traceEnd();
- }
-
- /** @} */
-
- /**
- * Change CURL options.
- * CURL is used to connect through HTTPS to CAS server
- * @param $key the option key
- * @param $value the value to set
- */
- function setExtraCurlOption($key, $value)
- {
- global $PHPCAS_CLIENT;
- phpCAS::traceBegin();
- if ( !is_object($PHPCAS_CLIENT) ) {
- phpCAS::error('this method should only be called after '.__CLASS__.'::client() or'.__CLASS__.'::proxy()');
- }
- $PHPCAS_CLIENT->setExtraCurlOption($key, $value);
- phpCAS::traceEnd();
- }
-
-}
-
-// ########################################################################
-// DOCUMENTATION
-// ########################################################################
-
-// ########################################################################
-// MAIN PAGE
-
-/**
- * @mainpage
- *
- * The following pages only show the source documentation.
- *
- */
-
-// ########################################################################
-// MODULES DEFINITION
-
-/** @defgroup public User interface */
-
-/** @defgroup publicInit Initialization
- * @ingroup public */
-
-/** @defgroup publicAuth Authentication
- * @ingroup public */
-
-/** @defgroup publicServices Access to external services
- * @ingroup public */
-
-/** @defgroup publicConfig Configuration
- * @ingroup public */
-
-/** @defgroup publicLang Internationalization
- * @ingroup publicConfig */
-
-/** @defgroup publicOutput HTML output
- * @ingroup publicConfig */
-
-/** @defgroup publicPGTStorage PGT storage
- * @ingroup publicConfig */
-
-/** @defgroup publicDebug Debugging
- * @ingroup public */
-
-
-/** @defgroup internal Implementation */
-
-/** @defgroup internalAuthentication Authentication
- * @ingroup internal */
-
-/** @defgroup internalBasic CAS Basic client features (CAS 1.0, Service Tickets)
- * @ingroup internal */
-
-/** @defgroup internalProxy CAS Proxy features (CAS 2.0, Proxy Granting Tickets)
- * @ingroup internal */
-
-/** @defgroup internalPGTStorage PGT storage
- * @ingroup internalProxy */
-
-/** @defgroup internalPGTStorageDB PGT storage in a database
- * @ingroup internalPGTStorage */
-
-/** @defgroup internalPGTStorageFile PGT storage on the filesystem
- * @ingroup internalPGTStorage */
-
-/** @defgroup internalCallback Callback from the CAS server
- * @ingroup internalProxy */
-
-/** @defgroup internalProxied CAS proxied client features (CAS 2.0, Proxy Tickets)
- * @ingroup internal */
-
-/** @defgroup internalConfig Configuration
- * @ingroup internal */
-
-/** @defgroup internalOutput HTML output
- * @ingroup internalConfig */
-
-/** @defgroup internalLang Internationalization
- * @ingroup internalConfig
- *
- * To add a new language:
- * - 1. define a new constant PHPCAS_LANG_XXXXXX in CAS/CAS.php
- * - 2. copy any file from CAS/languages to CAS/languages/XXXXXX.php
- * - 3. Make the translations
- */
-
-/** @defgroup internalDebug Debugging
- * @ingroup internal */
-
-/** @defgroup internalMisc Miscellaneous
- * @ingroup internal */
-
-// ########################################################################
-// EXAMPLES
-
-/**
- * @example example_simple.php
- */
- /**
- * @example example_proxy.php
- */
- /**
- * @example example_proxy2.php
- */
- /**
- * @example example_lang.php
- */
- /**
- * @example example_html.php
- */
- /**
- * @example example_file.php
- */
- /**
- * @example example_db.php
- */
- /**
- * @example example_service.php
- */
- /**
- * @example example_session_proxy.php
- */
- /**
- * @example example_session_service.php
- */
- /**
- * @example example_gateway.php
- */
-
-
-
-?>
+<?php\r
+\r
+/*\r
+ * Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.\r
+ * All rights reserved.\r
+ * \r
+ * Redistribution and use in source and binary forms, with or without\r
+ * modification, are permitted provided that the following conditions are met:\r
+ * \r
+ * * Redistributions of source code must retain the above copyright notice,\r
+ * this list of conditions and the following disclaimer.\r
+ * * Redistributions in binary form must reproduce the above copyright notice,\r
+ * this list of conditions and the following disclaimer in the documentation\r
+ * and/or other materials provided with the distribution.\r
+ * * Neither the name of the ESUP-Portail consortium & the JA-SIG\r
+ * Collaborative nor the names of its contributors may be used to endorse or\r
+ * promote products derived from this software without specific prior\r
+ * written permission.\r
+\r
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND\r
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\r
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\r
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR\r
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\r
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\r
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON\r
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\r
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\r
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\r
+ */\r
+\r
+//\r
+// hack by Vangelis Haniotakis to handle the absence of $_SERVER['REQUEST_URI'] in IIS\r
+//\r
+if (!$_SERVER['REQUEST_URI']) {\r
+ $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];\r
+}\r
+\r
+//\r
+// another one by Vangelis Haniotakis also to make phpCAS work with PHP5\r
+//\r
+if (version_compare(PHP_VERSION, '5', '>=') && !(function_exists('domxml_new_doc'))) {\r
+ require_once (dirname(__FILE__) . '/CAS/domxml-php4-to-php5.php');\r
+}\r
+\r
+/**\r
+ * @file CAS/CAS.php\r
+ * Interface class of the phpCAS library\r
+ *\r
+ * @ingroup public\r
+ */\r
+\r
+// ########################################################################\r
+// CONSTANTS\r
+// ########################################################################\r
+\r
+// ------------------------------------------------------------------------\r
+// CAS VERSIONS\r
+// ------------------------------------------------------------------------\r
+\r
+/**\r
+ * phpCAS version. accessible for the user by phpCAS::getVersion().\r
+ */\r
+define('PHPCAS_VERSION', '1.1.2');\r
+\r
+// ------------------------------------------------------------------------\r
+// CAS VERSIONS\r
+// ------------------------------------------------------------------------\r
+/**\r
+ * @addtogroup public\r
+ * @{\r
+ */\r
+\r
+/**\r
+ * CAS version 1.0\r
+ */\r
+define("CAS_VERSION_1_0", '1.0');\r
+/*!\r
+ * CAS version 2.0\r
+ */\r
+define("CAS_VERSION_2_0", '2.0');\r
+\r
+// ------------------------------------------------------------------------\r
+// SAML defines\r
+// ------------------------------------------------------------------------\r
+\r
+/**\r
+ * SAML protocol\r
+ */\r
+define("SAML_VERSION_1_1", 'S1');\r
+\r
+/**\r
+ * XML header for SAML POST\r
+ */\r
+define("SAML_XML_HEADER", '<?xml version="1.0" encoding="UTF-8"?>');\r
+\r
+/**\r
+ * SOAP envelope for SAML POST\r
+ */\r
+define("SAML_SOAP_ENV", '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/>');\r
+\r
+/**\r
+ * SOAP body for SAML POST\r
+ */\r
+define("SAML_SOAP_BODY", '<SOAP-ENV:Body>');\r
+\r
+/**\r
+ * SAMLP request\r
+ */\r
+define("SAMLP_REQUEST", '<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="_192.168.16.51.1024506224022" IssueInstant="2002-06-19T17:03:44.022Z">');\r
+define("SAMLP_REQUEST_CLOSE", '</samlp:Request>');\r
+\r
+/**\r
+ * SAMLP artifact tag (for the ticket)\r
+ */\r
+define("SAML_ASSERTION_ARTIFACT", '<samlp:AssertionArtifact>');\r
+\r
+/**\r
+ * SAMLP close\r
+ */\r
+define("SAML_ASSERTION_ARTIFACT_CLOSE", '</samlp:AssertionArtifact>');\r
+\r
+/**\r
+ * SOAP body close\r
+ */\r
+define("SAML_SOAP_BODY_CLOSE", '</SOAP-ENV:Body>');\r
+\r
+/**\r
+ * SOAP envelope close\r
+ */\r
+define("SAML_SOAP_ENV_CLOSE", '</SOAP-ENV:Envelope>');\r
+\r
+/**\r
+ * SAML Attributes\r
+ */\r
+define("SAML_ATTRIBUTES", 'SAMLATTRIBS');\r
+\r
+/** @} */\r
+/**\r
+ * @addtogroup publicPGTStorage\r
+ * @{\r
+ */\r
+// ------------------------------------------------------------------------\r
+// FILE PGT STORAGE\r
+// ------------------------------------------------------------------------\r
+/**\r
+ * Default path used when storing PGT's to file\r
+ */\r
+define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH", '/tmp');\r
+/**\r
+ * phpCAS::setPGTStorageFile()'s 2nd parameter to write plain text files\r
+ */\r
+define("CAS_PGT_STORAGE_FILE_FORMAT_PLAIN", 'plain');\r
+/**\r
+ * phpCAS::setPGTStorageFile()'s 2nd parameter to write xml files\r
+ */\r
+define("CAS_PGT_STORAGE_FILE_FORMAT_XML", 'xml');\r
+/**\r
+ * Default format used when storing PGT's to file\r
+ */\r
+define("CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT", CAS_PGT_STORAGE_FILE_FORMAT_PLAIN);\r
+// ------------------------------------------------------------------------\r
+// DATABASE PGT STORAGE\r
+// ------------------------------------------------------------------------\r
+/**\r
+ * default database type when storing PGT's to database\r
+ */\r
+define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE", 'mysql');\r
+/**\r
+ * default host when storing PGT's to database\r
+ */\r
+define("CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME", 'localhost');\r
+/**\r
+ * default port when storing PGT's to database\r
+ */\r
+define("CAS_PGT_STORAGE_DB_DEFAULT_PORT", '');\r
+/**\r
+ * default database when storing PGT's to database\r
+ */\r
+define("CAS_PGT_STORAGE_DB_DEFAULT_DATABASE", 'phpCAS');\r
+/**\r
+ * default table when storing PGT's to database\r
+ */\r
+define("CAS_PGT_STORAGE_DB_DEFAULT_TABLE", 'pgt');\r
+\r
+/** @} */\r
+// ------------------------------------------------------------------------\r
+// SERVICE ACCESS ERRORS\r
+// ------------------------------------------------------------------------\r
+/**\r
+ * @addtogroup publicServices\r
+ * @{\r
+ */\r
+\r
+/**\r
+ * phpCAS::service() error code on success\r
+ */\r
+define("PHPCAS_SERVICE_OK", 0);\r
+/**\r
+ * phpCAS::service() error code when the PT could not retrieve because\r
+ * the CAS server did not respond.\r
+ */\r
+define("PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE", 1);\r
+/**\r
+ * phpCAS::service() error code when the PT could not retrieve because\r
+ * the response of the CAS server was ill-formed.\r
+ */\r
+define("PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE", 2);\r
+/**\r
+ * phpCAS::service() error code when the PT could not retrieve because\r
+ * the CAS server did not want to.\r
+ */\r
+define("PHPCAS_SERVICE_PT_FAILURE", 3);\r
+/**\r
+ * phpCAS::service() error code when the service was not available.\r
+ */\r
+define("PHPCAS_SERVICE_NOT AVAILABLE", 4);\r
+\r
+/** @} */\r
+// ------------------------------------------------------------------------\r
+// LANGUAGES\r
+// ------------------------------------------------------------------------\r
+/**\r
+ * @addtogroup publicLang\r
+ * @{\r
+ */\r
+\r
+define("PHPCAS_LANG_ENGLISH", 'english');\r
+define("PHPCAS_LANG_FRENCH", 'french');\r
+define("PHPCAS_LANG_GREEK", 'greek');\r
+define("PHPCAS_LANG_GERMAN", 'german');\r
+define("PHPCAS_LANG_JAPANESE", 'japanese');\r
+define("PHPCAS_LANG_SPANISH", 'spanish');\r
+define("PHPCAS_LANG_CATALAN", 'catalan');\r
+\r
+/** @} */\r
+\r
+/**\r
+ * @addtogroup internalLang\r
+ * @{\r
+ */\r
+\r
+/**\r
+ * phpCAS default language (when phpCAS::setLang() is not used)\r
+ */\r
+define("PHPCAS_LANG_DEFAULT", PHPCAS_LANG_ENGLISH);\r
+\r
+/** @} */\r
+// ------------------------------------------------------------------------\r
+// DEBUG\r
+// ------------------------------------------------------------------------\r
+/**\r
+ * @addtogroup publicDebug\r
+ * @{\r
+ */\r
+\r
+/**\r
+ * The default directory for the debug file under Unix.\r
+ */\r
+define('DEFAULT_DEBUG_DIR', '/tmp/');\r
+\r
+/** @} */\r
+// ------------------------------------------------------------------------\r
+// MISC\r
+// ------------------------------------------------------------------------\r
+/**\r
+ * @addtogroup internalMisc\r
+ * @{\r
+ */\r
+\r
+/**\r
+ * This global variable is used by the interface class phpCAS.\r
+ *\r
+ * @hideinitializer\r
+ */\r
+$GLOBALS['PHPCAS_CLIENT'] = null;\r
+\r
+/**\r
+ * This global variable is used to store where the initializer is called from \r
+ * (to print a comprehensive error in case of multiple calls).\r
+ *\r
+ * @hideinitializer\r
+ */\r
+$GLOBALS['PHPCAS_INIT_CALL'] = array (\r
+ 'done' => FALSE,\r
+ 'file' => '?',\r
+ 'line' => -1,\r
+ 'method' => '?'\r
+);\r
+\r
+/**\r
+ * This global variable is used to store where the method checking\r
+ * the authentication is called from (to print comprehensive errors)\r
+ *\r
+ * @hideinitializer\r
+ */\r
+$GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array (\r
+ 'done' => FALSE,\r
+ 'file' => '?',\r
+ 'line' => -1,\r
+ 'method' => '?',\r
+ 'result' => FALSE\r
+);\r
+\r
+/**\r
+ * This global variable is used to store phpCAS debug mode.\r
+ *\r
+ * @hideinitializer\r
+ */\r
+$GLOBALS['PHPCAS_DEBUG'] = array (\r
+ 'filename' => FALSE,\r
+ 'indent' => 0,\r
+ 'unique_id' => ''\r
+);\r
+\r
+/** @} */\r
+\r
+// ########################################################################\r
+// CLIENT CLASS\r
+// ########################################################################\r
+\r
+// include client class\r
+include_once (dirname(__FILE__) . '/CAS/client.php');\r
+\r
+// ########################################################################\r
+// INTERFACE CLASS\r
+// ########################################################################\r
+\r
+/**\r
+ * @class phpCAS\r
+ * The phpCAS class is a simple container for the phpCAS library. It provides CAS\r
+ * authentication for web applications written in PHP.\r
+ *\r
+ * @ingroup public\r
+ * @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>\r
+ *\r
+ * \internal All its methods access the same object ($PHPCAS_CLIENT, declared \r
+ * at the end of CAS/client.php).\r
+ */\r
+\r
+class phpCAS {\r
+\r
+ // ########################################################################\r
+ // INITIALIZATION\r
+ // ########################################################################\r
+\r
+ /**\r
+ * @addtogroup publicInit\r
+ * @{\r
+ */\r
+\r
+ /**\r
+ * phpCAS client initializer.\r
+ * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be\r
+ * called, only once, and before all other methods (except phpCAS::getVersion()\r
+ * and phpCAS::setDebug()).\r
+ *\r
+ * @param $server_version the version of the CAS server\r
+ * @param $server_hostname the hostname of the CAS server\r
+ * @param $server_port the port the CAS server is running on\r
+ * @param $server_uri the URI the CAS server is responding on\r
+ * @param $start_session Have phpCAS start PHP sessions (default true)\r
+ *\r
+ * @return a newly created CASClient object\r
+ */\r
+ function client($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) {\r
+ global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error($PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . $PHPCAS_INIT_CALL['file'] . ':' . $PHPCAS_INIT_CALL['line'] . ')');\r
+ }\r
+ if (gettype($server_version) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $server_version (should be `string\')');\r
+ }\r
+ if (gettype($server_hostname) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $server_hostname (should be `string\')');\r
+ }\r
+ if (gettype($server_port) != 'integer') {\r
+ phpCAS :: error('type mismatched for parameter $server_port (should be `integer\')');\r
+ }\r
+ if (gettype($server_uri) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $server_uri (should be `string\')');\r
+ }\r
+\r
+ // store where the initializer is called from\r
+ $dbg = phpCAS :: backtrace();\r
+ $PHPCAS_INIT_CALL = array (\r
+ 'done' => TRUE,\r
+ 'file' => $dbg[0]['file'],\r
+ 'line' => $dbg[0]['line'],\r
+ 'method' => __CLASS__ . '::' . __FUNCTION__\r
+ );\r
+\r
+ // initialize the global object $PHPCAS_CLIENT\r
+ $PHPCAS_CLIENT = new CASClient($server_version, FALSE /*proxy*/\r
+ , $server_hostname, $server_port, $server_uri, $start_session);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * phpCAS proxy initializer.\r
+ * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be\r
+ * called, only once, and before all other methods (except phpCAS::getVersion()\r
+ * and phpCAS::setDebug()).\r
+ *\r
+ * @param $server_version the version of the CAS server\r
+ * @param $server_hostname the hostname of the CAS server\r
+ * @param $server_port the port the CAS server is running on\r
+ * @param $server_uri the URI the CAS server is responding on\r
+ * @param $start_session Have phpCAS start PHP sessions (default true)\r
+ *\r
+ * @return a newly created CASClient object\r
+ */\r
+ function proxy($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) {\r
+ global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error($PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . $PHPCAS_INIT_CALL['file'] . ':' . $PHPCAS_INIT_CALL['line'] . ')');\r
+ }\r
+ if (gettype($server_version) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $server_version (should be `string\')');\r
+ }\r
+ if (gettype($server_hostname) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $server_hostname (should be `string\')');\r
+ }\r
+ if (gettype($server_port) != 'integer') {\r
+ phpCAS :: error('type mismatched for parameter $server_port (should be `integer\')');\r
+ }\r
+ if (gettype($server_uri) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $server_uri (should be `string\')');\r
+ }\r
+\r
+ // store where the initialzer is called from\r
+ $dbg = phpCAS :: backtrace();\r
+ $PHPCAS_INIT_CALL = array (\r
+ 'done' => TRUE,\r
+ 'file' => $dbg[0]['file'],\r
+ 'line' => $dbg[0]['line'],\r
+ 'method' => __CLASS__ . '::' . __FUNCTION__\r
+ );\r
+\r
+ // initialize the global object $PHPCAS_CLIENT\r
+ $PHPCAS_CLIENT = new CASClient($server_version, TRUE /*proxy*/\r
+ , $server_hostname, $server_port, $server_uri, $start_session);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /** @} */\r
+ // ########################################################################\r
+ // DEBUGGING\r
+ // ########################################################################\r
+\r
+ /**\r
+ * @addtogroup publicDebug\r
+ * @{\r
+ */\r
+\r
+ /**\r
+ * Set/unset debug mode\r
+ *\r
+ * @param $filename the name of the file used for logging, or FALSE to stop debugging.\r
+ */\r
+ function setDebug($filename = '') {\r
+ global $PHPCAS_DEBUG;\r
+\r
+ if ($filename != FALSE && gettype($filename) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)');\r
+ }\r
+\r
+ if (empty ($filename)) {\r
+ if (preg_match('/^Win.*/', getenv('OS'))) {\r
+ if (isset ($_ENV['TMP'])) {\r
+ $debugDir = $_ENV['TMP'] . '/';\r
+ } else\r
+ if (isset ($_ENV['TEMP'])) {\r
+ $debugDir = $_ENV['TEMP'] . '/';\r
+ } else {\r
+ $debugDir = '';\r
+ }\r
+ } else {\r
+ $debugDir = DEFAULT_DEBUG_DIR;\r
+ }\r
+ $filename = $debugDir . 'phpCAS.log';\r
+ }\r
+\r
+ if (empty ($PHPCAS_DEBUG['unique_id'])) {\r
+ $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))), 0, 4);\r
+ }\r
+\r
+ $PHPCAS_DEBUG['filename'] = $filename;\r
+\r
+ phpCAS :: trace('START phpCAS-' . PHPCAS_VERSION . ' ******************');\r
+ }\r
+\r
+ /** @} */\r
+ /**\r
+ * @addtogroup internalDebug\r
+ * @{\r
+ */\r
+\r
+ /**\r
+ * This method is a wrapper for debug_backtrace() that is not available \r
+ * in all PHP versions (>= 4.3.0 only)\r
+ */\r
+ function backtrace() {\r
+ if (function_exists('debug_backtrace')) {\r
+ return debug_backtrace();\r
+ } else {\r
+ // poor man's hack ... but it does work ...\r
+ return array ();\r
+ }\r
+ }\r
+\r
+ /**\r
+ * Logs a string in debug mode.\r
+ *\r
+ * @param $str the string to write\r
+ *\r
+ * @private\r
+ */\r
+ function log($str) {\r
+ $indent_str = ".";\r
+ global $PHPCAS_DEBUG;\r
+\r
+ if ($PHPCAS_DEBUG['filename']) {\r
+ for ($i = 0; $i < $PHPCAS_DEBUG['indent']; $i++) {\r
+ $indent_str .= '| ';\r
+ }\r
+ error_log($PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str . $str . "\n", 3, $PHPCAS_DEBUG['filename']);\r
+ }\r
+\r
+ }\r
+\r
+ /**\r
+ * This method is used by interface methods to print an error and where the function\r
+ * was originally called from.\r
+ *\r
+ * @param $msg the message to print\r
+ *\r
+ * @private\r
+ */\r
+ function error($msg) {\r
+ $dbg = phpCAS :: backtrace();\r
+ $function = '?';\r
+ $file = '?';\r
+ $line = '?';\r
+ if (is_array($dbg)) {\r
+ for ($i = 1; $i < sizeof($dbg); $i++) {\r
+ if (is_array($dbg[$i])) {\r
+ if ($dbg[$i]['class'] == __CLASS__) {\r
+ $function = $dbg[$i]['function'];\r
+ $file = $dbg[$i]['file'];\r
+ $line = $dbg[$i]['line'];\r
+ }\r
+ }\r
+ }\r
+ }\r
+ echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>" . __CLASS__ . "::" . $function . '(): ' . htmlentities($msg) . "</b></font> in <b>" . $file . "</b> on line <b>" . $line . "</b><br />\n";\r
+ phpCAS :: trace($msg);\r
+ phpCAS :: traceExit();\r
+ exit ();\r
+ }\r
+\r
+ /**\r
+ * This method is used to log something in debug mode.\r
+ */\r
+ function trace($str) {\r
+ $dbg = phpCAS :: backtrace();\r
+ phpCAS :: log($str . ' [' . basename($dbg[1]['file']) . ':' . $dbg[1]['line'] . ']');\r
+ }\r
+\r
+ /**\r
+ * This method is used to indicate the start of the execution of a function in debug mode.\r
+ */\r
+ function traceBegin() {\r
+ global $PHPCAS_DEBUG;\r
+\r
+ $dbg = phpCAS :: backtrace();\r
+ $str = '=> ';\r
+ if (!empty ($dbg[2]['class'])) {\r
+ $str .= $dbg[2]['class'] . '::';\r
+ }\r
+ $str .= $dbg[2]['function'] . '(';\r
+ if (is_array($dbg[2]['args'])) {\r
+ foreach ($dbg[2]['args'] as $index => $arg) {\r
+ if ($index != 0) {\r
+ $str .= ', ';\r
+ }\r
+ $str .= str_replace("\n", "", var_export($arg, TRUE));\r
+ }\r
+ }\r
+ $str .= ') [' . basename($dbg[2]['file']) . ':' . $dbg[2]['line'] . ']';\r
+ phpCAS :: log($str);\r
+ $PHPCAS_DEBUG['indent']++;\r
+ }\r
+\r
+ /**\r
+ * This method is used to indicate the end of the execution of a function in debug mode.\r
+ *\r
+ * @param $res the result of the function\r
+ */\r
+ function traceEnd($res = '') {\r
+ global $PHPCAS_DEBUG;\r
+\r
+ $PHPCAS_DEBUG['indent']--;\r
+ $dbg = phpCAS :: backtrace();\r
+ $str = '';\r
+ $str .= '<= ' . str_replace("\n", "", var_export($res, TRUE));\r
+ phpCAS :: log($str);\r
+ }\r
+\r
+ /**\r
+ * This method is used to indicate the end of the execution of the program\r
+ */\r
+ function traceExit() {\r
+ global $PHPCAS_DEBUG;\r
+\r
+ phpCAS :: log('exit()');\r
+ while ($PHPCAS_DEBUG['indent'] > 0) {\r
+ phpCAS :: log('-');\r
+ $PHPCAS_DEBUG['indent']--;\r
+ }\r
+ }\r
+\r
+ /** @} */\r
+ // ########################################################################\r
+ // INTERNATIONALIZATION\r
+ // ########################################################################\r
+ /**\r
+ * @addtogroup publicLang\r
+ * @{\r
+ */\r
+\r
+ /**\r
+ * This method is used to set the language used by phpCAS. \r
+ * @note Can be called only once.\r
+ *\r
+ * @param $lang a string representing the language.\r
+ *\r
+ * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH\r
+ */\r
+ function setLang($lang) {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (gettype($lang) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $lang (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setLang($lang);\r
+ }\r
+\r
+ /** @} */\r
+ // ########################################################################\r
+ // VERSION\r
+ // ########################################################################\r
+ /**\r
+ * @addtogroup public\r
+ * @{\r
+ */\r
+\r
+ /**\r
+ * This method returns the phpCAS version.\r
+ *\r
+ * @return the phpCAS version.\r
+ */\r
+ function getVersion() {\r
+ return PHPCAS_VERSION;\r
+ }\r
+\r
+ /** @} */\r
+ // ########################################################################\r
+ // HTML OUTPUT\r
+ // ########################################################################\r
+ /**\r
+ * @addtogroup publicOutput\r
+ * @{\r
+ */\r
+\r
+ /**\r
+ * This method sets the HTML header used for all outputs.\r
+ *\r
+ * @param $header the HTML header.\r
+ */\r
+ function setHTMLHeader($header) {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (gettype($header) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $header (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setHTMLHeader($header);\r
+ }\r
+\r
+ /**\r
+ * This method sets the HTML footer used for all outputs.\r
+ *\r
+ * @param $footer the HTML footer.\r
+ */\r
+ function setHTMLFooter($footer) {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (gettype($footer) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $footer (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setHTMLFooter($footer);\r
+ }\r
+\r
+ /** @} */\r
+ // ########################################################################\r
+ // PGT STORAGE\r
+ // ########################################################################\r
+ /**\r
+ * @addtogroup publicPGTStorage\r
+ * @{\r
+ */\r
+\r
+ /**\r
+ * This method is used to tell phpCAS to store the response of the\r
+ * CAS server to PGT requests onto the filesystem. \r
+ *\r
+ * @param $format the format used to store the PGT's (`plain' and `xml' allowed)\r
+ * @param $path the path where the PGT's should be stored\r
+ */\r
+ function setPGTStorageFile($format = '', $path = '') {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!$PHPCAS_CLIENT->isProxy()) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if ($PHPCAS_AUTH_CHECK_CALL['done']) {\r
+ phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')');\r
+ }\r
+ if (gettype($format) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $format (should be `string\')');\r
+ }\r
+ if (gettype($path) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $format (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setPGTStorageFile($format, $path);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * This method is used to tell phpCAS to store the response of the\r
+ * CAS server to PGT requests into a database. \r
+ * @note The connection to the database is done only when needed. \r
+ * As a consequence, bad parameters are detected only when \r
+ * initializing PGT storage, except in debug mode.\r
+ *\r
+ * @param $user the user to access the data with\r
+ * @param $password the user's password\r
+ * @param $database_type the type of the database hosting the data\r
+ * @param $hostname the server hosting the database\r
+ * @param $port the port the server is listening on\r
+ * @param $database the name of the database\r
+ * @param $table the name of the table storing the data\r
+ */\r
+ function setPGTStorageDB($user, $password, $database_type = '', $hostname = '', $port = 0, $database = '', $table = '') {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!$PHPCAS_CLIENT->isProxy()) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if ($PHPCAS_AUTH_CHECK_CALL['done']) {\r
+ phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')');\r
+ }\r
+ if (gettype($user) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $user (should be `string\')');\r
+ }\r
+ if (gettype($password) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $password (should be `string\')');\r
+ }\r
+ if (gettype($database_type) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $database_type (should be `string\')');\r
+ }\r
+ if (gettype($hostname) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $hostname (should be `string\')');\r
+ }\r
+ if (gettype($port) != 'integer') {\r
+ phpCAS :: error('type mismatched for parameter $port (should be `integer\')');\r
+ }\r
+ if (gettype($database) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $database (should be `string\')');\r
+ }\r
+ if (gettype($table) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $table (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setPGTStorageDB($user, $password, $database_type, $hostname, $port, $database, $table);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /** @} */\r
+ // ########################################################################\r
+ // ACCESS TO EXTERNAL SERVICES\r
+ // ########################################################################\r
+ /**\r
+ * @addtogroup publicServices\r
+ * @{\r
+ */\r
+\r
+ /**\r
+ * This method is used to access an HTTP[S] service.\r
+ * \r
+ * @param $url the service to access.\r
+ * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on\r
+ * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,\r
+ * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.\r
+ * @param $output the output of the service (also used to give an error\r
+ * message on failure).\r
+ *\r
+ * @return TRUE on success, FALSE otherwise (in this later case, $err_code\r
+ * gives the reason why it failed and $output contains an error message).\r
+ */\r
+ function serviceWeb($url, & $err_code, & $output) {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!$PHPCAS_CLIENT->isProxy()) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!$PHPCAS_AUTH_CHECK_CALL['done']) {\r
+ phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()');\r
+ }\r
+ if (!$PHPCAS_AUTH_CHECK_CALL['result']) {\r
+ phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');\r
+ }\r
+ if (gettype($url) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $url (should be `string\')');\r
+ }\r
+\r
+ $res = $PHPCAS_CLIENT->serviceWeb($url, $err_code, $output);\r
+\r
+ phpCAS :: traceEnd($res);\r
+ return $res;\r
+ }\r
+\r
+ /**\r
+ * This method is used to access an IMAP/POP3/NNTP service.\r
+ * \r
+ * @param $url a string giving the URL of the service, including the mailing box\r
+ * for IMAP URLs, as accepted by imap_open().\r
+ * @param $service a string giving for CAS retrieve Proxy ticket\r
+ * @param $flags options given to imap_open().\r
+ * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on\r
+ * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,\r
+ * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.\r
+ * @param $err_msg an error message on failure\r
+ * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL\r
+ * on success, FALSE on error).\r
+ *\r
+ * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code\r
+ * gives the reason why it failed and $err_msg contains an error message).\r
+ */\r
+ function serviceMail($url, $service, $flags, & $err_code, & $err_msg, & $pt) {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!$PHPCAS_CLIENT->isProxy()) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!$PHPCAS_AUTH_CHECK_CALL['done']) {\r
+ phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()');\r
+ }\r
+ if (!$PHPCAS_AUTH_CHECK_CALL['result']) {\r
+ phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');\r
+ }\r
+ if (gettype($url) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $url (should be `string\')');\r
+ }\r
+\r
+ if (gettype($flags) != 'integer') {\r
+ phpCAS :: error('type mismatched for parameter $flags (should be `integer\')');\r
+ }\r
+\r
+ $res = $PHPCAS_CLIENT->serviceMail($url, $service, $flags, $err_code, $err_msg, $pt);\r
+\r
+ phpCAS :: traceEnd($res);\r
+ return $res;\r
+ }\r
+\r
+ /** @} */\r
+ // ########################################################################\r
+ // AUTHENTICATION\r
+ // ########################################################################\r
+ /**\r
+ * @addtogroup publicAuth\r
+ * @{\r
+ */\r
+\r
+ /**\r
+ * Set the times authentication will be cached before really accessing the CAS server in gateway mode: \r
+ * - -1: check only once, and then never again (until you pree login)\r
+ * - 0: always check\r
+ * - n: check every "n" time\r
+ *\r
+ * @param $n an integer.\r
+ */\r
+ function setCacheTimesForAuthRecheck($n) {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (gettype($n) != 'integer') {\r
+ phpCAS :: error('type mismatched for parameter $header (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n);\r
+ }\r
+\r
+ /**\r
+ * This method is called to check if the user is authenticated (use the gateway feature).\r
+ * @return TRUE when the user is authenticated; otherwise FALSE.\r
+ */\r
+ function checkAuthentication() {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+\r
+ $auth = $PHPCAS_CLIENT->checkAuthentication();\r
+\r
+ // store where the authentication has been checked and the result\r
+ $dbg = phpCAS :: backtrace();\r
+ $PHPCAS_AUTH_CHECK_CALL = array (\r
+ 'done' => TRUE,\r
+ 'file' => $dbg[0]['file'],\r
+ 'line' => $dbg[0]['line'],\r
+ 'method' => __CLASS__ . '::' . __FUNCTION__,\r
+ 'result' => $auth\r
+ );\r
+ phpCAS :: traceEnd($auth);\r
+ return $auth;\r
+ }\r
+\r
+ /**\r
+ * This method is called to force authentication if the user was not already \r
+ * authenticated. If the user is not authenticated, halt by redirecting to \r
+ * the CAS server.\r
+ */\r
+ function forceAuthentication() {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+\r
+ $auth = $PHPCAS_CLIENT->forceAuthentication();\r
+\r
+ // store where the authentication has been checked and the result\r
+ $dbg = phpCAS :: backtrace();\r
+ $PHPCAS_AUTH_CHECK_CALL = array (\r
+ 'done' => TRUE,\r
+ 'file' => $dbg[0]['file'],\r
+ 'line' => $dbg[0]['line'],\r
+ 'method' => __CLASS__ . '::' . __FUNCTION__,\r
+ 'result' => $auth\r
+ );\r
+\r
+ if (!$auth) {\r
+ phpCAS :: trace('user is not authenticated, redirecting to the CAS server');\r
+ $PHPCAS_CLIENT->forceAuthentication();\r
+ } else {\r
+ phpCAS :: trace('no need to authenticate (user `' . phpCAS :: getUser() . '\' is already authenticated)');\r
+ }\r
+\r
+ phpCAS :: traceEnd();\r
+ return $auth;\r
+ }\r
+\r
+ /**\r
+ * This method is called to renew the authentication.\r
+ **/\r
+ function renewAuthentication() {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+\r
+ // store where the authentication has been checked and the result\r
+ $dbg = phpCAS :: backtrace();\r
+ $PHPCAS_AUTH_CHECK_CALL = array (\r
+ 'done' => TRUE,\r
+ 'file' => $dbg[0]['file'],\r
+ 'line' => $dbg[0]['line'],\r
+ 'method' => __CLASS__ . '::' . __FUNCTION__,\r
+ 'result' => $auth\r
+ );\r
+\r
+ $PHPCAS_CLIENT->renewAuthentication();\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * This method has been left from version 0.4.1 for compatibility reasons.\r
+ */\r
+ function authenticate() {\r
+ phpCAS :: error('this method is deprecated. You should use ' . __CLASS__ . '::forceAuthentication() instead');\r
+ }\r
+\r
+ /**\r
+ * This method is called to check if the user is authenticated (previously or by\r
+ * tickets given in the URL).\r
+ *\r
+ * @return TRUE when the user is authenticated.\r
+ */\r
+ function isAuthenticated() {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+\r
+ // call the isAuthenticated method of the global $PHPCAS_CLIENT object\r
+ $auth = $PHPCAS_CLIENT->isAuthenticated();\r
+\r
+ // store where the authentication has been checked and the result\r
+ $dbg = phpCAS :: backtrace();\r
+ $PHPCAS_AUTH_CHECK_CALL = array (\r
+ 'done' => TRUE,\r
+ 'file' => $dbg[0]['file'],\r
+ 'line' => $dbg[0]['line'],\r
+ 'method' => __CLASS__ . '::' . __FUNCTION__,\r
+ 'result' => $auth\r
+ );\r
+ phpCAS :: traceEnd($auth);\r
+ return $auth;\r
+ }\r
+\r
+ /**\r
+ * Checks whether authenticated based on $_SESSION. Useful to avoid\r
+ * server calls.\r
+ * @return true if authenticated, false otherwise.\r
+ * @since 0.4.22 by Brendan Arnold\r
+ */\r
+ function isSessionAuthenticated() {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ return ($PHPCAS_CLIENT->isSessionAuthenticated());\r
+ }\r
+\r
+ /**\r
+ * This method returns the CAS user's login name.\r
+ * @warning should not be called only after phpCAS::forceAuthentication()\r
+ * or phpCAS::checkAuthentication().\r
+ *\r
+ * @return the login name of the authenticated user\r
+ */\r
+ function getUser() {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!$PHPCAS_AUTH_CHECK_CALL['done']) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()');\r
+ }\r
+ if (!$PHPCAS_AUTH_CHECK_CALL['result']) {\r
+ phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');\r
+ }\r
+ return $PHPCAS_CLIENT->getUser();\r
+ }\r
+\r
+ /**\r
+ * This method returns the CAS user's login name.\r
+ * @warning should not be called only after phpCAS::forceAuthentication()\r
+ * or phpCAS::checkAuthentication().\r
+ *\r
+ * @return the login name of the authenticated user\r
+ */\r
+ function getAttributes() {\r
+ global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!$PHPCAS_AUTH_CHECK_CALL['done']) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()');\r
+ }\r
+ if (!$PHPCAS_AUTH_CHECK_CALL['result']) {\r
+ phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE');\r
+ }\r
+ return $PHPCAS_CLIENT->getAttributes();\r
+ }\r
+ /**\r
+ * Handle logout requests.\r
+ */\r
+ function handleLogoutRequests($check_client = true, $allowed_clients = false) {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ return ($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients));\r
+ }\r
+\r
+ /**\r
+ * This method returns the URL to be used to login.\r
+ * or phpCAS::isAuthenticated().\r
+ *\r
+ * @return the login name of the authenticated user\r
+ */\r
+ function getServerLoginURL() {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ return $PHPCAS_CLIENT->getServerLoginURL();\r
+ }\r
+\r
+ /**\r
+ * Set the login URL of the CAS server.\r
+ * @param $url the login URL\r
+ * @since 0.4.21 by Wyman Chan\r
+ */\r
+ function setServerLoginURL($url = '') {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after\r
+ ' . __CLASS__ . '::client()');\r
+ }\r
+ if (gettype($url) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $url (should be\r
+ `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setServerLoginURL($url);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * Set the serviceValidate URL of the CAS server.\r
+ * Used only in CAS 1.0 validations\r
+ * @param $url the serviceValidate URL\r
+ * @since 1.1.0 by Joachim Fritschi\r
+ */\r
+ function setServerServiceValidateURL($url = '') {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after\r
+ ' . __CLASS__ . '::client()');\r
+ }\r
+ if (gettype($url) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $url (should be\r
+ `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setServerServiceValidateURL($url);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * Set the proxyValidate URL of the CAS server.\r
+ * Used for all CAS 2.0 validations\r
+ * @param $url the proxyValidate URL\r
+ * @since 1.1.0 by Joachim Fritschi\r
+ */\r
+ function setServerProxyValidateURL($url = '') {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after\r
+ ' . __CLASS__ . '::client()');\r
+ }\r
+ if (gettype($url) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $url (should be\r
+ `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setServerProxyValidateURL($url);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * Set the samlValidate URL of the CAS server.\r
+ * @param $url the samlValidate URL\r
+ * @since 1.1.0 by Joachim Fritschi\r
+ */\r
+ function setServerSamlValidateURL($url = '') {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after\r
+ ' . __CLASS__ . '::client()');\r
+ }\r
+ if (gettype($url) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $url (should be\r
+ `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setServerSamlValidateURL($url);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * This method returns the URL to be used to login.\r
+ * or phpCAS::isAuthenticated().\r
+ *\r
+ * @return the login name of the authenticated user\r
+ */\r
+ function getServerLogoutURL() {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');\r
+ }\r
+ return $PHPCAS_CLIENT->getServerLogoutURL();\r
+ }\r
+\r
+ /**\r
+ * Set the logout URL of the CAS server.\r
+ * @param $url the logout URL\r
+ * @since 0.4.21 by Wyman Chan\r
+ */\r
+ function setServerLogoutURL($url = '') {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after\r
+ ' . __CLASS__ . '::client()');\r
+ }\r
+ if (gettype($url) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $url (should be\r
+ `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setServerLogoutURL($url);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * This method is used to logout from CAS.\r
+ * @params $params an array that contains the optional url and service parameters that will be passed to the CAS server\r
+ * @public\r
+ */\r
+ function logout($params = "") {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');\r
+ }\r
+ $parsedParams = array ();\r
+ if ($params != "") {\r
+ if (is_string($params)) {\r
+ phpCAS :: error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead');\r
+ }\r
+ if (!is_array($params)) {\r
+ phpCAS :: error('type mismatched for parameter $params (should be `array\')');\r
+ }\r
+ foreach ($params as $key => $value) {\r
+ if ($key != "service" && $key != "url") {\r
+ phpCAS :: error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\'');\r
+ }\r
+ $parsedParams[$key] = $value;\r
+ }\r
+ }\r
+ $PHPCAS_CLIENT->logout($parsedParams);\r
+ // never reached\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * This method is used to logout from CAS. Halts by redirecting to the CAS server.\r
+ * @param $service a URL that will be transmitted to the CAS server\r
+ */\r
+ function logoutWithRedirectService($service) {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!is_string($service)) {\r
+ phpCAS :: error('type mismatched for parameter $service (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->logout(array (\r
+ "service" => $service\r
+ ));\r
+ // never reached\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * This method is used to logout from CAS. Halts by redirecting to the CAS server.\r
+ * @param $url a URL that will be transmitted to the CAS server\r
+ */\r
+ function logoutWithUrl($url) {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!is_string($url)) {\r
+ phpCAS :: error('type mismatched for parameter $url (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->logout(array (\r
+ "url" => $url\r
+ ));\r
+ // never reached\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * This method is used to logout from CAS. Halts by redirecting to the CAS server.\r
+ * @param $service a URL that will be transmitted to the CAS server\r
+ * @param $url a URL that will be transmitted to the CAS server\r
+ */\r
+ function logoutWithRedirectServiceAndUrl($service, $url) {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!is_string($service)) {\r
+ phpCAS :: error('type mismatched for parameter $service (should be `string\')');\r
+ }\r
+ if (!is_string($url)) {\r
+ phpCAS :: error('type mismatched for parameter $url (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->logout(array (\r
+ "service" => $service,\r
+ "url" => $url\r
+ ));\r
+ // never reached\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * Set the fixed URL that will be used by the CAS server to transmit the PGT.\r
+ * When this method is not called, a phpCAS script uses its own URL for the callback.\r
+ *\r
+ * @param $url the URL\r
+ */\r
+ function setFixedCallbackURL($url = '') {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (!$PHPCAS_CLIENT->isProxy()) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (gettype($url) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $url (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setCallbackURL($url);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * Set the fixed URL that will be set as the CAS service parameter. When this\r
+ * method is not called, a phpCAS script uses its own URL.\r
+ *\r
+ * @param $url the URL\r
+ */\r
+ function setFixedServiceURL($url) {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (gettype($url) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $url (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setURL($url);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * Get the URL that is set as the CAS service parameter.\r
+ */\r
+ function getServiceURL() {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ return ($PHPCAS_CLIENT->getURL());\r
+ }\r
+\r
+ /**\r
+ * Retrieve a Proxy Ticket from the CAS server.\r
+ */\r
+ function retrievePT($target_service, & $err_code, & $err_msg) {\r
+ global $PHPCAS_CLIENT;\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (gettype($target_service) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $target_service(should be `string\')');\r
+ }\r
+ return ($PHPCAS_CLIENT->retrievePT($target_service, $err_code, $err_msg));\r
+ }\r
+\r
+ /**\r
+ * Set the certificate of the CAS server.\r
+ *\r
+ * @param $cert the PEM certificate\r
+ */\r
+ function setCasServerCert($cert) {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (gettype($cert) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $cert (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setCasServerCert($cert);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * Set the certificate of the CAS server CA.\r
+ *\r
+ * @param $cert the CA certificate\r
+ */\r
+ function setCasServerCACert($cert) {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');\r
+ }\r
+ if (gettype($cert) != 'string') {\r
+ phpCAS :: error('type mismatched for parameter $cert (should be `string\')');\r
+ }\r
+ $PHPCAS_CLIENT->setCasServerCACert($cert);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /**\r
+ * Set no SSL validation for the CAS server.\r
+ */\r
+ function setNoCasServerValidation() {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');\r
+ }\r
+ $PHPCAS_CLIENT->setNoCasServerValidation();\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+ /** @} */\r
+\r
+ /**\r
+ * Change CURL options.\r
+ * CURL is used to connect through HTTPS to CAS server\r
+ * @param $key the option key\r
+ * @param $value the value to set\r
+ */\r
+ function setExtraCurlOption($key, $value) {\r
+ global $PHPCAS_CLIENT;\r
+ phpCAS :: traceBegin();\r
+ if (!is_object($PHPCAS_CLIENT)) {\r
+ phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');\r
+ }\r
+ $PHPCAS_CLIENT->setExtraCurlOption($key, $value);\r
+ phpCAS :: traceEnd();\r
+ }\r
+\r
+}\r
+\r
+// ########################################################################\r
+// DOCUMENTATION\r
+// ########################################################################\r
+\r
+// ########################################################################\r
+// MAIN PAGE\r
+\r
+/**\r
+ * @mainpage\r
+ *\r
+ * The following pages only show the source documentation.\r
+ *\r
+ */\r
+\r
+// ########################################################################\r
+// MODULES DEFINITION\r
+\r
+/** @defgroup public User interface */\r
+\r
+/** @defgroup publicInit Initialization\r
+ * @ingroup public */\r
+\r
+/** @defgroup publicAuth Authentication\r
+ * @ingroup public */\r
+\r
+/** @defgroup publicServices Access to external services\r
+ * @ingroup public */\r
+\r
+/** @defgroup publicConfig Configuration\r
+ * @ingroup public */\r
+\r
+/** @defgroup publicLang Internationalization\r
+ * @ingroup publicConfig */\r
+\r
+/** @defgroup publicOutput HTML output\r
+ * @ingroup publicConfig */\r
+\r
+/** @defgroup publicPGTStorage PGT storage\r
+ * @ingroup publicConfig */\r
+\r
+/** @defgroup publicDebug Debugging\r
+ * @ingroup public */\r
+\r
+/** @defgroup internal Implementation */\r
+\r
+/** @defgroup internalAuthentication Authentication\r
+ * @ingroup internal */\r
+\r
+/** @defgroup internalBasic CAS Basic client features (CAS 1.0, Service Tickets)\r
+ * @ingroup internal */\r
+\r
+/** @defgroup internalProxy CAS Proxy features (CAS 2.0, Proxy Granting Tickets)\r
+ * @ingroup internal */\r
+\r
+/** @defgroup internalPGTStorage PGT storage\r
+ * @ingroup internalProxy */\r
+\r
+/** @defgroup internalPGTStorageDB PGT storage in a database\r
+ * @ingroup internalPGTStorage */\r
+\r
+/** @defgroup internalPGTStorageFile PGT storage on the filesystem\r
+ * @ingroup internalPGTStorage */\r
+\r
+/** @defgroup internalCallback Callback from the CAS server\r
+ * @ingroup internalProxy */\r
+\r
+/** @defgroup internalProxied CAS proxied client features (CAS 2.0, Proxy Tickets)\r
+ * @ingroup internal */\r
+\r
+/** @defgroup internalConfig Configuration\r
+ * @ingroup internal */\r
+\r
+/** @defgroup internalOutput HTML output\r
+ * @ingroup internalConfig */\r
+\r
+/** @defgroup internalLang Internationalization\r
+ * @ingroup internalConfig\r
+ *\r
+ * To add a new language:\r
+ * - 1. define a new constant PHPCAS_LANG_XXXXXX in CAS/CAS.php\r
+ * - 2. copy any file from CAS/languages to CAS/languages/XXXXXX.php\r
+ * - 3. Make the translations\r
+ */\r
+\r
+/** @defgroup internalDebug Debugging\r
+ * @ingroup internal */\r
+\r
+/** @defgroup internalMisc Miscellaneous\r
+ * @ingroup internal */\r
+\r
+// ########################################################################\r
+// EXAMPLES\r
+\r
+/**\r
+ * @example example_simple.php\r
+ */\r
+/**\r
+ * @example example_proxy.php\r
+ */\r
+/**\r
+ * @example example_proxy2.php\r
+ */\r
+/**\r
+ * @example example_lang.php\r
+ */\r
+/**\r
+ * @example example_html.php\r
+ */\r
+/**\r
+ * @example example_file.php\r
+ */\r
+/**\r
+ * @example example_db.php\r
+ */\r
+/**\r
+ * @example example_service.php\r
+ */\r
+/**\r
+ * @example example_session_proxy.php\r
+ */\r
+/**\r
+ * @example example_session_service.php\r
+ */\r
+/**\r
+ * @example example_gateway.php\r
+ */\r
+/**\r
+ * @example example_custom_urls.php\r
+ */\r
+?>\r