| [ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * Licensed to Jasig under one or more contributor license 5 * agreements. See the NOTICE file distributed with this work for 6 * additional information regarding copyright ownership. 7 * 8 * Jasig licenses this file to you under the Apache License, 9 * Version 2.0 (the "License"); you may not use this file except in 10 * compliance with the License. You may obtain a copy of the License at: 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, software 15 * distributed under the License is distributed on an "AS IS" BASIS, 16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 * See the License for the specific language governing permissions and 18 * limitations under the License. 19 * 20 * 21 * 22 * Interface class of the phpCAS library 23 * PHP Version 5 24 * 25 * @file CAS/CAS.php 26 * @category Authentication 27 * @package PhpCAS 28 * @author Pascal Aubry <pascal.aubry@univ-rennes1.fr> 29 * @author Olivier Berger <olivier.berger@it-sudparis.eu> 30 * @author Brett Bieber <brett.bieber@gmail.com> 31 * @author Joachim Fritschi <jfritschi@freenet.de> 32 * @author Adam Franco <afranco@middlebury.edu> 33 * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 34 * @link https://wiki.jasig.org/display/CASC/phpCAS 35 * @ingroup public 36 */ 37 38 39 // 40 // hack by Vangelis Haniotakis to handle the absence of $_SERVER['REQUEST_URI'] 41 // in IIS 42 // 43 if (php_sapi_name() != 'cli') { 44 if (!isset($_SERVER['REQUEST_URI'])) { 45 $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING']; 46 } 47 } 48 49 // Add a E_USER_DEPRECATED for php versions <= 5.2 50 if (!defined('E_USER_DEPRECATED')) { 51 define('E_USER_DEPRECATED', E_USER_NOTICE); 52 } 53 54 55 // ######################################################################## 56 // CONSTANTS 57 // ######################################################################## 58 59 // ------------------------------------------------------------------------ 60 // CAS VERSIONS 61 // ------------------------------------------------------------------------ 62 63 /** 64 * phpCAS version. accessible for the user by phpCAS::getVersion(). 65 */ 66 define('PHPCAS_VERSION', '1.3.4'); 67 68 /** 69 * @addtogroup public 70 * @{ 71 */ 72 73 /** 74 * CAS version 1.0 75 */ 76 define("CAS_VERSION_1_0", '1.0'); 77 /*! 78 * CAS version 2.0 79 */ 80 define("CAS_VERSION_2_0", '2.0'); 81 /** 82 * CAS version 3.0 83 */ 84 define("CAS_VERSION_3_0", '3.0'); 85 86 // ------------------------------------------------------------------------ 87 // SAML defines 88 // ------------------------------------------------------------------------ 89 90 /** 91 * SAML protocol 92 */ 93 define("SAML_VERSION_1_1", 'S1'); 94 95 /** 96 * XML header for SAML POST 97 */ 98 define("SAML_XML_HEADER", '<?xml version="1.0" encoding="UTF-8"?>'); 99 100 /** 101 * SOAP envelope for SAML POST 102 */ 103 define("SAML_SOAP_ENV", '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/>'); 104 105 /** 106 * SOAP body for SAML POST 107 */ 108 define("SAML_SOAP_BODY", '<SOAP-ENV:Body>'); 109 110 /** 111 * SAMLP request 112 */ 113 define("SAMLP_REQUEST", '<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="_192.168.16.51.1024506224022" IssueInstant="2002-06-19T17:03:44.022Z">'); 114 define("SAMLP_REQUEST_CLOSE", '</samlp:Request>'); 115 116 /** 117 * SAMLP artifact tag (for the ticket) 118 */ 119 define("SAML_ASSERTION_ARTIFACT", '<samlp:AssertionArtifact>'); 120 121 /** 122 * SAMLP close 123 */ 124 define("SAML_ASSERTION_ARTIFACT_CLOSE", '</samlp:AssertionArtifact>'); 125 126 /** 127 * SOAP body close 128 */ 129 define("SAML_SOAP_BODY_CLOSE", '</SOAP-ENV:Body>'); 130 131 /** 132 * SOAP envelope close 133 */ 134 define("SAML_SOAP_ENV_CLOSE", '</SOAP-ENV:Envelope>'); 135 136 /** 137 * SAML Attributes 138 */ 139 define("SAML_ATTRIBUTES", 'SAMLATTRIBS'); 140 141 /** 142 * SAML Attributes 143 */ 144 define("DEFAULT_ERROR", 'Internal script failure'); 145 146 /** @} */ 147 /** 148 * @addtogroup publicPGTStorage 149 * @{ 150 */ 151 // ------------------------------------------------------------------------ 152 // FILE PGT STORAGE 153 // ------------------------------------------------------------------------ 154 /** 155 * Default path used when storing PGT's to file 156 */ 157 define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH", session_save_path()); 158 /** @} */ 159 // ------------------------------------------------------------------------ 160 // SERVICE ACCESS ERRORS 161 // ------------------------------------------------------------------------ 162 /** 163 * @addtogroup publicServices 164 * @{ 165 */ 166 167 /** 168 * phpCAS::service() error code on success 169 */ 170 define("PHPCAS_SERVICE_OK", 0); 171 /** 172 * phpCAS::service() error code when the PT could not retrieve because 173 * the CAS server did not respond. 174 */ 175 define("PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE", 1); 176 /** 177 * phpCAS::service() error code when the PT could not retrieve because 178 * the response of the CAS server was ill-formed. 179 */ 180 define("PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE", 2); 181 /** 182 * phpCAS::service() error code when the PT could not retrieve because 183 * the CAS server did not want to. 184 */ 185 define("PHPCAS_SERVICE_PT_FAILURE", 3); 186 /** 187 * phpCAS::service() error code when the service was not available. 188 */ 189 define("PHPCAS_SERVICE_NOT_AVAILABLE", 4); 190 191 // ------------------------------------------------------------------------ 192 // SERVICE TYPES 193 // ------------------------------------------------------------------------ 194 /** 195 * phpCAS::getProxiedService() type for HTTP GET 196 */ 197 define("PHPCAS_PROXIED_SERVICE_HTTP_GET", 'CAS_ProxiedService_Http_Get'); 198 /** 199 * phpCAS::getProxiedService() type for HTTP POST 200 */ 201 define("PHPCAS_PROXIED_SERVICE_HTTP_POST", 'CAS_ProxiedService_Http_Post'); 202 /** 203 * phpCAS::getProxiedService() type for IMAP 204 */ 205 define("PHPCAS_PROXIED_SERVICE_IMAP", 'CAS_ProxiedService_Imap'); 206 207 208 /** @} */ 209 // ------------------------------------------------------------------------ 210 // LANGUAGES 211 // ------------------------------------------------------------------------ 212 /** 213 * @addtogroup publicLang 214 * @{ 215 */ 216 217 define("PHPCAS_LANG_ENGLISH", 'CAS_Languages_English'); 218 define("PHPCAS_LANG_FRENCH", 'CAS_Languages_French'); 219 define("PHPCAS_LANG_GREEK", 'CAS_Languages_Greek'); 220 define("PHPCAS_LANG_GERMAN", 'CAS_Languages_German'); 221 define("PHPCAS_LANG_JAPANESE", 'CAS_Languages_Japanese'); 222 define("PHPCAS_LANG_SPANISH", 'CAS_Languages_Spanish'); 223 define("PHPCAS_LANG_CATALAN", 'CAS_Languages_Catalan'); 224 225 /** @} */ 226 227 /** 228 * @addtogroup internalLang 229 * @{ 230 */ 231 232 /** 233 * phpCAS default language (when phpCAS::setLang() is not used) 234 */ 235 define("PHPCAS_LANG_DEFAULT", PHPCAS_LANG_ENGLISH); 236 237 /** @} */ 238 // ------------------------------------------------------------------------ 239 // DEBUG 240 // ------------------------------------------------------------------------ 241 /** 242 * @addtogroup publicDebug 243 * @{ 244 */ 245 246 /** 247 * The default directory for the debug file under Unix. 248 */ 249 function gettmpdir() { 250 if (!empty($_ENV['TMP'])) { return realpath($_ENV['TMP']); } 251 if (!empty($_ENV['TMPDIR'])) { return realpath( $_ENV['TMPDIR']); } 252 if (!empty($_ENV['TEMP'])) { return realpath( $_ENV['TEMP']); } 253 return "/tmp"; 254 } 255 define('DEFAULT_DEBUG_DIR', gettmpdir()."/"); 256 257 /** @} */ 258 259 // include the class autoloader 260 require_once dirname(__FILE__) . '/CAS/Autoload.php'; 261 262 /** 263 * The phpCAS class is a simple container for the phpCAS library. It provides CAS 264 * authentication for web applications written in PHP. 265 * 266 * @ingroup public 267 * @class phpCAS 268 * @category Authentication 269 * @package PhpCAS 270 * @author Pascal Aubry <pascal.aubry@univ-rennes1.fr> 271 * @author Olivier Berger <olivier.berger@it-sudparis.eu> 272 * @author Brett Bieber <brett.bieber@gmail.com> 273 * @author Joachim Fritschi <jfritschi@freenet.de> 274 * @author Adam Franco <afranco@middlebury.edu> 275 * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 276 * @link https://wiki.jasig.org/display/CASC/phpCAS 277 */ 278 279 class phpCAS 280 { 281 282 /** 283 * This variable is used by the interface class phpCAS. 284 * 285 * @var CAS_Client 286 * @hideinitializer 287 */ 288 private static $_PHPCAS_CLIENT; 289 290 /** 291 * This variable is used to store where the initializer is called from 292 * (to print a comprehensive error in case of multiple calls). 293 * 294 * @hideinitializer 295 */ 296 private static $_PHPCAS_INIT_CALL; 297 298 /** 299 * This variable is used to store phpCAS debug mode. 300 * 301 * @hideinitializer 302 */ 303 private static $_PHPCAS_DEBUG; 304 305 /** 306 * This variable is used to enable verbose mode 307 * This pevents debug info to be show to the user. Since it's a security 308 * feature the default is false 309 * 310 * @hideinitializer 311 */ 312 private static $_PHPCAS_VERBOSE = false; 313 314 315 // ######################################################################## 316 // INITIALIZATION 317 // ######################################################################## 318 319 /** 320 * @addtogroup publicInit 321 * @{ 322 */ 323 324 /** 325 * phpCAS client initializer. 326 * 327 * @param string $server_version the version of the CAS server 328 * @param string $server_hostname the hostname of the CAS server 329 * @param string $server_port the port the CAS server is running on 330 * @param string $server_uri the URI the CAS server is responding on 331 * @param bool $changeSessionID Allow phpCAS to change the session_id (Single 332 * Sign Out/handleLogoutRequests is based on that change) 333 * 334 * @return a newly created CAS_Client object 335 * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be 336 * called, only once, and before all other methods (except phpCAS::getVersion() 337 * and phpCAS::setDebug()). 338 */ 339 public static function client($server_version, $server_hostname, 340 $server_port, $server_uri, $changeSessionID = true 341 ) { 342 phpCAS :: traceBegin(); 343 if (is_object(self::$_PHPCAS_CLIENT)) { 344 phpCAS :: error(self::$_PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . self::$_PHPCAS_INIT_CALL['file'] . ':' . self::$_PHPCAS_INIT_CALL['line'] . ')'); 345 } 346 347 // store where the initializer is called from 348 $dbg = debug_backtrace(); 349 self::$_PHPCAS_INIT_CALL = array ( 350 'done' => true, 351 'file' => $dbg[0]['file'], 352 'line' => $dbg[0]['line'], 353 'method' => __CLASS__ . '::' . __FUNCTION__ 354 ); 355 356 // initialize the object $_PHPCAS_CLIENT 357 try { 358 self::$_PHPCAS_CLIENT = new CAS_Client( 359 $server_version, false, $server_hostname, $server_port, $server_uri, 360 $changeSessionID 361 ); 362 } catch (Exception $e) { 363 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 364 } 365 phpCAS :: traceEnd(); 366 } 367 368 /** 369 * phpCAS proxy initializer. 370 * 371 * @param string $server_version the version of the CAS server 372 * @param string $server_hostname the hostname of the CAS server 373 * @param string $server_port the port the CAS server is running on 374 * @param string $server_uri the URI the CAS server is responding on 375 * @param bool $changeSessionID Allow phpCAS to change the session_id (Single 376 * Sign Out/handleLogoutRequests is based on that change) 377 * 378 * @return a newly created CAS_Client object 379 * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be 380 * called, only once, and before all other methods (except phpCAS::getVersion() 381 * and phpCAS::setDebug()). 382 */ 383 public static function proxy($server_version, $server_hostname, 384 $server_port, $server_uri, $changeSessionID = true 385 ) { 386 phpCAS :: traceBegin(); 387 if (is_object(self::$_PHPCAS_CLIENT)) { 388 phpCAS :: error(self::$_PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . self::$_PHPCAS_INIT_CALL['file'] . ':' . self::$_PHPCAS_INIT_CALL['line'] . ')'); 389 } 390 391 // store where the initialzer is called from 392 $dbg = debug_backtrace(); 393 self::$_PHPCAS_INIT_CALL = array ( 394 'done' => true, 395 'file' => $dbg[0]['file'], 396 'line' => $dbg[0]['line'], 397 'method' => __CLASS__ . '::' . __FUNCTION__ 398 ); 399 400 // initialize the object $_PHPCAS_CLIENT 401 try { 402 self::$_PHPCAS_CLIENT = new CAS_Client( 403 $server_version, true, $server_hostname, $server_port, $server_uri, 404 $changeSessionID 405 ); 406 } catch (Exception $e) { 407 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 408 } 409 phpCAS :: traceEnd(); 410 } 411 412 /** 413 * Answer whether or not the client or proxy has been initialized 414 * 415 * @return bool 416 */ 417 public static function isInitialized () 418 { 419 return (is_object(self::$_PHPCAS_CLIENT)); 420 } 421 422 /** @} */ 423 // ######################################################################## 424 // DEBUGGING 425 // ######################################################################## 426 427 /** 428 * @addtogroup publicDebug 429 * @{ 430 */ 431 432 /** 433 * Set/unset debug mode 434 * 435 * @param string $filename the name of the file used for logging, or false 436 * to stop debugging. 437 * 438 * @return void 439 */ 440 public static function setDebug($filename = '') 441 { 442 if ($filename != false && gettype($filename) != 'string') { 443 phpCAS :: error('type mismatched for parameter $dbg (should be false or the name of the log file)'); 444 } 445 if ($filename === false) { 446 self::$_PHPCAS_DEBUG['filename'] = false; 447 448 } else { 449 if (empty ($filename)) { 450 if (preg_match('/^Win.*/', getenv('OS'))) { 451 if (isset ($_ENV['TMP'])) { 452 $debugDir = $_ENV['TMP'] . '/'; 453 } else { 454 $debugDir = ''; 455 } 456 } else { 457 $debugDir = DEFAULT_DEBUG_DIR; 458 } 459 $filename = $debugDir . 'phpCAS.log'; 460 } 461 462 if (empty (self::$_PHPCAS_DEBUG['unique_id'])) { 463 self::$_PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))), 0, 4); 464 } 465 466 self::$_PHPCAS_DEBUG['filename'] = $filename; 467 self::$_PHPCAS_DEBUG['indent'] = 0; 468 469 phpCAS :: trace('START ('.date("Y-m-d H:i:s").') phpCAS-' . PHPCAS_VERSION . ' ******************'); 470 } 471 } 472 473 /** 474 * Enable verbose errors messages in the website output 475 * This is a security relevant since internal status info may leak an may 476 * help an attacker. Default is therefore false 477 * 478 * @param bool $verbose enable verbose output 479 * 480 * @return void 481 */ 482 public static function setVerbose($verbose) 483 { 484 if ($verbose === true) { 485 self::$_PHPCAS_VERBOSE = true; 486 } else { 487 self::$_PHPCAS_VERBOSE = false; 488 } 489 } 490 491 492 /** 493 * Show is verbose mode is on 494 * 495 * @return boot verbose 496 */ 497 public static function getVerbose() 498 { 499 return self::$_PHPCAS_VERBOSE; 500 } 501 502 /** 503 * Logs a string in debug mode. 504 * 505 * @param string $str the string to write 506 * 507 * @return void 508 * @private 509 */ 510 public static function log($str) 511 { 512 $indent_str = "."; 513 514 515 if (!empty(self::$_PHPCAS_DEBUG['filename'])) { 516 // Check if file exists and modifiy file permissions to be only 517 // readable by the webserver 518 if (!file_exists(self::$_PHPCAS_DEBUG['filename'])) { 519 touch(self::$_PHPCAS_DEBUG['filename']); 520 // Chmod will fail on windows 521 @chmod(self::$_PHPCAS_DEBUG['filename'], 0600); 522 } 523 for ($i = 0; $i < self::$_PHPCAS_DEBUG['indent']; $i++) { 524 525 $indent_str .= '| '; 526 } 527 // allow for multiline output with proper identing. Usefull for 528 // dumping cas answers etc. 529 $str2 = str_replace("\n", "\n" . self::$_PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str, $str); 530 error_log(self::$_PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str . $str2 . "\n", 3, self::$_PHPCAS_DEBUG['filename']); 531 } 532 533 } 534 535 /** 536 * This method is used by interface methods to print an error and where the 537 * function was originally called from. 538 * 539 * @param string $msg the message to print 540 * 541 * @return void 542 * @private 543 */ 544 public static function error($msg) 545 { 546 phpCAS :: traceBegin(); 547 $dbg = debug_backtrace(); 548 $function = '?'; 549 $file = '?'; 550 $line = '?'; 551 if (is_array($dbg)) { 552 for ($i = 1; $i < sizeof($dbg); $i++) { 553 if (is_array($dbg[$i]) && isset($dbg[$i]['class']) ) { 554 if ($dbg[$i]['class'] == __CLASS__) { 555 $function = $dbg[$i]['function']; 556 $file = $dbg[$i]['file']; 557 $line = $dbg[$i]['line']; 558 } 559 } 560 } 561 } 562 if (self::$_PHPCAS_VERBOSE) { 563 echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>" . __CLASS__ . "::" . $function . '(): ' . htmlentities($msg) . "</b></font> in <b>" . $file . "</b> on line <b>" . $line . "</b><br />\n"; 564 } else { 565 echo "<br />\n<b>Error</b>: <font color=\"FF0000\"><b>". DEFAULT_ERROR ."</b><br />\n"; 566 } 567 phpCAS :: trace($msg . ' in ' . $file . 'on line ' . $line ); 568 phpCAS :: traceEnd(); 569 570 throw new CAS_GracefullTerminationException(__CLASS__ . "::" . $function . '(): ' . $msg); 571 } 572 573 /** 574 * This method is used to log something in debug mode. 575 * 576 * @param string $str string to log 577 * 578 * @return void 579 */ 580 public static function trace($str) 581 { 582 $dbg = debug_backtrace(); 583 phpCAS :: log($str . ' [' . basename($dbg[0]['file']) . ':' . $dbg[0]['line'] . ']'); 584 } 585 586 /** 587 * This method is used to indicate the start of the execution of a function 588 * in debug mode. 589 * 590 * @return void 591 */ 592 public static function traceBegin() 593 { 594 $dbg = debug_backtrace(); 595 $str = '=> '; 596 if (!empty ($dbg[1]['class'])) { 597 $str .= $dbg[1]['class'] . '::'; 598 } 599 $str .= $dbg[1]['function'] . '('; 600 if (is_array($dbg[1]['args'])) { 601 foreach ($dbg[1]['args'] as $index => $arg) { 602 if ($index != 0) { 603 $str .= ', '; 604 } 605 if (is_object($arg)) { 606 $str .= get_class($arg); 607 } else { 608 $str .= str_replace(array("\r\n", "\n", "\r"), "", var_export($arg, true)); 609 } 610 } 611 } 612 if (isset($dbg[1]['file'])) { 613 $file = basename($dbg[1]['file']); 614 } else { 615 $file = 'unknown_file'; 616 } 617 if (isset($dbg[1]['line'])) { 618 $line = $dbg[1]['line']; 619 } else { 620 $line = 'unknown_line'; 621 } 622 $str .= ') [' . $file . ':' . $line . ']'; 623 phpCAS :: log($str); 624 if (!isset(self::$_PHPCAS_DEBUG['indent'])) { 625 self::$_PHPCAS_DEBUG['indent'] = 0; 626 } else { 627 self::$_PHPCAS_DEBUG['indent']++; 628 } 629 } 630 631 /** 632 * This method is used to indicate the end of the execution of a function in 633 * debug mode. 634 * 635 * @param string $res the result of the function 636 * 637 * @return void 638 */ 639 public static function traceEnd($res = '') 640 { 641 if (empty(self::$_PHPCAS_DEBUG['indent'])) { 642 self::$_PHPCAS_DEBUG['indent'] = 0; 643 } else { 644 self::$_PHPCAS_DEBUG['indent']--; 645 } 646 $dbg = debug_backtrace(); 647 $str = ''; 648 if (is_object($res)) { 649 $str .= '<= ' . get_class($res); 650 } else { 651 $str .= '<= ' . str_replace(array("\r\n", "\n", "\r"), "", var_export($res, true)); 652 } 653 654 phpCAS :: log($str); 655 } 656 657 /** 658 * This method is used to indicate the end of the execution of the program 659 * 660 * @return void 661 */ 662 public static function traceExit() 663 { 664 phpCAS :: log('exit()'); 665 while (self::$_PHPCAS_DEBUG['indent'] > 0) { 666 phpCAS :: log('-'); 667 self::$_PHPCAS_DEBUG['indent']--; 668 } 669 } 670 671 /** @} */ 672 // ######################################################################## 673 // INTERNATIONALIZATION 674 // ######################################################################## 675 /** 676 * @addtogroup publicLang 677 * @{ 678 */ 679 680 /** 681 * This method is used to set the language used by phpCAS. 682 * 683 * @param string $lang string representing the language. 684 * 685 * @return void 686 * 687 * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH 688 * @note Can be called only once. 689 */ 690 public static function setLang($lang) 691 { 692 phpCAS::_validateClientExists(); 693 694 try { 695 self::$_PHPCAS_CLIENT->setLang($lang); 696 } catch (Exception $e) { 697 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 698 } 699 } 700 701 /** @} */ 702 // ######################################################################## 703 // VERSION 704 // ######################################################################## 705 /** 706 * @addtogroup public 707 * @{ 708 */ 709 710 /** 711 * This method returns the phpCAS version. 712 * 713 * @return the phpCAS version. 714 */ 715 public static function getVersion() 716 { 717 return PHPCAS_VERSION; 718 } 719 720 /** @} */ 721 // ######################################################################## 722 // HTML OUTPUT 723 // ######################################################################## 724 /** 725 * @addtogroup publicOutput 726 * @{ 727 */ 728 729 /** 730 * This method sets the HTML header used for all outputs. 731 * 732 * @param string $header the HTML header. 733 * 734 * @return void 735 */ 736 public static function setHTMLHeader($header) 737 { 738 phpCAS::_validateClientExists(); 739 740 try { 741 self::$_PHPCAS_CLIENT->setHTMLHeader($header); 742 } catch (Exception $e) { 743 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 744 } 745 } 746 747 /** 748 * This method sets the HTML footer used for all outputs. 749 * 750 * @param string $footer the HTML footer. 751 * 752 * @return void 753 */ 754 public static function setHTMLFooter($footer) 755 { 756 phpCAS::_validateClientExists(); 757 758 try { 759 self::$_PHPCAS_CLIENT->setHTMLFooter($footer); 760 } catch (Exception $e) { 761 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 762 } 763 } 764 765 /** @} */ 766 // ######################################################################## 767 // PGT STORAGE 768 // ######################################################################## 769 /** 770 * @addtogroup publicPGTStorage 771 * @{ 772 */ 773 774 /** 775 * This method can be used to set a custom PGT storage object. 776 * 777 * @param CAS_PGTStorage $storage a PGT storage object that inherits from the 778 * CAS_PGTStorage class 779 * 780 * @return void 781 */ 782 public static function setPGTStorage($storage) 783 { 784 phpCAS :: traceBegin(); 785 phpCAS::_validateProxyExists(); 786 787 try { 788 self::$_PHPCAS_CLIENT->setPGTStorage($storage); 789 } catch (Exception $e) { 790 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 791 } 792 phpCAS :: traceEnd(); 793 } 794 795 /** 796 * This method is used to tell phpCAS to store the response of the 797 * CAS server to PGT requests in a database. 798 * 799 * @param string $dsn_or_pdo a dsn string to use for creating a PDO 800 * object or a PDO object 801 * @param string $username the username to use when connecting to the 802 * database 803 * @param string $password the password to use when connecting to the 804 * database 805 * @param string $table the table to use for storing and retrieving 806 * PGT's 807 * @param string $driver_options any driver options to use when connecting 808 * to the database 809 * 810 * @return void 811 */ 812 public static function setPGTStorageDb($dsn_or_pdo, $username='', 813 $password='', $table='', $driver_options=null 814 ) { 815 phpCAS :: traceBegin(); 816 phpCAS::_validateProxyExists(); 817 818 try { 819 self::$_PHPCAS_CLIENT->setPGTStorageDb($dsn_or_pdo, $username, $password, $table, $driver_options); 820 } catch (Exception $e) { 821 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 822 } 823 phpCAS :: traceEnd(); 824 } 825 826 /** 827 * This method is used to tell phpCAS to store the response of the 828 * CAS server to PGT requests onto the filesystem. 829 * 830 * @param string $path the path where the PGT's should be stored 831 * 832 * @return void 833 */ 834 public static function setPGTStorageFile($path = '') 835 { 836 phpCAS :: traceBegin(); 837 phpCAS::_validateProxyExists(); 838 839 try { 840 self::$_PHPCAS_CLIENT->setPGTStorageFile($path); 841 } catch (Exception $e) { 842 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 843 } 844 phpCAS :: traceEnd(); 845 } 846 /** @} */ 847 // ######################################################################## 848 // ACCESS TO EXTERNAL SERVICES 849 // ######################################################################## 850 /** 851 * @addtogroup publicServices 852 * @{ 853 */ 854 855 /** 856 * Answer a proxy-authenticated service handler. 857 * 858 * @param string $type The service type. One of 859 * PHPCAS_PROXIED_SERVICE_HTTP_GET; PHPCAS_PROXIED_SERVICE_HTTP_POST; 860 * PHPCAS_PROXIED_SERVICE_IMAP 861 * 862 * @return CAS_ProxiedService 863 * @throws InvalidArgumentException If the service type is unknown. 864 */ 865 public static function getProxiedService ($type) 866 { 867 phpCAS :: traceBegin(); 868 phpCAS::_validateProxyExists(); 869 870 try { 871 $res = self::$_PHPCAS_CLIENT->getProxiedService($type); 872 } catch (Exception $e) { 873 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 874 } 875 876 phpCAS :: traceEnd(); 877 return $res; 878 } 879 880 /** 881 * Initialize a proxied-service handler with the proxy-ticket it should use. 882 * 883 * @param CAS_ProxiedService $proxiedService Proxied Service Handler 884 * 885 * @return void 886 * @throws CAS_ProxyTicketException If there is a proxy-ticket failure. 887 * The code of the Exception will be one of: 888 * PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE 889 * PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE 890 * PHPCAS_SERVICE_PT_FAILURE 891 */ 892 public static function initializeProxiedService (CAS_ProxiedService $proxiedService) 893 { 894 phpCAS::_validateProxyExists(); 895 896 try { 897 self::$_PHPCAS_CLIENT->initializeProxiedService($proxiedService); 898 } catch (Exception $e) { 899 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 900 } 901 } 902 903 /** 904 * This method is used to access an HTTP[S] service. 905 * 906 * @param string $url the service to access. 907 * @param string &$err_code an error code Possible values are 908 * PHPCAS_SERVICE_OK (on success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, 909 * PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, PHPCAS_SERVICE_PT_FAILURE, 910 * PHPCAS_SERVICE_NOT_AVAILABLE. 911 * @param string &$output the output of the service (also used to give an 912 * error message on failure). 913 * 914 * @return bool true on success, false otherwise (in this later case, 915 * $err_code gives the reason why it failed and $output contains an error 916 * message). 917 */ 918 public static function serviceWeb($url, & $err_code, & $output) 919 { 920 phpCAS :: traceBegin(); 921 phpCAS::_validateProxyExists(); 922 923 try { 924 $res = self::$_PHPCAS_CLIENT->serviceWeb($url, $err_code, $output); 925 } catch (Exception $e) { 926 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 927 } 928 929 phpCAS :: traceEnd($res); 930 return $res; 931 } 932 933 /** 934 * This method is used to access an IMAP/POP3/NNTP service. 935 * 936 * @param string $url a string giving the URL of the service, 937 * including the mailing box for IMAP URLs, as accepted by imap_open(). 938 * @param string $service a string giving for CAS retrieve Proxy ticket 939 * @param string $flags options given to imap_open(). 940 * @param string &$err_code an error code Possible values are 941 * PHPCAS_SERVICE_OK (on success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, 942 * PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, PHPCAS_SERVICE_PT_FAILURE, 943 * PHPCAS_SERVICE_NOT_AVAILABLE. 944 * @param string &$err_msg an error message on failure 945 * @param string &$pt the Proxy Ticket (PT) retrieved from the CAS 946 * server to access the URL on success, false on error). 947 * 948 * @return object IMAP stream on success, false otherwise (in this later 949 * case, $err_code gives the reason why it failed and $err_msg contains an 950 * error message). 951 */ 952 public static function serviceMail($url, $service, $flags, & $err_code, & $err_msg, & $pt) 953 { 954 phpCAS :: traceBegin(); 955 phpCAS::_validateProxyExists(); 956 957 try { 958 $res = self::$_PHPCAS_CLIENT->serviceMail($url, $service, $flags, $err_code, $err_msg, $pt); 959 } catch (Exception $e) { 960 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 961 } 962 963 phpCAS :: traceEnd($res); 964 return $res; 965 } 966 967 /** @} */ 968 // ######################################################################## 969 // AUTHENTICATION 970 // ######################################################################## 971 /** 972 * @addtogroup publicAuth 973 * @{ 974 */ 975 976 /** 977 * Set the times authentication will be cached before really accessing the 978 * CAS server in gateway mode: 979 * - -1: check only once, and then never again (until you pree login) 980 * - 0: always check 981 * - n: check every "n" time 982 * 983 * @param int $n an integer. 984 * 985 * @return void 986 */ 987 public static function setCacheTimesForAuthRecheck($n) 988 { 989 phpCAS::_validateClientExists(); 990 991 try { 992 self::$_PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n); 993 } catch (Exception $e) { 994 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 995 } 996 } 997 998 /** 999 * Set a callback function to be run when a user authenticates. 1000 * 1001 * The callback function will be passed a $logoutTicket as its first 1002 * parameter, followed by any $additionalArgs you pass. The $logoutTicket 1003 * parameter is an opaque string that can be used to map the session-id to 1004 * logout request in order to support single-signout in applications that 1005 * manage their own sessions (rather than letting phpCAS start the session). 1006 * 1007 * phpCAS::forceAuthentication() will always exit and forward client unless 1008 * they are already authenticated. To perform an action at the moment the user 1009 * logs in (such as registering an account, performing logging, etc), register 1010 * a callback function here. 1011 * 1012 * @param string $function Callback function 1013 * @param array $additionalArgs optional array of arguments 1014 * 1015 * @return void 1016 */ 1017 public static function setPostAuthenticateCallback ($function, array $additionalArgs = array()) 1018 { 1019 phpCAS::_validateClientExists(); 1020 1021 self::$_PHPCAS_CLIENT->setPostAuthenticateCallback($function, $additionalArgs); 1022 } 1023 1024 /** 1025 * Set a callback function to be run when a single-signout request is 1026 * received. The callback function will be passed a $logoutTicket as its 1027 * first parameter, followed by any $additionalArgs you pass. The 1028 * $logoutTicket parameter is an opaque string that can be used to map a 1029 * session-id to the logout request in order to support single-signout in 1030 * applications that manage their own sessions (rather than letting phpCAS 1031 * start and destroy the session). 1032 * 1033 * @param string $function Callback function 1034 * @param array $additionalArgs optional array of arguments 1035 * 1036 * @return void 1037 */ 1038 public static function setSingleSignoutCallback ($function, array $additionalArgs = array()) 1039 { 1040 phpCAS::_validateClientExists(); 1041 1042 self::$_PHPCAS_CLIENT->setSingleSignoutCallback($function, $additionalArgs); 1043 } 1044 1045 /** 1046 * This method is called to check if the user is already authenticated 1047 * locally or has a global cas session. A already existing cas session is 1048 * determined by a cas gateway call.(cas login call without any interactive 1049 * prompt) 1050 * 1051 * @return true when the user is authenticated, false when a previous 1052 * gateway login failed or the function will not return if the user is 1053 * redirected to the cas server for a gateway login attempt 1054 */ 1055 public static function checkAuthentication() 1056 { 1057 phpCAS :: traceBegin(); 1058 phpCAS::_validateClientExists(); 1059 1060 $auth = self::$_PHPCAS_CLIENT->checkAuthentication(); 1061 1062 // store where the authentication has been checked and the result 1063 self::$_PHPCAS_CLIENT->markAuthenticationCall($auth); 1064 1065 phpCAS :: traceEnd($auth); 1066 return $auth; 1067 } 1068 1069 /** 1070 * This method is called to force authentication if the user was not already 1071 * authenticated. If the user is not authenticated, halt by redirecting to 1072 * the CAS server. 1073 * 1074 * @return bool Authentication 1075 */ 1076 public static function forceAuthentication() 1077 { 1078 phpCAS :: traceBegin(); 1079 phpCAS::_validateClientExists(); 1080 $auth = self::$_PHPCAS_CLIENT->forceAuthentication(); 1081 1082 // store where the authentication has been checked and the result 1083 self::$_PHPCAS_CLIENT->markAuthenticationCall($auth); 1084 1085 /* if (!$auth) { 1086 phpCAS :: trace('user is not authenticated, redirecting to the CAS server'); 1087 self::$_PHPCAS_CLIENT->forceAuthentication(); 1088 } else { 1089 phpCAS :: trace('no need to authenticate (user `' . phpCAS :: getUser() . '\' is already authenticated)'); 1090 }*/ 1091 1092 phpCAS :: traceEnd(); 1093 return $auth; 1094 } 1095 1096 /** 1097 * This method is called to renew the authentication. 1098 * 1099 * @return void 1100 **/ 1101 public static function renewAuthentication() 1102 { 1103 phpCAS :: traceBegin(); 1104 phpCAS::_validateClientExists(); 1105 1106 $auth = self::$_PHPCAS_CLIENT->renewAuthentication(); 1107 1108 // store where the authentication has been checked and the result 1109 self::$_PHPCAS_CLIENT->markAuthenticationCall($auth); 1110 1111 //self::$_PHPCAS_CLIENT->renewAuthentication(); 1112 phpCAS :: traceEnd(); 1113 } 1114 1115 /** 1116 * This method is called to check if the user is authenticated (previously or by 1117 * tickets given in the URL). 1118 * 1119 * @return true when the user is authenticated. 1120 */ 1121 public static function isAuthenticated() 1122 { 1123 phpCAS :: traceBegin(); 1124 phpCAS::_validateClientExists(); 1125 1126 // call the isAuthenticated method of the $_PHPCAS_CLIENT object 1127 $auth = self::$_PHPCAS_CLIENT->isAuthenticated(); 1128 1129 // store where the authentication has been checked and the result 1130 self::$_PHPCAS_CLIENT->markAuthenticationCall($auth); 1131 1132 phpCAS :: traceEnd($auth); 1133 return $auth; 1134 } 1135 1136 /** 1137 * Checks whether authenticated based on $_SESSION. Useful to avoid 1138 * server calls. 1139 * 1140 * @return bool true if authenticated, false otherwise. 1141 * @since 0.4.22 by Brendan Arnold 1142 */ 1143 public static function isSessionAuthenticated() 1144 { 1145 phpCAS::_validateClientExists(); 1146 1147 return (self::$_PHPCAS_CLIENT->isSessionAuthenticated()); 1148 } 1149 1150 /** 1151 * This method returns the CAS user's login name. 1152 * 1153 * @return string the login name of the authenticated user 1154 * @warning should only be called after phpCAS::forceAuthentication() 1155 * or phpCAS::checkAuthentication(). 1156 * */ 1157 public static function getUser() 1158 { 1159 phpCAS::_validateClientExists(); 1160 1161 try { 1162 return self::$_PHPCAS_CLIENT->getUser(); 1163 } catch (Exception $e) { 1164 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 1165 } 1166 } 1167 1168 /** 1169 * Answer attributes about the authenticated user. 1170 * 1171 * @warning should only be called after phpCAS::forceAuthentication() 1172 * or phpCAS::checkAuthentication(). 1173 * 1174 * @return array 1175 */ 1176 public static function getAttributes() 1177 { 1178 phpCAS::_validateClientExists(); 1179 1180 try { 1181 return self::$_PHPCAS_CLIENT->getAttributes(); 1182 } catch (Exception $e) { 1183 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 1184 } 1185 } 1186 1187 /** 1188 * Answer true if there are attributes for the authenticated user. 1189 * 1190 * @warning should only be called after phpCAS::forceAuthentication() 1191 * or phpCAS::checkAuthentication(). 1192 * 1193 * @return bool 1194 */ 1195 public static function hasAttributes() 1196 { 1197 phpCAS::_validateClientExists(); 1198 1199 try { 1200 return self::$_PHPCAS_CLIENT->hasAttributes(); 1201 } catch (Exception $e) { 1202 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 1203 } 1204 } 1205 1206 /** 1207 * Answer true if an attribute exists for the authenticated user. 1208 * 1209 * @param string $key attribute name 1210 * 1211 * @return bool 1212 * @warning should only be called after phpCAS::forceAuthentication() 1213 * or phpCAS::checkAuthentication(). 1214 */ 1215 public static function hasAttribute($key) 1216 { 1217 phpCAS::_validateClientExists(); 1218 1219 try { 1220 return self::$_PHPCAS_CLIENT->hasAttribute($key); 1221 } catch (Exception $e) { 1222 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 1223 } 1224 } 1225 1226 /** 1227 * Answer an attribute for the authenticated user. 1228 * 1229 * @param string $key attribute name 1230 * 1231 * @return mixed string for a single value or an array if multiple values exist. 1232 * @warning should only be called after phpCAS::forceAuthentication() 1233 * or phpCAS::checkAuthentication(). 1234 */ 1235 public static function getAttribute($key) 1236 { 1237 phpCAS::_validateClientExists(); 1238 1239 try { 1240 return self::$_PHPCAS_CLIENT->getAttribute($key); 1241 } catch (Exception $e) { 1242 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 1243 } 1244 } 1245 1246 /** 1247 * Handle logout requests. 1248 * 1249 * @param bool $check_client additional safety check 1250 * @param array $allowed_clients array of allowed clients 1251 * 1252 * @return void 1253 */ 1254 public static function handleLogoutRequests($check_client = true, $allowed_clients = false) 1255 { 1256 phpCAS::_validateClientExists(); 1257 1258 return (self::$_PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients)); 1259 } 1260 1261 /** 1262 * This method returns the URL to be used to login. 1263 * or phpCAS::isAuthenticated(). 1264 * 1265 * @return the login name of the authenticated user 1266 */ 1267 public static function getServerLoginURL() 1268 { 1269 phpCAS::_validateClientExists(); 1270 1271 return self::$_PHPCAS_CLIENT->getServerLoginURL(); 1272 } 1273 1274 /** 1275 * Set the login URL of the CAS server. 1276 * 1277 * @param string $url the login URL 1278 * 1279 * @return void 1280 * @since 0.4.21 by Wyman Chan 1281 */ 1282 public static function setServerLoginURL($url = '') 1283 { 1284 phpCAS :: traceBegin(); 1285 phpCAS::_validateClientExists(); 1286 1287 try { 1288 self::$_PHPCAS_CLIENT->setServerLoginURL($url); 1289 } catch (Exception $e) { 1290 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 1291 } 1292 1293 phpCAS :: traceEnd(); 1294 } 1295 1296 /** 1297 * Set the serviceValidate URL of the CAS server. 1298 * Used only in CAS 1.0 validations 1299 * 1300 * @param string $url the serviceValidate URL 1301 * 1302 * @return void 1303 */ 1304 public static function setServerServiceValidateURL($url = '') 1305 { 1306 phpCAS :: traceBegin(); 1307 phpCAS::_validateClientExists(); 1308 1309 try { 1310 self::$_PHPCAS_CLIENT->setServerServiceValidateURL($url); 1311 } catch (Exception $e) { 1312 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 1313 } 1314 1315 phpCAS :: traceEnd(); 1316 } 1317 1318 /** 1319 * Set the proxyValidate URL of the CAS server. 1320 * Used for all CAS 2.0 validations 1321 * 1322 * @param string $url the proxyValidate URL 1323 * 1324 * @return void 1325 */ 1326 public static function setServerProxyValidateURL($url = '') 1327 { 1328 phpCAS :: traceBegin(); 1329 phpCAS::_validateClientExists(); 1330 1331 try { 1332 self::$_PHPCAS_CLIENT->setServerProxyValidateURL($url); 1333 } catch (Exception $e) { 1334 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 1335 } 1336 1337 phpCAS :: traceEnd(); 1338 } 1339 1340 /** 1341 * Set the samlValidate URL of the CAS server. 1342 * 1343 * @param string $url the samlValidate URL 1344 * 1345 * @return void 1346 */ 1347 public static function setServerSamlValidateURL($url = '') 1348 { 1349 phpCAS :: traceBegin(); 1350 phpCAS::_validateClientExists(); 1351 1352 try { 1353 self::$_PHPCAS_CLIENT->setServerSamlValidateURL($url); 1354 } catch (Exception $e) { 1355 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 1356 } 1357 1358 phpCAS :: traceEnd(); 1359 } 1360 1361 /** 1362 * This method returns the URL to be used to login. 1363 * or phpCAS::isAuthenticated(). 1364 * 1365 * @return the login name of the authenticated user 1366 */ 1367 public static function getServerLogoutURL() 1368 { 1369 phpCAS::_validateClientExists(); 1370 1371 return self::$_PHPCAS_CLIENT->getServerLogoutURL(); 1372 } 1373 1374 /** 1375 * Set the logout URL of the CAS server. 1376 * 1377 * @param string $url the logout URL 1378 * 1379 * @return void 1380 * @since 0.4.21 by Wyman Chan 1381 */ 1382 public static function setServerLogoutURL($url = '') 1383 { 1384 phpCAS :: traceBegin(); 1385 phpCAS::_validateClientExists(); 1386 1387 try { 1388 self::$_PHPCAS_CLIENT->setServerLogoutURL($url); 1389 } catch (Exception $e) { 1390 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 1391 } 1392 1393 phpCAS :: traceEnd(); 1394 } 1395 1396 /** 1397 * This method is used to logout from CAS. 1398 * 1399 * @param string $params an array that contains the optional url and 1400 * service parameters that will be passed to the CAS server 1401 * 1402 * @return void 1403 */ 1404 public static function logout($params = "") 1405 { 1406 phpCAS :: traceBegin(); 1407 phpCAS::_validateClientExists(); 1408 1409 $parsedParams = array (); 1410 if ($params != "") { 1411 if (is_string($params)) { 1412 phpCAS :: error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead'); 1413 } 1414 if (!is_array($params)) { 1415 phpCAS :: error('type mismatched for parameter $params (should be `array\')'); 1416 } 1417 foreach ($params as $key => $value) { 1418 if ($key != "service" && $key != "url") { 1419 phpCAS :: error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\''); 1420 } 1421 $parsedParams[$key] = $value; 1422 } 1423 } 1424 self::$_PHPCAS_CLIENT->logout($parsedParams); 1425 // never reached 1426 phpCAS :: traceEnd(); 1427 } 1428 1429 /** 1430 * This method is used to logout from CAS. Halts by redirecting to the CAS 1431 * server. 1432 * 1433 * @param string $service a URL that will be transmitted to the CAS server 1434 * 1435 * @return void 1436 */ 1437 public static function logoutWithRedirectService($service) 1438 { 1439 phpCAS :: traceBegin(); 1440 phpCAS::_validateClientExists(); 1441 1442 if (!is_string($service)) { 1443 phpCAS :: error('type mismatched for parameter $service (should be `string\')'); 1444 } 1445 self::$_PHPCAS_CLIENT->logout(array ( "service" => $service )); 1446 // never reached 1447 phpCAS :: traceEnd(); 1448 } 1449 1450 /** 1451 * This method is used to logout from CAS. Halts by redirecting to the CAS 1452 * server. 1453 * 1454 * @param string $url a URL that will be transmitted to the CAS server 1455 * 1456 * @return void 1457 * @deprecated The url parameter has been removed from the CAS server as of 1458 * version 3.3.5.1 1459 */ 1460 public static function logoutWithUrl($url) 1461 { 1462 trigger_error('Function deprecated for cas servers >= 3.3.5.1', E_USER_DEPRECATED); 1463 phpCAS :: traceBegin(); 1464 if (!is_object(self::$_PHPCAS_CLIENT)) { 1465 phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); 1466 } 1467 if (!is_string($url)) { 1468 phpCAS :: error('type mismatched for parameter $url (should be `string\')'); 1469 } 1470 self::$_PHPCAS_CLIENT->logout(array ( "url" => $url )); 1471 // never reached 1472 phpCAS :: traceEnd(); 1473 } 1474 1475 /** 1476 * This method is used to logout from CAS. Halts by redirecting to the CAS 1477 * server. 1478 * 1479 * @param string $service a URL that will be transmitted to the CAS server 1480 * @param string $url a URL that will be transmitted to the CAS server 1481 * 1482 * @return void 1483 * 1484 * @deprecated The url parameter has been removed from the CAS server as of 1485 * version 3.3.5.1 1486 */ 1487 public static function logoutWithRedirectServiceAndUrl($service, $url) 1488 { 1489 trigger_error('Function deprecated for cas servers >= 3.3.5.1', E_USER_DEPRECATED); 1490 phpCAS :: traceBegin(); 1491 phpCAS::_validateClientExists(); 1492 1493 if (!is_string($service)) { 1494 phpCAS :: error('type mismatched for parameter $service (should be `string\')'); 1495 } 1496 if (!is_string($url)) { 1497 phpCAS :: error('type mismatched for parameter $url (should be `string\')'); 1498 } 1499 self::$_PHPCAS_CLIENT->logout( 1500 array ( 1501 "service" => $service, 1502 "url" => $url 1503 ) 1504 ); 1505 // never reached 1506 phpCAS :: traceEnd(); 1507 } 1508 1509 /** 1510 * Set the fixed URL that will be used by the CAS server to transmit the 1511 * PGT. When this method is not called, a phpCAS script uses its own URL 1512 * for the callback. 1513 * 1514 * @param string $url the URL 1515 * 1516 * @return void 1517 */ 1518 public static function setFixedCallbackURL($url = '') 1519 { 1520 phpCAS :: traceBegin(); 1521 phpCAS::_validateProxyExists(); 1522 1523 try { 1524 self::$_PHPCAS_CLIENT->setCallbackURL($url); 1525 } catch (Exception $e) { 1526 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 1527 } 1528 1529 phpCAS :: traceEnd(); 1530 } 1531 1532 /** 1533 * Set the fixed URL that will be set as the CAS service parameter. When this 1534 * method is not called, a phpCAS script uses its own URL. 1535 * 1536 * @param string $url the URL 1537 * 1538 * @return void 1539 */ 1540 public static function setFixedServiceURL($url) 1541 { 1542 phpCAS :: traceBegin(); 1543 phpCAS::_validateProxyExists(); 1544 1545 try { 1546 self::$_PHPCAS_CLIENT->setURL($url); 1547 } catch (Exception $e) { 1548 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 1549 } 1550 1551 phpCAS :: traceEnd(); 1552 } 1553 1554 /** 1555 * Get the URL that is set as the CAS service parameter. 1556 * 1557 * @return string Service Url 1558 */ 1559 public static function getServiceURL() 1560 { 1561 phpCAS::_validateProxyExists(); 1562 return (self::$_PHPCAS_CLIENT->getURL()); 1563 } 1564 1565 /** 1566 * Retrieve a Proxy Ticket from the CAS server. 1567 * 1568 * @param string $target_service Url string of service to proxy 1569 * @param string &$err_code error code 1570 * @param string &$err_msg error message 1571 * 1572 * @return string Proxy Ticket 1573 */ 1574 public static function retrievePT($target_service, & $err_code, & $err_msg) 1575 { 1576 phpCAS::_validateProxyExists(); 1577 1578 try { 1579 return (self::$_PHPCAS_CLIENT->retrievePT($target_service, $err_code, $err_msg)); 1580 } catch (Exception $e) { 1581 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 1582 } 1583 } 1584 1585 /** 1586 * Set the certificate of the CAS server CA and if the CN should be properly 1587 * verified. 1588 * 1589 * @param string $cert CA certificate file name 1590 * @param bool $validate_cn Validate CN in certificate (default true) 1591 * 1592 * @return void 1593 */ 1594 public static function setCasServerCACert($cert, $validate_cn = true) 1595 { 1596 phpCAS :: traceBegin(); 1597 phpCAS::_validateClientExists(); 1598 1599 try { 1600 self::$_PHPCAS_CLIENT->setCasServerCACert($cert, $validate_cn); 1601 } catch (Exception $e) { 1602 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 1603 } 1604 1605 phpCAS :: traceEnd(); 1606 } 1607 1608 /** 1609 * Set no SSL validation for the CAS server. 1610 * 1611 * @return void 1612 */ 1613 public static function setNoCasServerValidation() 1614 { 1615 phpCAS :: traceBegin(); 1616 phpCAS::_validateClientExists(); 1617 1618 phpCAS :: trace('You have configured no validation of the legitimacy of the cas server. This is not recommended for production use.'); 1619 self::$_PHPCAS_CLIENT->setNoCasServerValidation(); 1620 phpCAS :: traceEnd(); 1621 } 1622 1623 1624 /** 1625 * Disable the removal of a CAS-Ticket from the URL when authenticating 1626 * DISABLING POSES A SECURITY RISK: 1627 * We normally remove the ticket by an additional redirect as a security 1628 * precaution to prevent a ticket in the HTTP_REFERRER or be carried over in 1629 * the URL parameter 1630 * 1631 * @return void 1632 */ 1633 public static function setNoClearTicketsFromUrl() 1634 { 1635 phpCAS :: traceBegin(); 1636 phpCAS::_validateClientExists(); 1637 1638 self::$_PHPCAS_CLIENT->setNoClearTicketsFromUrl(); 1639 phpCAS :: traceEnd(); 1640 } 1641 1642 /** @} */ 1643 1644 /** 1645 * Change CURL options. 1646 * CURL is used to connect through HTTPS to CAS server 1647 * 1648 * @param string $key the option key 1649 * @param string $value the value to set 1650 * 1651 * @return void 1652 */ 1653 public static function setExtraCurlOption($key, $value) 1654 { 1655 phpCAS :: traceBegin(); 1656 phpCAS::_validateClientExists(); 1657 1658 self::$_PHPCAS_CLIENT->setExtraCurlOption($key, $value); 1659 phpCAS :: traceEnd(); 1660 } 1661 1662 /** 1663 * If you want your service to be proxied you have to enable it (default 1664 * disabled) and define an accepable list of proxies that are allowed to 1665 * proxy your service. 1666 * 1667 * Add each allowed proxy definition object. For the normal CAS_ProxyChain 1668 * class, the constructor takes an array of proxies to match. The list is in 1669 * reverse just as seen from the service. Proxies have to be defined in reverse 1670 * from the service to the user. If a user hits service A and gets proxied via 1671 * B to service C the list of acceptable on C would be array(B,A). The definition 1672 * of an individual proxy can be either a string or a regexp (preg_match is used) 1673 * that will be matched against the proxy list supplied by the cas server 1674 * when validating the proxy tickets. The strings are compared starting from 1675 * the beginning and must fully match with the proxies in the list. 1676 * Example: 1677 * phpCAS::allowProxyChain(new CAS_ProxyChain(array( 1678 * 'https://app.example.com/' 1679 * ))); 1680 * phpCAS::allowProxyChain(new CAS_ProxyChain(array( 1681 * '/^https:\/\/app[0-9]\.example\.com\/rest\//', 1682 * 'http://client.example.com/' 1683 * ))); 1684 * 1685 * For quick testing or in certain production screnarios you might want to 1686 * allow allow any other valid service to proxy your service. To do so, add 1687 * the "Any" chain: 1688 * phpcas::allowProxyChain(new CAS_ProxyChain_Any); 1689 * THIS SETTING IS HOWEVER NOT RECOMMENDED FOR PRODUCTION AND HAS SECURITY 1690 * IMPLICATIONS: YOU ARE ALLOWING ANY SERVICE TO ACT ON BEHALF OF A USER 1691 * ON THIS SERVICE. 1692 * 1693 * @param CAS_ProxyChain_Interface $proxy_chain A proxy-chain that will be 1694 * matched against the proxies requesting access 1695 * 1696 * @return void 1697 */ 1698 public static function allowProxyChain(CAS_ProxyChain_Interface $proxy_chain) 1699 { 1700 phpCAS :: traceBegin(); 1701 phpCAS::_validateClientExists(); 1702 1703 if (self::$_PHPCAS_CLIENT->getServerVersion() !== CAS_VERSION_2_0 1704 && self::$_PHPCAS_CLIENT->getServerVersion() !== CAS_VERSION_3_0 1705 ) { 1706 phpCAS :: error('this method can only be used with the cas 2.0/3.0 protocols'); 1707 } 1708 self::$_PHPCAS_CLIENT->getAllowedProxyChains()->allowProxyChain($proxy_chain); 1709 phpCAS :: traceEnd(); 1710 } 1711 1712 /** 1713 * Answer an array of proxies that are sitting in front of this application. 1714 * This method will only return a non-empty array if we have received and 1715 * validated a Proxy Ticket. 1716 * 1717 * @return array 1718 * @access public 1719 * @since 6/25/09 1720 */ 1721 public static function getProxies () 1722 { 1723 phpCAS::_validateProxyExists(); 1724 1725 return(self::$_PHPCAS_CLIENT->getProxies()); 1726 } 1727 1728 // ######################################################################## 1729 // PGTIOU/PGTID and logoutRequest rebroadcasting 1730 // ######################################################################## 1731 1732 /** 1733 * Add a pgtIou/pgtId and logoutRequest rebroadcast node. 1734 * 1735 * @param string $rebroadcastNodeUrl The rebroadcast node URL. Can be 1736 * hostname or IP. 1737 * 1738 * @return void 1739 */ 1740 public static function addRebroadcastNode($rebroadcastNodeUrl) 1741 { 1742 phpCAS::traceBegin(); 1743 phpCAS::log('rebroadcastNodeUrl:'.$rebroadcastNodeUrl); 1744 phpCAS::_validateClientExists(); 1745 1746 try { 1747 self::$_PHPCAS_CLIENT->addRebroadcastNode($rebroadcastNodeUrl); 1748 } catch (Exception $e) { 1749 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 1750 } 1751 1752 phpCAS::traceEnd(); 1753 } 1754 1755 /** 1756 * This method is used to add header parameters when rebroadcasting 1757 * pgtIou/pgtId or logoutRequest. 1758 * 1759 * @param String $header Header to send when rebroadcasting. 1760 * 1761 * @return void 1762 */ 1763 public static function addRebroadcastHeader($header) 1764 { 1765 phpCAS :: traceBegin(); 1766 phpCAS::_validateClientExists(); 1767 1768 try { 1769 self::$_PHPCAS_CLIENT->addRebroadcastHeader($header); 1770 } catch (Exception $e) { 1771 phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); 1772 } 1773 1774 phpCAS :: traceEnd(); 1775 } 1776 1777 /** 1778 * Checks if a client already exists 1779 * 1780 * @throws CAS_OutOfSequenceBeforeClientException 1781 * 1782 * @return void 1783 */ 1784 private static function _validateClientExists() 1785 { 1786 if (!is_object(self::$_PHPCAS_CLIENT)) { 1787 throw new CAS_OutOfSequenceBeforeClientException(); 1788 } 1789 } 1790 1791 /** 1792 * Checks of a proxy client aready exists 1793 * 1794 * @throws CAS_OutOfSequenceBeforeProxyException 1795 * 1796 * @return void 1797 */ 1798 private static function _validateProxyExists() 1799 { 1800 if (!is_object(self::$_PHPCAS_CLIENT)) { 1801 throw new CAS_OutOfSequenceBeforeProxyException(); 1802 } 1803 } 1804 } 1805 // ######################################################################## 1806 // DOCUMENTATION 1807 // ######################################################################## 1808 1809 // ######################################################################## 1810 // MAIN PAGE 1811 1812 /** 1813 * @mainpage 1814 * 1815 * The following pages only show the source documentation. 1816 * 1817 */ 1818 1819 // ######################################################################## 1820 // MODULES DEFINITION 1821 1822 /** @defgroup public User interface */ 1823 1824 /** @defgroup publicInit Initialization 1825 * @ingroup public */ 1826 1827 /** @defgroup publicAuth Authentication 1828 * @ingroup public */ 1829 1830 /** @defgroup publicServices Access to external services 1831 * @ingroup public */ 1832 1833 /** @defgroup publicConfig Configuration 1834 * @ingroup public */ 1835 1836 /** @defgroup publicLang Internationalization 1837 * @ingroup publicConfig */ 1838 1839 /** @defgroup publicOutput HTML output 1840 * @ingroup publicConfig */ 1841 1842 /** @defgroup publicPGTStorage PGT storage 1843 * @ingroup publicConfig */ 1844 1845 /** @defgroup publicDebug Debugging 1846 * @ingroup public */ 1847 1848 /** @defgroup internal Implementation */ 1849 1850 /** @defgroup internalAuthentication Authentication 1851 * @ingroup internal */ 1852 1853 /** @defgroup internalBasic CAS Basic client features (CAS 1.0, Service Tickets) 1854 * @ingroup internal */ 1855 1856 /** @defgroup internalProxy CAS Proxy features (CAS 2.0, Proxy Granting Tickets) 1857 * @ingroup internal */ 1858 1859 /** @defgroup internalSAML CAS SAML features (SAML 1.1) 1860 * @ingroup internal */ 1861 1862 /** @defgroup internalPGTStorage PGT storage 1863 * @ingroup internalProxy */ 1864 1865 /** @defgroup internalPGTStorageDb PGT storage in a database 1866 * @ingroup internalPGTStorage */ 1867 1868 /** @defgroup internalPGTStorageFile PGT storage on the filesystem 1869 * @ingroup internalPGTStorage */ 1870 1871 /** @defgroup internalCallback Callback from the CAS server 1872 * @ingroup internalProxy */ 1873 1874 /** @defgroup internalProxyServices Proxy other services 1875 * @ingroup internalProxy */ 1876 1877 /** @defgroup internalService CAS client features (CAS 2.0, Proxied service) 1878 * @ingroup internal */ 1879 1880 /** @defgroup internalConfig Configuration 1881 * @ingroup internal */ 1882 1883 /** @defgroup internalBehave Internal behaviour of phpCAS 1884 * @ingroup internalConfig */ 1885 1886 /** @defgroup internalOutput HTML output 1887 * @ingroup internalConfig */ 1888 1889 /** @defgroup internalLang Internationalization 1890 * @ingroup internalConfig 1891 * 1892 * To add a new language: 1893 * - 1. define a new constant PHPCAS_LANG_XXXXXX in CAS/CAS.php 1894 * - 2. copy any file from CAS/languages to CAS/languages/XXXXXX.php 1895 * - 3. Make the translations 1896 */ 1897 1898 /** @defgroup internalDebug Debugging 1899 * @ingroup internal */ 1900 1901 /** @defgroup internalMisc Miscellaneous 1902 * @ingroup internal */ 1903 1904 // ######################################################################## 1905 // EXAMPLES 1906 1907 /** 1908 * @example example_simple.php 1909 */ 1910 /** 1911 * @example example_service.php 1912 */ 1913 /** 1914 * @example example_service_that_proxies.php 1915 */ 1916 /** 1917 * @example example_service_POST.php 1918 */ 1919 /** 1920 * @example example_proxy_serviceWeb.php 1921 */ 1922 /** 1923 * @example example_proxy_serviceWeb_chaining.php 1924 */ 1925 /** 1926 * @example example_proxy_POST.php 1927 */ 1928 /** 1929 * @example example_proxy_GET.php 1930 */ 1931 /** 1932 * @example example_lang.php 1933 */ 1934 /** 1935 * @example example_html.php 1936 */ 1937 /** 1938 * @example example_pgt_storage_file.php 1939 */ 1940 /** 1941 * @example example_pgt_storage_db.php 1942 */ 1943 /** 1944 * @example example_gateway.php 1945 */ 1946 /** 1947 * @example example_logout.php 1948 */ 1949 /** 1950 * @example example_rebroadcast.php 1951 */ 1952 /** 1953 * @example example_custom_urls.php 1954 */ 1955 /** 1956 * @example example_advanced_saml11.php 1957 */ 1958 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Aug 11 10:00:09 2016 | Cross-referenced by PHPXref 0.7.1 |