This method is called to check if the user is authenticated (previously or by
tickets given in the URL).
| public static isAuthenticated ( ) : true | ||
| return | true | when the user is authenticated. |
public static function logout($parameters)
{
if (phpCAS::isAuthenticated()) {
phpCAS::logoutWithRedirectService(OC::$server->getURLGenerator()->getAbsoluteURL(""));
}
return true;
}
function metodillo()
{
$sSQL = "SELECT * FROM PM_PARAMETERS WHERE PRM_ID = 'CAS_URL' ";
$aResSQL = executeQuery($sSQL);
if (count($aResSQL)) {
$sURL = $aResSQL[1]['PRM_VALUE'];
$sURI = $aResSQL[1]['PRM_VALUE_2'];
$res = false;
$RBAC = RBAC::getSingleton();
$RBAC->initRBAC();
require_once 'CAS-1.2.2/CAS.php';
phpCAS::client(CAS_VERSION_2_0, $sURL, 443, $sURI, false);
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
if (phpCAS::isAuthenticated() == true) {
$sCasUser = phpCAS::getUser();
$sSQL = "SELECT USR_UID FROM USERS WHERE USR_USERNAME = '******' ";
$aResSQL = executeQuery($sSQL);
if (count($aResSQL)) {
$nUserId = $aResSQL[1]['USR_UID'];
$RBAC->singleSignOn = true;
$RBAC->userObj->fields['USR_UID'] = $nUserId;
$RBAC->userObj->fields['USR_USERNAME'] = $sCasUser;
$res = true;
} else {
$res = false;
}
} else {
$res = false;
}
} else {
$res = false;
}
return $res;
}
function getAttributes()
{
if (phpCAS::isAuthenticated()) {
return phpCAS::getAttributes();
}
return null;
}
function forceAuth()
{
if (!phpCAS::isAuthenticated()) {
// If they're not currently logged in, take them to the RPI CAS page
phpCAS::forceAuthentication();
}
}
public function get_login()
{
Logger::debug('main', 'AuthMethod_CAS::get_login()');
if (!isset($_SESSION['backup_sso']) || !is_array($_SESSION['backup_sso'])) {
$_SESSION['backup_sso'] = array();
}
foreach ($_REQUEST as $k => $v) {
$_SESSION['backup_sso'][$k] = $v;
}
$buf = $this->prefs->get('AuthMethod', 'CAS');
$CAS_server_url = $buf['user_authenticate_cas_server_url'];
if (!isset($CAS_server_url) || $CAS_server_url == '') {
Logger::error('main', 'AuthMethod_CAS::get_login() - Unable to find CAS server url in Preferences');
return NULL;
}
phpCAS::client(CAS_VERSION_2_0, parse_url($CAS_server_url, PHP_URL_HOST), parse_url($CAS_server_url, PHP_URL_PORT), parse_url($CAS_server_url, PHP_URL_PATH));
Logger::debug('main', 'AuthMethod_CAS::get_login() - Parsing URL - Host:"' . parse_url($CAS_server_url, PHP_URL_HOST) . '" Port:"' . parse_url($CAS_server_url, PHP_URL_PORT) . '" Path:"' . parse_url($CAS_server_url, PHP_URL_PATH) . '"');
phpCAS::setNoCasServerValidation();
if (!phpCAS::forceAuthentication()) {
Logger::error('main', 'AuthMethod_CAS::get_login() - phpCAS::forceAuthentication failed');
return NULL;
}
if (!phpCAS::isAuthenticated()) {
Logger::error('main', 'AuthMethod_CAS::get_login() - phpCAS::isAuthenticated failed');
return NULL;
}
$this->login = phpCAS::getUser();
foreach ($_SESSION['backup_sso'] as $k => $v) {
if (isset($_REQUEST[$k])) {
continue;
}
$_REQUEST[$k] = $v;
}
return $this->login;
}
function getUser()
{
if (phpCAS::isAuthenticated()) {
return phpCAS::getUser();
}
return null;
}
public function checkAuthentication()
{
if (phpCAS::isAuthenticated() && !AuthCookie::hasAuthCookie()) {
$this->loginCallback();
}
// force CAS authentication
phpCAS::forceAuthentication();
}
public function checkAuthentication()
{
if (phpCAS::isAuthenticated() && !Auth::isValidCookie(Auth::getCookieInfo(APP_COOKIE))) {
$this->loginCallback();
}
// force CAS authentication
$auth = phpCAS::forceAuthentication();
}
/**
* Collect any tokens that the user may have supplied. Reply NULL if none
* are found.
*
* @return mixed
* @access public
* @since 3/16/05
*/
function collect()
{
if (phpCAS::isAuthenticated()) {
return phpCAS::getUser();
} else {
return null;
}
}
public function checkPassword($uid, $password)
{
if (!phpCAS::isAuthenticated()) {
return false;
}
$uid = phpCAS::getUser();
return $uid;
}
function logout($user)
{
$this->initializeCASClient();
// Force CAS logout if required
if (phpCAS::isAuthenticated()) {
phpCAS::logout();
}
return parent::logout();
}
public function Login($username, $loginContext)
{
Log::Debug('Attempting CAS login for username: %s', $username);
$isAuth = phpCAS::isAuthenticated();
Log::Debug('CAS is auth ok: %s', $isAuth);
$username = phpCAS::getUser();
$this->Synchronize($username);
return $this->authToDecorate->Login($username, $loginContext);
}
function check_auth()
{
if (!isset($GLOBALS['PHPCAS_CLIENT'])) {
phpCAS::client(CAS_VERSION_2_0, 'cas.byu.edu', 443, 'cas');
//phpCAS::setCasServerCACert("../CAS/cas_ca.pem");
phpCAS::setNoCasServerValidation();
phpCAS::setDebug("cas_error.txt");
phpCAS::handleLogoutRequests(true, array('cas.byu.edu', 'cas1.byu.edu', 'cas2.byu.edu', 'cas3.byu.edu'));
}
return phpCAS::isAuthenticated();
}
public static function isAuthenticated()
{
if (self::$_user) {
return self::$_user;
}
self::init();
if (true === ($result = phpCAS::isAuthenticated())) {
$result = phpCAS::getUser();
}
session_write_close();
return $result;
}
/**
* Logout execution method. Initializes CAS client and force logout if required before returning to parent logout method.
*
* @param mixed $url Optional URL to redirect the user to after logout
* @return string AuthComponent::$loginAction
* @see AuthComponent::$loginAction
* @access public
*/
function logout()
{
// Set debug mode
phpCAS::setDebug(false);
//Initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, Configure::read('CAS.hostname'), Configure::read('CAS.port'), Configure::read('CAS.uri'), true);
// No SSL validation for the CAS server
phpCAS::setNoCasServerValidation();
// Force CAS logout if required
if (phpCAS::isAuthenticated()) {
phpCAS::logout(array('url' => 'http://www.cakephp.org'));
// Provide login url for your application
}
return parent::logout();
}
protected function casUser()
{
$cas_host = \Config::get('app.cas_host');
$cas_context = \Config::get('app.cas_context');
$cas_port = \Config::get('app.cas_port');
\phpCAS::setDebug();
\phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);
\phpCAS::setNoCasServerValidation();
if (\phpCAS::isAuthenticated()) {
$attributes = array('id' => \phpCAS::getUser(), 'name' => \phpCAS::getUser());
return new GenericUser($attributes);
} else {
\phpCAS::setServerURL(\Config::get('app.url'));
\phpCAS::forceAuthentication();
}
return null;
}
public function logout($user)
{
if (phpCAS::isAuthenticated()) {
//Step 1. When the client clicks logout, this will run.
// phpCAS::logout will redirect the client to the CAS server.
// The CAS server will, in turn, redirect the client back to
// this same logout URL.
//
// phpCAS will stop script execution after it sends the redirect
// header, which is a problem because CakePHP still thinks the
// user is logged in. See Step 2.
$current_url = Router::url(null, true);
phpCAS::logout(array('url' => $current_url));
} else {
//Step 2. This will run when the CAS server has redirected the client
// back to us. Do nothing in this method, then after this method
// returns CakePHP will do whatever is necessary to log the user
// out from its end (destroying the session or whatever).
}
}
public function triggerAuth($service_url = null)
{
self::buildClient($this->config->get('cas-hostname'), $this->config->get('cas-port'), $this->config->get('cas-context'));
// Force set the CAS service URL to the osTicket login page.
if ($service_url) {
phpCAS::setFixedServiceURL($service_url);
}
// Verify the CAS server's certificate, if configured.
if ($this->config->get('cas-ca-cert-path')) {
phpCAS::setCasServerCACert($this->config->get('cas-ca-cert-path'));
} else {
phpCAS::setNoCasServerValidation();
}
// Trigger authentication and set the user fields when validated.
if (!phpCAS::isAuthenticated()) {
phpCAS::forceAuthentication();
} else {
$this->setUser();
$this->setEmail();
$this->setName();
}
}
</head>
<body>
<img border="0" src="banner.jpg" width="100%" height="150">
<link href="bootstrap.css" rel="stylesheet">
<ul class="nav nav-pills">
<li><a href="main.php">Home</a></li>
<li><a href="info.php">Info</a></li>
<li><a href="add.php">Add</a></li>
<li><a href="report.php">Report</a></li>
<li><a href="course.php">Course</a></li>
<li><a href="section.php">Section</a></li>
<li><a href="faculty.php">Faculty</a></li>
<li class="active"><a href="partner.php">Partner</a></li>
<li><a href="project.php">Project</a></li>
<?php
if (phpCAS::isAuthenticated()) {
echo '<li><a>You are logged in as <font color="red">' . $casuser . '</font></li></a>';
echo '<li><a href="?logout">(Logout)</li></a>';
} else {
echo '<li><a href="login.php">Login</li></a>';
}
?>
<li>
<form action="keyword.php" method=POST>
<input type=text align="center" style="width: 25em" name="keyword" placeholder="Search...">
<input type="submit" name="ksearch" value="Search">
<br>
<font color="white">
<input type="checkbox" name="searchTables[]" value="section" checked>Section
<input type="checkbox" name="searchTables[]" value="faculty" checked>Faculty
<input type="checkbox" name="searchTables[]" value="project" checked>Projects
/**
* @brief 判断用户是否登录接口
*
* @return 已登录-用户登录的账户名string 未登录-false
* @retval string/boolean
* @author chenyijie
* @date 2012/09/28 22:18:27
**/
public static function isAuthenticated()
{
if (!self::init()) {
return false;
}
$result = phpCAS::isAuthenticated();
if ($result === true) {
$result = phpCAS::getUser();
}
session_write_close();
return $result;
}
/**
* Validate the login using CAS
*/
function validate_login($null, $username, $password)
{
if (!$this->cas_configured) {
die('Error. Cas not configured and I was unable to redirect you to wp-login. Use define("WPCAS_BYPASS",true); in your wp-config.php
to bypass wpCAS');
}
phpCAS::forceAuthentication();
// might as well be paranoid
if (!phpCAS::isAuthenticated()) {
exit;
}
$username = phpCAS::getUser();
$password = md5($username . 'wpCASAuth!"#$"!$!"%$#"%#$' . rand() . $this->generateRandomString(20));
$user = get_user_by('login', $username);
if ($user) {
if (is_multisite()) {
if ($this->canUserRegister($username) && !is_user_member_of_blog($user->ID, get_current_blog_id())) {
$nextrole = $this->canUserRegister($username);
add_user_to_blog(get_current_blog_id(), $user->ID, $nextrole);
}
}
return $user;
}
/** Register a new user, if it is allowed */
if ($user_role = $this->canUserRegister($username)) {
$user_email = '';
$email_registration = $this->settings['e-mail_registration'];
//How does the site is configured to get the email?
switch ($email_registration) {
case 2:
//Using sufix
$user_email = $username . '@' . $this->settings['email_suffix'];
break;
case 3:
//Using LDAP
/*fetch user email from ldap*/
$ds = ldap_connect($this->settings['ldap_server']);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $this->settings['ldap_protocol']);
ldap_set_option($ds, LDAP_OPT_RESTART, TRUE);
$r = ldap_bind($ds, $this->settings['ldap_username_rdn'], $this->settings['ldap_password']);
$list = ldap_list($ds, $this->settings['ldap_basedn'], "uid={$username}");
if ($list !== FALSE) {
$result = ldap_get_entries($ds, $list);
if ($result['count'] > 0) {
$result = $result[0];
if (isset($result['mail']) && is_array($result['mail'])) {
$user_email = $result['mail'][0];
}
if (isset($result['displayname']) && is_array($result['displayname'])) {
$user_realname = $result['displayname'][0];
$exploded_name = explode(' ', $user_realname);
$firstname = $exploded_name[0];
$lastname = end($exploded_name);
}
}
}
break;
default:
//No email predition
break;
}
$user_info = array();
$user_info['user_pass'] = $password;
$user_info['user_email'] = $user_email;
$user_info['user_login'] = $username;
$user_info['display_name'] = $user_realname;
$user_info['first_name'] = $firstname;
$user_info['last_name'] = $lastname;
//Verify if we need to add user to a specified role
if (!is_bool($user_role)) {
$user_info['role'] = $user_role;
}
if (!is_wp_error(wp_insert_user($user_info))) {
$send_user = !empty($user_info['user_email']);
//False, if user has no email
if (!isset($user_info['role']) && $this->settings['wait_mail']['send_user']) {
//If user has no role and is allowed to send wait mail to user
$this->processMailing(WPCAS_WAITACCESS_MAIL, $user_info, $send_user);
} else {
if (!isset($user_info['role']) && !$this->settings['wait_mail']['send_user']) {
//Otherwise, if has no role and we don't want a wait for access mail, send the welcome mail
$this->processMailing(WPCAS_WELCOME_MAIL, $user_info, $send_user);
} else {
//In any other case, send a Welcome Mail
$this->processMailing(WPCAS_WELCOME_MAIL, $user_info, $send_user);
}
}
$user = get_user_by('login', $username);
if (!isset($user_info['user_role'])) {
update_user_meta($user->ID, '_wpcas_waiting', true);
}
return $user;
}
} else {
$caserror_file = get_template_directory() . '/cas_error.php';
include file_exists($caserror_file) ? $caserror_file : "cas_error.php";
exit;
}
}
/**
* Attempt a login
*
* @param int iOnExit What action to take if the user is not logged on (one of the class constants EXIT_...)
* @return int One of the class constants EXIT_CODE_...
*/
protected static function Login($iOnExit)
{
if (self::SecureConnectionRequired() && !utils::IsConnectionSecure()) {
// Non secured URL... request for a secure connection
throw new Exception('Secure connection required!');
}
$aAllowedLoginTypes = MetaModel::GetConfig()->GetAllowedLoginTypes();
if (isset($_SESSION['auth_user'])) {
//echo "User: "******"\n";
// Already authentified
UserRights::Login($_SESSION['auth_user']);
// Login & set the user's language
return self::EXIT_CODE_OK;
} else {
$index = 0;
$sLoginMode = '';
$sAuthentication = 'internal';
while ($sLoginMode == '' && $index < count($aAllowedLoginTypes)) {
$sLoginType = $aAllowedLoginTypes[$index];
switch ($sLoginType) {
case 'cas':
utils::InitCASClient();
// check CAS authentication
if (phpCAS::isAuthenticated()) {
$sAuthUser = phpCAS::getUser();
$sAuthPwd = '';
$sLoginMode = 'cas';
$sAuthentication = 'external';
}
break;
case 'form':
// iTop standard mode: form based authentication
$sAuthUser = utils::ReadPostedParam('auth_user', '', false, 'raw_data');
$sAuthPwd = utils::ReadPostedParam('auth_pwd', null, false, 'raw_data');
if ($sAuthUser != '' && $sAuthPwd !== null) {
$sLoginMode = 'form';
}
break;
case 'basic':
// Standard PHP authentication method, works with Apache...
// Case 1) Apache running in CGI mode + rewrite rules in .htaccess
if (isset($_SERVER['HTTP_AUTHORIZATION']) && !empty($_SERVER['HTTP_AUTHORIZATION'])) {
list($sAuthUser, $sAuthPwd) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
$sLoginMode = 'basic';
} else {
if (isset($_SERVER['PHP_AUTH_USER'])) {
$sAuthUser = $_SERVER['PHP_AUTH_USER'];
// Unfortunately, the RFC is not clear about the encoding...
// IE and FF supply the user and password encoded in ISO-8859-1 whereas Chrome provides them encoded in UTF-8
// So let's try to guess if it's an UTF-8 string or not... fortunately all encodings share the same ASCII base
if (!self::LooksLikeUTF8($sAuthUser)) {
// Does not look like and UTF-8 string, try to convert it from iso-8859-1 to UTF-8
// Supposed to be harmless in case of a plain ASCII string...
$sAuthUser = iconv('iso-8859-1', 'utf-8', $sAuthUser);
}
$sAuthPwd = $_SERVER['PHP_AUTH_PW'];
if (!self::LooksLikeUTF8($sAuthPwd)) {
// Does not look like and UTF-8 string, try to convert it from iso-8859-1 to UTF-8
// Supposed to be harmless in case of a plain ASCII string...
$sAuthPwd = iconv('iso-8859-1', 'utf-8', $sAuthPwd);
}
$sLoginMode = 'basic';
}
}
break;
case 'external':
// Web server supplied authentication
$bExternalAuth = false;
$sExtAuthVar = MetaModel::GetConfig()->GetExternalAuthenticationVariable();
// In which variable is the info passed ?
eval('$sAuthUser = isset(' . $sExtAuthVar . ') ? ' . $sExtAuthVar . ' : false;');
// Retrieve the value
if ($sAuthUser && strlen($sAuthUser) > 0) {
$sAuthPwd = '';
// No password in this case the web server already authentified the user...
$sLoginMode = 'external';
$sAuthentication = 'external';
}
break;
case 'url':
// Credentials passed directly in the url
$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data');
$sAuthPwd = utils::ReadParam('auth_pwd', null, false, 'raw_data');
if ($sAuthUser != '' && $sAuthPwd !== null) {
$sLoginMode = 'url';
}
break;
}
$index++;
}
//echo "\nsLoginMode: $sLoginMode (user: $sAuthUser / pwd: $sAuthPwd\n)";
if ($sLoginMode == '') {
// First connection
$sDesiredLoginMode = utils::ReadParam('login_mode');
if (in_array($sDesiredLoginMode, $aAllowedLoginTypes)) {
$sLoginMode = $sDesiredLoginMode;
} else {
$sLoginMode = $aAllowedLoginTypes[0];
// First in the list...
}
if (array_key_exists('HTTP_X_COMBODO_AJAX', $_SERVER)) {
// X-Combodo-Ajax is a special header automatically added to all ajax requests
// Let's reply that we're currently logged-out
header('HTTP/1.0 401 Unauthorized');
exit;
}
if ($iOnExit == self::EXIT_HTTP_401 || $sLoginMode == 'basic') {
header('WWW-Authenticate: Basic realm="' . Dict::Format('UI:iTopVersion:Short', ITOP_VERSION));
header('HTTP/1.0 401 Unauthorized');
header('Content-type: text/html; charset=iso-8859-1');
exit;
} else {
if ($iOnExit == self::EXIT_RETURN) {
if ($sAuthUser !== '' && $sAuthPwd === null) {
return self::EXIT_CODE_MISSINGPASSWORD;
} else {
return self::EXIT_CODE_MISSINGLOGIN;
}
} else {
$oPage = self::NewLoginWebPage();
$oPage->DisplayLoginForm($sLoginMode, false);
$oPage->output();
exit;
}
}
} else {
if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, $sLoginMode, $sAuthentication)) {
//echo "Check Credentials returned false for user $sAuthUser!";
self::ResetSession();
if ($iOnExit == self::EXIT_HTTP_401 || $sLoginMode == 'basic') {
header('WWW-Authenticate: Basic realm="' . Dict::Format('UI:iTopVersion:Short', ITOP_VERSION));
header('HTTP/1.0 401 Unauthorized');
header('Content-type: text/html; charset=iso-8859-1');
exit;
} else {
if ($iOnExit == self::EXIT_RETURN) {
return self::EXIT_CODE_WRONGCREDENTIALS;
} else {
$oPage = self::NewLoginWebPage();
$oPage->DisplayLoginForm($sLoginMode, true);
$oPage->output();
exit;
}
}
} else {
// User is Ok, let's save it in the session and proceed with normal login
UserRights::Login($sAuthUser, $sAuthentication);
// Login & set the user's language
if (MetaModel::GetConfig()->Get('log_usage')) {
$oLog = new EventLoginUsage();
$oLog->Set('userinfo', UserRights::GetUser());
$oLog->Set('user_id', UserRights::GetUserObject()->GetKey());
$oLog->Set('message', 'Successful login');
$oLog->DBInsertNoReload();
}
$_SESSION['auth_user'] = $sAuthUser;
$_SESSION['login_mode'] = $sLoginMode;
UserRights::_InitSessionCache();
}
}
}
return self::EXIT_CODE_OK;
}
/**
* Authentication choice (CAS or other)
* Redirection to the CAS form or to login/index.php
* for other authentication
*/
function loginpage_hook()
{
global $frm;
global $CFG;
global $SESSION, $OUTPUT, $PAGE;
$site = get_site();
$CASform = get_string('CASform', 'auth_cas');
$username = optional_param('username', '', PARAM_RAW);
$courseid = optional_param('courseid', 0, PARAM_INT);
if (!empty($username)) {
if (isset($SESSION->wantsurl) && (strstr($SESSION->wantsurl, 'ticket') || strstr($SESSION->wantsurl, 'NOCAS'))) {
unset($SESSION->wantsurl);
}
return;
}
// Return if CAS enabled and settings not specified yet
if (empty($this->config->hostname)) {
return;
}
// If the multi-authentication setting is used, check for the param before connecting to CAS.
if ($this->config->multiauth) {
// If there is an authentication error, stay on the default authentication page.
if (!empty($SESSION->loginerrormsg)) {
return;
}
$authCAS = optional_param('authCAS', '', PARAM_RAW);
if ($authCAS == 'NOCAS') {
return;
}
// Show authentication form for multi-authentication.
// Test pgtIou parameter for proxy mode (https connection in background from CAS server to the php server).
if ($authCAS != 'CAS' && !isset($_GET['pgtIou'])) {
$PAGE->set_url('/login/index.php');
$PAGE->navbar->add($CASform);
$PAGE->set_title("{$site->fullname}: {$CASform}");
$PAGE->set_heading($site->fullname);
echo $OUTPUT->header();
include $CFG->dirroot . '/auth/cas/cas_form.html';
echo $OUTPUT->footer();
exit;
}
}
// Connection to CAS server
$this->connectCAS();
if (phpCAS::checkAuthentication()) {
$frm = new stdClass();
$frm->username = phpCAS::getUser();
$frm->password = '******';
// Redirect to a course if multi-auth is activated, authCAS is set to CAS and the courseid is specified.
if ($this->config->multiauth && !empty($courseid)) {
redirect(new moodle_url('/course/view.php', array('id' => $courseid)));
}
return;
}
if (isset($_GET['loginguest']) && $_GET['loginguest'] == true) {
$frm = new stdClass();
$frm->username = '******';
$frm->password = '******';
return;
}
// Force CAS authentication (if needed).
if (!phpCAS::isAuthenticated()) {
phpCAS::setLang($this->config->language);
phpCAS::forceAuthentication();
}
}
public static function is_authenticated()
{
return phpCAS::isAuthenticated();
}
public static function logout($parameters)
{
if (\OC::$server->getConfig()->getAppValue('user_cas', 'cas_disable_logout', false)) {
return true;
}
$casBackend = OC_USER_CAS::getInstance();
if (phpCAS::isAuthenticated()) {
phpCAS::logout();
}
return true;
}
/**
* Authentication choice (CAS or other)
* Redirection to the CAS form or to login/index.php
* for other authentication
*/
function loginpage_hook()
{
global $frm;
global $CFG;
global $SESSION, $OUTPUT, $PAGE;
$site = get_site();
$CASform = get_string('CASform', 'auth_cas');
$username = optional_param('username', '', PARAM_RAW);
if (!empty($username)) {
if (isset($SESSION->wantsurl) && (strstr($SESSION->wantsurl, 'ticket') || strstr($SESSION->wantsurl, 'NOCAS'))) {
unset($SESSION->wantsurl);
}
return;
}
// Return if CAS enabled and settings not specified yet
if (empty($this->config->hostname)) {
return;
}
// Connection to CAS server
$this->connectCAS();
if (phpCAS::checkAuthentication()) {
$frm = new stdClass();
$frm->username = phpCAS::getUser();
$frm->password = '******';
return;
}
if (isset($_GET['loginguest']) && $_GET['loginguest'] == true) {
$frm = new stdClass();
$frm->username = '******';
$frm->password = '******';
return;
}
if ($this->config->multiauth) {
$authCAS = optional_param('authCAS', '', PARAM_RAW);
if ($authCAS == 'NOCAS') {
return;
}
// Show authentication form for multi-authentication
// test pgtIou parameter for proxy mode (https connection
// in background from CAS server to the php server)
if ($authCAS != 'CAS' && !isset($_GET['pgtIou'])) {
$PAGE->set_url('/login/index.php');
$PAGE->navbar->add($CASform);
$PAGE->set_title("{$site->fullname}: {$CASform}");
$PAGE->set_heading($site->fullname);
echo $OUTPUT->header();
include $CFG->dirroot . '/auth/cas/cas_form.html';
echo $OUTPUT->footer();
exit;
}
}
// Force CAS authentication (if needed).
if (!phpCAS::isAuthenticated()) {
phpCAS::setLang($this->config->language);
phpCAS::forceAuthentication();
}
}
public function getIsGuest()
{
$this->isGuest = !\phpCAS::isAuthenticated() || \yii::$app->user->identity == null;
return $this->isGuest;
}
public function checkPassword($uid, $password)
{
if (!self::initialized_php_cas()) {
return false;
}
if (!phpCAS::isAuthenticated()) {
return false;
}
$uid = phpCAS::getUser();
if ($uid === false) {
OC_Log::write('cas', 'phpCAS return no user !', OC_Log::ERROR);
return false;
}
if ($this->initializeLdapBackendAdapter()) {
OC_Log::write('cas', "Search CAS user '{$uid}' in LDAP", OC_Log::DEBUG);
//Retrieve user in LDAP directory
$ocname = $this->ldapBackendAdapter->getUuid($uid);
if ($uid !== false && $ocname !== false) {
OC_Log::write('cas', "Found CAS user '{$uid}' in LDAP with name '{$ocname}'", OC_Log::DEBUG);
return $ocname;
}
}
return $uid;
}
/**
* Connect the user or the organization automatically if possible,
* ask for method to connect otherwise.
*
* @Route("/user", name="user_connect")
* @Template()
*/
public function connectAction()
{
if ($this->getUserLayer()->isConnected()) {
return $this->redirect($this->generateUrl('homepage'));
}
if ($this->get('session')->has('etu.last_url')) {
$this->get('session')->set('etu.login_target', $this->get('session')->get('etu.last_url'));
} else {
$this->get('session')->set('etu.login_target', $this->generateUrl('homepage'));
}
if ($this->getKernel()->getEnvironment() != 'test') {
$this->initializeCAS();
\phpCAS::setNoCasServerValidation();
if (\phpCAS::isAuthenticated()) {
// Try to connect user automatically
$login = \phpCAS::getUser();
$em = $this->getDoctrine()->getManager();
$user = $em->getRepository('EtuUserBundle:User')->findOneBy(array('login' => $login));
if ($user && $user->getIsBanned()) {
$this->get('session')->getFlashBag()->set('message', array('type' => 'error', 'message' => 'Vous avez été banni d\'EtuUTT.'));
return $this->redirect($this->generateUrl('homepage'));
}
// If the user can't be loaded from database, we try for an organization
if (!$user) {
$orga = $em->getRepository('EtuUserBundle:Organization')->findOneBy(array('login' => $login));
if ($orga) {
$user = $orga;
}
}
// If the user can't be loaded even as organization, we try using LDAP
if (!$user) {
/** @var $ldap LdapManager */
$ldap = $this->get('etu.user.ldap');
$ldapUser = $ldap->getUser($login);
// If we can't use a classic user, try with an organization
if (!$ldapUser) {
$ldapUser = $ldap->getOrga($login);
}
// We caught a user that is not in the database : we import it !
if ($ldapUser instanceof User) {
$import = new ElementToImport($this->getDoctrine(), $ldapUser);
$user = $import->import(true);
} elseif ($ldapUser instanceof Organization) {
$this->get('session')->getFlashBag()->set('message', array('type' => 'error', 'message' => 'user.auth.connect.orga_exists_ldap'));
return $this->redirect($this->generateUrl('homepage'));
}
}
if ($user instanceof \Etu\Core\UserBundle\Entity\User) {
$this->createSession(Session::TYPE_USER, $user);
// Remove BuckUTT cookie
$this->get('session')->remove(SoapManager::cookie_name);
$this->get('session')->getFlashBag()->set('message', array('type' => 'success', 'message' => 'user.auth.connect.confirm'));
if (in_array($user->getLanguage(), $this->container->getParameter('etu.translation.languages'))) {
$this->get('session')->set('_locale', $user->getLanguage());
}
if ($this->get('session')->has('etu.login_target')) {
return $this->redirect($this->get('session')->get('etu.login_target'));
} else {
return $this->redirect($this->generateUrl('homepage'));
}
} elseif ($user instanceof \Etu\Core\UserBundle\Entity\Organization) {
$this->createSession(Session::TYPE_ORGA, $user);
// Remove BuckUTT cookie
$this->get('session')->remove(SoapManager::cookie_name);
$this->get('session')->getFlashBag()->set('message', array('type' => 'success', 'message' => 'user.auth.connect.confirm'));
if ($this->get('session')->has('etu.login_target')) {
return $this->redirect($this->get('session')->get('etu.login_target'));
} else {
return $this->redirect($this->generateUrl('homepage'));
}
}
}
}
// If we can't auto-connect, we ask for the method
return array();
}
public static function logout($parameters)
{
if (phpCAS::isAuthenticated()) {
\OCP\Util::writeLog('user_cas', "Deconexion", \OCP\Util::DEBUG);
//phpCAS::logoutWithUrl('www.univ-amu.fr');
phpCAS::logout();
}
return true;
}
