This method is used to indicate the start of the execution of a function
in debug mode.
| public static traceBegin ( ) : void | ||
| return | void | |
/**
* Send the request and store the results.
*
* @return bool true on success, false on failure.
*/
protected function sendRequest()
{
phpCAS::traceBegin();
/*********************************************************
* initialize the CURL session
*********************************************************/
$ch = $this->_initAndConfigure();
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
phpCAS::log(var_dump($ch) . ' [' . basename($dbg[0]['file']) . ':' . $dbg[0]['line'] . ']');
/*********************************************************
* Perform the query
*********************************************************/
$buf = curl_exec($ch);
if ($buf === false) {
phpCAS::trace('curl_exec() failed');
$this->storeErrorMessage('CURL error #' . curl_errno($ch) . ': ' . curl_error($ch));
$res = false;
} else {
$this->storeResponseBody($buf);
phpCAS::trace("Response Body: \n" . $buf . "\n");
$res = true;
}
// close the CURL session
curl_close($ch);
phpCAS::traceEnd($res);
return $res;
}
/**
* This method is used to print the HTML output when the user was not
* authenticated.
*
* @param CAS_Client $client phpcas client
* @param string $failure the failure that occured
* @param string $cas_url the URL the CAS server was asked for
* @param bool $no_response the response from the CAS server (other
* parameters are ignored if TRUE)
* @param bool $bad_response bad response from the CAS server ($err_code
* and $err_msg ignored if TRUE)
* @param string $cas_response the response of the CAS server
* @param int $err_code the error code given by the CAS server
* @param string $err_msg the error message given by the CAS server
*/
public function __construct($client, $failure, $cas_url, $no_response, $bad_response = '', $cas_response = '', $err_code = '', $err_msg = '')
{
phpCAS::traceBegin();
$lang = $client->getLangObj();
$client->printHTMLHeader($lang->getAuthenticationFailed());
printf($lang->getYouWereNotAuthenticated(), htmlentities($client->getURL()), $_SERVER['SERVER_ADMIN']);
phpCAS::trace('CAS URL: ' . $cas_url);
phpCAS::trace('Authentication failure: ' . $failure);
if ($no_response) {
phpCAS::trace('Reason: no response from the CAS server');
} else {
if ($bad_response) {
phpCAS::trace('Reason: bad response from the CAS server');
} else {
switch ($client->getServerVersion()) {
case CAS_VERSION_1_0:
phpCAS::trace('Reason: CAS error');
break;
case CAS_VERSION_2_0:
if (empty($err_code)) {
phpCAS::trace('Reason: no CAS error');
} else {
phpCAS::trace('Reason: [' . $err_code . '] CAS error: ' . $err_msg);
}
break;
}
}
phpCAS::trace('CAS response: ' . $cas_response);
}
$client->printHTMLFooter();
phpCAS::traceExit();
}
/**
* Send the request and store the results.
*
* @return bool true on success, false on failure.
*/
protected function sendRequest()
{
phpCAS::traceBegin();
/*********************************************************
* initialize the CURL session
*********************************************************/
$ch = $this->_initAndConfigure();
/*********************************************************
* Perform the query
*********************************************************/
$buf = curl_exec($ch);
if ($buf === false) {
phpCAS::trace('curl_exec() failed');
$this->storeErrorMessage('CURL error #' . curl_errno($ch) . ': ' . curl_error($ch));
$res = false;
} else {
$this->storeResponseBody($buf);
phpCAS::trace("Response Body: \n" . $buf . "\n");
$res = true;
}
// close the CURL session
curl_close($ch);
phpCAS::traceEnd($res);
return $res;
}
/**
* The constructor of the class, should be called only by inherited classes.
*
* @param CAS_Client $cas_parent the CAS _client instance that creates the
* current object.
*
* @return void
*
* @protected
*/
function __construct($cas_parent)
{
phpCAS::traceBegin();
if (!$cas_parent->isProxy()) {
phpCAS::error('defining PGT storage makes no sense when not using a CAS proxy');
}
phpCAS::traceEnd();
}
public function getSambaProxyTicket()
{
phpCAS::traceBegin();
if ($this->hasGot()) {
throw new CAS_OutOfSequenceException('Cannot set the URL, request already sent.');
}
$this->count = 1;
$this->initializeProxyTicket();
phpCAS::traceEnd();
return $this->getProxyTicket();
}
/**
* This method is used to initialize the storage. Halts on error.
*
* @public
*/
function init()
{
phpCAS::traceBegin();
// if the storage has already been initialized, return immediatly
if ($this->isInitialized()) {
return;
}
// call the ancestor's method (mark as initialized)
parent::init();
// try to connect to the database
$this->_link = DB::connect($this->getURL());
if (DB::isError($this->_link)) {
phpCAS::error('could not connect to database (' . DB::errorMessage($this->_link) . ')');
}
var_dump($this->_link);
phpCAS::traceBEnd();
}
/**
* This method is used to add header parameters when rebroadcasting
* pgtIou/pgtId or logoutRequest.
*
* @param String $header Header to send when rebroadcasting.
*
* @return void
*/
public static function addRebroadcastHeader($header)
{
phpCAS::traceBegin();
phpCAS::_validateClientExists();
try {
self::$_PHPCAS_CLIENT->addRebroadcastHeader($header);
} catch (Exception $e) {
phpCAS::error(get_class($e) . ': ' . $e->getMessage());
}
phpCAS::traceEnd();
}
/**
* Validate the proxies from the proxy ticket validation against the
* chains that were definded.
*
* @param array $list List of proxies from the proxy ticket validation.
*
* @return if any chain fully matches the supplied list
*/
public function contains(array $list)
{
phpCAS::traceBegin();
$count = 0;
foreach ($this->_chains as $chain) {
phpCAS::trace("Checking chain " . $count++);
if ($chain->matches($list)) {
phpCAS::traceEnd(true);
return true;
}
}
phpCAS::trace("No proxy chain matches.");
phpCAS::traceEnd(false);
return false;
}
/**
* This method is used to initialize the storage. Halts on error.
*
* @public
*/
function init()
{
phpCAS::traceBegin();
// if the storage has already been initialized, return immediatly
if ($this->isInitialized()) {
return;
}
// call the ancestor's method (mark as initialized)
parent::init();
//include phpDB library (the test was introduced in release 0.4.8 for
//the integration into Tikiwiki).
if (!class_exists('DB')) {
include_once 'DB.php';
}
// try to connect to the database
$this->_link = DB::connect($this->getURL());
if (DB::isError($this->_link)) {
phpCAS::error('could not connect to database (' . DB::errorMessage($this->_link) . ')');
}
var_dump($this->_link);
phpCAS::traceBEnd();
}
/**
* This method reads a PGT corresponding to a PGT Iou and deletes the
* corresponding file.
*
* @param $pgt_iou the PGT iou
*
* @return the corresponding PGT, or FALSE on error
*
* @public
*/
function read($pgt_iou)
{
phpCAS::traceBegin();
$pgt = FALSE;
$fname = $this->getPGTIouFilename($pgt_iou);
if (file_exists($fname)) {
if (!($f = fopen($fname, "r"))) {
phpCAS::trace('could not open `' . $fname . '\'');
} else {
if (($pgt = fgets($f)) === FALSE) {
phpCAS::trace('could not read PGT from `' . $fname . '\'');
}
fclose($f);
}
// delete the PGT file
@unlink($fname);
} else {
phpCAS::trace('No such file `' . $fname . '\'');
}
phpCAS::traceEnd($pgt);
return $pgt;
}
/**
* Parse Cookies without PECL
* From the comments in http://php.net/manual/en/function.http-parse-cookie.php
* @param array $header An array of header lines.
* @param string $defaultDomain The domain to use if none is specified in the cookie.
* @return array of cookies
*/
protected function parseCookieHeaders($header, $defaultDomain)
{
phpCAS::traceBegin();
$cookies = array();
foreach ($header as $line) {
if (preg_match('/^Set-Cookie2?: /i', $line)) {
$cookies[] = $this->parseCookieHeader($line, $defaultDomain);
}
}
phpCAS::traceEnd($cookies);
return $cookies;
}
/**
* This method reads a PGT corresponding to a PGT Iou and deletes the
* corresponding db entry.
*
* @param string $pgt_iou the PGT iou
*
* @return the corresponding PGT, or FALSE on error
*/
public function read($pgt_iou)
{
phpCAS::traceBegin();
$pgt = false;
// initialize the PDO object for this method
$pdo = $this->_getPdo();
$this->_setErrorMode();
try {
$pdo->beginTransaction();
// fetch the pgt for the specified pgt_iou
$query = $pdo->prepare($this->retrievePgtSql());
$query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR);
$query->execute();
$pgt = $query->fetchColumn(0);
$query->closeCursor();
// delete the specified pgt_iou from the database
$query = $pdo->prepare($this->deletePgtSql());
$query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR);
$query->execute();
$query->closeCursor();
$pdo->commit();
} catch (PDOException $e) {
// attempt rolling back the transaction before throwing a phpCAS error
try {
$pdo->rollBack();
} catch (PDOException $e) {
}
phpCAS::trace('error reading PGT from database: ' . $e->getMessage());
}
// reset the PDO object
$this->_resetErrorMode();
phpCAS::traceEnd();
return $pgt;
}
/**
* Change CURL options.
* CURL is used to connect through HTTPS to CAS server
* @param $key the option key
* @param $value the value to set
*/
function setExtraCurlOption($key, $value)
{
global $PHPCAS_CLIENT;
phpCAS::traceBegin();
if (!is_object($PHPCAS_CLIENT)) {
phpCAS::error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
}
$PHPCAS_CLIENT->setExtraCurlOption($key, $value);
phpCAS::traceEnd();
}
/**
* Send the request and store the results.
*
* @return boolean TRUE on success, FALSE on failure.
*/
protected function _sendRequest()
{
phpCAS::traceBegin();
/*********************************************************
* initialize the CURL session
*********************************************************/
$ch = curl_init($this->url);
if (version_compare(PHP_VERSION, '5.1.3', '>=')) {
//only avaible in php5
curl_setopt_array($ch, $this->curlOptions);
} else {
foreach ($this->curlOptions as $key => $value) {
curl_setopt($ch, $key, $value);
}
}
/*********************************************************
* Set SSL configuration
*********************************************************/
if ($this->caCertPath) {
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_CAINFO, $this->caCertPath);
phpCAS::trace('CURL: Set CURLOPT_CAINFO');
} else {
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
}
/*********************************************************
* Configure curl to capture our output.
*********************************************************/
// return the CURL output into a variable
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// get the HTTP header with a callback
curl_setopt($ch, CURLOPT_HEADERFUNCTION, array($this, '_curlReadHeaders'));
/*********************************************************
* Add cookie headers to our request.
*********************************************************/
if (count($this->cookies)) {
$cookieStrings = array();
foreach ($this->cookies as $name => $val) {
$cookieStrings[] = $name . '=' . $val;
}
curl_setopt($ch, CURLOPT_COOKIE, implode(';', $cookieStrings));
}
/*********************************************************
* Add any additional headers
*********************************************************/
if (count($this->headers)) {
curl_setopt($ch, CURLOPT_HTTPHEADER, $this->headers);
}
/*********************************************************
* Flag and Body for POST requests
*********************************************************/
if ($this->isPost) {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $this->postBody);
}
/*********************************************************
* Perform the query
*********************************************************/
$buf = curl_exec($ch);
if ($buf === FALSE) {
phpCAS::trace('curl_exec() failed');
$this->storeErrorMessage('CURL error #' . curl_errno($ch) . ': ' . curl_error($ch));
$res = FALSE;
} else {
$this->storeResponseBody($buf);
phpCAS::trace("Response Body: \n" . $buf . "\n");
$res = TRUE;
}
// close the CURL session
curl_close($ch);
phpCAS::traceEnd($res);
return $res;
}
/**
* Open the IMAP stream (similar to imap_open()).
*
* @return resource Returns an IMAP stream on success
* @throws CAS_OutOfSequenceException If called multiple times.
* @throws CAS_ProxyTicketException If there is a proxy-ticket failure.
* The code of the Exception will be one of:
* PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE
* PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE
* PHPCAS_SERVICE_PT_FAILURE
* @throws CAS_ProxiedService_Exception If there is a failure sending the request to the target service. */
public function open()
{
if ($this->hasBeenOpened()) {
throw new CAS_OutOfSequenceException('Stream already opened.');
}
if (empty($this->_mailbox)) {
throw new CAS_ProxiedService_Exception('You must specify a mailbox via ' . get_class($this) . '->setMailbox($mailbox)');
}
phpCAS::traceBegin();
// Get our proxy ticket and append it to our URL.
$this->initializeProxyTicket();
phpCAS::trace('opening IMAP mailbox `' . $this->_mailbox . '\'...');
$this->_stream = @imap_open($this->_mailbox, $this->_username, $this->getProxyTicket(), $this->_options);
if ($this->_stream) {
phpCAS::trace('ok');
} else {
phpCAS::trace('could not open mailbox');
// @todo add localization integration.
$message = 'IMAP Error: ' . $url . ' ' . var_export(imap_errors(), true);
phpCAS::trace($message);
throw new CAS_ProxiedService_Exception($message);
}
phpCAS::traceEnd();
return $this->_stream;
}
/**
* This method is used to add header parameters when rebroadcasting
* pgtIou/pgtId or logoutRequest.
*
* @param String $header Header to send when rebroadcasting.
*
* @return void
*/
public static function addRebroadcastHeader($header)
{
phpCAS::traceBegin();
if (!is_object(self::$_PHPCAS_CLIENT)) {
phpCAS::error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
}
self::$_PHPCAS_CLIENT->addRebroadcastHeader($header);
phpCAS::traceEnd();
}
/**
* Perform the request.
*
* @return void
* @throws CAS_OutOfSequenceException If called multiple times.
* @throws CAS_ProxyTicketException If there is a proxy-ticket failure.
* The code of the Exception will be one of:
* PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE
* PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE
* PHPCAS_SERVICE_PT_FAILURE
* @throws CAS_ProxiedService_Exception If there is a failure sending the
* request to the target service.
*/
public function send()
{
if ($this->hasBeenSent()) {
throw new CAS_OutOfSequenceException('Cannot send, request already sent.');
}
phpCAS::traceBegin();
// Get our proxy ticket and append it to our URL.
$this->initializeProxyTicket();
$url = $this->getServiceUrl();
if (strstr($url, '?') === false) {
$url = $url . '?ticket=' . $this->getProxyTicket();
} else {
$url = $url . '&ticket=' . $this->getProxyTicket();
}
try {
$this->makeRequest($url);
} catch (Exception $e) {
phpCAS::traceEnd();
throw $e;
}
}
/**
* This method rebroadcasts logout/pgtIou requests. Can be LOGOUT,PGTIOU
*
* @param int $type type of rebroadcasting.
*
* @return void
*/
private function _rebroadcast($type)
{
phpCAS::traceBegin();
$rebroadcast_curl_options = array(CURLOPT_FAILONERROR => 1, CURLOPT_FOLLOWLOCATION => 1, CURLOPT_RETURNTRANSFER => 1, CURLOPT_CONNECTTIMEOUT => 1, CURLOPT_TIMEOUT => 4);
// Try to determine the IP address of the server
if (!empty($_SERVER['SERVER_ADDR'])) {
$ip = $_SERVER['SERVER_ADDR'];
} else {
if (!empty($_SERVER['LOCAL_ADDR'])) {
// IIS 7
$ip = $_SERVER['LOCAL_ADDR'];
}
}
// Try to determine the DNS name of the server
if (!empty($ip)) {
$dns = gethostbyaddr($ip);
}
$multiClassName = 'CAS_Request_CurlMultiRequest';
$multiRequest = new $multiClassName();
for ($i = 0; $i < sizeof($this->_rebroadcast_nodes); $i++) {
if ($this->_getNodeType($this->_rebroadcast_nodes[$i]) == self::HOSTNAME && !empty($dns) && stripos($this->_rebroadcast_nodes[$i], $dns) === false || $this->_getNodeType($this->_rebroadcast_nodes[$i]) == self::IP && !empty($ip) && stripos($this->_rebroadcast_nodes[$i], $ip) === false) {
phpCAS::trace('Rebroadcast target URL: ' . $this->_rebroadcast_nodes[$i] . $_SERVER['REQUEST_URI']);
$className = $this->_requestImplementation;
$request = new $className();
$url = $this->_rebroadcast_nodes[$i] . $_SERVER['REQUEST_URI'];
$request->setUrl($url);
if (count($this->_rebroadcast_headers)) {
$request->addHeaders($this->_rebroadcast_headers);
}
$request->makePost();
if ($type == self::LOGOUT) {
// Logout request
$request->setPostBody('rebroadcast=false&logoutRequest=' . $_POST['logoutRequest']);
} else {
if ($type == self::PGTIOU) {
// pgtIou/pgtId rebroadcast
$request->setPostBody('rebroadcast=false');
}
}
$request->setCurlOptions($rebroadcast_curl_options);
$multiRequest->addRequest($request);
} else {
phpCAS::trace('Rebroadcast not sent to self: ' . $this->_rebroadcast_nodes[$i] . ' == ' . (!empty($ip) ? $ip : '') . '/' . (!empty($dns) ? $dns : ''));
}
}
// We need at least 1 request
if ($multiRequest->getNumRequests() > 0) {
$multiRequest->send();
}
phpCAS::traceEnd();
}
/**
* Set the fixed URL that will be set as the CAS service parameter. When this
* method is not called, a phpCAS script uses its own URL.
*
* @param $url the URL
*/
function setFixedServiceURL($url)
{
global $PHPCAS_CLIENT;
phpCAS::traceBegin();
if (!is_object($PHPCAS_CLIENT)) {
phpCAS::error('this method should only be called after ' . __CLASS__ . '::proxy()');
}
if (gettype($url) != 'string') {
phpCAS::error('type mismatched for parameter $url (should be `string\')');
}
$PHPCAS_CLIENT->setURL($url);
phpCAS::traceEnd();
}
/**
* This method is used to print the HTML output when the user was not authenticated.
*
* @param $failure the failure that occured
* @param $cas_url the URL the CAS server was asked for
* @param $no_response the response from the CAS server (other
* parameters are ignored if TRUE)
* @param $bad_response bad response from the CAS server ($err_code
* and $err_msg ignored if TRUE)
* @param $cas_response the response of the CAS server
* @param $err_code the error code given by the CAS server
* @param $err_msg the error message given by the CAS server
*
* @private
*/
function authError($failure, $cas_url, $no_response, $bad_response = '', $cas_response = '', $err_code = '', $err_msg = '')
{
phpCAS::traceBegin();
$this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_FAILED));
printf($this->getString(CAS_STR_YOU_WERE_NOT_AUTHENTICATED), $this->getURL(), $_SERVER['SERVER_ADMIN']);
phpCAS::trace('CAS URL: ' . $cas_url);
phpCAS::trace('Authentication failure: ' . $failure);
if ($no_response) {
phpCAS::trace('Reason: no response from the CAS server');
} else {
if ($bad_response) {
phpCAS::trace('Reason: bad response from the CAS server');
} else {
switch ($this->getServerVersion()) {
case CAS_VERSION_1_0:
phpCAS::trace('Reason: CAS error');
break;
case CAS_VERSION_2_0:
if (empty($err_code)) {
phpCAS::trace('Reason: no CAS error');
} else {
phpCAS::trace('Reason: [' . $err_code . '] CAS error: ' . $err_msg);
}
break;
}
}
phpCAS::trace('CAS response: ' . $cas_response);
}
$this->printHTMLFooter();
phpCAS::traceExit();
exit;
}
/**
* This method is used to logout from CAS. Halts by redirecting to the CAS server.
* @param $url a URL that will be transmitted to the CAS server (to come back to when logged out)
*/
function logout($url = "")
{
global $PHPCAS_CLIENT;
phpCAS::traceBegin();
if (!is_object($PHPCAS_CLIENT)) {
phpCAS::error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()');
}
$PHPCAS_CLIENT->logout($url);
// never reached
phpCAS::traceEnd();
}
