function getConnexionBar() { if (CASUser::checkAuth()) { $service = SITE_CAS_CONNEXIONBAR_URL; phpCAS::serviceWeb($service, $err_code, $output); $xml = simplexml_load_string($output); $result = $xml->xpath('/reportoutput/reportdata'); return html_entity_decode($result[0]->asXML()); } else { return ""; } }
function getConnexionBar() { if (CASUser::checkAuth()) { $service = SITE_CAS_CONNEXIONBAR_URL; phpCAS::serviceWeb($service, $err_code, $output); $xml = simplexml_load_string($output); $result = $xml->xpath('/reportoutput/reportdata'); return str_replace("https://signin.mygcx.org/cas/logout", "https://intranet.campusforchrist.org/index.php?p_Mod=Logout", html_entity_decode($result[0]->asXML())); } else { return ""; } }
/** * function __construct * This is the class constructor for Viewer class * Initialize a Viewer and determine if they are properly authenticated. * <pre><code> * Save the DB connection Info * If no session ID is set then * set the Session ID to empty string * end if * Get current viewer ID from session ID * If viewer ID is empty then * if isDestroySession is set then * Destroy the Session * end if * initialize Empty UnAuthorized Viewer ID * else * User Credientials are valid so ... * Mark as Valid Authentication * * Prepare an SQL statement to lookup the viewer info from the DB * Now load the Data from the DB * end if * </pre> * @param $isDestroySession [BOOL] Should we destroy the session data if not authenticated? * @param $dbName [STRING] The name of the database the viewer info is stored in * @param $dbPath [STRING] The path of the database the viewer info is stored in * @param $dbUser [STRING] The login ID for the database the viewer info is stored in * @param $dbPassword [STRING] The password of the database the viewer info is stored in */ function __construct($isDestroySession = true, $dbName = SITE_DB_NAME, $dbPath = SITE_DB_PATH, $dbUser = SITE_DB_USER, $dbPassword = SITE_DB_PWORD) { // if no session ID is set then if (!isset($_SESSION[SESSION_ID_ID])) { // set the Session ID to empty string $_SESSION[SESSION_ID_ID] = ''; } if ($_SESSION[SESSION_ID_ID] == '') { $_SESSION[SESSION_ID_ID] = 0; } // Get current viewer ID from session ID $this->viewerID = $_SESSION[SESSION_ID_ID]; // attempt to load a viewerManager object with current viewerID $this->viewerManager = new RowManager_ViewerManager($this->viewerID); if ($this->viewerManager->isLoaded()) { // Update current Session ID with current ViewerID $_SESSION[SESSION_ID_ID] = $this->viewerID; if ($this->viewerManager->isActive()) { $this->isAuthenticated = true; } else { $this->isAuthenticated = false; } } else { // Info not stored in session, get from GCX $this->isAuthenticated = false; if (CASUser::checkAuth()) { if (!empty($_SESSION['phpCAS']['guid'])) { if ($this->validateLogin($_SESSION['phpCAS']['guid'])) { // a user with this GUID exists in our system $this->isAuthenticated = true; } else { // code added by Russ September 11, 2009 // a user with this GUID does not exist in our system - create them $guid = $_SESSION['phpCAS']['guid']; // echo "The GUID[".$guid."]<br/>"; $gcxUsername = $_SESSION['phpCAS']['user']; // echo "The gcxUsername[".$gcxUsername."]<br/>"; // the gcxUsername is (supposed to be) an email // check to see if there is a cim_hrdb_person record with this email // the comparison needs to be case insensitive (since mysql is insensitive by default, no special doctoring is needed) // search for person record $personManager = new RowManager_PersonManager(); $foundPerson = $personManager->loadByEmail($gcxUsername); // get the personID of the person that was searched $personID = $personManager->getID(); // if record does not exist // create one // update the personID if (!$foundPerson) { // create a new person record $newpersonManager = new RowManager_PersonManager(); $newpersonManager->setEmail($gcxUsername); $newpersonManager->createNewEntry(); $personID = $newpersonManager->getID(); } // link the personID to the GUID/viewer in the cim_hrdb_access table // first, check to see if any entry already exists in the access table // if foundPerson is true above, it's possible (may have been linked to old viewer/username but not promoted to GCX account yet) $accessManager = new RowManager_AccessManager(); $accessEntryFound = $accessManager->loadByPersonID($personID); $viewerID = -1; $createNewViewer = true; if ($accessEntryFound) { $viewerID = $accessManager->getViewerID(); $viewerManager = new RowManager_ViewerManager($viewerID); // double check to make sure the viewer referenced in the access table actually exists $viewerAlreadyExists = $viewerManager->isLoaded(); if ($viewerAlreadyExists) { // no need to create a new viewer $createNewViewer = false; // update the existing viewer with the GUID and gcxUsername $viewerManager->setGUID($guid); $viewerManager->setUserID($gcxUsername); $viewerManager->setLastLogin(); $viewerManager->updateDBTable(); } // viewerAlreadyExists } // accessEntryFound if ($createNewViewer) { // create new viewer (user) $newviewerManager = new RowManager_ViewerManager(); $newviewerManager->setPassWord('xxx'); $newviewerManager->setUserID($gcxUsername); $newviewerManager->setLanguageID(1); // english // TODO this value should not be hard-coded for the account group $newviewerManager->setAccountGroupID(15); // the 'unknown' group $newviewerManager->setIsActive(true); $newviewerManager->setGUID($guid); $newviewerManager->setLastLogin(); $newviewerManager->createNewEntry(); $viewerID = $newviewerManager->getID(); // get the ID of the newly created viewer if ($accessEntryFound) { // update the access table to reference the newly created viewer for the persoa // this is the case where an access table entry may have been orphaned due to the deletion of a viewer $accessManager->setViewerID($viewerID); $accessManager->updateDBTable(); } else { // create an access table entry $newaccessManager = new RowManager_AccessManager(); $newaccessManager->setViewerID($viewerID); $newaccessManager->setPersonID($personID); $newaccessManager->createNewEntry(); } } // put into the 'all' access group $viewerAccessGroupManager = new RowManager_ViewerAccessGroupManager(); $viewerAccessGroupManager->setViewerID($viewerID); $viewerAccessGroupManager->setAccessGroupID(ALL_ACCESS_GROUP); // add to the 'all' access group $viewerAccessGroupManager->createNewEntry(); // Debugging code added by Russ Martin // echo "validate login failed<br/>"; // echo "<pre>".print_r($_SESSION,true)."</pre>"; // try again to see if everything updated correctly if ($this->validateLogin($guid)) { // a user/viewer with this GUID now exists in our system $this->isAuthenticated = true; } else { echo "Something has gone wrong: gcxUsername[" . $gcxUsername . "], guid[" . $guid . "]<br/>"; } } } else { // Debugging code added by Russ Martin // echo "session variable for storing GUID is empty<br/>"; } } else { // Debugging code added by Russ Martin // echo "CASUser::checkAuth() failed<br/>"; } } // set hasSession $this->hasSession = $this->viewerID != ''; // if no session if (!$this->hasSession) { // User Credentials are invalid so // if they want me to destroy the session then if ($isDestroySession == true) { // Remove session // session_destroy(); } } }
<?php require "General/gen_Includes.php"; CASUser::setup("/var/www/campus/dev.intranet.campusforchrist.org/callback.log"); CASUser::checkAuth();