/**
* This method is used to print the HTML output when the user was not authenticated.
*
* @param $client phpcas client
* @param $failure the failure that occured
* @param $cas_url the URL the CAS server was asked for
* @param $no_response the response from the CAS server (other
* parameters are ignored if TRUE)
* @param $bad_response bad response from the CAS server ($err_code
* and $err_msg ignored if TRUE)
* @param $cas_response the response of the CAS server
* @param $err_code the error code given by the CAS server
* @param $err_msg the error message given by the CAS server
*/
public function __construct($client, $failure, $cas_url, $no_response, $bad_response = '', $cas_response = '', $err_code = '', $err_msg = '')
{
phpCAS::traceBegin();
$client->printHTMLHeader($client->getString(CAS_STR_AUTHENTICATION_FAILED));
printf($client->getString(CAS_STR_YOU_WERE_NOT_AUTHENTICATED), htmlentities($client->getURL()), $_SERVER['SERVER_ADMIN']);
phpCAS::trace('CAS URL: ' . $cas_url);
phpCAS::trace('Authentication failure: ' . $failure);
if ($no_response) {
phpCAS::trace('Reason: no response from the CAS server');
} else {
if ($bad_response) {
phpCAS::trace('Reason: bad response from the CAS server');
} else {
switch ($client->getServerVersion()) {
case CAS_VERSION_1_0:
phpCAS::trace('Reason: CAS error');
break;
case CAS_VERSION_2_0:
if (empty($err_code)) {
phpCAS::trace('Reason: no CAS error');
} else {
phpCAS::trace('Reason: [' . $err_code . '] CAS error: ' . $err_msg);
}
break;
}
}
phpCAS::trace('CAS response: ' . $cas_response);
}
$client->printHTMLFooter();
phpCAS::traceExit();
}
function checkAndSetUserSession()
{
// store session data
if (!isset($_SESSION['user'])) {
$_SESSION['user'] = null;
}
if (isset($_REQUEST['login']) or isset($_REQUEST['logout'])) {
// initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, 'login.kth.se', 443, '');
//phpCAS::proxy(CAS_VERSION_2_0,'login.kth.se',443,'');
phpCAS::setNoCasServerValidation();
// If you want the redirect back from the login server to enter your application by some
// specfic URL rather than just back to the current request URI, call setFixedCallbackURL.
//phpCAS::setFixedCallbackURL('http://xml.csc.kth.se/~wiiala/DM2517/project/php/index.php');
// force CAS authentication
phpCAS::forceAuthentication();
// at this step, the user has been authenticated by the CAS server
// and the user's login name can be read with phpCAS::getUser().
$_SESSION['user'] = phpCAS::getUser();
//Logga ut och redirecta till vår standardsida
if (isset($_REQUEST['logout'])) {
unset($_SESSION['user']);
phpCAS::logoutWithRedirectService('http://kth.kribba.com/');
}
}
}
function forceAuth()
{
if (!phpCAS::isAuthenticated()) {
// If they're not currently logged in, take them to the RPI CAS page
phpCAS::forceAuthentication();
}
}
/**
* [Put your description here]
*/
function main($content, $conf)
{
$this->conf = $conf;
$this->pi_setPiVarDefaults();
$this->pi_USER_INT_obj = 1;
// Configuring so caching is not expected. This value means that no cHash params are ever set. We do this, because it's a USER_INT object!
$this->pi_loadLL();
$this->typeExecution = "prod";
$urlCas = "none";
$portCas = "none";
if ($this->typeExecution == "dev") {
$urlCas = "xinf-devlinux.intranet.haras-nationaux.fr";
$portCas = 7777;
} else {
if ($this->typeExecution == "prod") {
$urlCas = "cerbere.haras-nationaux.fr";
$portCas = 443;
}
}
session_start();
if (isset($_GET["action"]) && $_GET["action"] == "disconnect") {
phpCAS::setDebug();
phpCAS::client(CAS_VERSION_2_0, $urlCas, $portCas, 'cas', 'true');
$ur = phpCAS::getServerLogoutURL();
phpCAS::killSession();
//Suppression de la sesssion de harasire
setcookie("netid", "", time() - 3600, "/", ".haras-nationaux.fr");
//$urCid = "http://www4.haras-nationaux.fr/cid-internet-web/InvalidateSessionServlet?service=".$ur;
$content .= '<IFRAME src="' . $ur . '" frameborder="no" height="600" width="670"></IFRAME>';
return $this->pi_wrapInBaseClass($content);
}
}
function getAttributes()
{
if (phpCAS::isAuthenticated()) {
return phpCAS::getAttributes();
}
return null;
}
public function execute($filterChain)
{
$user = $this->getContext()->getUser();
// We put an LDAP object in the context in order to reuse it later
$this->getContext()->set('ldap', new uapvLdap());
// Filters can be called several times (because of internal forwards)
// Authentication is only done the first time
if ($this->isFirstCall() && (sfConfig::get('app_cas_server_force_authentication', false) || !$user->isAuthenticated())) {
// phpCAS is not php5-compliant, we remove php warnings and strict errors
$errorReporting = ini_get('error_reporting');
error_reporting($errorReporting & ~E_STRICT & ~E_NOTICE);
if (sfConfig::get('app_cas_server_debug', false)) {
phpCAS::setDebug();
}
// see /tmp/phpCAS.log
phpCAS::client(sfConfig::get('app_cas_server_version', CAS_VERSION_2_0), sfConfig::get('app_cas_server_host', 'localhost'), sfConfig::get('app_cas_server_port', 443), sfConfig::get('app_cas_server_path', ''), false);
// Don't call session_start again,
// symfony already did it
//phpCAS::handleLogoutRequests ();
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
// if necessary the user will be
// redirected to the cas server
// At this point the user is authenticated, we log him in
$user->signIn(phpCAS::getUser());
// Previous settings can now be restored
error_reporting($errorReporting);
}
// "credential" verification
parent::execute($filterChain);
}
public function __construct()
{
$this->attr = phpCAS::getAttributes();
$this->attr['username'] = phpCAS::getUser();
$this->id = $this->attr['user_id'];
unset($this->attr['sequence_token']);
}
function force_login()
{
if (!isset($GLOBALS['PHPCAS_CLIENT'])) {
check_auth();
}
phpCAS::forceAuthentication();
}
public function get_login()
{
Logger::debug('main', 'AuthMethod_CAS::get_login()');
if (!isset($_SESSION['backup_sso']) || !is_array($_SESSION['backup_sso'])) {
$_SESSION['backup_sso'] = array();
}
foreach ($_REQUEST as $k => $v) {
$_SESSION['backup_sso'][$k] = $v;
}
$buf = $this->prefs->get('AuthMethod', 'CAS');
$CAS_server_url = $buf['user_authenticate_cas_server_url'];
if (!isset($CAS_server_url) || $CAS_server_url == '') {
Logger::error('main', 'AuthMethod_CAS::get_login() - Unable to find CAS server url in Preferences');
return NULL;
}
phpCAS::client(CAS_VERSION_2_0, parse_url($CAS_server_url, PHP_URL_HOST), parse_url($CAS_server_url, PHP_URL_PORT), parse_url($CAS_server_url, PHP_URL_PATH));
Logger::debug('main', 'AuthMethod_CAS::get_login() - Parsing URL - Host:"' . parse_url($CAS_server_url, PHP_URL_HOST) . '" Port:"' . parse_url($CAS_server_url, PHP_URL_PORT) . '" Path:"' . parse_url($CAS_server_url, PHP_URL_PATH) . '"');
phpCAS::setNoCasServerValidation();
if (!phpCAS::forceAuthentication()) {
Logger::error('main', 'AuthMethod_CAS::get_login() - phpCAS::forceAuthentication failed');
return NULL;
}
if (!phpCAS::isAuthenticated()) {
Logger::error('main', 'AuthMethod_CAS::get_login() - phpCAS::isAuthenticated failed');
return NULL;
}
$this->login = phpCAS::getUser();
foreach ($_SESSION['backup_sso'] as $k => $v) {
if (isset($_REQUEST[$k])) {
continue;
}
$_REQUEST[$k] = $v;
}
return $this->login;
}
function metodillo()
{
$sSQL = "SELECT * FROM PM_PARAMETERS WHERE PRM_ID = 'CAS_URL' ";
$aResSQL = executeQuery($sSQL);
if (count($aResSQL)) {
$sURL = $aResSQL[1]['PRM_VALUE'];
$sURI = $aResSQL[1]['PRM_VALUE_2'];
$res = false;
$RBAC = RBAC::getSingleton();
$RBAC->initRBAC();
require_once 'CAS-1.2.2/CAS.php';
phpCAS::client(CAS_VERSION_2_0, $sURL, 443, $sURI, false);
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
if (phpCAS::isAuthenticated() == true) {
$sCasUser = phpCAS::getUser();
$sSQL = "SELECT USR_UID FROM USERS WHERE USR_USERNAME = '******' ";
$aResSQL = executeQuery($sSQL);
if (count($aResSQL)) {
$nUserId = $aResSQL[1]['USR_UID'];
$RBAC->singleSignOn = true;
$RBAC->userObj->fields['USR_UID'] = $nUserId;
$RBAC->userObj->fields['USR_USERNAME'] = $sCasUser;
$res = true;
} else {
$res = false;
}
} else {
$res = false;
}
} else {
$res = false;
}
return $res;
}
public static function logout($parameters)
{
if (phpCAS::isAuthenticated()) {
phpCAS::logoutWithRedirectService(OC::$server->getURLGenerator()->getAbsoluteURL(""));
}
return true;
}
/**
* Attempts to authenticate users via CAS
*/
public function index()
{
// If they don't have CAS configured, send them onto the application's
// internal authentication system
if (!defined('CAS')) {
header('Location: ' . BASE_URL . '/login/login?return_url=' . $this->return_url);
exit;
}
require_once CAS . '/CAS.php';
\phpCAS::client(CAS_VERSION_2_0, CAS_SERVER, 443, CAS_URI, false);
\phpCAS::setNoCasServerValidation();
\phpCAS::forceAuthentication();
// at this step, the user has been authenticated by the CAS server
// and the user's login name can be read with phpCAS::getUser().
// They may be authenticated according to CAS,
// but that doesn't mean they have person record
// and even if they have a person record, they may not
// have a user account for that person record.
try {
$_SESSION['USER'] = new Person(\phpCAS::getUser());
header("Location: {$this->return_url}");
exit;
} catch (\Exception $e) {
$_SESSION['errorMessages'][] = $e;
}
$this->template->blocks[] = new Block('loginForm.inc', array('return_url' => $this->return_url));
}
/**
* Collect any tokens that the user may have supplied. Reply NULL if none
* are found.
*
* @return mixed
* @access public
* @since 3/16/05
*/
function collect()
{
if (phpCAS::isAuthenticated()) {
return phpCAS::getUser();
} else {
return null;
}
}
private function setName()
{
if ($this->config->get('cas-name-attribute-key') !== null && phpCAS::hasAttribute($this->config->get('cas-name-attribute-key'))) {
$_SESSION[':cas']['name'] = phpCAS::getAttribute($this->config->get('cas-name-attribute-key'));
} else {
$_SESSION[':cas']['name'] = $this->getUser();
}
}
public function loginCallback()
{
$attributes = phpCAS::getAttributes();
$this->updateLocalUserFromBackend($attributes);
$usr_id = User::getUserIDByEmail($attributes['mail'], true);
$user = User::getDetails($usr_id);
Auth::createLoginCookie(APP_COOKIE, $user['usr_email'], true);
}
public function checkPassword($uid, $password)
{
if (!phpCAS::isAuthenticated()) {
return false;
}
$uid = phpCAS::getUser();
return $uid;
}
public function logout()
{
$curruser = $this->session->userdata("curruser");
if ($curruser) {
$this->session->sess_destroy();
}
phpCAS::logout();
}
public function __construct()
{
\phpCAS::setDebug();
\phpCAS::client(CAS_VERSION_2_0, "itebeta.baidu.com", 443, "");
\phpCAS::setNoCasServerValidation();
\phpCAS::forceAuthentication();
$this->username = \phpCAS::getUser();
}
public static function modelAttributes()
{
$userInfo = array_combine(array('username', 'email', 'user_id'), explode('|', \phpCAS::getUser()));
$casInfo = array_change_key_case(array_map('urldecode', \phpCAS::getAttributes()), CASE_LOWER);
$casInfo['realname'] = $casInfo['username'];
unset($casInfo['useraccountcontrol'], $casInfo['usernum'], $casInfo['useremail']);
$return = array_merge($casInfo, $userInfo);
return $return;
}
/**
* Logs the user out / destroys the CAS session
*/
public function index()
{
if (\phpCAS::checkAuthentication()) {
\phpCAS::logout();
}
session_destroy();
header("Location: /landing");
return;
}
private function initCasClient()
{
if (!$this->_casInitialized) {
require_once 'CAS.php';
phpCAS::setDebug();
phpCAS::client(CAS_VERSION_2_0, $this->getOption('cas_server_host', 'localhost'), (int) $this->getOption('cas_server_port', 443), $this->getOption('cas_server_path', ''), false);
// Don't call session_start again
$this->_casInitialized = true;
}
}
public function __construct()
{
parent::__construct();
$this->load->database();
$this->load->library('grocery_CRUD');
include_once 'CAS.php';
phpCAS::client('2.0', 'cas.uhp-nancy.fr', 443, '/cas', false);
phpCAS::setNoCasServerValidation();
phpCAS::handleLogoutRequests(false);
}
public function __construct(array $options = array())
{
$this->options = $options;
\phpCAS::getVersion();
\phpCAS::setDebug('/tmp/cas-log.log');
\phpCAS::setVerbose(true);
$this->client = new \CAS_Client(SAML_VERSION_1_1, false, $this->options['webnet.sso_auth.client.option.cas_host.value'], $this->options['webnet.sso_auth.client.option.cas_port.value'], $this->options['webnet.sso_auth.client.option.cas_context.value']);
$this->client->setNoCasServerValidation();
$this->client->handleLogoutRequests(false, false);
}
public function getSambaProxyTicket()
{
phpCAS::traceBegin();
if ($this->hasGot()) {
throw new CAS_OutOfSequenceException('Cannot set the URL, request already sent.');
}
$this->count = 1;
$this->initializeProxyTicket();
phpCAS::traceEnd();
return $this->getProxyTicket();
}
function getConnexionBar()
{
if (CASUser::checkAuth()) {
$service = SITE_CAS_CONNEXIONBAR_URL;
phpCAS::serviceWeb($service, $err_code, $output);
$xml = simplexml_load_string($output);
$result = $xml->xpath('/reportoutput/reportdata');
return str_replace("https://signin.mygcx.org/cas/logout", "https://intranet.campusforchrist.org/index.php?p_Mod=Logout", html_entity_decode($result[0]->asXML()));
} else {
return "";
}
}
public function checkPassword($uid, $password)
{
if (!phpCAS::forceAuthentication()) {
return false;
}
$uid = phpCAS::getUser();
if ($uid === false) {
OCP\Util::writeLog('user_cas', 'phpCAS return no user !', OCP\Util::ERROR);
return false;
}
return $uid;
}
function getConnexionBar()
{
if (CASUser::checkAuth()) {
$service = SITE_CAS_CONNEXIONBAR_URL;
phpCAS::serviceWeb($service, $err_code, $output);
$xml = simplexml_load_string($output);
$result = $xml->xpath('/reportoutput/reportdata');
return html_entity_decode($result[0]->asXML());
} else {
return "";
}
}
/**
* Logout the user form the current symfony application and from the
* CAS server
* @param boolean $onlyLocal Set it to true, to logout from the application, but stay login in the CAS
*/
public function logout($url = null, $onlyLocal = false)
{
parent::signOut();
$this->username = null;
if (!$onlyLocal) {
sfCAS::initPhpCAS();
if (!empty($url)) {
phpCAS::logoutWithUrl($url);
} else {
phpCas::logout();
}
}
}
function logoutCAS($config, $wwwroot)
{
require_once dirname(__FILE__) . '/CAS/CAS.php';
// get module configuration
$cas_validate = true;
$cas_version = CAS_VERSION_2_0;
$cas_language = 'english';
phpCAS::client($cas_version, $config->cashostname, (int) $config->casport, $config->casbaseuri, false);
error_log("CAS: Logout");
phpCAS::logout($wwwroot);
error_log("CAS: Logout Exit");
return true;
}
/**
* Check username against CAS authentication backend. User needs to exist in MySQL to be able to log in.
*
* @param string $username User name to check
* @param string $password User password to check
* @return int Authentication success (0 = fail, 1 = success) FIXME bool
*/
function cas_authenticate($username, $password)
{
$row = dbFetchRow("SELECT `username`, `password` FROM `users` WHERE `username`= ?", array($username));
if ($row['username'] && $row['username'] == $username) {
if ($username == phpCAS::getUser()) {
return 1;
}
dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'CAS: username does not match CAS user'), 'authlog');
} else {
dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'CAS: NOT found in DB'), 'authlog');
}
//session_logout();
return 0;
}