This method is called to check if the user is already authenticated
locally or has a global cas session. A already existing cas session is
determined by a cas gateway call.(cas login call without any interactive
prompt)
| public static checkAuthentication ( ) : true | ||
| return | true | when the user is authenticated, false when a previous gateway login failed or the function will not return if the user is redirected to the cas server for a gateway login attempt |
/**
* Logs the user out / destroys the CAS session
*/
public function index()
{
if (\phpCAS::checkAuthentication()) {
\phpCAS::logout();
}
session_destroy();
header("Location: /landing");
return;
}
function checkAuth()
{
if (CASUser::setup()) {
//Allow it to be called multiple times, and return the auth info
//Normally it will force a login if this isn't done
return phpCAS::checkAuthentication();
} else {
return CASUser::isAuthenticated();
}
}
function check_login($callback)
{
if (isLoggedIn()) {
return true;
}
if ($callback->controller == 'users' && $callback->action == 'create') {
return true;
}
// if(phpCAS::isAuthenticated()) {
// login_login();
//}
if (phpCAS::checkAuthentication()) {
login_login();
}
}
/**
* [Put your description here]
*/
function main($content, $conf)
{
$this->conf = $conf;
$this->pi_setPiVarDefaults();
$this->pi_USER_INT_obj = 1;
// Configuring so caching is not expected. This value means that no cHash params are ever set. We do this, because it's a USER_INT object!
$this->pi_loadLL();
session_start();
$this->typeExecution = "prod";
$urlCas = "none";
$portCas = "none";
if ($this->typeExecution == "dev") {
$urlCas = "xinf-devlinux.intranet.haras-nationaux.fr";
$portCas = 7777;
} else {
if ($this->typeExecution == "prod") {
$urlCas = "cerbere.haras-nationaux.fr";
$portCas = 443;
}
}
if (isset($_GET["userdebug"])) {
include_once "typo3conf/ext/dlcube_hn_01/class.WebservicesCompte.php";
include_once "typo3conf/ext/dlcube_hn_01/class.WebservicesAccess.php";
$param[] = array("login" => $_GET["userdebug"], "ctx" => null);
$ws = new WebservicesCompte();
if (!$ws->connectIdent()) {
$content = "ERROR:" . $ws->getErrorMessage();
return $content;
}
$result = $ws->getPersonneByLogin($param);
debug($result);
print_r($result);
}
if (isset($_GET["action"]) && $_GET["action"] == "auth" && !isset($_GET["ticket"])) {
phpCAS::setDebug();
phpCAS::client(CAS_VERSION_2_0, $urlCas, $portCas, 'cas', 'true');
$ur = phpCAS::getServerLoginURL(false);
$content .= '<IFRAME src="' . $ur . '" frameborder="no" height="600" width="670"></IFRAME>';
return $this->pi_wrapInBaseClass($content);
}
phpCAS::client(CAS_VERSION_2_0, $urlCas, $portCas, 'cas', 'true');
phpCAS::checkAuthentication();
$_SESSION["portalId"] = phpCAS::getUser();
echo '<html><body><script type="text/javascript">
window.open( "' . $this->pi_getPageLink($_SESSION["service_id_auth"]) . '", "_top");
</script></body>';
exit;
}
/**
* Cette methode permet de verifier si l'utilisateur
* du portail poss�de d�j� une authentification SSO sur le
* serveur CAS.
* Si ce dernier ne poss�de pas d'authetification, le plugin redirige l'utilisateur sur
* une page d'authentification CAS dans une iframe.
*/
function main($content, $conf)
{
session_start();
//$idPageAuth = '3434';
$idPageAuth = '3682';
$this->typeExecution = "prod";
$urlCas = "none";
$portCas = "none";
if ($this->typeExecution == "dev") {
$urlCas = "xinf-devlinux.intranet.haras-nationaux.fr";
$portCas = 7777;
} else {
if ($this->typeExecution == "prod") {
$urlCas = "cerbere.haras-nationaux.fr";
$portCas = 443;
}
}
//debug($_SESSION);
if ($GLOBALS["TSFE"]->page["tx_dlcube04CAS_auth_cas_required"] == 1) {
phpCAS::client(CAS_VERSION_2_0, $urlCas, $portCas, 'cas', 'true');
$auth = phpCAS::checkAuthentication();
if (!$auth) {
$_SESSION["service_id_auth"] = $GLOBALS["TSFE"]->id;
header('Location: ' . t3lib_div::locationHeaderUrl($this->pi_getPageLink($idPageAuth, "", array("action" => "auth"))));
exit;
} else {
$_SESSION["portalId"] = phpCAS::getUser();
}
}
if (isset($_GET["action_cas"]) && $_GET["action_cas"] == "logout") {
unset($_SESSION["portalId"]);
header('Location: ' . t3lib_div::locationHeaderUrl($this->pi_getPageLink("3683", "", array("action" => "disconnect"))));
}
/**
* Gestion des langues pour le cookie
*/
if (isset($_GET["lang"])) {
if ($_GET["lang"] == "fr") {
$this->cookie_fr();
}
if ($_GET["lang"] == "en") {
$this->cookie_en();
}
}
}
/**
* Displays the login page
*/
public function actionLogin()
{
Yii::import('application.vendors.CAS.*');
include_once 'CAS/Autoload.php';
spl_autoload_unregister(array('YiiBase', 'autoload'));
spl_autoload_register(array('YiiBase', 'autoload'));
include_once 'CAS.php';
phpCAS::setDebug();
phpCAS::client(CAS_VERSION_2_0, 'sso.ui.ac.id', 443, 'cas');
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
phpCAS::checkAuthentication();
$username = phpCAS::getUser();
$identity = new UserIdentity($username);
if ($identity->authenticate()) {
Yii::app()->user->login($identity);
}
$this->redirect(array('home/index'));
}
/**
* authentication choice (CAS or other)
* redirection to the CAS form or to login/index.php
* for other authentication
*/
function loginpage_hook()
{
global $frm;
global $CFG;
global $SESSION;
$site = get_site();
$CASform = get_string("CASform", "auth");
$username = optional_param("username");
if (!empty($username)) {
if (strstr($SESSION->wantsurl, 'ticket') || strstr($SESSION->wantsurl, 'NOCAS')) {
unset($SESSION->wantsurl);
}
return;
}
// Test si cas activ� et param�tres non remplis
if (empty($this->config->hostname)) {
return;
}
// Connection to CAS server
$this->connectCAS();
// Gestion de la connection CAS si acc�s direct d'un ent ou autre
if (phpCAS::checkAuthentication()) {
$frm->username = phpCAS::getUser();
// if (phpCAS::getUser()=='esup9992')
// $frm->username='******';
$frm->password = "******";
return;
}
if ($_GET["loginguest"] == true) {
$frm->username = "******";
$frm->password = "******";
return;
}
if ($this->config->multiauth) {
$authCAS = optional_param("authCAS");
if ($authCAS == "NOCAS") {
return;
}
// choice authentication form for multi-authentication
// test pgtIou parameter for proxy mode (https connection
// in background from CAS server to the php server)
if ($authCAS != "CAS" && !isset($_GET["pgtIou"])) {
$navlinks = array();
$navlinks[] = array('name' => $CASform, 'link' => null, 'type' => 'misc');
$navigation = build_navigation($navlinks);
print_header("{$site->fullname}: {$CASform}", $site->fullname, $navigation);
include $CFG->dirroot . "/auth/cas/cas_form.html";
print_footer();
exit;
}
}
// CAS authentication
if (!phpCAS::isAuthenticated()) {
phpCAS::forceAuthentication();
}
}
function send_to_cas($config)
{
require_once dirname(__DIR__) . '/vendor/autoload.php';
try {
// get module configuration
$cas_version = $config->cas_version ? $config->cas_version : CAS_VERSION_2_0;
// phpCAS::setDebug();
phpCAS::client($cas_version, $config->cashostname, (int) $config->casport, $config->casbaseuri, false);
// check authentication; returns true/false
$result = phpCAS::checkAuthentication();
if ($result) {
// grab username
$NetUsername = phpCAS::getUser();
return $NetUsername;
} else {
return false;
}
} catch (Exception $e) {
error_log("CAS ERROR: " . $e->getMessage());
register_error($e->getMessage());
return false;
}
}
function RWSPCReqs()
{
global $RWSESL3;
global $RWSCRURL;
$r_rwc = RWSGSOpt("rwscas", PARAM_ALPHANUM);
if ($r_rwc === false || strlen($r_rwc) == 0) {
return;
}
if ($r_rwc != "1" && $r_rwc != "2" && $r_rwc != "3") {
return;
}
$r_ver = RWSGSOpt("version", PARAM_ALPHANUMEXT);
if ($r_ver === false || strlen($r_ver) == 0) {
return;
}
$r_rwu = RWSGSOpt("rwsuser", PARAM_RAW);
if ($r_rwu === false || strlen($r_rwu) == 0) {
unset($r_rwu);
}
$r_rwp = RWSGSOpt("rwspass", PARAM_RAW);
if ($r_rwp === false || strlen($r_rwp) == 0) {
unset($r_rwp);
}
$r_tkt = RWSGSOpt("ticket", PARAM_RAW);
if ($r_tkt === false || strlen($r_tkt) == 0) {
unset($r_tkt);
}
$r_pid = RWSGSOpt("pgtId", PARAM_RAW);
if ($r_pid === false || strlen($r_pid) == 0) {
unset($r_pid);
}
$r_piou = RWSGSOpt("pgtIou", PARAM_RAW);
if ($r_piou === false || strlen($r_piou) == 0) {
unset($r_piou);
}
$r_aus = get_enabled_auth_plugins();
foreach ($r_aus as $r_aun) {
$r_aup = get_auth_plugin($r_aun);
if (strcasecmp($r_aup->authtype, RWSCAS) == 0) {
$r_csp = $r_aup;
break;
}
}
if (!isset($r_csp)) {
return;
}
if (empty($r_csp->config->hostname)) {
return;
}
list($r_v1, $r_v2, $r_v3) = explode(".", phpCAS::getVersion());
$r_csp->connectCAS();
if ($r_rwc == "1") {
if (isset($r_tkt)) {
RWSRHXml();
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n";
echo "<rwscas>\r\n";
echo "\t<st>";
echo utf8_encode(htmlspecialchars(trim($r_tkt)));
echo "\t</st>\r\n";
echo "</rwscas>\r\n";
exit;
} else {
if ($_SERVER['REQUEST_METHOD'] == "GET") {
$r_ok = phpCAS::checkAuthentication();
if (!isset($r_rwu)) {
$r_rwu = phpCAS::getUser();
}
if (!isset($r_rwp)) {
$r_rwp = "passwdCas";
}
RWSLIMUser($r_rwu, $r_rwp, $r_ok);
} else {
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$r_psd = urldecode(file_get_contents("php://input"));
if (stripos($r_psd, "<samlp:LogoutRequest ") !== false) {
RWSAOLog();
}
}
}
}
} else {
if ($r_rwc == "2") {
if (isset($r_pid) && isset($r_piou)) {
if ($r_csp->config->proxycas) {
phpCAS::checkAuthentication();
}
} else {
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$r_psd = urldecode(file_get_contents("php://input"));
if (stripos($r_psd, "<samlp:LogoutRequest ") !== false) {
RWSAOLog();
}
}
}
} else {
if ($r_rwc == "3") {
if (isset($r_tkt)) {
if (strlen($RWSCRURL) > 0) {
$r_svu = $RWSCRURL;
} else {
$r_svu = RWSGSUrl(false, false);
}
$r_svu .= "?rwscas=1";
if (isset($r_ver)) {
$r_svu .= "&version=";
$r_svu .= urlencode($r_ver);
}
if (isset($r_rwu)) {
$r_svu .= "&rwsuser="******"&rwspass="******"?rwscas=2";
if (isset($r_ver)) {
$r_cbu .= "&version=";
$r_cbu .= urlencode($r_ver);
}
if (isset($r_rwu)) {
$r_cbu .= "&rwsuser="******"&rwspass="******"2008");
}
}
// Render
$claroline->display->body->setContent($template->render());
if (!(isset($_REQUEST['logout']) && isset($_SESSION['isVirtualUser']))) {
echo $claroline->display->render();
}
} else {
require_once get_path('clarolineRepositorySys') . '/desktop/index.php';
}
// Logout request : delete session data
if (isset($_REQUEST['logout'])) {
if (isset($_SESSION['isVirtualUser'])) {
unset($_SESSION['isVirtualUser']);
claro_redirect(get_conf('rootWeb') . 'claroline/admin/admin_users.php');
exit;
}
// notify that a user has just loggued out
if (isset($logout_uid)) {
$eventNotifier->notifyEvent('user_logout', array('uid' => $logout_uid));
}
/* needed to be able to :
- log with claroline when 'magic login' has previously been clicked
- notify logout event
(logout from CAS has been commented in casProcess.inc.php)*/
if (get_conf('claro_CasEnabled', false) && (get_conf('claro_CasGlobalLogout') && !phpCAS::checkAuthentication())) {
phpCAS::logout((isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1) ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . get_conf('urlAppend') . '/index.php');
}
session_destroy();
}
// Hide breadcrumbs and view mode on platform home page
// $claroline->display->banner->hideBreadcrumbLine();
/**
* Authenticates the user with CAS and fulfills setting changes (login/out and gender change).
* $force: whether or not to require login
* $controller: required to access the model and check what page is being visited
*/
private function authenticate($force, $controller)
{
// Load the settings from the central config file
require_once __DIR__ . '/../config/cas-config.php';
// Load the CAS lib
require_once $phpcas_path . '/CAS.php';
// Enable debugging
phpCAS::setDebug();
// Initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);
// Set the CA certificate that is the issuer of the cert on the CAS server
phpCAS::setCasServerCACert($cas_server_ca_cert_path);
// log in or out if desired
if (isset($_REQUEST['login'])) {
phpCAS::forceAuthentication();
}
if (isset($_REQUEST['logout'])) {
if (!isset($_SESSION)) {
if (!isset($_SESSION)) {
session_start();
}
}
session_destroy();
phpCAS::logout(array('service' => URL, 'url' => URL));
}
if ($force) {
phpCAS::forceAuthentication();
} else {
phpCAS::checkAuthentication();
}
// Raise an exception if the user has insufficient privileges for an admin page.
if (in_array(strtolower(get_class($controller)), $this->admin_controllers) && (!Helper::isLoggedIn() || !$controller->model->userIsAdmin(phpCAS::getUser()))) {
// Sorry about using runtime, but I don't really want to subclass anything :/
throw new RuntimeException("Must log in as admin.");
}
if (Helper::isLoggedIn()) {
if (isset($_REQUEST['male'])) {
$gender = 'male';
} elseif (isset($_REQUEST['female'])) {
$gender = 'female';
} elseif (isset($_REQUEST['all'])) {
$gender = 'both';
}
if (isset($gender)) {
$controller->model->setGender($gender, phpCAS::getUser());
}
}
}
<?php
require_once "./cas/phpCAS-master/CAS.php";
require_once "config.example.php";
phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);
phpCAS::setNoCasServerValidation();
if (isset($_REQUEST['logout'])) {
$_SESSION['cas'] = "yes";
phpCAS::logoutWithRedirectService("https://osr-etudiant.unistra.fr/~r.henry/aCalendar/");
}
if (phpCAS::checkAuthentication()) {
$_SESSION['user'] = phpCas::getUser();
$_SESSION['cas'] = "yes";
header('Location: ../index.php');
} else {
phpCAS::forceAuthentication();
}
//echo phpCAS::logoutWithRedirectService('inscription.php');
//
?>
<!--<!<?php
//if (isset($erreur)) echo '<br /><br />',$erreur;
//if(isset($_POST['connexion']) && $_POST['connexion'] == 'Connexion'){
//if((isset($_POST['login']) && isset($_POST['pass'])) && (!empty($_POST['login']) && !empty($_POST['pass'])))
//{
//$base = new PDO('mysql:host=localhost;dbname=test', 'root', '') ;
//or die("Erreur".mysql_error($base));
//mysqli_select_db ('test', $base);
//$sql = 'select count(*) from membre where login="******" and
//pass_md5="'. $base->quote($_POST['pass']).'"';
//$requete= $base->query($sql) or die('Erreur sql !'.$sql.mysql_error());
/**
* Check login status of current user with regards to Purdue CAS
*
* @return array $status
*/
public function status()
{
$status = array();
if (Config::Get('debug')) {
$debug_location = $this->params->get('debug_location', '/var/log/apache2/php/phpCAS.log');
phpCAS::setDebug($debug_location);
}
$this->initialize();
if (phpCAS::checkAuthentication()) {
$status['username'] = phpCAS::getUser();
}
return $status;
}
/**
* Authentication choice (CAS or other)
* Redirection to the CAS form or to login/index.php
* for other authentication
*/
function loginpage_hook()
{
global $frm;
global $CFG;
global $SESSION, $OUTPUT, $PAGE;
$site = get_site();
$CASform = get_string('CASform', 'auth_cas');
$username = optional_param('username', '', PARAM_RAW);
$courseid = optional_param('courseid', 0, PARAM_INT);
if (!empty($username)) {
if (isset($SESSION->wantsurl) && (strstr($SESSION->wantsurl, 'ticket') || strstr($SESSION->wantsurl, 'NOCAS'))) {
unset($SESSION->wantsurl);
}
return;
}
// Return if CAS enabled and settings not specified yet
if (empty($this->config->hostname)) {
return;
}
// If the multi-authentication setting is used, check for the param before connecting to CAS.
if ($this->config->multiauth) {
// If there is an authentication error, stay on the default authentication page.
if (!empty($SESSION->loginerrormsg)) {
return;
}
$authCAS = optional_param('authCAS', '', PARAM_RAW);
if ($authCAS == 'NOCAS') {
return;
}
// Show authentication form for multi-authentication.
// Test pgtIou parameter for proxy mode (https connection in background from CAS server to the php server).
if ($authCAS != 'CAS' && !isset($_GET['pgtIou'])) {
$PAGE->set_url('/login/index.php');
$PAGE->navbar->add($CASform);
$PAGE->set_title("{$site->fullname}: {$CASform}");
$PAGE->set_heading($site->fullname);
echo $OUTPUT->header();
include $CFG->dirroot . '/auth/cas/cas_form.html';
echo $OUTPUT->footer();
exit;
}
}
// Connection to CAS server
$this->connectCAS();
if (phpCAS::checkAuthentication()) {
$frm = new stdClass();
$frm->username = phpCAS::getUser();
$frm->password = '******';
// Redirect to a course if multi-auth is activated, authCAS is set to CAS and the courseid is specified.
if ($this->config->multiauth && !empty($courseid)) {
redirect(new moodle_url('/course/view.php', array('id' => $courseid)));
}
return;
}
if (isset($_GET['loginguest']) && $_GET['loginguest'] == true) {
$frm = new stdClass();
$frm->username = '******';
$frm->password = '******';
return;
}
// Force CAS authentication (if needed).
if (!phpCAS::isAuthenticated()) {
phpCAS::setLang($this->config->language);
phpCAS::forceAuthentication();
}
}
function validate_user_cas(&$user, $checkOnly = false)
{
global $tikilib, $prefs, $base_url;
// just make sure we're supposed to be here
if (!$this->_init_cas_client()) {
return false;
}
// Redirect to this URL after authentication
if ( !empty($prefs['cas_extra_param']) && basename($_SERVER['SCRIPT_NAME']) == 'tiki-login.php' ) {
phpCAS::setFixedServiceURL($base_url . 'tiki-login.php?cas=y&' . $prefs['cas_extra_param']);
}
// check CAS authentication
phpCAS::setNoCasServerValidation();
if ( $checkOnly ) {
unset($_SESSION['phpCAS']['auth_checked']);
$auth = phpCAS::checkAuthentication();
} else {
$auth = phpCAS::forceAuthentication();
}
$_SESSION['cas_validation_time'] = $tikilib->now;
// at this step, the user has been authenticated by the CAS server
// and the user's login name can be read with phpCAS::getUser().
if ( $auth && ($user = strtolower(phpCAS::getUser())) ) {
return USER_VALID;
} else {
$user = null;
return PASSWORD_INCORRECT;
}
}
/**
* Zend_Auth Authentication
*
* @param return boolean
*/
public function authenticate()
{
if (phpCAS::checkAuthentication()) {
$user = phpCAS::getAttributes();
return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $user);
}
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, $this->_errors);
/*
if($user = $this->validateTicket($this->getTicket(), $this->getService())) {
return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $user);
}
else {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, $this->_errors);
}*/
}
function checkAuthentication_raw($noCache, $haveTicket)
{
if (isset($_GET["auth_checked"])) {
$noCookies = !isset($_COOKIE["PHPSESSID"]);
if ($noCookies) {
debug_msg("cookie disabled or not accepted");
}
$_SESSION['time_before_verifying_CAS_ticket'] = microtime(true);
$_SESSION['time_before_redirecting_to_CAS'] = getAndUnset($_SESSION, 'time_before_adding_auth_checked');
if ($noCookies || $noCache) {
// do not redirect otherwise
// - if noCookies, it will dead-loop
// - if noCache, we must not clean url otherwise "cleanup SESSION" will be done after final redirect to clean URL
phpCAS::setNoClearTicketsFromUrl();
} else {
if ($haveTicket) {
// remove "auth_checked" after CAS before redirecting to final URL
toggle_auth_checked_in_redirect();
}
}
try {
$isAuthenticated = phpCAS::isAuthenticated();
} catch (Exception $e) {
// ignore
}
$wasPreviouslyAuthenticated = false;
} else {
// add "auth_checked" in url before redirecting to CAS
toggle_auth_checked_in_redirect();
$_SESSION['time_before_adding_auth_checked'] = microtime(true);
$isAuthenticated = phpCAS::checkAuthentication();
// NB: if we reach this point, we are either in "wasPreviouslyAuthenticated" case or after final redirect to clean URL
$noCookies = false;
}
return array($isAuthenticated, $noCookies);
}
function verificar_logout()
{
if ($this->uso_login_basico() && $this->permite_login_toba()) {
//Si es login toba, no chequear logout de CAS
return;
}
// Se conecta al CAS
$this->instanciar_cliente_cas();
return phpCAS::checkAuthentication();
}
**/
if ($currentPageData = getCurrentPageData()) {
if ($currentPageData['fullRight'][$_SESSION['rang']] == 0) {
// On invite l'utilisateur à se connecter au CAS
phpCAS::client(CAS_VERSION_2_0, CAS_SERVER_URI, (int) constant('CAS_SERVER_PORT'), '');
phpCAS::setServerServiceValidateURL(CAS_SERVER_VALIDATEURI);
if (is_file(CAS_SERVER_CERTIFICATPATH)) {
phpCAS::setCasServerCACert(CAS_SERVER_CERTIFICATPATH);
} else {
phpCAS::setNoCasServerValidation();
}
phpCAS::forceAuthentication();
if (phpCAS::getUser()) {
//Si l'utilisateur s'est connecté
// Récupération des données serveur
$test = phpCAS::checkAuthentication();
// Récupération des données utilisateur
$sql = 'SELECT * FROM user WHERE nbEtudiant = :nbEtu LIMIT 1';
$res = $db->prepare($sql);
$res->execute(array('nbEtu' => phpCAS::getUser()));
if ($res_f = $res->fetch()) {
$_SESSION['id'] = $res_f['id'];
$_SESSION['nom'] = $res_f['nom'];
$_SESSION['prenom'] = $res_f['prenom'];
$_SESSION['rang'] = $res_f['rang'];
if (isset($res_f['promotion'])) {
$_SESSION['promotion'] = $res_f['promotion'];
}
} else {
$errorCode = serialize(array(32 => true));
phpCAS::logout(array('service' => ROOT . 'index.php?erreur=' . $errorCode));
/**
* checks if the user already get a session
* @return the user login if the user already has a session ,false otherwise
**/
function cas_is_authenticated()
{
global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
global $PHPCAS_CLIENT;
global $logout;
if (!cas_configured()) {
return;
}
if (!is_object($PHPCAS_CLIENT)) {
phpCAS::client($cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri);
phpCAS::setNoCasServerValidation();
}
$auth = phpCAS::checkAuthentication();
if ($auth) {
$login = trim(phpCAS::getUser());
/*
Get user attributes. Here are the attributes for crdp platform
sn => name
ENTPersonMailInterne => mail
ENTPersonAlias => login
ENTPersonProfils => profil
givenName => first name
*/
/*$user=phpCAS::getAttributes();
$firstName = trim($user['givenName']);
$lastName = trim($user['sn']);
$login = trim($user['ENTPersonAlias']);
$profil = trim($user['ENTPersonProfils']);
$email = trim($user['ENTPersonMailInterne']);
$satus=5;
switch ($profil){
case 'admin_etab':
$status=3; //Session admin
break;
case 'admin_sie':
$status=3; //Session admin
break;
case 'National_3':
$status=1; // Teacher
break;
case 'National_1':
$status=5; // Student
break;
default:
$status=5; // Student
}*/
if (!$logout) {
// get user info from username
$tab_user_info = UserManager::get_user_info($login);
// user found in the chamilo database
if (is_array($tab_user_info)) {
// if option is on we update user automatically from ldap server
if (api_get_setting("update_user_info_cas_with_ldap") == "true") {
$ldapuser = extldap_authenticate($login, 'nopass', true);
if ($ldap_user !== false) {
$chamilo_user = extldap_get_chamilo_user($ldapuser);
$chamilo_user['user_id'] = $tab_user_info['user_id'];
$chamilo_user['status'] = $tab_user_info['status'];
UserManager::update_user($chamilo_user["user_id"], $chamilo_user["firstname"], $chamilo_user["lastname"], $login, null, null, $chamilo_user["email"], $chamilo_user["status"], '', '', '', '', 1, null, 0, null, '');
}
}
return $login;
} else {
// if option is on we can ADD user automatically from ldap server or by modify own profil
$user_added = false;
switch (api_get_setting("cas_add_user_activate")) {
case PLATFORM_AUTH_SOURCE:
// user will have to modify firstname, lastname, email in chamilo profil edit
$userdata = get_lang("EditInProfil");
UserManager::create_user($userdata, $userdata, '5', $userdata, $login, 'casplaceholder', '', '', '', '', CAS_AUTH_SOURCE);
$user_added = $login;
break;
case LDAP_AUTH_SOURCE:
// user info are read from ldap connexion
// get user info from ldap server
// user has already been authenticated by CAS
// If user not found in LDAP, user not created
$ldapuser = extldap_authenticate($login, 'nopass', true);
if ($ldap_user !== false) {
$chamilo_user = extldap_get_chamilo_user($ldapuser);
$chamilo_user['username'] = $login;
$chamilo_user['auth_source'] = CAS_AUTH_SOURCE;
$chamilo_uid = external_add_user($chamilo_user);
$user_added = $login;
}
break;
default:
break;
}
return $user_added;
}
}
// //If the user is in the dokeos database and we are ,not in a logout request, we upgrade his infomration by ldap
// if (! $logout){
// $user_table = Database::get_main_table(TABLE_MAIN_USER);
// $sql = "SELECT user_id, username, password, auth_source, active, expiration_date ".
// "FROM $user_table ".
// "WHERE username = '******' ";
//
// $result = Database::query($sql,__FILE__,__LINE__);
// if(mysql_num_rows($result) == 0) {
// require_once(api_get_path(SYS_PATH).'main/inc/lib/usermanager.lib.php');
// $rnumber=rand(0,256000);
// UserManager::create_user($firstName, $lastName, $status, $email, $login, md5('casplaceholder'.$rnumber), $official_code='',$language='',$phone='',$picture_uri='',$auth_source = PLATFORM_AUTH_SOURCE);
// }
// else {
// $user = mysql_fetch_assoc($result);
// $user_id = intval($user['user_id']);
// //echo "deb : $status";
// UserManager::update_user ($user_id, $firstname, $lastname, $login, null, null, $email, $status, '', '', '', '', 1, null, 0, null,'') ;
//
// }
// }
return $login;
} else {
return false;
}
}
public static function post_login($parameters)
{
$uid = $parameters['uid'];
$wuid = $uid;
$casBackend = new OC_USER_CAS();
$userDB = new OC_User_Database();
/*
* Récupération des données du fichier config général /config/config.php
*/
$serveur_Search = OCP\Config::getSystemValue('serveur_Search', 'error');
$port = OCP\Config::getSystemValue('port', 'error');
$racineAMU = OCP\Config::getSystemValue('racineAMU', 'error');
$racineAMUGRP = OCP\Config::getSystemValue('racineAMUGRP', 'error');
$AMU_nuage_dn = OCP\Config::getSystemValue('AMU_nuage_dn', 'error');
$AMU_nuage_pw = OCP\Config::getSystemValue('AMU_nuage_pw', 'error');
$PQuota = OCP\Config::getSystemValue('PQuota', 'unManaged');
$EQuota = OCP\Config::getSystemValue('EQuota', 'unManaged');
$LDAP = new LDAP_Infos($serveur_Search, $AMU_nuage_dn, $AMU_nuage_pw, $racineAMUGRP, $racineAMUGRP);
$restrictGrp = array("cn", "member");
/*
* Récupération tableau Groupes
* Si le tableau 'groupMapping' est vide pas de contrôle sur les groupes
*/
$AccesCloud = 0;
OCP\Util::writeLog('user_cas', "Authentification (Mapping groups=" . $casBackend->groupMapping . ")", OCP\Util::DEBUG);
if ($casBackend->groupMapping) {
$wTabGrp = str_replace(array('<br>', '<br />', "\n", "\r"), array('@', '', '@', ''), $casBackend->groupMapping);
$tabGRP = explode("@", $wTabGrp);
$i = 0;
$mesGroupes = array();
foreach ($tabGRP as $key => $value) {
$ListeMembre = $LDAP->getMembersOfGroup($value, $restrictGrp);
if (in_array($uid, $ListeMembre)) {
$AccesCloudAMU = 1;
}
}
} else {
$AccesCloud = 1;
}
/*
* Si pas d'acces, alors déconnexion
*/
if ($AccesCloud == 0) {
/*
* On vérifie si le compte utilisé est un compte local
*/
if (!$userDB->userExists($uid)) {
OCP\Util::writeLog('user_cas', "Aucun droit d'accès pour l'utilisateur " . $uid, OCP\Util::ERROR);
\OC_User::logout();
} else {
OCP\Util::writeLog('user_cas', "Authentification locale pour l'utilisateur " . $uid, OCP\Util::DEBUG);
OC::$REQUESTEDAPP = '';
OC_Util::redirectToDefaultPage();
exit(0);
}
}
/**
* Récupère les groupes liés à l'utilisateur avec la racine définie dans le formulaire 'cas_group_root'
* Si 'cas_group_root' n'est pas renseingé => pas de récupération de groupes
*/
$mesGroupes = array();
OCP\Util::writeLog('user_cas', "Authentification (Racine Groupes LDAP=" . $casBackend->groupRoot . ")", OCP\Util::DEBUG);
if ($casBackend->groupRoot) {
$i = 0;
$ListeGRP = $LDAP->getMemberOf($uid);
$a = sizeof($ListeGRP);
OCP\Util::writeLog('user_cas', "Taille=" . $a . " UID=" . $uid, OCP\Util::ERROR);
OCP\Util::writeLog('user_cas', "Racine Groupe=" . $casBackend->groupRoot, OCP\Util::ERROR);
foreach ($ListeGRP as $key => $value) {
if (strstr($value, $casBackend->groupRoot)) {
$mesGroupes[$i] = strtoupper(str_replace(':', '_', substr($value, 8)));
OCP\Util::writeLog('user_cas', "Groupe[{$i}]=" . $mesGroupes[$i], OCP\Util::ERROR);
$i++;
}
}
}
if (phpCAS::checkAuthentication()) {
//$attributes = phpCAS::getAttributes();
$cas_uid = phpCAS::getUser();
if ($cas_uid == $uid) {
/*
* Récupération des information utilisateur (LDAP)
*/
$tabLdapUser = $LDAP->getUserInfo($uid);
if ($tabLdapUser) {
$DisplayName = $tabLdapUser['displayName'];
}
if (!$userDB->userExists($uid)) {
if (preg_match('/[^a-zA-Z0-9 _\\.@\\-]/', $uid)) {
OCP\Util::writeLog('cas', 'Utilisateur invalide "' . $uid . '", caracteres autorises "a-zA-Z0-9" and "_.@-" ', OCP\Util::DEBUG);
return false;
} else {
/*
* Dans le cas d'une création
*/
$random_password = \OC_Util::generateRandomBytes(20);
$userDB->createUser($uid, $tabLdapUser['userpassword']);
$userDB->setDisplayName($uid, $DisplayName);
/*
* Mise à jour du quota si gestion dans fichier de configuration
*/
if ($EQuota != "unManaged" && $tabLdapUser['eduPersonPrimaryAffiliation'] == 'student') {
update_quota($uid, $EQuota);
}
if ($PQuota != "unManaged" && $tabLdapUser['eduPersonPrimaryAffiliation'] != 'student') {
update_quota($uid, $PQuota);
}
}
}
/*
* Mise à jour des groupes associés
*/
if (sizeof($mesGroupes) > 0) {
$cas_groups = $mesGroupes;
update_groups($uid, $cas_groups, $casBackend->protectedGroups, true);
}
/*
* Mise à jour du mail
*/
update_mail($uid, $tabLdapUser['Mail']);
/*
* Mise à jour du display name
*/
$userDB->setDisplayName($uid, $DisplayName);
return true;
}
}
return false;
}
function xcas_auth($groupid, $ruleid)
{
Debuglogs("Rule:{$ruleid} Groupid:{$groupid} Testing source groups...", __FUNCTION__, __LINE__);
if (!isMustAuth($ruleid)) {
Debuglogs("Rule:{$ruleid} Groupid:{$groupid} From groups not match rule.", __FUNCTION__, __LINE__);
return;
}
Debuglogs("Rule:{$ruleid} Groupid:{$groupid} From groups match rule.", __FUNCTION__, __LINE__);
if (isset($_SESSION["AUTH_GROUP_DATA"][$groupid])) {
if ($_SESSION["AUTH_GROUP_DATA"][$groupid]["params"] == null) {
unset($_SESSION["AUTH_GROUP_DATA"][$groupid]);
}
}
if (!isset($_SESSION["AUTH_GROUP_DATA"][$groupid])) {
if (!isset($GLOBALS["Q"])) {
$GLOBALS["Q"] = new mysql_squid_builder();
}
Debuglogs("Rule:{$ruleid} Groupid:{$groupid} Run MySQL query", __FUNCTION__, __LINE__);
$ligne = mysql_fetch_array($GLOBALS["Q"]->QUERY_SQL("SELECT groupname,group_type,params FROM authenticator_auth WHERE ID='{$groupid}'"));
if (!$GLOBALS["Q"]->ok) {
Debuglogs("Rule:{$_GET["ruleid"]} Groupid:{$groupid} {$GLOBALS["Q"]->mysql_error}", __FUNCTION__, __LINE__);
}
$_SESSION["AUTH_GROUP_DATA"][$groupid]["groupname"] = $ligne["groupname"];
$_SESSION["AUTH_GROUP_DATA"][$groupid]["group_type"] = $ligne["group_type"];
$_SESSION["AUTH_GROUP_DATA"][$groupid]["params"] = unserialize(base64_decode($ligne["params"]));
}
$groupname = $_SESSION["AUTH_GROUP_DATA"][$groupid]["groupname"];
$group_type = $_SESSION["AUTH_GROUP_DATA"][$groupid]["group_type"];
$params = $_SESSION["AUTH_GROUP_DATA"][$groupid]["params"];
include_once dirname(__FILE__) . "/ressources/externals/jasigcas/CAS.php";
Debuglogs("Rule:{$ruleid} Groupid:{$groupid} checking group:{$groupname} type:{$group_type}", __FUNCTION__, __LINE__);
if (!preg_match("#\\?ticket=(.+)#", $_GET["uri"], $re)) {
Debuglogs("Not ticket found in `{$_GET["uri"]}`", __FUNCTION__, __LINE__);
return false;
}
//$_SESSION["USER"]=$user;
//$_SESSION["CASTIME"]=time();
if (preg_match("#\\?ticket=(.+)#", $_GET["uri"], $re)) {
$ticket = $re[1];
Debuglogs("{$_GET["uri"]} -> {$ticket}", __FUNCTION__, __LINE__);
$uriToSend = "https://auth.u-cergy.fr/serviceValidate?ticket={$ticket}&service=http://{$_GET["servername"]}";
Debuglogs("{$uriToSend}", __FUNCTION__, __LINE__);
@unlink("/tmp/toto.txt");
exec("wget \"{$uriToSend}\" -O /tmp/toto.txt");
$tr = explode("\n", @file_get_contents("/tmp/toto.txt"));
while (list($index, $alias) = each($tr)) {
Debuglogs("{$alias}", __FUNCTION__, __LINE__);
}
} else {
Debuglogs("{$_GET["uri"]} no pregmatch", __FUNCTION__, __LINE__);
}
if ($GLOBALS["DEBUG"]) {
Debuglogs("Rule:{$ruleid} Groupid:{$groupid} checking group:{$groupname} set to debug", __FUNCTION__, __LINE__);
phpCAS::setDebug("/var/log/apache2/cas.debug.log");
}
phpCAS::setDebug("/var/log/apache2/cas.debug.log");
Debuglogs("for debug purpose cmdline should be \"" . __FILE__ . " --cas {$groupid} {$ruleid}\"", __FUNCTION__, __LINE__);
$cas_host = $params["CAS_HOST"];
$cas_port = intval($params["CAS_PORT"]);
$cas_context = $params["CAS_CONTEXT"];
$certificate = $params["CAS_CERT"];
Debuglogs("Using certificate: {$certificate} ", __FUNCTION__, __LINE__);
Debuglogs("Rule:{$ruleid} Groupid:{$groupid} checking group:{$groupname} Initialize phpCAS host:{$cas_host} Port:\"{$cas_port}\" context={$cas_context}", __FUNCTION__, __LINE__);
phpCAS::client(CAS_VERSION_2_0, $cas_host, intval($cas_port), $cas_context);
//phpCAS::proxy(CAS_VERSION_2_0, $cas_host, intval($cas_port), $cas_context);
// For quick testing you can disable SSL validation of the CAS server.
// THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
// VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!
if (is_file($certificate)) {
//Debuglogs("Using certificate: $certificate ",__FUNCTION__,__LINE__);
//phpCAS::setCasServerCACert($certificate);
} else {
Debuglogs(" {$certificate} no such file", __FUNCTION__, __LINE__);
}
unset($_SESSION["AUTH_GROUP_DATA"]);
Debuglogs("Rule:{$ruleid} Groupid:{$groupid} checking group:{$groupname} Initialize phpCAS setNoCasServerValidation()", __FUNCTION__, __LINE__);
phpCAS::setNoCasServerValidation();
phpCAS::setFixedServiceURL("http://biblioweb.u-cergy.org");
//https://auth.u-cergy.fr/is/cas/serviceValidate?ticket=ST-956-Lyg0BdLkgdrBO9W17bXS&service=http://localhost/bling
//phpCAS::forceAuthentication();
if (!phpCAS::checkAuthentication()) {
Debuglogs("Rule:{$ruleid} Groupid:{$groupid} checking group:{$groupname} Initialize phpCAS, not authenticated", __FUNCTION__, __LINE__);
return false;
}
// force CAS authentication
//phpCAS::forceAuthentication();
return true;
}
/**
* Authentication choice (CAS or other)
* Redirection to the CAS form or to login/index.php
* for other authentication
*/
function loginpage_hook()
{
global $frm;
global $CFG;
global $SESSION, $OUTPUT, $PAGE;
$site = get_site();
$CASform = get_string('CASform', 'auth_cas');
$username = optional_param('username', '', PARAM_RAW);
if (!empty($username)) {
if (isset($SESSION->wantsurl) && (strstr($SESSION->wantsurl, 'ticket') || strstr($SESSION->wantsurl, 'NOCAS'))) {
unset($SESSION->wantsurl);
}
return;
}
// Return if CAS enabled and settings not specified yet
if (empty($this->config->hostname)) {
return;
}
// Connection to CAS server
$this->connectCAS();
if (phpCAS::checkAuthentication()) {
$frm = new stdClass();
$frm->username = phpCAS::getUser();
$frm->password = '******';
return;
}
if (isset($_GET['loginguest']) && $_GET['loginguest'] == true) {
$frm = new stdClass();
$frm->username = '******';
$frm->password = '******';
return;
}
if ($this->config->multiauth) {
$authCAS = optional_param('authCAS', '', PARAM_RAW);
if ($authCAS == 'NOCAS') {
return;
}
// Show authentication form for multi-authentication
// test pgtIou parameter for proxy mode (https connection
// in background from CAS server to the php server)
if ($authCAS != 'CAS' && !isset($_GET['pgtIou'])) {
$PAGE->set_url('/login/index.php');
$PAGE->navbar->add($CASform);
$PAGE->set_title("{$site->fullname}: {$CASform}");
$PAGE->set_heading($site->fullname);
echo $OUTPUT->header();
include $CFG->dirroot . '/auth/cas/cas_form.html';
echo $OUTPUT->footer();
exit;
}
}
// Force CAS authentication (if needed).
if (!phpCAS::isAuthenticated()) {
phpCAS::setLang($this->config->language);
phpCAS::forceAuthentication();
}
}
function cas_authenticate($auth, $new = false, $cas_host = null, $cas_port = null, $cas_context = null, $cas_cachain = null)
{
global $langConnectWith, $langNotSSL;
// SESSION does not exist if user has not been authenticated
$ret = array();
if (!$new) {
$cas = get_auth_settings($auth);
if ($cas) {
$cas_host = $cas['cas_host'];
$cas_port = $cas['cas_port'];
$cas_context = $cas['cas_context'];
$cas_cachain = $cas['cas_cachain'];
$casusermailattr = $cas['casusermailattr'];
$casuserfirstattr = $cas['casuserfirstattr'];
$casuserlastattr = $cas['casuserlastattr'];
$cas_altauth = $cas['cas_altauth'];
}
}
if ($new or $cas) {
$cas_url = 'https://' . $cas_host;
$cas_port = intval($cas_port);
if ($cas_port != '443') {
$cas_url = $cas_url . ':' . $cas_port;
}
$cas_url = $cas_url . $cas_context;
// The "real" hosts that send SAML logout messages
// Assumes the cas server is load balanced across multiple hosts
$cas_real_hosts = array($cas_host);
// Uncomment to enable debugging
// phpCAS::setDebug();
// Initialize phpCAS - keep session in application
$ret['message'] = "{$langConnectWith} {$cas_url}";
phpCAS::client(SAML_VERSION_1_1, $cas_host, $cas_port, $cas_context, FALSE);
// Set the CA certificate that is the issuer of the cert on the CAS server
if (isset($cas_cachain) && !empty($cas_cachain) && is_readable($cas_cachain)) {
phpCAS::setCasServerCACert($cas_cachain);
} else {
phpCAS::setNoCasServerValidation();
$ret['error'] = "{$langNotSSL}";
}
// Single Sign Out
//phpCAS::handleLogoutRequests(true, $cas_real_hosts);
// Force CAS authentication on any page that includes this file
phpCAS::forceAuthentication();
//$ret['attrs'] = get_cas_attrs(phpCAS::getAttributes(), $cas);
if (phpCAS::checkAuthentication()) {
$ret['attrs'] = phpCAS::getAttributes();
}
return $ret;
} else {
return null;
}
}
function _setCASGroups()
{
if (phpCAS::checkAuthentication()) {
$attributes = plaincas_pattern_attributes(phpCAS::getAttributes());
if (!is_array($attributes)) {
$attributes = array($attributes);
}
$patterns = plaincas_group_patterns();
if (!empty($patterns)) {
foreach ($patterns as $role => $pattern) {
foreach ($attributes as $attribute) {
// An invalid pattern will generate a php warning and will not be considered.
if (preg_match($pattern, $attribute)) {
$this->_addUserGroup($role);
}
}
}
} else {
foreach ($attributes as $attribute) {
// Add all attributes as groups
$this->_addUserGroup($attribute);
}
}
}
}
function authenticate()
{
include_once "./Services/Init/classes/class.ilInitialisation.php";
$this->init = new ilInitialisation();
$this->init->requireCommonIncludes();
//$init->initSettings();
if (!$this->getClient()) {
$this->__setMessage('No client given');
return false;
}
if (!$this->getUsername()) {
$this->__setMessage('No username given');
return false;
}
// Read ilias ini
if (!$this->__buildDSN()) {
$this->__setMessage('Error building dsn/Wrong client Id?');
return false;
}
if (!$this->__setSessionSaveHandler()) {
return false;
}
if (!$this->__checkAgreement('cas')) {
return false;
}
if (!$this->__buildAuth()) {
return false;
}
if ($this->soap_check and !$this->__checkSOAPEnabled()) {
$this->__setMessage('SOAP is not enabled in ILIAS administration for this client');
$this->__setMessageCode('Server');
return false;
}
// check whether authentication is valid
//if (!$this->auth->checkCASAuth())
if (!phpCAS::checkAuthentication()) {
$this->__setMessage('ilSOAPAuthenticationCAS::authenticate(): No valid CAS authentication.');
return false;
}
$this->auth->forceCASAuth();
if ($this->getUsername() != $this->auth->getCASUser()) {
$this->__setMessage('ilSOAPAuthenticationCAS::authenticate(): SOAP CAS user does not match to ticket user.');
return false;
}
include_once './Services/User/classes/class.ilObjUser.php';
$local_user = ilObjUser::_checkExternalAuthAccount("cas", $this->auth->getCASUser());
if ($local_user == "") {
$this->__setMessage('ilSOAPAuthenticationCAS::authenticate(): SOAP CAS user authenticated but not existing in ILIAS user database.');
return false;
}
/*
$init->initIliasIniFile();
$init->initSettings();
$ilias =& new ILIAS();
$GLOBALS['ilias'] =& $ilias;*/
$this->auth->start();
if (!$this->auth->getAuth()) {
$this->__getAuthStatus();
return false;
}
$this->setSid(session_id());
return true;
}
/**
* Populates this class' session array with the following variables
* netId
* area
*
* If the user is not authenticated, this function does nothing
*/
protected function getUserInfo()
{
// If the user is not authenticated, don't try to retrieve netId or area
if (!$this->authenticated) {
return;
}
// Pull information from CAS or LDAP, whichever way the user is authenticated
if (isset($_SESSION['ldap'])) {
$this->user['netId'] = $_SESSION['user'];
} else {
if (\phpCAS::checkAuthentication()) {
$this->user['netId'] = \phpCAS::getUser();
} else {
// This should never happen because they would somehow have authenticated set to true
// and not be logged in to CAS or LDAP
$this->user['netId'] = null;
}
}
// In case a problem occurred and netId was not set, don't try to get area
if ($this->user['netId'] == null) {
return;
}
// Pull area
$areaAcc = new \TMT\accessor\AreaAccessor();
$employeeAcc = new \TMT\accessor\Employee();
$employee = $employeeAcc->get($this->user['netId']);
if (isset($_COOKIE['area'])) {
if ($areaAcc->checkAreaRights($this->user['netId'], $_COOKIE['area'])) {
$this->user['area'] = $_COOKIE['area'];
} else {
// The cookie was changed to an area the user does not have rights to
// So unset the cookie and change to default area
unset($_COOKIE['area']);
setcookie("area", "", time() - 3600, '/');
$this->user['area'] = $employee->area;
}
} else {
// Cookie not set, use default area
$this->user['area'] = $employee->area;
}
$area = $areaAcc->get($this->user['area']);
$this->user['guid'] = $employee->guid;
$this->user['areaGuid'] = $area->guid;
}
function AuthenticateCASUser()
{
//phpCAS::setDebug("/tmp/phpCAS.log");
// Enable verbose error messages. Disable in production!
//phpCAS::setVerbose(true);
//echo "I'm in the AuthenticateCASUser function<br>";
if (isset($_SESSION)) {
//phpCAS::client(CAS_VERSION_2_0, $GLOBALS['cfg']['casserver'], intval($GLOBALS['cfg']['casport']), $GLOBALS['cfg']['cascontext'], false);
echo "Created the client (session already exists)...<br>";
phpCAS::setNoCasServerValidation();
if (phpCAS::checkAuthentication()) {
$username = phpCAS::getUser();
//echo "Username [$username]";
return $username;
} else {
phpCAS::forceAuthentication();
}
}
phpCAS::setNoCasServerValidation();
//echo "Set the no server validation...<br>";
//actually authenticate
if (phpCAS::checkAuthentication()) {
//echo "Already authenticated...<br>";
} else {
//echo "NOT already authenticated...<br>";
phpCAS::forceAuthentication();
# We'll never get back to this point! because CAS will redirect back to login.php with no POST variables passed in...
echo "Did the authentication...<br>";
}
return '';
}
//
// import phpCAS lib
include_once 'CAS.php';
phpCAS::setDebug();
// initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, 'sso-cas.univ-rennes1.fr', 443, '');
// no SSL validation for the CAS server
phpCAS::setNoCasServerValidation();
if (isset($_REQUEST['logout'])) {
phpCAS::logout();
}
if (isset($_REQUEST['login'])) {
phpCAS::forceAuthentication();
}
// check CAS authentication
$auth = phpCAS::checkAuthentication();
?>
<html>
<head>
<title>phpCAS simple client</title>
</head>
<body>
<?php
if ($auth) {
// for this test, simply print that the authentication was successfull
?>
<h1>Successfull Authentication!</h1>
<p>the user's login is <b><?php
echo phpCAS::getUser();
?>
</b>.</p>
/**
* checkCAS
*
* checks if a CAS Session is established, without forcing authentication
*
* @since version 1.0.1
* @access public
* @return string/boolean
*/
static function checkCAS($host = 'my', $dir = 'cas/')
{
self::setupCAS($host, $dir);
// check CAS authentication
$auth = phpCAS::checkAuthentication();
if ($auth) {
return phpCAS::getUser();
} else {
return false;
}
}
