📄 client.php
字号:
* @private */ function getServerLogoutURL() { // the URL is build only when needed if ( empty($this->_server['logout_url']) ) { $this->_server['logout_url'] = $this->getServerBaseURL().'logout'; } return $this->_server['logout_url']; } /** * This method sets the logout URL of the CAS server. * @param $url the logout URL * @private * @since 0.4.21 by Wyman Chan */ function setServerLogoutURL($url) { return $this->_server['logout_url'] = $url; } /** * This method checks to see if the request is secured via HTTPS * @return true if https, false otherwise * @private */ function isHttps() { //if ( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) ) { //0.4.24 by Hinnack if ( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { return true; } else { return false; } } // ######################################################################## // CONSTRUCTOR // ######################################################################## /** * CASClient constructor. * * @param $server_version the version of the CAS server * @param $proxy TRUE if the CAS client is a CAS proxy, FALSE otherwise * @param $server_hostname the hostname of the CAS server * @param $server_port the port the CAS server is running on * @param $server_uri the URI the CAS server is responding on * @param $start_session Have phpCAS start PHP sessions (default true) * * @return a newly created CASClient object * * @public */ function CASClient( $server_version, $proxy, $server_hostname, $server_port, $server_uri, $start_session = true) { phpCAS::traceBegin(); //activate session mechanism if desired if ($start_session) { session_start(); } $this->_proxy = $proxy; //check version switch ($server_version) { case CAS_VERSION_1_0: if ( $this->isProxy() ) phpCAS::error('CAS proxies are not supported in CAS ' .$server_version); break; case CAS_VERSION_2_0: break; default: phpCAS::error('this version of CAS (`' .$server_version .'\') is not supported by phpCAS ' .phpCAS::getVersion()); } $this->_server['version'] = $server_version; //check hostname if ( empty($server_hostname) || !preg_match('/[\.\d\-abcdefghijklmnopqrstuvwxyz]*/',$server_hostname) ) { phpCAS::error('bad CAS server hostname (`'.$server_hostname.'\')'); } $this->_server['hostname'] = $server_hostname; //check port if ( $server_port == 0 || !is_int($server_port) ) { phpCAS::error('bad CAS server port (`'.$server_hostname.'\')'); } $this->_server['port'] = $server_port; //check URI if ( !preg_match('/[\.\d\-_abcdefghijklmnopqrstuvwxyz\/]*/',$server_uri) ) { phpCAS::error('bad CAS server URI (`'.$server_uri.'\')'); } //add leading and trailing `/' and remove doubles $server_uri = preg_replace('/\/\//','/','/'.$server_uri.'/'); $this->_server['uri'] = $server_uri; //set to callback mode if PgtIou and PgtId CGI GET parameters are provided if ( $this->isProxy() ) { $this->setCallbackMode(!empty($_GET['pgtIou'])&&!empty($_GET['pgtId'])); } if ( $this->isCallbackMode() ) { //callback mode: check that phpCAS is secured if ( !$this->isHttps() ) { phpCAS::error('CAS proxies must be secured to use phpCAS; PGT\'s will not be received from the CAS server'); } } else { //normal mode: get ticket and remove it from CGI parameters for developpers $ticket = (isset($_GET['ticket']) ? $_GET['ticket'] : null); switch ($this->getServerVersion()) { case CAS_VERSION_1_0: // check for a Service Ticket if( preg_match('/^ST-/',$ticket) ) { phpCAS::trace('ST \''.$ticket.'\' found'); //ST present $this->setST($ticket); //ticket has been taken into account, unset it to hide it to applications unset($_GET['ticket']); } else if ( !empty($ticket) ) { //ill-formed ticket, halt phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')'); } break; case CAS_VERSION_2_0: // check for a Service or Proxy Ticket if( preg_match('/^[SP]T-/',$ticket) ) { phpCAS::trace('ST or PT \''.$ticket.'\' found'); $this->setPT($ticket); unset($_GET['ticket']); } else if ( !empty($ticket) ) { //ill-formed ticket, halt phpCAS::error('ill-formed ticket found in the URL (ticket=`'.htmlentities($ticket).'\')'); } break; } } phpCAS::traceEnd(); } /** @} */ // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX // XX XX // XX AUTHENTICATION XX // XX XX // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX /** * @addtogroup internalAuthentication * @{ */ /** * The Authenticated user. Written by CASClient::setUser(), read by CASClient::getUser(). * @attention client applications should use phpCAS::getUser(). * * @hideinitializer * @private */ var $_user = ''; /** * This method sets the CAS user's login name. * * @param $user the login name of the authenticated user. * * @private */ function setUser($user) { $this->_user = $user; } /** * This method returns the CAS user's login name. * @warning should be called only after CASClient::forceAuthentication() or * CASClient::isAuthenticated(), otherwise halt with an error. * * @return the login name of the authenticated user */ function getUser() { if ( empty($this->_user) ) { phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'); } return $this->_user; } /** * This method is called to be sure that the user is authenticated. When not * authenticated, halt by redirecting to the CAS server; otherwise return TRUE. * @return TRUE when the user is authenticated; otherwise halt. * @public */ function forceAuthentication() { phpCAS::traceBegin(); if ( $this->isAuthenticated() ) { // the user is authenticated, nothing to be done. phpCAS::trace('no need to authenticate'); $res = TRUE; } else { // the user is not authenticated, redirect to the CAS server unset($_SESSION['phpCAS']['auth_checked']); $this->redirectToCas(FALSE/* no gateway */); // never reached $res = FALSE; } phpCAS::traceEnd($res); return $res; } /** * An integer that gives the number of times authentication will be cached before rechecked. * * @hideinitializer * @private */ var $_cache_times_for_auth_recheck = 0; /** * Set the number of times authentication will be cached before rechecked. * * @param $n an integer. * * @public */ function setCacheTimesForAuthRequest($n) { $this->_cache_times_for_auth_recheck = $n; } /** * This method is called to check whether the user is authenticated or not. * @return TRUE when the user is authenticated, FALSE otherwise. * @public */ function checkAuthentication() { phpCAS::traceBegin(); if ( $this->isAuthenticated() ) { phpCAS::trace('user is authenticated'); $res = TRUE; } else if (isset($_SESSION['phpCAS']['auth_checked'])) { // the previous request has redirected the client to the CAS server with gateway=true unset($_SESSION['phpCAS']['auth_checked']); $res = FALSE; } else {// $_SESSION['phpCAS']['auth_checked'] = true;// $this->redirectToCas(TRUE/* gateway */); // // never reached// $res = FALSE; // avoid a check against CAS on every request if (! isset($_SESSION['phpCAS']['unauth_count']) ) $_SESSION['phpCAS']['unauth_count'] = -2; // uninitialized if (($_SESSION['phpCAS']['unauth_count'] != -2 && $this->_cache_times_for_auth_recheck == -1) || ($_SESSION['phpCAS']['unauth_count'] >= 0 && $_SESSION['phpCAS']['unauth_count'] < $this->_cache_times_for_auth_recheck)) { $res = FALSE; if ($this->_cache_times_for_auth_recheck != -1) { $_SESSION['phpCAS']['unauth_count']++; phpCAS::trace('user is not authenticated (cached for '.$_SESSION['phpCAS']['unauth_count'].' times of '.$this->_cache_times_for_auth_recheck.')'); } else { phpCAS::trace('user is not authenticated (cached for until login pressed)'); } } else { $_SESSION['phpCAS']['unauth_count'] = 0; $_SESSION['phpCAS']['auth_checked'] = true; phpCAS::trace('user is not authenticated (cache reset)'); $this->redirectToCas(TRUE/* gateway */); // never reached $res = FALSE; } } phpCAS::traceEnd($res); return $res; } /** * This method is called to check if the user is authenticated (previously or by * tickets given in the URL). * * @return TRUE when the user is authenticated. * * @public */ function isAuthenticated() { phpCAS::traceBegin(); $res = FALSE; $validate_url = ''; if ( $this->wasPreviouslyAuthenticated() ) { // the user has already (previously during the session) been // authenticated, nothing to be done. phpCAS::trace('user was already authenticated, no need to look for tickets'); $res = TRUE; } elseif ( $this->hasST() ) { // if a Service Ticket was given, validate it phpCAS::trace('ST `'.$this->getST().'\' is present'); $this->validateST($validate_url,$text_response,$tree_response); // if it fails, it halts phpCAS::trace('ST `'.$this->getST().'\' was validated'); if ( $this->isProxy() ) { $this->validatePGT($validate_url,$text_response,$tree_response); // idem phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); $_SESSION['phpCAS']['pgt'] = $this->getPGT(); } $_SESSION['phpCAS']['user'] = $this->getUser(); $res = TRUE; } elseif ( $this->hasPT() ) { // if a Proxy Ticket was given, validate it phpCAS::trace('PT `'.$this->getPT().'\' is present'); $this->validatePT($validate_url,$text_response,$tree_response); // note: if it fails, it halts phpCAS::trace('PT `'.$this->getPT().'\' was validated'); if ( $this->isProxy() ) { $this->validatePGT($validate_url,$text_response,$tree_response); // idem phpCAS::trace('PGT `'.$this->getPGT().'\' was validated'); $_SESSION['phpCAS']['pgt'] = $this->getPGT(); } $_SESSION['phpCAS']['user'] = $this->getUser(); $res = TRUE; } else { // no ticket given, not authenticated phpCAS::trace('no ticket found'); } phpCAS::traceEnd($res); return $res; } /** * This method tells if the current session is authenticated. * @return true if authenticated based soley on $_SESSION variable * @since 0.4.22 by Brendan Arnold */ function isSessionAuthenticated () { return !empty($_SESSION['phpCAS']['user']); } /** * This method tells if the user has already been (previously) authenticated * by looking into the session variables. * * @note This function switches to callback mode when needed. * * @return TRUE when the user has already been authenticated; FALSE otherwise. * * @private */ function wasPreviouslyAuthenticated() { phpCAS::traceBegin(); if ( $this->isCallbackMode() ) { $this->callback(); } $auth = FALSE; if ( $this->isProxy() ) { // CAS proxy: username and PGT must be present if ( $this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt']) ) { // authentication already done $this->setUser($_SESSION['phpCAS']['user']); $this->setPGT($_SESSION['phpCAS']['pgt']); phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\', PGT = `'.$_SESSION['phpCAS']['pgt'].'\''); $auth = TRUE; } elseif ( $this->isSessionAuthenticated() && empty($_SESSION['phpCAS']['pgt']) ) { // these two variables should be empty or not empty at the same time phpCAS::trace('username found (`'.$_SESSION['phpCAS']['user'].'\') but PGT is empty'); // unset all tickets to enforce authentication unset($_SESSION['phpCAS']); $this->setST(''); $this->setPT(''); } elseif ( !$this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt']) ) { // these two variables should be empty or not empty at the same time phpCAS::trace('PGT found (`'.$_SESSION['phpCAS']['pgt'].'\') but username is empty'); // unset all tickets to enforce authentication unset($_SESSION['phpCAS']); $this->setST(''); $this->setPT(''); } else { phpCAS::trace('neither user not PGT found'); } } else { // `simple' CAS client (not a proxy): username must be present if ( $this->isSessionAuthenticated() ) {⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -