client.php

很棒的在线教学系统

   * gives the reason why it failed and $output contains an error message).
   *
   * @public
   */
  function serviceWeb($url,&$err_code,&$output)
    {
      phpCAS::traceBegin();
      // at first retrieve a PT
      $pt = $this->retrievePT($url,$err_code,$output);

      $res = TRUE;
      
      // test if PT was retrieved correctly
      if ( !$pt ) {
	// note: $err_code and $err_msg are filled by CASClient::retrievePT()
	phpCAS::trace('PT was not retrieved correctly');
	$res = FALSE;
      } else {
	// add cookies if necessary
	if ( is_array($_SESSION['phpCAS']['services'][$url]['cookies']) ) {
	  foreach ( $_SESSION['phpCAS']['services'][$url]['cookies'] as $name => $val ) { 
	    $cookies[] = $name.'='.$val;
	  }
	}
	
	// build the URL including the PT
	if ( strstr($url,'?') === FALSE ) {
	  $service_url = $url.'?ticket='.$pt;
	} else {
	  $service_url = $url.'&ticket='.$pt;
	}
	
	phpCAS::trace('reading URL`'.$service_url.'\'');
	if ( !$this->readURL($service_url,$cookies,$headers,$output,$err_msg) ) {
	  phpCAS::trace('could not read URL`'.$service_url.'\'');
	  $err_code = PHPCAS_SERVICE_NOT_AVAILABLE;
	  // give an error message
	  $output = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE),
			    $service_url,
			    $err_msg);
	  $res = FALSE;
	} else {
	  // URL has been fetched, extract the cookies
	  phpCAS::trace('URL`'.$service_url.'\' has been read, storing cookies:');
	  foreach ( $headers as $header ) {
	    // test if the header is a cookie
	    if ( preg_match('/^Set-Cookie:/',$header) ) {
	      // the header is a cookie, remove the beginning
	      $header_val = preg_replace('/^Set-Cookie: */','',$header);
	      // extract interesting information
	      $name_val = strtok($header_val,'; ');
	      // extract the name and the value of the cookie
	      $cookie_name = strtok($name_val,'=');
	      $cookie_val = strtok('=');
	      // store the cookie 
	      $_SESSION['phpCAS']['services'][$url]['cookies'][$cookie_name] = $cookie_val;
	      phpCAS::trace($cookie_name.' -> '.$cookie_val);
	    }
	  }
	}
      }

      phpCAS::traceEnd($res);
      return $res;
  }

  /**
   * This method is used to access an IMAP/POP3/NNTP service.
   * 
   * @param $url a string giving the URL of the service, including the mailing box
   * for IMAP URLs, as accepted by imap_open().
   * @param $flags options given to imap_open().
   * @param $err_code an error code Possible values are PHPCAS_SERVICE_OK (on
   * success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE,
   * PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
   * @param $err_msg an error message on failure
   * @param $pt the Proxy Ticket (PT) retrieved from the CAS server to access the URL
   * on success, FALSE on error).
   *
   * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code
   * gives the reason why it failed and $err_msg contains an error message).
   *
   * @public
   */
  function serviceMail($url,$flags,&$err_code,&$err_msg,&$pt)
    {
      phpCAS::traceBegin();
      // at first retrieve a PT
      $pt = $this->retrievePT($target_service,$err_code,$output);

      $stream = FALSE;
      
      // test if PT was retrieved correctly
      if ( !$pt ) {
	// note: $err_code and $err_msg are filled by CASClient::retrievePT()
	phpCAS::trace('PT was not retrieved correctly');
      } else {
	phpCAS::trace('opening IMAP URL `'.$url.'\'...');
	$stream = @imap_open($url,$this->getUser(),$pt,$flags);
	if ( !$stream ) {
	  phpCAS::trace('could not open URL');
	  $err_code = PHPCAS_SERVICE_NOT_AVAILABLE;
	  // give an error message
	  $err_msg = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE),
			     $service_url,
			     var_export(imap_errors(),TRUE));
	  $pt = FALSE;
	  $stream = FALSE;
	} else {
	  phpCAS::trace('ok');
	}
      }

      phpCAS::traceEnd($stream);
      return $stream;
  }

  /** @} */

  // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  // XX                                                                    XX
  // XX                  PROXIED CLIENT FEATURES (CAS 2.0)                 XX
  // XX                                                                    XX
  // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  // ########################################################################
  //  PT
  // ########################################################################
  /**
   * @addtogroup internalProxied
   * @{
   */  
  
  /**
   * the Proxy Ticket provided in the URL of the request if present
   * (empty otherwise). Written by CASClient::CASClient(), read by 
   * CASClient::getPT() and CASClient::hasPGT().
   *
   * @hideinitializer
   * @private
   */
  var $_pt = '';
  
  /**
   * This method returns the Proxy Ticket provided in the URL of the request.
   * @return The proxy ticket.
   * @private
   */
  function getPT()
    {
      return 'ST'.substr($this->_pt, 2);
    }

  /**
   * This method stores the Proxy Ticket.
   * @param $pt The Proxy Ticket.
   * @private
   */
  function setPT($pt)
    { $this->_pt = $pt; }

  /**
   * This method tells if a Proxy Ticket was stored.
   * @return TRUE if a Proxy Ticket has been stored.
   * @private
   */
  function hasPT()
    { return !empty($this->_pt); }

  /** @} */
  // ########################################################################
  //  PT VALIDATION
  // ########################################################################
  /**
   * @addtogroup internalProxied
   * @{
   */  

  /**
   * This method is used to validate a PT; halt on failure
   * 
   * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError().
   *
   * @private
   */
  function validatePT(&$validate_url,&$text_response,&$tree_response)
    {
      phpCAS::traceBegin();
      // build the URL to validate the ticket
      $validate_url = $this->getServerProxyValidateURL().'&ticket='.$this->getPT();

      if ( $this->isProxy() ) {
      // pass the callback url for CAS proxies
	$validate_url .= '&pgtUrl='.$this->getCallbackURL();
      }

      // open and read the URL
      if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) {
	phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')');
	$this->authError('PT not validated',
			 $validate_url,
			 TRUE/*$no_response*/);
      }

      // read the response of the CAS server into a DOM object
      if ( !($dom = domxml_open_mem($text_response))) {
	// read failed
	$this->authError('PT not validated',
		     $validate_url,
		     FALSE/*$no_response*/,
		     TRUE/*$bad_response*/,
		     $text_response);
      }
      // read the root node of the XML tree
      if ( !($tree_response = $dom->document_element()) ) {
	// read failed
	$this->authError('PT not validated',
		     $validate_url,
		     FALSE/*$no_response*/,
		     TRUE/*$bad_response*/,
		     $text_response);
      }
      // insure that tag name is 'serviceResponse'
      if ( $tree_response->node_name() != 'serviceResponse' ) {
	// bad root node
	$this->authError('PT not validated',
		     $validate_url,
		     FALSE/*$no_response*/,
		     TRUE/*$bad_response*/,
		     $text_response);
      }
      if ( sizeof($arr = $tree_response->get_elements_by_tagname("authenticationSuccess")) != 0) {
	// authentication succeded, extract the user name
	if ( sizeof($arr = $tree_response->get_elements_by_tagname("user")) == 0) {
	  // no user specified => error
	  $this->authError('PT not validated',
		       $validate_url,
		       FALSE/*$no_response*/,
		       TRUE/*$bad_response*/,
		       $text_response);
	}
	$this->setUser(trim($arr[0]->get_content()));
	
      } else if ( sizeof($arr = $tree_response->get_elements_by_tagname("authenticationFailure")) != 0) {
	// authentication succeded, extract the error code and message
	$this->authError('PT not validated',
		     $validate_url,
		     FALSE/*$no_response*/,
		     FALSE/*$bad_response*/,
		     $text_response,
		     $arr[0]->get_attribute('code')/*$err_code*/,
		     trim($arr[0]->get_content())/*$err_msg*/);
      } else {
	$this->authError('PT not validated',
		     $validate_url,	
		     FALSE/*$no_response*/,
		     TRUE/*$bad_response*/,
		     $text_response);
      }
      
      // at this step, PT has been validated and $this->_user has been set,

      phpCAS::traceEnd(TRUE);
      return TRUE;
    }

  /** @} */

  // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  // XX                                                                    XX
  // XX                               MISC                                 XX
  // XX                                                                    XX
  // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  /**
   * @addtogroup internalMisc
   * @{
   */  
  
  // ########################################################################
  //  URL
  // ########################################################################
  /**
   * the URL of the current request (without any ticket CGI parameter). Written 
   * and read by CASClient::getURL().
   *
   * @hideinitializer
   * @private
   */
  var $_url = '';

  /**
   * This method returns the URL of the current request (without any ticket
   * CGI parameter).
   *
   * @return The URL
   *
   * @private
   */
  function getURL()
    {
      phpCAS::traceBegin();
      // the URL is built when needed only
      if ( empty($this->_url) ) {
	    $final_uri = '';
	    // remove the ticket if present in the URL
	    $final_uri = ($this->isHttps()) ? 'https' : 'http';
	    $final_uri .= '://';
	    /* replaced by Julien Marchal - v0.4.6
	     * $this->_url .= $_SERVER['SERVER_NAME'];
	     */
        if(empty($_SERVER['HTTP_X_FORWARDED_SERVER'])){
          /* replaced by teedog - v0.4.12
           * $this->_url .= $_SERVER['SERVER_NAME'];
           */
          if (empty($_SERVER['SERVER_NAME'])) {
            $server_name = $_SERVER['HTTP_HOST'];
          } else {
            $server_name = $_SERVER['SERVER_NAME'];
          }
        } else {
          $server_name = $_SERVER['HTTP_X_FORWARDED_SERVER'];
        }
      $final_uri .= $server_name;
      if (!strpos($server_name, ':')) {
  	    if ( ($this->isHttps() && $_SERVER['SERVER_PORT']!=443)
	       || (!$this->isHttps() && $_SERVER['SERVER_PORT']!=80) ) {
	      $final_uri .= ':';
	      $final_uri .= $_SERVER['SERVER_PORT'];
	    }
      }

	  $final_uri .= strtok($_SERVER['REQUEST_URI'],"?");
	  $cgi_params = '?'.strtok("?");
	  // remove the ticket if present in the CGI parameters
	  $cgi_params = preg_replace('/&ticket=[^&]*/','',$cgi_params);
	  $cgi_params = preg_replace('/\?ticket=[^&;]*/','?',$cgi_params);
	  $cgi_params = preg_replace('/\?%26/','?',$cgi_params);
	  $cgi_params = preg_replace('/\?&/','?',$cgi_params);
	  $cgi_params = preg_replace('/\?$/','',$cgi_params);
	  $final_uri .= $cgi_params;
	  $this->setURL($final_uri);
    }
    phpCAS::traceEnd($this->_url);
    return $this->_url;
  }

  /**
   * This method sets the URL of the current request 
   *
   * @param $url url to set for service
   *
   * @private
   */
  function setURL($url)
    {
      $this->_url = $url;
    }
  
  // ########################################################################
  //  AUTHENTICATION ERROR HANDLING
  // ########################################################################
  /**
   * This method is used to print the HTML output when the user was not authenticated.
   *
   * @param $failure the failure that occured
   * @param $cas_url the URL the CAS server was asked for
   * @param $no_response the response from the CAS server (other 
   * parameters are ignored if TRUE)
   * @param $bad_response bad response from the CAS server ($err_code
   * and $err_msg ignored if TRUE)
   * @param $cas_response the response of the CAS server
   * @param $err_code the error code given by the CAS server
   * @param $err_msg the error message given by the CAS server
   *
   * @private
   */
  function authError($failure,$cas_url,$no_response,$bad_response='',$cas_response='',$err_code='',$err_msg='')
    {
      phpCAS::traceBegin();

      $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_FAILED));
      printf($this->getString(CAS_STR_YOU_WERE_NOT_AUTHENTICATED),$this->getURL(),$_SERVER['SERVER_ADMIN']);
      phpCAS::trace('CAS URL: '.$cas_url);
      phpCAS::trace('Authentication failure: '.$failure);
      if ( $no_response ) {
	phpCAS::trace('Reason: no response from the CAS server');
      } else {
	if ( $bad_response ) {
	    phpCAS::trace('Reason: bad response from the CAS server');
	} else {
	  switch ($this->getServerVersion()) {
	  case CAS_VERSION_1_0:
	    phpCAS::trace('Reason: CAS error');
	    break;
	  case CAS_VERSION_2_0:
	    if ( empty($err_code) )
	      phpCAS::trace('Reason: no CAS error');
	    else
	      phpCAS::trace('Reason: ['.$err_code.'] CAS error: '.$err_msg);
	    break;
	  }
	}
	phpCAS::trace('CAS response: '.$cas_response);
      }
      $this->printHTMLFooter();
      phpCAS::traceExit();
      exit();
    }

  /** @} */
}

?>