From 7a8a3d6899d27cb598e7dc18efb6c6a271c8438b Mon Sep 17 00:00:00 2001 From: Adam Franco Date: Sat, 10 Sep 2011 03:46:05 +0000 Subject: [PATCH 1/5] Create branch for PHPCAS-126 work. git-svn-id: https://source.jasig.org/cas-clients/phpcas/branches/PHPCAS-126@24948 f5dbab47-78f9-eb45-b975-e544023573eb From 918857109ee2567ef97fb844e91b1e93e535e271 Mon Sep 17 00:00:00 2001 From: Adam Franco Date: Sat, 10 Sep 2011 04:19:21 +0000 Subject: [PATCH 2/5] PHPCAS-126 Global variables are now private static variables in phpCAS. This will prevent poorly written clients from accidentally accessing the CAS_client or other 'global' variables and for them to go through the API. $PHPCAS_AUTH_CHECK_CALL currently needs to be public since it is accessed by both phpCAS and CAS_Client. This should be refactored to make it not public or at least not public in the phpCAS class. git-svn-id: https://source.jasig.org/cas-clients/phpcas/branches/PHPCAS-126@24949 f5dbab47-78f9-eb45-b975-e544023573eb --- source/CAS.php | 483 +++++++++++++++++------------------------- source/CAS/Client.php | 3 +- 2 files changed, 195 insertions(+), 291 deletions(-) diff --git a/source/CAS.php b/source/CAS.php index ecdffa43..1a741a9e 100755 --- a/source/CAS.php +++ b/source/CAS.php @@ -241,60 +241,6 @@ */ define('DEFAULT_DEBUG_DIR', '/tmp/'); -/** @} */ -// ------------------------------------------------------------------------ -// MISC -// ------------------------------------------------------------------------ -/** - * @addtogroup internalMisc - * @{ - */ - -/** - * This global variable is used by the interface class phpCAS. - * - * @hideinitializer - */ -$GLOBALS['PHPCAS_CLIENT'] = null; - -/** - * This global variable is used to store where the initializer is called from - * (to print a comprehensive error in case of multiple calls). - * - * @hideinitializer - */ -$GLOBALS['PHPCAS_INIT_CALL'] = array ( - 'done' => FALSE, - 'file' => '?', - 'line' => -1, - 'method' => '?' -); - -/** - * This global variable is used to store where the method checking - * the authentication is called from (to print comprehensive errors) - * - * @hideinitializer - */ -$GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array ( - 'done' => FALSE, - 'file' => '?', - 'line' => -1, - 'method' => '?', - 'result' => FALSE -); - -/** - * This global variable is used to store phpCAS debug mode. - * - * @hideinitializer - */ -$GLOBALS['PHPCAS_DEBUG'] = array ( - 'filename' => FALSE, - 'indent' => 0, - 'unique_id' => '' -); - /** @} */ // ######################################################################## @@ -321,6 +267,37 @@ */ class phpCAS { + + /** + * This global variable is used by the interface class phpCAS. + * + * @hideinitializer + */ + private static $PHPCAS_CLIENT; + + /** + * This global variable is used to store where the initializer is called from + * (to print a comprehensive error in case of multiple calls). + * + * @hideinitializer + */ + private static $PHPCAS_INIT_CALL; + + /** + * This global variable is used to store where the method checking + * the authentication is called from (to print comprehensive errors) + * + * @hideinitializer + */ + public static $PHPCAS_AUTH_CHECK_CALL; // Note that this has to be public due to usage by the CAS_client. + + /** + * This global variable is used to store phpCAS debug mode. + * + * @hideinitializer + */ + private static $PHPCAS_DEBUG; + // ######################################################################## // INITIALIZATION @@ -346,11 +323,9 @@ class phpCAS { * @return a newly created CAS_Client object */ public static function client($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) { - global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL; - phpCAS :: traceBegin(); - if (is_object($PHPCAS_CLIENT)) { - phpCAS :: error($PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . $PHPCAS_INIT_CALL['file'] . ':' . $PHPCAS_INIT_CALL['line'] . ')'); + if (is_object(self::$PHPCAS_CLIENT)) { + phpCAS :: error(self::$PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . self::$PHPCAS_INIT_CALL['file'] . ':' . self::$PHPCAS_INIT_CALL['line'] . ')'); } if (gettype($server_version) != 'string') { phpCAS :: error('type mismatched for parameter $server_version (should be `string\')'); @@ -367,7 +342,7 @@ public static function client($server_version, $server_hostname, $server_port, $ // store where the initializer is called from $dbg = debug_backtrace(); - $PHPCAS_INIT_CALL = array ( + self::$PHPCAS_INIT_CALL = array ( 'done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], @@ -375,7 +350,7 @@ public static function client($server_version, $server_hostname, $server_port, $ ); // initialize the global object $PHPCAS_CLIENT - $PHPCAS_CLIENT = new CAS_Client($server_version, FALSE /*proxy*/ + self::$PHPCAS_CLIENT = new CAS_Client($server_version, FALSE /*proxy*/ , $server_hostname, $server_port, $server_uri, $start_session); phpCAS :: traceEnd(); } @@ -395,11 +370,9 @@ public static function client($server_version, $server_hostname, $server_port, $ * @return a newly created CAS_Client object */ public static function proxy($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) { - global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL; - phpCAS :: traceBegin(); - if (is_object($PHPCAS_CLIENT)) { - phpCAS :: error($PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . $PHPCAS_INIT_CALL['file'] . ':' . $PHPCAS_INIT_CALL['line'] . ')'); + if (is_object(self::$PHPCAS_CLIENT)) { + phpCAS :: error(self::$PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . self::$PHPCAS_INIT_CALL['file'] . ':' . self::$PHPCAS_INIT_CALL['line'] . ')'); } if (gettype($server_version) != 'string') { phpCAS :: error('type mismatched for parameter $server_version (should be `string\')'); @@ -416,7 +389,7 @@ public static function proxy($server_version, $server_hostname, $server_port, $s // store where the initialzer is called from $dbg = debug_backtrace(); - $PHPCAS_INIT_CALL = array ( + self::$PHPCAS_INIT_CALL = array ( 'done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], @@ -424,7 +397,7 @@ public static function proxy($server_version, $server_hostname, $server_port, $s ); // initialize the global object $PHPCAS_CLIENT - $PHPCAS_CLIENT = new CAS_Client($server_version, TRUE /*proxy*/ + self::$PHPCAS_CLIENT = new CAS_Client($server_version, TRUE /*proxy*/ , $server_hostname, $server_port, $server_uri, $start_session); phpCAS :: traceEnd(); } @@ -445,13 +418,11 @@ public static function proxy($server_version, $server_hostname, $server_port, $s * @param $filename the name of the file used for logging, or FALSE to stop debugging. */ public static function setDebug($filename = '') { - global $PHPCAS_DEBUG; - if ($filename != FALSE && gettype($filename) != 'string') { phpCAS :: error('type mismatched for parameter $dbg (should be FALSE or the name of the log file)'); } if ($filename === FALSE){ - unset($PHPCAS_DEBUG['filename']); + unset(self::$PHPCAS_DEBUG['filename']); }else{ if (empty ($filename)) { if (preg_match('/^Win.*/', getenv('OS'))) { @@ -469,8 +440,8 @@ public static function setDebug($filename = '') { $filename = $debugDir . 'phpCAS.log'; } - if (empty ($PHPCAS_DEBUG['unique_id'])) { - $PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))), 0, 4); + if (empty (self::$PHPCAS_DEBUG['unique_id'])) { + self::$PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))), 0, 4); } $PHPCAS_DEBUG['filename'] = $filename; @@ -489,15 +460,14 @@ public static function setDebug($filename = '') { */ public static function log($str) { $indent_str = "."; - global $PHPCAS_DEBUG; - if (isset($PHPCAS_DEBUG['filename']) && ($PHPCAS_DEBUG['filename'])) { - for ($i = 0; $i < $PHPCAS_DEBUG['indent']; $i++) { + if (isset(self::$PHPCAS_DEBUG['filename']) && (self::$PHPCAS_DEBUG['filename'])) { + for ($i = 0; $i < self::$PHPCAS_DEBUG['indent']; $i++) { $indent_str .= '| '; } // allow for multiline output with proper identing. Usefull for dumping cas answers etc. - $str2 = str_replace("\n", "\n" . $PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str, $str); - error_log($PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str . $str2 . "\n", 3, $PHPCAS_DEBUG['filename']); + $str2 = str_replace("\n", "\n" . self::$PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str, $str); + error_log(self::$PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str . $str2 . "\n", 3, self::$PHPCAS_DEBUG['filename']); } } @@ -543,8 +513,6 @@ public static function trace($str) { * This method is used to indicate the start of the execution of a function in debug mode. */ public static function traceBegin() { - global $PHPCAS_DEBUG; - $dbg = debug_backtrace(); $str = '=> '; if (!empty ($dbg[1]['class'])) { @@ -573,7 +541,7 @@ public static function traceBegin() { $line = 'unknown_line'; $str .= ') [' . $file . ':' . $line . ']'; phpCAS :: log($str); - $PHPCAS_DEBUG['indent']++; + self::$PHPCAS_DEBUG['indent']++; } /** @@ -582,9 +550,7 @@ public static function traceBegin() { * @param $res the result of the function */ public static function traceEnd($res = '') { - global $PHPCAS_DEBUG; - - $PHPCAS_DEBUG['indent']--; + self::$PHPCAS_DEBUG['indent']--; $dbg = debug_backtrace(); $str = ''; if(is_object($res)){ @@ -600,12 +566,10 @@ public static function traceEnd($res = '') { * This method is used to indicate the end of the execution of the program */ public static function traceExit() { - global $PHPCAS_DEBUG; - phpCAS :: log('exit()'); - while ($PHPCAS_DEBUG['indent'] > 0) { + while (self::$PHPCAS_DEBUG['indent'] > 0) { phpCAS :: log('-'); - $PHPCAS_DEBUG['indent']--; + self::$PHPCAS_DEBUG['indent']--; } } @@ -627,14 +591,13 @@ public static function traceExit() { * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH */ public static function setLang($lang) { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } if (gettype($lang) != 'string') { phpCAS :: error('type mismatched for parameter $lang (should be `string\')'); } - $PHPCAS_CLIENT->setLang($lang); + self::$PHPCAS_CLIENT->setLang($lang); } /** @} */ @@ -670,14 +633,13 @@ public static function getVersion() { * @param $header the HTML header. */ public static function setHTMLHeader($header) { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } if (gettype($header) != 'string') { phpCAS :: error('type mismatched for parameter $header (should be `string\')'); } - $PHPCAS_CLIENT->setHTMLHeader($header); + self::$PHPCAS_CLIENT->setHTMLHeader($header); } /** @@ -686,14 +648,13 @@ public static function setHTMLHeader($header) { * @param $footer the HTML footer. */ public static function setHTMLFooter($footer) { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } if (gettype($footer) != 'string') { phpCAS :: error('type mismatched for parameter $footer (should be `string\')'); } - $PHPCAS_CLIENT->setHTMLFooter($footer); + self::$PHPCAS_CLIENT->setHTMLFooter($footer); } /** @} */ @@ -711,22 +672,20 @@ public static function setHTMLFooter($footer) { * @param $storage a PGT storage object that inherits from the CAS_PGTStorage class */ public static function setPGTStorage($storage) { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (!$PHPCAS_CLIENT->isProxy()) { + if (!self::$PHPCAS_CLIENT->isProxy()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if ($PHPCAS_AUTH_CHECK_CALL['done']) { - phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')'); + if (self::$PHPCAS_AUTH_CHECK_CALL['done']) { + phpCAS :: error('this method should only be called before ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ')'); } if ( !($storage instanceof CAS_PGTStorage) ) { phpCAS :: error('type mismatched for parameter $storage (should be a CAS_PGTStorage `object\')'); } - $PHPCAS_CLIENT->setPGTStorage($storage); + self::$PHPCAS_CLIENT->setPGTStorage($storage); phpCAS :: traceEnd(); } @@ -741,17 +700,15 @@ public static function setPGTStorage($storage) { * @param $driver_options any driver options to use when connecting to the database */ public static function setPGTStorageDb($dsn_or_pdo, $username='', $password='', $table='', $driver_options=null) { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (!$PHPCAS_CLIENT->isProxy()) { + if (!self::$PHPCAS_CLIENT->isProxy()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if ($PHPCAS_AUTH_CHECK_CALL['done']) { - phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')'); + if (self::$PHPCAS_AUTH_CHECK_CALL['done']) { + phpCAS :: error('this method should only be called before ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ')'); } if (gettype($username) != 'string') { phpCAS :: error('type mismatched for parameter $username (should be `string\')'); @@ -762,7 +719,7 @@ public static function setPGTStorageDb($dsn_or_pdo, $username='', $password='', if (gettype($table) != 'string') { phpCAS :: error('type mismatched for parameter $table (should be `string\')'); } - $PHPCAS_CLIENT->setPGTStorageDb($dsn_or_pdo, $username, $password, $table, $driver_options); + self::$PHPCAS_CLIENT->setPGTStorageDb($dsn_or_pdo, $username, $password, $table, $driver_options); phpCAS :: traceEnd(); } @@ -773,17 +730,15 @@ public static function setPGTStorageDb($dsn_or_pdo, $username='', $password='', * @param $path the path where the PGT's should be stored */ public static function setPGTStorageFile($format = '', $path = '') { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (!$PHPCAS_CLIENT->isProxy()) { + if (!self::$PHPCAS_CLIENT->isProxy()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if ($PHPCAS_AUTH_CHECK_CALL['done']) { - phpCAS :: error('this method should only be called before ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ')'); + if (self::$PHPCAS_AUTH_CHECK_CALL['done']) { + phpCAS :: error('this method should only be called before ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ')'); } if (gettype($format) != 'string') { phpCAS :: error('type mismatched for parameter $format (should be `string\')'); @@ -791,7 +746,7 @@ public static function setPGTStorageFile($format = '', $path = '') { if (gettype($path) != 'string') { phpCAS :: error('type mismatched for parameter $format (should be `string\')'); } - $PHPCAS_CLIENT->setPGTStorageFile($path); + self::$PHPCAS_CLIENT->setPGTStorageFile($path); phpCAS :: traceEnd(); } @@ -817,26 +772,24 @@ public static function setPGTStorageFile($format = '', $path = '') { * @throws InvalidArgumentException If the service type is unknown. */ public static function getProxiedService ($type) { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (!$PHPCAS_CLIENT->isProxy()) { + if (!self::$PHPCAS_CLIENT->isProxy()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (!$PHPCAS_AUTH_CHECK_CALL['done']) { + if (!self::$PHPCAS_AUTH_CHECK_CALL['done']) { phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()'); } - if (!$PHPCAS_AUTH_CHECK_CALL['result']) { - phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); + if (!self::$PHPCAS_AUTH_CHECK_CALL['result']) { + phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); } if (gettype($type) != 'string') { phpCAS :: error('type mismatched for parameter $type (should be `string\')'); } - $res = $PHPCAS_CLIENT->getProxiedService($type); + $res = self::$PHPCAS_CLIENT->getProxiedService($type); phpCAS :: traceEnd(); return $res; @@ -854,22 +807,20 @@ public static function getProxiedService ($type) { * PHPCAS_SERVICE_PT_FAILURE */ public static function initializeProxiedService (CAS_ProxiedService $proxiedService) { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (!$PHPCAS_CLIENT->isProxy()) { + if (!self::$PHPCAS_CLIENT->isProxy()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (!$PHPCAS_AUTH_CHECK_CALL['done']) { + if (!self::$PHPCAS_AUTH_CHECK_CALL['done']) { phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()'); } - if (!$PHPCAS_AUTH_CHECK_CALL['result']) { - phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); + if (!self::$PHPCAS_AUTH_CHECK_CALL['result']) { + phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); } - $PHPCAS_CLIENT->initializeProxiedService($proxiedService); + self::$PHPCAS_CLIENT->initializeProxiedService($proxiedService); } /** @@ -886,26 +837,24 @@ public static function initializeProxiedService (CAS_ProxiedService $proxiedServ * gives the reason why it failed and $output contains an error message). */ public static function serviceWeb($url, & $err_code, & $output) { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (!$PHPCAS_CLIENT->isProxy()) { + if (!self::$PHPCAS_CLIENT->isProxy()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (!$PHPCAS_AUTH_CHECK_CALL['done']) { + if (!self::$PHPCAS_AUTH_CHECK_CALL['done']) { phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()'); } - if (!$PHPCAS_AUTH_CHECK_CALL['result']) { - phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); + if (!self::$PHPCAS_AUTH_CHECK_CALL['result']) { + phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); } if (gettype($url) != 'string') { phpCAS :: error('type mismatched for parameter $url (should be `string\')'); } - $res = $PHPCAS_CLIENT->serviceWeb($url, $err_code, $output); + $res = self::$PHPCAS_CLIENT->serviceWeb($url, $err_code, $output); phpCAS :: traceEnd($res); return $res; @@ -929,20 +878,18 @@ public static function serviceWeb($url, & $err_code, & $output) { * gives the reason why it failed and $err_msg contains an error message). */ public static function serviceMail($url, $service, $flags, & $err_code, & $err_msg, & $pt) { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (!$PHPCAS_CLIENT->isProxy()) { + if (!self::$PHPCAS_CLIENT->isProxy()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (!$PHPCAS_AUTH_CHECK_CALL['done']) { + if (!self::$PHPCAS_AUTH_CHECK_CALL['done']) { phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()'); } - if (!$PHPCAS_AUTH_CHECK_CALL['result']) { - phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); + if (!self::$PHPCAS_AUTH_CHECK_CALL['result']) { + phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); } if (gettype($url) != 'string') { phpCAS :: error('type mismatched for parameter $url (should be `string\')'); @@ -952,7 +899,7 @@ public static function serviceMail($url, $service, $flags, & $err_code, & $err_m phpCAS :: error('type mismatched for parameter $flags (should be `integer\')'); } - $res = $PHPCAS_CLIENT->serviceMail($url, $service, $flags, $err_code, $err_msg, $pt); + $res = self::$PHPCAS_CLIENT->serviceMail($url, $service, $flags, $err_code, $err_msg, $pt); phpCAS :: traceEnd($res); return $res; @@ -976,14 +923,13 @@ public static function serviceMail($url, $service, $flags, & $err_code, & $err_m * @param $n an integer. */ public static function setCacheTimesForAuthRecheck($n) { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } if (gettype($n) != 'integer') { phpCAS :: error('type mismatched for parameter $header (should be `string\')'); } - $PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n); + self::$PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n); } /** @@ -1005,12 +951,11 @@ public static function setCacheTimesForAuthRecheck($n) { * @return void */ public static function setPostAuthenticateCallback ($function, array $additionalArgs = array()) { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - $PHPCAS_CLIENT->setPostAuthenticateCallback($function, $additionalArgs); + self::$PHPCAS_CLIENT->setPostAuthenticateCallback($function, $additionalArgs); } /** @@ -1027,12 +972,11 @@ public static function setPostAuthenticateCallback ($function, array $additional * @return void */ public static function setSingleSignoutCallback ($function, array $additionalArgs = array()) { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - $PHPCAS_CLIENT->setSingleSignoutCallback($function, $additionalArgs); + self::$PHPCAS_CLIENT->setSingleSignoutCallback($function, $additionalArgs); } /** @@ -1042,18 +986,16 @@ public static function setSingleSignoutCallback ($function, array $additionalArg * the function will not return if the user is redirected to the cas server for a gateway login attempt */ public static function checkAuthentication() { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - $auth = $PHPCAS_CLIENT->checkAuthentication(); + $auth = self::$PHPCAS_CLIENT->checkAuthentication(); // store where the authentication has been checked and the result $dbg = debug_backtrace(); - $PHPCAS_AUTH_CHECK_CALL = array ( + self::$PHPCAS_AUTH_CHECK_CALL = array ( 'done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], @@ -1070,18 +1012,16 @@ public static function checkAuthentication() { * the CAS server. */ public static function forceAuthentication() { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - $auth = $PHPCAS_CLIENT->forceAuthentication(); + $auth = self::$PHPCAS_CLIENT->forceAuthentication(); // store where the authentication has been checked and the result $dbg = debug_backtrace(); - $PHPCAS_AUTH_CHECK_CALL = array ( + self::$PHPCAS_AUTH_CHECK_CALL = array ( 'done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], @@ -1091,7 +1031,7 @@ public static function forceAuthentication() { /* if (!$auth) { phpCAS :: trace('user is not authenticated, redirecting to the CAS server'); - $PHPCAS_CLIENT->forceAuthentication(); + self::$PHPCAS_CLIENT->forceAuthentication(); } else { phpCAS :: trace('no need to authenticate (user `' . phpCAS :: getUser() . '\' is already authenticated)'); }*/ @@ -1104,16 +1044,14 @@ public static function forceAuthentication() { * This method is called to renew the authentication. **/ public static function renewAuthentication() { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - $auth = $PHPCAS_CLIENT->renewAuthentication(); + $auth = self::$PHPCAS_CLIENT->renewAuthentication(); // store where the authentication has been checked and the result $dbg = debug_backtrace(); - $PHPCAS_AUTH_CHECK_CALL = array ( + self::$PHPCAS_AUTH_CHECK_CALL = array ( 'done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], @@ -1121,7 +1059,7 @@ public static function renewAuthentication() { 'result' => $auth ); - //$PHPCAS_CLIENT->renewAuthentication(); + //self::$PHPCAS_CLIENT->renewAuthentication(); phpCAS :: traceEnd(); } @@ -1132,19 +1070,17 @@ public static function renewAuthentication() { * @return TRUE when the user is authenticated. */ public static function isAuthenticated() { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } // call the isAuthenticated method of the global $PHPCAS_CLIENT object - $auth = $PHPCAS_CLIENT->isAuthenticated(); + $auth = self::$PHPCAS_CLIENT->isAuthenticated(); // store where the authentication has been checked and the result $dbg = debug_backtrace(); - $PHPCAS_AUTH_CHECK_CALL = array ( + self::$PHPCAS_AUTH_CHECK_CALL = array ( 'done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], @@ -1162,11 +1098,10 @@ public static function isAuthenticated() { * @since 0.4.22 by Brendan Arnold */ public static function isSessionAuthenticated() { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - return ($PHPCAS_CLIENT->isSessionAuthenticated()); + return (self::$PHPCAS_CLIENT->isSessionAuthenticated()); } /** @@ -1177,17 +1112,16 @@ public static function isSessionAuthenticated() { * @return the login name of the authenticated user */ public static function getUser() { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - if (!$PHPCAS_AUTH_CHECK_CALL['done']) { + if (!self::$PHPCAS_AUTH_CHECK_CALL['done']) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); } - if (!$PHPCAS_AUTH_CHECK_CALL['result']) { - phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); + if (!self::$PHPCAS_AUTH_CHECK_CALL['result']) { + phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); } - return $PHPCAS_CLIENT->getUser(); + return self::$PHPCAS_CLIENT->getUser(); } /** @@ -1199,17 +1133,16 @@ public static function getUser() { * @return array */ public static function getAttributes() { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - if (!$PHPCAS_AUTH_CHECK_CALL['done']) { + if (!self::$PHPCAS_AUTH_CHECK_CALL['done']) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); } - if (!$PHPCAS_AUTH_CHECK_CALL['result']) { - phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); + if (!self::$PHPCAS_AUTH_CHECK_CALL['result']) { + phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); } - return $PHPCAS_CLIENT->getAttributes(); + return self::$PHPCAS_CLIENT->getAttributes(); } /** @@ -1221,17 +1154,16 @@ public static function getAttributes() { * @return boolean */ public static function hasAttributes() { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - if (!$PHPCAS_AUTH_CHECK_CALL['done']) { + if (!self::$PHPCAS_AUTH_CHECK_CALL['done']) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); } - if (!$PHPCAS_AUTH_CHECK_CALL['result']) { - phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); + if (!self::$PHPCAS_AUTH_CHECK_CALL['result']) { + phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); } - return $PHPCAS_CLIENT->hasAttributes(); + return self::$PHPCAS_CLIENT->hasAttributes(); } /** @@ -1244,17 +1176,16 @@ public static function hasAttributes() { * @return boolean */ public static function hasAttribute($key) { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - if (!$PHPCAS_AUTH_CHECK_CALL['done']) { + if (!self::$PHPCAS_AUTH_CHECK_CALL['done']) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); } - if (!$PHPCAS_AUTH_CHECK_CALL['result']) { - phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); + if (!self::$PHPCAS_AUTH_CHECK_CALL['result']) { + phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); } - return $PHPCAS_CLIENT->hasAttribute($key); + return self::$PHPCAS_CLIENT->hasAttribute($key); } /** @@ -1267,28 +1198,26 @@ public static function hasAttribute($key) { * @return mixed string for a single value or an array if multiple values exist. */ public static function getAttribute($key) { - global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL; - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - if (!$PHPCAS_AUTH_CHECK_CALL['done']) { + if (!self::$PHPCAS_AUTH_CHECK_CALL['done']) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); } - if (!$PHPCAS_AUTH_CHECK_CALL['result']) { - phpCAS :: error('authentication was checked (by ' . $PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . $PHPCAS_AUTH_CHECK_CALL['file'] . ':' . $PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); + if (!self::$PHPCAS_AUTH_CHECK_CALL['result']) { + phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); } - return $PHPCAS_CLIENT->getAttribute($key); + return self::$PHPCAS_CLIENT->getAttribute($key); } /** * Handle logout requests. */ public static function handleLogoutRequests($check_client = true, $allowed_clients = false) { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - return ($PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients)); + return (self::$PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients)); } /** @@ -1298,11 +1227,10 @@ public static function handleLogoutRequests($check_client = true, $allowed_clien * @return the login name of the authenticated user */ public static function getServerLoginURL() { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - return $PHPCAS_CLIENT->getServerLoginURL(); + return self::$PHPCAS_CLIENT->getServerLoginURL(); } /** @@ -1311,9 +1239,8 @@ public static function getServerLoginURL() { * @since 0.4.21 by Wyman Chan */ public static function setServerLoginURL($url = '') { - global $PHPCAS_CLIENT; phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client()'); } @@ -1321,7 +1248,7 @@ public static function setServerLoginURL($url = '') { phpCAS :: error('type mismatched for parameter $url (should be `string\')'); } - $PHPCAS_CLIENT->setServerLoginURL($url); + self::$PHPCAS_CLIENT->setServerLoginURL($url); phpCAS :: traceEnd(); } @@ -1332,9 +1259,8 @@ public static function setServerLoginURL($url = '') { * @since 1.1.0 by Joachim Fritschi */ public static function setServerServiceValidateURL($url = '') { - global $PHPCAS_CLIENT; phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client()'); } @@ -1342,7 +1268,7 @@ public static function setServerServiceValidateURL($url = '') { phpCAS :: error('type mismatched for parameter $url (should be `string\')'); } - $PHPCAS_CLIENT->setServerServiceValidateURL($url); + self::$PHPCAS_CLIENT->setServerServiceValidateURL($url); phpCAS :: traceEnd(); } @@ -1353,9 +1279,8 @@ public static function setServerServiceValidateURL($url = '') { * @since 1.1.0 by Joachim Fritschi */ public static function setServerProxyValidateURL($url = '') { - global $PHPCAS_CLIENT; phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client()'); } @@ -1363,7 +1288,7 @@ public static function setServerProxyValidateURL($url = '') { phpCAS :: error('type mismatched for parameter $url (should be `string\')'); } - $PHPCAS_CLIENT->setServerProxyValidateURL($url); + self::$PHPCAS_CLIENT->setServerProxyValidateURL($url); phpCAS :: traceEnd(); } @@ -1373,9 +1298,8 @@ public static function setServerProxyValidateURL($url = '') { * @since 1.1.0 by Joachim Fritschi */ public static function setServerSamlValidateURL($url = '') { - global $PHPCAS_CLIENT; phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client()'); } @@ -1383,7 +1307,7 @@ public static function setServerSamlValidateURL($url = '') { phpCAS :: error('type mismatched for parameter $url (should be `string\')'); } - $PHPCAS_CLIENT->setServerSamlValidateURL($url); + self::$PHPCAS_CLIENT->setServerSamlValidateURL($url); phpCAS :: traceEnd(); } @@ -1394,11 +1318,10 @@ public static function setServerSamlValidateURL($url = '') { * @return the login name of the authenticated user */ public static function getServerLogoutURL() { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - return $PHPCAS_CLIENT->getServerLogoutURL(); + return self::$PHPCAS_CLIENT->getServerLogoutURL(); } /** @@ -1407,9 +1330,8 @@ public static function getServerLogoutURL() { * @since 0.4.21 by Wyman Chan */ public static function setServerLogoutURL($url = '') { - global $PHPCAS_CLIENT; phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client()'); } @@ -1417,7 +1339,7 @@ public static function setServerLogoutURL($url = '') { phpCAS :: error('type mismatched for parameter $url (should be `string\')'); } - $PHPCAS_CLIENT->setServerLogoutURL($url); + self::$PHPCAS_CLIENT->setServerLogoutURL($url); phpCAS :: traceEnd(); } @@ -1427,9 +1349,8 @@ public static function setServerLogoutURL($url = '') { * @public */ public static function logout($params = "") { - global $PHPCAS_CLIENT; phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } $parsedParams = array (); @@ -1447,7 +1368,7 @@ public static function logout($params = "") { $parsedParams[$key] = $value; } } - $PHPCAS_CLIENT->logout($parsedParams); + self::$PHPCAS_CLIENT->logout($parsedParams); // never reached phpCAS :: traceEnd(); } @@ -1457,15 +1378,14 @@ public static function logout($params = "") { * @param $service a URL that will be transmitted to the CAS server */ public static function logoutWithRedirectService($service) { - global $PHPCAS_CLIENT; phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } if (!is_string($service)) { phpCAS :: error('type mismatched for parameter $service (should be `string\')'); } - $PHPCAS_CLIENT->logout(array ( + self::$PHPCAS_CLIENT->logout(array ( "service" => $service )); // never reached @@ -1479,15 +1399,14 @@ public static function logoutWithRedirectService($service) { */ public static function logoutWithUrl($url) { trigger_error('Function deprecated for cas servers >= 3.3.5.1', E_USER_DEPRECATED); - global $PHPCAS_CLIENT; phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } if (!is_string($url)) { phpCAS :: error('type mismatched for parameter $url (should be `string\')'); } - $PHPCAS_CLIENT->logout(array ( + self::$PHPCAS_CLIENT->logout(array ( "url" => $url )); // never reached @@ -1502,9 +1421,8 @@ public static function logoutWithUrl($url) { */ public static function logoutWithRedirectServiceAndUrl($service, $url) { trigger_error('Function deprecated for cas servers >= 3.3.5.1', E_USER_DEPRECATED); - global $PHPCAS_CLIENT; phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } if (!is_string($service)) { @@ -1513,7 +1431,7 @@ public static function logoutWithRedirectServiceAndUrl($service, $url) { if (!is_string($url)) { phpCAS :: error('type mismatched for parameter $url (should be `string\')'); } - $PHPCAS_CLIENT->logout(array ( + self::$PHPCAS_CLIENT->logout(array ( "service" => $service, "url" => $url )); @@ -1528,18 +1446,17 @@ public static function logoutWithRedirectServiceAndUrl($service, $url) { * @param $url the URL */ public static function setFixedCallbackURL($url = '') { - global $PHPCAS_CLIENT; phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (!$PHPCAS_CLIENT->isProxy()) { + if (!self::$PHPCAS_CLIENT->isProxy()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } if (gettype($url) != 'string') { phpCAS :: error('type mismatched for parameter $url (should be `string\')'); } - $PHPCAS_CLIENT->setCallbackURL($url); + self::$PHPCAS_CLIENT->setCallbackURL($url); phpCAS :: traceEnd(); } @@ -1550,15 +1467,14 @@ public static function setFixedCallbackURL($url = '') { * @param $url the URL */ public static function setFixedServiceURL($url) { - global $PHPCAS_CLIENT; phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } if (gettype($url) != 'string') { phpCAS :: error('type mismatched for parameter $url (should be `string\')'); } - $PHPCAS_CLIENT->setURL($url); + self::$PHPCAS_CLIENT->setURL($url); phpCAS :: traceEnd(); } @@ -1566,25 +1482,23 @@ public static function setFixedServiceURL($url) { * Get the URL that is set as the CAS service parameter. */ public static function getServiceURL() { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - return ($PHPCAS_CLIENT->getURL()); + return (self::$PHPCAS_CLIENT->getURL()); } /** * Retrieve a Proxy Ticket from the CAS server. */ public static function retrievePT($target_service, & $err_code, & $err_msg) { - global $PHPCAS_CLIENT; - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } if (gettype($target_service) != 'string') { phpCAS :: error('type mismatched for parameter $target_service(should be `string\')'); } - return ($PHPCAS_CLIENT->retrievePT($target_service, $err_code, $err_msg)); + return (self::$PHPCAS_CLIENT->retrievePT($target_service, $err_code, $err_msg)); } /** @@ -1593,15 +1507,14 @@ public static function retrievePT($target_service, & $err_code, & $err_msg) { * @param $cert the CA certificate */ public static function setCasServerCACert($cert) { - global $PHPCAS_CLIENT; phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } if (gettype($cert) != 'string') { phpCAS :: error('type mismatched for parameter $cert (should be `string\')'); } - $PHPCAS_CLIENT->setCasServerCACert($cert); + self::$PHPCAS_CLIENT->setCasServerCACert($cert); phpCAS :: traceEnd(); } @@ -1609,13 +1522,12 @@ public static function setCasServerCACert($cert) { * Set no SSL validation for the CAS server. */ public static function setNoCasServerValidation() { - global $PHPCAS_CLIENT; phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } phpCAS :: trace('You have configured no validation of the legitimacy of the cas server. This is not recommended for production use.'); - $PHPCAS_CLIENT->setNoCasServerValidation(); + self::$PHPCAS_CLIENT->setNoCasServerValidation(); phpCAS :: traceEnd(); } @@ -1627,12 +1539,11 @@ public static function setNoCasServerValidation() { * to prevent a ticket in the HTTP_REFERRER or be carried over in the URL parameter */ public static function setNoClearTicketsFromUrl() { - global $PHPCAS_CLIENT; phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } - $PHPCAS_CLIENT->setNoClearTicketsFromUrl(); + self::$PHPCAS_CLIENT->setNoClearTicketsFromUrl(); phpCAS :: traceEnd(); } @@ -1641,12 +1552,11 @@ public static function setNoClearTicketsFromUrl() { * Force phpcas to thow Exceptions instead of calling exit() */ public static function throwExceptionsInsteadOfExiting(){ - global $PHPCAS_CLIENT; phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } - $PHPCAS_CLIENT->throwExceptionsInsteadOfExiting(); + self::$PHPCAS_CLIENT->throwExceptionsInsteadOfExiting(); phpCAS :: traceEnd(); } @@ -1659,12 +1569,11 @@ public static function throwExceptionsInsteadOfExiting(){ * @param $value the value to set */ public static function setExtraCurlOption($key, $value) { - global $PHPCAS_CLIENT; phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } - $PHPCAS_CLIENT->setExtraCurlOption($key, $value); + self::$PHPCAS_CLIENT->setExtraCurlOption($key, $value); phpCAS :: traceEnd(); } @@ -1702,15 +1611,14 @@ public static function setExtraCurlOption($key, $value) { * @param CAS_ProxyChain_Interface $proxy_chain A proxy-chain that will be matched against the proxies requesting access */ public static function allowProxyChain(CAS_ProxyChain_Interface $proxy_chain){ - global $PHPCAS_CLIENT; phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } - if($PHPCAS_CLIENT->getServerVersion() !== CAS_VERSION_2_0){ + if(self::$PHPCAS_CLIENT->getServerVersion() !== CAS_VERSION_2_0){ phpCAS :: error('this method can only be used with the cas 2.0 protool'); } - $PHPCAS_CLIENT->getAllowedProxyChains()->allowProxyChain($proxy_chain); + self::$PHPCAS_CLIENT->getAllowedProxyChains()->allowProxyChain($proxy_chain); phpCAS :: traceEnd(); } @@ -1725,12 +1633,11 @@ public static function allowProxyChain(CAS_ProxyChain_Interface $proxy_chain){ * @since 6/25/09 */ public static function getProxies () { - global $PHPCAS_CLIENT; - if ( !is_object($PHPCAS_CLIENT) ) { + if ( !is_object(self::$PHPCAS_CLIENT) ) { phpCAS::error('this method should only be called after '.__CLASS__.'::client()'); } - return($PHPCAS_CLIENT->getProxies()); + return(self::$PHPCAS_CLIENT->getProxies()); } // ######################################################################## @@ -1743,16 +1650,15 @@ public static function getProxies () { * @param $rebroadcastNodeUrl The rebroadcast node URL. Can be hostname or IP. */ public static function addRebroadcastNode($rebroadcastNodeUrl) { - global $PHPCAS_CLIENT; phpCAS::traceBegin(); phpCAS::log('rebroadcastNodeUrl:'.$rebroadcastNodeUrl); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } if( !(bool)preg_match("/^(http|https):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i", $rebroadcastNodeUrl)) { phpCAS::error('type mismatched for parameter $rebroadcastNodeUrl (should be `url\')'); } - $PHPCAS_CLIENT->addRebroadcastNode($rebroadcastNodeUrl); + self::$PHPCAS_CLIENT->addRebroadcastNode($rebroadcastNodeUrl); phpCAS::traceEnd(); } @@ -1763,12 +1669,11 @@ public static function addRebroadcastNode($rebroadcastNodeUrl) { * @param String $header Header to send when rebroadcasting. */ public static function addRebroadcastHeader($header) { - global $PHPCAS_CLIENT; phpCAS :: traceBegin(); - if (!is_object($PHPCAS_CLIENT)) { + if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } - $PHPCAS_CLIENT->addRebroadcastHeader($header); + self::$PHPCAS_CLIENT->addRebroadcastHeader($header); phpCAS :: traceEnd(); } } diff --git a/source/CAS/Client.php b/source/CAS/Client.php index a260fa64..5cc82d5d 100755 --- a/source/CAS/Client.php +++ b/source/CAS/Client.php @@ -1115,8 +1115,7 @@ public function isAuthenticated() // Mark the auth-check as complete to allow post-authentication // callbacks to make use of phpCAS::getUser() and similar methods $dbg = debug_backtrace(); - global $PHPCAS_AUTH_CHECK_CALL; - $PHPCAS_AUTH_CHECK_CALL = array ( + phpCAS::$PHPCAS_AUTH_CHECK_CALL = array ( 'done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], From 3ef67052e1cec3f56dd73a6d64f6295d4943f77f Mon Sep 17 00:00:00 2001 From: Adam Franco Date: Sat, 10 Sep 2011 04:19:25 +0000 Subject: [PATCH 3/5] PHPCAS-126 Fixed an undefined index notice. git-svn-id: https://source.jasig.org/cas-clients/phpcas/branches/PHPCAS-126@24950 f5dbab47-78f9-eb45-b975-e544023573eb --- source/CAS.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/source/CAS.php b/source/CAS.php index 1a741a9e..acc4ebd3 100755 --- a/source/CAS.php +++ b/source/CAS.php @@ -541,7 +541,10 @@ public static function traceBegin() { $line = 'unknown_line'; $str .= ') [' . $file . ':' . $line . ']'; phpCAS :: log($str); - self::$PHPCAS_DEBUG['indent']++; + if (empty(self::$PHPCAS_DEBUG['indent'])) + self::$PHPCAS_DEBUG['indent'] = 0; + else + self::$PHPCAS_DEBUG['indent']++; } /** @@ -550,7 +553,11 @@ public static function traceBegin() { * @param $res the result of the function */ public static function traceEnd($res = '') { - self::$PHPCAS_DEBUG['indent']--; + if (empty(self::$PHPCAS_DEBUG['indent'])) + self::$PHPCAS_DEBUG['indent'] = 0; + else + self::$PHPCAS_DEBUG['indent']--; + $dbg = debug_backtrace(); $str = ''; if(is_object($res)){ From ddd7d2fd0ab6c15a360e22fabddfba0214cea9c7 Mon Sep 17 00:00:00 2001 From: Adam Franco Date: Tue, 25 Oct 2011 16:32:39 -0400 Subject: [PATCH 4/5] PHPCAS-126 Refactored $PHPCAS_AUTH_CHECK_CALL into a set of CAS_Client methods. This change removes the last internal property that was improperly accessible to clients. --- source/CAS.php | 113 +++++++++++++++--------------------------- source/CAS/Client.php | 102 +++++++++++++++++++++++++++++++++++--- 2 files changed, 134 insertions(+), 81 deletions(-) diff --git a/source/CAS.php b/source/CAS.php index acc4ebd3..f3d64d39 100755 --- a/source/CAS.php +++ b/source/CAS.php @@ -283,14 +283,6 @@ class phpCAS { */ private static $PHPCAS_INIT_CALL; - /** - * This global variable is used to store where the method checking - * the authentication is called from (to print comprehensive errors) - * - * @hideinitializer - */ - public static $PHPCAS_AUTH_CHECK_CALL; // Note that this has to be public due to usage by the CAS_client. - /** * This global variable is used to store phpCAS debug mode. * @@ -686,8 +678,8 @@ public static function setPGTStorage($storage) { if (!self::$PHPCAS_CLIENT->isProxy()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (self::$PHPCAS_AUTH_CHECK_CALL['done']) { - phpCAS :: error('this method should only be called before ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ')'); + if (self::$PHPCAS_CLIENT->wasAuthenticationCalled()) { + phpCAS :: error('this method should only be called before ' . self::$PHPCAS_CLIENT->getAuthenticationCallerMethod() . '() (called at ' . self::$PHPCAS_CLIENT->getAuthenticationCallerFile() . ':' . self::$PHPCAS_CLIENT->getAuthenticationCallerLine() . ')'); } if ( !($storage instanceof CAS_PGTStorage) ) { phpCAS :: error('type mismatched for parameter $storage (should be a CAS_PGTStorage `object\')'); @@ -714,8 +706,8 @@ public static function setPGTStorageDb($dsn_or_pdo, $username='', $password='', if (!self::$PHPCAS_CLIENT->isProxy()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (self::$PHPCAS_AUTH_CHECK_CALL['done']) { - phpCAS :: error('this method should only be called before ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ')'); + if (self::$PHPCAS_CLIENT->wasAuthenticationCalled()) { + phpCAS :: error('this method should only be called before ' . self::$PHPCAS_CLIENT->getAuthenticationCallerMethod() . '() (called at ' . self::$PHPCAS_CLIENT->getAuthenticationCallerFile() . ':' . self::$PHPCAS_CLIENT->getAuthenticationCallerLine() . ')'); } if (gettype($username) != 'string') { phpCAS :: error('type mismatched for parameter $username (should be `string\')'); @@ -744,8 +736,8 @@ public static function setPGTStorageFile($format = '', $path = '') { if (!self::$PHPCAS_CLIENT->isProxy()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (self::$PHPCAS_AUTH_CHECK_CALL['done']) { - phpCAS :: error('this method should only be called before ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() (called at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ')'); + if (self::$PHPCAS_CLIENT->wasAuthenticationCalled()) { + phpCAS :: error('this method should only be called before ' . self::$PHPCAS_CLIENT->getAuthenticationCallerMethod() . '() (called at ' . self::$PHPCAS_CLIENT->getAuthenticationCallerFile() . ':' . self::$PHPCAS_CLIENT->getAuthenticationCallerLine() . ')'); } if (gettype($format) != 'string') { phpCAS :: error('type mismatched for parameter $format (should be `string\')'); @@ -786,11 +778,11 @@ public static function getProxiedService ($type) { if (!self::$PHPCAS_CLIENT->isProxy()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (!self::$PHPCAS_AUTH_CHECK_CALL['done']) { + if (!self::$PHPCAS_CLIENT->wasAuthenticationCalled()) { phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()'); } - if (!self::$PHPCAS_AUTH_CHECK_CALL['result']) { - phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); + if (!self::$PHPCAS_CLIENT->wasAuthenticationCallSuccessful()) { + phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_CLIENT->getAuthenticationCallerMethod() . '() at ' . self::$PHPCAS_CLIENT->getAuthenticationCallerFile() . ':' . self::$PHPCAS_CLIENT->getAuthenticationCallerLine() . ') but the method returned FALSE'); } if (gettype($type) != 'string') { phpCAS :: error('type mismatched for parameter $type (should be `string\')'); @@ -820,11 +812,11 @@ public static function initializeProxiedService (CAS_ProxiedService $proxiedServ if (!self::$PHPCAS_CLIENT->isProxy()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (!self::$PHPCAS_AUTH_CHECK_CALL['done']) { + if (!self::$PHPCAS_CLIENT->wasAuthenticationCalled()) { phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()'); } - if (!self::$PHPCAS_AUTH_CHECK_CALL['result']) { - phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); + if (!self::$PHPCAS_CLIENT->wasAuthenticationCallSuccessful()) { + phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_CLIENT->getAuthenticationCallerMethod() . '() at ' . self::$PHPCAS_CLIENT->getAuthenticationCallerFile() . ':' . self::$PHPCAS_CLIENT->getAuthenticationCallerLine() . ') but the method returned FALSE'); } self::$PHPCAS_CLIENT->initializeProxiedService($proxiedService); @@ -851,11 +843,11 @@ public static function serviceWeb($url, & $err_code, & $output) { if (!self::$PHPCAS_CLIENT->isProxy()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (!self::$PHPCAS_AUTH_CHECK_CALL['done']) { + if (!self::$PHPCAS_CLIENT->wasAuthenticationCalled()) { phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()'); } - if (!self::$PHPCAS_AUTH_CHECK_CALL['result']) { - phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); + if (!self::$PHPCAS_CLIENT->wasAuthenticationCallSuccessful()) { + phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_CLIENT->getAuthenticationCallerMethod() . '() at ' . self::$PHPCAS_CLIENT->getAuthenticationCallerFile() . ':' . self::$PHPCAS_CLIENT->getAuthenticationCallerLine() . ') but the method returned FALSE'); } if (gettype($url) != 'string') { phpCAS :: error('type mismatched for parameter $url (should be `string\')'); @@ -892,11 +884,11 @@ public static function serviceMail($url, $service, $flags, & $err_code, & $err_m if (!self::$PHPCAS_CLIENT->isProxy()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()'); } - if (!self::$PHPCAS_AUTH_CHECK_CALL['done']) { + if (!self::$PHPCAS_CLIENT->wasAuthenticationCalled()) { phpCAS :: error('this method should only be called after the programmer is sure the user has been authenticated (by calling ' . __CLASS__ . '::checkAuthentication() or ' . __CLASS__ . '::forceAuthentication()'); } - if (!self::$PHPCAS_AUTH_CHECK_CALL['result']) { - phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); + if (!self::$PHPCAS_CLIENT->wasAuthenticationCallSuccessful()) { + phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_CLIENT->getAuthenticationCallerMethod() . '() at ' . self::$PHPCAS_CLIENT->getAuthenticationCallerFile() . ':' . self::$PHPCAS_CLIENT->getAuthenticationCallerLine() . ') but the method returned FALSE'); } if (gettype($url) != 'string') { phpCAS :: error('type mismatched for parameter $url (should be `string\')'); @@ -1001,14 +993,8 @@ public static function checkAuthentication() { $auth = self::$PHPCAS_CLIENT->checkAuthentication(); // store where the authentication has been checked and the result - $dbg = debug_backtrace(); - self::$PHPCAS_AUTH_CHECK_CALL = array ( - 'done' => TRUE, - 'file' => $dbg[0]['file'], - 'line' => $dbg[0]['line'], - 'method' => __CLASS__ . '::' . __FUNCTION__, - 'result' => $auth - ); + self::$PHPCAS_CLIENT->markAuthenticationCall($auth); + phpCAS :: traceEnd($auth); return $auth; } @@ -1027,14 +1013,7 @@ public static function forceAuthentication() { $auth = self::$PHPCAS_CLIENT->forceAuthentication(); // store where the authentication has been checked and the result - $dbg = debug_backtrace(); - self::$PHPCAS_AUTH_CHECK_CALL = array ( - 'done' => TRUE, - 'file' => $dbg[0]['file'], - 'line' => $dbg[0]['line'], - 'method' => __CLASS__ . '::' . __FUNCTION__, - 'result' => $auth - ); + self::$PHPCAS_CLIENT->markAuthenticationCall($auth); /* if (!$auth) { phpCAS :: trace('user is not authenticated, redirecting to the CAS server'); @@ -1056,15 +1035,9 @@ public static function renewAuthentication() { phpCAS :: error('this method should not be called before' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } $auth = self::$PHPCAS_CLIENT->renewAuthentication(); + // store where the authentication has been checked and the result - $dbg = debug_backtrace(); - self::$PHPCAS_AUTH_CHECK_CALL = array ( - 'done' => TRUE, - 'file' => $dbg[0]['file'], - 'line' => $dbg[0]['line'], - 'method' => __CLASS__ . '::' . __FUNCTION__, - 'result' => $auth - ); + self::$PHPCAS_CLIENT->markAuthenticationCall($auth); //self::$PHPCAS_CLIENT->renewAuthentication(); phpCAS :: traceEnd(); @@ -1086,14 +1059,8 @@ public static function isAuthenticated() { $auth = self::$PHPCAS_CLIENT->isAuthenticated(); // store where the authentication has been checked and the result - $dbg = debug_backtrace(); - self::$PHPCAS_AUTH_CHECK_CALL = array ( - 'done' => TRUE, - 'file' => $dbg[0]['file'], - 'line' => $dbg[0]['line'], - 'method' => __CLASS__ . '::' . __FUNCTION__, - 'result' => $auth - ); + self::$PHPCAS_CLIENT->markAuthenticationCall($auth); + phpCAS :: traceEnd($auth); return $auth; } @@ -1122,11 +1089,11 @@ public static function getUser() { if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - if (!self::$PHPCAS_AUTH_CHECK_CALL['done']) { + if (!self::$PHPCAS_CLIENT->wasAuthenticationCalled()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); } - if (!self::$PHPCAS_AUTH_CHECK_CALL['result']) { - phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); + if (!self::$PHPCAS_CLIENT->wasAuthenticationCallSuccessful()) { + phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_CLIENT->getAuthenticationCallerMethod() . '() at ' . self::$PHPCAS_CLIENT->getAuthenticationCallerFile() . ':' . self::$PHPCAS_CLIENT->getAuthenticationCallerLine() . ') but the method returned FALSE'); } return self::$PHPCAS_CLIENT->getUser(); } @@ -1143,11 +1110,11 @@ public static function getAttributes() { if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - if (!self::$PHPCAS_AUTH_CHECK_CALL['done']) { + if (!self::$PHPCAS_CLIENT->wasAuthenticationCalled()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); } - if (!self::$PHPCAS_AUTH_CHECK_CALL['result']) { - phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); + if (!self::$PHPCAS_CLIENT->wasAuthenticationCallSuccessful()) { + phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_CLIENT->getAuthenticationCallerMethod() . '() at ' . self::$PHPCAS_CLIENT->getAuthenticationCallerFile() . ':' . self::$PHPCAS_CLIENT->getAuthenticationCallerLine() . ') but the method returned FALSE'); } return self::$PHPCAS_CLIENT->getAttributes(); } @@ -1164,11 +1131,11 @@ public static function hasAttributes() { if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - if (!self::$PHPCAS_AUTH_CHECK_CALL['done']) { + if (!self::$PHPCAS_CLIENT->wasAuthenticationCalled()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); } - if (!self::$PHPCAS_AUTH_CHECK_CALL['result']) { - phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); + if (!self::$PHPCAS_CLIENT->wasAuthenticationCallSuccessful()) { + phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_CLIENT->getAuthenticationCallerMethod() . '() at ' . self::$PHPCAS_CLIENT->getAuthenticationCallerFile() . ':' . self::$PHPCAS_CLIENT->getAuthenticationCallerLine() . ') but the method returned FALSE'); } return self::$PHPCAS_CLIENT->hasAttributes(); } @@ -1186,11 +1153,11 @@ public static function hasAttribute($key) { if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - if (!self::$PHPCAS_AUTH_CHECK_CALL['done']) { + if (!self::$PHPCAS_CLIENT->wasAuthenticationCalled()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); } - if (!self::$PHPCAS_AUTH_CHECK_CALL['result']) { - phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); + if (!self::$PHPCAS_CLIENT->wasAuthenticationCallSuccessful()) { + phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_CLIENT->getAuthenticationCallerMethod() . '() at ' . self::$PHPCAS_CLIENT->getAuthenticationCallerFile() . ':' . self::$PHPCAS_CLIENT->getAuthenticationCallerLine() . ') but the method returned FALSE'); } return self::$PHPCAS_CLIENT->hasAttribute($key); } @@ -1208,11 +1175,11 @@ public static function getAttribute($key) { if (!is_object(self::$PHPCAS_CLIENT)) { phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()'); } - if (!self::$PHPCAS_AUTH_CHECK_CALL['done']) { + if (!self::$PHPCAS_CLIENT->wasAuthenticationCalled()) { phpCAS :: error('this method should only be called after ' . __CLASS__ . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'); } - if (!self::$PHPCAS_AUTH_CHECK_CALL['result']) { - phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_AUTH_CHECK_CALL['method'] . '() at ' . self::$PHPCAS_AUTH_CHECK_CALL['file'] . ':' . self::$PHPCAS_AUTH_CHECK_CALL['line'] . ') but the method returned FALSE'); + if (!self::$PHPCAS_CLIENT->wasAuthenticationCallSuccessful()) { + phpCAS :: error('authentication was checked (by ' . self::$PHPCAS_CLIENT->getAuthenticationCallerMethod() . '() at ' . self::$PHPCAS_CLIENT->getAuthenticationCallerFile() . ':' . self::$PHPCAS_CLIENT->getAuthenticationCallerLine() . ') but the method returned FALSE'); } return self::$PHPCAS_CLIENT->getAttribute($key); } diff --git a/source/CAS/Client.php b/source/CAS/Client.php index 5cc82d5d..80fcae6c 100755 --- a/source/CAS/Client.php +++ b/source/CAS/Client.php @@ -673,6 +673,99 @@ public function setSingleSignoutCallback ($function, array $additionalArgs = arr $this->_signoutCallbackArgs = $additionalArgs; } + // ######################################################################## + // Methods for supplying code-flow feedback to integrators. + // ######################################################################## + + /** + * Mark the caller of authentication. This will help client integraters determine + * problems with their code flow if they call a function such as getUser() before + * authentication has occurred. + * + * @param boolean $result True if authentication was successful, false otherwise. + * @return null + */ + public function markAuthenticationCall ($auth) { + // store where the authentication has been checked and the result + $dbg = debug_backtrace(); + $this->_authentication_caller = array ( + 'file' => $dbg[1]['file'], + 'line' => $dbg[1]['line'], + 'method' => $dbg[1]['class'] . '::' . $dbg[1]['function'], + 'result' => (boolean)$auth + ); + } + private $_authentication_caller; + + /** + * Answer true if authentication has been checked. + * + * @return boolean + */ + public function wasAuthenticationCalled () { + return !empty($this->_authentication_caller); + } + + /** + * Answer the result of the authentication call. + * + * Throws a CAS_OutOfSequenceException if wasAuthenticationCalled() is false + * and markAuthenticationCall() didn't happen. + * + * @return boolean + */ + public function wasAuthenticationCallSuccessful () { + if (empty($this->_authentication_caller)) + throw new CAS_OutOfSequenceException('markAuthenticationCall() hasn\'t happened.'); + + return $this->_authentication_caller['result']; + } + + /** + * Answer information about the authentication caller. + * + * Throws a CAS_OutOfSequenceException if wasAuthenticationCalled() is false + * and markAuthenticationCall() didn't happen. + * + * @return array Keys are 'file', 'line', and 'method' + */ + public function getAuthenticationCallerFile () { + if (empty($this->_authentication_caller)) + throw new CAS_OutOfSequenceException('markAuthenticationCall() hasn\'t happened.'); + + return $this->_authentication_caller['file']; + } + + /** + * Answer information about the authentication caller. + * + * Throws a CAS_OutOfSequenceException if wasAuthenticationCalled() is false + * and markAuthenticationCall() didn't happen. + * + * @return array Keys are 'file', 'line', and 'method' + */ + public function getAuthenticationCallerLine () { + if (empty($this->_authentication_caller)) + throw new CAS_OutOfSequenceException('markAuthenticationCall() hasn\'t happened.'); + + return $this->_authentication_caller['line']; + } + + /** + * Answer information about the authentication caller. + * + * Throws a CAS_OutOfSequenceException if wasAuthenticationCalled() is false + * and markAuthenticationCall() didn't happen. + * + * @return array Keys are 'file', 'line', and 'method' + */ + public function getAuthenticationCallerMethod () { + if (empty($this->_authentication_caller)) + throw new CAS_OutOfSequenceException('markAuthenticationCall() hasn\'t happened.'); + + return $this->_authentication_caller['method']; + } + /** @} */ // ######################################################################## @@ -1114,14 +1207,7 @@ public function isAuthenticated() if ($res) { // Mark the auth-check as complete to allow post-authentication // callbacks to make use of phpCAS::getUser() and similar methods - $dbg = debug_backtrace(); - phpCAS::$PHPCAS_AUTH_CHECK_CALL = array ( - 'done' => TRUE, - 'file' => $dbg[0]['file'], - 'line' => $dbg[0]['line'], - 'method' => __CLASS__ . '::' . __FUNCTION__, - 'result' => $res - ); + $this->markAuthenticationCall($res); // call the post-authenticate callback if registered. if ($this->_postAuthenticateCallbackFunction) { From 790cae5b6c1853146339f26de91c6ccbfd9941f4 Mon Sep 17 00:00:00 2001 From: Adam Franco Date: Tue, 25 Oct 2011 16:36:55 -0400 Subject: [PATCH 5/5] PHPCAS-126 phpCAS::error() now "exits" when errors occur. Previously, when phpCAS::error() was called, the phpCAS funciton called would continue executing and often hit a fatal error somewhere deeper in the library. "Exiting" immediately when phpCAS::error() is called avoids this problem and provides more enforcement of parameter validation. --- source/CAS.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source/CAS.php b/source/CAS.php index f3d64d39..9dfa2dc3 100755 --- a/source/CAS.php +++ b/source/CAS.php @@ -491,6 +491,8 @@ public static function error($msg) { echo "
\nphpCAS error: " . __CLASS__ . "::" . $function . '(): ' . htmlentities($msg) . " in " . $file . " on line " . $line . "
\n"; phpCAS :: trace($msg); phpCAS :: traceEnd(); + + throw new CAS_GracefullTerminationException(__CLASS__ . "::" . $function . '(): ' . $msg); } /**