View source
<?php
define('CAS_LOGIN_COOKIE', 'cas_server_login');
function cas_server_menu($may_cache = FALSE) {
$items = array();
if (!$may_cache) {
$items[] = array(
'path' => 'cas/login',
'callback' => 'cas_server_login',
'title' => t('CAS Login'),
'access' => TRUE,
'type' => MENU_CALLBACK,
);
$items[] = array(
'path' => 'cas/validate',
'callback' => 'cas_server_validate',
'title' => t('CAS Validate'),
'access' => TRUE,
'type' => MENU_CALLBACK,
);
$items[] = array(
'path' => 'cas/serviceValidate',
'callback' => 'cas_server_service_validate',
'title' => t('CAS Service Validate'),
'access' => TRUE,
'type' => MENU_CALLBACK,
);
$items[] = array(
'path' => 'cas/logout',
'callback' => 'cas_server_logout',
'title' => t('CAS Logout'),
'access' => TRUE,
'type' => MENU_CALLBACK,
);
}
return $items;
}
function cas_server_service_return() {
global $user;
$service = $_COOKIE[CAS_LOGIN_COOKIE];
if ($service && $user->uid) {
$ticket = _cas_server_save_ticket($user->uid, $service);
setcookie(CAS_LOGIN_COOKIE, "", -3600);
drupal_goto($service, 'ticket=' . urlencode($ticket));
}
}
function cas_server_login() {
global $user;
if ($user->uid) {
if ($_GET['service']) {
$_COOKIE[CAS_LOGIN_COOKIE] = $_REQUEST['service'];
}
$output = t('You have successfully logged into CAS');
cas_server_service_return();
}
else {
if ($_GET['gateway'] && $_GET['service']) {
drupal_goto($_GET['service']);
}
else {
if ($_GET['service']) {
setcookie(CAS_LOGIN_COOKIE, $_REQUEST['service']);
}
$output .= l('Login', 'user', array(
'query' => 'destination=cas/login',
));
drupal_goto('user', 'destination=cas/login');
}
}
return $output;
}
function cas_server_validate() {
$ticket = $_GET['ticket'];
$service = $_GET['service'];
$user_name = _cas_server_validate($service, $ticket);
if ($user_name) {
print "yes\n";
print "{$user_name}\n";
}
else {
print "no\n";
print "\n";
}
}
function cas_server_service_validate() {
$ticket = $_GET['ticket'];
$service = $_GET['service'];
$user_name = _cas_server_validate($service, $ticket);
if (!$user_name) {
$cas_error = 'INVALID_TICKET';
}
if (!$ticket || !$service) {
$cas_error = 'INVALID_REQUEST';
}
header('Content-type:', 'text/xml');
if ($user_name) {
print "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>\n" . " <cas:authenticationSuccess>\n" . " <cas:user>{$user_name}</cas:user>\n" . " </cas:authenticationSuccess>\n" . "</cas:serviceResponse>\n";
watchdog('cas', 'User ' . $user_name . ' CAS sucessully authenticated.');
}
else {
print "<cas:serviceReponse xmlns:cas='http://www.yale.edu/tp/cas'>\n" . " <cas:authenticationFailure code=\"{$cas_error}\">\n" . " Ticket {$ticket} not recognized.\n" . " </cas:authenticationFailure>" . "</cas:serviceResponse>";
watchdog('cas', 'User ' . $user_name . ' authentication failed!');
}
}
function _cas_server_validate($service, $ticket) {
$user_name = '';
$ticket_info = array(
$service,
$ticket,
);
$result = db_query_range("SELECT u.name FROM {cas_server_tickets} t JOIN {users} u ON t.uid=u.uid WHERE t.service = '%s' and t.ticket = '%s'", $ticket_info, 0, 1);
if ($result !== FALSE) {
while ($ticket_data = db_fetch_object($result)) {
$user_name = $ticket_data->name;
}
}
db_query("DELETE FROM {cas_server_tickets} WHERE ticket='%s'", array(
$ticket,
));
return $user_name;
}
function _cas_server_save_ticket($uid, $service) {
$time = time();
$ticket = 'ST-' . user_password();
$ticket_data = array(
$uid,
$service,
$ticket,
$time,
);
if ($uid && $service) {
db_query("INSERT INTO {cas_server_tickets} (uid, service, ticket, timestamp) VALUES (%d, '%s', '%s', %d)", $ticket_data);
}
return $ticket;
}
function cas_server_logout() {
session_destroy();
module_invoke_all('user', 'logout', NULL, $user);
$output = '<p>You have been logged out successfully</p>';
if ($_GET['url']) {
$output .= '<p>' . l('Continue', $_GET['url']) . '</p>';
}
return $output;
}