start.php 8.51 KB
Newer Older
Eric Rasmussen's avatar
Eric Rasmussen committed
1
2
3
4
5
6
<?php
	/**
	 * Elgg CAS authentication
	 * 
	 * @package cas_auth
	 * @license http://www.gnu.org/licenses/gpl.html
Eric Rasmussen's avatar
Eric Rasmussen committed
7
	 * @author Xavier Roussel <xavier.roussel@uvsq.fr>  (Modified for UNL CAS by Eric Rasmussen)
Eric Rasmussen's avatar
Eric Rasmussen committed
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
	 * @copyright UVSQ 2008
	 * @link http://www.uvsq.fr
	 */

	require_once 'UNL/Services/Peoplefinder.php';
	
	//In order to avoid a "__PHP_Incomplete_Class" problem when we unserialize the Peoplefinder data we need to set up the class here
	//http://us2.php.net/manual/en/function.unserialize.php
	class UNL_Peoplefinder_Record {
	 public $cn;
	 public $ou;	 
	 public $eduPersonNickname;
	 public $eduPersonPrimaryAffiliation;
	 public $givenName;
	 public $displayName;
	 public $mail;
	 public $postalAddress;
	 public $sn;
	 public $telephoneNumber;
	 public $title;
	 public $uid;
	 public $unlHRPrimaryDepartment;
	 public $unlHRAddress;
	 public $unlSISClassLevel;
	 public $unlSISCollege;
	 public $unlSISLocalAddr1;
	 public $unlSISLocalAddr2;
	 public $unlSISLocalCity;
	 public $unlSISLocalPhone;
	 public $unlSISLocalState;
	 public $unlSISLocalZip;
	 public $unlSISPermAddr1;
	 public $unlSISPermAddr2;
	 public $unlSISPermCity;
	 public $unlSISPermState;
	 public $unlSISPermZip;
	 public $unlSISMajor;
Eric Rasmussen's avatar
Eric Rasmussen committed
45
46
47
48
49
50
51
52
53
54
	 public $unlEmailAlias;
	 
	/**
     * Takes in a string from the LDAP directory, usually formatted like:
     *     ### ___ UNL 68588-####
     *    Where ### is the room number, ___ = Building Abbreviation, #### zip extension
     *
     * @param string
     * @return array Associative array.
     */
Eric Rasmussen's avatar
Eric Rasmussen committed
55
     function formatPostalAddress() {
Eric Rasmussen's avatar
Eric Rasmussen committed
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
        /* this is a faculty postal address
            Currently of the form:
            ### ___ UNL 68588-####
            Where ### is the room number, ___ = Building Abbreviation, #### zip extension
        */
        /**
         * We assumed that the address format is: ### ___ UNL 68588-####.
         * Some 'fortunate' people have addresses not in this format.
         */
        //RLIM
        // treat UNL as the delimiter for the streetaddress and zip
        if (strpos($this->postalAddress,'UNL')) {
            $addressComponent = explode('UNL', $this->postalAddress);
        } elseif (strpos($this->postalAddress,'UNO')) {
            $addressComponent = explode('UNO', $this->postalAddress);
        } elseif (strpos($this->postalAddress,'Omaha')) {
            $addressComponent = explode('Omaha', $this->postalAddress);
        } else {
            $addressComponent = array($this->postalAddress);
        }
        $address['region']         = 'NE';
        $address['street-address'] = trim($addressComponent[0]);
        if (isset($addressComponent[1])) {
            $address['postal-code'] = trim($addressComponent[1]);
        } else {
            $address['postal-code'] = '';
        }
        switch (substr($address['postal-code'],0,3)) {
            case '681':
                $address['locality'] = 'Omaha';
            break;
            case '685':
            default:
                $address['locality'] = 'Lincoln';
            break;
        }
        
        return $address;
Eric Rasmussen's avatar
Eric Rasmussen committed
94
     }
Eric Rasmussen's avatar
Eric Rasmussen committed
95
96
97
98
	}
			

	// Include main cas lib
Eric Rasmussen's avatar
Eric Rasmussen committed
99
	include_once 'cas/CAS.php'; 
Eric Rasmussen's avatar
Eric Rasmussen committed
100
101
102
103
104

	/**
	 * CAS Authentication init
	 * 
	 */
Eric Rasmussen's avatar
Eric Rasmussen committed
105
	function cas_auth_init() { 
Eric Rasmussen's avatar
Eric Rasmussen committed
106
107
108
109
		global $CONFIG;
		// plugin config
		$config = find_plugin_settings('cas_auth');
		// todo : send message to user
Eric Rasmussen's avatar
Eric Rasmussen committed
110
111
112
113
114
		if (!$config)
			return false;
		
		if ($_GET['loginwith'] == 'UNLlogin') { 
			if (checkCas()) {
Eric Rasmussen's avatar
Eric Rasmussen committed
115
116
117
				$_SESSION['loggedWithCAS'] = true;			
				
				$cas_user = getUserCas();
Eric Rasmussen's avatar
Eric Rasmussen committed
118
				if (casAuthenticate($cas_user)) {
Eric Rasmussen's avatar
Eric Rasmussen committed
119
					system_message(elgg_echo('loginok'));
Eric Rasmussen's avatar
Eric Rasmussen committed
120
					$cas_user = str_replace('-','_',$cas_user);
121
					
Eric Rasmussen's avatar
Eric Rasmussen committed
122
123
					//user is logged in now, this is the last step - forward based on whether they have logged in before 
            		if (!$_SESSION['user']->last_login)
124
            			forward('mod/profile/edit.php?firstlogin=yes');
Eric Rasmussen's avatar
Eric Rasmussen committed
125
126
            		else
            			forward("pg/profile/unl_" . $cas_user);
Eric Rasmussen's avatar
Eric Rasmussen committed
127
128
				} else {
					register_error(elgg_echo('loginerror'));
Eric Rasmussen's avatar
Eric Rasmussen committed
129
				}
Eric Rasmussen's avatar
Eric Rasmussen committed
130
131
			} else {
				createCas();
Eric Rasmussen's avatar
Eric Rasmussen committed
132
133
			}
		}
Eric Rasmussen's avatar
Eric Rasmussen committed
134
		
Eric Rasmussen's avatar
Eric Rasmussen committed
135
		// The CAS ticket is lost, log out
Eric Rasmussen's avatar
Eric Rasmussen committed
136
		if ($_SESSION['loggedWithCAS'] && !checkCas()) {
Eric Rasmussen's avatar
Eric Rasmussen committed
137
138
			$_SESSION['loggedWithCAS'] = false;
			forward($CONFIG->url.'/action/logout');
Eric Rasmussen's avatar
Eric Rasmussen committed
139
		} 
Eric Rasmussen's avatar
Eric Rasmussen committed
140
141
142
143
144
145
146
147
	}
	

	global $CONFIG;
	register_action("cas_auth/getemail",true,$CONFIG->pluginspath . "cas_auth/views/default/actions/getemail.php");
	// Register the initialisation function
	register_elgg_event_handler('init','system','cas_auth_init');
	// Register CAS logout to main logout only if user logged with CAS
Eric Rasmussen's avatar
Eric Rasmussen committed
148
	if (isset($_SESSION['loggedWithCAS']) && $_SESSION['loggedWithCAS']==true) {
Eric Rasmussen's avatar
Eric Rasmussen committed
149
		register_elgg_event_handler('logout', 'user', 'logoutCas');
Eric Rasmussen's avatar
Eric Rasmussen committed
150
	}	
Matthew Juhl's avatar
Matthew Juhl committed
151
152
153
154
155
156
157
158
159
160
161
162
163
164
	
	/* set up login page */
	register_page_handler('login', 'login_page_handler');
	
	function login_page_handler($page) {
		// If we're not logged in, display the login page
		if (!isloggedin()) {
			page_draw(elgg_echo('login'), elgg_view("account/forms/login"));
		// Otherwise, forward to the index page
		} else {
			forward();
		}
	}
	
Eric Rasmussen's avatar
Eric Rasmussen committed
165
166
167
168
169
170
171
172
173
174
	/**
	 * CAS client initialization
	 * 
	 */
	function initCas() {
		if (!$GLOBALS[casInitialized]) {
			$config = find_plugin_settings('cas_auth');
			phpCAS::client(CAS_VERSION_2_0, $config->casurl, (int) $config->casport , $config->casuri );
			$GLOBALS[casInitialized] = true;
		}	
Eric Rasmussen's avatar
Eric Rasmussen committed
175
		return true;
Eric Rasmussen's avatar
Eric Rasmussen committed
176
177
178
179
180
181
182
183
184
	}

	/**
	 * Force authentication
	 * 
	 */
	function createCas() {
		initCas();
		phpCAS::forceAuthentication();
Eric Rasmussen's avatar
Eric Rasmussen committed
185
		return true;
Eric Rasmussen's avatar
Eric Rasmussen committed
186
187
188
189
190
191
192
193
194
195
196
197
	}

	/**
	 * Check auth
	 * 
	 * @return boolean
	 */
	function checkCas() {		
		initCas();
		if (phpCAS::checkAuthentication()) {
			return true;
		}
Eric Rasmussen's avatar
Eric Rasmussen committed
198
199
		else 
			return false;
Eric Rasmussen's avatar
Eric Rasmussen committed
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
	}

	/**
	 * Get CAS user
	 * 
	 * @return string name of the user
	 */
	function getUserCas() {
		return phpCAS::getUser();
	}

	/**
	 * CAS logout
	 * 
	 */
	function logoutCas() {
		global $CONFIG;
		initCas();
		phpCAS::logout($CONFIG->url.'/action/logout');	
Eric Rasmussen's avatar
Eric Rasmussen committed
219
		return true;
Eric Rasmussen's avatar
Eric Rasmussen committed
220
221
	}

Eric Rasmussen's avatar
Eric Rasmussen committed
222
223
224
225
226
227
228
229
   /**
    * Perform an CAS authentication check
    * 
    * @param string $username
    * @return boolean
    */
	function casAuthenticate($username){
		if (empty($username))
Eric Rasmussen's avatar
Eric Rasmussen committed
230
231
			return false;

Eric Rasmussen's avatar
Eric Rasmussen committed
232
233
234
235
236
237
238
239
240
241
242
243
		// we're making this copy for use in the peoplefinderservices call later
		// we dont want to call peoplefinderservices here since we dont need to every time a SSO user logs in
		$casusername = $username;
		
		//We're going to make every UNL SSO user have an elgg profile name as such: unl_erasmussen2
		//and not allow friends of unl who register via elgg to pick names that begin with "unl_"
		//This way, we won't have to deal with the case where someone registers erasmussen2 on elgg, then
		//the real erasmussen2 signs in for the first time with UNL SSO and is logged in as the elgg user erasmussen2
		//rather then having a new account created.									
		$username = 'unl_' . $username;
		//Replace the hyphen in a student's name with an underscore
		$username = str_replace('-','_',$username);
Eric Rasmussen's avatar
Eric Rasmussen committed
244

Eric Rasmussen's avatar
Eric Rasmussen committed
245
246
247
248
249
250
		if ($user = get_user_by_username($username)) {
			// User exists, login            	        
			return login($user);
		} else {
			// Valid login but user doesn't exist
			$pf_user_info = peoplefinderServices($casusername);
Eric Rasmussen's avatar
Eric Rasmussen committed
251

Eric Rasmussen's avatar
Eric Rasmussen committed
252
			$name  = $pf_user_info->cn;
Eric Rasmussen's avatar
Eric Rasmussen committed
253

Eric Rasmussen's avatar
Eric Rasmussen committed
254
255
256
257
258
259
260
 			if (isset($_REQUEST['email'])) {
				$email = $_REQUEST['email'];
			} else {	
				if($pf_user_info->mail)
					forward($CONFIG->url . 'mod/cas_auth/views/default/account/getemail.php?e=' . $pf_user_info->mail);
				else
					forward($CONFIG->url . 'mod/cas_auth/views/default/account/getemail.php');
Eric Rasmussen's avatar
Eric Rasmussen committed
261
			}
Eric Rasmussen's avatar
Eric Rasmussen committed
262
263
264
265
				
			try {
				if ($user_guid = register_user($username, 'generic', $name, $email, false, 0, '', true)) {
					$thisuser = get_user($user_guid);
Eric Rasmussen's avatar
Eric Rasmussen committed
266
					
Eric Rasmussen's avatar
Eric Rasmussen committed
267
268
269
270
271
272
273
274
275
276
277
					//pre-populate profile fields with data from Peoplefinder Services
					$address = $pf_user_info->formatPostalAddress();
					$thisuser->profile_country = 'USA';
					$thisuser->profile_state = $address['region'];
					$thisuser->profile_city = $address['locality'];
					if($address['locality'] == 'Omaha') {
						$thisuser->longitude = -95.9;
						$thisuser->latitude = 41.25;
					} else { //this is going to cover Lincoln and everyone else
						$thisuser->longitude = -96.7;
						$thisuser->latitude = 40.82;
Eric Rasmussen's avatar
Eric Rasmussen committed
278
					}
Eric Rasmussen's avatar
Eric Rasmussen committed
279
280
281
282
283
284
285
						 
					return login($thisuser);
				} else {
					register_error(elgg_echo("registerbad"));
				}
			} catch (RegistrationException $r) {
				register_error($r->getMessage());
Eric Rasmussen's avatar
Eric Rasmussen committed
286
			}
Eric Rasmussen's avatar
Eric Rasmussen committed
287
 
Eric Rasmussen's avatar
Eric Rasmussen committed
288
		}
Eric Rasmussen's avatar
Eric Rasmussen committed
289
290
291
 
 	}
 
Eric Rasmussen's avatar
Eric Rasmussen committed
292
293
294
295
296
297
	/**
	 * Gets a UNL SSO user's info from Peoplefinder Services
	 * 
	 * @param string $username
	 * @return array of information from PF Services
	 */
Eric Rasmussen's avatar
Eric Rasmussen committed
298
	function peoplefinderServices($username){ 
Eric Rasmussen's avatar
Eric Rasmussen committed
299
300
301
302
		$pfrecord = unserialize(file_get_contents('http://peoplefinder.unl.edu/service.php?uid=' . $username . '&format=php'));
		return $pfrecord;
	}
?>