This browser does not support basic Web standards, preventing the display of our site's intended design. May we suggest that you upgrade your browser?

Web Development Code Library PHPCAS authentication for PHP

CAS authentication for PHP

Include this file at the top of every page that you want to have CAS authentication on. Note that this only authenticates that the person signing is is a UWEC user, but doesn’t take into account the role of the user. Currently the username is stored into $_Session['uwecNetworkID'], but can be changed for each application. It also checks to see if the user has already been authenticated so it knows to not challenge the user again. Note that the code requires 'Request.php', a file found from PHP Pear (http://pear.php.net/package/HTTP_Request).

<?php
	require_once('Request.php');
	$session_var = 'uwecNetworkID';

/**
  * Credit for this code goes to Jonathan Wehner of 
  * Case's Department of Enrollment Management.
  *	http://opensource.case.edu/projects/CAS/wiki/VBScript
  *
  * Although the linked code is in VBScript
  * the exact same idea was used
  * and translated into PHP by Mike Weber of
  * UWEC LTS/Web Development
 */
	if (!isset($_SESSION[$session_var]))
	{
		authenticateCAS();
	}

	function authenticateCAS(){
		$session_var = $GLOBALS[session_var];
		# session must be started to store signed in username
		@session_start();
			
		# declare the CAS server
		$casserver = 'ash.uwec.edu';
		
		# determine the protocol currently being used
		$protocol = "http";
		if ($_SERVER['HTTPS'] == "on") {
			$protocol = "https";
		}
		
		# create the url CAS will be called from
		$originatingURL = $protocol . "://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
		
		# check to see if a ticket has already been attached
		if (!isset($_GET['ticket']) || $_GET['ticket'] == "") {
		
			# if no, send to CAS server to be logged in
			header("location: https://$casserver/cas/login?service=$originatingURL");
			exit();
			
		}else{
		
			# if yes, validate the ticket# and grab the XML response
			$ticket = $_GET['ticket'];
			$request = new HTTP_Request("https://$casserver/cas/serviceValidate?ticket=$ticket&service=$originatingURL");
			
			if (!PEAR::isError($request->sendRequest())) {
			
				# split the response by the new line character
				$response = $request->getResponseBody();				
				$responseArray = explode(chr(10), $response);
				
				if ($responseArray[0] == "no") {
				
					# Redirect the user to the CAS login page
					# They failed authentication
					header("location: https://$casserver/login?service=$originatingURL");
					exit();
					
				}else{
				
					# set some session variable to hold the username that was signed in
					$_SESSION[$session_var] = trim($responseArray[2]);
				}
			}else{
				die("Unable to connect to CAS server to authenticate user");
			}
		}
	}
	
	function logoutCAS()
	{
		session_write_close();
		$casserver = 'ash.uwec.edu';
		header("location: https://$casserver/cas/logout");
	}

?>
Excellence. Our Measure. Our Motto. Our Goal.