Commit version 24.12.13800

2025-01-06 17:35:06 -05:00
parent b7f6a79c2c
commit 55d9218816
6133 changed files with 4239740 additions and 1374287 deletions
--- a/html/includes/authentication/cas.inc.php
+++ b/html/includes/authentication/cas.inc.php
@ -5,37 +5,36 @@
 *
 *   This file is part of Observium.
 *
- * @package    observium
- * @subpackage authentication
- * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2019 Observium Limited
+ * @package        observium
+ * @subpackage     authentication
+ * @copyright  (C) Adam Armstrong
 *
 */

 /**
-
-CAS authentication support.
-Uses mysql (same schema as mysql module) for authorization but CAS for authentication.
-Requires phpCAS https://wiki.jasig.org/display/casc/phpcas
-New configuration settings:
-
-auth_cas_host
-auth_cas_port
-auth_cas_context
-auth_cas_ca_cert
-
-FIXME these should go into defaults and sql-config!
-*/
+ *
+ * CAS authentication support.
+ * Uses mysql (same schema as mysql module) for authorization but CAS for authentication.
+ * Requires phpCAS https://wiki.jasig.org/display/casc/phpcas
+ * New configuration settings:
+ *
+ * auth_cas_host
+ * auth_cas_port
+ * auth_cas_context
+ * auth_cas_ca_cert
+ *
+ * FIXME these should go into defaults and sql-config!
+ */

 require_once('CAS.php');

-phpCAS::client(CAS_VERSION_2_0, $config['auth_cas_host'], $config['auth_cas_port'], $config['auth_cas_context']);
-phpCAS::setCasServerCACert($config['auth_cas_ca_cert']);
-phpCAS::handleLogoutRequests(false);
-phpCAS::forceAuthentication();
+phpCAS ::client(CAS_VERSION_2_0, $config['auth_cas_host'], $config['auth_cas_port'], $config['auth_cas_context']);
+phpCAS ::setCasServerCACert($config['auth_cas_ca_cert']);
+phpCAS ::handleLogoutRequests(FALSE);
+phpCAS ::forceAuthentication();

-if (phpCAS::getUser())
-{
-  session_set_var('username', phpCAS::getUser());
+if (phpCAS ::getUser()) {
+    session_set_var('username', phpCAS ::getUser());
 }

 /**
@ -43,24 +42,23 @@ if (phpCAS::getUser())
 *
 * @param string $username User name to check
 * @param string $password User password to check
+ *
 * @return int Authentication success (0 = fail, 1 = success) FIXME bool
 */
 function cas_authenticate($username, $password)
 {
-  $row = dbFetchRow("SELECT `username`, `password` FROM `users` WHERE `username`= ?", array($username));
-  if ($row['username'] && $row['username'] == $username)
-  {
-    if ($username == phpCAS::getUser())
-    {
-      return 1;
-    }
+    $row = dbFetchRow("SELECT `username`, `password` FROM `users` WHERE `username`= ?", [$username]);
+    if ($row['username'] && $row['username'] == $username) {
+        if ($username == phpCAS ::getUser()) {
+            return 1;
+        }

-    dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'CAS: username does not match CAS user'), 'authlog');
-  } else {
-    dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'CAS: NOT found in DB'), 'authlog');
-  }
-  //session_logout();
-  return 0;
+        dbInsert(['user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'CAS: username does not match CAS user'], 'authlog');
+    } else {
+        dbInsert(['user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'CAS: NOT found in DB'], 'authlog');
+    }
+    //session_logout();
+    return 0;
 }

 /**
@ -71,7 +69,7 @@ function cas_authenticate($username, $password)
 */
 function cas_auth_can_logout()
 {
-  return FALSE;
+    return FALSE;
 }

 /**
@ -79,11 +77,12 @@ function cas_auth_can_logout()
 * This is not currently possible using the CAS backend.
 *
 * @param string $username Username to check
+ *
 * @return bool TRUE if password change is possible, FALSE if it is not
 */
 function cas_auth_can_change_password($username = "")
 {
-  return FALSE;
+    return FALSE;
 }

 /**
@ -94,30 +93,30 @@ function cas_auth_can_change_password($username = "")
 */
 function cas_auth_usermanagement()
 {
-  return 1;
+    return 1;
 }

 /**
 * Adds a new user to the user backend.
 *
- * @param string $username User's username
- * @param string $password User's password (plain text)
- * @param int $level User's auth level
- * @param string $email User's e-mail address
- * @param string $realname User's real name
- * @param bool $can_modify_passwd TRUE if user can modify their own password, FALSE if not
- * @param string $description User's description
+ * @param string $username          User's username
+ * @param string $password          User's password (plain text)
+ * @param int    $level             User's auth level
+ * @param string $email             User's e-mail address
+ * @param string $realname          User's real name
+ * @param bool   $can_modify_passwd TRUE if user can modify their own password, FALSE if not
+ * @param string $description       User's description
+ *
 * @return bool TRUE if user addition is successful, FALSE if it is not
 */
-function cas_adduser($username, $password, $level, $email = "", $realname = "", $can_modify_passwd='1', $description = "")
+function cas_adduser($username, $password, $level, $email = "", $realname = "", $can_modify_passwd = '1', $description = "")
 {
-  if (!cas_auth_user_exists($username))
-  {
-    $hash = password_hash($password, PASSWORD_DEFAULT);
-    return dbInsert(array('username' => $username, 'password' => $hash, 'level' => $level, 'email' => $email, 'realname' => $realname, 'can_modify_passwd' => $can_modify_passwd, 'descr' => $description), 'users');
-  } else {
-    return FALSE;
-  }
+    if (!cas_auth_user_exists($username)) {
+        $hash = password_hash($password, PASSWORD_DEFAULT);
+        return dbInsert(['username' => $username, 'password' => $hash, 'level' => $level, 'email' => $email, 'realname' => $realname, 'can_modify_passwd' => $can_modify_passwd, 'descr' => $description], 'users');
+    } else {
+        return FALSE;
+    }
 }

 // EOF