liambolling · June 7, 2014 17:19
diff --git a/iu_cas_login b/iu_cas_login
 //Note: I did not write all of this code. Some was provided by IU. I am only showing an efficient method to 
 //making sure they are an IU student. I wrote this code for use on the iuifc.org website. Any problems? @liambolling


 //You may not need this. I found it helped to make sure to ask for auth.
 session_start();
 
 //This will send the user everytime to CAS to authenticate. 
 //Fixes the whole "I closed my browser but not out of CAS" thing.

 function cas_authenticate(){
  $sid = SID; //SESSION ID
 
  //Because SESSIONS are used, I default set it to false to make them login. 
  //Watch out with this. I used it because I just wanted to authenticate that they are a student
  //But if you plan to use CAS for the login method, this is a bad idea most likley.
  $_SESSION['CAS'] = false;
 
  $authenticated = $_SESSION['CAS'];
  //Make sure that your code redirects back to here or else you will get an error.
  $casurl = "www.yourURL.com";
 
  //send user to CAS login if not authenticated
  if (!$authenticated) {
    $_SESSION['LAST_SESSION'] = time(); // update last activity time stamp
    $_SESSION['CAS'] = true;
    echo '<META HTTP-EQUIV="Refresh" Content="0; URL=https://cas.iu.edu/cas/login?cassvc=IU&casurl='.$casurl.'">';
 	
    exit;
  }
 
  if ($authenticated) {
    if (isset($_GET["casticket"])) {
      //set up validation URL to ask CAS if ticket is good
      $_url = 'https://cas.iu.edu/cas/validate';
      $cassvc = 'IU';
 
      $params = "cassvc=$cassvc&casticket=$_GET[casticket]&casurl=$casurl";
      $urlNew = "$_url?$params";
 
      //CAS sending response on 2 lines. First line contains "yes" or "no". If "yes", second line contains username (otherwise, it is empty).
      $ch = curl_init();
      $timeout = 5; // set to zero for no timeout
      curl_setopt ($ch, CURLOPT_URL, $urlNew);
      curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
      ob_start();
      curl_exec($ch);
      curl_close($ch);
      $cas_answer = ob_get_contents();
      ob_end_clean();
      
      //split CAS answer into access and user
      list($access,$user) = split("\n",$cas_answer,2);
      $access = trim($access);
      $user = trim($user);
      
      //set user and session variable if CAS says YES
      if ($access == "yes") {
        $_SESSION['user'] = $user;
      }
      
    } else if (!isset($_SESSION['user'])) { //END GET CAS TICKET
      echo '<META HTTP-EQUIV="Refresh" Content="0; URL=https://cas.iu.edu/cas/login?cassvc=IU&casurl='.$casurl.'">';
    }
  }
 }//END CAS FUNCTION
 
 cas_authenticate();
 
 //gets the username from the SESSION and assigns it to username.
 $username = $_SESSION['user'];
 $email_address = $_SESSION['email_address'];
 
 
 //If you want to block someone from your application, you can add them to here
 //or curate a list of users you wish to block.
 $users = array("ljbollin");
 if(in_array($username, $users)){
  die("Sorry, your account was blacklisted and deleted for misconduct. Please contact IFC if you with to revoke this issue.
 ");
 }


 session_destroy();
	//Note: I did not write all of this code. Some was provided by IU. I am only showing an efficient method to
	//making sure they are an IU student. I wrote this code for use on the iuifc.org website. Any problems? @liambolling


	//You may not need this. I found it helped to make sure to ask for auth.
	session_start();

	//This will send the user everytime to CAS to authenticate.
	//Fixes the whole "I closed my browser but not out of CAS" thing.

	function cas_authenticate(){
	$sid = SID; //SESSION ID

	//Because SESSIONS are used, I default set it to false to make them login.
	//Watch out with this. I used it because I just wanted to authenticate that they are a student
	//But if you plan to use CAS for the login method, this is a bad idea most likley.
	$_SESSION['CAS'] = false;

	$authenticated = $_SESSION['CAS'];
	//Make sure that your code redirects back to here or else you will get an error.
	$casurl = "www.yourURL.com";

	//send user to CAS login if not authenticated
	if (!$authenticated) {
	$_SESSION['LAST_SESSION'] = time(); // update last activity time stamp
	$_SESSION['CAS'] = true;
	echo '<META HTTP-EQUIV="Refresh" Content="0; URL=https://cas.iu.edu/cas/login?cassvc=IU&casurl='.$casurl.'">';

	exit;
	}

	if ($authenticated) {
	if (isset($_GET["casticket"])) {
	//set up validation URL to ask CAS if ticket is good
	$_url = 'https://cas.iu.edu/cas/validate';
	$cassvc = 'IU';

	$params = "cassvc=$cassvc&casticket=$_GET[casticket]&casurl=$casurl";
	$urlNew = "$_url?$params";

	//CAS sending response on 2 lines. First line contains "yes" or "no". If "yes", second line contains username (otherwise, it is empty).
	$ch = curl_init();
	$timeout = 5; // set to zero for no timeout
	curl_setopt ($ch, CURLOPT_URL, $urlNew);
	curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
	ob_start();
	curl_exec($ch);
	curl_close($ch);
	$cas_answer = ob_get_contents();
	ob_end_clean();

	//split CAS answer into access and user
	list($access,$user) = split("\n",$cas_answer,2);
	$access = trim($access);
	$user = trim($user);

	//set user and session variable if CAS says YES
	if ($access == "yes") {
	$_SESSION['user'] = $user;
	}

	} else if (!isset($_SESSION['user'])) { //END GET CAS TICKET
	echo '<META HTTP-EQUIV="Refresh" Content="0; URL=https://cas.iu.edu/cas/login?cassvc=IU&casurl='.$casurl.'">';
	}
	}
	}//END CAS FUNCTION

	cas_authenticate();

	//gets the username from the SESSION and assigns it to username.
	$username = $_SESSION['user'];
	$email_address = $_SESSION['email_address'];


	//If you want to block someone from your application, you can add them to here
	//or curate a list of users you wish to block.
	$users = array("ljbollin");
	if(in_array($username, $users)){
	die("Sorry, your account was blacklisted and deleted for misconduct. Please contact IFC if you with to revoke this issue.
	");
	}


	session_destroy();