607A Yorktown Place, Statesboro, GA 30461
http://www.chrissterling.me — chris@chrissterling.me
770-689-6679

Return to Resume

<?php
//we are in the New York Timezone, lets set this so when we request time(), we know that it was EST
date_default_timezone_set('America/New_York');
//I need to reference some scripts located up exactly 1 directory, but it was challenging when I was a couple folders deep
$upOne = realpath(__DIR__ . '/..');
require_once $upOne.'/globals-api.php';
//we use CAS (central authentication service) on campus as our SSO
require_once $upOne.'/CAS/config.php';
require_once $upOne.'/CAS/CAS-1.3.2/CAS.php';
//some scripts need mysql, if you set $useMysql = true before including the script, it will include a mysql connection, same
//for the next block below
global $useMysql;
if(isset($useMysql) && $useMysql){
    require_once $upOne.'/mysql-connection.php';
}

global $useOracle;
if(isset($useOracle) && $useOracle){
    require_once $upOne.'/oracle-connection.php';
}

phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);
//these pages don't really care about your CAS Session
//I have a handful of pages that don't need SSO, but I want to include the auth script because it's included by default in the template
$pages[] = 'timeout.php';
$pages[] = 'logout.php';
$pages[] = 'error.php';
//this has to be called before i can can anything related to phpCAS::getUser();
phpCAS::isAuthenticated();

/*

if this is a parent account or they 
are on a page we don't care about auth, 
we don't force auth otherwise, we force authentication

*/
//at this point, if they aren't a parent account, or on one of the pages we don't need, we don't check for SSO
if(!isset($_SESSION['parentAccount']) && !in_array(basename($_SERVER['PHP_SELF']),$pages)){
    //they MUST be authenticated to view this page
    phpCAS::forceAuthentication();
}
//this was to fix a bug due to SSO across 2 different servers
if(isset($_GET['sso'])){
    unset($_SESSION['autoLogout']);
}
//
if((isset($_SESSION['autoLogout']) && $_SESSION['autoLogout']) && !isset($_GET['sso'])){
    unset($_SESSION['autoLogout']);
    phpCas::logoutWithRedirectService("https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
}


//we attempt to get the authenticated user from the session (prevent extra calls to cas)
$user = (isset($_SESSION['CAS_USER']))? $_SESSION['CAS_USER'] : "";
//if they are authenticated and don't have the session set,
//we get their user from cas, and then set the username
if(phpCAS::isAuthenticated() && !isset($_SESSION['CAS_USER'])){
    $user = phpCAS::getUser();
    $_SESSION['CAS_USER'] = $user;
}
//configure the API file
$api = new MyGSAPI();
//we are in a closed beta, so what we do is throw an error if I can't talk to the API, or if they aren't in the beta
try{
    //this is the current account type
    $type='username';
    //at this point, they should have a CAS auth UNLESS they are a parent 
    if($user == ''){
        //they don't have a parent account
        if(!isset($_SESSION['parentAccount'])){
            //throw an exception, we really won't do anything with it,
            //but this gets us to the error page.
            throw new Exception("Account Not Found");
        }else{
            //they have a parent session, so, lets get the username from the parent session
            $user = urlencode(base64_encode($_SESSION['USER_UNAME']));
            $type = 'parent';
        }
    }
    //at this point, we should have a username, and we just set the username
    //inside the api class for easy access
    $api->username = $user;
    //the following section is mainly for testing, system has to be in debug
    //mode for starters for this to even work
    //this code lets me override who a developer can view the portal as. It's good for bug fixing
    //as we can replicate the user and see what they did in our dev system.
    $developers = $api->GetDevelopers();
    if(in_array($user,$developers) && $api->GetDebug()){
        if(isset($_GET['username']) || isset($_SESSION['passedUsername'])){
            if(isset($_GET['username'])){
                $user = $_GET['username'];
            }
        }else{
            $user='jwilliams';
        }
    }

    //if debug mode enabled
    //display errors to the screen
    if($api->GetDebug()){
        error_reporting(E_ALL);
        ini_set('display_errors', '1');
    }
    //we cache the userdata from api to reduce the number of 
    //extra calls to the API
    if(isset($_SESSION['userData']) && $_SESSION['userData'] == false){
        unset($_SESSION['userData']);
    }
    //if in debug mode, I get the data anyways so I can test changes on the fly
    if(($api->GetDebug()) || !isset($_SESSION['userData'])){
        //get the user data
	    $userData = $api->getPortalAccount($user,array('type'=>$type,'returnPreferredName'=>false));
    }else{
        //we already have user data, so we we load it into a variable we can use everywhere
	    $userData = $_SESSION['userData'];
    }
    //this is to help with legacy code, we set the banner status
    //but save it to session, I may look into rolling sessions where it check it's every so often
    if(!isset($_SESSION['System']['Banner'])){
        $system = $api->getSystemStatus('1');
        $_SESSION['System']['Banner'] = $system;
        $_SESSION['BANNER_STATUS'] = ($system->ComputedStatus == 'ACTIVE')? "UP" : "DOWN";
    }
    //I throw an error if the user isn't in the beta program and they aren't a parent
    if(!$api->GetBeta($userData) && !isset($_SESSION['parentAccount']) && !$api->GetDebug()){
        throw new Exception('BETA',403);
    }
    
    //we auto time out people after 20 minutes. This is a chuck of code that sets the initial time out if this is their first
    //login, and it updates their last login time
    if(!isset($_SESSION['lastActionTime']) || $api->getDebug()){
        $_SESSION['lastActionTime'] = time();
        if(!isset($_SESSION['lastActionTime']) && $type == 'username'){
            $updateAccount = new StdClass();
            $updateAccount->PIDM = $userData->PIDM;
            $updateAccount->Username = $user;
            $updateAccount->LastLogin = date("Y-m-d H:i:s");
            $api->UpdateLastLogin($updateAccount);
            
        }
    }
 	//last move they did
    $previousTime = $_SESSION['lastActionTime'];
    //do we need to time them out
    if(($previousTime + 1260) < time()){ //yes, this is technically 21 minutes, but the auto timeout should kill their session anyways
        $previousTime = $_SESSION['lastActionTime'];
        header("Location: timeout.php");
    }
	//we have some legacy code that we are still working with, so we set some session values to keep track of them
    $_SESSION['lastActionTime'] = time();
    $_SESSION['USER_PIDM'] = $userData->PIDM;

    
//redirect them to the error page if and only if they aren't on it already
}catch(Exception $ex){
    $_SESSION['AuthError'] = $ex;
	if(!in_array(basename($_SERVER['PHP_SELF']),$pages)){
	    header("Location: error.php");	
	}
}
Return to Resume