PHP discuz3.2 cas

先将CAS PHP版支持包引入，然后进入下面环节。下载地址http://developer.jasig.org/cas-clients/php/1.3.4/CAS-1.3.4.tgz

1.去除登录输入
upload\template\default\member\login_simple.htm
删除8-29行代码，删除31-32行代码

添加检查登录

<script type="text/javascript">
(function () {
       var _body = document.body || document.getElementsByTagName('body')[0];
       var iframe = document.createElement('iframe');
       iframe.id = 'logcheck';


       iframe.src = "member.php?"+(("mod=logging&action=loginCheck"));
       iframe.style.display = 'none';
       _body.appendChild(iframe);
   })();
</script>

2.去除弹框登录
upload/admin.php-=》界面-》去掉浮动窗口（登录）


3.在CAS文件夹中创建CasClientConfig.php
<?php
define ( 'CAS_SERVER_HOSTNAME', '192.168.32.7' );
define ( 'CAS_SERVER_PORT', 8080 );
define ( 'CAS_SERVER_APP_NAME', "cas_server" );
?>


4.在CAS文件中创建CasClient.php
<?php
require_once DISCUZ_ROOT.'./CAS/CasClientConfig.php'; // 注意
require_once DISCUZ_ROOT.'./CAS.php'; // 注意
                                                  
// 初始化
//phpCAS::setDebug ();
 
// initialize phpCAS
phpCAS::client ( CAS_VERSION_2_0, CAS_SERVER_HOSTNAME, CAS_SERVER_PORT, CAS_SERVER_APP_NAME );
 
// no SSL validation for the CAS server

phpCAS::setNoCasServerValidation ();

phpCAS::setNoClearTicketsFromUrl ();
phpCAS::handleLogoutRequests();

if(!phpCas::isAuthenticated()){
$urlpath = $_SERVER['REQUEST_URI'];
   if(strstr($urlpath,'member.php') && strstr($urlpath,'mod=logging') && strstr($urlpath,'action=login')){
    phpCAS::forceAuthentication();// 去登陆
   }elseif(!strstr($urlpath,'mod=logout')){
// discuz注销
// TODO:退出论坛
   }
} else {
$urlpath = $_SERVER['REQUEST_URI'];
error_log('urlb:'.$urlpath);
//除了登录其他的都是异步登录
if(!(strstr($urlpath,'member.php') && strstr($urlpath,'mod=logging') && strstr($urlpath,'action=login'))){

//需要自己写异步请求cas_server才能回调
// TODO:登陆论坛
}

?>


5.source/class/class_core.php第16行加入
require_once DISCUZ_ROOT."CAS/CasClient.php";


6.uc_client/control/user.php
134行注释
// elseif($user['password'] != md5($passwordmd5.$user['salt'])) {
// $status = -2;
// } elseif($checkques && $user['secques'] != $_ENV['user']->quescrypt($questionid, $answer)) {
// $status = -3;
// }




注释 onsynlogin、onsynlogout、onregister方法


7.source/function/function_member.php加入
// 新加的方法，用以支持CAS 登录
function userloginCas($username, $ip = '') {
    $return = array ();
    
  if(!function_exists('uc_user_login')) {
loaducenter();
}

$return['ucresult'] = uc_user_login(addslashes($username), '', 0, 0,'', '', $ip);

    $tmp = array ();
    $duplicate = '';
    list ( $tmp ['uid'], $tmp ['username'], $tmp ['password'], $tmp ['email'], $duplicate ) = $return ['ucresult'];
    $return ['ucresult'] = $tmp;
    if ($duplicate && $return ['ucresult'] ['uid'] > 0 || $return ['ucresult'] ['uid'] <= 0) {
        $return ['status'] = 0;
        return $return;
    }
    
    $member = getuserbyuid ( $return ['ucresult'] ['uid'], 1 );
    if (! $member || empty ( $member ['uid'] )) {
        $return ['status'] = - 1;
        return $return;
    }
    $return ['member'] = $member;
    $return ['status'] = 1;
    if ($member ['_inarchive']) {
        C::t ( 'common_member_archive' )->move_to_master ( $member ['uid'] );
    }
    if ($member ['email'] != $return ['ucresult'] ['email']) {
        C::t ( 'common_member' )->update ( $return ['ucresult'] ['uid'], array (
                'email' => $return ['ucresult'] ['email'] 
        ) );
    }
    
    return $return;
}


8.source/class/class_member.php
51行注释并改为
// if(!submitcheck('loginsubmit', 1, $seccodestatus)) {
if (1 == 2) {


92行 $_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';后加入
phpCAS::setNoClearTicketsFromUrl ();
// 这里会检测服务器端的退出的通知，就能实现php和其他语言平台间同步登出了  
      phpCAS::handleLogoutRequests();  
      $username='';
      if(phpCAS::isAuthenticated()){  
          $username = phpCAS::getUser ();

      } else {

$service =  $_SERVER['HTTP_REFERER'];
phpCAS::setServerLoginUrl(phpCAS::getServerLoginURL().urlencode("?service=".$service));

          phpCAS::forceAuthentication ();
      }
// if(!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) {
// showmessage('profile_passwd_illegal');
// }
// $result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], $this->setting['autoidselect'] ? 'auto' : $_GET['loginfield'], $_G['clientip']);
$result = userloginCas($username, $_G['clientip']);


347行 on_logout方法
if(defined('IN_MOBILE')) {
showmessage('location_logout_succeed_mobile', dreferer(), array('formhash' => FORMHASH, 'referer' => rawurlencode(dreferer())));
} else {
$service =  $_SERVER['HTTP_REFERER'];
      phpCAS::logoutWithRedirectService ( $service );
// showmessage('logout_succeed', dreferer(), array('formhash' => FORMHASH, 'ucsynlogout' => $ucsynlogout, 'referer' => rawurlencode(dreferer())));
}
386行 on_register方法中
if(strpos($url_forward, $this->setting['regname']) !== false) {
$url_forward = 'forum.php';
}
修改掉防止当登录成功时无限跳转
$url_forward = 'forum.php';

logging_ctl类中 添加异步登录验证方法

function on_loginCheck(){
global $_G;
$username='';
if(phpCAS::isAuthenticated()){
$username = phpCAS::getUser ();
} else {
phpCAS::setServerLoginUrl(phpCAS::getServerLoginURL());
phpCAS::forceAuthentication ();
}
$result = userloginCas($username, $_G['clientip']);

if($data = uc_get_user($username)) {
list($uid, $username, $email) = $data;      //根据用户名获取uid进行登录
} else {
dexit();
}
if($uid > 0) {
$member = getuserbyuid($uid, 1);            //根据uid获取用户表pre_common_member中的所有字段
//global $_G;
$_G['uid'] = intval($uid);
$_G['username'] = $username;
$_G['adminid'] = $member['adminid'];
$_G['groupid'] = $member['groupid'];
$_G['formhash'] = formhash();
$_G['session']['invisible'] = getuserprofile('invisible');
$_G['member'] = $member;
loadcache('usergroup_'.$_G['groupid']);
C::app()->session->isnew = true;
C::app()->session->updatesession();

dsetcookie('auth', authcode("{$member['password']}\t{$member['uid']}", 'ENCODE'), $cookietime, 1, true);        //这里的passwod是pre_common_member表中经过加密后的密码
dsetcookie('loginuser',$username);
dsetcookie('activationauth');
dsetcookie('pmnum');

dexit('<script type="text/javascript">window.top.location.reload();</script>');
} else {
dexit();
}


}

source/moudule/member/member_logging.php添加允许loginCheck 方法通过

第15行if(!in_array($_GET['action'], array('login', 'logout','loginCheck'))) 

自动https/http CAS\Client.php
 $this->_server['base_url'] = 'https://' . $this->_getServerHostname();
改为
 $this->_server['base_url'] = ($this->_isHttps() ? 'https':'http').'://'. $this->_getServerHostname();


关闭gateway CAS\Client.php
 $this->redirectToCas(true/* gateway */);
改为

 $this->redirectToCas(false/* gateway */);

遇到的问题（登录后自动退出的问题）

调整config\config_global.php中$_config['cookie']['cookiedomain']

可以参考

http://blog.csdn.net/kfanning/article/details/49761123

http://blog.csdn.net/leedaning/article/details/44155733

当然推荐使用异步

服务端可参考

http://www.iteye.com/topic/1111931

异步验证参考

http://www.imooc.com/article/4017

集群退出参考

http://www.jianshu.com/p/4c6f010c420e