Index: cas.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/cas/cas.module,v
retrieving revision 1.13.2.2
diff -u -w -r1.13.2.2 cas.module
--- cas.module	2 Feb 2008 22:07:45 -0000	1.13.2.2
+++ cas.module	10 Mar 2008 16:39:14 -0000
@@ -1,5 +1,7 @@
 <?php
 // $Id: cas.module,v 1.13.2.2 2008/02/02 22:07:45 metzlerd Exp $
+
+
 /**
  * Enables users to authenticate via a Central Authentication Service (CAS)
  * Cas will currently work if the auto registration is turned on and will
@@ -15,7 +17,6 @@
 * Implementation of hook_init
 * Traps a page load to see if authentication is required.
 */
-
 function cas_login_check() {
   global $user, $account;

@@ -41,56 +42,53 @@
      $cas_domain       = (string)variable_get('cas_domain','');
      $cas_cert_verify =  (string)variable_get('cas_cert_verify',CAS_NO_VERIFY);
      $cas_cert        =  (string)variable_get('cas_cert','');
-     $start_session    = (boolean)FALSE; // Drupal takes care of its own session
+    // Drupal takes care of its own session
+    $start_session = (boolean)FALSE;
      cas_save_page();
      phpCAS::client($server_version, $server_cas_server, $server_port, $server_uri, $start_session);
      // force CAS authentication
-
      // Determine if CA option is set.  This is only avialable in version 0.6 or greater, so we need to test
      // to make sure its collable.
-     if (is_callable(array(phpCAS,'setNoCasServerValidation')))
-     {
+    if (is_callable(array(phpCAS, 'setNoCasServerValidation'))) {
         switch ($cas_cert_verify) {
             case CAS_NO_VERIFY:
               phpCAS::setNoCasServerValidation();
               break;
+
             case CAS_VERIFY:
               phpCAS::setCasServerCert($cas_cert);
               break;
+
             case CAS_CA_VERIFY:
               phpCAS::setCasServerCACert($cas_cert);
               break;
-
         }
      }

      // using function check for backward compatibility of the cas libraries.
      // Newer versions of the cas client use authenticateIfNeeded,
      // but older versions use forceAuthentication
-     if (is_callable(array(phpCAS,'authenticateIfNeeded')))
-     {
+    if (is_callable(array(phpCAS, 'authenticateIfNeeded'))) {
        phpCAS::authenticateIfNeeded();
      }
-     else
-     {
+    else {
        phpCAS::forceAuthentication();
      }

      $cas_name = phpCAS::getUser();

      // try to log into Drupal
-     if($cas_authmap) { // users are coming from Drupal; no need to use the external_load and the authmap
+    if ($cas_authmap) {
+      // users are coming from Drupal; no need to use the external_load and the authmap
          $user = user_load(array("name" => $cas_name));
-     } else {
+    }
+    else {
          // users are external; use authmap table for associating external users
         $user = user_external_load($cas_name);
-        if (!$user->uid && variable_get('cas_hijack_user',0))
-        {
+      if (!$user->uid && variable_get('cas_hijack_user', 0)) {
           $user = user_load(array("name" => $cas_name));
-          if ($user->uid)
-            user_set_authmaps($user,array('authname_cas' => $cas_name));
+        if ($user->uid) user_set_authmaps($user, array('authname_cas' => $cas_name));
         }
-
      }

      // If we don't have a user register them.
@@ -103,10 +101,8 @@
            "status" => 1,
            "roles" => $cas_roles,
            );
-         if (!$cas_authmap)
-           $user_default['authname_cas'] = $cas_name;
-         if ($cas_domain)
-           $user_default['mail'] = $cas_name . '@' . $cas_domain;
+        if (!$cas_authmap) $user_default['authname_cas'] = $cas_name;
+        if ($cas_domain) $user_default['mail'] = $cas_name .'@'. $cas_domain;

          // Become user 1 to be able to save profile information
          $admin = array('uid'=> 1);
@@ -116,8 +112,7 @@
          $user = user_save("", $user_default);

          watchdog("user", t('new user: %n (CAS)', array('%n' => $user->name)), WATCHDOG_NOTICE, l(t("edit user"), "admin/user/edit/$user->uid"));
-         if(($user->uid) && ($user->uid > 0) && $cas_authmap)
-         {
+        if (($user->uid) && ($user->uid > 0) && $cas_authmap) {
            module_invoke_all('user', 'login', null, $user);
            unset($_SESSION['cas_goto']);
            watchdog('user', t('Session opened for %name.', array('%name' => $user->name)));
@@ -130,16 +125,13 @@
      }

     // final check to make sure we have a good user
-   if($user->uid && $user->uid > 0)
-    {
+    if ($user->uid && $user->uid > 0) {
       /*
       ** LDAPAuth interfacing - BEGIN
       */

-      if (variable_get('cas_useldap_groups',''))
-      {
-        if ($ldap_config_name = _get_ldap_config_name($user->name))
-        {
+      if (variable_get('cas_useldap_groups', '')) {
+        if ($ldap_config_name = _get_ldap_config_name($user->name)) {
           _ldapauth_init($ldap_config_name);
           include_once('modules/ldap_integration/ldapgroups.module');
           $user->ldap_authentified = true;
@@ -158,7 +150,7 @@
       }
       $user_up = array(
        "pass" => user_password(),
-       "roles" => $roles
+        "roles" => $roles,
       );
       $user = user_save($user, $user_up);

@@ -167,18 +159,15 @@
        watchdog('user', t('Session opened for %name.', array('%name' => $user->name)));
       // We can't count on the menu because we're changing login states.
       cas_login_page();
-
-
-      } // if we have a good user
-      else
-      {
+    }
+    // if we have a good user
+    else {
         session_destroy();
         $user = drupal_anonymous_user();
       }
-
- } // End if user is already logged in else
 }
-
+  // End if user is already logged in else
+}

 /**
  * Implementation of hook_perm().
@@ -196,6 +185,7 @@
       return t("Allows users to authenticate via a Central Authentication Service.");
   }
 }
+
 /**
 * Implements hook_menu.
 *
@@ -214,8 +204,7 @@
       'access' => user_access('administer cas'),
       'type' => MENU_NORMAL_ITEM,
       );
-    if ((!$user->uid) || ((arg(0)=='admin') && (arg(1) == 'build') && (arg(2) == 'menu')))
-    {
+    if ((!$user->uid) || ((arg(0) == 'admin') && (arg(1) == 'build') && (arg(2) == 'menu'))) {
       $items[] = array(
        'path' => 'cas',
        'title' => t('CAS Login'),
@@ -224,8 +213,7 @@
        'type' => MENU_SUGGESTED_ITEM,
        );
     }
-    if (($user->uid) || ((arg(0)=='admin') && (arg(1) == 'build') && (arg(2) == 'menu')))
-    {
+    if (($user->uid) || ((arg(0) == 'admin') && (arg(1) == 'build') && (arg(2) == 'menu'))) {
       $items[] = array(
        'path' => 'caslogout',
        'title' => t('CAS Logout'),
@@ -234,7 +222,6 @@
        'type' => MENU_SUGGESTED_ITEM,
        );
     }
-
   }
   return $items;
 }
@@ -358,7 +345,7 @@
     '#default_value' => variable_get('cas_auto_assigned_role', array(DRUPAL_AUTHENTICATED_RID)),
     '#options' => user_roles(true),
     '#multiple' => true,
-    '#description' => t('This value can be used to establish a role automatically for all CAS users.  As an example, if you are also using the simple_ldap module, you can use this role to establish a tie between CAS and LDAP-populated data.  i.e. Users with the role of \'cas:user\' should have their LDAP data updated automatically.')
+    '#description' => t('This value can be used to establish a role automatically for all CAS users.  As an example, if you are also using the simple_ldap module, you can use this role to establish a tie between CAS and LDAP-populated data.  i.e. Users with the role of \'cas:user\' should have their LDAP data updated automatically.'),
   );


@@ -439,14 +426,14 @@
     '#type' => 'textfield',
     '#title' => t('Change password URL'),
     '#default_value' => variable_get('cas_changePasswordURL', ''),
-    '#description' => t('The URL users should use for changing their password.  Leave blank to use the standard Drupal page.')
+    '#description' => t('The URL users should use for changing their password.  Leave blank to use the standard Drupal page.'),
   );

   $form['misc']['cas_registerURL'] = array(
     '#type' => 'textfield',
     '#title' => t('Registration URL'),
     '#default_value' => variable_get('cas_registerURL', ''),
-    '#description' => t('The URL users should use for changing registering.  Leave blank to use the standard Drupal page.')
+    '#description' => t('The URL users should use for changing registering.  Leave blank to use the standard Drupal page.'),
   );


@@ -486,18 +473,14 @@
 /**
 * Saves the page that the user was on when login was requested or required
 */
-function cas_save_page()
-{
-  if (!$_SESSION['cas_goto'])
-  {
-    if(arg(0)=='cas')
-    {
+function cas_save_page() {
+  if (!$_SESSION['cas_goto']) {
+    if (arg(0) == 'cas') {
       //we're were destined to the CAS login page, so set
       //the page to the referrer.
       $_SESSION['cas_goto'] = $_SERVER['HTTP_REFERER'];
     }
-    else
-    {
+    else {
       //We're destined for another page, so save the group.
       $_SESSION['cas_goto'] = $_GET['q'];
     }
@@ -518,8 +501,7 @@
   elseif ($_GET['destination']) {
     $destination = $_GET['destination'];
   }
-  elseif ($_SESSION['cas_goto'])
-  {
+  elseif ($_SESSION['cas_goto']) {
     $destination = $_SESSION['cas_goto'];
     unset($_SESSION['cas_goto']);
   }
@@ -533,8 +515,7 @@
 /**
 * Logs a user out of drupal and then out of cas
 */
-function cas_logout()
-{
+function cas_logout() {
   global $user;

   watchdog('user', t('Session closed for %name.', array('%name' => theme('placeholder', $user->name))));
@@ -569,8 +550,7 @@
 /**
  * Provides login blog that only shows up when the user logs in.
  */
-function cas_block($op = 'list', $delta = 0, $edit = array())
-{
+function cas_block($op = 'list', $delta = 0, $edit = array()) {
   global $user;
   if ($op == 'list') {
      $blocks[0]['info'] = t('CAS User login');
@@ -605,19 +585,16 @@
  * Determines whether cas login should be enforced for this page load.
  * This is done based on the redirection settings for this module.
  */
-function _cas_force_login()
-{
+function _cas_force_login() {

   list($arg0) = split('/',$_GET['q']);
   // Don't even do the test if we're hitting the cas page
-  if ($arg0=="cas")
-  {
+  if ($arg0 == "cas") {
      return true;
   }

   // Don't even do the test if cron.php or xmlrpc.php is invoked.  Don't require login.
-  if (base_path().'cron.php'==$_SERVER['PHP_SELF'] || base_path().'xmlrpc.php'==$_SERVER['PHP_SELF'])
-    return false;
+  if (base_path() .'cron.php' == $_SERVER['PHP_SELF'] || base_path() .'xmlrpc.php' == $_SERVER['PHP_SELF']) return false;

   // set the default behavior
   if (variable_get('cas_access',0) == 1)  {
@@ -635,12 +612,9 @@
     $path_match = preg_match($regexp, $path);

     // Alter the default
-    if ($path_match)
-    {
-      if ($force_login)
-        $force_login = false;
-      else
-        $force_login = true;
+    if ($path_match) {
+      if ($force_login) $force_login = false;
+      else $force_login = true;
     }
   }

@@ -651,15 +625,12 @@
  * implementation of hook_form_alter
  * Overrides specific from settings based on user policy.
  */
-function cas_form_alter($form_id,&$form)
-{
+function cas_form_alter($form_id, &$form) {
   switch ($form_id){
     case 'user_edit':
       //make the email field hidden and force the value to the default.
-      if (variable_get('cas_hide_email',0))
-      {
-        if (variable_get('cas_domain',''))
-        {
+      if (variable_get('cas_hide_email', 0)) {
+        if (variable_get('cas_domain', '')) {
           $form['account']['mail']['#type']='hidden';
           $form['account']['mail']['#value']= $form['account']['name']['#default_value'].'@'.variable_get('cas_domain','');
         }
@@ -668,18 +639,14 @@
         ** LDAPAuth interfacing - BEGIN
         */

-        if (variable_get('cas_useldap',''))
-        {
+        if (variable_get('cas_useldap', '')) {
           global $ldap, $user;
-          if ($ldap_config_name = _get_ldap_config_name($user->name))
-          {
+          if ($ldap_config_name = _get_ldap_config_name($user->name)) {
             _ldapauth_init($ldap_config_name);
             $ldap->connect();
             $cas_ldap_email_attribute = (string)variable_get('cas_ldap_email_attribute','mail');
             $ldap_entries = $ldap->search($ldap->getOption('basedn'), $ldap->getOption('user_attr').'='.$user->name, array($cas_ldap_email_attribute));
-            if ($ldap_entries['count']==1 && isset($ldap_entries[0][$cas_ldap_email_attribute][0]))
-            if (trim($ldap_entries[0][$cas_ldap_email_attribute][0])!='')
-            {
+            if ($ldap_entries['count'] == 1 && isset($ldap_entries[0][$cas_ldap_email_attribute][0])) if (trim($ldap_entries[0][$cas_ldap_email_attribute][0]) != '') {
               $form['account']['mail']['#type']='hidden';
               $form['account']['mail']['#value']= $ldap_entries[0][$cas_ldap_email_attribute][0];
             }
@@ -689,12 +656,10 @@
         /*
         ** LDAPAuth interfacing - END
         */
-
       }

       //Remove the password fields from the form.
-      if (variable_get('cas_hide_password',0))
-        unset($form['account']['pass']);
+      if (variable_get('cas_hide_password', 0))unset($form['account']['pass']);
     break;

     case 'user_pass':
@@ -717,9 +682,7 @@
 /**
 * LDAP Auxiliary functions
 */
-
-function _get_ldap_config_name ($user_name)
-{
+function _get_ldap_config_name($user_name) {
   include_once('modules/ldap_integration/ldapauth.module');
   $user_found = false;
   $result = db_query("SELECT name FROM {ldapauth} WHERE status = '%d' ORDER BY sid", 1);
@@ -728,16 +691,13 @@
     // instantiate ldap
     _ldapauth_init($row->name);
     $ldap_user_entry = _ldapauth_user_lookup($user_name);
-    if ($ldap_user_entry)
-    {
+    if ($ldap_user_entry) {
       $user_found = true;
       break;
     }
   }
-  if ($user_found)
-    return $row->name;
-  else
-    return false;
+  if ($user_found) return $row->name;
+  else return false;
 }

 /*
