When working with wp-cli and other plugins, wp-cassify output PHP notices like below bc $_SERVER[‘SERVER_NAME’] is not guaranteed to exist.
$ php wp-cli.phar plugin activate wp-phpmyadmin-extension –url=/
Notice: Undefined index: SERVER_NAME in /home1l/wordpres/www/wp-content/plugins/wp-cassify/classes/wp_cassify_utils.php on line 98
I add this plugin to my wp-cli skip-plugins list as my fix.
You might be able to get the current URL from code like one of these:
if (isset($_SERVER['HTTP_HOST']) && !empty($_SERVER['HTTP_HOST'])) {
$current_url = $_SERVER['HTTP_HOST'];
}
if (defined(DOMAIN_CURRENT_SITE) && !empty(DOMAIN_CURRENT_SITE)) {
$current_url = DOMAIN_CURRENT_SITE;
}
if (!isset($_SERVER['SERVER_NAME']) || empty($_SERVER['SERVER_NAME'])) {
$current_url = gethostname();
}Version 2.3.3 of WP Cassify indicated “Fix PHP start session only when needed” which seems to be partly based on the conversation in https://www.ads-software.com/support/topic/patch-to-start-php-session-only-when-needed/.
However, WP Cassify, even as of the latest (2.3.4) version, is still starting a PHP session even if you so much as visit a public WP page. The change made in 2.3.3 is not sufficient enough to satisfy what the changelog message indicates: https://plugins.trac.www.ads-software.com/changeset?sfp_email=&sfph_mail=&reponame=&new=3112582%40wp-cassify&old=3106726%40wp-cassify&sfp_email=&sfph_mail=
There is a working example of how to actually fix this in https://github.com/LafColITS/wp-cassify/commit/82dca78aea239e4775052c2990980e48d417b742. The most important aspect of that particular example is using isset($_COOKIE[session_name()]) to help ensure that the session is not started unless an actual pre-established session cookie is already present.
]]>Dear wp-cassify Support Team,
We have observed that the WordPress logs are repeatedly logging a warning related to a call from the wp-cassify plugin, causing the logs to occupy several gigabytes of space. Below is the observed error message:
[27-Jun-2024 07:31:48 UTC] PHP Deprecated: parse_str(): Passing null to parameter #1 ($string) of type string is deprecated in /wp-content/plugins/wp-cassify/classes/wp_cassify_utils.php on line 143This error is caused because the function parse_str() is being called with a null value as the first parameter, which is deprecated as of PHP 8.1.
The affected line is located in /wp-content/plugins/wp-cassify/classes/wp_cassify_utils.php, on line 143.
To resolve this issue, the function wp_cassify_extract_get_parameter can be modified as follows:
/**
* Return value of a parameter passed in url with get method.
* @param string $url Http url from wich you extract GET parameters
* @param string $get_parameter_name GET parameter name
* @return string $get_parameter_value GET parameter value
*/
public static function wp_cassify_extract_get_parameter( $url , $get_parameter_name ) {
$get_parameter_value = null;
$query = parse_url( $url , PHP_URL_QUERY );
if (! empty( $query ) ) {
parse_str($query, $url_params);
}
if (! empty( $url_params[ $get_parameter_name ] ) ) {
$get_parameter_value = $url_params[ $get_parameter_name ];
}
return $get_parameter_value;
}This modification ensures that the parse_str() function is only called when the $query is not null, thereby avoiding the deprecation warning.
Thank you for your attention to this matter.
Best regards,
Ernesto
I realized today that the cassify plugin doesn’t work anymore, there is no request to the cas server.
]]>We are seeing a lot of these PHP Notices in our logs. Can you please fix this and similar code in the same file?
PHP Notice: Undefined index: SERVER_NAME in /home1l/wordpres/www/wp-content/plugins/wp-cassify/classes/wp_cassify_utils.php on line 98
$current_url .= $_SERVER[ 'SERVER_NAME' ];Hi, this plugin is not compatible with PHP 8. Any chance it could be updated?
]]>We’re seeing an issue with the most recent version of the plugin (2.3.1) where WordPress crashes with a stack trace on the Site Editor. Sample:
<b>Fatal error</b>: Uncaught Error: Undefined constant "SECURE_AUTH_COOKIE" in /var/www/html/wp-includes/pluggable.php:929
Stack trace:
#0 /var/www/html/wp-includes/pluggable.php(694): wp_parse_auth_cookie(false, '')
#1 /var/www/html/wp-includes/class-wp-hook.php(324): wp_validate_auth_cookie(false)
#2 /var/www/html/wp-includes/plugin.php(205): WP_Hook->apply_filters(false, Array)
#3 /var/www/html/wp-includes/user.php(3628): apply_filters('determine_curre...', false)
#4 /var/www/html/wp-includes/pluggable.php(70): _wp_get_current_user()
#5 /var/www/html/wp-includes/l10n.php(98): wp_get_current_user()
#6 /var/www/html/wp-includes/l10n.php(152): get_user_locale()
#7 /var/www/html/wp-includes/l10n.php(947): determine_locale()
#8 /var/www/html/wp-admin/includes/plugin.php(150): load_plugin_textdomain('wp-cassify', false, 'wp-cassify')
#9 /var/www/html/wp-admin/includes/plugin.php(111): _get_plugin_data_markup_translate('wp-cassify/wp-c...', Array, true, true)
#10 /var/www/html/wp-content/plugins/wp-cassify/wp-cassify.php(20): get_plugin_data('/var/www/html/w...')
#11 /var/www/html/wp-settings.php(418): include_once('/var/www/html/w...')
#12 /var/www/html/wp-config.php(130): require_once('/var/www/html/w...')
#13 /var/www/html/wp-load.php(50): require_once('/var/www/html/w...')
#14 /var/www/html/wp-admin/admin.php(34): require_once('/var/www/html/w...')
#15 /var/www/html/wp-admin/site-editor.php(12): require_once('/var/www/html/w...')
#16 {main}
thrown in <b>/var/www/html/wp-includes/pluggable.php</b> on line <b>929</b><br />The root cause is that get_plugin_data depends on load_plugin_textdomain, which needs information about the user, but it’s getting called before the cookies are set. get_plugin_data needs to be hooked in later in the load process.
]]>Good morning,
on my www.ads-software.com site, I have a problem because the email addresses of our 3000 users have been changed via our CAS.
We use WP Cassify and I can’t see what other pluging could send these notifications.
Each time a user logs in, they receive the following email:
“Hello username,
This message confirms that your email address has been changed on the xxxx site.
If you have not performed this action, please promptly contact the site administrator at this address:
[email protected]
This message was sent to xxxxx
Sincerely,
The xxxxx IT team”
We are trying without success to deactivate this notification email, because most of the time, the user follows the instructions and contacts us.
I think this is not possible and I explored another solution: where is the signature line “XXXXX’s IT team” configured? I could indicate in it not to follow the instructions.
Thanks in advance
]]>Hello everyone,
I have created a git repository with a PHP8-compatible version of this plugin. I can’t guarantee that it will work in all circumstances, but this version is error-free on my institution’s WordPress sites. Please feel free to use!
]]>Hi! We just updated to WP core 6.3 and PHP 8.1 and are now getting this error:
Warning: Attempt to read property "user_login" on null in /code/wp-content/plugins/wp-cassify/classes/wp_cassify_plugin.php on line 632
which defaults us to the classic wp-login.php page, which is not correct. Since we’re using CAS for authentication, there is no user password that will work on that page. Will there be an update coming soon that is compatible with WP 6.3 and PHP 8.1? Thank you!
]]>Hello,
I have the same problem than others in this forum when upgrading from php 7 to php 8 with wp-cassify 2.3.1? : wp_cassify_is_in_while_list returns always true and there is no more redirection to CAS Authentication after upgrading php to >= 8.
By the way, note the typo in while_list (means white_list).
The issue comes from the line 1144 :if ( strrpos( $url, $white_url, -strlen( $url ) ) !== false ) {
The behavior of strrpos has changed from 7 to 8 php version cf
https://www.php.net/manual/en/function.strrpos.php
I don’t use “white list” option of wp-cassify but this should be buggy even with php 7.
I suggest to modify the line 1144 like this if ( strlen($white_url)>0 && strrpos( $url, $white_url, strlen( site_url() ) ) !== false ) {
Thnak you for this great plugin !
Vincent B.
Hi. We receive the following fatal error and it makes our website loose the CSS. I have to clear the site cache and it usually gets back up in 20 minutes or so. This has happened probably 20 times in the past year. (I’ve removed my company URL below and replaced it with XYZ). The other plugin in the mix is from Wicket, and they said the error isn’t from them. Any help would be greatly appreciated. Thanks in advance.
2023/06/28 14:16:20 [error] 78741#78741: *7879629 FastCGI sent in stderr: “PHP message: PHP Fatal error: Uncaught Error: Call to undefined function industrial_logger() in /www/XYZ/public/wp-content/plugins/wicket-wordpressplugin-php/wicket_cas_role_sync.php:23
Stack trace:
#0 /www/XYZ/public/wp-includes/class-wp-hook.php(308): custom_action_before_auth_user_wordpress(Array)
#1 /www/XYZ/public/wp-includes/class-wp-hook.php(332): WP_Hook->apply_filters(”, Array)
#2 /www/XYZ/public/wp-includes/plugin.php(517): WP_Hook->do_action(Array)
#3 /www/XYZ/public/wp-content/plugins/wp-cassify/classes/wp_cassify_plugin.php(529): do_action(‘wp_cassify_befo…’, Array)
#4 /www/XYZ/public/wp-includes/class-wp-hook.php(308): wp_cassify\WP_Cassify_Plugin->wp_cassify_grab_service_ticket(”)
#5 /www/XYZ/public/wp-includes/class-wp-hook.php(332): WP_Hook->apply_filters(NULL, Array)
#6 /www/” while reading response header from upstream, client: 73.223.134.8, server: xyz.org, request: “GET /?ticket=ST-1721-QhIvBBhta4uFXHNDK86cgKg7gkw-ip-172-31-3-73 HTTP/2.0”, upstream: “fastcgi://unix:/var/run/php8.0-fpm-xyz.sock:”, host: “xyz.org:27801”
]]>Hello,
I installed and activated the plugin but it blocks WP authentication. Is there a setting to be made to also keep the classic WP authentication at the same time as the CAS please?
Thx for your help !
This is a follow up to https://www.ads-software.com/support/topic/php-session-always-started-even-when-not-needed/ since that topic is no longer allowing new replies.
The following changes to classes/wp_cassify_plugin.php is one minimal way to make the PHP session only start when actually needed.
Update wp_cassify_session_start() as follows, with the changes in bold:
public function wp_cassify_session_start( $force = false ) {
if ( $force || isset( $_COOKIE[ session_name() ] ) ) {
if(! session_id() ) {
session_start();
}
}
}And then update wp_cassify_grab_service_ticket() as follows, again with the changes in bold:
if ( (! is_user_logged_in() ) || (! is_user_member_of_blog() ) ) {
if (! empty( $service_ticket ) ) {
// Ensure session is started
$this->wp_cassify_session_start( true );
// Retrieve configuration options from databaseNote that I’ve only done rudimentary verification of these changes, but it seems to work as expected.
]]>This plugins run with WP 6.2.2 and php 8.1?
]]>Hi there,
i was answering to mraamike topic, but you asked me to wrote a new one. here it is !
I have the folowing error and when i deactivate the wp cassify plugin, it disapear. Any idea ?
A PHP session was created by a?session_start()?function call. This interferes with REST API and loopback requests. The session should be closed by?session_write_close()?before making any HTTP requests.
I am receiving the following error:
A PHP session was created by a?session_start()?function call. This interferes with REST API and loopback requests. The session should be closed by?session_write_close()?before making any HTTP requests.
After deactivating all plugins and reactivating one by one, the error seems to be connected to WP Cassify.
Do you have any suggested solutions?
]]>Hey there,
Thanks so much for building this great WP integration with CAS. in our situation, our network WP requires an email address for accounts to be created.
On line 484 of classes/wp_cassfiy_plugin.php you are doing the following:
$wordpress_user_id = WP_Cassify_Utils::wp_cassify_create_wordpress_user( $cas_user_datas[ ‘cas_user_id’ ], null );
The problem is that means that no email address is ever set on account creation even if one is passed by CAS.
I did this hack to make it work, but I’m sure there is a better way to pull it out of the mappings (or another method)
// Pass email address for creation or it fails
$email = (isset($cas_user_datas[’email’])) ? $cas_user_datas[’email’] : NULL;
$wordpress_user_id = WP_Cassify_Utils::wp_cassify_create_wordpress_user( $cas_user_datas[ ‘cas_user_id’ ], $email );
What do you think? Would it be possible to add the ability to pass the email address to the creation function instead of null?
Thanks again!
]]><?php
$url ="/test";
$wp_cassify_redirect_url_white_list="";
$is_in_while_list = false;
$white_list_urls = explode( ';', $wp_cassify_redirect_url_white_list );
if ( ( is_array( $white_list_urls ) ) && ( count( $white_list_urls ) > 0 ) ){
foreach( $white_list_urls as $white_url ) {
if ( strrpos( $url, $white_url, -strlen( $url ) ) !== false ) {
$is_in_while_list = true;
}
}
}
echo $is_in_while_list;Fragment of code is from wp_cassify_plugin.php?
Please check the code above on https://onlinephp.io/
With php7 the result is empty
With php8 the result is always 1
]]>Hello,
I have been using WPCassify since 2017 to authenticate with a CAS server (Cerbere). Problem is the login used is the mail address and we need to create user accounts based on the email.
Initially the module did not work fine so I had to patch it and I have to keep patching it . Here is the latest version (2.3.1) patched, I would like to know if there is a possibility to merge my patch or include hooks in the right places to replace my patches ?
https://www.aria.developpement-durable.gouv.fr/wp-cassify-231-patch-yb.zip
Thanks in advance
]]>Hi,
Is it possible to configure the plugin so that urls filter populations?
Eg:
– https://domain.tld/students-only/* requires the property CAS-eduPersonAffiliation=student
– https://domain.tld/employee-only/* requires the property CAS-eduPersonAffiliation=employee
Best regards,
]]>Bonjour,
Nous avons 2 clients qui souhaitent ce genre de connexion pour aller sur notre site, est ce que avec le plugin il est possible de configurer 2 connexions ?
Merci
Hi there,
i have 2 questions ??
Thank you so much !
]]>Hi everyone!
Is there a possible way to modify a cas attribute using a custom plugin hook, right after the response xml is parsed and before the session or the database are populated with the cas returned attributes?
In my case the attribute for mail is multi-valued(i.e [[email protected], [email protected]]) and I want to keep only one of these values.
So far, I used the “wp_cassify_after_cas_authentication” hook to get the $cas_user_datas array. Inside the hook, I managed to overwrite the appropriate value into $cas_user_datas[ ‘mail’ ]. The problem is that I can’t figure out how to pass this to the main flow and finally populate the session(and database) with the desired value.
I tried to pass the $cas_user_datas array by reference and treat it like a “pointer” but the value didn’t change in the main routine(classes/wp_cassify_plugin.php). So, I believe that’s not the case.
Except for using hooks, is there a configuration(or some way) to get only one value from a multi-valued attribute and ignore the others?
Thanks,
K.K.
WP Cassify seems to eagerly start a PHP session without first making sure it has a reason to do so. This can introduce multi-request blocking behavior, and can load up a server with sessions for no good reason, both of which reduce scalability. Page caching plugins may help alleviate this, but using them shouldn’t be required to work around this behavior.
Please update the plugin so that a PHP session is not started unless required. A simple way to avoid starting a session is to first check if the session cookie exists, e.g. isset($_COOKIE[session_name()])
Another option is to eliminate dependency on native PHP sessions entirely. One way is to store tokens/data in the database and directly manage the cookie, akin to WP. Another way is to reduce the scope of the plugin down to only what is needed for CAS auth & user mapping, and let WP handle the rest. This would help make things less awkward in load-balanced installations.
]]>When wp-cassify is installed and I run any WP-CLI command, I get a number of spurious warnings, presumably because it’s not being run in a web context.
PHP Warning: Undefined array key "SERVER_PORT" in /srv/napd-mygideon-wordpress/src/web/app/plugins/wp-cassify/classes/wp_cassify_utils.php on line 105
(also occurs on wp_cassify_utils.php lines 98, 101, and 102)
This doesn’t affect the functionality of the plugin or the rest of the site, it’s just a minor annoyance to have this noise printed in every command line we run.
]]>Hello,
I successfully installed the plugin and the CAS login works great.
However I now need to let non-cas users to also be able to login. They are just users that have an account inside WordPress but they are not CAS users.
Could you tell me how I can do it ?
I already created a login form. The login form works great when Cassify is disabled but when it’s enabled, then this login form doesn’t log the user in…
I really need some help. Has someone already done that before ?
Regards,
Brian
PHP error logs show:
wp_get_sites is <strong>deprecated</strong> since version 4.6.0! Use get_sites() instead
due to these lines:
wp-cassify/admin/admin-menu.php: <?php $blogs = wp_get_sites();?>
wp-cassify/wp-cassify.php: $blogs = wp_get_sites();
]]>There’s logic in the code to config the auth recheck (grep .*cachetimes_for_authrecheck), but there appears to be no logic to actually do the auth recheck. Am I missing something?
]]>I’m having trouble with single logout: Logout of the CAS session does not logout from WP. What URL should I configure on my CAS server as the logout URL? I tried https://my-wordpress.com/wp-login.php?action=logout but this fails with a 403.
]]>