Coding

RPI phpCAS Authentication Tutorial

After much tinkering with RPI’s CAS (Central Authentication System) in PHP, I thought I would put together a guide to make it easy for anyone to put together a site that uses it. This would work for anyone at another location with a CAS server, but this example is for RPI.

Get the CAS Library
- https://wiki.jasig.org/display/CASC/phpCAS
Download the tar file under “Current Version”
Extract the contents, using a program such as 7-Zip, and put it in the root of whatever web folder you want
Download the latest CA bundle for SSL
- http://curl.haxx.se/docs/caextract.html
- Download “cacert.pem”, and put it in root of web project
Create a index.php, login.php, logout.php
The index has to load the library, check if the user is logged in, then print out text.
- <?PHP
  
  include_once(“./CAS-1.3.2/CAS.php”);
  phpCAS::client(CAS_VERSION_2_0,’cas-auth.rpi.edu’,443,’/cas/’);
  // SSL!
  phpCAS::setCasServerCACert(“./CACert.pem”);//this is relative to the cas client.php file
  
  if (phpCAS::isAuthenticated())
  {
  echo “User:” . phpCAS::getUser();
  echo “<a href=’./logout.php’>Logout</a>”;
  }else{
  echo “<a href=’./login.php’>Login</a>”;
  }
  
  ?>
- First we load the library for CAS from the subfolder
- Then we select which will be our central server
- We have to select our ca bundle, setCasServerCert does this
- Now we have fully loaded and configured the library
- Finally, I can ask CAS if a user has logged in, if so writeout some options, if not others
This is the login page
- <?PHP
  
  include_once(“./CAS-1.3.2/CAS.php”);
  phpCAS::client(CAS_VERSION_2_0,’cas-auth.rpi.edu’,443,’/cas/’);
  // SSL!
  phpCAS::setCasServerCACert(“./CACert.pem”);//this is relative to the cas client.php file
  
  if (!phpCAS::isAuthenticated())
  {
  phpCAS::forceAuthentication();
  }else{
  header(‘location: ./index.php’);
  }
  
  ?>
- Similar setup of authentication as before
- Now we check if the user is NOT authenticated, if the user is not authenticated we force login
- If the user already is logged in, then we redirect to the index
The logout page:
- <?PHP
  
  include_once(“./CAS-1.3.2/CAS.php”);
  phpCAS::client(CAS_VERSION_2_0,’cas-auth.rpi.edu’,443,’/cas/’);
  // SSL!
  phpCAS::setCasServerCACert(“./CACert.pem”);//this is relative to the cas client.php file
  
  if (phpCAS::isAuthenticated())
  {
  phpCAS::logout();
  }else{
  header(‘location: ./index.php’);
  }
  
  ?>
- Same configuration (this can be done by including a core file that everything else calls, but for this example I wanted to keep it simple)
- If they are not logged in, then we push the user back to login

That is the basic configuration, the example is available for download below. If there are any questions feel free to post a comment.

Download: https://github.com/daberkow/daberkow.github.io/blob/master/CASExample.zip

Extra Notes:

If you want to save server space, the docs folder under the CAS folder can be removed
I have ran into problems with CAS on a Windows Apache server, and CAS on a Linux Apache server reference the CACert.pem file differently
- One example of CAS on Windows is the timetracker software
- One example of CAS on Linux is QuickLogs

QuickLogs v3.3.0 (and quickly v3.3.1) (and then v3.3.2)

Recently there was a big update the to QuickLogs product, on the face of it, it looks like the buttons have been changed a little bit. That is the small part of the upgrade, the main change is how the stats page works. Now the stats page is run by the HighCharts JavaScript engine instead of the PHP libchart that was used in the past. This takes the load of creating charts off of the server, and moves it to JavaScript Also this increases the flexibility to add more charts in the future.

I started the new stats page (v3.3.0) with a drop down to select different types of graphs, the Activities, User, and Overall graphs were used with the drop down. A quick comment made by people at the Helpdesk was “why not use all the space available, I dont like having to navigate again after refreshing.” v3.3.1 brought back the single page, but more importantly sorted the data in the charts. By default Highcharts plots by order the data is put into it; but it was not largest category to smallest. A quick sort was put in, and then we were back to where v3.2 ws with charts but a new engine. The new engine also allows for the charts to be looked at under different time periods instead of only 30 days.

The morning the program moved to version 3.3.2, this was a pure bug fix with CAS having a certificate issue under the login page. At this time, I decided to centralize the CAS information for all pages under the ‘core.php’ page. That way if the certificate moves there is one place to do it.

QuickLogs represents a early version of my app design; these days I tend to make core.php and ajax.php heavy with most of the application functions, and subsequent pages call them with ajax. This is a older app where a lot of the functions are hard coded in the page. I have started migrating to using a wrapper on MySQL like I have with the time cards app. But I only changed it on functions I was modifying so most of QuickLogs remains doing manual queries.

Looking to the future there are many ideas for QuickLogs, yet little time to compete them. One person suggested a achievement system for different things you can do at work. Another suggestion was a Nemesis a person who is right ahead of you for tickets, and having competition. The final suggestion was for some different types of charts. I wanted to do charts, I just have to find time.

At this point, QuickLogs is going on the shelf. (Unless I get a itch to add more charts) I am shifting to more time on Time Tracker and getting this product finished, before I leave RPI. Documentation for both products should be updated soon as well.

Time Tracker

Recently I have been working on an hour keeping system for my work at RPI; we have an old time card system that is running on a Windows 2000 server. The code no longer works, as in the JavaScript is not supported by modern browsers. The old system has been running for over 11 years, and it is time to let it retire.

The new system is at version 0.1 right now, with basic functionality working. The system is split into groups, so while one server runs separate departments can run a “group” and have their employees under there. Once a user is given privileges to one group in the system, when that user logins in, that group will automatically come up.

The old system had a html page that managers could edit, to give announcements to workers. This was a bit of a tedious process to go in and manually edit these pages, now there is a field for the manager of each group to drop html to edit their page. The system has two levels of accounts and privileges, there is the privilege within a group, and the privilege for the entire system. While a user can be administrator of a group and edit their group, they may not have administrative rights over the entire server. By having administrative rights to the entire server, a user can change the splash page before a user is logged on, or create new groups in the system.

The system allows for templates to be made of weeks, so if a student worker works the same hours every week, then they can save it and deploy it easily. I am working on integrating email reminders by using a .Net application that integrates with MySQL. By having the application read who has yet to enter logs this pay period I can use the students CAS login to get their email.

Below are some photos of the system, and it is all open source at the attached link.

Source: https://github.com/daberkow/RPI_timetracker

Windows Sudo

I am back at RPI, finishing up my degree. Recently I have been working on hour tracking software for several departments at RPI.

Recently I have run into a minor annoyance where I am in the command line in Windows and need to elevate a command or program so that I can do a administrative task. (Such as moving a file to the system32 folder), the normal solution is to right click command line short cut and “Run as Administrator”. While that works its not fast, I’m sure there are other solutions out there, but I wanted to quickly build on in .Net. I did this a while ago for Vista and called it elev, but never saved it and since I am trying to make the transition between Windows and Linux easier I called it sudo.

All you do is put this in your %windir%\system32\ folder, and then at the command line type “sudo cmd” or whatever command you want. Commands like “dir” are actually part of cmd not a separate file called so “sudo dir” wont show anything, it will output the .Net error.

Link to exe: https://github.com/daberkow/win_sudo/blob/master/sudo/sudo/bin/Release/sudo.exe

Link to project: https://github.com/daberkow/win_sudo

Quick Compare

I wrote a quick little program to solve a problem for me. If you have two algorithms in webpages and want to benchmark them to see the difference, the program will work for you. You add the the below code to a PHP page, or do he same thing in other languages, then the app will run as many times as you tell it to and find the result in time. To lower the time it takes to get a result, you can up the thread count. Averages are not returned till all threads return information.

Start of PHP Page:
$time = microtime(TRUE);
End of page:
echo "seconds " . (microtime(TRUE) - $time);


Download:
https://github.com/daberkow/QuickCompare/blob/master/WebTest/bin/Release/WebTest.exe
Git:
https://github.com/daberkow/QuickCompare/

OpenAFS @RPI Client

Recently I was told “I can’t remember anyone getting OpenAFS to work on their own”, by a staffer at my school. I took it on myself then to figure out how to get this working for students. And in the end I wrote an app that will automatically download and install the AFS client, then configure drives for you. This was an experiment in threading and using WPF instead of Windows Forms.

First the app goes and downloads the OpenAFS client, if it is a 64 bit machine it grabs the 32 bit tools first then the client. While downloading and installing these things it connects via SSH to a school server to get the location of the user’s home folder as well as verify the credentials given.

Once installation is complete the program runs ‘klog’, this goes to the AFS server and requests tokens in the cluster using the credentials given earlier. Once we are past the installing point all these actions need to be run on the campus network. When the program starts it tries to ping a couple internal servers, if it can hit more than half of them in under 75 milliseconds then it considers itself on campus; if it thinks it’s off campus, then it notifies the user. One small problem with the first release is sometimes this system gets confused by vpn taking slightly longer.

Now that we have working token the system recommends drive letters that are not in use as well as AFS spaces to mount including the users folder and ‘dept’ to start. The configure button will activate these drives, they are not set to persistent at this time.

Below is the github link, as well as the direct exe link:

Github: https://github.com/daberkow/RPI_OpenAFS

EXE: https://github.com/daberkow/RPI_OpenAFS/blob/master/OpenAFS%20Installer%20WPF/bin/Release/OpenAFS%20Installer%20WPF.exe

C#/.Net SSH Framework

I needed a SSH framework for a program I am writing for my school. There are quite a few out there for .Net but I ended up going with the one from http://sshnet.codeplex.com. It requires .Net 3.5 or 4.0, but its ease of use makes this not a problem. Below is a example of code using the pre-built binary for .Net 3.5, this code connects to a SSH server, then runs a command and stores the result in a string called ‘temp_holding’.

Renci.SshNet.SshClient MysshClient = new Renci.SshNet.SshClient(server, username, password); //these are varibles of strings
try{
MysshClient.Connect();
}catch{
//Something in here failed
return;
}
Renci.SshNet.SshCommand MyRanCommand = MysshClient.RunCommand(“pwd”);
lock (locker){
string temp_holding = MyRanCommand.Result;
}

PHP/JS and C# Encryption

Here is some code from a project I have been working on and then shelved. A C# (mono) project creates a RSA public/private key pair, then gives the public side to a MySQL database. The private side is saved to the hard drive for later. Then PHP dynamically adds the currently active key public portion into javascript, which encrypts the users input, and saves it to MySQL. Then the C# application can get the keys it has saved in a good place, and decrypt the data in the database. Benefits of this include the web data is secured from the client to the server, and even if somehow someone steals your database off your webserver, they dont have the encryption keys to take it away. This system also has a way to deactivate a old key and move to a new one, if more code was put into it someone could revoke a old key and migrate all the data using it to a new key, but that wasn’t implemented. I thought this would be a cool project and I learned a lot about RSA public private keys, a lot of languages handle the keys differently; some take it in hex, some do it differently, some call the parts one thing, some call them other names. The javascript portion is based mostly off this library (link). JQuery is used for ease.

Feel free to give feed back or use this, open source fun.

https://github.com/daberkow/PHP_PublicKeyDemo

Duplicate Download Gallery v.01

I was going through all my photos the other day when I realized there were a lot of duplicates, I wanted to find a easy program that could find these. After some searching, I found a bunch of programs that worked, yet cost a good amount, and I didn’t see any that had the feature set I was looking for; including a list of the files which I could save, a method to move the duplicates to another folder, and customization. Along with most importantly I wanted a FREE duplicate file finder, not expensive one that did a simple job. So I made my own. This is version v0.01, the main function works well, the main interface is meh, but it works. More updates and features to come, but for one days work its good. Also I am going to be opening up some software in the future, including this one when its closer to completion. If you have any features you think of leave a comment, I was thinking about adding a preview for photos, music and maybe video. Saving, loading logs, delete all but one copy of file, not bad interface…

Download:

https://github.com/daberkow/daberkow.github.io/tree/master/DDG

6to4 Adapter Cleaner, v1.60

This version brings a few fixes and new features, hence the version jump. Features Include:

Minimize to Tray when removal is working
Checks if already running on startup
Faster IPv6 detection for method 2
Slightly smaller