Simple CAS Authentication

The following script makes a private web site accessible only to authenticated users. For example, if you have a career services web site and you only want students to access the materials using their email (university) credentials, this script would do the trick. You don’t need to create separate accounts for the site.

1. Download phpCAS and unzip/untar it: https://wiki.jasig.org/display/CASC/phpCAS.

2. Place the entire phpCAS directory on your server.

3. Place the following codes in at the top of any .php file that you want the contents to be private. If you want to make the entire site private, just add the script to an include file in the header. The following script is based on a simple CAS client:

<?php


/**

* Example for a simple cas 2.0 client

*

* PHP Version 5

*

* @file example_simple.php

* @category Authentication

* @package PhpCAS

* @author Joachim Fritschi <[email protected]>

* @author Adam Franco <[email protected]>

* @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0

* @link https://wiki.jasig.org/display/CASC/phpCAS

*/
// Load the settings from the central config file

// require_once 'config.php'; /*commented out by Donny*/

// Load the CAS lib

require_once $phpcas_path . '/CAS.php'; /*This is the path that to the CAS directory on your server, not the URL*/
// Uncomment to enable debugging

phpCAS::setDebug();
// Initialize phpCAS

phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);

//example: phpCAS::client(CAS_VERSION_1_0, 'login.gmu.edu', 443,'');
// For production use set the CA certificate that is the issuer of the cert

// on the CAS server and uncomment the line below

// phpCAS::setCasServerCACert($cas_server_ca_cert_path);
// For quick testing you can disable SSL validation of the CAS server.

// THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.

// VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!

phpCAS::setNoCasServerValidation();
// force CAS authentication

phpCAS::forceAuthentication();
// at this step, the user has been authenticated by the CAS server

// and the user's login name can be read with phpCAS::getUser().
// logout if desired

if (isset($_REQUEST['logout'])) {

phpCAS::logout();

}

// for this test, simply print that the authentication was successfull ?>

4. Add the following script to your HTML file to indicate if the user is logged in and also to the allow the user to sign off.

<div>Not <strong><?php echo phpCAS::getUser(); ?></strong>? <a href="?logout=">Sign out</a></div>

phpCAS and WordPress

Make sure your account is in the “Administrator” role, as you won’t be able to login as admin after switching to CAS.

1. Download phpCAS and unzip/untar it: https://wiki.jasig.org/display/CASC/phpCAS

2. Download wpcas.zip and unzip it in wp-content/plugins

3. edit wp-content/plugins/wpcas/wpcas.php and remove or comment out line 57:

/* $wpcas_options['server_path'] == '' || */

4. Create wp-content/plugins/wpcas/wpcas-conf.php with the following content (change “/path/to” to the path to CAS.php that you installed in step 1):

<?php


// the configuration array
$wpcas_options = array(
'cas_version' => 'S1',
'include_path' => '/path/to/CAS.php',
'server_hostname' => 'login.gmu.edu',
'server_port' => '443',
'server_path' => ''
);
// this function gets executed
// if the CAS username doesn't match a username in WordPress
function wpcas_nowpuser( $user_name ){
die('you do not have permission here');
}

?>

4. Login with an account that’s in the Administrator role. In “Plugins”, activate the wpCAS plugin.

5. If possible, test in a separate browser. When you click “Log in” you should be redirected to https://login.gmu.edu. Type in your PatriotPass NetID and password. You should be redirected back to your WordPress site.

Speed Up Site Performance

Set HTTP Cache Headers

<VirtualHost *:80> # Your config... ExpiresActive On <FilesMatch "\.(ico|gif|jpe?g|png|js|css)$"> ExpiresDefault "access plus 1 year" Header unset ETag FileETag None Header unset Last-Modified </FilesMatch> </VirtualHost>

Gzip Web Server Output

<VirtualHost *:80> # Your config... AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \\bMSIE !no-gzip !gzip-only-text/html </VirtualHost>

Source: Faster Sites Done Faster

Further reading: Using a far future expires header

Change Server Upload Permissions

Enter ssh [email protected] replacing username appropriately.
Enter your mason.gmu.edu password
mason> pico .cshrc
edit to reads umask 022 or umask 002 (If other people in your group edit the website, change your umask to 002; If only you edit your website, change it to 022)
Save the file (Ctrl+O) (letter O)
File Name to write: .cshrc will display towards the bottom of the window. Hit enter.
Exit the file (Ctrl+X).
Run pico .profile and pico .login and repeat Steps 3 and 4.
Log out and then log back in again.

Source: Fix Server Upload Permissions

Remove Autocomplete in Chrome

Mac keyboard: Shift+Function+Delete

WordPress CMS Plugins

Remove Java on your Mac

java -version
If you see 1.6 or 1.7 in the response, go to /System/Library/Java/JavaVirtualMachines/ directory and delete it.

Alternatively, use the command line:
sudo rm -rf /System/Library/Java/JavaVirtualMachines/

Learn more: “How to disable Java on your Mac“

Sass

$ sass --watch style.scss:style.css --style compressed


// Import

@import "normalize";
// Variables

$body_font: 'Georgia', serif;

// Mixin @mixin rounded_corners($rounding) { -webkit-border-radius:$rounding; -moz-border-radius: $rounding; -o-border-radius: $rounding; border-radius: $rounding; }

MySQL: Repair & Optimize all Tables in all Databases

mysqlcheck -u root -p --auto-repair --check --optimize --all-databases
or
mysqlcheck -Aor -u root -p
A = all databases
o = optimize
r = repair

via Byte Mods

Antonin Scalia Law School

Web Design and Services