No ability to disable displaying errors directly into the response.

[Magiczne]

Right now, there are places in the library where error messages are displayed directly into the response, mainly:

1. AuthenticationException. Lines 74-75:

$client->printHTMLHeader($lang->getAuthenticationFailed());
printf(
    $lang->getYouWereNotAuthenticated(),
    htmlentities($client->getURL()),
    isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN']:''
);

2. CAS.php. Lines 598-602:

if (self::$_PHPCAS_VERBOSE) {
    echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>" . __CLASS__ . "::" . $function . '(): ' . htmlentities($msg) . "</b></font> in <b>" . $file . "</b> on line <b>" . $line . "</b><br />\n";
} else {
    echo "<br />\n<b>Error</b>: <font color=\"FF0000\"><b>". DEFAULT_ERROR ."</b><br />\n";
}

Right now the only way to disable this is to make workarounds using buffering or modifying library using composer-patches.
Users may want to handle errors in their own fashion, and displaying messages directly is not a good way to do it.

As a partial solution for first case it could be do like so:

$messages[] = sprintf(
    $lang->getYouWereNotAuthenticated(),
    htmlentities($client->getURL()),
    isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN']:''
);

but it does not solve $client->printHTMLHeader($lang->getAuthenticationFailed()); line and second case.
In my opinion phpCAS should offer some way (preferably config option) to disable writing error messages directly to the response.

[jfritschi]

Is pretty much a duplicate of #129 and related to #173 and #57

[Magiczne]

The issues You have pointed out are 7 and 9 years old respectively.

I could try to make PR with simple configuration variable to turn off the messages i have pointed ouy, but making logging modular is out of my scope right now.