[Mapbender-commits] r1771 - trunk/mapbender/http/php

svn_mapbender at osgeo.org svn_mapbender at osgeo.org
Mon Oct 29 08:52:00 EDT 2007 

Author: christoph
Date: 2007-10-29 08:52:00 -0400 (Mon, 29 Oct 2007)
New Revision: 1771

Modified:
   trunk/mapbender/http/php/mod_wfs_gazetteer_server.php
Log:
imported from Geoportal

Modified: trunk/mapbender/http/php/mod_wfs_gazetteer_server.php
===================================================================
--- trunk/mapbender/http/php/mod_wfs_gazetteer_server.php	2007-10-29 12:50:43 UTC (rev 1770)
+++ trunk/mapbender/http/php/mod_wfs_gazetteer_server.php	2007-10-29 12:52:00 UTC (rev 1771)
@@ -1,210 +1,171 @@
-<?php
-# $Id: mod_wfsrequest.php 1008 2007-01-16 11:26:56Z christoph $
-# http://www.mapbender.org/index.php/Administration
-# Copyright (C) 2002 CCGIS 
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
-include(dirname(__FILE__)."/../classes/class_gml2.php");
-require_once(dirname(__FILE__)."/../extensions/JSON.php");
-require_once(dirname(__FILE__)."/../classes/class_administration.php");
-
-$con = db_connect($DBSERVER,$OWNER,$PW);
-db_select_db($DB,$con);
-
-$command = $_REQUEST["command"];
-
-function checkAccessConstraint($filter, $wfs_conf_id) {
-	/* wfs_conf_element */
-	$sql = "SELECT * FROM wfs_conf_element ";
-	$sql .= "JOIN wfs_element ON wfs_conf_element.f_id = wfs_element.element_id ";
-	$sql .= "WHERE wfs_conf_element.fkey_wfs_conf_id = $1 ";
-	$sql .= "ORDER BY wfs_conf_element.f_respos";
-			
-	$v = array($wfs_conf_id);
-	$t = array('i');
-	$res = db_prep_query($sql,$v,$t);
-	while($row = db_fetch_array($res)){
-
-		if (!empty($row["f_auth_varname"])) {
-			$auth_varname = $row["f_auth_varname"];
-			$element_name = $row["element_name"];
-		}
-	}
-	if (!empty($auth_varname)) {
-
-		if (isValidVarName($auth_varname)) {
-			$user = eval("return " . $auth_varname . ";");
-			$pattern = "(<ogc:Filter[^>]*>)(.*)(</ogc:Filter>)";
-			$replacement = "\\1<And>\\2<ogc:PropertyIsEqualTo><ogc:PropertyName>" . $element_name . "</ogc:PropertyName><ogc:Literal>" . $user . "</ogc:Literal></ogc:PropertyIsEqualTo></And>\\3"; 
-			$filter = mb_eregi_replace($pattern, $replacement, $filter);
-		}
-	}
-	return $filter;
-}
-
-
-if ($command == "getWfsConf") {
-	
-	$wfsConfIdString = $_GET["wfsConfIdString"];
-	
-	if ($wfsConfIdString != "") {
-		$wfsConfIdArray = mb_split(",", $wfsConfIdString);
-	}
-	else {
-		echo "please specify wfs conf id.";
-		die();
-	}
-	
-	$sql = "SELECT * FROM wfs_conf ";
-	$sql .= "JOIN wfs ON wfs_conf.fkey_wfs_id = wfs.wfs_id ";
-	$sql .= "WHERE wfs_conf.wfs_conf_id IN (";
-	
-	$v = array();
-	$t = array();
-	for ($i = 0; $i < count($wfsConfIdArray); $i++) {
-		if ($i > 0) {$sql .= ", ";}
-		$sql .= "$" . ($i+1);
-		array_push($v, $wfsConfIdArray[$i]);
-		array_push($t, 'i');
-	}
-	$sql .= ")";
-	
-	$res = db_prep_query($sql, $v, $t);
-	
-	$obj = array();
-	while ($row = db_fetch_array($res)) {
-		$id = $row["wfs_conf_id"];
-		
-		$sql_conf_element = "SELECT * FROM wfs_conf_element ";
-		$sql_conf_element .= "JOIN wfs_element ON wfs_conf_element.f_id = wfs_element.element_id ";
-		$sql_conf_element .= "WHERE wfs_conf_element.fkey_wfs_conf_id = $1 ";
-		$sql_conf_element .= "AND wfs_conf_element.f_search = 1 ORDER BY wfs_conf_element.f_pos";
-		$v_conf_element = array($id);
-		$t_conf_element = array('i');
-		$res_conf_element = db_prep_query($sql_conf_element, $v_conf_element, $t_conf_element);
-	
-		$elementArray = array();
-		while ($row_conf_element = db_fetch_array($res_conf_element)) {
-			$currentElement = array("f_search" => $row_conf_element["f_search"],
-									"f_style_id" => $row_conf_element["f_style_id"],
-									"f_toupper" => $row_conf_element["f_toupper"],
-									"f_label" => $row_conf_element["f_label"],
-									"f_label_id" => $row_conf_element["f_label_id"],
-									"element_name" => $row_conf_element["element_name"],
-									"element_type" => $row_conf_element["element_type"]
-									);
-			array_push($elementArray, $currentElement);
-		}
-		
-		$sql_feature_type = "SELECT * FROM wfs_featuretype WHERE fkey_wfs_id = $1 AND featuretype_id = $2";
-		$v_feature_type = array($row["fkey_wfs_id"], $row["fkey_featuretype_id"]);
-		$t_feature_type = array("i", "i");
-	
-		$res_feature_type = db_prep_query($sql_feature_type, $v_feature_type, $t_feature_type);
-		if($row_feature_type = db_fetch_array($res_feature_type)){
-			$featuretype_name  = $row_feature_type["featuretype_name"];
-			$featuretype_srs  = $row_feature_type["featuretype_srs"];
-		}
-	
-		$currentRow = array("g_label" => $row["g_label"], 
-	                        "g_label_id" => $row["g_label_id"],
-							"g_style" => $row["g_style"],
-							"g_button" => $row["g_button"],
-							"g_button_id" => $row["g_button_id"],
-							"g_buffer" => $row["g_buffer"],
-							"g_res_style" => $row["g_res_style"],
-							"g_use_wzgraphics" => $row["g_use_wzgraphics"],
-							"wfs_id" => $row["fkey_wfs_id"],
-							"featuretype_id" => $row["fkey_featuretype_id"],
-							"featuretype_name" => $featuretype_name,
-							"featuretype_id" => $featuretype_srs,
-							"wfs_getfeature" => $row["wfs_getfeature"],
-							"element" => $elementArray
-							);
-	
-		$obj[$id] = $currentRow;
-	}
-	$json = new Services_JSON();
-	$output = $json->encode($obj);
-	echo $output;
-}
-else if ($command == "getSearchResults") {
-	$wfs_conf_id = $_REQUEST["wfs_conf_id"];
-	$backlink = $_REQUEST["backlink"];
-	$frame = $_REQUEST["frame"];
-	$filter = $_REQUEST["filter"];
-	$url = $_REQUEST["url"];
-
-	/* wfs_conf */
-	$sql = "SELECT * FROM wfs_conf JOIN wfs ON wfs_conf.fkey_wfs_id = wfs.wfs_id ";
-	$sql .= "WHERE wfs_conf.wfs_conf_id = $1";
-	$v = array($wfs_conf_id);
-	$t = array('i');
-	
-	$res = db_prep_query($sql,$v,$t);
-	if ($row = db_fetch_array($res)) {
-		$g_res_style  = $row["g_res_style"];
-	}
-	else {
-		die("wfs_conf " . $wfs_conf_id . "data not available");
-	}
-	
-	/* wfs_conf_element */
-	$sql = "SELECT * FROM wfs_conf_element ";
-	$sql .= "JOIN wfs_element ON wfs_conf_element.f_id = wfs_element.element_id ";
-	$sql .= "WHERE wfs_conf_element.fkey_wfs_conf_id = $1 ";
-	$sql .= "AND wfs_conf_element.f_show = 1 ORDER BY wfs_conf_element.f_respos;";
-	$v = array($wfs_conf_id);
-	$t = array('i');
-	
-	$res = db_prep_query($sql,$v,$t);
-	$col = array();
-	while ($row = db_fetch_array($res)) {
-		array_push($col, $row["element_name"]);
-	}
-	if (count($col) == 0) {
-		die("wfs_conf_element data not available");
-	}
-	
-	// append authorisation condition to filter
-	$filter = checkAccessConstraint($filter, $wfs_conf_id);
-	
-	$admin = new administration();
-	
-	$req = urldecode($url).urlencode($admin->char_decode(stripslashes($filter)));
-	$mygml = new gml2();
-	$mygml->parsegml($req);
-	
-	// generates JavaScript code that will add a geometry array containing
-	// all the result geometries and their attributes (wfs_conf_elements)
-	
-	$js = "";
-	if ($mygml->getMemberCount() > 0) { 
-		$js .= $mygml->exportGeometriesToJS(true);
-	
-		for ($i = 0; $i < $mygml->getMemberCount(); $i++) {
-			for ($j = 0; $j < count($col); $j++){
-				$js .= "geom.get(".$i.").e.setElement('".$j."', '".$mygml->getValueBySeparatedKey($i, $col[$j]) . "');\n";
-			}
-		}
-	}
-	echo $js;
-}
-else {
-	echo "please enter a valid command.";
-}
+<?php
+# $Id: mod_wfs_gazetteer_server.php 1190 2007-10-18 10:38:38Z baudson $
+# http://www.mapbender.org/index.php/Administration
+# Copyright (C) 2002 CCGIS 
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+session_start();
+
+require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
+include(dirname(__FILE__)."/../classes/class_gml2.php");
+require_once(dirname(__FILE__)."/../extensions/JSON.php");
+require_once(dirname(__FILE__)."/../classes/class_administration.php");
+require_once(dirname(__FILE__)."/../classes/class_wfs_conf.php");
+
+$con = db_connect($DBSERVER,$OWNER,$PW);
+db_select_db($DB,$con);
+
+$command = $_REQUEST["command"];
+
+/**
+ * checks if a variable name is valid.
+ * Currently a valid name would be sth. like $_SESSION["mb_user_id"]
+ * TODO: this function is also in mod_wfs_result!! Maybe merge someday.
+ */
+function isValidVarName ($varname) {
+	if (preg_match("/[\$]{1}_[a-z]+\[\"[a-z_]+\"\]/i", $varname) != 0) {
+		return true;
+	}
+	return false;
+}
+
+/**
+ * If access to the WFS conf is restricted, modify the filter.
+ * TODO: this function is also in mod_wfs_result!! Maybe merge someday.
+ */
+ function checkAccessConstraint($filter, $wfs_conf_id) {
+	/* wfs_conf_element */
+	$sql = "SELECT * FROM wfs_conf_element ";
+	$sql .= "JOIN wfs_element ON wfs_conf_element.f_id = wfs_element.element_id ";
+	$sql .= "WHERE wfs_conf_element.fkey_wfs_conf_id = $1 ";
+	$sql .= "ORDER BY wfs_conf_element.f_respos";
+			
+	$v = array($wfs_conf_id);
+	$t = array('i');
+	$res = db_prep_query($sql,$v,$t);
+	while($row = db_fetch_array($res)){
+
+		if (!empty($row["f_auth_varname"])) {
+			$auth_varname = $row["f_auth_varname"];
+			$element_name = $row["element_name"];
+		}
+	}
+	if (!empty($auth_varname)) {
+
+		if (isValidVarName($auth_varname)) {
+			$user = eval("return " . $auth_varname . ";");
+			if ($user) {
+				$pattern = "(<ogc:Filter[^>]*>)(.*)(</ogc:Filter>)";
+				$replacement = "\\1<And>\\2<ogc:PropertyIsEqualTo><ogc:PropertyName>" . $element_name . "</ogc:PropertyName><ogc:Literal>" . $user . "</ogc:Literal></ogc:PropertyIsEqualTo></And>\\3"; 
+				$filter = mb_eregi_replace($pattern, $replacement, $filter);
+			}
+			else {
+				$e = new mb_exception("mod_wfs_gazetteer_server: checkAccessConstraint: invalid value of variable containing user information!");
+			}
+		}
+		else {
+			$e = new mb_exception("mod_wfs_gazetteer_server: checkAccessConstraint: var name is not valid! (" . $auth_varname . ")");
+		}
+	}
+	return $filter;
+}
+
+
+if ($command == "getWfsConf") {
+	
+	$wfsConfIdString = $_GET["wfsConfIdString"];
+	
+	if ($wfsConfIdString != "") {
+		//array_keys(array_flip()) produces an array with unique entries
+		$wfsConfIdArray = array_keys(array_flip(mb_split(",", $wfsConfIdString)));
+	}
+	else {
+		echo "please specify wfs conf id.";
+		die();
+	}
+	
+	$obj = new WfsConf($wfsConfIdArray);
+
+	$json = new Services_JSON();
+	$output = $json->encode($obj->confArray);
+	echo $output;
+}
+else if ($command == "getSearchResults") {
+	$wfs_conf_id = $_REQUEST["wfs_conf_id"];
+	$backlink = $_REQUEST["backlink"];
+	$frame = $_REQUEST["frame"];
+	$filter = $_REQUEST["filter"];
+	$url = $_REQUEST["url"];
+
+	/* wfs_conf */
+	$sql = "SELECT * FROM wfs_conf JOIN wfs ON wfs_conf.fkey_wfs_id = wfs.wfs_id ";
+	$sql .= "WHERE wfs_conf.wfs_conf_id = $1";
+	$v = array($wfs_conf_id);
+	$t = array('i');
+	
+	$res = db_prep_query($sql,$v,$t);
+	if ($row = db_fetch_array($res)) {
+		$g_res_style  = $row["g_res_style"];
+	}
+	else {
+		die("wfs_conf " . $wfs_conf_id . "data not available");
+	}
+	
+	/* wfs_conf_element */
+	$sql = "SELECT * FROM wfs_conf_element ";
+	$sql .= "JOIN wfs_element ON wfs_conf_element.f_id = wfs_element.element_id ";
+	$sql .= "WHERE wfs_conf_element.fkey_wfs_conf_id = $1 ";
+	$sql .= "AND wfs_conf_element.f_show = 1 ORDER BY wfs_conf_element.f_respos;";
+	$v = array($wfs_conf_id);
+	$t = array('i');
+	
+	$res = db_prep_query($sql,$v,$t);
+	$col = array();
+	while ($row = db_fetch_array($res)) {
+		array_push($col, $row["element_name"]);
+	}
+	if (count($col) == 0) {
+		die("wfs_conf_element data not available");
+	}
+	
+	// append authorisation condition to filter
+	$filter = checkAccessConstraint($filter, $wfs_conf_id);
+	
+	$admin = new administration();
+	
+	$req = urldecode($url).urlencode($admin->char_decode(stripslashes($filter)));
+	$mygml = new gml2();
+	$mygml->parsegml($req);
+	
+	// generates JavaScript code that will add a geometry array containing
+	// all the result geometries and their attributes (wfs_conf_elements)
+	
+	$js = "";
+	if ($mygml->getMemberCount() > 0) { 
+		$js .= $mygml->exportGeometriesToJS(true);
+	
+		for ($i = 0; $i < $mygml->getMemberCount(); $i++) {
+			for ($j = 0; $j < count($col); $j++){
+				$js .= "geom.get(".$i.").e.setElement('".$j."', '".$mygml->getValueBySeparatedKey($i, $col[$j]) . "');\n";
+			}
+		}
+	}
+	echo $js;
+}
+else {
+	echo "please enter a valid command.";
+}
 ?>
\ No newline at end of file

More information about the Mapbender_commits mailing list