[Mapbender-commits] r1773 - in trunk/mapbender/owsproxy/http: .
classes
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Mon Oct 29 10:24:32 EDT 2007
Author: christoph
Date: 2007-10-29 10:24:32 -0400 (Mon, 29 Oct 2007)
New Revision: 1773
Added:
trunk/mapbender/owsproxy/http/classes/
trunk/mapbender/owsproxy/http/classes/class_QueryHandler.php
Modified:
trunk/mapbender/owsproxy/http/index.php
Log:
imported from Geoportal
Added: trunk/mapbender/owsproxy/http/classes/class_QueryHandler.php
===================================================================
--- trunk/mapbender/owsproxy/http/classes/class_QueryHandler.php (rev 0)
+++ trunk/mapbender/owsproxy/http/classes/class_QueryHandler.php 2007-10-29 14:24:32 UTC (rev 1773)
@@ -0,0 +1,159 @@
+<?php
+# $Id: $
+# http://www.mapbender.org/index.php/class_administration
+# Copyright (C) 2002 CCGIS
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+require_once("../../../http/classes/class_mb_exception.php");
+
+/**
+ * class to handle the querystring and the params
+ */
+
+class QueryHandler{
+
+ private $reqParams = array();
+ private $reqParamsToLower = array();
+ private $owsproxyServiceKey = 'wms';
+ private $owsproxyServiceId;
+ private $onlineResource;
+ /**
+ * Constructor of the QueryHandler
+ *
+ */
+ function __construct(){
+ $this->setRequestParams(array_keys($_REQUEST));
+ $notice = new mb_notice("const: querystring: ".$this->getQueryString());
+ }
+
+ /**
+ * set all query parameter-keys and -values to lowerCase
+ * so that they could be handled caseinsensitive
+ *
+ * set another array with original keys and values
+ *
+ * @param string[] the keys of all query parameters
+ * @return string[] an associative array with request parameters keys (tolowercase) and values (tolower)
+ */
+ function setRequestParams($keys){
+ for($i=0; $i<count($keys); $i++){
+ $this->reqParams[strtolower($keys[$i])] = $_REQUEST[$keys[$i]];
+ $this->reqParamsToLower[strtolower($keys[$i])] = $_REQUEST[$keys[$i]];
+ if($keys[$i] == $this->owsproxyServiceKey){
+ $this->owsproxyServiceId = $_REQUEST[$keys[$i]];
+ $notice = new mb_notice("owsId: ".$this->owsproxyServiceId);
+ }
+ }
+ }
+ /**
+ * checks is a request param is part of the original request
+ *
+ * @param string request key
+ * @return boolean true if it is part of original request
+ */
+ function isValidParam($key){
+ if($key == 'sid'){
+ return false;
+ }
+ else if($key == $this->owsproxyServiceKey){
+ return false;
+ }
+ else if($key == ini_get("session.name")){
+ return false;
+ }
+ else if($key == 'request' && $this->reqParams[$key] == 'external'){
+ return false;
+ }
+ else{
+ return true;
+ }
+ }
+ /**
+ * gets the request params
+ *
+ * @return request params
+ */
+ function getRequestParams(){
+ return $this->reqParamsToLower;
+ }
+ /**
+ * modifies the layers
+ */
+ function setParam($param,$value){
+ $mykeys = array_keys($this->reqParams);
+ for($i=0; $i<count($mykeys);$i++){
+ if(strtolower($mykeys[$i]) == strtolower($param)){
+ $this->reqParams[$mykeys[$i]] = $value;
+ $n = new mb_notice("QueryHandler: setParam: ".serialize($this->reqParams));
+ }
+ }
+ }
+ /**
+ * gets the original query string
+ *
+ * @return string original query string
+ */
+ function getQueryString(){
+ $mykeys = array_keys($this->reqParams);
+ $cnt = 0;
+ for($i=0; $i<count($mykeys);$i++){
+ if($this->isValidParam($mykeys[$i])){
+ if($cnt > 0){
+ $qstring .= "&";
+ }
+ $qstring .= $mykeys[$i]."=".rawurlencode(stripslashes($this->reqParams[$mykeys[$i]]));
+ $cnt++;
+ }
+ }
+ $notice = new mb_notice("getQueryString() : " . $qstring);
+ return $qstring;
+ }
+ /**
+ * gets the original request with url and query string
+ *
+ * @return string request
+ */
+ function getRequest(){
+ $req = $this->onlineResource.$this->getConjunctionCharacter($this->onlineResource).$this->getQueryString();
+ $notice = new mb_notice("onlineResource:". $req);
+ return $req;
+ }
+ /**
+ * gets the conjunction character between url and query string
+ */
+ function getConjunctionCharacter($url){
+ if(strpos($url,"?")){
+ if(strpos($url,"?") == strlen($url)){
+ $cchar = "";
+ }else if(strpos($url,"&") == strlen($url)){
+ $cchar = "";
+ }else{
+ $cchar = "&";
+ }
+ }
+ if(strpos($url,"?") === false){
+ $cchar = "?";
+ }
+ return $cchar;
+ }
+ function getOwsproxyServiceId(){
+ return $this->owsproxyServiceId;
+ }
+ function setOnlineResource($url){
+ $this->onlineResource = $url;
+ }
+}
+
+?>
\ No newline at end of file
Modified: trunk/mapbender/owsproxy/http/index.php
===================================================================
--- trunk/mapbender/owsproxy/http/index.php 2007-10-29 13:12:49 UTC (rev 1772)
+++ trunk/mapbender/owsproxy/http/index.php 2007-10-29 14:24:32 UTC (rev 1773)
@@ -22,29 +22,33 @@
require("../../http/classes/class_administration.php");
require("../../http/classes/class_connector.php");
require_once("../../http/classes/class_mb_exception.php");
+require("./classes/class_QueryHandler.php");
/***** conf *****/
$imageformats = array("image/png","image/gif","image/jpeg", "image/jpg");
-$mbkeys = array("sid",strtolower(ini_get("session.name")),"wms");
/***** conf *****/
$con = db_connect(DBSERVER,OWNER,PW);
db_select_db(DB,$con);
+
+$postdata = $HTTP_RAW_POST_DATA;
-$reqParams = array();
-$myKeys = array_keys($_REQUEST);
-// create an associative array with request parameters (get)
-for($i=0; $i<count($myKeys); $i++){
- $tmp[$i] = removeQM(strtolower($myKeys[$i]));
- $$tmp[$i] = $_REQUEST[$myKeys[$i]];
- if(!in_array(removeQM(strtolower($myKeys[$i])),$mbkeys)){
- $reqParams[removeQM(strtolower($myKeys[$i]))] = $_REQUEST[$myKeys[$i]];
- }
-}
+$owsproxyService = $_REQUEST['wms']; //ToDo: change this to 'service' in the apache url-rewriting
+$query = new QueryHandler();
+// an array with keys and values toLoserCase -> caseinsensitiv
+$reqParams = $query->getRequestParams();
+
+$notice = new mb_notice("owsproxy id:".$query->getOwsproxyServiceId());
+
// check session
session_id($_REQUEST["sid"]);
session_start();
+if(!$_SESSION['mb_user_id']){
+ $notice = new mb_notice("Permission denied");
+ throwE("Permission denied");
+ die();
+}
//if($_SESSION['mb_user_ip'] != $_SERVER['REMOTE_ADDR']){
// throwE(array("No session data available.","Permission denied.","Please authenticate."));
@@ -52,42 +56,65 @@
//}
/************* workflow ************/
-$n = new administration();
-switch (strtolower($request)) {
+$n = new administration();
+switch (strtolower($reqParams['request'])) {
case 'getcapabilities':
- $arrayOnlineresources = checkWmsPermission($wms);
- $or = $n->checkURL($arrayOnlineresources["wms_getcapabilities"]);
- $or = completeURL($or);
- getCapabilities($or);
+ $arrayOnlineresources = checkWmsPermission($query->getOwsproxyServiceId());
+ $query->setOnlineResource($arrayOnlineresources['wms_getcapabilities']);
+ $request = $query->getRequest();
+ getCapabilities($request);
break;
case 'getfeatureinfo':
- $arrayOnlineresources = checkWmsPermission($wms);
- $or = $n->checkURL($arrayOnlineresources["wms_getfeatureinfo"]);
- $or = completeURL($or);
- getFeatureInfo($or);
+ $arrayOnlineresources = checkWmsPermission($query->getOwsproxyServiceId());
+ $query->setOnlineResource($arrayOnlineresources['wms_getfeatureinfo']);
+ $request = $query->getRequest();
+ getFeatureInfo($request);
break;
case 'getmap':
- $arrayOnlineresources = checkWmsPermission($wms);
- $or = $n->checkURL($arrayOnlineresources["wms_getcapabilities"]);
- $reqParams["layers"] = checkLayerPermission($arrayOnlineresources["wms_id"],$layers);
- $or = completeURL($or);
- getMap($or);
+ $arrayOnlineresources = checkWmsPermission($owsproxyService);
+ $query->setOnlineResource($arrayOnlineresources['wms_getmap']);
+ $layers = checkLayerPermission($arrayOnlineresources['wms_id'],$reqParams['layers']);
+ $query->setParam("layers",$layers);
+ $request = $query->getRequest();
+ getImage($request);
+ break;
+ case 'getlegendgraphic':
+ $url = getLegendUrl($query->getOwsproxyServiceId());
+ getImage($url);
+ break;
case 'external':
- getExternalRequest($wms);
+ getExternalRequest($query->getOwsproxyServiceId());
+ break;
+ case 'getfeature':
+ $arrayFeatures = array($reqParams['typename']);
+ $arrayOnlineresources = checkWfsPermission($query->getOwsproxyServiceId(), $arrayFeatures);
+ $query->setOnlineResource($arrayOnlineresources['wfs_getfeature']);
+ $request = $query->getRequest();
+ $request = stripslashes($request);
+ getFeature($request);
+ break;
+ // case wfs transaction (because of raw POST the request param is empty)
+ case '':
+ $arrayFeatures = getWfsFeaturesFromTransaction($HTTP_RAW_POST_DATA);
+ $arrayOnlineresources = checkWfsPermission($query->getOwsproxyServiceId(), $arrayFeatures);
+ $query->setOnlineResource($arrayOnlineresources['wfs_transaction']);
+ $request = $query->getRequest();
+ doTransaction($request, $HTTP_RAW_POST_DATA);
+ break;
default:
}
/*********************************************************/
function throwE($e){
- global $format, $imageformats;
- echo $format."---";
- if(in_array($format,$imageformats)){
+ global $reqParams, $imageformats;
+ if(in_array($reqParams['format'],$imageformats)){
throwImage($e);
}
else{
throwText($e);
- }
-}
+ }
+}
+
function throwImage($e){
global $width,$height;
$image = imagecreate($width,$height);
@@ -104,7 +131,8 @@
echo join(" ", $e);
}
function responseImage($im){
- global $format;
+ global $reqParams;
+ $format = $reqParams['format'];
if($format == 'image/png'){header("Content-Type: image/png");}
if($format == 'image/jpeg' || $format == 'image/jpg'){header("Content-Type: image/jpeg");}
if($format == 'image/gif'){header("Content-Type: image/gif");}
@@ -122,21 +150,20 @@
}
return $url;
}
-function removeQM($t){
- if(strpos($t,"?") === 0){
- $t = substr($t,1);
- }
- return $t;
-}
-function getMap($or){
- global $format, $width, $height;
- if($format == 'image/png'){header("Content-Type: image/png");}
- if($format == 'image/jpeg' || $format == 'image/jpg'){header("Content-Type: image/jpeg");}
- if($format == 'image/gif'){header("Content-Type: image/gif");}
+
+/**
+ * fetch and returns an image to client
+ *
+ * @param string the original url of the image to send
+ */
+
+function getImage($or){
+ global $reqParams;
+ header("Content-Type: ".$reqParams['format']);
echo getDocumentContent($or);
}
-/*
+/**
* fetchs and returns the content of the FeatureInfo Response
*
* @param string the url of the FeatureInfoRequest
@@ -149,9 +176,125 @@
$content = getDocumentContent($url);
$content = matchUrls($content);
echo $content;
+}
+
+/**
+ * fetchs and returns the content of WFS GetFeature response
+ *
+ * @param string the url of the GetFeature request
+ * @return echo the content of the GetFeature document
+ */
+function getFeature($url){
+ global $info_format;
+
+ header("Content-Type: ".$info_format);
+ $content = getDocumentContent($url);
+ $content = matchUrls($content);
+ echo $content;
+}
+
+/**
+ * simulates a post request to host
+ *
+ * @param string host to send the request to
+ * @param string port of host to send the request to
+ * @param string method to send data (should be "POST")
+ * @param string path on host
+ * @param string data to send to host
+ * @return string hosts response
+ */
+
+function sendToHost($host,$port,$method,$path,$data){
+ $buf = '';
+ if (empty($method)) $method = 'POST';
+ $method = mb_strtoupper($method);
+ $fp = fsockopen($host, $port);
+ fputs($fp, "$method $path HTTP/1.1\r\n");
+ fputs($fp, "Host: $host\r\n");
+ fputs($fp,"Content-type: application/xml\r\n");
+ fputs($fp, "Content-length: " . strlen($data) . "\r\n");
+ fputs($fp, "Connection: close\r\n\r\n");
+ if ($method == 'POST') fputs($fp, $data);
+ while (!feof($fp)) $buf .= fgets($fp,4096);
+ fclose($fp);
+ return $buf;
+}
+
+/**
+ * get wfs featurenames that are touched by a tansaction request defined in XML $data
+ *
+ * @param string XML that contains the tansaction request
+ * @return array array of touched feature names
+ */
+
+function getWfsFeaturesFromTransaction($data){
+ $features = array();
+ $values = NULL;
+ $tags = NULL;
+ $parser = xml_parser_create();
+ xml_parser_set_option($parser,XML_OPTION_CASE_FOLDING,0);
+ xml_parser_set_option($parser,XML_OPTION_SKIP_WHITE,1);
+ xml_parse_into_struct($parser,$data,$values,$tags);
+
+ $code = xml_get_error_code ($parser);
+ if ($code) {
+ $line = xml_get_current_line_number($parser);
+ $col = xml_get_current_column_number($parser);
+ $mb_exception = new mb_exception("OWSPROXY invalid Tansaction XML: ".xml_error_string($code) . " in line " . $line. " at character ". $col);
+ die();
+ }
+ xml_parser_free($parser);
+
+ $insert = false;
+ $insertlevel = 0;
+ foreach ($values as $element) {
+ //features touched by insert
+ if(strtoupper($element[tag]) == "WFS:INSERT" && $element[type] == "open"){
+ $insert = true;
+ $insertlevel = $element[level];
+ }
+ if($insert && $element[level] == $insertlevel + 1 && $element[type] == "open"){
+ array_push($features, $element[tag]);
+ }
+ if(strtoupper($element[tag]) == "WFS:INSERT" && $element[type] == "close"){
+ $insert = false;
+ }
+ //updated features
+ if(strtoupper($element[tag]) == "WFS:UPDATE" && $element[type] == "open"){
+ array_push($features, $element[attributes]["typeName"]);
+ }
+ //deleted features
+ if(strtoupper($element[tag]) == "WFS:DELETE" && $element[type] == "open"){
+ array_push($features, $element[attributes]["typeName"]);
+ }
+ }
+ return $features;
+}
+
+/**
+ * sends the data of WFS Transaction and echos the response
+ *
+ * @param string url to send the WFS Transaction to
+ * @param string WFS Transaction data
+ */
+
+function doTransaction($url, $data){
+ $arURL = parse_url($url);
+ $host = $arURL["host"];
+ $port = $arURL["port"];
+ if($port == '') $port = 80;
+
+ $path = $arURL["path"];
+ $method = "POST";
+ $result = sendToHost($host,$port,$method,html_entity_decode($path),$data);
+
+ //delete header from result
+ $result = mb_eregi_replace("^[^<]*", "", $result);
+ $result = mb_eregi_replace("[^>]*$", "", $result);
+
+ echo $result;
}
-
function matchUrls($content){
if(!session_is_registered("owsproxyUrls")){
$_SESSION["owsproxyUrls"] = array();
@@ -167,10 +310,11 @@
$content = str_replace($req,$extReq,$content);
}
return $content;
-}
+}
+
function setExternalRequest($id){
- global $sid;
- $extReq = OWSPROXY ."/". $sid ."/".$id."?request=external";
+ global $reqParams,$query;
+ $extReq = OWSPROXY ."/". $reqParams['sid'] ."/".$id."?request=external";
return $extReq;
}
function getExternalRequest($id){
@@ -195,7 +339,7 @@
}
}
function removeOWSGetParams($query_string){
- $r = preg_replace("/\.\*request=external&/","",$query_string);
+ $r = preg_replace("/.*request=external&/","",$query_string);
return $r;
}
function getConjunctionCharacter($url){
@@ -236,9 +380,55 @@
$r = str_replace($t,$new,$arrayOnlineresources["wms_getcapabilities_doc"]);
header("Content-Type: application/xml");
echo $r;
-}
+}
+
+/**
+ * gets the original url of the requested legend graphic
+ *
+ * @param string owsproxy md5
+ * @return string url to legend graphic
+ */
+function getLegendUrl($wms){
+ global $reqParams;
+
+ //get wms id
+ $sql = "SELECT * FROM wms WHERE wms_owsproxy = $1";
+ $v = array($wms);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
+ if($row = db_fetch_array($res))
+ $wmsid = $row["wms_id"];
+ else{
+ throwE(array("No wms data available."));
+ die();
+ }
+
+ //get the url
+ $sql = "SELECT layer_style.legendurl ";
+ $sql .= "FROM layer_style JOIN layer ";
+ $sql .= "ON layer_style.fkey_layer_id = layer.layer_id ";
+ $sql .= "WHERE layer.layer_name = $2 AND layer.fkey_wms_id = $1 ";
+ $sql .= "AND layer_style.name = $3 AND layer_style.legendurlformat = $4";
+
+ $v = array($wmsid, $reqParams['layer'], $reqParams['style'], $reqParams['format']);
+ $t = array("i", "s", "s", "s");
+
+ $res = db_prep_query($sql, $v, $t);
+ if($row = db_fetch_array($res))
+ return $row["legendurl"];
+ else{
+ throwE(array("No legend available."));
+ die();
+ }
+}
+/**
+ * validated access permission on requested wms
+ *
+ * @param string OWSPROXY md5
+ * @return array array with detailed information about requested wms
+ */
function checkWmsPermission($wms){
- global $con, $n;
+ global $con, $n;
$myguis = $n->getGuisByPermission($_SESSION["mb_user_id"],true);
$mywms = $n->getWmsByOwnGuis($myguis);
@@ -263,10 +453,77 @@
throwE(array("Permission denied."," -> ".$service["wms_id"], implode(",", $mywms)));
die();
}
- return $service;
-}
+ return $service;
+}
+/**
+ * validates the access permission by getting the appropriate wfs_conf
+ * to each feature requested and check the wfs_conf permission
+ *
+ * @param string owsproxy md5
+ * @param array array of requested featuretype names
+ * @return array array with detailed information on reqested wfs
+ */
+function checkWfsPermission($wfsOws, $features){
+ global $con, $n;
+ $myconfs = $n->getWfsConfByPermission($_SESSION["mb_user_id"]);
+
+ //check if we know the features requested
+ if(count($features) == 0){
+ throwE(array("No wfs_feature data available."));
+ die();
+ }
+
+ //get wfs
+ $sql = "SELECT * FROM wfs WHERE wfs_owsproxy = $1";
+ $v = array($wfsOws);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
+ $service = array();
+ if($row = db_fetch_array($res)){
+ $service["wfs_id"] = $row["wfs_id"];
+ $service["wfs_getcapabilities"] = $row["wfs_getcapabilities"];
+ $service["wfs_getfeature"] = $row["wfs_getfeature"];
+ $service["wfs_describefeaturetype"] = $row["wfs_describefeaturetype"];
+ $service["wfs_transaction"] = $row["wfs_transaction"];
+ $service["wfs_getcapabilities_doc"] = $row["wfs_getcapabilities_doc"];
+ }
+ else{
+ throwE(array("No wfs data available."));
+ die();
+ }
+
+ foreach($features as $feature){
+
+ //get appropriate wfs_conf
+ $sql = "SELECT wfs_conf.wfs_conf_id FROM wfs_conf ";
+ $sql.= "JOIN wfs_featuretype ";
+ $sql.= "ON wfs_featuretype.featuretype_id = wfs_conf.fkey_featuretype_id ";
+ $sql.= "WHERE wfs_featuretype.featuretype_name = $2 ";
+ $sql.= "AND wfs_featuretype.fkey_wfs_id = $1";
+ $v = array($service["wfs_id"], $feature);
+ $t = array("i","s");
+ $res = db_prep_query($sql, $v, $t);
+ if(!($row = db_fetch_array($res))){
+ $notice = new mb_notice("Permissioncheck failed no wfs conf for wfs ".$service["wfs_id"]." with feturetype ".$feature);
+ throwE(array("No wfs_conf data for featuretype ".$feature));
+ die();
+ }
+ $conf_id = $row["wfs_conf_id"];
+
+ //check permission
+ if(!in_array($conf_id, $myconfs)){
+ $notice = new mb_notice("Permissioncheck failed:".$conf_id." not in ".implode(",", $myconfs));
+ throwE(array("Permission denied."," -> ".$conf_id, implode(",", $myconfs)));
+ die();
+ }
+ }
+
+ return $service;
+}
+
function checkLayerPermission($wms_id,$l){
- global $n;
+ global $n, $owsproxyService;
+// $notice = new mb_notice("owsproxy: checkLayerpermission: wms: ".$wms_id.", layer: ".$l);
$myl = split(",",$l);
$r = array();
foreach($myl as $mysl){
@@ -281,6 +538,4 @@
$d = new connector($url);
return $d->file;
}
-
-
?>
\ No newline at end of file
More information about the Mapbender_commits
mailing list