[Mapbender-commits] r2200 - branches/2.5/http/classes

svn_mapbender at osgeo.org svn_mapbender at osgeo.org
Thu Mar 6 10:34:21 EST 2008 

Author: christoph
Date: 2008-03-06 10:34:21 -0500 (Thu, 06 Mar 2008)
New Revision: 2200

Modified:
   branches/2.5/http/classes/class_administration.php
Log:
added new function for module authentication

Modified: branches/2.5/http/classes/class_administration.php
===================================================================
--- branches/2.5/http/classes/class_administration.php	2008-03-06 15:01:29 UTC (rev 2199)
+++ branches/2.5/http/classes/class_administration.php	2008-03-06 15:34:21 UTC (rev 2200)
@@ -793,7 +793,63 @@
    		}
    	}
 
-   	function getWMSOWSstring($wms_id){
+
+	/**
+	 * Checks if a user is allowed to access a GUI element
+	 * 
+	 * @return boolean 
+	 * @param $arrayGuis Object
+	 * @param $modulePath Object
+	 * @param $elementTag Object
+	 */
+   	function checkModulePermission_new($userId, $modulePath, $elementTag){
+   		if (CHECK) {
+			$arrayGuis = $this->getGuisByPermission($userId, true);
+
+			switch ($elementTag) {
+				case "a" :
+					$column = "e_attributes";
+					$pattern = "/^.*href\s*=\s*(\'|\")\.\.((\/[a-zA-Z0-9_\/\.]+)+)(\?|\'|\").*$/";
+					$replace = "$2";
+					break;
+				case "iframe" :
+					$column = "e_src";
+					$pattern = "/^\.\.((\/[a-zA-Z0-9_\/\.]+)+)(\?|\'|\").*$/";
+					$replace = "$1";
+					break;
+			}
+
+	   		if ($column && count($arrayGuis) > 0) {
+	   			$v = array();
+	   			$t = array();
+		   		$sql = "SELECT DISTINCT ".$column." FROM gui_element WHERE fkey_gui_id IN (";
+		   		for($i=0; $i<count($arrayGuis); $i++){
+		   			if($i > 0){ $sql .= ","; }
+		   			$sql .= "$".($i+1);
+		   			array_push($v,$arrayGuis[$i]);
+		   			array_push($t,'s');
+		   		}
+		   		$sql .= ") ORDER BY " . $column;
+				$res = db_prep_query($sql,$v,$t);
+				while($row = db_fetch_array($res)){
+					if ($row[$column]) {
+						if (preg_match($pattern, stripslashes($row[$column]))) {
+							$dbFilename = preg_replace($pattern, $replace, stripslashes($row[$column]));
+							$e = new mb_notice($dbFilename . " - " . $modulePath);
+
+							if(strpos($modulePath, $dbFilename) !== false){
+								return true;
+							}
+						}
+					}
+				}
+	   		}
+			return false;
+   		}
+		return true;
+   	}
+	
+	function getWMSOWSstring($wms_id){
    		$sql = "SELECT wms_owsproxy FROM wms WHERE wms_id = $1 ";
    		$v = array($wms_id);
    		$t = array("i");

More information about the Mapbender_commits mailing list