[Mapbender-commits] r6587 - branches/banjo_dev/mapbender/http/rest

[svn_mapbender at osgeo.org]

Author: banjo
Date: 2010-07-10 14:13:14 +0000 (Sat, 10 Jul 2010)
New Revision: 6587

Added:
   branches/banjo_dev/mapbender/http/rest/db_connect.php
   branches/banjo_dev/mapbender/http/rest/http_auth.php
Log:
Adding files of authentication module


Added: branches/banjo_dev/mapbender/http/rest/db_connect.php
===================================================================
--- branches/banjo_dev/mapbender/http/rest/db_connect.php	                        (rev 0)
+++ branches/banjo_dev/mapbender/http/rest/db_connect.php	2010-07-10 14:13:14 UTC (rev 6587)
@@ -0,0 +1,19 @@
+<?php
+require_once(dirname(__FILE__)."../../conf/mapbender.conf");
+
+//Include proper database wrapper library
+if(SYS_DBTYPE=="mysql") {
+	require_once(dirname(__FILE__) . "/../../lib/database-mysql.php"); 
+}
+elseif(SYS_DBTYPE=="pgsql") {
+	require_once(dirname(__FILE__) . "/../../lib/database-pgsql.php"); 
+}
+elseif(SYS_DBTYPE=="mysqli") {
+  require_once(dirname(__FILE__) . "../../lib/database-mysqli.php");
+}
+
+//Database Connection
+$db_connection = db_connect($DBSERVER, $OWNER, $PW);
+db_select_db($DB, $db_connection);
+
+?>

Added: branches/banjo_dev/mapbender/http/rest/http_auth.php
===================================================================
--- branches/banjo_dev/mapbender/http/rest/http_auth.php	                        (rev 0)
+++ branches/banjo_dev/mapbender/http/rest/http_auth.php	2010-07-10 14:13:14 UTC (rev 6587)
@@ -0,0 +1,100 @@
+<?php
+require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
+require_once("db_connect.php");
+
+//nonceLife in seconds
+$nonceLife = 300
+
+function authenticate() {
+
+require(dirname(__FILE__)."/../../conf/mapbender.conf");
+  //Check if digest auth is set. If it is not set, send the header with a 
+  //challenge
+  if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
+    header('HTTP/1.1 401 Unauthorised');
+    header('WWW-Authenticate: Digest realm="'.REALM.
+      '",qop="auth",nonce="'.getNonce().'",opaque="'.md5(REALM).'"');
+    die(send_rest_response(401);
+  }
+
+  //Get the http header in an array
+  $getHeaderArray = http_digest_parse($_SERVER['PHP_AUTH_DIGEST']);
+  if (!($getHeaderArray)) {
+    echo 'Following Header information cannot be validated - check your client software! <br>';
+    echo $_SERVER['PHP_AUTH_DIGEST'].'<br>';
+  }
+
+  //Retrieve mb_username and mb_email from http_auth username string
+  $userID = explode(';', $getHeaderArray['username']);
+  $mbUsername = $userID[0];
+  $mbEmail = $userID[1];
+
+  $userInfo = getUserInfo($mbUsername, $mbEmail);
+
+  if ($userInfo[0] == '-1') {
+    die(send_rest_response(401));
+  }
+
+  //First check the stale!
+  if($getHeaderArray['nonce'] == getNonce()) {
+    //up to date nonce received
+    $stale = false;
+  } else {
+    //Stale nonce received (probably more than x seconds old)
+    $stale = true;
+    die(send_rest_response(408));
+  }
+
+  // generate the expected response
+  $A1 = md5($mbUsername.';'.$mbEmail.':'.REALM.':'.$userInfo[1]);
+  $A2 = md5($_SERVER['REQUEST_METHOD'].':'.$getHeaderArray['uri']);
+  $expected_response = $A1.':'.getNonce().':'.$getHeaderArray['nc'];
+  $expected_response = md5($expected_response);
+
+  //Compare the expected response with the actual response
+  if ($getHeaderArray['response'] != $expected_response) {
+    die(send_rest_response(401));
+  }
+  
+  //Authenticated
+  //Return the userid
+  return $userInfo[0];
+}
+
+//function to parse the http auth header
+function http_digest_parse($txt)
+{
+  //protection against any missing data
+  $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
+  $data = array();
+  $key = implode('|', array_keys($needed_parts));
+  preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
+  foreach ($matches as $m) {
+    $data[$m[1]] = $m[3] ? $m[3] : $m[4];
+    unset($needed_parts[$m[1]]);
+  }
+  return $needed_parts ? false : $data;
+}
+
+//function to get userid and password from mb db
+function getUserInfo($mbUsername, $mbEmail) {
+  $result = array();
+  $sql = "SELECT mb_user_id, mb_user_password FROM mb_user where mb_user_name = $1 AND mb_user_email = $2";
+  $v = array($mbUsername, $mbEmail);
+  $t = array("s", "s");
+  $res = db_prep_query($sql, $v, $t);
+  if(!($row = db_fetch_array($res))) {
+    $result[0] = "-1";
+  } else {
+    $result[0] = $row['mb_user_id'];
+    $result[1] = $row['mb_user_password'];
+  }
+  return $result;
+}
+
+//function to generate nonce
+function getNonce() {
+  global $nonceLife;
+  $time = ceil(time() / $nonceLife) * $nonceLife;
+	return md5(date('Y-m-d H:i', $time).':'.$_SERVER['REMOTE_ADDR']);
+}