[Mapbender-commits] r8559 - in trunk/mapbender: http_auth/http owsproxy/http
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Thu Feb 7 06:07:38 PST 2013
Author: armin11
Date: 2013-02-07 06:07:37 -0800 (Thu, 07 Feb 2013)
New Revision: 8559
Modified:
trunk/mapbender/http_auth/http/index.php
trunk/mapbender/owsproxy/http/index.php
Log:
Fix a problem with legendgraphics thru owsproxy and http_auth proxy. Sometimes only the request part of the legendurl is stored in layer_style table. This may be done if getlegendgraphics is supported by the wms. In this case the url for capturing the legend have to be combined by the proxy ;-) .
Modified: trunk/mapbender/http_auth/http/index.php
===================================================================
--- trunk/mapbender/http_auth/http/index.php 2013-02-07 12:40:39 UTC (rev 8558)
+++ trunk/mapbender/http_auth/http/index.php 2013-02-07 14:07:37 UTC (rev 8559)
@@ -1,564 +1,580 @@
-<?php
-require(dirname(__FILE__) . "/../../conf/mapbender.conf");
-require(dirname(__FILE__) . "/../../http/classes/class_administration.php");
-require(dirname(__FILE__) . "/../../http/classes/class_connector.php");
-require_once(dirname(__FILE__) . "/../../http/classes/class_mb_exception.php");
-require(dirname(__FILE__) . "/../../owsproxy/http/classes/class_QueryHandler.php");
-
-//database connection
-$db = db_connect($DBSERVER,$OWNER,$PW);
-db_select_db(DB,$db);
-
-$imageformats = array("image/png","image/gif","image/jpeg", "image/jpg");
-
-//control if digest auth is set, if not set, generate the challenge with getNonce()
-if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
- header('HTTP/1.1 401 Unauthorized');
- header('WWW-Authenticate: Digest realm="'.REALM.
- '",qop="auth",nonce="'.getNonce().'",opaque="'.md5(REALM).'"');
- die('Text to send if user hits Cancel button');
-}
-
-//read out the header in an array
-$requestHeaderArray = http_digest_parse($_SERVER['PHP_AUTH_DIGEST']);
-
-//error if header could not be read
-if (!($requestHeaderArray)) {
- echo 'Following Header information cannot be validated - check your clientsoftware!<br>';
- echo $_SERVER['PHP_AUTH_DIGEST'].'<br>';
- die();
-}
-
-//get mb_username and email out of http_auth username string
-$userIdentification = explode(';',$requestHeaderArray['username']);
-$mbUsername = $userIdentification[0];
-$mbEmail = $userIdentification[1];
-
-$userInformation = getUserInfo($mbUsername,$mbEmail);
-
-if ($userInformation[0] == '-1') {
- die('User with name: '.$mbUsername.' and email: '.$mbEmail.' not known to security proxy!');
-}
-
-if ($userInformation[1]=='') { //check if digest exists in db - if no digest exists it should be a null string!
- die('User with name: '.$mbUsername.' and email: '.$mbEmail.' has no digest - please set a new password and try again!');
-}
-
-//first check the stale!
-if($requestHeaderArray['nonce'] == getNonce()) {
- // Up-to-date nonce received
- $stale = false;
- } else {
- // Stale nonce received (probably more than x seconds old)
- $stale = true;
- //give another chance to authenticate
- header('HTTP/1.1 401 Unauthorized');
- header('WWW-Authenticate: Digest realm="'.REALM.'",qop="auth",nonce="'.getNonce().'",opaque="'.md5(REALM).'" ,stale=true');
- }
-// generate the valid response to check the request of the client
-$A1 = $userInformation[1];
-$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$requestHeaderArray['uri']);
-$valid_response = $A1.':'.getNonce().':'.$requestHeaderArray['nc'];
-$valid_response .= ':'.$requestHeaderArray['cnonce'].':'.$requestHeaderArray['qop'].':'.$A2;
-
-$valid_response=md5($valid_response);
-
-if ($requestHeaderArray['response'] != $valid_response) {//the user have to authenticate new - cause something in the authentication went wrong
- die('Authentication failed - sorry, you have to authenticate once more!');
-}
-//if we are here - authentication has been done well!
-//let's do the proxy things (came from owsproxy.php):
-$postdata = $HTTP_RAW_POST_DATA;
-$layerId = $_REQUEST['layer_id'];
-$query = new QueryHandler();
-
-// an array with keys and values toLoserCase -> caseinsensitiv
-$reqParams = $query->getRequestParams();
-
-$n = new administration();
-
-$wmsId = getWmsIdByLayerId($layerId);
-$owsproxyString = $n->getWMSOWSstring($wmsId);
-
-if (!$owsproxyString) {
- die('The requested resource does not exists or the routing through mapbenders owsproxy is not activated!');
-}
-//get authentication infos if they are available in wms table! if not $auth = false
-$auth = $n->getAuthInfoOfWMS($wmsId);
-
-if ($auth['auth_type']==''){
- unset($auth);
-}
-
-$e = new mb_exception("REQUEST to HTTP_AUTH: ".strtolower($reqParams['request']));
-
-//what the proxy does
-switch (strtolower($reqParams['request'])) {
-
- case 'getcapabilities':
- $arrayOnlineresources = checkWmsPermission($wmsId,$userInformation[0]);
- $query->setOnlineResource($arrayOnlineresources['wms_getcapabilities']);
- //$request = preg_replace("/(.*)frames\/login.php/", "$1php/wms.php?layer_id=".$layerId, LOGIN);
- if (isset($_SERVER["HTTPS"])){
- $urlPrefix = "https://";
- } else {
- $urlPrefix = "http://";
- }
- if (defined("MAPBENDER_PATH") && MAPBENDER_PATH != '') {
- $request = MAPBENDER_PATH."/php/wms.php?layer_id=".$layerId;
- } else {
- $request = $urlPrefix.$_SERVER['HTTP_HOST']."/mapbender/php/wms.php?layer_id=".$layerId;
- }
- $requestFull .= $request.'&REQUEST=GetCapabilities&VERSION=1.1.1&SERVICE=WMS';
- if(isset($auth)){
- getCapabilities($request,$requestFull,$auth);
- }
- else {
- getCapabilities($request,$requestFull);
- }
- break;
- case 'getfeatureinfo':
- $arrayOnlineresources = checkWmsPermission($wmsId,$userInformation[0]);
- $query->setOnlineResource($arrayOnlineresources['wms_getfeatureinfo']);
- $layers = checkLayerPermission($wmsId,$reqParams['layers'],$userInformation[0]);
- if ($layers == '' ) {
- throwE("GetFeatureInfo permission denied on layer with id".$layerId);
- die();
- }
- $request = $query->getRequest();
- if(isset($auth)){
- getFeatureInfo($request,$auth);
- }
- else {
- getFeatureInfo($request);
- }
- break;
- case 'getmap':
- $arrayOnlineresources = checkWmsPermission($wmsId,$userInformation[0]);
- $query->setOnlineResource($arrayOnlineresources['wms_getmap']);
- $layers = checkLayerPermission($wmsId,$reqParams['layers'],$userInformation[0]);
- if ($layers == '' ) {
- throwE("GetMap permission denied on layer with id ".$layerId);
- die();
- }
- $query->setParam("layers",urldecode($layers));
- $request = $query->getRequest();
- #log proxy requests
- if($n->getWmsLogTag($wmsId)==1) {
- #do log to db
- #TODO read out size of bbox and calculate price
- #get price out of db
- $price=intval($n->getWmsPrice($wmsId));
- $n->logWmsProxyRequest($wmsId,$userInformation[0],$request,$price);
- }
- if(isset($auth)){
- getImage($request,$auth);
- }
- else {
- getImage($request);
- }
- break;
- case 'getlegendgraphic':
- $url = getLegendUrl($wmsId);
- $e = new mb_exception("URL for getlegendgraphic: ");
- if(isset($auth)){
- getImage($url,$auth);
- }
- else {
- getImage($url);
- }
- break;
- default:
-echo 'Your are logged in as: <b>' .$requestHeaderArray['username'].'</b> and requested the layer with id=<b>'.$layerId.'</b> but your request is not a valid OWS request';
-}
-//functions for http_auth
-//**********************************************************************************************
-
-// function to parse the http auth header
-function http_digest_parse($txt)
-{
- // protect against missing data
- $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
- $data = array();
- $keys = implode('|', array_keys($needed_parts));
- preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
- foreach ($matches as $m) {
- $data[$m[1]] = $m[3] ? $m[3] : $m[4];
- unset($needed_parts[$m[1]]);
- }
- return $needed_parts ? false : $data;
-}
-// function to get relevant user information from mb db
-function getUserInfo($mbUsername,$mbEmail) {
- $result = array();
- $sql = "SELECT mb_user_id, mb_user_digest FROM mb_user where mb_user_name = $1 AND mb_user_email= $2";
- $v = array($mbUsername, $mbEmail);
- $t = array("s","s");
- $res = db_prep_query($sql, $v, $t);
- if(!($row = db_fetch_array($res))){
- $result[0] = "-1";
- }
- else {
- $result[0] = $row['mb_user_id'];
- $result[1] = $row['mb_user_digest'];
- }
- return $result;
-}
-
-function getNonce() {
- global $nonceLife;
- $time = ceil(time() / $nonceLife) * $nonceLife;
- return md5(date('Y-m-d H:i', $time).':'.$_SERVER['REMOTE_ADDR'].':'.NONCEKEY);
-}
-
-//**********************************************************************************************
-//functions of owsproxy/http/index.php
-//**********************************************************************************************
-function throwE($e){
- global $reqParams, $imageformats;
-
- if(in_array($reqParams['format'],$imageformats)){
- throwImage($e);
- }
- else{
- throwText($e);
- }
-}
-
-function throwImage($e){
- global $reqParams;
- if (!$reqParams['width'] || !$reqParams['height']) { //width or height are not set by ows request - maybe for legendgraphics
- $width = 300;
- $height = 20;
- }
- $image = imagecreate($width,$height);
- $transparent = ImageColorAllocate($image,155,155,155);
- ImageFilledRectangle($image,0,0,$width,$height,$transparent);
- imagecolortransparent($image, $transparent);
- $text_color = ImageColorAllocate ($image, 233, 14, 91);
- for($i=0; $i<count($e); $i++){
- ImageString ($image, 3, 5, $i*20, $e[$i], $text_color);
- }
- responseImage($image);
-}
-function throwText($e){
- echo join(" ", $e);
-}
-function responseImage($im){
- global $reqParams;
- $format = $reqParams['format'];
- if($format == 'image/png'){header("Content-Type: image/png");}
- if($format == 'image/jpeg' || $format == 'image/jpg'){header("Content-Type: image/jpeg");}
- if($format == 'image/gif'){header("Content-Type: image/gif");}
- if($format == 'image/png'){imagepng($im);}
- if($format == 'image/jpeg' || $format == 'image/jpg'){imagejpeg($im);}
- if($format == 'image/gif'){imagegif($im);}
-}
-function completeURL($url){
- global $reqParams;
- $mykeys = array_keys($reqParams);
- for($i=0; $i<count($mykeys);$i++){
- if($i > 0){ $url .= "&"; }
- $url .= $mykeys[$i]."=".urlencode($reqParams[$mykeys[$i]]);
- }
- return $url;
-}
-
-/**
- * fetch and returns an image to client
- *
- * @param string the original url of the image to send
- */
-
-function getImage($or){
- global $reqParams;
- header("Content-Type: ".$reqParams['format']);
- if (func_num_args() == 2) { //new for HTTP Authentication
- $auth = func_get_arg(1);
- echo getDocumentContent($or,$auth);
- }
- else
- {
- echo getDocumentContent($or);
- }
-}
-
-/**
- * fetchs and returns the content of the FeatureInfo Response
- *
- * @param string the url of the FeatureInfoRequest
- * @return string the content of the FeatureInfo document
- */
-function getFeatureInfo($url){
- global $reqParams;
- $e = new mb_exception("owsproxy: Try to fetch FeatureInfoRequest: ".$url);
- header("Content-Type: ".$reqParams['info_format']);
- if (func_num_args() == 2) { //new for HTTP Authentication
- $auth = func_get_arg(1);
- echo getDocumentContent($url,$auth);
- }
- else
- {
- echo getDocumentContent($url);
- }
-}
-
-
-
-
-function matchUrls($content){
- if(!session_is_registered("owsproxyUrls")){
- $_SESSION["owsproxyUrls"] = array();
- $_SESSION["owsproxyUrls"]["id"] = array();
- $_SESSION["owsproxyUrls"]["url"] = array();
- }
- $pattern = "/[\"|\'](https*:\/\/[^\"|^\']*)[\"|\']/";
- preg_match_all($pattern,$content,$matches);
- for($i=0; $i<count($matches[1]); $i++){
- $req = $matches[1][$i];
- $e = new mb_exception("Gefundene URL ".$i.": ".$req);
- #$notice = new mb_notice("owsproxy id:".$req);
- $id = registerURL($req);
- $extReq = setExternalRequest($id);
- $e = new mb_exception("MD5 URL ".$id."-Externer Link: ".$extReq);
- $content = str_replace($req,$extReq,$content);
- }
- return $content;
-}
-
-function setExternalRequest($id){
- global $reqParams,$query;
- $extReq = "http://".$_SESSION['HTTP_HOST'] ."/owsproxy/". $reqParams['sid'] ."/".$id."?request=external";
- return $extReq;
-}
-function getExternalRequest($id){
- for($i=0; $i<count($_SESSION["owsproxyUrls"]["url"]); $i++){
- if($id == $_SESSION["owsproxyUrls"]["id"][$i]){
- $cUrl = $_SESSION["owsproxyUrls"]["url"][$i];
- $query_string = removeOWSGetParams($_SERVER["QUERY_STRING"]);
- if($query_string != ''){
- $cUrl .= getConjunctionCharacter($cUrl).$query_string;
- }
- $metainfo = get_headers($cUrl,1);
- // just for the stupid InternetExplorer
- header('Pragma: private');
- header('Cache-control: private, must-revalidate');
-
- header("Content-Type: ".$metainfo['Content-Type']);
-
- $content = getDocumentContent($cUrl,false);
- #$content = matchUrls($content); //In the case of http_auth - this is not possible cause we cannot save them in the header - maybe we could create a special session to do so later on?
- echo $content;
- }
- }
-}
-function removeOWSGetParams($query_string){
- $r = preg_replace("/.*request=external&/","",$query_string);
- #return $r;
- return "";
-}
-function getConjunctionCharacter($url){
- if(strpos($url,"?")){
- if(strpos($url,"?") == strlen($url)){
- $cchar = "";
- }else if(strpos($url,"&") == strlen($url)){
- $cchar = "";
- }else{
- $cchar = "&";
- }
- }
- if(strpos($url,"?") === false){
- $cchar = "?";
- }
- return $cchar;
-}
-function registerUrl($url){
- if(!in_array($url,$_SESSION["owsproxyUrls"]["url"])){
- $e = new mb_exception("Is noch net drin!");
- $id = md5($url);
- $e = new mb_exception("ID: ".$id." URL: ".$url." will be written to session");
- array_push($_SESSION["owsproxyUrls"]["url"],$url);
- array_push($_SESSION["owsproxyUrls"]["id"], $id);
- }
- else{
- $e = new mb_exception("It was found! Search content and return ID!");
- for($i=0; $i<count($_SESSION["owsproxyUrls"]["url"]); $i++){
- $e = new mb_exception("Content ".$i." : proxyurl:".$_SESSION["owsproxyUrls"]["url"][$i]." - new: ".$url);
- if($url == $_SESSION["owsproxyUrls"]["url"][$i]){
- $e = new mb_exception("Identical! ID:".$_SESSION["owsproxyUrls"]["id"][$i]." will be used");
- $id = $_SESSION["owsproxyUrls"]["id"][$i];
- }
- }
- }
- return $id;
-}
-
-function getCapabilities($request,$requestFull){
- global $arrayOnlineresources;
- global $layerId;
- header("Content-Type: application/xml");
- if (func_num_args() == 3) { //new for HTTP Authentication
- $auth = func_get_arg(2);
- $content = getDocumentContent($requestFull,$auth);
- }
- else
- {
- $content = getDocumentContent($requestFull);
- }
- //show temporal content fo capabilities
- $e = new mb_notice("content from wms.php fascade after going thru curl: ".$content);
- //loading as xml
- libxml_use_internal_errors(true);
- try {
- $capFromFascadeXmlObject = simplexml_load_string($content);
- if ( $capFromFascadeXmlObject === false) {
- foreach(libxml_get_errors() as $error) {
- $err = new mb_exception("http_auth/index.php: ".$error->message);
- }
- throw new Exception("http_auth/index.php: ".'Cannot parse Metadata XML!');
- echo "<error>http_auth/index.php: Cannot parse Capabilities XML!</error>";
- die();
- }
- }
- catch (Exception $e) {
- $err = new mb_exception("http_auth/index.php: ".$e->getMessage());
- echo "<error>http_auth/index.php: ".$e->getMessage()."</error>";
- die();
- }
- //exchanging urls in some special fields
- //
- //GetCapabilities, GetMap, GetFeatureInfo, GetLegendGraphics, ...
- $capFromFascadeXmlObject->registerXPathNamespace("xlink", "http://www.w3.org/1999/xlink");
- //Mapping of urls for wms 1.1.1 which should be exchanged
- $urlsToChange = array(
- '/WMT_MS_Capabilities/Capability/Request/GetCapabilities/DCPType/HTTP/Get/OnlineResource/@xlink:href',
- '/WMT_MS_Capabilities/Capability/Request/GetCapabilities/DCPType/HTTP/Post/OnlineResource/@xlink:href',
- '/WMT_MS_Capabilities/Capability/Request/GetMap/DCPType/HTTP/Get/OnlineResource/@xlink:href',
- '/WMT_MS_Capabilities/Capability/Request/GetMap/DCPType/HTTP/Post/OnlineResource/@xlink:href',
- '/WMT_MS_Capabilities/Capability/Request/GetFeatureInfo/DCPType/HTTP/Get/OnlineResource/@xlink:href',
- '/WMT_MS_Capabilities/Capability/Request/GetFeatureInfo/DCPType/HTTP/Post/OnlineResource/@xlink:href',
- '/WMT_MS_Capabilities/Capability/Layer/Layer/Style/LegendURL/OnlineResource/@xlink:href'
- );
- foreach($urlsToChange as $xpath) {
- $href = $capFromFascadeXmlObject->xpath($xpath);
- $e = new mb_notice("old href: ".$href[0]);
- $e = new mb_notice("href replaced: ".replaceOwsUrls($href[0], $layerId));
- $href[0][0] = replaceOwsUrls($href[0], $layerId);
- }
- echo $capFromFascadeXmlObject->asXML();
-}
-
-function replaceOwsUrls($owsUrl, $layerId) {
- $new = "http_auth/". $layerId."?";
- $pattern = "#owsproxy/[a-z0-9]{32}\/[a-z0-9]{32}\?#m";
- $httpAuthUrl = preg_replace($pattern,$new,$owsUrl);
- return $httpAuthUrl;
-}
-
-/**
- * gets the original url of the requested legend graphic
- *
- * @param string owsproxy md5
- * @return string url to legend graphic
- */
-function getLegendUrl($wmsId){
- global $reqParams;
- //get the url
- $sql = "SELECT layer_style.legendurl ";
- $sql .= "FROM layer_style JOIN layer ";
- $sql .= "ON layer_style.fkey_layer_id = layer.layer_id ";
- $sql .= "WHERE layer.layer_name = $2 AND layer.fkey_wms_id = $1 ";
- $sql .= "AND layer_style.name = $3 AND layer_style.legendurlformat = $4";
- if ($reqParams['style'] == ''){
- $style = 'default';
- } else {
- $style = $reqParams['style'];
- }
- $v = array($wmsId, $reqParams['layer'], $style, $reqParams['format']);
- $t = array("i", "s", "s", "s");
- $res = db_prep_query($sql, $v, $t);
- if($row = db_fetch_array($res)) {
- return $row["legendurl"];
- } else {
- throwE(array("No legendurl available."));
- die();
- }
-}
-/**
- * validated access permission on requested wms
- *
- * @param wmsId integer, userId - integer
- * @return array array with detailed information about requested wms
- */
-function checkWmsPermission($wmsId,$userId){
- global $con, $n;
- $myguis = $n->getGuisByPermission($userId,true);
- $mywms = $n->getWmsByOwnGuis($myguis);
-
- $sql = "SELECT * FROM wms WHERE wms_id = $1";
- $v = array($wmsId);
- $t = array("s");
- $res = db_prep_query($sql, $v, $t);
- $service = array();
- if($row = db_fetch_array($res)){
- $service["wms_id"] = $row["wms_id"];
- $service["wms_getcapabilities"] = $row["wms_getcapabilities"];
- $service["wms_getmap"] = $row["wms_getmap"];
- $service["wms_getfeatureinfo"] = $row["wms_getfeatureinfo"];
- $service["wms_getcapabilities_doc"] = $row["wms_getcapabilities_doc"];
- }
- if(!$row || count($mywms) == 0){
- throwE(array("No wms data available."));
- die();
- }
-
- if(!in_array($service["wms_id"], $mywms)){
- throwE(array("Permission denied."," -> ".$service["wms_id"], implode(",", $mywms)));
- die();
- }
- return $service;
-}
-
-function checkLayerPermission($wms_id,$l,$userId){
- global $n, $owsproxyService;
- $e = new mb_notice("owsproxy: checkLayerpermission: wms: ".$wms_id.", layer: ".$l.' user_id: '.$userId);
- $myl = split(",",$l);
- $r = array();
- foreach($myl as $mysl){
- if($n->getLayerPermission($wms_id, $mysl, $userId) === true){
- array_push($r, $mysl);
- }
- }
- $ret = implode(",",$r);
- return $ret;
-}
-function getDocumentContent($url){
- if (func_num_args() == 2) { //new for HTTP Authentication
- $auth = func_get_arg(1);
- $d = new connector($url, $auth);
- }
- else {
- $d = new connector($url);
- }
- return $d->file;
-}
-//**********************************************************************************************
-//extra functions TODO: push them in class_administration.php
-
-/**
- * selects the wms id for a given layer id.
- *
- * @param <integer> the layer id
- * @return <string|boolean> either the id of the wms as integer or false when none exists
- */
- function getWmsIdByLayerId($id){
- $sql = "SELECT fkey_wms_id FROM layer WHERE layer_id = $1";
- $v = array($id);
- $t = array('i');
- $res = db_prep_query($sql,$v,$t);
- $row = db_fetch_array($res);
- if ($row) return $row["fkey_wms_id"]; else return false;
- }
-
-
-?>
+<?php
+require(dirname(__FILE__) . "/../../conf/mapbender.conf");
+require(dirname(__FILE__) . "/../../http/classes/class_administration.php");
+require(dirname(__FILE__) . "/../../http/classes/class_connector.php");
+require_once(dirname(__FILE__) . "/../../http/classes/class_mb_exception.php");
+require(dirname(__FILE__) . "/../../owsproxy/http/classes/class_QueryHandler.php");
+
+//database connection
+$db = db_connect($DBSERVER,$OWNER,$PW);
+db_select_db(DB,$db);
+
+$imageformats = array("image/png","image/gif","image/jpeg", "image/jpg");
+
+//control if digest auth is set, if not set, generate the challenge with getNonce()
+if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
+ header('HTTP/1.1 401 Unauthorized');
+ header('WWW-Authenticate: Digest realm="'.REALM.
+ '",qop="auth",nonce="'.getNonce().'",opaque="'.md5(REALM).'"');
+ die('Text to send if user hits Cancel button');
+}
+
+//read out the header in an array
+$requestHeaderArray = http_digest_parse($_SERVER['PHP_AUTH_DIGEST']);
+
+//error if header could not be read
+if (!($requestHeaderArray)) {
+ echo 'Following Header information cannot be validated - check your clientsoftware!<br>';
+ echo $_SERVER['PHP_AUTH_DIGEST'].'<br>';
+ die();
+}
+
+//get mb_username and email out of http_auth username string
+$userIdentification = explode(';',$requestHeaderArray['username']);
+$mbUsername = $userIdentification[0];
+$mbEmail = $userIdentification[1];
+
+$userInformation = getUserInfo($mbUsername,$mbEmail);
+
+if ($userInformation[0] == '-1') {
+ die('User with name: '.$mbUsername.' and email: '.$mbEmail.' not known to security proxy!');
+}
+
+if ($userInformation[1]=='') { //check if digest exists in db - if no digest exists it should be a null string!
+ die('User with name: '.$mbUsername.' and email: '.$mbEmail.' has no digest - please set a new password and try again!');
+}
+
+//first check the stale!
+if($requestHeaderArray['nonce'] == getNonce()) {
+ // Up-to-date nonce received
+ $stale = false;
+ } else {
+ // Stale nonce received (probably more than x seconds old)
+ $stale = true;
+ //give another chance to authenticate
+ header('HTTP/1.1 401 Unauthorized');
+ header('WWW-Authenticate: Digest realm="'.REALM.'",qop="auth",nonce="'.getNonce().'",opaque="'.md5(REALM).'" ,stale=true');
+ }
+// generate the valid response to check the request of the client
+$A1 = $userInformation[1];
+$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$requestHeaderArray['uri']);
+$valid_response = $A1.':'.getNonce().':'.$requestHeaderArray['nc'];
+$valid_response .= ':'.$requestHeaderArray['cnonce'].':'.$requestHeaderArray['qop'].':'.$A2;
+
+$valid_response=md5($valid_response);
+
+if ($requestHeaderArray['response'] != $valid_response) {//the user have to authenticate new - cause something in the authentication went wrong
+ die('Authentication failed - sorry, you have to authenticate once more!');
+}
+//if we are here - authentication has been done well!
+//let's do the proxy things (came from owsproxy.php):
+$postdata = $HTTP_RAW_POST_DATA;
+$layerId = $_REQUEST['layer_id'];
+$query = new QueryHandler();
+
+// an array with keys and values toLoserCase -> caseinsensitiv
+$reqParams = $query->getRequestParams();
+
+$n = new administration();
+
+$wmsId = getWmsIdByLayerId($layerId);
+$owsproxyString = $n->getWMSOWSstring($wmsId);
+
+if (!$owsproxyString) {
+ die('The requested resource does not exists or the routing through mapbenders owsproxy is not activated!');
+}
+//get authentication infos if they are available in wms table! if not $auth = false
+$auth = $n->getAuthInfoOfWMS($wmsId);
+
+if ($auth['auth_type']==''){
+ unset($auth);
+}
+
+$e = new mb_exception("REQUEST to HTTP_AUTH: ".strtolower($reqParams['request']));
+
+//what the proxy does
+switch (strtolower($reqParams['request'])) {
+
+ case 'getcapabilities':
+ $arrayOnlineresources = checkWmsPermission($wmsId,$userInformation[0]);
+ $query->setOnlineResource($arrayOnlineresources['wms_getcapabilities']);
+ //$request = preg_replace("/(.*)frames\/login.php/", "$1php/wms.php?layer_id=".$layerId, LOGIN);
+ if (isset($_SERVER["HTTPS"])){
+ $urlPrefix = "https://";
+ } else {
+ $urlPrefix = "http://";
+ }
+ if (defined("MAPBENDER_PATH") && MAPBENDER_PATH != '') {
+ $request = MAPBENDER_PATH."/php/wms.php?layer_id=".$layerId;
+ } else {
+ $request = $urlPrefix.$_SERVER['HTTP_HOST']."/mapbender/php/wms.php?layer_id=".$layerId;
+ }
+ $requestFull .= $request.'&REQUEST=GetCapabilities&VERSION=1.1.1&SERVICE=WMS';
+ if(isset($auth)){
+ getCapabilities($request,$requestFull,$auth);
+ }
+ else {
+ getCapabilities($request,$requestFull);
+ }
+ break;
+ case 'getfeatureinfo':
+ $arrayOnlineresources = checkWmsPermission($wmsId,$userInformation[0]);
+ $query->setOnlineResource($arrayOnlineresources['wms_getfeatureinfo']);
+ $layers = checkLayerPermission($wmsId,$reqParams['layers'],$userInformation[0]);
+ if ($layers == '' ) {
+ throwE("GetFeatureInfo permission denied on layer with id".$layerId);
+ die();
+ }
+ $request = $query->getRequest();
+ if(isset($auth)){
+ getFeatureInfo($request,$auth);
+ }
+ else {
+ getFeatureInfo($request);
+ }
+ break;
+ case 'getmap':
+ $arrayOnlineresources = checkWmsPermission($wmsId,$userInformation[0]);
+ $query->setOnlineResource($arrayOnlineresources['wms_getmap']);
+ $layers = checkLayerPermission($wmsId,$reqParams['layers'],$userInformation[0]);
+ if ($layers == '' ) {
+ throwE("GetMap permission denied on layer with id ".$layerId);
+ die();
+ }
+ $query->setParam("layers",urldecode($layers));
+ $request = $query->getRequest();
+ #log proxy requests
+ if($n->getWmsLogTag($wmsId)==1) {
+ #do log to db
+ #TODO read out size of bbox and calculate price
+ #get price out of db
+ $price=intval($n->getWmsPrice($wmsId));
+ $n->logWmsProxyRequest($wmsId,$userInformation[0],$request,$price);
+ }
+ if(isset($auth)){
+ getImage($request,$auth);
+ }
+ else {
+ getImage($request);
+ }
+ break;
+ case 'getlegendgraphic':
+ $url = getLegendUrl($wmsId);
+ $e = new mb_exception("URL for getlegendgraphic: ");
+ if(isset($auth)){
+ getImage($url,$auth);
+ }
+ else {
+ getImage($url);
+ }
+ break;
+ default:
+echo 'Your are logged in as: <b>' .$requestHeaderArray['username'].'</b> and requested the layer with id=<b>'.$layerId.'</b> but your request is not a valid OWS request';
+}
+//functions for http_auth
+//**********************************************************************************************
+
+// function to parse the http auth header
+function http_digest_parse($txt)
+{
+ // protect against missing data
+ $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
+ $data = array();
+ $keys = implode('|', array_keys($needed_parts));
+ preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
+ foreach ($matches as $m) {
+ $data[$m[1]] = $m[3] ? $m[3] : $m[4];
+ unset($needed_parts[$m[1]]);
+ }
+ return $needed_parts ? false : $data;
+}
+// function to get relevant user information from mb db
+function getUserInfo($mbUsername,$mbEmail) {
+ $result = array();
+ $sql = "SELECT mb_user_id, mb_user_digest FROM mb_user where mb_user_name = $1 AND mb_user_email= $2";
+ $v = array($mbUsername, $mbEmail);
+ $t = array("s","s");
+ $res = db_prep_query($sql, $v, $t);
+ if(!($row = db_fetch_array($res))){
+ $result[0] = "-1";
+ }
+ else {
+ $result[0] = $row['mb_user_id'];
+ $result[1] = $row['mb_user_digest'];
+ }
+ return $result;
+}
+
+function getNonce() {
+ global $nonceLife;
+ $time = ceil(time() / $nonceLife) * $nonceLife;
+ return md5(date('Y-m-d H:i', $time).':'.$_SERVER['REMOTE_ADDR'].':'.NONCEKEY);
+}
+
+//**********************************************************************************************
+//functions of owsproxy/http/index.php
+//**********************************************************************************************
+function throwE($e){
+ global $reqParams, $imageformats;
+
+ if(in_array($reqParams['format'],$imageformats)){
+ throwImage($e);
+ }
+ else{
+ throwText($e);
+ }
+}
+
+function throwImage($e){
+ global $reqParams;
+ if (!$reqParams['width'] || !$reqParams['height']) { //width or height are not set by ows request - maybe for legendgraphics
+ $width = 300;
+ $height = 20;
+ }
+ $image = imagecreate($width,$height);
+ $transparent = ImageColorAllocate($image,155,155,155);
+ ImageFilledRectangle($image,0,0,$width,$height,$transparent);
+ imagecolortransparent($image, $transparent);
+ $text_color = ImageColorAllocate ($image, 233, 14, 91);
+ for($i=0; $i<count($e); $i++){
+ ImageString ($image, 3, 5, $i*20, $e[$i], $text_color);
+ }
+ responseImage($image);
+}
+function throwText($e){
+ echo join(" ", $e);
+}
+function responseImage($im){
+ global $reqParams;
+ $format = $reqParams['format'];
+ if($format == 'image/png'){header("Content-Type: image/png");}
+ if($format == 'image/jpeg' || $format == 'image/jpg'){header("Content-Type: image/jpeg");}
+ if($format == 'image/gif'){header("Content-Type: image/gif");}
+ if($format == 'image/png'){imagepng($im);}
+ if($format == 'image/jpeg' || $format == 'image/jpg'){imagejpeg($im);}
+ if($format == 'image/gif'){imagegif($im);}
+}
+function completeURL($url){
+ global $reqParams;
+ $mykeys = array_keys($reqParams);
+ for($i=0; $i<count($mykeys);$i++){
+ if($i > 0){ $url .= "&"; }
+ $url .= $mykeys[$i]."=".urlencode($reqParams[$mykeys[$i]]);
+ }
+ return $url;
+}
+
+/**
+ * fetch and returns an image to client
+ *
+ * @param string the original url of the image to send
+ */
+
+function getImage($or){
+ global $reqParams;
+ header("Content-Type: ".$reqParams['format']);
+ if (func_num_args() == 2) { //new for HTTP Authentication
+ $auth = func_get_arg(1);
+ echo getDocumentContent($or,$auth);
+ }
+ else
+ {
+ echo getDocumentContent($or);
+ }
+}
+
+/**
+ * fetchs and returns the content of the FeatureInfo Response
+ *
+ * @param string the url of the FeatureInfoRequest
+ * @return string the content of the FeatureInfo document
+ */
+function getFeatureInfo($url){
+ global $reqParams;
+ $e = new mb_exception("owsproxy: Try to fetch FeatureInfoRequest: ".$url);
+ header("Content-Type: ".$reqParams['info_format']);
+ if (func_num_args() == 2) { //new for HTTP Authentication
+ $auth = func_get_arg(1);
+ echo getDocumentContent($url,$auth);
+ }
+ else
+ {
+ echo getDocumentContent($url);
+ }
+}
+
+
+
+
+function matchUrls($content){
+ if(!session_is_registered("owsproxyUrls")){
+ $_SESSION["owsproxyUrls"] = array();
+ $_SESSION["owsproxyUrls"]["id"] = array();
+ $_SESSION["owsproxyUrls"]["url"] = array();
+ }
+ $pattern = "/[\"|\'](https*:\/\/[^\"|^\']*)[\"|\']/";
+ preg_match_all($pattern,$content,$matches);
+ for($i=0; $i<count($matches[1]); $i++){
+ $req = $matches[1][$i];
+ $e = new mb_exception("Gefundene URL ".$i.": ".$req);
+ #$notice = new mb_notice("owsproxy id:".$req);
+ $id = registerURL($req);
+ $extReq = setExternalRequest($id);
+ $e = new mb_exception("MD5 URL ".$id."-Externer Link: ".$extReq);
+ $content = str_replace($req,$extReq,$content);
+ }
+ return $content;
+}
+
+function setExternalRequest($id){
+ global $reqParams,$query;
+ $extReq = "http://".$_SESSION['HTTP_HOST'] ."/owsproxy/". $reqParams['sid'] ."/".$id."?request=external";
+ return $extReq;
+}
+function getExternalRequest($id){
+ for($i=0; $i<count($_SESSION["owsproxyUrls"]["url"]); $i++){
+ if($id == $_SESSION["owsproxyUrls"]["id"][$i]){
+ $cUrl = $_SESSION["owsproxyUrls"]["url"][$i];
+ $query_string = removeOWSGetParams($_SERVER["QUERY_STRING"]);
+ if($query_string != ''){
+ $cUrl .= getConjunctionCharacter($cUrl).$query_string;
+ }
+ $metainfo = get_headers($cUrl,1);
+ // just for the stupid InternetExplorer
+ header('Pragma: private');
+ header('Cache-control: private, must-revalidate');
+
+ header("Content-Type: ".$metainfo['Content-Type']);
+
+ $content = getDocumentContent($cUrl,false);
+ #$content = matchUrls($content); //In the case of http_auth - this is not possible cause we cannot save them in the header - maybe we could create a special session to do so later on?
+ echo $content;
+ }
+ }
+}
+function removeOWSGetParams($query_string){
+ $r = preg_replace("/.*request=external&/","",$query_string);
+ #return $r;
+ return "";
+}
+function getConjunctionCharacter($url){
+ if(strpos($url,"?")){
+ if(strpos($url,"?") == strlen($url)){
+ $cchar = "";
+ }else if(strpos($url,"&") == strlen($url)){
+ $cchar = "";
+ }else{
+ $cchar = "&";
+ }
+ }
+ if(strpos($url,"?") === false){
+ $cchar = "?";
+ }
+ return $cchar;
+}
+function registerUrl($url){
+ if(!in_array($url,$_SESSION["owsproxyUrls"]["url"])){
+ $e = new mb_exception("Is noch net drin!");
+ $id = md5($url);
+ $e = new mb_exception("ID: ".$id." URL: ".$url." will be written to session");
+ array_push($_SESSION["owsproxyUrls"]["url"],$url);
+ array_push($_SESSION["owsproxyUrls"]["id"], $id);
+ }
+ else{
+ $e = new mb_exception("It was found! Search content and return ID!");
+ for($i=0; $i<count($_SESSION["owsproxyUrls"]["url"]); $i++){
+ $e = new mb_exception("Content ".$i." : proxyurl:".$_SESSION["owsproxyUrls"]["url"][$i]." - new: ".$url);
+ if($url == $_SESSION["owsproxyUrls"]["url"][$i]){
+ $e = new mb_exception("Identical! ID:".$_SESSION["owsproxyUrls"]["id"][$i]." will be used");
+ $id = $_SESSION["owsproxyUrls"]["id"][$i];
+ }
+ }
+ }
+ return $id;
+}
+
+function getCapabilities($request,$requestFull){
+ global $arrayOnlineresources;
+ global $layerId;
+ header("Content-Type: application/xml");
+ if (func_num_args() == 3) { //new for HTTP Authentication
+ $auth = func_get_arg(2);
+ $content = getDocumentContent($requestFull,$auth);
+ }
+ else
+ {
+ $content = getDocumentContent($requestFull);
+ }
+ //show temporal content fo capabilities
+ $e = new mb_notice("content from wms.php fascade after going thru curl: ".$content);
+ //loading as xml
+ libxml_use_internal_errors(true);
+ try {
+ $capFromFascadeXmlObject = simplexml_load_string($content);
+ if ( $capFromFascadeXmlObject === false) {
+ foreach(libxml_get_errors() as $error) {
+ $err = new mb_exception("http_auth/index.php: ".$error->message);
+ }
+ throw new Exception("http_auth/index.php: ".'Cannot parse Metadata XML!');
+ echo "<error>http_auth/index.php: Cannot parse Capabilities XML!</error>";
+ die();
+ }
+ }
+ catch (Exception $e) {
+ $err = new mb_exception("http_auth/index.php: ".$e->getMessage());
+ echo "<error>http_auth/index.php: ".$e->getMessage()."</error>";
+ die();
+ }
+ //exchanging urls in some special fields
+ //
+ //GetCapabilities, GetMap, GetFeatureInfo, GetLegendGraphics, ...
+ $capFromFascadeXmlObject->registerXPathNamespace("xlink", "http://www.w3.org/1999/xlink");
+ //Mapping of urls for wms 1.1.1 which should be exchanged
+ $urlsToChange = array(
+ '/WMT_MS_Capabilities/Capability/Request/GetCapabilities/DCPType/HTTP/Get/OnlineResource/@xlink:href',
+ '/WMT_MS_Capabilities/Capability/Request/GetCapabilities/DCPType/HTTP/Post/OnlineResource/@xlink:href',
+ '/WMT_MS_Capabilities/Capability/Request/GetMap/DCPType/HTTP/Get/OnlineResource/@xlink:href',
+ '/WMT_MS_Capabilities/Capability/Request/GetMap/DCPType/HTTP/Post/OnlineResource/@xlink:href',
+ '/WMT_MS_Capabilities/Capability/Request/GetFeatureInfo/DCPType/HTTP/Get/OnlineResource/@xlink:href',
+ '/WMT_MS_Capabilities/Capability/Request/GetFeatureInfo/DCPType/HTTP/Post/OnlineResource/@xlink:href',
+ '/WMT_MS_Capabilities/Capability/Layer/Layer/Style/LegendURL/OnlineResource/@xlink:href'
+ );
+ foreach($urlsToChange as $xpath) {
+ $href = $capFromFascadeXmlObject->xpath($xpath);
+ $e = new mb_notice("old href: ".$href[0]);
+ $e = new mb_notice("href replaced: ".replaceOwsUrls($href[0], $layerId));
+ $href[0][0] = replaceOwsUrls($href[0], $layerId);
+ }
+ echo $capFromFascadeXmlObject->asXML();
+}
+
+function replaceOwsUrls($owsUrl, $layerId) {
+ $new = "http_auth/". $layerId."?";
+ $pattern = "#owsproxy/[a-z0-9]{32}\/[a-z0-9]{32}\?#m";
+ $httpAuthUrl = preg_replace($pattern,$new,$owsUrl);
+ return $httpAuthUrl;
+}
+
+/**
+ * gets the original url of the requested legend graphic
+ *
+ * @param string owsproxy md5
+ * @return string url to legend graphic
+ */
+function getLegendUrl($wmsId){
+ global $reqParams;
+ //get wms_getlegendurl
+ $sql = "SELECT wms_getlegendurl FROM wms WHERE wms_id = $1";
+ $v = array($wmsId);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
+ if($row = db_fetch_array($res)) {
+ $getLegendUrl = $row["wms_getlegendurl"];
+ } else {
+ throwE(array("No wms data available."));
+ die();
+ }
+ //get the url
+ $sql = "SELECT layer_style.legendurl ";
+ $sql .= "FROM layer_style JOIN layer ";
+ $sql .= "ON layer_style.fkey_layer_id = layer.layer_id ";
+ $sql .= "WHERE layer.layer_name = $2 AND layer.fkey_wms_id = $1 ";
+ $sql .= "AND layer_style.name = $3 AND layer_style.legendurlformat = $4";
+ if ($reqParams['style'] == ''){
+ $style = 'default';
+ } else {
+ $style = $reqParams['style'];
+ }
+
+ $v = array($wmsId, $reqParams['layer'], $style, $reqParams['format']);
+ $t = array("i", "s", "s", "s");
+ $res = db_prep_query($sql, $v, $t);
+ if($row = db_fetch_array($res)) {
+ if (strpos($row["legendurl"],'http') !== 0) {
+ $e = new mb_notice("combine legendurls!");
+ return $getLegendUrl.$row["legendurl"];
+ }
+ return $row["legendurl"];
+ } else {
+ throwE(array("No legendurl available."));
+ die();
+ }
+}
+/**
+ * validated access permission on requested wms
+ *
+ * @param wmsId integer, userId - integer
+ * @return array array with detailed information about requested wms
+ */
+function checkWmsPermission($wmsId,$userId){
+ global $con, $n;
+ $myguis = $n->getGuisByPermission($userId,true);
+ $mywms = $n->getWmsByOwnGuis($myguis);
+
+ $sql = "SELECT * FROM wms WHERE wms_id = $1";
+ $v = array($wmsId);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
+ $service = array();
+ if($row = db_fetch_array($res)){
+ $service["wms_id"] = $row["wms_id"];
+ $service["wms_getcapabilities"] = $row["wms_getcapabilities"];
+ $service["wms_getmap"] = $row["wms_getmap"];
+ $service["wms_getfeatureinfo"] = $row["wms_getfeatureinfo"];
+ $service["wms_getcapabilities_doc"] = $row["wms_getcapabilities_doc"];
+ }
+ if(!$row || count($mywms) == 0){
+ throwE(array("No wms data available."));
+ die();
+ }
+
+ if(!in_array($service["wms_id"], $mywms)){
+ throwE(array("Permission denied."," -> ".$service["wms_id"], implode(",", $mywms)));
+ die();
+ }
+ return $service;
+}
+
+function checkLayerPermission($wms_id,$l,$userId){
+ global $n, $owsproxyService;
+ $e = new mb_notice("owsproxy: checkLayerpermission: wms: ".$wms_id.", layer: ".$l.' user_id: '.$userId);
+ $myl = split(",",$l);
+ $r = array();
+ foreach($myl as $mysl){
+ if($n->getLayerPermission($wms_id, $mysl, $userId) === true){
+ array_push($r, $mysl);
+ }
+ }
+ $ret = implode(",",$r);
+ return $ret;
+}
+function getDocumentContent($url){
+ if (func_num_args() == 2) { //new for HTTP Authentication
+ $auth = func_get_arg(1);
+ $d = new connector($url, $auth);
+ }
+ else {
+ $d = new connector($url);
+ }
+ return $d->file;
+}
+//**********************************************************************************************
+//extra functions TODO: push them in class_administration.php
+
+/**
+ * selects the wms id for a given layer id.
+ *
+ * @param <integer> the layer id
+ * @return <string|boolean> either the id of the wms as integer or false when none exists
+ */
+ function getWmsIdByLayerId($id){
+ $sql = "SELECT fkey_wms_id FROM layer WHERE layer_id = $1";
+ $v = array($id);
+ $t = array('i');
+ $res = db_prep_query($sql,$v,$t);
+ $row = db_fetch_array($res);
+ if ($row) return $row["fkey_wms_id"]; else return false;
+ }
+
+
+?>
Modified: trunk/mapbender/owsproxy/http/index.php
===================================================================
--- trunk/mapbender/owsproxy/http/index.php 2013-02-07 12:40:39 UTC (rev 8558)
+++ trunk/mapbender/owsproxy/http/index.php 2013-02-07 14:07:37 UTC (rev 8559)
@@ -1,728 +1,733 @@
-<?php
-# $Id$
-# http://www.mapbender.org/index.php/Owsproxy
-# Module maintainer Uli
-# Copyright (C) 2002 CCGIS
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-require_once(dirname(__FILE__)."/../../core/globalSettings.php");
-require_once(dirname(__FILE__) . "/../../http/classes/class_administration.php");
-require_once(dirname(__FILE__) . "/../../http/classes/class_connector.php");
-require_once(dirname(__FILE__) . "/./classes/class_QueryHandler.php");
-/***** conf *****/
-$imageformats = array("image/png","image/gif","image/jpeg", "image/jpg");
-$width = 400;
-$height = 400;
-/***** conf *****/
-$postdata = $HTTP_RAW_POST_DATA;
-$owsproxyService = $_REQUEST['wms']; //ToDo: change this to 'service' in the apache url-rewriting
-$query = new QueryHandler();
-// an array with keys and values toLowerCase -> caseinsensitiv
-$reqParams = $query->getRequestParams();
-$e = new mb_notice("incoming request: ".OWSPROXY."/".$_REQUEST['sid']."/".$_REQUEST['wms'].$query->getRequest());
-$e = new mb_notice("owsproxy requested from: ".$_SERVER["REMOTE_ADDR"]);
-//check if proxy request came from grabbing whitelist - for grabbing
-if (!defined("OWSPROXY_SESSION_GRABBING_WHITELIST")){
- $grabbingAllowed = true;
-}
-if (defined("OWSPROXY_SESSION_GRABBING_WHITELIST")) {
- $whiteListArray = explode(",", OWSPROXY_SESSION_GRABBING_WHITELIST);
- if (in_array($_SERVER["REMOTE_ADDR"], $whiteListArray)) {
- $grabbingAllowed = true;
- $e = new mb_notice("Grabbing allowed for IP: ".$_SERVER["REMOTE_ADDR"]);
- } else {
- $grabbingAllowed = false;
- $e = new mb_notice("Grabbing not allowed for IP: ".$_SERVER["REMOTE_ADDR"]."!");
- }
-}
-//check session
-//session_regenerate_id(TRUE);
-$e = new mb_notice("Initial session_id: ".session_id());
-//The session can be set by a given cookie value or was newly created by core/globalSettings.php
-//either empty (without mb_user_id value) - when the corresponding session file was lost or timed out
-//or filled, when there was an actual mapbender session before
-//check if mb_user_id is given and is an string with an integer:
-if(!$_SESSION['mb_user_id'] && !is_int($_SESSION['mb_user_id'])){
- $e = new mb_notice("Newly initialized session - no logged in mapbender user!");
-}
-//Possibility to grap an existing session:
-if (defined("OWSPROXY_ALLOW_SESSION_GRABBING") && OWSPROXY_ALLOW_SESSION_GRABBING == true) {
- if ($grabbingAllowed) {
- //first check is to find out if a session with the current sid exists! If so use this one, if not use the current one which was generated from globalSettings.php
- if (file_exists(ini_get('session.save_path')."/sess_".$_REQUEST["sid"]) && session_id() !== $_REQUEST["sid"]) {
- //there is a current session for the requested url
- $e = new mb_notice("A current session exists for this url and will be used!");
- $oldsessionId = session_id();
- $tmpSessionFile = ini_get('session.save_path')."/sess_".session_id();
- //do the following only, if a user is in this session - maybe it is a session which was generated from an external application and therefor it is empty!
- session_id($_REQUEST["sid"]);
- $e = new mb_notice("Grabbed session with id: ".session_id());
- //kill dynamical session
- //@unlink($tmpSessionFile);
- $e = new mb_notice("Following user was found and will be used for authorization: ".Mapbender::session()->get('mb_user_id'));
- $foundUserId = Mapbender::session()->get('mb_user_id');
- if (!isset($foundUserId) || $foundUserId =='') {
- $e = new mb_notice("No user found in the existing session - switch to the old one!");
- session_id($oldsessionId);
- } else {
- //delete session as it will not be needed any longer
- $e = new mb_notice("Following no longer needed session will be deleted: ".$tmpSessionFile);
- @unlink($tmpSessionFile);
- }
- }
- }
-}
-//check if current session has the same id as the session which is requested in the owsproxy url
-//exchange them, if they differ and redirect to an new one with the current session
-if (session_id() !== $_REQUEST["sid"]) {
- //get all request params which are original
- //build reuquest
- $redirectUrl = OWSPROXY."/".session_id()."/".$_REQUEST['wms'].$query->getRequest();
- $e = new mb_notice("IDs differ - redirect to new owsproxy url: ".$redirectUrl);
- header("Location: ".$redirectUrl);
- die();
-} else {
- $e = new mb_notice("Current session_id() identical to requested SID!");
-}
-//this is the request which may have been redirected
-//check for given user session with user_id which can be tested again the authorization
-if(!$_SESSION['mb_user_id']){
- $e = new mb_notice("user_id not found in session");
- //if configured in mapbender.conf, create guest session so that also proxied service can be watched in external applications when they are available to the anonymous user
- //only possible for webapplications - in case of desktop applications the user have to use his credentials and http_auth module
- if (defined("OWSPROXY_ALLOW_PUBLIC_USER") && OWSPROXY_ALLOW_PUBLIC_USER && defined("PUBLIC_USER") && PUBLIC_USER != "") {
- //setSession();
- Mapbender::session()->set("mb_user_id",PUBLIC_USER);
- Mapbender::session()->set("external_proxy_user",true);
- Mapbender::session()->set("mb_user_ip",$_SERVER['REMOTE_ADDR']);
- //Define name of temporal session file. This file can be deleted after the request was successful. It will be generated every time again.
- $tmpSessionFile = ini_get('session.save_path')."/sess_".session_id();
- $e = new mb_notice("Permission allowed for public user with id: ".PUBLIC_USER);
- } else {
- $e = new mb_notice("Permission denied - public user not allowed to access ressource!");
- //kill actual session file
- $tmpSessionFile = ini_get('session.save_path')."/sess_".session_id();
- $e = new mb_notice("delete temporary session file: ".$tmpSessionFile);
- @unlink($tmpSessionFile);
- throwE(array("Permission denied"," - no current session found and ","public user not allowed to access ressource!"));
- die();
- }
-} else {
- $e= new mb_notice("mb_user_id found in session: ".$_SESSION['mb_user_id']);
-}
-//start the session to be able to write urls to it - for
-session_start();//maybe it was started by globalSettings.php
-$n = new administration;
-//Extra security - IP check
-if (defined("OWSPROXY_BIND_IP") && OWSPROXY_BIND_IP == true) {
- if($_SESSION['mb_user_ip'] != $_SERVER['REMOTE_ADDR']){
- throwE(array("Session not identified.","Permission denied.","Please authenticate."));
- die();
- }
-}
-$e = new mb_notice("user id for authorization test: ".$_SESSION['mb_user_id']);
-$wmsId = $n->getWmsIdFromOwsproxyString($query->getOwsproxyServiceId());
-//get authentication infos if they are available in wms table! if not $auth = false
-$auth = $n->getAuthInfoOfWMS($wmsId);
-if ($auth['auth_type']==''){
- unset($auth);
-}
-/************* workflow ************/
-$n = new administration();
-switch (strtolower($reqParams['request'])) {
- case 'getcapabilities':
- $arrayOnlineresources = checkWmsPermission($query->getOwsproxyServiceId());
- $query->setOnlineResource($arrayOnlineresources['wms_getcapabilities']);
- $request = $query->getRequest();
- if(isset($auth)){
- getCapabilities($request,$auth);
- #$mb_exception = new mb_exception("auth: ".$auth['auth_type']);
- }
- else {
- getCapabilities($request);
- }
- break;
- case 'getfeatureinfo':
- $arrayOnlineresources = checkWmsPermission($query->getOwsproxyServiceId());
- $query->setOnlineResource($arrayOnlineresources['wms_getfeatureinfo']);
- $request = $query->getRequest();
- if(isset($auth)){
- getFeatureInfo($request,$auth);
- }
- else {
- getFeatureInfo($request);
- }
- break;
- case 'getmap':
- $arrayOnlineresources = checkWmsPermission($owsproxyService);
- $query->setOnlineResource($arrayOnlineresources['wms_getmap']);
- $layers = checkLayerPermission($arrayOnlineresources['wms_id'],$reqParams['layers']);
- if($layers===""){
- throwE("Permission denied");
- die();
- }
- $query->setParam("layers",urldecode($layers));//the decoding of layernames dont make problems - but not really good names will be requested also ;-)
- $request = $query->getRequest();
- #log proxy requests
- if($n->getWmsLogTag($arrayOnlineresources['wms_id'])==1) {
- #do log to db
- #TODO read out size of bbox and calculate price
- #get price out of db
- $price=intval($n->getWmsPrice($arrayOnlineresources['wms_id']));
- $n->logWmsProxyRequest($arrayOnlineresources['wms_id'],$_SESSION['mb_user_id'],$request,$price);
- }
- if(isset($auth)){
- getImage($request,$auth);
- }
- else {
- getImage($request);
- }
- break;
- case 'map':
- $arrayOnlineresources = checkWmsPermission($owsproxyService);
- $query->setOnlineResource($arrayOnlineresources['wms_getmap']);
- $layers = checkLayerPermission($arrayOnlineresources['wms_id'],$reqParams['layers']);
- if($layers===""){
- throwE("Permission denied");
- die();
- }
- $query->setParam("layers",urldecode($layers));
- $request = $query->getRequest();
- if(isset($auth)){
- getImage($url,$auth);
- }
- else {
- getImage($url);
- }
- break;
- case 'getlegendgraphic':
- $url = getLegendUrl($query->getOwsproxyServiceId());
- if (isset ($reqParams['sld']) && $reqParams['sld'] != "") {
- $url = $url . getConjunctionCharacter($url) . "SLD=".$reqParams['sld'];
- }
- if(isset($auth)){
- getImage($url,$auth);
- }
- else {
- getImage($url);
- }
- break;
- case 'external':
- getExternalRequest($query->getOwsproxyServiceId());
- break;
- case 'getfeature':
- $arrayFeatures = array($reqParams['typename']);
- $arrayOnlineresources = checkWfsPermission($query->getOwsproxyServiceId(), $arrayFeatures);
- $query->setOnlineResource($arrayOnlineresources['wfs_getfeature']);
- $request = $query->getRequest();
- $request = stripslashes($request);
- getFeature($request);
- break;
- // case wfs transaction (because of raw POST the request param is empty)
- case '':
- $arrayFeatures = getWfsFeaturesFromTransaction($HTTP_RAW_POST_DATA);
- $arrayOnlineresources = checkWfsPermission($query->getOwsproxyServiceId(), $arrayFeatures);
- $query->setOnlineResource($arrayOnlineresources['wfs_transaction']);
- $request = $query->getRequest();
- doTransaction($request, $HTTP_RAW_POST_DATA);
- break;
- default:
-
-}
-if (isset($tmpSessionFile) && file_exists($tmpSessionFile)) {
- $e = new mb_exception("Following no longer needed session will be deleted: ".$tmpSessionFile);
- @unlink($tmpSessionFile);
-}
-/*********************************************************/
-function throwE($e){
- global $reqParams, $imageformats;
- if(in_array($reqParams['format'],$imageformats)){
- throwImage($e);
- }
- else{
- throwText($e);
- }
-}
-
-function throwImage($e){
- global $width,$height;
- $image = imagecreate($width,$height);
- $transparent = ImageColorAllocate($image,155,155,155);
- ImageFilledRectangle($image,0,0,$width,$height,$transparent);
- imagecolortransparent($image, $transparent);
- $text_color = ImageColorAllocate ($image, 233, 14, 91);
- if (count($e) > 1){
- for($i=0; $i<count($e); $i++){
- $imageString = $e[$i];
- ImageString ($image, 3, 5, $i*20, $imageString, $text_color);
- }
- } else {
- if (is_array($e)) {
- $imageString = $e[0];
- } else {
- $imageString = $e;
- }
- if ($imageString == "") {
- $imageString = "An unknown error occured!";
- }
- ImageString ($image, 3, 5, $i*20, $imageString, $text_color);
- }
- responseImage($image);
-}
-function throwText($e){
- echo join(" ", $e);
-}
-function responseImage($im){
- global $reqParams;
- $format = $reqParams['format'];
- $format="image/gif";
- if($format == 'image/png'){header("Content-Type: image/png");}
- if($format == 'image/jpeg' || $format == 'image/jpg'){header("Content-Type: image/jpeg");}
- if($format == 'image/gif'){header("Content-Type: image/gif");}
-
- if($format == 'image/png'){imagepng($im);}
- if($format == 'image/jpeg' || $format == 'image/jpg'){imagejpeg($im);}
- if($format == 'image/gif'){imagegif($im);}
-}
-function completeURL($url){
- global $reqParams;
- $mykeys = array_keys($reqParams);
- for($i=0; $i<count($mykeys);$i++){
- if($i > 0){ $url .= "&"; }
- $url .= $mykeys[$i]."=".urlencode($reqParams[$mykeys[$i]]);
- }
- return $url;
-}
-
-/**
- * fetch and returns an image to client
- *
- * @param string the original url of the image to send
- */
-
-function getImage($or){
- global $reqParams;
- header("Content-Type: ".$reqParams['format']);
- #log the image_requests to database
- #log the following to table mb_proxy_log
- #timestamp,user_id,getmaprequest,amount pixel,price - but do this only for wms to log - therefor first get log tag out of wms!
- #
- #
- if (func_num_args() == 2) { //new for HTTP Authentication
- $auth = func_get_arg(1);
- echo getDocumentContent($or,$auth);
- }
- else
- {
- echo getDocumentContent($or);
- }
-
-}
-
-/**
- * fetchs and returns the content of the FeatureInfo Response
- *
- * @param string the url of the FeatureInfoRequest
- * @return string the content of the FeatureInfo document
- */
-function getFeatureInfo($url){
- global $reqParams;
- //$e = new mb_notice("owsproxy: Try to fetch FeatureInfoRequest: ".$url);
- header("Content-Type: ".$reqParams['info_format']);
-
- if (func_num_args() == 2) { //new for HTTP Authentication
- $auth = func_get_arg(1);
- $content = getDocumentContent($url,$auth);
- }
- else {
- $content = getDocumentContent($url);
- }
- $content = matchUrls($content);
- echo $content;
-}
-
-/**
- * fetchs and returns the content of WFS GetFeature response
- *
- * @param string the url of the GetFeature request
- * @return echo the content of the GetFeature document
- */
-function getFeature($url){
- global $reqParams;
-
- header("Content-Type: ".$reqParams['info_format']);
- $content = getDocumentContent($url);
- $content = matchUrls($content);
- echo $content;
-}
-
-/**
- * simulates a post request to host
- *
- * @param string host to send the request to
- * @param string port of host to send the request to
- * @param string method to send data (should be "POST")
- * @param string path on host
- * @param string data to send to host
- * @return string hosts response
- */
-
-function sendToHost($host,$port,$method,$path,$data){
- $buf = '';
- if (empty($method)) $method = 'POST';
- $method = mb_strtoupper($method);
- $fp = fsockopen($host, $port);
- fputs($fp, "$method $path HTTP/1.1\r\n");
- fputs($fp, "Host: $host\r\n");
- fputs($fp,"Content-type: application/xml\r\n");
- fputs($fp, "Content-length: " . strlen($data) . "\r\n");
- fputs($fp, "Connection: close\r\n\r\n");
- if ($method == 'POST') fputs($fp, $data);
- while (!feof($fp)) $buf .= fgets($fp,4096);
- fclose($fp);
- return $buf;
-}
-
-/**
- * get wfs featurenames that are touched by a tansaction request defined in XML $data
- *
- * @param string XML that contains the tansaction request
- * @return array array of touched feature names
- */
-
-function getWfsFeaturesFromTransaction($data){
- new mb_notice("owsproxy.getWfsFeaturesFromTransaction.data: ".$data);
- if(!$data || $data == ""){
- return false;
- }
- $features = array();
- $values = NULL;
- $tags = NULL;
- $parser = xml_parser_create();
- xml_parser_set_option($parser,XML_OPTION_CASE_FOLDING,0);
- xml_parser_set_option($parser,XML_OPTION_SKIP_WHITE,1);
- xml_parse_into_struct($parser,$data,$values,$tags);
-
- $code = xml_get_error_code ($parser);
- if ($code) {
- $line = xml_get_current_line_number($parser);
- $col = xml_get_current_column_number($parser);
- $mb_exception = new mb_exception("OWSPROXY invalid Tansaction XML: ".xml_error_string($code) . " in line " . $line. " at character ". $col);
- die();
- }
- xml_parser_free($parser);
-
- $insert = false;
- $insertlevel = 0;
- foreach ($values as $element) {
- //features touched by insert
- if(strtoupper($element[tag]) == "WFS:INSERT" && $element[type] == "open"){
- $insert = true;
- $insertlevel = $element[level];
- }
- if($insert && $element[level] == $insertlevel + 1 && $element[type] == "open"){
- array_push($features, $element[tag]);
- }
- if(strtoupper($element[tag]) == "WFS:INSERT" && $element[type] == "close"){
- $insert = false;
- }
- //updated features
- if(strtoupper($element[tag]) == "WFS:UPDATE" && $element[type] == "open"){
- array_push($features, $element[attributes]["typeName"]);
- }
- //deleted features
- if(strtoupper($element[tag]) == "WFS:DELETE" && $element[type] == "open"){
- array_push($features, $element[attributes]["typeName"]);
- }
- }
- return $features;
-}
-
-/**
- * sends the data of WFS Transaction and echos the response
- *
- * @param string url to send the WFS Transaction to
- * @param string WFS Transaction data
- */
-
-function doTransaction($url, $data){
- $arURL = parse_url($url);
- $host = $arURL["host"];
- $port = $arURL["port"];
- if($port == '') $port = 80;
-
- $path = $arURL["path"];
- $method = "POST";
- $result = sendToHost($host,$port,$method,html_entity_decode($path),$data);
-
- //delete header from result
- $result = mb_eregi_replace("^[^<]*", "", $result);
- $result = mb_eregi_replace("[^>]*$", "", $result);
-
- echo $result;
-}
-
-function matchUrls($content){
- if(!session_is_registered("owsproxyUrls")){ //TODO: exchange function, because it is deprecated and will not longer be supported by php 5.4!
- $_SESSION["owsproxyUrls"] = array();
- $_SESSION["owsproxyUrls"]["id"] = array();
- $_SESSION["owsproxyUrls"]["url"] = array();
- }
- $pattern = "/[\"|\'](https*:\/\/[^\"|^\']*)[\"|\']/";
- preg_match_all($pattern,$content,$matches);
- for($i=0; $i<count($matches[1]); $i++){
- $req = $matches[1][$i];
- $notice = new mb_notice("owsproxy found URL ".$i.": ".$req);
- #$notice = new mb_notice("owsproxy id:".$req);
- $id = registerURL($req);
- $extReq = setExternalRequest($id);
- $notice = new mb_notice("MD5 URL ".$id." - external link: ".$extReq);
- $content = str_replace($req,$extReq,$content);
- }
- return $content;
-}
-
-function setExternalRequest($id){
- global $reqParams,$query;
-// $extReq = "http://".$_SESSION['HTTP_HOST'] ."/owsproxy/". $reqParams['sid'] ."/".$id."?request=external";
- $extReq = OWSPROXY ."/". $reqParams['sid'] ."/".$id."?request=external";
- return $extReq;
-}
-function getExternalRequest($id){
- for($i=0; $i<count($_SESSION["owsproxyUrls"]["url"]); $i++){
- if($id == $_SESSION["owsproxyUrls"]["id"][$i]){
- $cUrl = $_SESSION["owsproxyUrls"]["url"][$i];
- $query_string = removeOWSGetParams($_SERVER["QUERY_STRING"]);
- if($query_string != ''){
- $cUrl .= getConjunctionCharacter($cUrl).$query_string;
- }
- $metainfo = get_headers($cUrl,1);
- // just for the stupid InternetExplorer
- header('Pragma: private');
- header('Cache-control: private, must-revalidate');
-
- header("Content-Type: ".$metainfo['Content-Type']);
-
- $content = getDocumentContent($cUrl);
- #$content = matchUrls($content);
- echo $content;
- }
- }
-}
-function removeOWSGetParams($query_string){
- $r = preg_replace("/.*request=external&/","",$query_string);
- #return $r;
- return "";
-}
-function getConjunctionCharacter($url){
- if(strpos($url,"?")){
- if(strpos($url,"?") == strlen($url)){
- $cchar = "";
- }else if(strpos($url,"&") == strlen($url)){
- $cchar = "";
- }else{
- $cchar = "&";
- }
- }
- if(strpos($url,"?") === false){
- $cchar = "?";
- }
- return $cchar;
-}
-function registerUrl($url){
- if(!in_array($url,$_SESSION["owsproxyUrls"]["url"])){
- $id = md5($url);
- array_push($_SESSION["owsproxyUrls"]["url"],$url);
- array_push($_SESSION["owsproxyUrls"]["id"], $id);
- }
- else{
- for($i=0; $i<count($_SESSION["owsproxyUrls"]["url"]); $i++){
- if($url == $_SESSION["owsproxyUrls"]["url"][$i]){
- $id = $_SESSION["owsproxyUrls"]["id"][$i];
- }
- }
- }
- return $id;
-}
-function getCapabilities($url){
- global $arrayOnlineresources;
- global $sid,$wms;
- $t = array(htmlentities($arrayOnlineresources["wms_getcapabilities"]),htmlentities($arrayOnlineresources["wms_getmap"]),htmlentities($arrayOnlineresources["wms_getfeatureinfo"]));
- $new = OWSPROXY ."/". $sid ."/".$wms."?";
- $r = str_replace($t,$new,$arrayOnlineresources["wms_getcapabilities_doc"]);
- header("Content-Type: application/xml");
- echo $r;
-}
-
-/**
- * gets the original url of the requested legend graphic
- *
- * @param string owsproxy md5
- * @return string url to legend graphic
- */
-function getLegendUrl($wms){
- global $reqParams;
- //get wms id
- $sql = "SELECT * FROM wms WHERE wms_owsproxy = $1";
- $v = array($wms);
- $t = array("s");
- $res = db_prep_query($sql, $v, $t);
- if($row = db_fetch_array($res)) {
- $wmsid = $row["wms_id"];
- } else {
- throwE(array("No wms data available."));
- die();
- }
- //get the url
- $sql = "SELECT layer_style.legendurl ";
- $sql .= "FROM layer_style JOIN layer ";
- $sql .= "ON layer_style.fkey_layer_id = layer.layer_id ";
- $sql .= "WHERE layer.layer_name = $2 AND layer.fkey_wms_id = $1 ";
- $sql .= "AND layer_style.name = $3 AND layer_style.legendurlformat = $4";
- $v = array($wmsid, $reqParams['layer'], $reqParams['style'], $reqParams['format']);
- $t = array("i", "s", "s", "s");
- $res = db_prep_query($sql, $v, $t);
- if($row = db_fetch_array($res))
- return $row["legendurl"];
- else{
- throwE(array("No legend available."));
- die();
- }
-}
-/**
- * validated access permission on requested wms
- *
- * @param string OWSPROXY md5
- * @return array array with detailed information about requested wms
- */
-function checkWmsPermission($wms){
- global $con, $n;
- $myguis = $n->getGuisByPermission($_SESSION["mb_user_id"],true);
- $mywms = $n->getWmsByOwnGuis($myguis);
- $sql = "SELECT * FROM wms WHERE wms_owsproxy = $1";
- $v = array($wms);
- $t = array("s");
- $res = db_prep_query($sql, $v, $t);
- $service = array();
- if($row = db_fetch_array($res)){
- $service["wms_id"] = $row["wms_id"];
- $service["wms_getcapabilities"] = $row["wms_getcapabilities"];
- $service["wms_getmap"] = $row["wms_getmap"];
- $service["wms_getfeatureinfo"] = $row["wms_getfeatureinfo"];
- $service["wms_getcapabilities_doc"] = $row["wms_getcapabilities_doc"];
- }
-
- if(!$row || count($mywms) == 0){
- throwE(array("No wms data available."));
- die();
- }
-
- if(!in_array($service["wms_id"], $mywms)){
- throwE(array("Permission denied."," -> ".$service["wms_id"], implode(",", $mywms)));
- die();
- }
- return $service;
-}
-/**
- * validates the access permission by getting the appropriate wfs_conf
- * to each feature requested and check the wfs_conf permission
- *
- * @param string owsproxy md5
- * @param array array of requested featuretype names
- * @return array array with detailed information on reqested wfs
- */
-function checkWfsPermission($wfsOws, $features){
- global $con, $n;
- $myconfs = $n->getWfsConfByPermission($_SESSION["mb_user_id"]);
-
- //check if we know the features requested
- if(count($features) == 0){
- throwE(array("No wfs_feature data available."));
- die();
- }
-
- //get wfs
- $sql = "SELECT * FROM wfs WHERE wfs_owsproxy = $1";
- $v = array($wfsOws);
- $t = array("s");
- $res = db_prep_query($sql, $v, $t);
- $service = array();
- if($row = db_fetch_array($res)){
- $service["wfs_id"] = $row["wfs_id"];
- $service["wfs_getcapabilities"] = $row["wfs_getcapabilities"];
- $service["wfs_getfeature"] = $row["wfs_getfeature"];
- $service["wfs_describefeaturetype"] = $row["wfs_describefeaturetype"];
- $service["wfs_transaction"] = $row["wfs_transaction"];
- $service["wfs_getcapabilities_doc"] = $row["wfs_getcapabilities_doc"];
- }
- else{
- throwE(array("No wfs data available."));
- die();
- }
-
- foreach($features as $feature){
-
- //get appropriate wfs_conf
- $sql = "SELECT wfs_conf.wfs_conf_id FROM wfs_conf ";
- $sql.= "JOIN wfs_featuretype ";
- $sql.= "ON wfs_featuretype.featuretype_id = wfs_conf.fkey_featuretype_id ";
- $sql.= "WHERE wfs_featuretype.featuretype_name = $2 ";
- $sql.= "AND wfs_featuretype.fkey_wfs_id = $1";
- $v = array($service["wfs_id"], $feature);
- $t = array("i","s");
- $res = db_prep_query($sql, $v, $t);
- if(!($row = db_fetch_array($res))){
- $notice = new mb_notice("Permissioncheck failed no wfs conf for wfs ".$service["wfs_id"]." with feturetype ".$feature);
- throwE(array("No wfs_conf data for featuretype ".$feature));
- die();
- }
- $conf_id = $row["wfs_conf_id"];
-
- //check permission
- if(!in_array($conf_id, $myconfs)){
- $notice = new mb_notice("Permissioncheck failed:".$conf_id." not in ".implode(",", $myconfs));
- throwE(array("Permission denied."," -> ".$conf_id, implode(",", $myconfs)));
- die();
- }
- }
-
- return $service;
-}
-
-function checkLayerPermission($wms_id,$l){
- global $n, $owsproxyService;
-// $notice = new mb_notice("owsproxy: checkLayerpermission: wms: ".$wms_id.", layer: ".$l);
- $myl = split(",",$l);
- $r = array();
- foreach($myl as $mysl){
- if($n->getLayerPermission($wms_id, $mysl, $_SESSION["mb_user_id"]) === true){
- array_push($r, $mysl);
- }
- }
- $ret = implode(",",$r);
- return $ret;
-}
-function getDocumentContent($url){
- if (func_num_args() == 2) { //new for HTTP Authentication
- $auth = func_get_arg(1);
- $d = new connector($url, $auth);
- }
- else {
- $d = new connector($url);
- }
-
- return $d->file;
-}
-?>
+<?php
+# $Id$
+# http://www.mapbender.org/index.php/Owsproxy
+# Module maintainer Uli
+# Copyright (C) 2002 CCGIS
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+require_once(dirname(__FILE__)."/../../core/globalSettings.php");
+require_once(dirname(__FILE__) . "/../../http/classes/class_administration.php");
+require_once(dirname(__FILE__) . "/../../http/classes/class_connector.php");
+require_once(dirname(__FILE__) . "/./classes/class_QueryHandler.php");
+/***** conf *****/
+$imageformats = array("image/png","image/gif","image/jpeg", "image/jpg");
+$width = 400;
+$height = 400;
+/***** conf *****/
+$postdata = $HTTP_RAW_POST_DATA;
+$owsproxyService = $_REQUEST['wms']; //ToDo: change this to 'service' in the apache url-rewriting
+$query = new QueryHandler();
+// an array with keys and values toLowerCase -> caseinsensitiv
+$reqParams = $query->getRequestParams();
+$e = new mb_notice("incoming request: ".OWSPROXY."/".$_REQUEST['sid']."/".$_REQUEST['wms'].$query->getRequest());
+$e = new mb_notice("owsproxy requested from: ".$_SERVER["REMOTE_ADDR"]);
+//check if proxy request came from grabbing whitelist - for grabbing
+if (!defined("OWSPROXY_SESSION_GRABBING_WHITELIST")){
+ $grabbingAllowed = true;
+}
+if (defined("OWSPROXY_SESSION_GRABBING_WHITELIST")) {
+ $whiteListArray = explode(",", OWSPROXY_SESSION_GRABBING_WHITELIST);
+ if (in_array($_SERVER["REMOTE_ADDR"], $whiteListArray)) {
+ $grabbingAllowed = true;
+ $e = new mb_notice("Grabbing allowed for IP: ".$_SERVER["REMOTE_ADDR"]);
+ } else {
+ $grabbingAllowed = false;
+ $e = new mb_notice("Grabbing not allowed for IP: ".$_SERVER["REMOTE_ADDR"]."!");
+ }
+}
+//check session
+//session_regenerate_id(TRUE);
+$e = new mb_notice("Initial session_id: ".session_id());
+//The session can be set by a given cookie value or was newly created by core/globalSettings.php
+//either empty (without mb_user_id value) - when the corresponding session file was lost or timed out
+//or filled, when there was an actual mapbender session before
+//check if mb_user_id is given and is an string with an integer:
+if(!$_SESSION['mb_user_id'] && !is_int($_SESSION['mb_user_id'])){
+ $e = new mb_notice("Newly initialized session - no logged in mapbender user!");
+}
+//Possibility to grap an existing session:
+if (defined("OWSPROXY_ALLOW_SESSION_GRABBING") && OWSPROXY_ALLOW_SESSION_GRABBING == true) {
+ if ($grabbingAllowed) {
+ //first check is to find out if a session with the current sid exists! If so use this one, if not use the current one which was generated from globalSettings.php
+ if (file_exists(ini_get('session.save_path')."/sess_".$_REQUEST["sid"]) && session_id() !== $_REQUEST["sid"]) {
+ //there is a current session for the requested url
+ $e = new mb_notice("A current session exists for this url and will be used!");
+ $oldsessionId = session_id();
+ $tmpSessionFile = ini_get('session.save_path')."/sess_".session_id();
+ //do the following only, if a user is in this session - maybe it is a session which was generated from an external application and therefor it is empty!
+ session_id($_REQUEST["sid"]);
+ $e = new mb_notice("Grabbed session with id: ".session_id());
+ //kill dynamical session
+ //@unlink($tmpSessionFile);
+ $e = new mb_notice("Following user was found and will be used for authorization: ".Mapbender::session()->get('mb_user_id'));
+ $foundUserId = Mapbender::session()->get('mb_user_id');
+ if (!isset($foundUserId) || $foundUserId =='') {
+ $e = new mb_notice("No user found in the existing session - switch to the old one!");
+ session_id($oldsessionId);
+ } else {
+ //delete session as it will not be needed any longer
+ $e = new mb_notice("Following no longer needed session will be deleted: ".$tmpSessionFile);
+ @unlink($tmpSessionFile);
+ }
+ }
+ }
+}
+//check if current session has the same id as the session which is requested in the owsproxy url
+//exchange them, if they differ and redirect to an new one with the current session
+if (session_id() !== $_REQUEST["sid"]) {
+ //get all request params which are original
+ //build reuquest
+ $redirectUrl = OWSPROXY."/".session_id()."/".$_REQUEST['wms'].$query->getRequest();
+ $e = new mb_notice("IDs differ - redirect to new owsproxy url: ".$redirectUrl);
+ header("Location: ".$redirectUrl);
+ die();
+} else {
+ $e = new mb_notice("Current session_id() identical to requested SID!");
+}
+//this is the request which may have been redirected
+//check for given user session with user_id which can be tested again the authorization
+if(!$_SESSION['mb_user_id']){
+ $e = new mb_notice("user_id not found in session");
+ //if configured in mapbender.conf, create guest session so that also proxied service can be watched in external applications when they are available to the anonymous user
+ //only possible for webapplications - in case of desktop applications the user have to use his credentials and http_auth module
+ if (defined("OWSPROXY_ALLOW_PUBLIC_USER") && OWSPROXY_ALLOW_PUBLIC_USER && defined("PUBLIC_USER") && PUBLIC_USER != "") {
+ //setSession();
+ Mapbender::session()->set("mb_user_id",PUBLIC_USER);
+ Mapbender::session()->set("external_proxy_user",true);
+ Mapbender::session()->set("mb_user_ip",$_SERVER['REMOTE_ADDR']);
+ //Define name of temporal session file. This file can be deleted after the request was successful. It will be generated every time again.
+ $tmpSessionFile = ini_get('session.save_path')."/sess_".session_id();
+ $e = new mb_notice("Permission allowed for public user with id: ".PUBLIC_USER);
+ } else {
+ $e = new mb_notice("Permission denied - public user not allowed to access ressource!");
+ //kill actual session file
+ $tmpSessionFile = ini_get('session.save_path')."/sess_".session_id();
+ $e = new mb_notice("delete temporary session file: ".$tmpSessionFile);
+ @unlink($tmpSessionFile);
+ throwE(array("Permission denied"," - no current session found and ","public user not allowed to access ressource!"));
+ die();
+ }
+} else {
+ $e= new mb_notice("mb_user_id found in session: ".$_SESSION['mb_user_id']);
+}
+//start the session to be able to write urls to it - for
+session_start();//maybe it was started by globalSettings.php
+$n = new administration;
+//Extra security - IP check
+if (defined("OWSPROXY_BIND_IP") && OWSPROXY_BIND_IP == true) {
+ if($_SESSION['mb_user_ip'] != $_SERVER['REMOTE_ADDR']){
+ throwE(array("Session not identified.","Permission denied.","Please authenticate."));
+ die();
+ }
+}
+$e = new mb_notice("user id for authorization test: ".$_SESSION['mb_user_id']);
+$wmsId = $n->getWmsIdFromOwsproxyString($query->getOwsproxyServiceId());
+//get authentication infos if they are available in wms table! if not $auth = false
+$auth = $n->getAuthInfoOfWMS($wmsId);
+if ($auth['auth_type']==''){
+ unset($auth);
+}
+/************* workflow ************/
+$n = new administration();
+switch (strtolower($reqParams['request'])) {
+ case 'getcapabilities':
+ $arrayOnlineresources = checkWmsPermission($query->getOwsproxyServiceId());
+ $query->setOnlineResource($arrayOnlineresources['wms_getcapabilities']);
+ $request = $query->getRequest();
+ if(isset($auth)){
+ getCapabilities($request,$auth);
+ #$mb_exception = new mb_exception("auth: ".$auth['auth_type']);
+ }
+ else {
+ getCapabilities($request);
+ }
+ break;
+ case 'getfeatureinfo':
+ $arrayOnlineresources = checkWmsPermission($query->getOwsproxyServiceId());
+ $query->setOnlineResource($arrayOnlineresources['wms_getfeatureinfo']);
+ $request = $query->getRequest();
+ if(isset($auth)){
+ getFeatureInfo($request,$auth);
+ }
+ else {
+ getFeatureInfo($request);
+ }
+ break;
+ case 'getmap':
+ $arrayOnlineresources = checkWmsPermission($owsproxyService);
+ $query->setOnlineResource($arrayOnlineresources['wms_getmap']);
+ $layers = checkLayerPermission($arrayOnlineresources['wms_id'],$reqParams['layers']);
+ if($layers===""){
+ throwE("Permission denied");
+ die();
+ }
+ $query->setParam("layers",urldecode($layers));//the decoding of layernames dont make problems - but not really good names will be requested also ;-)
+ $request = $query->getRequest();
+ #log proxy requests
+ if($n->getWmsLogTag($arrayOnlineresources['wms_id'])==1) {
+ #do log to db
+ #TODO read out size of bbox and calculate price
+ #get price out of db
+ $price=intval($n->getWmsPrice($arrayOnlineresources['wms_id']));
+ $n->logWmsProxyRequest($arrayOnlineresources['wms_id'],$_SESSION['mb_user_id'],$request,$price);
+ }
+ if(isset($auth)){
+ getImage($request,$auth);
+ }
+ else {
+ getImage($request);
+ }
+ break;
+ case 'map':
+ $arrayOnlineresources = checkWmsPermission($owsproxyService);
+ $query->setOnlineResource($arrayOnlineresources['wms_getmap']);
+ $layers = checkLayerPermission($arrayOnlineresources['wms_id'],$reqParams['layers']);
+ if($layers===""){
+ throwE("Permission denied");
+ die();
+ }
+ $query->setParam("layers",urldecode($layers));
+ $request = $query->getRequest();
+ if(isset($auth)){
+ getImage($url,$auth);
+ }
+ else {
+ getImage($url);
+ }
+ break;
+ case 'getlegendgraphic':
+ $url = getLegendUrl($query->getOwsproxyServiceId());
+ if (isset ($reqParams['sld']) && $reqParams['sld'] != "") {
+ $url = $url . getConjunctionCharacter($url) . "SLD=".$reqParams['sld'];
+ }
+ if(isset($auth)){
+ getImage($url,$auth);
+ }
+ else {
+ getImage($url);
+ }
+ break;
+ case 'external':
+ getExternalRequest($query->getOwsproxyServiceId());
+ break;
+ case 'getfeature':
+ $arrayFeatures = array($reqParams['typename']);
+ $arrayOnlineresources = checkWfsPermission($query->getOwsproxyServiceId(), $arrayFeatures);
+ $query->setOnlineResource($arrayOnlineresources['wfs_getfeature']);
+ $request = $query->getRequest();
+ $request = stripslashes($request);
+ getFeature($request);
+ break;
+ // case wfs transaction (because of raw POST the request param is empty)
+ case '':
+ $arrayFeatures = getWfsFeaturesFromTransaction($HTTP_RAW_POST_DATA);
+ $arrayOnlineresources = checkWfsPermission($query->getOwsproxyServiceId(), $arrayFeatures);
+ $query->setOnlineResource($arrayOnlineresources['wfs_transaction']);
+ $request = $query->getRequest();
+ doTransaction($request, $HTTP_RAW_POST_DATA);
+ break;
+ default:
+
+}
+if (isset($tmpSessionFile) && file_exists($tmpSessionFile)) {
+ $e = new mb_exception("Following no longer needed session will be deleted: ".$tmpSessionFile);
+ @unlink($tmpSessionFile);
+}
+/*********************************************************/
+function throwE($e){
+ global $reqParams, $imageformats;
+ if(in_array($reqParams['format'],$imageformats)){
+ throwImage($e);
+ }
+ else{
+ throwText($e);
+ }
+}
+
+function throwImage($e){
+ global $width,$height;
+ $image = imagecreate($width,$height);
+ $transparent = ImageColorAllocate($image,155,155,155);
+ ImageFilledRectangle($image,0,0,$width,$height,$transparent);
+ imagecolortransparent($image, $transparent);
+ $text_color = ImageColorAllocate ($image, 233, 14, 91);
+ if (count($e) > 1){
+ for($i=0; $i<count($e); $i++){
+ $imageString = $e[$i];
+ ImageString ($image, 3, 5, $i*20, $imageString, $text_color);
+ }
+ } else {
+ if (is_array($e)) {
+ $imageString = $e[0];
+ } else {
+ $imageString = $e;
+ }
+ if ($imageString == "") {
+ $imageString = "An unknown error occured!";
+ }
+ ImageString ($image, 3, 5, $i*20, $imageString, $text_color);
+ }
+ responseImage($image);
+}
+function throwText($e){
+ echo join(" ", $e);
+}
+function responseImage($im){
+ global $reqParams;
+ $format = $reqParams['format'];
+ $format="image/gif";
+ if($format == 'image/png'){header("Content-Type: image/png");}
+ if($format == 'image/jpeg' || $format == 'image/jpg'){header("Content-Type: image/jpeg");}
+ if($format == 'image/gif'){header("Content-Type: image/gif");}
+
+ if($format == 'image/png'){imagepng($im);}
+ if($format == 'image/jpeg' || $format == 'image/jpg'){imagejpeg($im);}
+ if($format == 'image/gif'){imagegif($im);}
+}
+function completeURL($url){
+ global $reqParams;
+ $mykeys = array_keys($reqParams);
+ for($i=0; $i<count($mykeys);$i++){
+ if($i > 0){ $url .= "&"; }
+ $url .= $mykeys[$i]."=".urlencode($reqParams[$mykeys[$i]]);
+ }
+ return $url;
+}
+
+/**
+ * fetch and returns an image to client
+ *
+ * @param string the original url of the image to send
+ */
+
+function getImage($or){
+ global $reqParams;
+ header("Content-Type: ".$reqParams['format']);
+ #log the image_requests to database
+ #log the following to table mb_proxy_log
+ #timestamp,user_id,getmaprequest,amount pixel,price - but do this only for wms to log - therefor first get log tag out of wms!
+ #
+ #
+ if (func_num_args() == 2) { //new for HTTP Authentication
+ $auth = func_get_arg(1);
+ echo getDocumentContent($or,$auth);
+ }
+ else
+ {
+ echo getDocumentContent($or);
+ }
+
+}
+
+/**
+ * fetchs and returns the content of the FeatureInfo Response
+ *
+ * @param string the url of the FeatureInfoRequest
+ * @return string the content of the FeatureInfo document
+ */
+function getFeatureInfo($url){
+ global $reqParams;
+ //$e = new mb_notice("owsproxy: Try to fetch FeatureInfoRequest: ".$url);
+ header("Content-Type: ".$reqParams['info_format']);
+
+ if (func_num_args() == 2) { //new for HTTP Authentication
+ $auth = func_get_arg(1);
+ $content = getDocumentContent($url,$auth);
+ }
+ else {
+ $content = getDocumentContent($url);
+ }
+ $content = matchUrls($content);
+ echo $content;
+}
+
+/**
+ * fetchs and returns the content of WFS GetFeature response
+ *
+ * @param string the url of the GetFeature request
+ * @return echo the content of the GetFeature document
+ */
+function getFeature($url){
+ global $reqParams;
+
+ header("Content-Type: ".$reqParams['info_format']);
+ $content = getDocumentContent($url);
+ $content = matchUrls($content);
+ echo $content;
+}
+
+/**
+ * simulates a post request to host
+ *
+ * @param string host to send the request to
+ * @param string port of host to send the request to
+ * @param string method to send data (should be "POST")
+ * @param string path on host
+ * @param string data to send to host
+ * @return string hosts response
+ */
+
+function sendToHost($host,$port,$method,$path,$data){
+ $buf = '';
+ if (empty($method)) $method = 'POST';
+ $method = mb_strtoupper($method);
+ $fp = fsockopen($host, $port);
+ fputs($fp, "$method $path HTTP/1.1\r\n");
+ fputs($fp, "Host: $host\r\n");
+ fputs($fp,"Content-type: application/xml\r\n");
+ fputs($fp, "Content-length: " . strlen($data) . "\r\n");
+ fputs($fp, "Connection: close\r\n\r\n");
+ if ($method == 'POST') fputs($fp, $data);
+ while (!feof($fp)) $buf .= fgets($fp,4096);
+ fclose($fp);
+ return $buf;
+}
+
+/**
+ * get wfs featurenames that are touched by a tansaction request defined in XML $data
+ *
+ * @param string XML that contains the tansaction request
+ * @return array array of touched feature names
+ */
+
+function getWfsFeaturesFromTransaction($data){
+ new mb_notice("owsproxy.getWfsFeaturesFromTransaction.data: ".$data);
+ if(!$data || $data == ""){
+ return false;
+ }
+ $features = array();
+ $values = NULL;
+ $tags = NULL;
+ $parser = xml_parser_create();
+ xml_parser_set_option($parser,XML_OPTION_CASE_FOLDING,0);
+ xml_parser_set_option($parser,XML_OPTION_SKIP_WHITE,1);
+ xml_parse_into_struct($parser,$data,$values,$tags);
+
+ $code = xml_get_error_code ($parser);
+ if ($code) {
+ $line = xml_get_current_line_number($parser);
+ $col = xml_get_current_column_number($parser);
+ $mb_exception = new mb_exception("OWSPROXY invalid Tansaction XML: ".xml_error_string($code) . " in line " . $line. " at character ". $col);
+ die();
+ }
+ xml_parser_free($parser);
+
+ $insert = false;
+ $insertlevel = 0;
+ foreach ($values as $element) {
+ //features touched by insert
+ if(strtoupper($element[tag]) == "WFS:INSERT" && $element[type] == "open"){
+ $insert = true;
+ $insertlevel = $element[level];
+ }
+ if($insert && $element[level] == $insertlevel + 1 && $element[type] == "open"){
+ array_push($features, $element[tag]);
+ }
+ if(strtoupper($element[tag]) == "WFS:INSERT" && $element[type] == "close"){
+ $insert = false;
+ }
+ //updated features
+ if(strtoupper($element[tag]) == "WFS:UPDATE" && $element[type] == "open"){
+ array_push($features, $element[attributes]["typeName"]);
+ }
+ //deleted features
+ if(strtoupper($element[tag]) == "WFS:DELETE" && $element[type] == "open"){
+ array_push($features, $element[attributes]["typeName"]);
+ }
+ }
+ return $features;
+}
+
+/**
+ * sends the data of WFS Transaction and echos the response
+ *
+ * @param string url to send the WFS Transaction to
+ * @param string WFS Transaction data
+ */
+
+function doTransaction($url, $data){
+ $arURL = parse_url($url);
+ $host = $arURL["host"];
+ $port = $arURL["port"];
+ if($port == '') $port = 80;
+
+ $path = $arURL["path"];
+ $method = "POST";
+ $result = sendToHost($host,$port,$method,html_entity_decode($path),$data);
+
+ //delete header from result
+ $result = mb_eregi_replace("^[^<]*", "", $result);
+ $result = mb_eregi_replace("[^>]*$", "", $result);
+
+ echo $result;
+}
+
+function matchUrls($content){
+ if(!session_is_registered("owsproxyUrls")){ //TODO: exchange function, because it is deprecated and will not longer be supported by php 5.4!
+ $_SESSION["owsproxyUrls"] = array();
+ $_SESSION["owsproxyUrls"]["id"] = array();
+ $_SESSION["owsproxyUrls"]["url"] = array();
+ }
+ $pattern = "/[\"|\'](https*:\/\/[^\"|^\']*)[\"|\']/";
+ preg_match_all($pattern,$content,$matches);
+ for($i=0; $i<count($matches[1]); $i++){
+ $req = $matches[1][$i];
+ $notice = new mb_notice("owsproxy found URL ".$i.": ".$req);
+ #$notice = new mb_notice("owsproxy id:".$req);
+ $id = registerURL($req);
+ $extReq = setExternalRequest($id);
+ $notice = new mb_notice("MD5 URL ".$id." - external link: ".$extReq);
+ $content = str_replace($req,$extReq,$content);
+ }
+ return $content;
+}
+
+function setExternalRequest($id){
+ global $reqParams,$query;
+// $extReq = "http://".$_SESSION['HTTP_HOST'] ."/owsproxy/". $reqParams['sid'] ."/".$id."?request=external";
+ $extReq = OWSPROXY ."/". $reqParams['sid'] ."/".$id."?request=external";
+ return $extReq;
+}
+function getExternalRequest($id){
+ for($i=0; $i<count($_SESSION["owsproxyUrls"]["url"]); $i++){
+ if($id == $_SESSION["owsproxyUrls"]["id"][$i]){
+ $cUrl = $_SESSION["owsproxyUrls"]["url"][$i];
+ $query_string = removeOWSGetParams($_SERVER["QUERY_STRING"]);
+ if($query_string != ''){
+ $cUrl .= getConjunctionCharacter($cUrl).$query_string;
+ }
+ $metainfo = get_headers($cUrl,1);
+ // just for the stupid InternetExplorer
+ header('Pragma: private');
+ header('Cache-control: private, must-revalidate');
+
+ header("Content-Type: ".$metainfo['Content-Type']);
+
+ $content = getDocumentContent($cUrl);
+ #$content = matchUrls($content);
+ echo $content;
+ }
+ }
+}
+function removeOWSGetParams($query_string){
+ $r = preg_replace("/.*request=external&/","",$query_string);
+ #return $r;
+ return "";
+}
+function getConjunctionCharacter($url){
+ if(strpos($url,"?")){
+ if(strpos($url,"?") == strlen($url)){
+ $cchar = "";
+ }else if(strpos($url,"&") == strlen($url)){
+ $cchar = "";
+ }else{
+ $cchar = "&";
+ }
+ }
+ if(strpos($url,"?") === false){
+ $cchar = "?";
+ }
+ return $cchar;
+}
+function registerUrl($url){
+ if(!in_array($url,$_SESSION["owsproxyUrls"]["url"])){
+ $id = md5($url);
+ array_push($_SESSION["owsproxyUrls"]["url"],$url);
+ array_push($_SESSION["owsproxyUrls"]["id"], $id);
+ }
+ else{
+ for($i=0; $i<count($_SESSION["owsproxyUrls"]["url"]); $i++){
+ if($url == $_SESSION["owsproxyUrls"]["url"][$i]){
+ $id = $_SESSION["owsproxyUrls"]["id"][$i];
+ }
+ }
+ }
+ return $id;
+}
+function getCapabilities($url){
+ global $arrayOnlineresources;
+ global $sid,$wms;
+ $t = array(htmlentities($arrayOnlineresources["wms_getcapabilities"]),htmlentities($arrayOnlineresources["wms_getmap"]),htmlentities($arrayOnlineresources["wms_getfeatureinfo"]));
+ $new = OWSPROXY ."/". $sid ."/".$wms."?";
+ $r = str_replace($t,$new,$arrayOnlineresources["wms_getcapabilities_doc"]);
+ header("Content-Type: application/xml");
+ echo $r;
+}
+
+/**
+ * gets the original url of the requested legend graphic
+ *
+ * @param string owsproxy md5
+ * @return string url to legend graphic
+ */
+function getLegendUrl($wms){
+ global $reqParams;
+ //get wms id
+ $sql = "SELECT * FROM wms WHERE wms_owsproxy = $1";
+ $v = array($wms);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
+ if($row = db_fetch_array($res)) {
+ $wmsid = $row["wms_id"];
+ $getLegendUrl = $row["wms_getlegendurl"];
+ } else {
+ throwE(array("No wms data available."));
+ die();
+ }
+ //get the url
+ $sql = "SELECT layer_style.legendurl ";
+ $sql .= "FROM layer_style JOIN layer ";
+ $sql .= "ON layer_style.fkey_layer_id = layer.layer_id ";
+ $sql .= "WHERE layer.layer_name = $2 AND layer.fkey_wms_id = $1 ";
+ $sql .= "AND layer_style.name = $3 AND layer_style.legendurlformat = $4";
+ $v = array($wmsid, $reqParams['layer'], $reqParams['style'], $reqParams['format']);
+ $t = array("i", "s", "s", "s");
+ $res = db_prep_query($sql, $v, $t);
+ if($row = db_fetch_array($res)) {
+ if (strpos($row["legendurl"],'http') !== 0) {
+ $e = new mb_notice("combine legendurls!");
+ return $getLegendUrl.$row["legendurl"];
+ }
+ return $row["legendurl"];
+ } else {
+ throwE(array("No legend available."));
+ die();
+ }
+}
+/**
+ * validated access permission on requested wms
+ *
+ * @param string OWSPROXY md5
+ * @return array array with detailed information about requested wms
+ */
+function checkWmsPermission($wms){
+ global $con, $n;
+ $myguis = $n->getGuisByPermission($_SESSION["mb_user_id"],true);
+ $mywms = $n->getWmsByOwnGuis($myguis);
+ $sql = "SELECT * FROM wms WHERE wms_owsproxy = $1";
+ $v = array($wms);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
+ $service = array();
+ if($row = db_fetch_array($res)){
+ $service["wms_id"] = $row["wms_id"];
+ $service["wms_getcapabilities"] = $row["wms_getcapabilities"];
+ $service["wms_getmap"] = $row["wms_getmap"];
+ $service["wms_getfeatureinfo"] = $row["wms_getfeatureinfo"];
+ $service["wms_getcapabilities_doc"] = $row["wms_getcapabilities_doc"];
+ }
+
+ if(!$row || count($mywms) == 0){
+ throwE(array("No wms data available."));
+ die();
+ }
+
+ if(!in_array($service["wms_id"], $mywms)){
+ throwE(array("Permission denied."," -> ".$service["wms_id"], implode(",", $mywms)));
+ die();
+ }
+ return $service;
+}
+/**
+ * validates the access permission by getting the appropriate wfs_conf
+ * to each feature requested and check the wfs_conf permission
+ *
+ * @param string owsproxy md5
+ * @param array array of requested featuretype names
+ * @return array array with detailed information on reqested wfs
+ */
+function checkWfsPermission($wfsOws, $features){
+ global $con, $n;
+ $myconfs = $n->getWfsConfByPermission($_SESSION["mb_user_id"]);
+
+ //check if we know the features requested
+ if(count($features) == 0){
+ throwE(array("No wfs_feature data available."));
+ die();
+ }
+
+ //get wfs
+ $sql = "SELECT * FROM wfs WHERE wfs_owsproxy = $1";
+ $v = array($wfsOws);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
+ $service = array();
+ if($row = db_fetch_array($res)){
+ $service["wfs_id"] = $row["wfs_id"];
+ $service["wfs_getcapabilities"] = $row["wfs_getcapabilities"];
+ $service["wfs_getfeature"] = $row["wfs_getfeature"];
+ $service["wfs_describefeaturetype"] = $row["wfs_describefeaturetype"];
+ $service["wfs_transaction"] = $row["wfs_transaction"];
+ $service["wfs_getcapabilities_doc"] = $row["wfs_getcapabilities_doc"];
+ }
+ else{
+ throwE(array("No wfs data available."));
+ die();
+ }
+
+ foreach($features as $feature){
+
+ //get appropriate wfs_conf
+ $sql = "SELECT wfs_conf.wfs_conf_id FROM wfs_conf ";
+ $sql.= "JOIN wfs_featuretype ";
+ $sql.= "ON wfs_featuretype.featuretype_id = wfs_conf.fkey_featuretype_id ";
+ $sql.= "WHERE wfs_featuretype.featuretype_name = $2 ";
+ $sql.= "AND wfs_featuretype.fkey_wfs_id = $1";
+ $v = array($service["wfs_id"], $feature);
+ $t = array("i","s");
+ $res = db_prep_query($sql, $v, $t);
+ if(!($row = db_fetch_array($res))){
+ $notice = new mb_notice("Permissioncheck failed no wfs conf for wfs ".$service["wfs_id"]." with feturetype ".$feature);
+ throwE(array("No wfs_conf data for featuretype ".$feature));
+ die();
+ }
+ $conf_id = $row["wfs_conf_id"];
+
+ //check permission
+ if(!in_array($conf_id, $myconfs)){
+ $notice = new mb_notice("Permissioncheck failed:".$conf_id." not in ".implode(",", $myconfs));
+ throwE(array("Permission denied."," -> ".$conf_id, implode(",", $myconfs)));
+ die();
+ }
+ }
+
+ return $service;
+}
+
+function checkLayerPermission($wms_id,$l){
+ global $n, $owsproxyService;
+// $notice = new mb_notice("owsproxy: checkLayerpermission: wms: ".$wms_id.", layer: ".$l);
+ $myl = split(",",$l);
+ $r = array();
+ foreach($myl as $mysl){
+ if($n->getLayerPermission($wms_id, $mysl, $_SESSION["mb_user_id"]) === true){
+ array_push($r, $mysl);
+ }
+ }
+ $ret = implode(",",$r);
+ return $ret;
+}
+function getDocumentContent($url){
+ if (func_num_args() == 2) { //new for HTTP Authentication
+ $auth = func_get_arg(1);
+ $d = new connector($url, $auth);
+ }
+ else {
+ $d = new connector($url);
+ }
+
+ return $d->file;
+}
+?>
More information about the Mapbender_commits
mailing list