[Mapbender-commits] r8541 - in trunk/mapbender: conf core http/php owsproxy/http

svn_mapbender at osgeo.org svn_mapbender at osgeo.org
Thu Jan 17 04:51:03 PST 2013 

Author: armin11
Date: 2013-01-17 04:51:03 -0800 (Thu, 17 Jan 2013)
New Revision: 8541

Modified:
   trunk/mapbender/conf/mapbender.conf-dist
   trunk/mapbender/core/globalSettings.php
   trunk/mapbender/http/php/mb_validateSession.php
   trunk/mapbender/owsproxy/http/index.php
Log:
Allow a public user to use owsproxy secured services and some bugfixing.

Modified: trunk/mapbender/conf/mapbender.conf-dist
===================================================================
--- trunk/mapbender/conf/mapbender.conf-dist	2013-01-17 10:57:31 UTC (rev 8540)
+++ trunk/mapbender/conf/mapbender.conf-dist	2013-01-17 12:51:03 UTC (rev 8541)
@@ -60,6 +60,8 @@
 # --------------------------------------------
 define("OWSPROXY", "http://<ip or name>/owsproxy");
 define("OWSPROXY_USE_LOCALHOST", false);
+# Allow OWSPROXY to serve services which are available to the public user - a new session will be set
+define("OWSPROXY_ALLOW_PUBLIC_USER", false);
 
 # --------------------------------------------
 # Definitions for HTTP Authentication

Modified: trunk/mapbender/core/globalSettings.php
===================================================================
--- trunk/mapbender/core/globalSettings.php	2013-01-17 10:57:31 UTC (rev 8540)
+++ trunk/mapbender/core/globalSettings.php	2013-01-17 12:51:03 UTC (rev 8541)
@@ -26,10 +26,10 @@
 //
 // initiates the session-handling
 //
-session_start();
-if (defined("SESSION_NAME") && is_string(SESSION_NAME)) {
-	session_name(SESSION_NAME);
-}
+//session_start();
+//if (defined("SESSION_NAME") && is_string(SESSION_NAME)) {
+//	session_name(SESSION_NAME);
+//}
 
 //
 // Basic Mapbender classes, for session handling etc.

Modified: trunk/mapbender/http/php/mb_validateSession.php
===================================================================
--- trunk/mapbender/http/php/mb_validateSession.php	2013-01-17 10:57:31 UTC (rev 8540)
+++ trunk/mapbender/http/php/mb_validateSession.php	2013-01-17 12:51:03 UTC (rev 8541)
@@ -22,11 +22,10 @@
 $e = new mb_notice("mb_validateSession.php: checking file " . $_SERVER["SCRIPT_NAME"]);
 
 // if cookies are off
-if ($_REQUEST["sessionName"] && $_REQUEST["sessionId"]) {
+if ($_REQUEST["sessionName"] && $_REQUEST["sessionId"]) { //TODO: the request parameter won't be sessionName but maybe PHPSESSID - name of cookie! See line 101 usage of SID
 	session_name($_REQUEST["sessionName"]);
 	session_id($_REQUEST["sessionId"]);
 }
-
 //
 // check if user data is valid; if not, return to login screen
 //

Modified: trunk/mapbender/owsproxy/http/index.php
===================================================================
--- trunk/mapbender/owsproxy/http/index.php	2013-01-17 10:57:31 UTC (rev 8540)
+++ trunk/mapbender/owsproxy/http/index.php	2013-01-17 12:51:03 UTC (rev 8541)
@@ -19,10 +19,11 @@
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
 require(dirname(__FILE__) . "/../../conf/mapbender.conf");
-require(dirname(__FILE__) . "/../../http/classes/class_administration.php");
-require(dirname(__FILE__) . "/../../http/classes/class_connector.php");
+//require_once(dirname(__FILE__)."/../../core/globalSettings.php");
+require_once(dirname(__FILE__) . "/../../http/classes/class_administration.php");
+require_once(dirname(__FILE__) . "/../../http/classes/class_connector.php");
 require_once(dirname(__FILE__) . "/../../http/classes/class_mb_exception.php");
-require(dirname(__FILE__) . "/./classes/class_QueryHandler.php");
+require_once(dirname(__FILE__) . "/./classes/class_QueryHandler.php");
 
 /***** conf *****/
 $imageformats = array("image/png","image/gif","image/jpeg", "image/jpg");
@@ -38,21 +39,53 @@
 $owsproxyService = $_REQUEST['wms']; //ToDo: change this to 'service' in the apache url-rewriting
 $query = new QueryHandler();
 
-// an array with keys and values toLoserCase -> caseinsensitiv
+// an array with keys and values toLowerCase -> caseinsensitiv
 $reqParams = $query->getRequestParams();
 
 $notice = new mb_notice("owsproxy id:".$query->getOwsproxyServiceId());
 
 // check session
-session_regenerate_id();
+//session_regenerate_id(TRUE);
+session_regenerate_id(); //it will generate a session if it does not exists without any user in it!
 session_destroy();
-session_id($_REQUEST["sid"]);
-session_start();
-if(!$_SESSION['mb_user_id']){
-	$notice = new mb_notice("Permission denied");
-	throwE("Permission denied");
+//check if current session has the same id as the session which is requested in the owsproxy url
+//exchange them, if they differ and redirect to an new one with the current session
+if (session_id() !== $_REQUEST["sid"]) {
+	//get all request params which are original
+	//build reuquest
+	$redirectUrl = OWSPROXY."/".session_id()."/".$_REQUEST['wms'].$query->getRequest();
+	$e = new mb_notice("redirect to new owsproxy url: ".$redirectUrl);
+	header("Location: ".$redirectUrl);
 	die();
+} else {
+	$e = new mb_notice("Current SID identical to requested SID!");
 }
+//this is the request which may have been redirected
+//session_id($_REQUEST["sid"]);
+//session_start();//?
+//check for given user session with user_id which can be tested again the authorization
+if(!$_SESSION['mb_user_id']){
+	$e = new mb_exception("user id not found in session");
+	//if configured in mapbender.conf, create guest session so that also proxied service can be watched in external applications when they are available to the anonymous user
+	//only possible for webapplications - in case of desktop applications the user have to use his credentials and http_auth module
+	if (defined("OWSPROXY_ALLOW_PUBLIC_USER") && OWSPROXY_ALLOW_PUBLIC_USER && defined("PUBLIC_USER") && PUBLIC_USER != "") {
+		//setSession();
+  		Mapbender::session()->set("mb_user_id",PUBLIC_USER);
+		Mapbender::session()->set("external_proxy_user",true);
+		$e = new mb_notice("Permission allowed for public user with id: ".PUBLIC_USER);
+	} else {
+		$e = new mb_notice("Permission denied - public user not allowed to access ressource!");
+		//kill actual session file 
+		$tmpSessionFile = ini_get('session.save_path')."/sess_".session_id();
+		$e = new mb_notice("delete temporary session file: ".$tmpSessionFile);
+		@unlink($tmpSessionFile);
+		throwE("Permission denied - no current session found and public user not allowed to acces ressource!");
+		die();
+	}
+} else {
+	$e= new mb_notice("mb_user_id found in session: ".$_SESSION['mb_user_id']);
+}
+
 $n = new administration;
 //if($_SESSION['mb_user_ip'] != $_SERVER['REMOTE_ADDR']){
 //	throwE(array("No session data available.","Permission denied.","Please authenticate."));
@@ -70,6 +103,7 @@
 
 /*************  workflow ************/
 $n = new administration();
+
 switch (strtolower($reqParams['request'])) {
 	case 'getcapabilities':
 		$arrayOnlineresources = checkWmsPermission($query->getOwsproxyServiceId());
@@ -188,10 +222,19 @@
 	$text_color = ImageColorAllocate ($image, 233, 14, 91);
 	if (count($e) > 1){
 		for($i=0; $i<count($e); $i++){
-			ImageString ($image, 3, 5, $i*20, $e[$i], $text_color);
+			$imageString = $e[$i];
+			ImageString ($image, 3, 5, $i*20, $imageString, $text_color);
 		}
 	} else {
-		ImageString ($image, 3, 5, $i*20, $e, $text_color);
+		if (is_array($e)) {
+			$imageString = $e[0];
+		} else {
+			$imageString = $e;
+		}
+		if ($imageString == "") {
+			$imageString = "An unknown error occured!";
+		}
+		ImageString ($image, 3, 5, $i*20, $imageString, $text_color);
 	}
 	responseImage($image);
 }
@@ -529,7 +572,6 @@
 	global $con, $n;
 	$myguis = $n->getGuisByPermission($_SESSION["mb_user_id"],true);
 	$mywms = $n->getWmsByOwnGuis($myguis);
-
 	$sql = "SELECT * FROM wms WHERE wms_owsproxy = $1";
 	$v = array($wms);
 	$t = array("s");
@@ -542,6 +584,7 @@
 		$service["wms_getfeatureinfo"] = $row["wms_getfeatureinfo"];
 		$service["wms_getcapabilities_doc"] = $row["wms_getcapabilities_doc"];
 	}
+	
 	if(!$row || count($mywms) == 0){
 		throwE(array("No wms data available."));
 		die();

More information about the Mapbender_commits mailing list