[Mapbender-commits] r9380 - trunk/mapbender/http_auth/http
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Wed Jan 20 07:07:37 PST 2016
Author: armin11
Date: 2016-01-20 07:07:36 -0800 (Wed, 20 Jan 2016)
New Revision: 9380
Modified:
trunk/mapbender/http_auth/http/index.php
Log:
New possibility to secure wfs with digest authentication
Modified: trunk/mapbender/http_auth/http/index.php
===================================================================
--- trunk/mapbender/http_auth/http/index.php 2016-01-19 12:12:23 UTC (rev 9379)
+++ trunk/mapbender/http_auth/http/index.php 2016-01-20 15:07:36 UTC (rev 9380)
@@ -1,860 +1,1151 @@
-<?php
-
-require(dirname(__FILE__) . "/../../conf/mapbender.conf");
-require(dirname(__FILE__) . "/../../http/classes/class_administration.php");
-require(dirname(__FILE__) . "/../../http/classes/class_connector.php");
-require_once(dirname(__FILE__) . "/../../http/classes/class_mb_exception.php");
-require(dirname(__FILE__) . "/../../owsproxy/http/classes/class_QueryHandler.php");
-$urlsToExclude = array();
-if (is_file(dirname(__FILE__) . "/../../conf/excludeproxyurls.conf"))
-{
- require_once(dirname(__FILE__) . "/../../conf/excludeproxyurls.conf");
-}
-//database connection
-$db = db_connect($DBSERVER, $OWNER, $PW);
-db_select_db(DB, $db);
-/* * *** conf **** */
-$imageformats = array("image/png", "image/gif", "image/jpeg", "image/jpg");
-$width = 400;
-$height = 400;
-/* * *** conf **** */
-
-//control if digest auth is set, if not set, generate the challenge with getNonce()
-if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
- header('HTTP/1.1 401 Unauthorized');
- header('WWW-Authenticate: Digest realm="' . REALM .
- '",qop="auth",nonce="' . getNonce() . '",opaque="' . md5(REALM) . '"');
- die('Text to send if user hits Cancel button');
-}
-
-//read out the header in an array
-$requestHeaderArray = http_digest_parse($_SERVER['PHP_AUTH_DIGEST']);
-
-//error if header could not be read
-if (!($requestHeaderArray)) {
- echo 'Following Header information cannot be validated - check your clientsoftware!<br>';
- echo $_SERVER['PHP_AUTH_DIGEST'] . '<br>';
- die();
-}
-
-//get mb_username and email out of http_auth username string
-$userIdentification = explode(';', $requestHeaderArray['username']);
-$mbUsername = $userIdentification[0];
-$mbEmail = $userIdentification[1];
-
-$userInformation = getUserInfo($mbUsername, $mbEmail);
-
-if ($userInformation[0] == '-1') {
- die('User with name: ' . $mbUsername . ' and email: ' . $mbEmail . ' not known to security proxy!');
-}
-
-if ($userInformation[1] == '') { //check if digest exists in db - if no digest exists it should be a null string!
- die('User with name: ' . $mbUsername . ' and email: ' . $mbEmail . ' has no digest - please set a new password and try again!');
-}
-
-//first check the stale!
-if ($requestHeaderArray['nonce'] == getNonce()) {
- // Up-to-date nonce received
- $stale = false;
-} else {
- // Stale nonce received (probably more than x seconds old)
- $stale = true;
- //give another chance to authenticate
- header('HTTP/1.1 401 Unauthorized');
- header('WWW-Authenticate: Digest realm="' . REALM . '",qop="auth",nonce="' . getNonce() . '",opaque="' . md5(REALM) . '" ,stale=true');
-}
-// generate the valid response to check the request of the client
-$A1 = $userInformation[1];
-$A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $requestHeaderArray['uri']);
-$valid_response = $A1 . ':' . getNonce() . ':' . $requestHeaderArray['nc'];
-$valid_response .= ':' . $requestHeaderArray['cnonce'] . ':' . $requestHeaderArray['qop'] . ':' . $A2;
-
-$valid_response = md5($valid_response);
-
-if ($requestHeaderArray['response'] != $valid_response) {//the user have to authenticate new - cause something in the authentication went wrong
- die('Authentication failed - sorry, you have to authenticate once more!');
-}
-//if we are here - authentication has been done well!
-//let's do the proxy things (came from owsproxy.php):
-$postdata = $HTTP_RAW_POST_DATA;
-$layerId = $_REQUEST['layer_id'];
-//new option for nested layers
-$withChilds = false;
-if (isset($_REQUEST["withChilds"]) && $_REQUEST["withChilds"] === "1") {
- $withChilds = true;
-}
-
-$query = new QueryHandler();
-
-// an array with keys and values toLoserCase -> caseinsensitiv
-$reqParams = $query->getRequestParams();
-
-$n = new administration();
-
-$wmsId = getWmsIdByLayerId($layerId);
-$owsproxyString = $n->getWMSOWSstring($wmsId);
-
-if (!$owsproxyString) {
- die('The requested resource does not exists or the routing through mapbenders owsproxy is not activated!');
-}
-//get authentication infos if they are available in wms table! if not $auth = false
-$auth = $n->getAuthInfoOfWMS($wmsId);
-
-if ($auth['auth_type'] == '') {
- unset($auth);
-}
-
-$e = new mb_notice("REQUEST to HTTP_AUTH: " . strtolower($reqParams['request']));
-
-//what the proxy does
-switch (strtolower($reqParams['request'])) {
-
- case 'getcapabilities':
- $arrayOnlineresources = checkWmsPermission($wmsId, $userInformation[0]);
- $query->setOnlineResource($arrayOnlineresources['wms_getcapabilities']);
- //$request = preg_replace("/(.*)frames\/login.php/", "$1php/wms.php?layer_id=".$layerId, LOGIN);
- if (isset($_SERVER["HTTPS"])) {
- $urlPrefix = "https://";
- } else {
- $urlPrefix = "http://";
- }
- if (defined("MAPBENDER_PATH") && MAPBENDER_PATH != '') {
- $request = MAPBENDER_PATH . "/php/wms.php?layer_id=" . $layerId;
- } else {
- $request = $urlPrefix . $_SERVER['HTTP_HOST'] . "/mapbender/php/wms.php?layer_id=" . $layerId;
- }
- if ($withChilds) {
- $requestFull .= $request . '&withChilds=1&REQUEST=GetCapabilities&VERSION=1.1.1&SERVICE=WMS';
- } else {
- $requestFull .= $request . '&REQUEST=GetCapabilities&VERSION=1.1.1&SERVICE=WMS';
- }
- if (isset($auth)) {
- getCapabilities($request, $requestFull, $auth);
- } else {
- getCapabilities($request, $requestFull);
- }
- break;
- case 'getfeatureinfo':
- $arrayOnlineresources = checkWmsPermission($wmsId, $userInformation[0]);
- $query->setOnlineResource($arrayOnlineresources['wms_getfeatureinfo']);
- $request = $query->getRequest();
- $layers = checkLayerPermission($wmsId, $reqParams['layers'], $userInformation[0]);
- if ($layers == '') {
- throwE("GetFeatureInfo permission denied on layer with id" . $layerId);
- die();
- }
- //Ergaenzungen secured UMN Requests
- $log_id = false;
- if ($n->getWmsfiLogTag($arrayOnlineresources['wms_id']) == 1) {
- #do log to db
- #get price out of db
- $price = intval($n->getWmsfiPrice($arrayOnlineresources['wms_id']));
- $log_id = $n->logWmsGFIProxyRequest($arrayOnlineresources['wms_id'], $_SESSION['mb_user_id'], $request,
- $price);
- }
-
- if (isset($auth)) {
- getFeatureInfo($log_id, $request, $auth);
- } else {
- getFeatureInfo($log_id, $request);
- }
- break;
- case 'getmap':
- $arrayOnlineresources = checkWmsPermission($wmsId, $userInformation[0]);
- $query->setOnlineResource($arrayOnlineresources['wms_getmap']);
- $layers = checkLayerPermission($wmsId, $reqParams['layers'], $userInformation[0]);
- if ($layers == '') {
- throwE("GetMap permission denied on layer with id " . $layerId);
- die();
- }
- $query->setParam("layers", urldecode($layers));
- $request = $query->getRequest();
- // Ergaenzungen secured UMN Requests
- #log proxy requests
- $log_id = false;
- if ($n->getWmsLogTag($wmsId) == 1) {
- #do log to db
- #TODO read out size of bbox and calculate price
- #get price out of db
- $price = intval($n->getWmsPrice($wmsId));
- $log_id = $n->logFullWmsProxyRequest($arrayOnlineresources['wms_id'], $userInformation[0], $request, $price, 0);
- }
- if (isset($auth)) {
- getImageII($log_id, $request, $auth);
- } else {
- getImageII($log_id, $request);
- }
- break;
- case 'getlegendgraphic':
- $url = getLegendUrl($wmsId);
- if (isset($reqParams['sld']) && $reqParams['sld'] != "") {
- $url = $url . getConjunctionCharacter($url) . "SLD=" . $reqParams['sld'];
- }
- if (isset($auth)) {
- getImage($url, $auth);
- } else {
- getImage($url);
- }
- break;
- default:
- echo 'Your are logged in as: <b>' . $requestHeaderArray['username'] . '</b> and requested the layer with id=<b>' . $layerId . '</b> but your request is not a valid OWS request';
-}
-
-//functions for http_auth
-//**********************************************************************************************
-// function to parse the http auth header
-function http_digest_parse($txt)
-{
- // protect against missing data
- $needed_parts = array('nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1);
- $data = array();
- $keys = implode('|', array_keys($needed_parts));
- preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
- foreach ($matches as $m) {
- $data[$m[1]] = $m[3] ? $m[3] : $m[4];
- unset($needed_parts[$m[1]]);
- }
- return $needed_parts ? false : $data;
-}
-
-// function to get relevant user information from mb db
-function getUserInfo($mbUsername, $mbEmail)
-{
- $result = array();
- if (preg_match('#[@]#', $mbEmail)) {
- $sql = "SELECT mb_user_id, mb_user_digest FROM mb_user where mb_user_name = $1 AND mb_user_email = $2";
- $v = array($mbUsername, $mbEmail);
- $t = array("s", "s");
- } else {
- $sql = "SELECT mb_user_id, mb_user_aldigest As mb_user_digest FROM mb_user where mb_user_name = $1";
- $v = array($mbUsername);
- $t = array("s");
- }
- $res = db_prep_query($sql, $v, $t);
- if (!($row = db_fetch_array($res))) {
- $result[0] = "-1";
- } else {
- $result[0] = $row['mb_user_id'];
- $result[1] = $row['mb_user_digest'];
- }
- return $result;
-}
-
-function getNonce()
-{
- global $nonceLife;
- $time = ceil(time() / $nonceLife) * $nonceLife;
- return md5(date('Y-m-d H:i', $time) . ':' . $_SERVER['REMOTE_ADDR'] . ':' . NONCEKEY);
-}
-
-//**********************************************************************************************
-//functions of owsproxy/http/index.php
-//**********************************************************************************************
-function throwE($e)
-{
- global $reqParams, $imageformats;
-
- if (in_array($reqParams['format'], $imageformats)) {
- throwImage($e);
- } else {
- throwText($e);
- }
-}
-
-/*function throwImage($e)
-{
- global $reqParams;
- if (!$reqParams['width'] || !$reqParams['height']) { //width or height are not set by ows request - maybe for legendgraphics
- $width = 300;
- $height = 20;
- }
- $image = imagecreate($width, $height);
- $transparent = ImageColorAllocate($image, 155, 155, 155);
- ImageFilledRectangle($image, 0, 0, $width, $height, $transparent);
- imagecolortransparent($image, $transparent);
- $text_color = ImageColorAllocate($image, 233, 14, 91);
- for ($i = 0; $i < count($e); $i++) {
- ImageString($image, 3, 5, $i * 20, $e[$i], $text_color);
- }
- responseImage($image);
-}*/
-
-function throwImage($e)
-{
- global $width, $height;
- $image = imagecreate($width, $height);
- $transparent = ImageColorAllocate($image, 155, 155, 155);
- ImageFilledRectangle($image, 0, 0, $width, $height, $transparent);
- imagecolortransparent($image, $transparent);
- $text_color = ImageColorAllocate($image, 233, 14, 91);
- if (count($e) > 1) {
- for ($i = 0; $i < count($e); $i++) {
- $imageString = $e[$i];
- ImageString($image, 3, 5, $i * 20, $imageString, $text_color);
- }
- } else {
- if (is_array($e)) {
- $imageString = $e[0];
- } else {
- $imageString = $e;
- }
- if ($imageString == "") {
- $imageString = "An unknown error occured!";
- }
- ImageString($image, 3, 5, $i * 20, $imageString, $text_color);
- }
- responseImage($image);
-}
-
-function throwText($e)
-{
- echo join(" ", $e);
-}
-
-function responseImage($im)
-{
- global $reqParams;
- $format = $reqParams['format'];
- $format = "image/gif";
- if ($format == 'image/png') {
- header("Content-Type: image/png");
- }
- if ($format == 'image/jpeg' || $format == 'image/jpg') {
- header("Content-Type: image/jpeg");
- }
- if ($format == 'image/gif') {
- header("Content-Type: image/gif");
- }
- if ($format == 'image/png') {
- imagepng($im);
- }
- if ($format == 'image/jpeg' || $format == 'image/jpg') {
- imagejpeg($im);
- }
- if ($format == 'image/gif') {
- imagegif($im);
- }
-}
-
-function completeURL($url)
-{
- global $reqParams;
- $mykeys = array_keys($reqParams);
- for ($i = 0; $i < count($mykeys); $i++) {
- if ($i > 0) {
- $url .= "&";
- }
- $url .= $mykeys[$i] . "=" . urlencode($reqParams[$mykeys[$i]]);
- }
- return $url;
-}
-
-/**
- * fetch and returns an image to client
- *
- * @param string the original url of the image to send
- */
-function getImage($log_id,$or)
-{
- global $reqParams;
- header("Content-Type: " . $reqParams['format']);
- if (func_num_args() == 3) { //new for HTTP Authentication
- $auth = func_get_arg(2);
- getDocumentContent($log_id, $or, $header, $auth);
- } else {
- getDocumentContent($log_id, $or, $header);
- }
-}
-
-/**
- * fetch and returns an image to client
- *
- * @param string the original url of the image to send
- */
-function getImageII($log_id, $or)
-{
- global $reqParams;
- $header = "Content-Type: " . $reqParams['format'];
- #log the image_requests to database
- #log the following to table mb_proxy_log
- #timestamp,user_id,getmaprequest,amount pixel,price - but do this only for wms to log - therefor first get log tag out of wms!
- #
- #
- if (func_num_args() == 3) { //new for HTTP Authentication
- $auth = func_get_arg(2);
- getDocumentContentII($log_id, $or, $header, $auth);
- } else {
- getDocumentContentII($log_id, $or, $header);
- }
-}
-
-/**
- * fetchs and returns the content of the FeatureInfo Response
- *
- * @param string the url of the FeatureInfoRequest
- * @return string the content of the FeatureInfo document
- */
-function getFeatureInfo($log_id, $url)
-{
- global $reqParams;
- //$e = new mb_notice("owsproxy: Try to fetch FeatureInfoRequest: " . $url);
- //header("Content-Type: " . $reqParams['info_format']);
- if (func_num_args() == 3) { //new for HTTP Authentication
- $auth = func_get_arg(2);
- getDocumentContent($log_id, $url, false, $auth);
- } else {
- getDocumentContent($log_id, $url);
- }
-}
-
-function matchUrls($content)
-{
- //TODO: problem here, we are stateless and have no information about any session :-( . To allow proxying, we need another temporal storage for the given urls
- global $urlsToExclude;
- $owsproxyUrls = Mapbender::session()->get('owsproxyUrls');
- if ($owsproxyUrls == false) {
- $e = new mb_notice("owsproxyUrls does not exist - create it!");
- $owsproxyUrls = array();
- $owsproxyUrls['id'] = array();
- $owsproxyUrls['url'] = array();
- Mapbender::session()->set('owsproxyUrls',$owsproxyUrls);
- }
- $pattern = "/[\"|\'](https*:\/\/[^\"|^\']*)[\"|\']/";
- preg_match_all($pattern, $content, $matches);
- for ($i = 0; $i < count($matches[1]); $i++) {
- $req = $matches[1][$i];
- $e = new mb_notice("Gefundene URL " . $i . ": " . $req);
- #$notice = new mb_notice("owsproxy id:".$req);
- //only register and exchange urls, that should not be excluded!
- if (in_array($req,$urlsToExclude)) {
- continue;
- }
- $id = registerURL($req);
- $extReq = setExternalRequest($id);
- $e = new mb_exception("MD5 URL " . $id . "-Externer Link: " . $extReq);
- $content = str_replace($req, $extReq, $content);
- }
- return $content;
-}
-
-function setExternalRequest($id)
-{
- global $reqParams, $query;
- $extReq = "http://" . $_SESSION['HTTP_HOST'] . "/owsproxy/" . $reqParams['sid'] . "/" . $id . "?request=external";
- return $extReq;
-}
-
-function getExternalRequest($id)
-{
- for ($i = 0; $i < count($_SESSION["owsproxyUrls"]["url"]); $i++) {
- if ($id == $_SESSION["owsproxyUrls"]["id"][$i]) {
- $cUrl = $_SESSION["owsproxyUrls"]["url"][$i];
- $query_string = removeOWSGetParams($_SERVER["QUERY_STRING"]);
- if ($query_string != '') {
- $cUrl .= getConjunctionCharacter($cUrl) . $query_string;
- }
- $metainfo = get_headers($cUrl, 1);
- // just for the stupid InternetExplorer
- header('Pragma: private');
- header('Cache-control: private, must-revalidate');
-
- header("Content-Type: " . $metainfo['Content-Type']);
-
- $content = getDocumentContent(false, $cUrl, $metainfo);
- #$content = matchUrls($content); //In the case of http_auth - this is not possible cause we cannot save them in the header - maybe we could create a special session to do so later on?
- echo $content;
- }
- }
-}
-
-function removeOWSGetParams($query_string)
-{
- $r = preg_replace("/.*request=external&/", "", $query_string);
- #return $r;
- return "";
-}
-
-function getConjunctionCharacter($url)
-{
- if (strpos($url, "?")) {
- if (strpos($url, "?") == strlen($url)) {
- $cchar = "";
- } else if (strpos($url, "&") == strlen($url)) {
- $cchar = "";
- } else {
- $cchar = "&";
- }
- }
- if (strpos($url, "?") === false) {
- $cchar = "?";
- }
- return $cchar;
-}
-
-function registerUrl($url)
-{
- if (!in_array($url, $_SESSION["owsproxyUrls"]["url"])) {
- $e = new mb_exception("Is noch net drin!");
- $id = md5($url);
- $e = new mb_exception("ID: " . $id . " URL: " . $url . " will be written to session");
- array_push($_SESSION["owsproxyUrls"]["url"], $url);
- array_push($_SESSION["owsproxyUrls"]["id"], $id);
- } else {
- $e = new mb_exception("It was found! Search content and return ID!");
- for ($i = 0; $i < count($_SESSION["owsproxyUrls"]["url"]); $i++) {
- $e = new mb_exception("Content " . $i . " : proxyurl:" . $_SESSION["owsproxyUrls"]["url"][$i] . " - new: " . $url);
- if ($url == $_SESSION["owsproxyUrls"]["url"][$i]) {
- $e = new mb_exception("Identical! ID:" . $_SESSION["owsproxyUrls"]["id"][$i] . " will be used");
- $id = $_SESSION["owsproxyUrls"]["id"][$i];
- }
- }
- }
- return $id;
-}
-
-function getCapabilities($request, $requestFull)
-{
- global $arrayOnlineresources;
- global $layerId;
- header("Content-Type: application/xml");
- if (func_num_args() == 3) { //new for HTTP Authentication
- $auth = func_get_arg(2);
- $d = new connector($requestFull, $auth);
- } else {
- $d = new connector($requestFull);
- }
- $content = $d->file;
- //show temporal content fo capabilities
- $e = new mb_notice("content from wms.php fascade after going thru curl: " . $content);
- //loading as xml
- libxml_use_internal_errors(true);
- try {
- $capFromFascadeXmlObject = simplexml_load_string($content);
- if ($capFromFascadeXmlObject === false) {
- foreach (libxml_get_errors() as $error) {
- $err = new mb_exception("http_auth/index.php: " . $error->message);
- }
- throw new Exception("http_auth/index.php: " . 'Cannot parse Metadata XML!');
- echo "<error>http_auth/index.php: Cannot parse Capabilities XML!</error>";
- die();
- }
- } catch (Exception $e) {
- $err = new mb_exception("http_auth/index.php: " . $e->getMessage());
- echo "<error>http_auth/index.php: " . $e->getMessage() . "</error>";
- die();
- }
- //exchanging urls in some special fields
- //
- //GetCapabilities, GetMap, GetFeatureInfo, GetLegendGraphics, ...
- $capFromFascadeXmlObject->registerXPathNamespace("xlink", "http://www.w3.org/1999/xlink");
- //Mapping of urls for wms 1.1.1 which should be exchanged
- $urlsToChange = array(
- '/WMT_MS_Capabilities/Capability/Request/GetCapabilities/DCPType/HTTP/Get/OnlineResource/@xlink:href',
- '/WMT_MS_Capabilities/Capability/Request/GetCapabilities/DCPType/HTTP/Post/OnlineResource/@xlink:href',
- '/WMT_MS_Capabilities/Capability/Request/GetMap/DCPType/HTTP/Get/OnlineResource/@xlink:href',
- '/WMT_MS_Capabilities/Capability/Request/GetMap/DCPType/HTTP/Post/OnlineResource/@xlink:href',
- '/WMT_MS_Capabilities/Capability/Request/GetFeatureInfo/DCPType/HTTP/Get/OnlineResource/@xlink:href',
- '/WMT_MS_Capabilities/Capability/Request/GetFeatureInfo/DCPType/HTTP/Post/OnlineResource/@xlink:href',
- '/WMT_MS_Capabilities/Capability/Layer/Layer/Style/LegendURL/OnlineResource/@xlink:href'
- );
- foreach ($urlsToChange as $xpath) {
- $href = $capFromFascadeXmlObject->xpath($xpath);
- $e = new mb_notice("old href: " . $href[0]);
- $e = new mb_notice("href replaced: " . replaceOwsUrls($href[0], $layerId));
- $href[0][0] = replaceOwsUrls($href[0], $layerId);
- }
- echo $capFromFascadeXmlObject->asXML();
-}
-
-function replaceOwsUrls($owsUrl, $layerId)
-{
- $new = "http_auth/" . $layerId . "?";
- $pattern = "#owsproxy/[a-z0-9]{32}\/[a-z0-9]{32}\?#m";
- $httpAuthUrl = preg_replace($pattern, $new, $owsUrl);
- //replace
- //also replace the getcapabilities url with authenticated one ;-)
- if (defined("MAPBENDER_PATH") && MAPBENDER_PATH != '') {
- $wmsUrl = parse_url(MAPBENDER_PATH);
- $path = $wmsUrl['path'];
- $pattern = "#" . $path . "/php/wms.php\?layer_id=" . $layerId . "&#m";
- } else {
- $pattern = "#mapbender/php/wms.php\?layer_id=" . $layerId . "&#m";
- }
- $httpAuthUrl = preg_replace($pattern, "/" . $new, $httpAuthUrl);
- //use always https for url
- if (defined("HTTP_AUTH_PROXY") && HTTP_AUTH_PROXY != '') {
- $parsed_url = parse_url(HTTP_AUTH_PROXY);
- if ($parsed_url['scheme'] == "https") {
- $httpAuthUrl = preg_replace("#http:#", "https:", $httpAuthUrl);
- $httpAuthUrl = preg_replace("#:80/#", ":443/", $httpAuthUrl);
- }
- }
- return $httpAuthUrl;
-}
-
-/**
- * gets the original url of the requested legend graphic
- *
- * @param string owsproxy md5
- * @return string url to legend graphic
- */
-function getLegendUrl($wmsId)
-{
- global $reqParams;
- //get wms_getlegendurl
- $sql = "SELECT wms_getlegendurl FROM wms WHERE wms_id = $1";
- $v = array($wmsId);
- $t = array("i");
- $res = db_prep_query($sql, $v, $t);
- if ($row = db_fetch_array($res)) {
- $getLegendUrl = $row["wms_getlegendurl"];
- } else {
- throwE(array("No wms data available."));
- die();
- }
- //get the url
- $sql = "SELECT layer_style.legendurl ";
- $sql .= "FROM layer_style JOIN layer ";
- $sql .= "ON layer_style.fkey_layer_id = layer.layer_id ";
- $sql .= "WHERE layer.layer_name = $2 AND layer.fkey_wms_id = $1 ";
- $sql .= "AND layer_style.name = $3 AND layer_style.legendurlformat = $4";
- if ($reqParams['style'] == '') {
- $style = 'default';
- } else {
- $style = $reqParams['style'];
- }
-
- $v = array($wmsId, $reqParams['layer'], $style, $reqParams['format']);
- $t = array("i", "s", "s", "s");
- $res = db_prep_query($sql, $v, $t);
- if ($row = db_fetch_array($res)) {
- if (strpos($row["legendurl"], 'http') !== 0) {
- $e = new mb_notice("combine legendurls!");
- return $getLegendUrl . $row["legendurl"];
- }
- return $row["legendurl"];
- } else {
- throwE(array("No legendurl available."));
- die();
- }
-}
-
-/**
- * validated access permission on requested wms
- *
- * @param wmsId integer, userId - integer
- * @return array array with detailed information about requested wms
- */
-function checkWmsPermission($wmsId, $userId)
-{
- global $con, $n;
- $myguis = $n->getGuisByPermission($userId, true);
- $mywms = $n->getWmsByOwnGuis($myguis);
-
- $sql = "SELECT * FROM wms WHERE wms_id = $1";
- $v = array($wmsId);
- $t = array("s");
- $res = db_prep_query($sql, $v, $t);
- $service = array();
- if ($row = db_fetch_array($res)) {
- $service["wms_id"] = $row["wms_id"];
- $service["wms_getcapabilities"] = $row["wms_getcapabilities"];
- $service["wms_getmap"] = $row["wms_getmap"];
- $service["wms_getfeatureinfo"] = $row["wms_getfeatureinfo"];
- $service["wms_getcapabilities_doc"] = $row["wms_getcapabilities_doc"];
-// $service["wms_spatialsec"] = $row["wms_spatialsec"];
- }
- if (!$row || count($mywms) == 0) {
- throwE(array("No wms data available."));
- die();
- }
-
- if (!in_array($service["wms_id"], $mywms)) {
- throwE(array("Permission denied.", " -> " . $service["wms_id"], implode(",", $mywms)));
- die();
- }
- return $service;
-}
-
-function checkLayerPermission($wms_id, $l, $userId)
-{
- global $n, $owsproxyService;
- $e = new mb_notice("owsproxy: checkLayerpermission: wms: " . $wms_id . ", layer: " . $l . ' user_id: ' . $userId);
- $myl = explode(",", $l);
- $r = array();
- foreach ($myl as $mysl) {
- if ($n->getLayerPermission($wms_id, $mysl, $userId) === true) {
- array_push($r, $mysl);
- }
- }
- $ret = implode(",", $r);
- return $ret;
-}
-
-function getDocumentContent($log_id, $url, $header = false)
-{
- global $reqParams, $n;
- if (func_num_args() == 4) { //new for HTTP Authentication
- $auth = func_get_arg(3);
- $d = new connector($url, $auth);
- } else {
- $d = new connector($url);
- }
- $content = $d->file;
- if (strtoupper($reqParams["request"]) == "GETMAP") { // getmap
- $pattern_exc = '~EXCEPTION~i';
- preg_match($pattern_exc, $content, $exception);
- if (!$content) {
- if ($log_id != null && is_integer($log_id)) {
- $n->updateWmsLog(0, "Mb2OWSPROXY - unable to load: " . $url, "text/plain", $log_id);
- }
- header("Content-Type: text/plain");
- echo "Mb2OWSPROXY - unable to load: " . $url;
- } else if (count($exception) > 0) {
- if ($log_id != null && is_integer($log_id)) {
- $n->updateWmsLog(0, $content, $reqParams["exceptions"], $log_id);
- }
- header("Content-Type: " . $reqParams["exceptions"]);
- echo $content;
- } else {
- $source = new Imagick();
- $source->readImageBlob($content);
- $numColors = $source->getImageColors();
- if ($log_id != null && is_integer($log_id)) {
- $n->updateWmsLog($numColors <= 1 ? -1 : 1, null, null, $log_id);
- }
- header("Content-Type: " . $reqParams['format']);
- echo $content;
- }
- return true;
- } else if (strtoupper($reqParams["request"]) == "GETFEATUREINFO") { // getmap
-// header("Content-Type: ".$reqParams['info_format']);
-// $content = matchUrls($content);
-// echo $content;
- $pattern_exc = '~EXCEPTION~i';
- preg_match($pattern_exc, $content, $exception);
- if (!$content) {
- if ($log_id != null) {
- $n->updateWmsFiLog("Mb2OWSPROXY - unable to load: " . $url, "text/plain", $log_id);
- }
- header("Content-Type: text/plain");
- echo "Mb2OWSPROXY - unable to load: " . $url;
- } else if (count($exception) > 0) {
- if ($log_id != null) {
- $n->updateWmsFiLog($content, "application/xml", $log_id);
- }
- header("Content-Type: application/xml");
- echo $content;
- } else {
- header("Content-Type: " . $reqParams['info_format']);
- if ($log_id != null) {
- $n->updateWmsFiLog(null, null, $log_id);
- }
- $content = matchUrls($content);
- echo $content;
- }
- return true;
- } else if (strtoupper($reqParams["request"]) == "GETCAPABILITIES") {
- echo $content;
- } else {
- if (header !== false) {
- header($header);
- }
- echo $content;
- }
-}
-
-//**********************************************************************************************
-//extra functions TODO: push them in class_administration.php
-
-/**
- * selects the wms id for a given layer id.
- *
- * @param <integer> the layer id
- * @return <string|boolean> either the id of the wms as integer or false when none exists
- */
-function getWmsIdByLayerId($id)
-{
- $sql = "SELECT fkey_wms_id FROM layer WHERE layer_id = $1";
- $v = array($id);
- $t = array('i');
- $res = db_prep_query($sql, $v, $t);
- $row = db_fetch_array($res);
- if ($row)
- return $row["fkey_wms_id"];
- else
- return false;
-}
-
-function getDocumentContentII($log_id, $url, $header = false)
-{
- global $reqParams, $n;
- if (func_num_args() == 4) { //new for HTTP Authentication
- $auth = func_get_arg(3);
- $d = new connector($url, $auth);
- } else {
- $d = new connector($url);
- }
- $content = $d->file;
- if (strtoupper($reqParams["request"]) == "GETMAP") { // getmap
- $pattern_exc = '~EXCEPTION~i';
- preg_match($pattern_exc, $content, $exception);
- if (!$content) {
- if ($log_id != null && is_integer($log_id)) {
- $n->updateWmsLog(0, "Mb2OWSPROXY - unable to load: " . $url, "text/plain", $log_id);
- }
- header("Content-Type: text/plain");
- echo "Mb2OWSPROXY - unable to load: " . $url;
- } else if (count($exception) > 0) {
- if ($log_id != null && is_integer($log_id)) {
- $n->updateWmsLog(0, $content, $reqParams["exceptions"], $log_id);
- }
- header("Content-Type: " . $reqParams["exceptions"]);
- echo $content;
- } else {
- $source = new Imagick();
- $source->readImageBlob($content);
- $numColors = $source->getImageColors();
- if ($log_id != null && is_integer($log_id)) {
- $n->updateWmsLog($numColors <= 1 ? -1 : 1, null, null, $log_id);
- }
- header("Content-Type: " . $reqParams['format']);
- echo $content;
- }
- return true;
- } else if (strtoupper($reqParams["request"]) == "GETFEATUREINFO") { // getmap
-// header("Content-Type: ".$reqParams['info_format']);
-// $content = matchUrls($content);
-// echo $content;
- $pattern_exc = '~EXCEPTION~i';
- preg_match($pattern_exc, $content, $exception);
- if (!$content) {
- if ($log_id != null) {
- $n->updateWmsFiLog("Mb2OWSPROXY - unable to load: " . $url, "text/plain", $log_id);
- }
- header("Content-Type: text/plain");
- echo "Mb2OWSPROXY - unable to load: " . $url;
- } else if (count($exception) > 0) {
- if ($log_id != null) {
- $n->updateWmsFiLog($content, "application/xml", $log_id);
- }
- header("Content-Type: application/xml");
- echo $content;
- } else {
- header("Content-Type: " . $reqParams['info_format']);
- if ($log_id != null) {
- $n->updateWmsFiLog(null, null, $log_id);
- }
- $content = matchUrls($content);
- echo $content;
- }
- return true;
- } else {
- if (header !== false) {
- header($header);
- }
- echo $content;
- }
-}
-
-?>
+<?php
+
+# http://www.mapbender2.org/index.php/Owsproxy
+# Module maintainer armin11
+#
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+require(dirname(__FILE__) . "/../../conf/mapbender.conf");
+require(dirname(__FILE__) . "/../../http/classes/class_administration.php");
+require(dirname(__FILE__) . "/../../http/classes/class_connector.php");
+require_once(dirname(__FILE__) . "/../../http/classes/class_mb_exception.php");
+require(dirname(__FILE__) . "/../../owsproxy/http/classes/class_QueryHandler.php");
+$urlsToExclude = array();
+if (is_file(dirname(__FILE__) . "/../../conf/excludeproxyurls.conf"))
+{
+ require_once(dirname(__FILE__) . "/../../conf/excludeproxyurls.conf");
+}
+//database connection
+$db = db_connect($DBSERVER, $OWNER, $PW);
+db_select_db(DB, $db);
+
+/* * *** conf **** */
+$imageformats = array("image/png", "image/gif", "image/jpeg", "image/jpg");
+$width = 400;
+$height = 400;
+/* * *** conf **** */
+
+//special for type of authentication ******************************
+//control if digest auth is set, if not set, generate the challenge with getNonce()
+if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
+ header('HTTP/1.1 401 Unauthorized');
+ header('WWW-Authenticate: Digest realm="' . REALM .
+ '",qop="auth",nonce="' . getNonce() . '",opaque="' . md5(REALM) . '"');
+ die('Text to send if user hits Cancel button');
+}
+
+//read out the header in an array
+$requestHeaderArray = http_digest_parse($_SERVER['PHP_AUTH_DIGEST']);
+
+//error if header could not be read
+if (!($requestHeaderArray)) {
+ echo 'Following Header information cannot be validated - check your clientsoftware!<br>';
+ echo $_SERVER['PHP_AUTH_DIGEST'] . '<br>';
+ die();
+}
+
+//get mb_username and email out of http_auth username string
+$userIdentification = explode(';', $requestHeaderArray['username']);
+$mbUsername = $userIdentification[0];
+$mbEmail = $userIdentification[1]; //not given in all circumstances
+
+$userInformation = getUserInfo($mbUsername, $mbEmail);
+
+if ($userInformation[0] == '-1') {
+ die('User with name: ' . $mbUsername . ' and email: ' . $mbEmail . ' not known to security proxy!');
+}
+
+if ($userInformation[1] == '') { //check if digest exists in db - if no digest exists it should be a null string!
+ die('User with name: ' . $mbUsername . ' and email: ' . $mbEmail . ' has no digest - please set a new password and try again!');
+}
+
+//first check the stale!
+if ($requestHeaderArray['nonce'] == getNonce()) {
+ // Up-to-date nonce received
+ $stale = false;
+} else {
+ // Stale nonce received (probably more than x seconds old)
+ $stale = true;
+ //give another chance to authenticate
+ header('HTTP/1.1 401 Unauthorized');
+ header('WWW-Authenticate: Digest realm="' . REALM . '",qop="auth",nonce="' . getNonce() . '",opaque="' . md5(REALM) . '" ,stale=true');
+}
+// generate the valid response to check the request of the client
+$A1 = $userInformation[1];
+$A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $requestHeaderArray['uri']);
+$valid_response = $A1 . ':' . getNonce() . ':' . $requestHeaderArray['nc'];
+$valid_response .= ':' . $requestHeaderArray['cnonce'] . ':' . $requestHeaderArray['qop'] . ':' . $A2;
+
+$valid_response = md5($valid_response);
+
+if ($requestHeaderArray['response'] != $valid_response) {//the user have to authenticate new - cause something in the authentication went wrong
+ die('Authentication failed - sorry, you have to authenticate once more!');
+}
+//if we are here - authentication has been done well!
+//let's do the proxy things (came from owsproxy.php):
+//special for type of authentication ******************************
+
+$postdata = $HTTP_RAW_POST_DATA;
+$layerId = $_REQUEST['layer_id'];
+$wfsId = $_REQUEST['wfs_id'];
+//new option for nested layers
+$withChilds = false;
+if (isset($_REQUEST["withChilds"]) && $_REQUEST["withChilds"] === "1") {
+ $withChilds = true;
+}
+
+$query = new QueryHandler();
+
+// an array with keys and values toLoserCase -> caseinsensitiv
+$reqParams = $query->getRequestParams();
+
+$n = new administration();
+
+//check for type of ows requested
+switch (strtolower($reqParams['service'])) {
+ case 'wms':
+ //get id
+ $wmsId = getWmsIdByLayerId($layerId);
+ $owsproxyString = $n->getWMSOWSstring($wmsId);
+ $auth = $n->getAuthInfoOfWMS($wmsId);
+ break;
+ case 'wfs':
+ $owsproxyString = $n->getWFSOWSstring($wfsId);
+ $auth = $n->getAuthInfoOfWFS($wfsId);
+ break;
+}
+
+if (!$owsproxyString) {
+ die('The requested resource does not exists or the routing through mapbenders owsproxy is not activated!');
+}
+//get authentication infos if they are available in wms table! if not $auth = false
+if ($auth['auth_type'] == '') {
+ unset($auth);
+}
+
+//define $userId from database information
+$userId = $userInformation[0];
+
+/* ************ main workflow *********** */
+
+switch (strtolower($reqParams['request'])) {
+ case 'getcapabilities':
+ switch (strtolower($reqParams['service'])) {
+ case 'wfs':
+ $arrayOnlineresources = checkWfsPermission($owsproxyString, false, $userId);
+ $query->setOnlineResource($arrayOnlineresources['wfs_getcapabilities']);
+ $request = $query->getRequest();
+ $request = str_replace('?&','?',$request);
+ //TODO: following is not the standard way because ows has not to handle vsp!!!
+ $request = delTotalFromQuery("wfs_id",$request);
+ $e = new mb_exception($request);
+ if (isset($auth)) {
+ getWfsCapabilities($request, $auth);
+ } else {
+ getWfsCapabilities($request);
+ }
+ break;
+ case 'wms':
+ $arrayOnlineresources = checkWmsPermission($owsproxyString, $userId);
+ $query->setOnlineResource($arrayOnlineresources['wms_getcapabilities']);
+ if (isset($_SERVER["HTTPS"])) {
+ $urlPrefix = "https://";
+ } else {
+ $urlPrefix = "http://";
+ }
+ if (defined("MAPBENDER_PATH") && MAPBENDER_PATH != '') {
+ $request = MAPBENDER_PATH . "/php/wms.php?layer_id=" . $layerId;
+ } else {
+ $request = $urlPrefix . $_SERVER['HTTP_HOST'] . "/mapbender/php/wms.php?layer_id=" . $layerId;
+ }
+ if ($withChilds) {
+ $requestFull .= $request . '&withChilds=1&REQUEST=GetCapabilities&VERSION=1.1.1&SERVICE=WMS';
+ } else {
+ $requestFull .= $request . '&REQUEST=GetCapabilities&VERSION=1.1.1&SERVICE=WMS';
+ }
+ if (isset($auth)) {
+ getCapabilities($request, $requestFull, $auth);
+ } else {
+ getCapabilities($request, $requestFull);
+ }
+ break;
+
+ }
+ break;
+ case 'getfeatureinfo':
+ $arrayOnlineresources = checkWmsPermission($owsproxyString, $userId);
+ $query->setOnlineResource($arrayOnlineresources['wms_getfeatureinfo']);
+ $request = $query->getRequest();
+ $layers = checkLayerPermission($wmsId, $reqParams['layers'], $userId);
+ if ($layers == '') {
+ throwE("GetFeatureInfo permission denied on layer with id" . $layerId);
+ die();
+ }
+ //Ergaenzungen secured UMN Requests
+ $log_id = false;
+ if ($n->getWmsfiLogTag($arrayOnlineresources['wms_id']) == 1) {
+ #do log to db
+ #get price out of db
+ $price = intval($n->getWmsfiPrice($arrayOnlineresources['wms_id']));
+ //TODO - session is not set!!!!!!!!
+ $log_id = $n->logWmsGFIProxyRequest($arrayOnlineresources['wms_id'], $_SESSION['mb_user_id'], $request,
+ $price);
+ }
+
+ if (isset($auth)) {
+ getFeatureInfo($log_id, $request, $auth);
+ } else {
+ getFeatureInfo($log_id, $request);
+ }
+ break;
+ case 'getmap':
+ $arrayOnlineresources = checkWmsPermission($owsproxyString, $userId);
+ $query->setOnlineResource($arrayOnlineresources['wms_getmap']);
+ $layers = checkLayerPermission($wmsId, $reqParams['layers'], $userId);
+ if ($layers == '') {
+ throwE("GetMap permission denied on layer with id " . $layerId);
+ die();
+ }
+ $query->setParam("layers", urldecode($layers));
+ $request = $query->getRequest();
+ // Ergaenzungen secured UMN Requests
+ //log proxy requests
+ $log_id = false;
+ if ($n->getWmsLogTag($wmsId) == 1) {
+ #do log to db
+ #TODO read out size of bbox and calculate price
+ #get price out of db
+ $price = intval($n->getWmsPrice($wmsId));
+ $log_id = $n->logFullWmsProxyRequest($arrayOnlineresources['wms_id'], $userId, $request, $price, 0);
+ }
+ if (isset($auth)) {
+ getImage($log_id, $request, $auth);
+ } else {
+ getImage($log_id, $request);
+ }
+ break;
+ case 'getlegendgraphic':
+ $url = getLegendUrl($wmsId);
+ if (isset($reqParams['sld']) && $reqParams['sld'] != "") {
+ $url = $url . getConjunctionCharacter($url) . "SLD=" . $reqParams['sld'];
+ }
+ //$e = new mb_exception("invoked legend url: ".$url);
+ if (isset($auth)) {
+ getImage(false, $url, $auth);
+ } else {
+ getImage(false, $url);
+ }
+ break;
+ case 'getfeature':
+ $arrayFeatures = array($reqParams['typename']);
+ $arrayOnlineresources = checkWfsPermission($owsproxyString, $arrayFeatures, $userId);
+ $query->setOnlineResource($arrayOnlineresources['wfs_getfeature']);
+ $request = $query->getRequest();
+ $request = stripslashes($request);
+ if ($n->getWfsLogTag($arrayOnlineresources['wfs_id']) == 1) {
+ //get price out of db
+ $price = intval($n->getWfsPrice($arrayOnlineresources['wfs_id']));
+ $log_id = $n->logWfsProxyRequest($arrayOnlineresources['wfs_id'], $userId, $request,
+ $price, 0, $reqParams['typename']);
+ } else {
+ $log_id = false;
+ }
+ //TODO: following is not the standard way because ows has not to handle vsp!!!
+ $request = delTotalFromQuery("wfs_id",$request);
+ if (isset($auth)) {
+ getFeature($log_id, $request, $auth);
+ } else {
+ getFeature($log_id, $request);
+ }
+ break;
+ case 'describefeaturetype':
+ $arrayFeatures = array($reqParams['typename']);
+ $arrayOnlineresources = checkWfsPermission($owsproxyString, $arrayFeatures, $userId);
+ $query->setOnlineResource($arrayOnlineresources['wfs_describefeaturetype']);
+ $request = $query->getRequest();
+ $request = stripslashes($request);
+ //TODO: following is not the standard way because ows has not to handle vsp!!!
+ $request = delTotalFromQuery("wfs_id",$request);
+ if (isset($auth)) {
+ describeFeaturetype($request, $auth);
+ } else {
+ describeFeaturetype($request);
+ }
+ break;
+ case '':
+ $arrayFeatures = getWfsFeaturesFromTransaction($HTTP_RAW_POST_DATA);
+ $arrayOnlineresources = checkWfsPermission($owsproxyString, $arrayFeatures, $userId);
+ $query->setOnlineResource($arrayOnlineresources['wfs_transaction']);
+ $request = $query->getRequest();
+ //TODO: following is not the standard way because ows has not to handle vsp!!!
+ $request = delTotalFromQuery("wfs_id",$request);
+ doTransaction($request, $HTTP_RAW_POST_DATA);
+ break;
+ default:
+ echo 'Your are logged in as: <b>' . $requestHeaderArray['username'] . '</b> and requested the layer with id=<b>' . $layerId . '</b> but your request is not a valid OWS request';
+}
+
+//functions for http_auth
+//**********************************************************************************************
+// function to parse the http auth header
+function http_digest_parse($txt)
+{
+ // protect against missing data
+ $needed_parts = array('nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1);
+ $data = array();
+ $keys = implode('|', array_keys($needed_parts));
+ preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
+ foreach ($matches as $m) {
+ $data[$m[1]] = $m[3] ? $m[3] : $m[4];
+ unset($needed_parts[$m[1]]);
+ }
+ return $needed_parts ? false : $data;
+}
+
+// function to get relevant user information from mb db
+function getUserInfo($mbUsername, $mbEmail)
+{
+ $result = array();
+ if (preg_match('#[@]#', $mbEmail)) {
+ $sql = "SELECT mb_user_id, mb_user_digest FROM mb_user where mb_user_name = $1 AND mb_user_email = $2";
+ $v = array($mbUsername, $mbEmail);
+ $t = array("s", "s");
+ } else {
+ $sql = "SELECT mb_user_id, mb_user_aldigest As mb_user_digest FROM mb_user where mb_user_name = $1";
+ $v = array($mbUsername);
+ $t = array("s");
+ }
+ $res = db_prep_query($sql, $v, $t);
+ if (!($row = db_fetch_array($res))) {
+ $result[0] = "-1";
+ } else {
+ $result[0] = $row['mb_user_id'];
+ $result[1] = $row['mb_user_digest'];
+ }
+ return $result;
+}
+
+function getNonce()
+{
+ global $nonceLife;
+ $time = ceil(time() / $nonceLife) * $nonceLife;
+ return md5(date('Y-m-d H:i', $time) . ':' . $_SERVER['REMOTE_ADDR'] . ':' . NONCEKEY);
+}
+
+/*********************************************************/
+
+function throwE($e)
+{
+ global $reqParams, $imageformats;
+
+ if (in_array($reqParams['format'], $imageformats)) {
+ throwImage($e);
+ } else {
+ throwText($e);
+ }
+}
+
+function throwImage($e)
+{
+ global $width, $height;
+ $image = imagecreate($width, $height);
+ $transparent = ImageColorAllocate($image, 155, 155, 155);
+ ImageFilledRectangle($image, 0, 0, $width, $height, $transparent);
+ imagecolortransparent($image, $transparent);
+ $text_color = ImageColorAllocate($image, 233, 14, 91);
+ if (count($e) > 1) {
+ for ($i = 0; $i < count($e); $i++) {
+ $imageString = $e[$i];
+ ImageString($image, 3, 5, $i * 20, $imageString, $text_color);
+ }
+ } else {
+ if (is_array($e)) {
+ $imageString = $e[0];
+ } else {
+ $imageString = $e;
+ }
+ if ($imageString == "") {
+ $imageString = "An unknown error occured!";
+ }
+ ImageString($image, 3, 5, $i * 20, $imageString, $text_color);
+ }
+ responseImage($image);
+}
+
+function throwText($e)
+{
+ echo join(" ", $e);
+}
+
+function responseImage($im)
+{
+ global $reqParams;
+ $format = $reqParams['format'];
+ $format = "image/gif";
+ if ($format == 'image/png') {
+ header("Content-Type: image/png");
+ }
+ if ($format == 'image/jpeg' || $format == 'image/jpg') {
+ header("Content-Type: image/jpeg");
+ }
+ if ($format == 'image/gif') {
+ header("Content-Type: image/gif");
+ }
+ if ($format == 'image/png') {
+ imagepng($im);
+ }
+ if ($format == 'image/jpeg' || $format == 'image/jpg') {
+ imagejpeg($im);
+ }
+ if ($format == 'image/gif') {
+ imagegif($im);
+ }
+}
+
+function completeURL($url)
+{
+ global $reqParams;
+ $mykeys = array_keys($reqParams);
+ for ($i = 0; $i < count($mykeys); $i++) {
+ if ($i > 0) {
+ $url .= "&";
+ }
+ $url .= $mykeys[$i] . "=" . urlencode($reqParams[$mykeys[$i]]);
+ }
+ return $url;
+}
+
+/**
+ * fetch and returns an image to client
+ *
+ * @param string the original url of the image to send
+ */
+function getImage($log_id, $or)
+{
+ global $reqParams;
+ header("Content-Type: " . $reqParams['format']);
+ if (func_num_args() == 3) { //new for HTTP Authentication
+ $auth = func_get_arg(2);
+ //$e = new mb_exception("try to get: ". $or);
+ getDocumentContent($log_id, $or, $header, $auth);
+ } else {
+ //$e = new mb_exception("no auth given");
+ getDocumentContent($log_id, $or, $header);
+ }
+}
+
+/**
+ * fetchs and returns the content of the FeatureInfo Response
+ *
+ * @param string the url of the FeatureInfoRequest
+ * @return string the content of the FeatureInfo document
+ */
+function getFeatureInfo($log_id, $url)
+{
+ global $reqParams;
+ //$e = new mb_notice("owsproxy: Try to fetch FeatureInfoRequest: " . $url);
+ //header("Content-Type: " . $reqParams['info_format']);
+ if (func_num_args() == 3) { //new for HTTP Authentication
+ $auth = func_get_arg(2);
+ getDocumentContent($log_id, $url, false, $auth);
+ } else {
+ getDocumentContent($log_id, $url);
+ }
+}
+
+/**
+ * fetchs and returns the content of WFS GetFeature response
+ *
+ * @param string the url of the GetFeature request
+ * @return echo the content of the GetFeature document
+ */
+function getFeature($log_id, $url, $auth = false)
+{
+ global $reqParams;
+ $content = getDocumentContent($log_id, $url, "Content-Type: application/xml", $auth);
+}
+
+/**
+ * fetchs and returns the content of WFS DescribeFeaturetype response
+ *
+ * @param string the url of the DescribeFeaturetype request
+ * @return echo the content of the DescribeFeaturetype document
+ */
+function describeFeaturetype($url, $auth = false)
+{
+ global $reqParams;
+ $content = getDocumentContent(false, $url, "Content-Type: application/xml", $auth);
+}
+
+/**
+ * simulates a post request to host
+ *
+ * @param string host to send the request to
+ * @param string port of host to send the request to
+ * @param string method to send data (should be "POST")
+ * @param string path on host
+ * @param string data to send to host
+ * @return string hosts response
+ */
+function sendToHost($host, $port, $method, $path, $data)
+{
+ $buf = '';
+ if (empty($method))
+ $method = 'POST';
+ $method = mb_strtoupper($method);
+ $fp = fsockopen($host, $port);
+ fputs($fp, "$method $path HTTP/1.1\r\n");
+ fputs($fp, "Host: $host\r\n");
+ fputs($fp, "Content-type: application/xml\r\n");
+ fputs($fp, "Content-length: " . strlen($data) . "\r\n");
+ fputs($fp, "Connection: close\r\n\r\n");
+ if ($method == 'POST')
+ fputs($fp, $data);
+ while (!feof($fp)) $buf .= fgets($fp, 4096);
+ fclose($fp);
+ return $buf;
+}
+
+/**
+ * get wfs featurenames that are touched by a tansaction request defined in XML $data
+ *
+ * @param string XML that contains the tansaction request
+ * @return array array of touched feature names
+ */
+function getWfsFeaturesFromTransaction($data)
+{
+ new mb_notice("owsproxy.getWfsFeaturesFromTransaction.data: " . $data);
+ if (!$data || $data == "") {
+ return false;
+ }
+ $features = array();
+ $values = NULL;
+ $tags = NULL;
+ $parser = xml_parser_create();
+ xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0);
+ xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 1);
+ xml_parse_into_struct($parser, $data, $values, $tags);
+
+ $code = xml_get_error_code($parser);
+ if ($code) {
+ $line = xml_get_current_line_number($parser);
+ $col = xml_get_current_column_number($parser);
+ $mb_notice = new mb_notice("OWSPROXY invalid Tansaction XML: " . xml_error_string($code) . " in line " . $line . " at character " . $col);
+ die();
+ }
+ xml_parser_free($parser);
+
+ $insert = false;
+ $insertlevel = 0;
+ foreach ($values as $element) {
+ //features touched by insert
+ if (strtoupper($element['tag']) == "WFS:INSERT" && $element['type'] == "open") {
+ $insert = true;
+ $insertlevel = $element[level];
+ }
+ if ($insert && $element[level] == $insertlevel + 1 && $element['type'] == "open") {
+ array_push($features, $element['tag']);
+ }
+ if (strtoupper($element['tag']) == "WFS:INSERT" && $element['type'] == "close") {
+ $insert = false;
+ }
+ //updated features
+ if (strtoupper($element['tag']) == "WFS:UPDATE" && $element['type'] == "open") {
+ array_push($features, $element['attributes']["typeName"]);
+ }
+ //deleted features
+ if (strtoupper($element['tag']) == "WFS:DELETE" && $element['type'] == "open") {
+ array_push($features, $element['attributes']["typeName"]);
+ }
+ }
+ return $features;
+}
+
+/**
+ * sends the data of WFS Transaction and echos the response
+ *
+ * @param string url to send the WFS Transaction to
+ * @param string WFS Transaction data
+ */
+function doTransaction($url, $data)
+{
+ $arURL = parse_url($url);
+ $host = $arURL["host"];
+ $port = $arURL["port"];
+ if ($port == '')
+ $port = 80;
+
+ $path = $arURL["path"];
+ $method = "POST";
+ $result = sendToHost($host, $port, $method, html_entity_decode($path), $data);
+
+ //delete header from result
+ $result = mb_eregi_replace("^[^<]*", "", $result);
+ $result = mb_eregi_replace("[^>]*$", "", $result);
+
+ echo $result;
+}
+
+function matchUrls($content)
+{
+ //TODO: problem here, we are stateless and have no information about any session :-( . To allow proxying, we need another temporal storage for the given urls
+ global $urlsToExclude;
+ $owsproxyUrls = Mapbender::session()->get('owsproxyUrls');
+ if ($owsproxyUrls == false) {
+ $e = new mb_notice("owsproxyUrls does not exist - create it!");
+ $owsproxyUrls = array();
+ $owsproxyUrls['id'] = array();
+ $owsproxyUrls['url'] = array();
+ Mapbender::session()->set('owsproxyUrls',$owsproxyUrls);
+ }
+ $pattern = "/[\"|\'](https*:\/\/[^\"|^\']*)[\"|\']/";
+ preg_match_all($pattern, $content, $matches);
+ for ($i = 0; $i < count($matches[1]); $i++) {
+ $req = $matches[1][$i];
+ $e = new mb_notice("Gefundene URL " . $i . ": " . $req);
+ #$notice = new mb_notice("owsproxy id:".$req);
+ //only register and exchange urls, that should not be excluded!
+ if (in_array($req,$urlsToExclude)) {
+ continue;
+ }
+ $id = registerURL($req);
+ $extReq = setExternalRequest($id);
+ //$e = new mb_exception("MD5 URL " . $id . "-Externer Link: " . $extReq);
+ $content = str_replace($req, $extReq, $content);
+ }
+ return $content;
+}
+
+function setExternalRequest($id)
+{
+ global $reqParams, $query;
+ $extReq = "http://" . $_SESSION['HTTP_HOST'] . "/owsproxy/" . $reqParams['sid'] . "/" . $id . "?request=external";
+ return $extReq;
+}
+
+function getExternalRequest($id)
+{
+ for ($i = 0; $i < count($_SESSION["owsproxyUrls"]["url"]); $i++) {
+ if ($id == $_SESSION["owsproxyUrls"]["id"][$i]) {
+ $cUrl = $_SESSION["owsproxyUrls"]["url"][$i];
+ $query_string = removeOWSGetParams($_SERVER["QUERY_STRING"]);
+ if ($query_string != '') {
+ $cUrl .= getConjunctionCharacter($cUrl) . $query_string;
+ }
+ $metainfo = get_headers($cUrl, 1);
+ // just for the stupid InternetExplorer
+ header('Pragma: private');
+ header('Cache-control: private, must-revalidate');
+
+ header("Content-Type: " . $metainfo['Content-Type']);
+
+ $content = getDocumentContent(false, $cUrl, $metainfo);
+ #$content = matchUrls($content); //In the case of http_auth - this is not possible cause we cannot save them in the header - maybe we could create a special session to do so later on?
+ echo $content;
+ }
+ }
+}
+
+function removeOWSGetParams($query_string)
+{
+ $r = preg_replace("/.*request=external&/", "", $query_string);
+ #return $r;
+ return "";
+}
+
+function getConjunctionCharacter($url)
+{
+ if (strpos($url, "?")) {
+ if (strpos($url, "?") == strlen($url)) {
+ $cchar = "";
+ } else if (strpos($url, "&") == strlen($url)) {
+ $cchar = "";
+ } else {
+ $cchar = "&";
+ }
+ }
+ if (strpos($url, "?") === false) {
+ $cchar = "?";
+ }
+ return $cchar;
+}
+
+function registerUrl($url)
+{
+ if (!in_array($url, $_SESSION["owsproxyUrls"]["url"])) {
+ $e = new mb_exception("Is noch net drin!");
+ $id = md5($url);
+ $e = new mb_exception("ID: " . $id . " URL: " . $url . " will be written to session");
+ array_push($_SESSION["owsproxyUrls"]["url"], $url);
+ array_push($_SESSION["owsproxyUrls"]["id"], $id);
+ } else {
+ $e = new mb_exception("It was found! Search content and return ID!");
+ for ($i = 0; $i < count($_SESSION["owsproxyUrls"]["url"]); $i++) {
+ $e = new mb_exception("Content " . $i . " : proxyurl:" . $_SESSION["owsproxyUrls"]["url"][$i] . " - new: " . $url);
+ if ($url == $_SESSION["owsproxyUrls"]["url"][$i]) {
+ $e = new mb_exception("Identical! ID:" . $_SESSION["owsproxyUrls"]["id"][$i] . " will be used");
+ $id = $_SESSION["owsproxyUrls"]["id"][$i];
+ }
+ }
+ }
+ return $id;
+}
+
+function getCapabilities($request, $requestFull)
+{
+ global $arrayOnlineresources;
+ global $layerId;
+ header("Content-Type: application/xml");
+ if (func_num_args() == 3) { //new for HTTP Authentication
+ $auth = func_get_arg(2);
+ $d = new connector($requestFull, $auth);
+ } else {
+ $d = new connector($requestFull);
+ }
+ $content = $d->file;
+ //show temporal content fo capabilities
+ $e = new mb_notice("content from wms.php fascade after going thru curl: " . $content);
+ //loading as xml
+ libxml_use_internal_errors(true);
+ try {
+ $capFromFascadeXmlObject = simplexml_load_string($content);
+ if ($capFromFascadeXmlObject === false) {
+ foreach (libxml_get_errors() as $error) {
+ $err = new mb_exception("http_auth/index.php: " . $error->message);
+ }
+ throw new Exception("http_auth/index.php: " . 'Cannot parse Metadata XML!');
+ echo "<error>http_auth/index.php: Cannot parse Capabilities XML!</error>";
+ die();
+ }
+ } catch (Exception $e) {
+ $err = new mb_exception("http_auth/index.php: " . $e->getMessage());
+ echo "<error>http_auth/index.php: " . $e->getMessage() . "</error>";
+ die();
+ }
+ //exchanging urls in some special fields
+ //
+ //GetCapabilities, GetMap, GetFeatureInfo, GetLegendGraphics, ...
+ $capFromFascadeXmlObject->registerXPathNamespace("xlink", "http://www.w3.org/1999/xlink");
+ //Mapping of urls for wms 1.1.1 which should be exchanged
+ $urlsToChange = array(
+ '/WMT_MS_Capabilities/Capability/Request/GetCapabilities/DCPType/HTTP/Get/OnlineResource/@xlink:href',
+ '/WMT_MS_Capabilities/Capability/Request/GetCapabilities/DCPType/HTTP/Post/OnlineResource/@xlink:href',
+ '/WMT_MS_Capabilities/Capability/Request/GetMap/DCPType/HTTP/Get/OnlineResource/@xlink:href',
+ '/WMT_MS_Capabilities/Capability/Request/GetMap/DCPType/HTTP/Post/OnlineResource/@xlink:href',
+ '/WMT_MS_Capabilities/Capability/Request/GetFeatureInfo/DCPType/HTTP/Get/OnlineResource/@xlink:href',
+ '/WMT_MS_Capabilities/Capability/Request/GetFeatureInfo/DCPType/HTTP/Post/OnlineResource/@xlink:href',
+ '/WMT_MS_Capabilities/Capability/Layer/Layer/Style/LegendURL/OnlineResource/@xlink:href'
+ );
+ foreach ($urlsToChange as $xpath) {
+ $href = $capFromFascadeXmlObject->xpath($xpath);
+ $e = new mb_notice("old href: " . $href[0]);
+ $e = new mb_notice("href replaced: " . replaceOwsUrls($href[0], $layerId));
+ $href[0][0] = replaceOwsUrls($href[0], $layerId);
+ }
+ echo $capFromFascadeXmlObject->asXML();
+}
+
+function replaceOwsUrls($owsUrl, $layerId)
+{
+ $new = "http_auth/" . $layerId . "?";
+ $pattern = "#owsproxy/[a-z0-9]{32}\/[a-z0-9]{32}\?#m";
+ $httpAuthUrl = preg_replace($pattern, $new, $owsUrl);
+ //replace
+ //also replace the getcapabilities url with authenticated one ;-)
+ if (defined("MAPBENDER_PATH") && MAPBENDER_PATH != '') {
+ $wmsUrl = parse_url(MAPBENDER_PATH);
+ $path = $wmsUrl['path'];
+ $pattern = "#" . $path . "/php/wms.php\?layer_id=" . $layerId . "&#m";
+ } else {
+ $pattern = "#mapbender/php/wms.php\?layer_id=" . $layerId . "&#m";
+ }
+ $httpAuthUrl = preg_replace($pattern, "/" . $new, $httpAuthUrl);
+ //use always https for url
+ if (defined("HTTP_AUTH_PROXY") && HTTP_AUTH_PROXY != '') {
+ $parsed_url = parse_url(HTTP_AUTH_PROXY);
+ if ($parsed_url['scheme'] == "https") {
+ $httpAuthUrl = preg_replace("#http:#", "https:", $httpAuthUrl);
+ $httpAuthUrl = preg_replace("#:80/#", ":443/", $httpAuthUrl);
+ }
+ }
+ return $httpAuthUrl;
+}
+
+function getWfsCapabilities($request, $auth = false)
+{
+ global $arrayOnlineresources;
+ global $sid, $serviceId;
+ $t = array(htmlentities($arrayOnlineresources["wfs_getcapabilities"]), htmlentities($arrayOnlineresources["wfs_getmap"]),
+ htmlentities($arrayOnlineresources["wfs_getfeatureinfo"]));
+ $new = OWSPROXY . "/" . $sid . "/" . $serviceId . "?";
+ //TODO - set to persistent url
+ //$new = '';
+ //get actual capabilities from external server
+ if (!$auth) {
+ $wfsCaps = new connector($request);
+ } else {
+ $wfsCaps = new connector($request, $auth);
+ }
+ $r = str_replace($t, $new, $wfsCaps->file);
+ //delete trailing amp; 's
+ $r = str_replace('amp;', '', $r);
+ header("Content-Type: application/xml");
+ echo $r;
+}
+
+/**
+ * gets the original url of the requested legend graphic
+ *
+ * @param string owsproxy md5
+ * @return string url to legend graphic
+ */
+function getLegendUrl($wmsId)
+{
+ global $reqParams;
+ //get wms_getlegendurl
+ $sql = "SELECT wms_getlegendurl FROM wms WHERE wms_id = $1";
+ $v = array($wmsId);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
+ if ($row = db_fetch_array($res)) {
+ $getLegendUrl = $row["wms_getlegendurl"];
+ } else {
+ throwE(array("No wms data available."));
+ die();
+ }
+ //get the url
+ $sql = "SELECT layer_style.legendurl ";
+ $sql .= "FROM layer_style JOIN layer ";
+ $sql .= "ON layer_style.fkey_layer_id = layer.layer_id ";
+ $sql .= "WHERE layer.layer_name = $2 AND layer.fkey_wms_id = $1 ";
+ $sql .= "AND layer_style.name = $3 AND layer_style.legendurlformat = $4";
+ if ($reqParams['style'] == '') {
+ $style = 'default';
+ } else {
+ $style = $reqParams['style'];
+ }
+
+ $v = array($wmsId, $reqParams['layer'], $style, $reqParams['format']);
+ $t = array("i", "s", "s", "s");
+ $res = db_prep_query($sql, $v, $t);
+ if ($row = db_fetch_array($res)) {
+ if (strpos($row["legendurl"], 'http') !== 0) {
+ $e = new mb_notice("combine legendurls!");
+ return $getLegendUrl . $row["legendurl"];
+ }
+ return $row["legendurl"];
+ } else {
+ throwE(array("No legendurl available."));
+ die();
+ }
+}
+
+/**
+ * validated access permission on requested wms
+ *
+ * @param wmsId integer, userId - integer
+ * @return array array with detailed information about requested wms
+ */
+function checkWmsPermission($wmsOws, $userId)
+{
+ global $con, $n;
+ $myguis = $n->getGuisByPermission($userId, true);
+ $mywms = $n->getWmsByOwnGuis($myguis);
+
+ $sql = "SELECT * FROM wms WHERE wms_owsproxy = $1";
+ $v = array($wmsOws);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
+ $service = array();
+ if ($row = db_fetch_array($res)) {
+ $service["wms_id"] = $row["wms_id"];
+ $service["wms_getcapabilities"] = $row["wms_getcapabilities"];
+ $service["wms_getmap"] = $row["wms_getmap"];
+ $service["wms_getfeatureinfo"] = $row["wms_getfeatureinfo"];
+ $service["wms_getcapabilities_doc"] = $row["wms_getcapabilities_doc"];
+// $service["wms_spatialsec"] = $row["wms_spatialsec"];
+ }
+ if (!$row || count($mywms) == 0) {
+ throwE(array("No wms data available."));
+ die();
+ }
+
+ if (!in_array($service["wms_id"], $mywms)) {
+ throwE(array("Permission denied.", " -> " . $service["wms_id"], implode(",", $mywms)));
+ die();
+ }
+ return $service;
+}
+
+/**
+ * validates the access permission by getting the appropriate wfs_conf
+ * to each feature requested and check the wfs_conf permission
+ *
+ * @param string owsproxy md5
+ * @param array array of requested featuretype names
+ * @return array array with detailed information on reqested wfs
+ */
+function checkWfsPermission($wfsOws, $features, $userId)
+{
+ global $con, $n;
+ $myconfs = $n->getWfsConfByPermission($userId);
+ if ($features !== false) {
+ //check if we know the features requested
+ if (count($features) == 0) {
+ throwE(array("No wfs_feature data available."));
+ die();
+ }
+ }
+
+ //get wfs
+ $sql = "SELECT * FROM wfs WHERE wfs_owsproxy = $1";
+ $v = array($wfsOws);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
+ $service = array();
+ if ($row = db_fetch_array($res)) {
+ $service["wfs_id"] = $row["wfs_id"];
+ $service["wfs_getcapabilities"] = $row["wfs_getcapabilities"];
+ $service["wfs_getfeature"] = $row["wfs_getfeature"];
+ $service["wfs_describefeaturetype"] = $row["wfs_describefeaturetype"];
+ $service["wfs_transaction"] = $row["wfs_transaction"];
+ $service["wfs_getcapabilities_doc"] = $row["wfs_getcapabilities_doc"];
+ } else {
+ throwE(array("No wfs data available."));
+ die();
+ }
+
+ foreach ($features as $feature) {
+
+ //get appropriate wfs_conf
+ $sql = "SELECT wfs_conf.wfs_conf_id FROM wfs_conf ";
+ $sql.= "JOIN wfs_featuretype ";
+ $sql.= "ON wfs_featuretype.featuretype_id = wfs_conf.fkey_featuretype_id ";
+ $sql.= "WHERE wfs_featuretype.featuretype_name = $2 ";
+ $sql.= "AND wfs_featuretype.fkey_wfs_id = $1";
+ $v = array($service["wfs_id"], $feature);
+ $t = array("i", "s");
+ $res = db_prep_query($sql, $v, $t);
+ if (!($row = db_fetch_array($res))) {
+ $notice = new mb_exception("Permissioncheck failed no wfs conf for wfs " . $service["wfs_id"] . " with featuretype " . $feature);
+ throwE(array("No wfs_conf data for featuretype " . $feature));
+ die();
+ }
+ $conf_id = $row["wfs_conf_id"];
+
+ //check permission
+ if (!in_array($conf_id, $myconfs)) {
+ $notice = new mb_exception("Permissioncheck failed:" . $conf_id . " not in " . implode(",", $myconfs));
+ throwE(array("Permission denied.", " -> " . $conf_id, implode(",", $myconfs)));
+ die();
+ }
+ }
+
+ return $service;
+}
+
+function checkLayerPermission($wms_id, $l, $userId)
+{
+ global $n, $owsproxyService;
+ $myl = explode(",", $l);
+ $r = array();
+ foreach ($myl as $mysl) {
+ if ($n->getLayerPermission($wms_id, $mysl, $userId) === true) {
+ array_push($r, $mysl);
+ }
+ }
+ $ret = implode(",", $r);
+ return $ret;
+}
+
+function getDocumentContent($log_id, $url, $header = false)
+{
+ global $reqParams, $n;
+ //debug
+ $startTime = microtime();
+ if (func_num_args() == 4) { //new for HTTP Authentication
+ $auth = func_get_arg(3);
+ $d = new connector($url, $auth);
+ } else {
+ $d = new connector($url);
+ }
+ $content = $d->file;
+ $endTime = microtime();
+ //$e = new mb_exception("owsproxy/http/index.php: Time for getting remote resource: ".(string)($endTime - $startTime));
+ if (strtoupper($reqParams["request"]) == "GETMAP") { // getmap
+ $pattern_exc = '~EXCEPTION~i';
+ preg_match($pattern_exc, $content, $exception);
+ if (!$content) {
+ if ($log_id != null && is_integer($log_id)) {
+ $n->updateWmsLog(0, "Mb2OWSPROXY - unable to load: " . $url, "text/plain", $log_id);
+ }
+ header("Content-Type: text/plain");
+ echo "Mb2OWSPROXY - unable to load external request - for further information please see logfile";
+ } else if (count($exception) > 0) {
+ if ($log_id != null && is_integer($log_id)) {
+ $n->updateWmsLog(0, $content, $reqParams["exceptions"], $log_id);
+ }
+ header("Content-Type: " . $reqParams["exceptions"]);
+ echo $content;
+ } else {
+ $source = new Imagick();
+ $source->readImageBlob($content);
+ $numColors = $source->getImageColors();
+ if ($log_id != null && is_integer($log_id)) {
+ $n->updateWmsLog($numColors <= 1 ? -1 : 1, null, null, $log_id);
+ }
+ header("Content-Type: " . $reqParams['format']);
+ echo $content;
+ }
+ return true;
+ } else if (strtoupper($reqParams["request"]) == "GETFEATUREINFO") { // getmap
+// header("Content-Type: ".$reqParams['info_format']);
+// $content = matchUrls($content);
+// echo $content;
+ $pattern_exc = '~EXCEPTION~i';
+ preg_match($pattern_exc, $content, $exception);
+ if (!$content) {
+ if ($log_id != null) {
+ $n->updateWmsFiLog("Mb2OWSPROXY - unable to load: " . $url, "text/plain", $log_id);
+ }
+ header("Content-Type: text/plain");
+ echo "Mb2OWSPROXY - unable to load external request - for further information please see logfile";
+ } else if (count($exception) > 0) {
+ if ($log_id != null) {
+ $n->updateWmsFiLog($content, "application/xml", $log_id);
+ }
+ header("Content-Type: application/xml");
+ echo $content;
+ } else {
+ header("Content-Type: " . $reqParams['info_format']);
+ if ($log_id != null) {
+ $n->updateWmsFiLog(null, null, $log_id);
+ }
+ $content = matchUrls($content);
+ echo $content;
+ }
+ return true;
+ } elseif (strtoupper($reqParams["request"]) == "GETFEATURE") {
+ $e = new mb_notice("owsproxy/http/index.php: GetFeature invoked");
+ $startTime = microtime();
+ //parse featureCollection and get number of objects
+ libxml_use_internal_errors(true);
+ try {
+ $featureCollectionXml = simplexml_load_string($content);
+ if ($featureCollectionXml === false) {
+ foreach(libxml_get_errors() as $error) {
+ $err = new mb_exception("owsproxy/http/index.php:".$error->message);
+ }
+ throw new Exception("owsproxy/http/index.php:".'Cannot parse featureCollection XML!');
+ //TODO give error message
+ }
+ }
+ catch (Exception $e) {
+ $err = new mb_exception("owsproxy/index.php:".$e->getMessage());
+ //TODO give error message
+ }
+ if ($featureCollectionXml !== false) {
+ //$featureCollectionXml->registerXPathNamespace("gmd", "http://www.isotc211.org/2005/gmd");
+ $featureCollectionXml->registerXPathNamespace("ogc", "http://www.opengis.net/ogc");
+ $featureCollectionXml->registerXPathNamespace("wfs", "http://www.opengis.net/wfs");
+ $featureCollectionXml->registerXPathNamespace("gco", "http://www.isotc211.org/2005/gco");
+ $featureCollectionXml->registerXPathNamespace("gml", "http://www.opengis.net/gml");
+ $featureCollectionXml->registerXPathNamespace("xlink", "http://www.w3.org/1999/xlink");
+ $featureCollectionXml->registerXPathNamespace("xsi", "http://www.w3.org/2001/XMLSchema-instance");
+ $featureCollectionXml->registerXPathNamespace("default", "");
+ preg_match('@version=(?P<version>\d\.\d\.\d)&@i', strtolower($url), $version);
+ if (!$version['version']) {
+ $e = new mb_notice("owsproxy/http/index.php: No version for wfs request given in url!");
+ }
+ switch ($version['version']) {
+ //case "1.0.0":
+ default:
+ //get # of features from counting features
+ $numberOfFeatures = $featureCollectionXml->xpath('//wfs:FeatureCollection/gml:featureMember');
+ $numberOfFeatures = count($numberOfFeatures);
+ $e = new mb_notice("owsproxy/index.php: wfs version ".$version[1]." used");
+ break;
+ /*case "1.1.0":
+ //get # of features from attribut
+ $numberOfFeatures = $featureCollectionXml->xpath('//wfs:FeatureCollection/@numberOfFeatures');
+ $numberOfFeatures = $numberOfFeatures[0];
+ $e = new mb_notice("owsproxy/index.php: wfs version ".$version[1]." used");
+ break;*/
+ }
+ $endTime = microtime();
+ $e = new mb_notice("owsproxy/http/index.php: ".$numberOfFeatures." delivered features from wfs.");
+ //TODO: enhance error management
+ if ($log_id !== false) {
+ $n->updateWfsLog(1, '', '', $numberOfFeatures, $log_id);
+ }
+ $e = new mb_notice("owsproxy/http/index.php: Time for counting: ". (string)($endTime - $startTime));
+ $e = new mb_notice("owsproxy/http/index.php: Memory used for XML String: ".getVariableUsage($content)/1000000 ."MB");
+ if (header !== false) {
+ header($header);
+ }
+ echo $content;
+ }
+ } else {
+ if (header !== false) {
+ header($header);
+ }
+ echo $content;
+ }
+}
+
+//**********************************************************************************************
+//extra functions TODO: push them in class_administration.php
+
+/**
+ * selects the wms id for a given layer id.
+ *
+ * @param <integer> the layer id
+ * @return <string|boolean> either the id of the wms as integer or false when none exists
+ */
+function getWmsIdByLayerId($id)
+{
+ $sql = "SELECT fkey_wms_id FROM layer WHERE layer_id = $1";
+ $v = array($id);
+ $t = array('i');
+ $res = db_prep_query($sql, $v, $t);
+ $row = db_fetch_array($res);
+ if ($row)
+ return $row["fkey_wms_id"];
+ else
+ return false;
+}
+
+function getVariableUsage($var) {
+ $total_memory = memory_get_usage();
+ $tmp = unserialize(serialize($var));
+ return memory_get_usage() - $total_memory;
+}
+
+//function to remove one complete get param out of the query
+function delTotalFromQuery($paramName,$queryString) {
+ //echo $paramName ."<br>";
+ $queryString = "&".$queryString;
+ if ($paramName == "searchText") {
+ $str2exchange = "searchText=*&";
+ } else {
+ $str2exchange = "";
+ }
+ $queryStringNew = preg_replace('/\b'.$paramName.'\=[^&]*&?/',$str2exchange,$queryString); //TODO find empty get params
+ $queryStringNew = ltrim($queryStringNew,'&');
+ $queryStringNew = rtrim($queryStringNew,'&');
+ return $queryStringNew;
+}
+?>
More information about the Mapbender_commits
mailing list