';
echo $_SERVER['PHP_AUTH_DIGEST'].'
';
die();
}
//get mb_username and email out of http_auth username string
$userIdentification = explode(';',$requestHeaderArray['username']);
$mbUsername = $userIdentification[0];
$mbEmail = $userIdentification[1];
$userInformation = getUserInfo($mbUsername,$mbEmail);
if ($userInformation[0] == '-1') {
die('User with name: '.$mbUsername.' and email: '.$mbEmail.' not known to security proxy!');
}
if ($userInformation[1]=='') { //check if digest exists in db - if no digest exists it should be a null string!
die('User with name: '.$mbUsername.' and email: '.$mbEmail.' has no digest - please set a new password and try again!');
}
//first check the stale!
if($requestHeaderArray['nonce'] == getNonce()) {
// Up-to-date nonce received
$stale = false;
} else {
// Stale nonce received (probably more than x seconds old)
$stale = true;
//give another chance to authenticate
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="'.REALM.'",qop="auth",nonce="'.getNonce().'",opaque="'.md5(REALM).'" ,stale=true');
}
// generate the valid response to check the request of the client
$A1 = $userInformation[1];
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$requestHeaderArray['uri']);
$valid_response = $A1.':'.getNonce().':'.$requestHeaderArray['nc'];
$valid_response .= ':'.$requestHeaderArray['cnonce'].':'.$requestHeaderArray['qop'].':'.$A2;
$valid_response=md5($valid_response);
if ($requestHeaderArray['response'] != $valid_response) {//the user have to authenticate new - cause something in the authentication went wrong
die('Authentication failed - sorry, you have to authenticate once more!');
}
//if we are here - authentication has been done well!
//let's do the proxy things (came from owsproxy.php):
$postdata = $HTTP_RAW_POST_DATA;
$layerId = $_REQUEST['layer_id'];
$query = new QueryHandler();
// an array with keys and values toLoserCase -> caseinsensitiv
$reqParams = $query->getRequestParams();
$n = new administration();
$wmsId = getWmsIdByLayerId($layerId);
$owsproxyString = $n->getWMSOWSstring($wmsId);
if (!$owsproxyString) {
die('The requested resource does not exists or the routing through mapbenders owsproxy is not activated!');
}
//get authentication infos if they are available in wms table! if not $auth = false
$auth = $n->getAuthInfoOfWMS($wmsId);
if ($auth['auth_type']==''){
unset($auth);
}
$e = new mb_exception("REQUEST to HTTP_AUTH: ".strtolower($reqParams['request']));
//what the proxy does
switch (strtolower($reqParams['request'])) {
case 'getcapabilities':
$arrayOnlineresources = checkWmsPermission($wmsId,$userInformation[0]);
$query->setOnlineResource($arrayOnlineresources['wms_getcapabilities']);
//$request = preg_replace("/(.*)frames\/login.php/", "$1php/wms.php?layer_id=".$layerId, LOGIN);
if (isset($_SERVER["HTTPS"])){
$urlPrefix = "https://";
} else {
$urlPrefix = "http://";
}
$request = $urlPrefix.$_SERVER['HTTP_HOST']."/mapbender/php/wms.php?layer_id=".$layerId;
$requestFull .= $request.'&REQUEST=GetCapabilities&VERSION=1.1.1&SERVICE=WMS';
if(isset($auth)){
getCapabilities($request,$requestFull,$auth);
}
else {
getCapabilities($request,$requestFull);
}
break;
case 'getfeatureinfo':
$arrayOnlineresources = checkWmsPermission($wmsId,$userInformation[0]);
$query->setOnlineResource($arrayOnlineresources['wms_getfeatureinfo']);
$layers = checkLayerPermission($wmsId,$reqParams['layers'],$userInformation[0]);
if ($layers == '' ) {
throwE("GetFeatureInfo permission denied on layer with id".$layerId);
die();
}
$request = $query->getRequest();
if(isset($auth)){
getFeatureInfo($request,$auth);
}
else {
getFeatureInfo($request);
}
break;
case 'getmap':
$arrayOnlineresources = checkWmsPermission($wmsId,$userInformation[0]);
$query->setOnlineResource($arrayOnlineresources['wms_getmap']);
$layers = checkLayerPermission($wmsId,$reqParams['layers'],$userInformation[0]);
if ($layers == '' ) {
throwE("GetMap permission denied on layer with id ".$layerId);
die();
}
$query->setParam("layers",urldecode($layers));
$request = $query->getRequest();
#log proxy requests
if($n->getWmsLogTag($wmsId)==1) {
#do log to db
#TODO read out size of bbox and calculate price
#get price out of db
$price=intval($n->getWmsPrice($wmsId));
$n->logWmsProxyRequest($wmsId,$userInformation[0],$request,$price);
}
if(isset($auth)){
getImage($request,$auth);
}
else {
getImage($request);
}
break;
case 'getlegendgraphic':
$url = getLegendUrl($wmsId);
$e = new mb_exception("URL for getlegendgraphic: ");
if(isset($auth)){
getImage($url,$auth);
}
else {
getImage($url);
}
break;
default:
echo 'Your are logged in as: ' .$requestHeaderArray['username'].' and requested the layer with id='.$layerId.' but your request is not a valid OWS request';
}
//functions for http_auth
//**********************************************************************************************
// function to parse the http auth header
function http_digest_parse($txt)
{
// protect against missing data
$needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
$data = array();
$keys = implode('|', array_keys($needed_parts));
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
foreach ($matches as $m) {
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
unset($needed_parts[$m[1]]);
}
return $needed_parts ? false : $data;
}
// function to get relevant user information from mb db
function getUserInfo($mbUsername,$mbEmail) {
$result = array();
$sql = "SELECT mb_user_id, mb_user_digest FROM mb_user where mb_user_name = $1 AND mb_user_email= $2";
$v = array($mbUsername, $mbEmail);
$t = array("s","s");
$res = db_prep_query($sql, $v, $t);
if(!($row = db_fetch_array($res))){
$result[0] = "-1";
}
else {
$result[0] = $row['mb_user_id'];
$result[1] = $row['mb_user_digest'];
}
return $result;
}
function getNonce() {
global $nonceLife;
$time = ceil(time() / $nonceLife) * $nonceLife;
return md5(date('Y-m-d H:i', $time).':'.$_SERVER['REMOTE_ADDR'].':'.NONCEKEY);
}
//**********************************************************************************************
//functions of owsproxy/http/index.php
//**********************************************************************************************
function throwE($e){
global $reqParams, $imageformats;
if(in_array($reqParams['format'],$imageformats)){
throwImage($e);
}
else{
throwText($e);
}
}
function throwImage($e){
global $reqParams;
if (!$reqParams['width'] || !$reqParams['height']) { //width or height are not set by ows request - maybe for legendgraphics
$width = 300;
$height = 20;
}
$image = imagecreate($width,$height);
$transparent = ImageColorAllocate($image,155,155,155);
ImageFilledRectangle($image,0,0,$width,$height,$transparent);
imagecolortransparent($image, $transparent);
$text_color = ImageColorAllocate ($image, 233, 14, 91);
for($i=0; $i 0){ $url .= "&"; }
$url .= $mykeys[$i]."=".urlencode($reqParams[$mykeys[$i]]);
}
return $url;
}
/**
* fetch and returns an image to client
*
* @param string the original url of the image to send
*/
function getImage($or){
global $reqParams;
header("Content-Type: ".$reqParams['format']);
if (func_num_args() == 2) { //new for HTTP Authentication
$auth = func_get_arg(1);
echo getDocumentContent($or,$auth);
}
else
{
echo getDocumentContent($or);
}
}
/**
* fetchs and returns the content of the FeatureInfo Response
*
* @param string the url of the FeatureInfoRequest
* @return string the content of the FeatureInfo document
*/
function getFeatureInfo($url){
global $reqParams;
$e = new mb_exception("owsproxy: Try to fetch FeatureInfoRequest: ".$url);
header("Content-Type: ".$reqParams['info_format']);
if (func_num_args() == 2) { //new for HTTP Authentication
$auth = func_get_arg(1);
echo getDocumentContent($url,$auth);
}
else
{
echo getDocumentContent($url);
}
}
function matchUrls($content){
if(!session_is_registered("owsproxyUrls")){
$_SESSION["owsproxyUrls"] = array();
$_SESSION["owsproxyUrls"]["id"] = array();
$_SESSION["owsproxyUrls"]["url"] = array();
}
$pattern = "/[\"|\'](https*:\/\/[^\"|^\']*)[\"|\']/";
preg_match_all($pattern,$content,$matches);
for($i=0; $igetGuisByPermission($userId,true);
$mywms = $n->getWmsByOwnGuis($myguis);
$sql = "SELECT * FROM wms WHERE wms_id = $1";
$v = array($wmsId);
$t = array("s");
$res = db_prep_query($sql, $v, $t);
$service = array();
if($row = db_fetch_array($res)){
$service["wms_id"] = $row["wms_id"];
$service["wms_getcapabilities"] = $row["wms_getcapabilities"];
$service["wms_getmap"] = $row["wms_getmap"];
$service["wms_getfeatureinfo"] = $row["wms_getfeatureinfo"];
$service["wms_getcapabilities_doc"] = $row["wms_getcapabilities_doc"];
}
if(!$row || count($mywms) == 0){
throwE(array("No wms data available."));
die();
}
if(!in_array($service["wms_id"], $mywms)){
throwE(array("Permission denied."," -> ".$service["wms_id"], implode(",", $mywms)));
die();
}
return $service;
}
function checkLayerPermission($wms_id,$l,$userId){
global $n, $owsproxyService;
$e = new mb_notice("owsproxy: checkLayerpermission: wms: ".$wms_id.", layer: ".$l.' user_id: '.$userId);
$myl = split(",",$l);
$r = array();
foreach($myl as $mysl){
if($n->getLayerPermission($wms_id, $mysl, $userId) === true){
array_push($r, $mysl);
}
}
$ret = implode(",",$r);
return $ret;
}
function getDocumentContent($url){
if (func_num_args() == 2) { //new for HTTP Authentication
$auth = func_get_arg(1);
$d = new connector($url, $auth);
}
else {
$d = new connector($url);
}
return $d->file;
}
//**********************************************************************************************
//extra functions TODO: push them in class_administration.php
/**
* selects the wms id for a given layer id.
*
* @param the layer id
* @return either the id of the wms as integer or false when none exists
*/
function getWmsIdByLayerId($id){
$sql = "SELECT fkey_wms_id FROM layer WHERE layer_id = $1";
$v = array($id);
$t = array('i');
$res = db_prep_query($sql,$v,$t);
$row = db_fetch_array($res);
if ($row) return $row["fkey_wms_id"]; else return false;
}
?>