'; echo $_SERVER['PHP_AUTH_DIGEST'].'
'; die(); } //get mb_username and email out of http_auth username string $userIdentification = explode(';',$requestHeaderArray['username']); $mbUsername = $userIdentification[0]; $mbEmail = $userIdentification[1]; $userInformation = getUserInfo($mbUsername,$mbEmail); if ($userInformation[0] == '-1') { die('User with name: '.$mbUsername.' and email: '.$mbEmail.' not known to security proxy!'); } if ($userInformation[1]=='') { //check if digest exists in db - if no digest exists it should be a null string! die('User with name: '.$mbUsername.' and email: '.$mbEmail.' has no digest - please set a new password and try again!'); } //first check the stale! if($requestHeaderArray['nonce'] == getNonce()) { // Up-to-date nonce received $stale = false; } else { // Stale nonce received (probably more than x seconds old) $stale = true; //give another chance to authenticate header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm="'.REALM.'",qop="auth",nonce="'.getNonce().'",opaque="'.md5(REALM).'" ,stale=true'); } // generate the valid response to check the request of the client $A1 = $userInformation[1]; $A2 = md5($_SERVER['REQUEST_METHOD'].':'.$requestHeaderArray['uri']); $valid_response = $A1.':'.getNonce().':'.$requestHeaderArray['nc']; $valid_response .= ':'.$requestHeaderArray['cnonce'].':'.$requestHeaderArray['qop'].':'.$A2; $valid_response=md5($valid_response); if ($requestHeaderArray['response'] != $valid_response) {//the user have to authenticate new - cause something in the authentication went wrong die('Authentication failed - sorry, you have to authenticate once more!'); } //if we are here - authentication has been done well! //let's do the proxy things (came from owsproxy.php): $postdata = $HTTP_RAW_POST_DATA; $layerId = $_REQUEST['layer_id']; $query = new QueryHandler(); // an array with keys and values toLoserCase -> caseinsensitiv $reqParams = $query->getRequestParams(); $n = new administration(); $wmsId = getWmsIdByLayerId($layerId); $owsproxyString = $n->getWMSOWSstring($wmsId); if (!$owsproxyString) { die('The requested resource does not exists or the routing through mapbenders owsproxy is not activated!'); } //get authentication infos if they are available in wms table! if not $auth = false $auth = $n->getAuthInfoOfWMS($wmsId); if ($auth['auth_type']==''){ unset($auth); } $e = new mb_exception("REQUEST to HTTP_AUTH: ".strtolower($reqParams['request'])); //what the proxy does switch (strtolower($reqParams['request'])) { case 'getcapabilities': $arrayOnlineresources = checkWmsPermission($wmsId,$userInformation[0]); $query->setOnlineResource($arrayOnlineresources['wms_getcapabilities']); //$request = preg_replace("/(.*)frames\/login.php/", "$1php/wms.php?layer_id=".$layerId, LOGIN); if (isset($_SERVER["HTTPS"])){ $urlPrefix = "https://"; } else { $urlPrefix = "http://"; } $request = $urlPrefix.$_SERVER['HTTP_HOST']."/mapbender/php/wms.php?layer_id=".$layerId; $requestFull .= $request.'&REQUEST=GetCapabilities&VERSION=1.1.1&SERVICE=WMS'; if(isset($auth)){ getCapabilities($request,$requestFull,$auth); } else { getCapabilities($request,$requestFull); } break; case 'getfeatureinfo': $arrayOnlineresources = checkWmsPermission($wmsId,$userInformation[0]); $query->setOnlineResource($arrayOnlineresources['wms_getfeatureinfo']); $layers = checkLayerPermission($wmsId,$reqParams['layers'],$userInformation[0]); if ($layers == '' ) { throwE("GetFeatureInfo permission denied on layer with id".$layerId); die(); } $request = $query->getRequest(); if(isset($auth)){ getFeatureInfo($request,$auth); } else { getFeatureInfo($request); } break; case 'getmap': $arrayOnlineresources = checkWmsPermission($wmsId,$userInformation[0]); $query->setOnlineResource($arrayOnlineresources['wms_getmap']); $layers = checkLayerPermission($wmsId,$reqParams['layers'],$userInformation[0]); if ($layers == '' ) { throwE("GetMap permission denied on layer with id ".$layerId); die(); } $query->setParam("layers",urldecode($layers)); $request = $query->getRequest(); #log proxy requests if($n->getWmsLogTag($wmsId)==1) { #do log to db #TODO read out size of bbox and calculate price #get price out of db $price=intval($n->getWmsPrice($wmsId)); $n->logWmsProxyRequest($wmsId,$userInformation[0],$request,$price); } if(isset($auth)){ getImage($request,$auth); } else { getImage($request); } break; case 'getlegendgraphic': $url = getLegendUrl($wmsId); $e = new mb_exception("URL for getlegendgraphic: "); if(isset($auth)){ getImage($url,$auth); } else { getImage($url); } break; default: echo 'Your are logged in as: ' .$requestHeaderArray['username'].' and requested the layer with id='.$layerId.' but your request is not a valid OWS request'; } //functions for http_auth //********************************************************************************************** // function to parse the http auth header function http_digest_parse($txt) { // protect against missing data $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1); $data = array(); $keys = implode('|', array_keys($needed_parts)); preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER); foreach ($matches as $m) { $data[$m[1]] = $m[3] ? $m[3] : $m[4]; unset($needed_parts[$m[1]]); } return $needed_parts ? false : $data; } // function to get relevant user information from mb db function getUserInfo($mbUsername,$mbEmail) { $result = array(); $sql = "SELECT mb_user_id, mb_user_digest FROM mb_user where mb_user_name = $1 AND mb_user_email= $2"; $v = array($mbUsername, $mbEmail); $t = array("s","s"); $res = db_prep_query($sql, $v, $t); if(!($row = db_fetch_array($res))){ $result[0] = "-1"; } else { $result[0] = $row['mb_user_id']; $result[1] = $row['mb_user_digest']; } return $result; } function getNonce() { global $nonceLife; $time = ceil(time() / $nonceLife) * $nonceLife; return md5(date('Y-m-d H:i', $time).':'.$_SERVER['REMOTE_ADDR'].':'.NONCEKEY); } //********************************************************************************************** //functions of owsproxy/http/index.php //********************************************************************************************** function throwE($e){ global $reqParams, $imageformats; if(in_array($reqParams['format'],$imageformats)){ throwImage($e); } else{ throwText($e); } } function throwImage($e){ global $reqParams; if (!$reqParams['width'] || !$reqParams['height']) { //width or height are not set by ows request - maybe for legendgraphics $width = 300; $height = 20; } $image = imagecreate($width,$height); $transparent = ImageColorAllocate($image,155,155,155); ImageFilledRectangle($image,0,0,$width,$height,$transparent); imagecolortransparent($image, $transparent); $text_color = ImageColorAllocate ($image, 233, 14, 91); for($i=0; $i 0){ $url .= "&"; } $url .= $mykeys[$i]."=".urlencode($reqParams[$mykeys[$i]]); } return $url; } /** * fetch and returns an image to client * * @param string the original url of the image to send */ function getImage($or){ global $reqParams; header("Content-Type: ".$reqParams['format']); if (func_num_args() == 2) { //new for HTTP Authentication $auth = func_get_arg(1); echo getDocumentContent($or,$auth); } else { echo getDocumentContent($or); } } /** * fetchs and returns the content of the FeatureInfo Response * * @param string the url of the FeatureInfoRequest * @return string the content of the FeatureInfo document */ function getFeatureInfo($url){ global $info_format; $e = new mb_exception("owsproxy: Try to fetch FeatureInfoRequest: ".$url); header("Content-Type: ".$info_format); if (func_num_args() == 2) { //new for HTTP Authentication $auth = func_get_arg(1); echo getDocumentContent($url,$auth); } else { echo getDocumentContent($url); } } function matchUrls($content){ if(!session_is_registered("owsproxyUrls")){ $_SESSION["owsproxyUrls"] = array(); $_SESSION["owsproxyUrls"]["id"] = array(); $_SESSION["owsproxyUrls"]["url"] = array(); } $pattern = "/[\"|\'](https*:\/\/[^\"|^\']*)[\"|\']/"; preg_match_all($pattern,$content,$matches); for($i=0; $igetGuisByPermission($userId,true); $mywms = $n->getWmsByOwnGuis($myguis); $sql = "SELECT * FROM wms WHERE wms_id = $1"; $v = array($wmsId); $t = array("s"); $res = db_prep_query($sql, $v, $t); $service = array(); if($row = db_fetch_array($res)){ $service["wms_id"] = $row["wms_id"]; $service["wms_getcapabilities"] = $row["wms_getcapabilities"]; $service["wms_getmap"] = $row["wms_getmap"]; $service["wms_getfeatureinfo"] = $row["wms_getfeatureinfo"]; $service["wms_getcapabilities_doc"] = $row["wms_getcapabilities_doc"]; } if(!$row || count($mywms) == 0){ throwE(array("No wms data available.")); die(); } if(!in_array($service["wms_id"], $mywms)){ throwE(array("Permission denied."," -> ".$service["wms_id"], implode(",", $mywms))); die(); } return $service; } function checkLayerPermission($wms_id,$l,$userId){ global $n, $owsproxyService; $e = new mb_notice("owsproxy: checkLayerpermission: wms: ".$wms_id.", layer: ".$l.' user_id: '.$userId); $myl = split(",",$l); $r = array(); foreach($myl as $mysl){ if($n->getLayerPermission($wms_id, $mysl, $userId) === true){ array_push($r, $mysl); } } $ret = implode(",",$r); return $ret; } function getDocumentContent($url){ if (func_num_args() == 2) { //new for HTTP Authentication $auth = func_get_arg(1); $d = new connector($url, $auth); } else { $d = new connector($url); } return $d->file; } //********************************************************************************************** //extra functions TODO: push them in class_administration.php /** * selects the wms id for a given layer id. * * @param the layer id * @return either the id of the wms as integer or false when none exists */ function getWmsIdByLayerId($id){ $sql = "SELECT fkey_wms_id FROM layer WHERE layer_id = $1"; $v = array($id); $t = array('i'); $res = db_prep_query($sql,$v,$t); $row = db_fetch_array($res); if ($row) return $row["fkey_wms_id"]; else return false; } ?>