forceBasicAuth is not valid (true).
';
die();
} else {
$authType = 'basic';
}
$testMatch = NULL;
}
if (is_file(dirname(__FILE__) . "/../../conf/excludeproxyurls.conf"))
{
require_once(dirname(__FILE__) . "/../../conf/excludeproxyurls.conf");
}
//database connection
$db = db_connect($DBSERVER, $OWNER, $PW);
db_select_db(DB, $db);
/* * *** conf **** */
$imageformats = array("image/png", "image/gif", "image/jpeg", "image/jpg");
$width = 400;
$height = 400;
/* * *** conf **** */
//check request params for checking anonymous authorization#########################################
//TODO!!!!!!
$layerId = false;
$wfsId = false;
//$typenames = false;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$e = new mb_exception("http_auth/http/index.php: REQUEST METHOD: POST");
} else {
$e = new mb_exception("http_auth/http/index.php: REQUEST METHOD: ".$_SERVER['REQUEST_METHOD']);
}
//test for existing post data
$postData = file_get_contents("php://input");
//debug!
//$e = new mb_exception("http_auth/http/index.php: postdata: ".$postData);
if (isset($postData) && $postData !== '') {
$e = new mb_exception("http_auth/http/index.php: postdata: ".$postData);
} else {
$e = new mb_exception("http_auth/http/index.php: postdata (file content) empty!");
$postData = false;
}
if (isset($_REQUEST["layer_id"]) & $_REQUEST["layer_id"] != "") {
//validate integer
$testMatch = $_REQUEST["layer_id"];
//give max 99 entries - more will be to slow
$pattern = '/^[0-9]*$/';
if (!preg_match($pattern,$testMatch)){
//echo 'userId: '.$testMatch.' is not valid.
';
echo 'Parameter layer_id is not valid (integer).
';
die();
}
$layerId = $testMatch;
$testMatch = NULL;
}
if (isset($_REQUEST["wfs_id"]) & $_REQUEST["wfs_id"] != "") {
//validate integer
$testMatch = $_REQUEST["wfs_id"];
//give max 99 entries - more will be to slow
$pattern = '/^[0-9]*$/';
if (!preg_match($pattern,$testMatch)){
//echo 'userId: '.$testMatch.' is not valid.
';
echo 'Parameter wfs_id is not valid (integer).
';
die();
}
$wfsId = $testMatch;
$testMatch = NULL;
}
//parse query
$query = new QueryHandler($postData, $_REQUEST, $_SERVER['REQUEST_METHOD']);
// an array with keys and values toLowerCase -> caseinsensitiv
$reqParams = $query->getRequestParams();
//$e = new mb_exception($reqParams['version']);
if ($wfsId !== false) {
//switch for different parameter name - typename for wfs < 2.0 typenames for wfs >= 2.0
$typeNameParameter = "typename"; //lowercase
switch ($reqParams['version']) {
case "2.0.0":
if (strtolower($reqParams['request']) == 'describefeaturetype') {
$typeNameParameter = "typename";
} else {
$typeNameParameter = "typenames";
}
break;
case "2.0.2":
if (strtolower($reqParams['request']) == 'describefeaturetype') {
$typeNameParameter = "typename";
} else {
$typeNameParameter = "typenames";
}
break;
default:
$typeNameParameter = "typename";
break;
}
//initialize typename parameter with false - not given
//check for featuretype name
if (isset($reqParams[$typeNameParameter]) & $reqParams[$typeNameParameter] != "") {
//validate integer
$testMatch = $reqParams[$typeNameParameter];
//simple pattern - without blanks!
$pattern = '/^[0-9a-zA-Z\.\-_:,]*$/';
if (!preg_match($pattern,$testMatch)){
//echo 'userId: '.$testMatch.' is not valid.
';
echo 'Parameter '.$typeNameParameter.' is not valid.
';
die();
}
$reqParams[$typeNameParameter] = $testMatch;
$testMatch = NULL;
}
}
//check authorization
$anonymousAccess = false;
if ($layerId !== false) {
$user = new user(PUBLIC_USER);
$anonymousAccess = $user->isLayerAccessible($layerId);
}
//$e = new mb_exception("http_auth/index.php: ".$typeNameParameter.": ".(string)$reqParams[$typeNameParameter]);
if ($wfsId !== false) {
if (isset($reqParams[$typeNameParameter]) && $reqParams[$typeNameParameter] !== false && $reqParams[$typeNameParameter] !== '') {
$user = new user(PUBLIC_USER);
$anonymousAccess = $user->areFeaturetypesAccessible($reqParams[$typeNameParameter], $wfsId);
} else {
//typename not requested - so check accessability for each featuretype of the service - only if all are accessable, give anonymous access to getcapabilities and other requests, that don't need a typename(s) parameter
$sql = "SELECT featuretype_name FROM wfs_featuretype WHERE fkey_wfs_id = $1";
$v = array($wfsId);
$t = array("i");
$res = db_prep_query($sql, $v, $t);
if (!($row = db_fetch_all($res))) {
return false;
} else {
if (count($row) == 1 && $row[0]['featuretype_name'] == null) {
return false;
} else {
$allTypenames = "";
foreach ($row as $singleRow) {
$allTypenames .= $singleRow['featuretype_name'] . ",";
}
$allTypenames = rtrim($allTypenames, ',');
}
//$e = new mb_exception("http_auth/index.php: allTypenames for wfs ".$wfsId." : ".$allTypenames);
$user = new user(PUBLIC_USER);
$anonymousAccess = $user->areFeaturetypesAccessible($allTypenames, $wfsId);
}
}
}
//$e = new mb_exception("http_auth/index.php: anonymousAcces possible: ".(string)$anonymousAccess);
//first check if anonymous user has rights to access ressource - if so - don't use authentication
if ($anonymousAccess == true) {
$userId = PUBLIC_USER;
} else {
switch ($authType) {
case 'digest':
//special for type of authentication ******************************
//control if digest auth is set, if not set, generate the challenge with getNonce()
if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="' . REALM .
'",qop="auth",nonce="' . getNonce() . '",opaque="' . md5(REALM) . '"');
die('Text to send if user hits Cancel button');
}
//read out the header in an array
$requestHeaderArray = http_digest_parse($_SERVER['PHP_AUTH_DIGEST']);
//error if header could not be read
if (!($requestHeaderArray)) {
echo 'Following Header information cannot be validated - check your clientsoftware!
';
echo $_SERVER['PHP_AUTH_DIGEST'] . '
';
die();
}
//get mb_username and email out of http_auth username string
$userIdentification = explode(';', $requestHeaderArray['username']);
$mbUsername = $userIdentification[0];
$mbEmail = $userIdentification[1]; //not given in all circumstances
$userInformation = getUserInfo($mbUsername, $mbEmail);
/*
$result[0] = $row['mb_user_id'];
$result[1] = $row['mb_user_digest'];
$result[2] = $row['mb_user_password'];
$result[3] = $row['password'];
*/
if ($userInformation[0] == '-1') {
die('User with name: ' . $mbUsername . ' and email: ' . $mbEmail . ' not known to security proxy!');
}
if ($userInformation[1] == '') { //check if digest exists in db - if no digest exists it should be a null string!
die('User with name: ' . $mbUsername . ' and email: ' . $mbEmail . ' has no digest - please set a new password and try again!');
}
//first check the stale!
if ($requestHeaderArray['nonce'] == getNonce()) {
// Up-to-date nonce received
$stale = false;
} else {
// Stale nonce received (probably more than x seconds old)
$stale = true;
//give another chance to authenticate
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="' . REALM . '",qop="auth",nonce="' . getNonce() . '",opaque="' . md5(REALM) . '" ,stale=true');
}
// generate the valid response to check the request of the client
$A1 = $userInformation[1];
$A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $requestHeaderArray['uri']);
$valid_response = $A1 . ':' . getNonce() . ':' . $requestHeaderArray['nc'];
$valid_response .= ':' . $requestHeaderArray['cnonce'] . ':' . $requestHeaderArray['qop'] . ':' . $A2;
$valid_response = md5($valid_response);
if ($requestHeaderArray['response'] != $valid_response) {//the user have to authenticate new - cause something in the authentication went wrong
die('Authentication failed - sorry, you have to authenticate once more!');
}
//if we are here - authentication has been done well!
//let's do the proxy things (came from owsproxy.php):
//special for type of authentication ******************************
//user information
//define $userId from database information
$userId = $userInformation[0];
break;
case 'basic':
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="' . REALM .'"');
header('HTTP/1.1 401 Unauthorized');
die('Authentication failed - sorry, you have to authenticate once more!');
} else {
//get mb_username and email out of http_auth username string
$userIdentification = explode(';', $_SERVER['PHP_AUTH_USER']);
$mbUsername = $userIdentification[0];
$mbEmail = $userIdentification[1]; //not given in all circumstances
$userInformation = getUserInfo($mbUsername, $mbEmail);
/*
$result[0] = $row['mb_user_id'];
$result[1] = $row['mb_user_digest'];
$result[2] = $row['mb_user_password'];
$result[3] = $row['password'];
*/
if ($userInformation[0] == '-1') {
die('User with name: ' . $mbUsername . ' and email: ' . $mbEmail . ' not known to security proxy!');
}
/*if ($userInformation[1] == '') { //check if digest exists in db - if no digest exists it should be a null string!
die('User with name: ' . $mbUsername . ' and email: ' . $mbEmail . ' has no digest - please set a new password and try again!');
}*/
//check password - new since 06/2019 - secure password !!!!!
if ($userInformation[3] == '' || $userInformation[3] == null) {
die('User with name: ' . $mbUsername . ' and email: ' . $mbEmail . ' has no password which is stored in a secure way. - Please login at the portal to generate one!');
}
if (password_verify($_SERVER['PHP_AUTH_PW'], $userInformation[3])) {
$userId = $userInformation[0];
} else {
$userId = $userInformation[0];
die('HTTP Authentication failed for user: ' . $mbUsername.'!');
}
}
break;
}//end switch
//}
}
//$e = new mb_exception("authentication successful!");
$layerId = $_REQUEST['layer_id'];
$wfsId = $_REQUEST['wfs_id'];
//new option for nested layers
$withChilds = false;
if (isset($_REQUEST["withChilds"]) && $_REQUEST["withChilds"] === "1") {
$withChilds = true;
}
//$e = new mb_exception($postData);
/*$query = new QueryHandler($postData);
// an array with keys and values toLoserCase -> caseinsensitiv
$reqParams = $query->getRequestParams();*/
$n = new administration();
if (!(isset($reqParams['service'])) AND (strtolower($reqParams['request'])=='getmap' || strtolower($reqParams['request'])=='getlegendgraphic')) {
$reqParams['service'] = 'wms';
}
//check for type of ows requested
switch (strtolower($reqParams['service'])) {
case 'wms':
//get id
$wmsId = getWmsIdByLayerId($layerId);
$owsproxyString = $n->getWMSOWSstring($wmsId);
$auth = $n->getAuthInfoOfWMS($wmsId);
break;
case 'wfs':
$owsproxyString = $n->getWFSOWSstring($wfsId);
$auth = $n->getAuthInfoOfWFS($wfsId);
break;
}
if (!$owsproxyString) {
die('The requested resource does not exists or the routing through mapbenders owsproxy is not activated!');
}
//get authentication infos if they are available in wms table! if not $auth = false
if ($auth['auth_type'] == '') {
unset($auth);
}
//define $userId from database information
//$userId = $userInformation[0];
/* ************ main workflow *********** */
switch (strtolower($reqParams['request'])) {
case 'getcapabilities':
switch (strtolower($reqParams['service'])) {
case 'wfs':
$arrayOnlineresources = checkWfsPermission($owsproxyString, false, $userId);
$query->setOnlineResource($arrayOnlineresources['wfs_getcapabilities']);
$request = $query->getRequest();
$request = str_replace('?&','?',$request);
//TODO: following is not the standard way because ows has not to handle vsp!!!
$request = delTotalFromQuery("wfs_id",$request);
//add force basic to request!!!!! - not for capabilities?
if ($authType == 'basic') {
$extraParameter = "forceBasicAuth=true";
} else {
$extraParameter = false;
}
//don't allow get parameters in conjunction with post!
if ($postData !== false) {
$request = $arrayOnlineresources['wfs_getcapabilities'];
}
if (isset($auth)) {
getWfsCapabilities($request, $extraParameter, $auth);
} else {
getWfsCapabilities($request, $extraParameter);
}
break;
case 'wms':
$arrayOnlineresources = checkWmsPermission($owsproxyString, $userId);
$query->setOnlineResource($arrayOnlineresources['wms_getcapabilities']);
if (isset($_SERVER["HTTPS"])) {
$urlPrefix = "https://";
} else {
$urlPrefix = "http://";
}
if (defined("MAPBENDER_PATH") && MAPBENDER_PATH != '') {
$request = MAPBENDER_PATH . "/php/wms.php?layer_id=" . $layerId;
} else {
$request = $urlPrefix . $_SERVER['HTTP_HOST'] . "/mapbender/php/wms.php?layer_id=" . $layerId;
}
if ($withChilds) {
$requestFull .= $request . '&withChilds=1&REQUEST=GetCapabilities&VERSION=1.1.1&SERVICE=WMS';
} else {
$requestFull .= $request . '&REQUEST=GetCapabilities&VERSION=1.1.1&SERVICE=WMS';
}
if ($authType == 'basic') {
$extraParameter = "&forceBasicAuth=true";
} else {
$extraParameter = false;
}
if (isset($auth)) {
getCapabilities($request, $requestFull, $extraParameter, $auth);
} else {
getCapabilities($request, $requestFull, $extraParameter);
}
break;
}
break;
case 'getfeatureinfo':
$arrayOnlineresources = checkWmsPermission($owsproxyString, $userId);
$query->setOnlineResource($arrayOnlineresources['wms_getfeatureinfo']);
$request = $query->getRequest();
$layers = checkLayerPermission($wmsId, $reqParams['layers'], $userId);
if ($layers == '') {
throwE("GetFeatureInfo permission denied on layer with id" . $layerId);
die();
}
//Ergaenzungen secured UMN Requests
$log_id = false;
if ($n->getWmsfiLogTag($arrayOnlineresources['wms_id']) == 1) {
#do log to db
#get price out of db
$price = intval($n->getWmsfiPrice($arrayOnlineresources['wms_id']));
//TODO - session is not set!!!!!!!!
$log_id = $n->logWmsGFIProxyRequest($arrayOnlineresources['wms_id'], $userId, $request,
$price);
}
if (isset($auth)) {
getFeatureInfo($log_id, $request, $auth);
} else {
getFeatureInfo($log_id, $request);
}
break;
case 'getmap':
$arrayOnlineresources = checkWmsPermission($owsproxyString, $userId);
$query->setOnlineResource($arrayOnlineresources['wms_getmap']);
$layers = checkLayerPermission($wmsId, $reqParams['layers'], $userId);
if ($layers == '') {
throwE("GetMap permission denied on layer with id " . $layerId);
die();
}
$query->setParam("layers", urldecode($layers));
$request = $query->getRequest();
// Ergaenzungen secured UMN Requests
//log proxy requests
$log_id = false;
if ($n->getWmsLogTag($wmsId) == 1) {
#do log to db
#TODO read out size of bbox and calculate price
#get price out of db
$price = intval($n->getWmsPrice($wmsId));
$log_id = $n->logFullWmsProxyRequest($arrayOnlineresources['wms_id'], $userId, $request, $price, 0);
}
if (isset($auth)) {
getImage($log_id, $request, $auth);
} else {
getImage($log_id, $request);
}
break;
case 'getlegendgraphic':
$url = getLegendUrl($wmsId);
if (isset($reqParams['sld']) && $reqParams['sld'] != "") {
$url = $url . getConjunctionCharacter($url) . "SLD=" . $reqParams['sld'];
}
//$e = new mb_exception("invoked legend url: ".$url);
if (isset($auth)) {
getImage(false, $url, $auth);
} else {
getImage(false, $url);
}
break;
case 'getfeature':
//$e = new mb_exception("http_auth/http/index.php - getfeature - requested features: ".$typeNameParameter.": ".json_encode($reqParams[$typeNameParameter]));
if (isset($reqParams['storedquery_id']) && $reqParams['storedquery_id'] !== "") {
$storedQueryId = $reqParams['storedquery_id'];
$arrayOnlineresources = checkWfsStoredQueryPermission($owsproxyString, $storedQueryId, $userId);
} else {
$arrayFeatures = array($reqParams[$typeNameParameter]);
//$e = new mb_exception("http_auth/http/index.php - getfeature - check permission: ".json_encode($arrayFeatures));
//$e = new mb_exception("".$typeNameParameter.": ".$reqParams[$typeNameParameter]);
$arrayOnlineresources = checkWfsPermission($owsproxyString, $arrayFeatures, $userId);
}
$query->setOnlineResource($arrayOnlineresources['wfs_getfeature']);
$request = $query->getRequest();
$request = stripslashes($request);
//TODO - what if storedquery are used ? log storedquery_id?
if ($n->getWfsLogTag($arrayOnlineresources['wfs_id']) == 1) {
//get price out of db
$price = intval($n->getWfsPrice($arrayOnlineresources['wfs_id']));
if (isset($reqParams['storedquery_id']) && $reqParams['storedquery_id'] !== "") {
$log_id = $n->logWfsProxyRequest($arrayOnlineresources['wfs_id'], $userId, $request,
$price, 0, $reqParams['storedquery_id']);
} else {
$log_id = $n->logWfsProxyRequest($arrayOnlineresources['wfs_id'], $userId, $request,
$price, 0, $reqParams[$typeNameParameter]);
}
} else {
$log_id = false;
}
//TODO: following is not the standard way because ows has not to handle vsp!!!
$request = delTotalFromQuery("wfs_id",$request);
//don't allow get parameters in conjunction with post!
if ($postData !== false) {
$request = $arrayOnlineresources['wfs_getfeature'];
}
if (isset($auth)) {
getFeature($log_id, $request, $auth);
} else {
getFeature($log_id, $request);
}
break;
case 'describefeaturetype':
$arrayFeatures = array($reqParams[$typeNameParameter]);
//$e = new mb_exception("http_auth/http/index.php - describefeaturetype - requested features: ".$typeNameParameter.": ".json_encode($reqParams[$typeNameParameter]));
//really crazy: https://github.com/qgis/QGIS/commit/ccb4c80f8a6d2bb179258f1ffec0dc9a447ca465
$arrayOnlineresources = checkWfsPermission($owsproxyString, $arrayFeatures, $userId);
$query->setOnlineResource($arrayOnlineresources['wfs_describefeaturetype']);
$request = $query->getRequest();
$request = stripslashes($request);
//TODO: following is not the standard way because ows has not to handle vsp!!!
$request = delTotalFromQuery("wfs_id",$request);
//don't allow get parameters in conjunction with post!
if ($postData !== false) {
$request = $arrayOnlineresources['wfs_describefeaturetype'];
}
if (isset($auth)) {
describeFeaturetype($request, $auth);
} else {
describeFeaturetype($request);
}
break;
case 'liststoredqueries':
if ($postData !== false) {
$operationMethod = "Post";
} else {
$operationMethod = "Get";
}
$listStoredQueriesUrl = getWfsOperationUrl($owsproxyString, "ListStoredQueries", $operationMethod);
$query->setOnlineResource($listStoredQueriesUrl);
$request = $query->getRequest();
$request = stripslashes($request);
//TODO: following is not the standard way because ows has not to handle vsp!!!
$request = delTotalFromQuery("wfs_id",$request);
//don't allow get parameters in conjunction with post!
if ($postData !== false) {
$request = $listStoredQueriesUrl;
}
if (isset($auth)) {
listStoredQueries($request, $auth);
} else {
listStoredQueries($request);
}
break;
case 'describestoredqueries':
if ($postData !== false) {
$operationMethod = "Post";
} else {
$operationMethod = "Get";
}
$describeStoredQueriesUrl = getWfsOperationUrl($owsproxyString, "DescribeStoredQueries", $operationMethod);
$query->setOnlineResource($describeStoredQueriesUrl);
$request = $query->getRequest();
$request = stripslashes($request);
//TODO: following is not the standard way because ows has not to handle vsp!!!
$request = delTotalFromQuery("wfs_id",$request);
//don't allow get parameters in conjunction with post!
if ($postData !== false) {
$request = $describeStoredQueriesUrl;
}
if (isset($auth)) {
describeStoredQueries($request, $auth);
} else {
describeStoredQueries($request);
}
break;
case '':
if (version_compare(PHP_VERSION, '7.0.0', '<')) {
$arrayFeatures = getWfsFeaturesFromTransaction($HTTP_RAW_POST_DATA);
}
else {
$rawpostdata = file_get_contents("php://input");
$arrayFeatures = getWfsFeaturesFromTransaction($rawpostdata);
}
$arrayOnlineresources = checkWfsPermission($owsproxyString, $arrayFeatures, $userId);
$query->setOnlineResource($arrayOnlineresources['wfs_transaction']);
$request = $query->getRequest();
//TODO: following is not the standard way because ows has not to handle vsp!!!
$request = delTotalFromQuery("wfs_id",$request);
if (version_compare(PHP_VERSION, '7.0.0', '<')) {
doTransaction($request, $HTTP_RAW_POST_DATA);
}
else {
$rawpostdata = file_get_contents("php://input");
doTransaction($request, $rawpostdata);
}
break;
default:
echo 'Your are logged in as: ' . $requestHeaderArray['username'] . ' and requested the layer/featuretype with id=' . $layerId . ' but your request is not a valid OWS request';
}
//functions for http_auth
//**********************************************************************************************
// function to parse the http auth header
function http_digest_parse($txt)
{
// protect against missing data
$needed_parts = array('nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1);
$data = array();
$keys = implode('|', array_keys($needed_parts));
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
foreach ($matches as $m) {
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
unset($needed_parts[$m[1]]);
}
return $needed_parts ? false : $data;
}
// function to get relevant user information from mb db
function getUserInfo($mbUsername, $mbEmail)
{
$result = array();
if (preg_match('#[@]#', $mbEmail)) {
$sql = "SELECT mb_user_id, mb_user_digest, mb_user_password, password FROM mb_user where mb_user_name = $1 AND mb_user_email = $2";
$v = array($mbUsername, $mbEmail);
$t = array("s", "s");
} else {
$sql = "SELECT mb_user_id, mb_user_aldigest As mb_user_digest, mb_user_password, password FROM mb_user where mb_user_name = $1";
$v = array($mbUsername);
$t = array("s");
}
$res = db_prep_query($sql, $v, $t);
if (!($row = db_fetch_array($res))) {
$result[0] = "-1";
} else {
$result[0] = $row['mb_user_id'];
$result[1] = $row['mb_user_digest'];
$result[2] = $row['mb_user_password'];
$result[3] = $row['password'];
}
return $result;
}
function getNonce()
{
global $nonceLife;
$time = ceil(time() / $nonceLife) * $nonceLife;
return md5(date('Y-m-d H:i', $time) . ':' . $_SERVER['REMOTE_ADDR'] . ':' . NONCEKEY);
}
/*********************************************************/
function throwE($e)
{
global $reqParams, $imageformats;
if (in_array($reqParams['format'], $imageformats)) {
throwImage($e);
} else {
throwText($e);
}
}
function throwImage($e)
{
global $width, $height;
$image = imagecreate($width, $height);
$transparent = ImageColorAllocate($image, 155, 155, 155);
ImageFilledRectangle($image, 0, 0, $width, $height, $transparent);
imagecolortransparent($image, $transparent);
$text_color = ImageColorAllocate($image, 233, 14, 91);
if (count($e) > 1) {
for ($i = 0; $i < count($e); $i++) {
$imageString = $e[$i];
ImageString($image, 3, 5, $i * 20, $imageString, $text_color);
}
} else {
if (is_array($e)) {
$imageString = $e[0];
} else {
$imageString = $e;
}
if ($imageString == "") {
$imageString = "An unknown error occured!";
}
ImageString($image, 3, 5, $i * 20, $imageString, $text_color);
}
responseImage($image);
}
function throwText($e)
{
echo join(" ", $e);
}
function responseImage($im)
{
global $reqParams;
global $imageformats;
if (!in_array($reqParams['format'], $imageformats)) {
header("Content-Type: image/png");
imagepng($im);
} else {
$format = $reqParams['format'];
//$format = "image/gif";
if ($format == 'image/png') {
header("Content-Type: image/png");
}
if ($format == 'image/jpeg' || $format == 'image/jpg') {
header("Content-Type: image/jpeg");
}
if ($format == 'image/gif') {
header("Content-Type: image/gif");
}
if ($format == 'image/png') {
imagepng($im);
}
if ($format == 'image/jpeg' || $format == 'image/jpg') {
imagejpeg($im);
}
if ($format == 'image/gif') {
imagegif($im);
}
}
}
function completeURL($url)
{
global $reqParams;
$mykeys = array_keys($reqParams);
for ($i = 0; $i < count($mykeys); $i++) {
if ($i > 0) {
$url .= "&";
}
$url .= $mykeys[$i] . "=" . urlencode($reqParams[$mykeys[$i]]);
}
return $url;
}
/**
* fetch and returns an image to client
*
* @param string the original url of the image to send
*/
function getImage($log_id, $or, $auth = false)
{
global $reqParams;
global $imageformats;
if (!in_array($reqParams['format'], $imageformats)) {
$header = "Content-Type: image/png";
} else {
$header = "Content-Type: ".$reqParams['format'];
}
if ($auth) { //new for HTTP Authentication
//$e = new mb_exception("try to get: ". $or);
getDocumentContent($log_id, $or, $header, $auth);
} else {
//$e = new mb_exception("no auth given");
getDocumentContent($log_id, $or, $header);
}
}
/**
* fetchs and returns the content of the FeatureInfo Response
*
* @param string the url of the FeatureInfoRequest
* @return string the content of the FeatureInfo document
*/
function getFeatureInfo($log_id, $url, $auth = false)
{
global $reqParams;
//$e = new mb_notice("owsproxy: Try to fetch FeatureInfoRequest: " . $url);
//header("Content-Type: " . $reqParams['info_format']);
if ($auth) { //new for HTTP Authentication
getDocumentContent($log_id, $url, false, $auth);
} else {
getDocumentContent($log_id, $url);
}
}
/**
* fetchs and returns the content of WFS GetFeature response
*
* @param string the url of the GetFeature request
* @return echo the content of the GetFeature document
*/
function getFeature($log_id, $url, $auth = false)
{
global $reqParams;
$content = getDocumentContent($log_id, $url, "Content-Type: application/xml", $auth);
}
/**
* fetchs and returns the content of WFS DescribeFeaturetype response
*
* @param string the url of the DescribeFeaturetype request
* @return echo the content of the DescribeFeaturetype document
*/
function describeFeaturetype($url, $auth = false)
{
global $reqParams;
$content = getDocumentContent(false, $url, "Content-Type: application/xml", $auth);
}
/**
* fetchs and returns the content of WFS 2.0+ ListStoredQueries response
*
* @param string the url of the ListStoredQueries request
* @return echo the content of the ListStoredQueries document
*/
function listStoredQueries($url, $auth = false)
{
global $reqParams;
$content = getDocumentContent(false, $url, "Content-Type: application/xml", $auth);
}
/**
* fetchs and returns the content of WFS 2.0+ DescribeStoredQueries response
*
* @param string the url of the DescribeStoredQueries request
* @return echo the content of the DescribeStoredQueries document
*/
function describeStoredQueries($url, $auth = false)
{
global $reqParams;
$content = getDocumentContent(false, $url, "Content-Type: application/xml", $auth);
}
/**
* simulates a post request to host
*
* @param string host to send the request to
* @param string port of host to send the request to
* @param string method to send data (should be "POST")
* @param string path on host
* @param string data to send to host
* @return string hosts response
*/
function sendToHost($host, $port, $method, $path, $data)
{
$buf = '';
if (empty($method))
$method = 'POST';
$method = mb_strtoupper($method);
$fp = fsockopen($host, $port);
fputs($fp, "$method $path HTTP/1.1\r\n");
fputs($fp, "Host: $host\r\n");
fputs($fp, "Content-type: application/xml\r\n");
fputs($fp, "Content-length: " . strlen($data) . "\r\n");
fputs($fp, "Connection: close\r\n\r\n");
if ($method == 'POST')
fputs($fp, $data);
while (!feof($fp)) $buf .= fgets($fp, 4096);
fclose($fp);
return $buf;
}
/**
* get wfs featurenames that are touched by a tansaction request defined in XML $data
*
* @param string XML that contains the tansaction request
* @return array array of touched feature names
*/
function getWfsFeaturesFromTransaction($data)
{
new mb_notice("owsproxy.getWfsFeaturesFromTransaction.data: " . $data);
if (!$data || $data == "") {
return false;
}
$features = array();
$values = NULL;
$tags = NULL;
$parser = xml_parser_create();
xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0);
xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 1);
xml_parse_into_struct($parser, $data, $values, $tags);
$code = xml_get_error_code($parser);
if ($code) {
$line = xml_get_current_line_number($parser);
$col = xml_get_current_column_number($parser);
$mb_notice = new mb_notice("OWSPROXY invalid Tansaction XML: " . xml_error_string($code) . " in line " . $line . " at character " . $col);
die();
}
xml_parser_free($parser);
$insert = false;
$insertlevel = 0;
foreach ($values as $element) {
//features touched by insert
if (strtoupper($element['tag']) == "WFS:INSERT" && $element['type'] == "open") {
$insert = true;
$insertlevel = $element[level];
}
if ($insert && $element[level] == $insertlevel + 1 && $element['type'] == "open") {
array_push($features, $element['tag']);
}
if (strtoupper($element['tag']) == "WFS:INSERT" && $element['type'] == "close") {
$insert = false;
}
//updated features - TODO - fix for wfs 2.0+ - typenames instead of typename!
//updated features
if (strtoupper($element['tag']) == "WFS:UPDATE" && $element['type'] == "open") {
array_push($features, $element['attributes']["typeName"]);
}
//deleted features
if (strtoupper($element['tag']) == "WFS:DELETE" && $element['type'] == "open") {
array_push($features, $element['attributes']["typeName"]);
}
}
return $features;
}
/**
* sends the data of WFS Transaction and echos the response
*
* @param string url to send the WFS Transaction to
* @param string WFS Transaction data
*/
function doTransaction($url, $data)
{
$arURL = parse_url($url);
$host = $arURL["host"];
$port = $arURL["port"];
if ($port == '')
$port = 80;
$path = $arURL["path"];
$method = "POST";
$result = sendToHost($host, $port, $method, html_entity_decode($path), $data);
//delete header from result
$result = mb_eregi_replace("^[^<]*", "", $result);
$result = mb_eregi_replace("[^>]*$", "", $result);
echo $result;
}
function matchUrls($content)
{
//TODO: problem here, we are stateless and have no information about any session :-( . To allow proxying, we need another temporal storage for the given urls
global $urlsToExclude;
$owsproxyUrls = Mapbender::session()->get('owsproxyUrls');
if ($owsproxyUrls == false) {
$e = new mb_notice("owsproxyUrls does not exist - create it!");
$owsproxyUrls = array();
$owsproxyUrls['id'] = array();
$owsproxyUrls['url'] = array();
Mapbender::session()->set('owsproxyUrls',$owsproxyUrls);
}
$pattern = "/[\"|\'](https*:\/\/[^\"|^\']*)[\"|\']/";
preg_match_all($pattern, $content, $matches);
for ($i = 0; $i < count($matches[1]); $i++) {
$req = $matches[1][$i];
$e = new mb_notice("Gefundene URL " . $i . ": " . $req);
#$notice = new mb_notice("owsproxy id:".$req);
//only register and exchange urls, that should not be excluded!
if (in_array($req,$urlsToExclude)) {
continue;
}
$id = registerURL($req);
$extReq = setExternalRequest($id);
//$e = new mb_exception("MD5 URL " . $id . "-Externer Link: " . $extReq);
$content = str_replace($req, $extReq, $content);
}
return $content;
}
function setExternalRequest($id)
{
global $reqParams, $query;
$extReq = "http://" . $_SESSION['HTTP_HOST'] . "/owsproxy/" . $reqParams['sid'] . "/" . $id . "?request=external";
return $extReq;
}
function getExternalRequest($id)
{
for ($i = 0; $i < count($_SESSION["owsproxyUrls"]["url"]); $i++) {
if ($id == $_SESSION["owsproxyUrls"]["id"][$i]) {
$cUrl = $_SESSION["owsproxyUrls"]["url"][$i];
$query_string = removeOWSGetParams($_SERVER["QUERY_STRING"]);
if ($query_string != '') {
$cUrl .= getConjunctionCharacter($cUrl) . $query_string;
}
$metainfo = get_headers($cUrl, 1);
// just for the stupid InternetExplorer
header('Pragma: private');
header('Cache-control: private, must-revalidate');
header("Content-Type: " . $metainfo['Content-Type']);
$content = getDocumentContent(false, $cUrl, $metainfo);
#$content = matchUrls($content); //In the case of http_auth - this is not possible cause we cannot save them in the header - maybe we could create a special session to do so later on?
echo $content;
}
}
}
function removeOWSGetParams($query_string)
{
$r = preg_replace("/.*request=external&/", "", $query_string);
#return $r;
return "";
}
function getConjunctionCharacter($url)
{
if (strpos($url, "?")) {
if (strpos($url, "?") == strlen($url)) {
$cchar = "";
} else if (strpos($url, "&") == strlen($url)) {
$cchar = "";
} else {
$cchar = "&";
}
}
if (strpos($url, "?") === false) {
$cchar = "?";
}
return $cchar;
}
function registerUrl($url)
{
if (!in_array($url, $_SESSION["owsproxyUrls"]["url"])) {
//$e = new mb_exception("Is noch net drin!");
$id = md5($url);
//$e = new mb_exception("ID: " . $id . " URL: " . $url . " will be written to session");
array_push($_SESSION["owsproxyUrls"]["url"], $url);
array_push($_SESSION["owsproxyUrls"]["id"], $id);
} else {
//$e = new mb_exception("It was found! Search content and return ID!");
for ($i = 0; $i < count($_SESSION["owsproxyUrls"]["url"]); $i++) {
//$e = new mb_exception("Content " . $i . " : proxyurl:" . $_SESSION["owsproxyUrls"]["url"][$i] . " - new: " . $url);
if ($url == $_SESSION["owsproxyUrls"]["url"][$i]) {
//$e = new mb_exception("Identical! ID:" . $_SESSION["owsproxyUrls"]["id"][$i] . " will be used");
$id = $_SESSION["owsproxyUrls"]["id"][$i];
}
}
}
return $id;
}
function getCapabilities($request, $requestFull, $extraParameter, $auth = false)
{
global $arrayOnlineresources;
global $layerId;
header("Content-Type: application/xml");
if ($auth) { //new for HTTP Authentication
$d = new connector($requestFull, $auth);
} else {
$d = new connector($requestFull);
}
$content = $d->file;
//show temporal content fo capabilities
$e = new mb_notice("content from wms.php fascade after going thru curl: " . $content);
//loading as xml
libxml_use_internal_errors(true);
try {
$capFromFascadeXmlObject = simplexml_load_string($content);
if ($capFromFascadeXmlObject === false) {
foreach (libxml_get_errors() as $error) {
$err = new mb_exception("http_auth/index.php: " . $error->message);
}
throw new Exception("http_auth/index.php: " . 'Cannot parse Metadata XML!');
echo "http_auth/index.php: Cannot parse Capabilities XML!";
die();
}
} catch (Exception $e) {
$err = new mb_exception("http_auth/index.php: " . $e->getMessage());
echo "http_auth/index.php: " . $e->getMessage() . "";
die();
}
//exchanging urls in some special fields
//
//GetCapabilities, GetMap, GetFeatureInfo, GetLegendGraphics, ...
$capFromFascadeXmlObject->registerXPathNamespace("xlink", "http://www.w3.org/1999/xlink");
//Mapping of urls for wms 1.1.1 which should be exchanged
$urlsToChange = array(
'/WMT_MS_Capabilities/Capability/Request/GetCapabilities/DCPType/HTTP/Get/OnlineResource/@xlink:href',
'/WMT_MS_Capabilities/Capability/Request/GetCapabilities/DCPType/HTTP/Post/OnlineResource/@xlink:href',
'/WMT_MS_Capabilities/Capability/Request/GetMap/DCPType/HTTP/Get/OnlineResource/@xlink:href',
'/WMT_MS_Capabilities/Capability/Request/GetMap/DCPType/HTTP/Post/OnlineResource/@xlink:href',
'/WMT_MS_Capabilities/Capability/Request/GetFeatureInfo/DCPType/HTTP/Get/OnlineResource/@xlink:href',
'/WMT_MS_Capabilities/Capability/Request/GetFeatureInfo/DCPType/HTTP/Post/OnlineResource/@xlink:href',
'/WMT_MS_Capabilities/Capability/Layer/Layer/Style/LegendURL/OnlineResource/@xlink:href'
);
foreach ($urlsToChange as $xpath) {
$href = $capFromFascadeXmlObject->xpath($xpath);
$e = new mb_notice("old href: " . $href[0]);
$e = new mb_notice("href replaced: " . replaceOwsUrls($href[0], $layerId));
$href[0][0] = replaceOwsUrls($href[0], $layerId, $extraParameter);
}
echo $capFromFascadeXmlObject->asXML();
}
function replaceOwsUrls($owsUrl, $layerId, $extraParameter)
{
$new = "http_auth/" . $layerId . "?";
$pattern = "#owsproxy/[a-z0-9]{32}\/[a-z0-9]{32}\?#m";
$httpAuthUrl = preg_replace($pattern, $new, $owsUrl);
//replace
//also replace the getcapabilities url with authenticated one ;-)
if (defined("MAPBENDER_PATH") && MAPBENDER_PATH != '') {
$wmsUrl = parse_url(MAPBENDER_PATH);
$path = $wmsUrl['path'];
$pattern = "#" . $path . "/php/wms.php\?layer_id=" . $layerId . "m";
} else {
$pattern = "#mapbender/php/wms.php\?layer_id=" . $layerId . "m";
}
$httpAuthUrl = preg_replace($pattern, "/" . $new, $httpAuthUrl);
//use always https for url
if (defined("HTTP_AUTH_PROXY") && HTTP_AUTH_PROXY != '') {
$parsed_url = parse_url(HTTP_AUTH_PROXY);
if ($parsed_url['scheme'] == "https") {
$httpAuthUrl = preg_replace("#http:#", "https:", $httpAuthUrl);
$httpAuthUrl = preg_replace("#:80/#", ":443/", $httpAuthUrl);
}
}
if ($extraParameter !== false) {
$httpAuthUrl .= $extraParameter;
}
return $httpAuthUrl;
}
function getWfsCapabilities($request, $extraParameter, $auth = false)
{
global $arrayOnlineresources, $postData, $query;
global $sid, $serviceId, $wfsId;
global $reqParams;
$urlsToChange = array();
switch ($reqParams['version']) {
case "2.0.0":
$operations = array("GetCapabilities", "DescribeFeatureType", "GetFeature", "Transaction", "GetPropertyValue", "ListStoredQueries", "DescribeStoredQueries", "CreateStoredQuery", "DropStoredQuery");
foreach($operations as $operation) {
$urlsToChange[] = '/wfs:WFS_Capabilities/ows:OperationsMetadata/ows:Operation[@name="'.$operation.'"]/ows:DCP/ows:HTTP/ows:Get/@xlink:href';
$urlsToChange[] = '/wfs:WFS_Capabilities/ows:OperationsMetadata/ows:Operation[@name="'.$operation.'"]/ows:DCP/ows:HTTP/ows:Post/@xlink:href';
}
$namespaces = array("ows" => "http://www.opengis.net/ows/1.1",
"wfs" => "http://www.opengis.net/wfs/2.0",
"xlink" => "http://www.w3.org/1999/xlink"
);
break;
case "2.0.2":
$operations = array("GetCapabilities", "DescribeFeatureType", "GetFeature", "Transaction", "GetPropertyValue", "ListStoredQueries", "DescribeStoredQueries", "CreateStoredQuery", "DropStoredQuery");
foreach($operations as $operation) {
$urlsToChange[] = '/wfs:WFS_Capabilities/ows:OperationsMetadata/ows:Operation[@name="'.$operation.'"]/ows:DCP/ows:HTTP/ows:Get/@xlink:href';
$urlsToChange[] = '/wfs:WFS_Capabilities/ows:OperationsMetadata/ows:Operation[@name="'.$operation.'"]/ows:DCP/ows:HTTP/ows:Post/@xlink:href';
}
$namespaces = array("ows" => "http://www.opengis.net/ows/1.1",
"wfs" => "http://www.opengis.net/wfs/2.0",
"xlink" => "http://www.w3.org/1999/xlink"
);
break;
case "1.1.0":
$operations = array("GetCapabilities", "DescribeFeatureType", "GetFeature", "GetGmlObject", "Transaction");
foreach($operations as $operation) {
$urlsToChange[] = '/wfs:WFS_Capabilities/ows:OperationsMetadata/ows:Operation[@name="'.$operation.'"]/ows:DCP/ows:HTTP/ows:Get/@xlink:href';
$urlsToChange[] = '/wfs:WFS_Capabilities/ows:OperationsMetadata/ows:Operation[@name="'.$operation.'"]/ows:DCP/ows:HTTP/ows:Post/@xlink:href';
}
$namespaces = array("ows" => "http://www.opengis.net/ows",
"wfs" => "http://www.opengis.net/wfs",
"xlink" => "http://www.w3.org/1999/xlink"
);
break;
case "1.0.0":
$operations = array("GetCapabilities", "DescribeFeatureType", "GetFeature", "Transaction");
foreach($operations as $operation) {
$urlsToChange[] = '/wfs:WFS_Capabilities/wfs:Capability/wfs:Request/wfs:'.$operation.'/wfs:DCPType/wfs:HTTP/wfs:Get/@onlineResource';
$urlsToChange[] = '/wfs:WFS_Capabilities/wfs:Capability/wfs:Request/wfs:'.$operation.'/wfs:DCPType/wfs:HTTP/wfs:Post/@onlineResource';
}
$namespaces = array("wfs" => "http://www.opengis.net/wfs");
break;
default:
//default exchange all like 2.0.0
$operations = array("GetCapabilities", "DescribeFeatureType", "GetFeature", "Transaction", "GetPropertyValue", "ListStoredQueries", "DescribeStoredQueries", "CreateStoredQuery", "DropStoredQuery");
foreach($operations as $operation) {
$urlsToChange[] = '/wfs:WFS_Capabilities/ows:OperationsMetadata/ows:Operation[@name="'.$operation.'"]/ows:DCP/ows:HTTP/ows:Get/@xlink:href';
$urlsToChange[] = '/wfs:WFS_Capabilities/ows:OperationsMetadata/ows:Operation[@name="'.$operation.'"]/ows:DCP/ows:HTTP/ows:Post/@xlink:href';
}
$namespaces = array("ows" => "http://www.opengis.net/ows/1.1",
"wfs" => "http://www.opengis.net/wfs/2.0",
"xlink" => "http://www.w3.org/1999/xlink"
);
break;
}
//TODO - set to persistent url
$owsproxyUrl = parse_url(OWSPROXY);
if ($owsproxyUrl['port'] == '80' || $owsproxyUrl['port'] == '') {
$port = "";
} else {
$port = ":".$owsproxyUrl['port'];
}
$new = $owsproxyUrl['scheme'] . "://" .$owsproxyUrl['host']. $port . "/registry/wfs/" . $wfsId;# ."?";
if ($extraParameter !== false) {
$new .= '?'.$extraParameter;
//force https if authType is basic!
$new = str_replace("http://", "https://", $new);
}
if ($postData == false) { //no post_xml was used
//check POST/GET
if ($query->reqMethod !== 'POST') {
if ($auth) { //new for HTTP Authentication
$d = new connector($request, $auth);
} else {
$d = new connector($request);
}
} else {
$d = new connector();
$d->set('httpType','POST');
//$d->set('curlSendCustomHeaders',true);
$d->set('httpPostData', $query->getPostQueryString());//as array
//$d->set('httpContentType','text/xml');
//TODO maybe delete some params from querystring which are already in post array
if ($auth) { //new for HTTP Authentication
$d->load($request, $auth);
} else {
$d->load($request);
}
}
$wfsCaps = $d->file;
} else {
//$e = new mb_exception("owsproxy/index.php: postData will be send: ".$postData);
$postInterfaceObject = new connector();
$postInterfaceObject->set('httpType','POST');
$postInterfaceObject->set('curlSendCustomHeaders',true);
$postInterfaceObject->set('httpPostData', $postData);
$postInterfaceObject->set('httpContentType','text/xml');
if ($auth) { //new for HTTP Authentication
$postInterfaceObject->load($request, $auth);
} else {
$postInterfaceObject->load($request);
}
$wfsCaps = $postInterfaceObject->file;
}
//load xml and replace urls
libxml_use_internal_errors(true);
try {
$capFromFascadeXmlObject = simplexml_load_string($wfsCaps);
if ($capFromFascadeXmlObject === false) {
foreach (libxml_get_errors() as $error) {
$err = new mb_exception("http_auth/index.php: " . $error->message);
}
throw new Exception("http_auth/index.php: " . 'Cannot parse Metadata XML!');
echo "http_auth/index.php: Cannot parse WFS Capabilities XML!";
die();
}
} catch (Exception $e) {
$err = new mb_exception("http_auth/index.php: " . $e->getMessage());
echo "http_auth/index.php: " . $e->getMessage() . "";
die();
}
//exchange via xpath
//register namespaces
foreach($namespaces as $key => $value){
$capFromFascadeXmlObject->registerXPathNamespace($key, $value);
}
$test = $capFromFascadeXmlObject->xpath("");
//replace
foreach ($urlsToChange as $xpath) {
//$e = new mb_exception($xpath);
$href = $capFromFascadeXmlObject->xpath($xpath);
//$e = new mb_exception($href[0]);
$href[0][0] = $new;
}
header("Content-Type: application/xml");
echo $capFromFascadeXmlObject->asXML();
//TODO: check if the following is further needed
//$r = str_replace($t, $new, $wfsCaps);
//delete trailing amp; 's
//$r = str_replace('amp;', '', $r);
//header("Content-Type: application/xml");
//echo $r;
}
/**
* gets the original url of the requested legend graphic
*
* @param string owsproxy md5
* @return string url to legend graphic
*/
function getLegendUrl($wmsId)
{
global $reqParams;
//get wms_getlegendurl
$sql = "SELECT wms_getlegendurl FROM wms WHERE wms_id = $1";
$v = array($wmsId);
$t = array("i");
$res = db_prep_query($sql, $v, $t);
if ($row = db_fetch_array($res)) {
$getLegendUrl = $row["wms_getlegendurl"];
} else {
throwE(array("No wms data available."));
die();
}
//get the url
$sql = "SELECT layer_style.legendurl ";
$sql .= "FROM layer_style JOIN layer ";
$sql .= "ON layer_style.fkey_layer_id = layer.layer_id ";
$sql .= "WHERE layer.layer_name = $2 AND layer.fkey_wms_id = $1 ";
$sql .= "AND layer_style.name = $3 AND layer_style.legendurlformat = $4";
if ($reqParams['style'] == '') {
$style = 'default';
} else {
$style = $reqParams['style'];
}
$v = array($wmsId, $reqParams['layer'], $style, $reqParams['format']);
$t = array("i", "s", "s", "s");
$res = db_prep_query($sql, $v, $t);
if ($row = db_fetch_array($res)) {
if (strpos($row["legendurl"], 'http') !== 0) {
$e = new mb_notice("combine legendurls!");
return $getLegendUrl . $row["legendurl"];
}
return $row["legendurl"];
} else {
throwE(array("No legendurl available."));
die();
}
}
/**
* validated access permission on requested wms
*
* @param wmsId integer, userId - integer
* @return array array with detailed information about requested wms
*/
function checkWmsPermission($wmsOws, $userId)
{
global $con, $n;
$myguis = $n->getGuisByPermission($userId, true);
$mywms = $n->getWmsByOwnGuis($myguis);
$sql = "SELECT * FROM wms WHERE wms_owsproxy = $1";
$v = array($wmsOws);
$t = array("s");
$res = db_prep_query($sql, $v, $t);
$service = array();
if ($row = db_fetch_array($res)) {
$service["wms_id"] = $row["wms_id"];
$service["wms_getcapabilities"] = $row["wms_getcapabilities"];
$service["wms_getmap"] = $row["wms_getmap"];
$service["wms_getfeatureinfo"] = $row["wms_getfeatureinfo"];
$service["wms_getcapabilities_doc"] = $row["wms_getcapabilities_doc"];
// $service["wms_spatialsec"] = $row["wms_spatialsec"];
}
if (!$row || count($mywms) == 0) {
throwE(array("No wms data available."));
die();
}
if (!in_array($service["wms_id"], $mywms)) {
throwE(array("Permission denied.", " -> " . $service["wms_id"], implode(",", $mywms)));
die();
}
return $service;
}
/**
* validates the access permission by getting the appropriate wfs_conf
* to each feature requested and check the wfs_conf permission
*
* @param string owsproxy md5
* @param array array of requested featuretype names
* @return array array with detailed information on reqested wfs
*/
function checkWfsPermission($wfsOws, $features, $userId)
{
global $con, $n;
$myconfs = $n->getWfsConfByPermission($userId);
if ($features !== false) {
//check if we know the features requested
if (count($features) == 0) {
throwE(array("No wfs_feature data available."));
die();
}
}
//get wfs
$sql = "SELECT * FROM wfs WHERE wfs_owsproxy = $1";
$v = array($wfsOws);
$t = array("s");
$res = db_prep_query($sql, $v, $t);
$service = array();
if ($row = db_fetch_array($res)) {
$service["wfs_id"] = $row["wfs_id"];
$service["wfs_getcapabilities"] = $row["wfs_getcapabilities"];
$service["wfs_getfeature"] = $row["wfs_getfeature"];
$service["wfs_describefeaturetype"] = $row["wfs_describefeaturetype"];
$service["wfs_transaction"] = $row["wfs_transaction"];
$service["wfs_getcapabilities_doc"] = $row["wfs_getcapabilities_doc"];
} else {
throwE(array("No wfs data available."));
die();
}
foreach ($features as $feature) {
//get appropriate wfs_conf
$sql = "SELECT wfs_conf.wfs_conf_id FROM wfs_conf ";
$sql.= "JOIN wfs_featuretype ";
$sql.= "ON wfs_featuretype.featuretype_id = wfs_conf.fkey_featuretype_id ";
$sql.= "WHERE wfs_featuretype.featuretype_name = $2 ";
$sql.= "AND wfs_featuretype.fkey_wfs_id = $1";
$v = array($service["wfs_id"], $feature);
$t = array("i", "s");
$res = db_prep_query($sql, $v, $t);
if (!($row = db_fetch_array($res))) {
$notice = new mb_exception("Permissioncheck failed no wfs conf for wfs " . $service["wfs_id"] . " with featuretype " . $feature);
throwE(array("No wfs_conf data for featuretype " . $feature));
die();
}
$conf_id = $row["wfs_conf_id"];
//check permission
if (!in_array($conf_id, $myconfs)) {
$notice = new mb_exception("Permissioncheck failed:" . $conf_id . " not in " . implode(",", $myconfs));
throwE(array("Permission denied.", " -> " . $conf_id, implode(",", $myconfs)));
die();
}
}
return $service;
}
/**
* validates the access permission by getting the appropriate wfs_conf
* to each feature requested and check the wfs_conf permission
*
* @param string owsproxy md5
* @param array array of requested featuretype names
* @return array array with detailed information on reqested wfs
*/
function checkWfsStoredQueryPermission($wfsOws, $storedQueryId, $userId)
{
global $con, $n;
$myconfs = $n->getWfsConfByPermission($userId);
if ($storedQueryId !== false) {
} else {
throwE(array("No storedquery_id data available."));
die();
}
//get wfs
$sql = "SELECT * FROM wfs WHERE wfs_owsproxy = $1";
$v = array($wfsOws);
$t = array("s");
$res = db_prep_query($sql, $v, $t);
$service = array();
if ($row = db_fetch_array($res)) {
$service["wfs_id"] = $row["wfs_id"];
$service["wfs_getcapabilities"] = $row["wfs_getcapabilities"];
$service["wfs_getfeature"] = $row["wfs_getfeature"];
$service["wfs_describefeaturetype"] = $row["wfs_describefeaturetype"];
$service["wfs_transaction"] = $row["wfs_transaction"];
$service["wfs_getcapabilities_doc"] = $row["wfs_getcapabilities_doc"];
} else {
throwE(array("No wfs data available."));
die();
}
//get appropriate wfs_conf
$sql = "SELECT wfs_conf.wfs_conf_id FROM wfs_conf WHERE fkey_wfs_id = $1 AND stored_query_id = $2";
$v = array($service["wfs_id"], $storedQueryId);
$t = array("i", "s");
$res = db_prep_query($sql, $v, $t);
if (!($row = db_fetch_array($res))) {
$notice = new mb_exception("Permissioncheck failed no wfs conf for wfs " . $service["wfs_id"] . " with storedquery_id " . $storedQueryId);
throwE(array("No wfs_conf data for storedquery_id " . $storedQueryId));
die();
}
$conf_id = $row["wfs_conf_id"];
//check permission
if (!in_array($conf_id, $myconfs)) {
$notice = new mb_exception("Permissioncheck failed:" . $conf_id . " not in " . implode(",", $myconfs));
throwE(array("Permission denied.", " -> " . $conf_id, implode(",", $myconfs)));
die();
}
return $service;
}
function getWfsOperationUrl($wfsOws, $operationName, $operationMethod) {
$timeBegin = microtime();
$sql = "SELECT wfs_getcapabilities_doc FROM wfs WHERE wfs_owsproxy = $1";
$v = array($wfsOws);
$t = array("s");
$res = db_prep_query($sql, $v, $t);
if ($row = db_fetch_array($res)) {
$capXml = $row["wfs_getcapabilities_doc"];
} else {
throwE(array("No wfs data available."));
die();
}
//parse capabilities
$wfs20Cap = new DOMDocument();
try {
if (!$wfs20Cap->loadXML($capXml)) {
throw new Exception("Cannot parse WFS 2.0 Capabilities!");
}
}
catch (Exception $e) {
$e = new mb_exception($e->getMessage());
}
if ($wfs20Cap !== false) {
$xpath = new DOMXPath($wfs20Cap);
$rootNamespace = $wfs20Cap->lookupNamespaceUri($wfs20Cap->namespaceURI);
$e = new mb_notice("rootns: ".$rootNamespace);
$xpath->registerNamespace('defaultns', $rootNamespace);
$xpath->registerNamespace("ows", "http://www.opengis.net/ows");
$xpath->registerNamespace("gml", "http://www.opengis.net/gml");
$xpath->registerNamespace("ogc", "http://www.opengis.net/ogc");
$xpath->registerNamespace("xlink", "http://www.w3.org/1999/xlink");
$xpath->registerNamespace("xsi", "http://www.w3.org/2001/XMLSchema-instance");
$urlArray = DOMNodeListObjectValuesToArray($xpath->query('/defaultns:WFS_Capabilities/ows:OperationsMetadata/ows:Operation[@name=\''.$operationName.'\']/ows:DCP/ows:HTTP/ows:'.$operationMethod.'/@xlink:href'));
//check for type
if (is_array($urlArray)) {
$e = new mb_notice("http_auth/http/index.php: url for operation ".$operationName." : ".$urlArray[0]);
$timeEnd = microtime();
$e = new mb_notice("http_auth/http/index.php: time to get url from capabilities: ".($timeEnd-$timeBegin)*1000);
return $urlArray[0];
} else {
$e = new mb_exception("http_auth/http/index.php: no url for operation ".$operationName." and method ".$operationMethod." found in Capabilities. Function returned: ".json_encode($urlArray[0]));
return false;
}
} else {
$e = new mb_exception("http_auth/http/index.php: Problem while trying to do xpath on capabilities document!");
return false;
}
}
function DOMNodeListObjectValuesToArray($domNodeList) {
$iterator = 0;
$array = array();
foreach ($domNodeList as $item) {
$array[$iterator] = $item->nodeValue; // this is a DOMNode instance
// you might want to have the textContent of them like this
$iterator++;
}
return $array;
}
function checkLayerPermission($wms_id, $l, $userId)
{
global $n, $owsproxyService;
$myl = explode(",", $l);
$r = array();
foreach ($myl as $mysl) {
if ($n->getLayerPermission($wms_id, $mysl, $userId) === true) {
array_push($r, $mysl);
}
}
$ret = implode(",", $r);
return $ret;
}
function getDocumentContent($log_id, $url, $header = false, $auth = false)
{
global $reqParams, $n, $postData, $query;
//debug
$startTime = microtime();
if ($postData == false) {
//check POST/GET
if ($query->reqMethod !== 'POST') {
if ($auth) { //new for HTTP Authentication
$d = new connector($url, $auth);
} else {
$d = new connector($url);
}
} else {
$d = new connector();
$d->set('httpType','POST');
//$d->set('curlSendCustomHeaders',true);
$d->set('httpPostData', $query->getPostQueryString());//as array
//$d->set('httpContentType','text/xml');
//TODO maybe delete some params from querystring which are already in post array
if ($auth) { //new for HTTP Authentication
$d->load($url, $auth);
} else {
$d->load($url);
}
}
$content = $d->file;
} else {
$e = new mb_notice("owsproxy/index.php: postData will be send ");
$postInterfaceObject = new connector();
$postInterfaceObject->set('httpType','POST');
$postInterfaceObject->set('curlSendCustomHeaders',true);
$postInterfaceObject->set('httpPostData', $postData);
$postInterfaceObject->set('httpContentType','text/xml');
if ($auth) { //new for HTTP Authentication
$postInterfaceObject->load($url, $auth);
} else {
$postInterfaceObject->load($url);
}
$content = $postInterfaceObject->file;
}
$endTime = microtime();
//$e = new mb_exception("owsproxy/http/index.php: Time for getting remote resource: ".(string)($endTime - $startTime));
if (strtoupper($reqParams["request"]) == "GETMAP") { // getmap
$pattern_exc = '~EXCEPTION~i';
preg_match($pattern_exc, $content, $exception);
if (!$content) {
if ($log_id != null && is_integer($log_id)) {
$n->updateWmsLog(0, "Mb2OWSPROXY - unable to load: " . $url, "text/plain", $log_id);
}
header("Content-Type: text/plain");
echo "Mb2OWSPROXY - unable to load external request - for further information please see logfile";
} else if (count($exception) > 0) {
if ($log_id != null && is_integer($log_id)) {
$n->updateWmsLog(0, $content, $reqParams["exceptions"], $log_id);
}
header("Content-Type: " . $reqParams["exceptions"]);
echo $content;
} else {
$source = new Imagick();
$source->readImageBlob($content);
$numColors = $source->getImageColors();
if ($log_id != null && is_integer($log_id)) {
$n->updateWmsLog($numColors <= 1 ? -1 : 1, null, null, $log_id);
}
header("Content-Type: " . $reqParams['format']);
echo $content;
}
return true;
} else if (strtoupper($reqParams["request"]) == "GETFEATUREINFO") { // getmap
// header("Content-Type: ".$reqParams['info_format']);
// $content = matchUrls($content);
// echo $content;
$pattern_exc = '~EXCEPTION~i';
preg_match($pattern_exc, $content, $exception);
if (!$content) {
if ($log_id != null) {
$n->updateWmsFiLog("Mb2OWSPROXY - unable to load: " . $url, "text/plain", $log_id);
}
header("Content-Type: text/plain");
echo "Mb2OWSPROXY - unable to load external request - for further information please see logfile";
} else if (count($exception) > 0) {
if ($log_id != null) {
$n->updateWmsFiLog($content, "application/xml", $log_id);
}
header("Content-Type: application/xml");
echo $content;
} else {
header("Content-Type: " . $reqParams['info_format']);
if ($log_id != null) {
$n->updateWmsFiLog(null, null, $log_id);
}
$content = matchUrls($content);
echo $content;
}
return true;
} elseif (strtoupper($reqParams["request"]) == "GETFEATURE") {
$e = new mb_notice("http_auth/http/index.php: GetFeature invoked");
$startTime = microtime();
//parse featureCollection and get number of objects
libxml_use_internal_errors(true);
try {
$featureCollectionXml = simplexml_load_string($content);
if ($featureCollectionXml === false) {
foreach(libxml_get_errors() as $error) {
$err = new mb_exception("owsproxy/http/index.php:".$error->message);
}
throw new Exception("owsproxy/http/index.php:".'Cannot parse featureCollection XML!');
//TODO give error message
}
}
catch (Exception $e) {
$err = new mb_exception("owsproxy/index.php:".$e->getMessage());
//TODO give error message
}
if ($featureCollectionXml !== false) {
//$featureCollectionXml->registerXPathNamespace("gmd", "http://www.isotc211.org/2005/gmd");
$featureCollectionXml->registerXPathNamespace("ogc", "http://www.opengis.net/ogc");
if ($reqParams["version"] == '2.0.0' || $reqParams["version"] == '2.0.2') {
$featureCollectionXml->registerXPathNamespace("wfs", "http://www.opengis.net/wfs/2.0");
} else {
$featureCollectionXml->registerXPathNamespace("wfs", "http://www.opengis.net/wfs");
}
$featureCollectionXml->registerXPathNamespace("gco", "http://www.isotc211.org/2005/gco");
$featureCollectionXml->registerXPathNamespace("gml", "http://www.opengis.net/gml");
$featureCollectionXml->registerXPathNamespace("xlink", "http://www.w3.org/1999/xlink");
$featureCollectionXml->registerXPathNamespace("xsi", "http://www.w3.org/2001/XMLSchema-instance");
$featureCollectionXml->registerXPathNamespace("default", "");
preg_match('@version=(?P\d\.\d\.\d)&@i', strtolower($url), $version);
if (!$reqParams['version']) {
$e = new mb_notice("owsproxy/http/index.php: No version for wfs request given in reqParams!");
}
switch ($reqParams['version']) {
case "1.0.0":
//get # of features from counting features
$numberOfFeatures = $featureCollectionXml->xpath('//wfs:FeatureCollection/gml:featureMember');
$numberOfFeatures = count($numberOfFeatures);
break;
case "1.1.0":
//get # of features from counting features
$numberOfFeatures = $featureCollectionXml->xpath('//wfs:FeatureCollection/gml:featureMember');
$numberOfFeatures = count($numberOfFeatures);
break;
//for wfs 2.0 - don't count features
default:
//get # of features from attribut
$numberOfFeatures = $featureCollectionXml->xpath('//wfs:FeatureCollection/@numberReturned');
$numberOfFeatures = $numberOfFeatures[0];
break;
}
$endTime = microtime();
$e = new mb_notice("owsproxy/http/index.php: ".$numberOfFeatures." delivered features from wfs.");
//TODO: enhance error management
if ($log_id !== false) {
$n->updateWfsLog(1, '', '', $numberOfFeatures, $log_id);
}
$e = new mb_notice("owsproxy/http/index.php: Time for counting: ". (string)($endTime - $startTime));
$e = new mb_notice("owsproxy/http/index.php: Memory used for XML String: ".getVariableUsage($content)/1000000 ."MB");
if (header !== false) {
header($header);
}
echo $content;
}
} else {
if (header !== false) {
header($header);
}
echo $content;
}
}
//**********************************************************************************************
//extra functions TODO: push them in class_administration.php
/**
* selects the wms id for a given layer id.
*
* @param the layer id
* @return either the id of the wms as integer or false when none exists
*/
function getWmsIdByLayerId($id)
{
$sql = "SELECT fkey_wms_id FROM layer WHERE layer_id = $1";
$v = array($id);
$t = array('i');
$res = db_prep_query($sql, $v, $t);
$row = db_fetch_array($res);
if ($row)
return $row["fkey_wms_id"];
else
return false;
}
function getVariableUsage($var) {
$total_memory = memory_get_usage();
$tmp = unserialize(serialize($var));
return memory_get_usage() - $total_memory;
}
//function to remove one complete get param out of the query
function delTotalFromQuery($paramName,$queryString) {
//echo $paramName ."
";
$queryString = "&".$queryString;
if ($paramName == "searchText") {
$str2exchange = "searchText=*&";
} else {
$str2exchange = "";
}
$queryStringNew = preg_replace('/\b'.$paramName.'\=[^&]*&?/',$str2exchange,$queryString); //TODO find empty get params
$queryStringNew = ltrim($queryStringNew,'&');
$queryStringNew = rtrim($queryStringNew,'&');
return $queryStringNew;
}
?>