public function __construct($queryType = array())
{
parent::__construct(array());
foreach ($queryType as $key) {
switch ($key) {
case "Active":
$querySelActive = "\n\t\t\t\t\tSELECT * FROM vnd_customers\n\t\t\t\t\tWHERE active = 1 and deleted = 0 \n\t\t\t\t\tand id = :id ";
$this->sth_sel_active_customers = $db_conn->prepare($querySelActive);
break;
}
}
}
function authenticate(\Slim\Route $route)
{
$app = \Slim\Slim::getInstance();
$query = new QueryHandler();
$auth = new HashGenerator();
// Getting request headers
$headers = apache_request_headers();
$requestURI = $_SERVER['REQUEST_URI'];
$requestMethod = $app->request->getMethod();
$params = $route->getParams();
try {
$userId = intval($params['userId']);
if (!$userId > 0) {
$userId = DEFAULT_USER;
}
} catch (Exception $e) {
$userId = DEFAULT_USER;
}
// TEST CODE ****************************
$testParams = implode(',', getRequestParams());
echo "<h3>{$testParams}</h3>";
// END TEST CODE ************************
// Get Handshake KEY
if (!isset($headers['Authorization'])) {
// api key is missing in header
exitApp(BAD_REQUEST, "Authorization key is misssing");
}
// Get User Access Key
if (!isset($headers['AccessKey']) && $userId !== DEFAULT_USER) {
// api key is missing in header
exitApp(BAD_REQUEST, "Access key is misssing");
}
$auth_key = $headers['Authorization'];
@($accessKey = $headers['AccessKey']);
$stringParams = implode(',', getRequestParams());
// AUTHORIZE ADMIN OPERATION
$adminData = "admin" . $requestURI . "#" . $stringParams;
$adminHash = $auth->getAuthHash($adminData);
$userData = $userId . $requestURI . "#" . $stringParams;
// echo $userData;
$userHash = $auth->getAuthHash($userData);
// route the authorization for USER or ADMIN
switch ($auth_key) {
case $adminHash:
// check if admin is valid
$admin = $query->getAdmin($accessKey);
if (empty($admin)) {
exitApp(UNAUTHORIZED, "Admin not found!");
}
//Check admin access level
if ($admin[ADMIN_FIELDS::ACCESS_LEVEL == "read"] && $requestMethod != "GET") {
exitApp(UNAUTHORIZED, "Limited admin access !");
}
// admin is verified
break;
case $userHash:
//non-user operation
if ($userId == DEFAULT_USER) {
break;
}
// UserOperatoin: check if user is valid
$user_array = $query->getUser(array(USER_FIELDS::ACCESS_KEY => $accessKey));
if (empty($user_array)) {
exitApp(UNAUTHORIZED, "Invalid access key!");
}
if ($user_array[USER_FIELDS::IS_ACTIVE] == false) {
// if requesting login
if (strpos($requestURI, 'login') !== false) {
$message = "Please activate your account";
}
// for other operation
$message = "Your account has been deactivated.";
exitApp(UNAUTHORIZED, $message);
}
if ($user_array[USER_FIELDS::USER_ID] != $userId) {
exitApp(UNAUTHORIZED, "You are not authorized to access others data");
}
break;
default:
exitApp(UNAUTHORIZED, "Invalid authorization key !");
}
}
require dirname(__FILE__) . "/../../conf/mapbender.conf";
require dirname(__FILE__) . "/../../http/classes/class_administration.php";
require dirname(__FILE__) . "/../../http/classes/class_connector.php";
require_once dirname(__FILE__) . "/../../http/classes/class_mb_exception.php";
require dirname(__FILE__) . "/./classes/class_QueryHandler.php";
/***** conf *****/
$imageformats = array("image/png", "image/gif", "image/jpeg", "image/jpg");
$width = 400;
$height = 400;
/***** conf *****/
$con = db_connect(DBSERVER, OWNER, PW);
db_select_db(DB, $con);
$postdata = $HTTP_RAW_POST_DATA;
$owsproxyService = $_REQUEST['wms'];
//ToDo: change this to 'service' in the apache url-rewriting
$query = new QueryHandler();
// an array with keys and values toLoserCase -> caseinsensitiv
$reqParams = $query->getRequestParams();
$notice = new mb_notice("owsproxy id:" . $query->getOwsproxyServiceId());
// check session
session_regenerate_id();
session_destroy();
session_id($_REQUEST["sid"]);
session_start();
if (!$_SESSION['mb_user_id']) {
$notice = new mb_notice("Permission denied");
throwE("Permission denied");
die;
}
$n = new administration();
//if($_SESSION['mb_user_ip'] != $_SERVER['REMOTE_ADDR']){
function removeFromFavourite($id)
{
$request = Slim\Slim::getInstance()->request();
$id = intval($id);
$contact = array(CONTACTS::IS_FAVOURITE => false);
$query = new QueryHandler();
$response = $query->updateContact($id, $contact);
echoRespnse($response);
}
}
// generate the valid response to check the request of the client
$A1 = $userInformation[1];
$A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $requestHeaderArray['uri']);
$valid_response = $A1 . ':' . getNonce() . ':' . $requestHeaderArray['nc'];
$valid_response .= ':' . $requestHeaderArray['cnonce'] . ':' . $requestHeaderArray['qop'] . ':' . $A2;
$valid_response = md5($valid_response);
if ($requestHeaderArray['response'] != $valid_response) {
//the user have to authenticate new - cause something in the authentication went wrong
die('Authentication failed - sorry, you have to authenticate once more!');
}
//if we are here - authentication has been done well!
//let's do the proxy things (came from owsproxy.php):
$postdata = $HTTP_RAW_POST_DATA;
$layerId = $_REQUEST['layer_id'];
$query = new QueryHandler();
// an array with keys and values toLoserCase -> caseinsensitiv
$reqParams = $query->getRequestParams();
$n = new administration();
$wmsId = getWmsIdByLayerId($layerId);
$owsproxyString = $n->getWMSOWSstring($wmsId);
if (!$owsproxyString) {
die('The requested resource does not exists or the routing through mapbenders owsproxy is not activated!');
}
//get authentication infos if they are available in wms table! if not $auth = false
$auth = $n->getAuthInfoOfWMS($wmsId);
if ($auth['auth_type'] == '') {
unset($auth);
}
$e = new mb_exception("REQUEST to HTTP_AUTH: " . strtolower($reqParams['request']));
//what the proxy does
