public function __construct($queryType = array()) { parent::__construct(array()); foreach ($queryType as $key) { switch ($key) { case "Active": $querySelActive = "\n\t\t\t\t\tSELECT * FROM vnd_customers\n\t\t\t\t\tWHERE active = 1 and deleted = 0 \n\t\t\t\t\tand id = :id "; $this->sth_sel_active_customers = $db_conn->prepare($querySelActive); break; } } }
function authenticate(\Slim\Route $route) { $app = \Slim\Slim::getInstance(); $query = new QueryHandler(); $auth = new HashGenerator(); // Getting request headers $headers = apache_request_headers(); $requestURI = $_SERVER['REQUEST_URI']; $requestMethod = $app->request->getMethod(); $params = $route->getParams(); try { $userId = intval($params['userId']); if (!$userId > 0) { $userId = DEFAULT_USER; } } catch (Exception $e) { $userId = DEFAULT_USER; } // TEST CODE **************************** $testParams = implode(',', getRequestParams()); echo "<h3>{$testParams}</h3>"; // END TEST CODE ************************ // Get Handshake KEY if (!isset($headers['Authorization'])) { // api key is missing in header exitApp(BAD_REQUEST, "Authorization key is misssing"); } // Get User Access Key if (!isset($headers['AccessKey']) && $userId !== DEFAULT_USER) { // api key is missing in header exitApp(BAD_REQUEST, "Access key is misssing"); } $auth_key = $headers['Authorization']; @($accessKey = $headers['AccessKey']); $stringParams = implode(',', getRequestParams()); // AUTHORIZE ADMIN OPERATION $adminData = "admin" . $requestURI . "#" . $stringParams; $adminHash = $auth->getAuthHash($adminData); $userData = $userId . $requestURI . "#" . $stringParams; // echo $userData; $userHash = $auth->getAuthHash($userData); // route the authorization for USER or ADMIN switch ($auth_key) { case $adminHash: // check if admin is valid $admin = $query->getAdmin($accessKey); if (empty($admin)) { exitApp(UNAUTHORIZED, "Admin not found!"); } //Check admin access level if ($admin[ADMIN_FIELDS::ACCESS_LEVEL == "read"] && $requestMethod != "GET") { exitApp(UNAUTHORIZED, "Limited admin access !"); } // admin is verified break; case $userHash: //non-user operation if ($userId == DEFAULT_USER) { break; } // UserOperatoin: check if user is valid $user_array = $query->getUser(array(USER_FIELDS::ACCESS_KEY => $accessKey)); if (empty($user_array)) { exitApp(UNAUTHORIZED, "Invalid access key!"); } if ($user_array[USER_FIELDS::IS_ACTIVE] == false) { // if requesting login if (strpos($requestURI, 'login') !== false) { $message = "Please activate your account"; } // for other operation $message = "Your account has been deactivated."; exitApp(UNAUTHORIZED, $message); } if ($user_array[USER_FIELDS::USER_ID] != $userId) { exitApp(UNAUTHORIZED, "You are not authorized to access others data"); } break; default: exitApp(UNAUTHORIZED, "Invalid authorization key !"); } }
require dirname(__FILE__) . "/../../conf/mapbender.conf"; require dirname(__FILE__) . "/../../http/classes/class_administration.php"; require dirname(__FILE__) . "/../../http/classes/class_connector.php"; require_once dirname(__FILE__) . "/../../http/classes/class_mb_exception.php"; require dirname(__FILE__) . "/./classes/class_QueryHandler.php"; /***** conf *****/ $imageformats = array("image/png", "image/gif", "image/jpeg", "image/jpg"); $width = 400; $height = 400; /***** conf *****/ $con = db_connect(DBSERVER, OWNER, PW); db_select_db(DB, $con); $postdata = $HTTP_RAW_POST_DATA; $owsproxyService = $_REQUEST['wms']; //ToDo: change this to 'service' in the apache url-rewriting $query = new QueryHandler(); // an array with keys and values toLoserCase -> caseinsensitiv $reqParams = $query->getRequestParams(); $notice = new mb_notice("owsproxy id:" . $query->getOwsproxyServiceId()); // check session session_regenerate_id(); session_destroy(); session_id($_REQUEST["sid"]); session_start(); if (!$_SESSION['mb_user_id']) { $notice = new mb_notice("Permission denied"); throwE("Permission denied"); die; } $n = new administration(); //if($_SESSION['mb_user_ip'] != $_SERVER['REMOTE_ADDR']){
function removeFromFavourite($id) { $request = Slim\Slim::getInstance()->request(); $id = intval($id); $contact = array(CONTACTS::IS_FAVOURITE => false); $query = new QueryHandler(); $response = $query->updateContact($id, $contact); echoRespnse($response); }
} // generate the valid response to check the request of the client $A1 = $userInformation[1]; $A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $requestHeaderArray['uri']); $valid_response = $A1 . ':' . getNonce() . ':' . $requestHeaderArray['nc']; $valid_response .= ':' . $requestHeaderArray['cnonce'] . ':' . $requestHeaderArray['qop'] . ':' . $A2; $valid_response = md5($valid_response); if ($requestHeaderArray['response'] != $valid_response) { //the user have to authenticate new - cause something in the authentication went wrong die('Authentication failed - sorry, you have to authenticate once more!'); } //if we are here - authentication has been done well! //let's do the proxy things (came from owsproxy.php): $postdata = $HTTP_RAW_POST_DATA; $layerId = $_REQUEST['layer_id']; $query = new QueryHandler(); // an array with keys and values toLoserCase -> caseinsensitiv $reqParams = $query->getRequestParams(); $n = new administration(); $wmsId = getWmsIdByLayerId($layerId); $owsproxyString = $n->getWMSOWSstring($wmsId); if (!$owsproxyString) { die('The requested resource does not exists or the routing through mapbenders owsproxy is not activated!'); } //get authentication infos if they are available in wms table! if not $auth = false $auth = $n->getAuthInfoOfWMS($wmsId); if ($auth['auth_type'] == '') { unset($auth); } $e = new mb_exception("REQUEST to HTTP_AUTH: " . strtolower($reqParams['request'])); //what the proxy does