Accueil Explorer Aide
Connexion
bn
/
se
2
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

added sid auth in WfsBiAudit

Piotr Labudda il y a 8 ans
Parent
4d77cddc75
commit
c367cc9646
1 fichiers modifiés avec 45 ajouts et 34 suppressions
Vue séparée Afficher les stats Diff
  1. 45 34
      SE/se-lib/Route/WfsBiAudit.php

+ 45 - 34
SE/se-lib/Route/WfsBiAudit.php
Voir le fichier 

@@ -7,6 +7,17 @@ class Route_WfsBiAudit extends RouteBase {
 
 	const maxResolveDepth = 3;
 
 	private $dom, $path = [], $relations = [], $tablesUsed = [];
 
 
+	public function handleAuth() {
 
+		if (!empty($_GET['sid'])) {
 
+			session_write_close();
 
+			session_id($_GET['sid']); // TODO: security BUG
 
+			error_log('wfs-data.php _GET[sid] was read' .$_GET['sid'].' ; ');
 
+			session_start();
 
+			session_write_close();
 
+		}
 
+		if (!User::logged()) throw new HttpException('Unauthorized', 401);
 
+	}
 
+
 
 	private static function output($output) {
 
 		header("Content-Type: application/xml");
 
 		header("Content-Transfer-Encoding: binary");
 
@@ -36,7 +47,7 @@ EOT;
 
 			$item = SchemaFactory::loadDefaultObject('SystemObject')->getItem($namespace, [ 'propertyName' => '*,field' ]);
 
 			$return=$this->objectStructView($item);
 
 			return $return;
 
-			
+
 
 		} catch (Exception $e) {
 
 			//error_log('danger', "Error #" . $e->getCode() . "|" . $e->getLine() . ": " . $e->getMessage());
 
 			DBG::log($e);
 
@@ -49,33 +60,33 @@ public function objectStructView($item) {
 
 		$namespace = $item['namespace'];
 
 
 		$thisGetLink = [ $this, 'getLink' ];
 
-		
+
 
 		$getBackRefList=ACL::getBackRefList($item['namespace']);
 
-		
-				
+
 
+
 
 		foreach($getBackRefList as $ind=>$backref) {
 
 			$exploded_ns = explode('/', $backref['namespace']);
 
 			$return['backrefs'][]=$exploded_ns[1].'__x3A__'.$exploded_ns[2].':'.$exploded_ns[3];
 
 		}
 
 		foreach($item['field'] as $ind=>$refs) {
 
-			
+
 
 			$return['refs']				  []=$refs['fieldNamespace'];
 
 			$return['refs__rootTableName'][]=$refs['_rootTableName'];
 
 			$return['refs__objectNamespace'][]=$refs['objectNamespace'];
 
 
 
-			
+
 
 
 		}
 
-		
+
 
 		$return['table']=$item['name'];
 
 		$return['primaryKey']=$item['primaryKey'];
 
-		
+
 
 		//print_r($this->BaseStruct);
 
-		
-		
+
 
+
 
 		return $return;
 
-	
+
 
 	}
 
 
 
@@ -101,7 +112,7 @@ public function objectStructView($item) {
 
 		}
 
 		return $this->relations[$ID];
 
         }
 
-        
+
 
     private function findRelations_base($node, $ID, $resolveDepth, $relation = null, $BaseStruct=null,$table=null) {
 
 	    if (in_array($ID, $this->path)) return;
 
 		$this->path[] = $ID;
 
@@ -109,21 +120,21 @@ public function objectStructView($item) {
 
 
 		foreach($BaseStruct['refs__objectNamespace'] as $ind=>$refs){
 
 				$getRefTable=ACL::getRefTable('default_db/'.$table.'/'.$table,$refs);
 
-				
+
 
 				$query = "select `REMOTE_PRIMARY_KEY`  from `".$getRefTable."` where `PRIMARY_KEY` = {$ID}";
 
 						error_log('#114 findRelations_base  passing query '.$query);
 
 
 				if (!($row = DB::getPDO()->fetchFirst($query))) {
 
-					
+
 
 				} else {
 
 						/*{
 
 							$this->objectStructureAction('default_db/BI_audit_CEIDG_pelnomocnicy/BI_audit_CEIDG_pelnomocnicy');
 
 							 self::throwServiceException("Błąd danych #102 findRelations_base");
 
 						}*/
 
-				
+
 
 				if (!in_array($BaseStruct['_rootTableName'][$ind], $this->tablesUsed)) $this->tablesUsed[] = $BaseStruct['_rootTableName'][$ind];
 
 				}
 
-				
+
 
 				if ($resolveDepth) {
 
 					$feature = $this->addChild($node, $BaseStruct['refs'][$ind]);
 
 					$this->addAttribute($feature, 'fid', $BaseStruct['_rootTableName'][$ind].$row['REMOTE_PRIMARY_KEY']);
 
@@ -131,8 +142,8 @@ public function objectStructView($item) {
 
 					if ($relation) $this->addChild($feature, "relation_from", $this->relationName($relation));
 
 					//$query = "select `ID2` from `BI_audit_ALL_ref` where `ID1` = {$ID}";
 
 					//$where = $relation ? "and ({$relation} & `RELATION_ID`) != {$relation}" : "";
 
-					$RefBaseStruct=$this->objectStructureAction($BaseStruct['objectNamespace'][$ind]); 
-					
+					$RefBaseStruct=$this->objectStructureAction($BaseStruct['objectNamespace'][$ind]);
 
+
 
 					$query = "select `".$RefBaseStruct['primaryKey']."` from `".$RefBaseStruct['table']."` where `".$RefBaseStruct['primaryKey']."` = ".$row['REMOTE_PRIMARY_KEY'] ;
 
 					$result = DB::getPDO()->fetchAll($query);
 
 					foreach ($result as $row) $this->findRelations($feature, $row['REMOTE_PRIMARY_KEY'], $resolveDepth - 1, null,$BaseStruct['table'],$RefBaseStruct['table']);
 
@@ -142,7 +153,7 @@ public function objectStructView($item) {
 
 				}
 
 		array_pop($this->path);
 
 		}
 
-		
+
 
 
 	}
 
 
@@ -154,7 +165,7 @@ public function objectStructView($item) {
 
 		} else {
 
 			$query = "select `REMOTE_TABLE`, `REMOTE_ID` from `BI_audit_ALL` where `ID` = {$ID}";
 
 		}
 
-		
+
 
 		if (!($row = DB::getPDO()->fetchFirst($query)))
 
 		{
 
 				//$this->objectStructureAction('default_db/BI_audit_CEIDG_pelnomocnicy/BI_audit_CEIDG_pelnomocnicy');
 
@@ -164,7 +175,7 @@ public function objectStructView($item) {
 
 				if (!($ID = DB::getPDO()->fetchValue($query))) {
 
 					self::throwServiceException("Błąd danych z BaseStruct/findRelations #162 ");
 
 				}
 
-				
+
 
 				if (!in_array($BaseTableTo, $this->tablesUsed)) $this->tablesUsed[] = $BaseTableTo;
 
 				if ($resolveDepth) {
 
 						$feature = $this->addChild($node, "default_db__x3A__{$row['REMOTE_TABLE']}:{$row['REMOTE_TABLE']}");
 
@@ -184,7 +195,7 @@ public function objectStructView($item) {
 
 						$this->addAttribute($xlink, 'xlink:href', "https://biuro.biall-net.pl/wfs/default_db/".$BaseTableTo."?BI_audit_ALL_ref_RELATIONS={$BaseTableTo}#{$BaseTableTo}.{$row[$this->BaseStruct['primaryKey']]}");
 
 					}
 
 					array_pop($this->path);
 
-								 
+
 
 		} else {
 
 					if (!in_array($row['REMOTE_TABLE'], $this->tablesUsed)) $this->tablesUsed[] = $row['REMOTE_TABLE'];
 
 					if ($resolveDepth) {
 
@@ -232,47 +243,47 @@ public function objectStructView($item) {
 
 
 			$query = "select `ID` from `BI_audit_ALL` where `REMOTE_TABLE` = " . DB::getPDO()->quote($table) . " and `REMOTE_ID` = {$primaryKey}";
 
 			if (!($ID = DB::getPDO()->fetchValue($query))) {
 
-				
+
 
 				error_log('#233 default base passing');
 
 				$this->BaseStruct=$this->objectStructureAction("default_db/".$table."/".$table );
 
-					
-									
+
 
+
 
 				$query = "select `".$this->BaseStruct['primaryKey']."` from `".$table."` where ".$this->BaseStruct['primaryKey']." = {$primaryKey}";
 
 				if (!($ID = DB::getPDO()->fetchValue($query))) {
 
 					self::throwServiceException("Błąd danych z BaseStruct ");
 
 				}
 
 					$this->findRelations_base($gml, $ID, $resolveDepth,$table,$this->BaseStruct,$table);
 
-			
+
 
 						foreach ($this->tablesUsed as $table) $this->addAttribute($wfs, "xmlns:default_db__x3A__{$table}", "https://biuro.biall-net.pl/wfs/default_db/{$table}");
 
 						$attrs = [
 
 							'numberMatched' => 'unknown',
 
 							'numberReturned' => '1',
 
 						];
 
 						foreach ($attrs as $name => $value) $this->addAttribute($wfs, $name, $value);
 
-			
+
 
 						$xml = $this->dom->saveXML();
 
 						self::output($xml);
 
-				
+
 
 				} else {
 
 					error_log('#254 default  passing');
 
 
 					$this->findRelations($gml, $ID, $resolveDepth);
 
-		
+
 
 					foreach ($this->tablesUsed as $table) $this->addAttribute($wfs, "xmlns:default_db__x3A__{$table}", "https://biuro.biall-net.pl/wfs/default_db/{$table}");
 
 					$attrs = [
 
 						'numberMatched' => 'unknown',
 
 						'numberReturned' => '1',
 
 					];
 
 					foreach ($attrs as $name => $value) $this->addAttribute($wfs, $name, $value);
 
-		
+
 
 					$xml = $this->dom->saveXML();
 
 					self::output($xml);
 
-						
-				} 
-			
+
 
+				}
 
+
 
 			} catch (Exception $e) {
 
 					//$this->objectStructureAction('default_db/BI_audit_CEIDG_pelnomocnicy/BI_audit_CEIDG_pelnomocnicy');
 
-		
+
 
 					self::throwServiceException($e->getMessage());
 
 		    }
 
 	}