function lti_parse_request_OLD($wp)
{
if (!is_basic_lti_request()) {
$good_message_type = $_REQUEST[LTI_MESSAGE_TYPE] == LTI_MESSAGE_TYPE_VALUE;
$good_lti_version = $_REQUEST[LTI_VERSION] == LTI_VERSION_VALUE;
$resource_link_id = $_REQUEST[RESOURCE_LINK_ID];
if ($good_message_type && $good_lti_version && !isset($resource_link_id)) {
$launch_presentation_return_url = $_REQUEST[LAUNCH_PRESENTATION_URL];
if (isset($launch_presentation_return_url)) {
header('Location: ' . $launch_presentation_return_url);
exit;
}
}
return;
}
// See if we get a context, do not set session, do not redirect
$secret = lti_get_secret_from_consumer_key();
$context = new bltiUocWrapper(false, false, null, $secret);
if (!$context->valid) {
//var_dump($_POST);
echo "<hr>OAuthUtil::urldecode_rfc3986('%2B') " . OAuthUtil::urldecode_rfc3986('%2B') . "<br>";
echo "<hr>OAuthUtil::urldecode_rfc3986('%5C') " . OAuthUtil::urldecode_rfc3986('%5C') . "<br>";
wp_die("BASIC LTI Authentication Failed, not valid request (make sure that consumer is authorized and secret is correct) " . $context->message);
return;
}
$error = is_lti_error_data($context);
if ($error !== FALSE) {
$launch_presentation_return_url = $_REQUEST[LAUNCH_PRESENTATION_URL];
if (isset($launch_presentation_return_url)) {
$error = '<p>' . $error . '</p><p>Return to site <a href="' . $launch_presentation_return_url . '">' . $launch_presentation_return_url . '</a></p>';
}
wp_die($error, '');
}
$blogType = new blogTypeLoader($context);
if ($blogType->error < 0) {
wp_die("BASIC LTI loading Types Aula Failed " . $blogType->error_miss);
return;
}
// Set up the user...
$userkey = getUserkeyLTI($context);
$userkey = apply_filters('pre_user_login', $userkey);
$userkey = trim($userkey);
if (empty($userkey)) {
wp_die('<p>Empty username</p><p>Cannot create a user without username</p>');
}
$uinfo = get_user_by('login', $userkey);
if (isset($uinfo) && $uinfo != false) {
// og LTI: set the user_login and user_nicename to the same value,
// , because we want the wordpress-login cookie to have the username
// otherwise caching won't work properly!
$ret_id = wp_insert_user(array('ID' => $uinfo->ID, 'user_login' => $userkey, 'user_nicename' => $userkey, 'first_name' => $context->getUserFirstName(), 'last_name' => $context->getUserLastName(), 'user_email' => $context->getUserEmail(), 'user_url' => 'http://b', 'display_name' => $context->getUserName(), 'role' => get_option('default_role')));
//error_log("og old role is set");
if (is_object($ret_id) && isset($ret_id->errors)) {
$msg = '';
foreach ($ret_id->errors as $key => $error) {
$msg .= "<p><b>{$key}</b> ";
foreach ($error as $erroMsg) {
$msg .= "<p> {$erroMsg}</p>";
}
$msg .= "</p>";
}
wp_die($msg);
}
} else {
// new user!!!!
$ret_id = wp_insert_user(array('user_login' => $userkey, 'user_nicename' => $context->getUserName(), 'first_name' => $context->getUserFirstName(), 'last_name' => $context->getUserLastName(), 'user_email' => $context->getUserEmail(), 'user_url' => 'http://c', 'display_name' => $context->getUserName()));
if (is_object($ret_id) && isset($ret_id->errors)) {
$msg = '';
foreach ($ret_id->errors as $key => $error) {
$msg .= "<p><b>{$key}</b> ";
foreach ($error as $erroMsg) {
$msg .= "<p> {$erroMsg}</p>";
}
$msg .= "</p>";
}
wp_die($msg);
}
$uinfo = get_user_by('login', $userkey);
}
//Eliminem del blog Principal (si no es admin) http://jira.uoc.edu/jira/browse/BLOGA-218
if (!$is_admin) {
$user = new WP_User($uinfo->ID);
$user->remove_all_caps();
}
$_SERVER['REMOTE_USER'] = $userkey;
$password = md5($uinfo->user_pass);
// User is now authorized; force WordPress to use the generated password
//login, set cookies, and set current user
wp_authenticate($userkey, $password);
wp_set_auth_cookie($user->ID, false);
wp_set_current_user($user->ID, $userkey);
$siteUrl = substr(get_option("siteurl"), 7);
// - "http://"
$siteUrlArray = explode("/", $siteUrl);
$domain = $siteUrlArray[0];
unset($siteUrlArray[0]);
//error_log("og LTI domain: ". $domain);
$course = $blogType->getCoursePath($context, $siteUrlArray, $domain);
if (isset($context->info[RESOURCE_LINK_ID]) && $context->info[RESOURCE_LINK_ID]) {
$course .= '-' . $context->info[RESOURCE_LINK_ID];
}
$course = sanitize_user($course, true);
//Bug wordpress doesn't get stye sheet if has a dot
$course = str_replace('.', '_', $course);
$path_base = "/" . implode("/", $siteUrlArray) . "/" . $course;
$path_base = str_replace('//', '/', $path_base);
$path = $path_base . "/";
$path = str_replace('//', '/', $path);
$blog_created = false;
$overwrite_plugins_theme = isset($context->info[OVERWRITE_PLUGINS_THEME]) ? $context->info[OVERWRITE_PLUGINS_THEME] == 1 : false;
$overwrite_roles = isset($context->info[OVERWRITE_ROLES]) ? $context->info[OVERWRITE_ROLES] == 1 : false;
$blog_id = domain_exists($domain, $path);
$blog_is_new = false;
if (!isset($blog_id)) {
$title = __("Blog ") . $blogType->getCourseName($context);
$blog_is_new = true;
$meta = $blogType->getMetaBlog($context);
$old_site_language = get_site_option('WPLANG');
$blogType->setLanguage($context);
$blog_id = wpmu_create_blog($domain, $path, $title, $user_id, $meta);
update_site_option('WPLANG', $old_site_language);
$blogType->checkErrorCreatingBlog($blog_id, $path);
$blog_created = true;
}
// Connect the user to the blog
if (isset($blog_id)) {
switch_to_blog($blog_id);
ob_start();
if ($overwrite_plugins_theme || $blog_created) {
$blogType->loadPlugins();
$blogType->changeTheme();
}
//Agafem el rol anterior
$old_role = null;
if (!$blog_created && !$overwrite_roles) {
$old_role_array = get_usermeta($user->id, 'wp_' . $blog_id . '_capabilities');
if (count($old_role_array) > 0) {
foreach ($old_role_array as $key => $value) {
if ($value == true) {
$old_role = $key;
}
}
}
}
remove_user_from_blog($uinfo->ID, $blog_id);
$obj = new stdClass();
$obj->blog_id = $blog_id;
$obj->userkey = $userkey;
$obj->path_base = $path_base;
$obj->domain = $domain;
$obj->context = $context;
$obj->uinfoID = $uinfo->ID;
$obj->blog_is_new = $blog_is_new;
if ($overwrite_roles || $old_role == null) {
$obj->role = $blogType->roleMapping($context->info[FIELD_ROLE_UOC_CAMPUS], $context->info);
} else {
$obj->role = $old_role;
}
$blogType->postActions($obj);
add_user_to_blog($blog_id, $uinfo->ID, $obj->role);
//Si posem el restore_current_blog ens va al principi
// restore_current_blog();
ob_end_clean();
}
$redirecturl = get_option("siteurl");
//error_log("og LTI redirect URL: ".$redirecturl);
$redirecturl = str_replace("http://", "https://", $redirecturl);
//error_log("og LTI new redirect URL: ".$redirecturl);
wp_redirect($redirecturl);
exit;
}
function __construct($parm = false, $usesession = true, $doredirect = true)
{
// If this request is not an LTI Launch, either
// give up or try to retrieve the context from session
if (!is_basic_lti_request()) {
if ($usesession === false) {
return;
}
if (strlen(session_id()) > 0) {
$row = $_SESSION['_basiclti_lti_row'];
if (isset($row)) {
$this->row = $row;
}
$context_id = $_SESSION['_basiclti_lti_context_id'];
if (isset($context_id)) {
$this->context_id = $context_id;
}
$info = $_SESSION['_basic_lti_context'];
if (isset($info)) {
$this->info = $info;
$this->valid = true;
return;
}
$this->message = "Could not find context in session";
return;
}
$this->message = "Session not available";
return;
}
// Insure we have a valid launch
if (empty($_REQUEST["oauth_consumer_key"])) {
$this->message = "Missing oauth_consumer_key in request";
return;
}
$oauth_consumer_key = $_REQUEST["oauth_consumer_key"];
// Find the secret - either form the parameter as a string or
// look it up in a database from parameters we are given
$secret = false;
$row = false;
if (is_string($parm)) {
$secret = $parm;
} else {
if (!is_array($parm)) {
$this->message = "Constructor requires a secret or database information.";
return;
} else {
$sql = 'SELECT * FROM ' . $parm['table'] . ' WHERE ' . ($parm['key_column'] ? $parm['key_column'] : 'oauth_consumer_key') . '=' . "'" . mysql_real_escape_string($oauth_consumer_key) . "'";
$result = mysql_query($sql);
$num_rows = mysql_num_rows($result);
if ($num_rows != 1) {
$this->message = "Your consumer is not authorized oauth_consumer_key=" . $oauth_consumer_key;
return;
} else {
while ($row = mysql_fetch_assoc($result)) {
$secret = $row[$parms['secret_column'] ? $parms['secret_column'] : 'secret'];
$context_id = $row[$parms['context_column'] ? $parms['context_column'] : 'context_id'];
if ($context_id) {
$this->context_id = $context_id;
}
$this->row = $row;
break;
}
if (!is_string($secret)) {
$this->message = "Could not retrieve secret oauth_consumer_key=" . $oauth_consumer_key;
return;
}
}
}
}
// Verify the message signature
$store = new TrivialOAuthDataStore();
$store->add_consumer($oauth_consumer_key, $secret);
$server = new OAuthServer($store);
$method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($method);
$request = OAuthRequest::from_request();
$this->basestring = $request->get_signature_base_string();
try {
$server->verify_request($request);
$this->valid = true;
} catch (Exception $e) {
$this->message = $e->getMessage();
return;
}
// Store the launch information in the session for later
$newinfo = array();
foreach ($_POST as $key => $value) {
if ($key == "basiclti_submit") {
continue;
}
if (strpos($key, "oauth_") === false) {
$newinfo[$key] = $value;
continue;
}
if ($key == "oauth_consumer_key") {
$newinfo[$key] = $value;
continue;
}
}
$this->info = $newinfo;
if ($usesession == true and strlen(session_id()) > 0) {
$_SESSION['_basic_lti_context'] = $this->info;
unset($_SESSION['_basiclti_lti_row']);
unset($_SESSION['_basiclti_lti_context_id']);
if ($this->row) {
$_SESSION['_basiclti_lti_row'] = $this->row;
}
if ($this->context_id) {
$_SESSION['_basiclti_lti_context_id'] = $this->context_id;
}
}
if ($this->valid && $doredirect) {
$this->redirect();
$this->complete = true;
}
}
function __construct($db, $parm, $usesession = true, $doredirect = true)
{
// If this request is not an LTI Launch, either
// give up or try to retrieve the context from session
$this->db = $db;
$this->parm = $parm;
if (!is_basic_lti_request()) {
if ($usesession === false) {
return;
}
if (strlen(session_id()) > 0) {
if (isset($_SESSION['_basiclti_lti_row'])) {
$row = $_SESSION['_basiclti_lti_row'];
}
if (isset($row)) {
$this->row = $row;
}
if (isset($_SESSION['_basiclti_lti_context_id'])) {
$this->context_id = $_SESSION['_basiclti_lti_context_id'];
}
if (isset($_SESSION['_basic_lti_context'])) {
$info = $_SESSION['_basic_lti_context'];
$this->info = $info;
$this->valid = true;
return;
}
$this->message = "Could not find context in session";
return;
}
//$this->message = "Session not available";
return;
}
// Insure we have a valid launch
if (empty($_REQUEST["oauth_consumer_key"])) {
$this->message = "Missing oauth_consumer_key in request";
return;
}
$oauth_consumer_key = $_REQUEST["oauth_consumer_key"];
// Find the secret - either form the parameter as a string or
// look it up in a database from parameters we are given
$secret = false;
$row = false;
if (is_string($parm)) {
$secret = $parm;
} else {
if (!is_array($parm)) {
$this->message = "Constructor requires a secret or database information.";
return;
} else {
if (isset($parm['db'])) {
if ($parm['dbtype'] == 'mysql') {
$sql = 'SELECT * FROM ' . $parm['table'] . ' WHERE ' . ($parm['key_column'] ? $parm['key_column'] : 'oauth_consumer_key') . '=' . "'" . mysql_real_escape_string($oauth_consumer_key) . "'";
$result = mysql_query($sql);
$num_rows = mysql_num_rows($result);
if ($num_rows != 1) {
$this->message = "Your consumer is not authorized oauth_consumer_key=" . $oauth_consumer_key;
return;
} else {
while ($row = mysql_fetch_assoc($result)) {
$secret = $row[$parms['secret_column'] ? $parms['secret_column'] : 'secret'];
$context_id = $row[$parms['context_column'] ? $parms['context_column'] : 'context_id'];
if ($context_id) {
$this->context_id = $context_id;
}
$this->row = $row;
break;
}
if (!is_string($secret)) {
$this->message = "Could not retrieve secret oauth_consumer_key=" . $oauth_consumer_key;
return;
}
}
} elseif ($parm['dbtype'] == 'mysqli') {
$db = $parm['db'];
if ($db->error) {
try {
throw new Exception("0MySQL error {$mysqli->error} <br /> Query:<br /> {$query}", $msqli->errno);
} catch (Exception $e) {
echo "Error No: " . $e->getCode() . " - " . $e->getMessage() . "<br >";
echo nl2br($e->getTraceAsString());
}
}
$stmt = $db->prepare("SELECT secret,context_id,name FROM lti_keys WHERE oauth_consumer_key = ? AND `deleted` IS NULL");
$stmt->bind_param('s', $oauth_consumer_key);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($rsecret, $rcontext_id, $rname);
while ($stmt->fetch()) {
$secret = $rsecret;
$name = $rname;
if (isset($rcontext_id)) {
$this->context_id = $rcontext_id;
break;
}
}
$stmt->close();
if (!is_string($secret)) {
$this->message = 'Could not retrieve secret oauth_consumer_key=' . $oauth_consumer_key;
return;
}
}
}
}
}
// Verify the message signature
$store = new TrivialOAuthDataStore();
$store->add_consumer($oauth_consumer_key, $secret);
$server = new OAuthServer($store);
$method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($method);
$request = OAuthRequest::from_request();
$this->basestring = $request->get_signature_base_string();
try {
$server->verify_request($request);
$this->valid = true;
} catch (Exception $e) {
$this->message = $e->getMessage();
return;
}
// Store the launch information in the session for later
$newinfo = array();
foreach ($_POST as $key => $value) {
if ($key == "basiclti_submit") {
continue;
}
if (strpos($key, "oauth_") === false) {
$newinfo[$key] = $value;
continue;
}
if ($key == "oauth_consumer_key") {
$newinfo[$key] = $value;
continue;
}
}
$this->info = $newinfo;
if ($usesession == true and strlen(session_id()) > 0) {
$_SESSION['_basic_lti_context'] = $this->info;
unset($_SESSION['_basiclti_lti_row']);
unset($_SESSION['_basiclti_lti_context_id']);
if ($this->row) {
$_SESSION['_basiclti_lti_row'] = $this->row;
}
if ($this->context_id) {
$_SESSION['_basiclti_lti_context_id'] = $this->context_id;
}
}
if ($this->valid && $doredirect) {
$this->redirect();
$this->complete = true;
}
}
function __construct($parm = false, $usesession = true, $doredirect = true)
{
// If this request is not an LTI Launch, either
// give up or try to retrieve the context from session
if (!is_basic_lti_request()) {
if ($usesession === false) {
return;
}
if (strlen(session_id()) > 0) {
$row = $_SESSION['_basiclti_lti_row'];
if (isset($row)) {
$this->row = $row;
}
$context_id = $_SESSION['_basiclti_lti_context_id'];
if (isset($context_id)) {
$this->context_id = $context_id;
}
$info = $_SESSION['_basic_lti_context'];
if (isset($info)) {
$this->info = $info;
$this->valid = true;
return;
}
$this->message = "Could not find context in session";
return;
}
$this->message = "Session not available";
return;
}
// Insure we have a valid launch
if (empty($_REQUEST["oauth_consumer_key"])) {
$this->message = "Missing oauth_consumer_key in request";
return;
}
$oauth_consumer_key = $_REQUEST["oauth_consumer_key"];
// Find the secret - either form the parameter as a string or
// look it up in a database from parameters we are given
$secret = false;
$row = false;
if (is_string($parm)) {
$secret = $parm;
} else {
if (!is_array($parm)) {
$this->message = "Constructor requires a secret or database information.";
return;
}
}
// Verify the message signature
$store = new ltiprovider\TrivialOAuthDataStore();
$store->add_consumer($oauth_consumer_key, $secret);
$server = new ltiprovider\OAuthServer($store);
$method = new ltiprovider\OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($method);
$request = ltiprovider\OAuthRequest::from_request();
$this->basestring = $request->get_signature_base_string();
try {
$server->verify_request($request);
$this->valid = true;
} catch (Exception $e) {
$this->message = $e->getMessage();
return;
}
// Store the launch information in the session for later
$newinfo = array();
foreach ($_POST as $key => $value) {
if ($key == "basiclti_submit") {
continue;
}
if (strpos($key, "oauth_") === false) {
$newinfo[$key] = $value;
continue;
}
if ($key == "oauth_consumer_key") {
$newinfo[$key] = $value;
continue;
}
}
//Added abertranb to decode base 64 20120801
if (isset($newinfo['custom_lti_message_encoded_base64']) && $newinfo['custom_lti_message_encoded_base64'] == 1) {
$newinfo = $this->decodeBase64($newinfo);
}
$this->info = $newinfo;
if ($usesession == true and strlen(session_id()) > 0) {
$_SESSION['_basic_lti_context'] = $this->info;
unset($_SESSION['_basiclti_lti_row']);
unset($_SESSION['_basiclti_lti_context_id']);
if ($this->row) {
$_SESSION['_basiclti_lti_row'] = $this->row;
}
if ($this->context_id) {
$_SESSION['_basiclti_lti_context_id'] = $this->context_id;
}
}
if ($this->valid && $doredirect) {
$this->redirect();
$this->complete = true;
}
}
<?php
/**
* BLTI
*
* @file
* @ingroup Extensions
* @version 0.1
* @author Charles Severance based on for from Antoni Bertran and Jose Diago
*/
$going2MW = false;
// BLTI integration
require_once 'IMSBasicLTI/ims-blti/blti.php';
if (!is_basic_lti_request()) {
return;
}
//Let's get the user's data
$context = new BLTI("secret", false, false);
if ($context->valid) {
$agentCourse = $context->getCourseName();
$agentUserName = $context->getUserShortName();
$agentEmail = $context->getUserEmail();
$agentFullName = $context->getUserName();
$going2MW = true;
session_start();
$_SESSION['BLTIclassroom'] = $agentCourse;
} else {
echo 'Error validating: ' . $context->message;
}
$context = null;
if ($going2MW) {
