<?php
include_once 'app/app.php';
$customparams = loadCustomParams($c, decryptCookie($_COOKIE['oauth_consumer_key']));
$variables = array('c' => $c, 'customparams' => $customparams);
ebsco_render('basic_search.html', 'layout.html', $variables);
$sql->execute();
$sql->store_result();
$sql->bind_result($result);
$count = 0;
while ($sql->fetch()) {
$count++;
$consumeridsArray['logged_in_consumerid'][$count] = $result;
}
if (!isset($consumeridsArray)) {
$consumeridsArray = array();
}
setcookie('consumeridsArray', encryptCookie($consumeridsArray), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
if ($c->more_results()) {
$c->next_result();
}
$customparams = loadCustomParams($c, $key);
$variables['consumeridsArray'] = $consumeridsArray;
$variables['customparams'] = $customparams;
ebsco_render('admin.html', 'layout.html', $variables);
} else {
if (isset($_COOKIE['forward_to_admin']) && decryptCookie($_COOKIE['forward_to_admin']) == "n") {
if (isset($_POST['admin_key'])) {
$clean = strip_tags_deep($_POST);
setcookie('admin_key', encryptCookie($clean['admin_key']), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
setcookie('admin_secret', encryptCookie($clean['admin_secret']), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
$variables['admin_key'] = $clean['admin_key'];
$variables['admin_secret'] = $clean['admin_secret'];
}
ebsco_render('sign_on.html', 'layout.html', $variables);
} else {
ebsco_render('sign_on.html', 'layout.html', $variables);
}
}
// upon new launch, eliminate any existing session tokens to prevent bad API calls from old sessions
if (isset($_COOKIE['sessionToken'])) {
unset($_COOKIE['sessionToken']);
}
// legacy instructions had labeled the userid/password as custid/password - this allows both
if (isset($clean['custom_ebsco_userid'])) {
$clean['custom_custid'] = $clean['custom_ebsco_userid'];
}
if (isset($clean['custom_ebsco_password'])) {
$clean['custom_password'] = $clean['custom_ebsco_password'];
}
$oauth_consumer_key = $clean['oauth_consumer_key'];
// this loads in custom settings, such as email, api credentials, logo, etc.
$customparams = loadCustomParams($c, $oauth_consumer_key, $clean);
// whitelist of accepted parameters
$accepted = array('oauth_consumer_key', 'roles', 'context_label', 'context_title', 'lis_person_name_full', 'lis_person_contact_email_primary', 'resource_link_title', 'resource_link_id', 'tool_consumer_instance_guid', 'launch_presentation_return_url');
// transfer variables to session
foreach ($clean as $foo => $bar) {
if (in_array($foo, $accepted) && !empty($bar)) {
$encryptedC = encryptCookie($bar);
setcookie($foo, $encryptedC, $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
}
}
$sql = 'SELECT * FROM credentials WHERE ' . 'userid = ? AND ' . 'profile = ? AND ' . 'password = ?';
/* Prepare statement */
$stmt = $c->prepare($sql);
if ($stmt === false) {
trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $conn->errno . ' ' . $conn->error, E_USER_ERROR);
}
die("This site requires the use of cookies. Please enable cookies in your web browser.");
} else {
if (!isset($_COOKIE['oauth_consumer_key'])) {
die("It looks like browser security settings may have blocked this content. Please try a different browser, or lower your security settings.");
}
}
$cookieDCd = decryptCookie($_COOKIE['oauth_consumer_key']);
$_SESSION['debug'] .= "<p>Cookie dump: ";
$accepted = array('oauth_consumer_key', 'roles', 'context_label', 'user_id', 'context_title', 'lis_person_name_full', 'lis_person_contact_email_primary', 'resource_link_title', 'resource_link_id', 'tool_consumer_instance_guid', 'launch_presentation_return_url');
foreach ($_COOKIE as $index => $thecookie) {
if (in_array($index, $accepted)) {
$_SESSION['debug'] .= "<br />" . $index . ": " . decryptCookie($thecookie);
}
}
$_SESSION['debug'] .= "</p>";
$customparams = loadCustomParams($c, $cookieDCd);
$profile = $customparams['profile'];
try {
$api = new EBSCOAPI($c, $customparams);
} catch (Exception $e) {
die("It looks like your user id and password for your EDS API profile are incorrect. Please check your settings in the <a href='http://curriculumbuilder.ebscohost.com/admin.php' target='_top'>admin panel</a>.<p style='display:none;'>" . var_export($customparams, TRUE) . "</p>");
}
try {
$_SESSION['debug'] .= "<p>Using AuthToken " . $api->getAuthToken() . "</p>";
$newSessionToken = $api->apiSessionToken($api->getAuthToken(), $profile, 'n');
} catch (Exception $e) {
echo "<div style='display:none;'>" . $_SESSION['debug'] . "</div>";
die("It looks like your profile id for your EDS API profile is incorrect. Please check your settings in the <a href='http://curriculumbuilder.ebscohost.com/admin.php' target='_top'>admin panel</a>.<p style='display:none;'>" . var_export($customparams, TRUE) . "</p><p style='display:none;'>" . $e->getMessage() . "</p>");
}
setcookie('sessionToken', encryptCookie($newSessionToken), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
setcookie('login', encryptCookie($profile), 0, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);