/**
* If the request seems valid, update the flag state of a question attempt.
* Throws exceptions if this is not a valid update request.
* @param int $qubaid the question usage id.
* @param int $questionid the question id.
* @param int $sessionid the question_attempt id.
* @param string $checksum checksum, as computed by {@link get_toggle_checksum()}
* corresponding to the last three arguments.
* @param bool $newstate the new state of the flag. true = flagged.
*/
public static function update_flag($qubaid, $questionid, $qaid, $slot, $checksum, $newstate)
{
// Check the checksum - it is very hard to know who a question session belongs
// to, so we require that checksum parameter is matches an md5 hash of the
// three ids and the users username. Since we are only updating a flag, that
// probably makes it sufficiently difficult for malicious users to toggle
// other users flags.
if ($checksum != self::get_toggle_checksum($qubaid, $questionid, $qaid, $slot)) {
throw new moodle_exception('errorsavingflags', 'question');
}
$dm = new question_engine_data_mapper();
$dm->update_question_attempt_flag($qubaid, $questionid, $qaid, $slot, $newstate);
}
