function RWSAAFinish()
{
    global $DB;
    global $SESSION;
    global $USER;
    unset($SESSION->wantsurl);
    $r_bo = true;
    RWSCMAuth($r_bo);
    RWSCMUSvc($r_bo);
    RWSCMMaint($r_bo);
    $r_ac = RWSGSOpt("action", PARAM_ALPHANUMEXT);
    if ($r_ac === false || strlen($r_ac) == 0) {
        RWSBErr("No service action was specified.");
    }
    $r_rv = RWSGSOpt("version", PARAM_ALPHANUMEXT);
    if ($r_rv === false || strlen($r_rv) == 0) {
        $r_bv = 2009093000;
    } else {
        $r_bv = intval($r_rv);
    }
    $r_usrn = RWSGSOpt("username", PARAM_RAW);
    if ($r_usrn === false || strlen($r_usrn) == 0) {
        RWSBErr("No username specified.");
    }
    $r_rtm = RWSGSOpt("time", PARAM_ALPHANUM);
    if ($r_rtm === false || strlen($r_rtm) == 0) {
        RWSBErr("No request time specified.");
    }
    $r_rmc = RWSGSOpt("mac", PARAM_ALPHANUMEXT);
    if ($r_rmc === false || strlen($r_rmc) == 0) {
        RWSBErr("No message authentication code specified.");
    }
    if ($r_bv < 2013061700) {
        RWSBErr("The authentication framework is not supported by the requested behavior version.");
    }
    if (strcmp($r_usrn, $USER->username) != 0) {
        RWSBErr("Invalid username specified.");
    }
    $r_ctm = time();
    $r_mxt = $r_rtm + 60 * 10;
    if ($r_ctm < $r_rtm || $r_ctm > $r_mxt) {
        RWSBErr("Invalid request time specified.");
    }
    $r_chm = RWSGAMac($r_ac . $r_bv . $r_usrn . $r_rtm);
    if (strcmp($r_chm, $r_rmc) != 0) {
        RWSBErr("Invalid message authentication code.");
    }
    $r_rws = $DB->get_record("respondusws", array("course" => SITEID));
    if ($r_rws === false) {
        RWSBErr("The respondusws module has not yet been installed. Please contact the system administrator.");
    }
    $r_chrs = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
    $r_cmx = strlen($r_chrs) - 1;
    $r_tln = 40;
    $r_tok = "";
    for ($r_i = 0; $r_i < $r_tln; $r_i++) {
        $r_tok .= substr($r_chrs, mt_rand(0, $r_cmx), 1);
    }
    $r_h = sha1($r_tok);
    $r_auu = $DB->get_record("respondusws_auth_users", array("responduswsid" => $r_rws->id, "userid" => $USER->id));
    if ($r_auu === false) {
        $r_auu = new stdClass();
        $r_auu->responduswsid = $r_rws->id;
        $r_auu->userid = $USER->id;
        $r_auu->authtoken = $r_h;
        $r_auu->timeissued = $r_ctm;
        try {
            $r_auu->id = $DB->insert_record("respondusws_auth_users", $r_auu);
        } catch (Exception $r_e) {
            RWSBErr("Unable to issue authentication token.");
        }
    } else {
        $r_auu->authtoken = $r_h;
        $r_auu->timeissued = $r_ctm;
        try {
            $DB->update_record("respondusws_auth_users", $r_auu);
        } catch (Exception $r_e) {
            RWSBErr("Unable to issue authentication token.");
        }
    }
    RWSRHHtml();
    echo "{\"RWSAuthToken\":\"{$r_tok}\"}";
    exit;
}
<?php

// Respondus 4.0 Web Service Extension For Moodle
// Copyright (c) 2009-2015 Respondus, Inc.  All Rights Reserved.
// Date: January 07, 2015.
$r_rsv = dirname(__FILE__) . "/servicelib.php";
if (is_readable($r_rsv)) {
    include_once $r_rsv;
    defined("MOODLE_INTERNAL") || die;
} else {
    header("Content-Type: text/xml");
    echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n";
    echo "<service_error>2000</service_error>\r\n";
    exit;
}
raise_memory_limit(MEMORY_EXTRA);
set_exception_handler("RWSEHdlr");
RWSCMBVer();
RWSCMVer();
RWSCMInst();
if ($RWSECAS) {
    RWSPCReqs();
}
$r_raction = RWSGSOpt("action", PARAM_ALPHANUMEXT);
if ($r_raction === false || strlen($r_raction) == 0) {
    RWSSErr("2001");
} else {
    RWSDSAct($r_raction);
}