} else { // Ok, we are an LTI launch. /* * VERIFY OAUTH SIGNATURE */ // The LMS gives us a key and we need to find out which shared secret belongs to that key. // The key & secret are configured on the LMS in "Admin Tools" > "External Learning Tools" > "Manage Tool Providers", // Or in the remote plugin setup page if you are using them. $oauth_consumer_key = $_REQUEST['oauth_consumer_key']; // We only have one key, "key", which corresponds to the (shared) secret "secret" if ($oauth_consumer_key != $OAUTH_KEY) { exit("Invalid OAuth key"); } else { $oauth_consumer_secret = $OAUTH_SECRET; } if (!OAuth1p0::CheckSignatureForFormUrlEncoded($SITE_URL . $_SERVER['REQUEST_URI'], 'POST', $_POST, $oauth_consumer_secret)) { exit("Invalid OAuth signature"); } // Store things that gradeSubmit.php will need into the session session_start(); $_SESSION['lis_outcome_service_url'] = $_REQUEST['lis_outcome_service_url']; $_SESSION['lis_result_sourcedid'] = $_REQUEST['lis_result_sourcedid']; $_SESSION['lis_person_name_given'] = $_REQUEST['lis_person_name_given']; $_SESSION['oauth_consumer_key'] = $_REQUEST['oauth_consumer_key']; $_SESSION['oauth_consumer_secret'] = $oauth_consumer_secret; session_write_close(); /* * READ BACK OUR GRADE * If it exists, show the grade and disable the submit button. */ $endpoint = $_REQUEST['lis_outcome_service_url'];
require_once 'OAuth1p0.php'; require_once 'libsrc/D2LAppContextFactory.php'; require_once 'config.php'; // Find our URL $url = 'http'; if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') { $url .= 's'; } $serverPort = $_SERVER['SERVER_PORT']; $port = ""; if ($url == 'http' && $serverPort != 80 || $url == "https" && $serverPort != 443) { $port = ":{$serverPort}"; } $url .= '://' . $_SERVER["SERVER_NAME"] . $port . $_SERVER["REQUEST_URI"]; if (!OAuth1p0::CheckSignatureForFormUrlEncoded($url, 'POST', $_POST, $config['secret'])) { exit("Invalid OAuth signature\n"); } if (empty($_POST['user_id'])) { exit("Missing user_id parameter"); } // Get user info from the LTI launch $userId = $_POST['user_id']; // D2L LTI launch sends user_id as <LMS installation code>_<LMS user ID> $userId = substr($userId, strpos($userId, '_') + 1); $orgId = $_POST['context_id']; $name = $_POST['lis_person_name_full']; $returnUrl = parse_url($_POST['launch_presentation_return_url']); $queryParams = array(); parse_str($returnUrl['query'], $queryParams); // we get the lms info from lis_outcome_service_url