Exemple #1
0
$warnings = array();
$messages = array();
if (!isset($_REQUEST["qtiid"])) {
    badrequest("no QTI ID was specified");
}
$item = getitem($_REQUEST["qtiid"]);
if (!$item) {
    badrequest("no item with the given QTI ID exists in the database");
}
// if not cloning...
if (!isset($_REQUEST["clone"])) {
    // only the owner can edit it
    if (!loggedin()) {
        badrequest("you're not logged in so can't edit this item");
    }
    if ($item["user"] != username()) {
        badrequest("you're not the owner of this item and so can't edit it");
    }
    // if the item's already in session memory redirect straight to Eqiat
    if (isset($_SESSION["items"]) && array_key_exists($_REQUEST["qtiid"], $_SESSION["items"])) {
        redirect(SITEROOT_WEB . "eqiat/#item_" . $_REQUEST["qtiid"]);
    }
}
// make a QTIAssessmentItem object from the data we have and put it in session memory
$metadata = array("description" => $item["description"], "keywords" => $item["keywords"]);
$ai = xmltoqtiobject($item["xml"], $errors, $warnings, $messages, $metadata, isset($_REQUEST["clone"]));
if ($ai === false) {
    servererror("Errors:\n" . implode("\n", $errors) . "\n\nWarnings:\n" . implode("\n", $warnings) . "\n\nMessages:\n" . implode("\n", $messages));
}
$ai->sessionStore();
redirect(SITEROOT_WEB . "eqiat/#item_" . $ai->getQTIID());
Exemple #2
0
			<strong><?php 
        echo htmlspecialchars(username());
        ?>
</strong>
		</p>
		<?php 
        include "htmlfooter.php";
        exit;
    }
    if (isset($_REQUEST["async"])) {
        badrequest("That username and password combination did not match any user in the database");
    }
    $errors[] = "That username and password combination did not match any user in the database";
} else {
    if (isset($_REQUEST["async"])) {
        badrequest("username and password not given");
    }
}
$title = "Log in";
include "htmlheader.php";
?>
<h2><?php 
echo htmlspecialchars($title);
?>
</h2>
<?php 
if (isset($_SESSION["nextpage"])) {
    ?>
	<p><strong>You need to be logged in to view the page you requested</strong></p>
<?php 
}
Exemple #3
0
				</ul>
				<?php 
                include "htmlfooter.php";
                exit;
            }
            redirect(SITEROOT_WEB . "?page=playItem");
        case "startover":
            // reset the item pointer
            $_SESSION["itemqueuepos"] = 0;
            redirect(SITEROOT_WEB . "?page=playItem");
        default:
            badrequest("unrecognized action");
    }
}
if (!isset($_SESSION["itemqueue"]) || empty($_SESSION["itemqueue"])) {
    badrequest("item queue is empty");
}
// URL to embed in QTIEngine XML
$actionurl = SITEROOT_WEB . "?page=playItem";
// get the current item
$item = getitem($_SESSION["itemqueue"][$_SESSION["itemqueuepos"]]);
// set response to false (to give a message later) if the item doesn't exist
// (it's been deleted)
if (!$item) {
    $response = false;
} else {
    // if QTIEngine form submitted post onwards to QTIEngine and display its output
    if (isset($_POST["submit"])) {
        // build request string
        $multipart = new HttpRequestBodyMultipart();
        $multipart->addpart("actionUrl", $actionurl);
                        $r = round($avgsize / ((self::WIDTH + self::HEIGHT) / 2) * 100, 1);
                    }
                }
                break;
        }
        $svg = '<svg xmlns="http://www.w3.org/2000/svg" width="' . self::WIDTH . '" height="' . self::HEIGHT . '" viewBox="0 0 1 1" preserveAspectRatio="none"><radialGradient id="vsgg" gradientUnits="userSpaceOnUse" cx="' . $x . '%" cy="' . $y . '%" r="' . $r . '%">' . "\n";
        $svg .= $svgstoppoints;
        $svg .= '</radialGradient><rect x="-50" y="-50" width="101" height="101" fill="url(#vsgg)" /></svg>';
        return $svg;
    }
}
function badrequest($message)
{
    $protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.0';
    header($protocol . ' ' . 400 . ' Bad Request');
    echo '<h1>Bad request</h1>';
    echo '<p>', $message, '</p>';
    exit;
}
$url = parse_url($_SERVER['REQUEST_URI']);
if (basename($url['path']) === "gradient.php") {
    try {
        $gradient = new GradientGenerator($_SERVER["QUERY_STRING"], true);
        // will redirect if cache image is succesfully generated
        $gradient->makeGradientImage(true);
        //fallback to live generation if cache file is not writable
        $gradient->renderGradient();
    } catch (Exception $e) {
        badrequest($e->getMessage());
    }
}
Exemple #5
0
if (isset($_REQUEST["p"])) {
    $page = intval($_REQUEST["p"]);
}
if ($page < 1) {
    $page = 1;
}
$perpage = 20;
if (isset($_REQUEST["perpage"])) {
    $perpage = intval($_REQUEST["perpage"]);
}
if ($perpage < 1) {
    $perpage = 1;
}
$numpages = ceil(count($items) / $perpage);
if (!empty($items) && count($items) <= ($page - 1) * $perpage) {
    badrequest("Not enough search results for this page to exist");
}
ob_start();
?>
<script type="text/javascript">
	$j(document).ready(function() {
		$j(".confirmdeleteitem").click(function() {
			if (!confirm("Are you sure you want to delete this item?"))
				return false;
		});
	});
</script>
<?php 
$headerextra = ob_get_clean();
$title = "Item list";
include "htmlheader.php";
Licensed under the Creative Commons 'Attribution non-commercial share alike' 
licence -- see the LICENCE file for more details
------------------------------------------------------------------------------*/
requirelogin();
if (!isset($_REQUEST["qtiid"])) {
    redirect("eqiat/");
}
$ai = QTIAssessmentItem::fromQTIID($_REQUEST["qtiid"]);
if (!$ai) {
    badrequest("No QTI found in session data for specified QTI ID");
}
if (!$ai->getQTI() || count($ai->getErrors())) {
    badrequest("Specified QTI item is unfinished or has errors");
}
if (($exists = itemexists($ai->getQTIID())) && itemowner($ai->getQTIID()) != username()) {
    badrequest("The item you are trying to deposit was already uploaded by a different user. You should clone it so it gets a new identifier and then try again.");
}
deposititem($ai);
// remove from session memory to remove from Eqiat view
$ai->sessionRemove();
$title = "Item " . ($exists ? "updated" : "deposited");
include "htmlheader.php";
?>
<h2><?php 
echo htmlspecialchars($title);
?>
</h2>
<p>The item "<?php 
echo htmlspecialchars($ai->data("title"));
?>
" has been <?php 
Exemple #7
0
            db()->exec("UPDATE users SET deleted=0 WHERE username='******';");
            $message = "User <strong>" . htmlspecialchars($_REQUEST["user"]) . "</strong> has been undeleted";
            break;
        case "grant":
            db()->exec("UPDATE users SET privileges=1 WHERE username='******';");
            $message = "User <strong>" . htmlspecialchars($_REQUEST["user"]) . "</strong> is now privileged";
            break;
        case "revoke":
            if (userhasprivileges($_REQUEST["user"]) && privilegedusers() == 1) {
                badrequest("can't revoke the privileges of the last remaining privileged user");
            }
            db()->exec("UPDATE users SET privileges=0 WHERE username='******';");
            $message = "User <strong>" . htmlspecialchars($_REQUEST["user"]) . "</strong> is now unprivileged";
            break;
        default:
            badrequest("unrecognized action");
    }
}
// get users from database
$result = db()->query("\n\tSELECT\n\t\tusers.username AS username,\n\t\tusers.registered AS registered,\n\t\tusers.privileges AS privileges,\n\t\tusers.deleted AS deleted,\n\t\tCOALESCE(items.cnt, 0) AS itemcount,\n\t\tCOALESCE(ratings.cnt, 0) AS ratingcount,\n\t\tCOALESCE(comments.cnt, 0) AS commentcount\n\tFROM users\n\tLEFT JOIN (SELECT user, COUNT(*) AS cnt FROM items GROUP BY user) AS items ON users.username=items.user\n\tLEFT JOIN (SELECT user, COUNT(*) AS cnt FROM ratings GROUP BY user) AS ratings ON users.username=ratings.user\n\tLEFT JOIN (SELECT user, COUNT(*) AS cnt FROM comments GROUP BY user) AS comments ON users.username=comments.user\n\tORDER BY users.username ASC\n;");
$users = array();
while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
    $users[] = $row;
}
ob_start();
?>
<script type="text/javascript">
	$j(document).ready(function() {
		$j(".confirmrevokeself").click(function() {
			if (!confirm("Are you sure you want to revoke your own privileges?"))
				return false;
    public function postLogic()
    {
        // form submitted -- try to build QTI
        // if posted itemtype is different to the current one, make a new object
        if (isset($_POST["itemtype"]) && $_POST["itemtype"] != $this->ai->itemType()) {
            $olditem = $this->ai;
            $classname = "QTI" . ucfirst($_POST["itemtype"]);
            if (!@class_exists($classname) || !is_subclass_of($classname, "QTIAssessmentItem")) {
                badrequest("Item type doesn't exist or not implemented");
            }
            $this->ai = new $classname();
            // keep the old identifier
            $olditem->sessionRemove();
            $this->ai->setQTIID($olditem->getQTIID());
            $this->ai->sessionStore();
            unset($olditem);
        }
        if ($this->ai->getQTI($_POST) === false) {
            // problem of some kind, show the form again with any messages
            $this->ai->showForm($_POST);
            exit;
        }
        // new QTI is fine
        // collect any warnings and messages
        $thingstosay = array();
        $tmp = $this->ai->getWarnings();
        if (!empty($tmp)) {
            $thingstosay[] = "warnings";
        }
        $tmp = $this->ai->getMessages();
        if (!empty($tmp)) {
            $thingstosay[] = "messages";
        }
        $title = "Item \"" . htmlspecialchars($this->ai->data("title")) . "\" complete";
        // set up the action JS
        $GLOBALS["headerjs"] = item_action_js();
        // output the success message
        include "htmlheader.php";
        ?>
		<h2><?php 
        echo $title;
        ?>
</h2>
		<p>The item has been successfully validated<?php 
        if (!empty($thingstosay)) {
            ?>
 with the following <?php 
            echo implode(" and ", $thingstosay);
            ?>
:<?php 
        }
        ?>
</p>
		<?php 
        $this->ai->showmessages();
        // show preview and download links
        ?>
		<h3>QTIEngine preview</h3>
		<?php 
        $action = new PreviewAssessmentItemAction();
        ?>
		<?php 
        if (usingIE()) {
            //iframe isn't available in HTML 4 Strict but IE (tested on 8) doesn't like object elements used for embedded HTML
            ?>
			<iframe width="100%" height="400" src="<?php 
            echo $action->actionURL($this->ai);
            ?>
"></iframe>
		<?php 
        } else {
            ?>
			<object class="embeddedhtml" width="100%" height="400" type="text/html" data="<?php 
            echo $action->actionURL($this->ai);
            ?>
"></object>
		<?php 
        }
        ?>

		<h3>Actions</h3>
		<ul>
			<li><a href="<?php 
        echo SITEROOT_WEB;
        ?>
">Go back to the main menu and item list</a></li>
			<?php 
        $types = item_actions();
        $actions = array();
        foreach ($types as $type) {
            if ($type->available($this->ai)) {
                $actions[] = $type;
            }
        }
        foreach ($actions as $action) {
            ?>
					<li><a class="itemaction_<?php 
            echo $action->actionString();
            ?>
" href="<?php 
            echo $action->actionURL($this->ai->getQTIID());
            ?>
" title="<?php 
            echo htmlspecialchars($action->description());
            ?>
"><?php 
            echo htmlspecialchars(ucfirst($action->name()));
            ?>
</a></li>
				<?php 
        }
        ?>
		</ul>

		<?php 
        include "htmlfooter.php";
    }
Exemple #9
0
 * Question Bank
 */
/*------------------------------------------------------------------------------
(c) 2010 JISC-funded EASiHE project, University of Southampton
Licensed under the Creative Commons 'Attribution non-commercial share alike' 
licence -- see the LICENCE file for more details
------------------------------------------------------------------------------*/
if (!loggedin()) {
    forbidden();
}
if (!isset($_REQUEST["qtiid"])) {
    badrequest("no QTI ID was specified");
}
$item = getitem($_REQUEST["qtiid"]);
if (!$item) {
    badrequest("no item with the given QTI ID exists in the database");
}
if ($item["user"] != username() && !userhasprivileges()) {
    forbidden();
}
// start transaction
db()->exec("BEGIN TRANSACTION;");
// delete ratings
db()->exec("DELETE FROM ratings WHERE item='" . db()->escapeString($item["identifier"]) . "';");
// delete comments
db()->exec("DELETE FROM comments WHERE item='" . db()->escapeString($item["identifier"]) . "';");
// delete keywords
db()->exec("DELETE FROM keywords WHERE item='" . db()->escapeString($item["identifier"]) . "';");
// delete item
db()->exec("DELETE FROM items WHERE identifier='" . db()->escapeString($item["identifier"]) . "';");
// commit changes
Exemple #10
0
 */
/*------------------------------------------------------------------------------
(c) 2010 JISC-funded EASiHE project, University of Southampton
Licensed under the Creative Commons 'Attribution non-commercial share alike' 
licence -- see the LICENCE file for more details
------------------------------------------------------------------------------*/
if (!isset($_REQUEST["action"]) || empty($_REQUEST["action"])) {
    badrequest("no action specified");
}
$classname = ucfirst($_REQUEST["action"]) . "Action";
if (!@class_exists($classname) || !is_subclass_of($classname, "ItemAction")) {
    badrequest("Item action doesn't exist or not implemented");
}
$action = new $classname();
if (!isset($_REQUEST["qtiid"])) {
    badrequest("No QTI ID specified");
}
if (!QTIAssessmentItem::fromQTIID($_REQUEST["qtiid"])) {
    badrequest("No QTI found in session data for specified QTI ID");
}
if (!$action->available(QTIAssessmentItem::fromQTIID($_REQUEST["qtiid"]))) {
    badrequest(ucfirst($action->name()) . " action is not currently available for the specified QTI item");
}
$GLOBALS["title"] = $action->description();
$action->beforeLogic();
if (isset($_POST) && !empty($_POST)) {
    $action->postLogic();
} else {
    $action->getLogic();
}
$action->afterLogic();
Exemple #11
0
 /** postLogic
  * This can be overridden to perform any action to take when a post request 
  * is receieved -- that is, $_POST is not empty
  */
 public function postLogic()
 {
     badrequest("no post logic implemented for action " . $this->actionString());
 }