}
include "/home/bkinney/includes/lti_mysqli.php";
include '../ims-blti/blti.php';
//no token query here anymore - require_once was causing a problem?
include '../canvasapi.php';
//'/home/bkinney/includes/get_ud_canvas_endpoint_paginate.php';
//change this to look up in db
//try this with the redirect. Does that help with masquerading??/
$context = new BLTI($secret, true, false);
//secret is set in the including page
if ($context->valid) {
//set some session variables
//die();
$context_id = $context->info['context_id'];
//$domain =$context->info['custom_canvas_api_domain'];
$isAdmin = $context->isAdministrator();
setcookie("context", $context_id, 0, '/');
setcookie("isAdmin", $isAdmin, 0, '/');
setcookie("lti_url", "https://apps.ats.udel.edu" . $_SERVER['PHP_SELF'], 0, '/');
if (isset($token)) {
//this should alway be false
$api = new CanvasAPI($token, $domain, $context->info['custom_canvas_user_id']);
$valid = $api->ready;
} else {
//query db for an all purpose token.
//I'm trusting the domain because I'm in a validated context
$query = sprintf("select token from tokens where domain='%s' and context='%s'", $domain, $domain);
$result = mysqli_query($link, $query);
if (mysqli_num_rows($result)) {
$row = mysqli_fetch_array($result);
$token = $_SESSION['token']['domain'] = $row['token'];
