$model = new StudentProfile($dbo);
$module = \Ventus\Utilities\Functions::getModuleNameFromURL($_SERVER['HTTP_REFERER']);
$module === 'specialist' ? $url = URL_SPECIALIST : ($url = URL_ACCESS_RECEPTION);
//We first check if the employee has a valid session and is authorized to access the Specialist module
\Ventus\Utilities\Authentication::isAuthenticated($SESSION, 'internal');
\Ventus\Utilities\Authentication::isAuthorized($SESSION, 'https://' . $url);
//Check and decrypt read only session key
if (empty($_GET['key']) || empty($_GET['iv'])) {
//No key exists...we have a problem
$loggers['audit']->error('Attempted access to student read-only session without key.');
header('location: https://' . URL_PHP . '/error-external.php?eid=R9001');
exit;
}
$student = mcrypt_decrypt(MCRYPT_BLOWFISH, hash('md5', HASH_GENERATION_RANDOM_STRING), base64_decode($_GET['key']), MCRYPT_MODE_ECB, base64_decode($_GET['iv']));
$student = unserialize($student);
$log_in = $model->validateUserForReadOnlySession($student);
if (!$log_in) {
//No student found...we have a problem
$loggers['audit']->warning("Attempted access to student read-only session for invalid student {$student['student_num']}.");
header('location: https://' . URL_PHP . '/error-external.php?eid=R9002');
exit;
}
$loggers['audit']->info('Student read-only session initiated.');
$SESSION = new \Zend_Session_Namespace('student', true);
foreach ($log_in as $key => $value) {
$SESSION->{$key} = $value;
}
$SESSION->logged_in = md5(uniqid(microtime()) . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']);
$SESSION->user_id = $student['student_num'];
if ($SESSION->corr_lang == "E") {
$SESSION->corr_lang = "en-CA";
