$model = new StudentProfile($dbo); $module = \Ventus\Utilities\Functions::getModuleNameFromURL($_SERVER['HTTP_REFERER']); $module === 'specialist' ? $url = URL_SPECIALIST : ($url = URL_ACCESS_RECEPTION); //We first check if the employee has a valid session and is authorized to access the Specialist module \Ventus\Utilities\Authentication::isAuthenticated($SESSION, 'internal'); \Ventus\Utilities\Authentication::isAuthorized($SESSION, 'https://' . $url); //Check and decrypt read only session key if (empty($_GET['key']) || empty($_GET['iv'])) { //No key exists...we have a problem $loggers['audit']->error('Attempted access to student read-only session without key.'); header('location: https://' . URL_PHP . '/error-external.php?eid=R9001'); exit; } $student = mcrypt_decrypt(MCRYPT_BLOWFISH, hash('md5', HASH_GENERATION_RANDOM_STRING), base64_decode($_GET['key']), MCRYPT_MODE_ECB, base64_decode($_GET['iv'])); $student = unserialize($student); $log_in = $model->validateUserForReadOnlySession($student); if (!$log_in) { //No student found...we have a problem $loggers['audit']->warning("Attempted access to student read-only session for invalid student {$student['student_num']}."); header('location: https://' . URL_PHP . '/error-external.php?eid=R9002'); exit; } $loggers['audit']->info('Student read-only session initiated.'); $SESSION = new \Zend_Session_Namespace('student', true); foreach ($log_in as $key => $value) { $SESSION->{$key} = $value; } $SESSION->logged_in = md5(uniqid(microtime()) . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']); $SESSION->user_id = $student['student_num']; if ($SESSION->corr_lang == "E") { $SESSION->corr_lang = "en-CA";