// Use both from (webtest) below or both from (Production) above.
// DEVL environment URL
$cspAuthURL = 'https://webtest.csp.att.com/empsvcs/hrpinmgt/pagLogin/?retURL=' . $encReturnURL . '&sysName=SI_DMOQ';
$cspAuthURL = 'https://www.e-access.att.com/empsvcs/hrpinmgt/pagLogin/?retURL=' . $encReturnURL . '&sysName=SI_DMOQ';
$tooWeakURL = 'https://webtest.csp.att.com/empsvcs/hr/pagMenu_chgpin/?opt=12';
$tooWeakURL = 'https://www.e-access.att.com/empsvcs/hr/pagMenu_chgpin/?opt=12';
if (!isset($_COOKIE['attESSec'])) {
header('HTTP/1.0 302 Redirect');
header("Location: " . $cspAuthURL);
header("Connection: close");
exit;
}
$attESSecRaw = $_COOKIE['attESSec'];
$attESSecRaw = $attESSecRaw . "\r\n";
//Add the carriage return and newline that PHP needs to make this work.
$decryptedSecCookie = decryptCookie($attESSecRaw);
// Defined below
$d = getdate();
if ($decryptedSecCookie == "") {
echo 'attESSec Cookie decrypted to an empty string, is environment type and system name set right in this code?';
// In the production version of your code the following line should be used. It is commented out here
// because it makes for easier debugging. This next line catches cookies that have expired.
header('HTTP/1.0 302 Redirect');
header("Location: " . $cspAuthURL);
header("Connection: close");
exit;
} else {
$secCookieParts = explode("|", $decryptedSecCookie);
//print "<PRE>secCookieparts<br>";
//print_r($secCookieParts);
//print "</PRE>";
function isInstructor()
{
if (isset($_COOKIE['roles'])) {
if (substr_count(strtolower(decryptCookie($_COOKIE['roles'])), "instructor") > 0) {
return true;
}
}
return false;
}
<?php
include_once 'app/app.php';
$customparams = loadCustomParams($c, decryptCookie($_COOKIE['oauth_consumer_key']));
$variables = array('c' => $c, 'customparams' => $customparams);
ebsco_render('basic_search.html', 'layout.html', $variables);
function validate_session()
{
$user = new stdClass();
//check if user has any stored cookie and check for its version if yes
//logout user if stored cookie is outdated
if (isset($_COOKIE['elegance_cut_user'])) {
$arrayCookieVariables = getCookieVariables(decryptCookie($_COOKIE['elegance_cut_user']));
if (count($arrayCookieVariables) == env('COOKIE_LENGTH') && $arrayCookieVariables[3] == env('APP_ID')) {
//do nothing
} else {
logout();
$user->is_logged_in = false;
return $user;
}
} else {
logout();
$user->is_logged_in = false;
return $user;
}
//check if all the session variable are in place
if (isset($_SESSION['elegance_cut_user']) && isset($_SESSION['elegance_cut_user']['obj'])) {
if ($_SESSION['elegance_cut_user']['session_expire'] > time()) {
$user = $_SESSION['elegance_cut_user']['obj'];
$user->is_logged_in = true;
return $user;
} else {
if (isset($_COOKIE['elegance_cut_user'])) {
$arrayCookieVariables = getCookieVariables(decryptCookie($_COOKIE['elegance_cut_user']));
if (in_array('remember', $arrayCookieVariables)) {
//restore session expire
$_SESSION['elegance_cut_user']['session_expire'] = time() + 86400;
$user = $_SESSION['elegance_cut_user']['obj'];
$user->is_logged_in = true;
return $user;
} else {
$_SESSION['elegance_cut_user']['session_expire'] = time() + 3600;
$user = $_SESSION['elegance_cut_user']['obj'];
$user->is_logged_in = true;
return $user;
}
} else {
logout();
$user->is_logged_in = false;
return $user;
}
}
} else {
if (isset($_COOKIE['elegance_cut_user'])) {
$arrayCookieVariables = getCookieVariables(decryptCookie($_COOKIE['elegance_cut_user']));
//get user data
$objUser = App\UserMaster::where('user_id', $arrayCookieVariables[1])->where('status', 1)->first();
if (null == $objUser) {
logout();
$user->is_logged_in = false;
return $user;
}
if (in_array('remember', $arrayCookieVariables)) {
//restore session expire
$_SESSION['elegance_cut_user']['obj'] = $objUser;
$_SESSION['elegance_cut_user']['session_expire'] = time() + 86400;
// 1 day
$user = $_SESSION['elegance_cut_user']['obj'];
$user->is_logged_in = true;
return $user;
} else {
//restore session expire
$_SESSION['elegance_cut_user']['obj'] = $objUser;
$_SESSION['elegance_cut_user']['session_expire'] = time() + 3600;
// 1 hour
$user = $_SESSION['elegance_cut_user']['obj'];
$user->is_logged_in = true;
return $user;
}
} else {
logout();
$user->is_logged_in = false;
return $user;
}
}
}
$clean = strip_tags_deep($_GET);
if (isInstructor()) {
?>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$("#chkAll").click(function(){
$(".readingchoice").prop("checked",$("#chkAll").prop("checked"))
})
});
</script>
<div class="readingListLink">
<?php
$currlistid = decryptCookie($_COOKIE['currentListId']);
$currauthid = decryptCookie($_COOKIE['currentAuthorId']);
$sql = $c->prepare("SELECT id, course, linklabel, private FROM lists WHERE id IN (SELECT listid FROM authorlists WHERE authorid = ?) AND id != ? AND credentialconsumerid = ?;");
$credconsumerID = getCredentialConsumerID();
$sql->bind_param('iii', $currauthid, $currlistid, $credconsumerID);
$sql->execute();
$sql->store_result();
$sql->bind_result($mylists_id, $mylists_course, $mylists_linklabel, $mylists_private);
if ($sql->num_rows > 0) {
echo '<form id="mylist" action="copy_list.php" method="get">Your Lists: <select id="mylists" name="listid">';
while ($sql->fetch()) {
if (strlen($mylists_linklabel) <= 0) {
$mylists_linklabel = 'Untitled List';
}
if (strlen($mylists_linklabel) >= 100) {
$mylists_linklabel = substr($mylists_linklabel, 0, 99) . "...";
}
foreach ($readingsToAdd as $readingId) {
$sql .= mysqli_real_escape_string($c, $readingId) . ",";
}
$sql = substr($sql, 0, strlen($sql) - 1);
$sql .= ");";
$results1 = mysqli_query($c, $sql);
while ($row = mysqli_fetch_array($results1)) {
$sql = "SELECT id FROM readings WHERE listid = " . mysqli_real_escape_string($c, decryptCookie($_COOKIE['currentListId'])) . " AND url = \"" . $row['url'] . "\" AND an = \"" . $row['an'] . "\" AND db = \"" . $row['db'] . "\";";
$matches = mysqli_query($c, $sql);
if (mysqli_num_rows($matches) <= 0) {
if ($notes && $order) {
$sql = 'INSERT INTO readings (listid, authorid, an, db, url, title, instruct, type, priority, notes) VALUES (' . mysqli_real_escape_string($c, decryptCookie($_COOKIE['currentListId'])) . ',' . mysqli_real_escape_string($c, decryptCookie($_COOKIE['currentAuthorId'])) . ',"' . $row['an'] . '","' . $row['db'] . '","' . $row['url'] . '","' . htmlentities($row['title']) . '","' . htmlentities($row['instruct']) . '",' . $row['type'] . ',' . $row['priority'] . ',"' . htmlentities($row['notes']) . '");';
} else {
if ($notes && !$order) {
$sql = 'INSERT INTO readings (listid, authorid, an, db, url, title, instruct, type, priority, notes) VALUES (' . mysqli_real_escape_string($c, decryptCookie($_COOKIE['currentListId'])) . ',' . mysqli_real_escape_string($c, decryptCookie($_COOKIE['currentAuthorId'])) . ',"' . $row['an'] . '","' . $row['db'] . '","' . $row['url'] . '","' . htmlentities($row['title']) . '","' . htmlentities($row['instruct']) . '",' . $row['type'] . ',1,"' . htmlentities($row['notes']) . '");';
} else {
if ($order && !$notes) {
$sql = 'INSERT INTO readings (listid, authorid, an, db, url, title, instruct, type, priority, notes) VALUES (' . mysqli_real_escape_string($c, decryptCookie($_COOKIE['currentListId'])) . ',' . mysqli_real_escape_string($c, decryptCookie($_COOKIE['currentAuthorId'])) . ',"' . $row['an'] . '","' . $row['db'] . '","' . $row['url'] . '","' . htmlentities($row['title']) . '","' . htmlentities($row['instruct']) . '",' . $row['type'] . ',' . $row['priority'] . ',"");';
} else {
$sql = 'INSERT INTO readings (listid, authorid, an, db, url, title, instruct, type, priority, notes) VALUES (' . mysqli_real_escape_string($c, decryptCookie($_COOKIE['currentListId'])) . ',' . mysqli_real_escape_string($c, decryptCookie($_COOKIE['currentAuthorId'])) . ',"' . $row['an'] . '","' . $row['db'] . '","' . $row['url'] . '","' . htmlentities($row['title']) . '","' . htmlentities($row['instruct']) . '",' . $row['type'] . ',1,"");';
}
}
}
mysqli_query($c, $sql);
}
}
}
?>
<h2>Processing...</h2>
<meta http-equiv="refresh" content="0;url=reading_list.php" />
" class="folder" style="font-size: 11px; display: <?php
if (itemInFolder($folderitemsarray, $result['An'], $result['DbId'])) {
echo "inline";
} else {
echo "none";
}
?>
;">
<button class="removeFolder" id="removebutton<?php
echo $result['ResultId'];
?>
" onclick="addToFolder(xmlhttp,<?php
echo decryptCookie($_COOKIE['currentListId']);
?>
,<?php
echo decryptCookie($_COOKIE['currentAuthorId']);
?>
,'<?php
echo $result['An'];
?>
', '<?php
echo $result['DbId'];
?>
','none','none','<?php
echo urlencode($Ti['TitleFull']);
?>
',2,<?php
echo $result['ResultId'];
?>
,1,1)">Remove from Reading List</button>
<?php
session_start();
include "app/app.php";
$clean = strip_tags_deep($_POST);
if (isset($clean['reading_id'])) {
$reading_id = (int) $clean['reading_id'];
recordStudentReading($c, decryptCookie($_COOKIE['lis_person_name_full']), decryptCookie($_COOKIE['lis_person_contact_email_primary']), $reading_id);
}
//populate the array
$courses[$consumerid][] = $course;
}
$numCourses += $sql->num_rows;
unset($course);
if ($c->more_results()) {
$c->next_result();
}
}
echo $numCourses;
?>
</p>
<p><strong>Courses</strong>:<span style="font-size:smaller;">
<?php
foreach ($consumerids['logged_in_consumerid'] as $consumerid) {
$querystring = 'SELECT id FROM credentialconsumers WHERE credentialid = ' . decryptCookie($_COOKIE['logged_in_cust_id']) . ' AND consumerid = "' . $consumerid . '";';
$credconsumresults = mysqli_query($c, $querystring);
$credconsumrow = mysqli_fetch_array($credconsumresults);
$credconsumer = $credconsumrow['id'];
foreach ($courses[$consumerid] as $course) {
echo "<br />" . $course;
$sql = $c->prepare("SELECT id FROM lists WHERE course = ? AND credentialconsumerid = ?;");
$sql->bind_param('si', $course, $credconsumer);
$sql->execute();
$sql->store_result();
$numListsInCourse = $sql->num_rows;
echo " <em>(" . $numListsInCourse . " list";
if ($numListsInCourse != 1) {
echo "s";
}
echo ")</em>";
<?php
include_once 'app/app.php';
$customparams = loadCustomParams($c, decryptCookie($_COOKIE['oauth_consumer_key']));
include 'rest/EBSCOAPI.php';
if ($customparams['studentdata'] == "y" && !isInstructor()) {
$email = isset($_COOKIE['lis_person_contact_email_primary']) ? decryptCookie($_COOKIE['lis_person_contact_email_primary']) : '';
recordStudentAccess($c, decryptCookie($_COOKIE['lis_person_name_full']), $email, decryptCookie($_COOKIE['currentListId']));
}
$readingList = getReadingList($c);
$useCache = false;
if (sizeof($readingList) >= 75) {
$results = array();
$useCache = true;
} else {
$api = new EBSCOAPI($c, $customparams);
$listOfANs = array();
foreach ($readingList as $reading) {
$listOfANs[] = "AN " . $reading['an'];
}
if (sizeof($listOfANs) > 0) {
$query['query'] = implode(" OR ", $listOfANs);
$searchTerm = $query;
$fieldCode = '';
$start = 1;
$limit = 100;
$sortBy = 'relevance';
$amount = 'detailed';
$mode = 'all';
$expander = '';
$limiter = '';
$ANs[] = $ANsPrep[$i];
}
//There should always be an equal number of elements in these array. This will ensure that is the case
$titlecount = count($titles);
$ANcount = count($ANs);
$DBcount = count($DBs);
if ($titlecount != $ANcount || $titlecount != $DBcount || $ANcount != $DBcount || $titlecount == 0) {
?>
<div class="readingListLink"> <h3><?php
echo "Oops! An error occurred. The data for one or more records is incomplete. Please try again, being sure to include the entire record for each reading.";
?>
</h3></div><?php
} else {
for ($i = 0; $i < $titlecount; $i++) {
$sql = $c->prepare("INSERT INTO readings (listid, authorid, an, db, title, priority, url, type) VALUES (?,?,?,?,?,1,'none',1);");
$sql->bind_param('iisss', decryptCookie($_COOKIE['currentListId']), decryptCookie($_COOKIE['currentAuthorId']), $ANs[$i], $DBs[$i], $titles[$i]);
$sql->execute();
}
if ($titlecount == 1) {
setcookie('import_folder_message', encryptCookie("1 reading added"), $time, '/');
} else {
setcookie('import_folder_message', encryptCookie("{$titlecount} readings added"), $time, '/');
}
header("Location:reading_list.php");
}
//Add statement saying how many items added to reading list.
}
?>
<div class="readingListLink"><h2> Enter bibliographic info from the list into this box:</h2>
<form action="import_folder.php" id="EBSCOFolderForm" method="post">
<textarea name="BiblioInfo" form="EBSCOFolderForm" rows="6" cols="50"></textarea></br>
$count = 0;
while ($sql->fetch()) {
$count++;
$consumeridsArray['logged_in_consumerid'][$count] = $result;
}
if (!isset($consumeridsArray)) {
$consumeridsArray = array();
}
setcookie('consumeridsArray', encryptCookie($consumeridsArray), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
if ($c->more_results()) {
$c->next_result();
}
$customparams = loadCustomParams($c, $key);
$variables['consumeridsArray'] = $consumeridsArray;
$variables['customparams'] = $customparams;
ebsco_render('admin.html', 'layout.html', $variables);
} else {
if (isset($_COOKIE['forward_to_admin']) && decryptCookie($_COOKIE['forward_to_admin']) == "n") {
if (isset($_POST['admin_key'])) {
$clean = strip_tags_deep($_POST);
setcookie('admin_key', encryptCookie($clean['admin_key']), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
setcookie('admin_secret', encryptCookie($clean['admin_secret']), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
$variables['admin_key'] = $clean['admin_key'];
$variables['admin_secret'] = $clean['admin_secret'];
}
ebsco_render('sign_on.html', 'layout.html', $variables);
} else {
ebsco_render('sign_on.html', 'layout.html', $variables);
}
}
}
/**
* Get session token for a profile
* If session token is not available
* a new session token will be generated
*
* @param Authentication token, Profile
* @access public
*/
public function getSessionToken($authenToken, $invalid = 'n')
{
$token = '';
// Check user's login status
if (isset($_COOKIE['login'])) {
if ($invalid == 'y') {
$profile = self::$cust_profile;
$_SESSION['debug'] .= "--GetSession with INVALID is YES--";
$sessionToken = $this->apiSessionToken($authenToken, $profile, 'n');
$_SESSION['debug'] .= "---apiSessionToken got " . var_export($sessionToken, TRUE) . "---";
$time = 0;
// store for session only //store cookie for one hour
setcookie('sessionToken', encryptCookie($sessionToken), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
$_SESSION['sessionToken'] = $sessionToken;
} else {
if (isset($_SESSION['sessionToken'])) {
$sessionToken = $_SESSION['sessionToken'];
$_SESSION['debug'] .= "---Using EXISTING session token from SESSION var: " . var_export($sessionToken, TRUE) . "---";
} else {
$sessionToken = decryptCookie($_COOKIE['sessionToken']);
$_SESSION['debug'] .= "---Using EXISTING session token from Cookie var: " . var_export($sessionToken, TRUE) . "---";
}
}
$token = $sessionToken['sessionToken'];
} else {
die("The reading list tool requires the use of cookies. Please insure you allow cookies from this site.");
}
return $token;
}
die("It looks like your user id and password for your EDS API profile are incorrect. Please check your settings in the <a href='http://curriculumbuilder.ebscohost.com/admin.php' target='_top'>admin panel</a>.<p style='display:none;'>" . var_export($customparams, TRUE) . "</p>");
}
try {
$_SESSION['debug'] .= "<p>Using AuthToken " . $api->getAuthToken() . "</p>";
$newSessionToken = $api->apiSessionToken($api->getAuthToken(), $profile, 'n');
} catch (Exception $e) {
echo "<div style='display:none;'>" . $_SESSION['debug'] . "</div>";
die("It looks like your profile id for your EDS API profile is incorrect. Please check your settings in the <a href='http://curriculumbuilder.ebscohost.com/admin.php' target='_top'>admin panel</a>.<p style='display:none;'>" . var_export($customparams, TRUE) . "</p><p style='display:none;'>" . $e->getMessage() . "</p>");
}
setcookie('sessionToken', encryptCookie($newSessionToken), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
setcookie('login', encryptCookie($profile), 0, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE);
if (isset($_COOKIE['Guest'])) {
setcookie('Guest', '', time() - 3600);
}
if (isset($clean['path'])) {
$path = $clean['path'];
} else {
$path = "default";
}
if (isset($clean['copyid'])) {
if ($clean['copyid'] == '0') {
} else {
copyList($c, $clean['copyid'], decryptCookie($_COOKIE['currentListId']));
$path = "reading_list";
}
}
if ($path == "reading_list") {
header("location: {$path}.php");
} else {
header("location: index.php");
}
<?php
include 'app/app.php';
if (!isset($_COOKIE['currentListId'])) {
echo "<div class='readingListLink'>Please open a reading list via your course website before using this feature.</div>";
die;
}
$customparams = loadCustomParams($c, decryptCookie($_COOKIE['oauth_consumer_key']));
include 'rest/EBSCOAPI.php';
$api = new EBSCOAPI($c, $customparams);
$clean = strip_tags_deep($_REQUEST);
if (!isset($clean['db']) || !isset($clean['db'])) {
echo "<div class='readingListLink'>Error: couldn't add this to the reading list.</div>";
die;
} else {
$db = $clean['db'];
$an = $clean['an'];
}
$highlight = "";
$result = $api->apiRetrieve($an, $db, $highlight);
if (isset($result['error'])) {
$error = $result['error'];
echo "<div class='readingListLink'>Error: " . $result['error'] . "</div>";
die;
} else {
$error = null;
}
$variables = array('result' => $result, 'error' => $error, 'id' => 'record', 'c' => $c, 'customparams' => $customparams, 'an' => $an, 'db' => $db, 'currentListId' => decryptCookie($_COOKIE['currentListId']));
ebsco_render('add_to_list.html', 'layout.html', $variables);
?>
</span>
<?php
if (isset($_COOKIE['logged_in_cust_id']) && !isset($_REQUEST['logout'])) {
echo "<br /><a href=\"admin2.php?logout=YES\" title=\"Staff Login\">Log Out</a>";
}
?>
</div>
<div class="content">
<?php
if (isInstructor() || isset($_COOKIE['launch_presentation_return_url']) && isset($customparams) && $customparams['courselink'] == 'y') {
?>
<div class="readingListLink" id="currentList"><?php
if (isset($_COOKIE['launch_presentation_return_url']) && isset($customparams) && $customparams['courselink'] == 'y') {
echo '<a target="_top" href="' . htmlspecialchars_decode(decryptCookie($_COOKIE['launch_presentation_return_url'])) . '">Return to Course</a>';
}
if (isset($_COOKIE['launch_presentation_return_url']) && isInstructor() && isset($customparams) && $customparams['courselink'] == 'y') {
echo ' | ';
}
if (isInstructor()) {
echo '<a href="reading_list.php">See Current Reading List</a>';
}
?>
</div>
<?php
}
?>
<?php
echo $content;
