function lti_parse_request_OLD($wp) { if (!is_basic_lti_request()) { $good_message_type = $_REQUEST[LTI_MESSAGE_TYPE] == LTI_MESSAGE_TYPE_VALUE; $good_lti_version = $_REQUEST[LTI_VERSION] == LTI_VERSION_VALUE; $resource_link_id = $_REQUEST[RESOURCE_LINK_ID]; if ($good_message_type && $good_lti_version && !isset($resource_link_id)) { $launch_presentation_return_url = $_REQUEST[LAUNCH_PRESENTATION_URL]; if (isset($launch_presentation_return_url)) { header('Location: ' . $launch_presentation_return_url); exit; } } return; } // See if we get a context, do not set session, do not redirect $secret = lti_get_secret_from_consumer_key(); $context = new bltiUocWrapper(false, false, null, $secret); if (!$context->valid) { //var_dump($_POST); echo "<hr>OAuthUtil::urldecode_rfc3986('%2B') " . OAuthUtil::urldecode_rfc3986('%2B') . "<br>"; echo "<hr>OAuthUtil::urldecode_rfc3986('%5C') " . OAuthUtil::urldecode_rfc3986('%5C') . "<br>"; wp_die("BASIC LTI Authentication Failed, not valid request (make sure that consumer is authorized and secret is correct) " . $context->message); return; } $error = is_lti_error_data($context); if ($error !== FALSE) { $launch_presentation_return_url = $_REQUEST[LAUNCH_PRESENTATION_URL]; if (isset($launch_presentation_return_url)) { $error = '<p>' . $error . '</p><p>Return to site <a href="' . $launch_presentation_return_url . '">' . $launch_presentation_return_url . '</a></p>'; } wp_die($error, ''); } $blogType = new blogTypeLoader($context); if ($blogType->error < 0) { wp_die("BASIC LTI loading Types Aula Failed " . $blogType->error_miss); return; } // Set up the user... $userkey = getUserkeyLTI($context); $userkey = apply_filters('pre_user_login', $userkey); $userkey = trim($userkey); if (empty($userkey)) { wp_die('<p>Empty username</p><p>Cannot create a user without username</p>'); } $uinfo = get_user_by('login', $userkey); if (isset($uinfo) && $uinfo != false) { // og LTI: set the user_login and user_nicename to the same value, // , because we want the wordpress-login cookie to have the username // otherwise caching won't work properly! $ret_id = wp_insert_user(array('ID' => $uinfo->ID, 'user_login' => $userkey, 'user_nicename' => $userkey, 'first_name' => $context->getUserFirstName(), 'last_name' => $context->getUserLastName(), 'user_email' => $context->getUserEmail(), 'user_url' => 'http://b', 'display_name' => $context->getUserName(), 'role' => get_option('default_role'))); //error_log("og old role is set"); if (is_object($ret_id) && isset($ret_id->errors)) { $msg = ''; foreach ($ret_id->errors as $key => $error) { $msg .= "<p><b>{$key}</b> "; foreach ($error as $erroMsg) { $msg .= "<p> {$erroMsg}</p>"; } $msg .= "</p>"; } wp_die($msg); } } else { // new user!!!! $ret_id = wp_insert_user(array('user_login' => $userkey, 'user_nicename' => $context->getUserName(), 'first_name' => $context->getUserFirstName(), 'last_name' => $context->getUserLastName(), 'user_email' => $context->getUserEmail(), 'user_url' => 'http://c', 'display_name' => $context->getUserName())); if (is_object($ret_id) && isset($ret_id->errors)) { $msg = ''; foreach ($ret_id->errors as $key => $error) { $msg .= "<p><b>{$key}</b> "; foreach ($error as $erroMsg) { $msg .= "<p> {$erroMsg}</p>"; } $msg .= "</p>"; } wp_die($msg); } $uinfo = get_user_by('login', $userkey); } //Eliminem del blog Principal (si no es admin) http://jira.uoc.edu/jira/browse/BLOGA-218 if (!$is_admin) { $user = new WP_User($uinfo->ID); $user->remove_all_caps(); } $_SERVER['REMOTE_USER'] = $userkey; $password = md5($uinfo->user_pass); // User is now authorized; force WordPress to use the generated password //login, set cookies, and set current user wp_authenticate($userkey, $password); wp_set_auth_cookie($user->ID, false); wp_set_current_user($user->ID, $userkey); $siteUrl = substr(get_option("siteurl"), 7); // - "http://" $siteUrlArray = explode("/", $siteUrl); $domain = $siteUrlArray[0]; unset($siteUrlArray[0]); //error_log("og LTI domain: ". $domain); $course = $blogType->getCoursePath($context, $siteUrlArray, $domain); if (isset($context->info[RESOURCE_LINK_ID]) && $context->info[RESOURCE_LINK_ID]) { $course .= '-' . $context->info[RESOURCE_LINK_ID]; } $course = sanitize_user($course, true); //Bug wordpress doesn't get stye sheet if has a dot $course = str_replace('.', '_', $course); $path_base = "/" . implode("/", $siteUrlArray) . "/" . $course; $path_base = str_replace('//', '/', $path_base); $path = $path_base . "/"; $path = str_replace('//', '/', $path); $blog_created = false; $overwrite_plugins_theme = isset($context->info[OVERWRITE_PLUGINS_THEME]) ? $context->info[OVERWRITE_PLUGINS_THEME] == 1 : false; $overwrite_roles = isset($context->info[OVERWRITE_ROLES]) ? $context->info[OVERWRITE_ROLES] == 1 : false; $blog_id = domain_exists($domain, $path); $blog_is_new = false; if (!isset($blog_id)) { $title = __("Blog ") . $blogType->getCourseName($context); $blog_is_new = true; $meta = $blogType->getMetaBlog($context); $old_site_language = get_site_option('WPLANG'); $blogType->setLanguage($context); $blog_id = wpmu_create_blog($domain, $path, $title, $user_id, $meta); update_site_option('WPLANG', $old_site_language); $blogType->checkErrorCreatingBlog($blog_id, $path); $blog_created = true; } // Connect the user to the blog if (isset($blog_id)) { switch_to_blog($blog_id); ob_start(); if ($overwrite_plugins_theme || $blog_created) { $blogType->loadPlugins(); $blogType->changeTheme(); } //Agafem el rol anterior $old_role = null; if (!$blog_created && !$overwrite_roles) { $old_role_array = get_usermeta($user->id, 'wp_' . $blog_id . '_capabilities'); if (count($old_role_array) > 0) { foreach ($old_role_array as $key => $value) { if ($value == true) { $old_role = $key; } } } } remove_user_from_blog($uinfo->ID, $blog_id); $obj = new stdClass(); $obj->blog_id = $blog_id; $obj->userkey = $userkey; $obj->path_base = $path_base; $obj->domain = $domain; $obj->context = $context; $obj->uinfoID = $uinfo->ID; $obj->blog_is_new = $blog_is_new; if ($overwrite_roles || $old_role == null) { $obj->role = $blogType->roleMapping($context->info[FIELD_ROLE_UOC_CAMPUS], $context->info); } else { $obj->role = $old_role; } $blogType->postActions($obj); add_user_to_blog($blog_id, $uinfo->ID, $obj->role); //Si posem el restore_current_blog ens va al principi // restore_current_blog(); ob_end_clean(); } $redirecturl = get_option("siteurl"); //error_log("og LTI redirect URL: ".$redirecturl); $redirecturl = str_replace("http://", "https://", $redirecturl); //error_log("og LTI new redirect URL: ".$redirecturl); wp_redirect($redirecturl); exit; }
function __construct($parm = false, $usesession = true, $doredirect = true) { // If this request is not an LTI Launch, either // give up or try to retrieve the context from session if (!is_basic_lti_request()) { if ($usesession === false) { return; } if (strlen(session_id()) > 0) { $row = $_SESSION['_basiclti_lti_row']; if (isset($row)) { $this->row = $row; } $context_id = $_SESSION['_basiclti_lti_context_id']; if (isset($context_id)) { $this->context_id = $context_id; } $info = $_SESSION['_basic_lti_context']; if (isset($info)) { $this->info = $info; $this->valid = true; return; } $this->message = "Could not find context in session"; return; } $this->message = "Session not available"; return; } // Insure we have a valid launch if (empty($_REQUEST["oauth_consumer_key"])) { $this->message = "Missing oauth_consumer_key in request"; return; } $oauth_consumer_key = $_REQUEST["oauth_consumer_key"]; // Find the secret - either form the parameter as a string or // look it up in a database from parameters we are given $secret = false; $row = false; if (is_string($parm)) { $secret = $parm; } else { if (!is_array($parm)) { $this->message = "Constructor requires a secret or database information."; return; } else { $sql = 'SELECT * FROM ' . $parm['table'] . ' WHERE ' . ($parm['key_column'] ? $parm['key_column'] : 'oauth_consumer_key') . '=' . "'" . mysql_real_escape_string($oauth_consumer_key) . "'"; $result = mysql_query($sql); $num_rows = mysql_num_rows($result); if ($num_rows != 1) { $this->message = "Your consumer is not authorized oauth_consumer_key=" . $oauth_consumer_key; return; } else { while ($row = mysql_fetch_assoc($result)) { $secret = $row[$parms['secret_column'] ? $parms['secret_column'] : 'secret']; $context_id = $row[$parms['context_column'] ? $parms['context_column'] : 'context_id']; if ($context_id) { $this->context_id = $context_id; } $this->row = $row; break; } if (!is_string($secret)) { $this->message = "Could not retrieve secret oauth_consumer_key=" . $oauth_consumer_key; return; } } } } // Verify the message signature $store = new TrivialOAuthDataStore(); $store->add_consumer($oauth_consumer_key, $secret); $server = new OAuthServer($store); $method = new OAuthSignatureMethod_HMAC_SHA1(); $server->add_signature_method($method); $request = OAuthRequest::from_request(); $this->basestring = $request->get_signature_base_string(); try { $server->verify_request($request); $this->valid = true; } catch (Exception $e) { $this->message = $e->getMessage(); return; } // Store the launch information in the session for later $newinfo = array(); foreach ($_POST as $key => $value) { if ($key == "basiclti_submit") { continue; } if (strpos($key, "oauth_") === false) { $newinfo[$key] = $value; continue; } if ($key == "oauth_consumer_key") { $newinfo[$key] = $value; continue; } } $this->info = $newinfo; if ($usesession == true and strlen(session_id()) > 0) { $_SESSION['_basic_lti_context'] = $this->info; unset($_SESSION['_basiclti_lti_row']); unset($_SESSION['_basiclti_lti_context_id']); if ($this->row) { $_SESSION['_basiclti_lti_row'] = $this->row; } if ($this->context_id) { $_SESSION['_basiclti_lti_context_id'] = $this->context_id; } } if ($this->valid && $doredirect) { $this->redirect(); $this->complete = true; } }
function __construct($db, $parm, $usesession = true, $doredirect = true) { // If this request is not an LTI Launch, either // give up or try to retrieve the context from session $this->db = $db; $this->parm = $parm; if (!is_basic_lti_request()) { if ($usesession === false) { return; } if (strlen(session_id()) > 0) { if (isset($_SESSION['_basiclti_lti_row'])) { $row = $_SESSION['_basiclti_lti_row']; } if (isset($row)) { $this->row = $row; } if (isset($_SESSION['_basiclti_lti_context_id'])) { $this->context_id = $_SESSION['_basiclti_lti_context_id']; } if (isset($_SESSION['_basic_lti_context'])) { $info = $_SESSION['_basic_lti_context']; $this->info = $info; $this->valid = true; return; } $this->message = "Could not find context in session"; return; } //$this->message = "Session not available"; return; } // Insure we have a valid launch if (empty($_REQUEST["oauth_consumer_key"])) { $this->message = "Missing oauth_consumer_key in request"; return; } $oauth_consumer_key = $_REQUEST["oauth_consumer_key"]; // Find the secret - either form the parameter as a string or // look it up in a database from parameters we are given $secret = false; $row = false; if (is_string($parm)) { $secret = $parm; } else { if (!is_array($parm)) { $this->message = "Constructor requires a secret or database information."; return; } else { if (isset($parm['db'])) { if ($parm['dbtype'] == 'mysql') { $sql = 'SELECT * FROM ' . $parm['table'] . ' WHERE ' . ($parm['key_column'] ? $parm['key_column'] : 'oauth_consumer_key') . '=' . "'" . mysql_real_escape_string($oauth_consumer_key) . "'"; $result = mysql_query($sql); $num_rows = mysql_num_rows($result); if ($num_rows != 1) { $this->message = "Your consumer is not authorized oauth_consumer_key=" . $oauth_consumer_key; return; } else { while ($row = mysql_fetch_assoc($result)) { $secret = $row[$parms['secret_column'] ? $parms['secret_column'] : 'secret']; $context_id = $row[$parms['context_column'] ? $parms['context_column'] : 'context_id']; if ($context_id) { $this->context_id = $context_id; } $this->row = $row; break; } if (!is_string($secret)) { $this->message = "Could not retrieve secret oauth_consumer_key=" . $oauth_consumer_key; return; } } } elseif ($parm['dbtype'] == 'mysqli') { $db = $parm['db']; if ($db->error) { try { throw new Exception("0MySQL error {$mysqli->error} <br /> Query:<br /> {$query}", $msqli->errno); } catch (Exception $e) { echo "Error No: " . $e->getCode() . " - " . $e->getMessage() . "<br >"; echo nl2br($e->getTraceAsString()); } } $stmt = $db->prepare("SELECT secret,context_id,name FROM lti_keys WHERE oauth_consumer_key = ? AND `deleted` IS NULL"); $stmt->bind_param('s', $oauth_consumer_key); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($rsecret, $rcontext_id, $rname); while ($stmt->fetch()) { $secret = $rsecret; $name = $rname; if (isset($rcontext_id)) { $this->context_id = $rcontext_id; break; } } $stmt->close(); if (!is_string($secret)) { $this->message = 'Could not retrieve secret oauth_consumer_key=' . $oauth_consumer_key; return; } } } } } // Verify the message signature $store = new TrivialOAuthDataStore(); $store->add_consumer($oauth_consumer_key, $secret); $server = new OAuthServer($store); $method = new OAuthSignatureMethod_HMAC_SHA1(); $server->add_signature_method($method); $request = OAuthRequest::from_request(); $this->basestring = $request->get_signature_base_string(); try { $server->verify_request($request); $this->valid = true; } catch (Exception $e) { $this->message = $e->getMessage(); return; } // Store the launch information in the session for later $newinfo = array(); foreach ($_POST as $key => $value) { if ($key == "basiclti_submit") { continue; } if (strpos($key, "oauth_") === false) { $newinfo[$key] = $value; continue; } if ($key == "oauth_consumer_key") { $newinfo[$key] = $value; continue; } } $this->info = $newinfo; if ($usesession == true and strlen(session_id()) > 0) { $_SESSION['_basic_lti_context'] = $this->info; unset($_SESSION['_basiclti_lti_row']); unset($_SESSION['_basiclti_lti_context_id']); if ($this->row) { $_SESSION['_basiclti_lti_row'] = $this->row; } if ($this->context_id) { $_SESSION['_basiclti_lti_context_id'] = $this->context_id; } } if ($this->valid && $doredirect) { $this->redirect(); $this->complete = true; } }
function __construct($parm = false, $usesession = true, $doredirect = true) { // If this request is not an LTI Launch, either // give up or try to retrieve the context from session if (!is_basic_lti_request()) { if ($usesession === false) { return; } if (strlen(session_id()) > 0) { $row = $_SESSION['_basiclti_lti_row']; if (isset($row)) { $this->row = $row; } $context_id = $_SESSION['_basiclti_lti_context_id']; if (isset($context_id)) { $this->context_id = $context_id; } $info = $_SESSION['_basic_lti_context']; if (isset($info)) { $this->info = $info; $this->valid = true; return; } $this->message = "Could not find context in session"; return; } $this->message = "Session not available"; return; } // Insure we have a valid launch if (empty($_REQUEST["oauth_consumer_key"])) { $this->message = "Missing oauth_consumer_key in request"; return; } $oauth_consumer_key = $_REQUEST["oauth_consumer_key"]; // Find the secret - either form the parameter as a string or // look it up in a database from parameters we are given $secret = false; $row = false; if (is_string($parm)) { $secret = $parm; } else { if (!is_array($parm)) { $this->message = "Constructor requires a secret or database information."; return; } } // Verify the message signature $store = new ltiprovider\TrivialOAuthDataStore(); $store->add_consumer($oauth_consumer_key, $secret); $server = new ltiprovider\OAuthServer($store); $method = new ltiprovider\OAuthSignatureMethod_HMAC_SHA1(); $server->add_signature_method($method); $request = ltiprovider\OAuthRequest::from_request(); $this->basestring = $request->get_signature_base_string(); try { $server->verify_request($request); $this->valid = true; } catch (Exception $e) { $this->message = $e->getMessage(); return; } // Store the launch information in the session for later $newinfo = array(); foreach ($_POST as $key => $value) { if ($key == "basiclti_submit") { continue; } if (strpos($key, "oauth_") === false) { $newinfo[$key] = $value; continue; } if ($key == "oauth_consumer_key") { $newinfo[$key] = $value; continue; } } //Added abertranb to decode base 64 20120801 if (isset($newinfo['custom_lti_message_encoded_base64']) && $newinfo['custom_lti_message_encoded_base64'] == 1) { $newinfo = $this->decodeBase64($newinfo); } $this->info = $newinfo; if ($usesession == true and strlen(session_id()) > 0) { $_SESSION['_basic_lti_context'] = $this->info; unset($_SESSION['_basiclti_lti_row']); unset($_SESSION['_basiclti_lti_context_id']); if ($this->row) { $_SESSION['_basiclti_lti_row'] = $this->row; } if ($this->context_id) { $_SESSION['_basiclti_lti_context_id'] = $this->context_id; } } if ($this->valid && $doredirect) { $this->redirect(); $this->complete = true; } }
<?php /** * BLTI * * @file * @ingroup Extensions * @version 0.1 * @author Charles Severance based on for from Antoni Bertran and Jose Diago */ $going2MW = false; // BLTI integration require_once 'IMSBasicLTI/ims-blti/blti.php'; if (!is_basic_lti_request()) { return; } //Let's get the user's data $context = new BLTI("secret", false, false); if ($context->valid) { $agentCourse = $context->getCourseName(); $agentUserName = $context->getUserShortName(); $agentEmail = $context->getUserEmail(); $agentFullName = $context->getUserName(); $going2MW = true; session_start(); $_SESSION['BLTIclassroom'] = $agentCourse; } else { echo 'Error validating: ' . $context->message; } $context = null; if ($going2MW) {