function __construct($parm = false, $usesession = true, $doredirect = true) { // If this request is not an LTI Launch, either // give up or try to retrieve the context from session if (!is_basic_lti_request()) { if ($usesession === false) { return; } if (strlen(session_id()) > 0) { $row = $_SESSION['_basiclti_lti_row']; if (isset($row)) { $this->row = $row; } $context_id = $_SESSION['_basiclti_lti_context_id']; if (isset($context_id)) { $this->context_id = $context_id; } $info = $_SESSION['_basic_lti_context']; if (isset($info)) { $this->info = $info; $this->valid = true; return; } $this->message = "Could not find context in session"; return; } $this->message = "Session not available"; return; } // Insure we have a valid launch if (empty($_REQUEST["oauth_consumer_key"])) { $this->message = "Missing oauth_consumer_key in request"; return; } $oauth_consumer_key = $_REQUEST["oauth_consumer_key"]; // Find the secret - either form the parameter as a string or // look it up in a database from parameters we are given $secret = false; $row = false; if (is_string($parm)) { $secret = $parm; } else { if (!is_array($parm)) { $this->message = "Constructor requires a secret or database information."; return; } } // Verify the message signature $store = new ltiprovider\TrivialOAuthDataStore(); $store->add_consumer($oauth_consumer_key, $secret); $server = new ltiprovider\OAuthServer($store); $method = new ltiprovider\OAuthSignatureMethod_HMAC_SHA1(); $server->add_signature_method($method); $request = ltiprovider\OAuthRequest::from_request(); $this->basestring = $request->get_signature_base_string(); try { $server->verify_request($request); $this->valid = true; } catch (Exception $e) { $this->message = $e->getMessage(); return; } // Store the launch information in the session for later $newinfo = array(); foreach ($_POST as $key => $value) { if ($key == "basiclti_submit") { continue; } if (strpos($key, "oauth_") === false) { $newinfo[$key] = $value; continue; } if ($key == "oauth_consumer_key") { $newinfo[$key] = $value; continue; } } //Added abertranb to decode base 64 20120801 if (isset($newinfo['custom_lti_message_encoded_base64']) && $newinfo['custom_lti_message_encoded_base64'] == 1) { $newinfo = $this->decodeBase64($newinfo); } $this->info = $newinfo; if ($usesession == true and strlen(session_id()) > 0) { $_SESSION['_basic_lti_context'] = $this->info; unset($_SESSION['_basiclti_lti_row']); unset($_SESSION['_basiclti_lti_context_id']); if ($this->row) { $_SESSION['_basiclti_lti_row'] = $this->row; } if ($this->context_id) { $_SESSION['_basiclti_lti_context_id'] = $this->context_id; } } if ($this->valid && $doredirect) { $this->redirect(); $this->complete = true; } }
function signOnly($oldparms, $endpoint, $method, $oauth_consumer_key, $oauth_consumer_secret) { global $last_base_string; $parms = $oldparms; $test_token = ''; $hmac_method = new ltiprovider\OAuthSignatureMethod_HMAC_SHA1(); $test_consumer = new ltiprovider\OAuthConsumer($oauth_consumer_key, $oauth_consumer_secret, NULL); $acc_req = ltiprovider\OAuthRequest::from_consumer_and_token($test_consumer, $test_token, $method, $endpoint, $parms); $acc_req->sign_request($hmac_method, $test_consumer, $test_token); // Pass this back up "out of band" for debugging $last_base_string = $acc_req->get_signature_base_string(); $newparms = $acc_req->get_parameters(); return $newparms; }