// Use both from (webtest) below or both from (Production) above. // DEVL environment URL $cspAuthURL = 'https://webtest.csp.att.com/empsvcs/hrpinmgt/pagLogin/?retURL=' . $encReturnURL . '&sysName=SI_DMOQ'; $cspAuthURL = 'https://www.e-access.att.com/empsvcs/hrpinmgt/pagLogin/?retURL=' . $encReturnURL . '&sysName=SI_DMOQ'; $tooWeakURL = 'https://webtest.csp.att.com/empsvcs/hr/pagMenu_chgpin/?opt=12'; $tooWeakURL = 'https://www.e-access.att.com/empsvcs/hr/pagMenu_chgpin/?opt=12'; if (!isset($_COOKIE['attESSec'])) { header('HTTP/1.0 302 Redirect'); header("Location: " . $cspAuthURL); header("Connection: close"); exit; } $attESSecRaw = $_COOKIE['attESSec']; $attESSecRaw = $attESSecRaw . "\r\n"; //Add the carriage return and newline that PHP needs to make this work. $decryptedSecCookie = decryptCookie($attESSecRaw); // Defined below $d = getdate(); if ($decryptedSecCookie == "") { echo 'attESSec Cookie decrypted to an empty string, is environment type and system name set right in this code?'; // In the production version of your code the following line should be used. It is commented out here // because it makes for easier debugging. This next line catches cookies that have expired. header('HTTP/1.0 302 Redirect'); header("Location: " . $cspAuthURL); header("Connection: close"); exit; } else { $secCookieParts = explode("|", $decryptedSecCookie); //print "<PRE>secCookieparts<br>"; //print_r($secCookieParts); //print "</PRE>";
function isInstructor() { if (isset($_COOKIE['roles'])) { if (substr_count(strtolower(decryptCookie($_COOKIE['roles'])), "instructor") > 0) { return true; } } return false; }
<?php include_once 'app/app.php'; $customparams = loadCustomParams($c, decryptCookie($_COOKIE['oauth_consumer_key'])); $variables = array('c' => $c, 'customparams' => $customparams); ebsco_render('basic_search.html', 'layout.html', $variables);
function validate_session() { $user = new stdClass(); //check if user has any stored cookie and check for its version if yes //logout user if stored cookie is outdated if (isset($_COOKIE['elegance_cut_user'])) { $arrayCookieVariables = getCookieVariables(decryptCookie($_COOKIE['elegance_cut_user'])); if (count($arrayCookieVariables) == env('COOKIE_LENGTH') && $arrayCookieVariables[3] == env('APP_ID')) { //do nothing } else { logout(); $user->is_logged_in = false; return $user; } } else { logout(); $user->is_logged_in = false; return $user; } //check if all the session variable are in place if (isset($_SESSION['elegance_cut_user']) && isset($_SESSION['elegance_cut_user']['obj'])) { if ($_SESSION['elegance_cut_user']['session_expire'] > time()) { $user = $_SESSION['elegance_cut_user']['obj']; $user->is_logged_in = true; return $user; } else { if (isset($_COOKIE['elegance_cut_user'])) { $arrayCookieVariables = getCookieVariables(decryptCookie($_COOKIE['elegance_cut_user'])); if (in_array('remember', $arrayCookieVariables)) { //restore session expire $_SESSION['elegance_cut_user']['session_expire'] = time() + 86400; $user = $_SESSION['elegance_cut_user']['obj']; $user->is_logged_in = true; return $user; } else { $_SESSION['elegance_cut_user']['session_expire'] = time() + 3600; $user = $_SESSION['elegance_cut_user']['obj']; $user->is_logged_in = true; return $user; } } else { logout(); $user->is_logged_in = false; return $user; } } } else { if (isset($_COOKIE['elegance_cut_user'])) { $arrayCookieVariables = getCookieVariables(decryptCookie($_COOKIE['elegance_cut_user'])); //get user data $objUser = App\UserMaster::where('user_id', $arrayCookieVariables[1])->where('status', 1)->first(); if (null == $objUser) { logout(); $user->is_logged_in = false; return $user; } if (in_array('remember', $arrayCookieVariables)) { //restore session expire $_SESSION['elegance_cut_user']['obj'] = $objUser; $_SESSION['elegance_cut_user']['session_expire'] = time() + 86400; // 1 day $user = $_SESSION['elegance_cut_user']['obj']; $user->is_logged_in = true; return $user; } else { //restore session expire $_SESSION['elegance_cut_user']['obj'] = $objUser; $_SESSION['elegance_cut_user']['session_expire'] = time() + 3600; // 1 hour $user = $_SESSION['elegance_cut_user']['obj']; $user->is_logged_in = true; return $user; } } else { logout(); $user->is_logged_in = false; return $user; } } }
$clean = strip_tags_deep($_GET); if (isInstructor()) { ?> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function(){ $("#chkAll").click(function(){ $(".readingchoice").prop("checked",$("#chkAll").prop("checked")) }) }); </script> <div class="readingListLink"> <?php $currlistid = decryptCookie($_COOKIE['currentListId']); $currauthid = decryptCookie($_COOKIE['currentAuthorId']); $sql = $c->prepare("SELECT id, course, linklabel, private FROM lists WHERE id IN (SELECT listid FROM authorlists WHERE authorid = ?) AND id != ? AND credentialconsumerid = ?;"); $credconsumerID = getCredentialConsumerID(); $sql->bind_param('iii', $currauthid, $currlistid, $credconsumerID); $sql->execute(); $sql->store_result(); $sql->bind_result($mylists_id, $mylists_course, $mylists_linklabel, $mylists_private); if ($sql->num_rows > 0) { echo '<form id="mylist" action="copy_list.php" method="get">Your Lists: <select id="mylists" name="listid">'; while ($sql->fetch()) { if (strlen($mylists_linklabel) <= 0) { $mylists_linklabel = 'Untitled List'; } if (strlen($mylists_linklabel) >= 100) { $mylists_linklabel = substr($mylists_linklabel, 0, 99) . "..."; }
foreach ($readingsToAdd as $readingId) { $sql .= mysqli_real_escape_string($c, $readingId) . ","; } $sql = substr($sql, 0, strlen($sql) - 1); $sql .= ");"; $results1 = mysqli_query($c, $sql); while ($row = mysqli_fetch_array($results1)) { $sql = "SELECT id FROM readings WHERE listid = " . mysqli_real_escape_string($c, decryptCookie($_COOKIE['currentListId'])) . " AND url = \"" . $row['url'] . "\" AND an = \"" . $row['an'] . "\" AND db = \"" . $row['db'] . "\";"; $matches = mysqli_query($c, $sql); if (mysqli_num_rows($matches) <= 0) { if ($notes && $order) { $sql = 'INSERT INTO readings (listid, authorid, an, db, url, title, instruct, type, priority, notes) VALUES (' . mysqli_real_escape_string($c, decryptCookie($_COOKIE['currentListId'])) . ',' . mysqli_real_escape_string($c, decryptCookie($_COOKIE['currentAuthorId'])) . ',"' . $row['an'] . '","' . $row['db'] . '","' . $row['url'] . '","' . htmlentities($row['title']) . '","' . htmlentities($row['instruct']) . '",' . $row['type'] . ',' . $row['priority'] . ',"' . htmlentities($row['notes']) . '");'; } else { if ($notes && !$order) { $sql = 'INSERT INTO readings (listid, authorid, an, db, url, title, instruct, type, priority, notes) VALUES (' . mysqli_real_escape_string($c, decryptCookie($_COOKIE['currentListId'])) . ',' . mysqli_real_escape_string($c, decryptCookie($_COOKIE['currentAuthorId'])) . ',"' . $row['an'] . '","' . $row['db'] . '","' . $row['url'] . '","' . htmlentities($row['title']) . '","' . htmlentities($row['instruct']) . '",' . $row['type'] . ',1,"' . htmlentities($row['notes']) . '");'; } else { if ($order && !$notes) { $sql = 'INSERT INTO readings (listid, authorid, an, db, url, title, instruct, type, priority, notes) VALUES (' . mysqli_real_escape_string($c, decryptCookie($_COOKIE['currentListId'])) . ',' . mysqli_real_escape_string($c, decryptCookie($_COOKIE['currentAuthorId'])) . ',"' . $row['an'] . '","' . $row['db'] . '","' . $row['url'] . '","' . htmlentities($row['title']) . '","' . htmlentities($row['instruct']) . '",' . $row['type'] . ',' . $row['priority'] . ',"");'; } else { $sql = 'INSERT INTO readings (listid, authorid, an, db, url, title, instruct, type, priority, notes) VALUES (' . mysqli_real_escape_string($c, decryptCookie($_COOKIE['currentListId'])) . ',' . mysqli_real_escape_string($c, decryptCookie($_COOKIE['currentAuthorId'])) . ',"' . $row['an'] . '","' . $row['db'] . '","' . $row['url'] . '","' . htmlentities($row['title']) . '","' . htmlentities($row['instruct']) . '",' . $row['type'] . ',1,"");'; } } } mysqli_query($c, $sql); } } } ?> <h2>Processing...</h2> <meta http-equiv="refresh" content="0;url=reading_list.php" />
" class="folder" style="font-size: 11px; display: <?php if (itemInFolder($folderitemsarray, $result['An'], $result['DbId'])) { echo "inline"; } else { echo "none"; } ?> ;"> <button class="removeFolder" id="removebutton<?php echo $result['ResultId']; ?> " onclick="addToFolder(xmlhttp,<?php echo decryptCookie($_COOKIE['currentListId']); ?> ,<?php echo decryptCookie($_COOKIE['currentAuthorId']); ?> ,'<?php echo $result['An']; ?> ', '<?php echo $result['DbId']; ?> ','none','none','<?php echo urlencode($Ti['TitleFull']); ?> ',2,<?php echo $result['ResultId']; ?> ,1,1)">Remove from Reading List</button>
<?php session_start(); include "app/app.php"; $clean = strip_tags_deep($_POST); if (isset($clean['reading_id'])) { $reading_id = (int) $clean['reading_id']; recordStudentReading($c, decryptCookie($_COOKIE['lis_person_name_full']), decryptCookie($_COOKIE['lis_person_contact_email_primary']), $reading_id); }
//populate the array $courses[$consumerid][] = $course; } $numCourses += $sql->num_rows; unset($course); if ($c->more_results()) { $c->next_result(); } } echo $numCourses; ?> </p> <p><strong>Courses</strong>:<span style="font-size:smaller;"> <?php foreach ($consumerids['logged_in_consumerid'] as $consumerid) { $querystring = 'SELECT id FROM credentialconsumers WHERE credentialid = ' . decryptCookie($_COOKIE['logged_in_cust_id']) . ' AND consumerid = "' . $consumerid . '";'; $credconsumresults = mysqli_query($c, $querystring); $credconsumrow = mysqli_fetch_array($credconsumresults); $credconsumer = $credconsumrow['id']; foreach ($courses[$consumerid] as $course) { echo "<br />" . $course; $sql = $c->prepare("SELECT id FROM lists WHERE course = ? AND credentialconsumerid = ?;"); $sql->bind_param('si', $course, $credconsumer); $sql->execute(); $sql->store_result(); $numListsInCourse = $sql->num_rows; echo " <em>(" . $numListsInCourse . " list"; if ($numListsInCourse != 1) { echo "s"; } echo ")</em>";
<?php include_once 'app/app.php'; $customparams = loadCustomParams($c, decryptCookie($_COOKIE['oauth_consumer_key'])); include 'rest/EBSCOAPI.php'; if ($customparams['studentdata'] == "y" && !isInstructor()) { $email = isset($_COOKIE['lis_person_contact_email_primary']) ? decryptCookie($_COOKIE['lis_person_contact_email_primary']) : ''; recordStudentAccess($c, decryptCookie($_COOKIE['lis_person_name_full']), $email, decryptCookie($_COOKIE['currentListId'])); } $readingList = getReadingList($c); $useCache = false; if (sizeof($readingList) >= 75) { $results = array(); $useCache = true; } else { $api = new EBSCOAPI($c, $customparams); $listOfANs = array(); foreach ($readingList as $reading) { $listOfANs[] = "AN " . $reading['an']; } if (sizeof($listOfANs) > 0) { $query['query'] = implode(" OR ", $listOfANs); $searchTerm = $query; $fieldCode = ''; $start = 1; $limit = 100; $sortBy = 'relevance'; $amount = 'detailed'; $mode = 'all'; $expander = ''; $limiter = '';
$ANs[] = $ANsPrep[$i]; } //There should always be an equal number of elements in these array. This will ensure that is the case $titlecount = count($titles); $ANcount = count($ANs); $DBcount = count($DBs); if ($titlecount != $ANcount || $titlecount != $DBcount || $ANcount != $DBcount || $titlecount == 0) { ?> <div class="readingListLink"> <h3><?php echo "Oops! An error occurred. The data for one or more records is incomplete. Please try again, being sure to include the entire record for each reading."; ?> </h3></div><?php } else { for ($i = 0; $i < $titlecount; $i++) { $sql = $c->prepare("INSERT INTO readings (listid, authorid, an, db, title, priority, url, type) VALUES (?,?,?,?,?,1,'none',1);"); $sql->bind_param('iisss', decryptCookie($_COOKIE['currentListId']), decryptCookie($_COOKIE['currentAuthorId']), $ANs[$i], $DBs[$i], $titles[$i]); $sql->execute(); } if ($titlecount == 1) { setcookie('import_folder_message', encryptCookie("1 reading added"), $time, '/'); } else { setcookie('import_folder_message', encryptCookie("{$titlecount} readings added"), $time, '/'); } header("Location:reading_list.php"); } //Add statement saying how many items added to reading list. } ?> <div class="readingListLink"><h2> Enter bibliographic info from the list into this box:</h2> <form action="import_folder.php" id="EBSCOFolderForm" method="post"> <textarea name="BiblioInfo" form="EBSCOFolderForm" rows="6" cols="50"></textarea></br>
$count = 0; while ($sql->fetch()) { $count++; $consumeridsArray['logged_in_consumerid'][$count] = $result; } if (!isset($consumeridsArray)) { $consumeridsArray = array(); } setcookie('consumeridsArray', encryptCookie($consumeridsArray), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE); if ($c->more_results()) { $c->next_result(); } $customparams = loadCustomParams($c, $key); $variables['consumeridsArray'] = $consumeridsArray; $variables['customparams'] = $customparams; ebsco_render('admin.html', 'layout.html', $variables); } else { if (isset($_COOKIE['forward_to_admin']) && decryptCookie($_COOKIE['forward_to_admin']) == "n") { if (isset($_POST['admin_key'])) { $clean = strip_tags_deep($_POST); setcookie('admin_key', encryptCookie($clean['admin_key']), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE); setcookie('admin_secret', encryptCookie($clean['admin_secret']), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE); $variables['admin_key'] = $clean['admin_key']; $variables['admin_secret'] = $clean['admin_secret']; } ebsco_render('sign_on.html', 'layout.html', $variables); } else { ebsco_render('sign_on.html', 'layout.html', $variables); } } }
/** * Get session token for a profile * If session token is not available * a new session token will be generated * * @param Authentication token, Profile * @access public */ public function getSessionToken($authenToken, $invalid = 'n') { $token = ''; // Check user's login status if (isset($_COOKIE['login'])) { if ($invalid == 'y') { $profile = self::$cust_profile; $_SESSION['debug'] .= "--GetSession with INVALID is YES--"; $sessionToken = $this->apiSessionToken($authenToken, $profile, 'n'); $_SESSION['debug'] .= "---apiSessionToken got " . var_export($sessionToken, TRUE) . "---"; $time = 0; // store for session only //store cookie for one hour setcookie('sessionToken', encryptCookie($sessionToken), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE); $_SESSION['sessionToken'] = $sessionToken; } else { if (isset($_SESSION['sessionToken'])) { $sessionToken = $_SESSION['sessionToken']; $_SESSION['debug'] .= "---Using EXISTING session token from SESSION var: " . var_export($sessionToken, TRUE) . "---"; } else { $sessionToken = decryptCookie($_COOKIE['sessionToken']); $_SESSION['debug'] .= "---Using EXISTING session token from Cookie var: " . var_export($sessionToken, TRUE) . "---"; } } $token = $sessionToken['sessionToken']; } else { die("The reading list tool requires the use of cookies. Please insure you allow cookies from this site."); } return $token; }
die("It looks like your user id and password for your EDS API profile are incorrect. Please check your settings in the <a href='http://curriculumbuilder.ebscohost.com/admin.php' target='_top'>admin panel</a>.<p style='display:none;'>" . var_export($customparams, TRUE) . "</p>"); } try { $_SESSION['debug'] .= "<p>Using AuthToken " . $api->getAuthToken() . "</p>"; $newSessionToken = $api->apiSessionToken($api->getAuthToken(), $profile, 'n'); } catch (Exception $e) { echo "<div style='display:none;'>" . $_SESSION['debug'] . "</div>"; die("It looks like your profile id for your EDS API profile is incorrect. Please check your settings in the <a href='http://curriculumbuilder.ebscohost.com/admin.php' target='_top'>admin panel</a>.<p style='display:none;'>" . var_export($customparams, TRUE) . "</p><p style='display:none;'>" . $e->getMessage() . "</p>"); } setcookie('sessionToken', encryptCookie($newSessionToken), $time, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE); setcookie('login', encryptCookie($profile), 0, "/", $_SERVER['SERVER_NAME'], FALSE, TRUE); if (isset($_COOKIE['Guest'])) { setcookie('Guest', '', time() - 3600); } if (isset($clean['path'])) { $path = $clean['path']; } else { $path = "default"; } if (isset($clean['copyid'])) { if ($clean['copyid'] == '0') { } else { copyList($c, $clean['copyid'], decryptCookie($_COOKIE['currentListId'])); $path = "reading_list"; } } if ($path == "reading_list") { header("location: {$path}.php"); } else { header("location: index.php"); }
<?php include 'app/app.php'; if (!isset($_COOKIE['currentListId'])) { echo "<div class='readingListLink'>Please open a reading list via your course website before using this feature.</div>"; die; } $customparams = loadCustomParams($c, decryptCookie($_COOKIE['oauth_consumer_key'])); include 'rest/EBSCOAPI.php'; $api = new EBSCOAPI($c, $customparams); $clean = strip_tags_deep($_REQUEST); if (!isset($clean['db']) || !isset($clean['db'])) { echo "<div class='readingListLink'>Error: couldn't add this to the reading list.</div>"; die; } else { $db = $clean['db']; $an = $clean['an']; } $highlight = ""; $result = $api->apiRetrieve($an, $db, $highlight); if (isset($result['error'])) { $error = $result['error']; echo "<div class='readingListLink'>Error: " . $result['error'] . "</div>"; die; } else { $error = null; } $variables = array('result' => $result, 'error' => $error, 'id' => 'record', 'c' => $c, 'customparams' => $customparams, 'an' => $an, 'db' => $db, 'currentListId' => decryptCookie($_COOKIE['currentListId'])); ebsco_render('add_to_list.html', 'layout.html', $variables);
?> </span> <?php if (isset($_COOKIE['logged_in_cust_id']) && !isset($_REQUEST['logout'])) { echo "<br /><a href=\"admin2.php?logout=YES\" title=\"Staff Login\">Log Out</a>"; } ?> </div> <div class="content"> <?php if (isInstructor() || isset($_COOKIE['launch_presentation_return_url']) && isset($customparams) && $customparams['courselink'] == 'y') { ?> <div class="readingListLink" id="currentList"><?php if (isset($_COOKIE['launch_presentation_return_url']) && isset($customparams) && $customparams['courselink'] == 'y') { echo '<a target="_top" href="' . htmlspecialchars_decode(decryptCookie($_COOKIE['launch_presentation_return_url'])) . '">Return to Course</a>'; } if (isset($_COOKIE['launch_presentation_return_url']) && isInstructor() && isset($customparams) && $customparams['courselink'] == 'y') { echo ' | '; } if (isInstructor()) { echo '<a href="reading_list.php">See Current Reading List</a>'; } ?> </div> <?php } ?> <?php echo $content;