$warnings = array();
$messages = array();
if (!isset($_REQUEST["qtiid"])) {
badrequest("no QTI ID was specified");
}
$item = getitem($_REQUEST["qtiid"]);
if (!$item) {
badrequest("no item with the given QTI ID exists in the database");
}
// if not cloning...
if (!isset($_REQUEST["clone"])) {
// only the owner can edit it
if (!loggedin()) {
badrequest("you're not logged in so can't edit this item");
}
if ($item["user"] != username()) {
badrequest("you're not the owner of this item and so can't edit it");
}
// if the item's already in session memory redirect straight to Eqiat
if (isset($_SESSION["items"]) && array_key_exists($_REQUEST["qtiid"], $_SESSION["items"])) {
redirect(SITEROOT_WEB . "eqiat/#item_" . $_REQUEST["qtiid"]);
}
}
// make a QTIAssessmentItem object from the data we have and put it in session memory
$metadata = array("description" => $item["description"], "keywords" => $item["keywords"]);
$ai = xmltoqtiobject($item["xml"], $errors, $warnings, $messages, $metadata, isset($_REQUEST["clone"]));
if ($ai === false) {
servererror("Errors:\n" . implode("\n", $errors) . "\n\nWarnings:\n" . implode("\n", $warnings) . "\n\nMessages:\n" . implode("\n", $messages));
}
$ai->sessionStore();
redirect(SITEROOT_WEB . "eqiat/#item_" . $ai->getQTIID());
<strong><?php
echo htmlspecialchars(username());
?>
</strong>
</p>
<?php
include "htmlfooter.php";
exit;
}
if (isset($_REQUEST["async"])) {
badrequest("That username and password combination did not match any user in the database");
}
$errors[] = "That username and password combination did not match any user in the database";
} else {
if (isset($_REQUEST["async"])) {
badrequest("username and password not given");
}
}
$title = "Log in";
include "htmlheader.php";
?>
<h2><?php
echo htmlspecialchars($title);
?>
</h2>
<?php
if (isset($_SESSION["nextpage"])) {
?>
<p><strong>You need to be logged in to view the page you requested</strong></p>
<?php
}
</ul>
<?php
include "htmlfooter.php";
exit;
}
redirect(SITEROOT_WEB . "?page=playItem");
case "startover":
// reset the item pointer
$_SESSION["itemqueuepos"] = 0;
redirect(SITEROOT_WEB . "?page=playItem");
default:
badrequest("unrecognized action");
}
}
if (!isset($_SESSION["itemqueue"]) || empty($_SESSION["itemqueue"])) {
badrequest("item queue is empty");
}
// URL to embed in QTIEngine XML
$actionurl = SITEROOT_WEB . "?page=playItem";
// get the current item
$item = getitem($_SESSION["itemqueue"][$_SESSION["itemqueuepos"]]);
// set response to false (to give a message later) if the item doesn't exist
// (it's been deleted)
if (!$item) {
$response = false;
} else {
// if QTIEngine form submitted post onwards to QTIEngine and display its output
if (isset($_POST["submit"])) {
// build request string
$multipart = new HttpRequestBodyMultipart();
$multipart->addpart("actionUrl", $actionurl);
$r = round($avgsize / ((self::WIDTH + self::HEIGHT) / 2) * 100, 1);
}
}
break;
}
$svg = '<svg xmlns="http://www.w3.org/2000/svg" width="' . self::WIDTH . '" height="' . self::HEIGHT . '" viewBox="0 0 1 1" preserveAspectRatio="none"><radialGradient id="vsgg" gradientUnits="userSpaceOnUse" cx="' . $x . '%" cy="' . $y . '%" r="' . $r . '%">' . "\n";
$svg .= $svgstoppoints;
$svg .= '</radialGradient><rect x="-50" y="-50" width="101" height="101" fill="url(#vsgg)" /></svg>';
return $svg;
}
}
function badrequest($message)
{
$protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.0';
header($protocol . ' ' . 400 . ' Bad Request');
echo '<h1>Bad request</h1>';
echo '<p>', $message, '</p>';
exit;
}
$url = parse_url($_SERVER['REQUEST_URI']);
if (basename($url['path']) === "gradient.php") {
try {
$gradient = new GradientGenerator($_SERVER["QUERY_STRING"], true);
// will redirect if cache image is succesfully generated
$gradient->makeGradientImage(true);
//fallback to live generation if cache file is not writable
$gradient->renderGradient();
} catch (Exception $e) {
badrequest($e->getMessage());
}
}
if (isset($_REQUEST["p"])) {
$page = intval($_REQUEST["p"]);
}
if ($page < 1) {
$page = 1;
}
$perpage = 20;
if (isset($_REQUEST["perpage"])) {
$perpage = intval($_REQUEST["perpage"]);
}
if ($perpage < 1) {
$perpage = 1;
}
$numpages = ceil(count($items) / $perpage);
if (!empty($items) && count($items) <= ($page - 1) * $perpage) {
badrequest("Not enough search results for this page to exist");
}
ob_start();
?>
<script type="text/javascript">
$j(document).ready(function() {
$j(".confirmdeleteitem").click(function() {
if (!confirm("Are you sure you want to delete this item?"))
return false;
});
});
</script>
<?php
$headerextra = ob_get_clean();
$title = "Item list";
include "htmlheader.php";
Licensed under the Creative Commons 'Attribution non-commercial share alike'
licence -- see the LICENCE file for more details
------------------------------------------------------------------------------*/
requirelogin();
if (!isset($_REQUEST["qtiid"])) {
redirect("eqiat/");
}
$ai = QTIAssessmentItem::fromQTIID($_REQUEST["qtiid"]);
if (!$ai) {
badrequest("No QTI found in session data for specified QTI ID");
}
if (!$ai->getQTI() || count($ai->getErrors())) {
badrequest("Specified QTI item is unfinished or has errors");
}
if (($exists = itemexists($ai->getQTIID())) && itemowner($ai->getQTIID()) != username()) {
badrequest("The item you are trying to deposit was already uploaded by a different user. You should clone it so it gets a new identifier and then try again.");
}
deposititem($ai);
// remove from session memory to remove from Eqiat view
$ai->sessionRemove();
$title = "Item " . ($exists ? "updated" : "deposited");
include "htmlheader.php";
?>
<h2><?php
echo htmlspecialchars($title);
?>
</h2>
<p>The item "<?php
echo htmlspecialchars($ai->data("title"));
?>
" has been <?php
db()->exec("UPDATE users SET deleted=0 WHERE username='******';");
$message = "User <strong>" . htmlspecialchars($_REQUEST["user"]) . "</strong> has been undeleted";
break;
case "grant":
db()->exec("UPDATE users SET privileges=1 WHERE username='******';");
$message = "User <strong>" . htmlspecialchars($_REQUEST["user"]) . "</strong> is now privileged";
break;
case "revoke":
if (userhasprivileges($_REQUEST["user"]) && privilegedusers() == 1) {
badrequest("can't revoke the privileges of the last remaining privileged user");
}
db()->exec("UPDATE users SET privileges=0 WHERE username='******';");
$message = "User <strong>" . htmlspecialchars($_REQUEST["user"]) . "</strong> is now unprivileged";
break;
default:
badrequest("unrecognized action");
}
}
// get users from database
$result = db()->query("\n\tSELECT\n\t\tusers.username AS username,\n\t\tusers.registered AS registered,\n\t\tusers.privileges AS privileges,\n\t\tusers.deleted AS deleted,\n\t\tCOALESCE(items.cnt, 0) AS itemcount,\n\t\tCOALESCE(ratings.cnt, 0) AS ratingcount,\n\t\tCOALESCE(comments.cnt, 0) AS commentcount\n\tFROM users\n\tLEFT JOIN (SELECT user, COUNT(*) AS cnt FROM items GROUP BY user) AS items ON users.username=items.user\n\tLEFT JOIN (SELECT user, COUNT(*) AS cnt FROM ratings GROUP BY user) AS ratings ON users.username=ratings.user\n\tLEFT JOIN (SELECT user, COUNT(*) AS cnt FROM comments GROUP BY user) AS comments ON users.username=comments.user\n\tORDER BY users.username ASC\n;");
$users = array();
while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
$users[] = $row;
}
ob_start();
?>
<script type="text/javascript">
$j(document).ready(function() {
$j(".confirmrevokeself").click(function() {
if (!confirm("Are you sure you want to revoke your own privileges?"))
return false;
public function postLogic()
{
// form submitted -- try to build QTI
// if posted itemtype is different to the current one, make a new object
if (isset($_POST["itemtype"]) && $_POST["itemtype"] != $this->ai->itemType()) {
$olditem = $this->ai;
$classname = "QTI" . ucfirst($_POST["itemtype"]);
if (!@class_exists($classname) || !is_subclass_of($classname, "QTIAssessmentItem")) {
badrequest("Item type doesn't exist or not implemented");
}
$this->ai = new $classname();
// keep the old identifier
$olditem->sessionRemove();
$this->ai->setQTIID($olditem->getQTIID());
$this->ai->sessionStore();
unset($olditem);
}
if ($this->ai->getQTI($_POST) === false) {
// problem of some kind, show the form again with any messages
$this->ai->showForm($_POST);
exit;
}
// new QTI is fine
// collect any warnings and messages
$thingstosay = array();
$tmp = $this->ai->getWarnings();
if (!empty($tmp)) {
$thingstosay[] = "warnings";
}
$tmp = $this->ai->getMessages();
if (!empty($tmp)) {
$thingstosay[] = "messages";
}
$title = "Item \"" . htmlspecialchars($this->ai->data("title")) . "\" complete";
// set up the action JS
$GLOBALS["headerjs"] = item_action_js();
// output the success message
include "htmlheader.php";
?>
<h2><?php
echo $title;
?>
</h2>
<p>The item has been successfully validated<?php
if (!empty($thingstosay)) {
?>
with the following <?php
echo implode(" and ", $thingstosay);
?>
:<?php
}
?>
</p>
<?php
$this->ai->showmessages();
// show preview and download links
?>
<h3>QTIEngine preview</h3>
<?php
$action = new PreviewAssessmentItemAction();
?>
<?php
if (usingIE()) {
//iframe isn't available in HTML 4 Strict but IE (tested on 8) doesn't like object elements used for embedded HTML
?>
<iframe width="100%" height="400" src="<?php
echo $action->actionURL($this->ai);
?>
"></iframe>
<?php
} else {
?>
<object class="embeddedhtml" width="100%" height="400" type="text/html" data="<?php
echo $action->actionURL($this->ai);
?>
"></object>
<?php
}
?>
<h3>Actions</h3>
<ul>
<li><a href="<?php
echo SITEROOT_WEB;
?>
">Go back to the main menu and item list</a></li>
<?php
$types = item_actions();
$actions = array();
foreach ($types as $type) {
if ($type->available($this->ai)) {
$actions[] = $type;
}
}
foreach ($actions as $action) {
?>
<li><a class="itemaction_<?php
echo $action->actionString();
?>
" href="<?php
echo $action->actionURL($this->ai->getQTIID());
?>
" title="<?php
echo htmlspecialchars($action->description());
?>
"><?php
echo htmlspecialchars(ucfirst($action->name()));
?>
</a></li>
<?php
}
?>
</ul>
<?php
include "htmlfooter.php";
}
* Question Bank
*/
/*------------------------------------------------------------------------------
(c) 2010 JISC-funded EASiHE project, University of Southampton
Licensed under the Creative Commons 'Attribution non-commercial share alike'
licence -- see the LICENCE file for more details
------------------------------------------------------------------------------*/
if (!loggedin()) {
forbidden();
}
if (!isset($_REQUEST["qtiid"])) {
badrequest("no QTI ID was specified");
}
$item = getitem($_REQUEST["qtiid"]);
if (!$item) {
badrequest("no item with the given QTI ID exists in the database");
}
if ($item["user"] != username() && !userhasprivileges()) {
forbidden();
}
// start transaction
db()->exec("BEGIN TRANSACTION;");
// delete ratings
db()->exec("DELETE FROM ratings WHERE item='" . db()->escapeString($item["identifier"]) . "';");
// delete comments
db()->exec("DELETE FROM comments WHERE item='" . db()->escapeString($item["identifier"]) . "';");
// delete keywords
db()->exec("DELETE FROM keywords WHERE item='" . db()->escapeString($item["identifier"]) . "';");
// delete item
db()->exec("DELETE FROM items WHERE identifier='" . db()->escapeString($item["identifier"]) . "';");
// commit changes
*/
/*------------------------------------------------------------------------------
(c) 2010 JISC-funded EASiHE project, University of Southampton
Licensed under the Creative Commons 'Attribution non-commercial share alike'
licence -- see the LICENCE file for more details
------------------------------------------------------------------------------*/
if (!isset($_REQUEST["action"]) || empty($_REQUEST["action"])) {
badrequest("no action specified");
}
$classname = ucfirst($_REQUEST["action"]) . "Action";
if (!@class_exists($classname) || !is_subclass_of($classname, "ItemAction")) {
badrequest("Item action doesn't exist or not implemented");
}
$action = new $classname();
if (!isset($_REQUEST["qtiid"])) {
badrequest("No QTI ID specified");
}
if (!QTIAssessmentItem::fromQTIID($_REQUEST["qtiid"])) {
badrequest("No QTI found in session data for specified QTI ID");
}
if (!$action->available(QTIAssessmentItem::fromQTIID($_REQUEST["qtiid"]))) {
badrequest(ucfirst($action->name()) . " action is not currently available for the specified QTI item");
}
$GLOBALS["title"] = $action->description();
$action->beforeLogic();
if (isset($_POST) && !empty($_POST)) {
$action->postLogic();
} else {
$action->getLogic();
}
$action->afterLogic();
/** postLogic
* This can be overridden to perform any action to take when a post request
* is receieved -- that is, $_POST is not empty
*/
public function postLogic()
{
badrequest("no post logic implemented for action " . $this->actionString());
}
