$secret = $keydata['secret'];
}
}
if ($secret === false) {
$sql = 'SELECT * FROM LTI_Keys';
$q = $db->query($sql);
if ($q) {
$keydata = $q->fetch();
if ($keydata) {
die('oauth_consumer_key not found');
}
}
$secret = "secret";
$consumer_id = $CFG->defaultkeyid;
}
$context = new LTI($secret, true, false);
$sessid = session_id();
$_SESSION['_context_consumer_key'] = $oauth_consumer_key;
$_SESSION['_context_consumer_id'] = $consumer_id;
if (!$context->valid) {
echo "<p>This tool must be launched using IMS LTI from a Learning Management System.";
if ($SALT == 'secret') {
echo " All secrets are 'secret'.</p>\n";
} else {
echo " Send your desired key to the site owner to get your secret.\n";
}
return;
}
//echo("<pre>\n");echo($context->dump()."\n");print_r($_SESSION);echo("</pre>");
//print "Redirecting....\n"; flush();
$context->redirect('mod/response/index.php');
require_once "../LTI.php";
// LTI class; contains the main logic for the tool.
// Create the OAuth data store holding consumer secrets. All secrets defined in the configuration are added to the data store.
$secrets = new ConsumerSecrets();
foreach (Config::get("consumerSecrets") as $key => $value) {
$secrets->set_consumer($key, $value);
}
// Create an instance of the LTI class, using the POST (or GET) parameters of the request as launch parameters.
$launchParams = $_REQUEST;
if (!Config::get("allowUrlOverrides") || empty($launchParams["ext_qualtrics_url"])) {
$launchParams["ext_qualtrics_url"] = Config::get("ext_qualtrics_url");
}
if (!Config::get("allowIdOverrides") || empty($launchParams["ext_survey_id"])) {
$launchParams["ext_survey_id"] = Config::get("ext_survey_id");
}
$lti = new LTI($launchParams, $secrets);
// 1. Validate the launch request.
if ($lti->isValidLaunchRequest()) {
// 2. Identify the user.
if (!$lti->isAuthenticated()) {
// The request didn't pass OAuth authentication.
// Set the HTTP response to 402 (Unauthorized) and stop script execution.
// It's the Tool Consumer's responsibility to handle the response code.
http_response_code(402);
exit("Launch request could not be authorized.");
}
// 3. Register a session to perform the grading callback if allowed and supported.
if (Config::get("provideGrading")) {
$lti->tryRegisterCallbackSession();
}
// 4. Launch the learning tool.
/**
* Implement consumerHandler for OAuthProvider.
*
* @see http://us3.php.net/manual/en/oauthprovider.consumerhandler.php
*/
public function consumerHandler()
{
// Lookup consumer key.
if (!empty($_POST['oauth_consumer_key'])) {
$args = array('post_type' => 'lti_consumer', 'meta_key' => LTI_META_KEY_NAME, 'meta_value' => $_POST['oauth_consumer_key']);
$q = new WP_Query($args);
if ($q->have_posts()) {
if ($q->posts[0] == 'trash') {
// Corresponding lti_consumer post was deleted.
return OAUTH_CONSUMER_KEY_REFUSED;
} else {
$secret = get_post_meta($q->posts[0]->ID, LTI_META_SECRET_NAME, TRUE);
if (!empty($secret)) {
$this->oauthProvider->consumer_secret = $secret;
return OAUTH_OK;
} else {
// This should have resulted in valid secret.
LTI::log("Failed to find proper secret for lti consumer ID: " . $q->posts[0]->ID);
return OAUTH_CONSUMER_KEY_UNKOWN;
}
}
} else {
// We did not find a matching consumer key.
return OAUTH_CONSUMER_KEY_UNKNOWN;
}
} else {
// No consumer key present in POST data.
return OAUTH_CONSUMER_KEY_UNKNOWN;
}
// Not sure how we would get here, but refust the key in the event
LTI::log("Reached bad branch in consumerHandler: Post data follows:\n" . var_export($_POST, 1));
return OAUTH_CONSUMER_KEY_REFUSED;
}
