/** * If the request seems valid, update the flag state of a question attempt. * Throws exceptions if this is not a valid update request. * @param int $qubaid the question usage id. * @param int $questionid the question id. * @param int $sessionid the question_attempt id. * @param string $checksum checksum, as computed by {@link get_toggle_checksum()} * corresponding to the last three arguments. * @param bool $newstate the new state of the flag. true = flagged. */ public static function update_flag($qubaid, $questionid, $qaid, $slot, $checksum, $newstate) { // Check the checksum - it is very hard to know who a question session belongs // to, so we require that checksum parameter is matches an md5 hash of the // three ids and the users username. Since we are only updating a flag, that // probably makes it sufficiently difficult for malicious users to toggle // other users flags. if ($checksum != self::get_toggle_checksum($qubaid, $questionid, $qaid, $slot)) { throw new moodle_exception('errorsavingflags', 'question'); } $dm = new question_engine_data_mapper(); $dm->update_question_attempt_flag($qubaid, $questionid, $qaid, $slot, $newstate); }