$secret = $keydata['secret']; } } if ($secret === false) { $sql = 'SELECT * FROM LTI_Keys'; $q = $db->query($sql); if ($q) { $keydata = $q->fetch(); if ($keydata) { die('oauth_consumer_key not found'); } } $secret = "secret"; $consumer_id = $CFG->defaultkeyid; } $context = new LTI($secret, true, false); $sessid = session_id(); $_SESSION['_context_consumer_key'] = $oauth_consumer_key; $_SESSION['_context_consumer_id'] = $consumer_id; if (!$context->valid) { echo "<p>This tool must be launched using IMS LTI from a Learning Management System."; if ($SALT == 'secret') { echo " All secrets are 'secret'.</p>\n"; } else { echo " Send your desired key to the site owner to get your secret.\n"; } return; } //echo("<pre>\n");echo($context->dump()."\n");print_r($_SESSION);echo("</pre>"); //print "Redirecting....\n"; flush(); $context->redirect('mod/response/index.php');
require_once "../LTI.php"; // LTI class; contains the main logic for the tool. // Create the OAuth data store holding consumer secrets. All secrets defined in the configuration are added to the data store. $secrets = new ConsumerSecrets(); foreach (Config::get("consumerSecrets") as $key => $value) { $secrets->set_consumer($key, $value); } // Create an instance of the LTI class, using the POST (or GET) parameters of the request as launch parameters. $launchParams = $_REQUEST; if (!Config::get("allowUrlOverrides") || empty($launchParams["ext_qualtrics_url"])) { $launchParams["ext_qualtrics_url"] = Config::get("ext_qualtrics_url"); } if (!Config::get("allowIdOverrides") || empty($launchParams["ext_survey_id"])) { $launchParams["ext_survey_id"] = Config::get("ext_survey_id"); } $lti = new LTI($launchParams, $secrets); // 1. Validate the launch request. if ($lti->isValidLaunchRequest()) { // 2. Identify the user. if (!$lti->isAuthenticated()) { // The request didn't pass OAuth authentication. // Set the HTTP response to 402 (Unauthorized) and stop script execution. // It's the Tool Consumer's responsibility to handle the response code. http_response_code(402); exit("Launch request could not be authorized."); } // 3. Register a session to perform the grading callback if allowed and supported. if (Config::get("provideGrading")) { $lti->tryRegisterCallbackSession(); } // 4. Launch the learning tool.
/** * Implement consumerHandler for OAuthProvider. * * @see http://us3.php.net/manual/en/oauthprovider.consumerhandler.php */ public function consumerHandler() { // Lookup consumer key. if (!empty($_POST['oauth_consumer_key'])) { $args = array('post_type' => 'lti_consumer', 'meta_key' => LTI_META_KEY_NAME, 'meta_value' => $_POST['oauth_consumer_key']); $q = new WP_Query($args); if ($q->have_posts()) { if ($q->posts[0] == 'trash') { // Corresponding lti_consumer post was deleted. return OAUTH_CONSUMER_KEY_REFUSED; } else { $secret = get_post_meta($q->posts[0]->ID, LTI_META_SECRET_NAME, TRUE); if (!empty($secret)) { $this->oauthProvider->consumer_secret = $secret; return OAUTH_OK; } else { // This should have resulted in valid secret. LTI::log("Failed to find proper secret for lti consumer ID: " . $q->posts[0]->ID); return OAUTH_CONSUMER_KEY_UNKOWN; } } } else { // We did not find a matching consumer key. return OAUTH_CONSUMER_KEY_UNKNOWN; } } else { // No consumer key present in POST data. return OAUTH_CONSUMER_KEY_UNKNOWN; } // Not sure how we would get here, but refust the key in the event LTI::log("Reached bad branch in consumerHandler: Post data follows:\n" . var_export($_POST, 1)); return OAUTH_CONSUMER_KEY_REFUSED; }