Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
- Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
- PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.
/enrol/lti/ims-blti/ -> blti.php (source)
1 <?php 2 3 require_once($CFG->dirroot . '/enrol/lti/ims-blti/OAuth.php'); 4 require_once($CFG->dirroot . '/enrol/lti/ims-blti/TrivialOAuthDataStore.php'); 5 6 // Returns true if this is a Basic LTI message 7 // with minimum values to meet the protocol 8 function is_basic_lti_request() { 9 $good_message_type = $_REQUEST["lti_message_type"] == "basic-lti-launch-request"; 10 $good_lti_version = ($_REQUEST["lti_version"] == "LTI-1p0" or $_REQUEST["lti_version"] == "LTI-1.0"); 11 $good_lti_version = $good_lti_version || ($_REQUEST["lti_version"] == "LTI-2p0" or $_REQUEST["lti_version"] == "LTI-2.0"); 12 $resource_link_id = $_REQUEST["resource_link_id"]; 13 if ($good_message_type and $good_lti_version and isset($resource_link_id) ) return(true); 14 return false; 15 } 16 17 // Basic LTI Class that does the setup and provides utility 18 // functions 19 class BLTI { 20 21 public $valid = false; 22 public $complete = false; 23 public $message = false; 24 public $basestring = false; 25 public $info = false; 26 public $row = false; 27 public $context_id = false; // Override context_id 28 29 function __construct($parm=false, $usesession=true, $doredirect=true) { 30 31 32 // If this request is not an LTI Launch, either 33 // give up or try to retrieve the context from session 34 if ( ! is_basic_lti_request() ) { 35 36 if ( $usesession === false ) return; 37 38 if ( strlen(session_id()) > 0 ) { 39 $row = $_SESSION['_basiclti_lti_row']; 40 if ( isset($row) ) $this->row = $row; 41 $context_id = $_SESSION['_basiclti_lti_context_id']; 42 if ( isset($context_id) ) $this->context_id = $context_id; 43 $info = $_SESSION['_basic_lti_context']; 44 if ( isset($info) ) { 45 $this->info = $info; 46 $this->valid = true; 47 return; 48 } 49 $this->message = "Could not find context in session"; 50 return; 51 } 52 $this->message = "Session not available"; 53 return; 54 } 55 // Insure we have a valid launch 56 if ( empty($_REQUEST["oauth_consumer_key"]) ) { 57 $this->message = "Missing oauth_consumer_key in request"; 58 return; 59 } 60 $oauth_consumer_key = $_REQUEST["oauth_consumer_key"]; 61 62 // Find the secret - either form the parameter as a string or 63 // look it up in a database from parameters we are given 64 $secret = false; 65 $row = false; 66 if ( is_string($parm) ) { 67 $secret = $parm; 68 } else if ( ! is_array($parm) ) { 69 $this->message = "Constructor requires a secret or database information."; 70 return; 71 } 72 73 // Verify the message signature 74 $store = new TrivialOAuthDataStore(); 75 $store->add_consumer($oauth_consumer_key, $secret); 76 77 $server = new OAuthServer($store); 78 79 $method = new OAuthSignatureMethod_HMAC_SHA1(); 80 $server->add_signature_method($method); 81 $request = OAuthRequest::from_request(); 82 83 $this->basestring = $request->get_signature_base_string(); 84 try { 85 $server->verify_request($request); 86 $this->valid = true; 87 } catch (Exception $e) { 88 $this->message = $e->getMessage(); 89 return; 90 } 91 // Store the launch information in the session for later 92 $newinfo = array(); 93 foreach($_POST as $key => $value ) { 94 if ( $key == "basiclti_submit" ) continue; 95 if ( strpos($key, "oauth_") === false ) { 96 $newinfo[$key] = $value; 97 continue; 98 } 99 if ( $key == "oauth_consumer_key" ) { 100 $newinfo[$key] = $value; 101 continue; 102 } 103 } 104 //Added abertranb to decode base 64 20120801 105 if (isset($newinfo['custom_lti_message_encoded_base64']) && $newinfo['custom_lti_message_encoded_base64']==1){ 106 $newinfo = $this->decodeBase64($newinfo); 107 } 108 109 $this->info = $newinfo; 110 111 if ( $usesession == true and strlen(session_id()) > 0 ) { 112 $_SESSION['_basic_lti_context'] = $this->info; 113 unset($_SESSION['_basiclti_lti_row']); 114 unset($_SESSION['_basiclti_lti_context_id']); 115 if ( $this->row ) $_SESSION['_basiclti_lti_row'] = $this->row; 116 if ( $this->context_id ) $_SESSION['_basiclti_lti_context_id'] = $this->context_id; 117 } 118 119 if ( $this->valid && $doredirect ) { 120 $this->redirect(); 121 $this->complete = true; 122 } 123 } 124 125 function addSession($location) { 126 if ( ini_get('session.use_cookies') == 0 ) { 127 if ( strpos($location,'?') > 0 ) { 128 $location = $location . '&'; 129 } else { 130 $location = $location . '?'; 131 } 132 $location = $location . session_name() . '=' . session_id(); 133 } 134 return $location; 135 } 136 137 function isInstructor() { 138 $roles = $this->info['roles']; 139 $roles = strtolower($roles); 140 if ( ! ( strpos($roles,"instructor") === false ) ) return true; 141 if ( ! ( strpos($roles,"administrator") === false ) ) return true; 142 return false; 143 } 144 145 function getUserEmail() { 146 # set default email in the event privacy settings don't pass in email. 147 $email = $this->info['user_id'] . "@ltiuser.com"; 148 if ( isset($this->info['lis_person_contact_email_primary']) ) $email = $this->info['lis_person_contact_email_primary']; 149 # Sakai Hack 150 if ( isset($this->info['lis_person_contact_emailprimary']) ) $email = $this->info['lis_person_contact_emailprimary']; 151 return $email; 152 } 153 154 function getUserShortName() { 155 $email = $this->getUserEmail(); 156 $givenname = $this->info['lis_person_name_given']; 157 $familyname = $this->info['lis_person_name_family']; 158 $fullname = $this->info['lis_person_name_full']; 159 if ( strlen($email) > 0 ) return $email; 160 if ( strlen($givenname) > 0 ) return $givenname; 161 if ( strlen($familyname) > 0 ) return $familyname; 162 return $this->getUserName(); 163 } 164 165 function getUserName() { 166 $givenname = $this->info['lis_person_name_given']; 167 $familyname = $this->info['lis_person_name_family']; 168 $fullname = $this->info['lis_person_name_full']; 169 if ( strlen($fullname) > 0 ) return $fullname; 170 if ( strlen($familyname) > 0 and strlen($givenname) > 0 ) return $givenname + $familyname; 171 if ( strlen($givenname) > 0 ) return $givenname; 172 if ( strlen($familyname) > 0 ) return $familyname; 173 return $this->getUserEmail(); 174 } 175 176 function getUserKey() { 177 $oauth = $this->info['oauth_consumer_key']; 178 $id = $this->info['user_id']; 179 if ( strlen($id) > 0 and strlen($oauth) > 0 ) return $oauth . ':' . $id; 180 return false; 181 } 182 183 function getUserImage() { 184 $image = $this->info['user_image']; 185 if ( strlen($image) > 0 ) return $image; 186 $email = $this->getUserEmail(); 187 if ( $email === false ) return false; 188 $size = 40; 189 $grav_url = $_SERVER['HTTPS'] ? 'https://' : 'http://'; 190 $grav_url = $grav_url . "www.gravatar.com/avatar.php?gravatar_id=".md5( strtolower($email) )."&size=".$size; 191 return $grav_url; 192 } 193 194 function getResourceKey() { 195 $oauth = $this->info['oauth_consumer_key']; 196 $id = $this->info['resource_link_id']; 197 if ( strlen($id) > 0 and strlen($oauth) > 0 ) return $oauth . ':' . $id; 198 return false; 199 } 200 201 function getResourceTitle() { 202 $title = $this->info['resource_link_title']; 203 if ( strlen($title) > 0 ) return $title; 204 return false; 205 } 206 207 function getConsumerKey() { 208 $oauth = $this->info['oauth_consumer_key']; 209 return $oauth; 210 } 211 212 function getCourseKey() { 213 if ( $this->context_id ) return $this->context_id; 214 $oauth = $this->info['oauth_consumer_key']; 215 $id = $this->info['context_id']; 216 if ( strlen($id) > 0 and strlen($oauth) > 0 ) return $oauth . ':' . $id; 217 return false; 218 } 219 220 function getCourseName() { 221 $label = $this->info['context_label']; 222 $title = $this->info['context_title']; 223 $id = $this->info['context_id']; 224 if ( strlen($label) > 0 ) return $label; 225 if ( strlen($title) > 0 ) return $title; 226 if ( strlen($id) > 0 ) return $id; 227 return false; 228 } 229 230 // TODO: Add javasript version if headers are already sent 231 function redirect() { 232 $host = $_SERVER['HTTP_HOST']; 233 $uri = $_SERVER['PHP_SELF']; 234 $location = $_SERVER['HTTPS'] ? 'https://' : 'http://'; 235 $location = $location . $host . $uri; 236 $location = $this->addSession($location); 237 header("Location: $location"); 238 } 239 240 function dump() { 241 if ( ! $this->valid or $this->info == false ) return "Context not valid\n"; 242 $ret = ""; 243 if ( $this->isInstructor() ) { 244 $ret .= "isInstructor() = true\n"; 245 } else { 246 $ret .= "isInstructor() = false\n"; 247 } 248 $ret .= "getUserKey() = ".$this->getUserKey()."\n"; 249 $ret .= "getUserEmail() = ".$this->getUserEmail()."\n"; 250 $ret .= "getUserShortName() = ".$this->getUserShortName()."\n"; 251 $ret .= "getUserName() = ".$this->getUserName()."\n"; 252 $ret .= "getUserImage() = ".$this->getUserImage()."\n"; 253 $ret .= "getResourceKey() = ".$this->getResourceKey()."\n"; 254 $ret .= "getResourceTitle() = ".$this->getResourceTitle()."\n"; 255 $ret .= "getCourseName() = ".$this->getCourseName()."\n"; 256 $ret .= "getCourseKey() = ".$this->getCourseKey()."\n"; 257 $ret .= "getConsumerKey() = ".$this->getConsumerKey()."\n"; 258 return $ret; 259 } 260 261 /** 262 * Data submitter are in base64 then we have to decode 263 * @author Antoni Bertran (antoni@tresipunt.com) 264 * @param $info array 265 * @date 20120801 266 */ 267 function decodeBase64($info) { 268 $keysNoEncode = array("lti_version", "lti_message_type", "tool_consumer_instance_description", "tool_consumer_instance_guid", "oauth_consumer_key", "custom_lti_message_encoded_base64", "oauth_nonce", "oauth_version", "oauth_callback", "oauth_timestamp", "basiclti_submit", "oauth_signature_method", "ext_ims_lis_memberships_id", "ext_ims_lis_memberships_url"); 269 foreach ($info as $key => $item){ 270 if (!in_array($key, $keysNoEncode)) 271 $info[$key] = base64_decode($item); 272 } 273 return $info; 274 } 275 276 } 277 278 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
