d3/d2d/xapitoken_8php_source.html

 <?php

 declare(strict_types=1);

 require_once __DIR__ . '/../vendor/composer/vendor/autoload.php';
 $tokenRestriction = true;

 $origParam = $_GET['param'];

 if (!isset($origParam) || !strlen($origParam)) {
     $error = array('error-code' => 3,'error-text' => 'invalid request: missing or empty param request parameter');
     send($error);
 }

 try {
     $param = base64_decode(rawurldecode($origParam));

     $param = json_decode(openssl_decrypt(
         $param,
         ilCmiXapiAuthToken::OPENSSL_ENCRYPTION_METHOD,
         ilCmiXapiAuthToken::getWacSalt(),
         0,
         ilCmiXapiAuthToken::OPENSSL_IV
     ), true);

     $_COOKIE[session_name()] = $param[session_name()];

     $_COOKIE['ilClientId'] = $param['ilClientId'];
     $objId = $param['obj_id'];
     $refId = $param['ref_id'];

     ilInitialisation::initILIAS();
     $DIC = $GLOBALS['DIC'];
 } catch (ilCmiXapiException $e) {
     $error = array('error-code' => '3','error-text' => 'internal server error');
     send($error);
 }

 try {
     $object = ilObjectFactory::getInstanceByObjId($objId, false);
     $token = ilCmiXapiAuthToken::getInstanceByObjIdAndRefIdAndUsrId($objId, $refId, $DIC->user()->getId());
     if ($object->getContentType() == ilObjCmiXapi::CONT_TYPE_CMI5) {
         $tokenCmi5Session = $token->getCmi5Session();
         $alreadyReturnedCmi5Session = $token->getReturnedForCmi5Session();
         if ($tokenCmi5Session == $alreadyReturnedCmi5Session) {
             // what about reloaded or refreshed pages?
             // see: https://stackoverflow.com/questions/456841/detect-whether-the-browser-is-refreshed-or-not-using-php/456915
             // Beware that the xapitoken request is an ajax request and not all clients send HTTP_REFERRER Header
             if ($tokenRestriction == true) {
                 $error = array('error-code' => '1','error-text' => 'The authorization token has already been returned.');
                 send($error);
             }
         }
         $token->setReturnedForCmi5Session($tokenCmi5Session);
         $token->update();
     }
     if ($object->isBypassProxyEnabled()) {
         $authToken = $object->getLrsType()->getBasicAuthWithoutBasic();
     } else {
         $authToken = base64_encode(CLIENT_ID . ':' . $token->getToken());
     }


     $response = array("auth-token" => $authToken);
     send($response);
 } catch (ilCmiXapiException $e) {
     $error = array('error-code' => '2','error-text' => 'could not create valid session from token.');
     send($error);
 }

 function send($response): void
 {
     if (isset($_SERVER["HTTP_ORIGIN"]) && $_SERVER["HTTP_ORIGIN"] != "") {
         header('Access-Control-Allow-Origin: ' . $_SERVER["HTTP_ORIGIN"]);
     }
     header('Access-Control-Allow-Credentials: true');
     header('Content-type:application/json;charset=utf-8');
     echo json_encode($response);
     exit;
 }
$tokenRestriction
$tokenRestriction
see: https://github.com/AICC/CMI-5_Spec_Current/blob/quartz/cmi5_spec.md#fetch_url response should al...
Definition: xapitoken.php:32

$response
$response
Definition: xapitoken.php:90

$objId
$objId
Definition: xapitoken.php:55

Vendor\Package\$e
$e
Definition: example_cleaned.php:49

$refId
$refId
Definition: xapitoken.php:56

ilCmiXapiAuthToken\OPENSSL_ENCRYPTION_METHOD
const OPENSSL_ENCRYPTION_METHOD
Definition: class.ilCmiXapiAuthToken.php:34

ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:1153

$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:30

ilCmiXapiAuthToken\getWacSalt
static getWacSalt()
Definition: class.ilCmiXapiAuthToken.php:416

ilCmiXapiAuthToken\OPENSSL_IV
const OPENSSL_IV
Definition: class.ilCmiXapiAuthToken.php:36

$token
$token
Definition: xapitoken.php:67

$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10

$param
$param
Definition: xapitoken.php:44

CLIENT_ID
const CLIENT_ID
Definition: constants.php:41

ilCmiXapiAuthToken\getInstanceByObjIdAndRefIdAndUsrId
static getInstanceByObjIdAndRefIdAndUsrId(int $objId, int $refId, int $usrId, bool $checkValid=true)
Definition: class.ilCmiXapiAuthToken.php:358

$DIC
$DIC
Definition: xapitoken.php:59

$_GET
$_GET['cmd']
Definition: lti.php:26

ilCmiXapiException
Definition: class.ilCmiXapiException.php:30

ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84

ilObjCmiXapi\CONT_TYPE_CMI5
const CONT_TYPE_CMI5
Definition: class.ilObjCmiXapi.php:52

$origParam
$origParam
Definition: xapitoken.php:34

$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:52

ILIAS\UI\examples\Symbol\Glyph\Header\header
header()
 expected output: > ILIAS shows the rendered Component.
Definition: header.php:13

exit
exit
Definition: zoneinfo_generator.php:3

send
catch(ilCmiXapiException $e) send($response)
Definition: xapitoken.php:97