ILIAS  release_7 Revision v7.30-3-g800a261c036
xapitoken.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2019 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4chdir("../../");
5require_once 'libs/composer/vendor/autoload.php';
6
18
19$origParam = $_GET['param'];
20
21if (!isset($origParam) || !strlen($origParam)) {
22 $error = array('error-code' => 3,'error-text' => 'invalid request: missing or empty param request parameter');
23 send($error);
24}
25
26try {
27 $param = base64_decode(rawurldecode($origParam));
28
29 $param = json_decode(openssl_decrypt(
30 $param,
33 0,
35 ), true);
36
37 $_COOKIE[session_name()] = $param[session_name()];
38 $_COOKIE['ilClientId'] = $param['ilClientId'];
39 $objId = $param['obj_id'];
40 $refId = $param['ref_id'];
41
42 #\XapiProxy\DataService::initIlias($_COOKIE['ilClientId']);
44 $DIC = $GLOBALS['DIC'];
45} catch (ilCmiXapiException $e) {
46 $error = array('error-code' => '3','error-text' => 'internal server error');
47 send($error);
48}
49
50try {
53 if ($object->getContentType() == ilObjCmiXapi::CONT_TYPE_CMI5) {
54 $tokenCmi5Session = $token->getCmi5Session();
55 $alreadyReturnedCmi5Session = $token->getReturnedForCmi5Session();
56 if ($tokenCmi5Session == $alreadyReturnedCmi5Session) {
57 // what about reloaded or refreshed pages?
58 // see: https://stackoverflow.com/questions/456841/detect-whether-the-browser-is-refreshed-or-not-using-php/456915
59 // Beware that the xapitoken request is an ajax request and not all clients send HTTP_REFERRER Header
60 if ($tokenRestriction == true) {
61 $error = array('error-code' => '1','error-text' => 'The authorization token has already been returned.');
62 send($error);
63 }
64 }
65 $token->setReturnedForCmi5Session($tokenCmi5Session);
66 $token->update();
67 }
68 if ($object->isBypassProxyEnabled()) {
69 $authToken = $object->getLrsType()->getBasicAuthWithoutBasic();
70 } else {
71 $authToken = base64_encode(CLIENT_ID . ':' . $token->getToken());
72 }
73
74
75 $response = array("auth-token" => $authToken);
77} catch (ilCmiXapiException $e) {
78 $error = array('error-code' => '2','error-text' => 'could not create valid session from token.');
79 send($error);
80}
81
82function send($response)
83{
84 header('Access-Control-Allow-Origin: ' . $_SERVER["HTTP_ORIGIN"]);
85 header('Access-Control-Allow-Credentials: true');
86 header('Content-type:application/json;charset=utf-8');
87 echo json_encode($response);
88 exit;
89}
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$_GET["client_id"]
An exception for terminatinating execution or to throw for unit testing.
static getInstanceByObjIdAndRefIdAndUsrId($objId, $refId, $usrId, $checkValid=true)
static initILIAS()
ilias initialisation
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
const CLIENT_ID
Definition: constants.php:39
exit
Definition: login.php:29
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10
$token
Definition: xapitoken.php:52
$DIC
Definition: xapitoken.php:44
$_COOKIE[session_name()]
Definition: xapitoken.php:37
$objId
Definition: xapitoken.php:39
$tokenRestriction
see: https://github.com/AICC/CMI-5_Spec_Current/blob/quartz/cmi5_spec.md#fetch_url response should al...
Definition: xapitoken.php:17
catch(ilCmiXapiException $e) send($response)
Definition: xapitoken.php:82
$origParam
Definition: xapitoken.php:19
$refId
Definition: xapitoken.php:40
$param
Definition: xapitoken.php:29
$response
Definition: xapitoken.php:75