d3/d2d/xapitoken_8php_source.html

<?php


declare(strict_types=1);


chdir("../../../");

require_once 'vendor/composer/vendor/autoload.php';


$tokenRestriction = true;


$origParam = $_GET['param'];


if (!isset($origParam) || !strlen($origParam)) {

    $error = array('error-code' => 3,'error-text' => 'invalid request: missing or empty param request parameter');

    send($error);

}


try {

    $param = base64_decode(rawurldecode($origParam));


    $param = json_decode(openssl_decrypt(

        $param,

        ilCmiXapiAuthToken::OPENSSL_ENCRYPTION_METHOD,

        ilCmiXapiAuthToken::getWacSalt(),

        0,

        ilCmiXapiAuthToken::OPENSSL_IV

    ), true);


    $_COOKIE[session_name()] = $param[session_name()];


    $_COOKIE['ilClientId'] = $param['ilClientId'];

    $objId = $param['obj_id'];

    $refId = $param['ref_id'];


    #\XapiProxy\DataService::initIlias($_COOKIE['ilClientId']);

    ilInitialisation::initILIAS();

    $DIC = $GLOBALS['DIC'];

} catch (ilCmiXapiException $e) {

    $error = array('error-code' => '3','error-text' => 'internal server error');

    send($error);

}


try {

    $object = ilObjectFactory::getInstanceByObjId($objId, false);

    $token = ilCmiXapiAuthToken::getInstanceByObjIdAndRefIdAndUsrId($objId, $refId, $DIC->user()->getId());

    if ($object->getContentType() == ilObjCmiXapi::CONT_TYPE_CMI5) {

        $tokenCmi5Session = $token->getCmi5Session();

        $alreadyReturnedCmi5Session = $token->getReturnedForCmi5Session();

        if ($tokenCmi5Session == $alreadyReturnedCmi5Session) {

            // what about reloaded or refreshed pages?

            // see: https://stackoverflow.com/questions/456841/detect-whether-the-browser-is-refreshed-or-not-using-php/456915

            // Beware that the xapitoken request is an ajax request and not all clients send HTTP_REFERRER Header

            if ($tokenRestriction == true) {

                $error = array('error-code' => '1','error-text' => 'The authorization token has already been returned.');

                send($error);

            }

        }

        $token->setReturnedForCmi5Session($tokenCmi5Session);

        $token->update();

    }

    if ($object->isBypassProxyEnabled()) {

        $authToken = $object->getLrsType()->getBasicAuthWithoutBasic();

    } else {

        $authToken = base64_encode(CLIENT_ID . ':' . $token->getToken());

    }


    $response = array("auth-token" => $authToken);

    send($response);

} catch (ilCmiXapiException $e) {

    $error = array('error-code' => '2','error-text' => 'could not create valid session from token.');

    send($error);

}


function send($response): void

{

    if (isset($_SERVER["HTTP_ORIGIN"]) && $_SERVER["HTTP_ORIGIN"] != "") {

        header('Access-Control-Allow-Origin: ' . $_SERVER["HTTP_ORIGIN"]);

    }

    header('Access-Control-Allow-Credentials: true');

    header('Content-type:application/json;charset=utf-8');

    echo json_encode($response);

    exit;

}

ilCmiXapiAuthToken\OPENSSL_IV
const OPENSSL_IV
Definition: class.ilCmiXapiAuthToken.php:36

ilCmiXapiAuthToken\getWacSalt
static getWacSalt()
Definition: class.ilCmiXapiAuthToken.php:416

ilCmiXapiAuthToken\getInstanceByObjIdAndRefIdAndUsrId
static getInstanceByObjIdAndRefIdAndUsrId(int $objId, int $refId, int $usrId, bool $checkValid=true)
Definition: class.ilCmiXapiAuthToken.php:358

ilCmiXapiAuthToken\OPENSSL_ENCRYPTION_METHOD
const OPENSSL_ENCRYPTION_METHOD
Definition: class.ilCmiXapiAuthToken.php:34

ilCmiXapiException
Definition: class.ilCmiXapiException.php:31

ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:1144

ilObjCmiXapi\CONT_TYPE_CMI5
const CONT_TYPE_CMI5
Definition: class.ilObjCmiXapi.php:52

ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84

CLIENT_ID
const CLIENT_ID
Definition: constants.php:41

exit
exit
Definition: dummy_client.php:21

$_GET
$_GET['cmd']
Definition: lti.php:26

ILIAS\UI\examples\Symbol\Glyph\Header\header
header()
Definition: header.php:29

Vendor\Package\$e
$e
Definition: example_cleaned.php:49

$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26

$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:54

$token
$token
Definition: xapitoken.php:70

$DIC
$DIC
Definition: xapitoken.php:62

$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:54

$objId
$objId
Definition: xapitoken.php:57

$tokenRestriction
$tokenRestriction
see: https://github.com/AICC/CMI-5_Spec_Current/blob/quartz/cmi5_spec.md#fetch_url response should al...
Definition: xapitoken.php:34

send
catch(ilCmiXapiException $e) send($response)
Definition: xapitoken.php:100

$origParam
$origParam
Definition: xapitoken.php:36

$refId
$refId
Definition: xapitoken.php:58

$param
$param
Definition: xapitoken.php:46

$response
$response
Definition: xapitoken.php:93