lti/tool_consumer_outcome.php

<?php
require_once('../config.php');

use Tsugi\Util\U;
use Tsugi\OAuth\OAuthUtil;
use Tsugi\Util\LTI;

$old_error_handler = set_error_handler("myErrorHandler");

function myErrorHandler($errno, $errstr, $errfile, $errline)
{
    // echo("YO ". $errorno . $errstr . "\n");
    if ( strpos($errstr, 'deprecated') !== false ) return true;
    return false;
}

ini_set("display_errors", 1);

if ( !isset ( $_REQUEST['b64'] ) ) {
   error_log("Missing b64 parameter");
   die("Missing b64 parameter");
}

// Make sure to add the file to the session id in case
// multiple people are running this on the same server
$b64 = $_REQUEST['b64'];
session_id(md5($b64 . __FILE__));
session_start();

// For my application, We only allow application/xml
$request_headers = OAuthUtil::get_headers();
$hct = isset($request_headers['Content-Type']) ? $request_headers['Content-Type'] : false;
if ( ! $hct ) $hct = isset($request_headers['Content-type']) ? $request_headers['Content-type'] : false;
if (strpos($hct,'application/xml') === false ) {
   header('Content-Type: text/plain');
   // print_r($request_headers);
   error_log("Must be content type xml, found ".$hct);
   die("Must be content type xml, found ".$hct);
}

header('Content-Type: application/xml; charset=utf-8');

// Get skeleton response
$response = LTI::getPOXResponse();

// Pull out the key and secret from the parameter
$b64dec = base64_decode($b64);
$b64 = explode(":::", $b64dec);

$oauth_consumer_key = $b64[0];
$oauth_consumer_secret = $b64[1];
$operation = "unknown";

if ( U::strlen($oauth_consumer_key) < 1 || U::strlen($oauth_consumer_secret) < 1 ) {
   echo(sprintf($response,uniqid(),'failure', "Missing key/secret B64=$b64dec B64key=$oauth_consumer_key secret=$oauth_consumer_secret",$message_ref,$operation,""));
   exit();
}

$header_key = LTI::getOAuthKeyFromHeaders();
if ( U::strlen($header_key) < 1 ) {
   echo(sprintf($response,uniqid(),'failure', "Empty header key. Note that some proxy configurations do not pass the Authorization header.",$message_ref,$operation,""));
   exit();
} else if ( $header_key != $oauth_consumer_key ) {
   echo(sprintf($response,uniqid(),'failure', "B64key=$oauth_consumer_key HDR=$header_key",$message_ref,$operation,""));
   exit();
}

try {
    $body = LTI::handleOAuthBodyPOST($oauth_consumer_key, $oauth_consumer_secret);
    $xml = new SimpleXMLElement($body);
    $imsx_header = $xml->imsx_POXHeader->children();
    $parms = $imsx_header->children();
    $message_ref = (string) $parms->imsx_messageIdentifier;

    $imsx_body = $xml->imsx_POXBody->children();
    $operation = $imsx_body->getName();
    $parms = $imsx_body->children();
} catch (Exception $e) {
    global $LastOAuthBodyBaseString;
	global $LastOAuthBodyHashInfo;
    $retval = sprintf($response,uniqid(),'failure', $e->getMessage().
        " B64key=$oauth_consumer_key HDRkey=$header_key secret=$oauth_consumer_secret",uniqid(),$operation,"") .
        "<!--\n".
        "Base String:\n".$LastOAuthBodyBaseString."\n".
		"Hash Info:\n".$LastOAuthBodyHashInfo."\n-->\n";
    echo($retval);
    exit();
}

$sourcedid = (string) $parms->resultRecord->sourcedGUID->sourcedId;
if ( !isset($sourcedid) && U::strlen($sourcedid) > 0 ) {
   echo(sprintf($response,uniqid(),'failure', "Missing required lis_result_sourcedid",$message_ref,$operation,""));
   exit();
}

$gradebook = isset($_SESSION['cert_gradebook']) ? $_SESSION['cert_gradebook'] : Array();

$top_tag = str_replace("Request","Response",$operation);
$body_tag = "\n<".$top_tag."/>";
if ( $operation == "replaceResultRequest" ) {
    $score =  (string) $parms->resultRecord->result->resultScore->textString;
    $fscore = (float) $score;
    if ( ! is_numeric($score) ) {
        echo(sprintf($response,uniqid(),'failure', "Score must be numeric",$message_ref,$operation,$body_tag));
        exit();
    }
    $fscore = (float) $score;
    if ( $fscore < 0.0 || $fscore > 1.0 ) {
        echo(sprintf($response,uniqid(),'failure', "Score not between 0.0 and 1.0",$message_ref,$operation,$body_tag));
        exit();
    }
    echo(sprintf($response,uniqid(),'success', "Score for $sourcedid is now $score",$message_ref,$operation,$body_tag));
    $gradebook[$sourcedid] = $score;
} else if ( $operation == "readResultRequest" ) {
    $score =  $gradebook[$sourcedid];
    $body = '
    <readResultResponse>
      <result>
        <resultScore>
          <language>en</language>
          <textString>%s</textString>
        </resultScore>
      </result>
    </readResultResponse>';
    $body = sprintf($body,$score);
    echo(sprintf($response,uniqid(),'success', "Score read successfully",$message_ref,$operation,$body));
} else if ( $operation == "deleteResultRequest" ) {
    unset( $gradebook[$sourcedid]);
    echo(sprintf($response,uniqid(),'success', "Score deleted",$message_ref,$operation,$body_tag));
} else {
    echo(sprintf($response,uniqid(),'unsupported', "Operation not supported - $operation",$message_ref,$operation,""));
}
$_SESSION['cert_gradebook'] = $gradebook;
// print_r($gradebook);
?>