1<?php
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * Handle the return from the Tool Provider after selecting a content item.
19 *
20 * @package mod_lti
21 * @copyright  2015 Vital Source Technologies http://vitalsource.com
22 * @author     Stephen Vickers
23 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
24 */
25
26require_once('../../config.php');
27require_once($CFG->dirroot . '/mod/lti/locallib.php');
28
29$id = required_param('id', PARAM_INT);
30$courseid = required_param('course', PARAM_INT);
31
32$jwt = optional_param('JWT', '', PARAM_RAW);
33
34$context = context_course::instance($courseid);
35
36$pageurl = new moodle_url('/mod/lti/contentitem_return.php');
37$PAGE->set_url($pageurl);
38$PAGE->set_pagelayout('popup');
39$PAGE->set_context($context);
40
41// Cross-Site causes the cookie to be lost if not POSTed from same site.
42global $_POST;
43if (!empty($_POST["repost"])) {
44    // Unset the param so that LTI 1.1 signature validation passes.
45    unset($_POST["repost"]);
46} else if (!isloggedin()) {
47    header_remove("Set-Cookie");
48    $output = $PAGE->get_renderer('mod_lti');
49    $page = new \mod_lti\output\repost_crosssite_page($_SERVER['REQUEST_URI'], $_POST);
50    echo $output->header();
51    echo $output->render($page);
52    echo $output->footer();
53    return;
54}
55
56if (!empty($jwt)) {
57    $params = lti_convert_from_jwt($id, $jwt);
58    $consumerkey = $params['oauth_consumer_key'] ?? '';
59    $messagetype = $params['lti_message_type'] ?? '';
60    $version = $params['lti_version'] ?? '';
61    $items = $params['content_items'] ?? '';
62    $errormsg = $params['lti_errormsg'] ?? '';
63    $msg = $params['lti_msg'] ?? '';
64} else {
65    $consumerkey = required_param('oauth_consumer_key', PARAM_RAW);
66    $messagetype = required_param('lti_message_type', PARAM_TEXT);
67    $version = required_param('lti_version', PARAM_TEXT);
68    $items = optional_param('content_items', '', PARAM_RAW);
69    $errormsg = optional_param('lti_errormsg', '', PARAM_TEXT);
70    $msg = optional_param('lti_msg', '', PARAM_TEXT);
71    lti_verify_oauth_signature($id, $consumerkey);
72}
73
74$course = $DB->get_record('course', array('id' => $courseid), '*', MUST_EXIST);
75require_login($course);
76require_sesskey();
77require_capability('moodle/course:manageactivities', $context);
78require_capability('mod/lti:addcoursetool', $context);
79
80$redirecturl = null;
81$returndata = null;
82if (empty($errormsg) && !empty($items)) {
83    try {
84        $returndata = lti_tool_configuration_from_content_item($id, $messagetype, $version, $consumerkey, $items);
85    } catch (moodle_exception $e) {
86        $errormsg = $e->getMessage();
87    }
88}
89
90echo $OUTPUT->header();
91
92// Call JS module to redirect the user to the course page or close the dialogue on error/cancel.
93$PAGE->requires->js_call_amd('mod_lti/contentitem_return', 'init', [$returndata]);
94
95echo $OUTPUT->footer();
96
97// Add messages to notification stack for rendering later.
98if ($errormsg) {
99    // Content item selection has encountered an error.
100    \core\notification::error($errormsg);
101
102} else if (!empty($returndata)) {
103    // Means success.
104    if (!$msg) {
105        $msg = get_string('successfullyfetchedtoolconfigurationfromcontent', 'lti');
106    }
107    \core\notification::success($msg);
108}
109