MDL-27036 AICC HACP handling - add missing check for correct user with has_capability.
[moodle.git] / mod / scorm / aicc.php
CommitLineData
32636f90 1<?php
f7b5c6aa
DM
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
4ecf8438 16
f7b5c6aa
DM
17//Prevent Caching Headers
18header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
19header("Cache-Control: no-cache");
20header("Pragma: no-cache");
4454447d 21
f7b5c6aa
DM
22require_once('../../config.php');
23require_once($CFG->dirroot.'/mod/scorm/lib.php');
24require_once($CFG->dirroot.'/mod/scorm/locallib.php');
25require_once($CFG->dirroot.'/mod/scorm/datamodels/aicclib.php');
e5dd8e3b 26
f7b5c6aa
DM
27foreach ($_POST as $key => $value) {
28 $tempkey = strtolower($key);
29 $_POST[$tempkey] = $value;
30}
03f5a0f8 31
f7b5c6aa
DM
32$command = required_param('command', PARAM_ALPHA);
33$sessionid = required_param('session_id', PARAM_ALPHANUM);
34$aiccdata = optional_param('aicc_data', '', PARAM_RAW);
5c508e3f 35
ba0e91a2
DM
36$cfg_scorm = get_config('scorm');
37
f7b5c6aa
DM
38$url = new moodle_url('/mod/scorm/aicc.php', array('command'=>$command, 'session_id'=>$sessionid));
39if ($aiccdata !== 0) {
40 $url->param('aicc_data', $aiccdata);
41}
42$PAGE->set_url($url);
4ecf8438 43
ba0e91a2
DM
44if (empty($cfg_scorm->allowaicchacp)) {
45 require_login();
46 if (!confirm_sesskey($sessionid)) {
47 print_error('invalidsesskey');
48 }
49 $aiccuser = $USER;
50 $scormsession = $SESSION->scorm;
51} else {
52 $scormsession = scorm_aicc_confirm_hacp_session($sessionid);
53 if (empty($scormsession)) {
54 print_error('invalidhacpsession', 'scorm');
55 }
56 $aiccuser = $DB->get_record('user', array('id'=>$scormsession->userid), 'id,username,lastname,firstname', MUST_EXIST);
57}
4ecf8438 58
ba0e91a2 59if (!empty($command)) {
f7b5c6aa 60 $command = strtolower($command);
03f5a0f8 61
ba0e91a2
DM
62 if (isset($scormsession->scoid)) {
63 $scoid = $scormsession->scoid;
f7b5c6aa
DM
64 } else {
65 print_error('cannotcallscript');
66 }
67 $mode = 'normal';
ba0e91a2
DM
68 if (isset($scormsession->scormmode)) {
69 $mode = $scormsession->scormmode;
f7b5c6aa
DM
70 }
71 $status = 'Not Initialized';
ba0e91a2
DM
72 if (isset($scormsession->scormstatus)) {
73 $status = $scormsession->scormstatus;
f7b5c6aa 74 }
ba0e91a2
DM
75 if (isset($scormsession->attempt)) {
76 $attempt = $scormsession->attempt;
f7b5c6aa
DM
77 } else {
78 $attempt = 1;
79 }
80
81 if ($sco = scorm_get_sco($scoid, SCO_ONLY)) {
82 if (!$scorm = $DB->get_record('scorm', array('id'=>$sco->scorm))) {
1fe98e8d 83 print_error('cannotcallscript');
03f5a0f8 84 }
f7b5c6aa
DM
85 } else {
86 print_error('cannotcallscript');
87 }
88 $aiccrequest = "MOODLE scoid: $scoid"
89 . "\r\nMOODLE mode: $mode"
90 . "\r\nMOODLE status: $status"
91 . "\r\nMOODLE attempt: $attempt"
92 . "\r\nAICC sessionid: $sessionid"
93 . "\r\nAICC command: $command"
94 . "\r\nAICC aiccdata:\r\n$aiccdata";
95 scorm_debug_log_write("aicc", "HACP Request:\r\n$aiccrequest", $scoid);
96 ob_start();
03f5a0f8 97
f7b5c6aa
DM
98 if ($scorm = $DB->get_record('scorm', array('id'=>$sco->scorm))) {
99 switch ($command) {
100 case 'getparam':
101 if ($status == 'Not Initialized') {
ba0e91a2 102 $scormsession->scormstatus = 'Running';
f7b5c6aa
DM
103 $status = 'Running';
104 }
105 if ($status != 'Running') {
106 echo "error=101\r\nerror_text=Terminated\r\n";
107 } else {
ba0e91a2 108 if ($usertrack=scorm_get_tracks($scoid, $aiccuser->id, $attempt)) {
f7b5c6aa
DM
109 $userdata = $usertrack;
110 } else {
111 $userdata->status = '';
112 $userdata->score_raw = '';
03f5a0f8 113 }
ba0e91a2
DM
114 $userdata->student_id = $aiccuser->username;
115 $userdata->student_name = $aiccuser->lastname .', '. $aiccuser->firstname;
f7b5c6aa
DM
116 $userdata->mode = $mode;
117 if ($userdata->mode == 'normal') {
118 $userdata->credit = 'credit';
03f5a0f8 119 } else {
f7b5c6aa
DM
120 $userdata->credit = 'no-credit';
121 }
4ecf8438 122
f7b5c6aa
DM
123 if ($sco = scorm_get_sco($scoid)) {
124 $userdata->course_id = $sco->identifier;
125 $userdata->datafromlms = isset($sco->datafromlms)?$sco->datafromlms:'';
126 $userdata->mastery_score = isset($sco->mastery_score) && is_numeric($sco->mastery_score)?trim($sco->mastery_score):'';
127 $userdata->max_time_allowed = isset($sco->max_time_allowed)?$sco->max_time_allowed:'';
128 $userdata->time_limit_action = isset($sco->time_limit_action)?$sco->time_limit_action:'';
4ecf8438 129
f7b5c6aa
DM
130 echo "error=0\r\nerror_text=Successful\r\naicc_data=";
131 echo "[Core]\r\n";
132 echo 'Student_ID='.$userdata->student_id."\r\n";
133 echo 'Student_Name='.$userdata->student_name."\r\n";
134 if (isset($userdata->{'cmi.core.lesson_location'})) {
135 echo 'Lesson_Location='.$userdata->{'cmi.core.lesson_location'}."\r\n";
136 } else {
137 echo 'Lesson_Location='."\r\n";
138 }
139 echo 'Credit='.$userdata->credit."\r\n";
140 if (isset($userdata->status)) {
141 if ($userdata->status == '') {
142 $userdata->entry = ', ab-initio';
03f5a0f8 143 } else {
f7b5c6aa
DM
144 if (isset($userdata->{'cmi.core.exit'}) && ($userdata->{'cmi.core.exit'} == 'suspend')) {
145 $userdata->entry = ', resume';
03f5a0f8 146 } else {
f7b5c6aa 147 $userdata->entry = '';
03f5a0f8 148 }
149 }
f7b5c6aa
DM
150 }
151 if (isset($userdata->{'cmi.core.lesson_status'})) {
152 echo 'Lesson_Status='.$userdata->{'cmi.core.lesson_status'}.$userdata->entry."\r\n";
ba0e91a2 153 $scormsession->scorm_lessonstatus = $userdata->{'cmi.core.lesson_status'};
f7b5c6aa
DM
154 } else {
155 echo 'Lesson_Status=not attempted'.$userdata->entry."\r\n";
ba0e91a2 156 $scormsession->scorm_lessonstatus = 'not attempted';
f7b5c6aa
DM
157 }
158 if (isset($userdata->{'cmi.core.score.raw'})) {
159 $max = '';
160 $min = '';
161 if (isset($userdata->{'cmi.core.score.max'}) && !empty($userdata->{'cmi.core.score.max'})) {
162 $max = ', '.$userdata->{'cmi.core.score.max'};
163 if (isset($userdata->{'cmi.core.score.min'}) && !empty($userdata->{'cmi.core.score.min'})) {
164 $min = ', '.$userdata->{'cmi.core.score.min'};
03f5a0f8 165 }
03f5a0f8 166 }
f7b5c6aa
DM
167 echo 'Score='.$userdata->{'cmi.core.score.raw'}.$max.$min."\r\n";
168 } else {
169 echo 'Score='."\r\n";
170 }
171 if (isset($userdata->{'cmi.core.total_time'})) {
172 echo 'Time='.$userdata->{'cmi.core.total_time'}."\r\n";
173 } else {
174 echo 'Time='.'00:00:00'."\r\n";
175 }
176 echo 'Lesson_Mode='.$userdata->mode."\r\n";
177 if (isset($userdata->{'cmi.suspend_data'})) {
178 echo "[Core_Lesson]\r\n".rawurldecode($userdata->{'cmi.suspend_data'})."\r\n";
03f5a0f8 179 } else {
f7b5c6aa 180 echo "[Core_Lesson]\r\n";
03f5a0f8 181 }
f7b5c6aa
DM
182 echo "[Core_Vendor]\r\n".$userdata->datafromlms."\r\n";
183 echo "[Evaluation]\r\nCourse_ID = {".$userdata->course_id."}\r\n";
184 echo "[Student_Data]\r\n";
185 echo 'Mastery_Score='.$userdata->mastery_score."\r\n";
186 echo 'Max_Time_Allowed='.$userdata->max_time_allowed."\r\n";
187 echo 'Time_Limit_Action='.$userdata->time_limit_action."\r\n";
188 } else {
189 print_error('cannotfindsco', 'scorm');
190 }
191 }
192 break;
193 case 'putparam':
194 if ($status == 'Running') {
195 if (! $cm = get_coursemodule_from_instance("scorm", $scorm->id, $scorm->course)) {
196 echo "error=1\r\nerror_text=Unknown\r\n"; // No one must see this error message if not hacked
03f5a0f8 197 }
9a68ff24 198 if (!empty($aiccdata) && has_capability('mod/scorm:savetrack', get_context_instance(CONTEXT_MODULE, $cm->id), $aiccuser->id)) {
f7b5c6aa
DM
199 $initlessonstatus = 'not attempted';
200 $lessonstatus = 'not attempted';
ba0e91a2
DM
201 if (isset($scormsession->scorm_lessonstatus)) {
202 $initlessonstatus = $scormsession->scorm_lessonstatus;
03f5a0f8 203 }
f7b5c6aa
DM
204 $score = '';
205 $datamodel['lesson_location'] = 'cmi.core.lesson_location';
206 $datamodel['lesson_status'] = 'cmi.core.lesson_status';
207 $datamodel['score'] = 'cmi.core.score.raw';
208 $datamodel['time'] = 'cmi.core.session_time';
209 $datamodel['[core_lesson]'] = 'cmi.suspend_data';
210 $datamodel['[comments]'] = 'cmi.comments';
211 $datarows = explode("\r\n", $aiccdata);
212 reset($datarows);
213 while ((list(, $datarow) = each($datarows)) !== false) {
214 if (($equal = strpos($datarow, '=')) !== false) {
215 $element = strtolower(trim(substr($datarow, 0, $equal)));
216 $value = trim(substr($datarow, $equal+1));
217 if (isset($datamodel[$element])) {
218 $element = $datamodel[$element];
219 switch ($element) {
220 case 'cmi.core.lesson_location':
ba0e91a2 221 $id = scorm_insert_track($aiccuser->id, $scorm->id, $sco->id, $attempt, $element, $value);
f7b5c6aa
DM
222 break;
223 case 'cmi.core.lesson_status':
224 $statuses = array(
225 'passed' => 'passed',
226 'completed' => 'completed',
227 'failed' => 'failed',
228 'incomplete' => 'incomplete',
229 'browsed' => 'browsed',
230 'not attempted' => 'not attempted',
231 'p' => 'passed',
232 'c' => 'completed',
233 'f' => 'failed',
234 'i' => 'incomplete',
235 'b' => 'browsed',
236 'n' => 'not attempted'
237 );
238 $exites = array(
239 'logout' => 'logout',
240 'time-out' => 'time-out',
241 'suspend' => 'suspend',
242 'l' => 'logout',
243 't' => 'time-out',
244 's' => 'suspend',
245 );
246 $values = explode(',', $value);
247 $value = '';
248 if (count($values) > 1) {
249 $value = trim(strtolower($values[1]));
250 $value = $value[0];
251 if (isset($exites[$value])) {
252 $value = $exites[$value];
03f5a0f8 253 }
f7b5c6aa
DM
254 }
255 if (empty($value) || isset($exites[$value])) {
256 $subelement = 'cmi.core.exit';
ba0e91a2 257 $id = scorm_insert_track($aiccuser->id, $scorm->id, $sco->id, $attempt, $subelement, $value);
f7b5c6aa
DM
258 }
259 $value = trim(strtolower($values[0]));
260 $value = $value[0];
261 if (isset($statuses[$value]) && ($mode == 'normal')) {
262 $value = $statuses[$value];
ba0e91a2 263 $id = scorm_insert_track($aiccuser->id, $scorm->id, $sco->id, $attempt, $element, $value);
f7b5c6aa
DM
264 }
265 $lessonstatus = $value;
266 break;
267 case 'cmi.core.score.raw':
268 $values = explode(',', $value);
269 if ((count($values) > 1) && ($values[1] >= $values[0]) && is_numeric($values[1])) {
270 $subelement = 'cmi.core.score.max';
271 $value = trim($values[1]);
ba0e91a2 272 $id = scorm_insert_track($aiccuser->id, $scorm->id, $sco->id, $attempt, $subelement, $value);
f7b5c6aa
DM
273 if ((count($values) == 3) && ($values[2] <= $values[0]) && is_numeric($values[2])) {
274 $subelement = 'cmi.core.score.min';
275 $value = trim($values[2]);
ba0e91a2 276 $id = scorm_insert_track($aiccuser->id, $scorm->id, $sco->id, $attempt, $subelement, $value);
03f5a0f8 277 }
f7b5c6aa 278 }
4ecf8438 279
f7b5c6aa
DM
280 $value = '';
281 if (is_numeric($values[0])) {
282 $value = trim($values[0]);
ba0e91a2 283 $id = scorm_insert_track($aiccuser->id, $scorm->id, $sco->id, $attempt, $element, $value);
f7b5c6aa
DM
284 }
285 $score = $value;
286 break;
287 case 'cmi.core.session_time':
ba0e91a2 288 $scormsession->sessiontime = $value;
f7b5c6aa 289 break;
03f5a0f8 290 }
f7b5c6aa
DM
291 }
292 } else {
293 if (isset($datamodel[strtolower(trim($datarow))])) {
294 $element = $datamodel[strtolower(trim($datarow))];
295 $value = '';
296 while ((($datarow = current($datarows)) !== false) && (substr($datarow, 0, 1) != '[')) {
297 $value .= $datarow."\r\n";
298 next($datarows);
03f5a0f8 299 }
f7b5c6aa 300 $value = rawurlencode($value);
ba0e91a2 301 $id = scorm_insert_track($aiccuser->id, $scorm->id, $sco->id, $attempt, $element, $value);
4ecf8438 302 }
03f5a0f8 303 }
f7b5c6aa
DM
304 }
305 if (($mode == 'browse') && ($initlessonstatus == 'not attempted')) {
306 $lessonstatus = 'browsed';
ba0e91a2 307 $id = scorm_insert_track($aiccuser->id, $scorm->id, $sco->id, $attempt, 'cmi.core.lesson_status', 'browsed');
f7b5c6aa
DM
308 }
309 if ($mode == 'normal') {
310 if ($sco = scorm_get_sco($scoid)) {
311 if (isset($sco->mastery_score) && is_numeric($sco->mastery_score)) {
312 if ($score != '') { // $score is correctly initialized w/ an empty string, see above
313 if ($score >= trim($sco->mastery_score)) {
314 $lessonstatus = 'passed';
315 } else {
316 $lessonstatus = 'failed';
4ecf8438 317 }
03f5a0f8 318 }
03f5a0f8 319 }
ba0e91a2 320 $id = scorm_insert_track($aiccuser->id, $scorm->id, $sco->id, $attempt, 'cmi.core.lesson_status', $lessonstatus);
4ecf8438 321 }
03f5a0f8 322 }
03f5a0f8 323 }
f7b5c6aa
DM
324 echo "error=0\r\nerror_text=Successful\r\n";
325 } else if ($status == 'Terminated') {
326 echo "error=1\r\nerror_text=Terminated\r\n";
327 } else {
328 echo "error=1\r\nerror_text=Not Initialized\r\n";
329 }
330 break;
331 case 'putcomments':
332 if ($status == 'Running') {
333 echo "error=0\r\nerror_text=Successful\r\n";
334 } else if ($status == 'Terminated') {
335 echo "error=1\r\nerror_text=Terminated\r\n";
336 } else {
337 echo "error=1\r\nerror_text=Not Initialized\r\n";
338 }
339 break;
340 case 'putinteractions':
341 if ($status == 'Running') {
342 echo "error=0\r\nerror_text=Successful\r\n";
343 } else if ($status == 'Terminated') {
344 echo "error=1\r\nerror_text=Terminated\r\n";
345 } else {
346 echo "error=1\r\nerror_text=Not Initialized\r\n";
347 }
348 break;
349 case 'putobjectives':
350 if ($status == 'Running') {
351 echo "error=0\r\nerror_text=Successful\r\n";
352 } else if ($status == 'Terminated') {
353 echo "error=1\r\nerror_text=Terminated\r\n";
354 } else {
355 echo "error=1\r\nerror_text=Not Initialized\r\n";
356 }
357 break;
358 case 'putpath':
359 if ($status == 'Running') {
360 echo "error=0\r\nerror_text=Successful\r\n";
361 } else if ($status == 'Terminated') {
362 echo "error=1\r\nerror_text=Terminated\r\n";
363 } else {
364 echo "error=1\r\nerror_text=Not Initialized\r\n";
365 }
366 break;
367 case 'putperformance':
368 if ($status == 'Running') {
369 echo "error=0\r\nerror_text=Successful\r\n";
370 } else if ($status == 'Terminated') {
371 echo "error=1\r\nerror_text=Terminated\r\n";
372 } else {
373 echo "error=1\r\nerror_text=Not Initialized\r\n";
374 }
375 break;
376 case 'exitau':
377 if ($status == 'Running') {
ba0e91a2
DM
378 if (isset($scormsession->sessiontime) && ($scormsession->sessiontime != '')) {
379 if ($track = $DB->get_record('scorm_scoes_track', array("userid"=>$aiccuser->id,
f7b5c6aa
DM
380 "scormid"=>$scorm->id,
381 "scoid"=>$sco->id,
382 "attempt"=>$attempt,
383 "element"=>'cmi.core.total_time'))) {
384 // Add session_time to total_time
ba0e91a2 385 $value = scorm_add_time($track->value, $scormsession->sessiontime);
f7b5c6aa
DM
386 $track->value = $value;
387 $track->timemodified = time();
388 $DB->update_record('scorm_scoes_track', $track);
389 } else {
390 $track = new stdClass();
ba0e91a2 391 $track->userid = $aiccuser->id;
f7b5c6aa
DM
392 $track->scormid = $scorm->id;
393 $track->scoid = $sco->id;
394 $track->element = 'cmi.core.total_time';
ba0e91a2 395 $track->value = $scormsession->sessiontime;
f7b5c6aa
DM
396 $track->attempt = $attempt;
397 $track->timemodified = time();
398 $id = $DB->insert_record('scorm_scoes_track', $track);
03f5a0f8 399 }
ba0e91a2 400 scorm_update_grades($scorm, $aiccuser->id);
03f5a0f8 401 }
ba0e91a2
DM
402 $scormsession->scormstatus = 'Terminated';
403 $scormsession->session_time = '';
f7b5c6aa
DM
404 echo "error=0\r\nerror_text=Successful\r\n";
405 } else if ($status == 'Terminated') {
406 echo "error=1\r\nerror_text=Terminated\r\n";
407 } else {
408 echo "error=1\r\nerror_text=Not Initialized\r\n";
409 }
410 break;
411 default:
412 echo "error=1\r\nerror_text=Invalid Command\r\n";
413 break;
03f5a0f8 414 }
f7b5c6aa
DM
415 }
416} else {
417 if (empty($command)) {
418 echo "error=1\r\nerror_text=Invalid Command\r\n";
03f5a0f8 419 } else {
f7b5c6aa 420 echo "error=3\r\nerror_text=Invalid Session ID\r\n";
03f5a0f8 421 }
f7b5c6aa 422}
ba0e91a2
DM
423if (empty($cfg_scorm->allowaicchacp)) {
424 $SESSION->scorm = $scormsession;
425} else {
426 $scormsession->timemodified = time();
427 $DB->update_record('scorm_aicc_session', $scormsession);
428}
429
f7b5c6aa
DM
430$aiccresponse = ob_get_contents();
431scorm_debug_log_write("aicc", "HACP Response:\r\n$aiccresponse", $scoid);
432ob_end_flush();