mods/_standard/basiclti/tool/content_edit.php

   1 <?php
   2 define('AT_INCLUDE_PATH', '../../../../include/');
   3 require(AT_INCLUDE_PATH.'vitals.inc.php');
   4 authenticate(AT_PRIV_BASICLTI);
   5
   6 require_once('forms.php');
   7
   8 ;
   9 // Filter all GET data //
  10 $_POST['framed'] = intval($_POST['framed']);
  11 $_POST['popup'] = intval($_POST['popup']);
  12 $_POST['cid'] = intval($_POST['cid']);
  13
  14 // Filter all POST data //
  15 $_POST['toolid'] = $addslashes($_POST['toolid']);
  16 $_POST['cid'] = intval($_POST['cid']);
  17 $_POST['preferheight'] = intval($_POST['preferheight']);
  18 $_POST['launchinpopup'] = intval($_POST['launchinpopup']);
  19 $_POST['debuglaunch'] = intval($_POST['debuglaunch']);
  20 $_POST['sendname'] = intval($_POST['sendname']);
  21 $_POST['sendemailaddr'] = intval($_POST['sendemailaddr']);
  22 $_POST['allowroster'] = intval($_POST['allowroster']);
  23 $_POST['allowsetting'] = intval($_POST['allowsetting']);
  24 $_POST['customparameters'] = $addslashes($_POST['customparameters']);
  25
  26 if ( !is_int($_SESSION['course_id']) || $_SESSION['course_id'] < 1 ) {
  27     $msg->addFeedback('NEED_COURSE_ID');
  28     exit;
  29 }
  30
  31 // Add/Update The Tool
  32 if ( isset($_POST['toolid']) && at_form_validate($blti_content_edit_form, $msg)) {
  33     $toolid = $_POST['toolid']; // Escaping is done in the at_form_util code
  34     $sql = "SELECT * FROM ".TABLE_PREFIX."basiclti_content
  35             WHERE content_id=".$_POST[cid]." AND course_id=".$_SESSION[course_id];
  36
  37
  38     $result = mysql_query($sql, $db);
  39     if ( $toolid == '--none--' ) {
  40         $sql = "DELETE FROM ". TABLE_PREFIX . "basiclti_content
  41                        WHERE content_id=".$_POST[cid]." AND
  42                              course_id=".$_SESSION[course_id];
  43             $result = mysql_query($sql, $db);
  44             if ($result===false) {
  45                 $msg->addError('MYSQL_FAILED');
  46             } else {
  47                 $msg->addFeedback('BASICLTI_DELETED');
  48             }
  49     } else if ( mysql_num_rows($result) == 0 ) {
  50             $sql = "INSERT INTO ". TABLE_PREFIX . "basiclti_content
  51                        SET toolid='".$toolid."', content_id=".$_POST[cid].",
  52                              course_id=".$_SESSION[course_id];
  53
  54             $result = mysql_query($sql, $db);
  55             if ($result===false) {
  56                 $msg->addError('MYSQL_FAILED');
  57             } else {
  58                 $msg->addFeedback('BASICLTI_SAVED');
  59             }
  60
  61     } else if ( $result !== false ) {
  62
  63             $gradebook_test_id = 0;
  64             $basiclti_content_row = mysql_fetch_assoc($result);
  65             $placementsecret = $basiclti_content_row['placementsecret'];
  66             $gradebook_check = intval($_POST['gradebook_test_id']);
  67             if ( isset($_POST['gradebook_test_id']) && $gradebook_check > 0 ) {
  68                 $gradebook_test_id = $gradebook_check;
  69                 $sql = "SELECT g.gradebook_test_id AS id, g.title AS title
  70                         FROM  ".TABLE_PREFIX."gradebook_tests AS g
  71                         WHERE g.course_id = ".$_SESSION[course_id]."
  72                         AND g.type = 'External' and g.grade_scale_id = 0
  73                         AND gradebook_test_id = ".$gradebook_test_id;
  74                 $result = mysql_query($sql, $db);
  75                 if ( $result === false ) {
  76                     $gradebook_test_id = 0;
  77                 } else {
  78                     if ( strlen($placementsecret) < 1 ) {
  79                         $placementsecret = uniqid("bl",true);
  80                     }
  81                 }
  82             }
  83             // Override these fields (don't take from form)
  84             $fields = array('toolid' => $toolid, 'gradebook_test_id' => $gradebook_test_id,
  85                             'placementsecret' => $placementsecret);
  86             $sql = at_form_update($_POST, $blti_content_edit_form, $fields);
  87             $sql = "UPDATE ". TABLE_PREFIX . "basiclti_content
  88                        SET ".$sql." WHERE content_id=".$_POST[cid]." AND
  89                            course_id=".$_SESSION[course_id];
  90             $result = mysql_query($sql, $db);
  91             if ($result===false) {
  92                 $msg->addError('MYSQL_FAILED');
  93             } else {
  94                 $msg->addFeedback('BASICLTI_SAVED');
  95             }
  96     }
  97 }
  98
  99 // echo("<hr>$sql<hr>\n");
 100
 101 $cid = intval($_REQUEST['cid']);
 102
 103 global $framed, $popup;
 104
 105 if ((isset($_REQUEST['popup']) && $_REQUEST['popup']) &&
 106     (!isset($_REQUEST['framed']) || !$_REQUEST['framed'])) {
 107     $popup = TRUE;
 108     $framed = FALSE;
 109 } elseif (isset($_REQUEST['framed']) && $_REQUEST['framed'] && isset($_REQUEST['popup']) && $_REQUEST['popup']) {
 110     $popup = TRUE;
 111     $framed = TRUE;
 112     $tool_flag = TRUE;
 113 } else {
 114     $popup = FALSE;
 115     $framed = FALSE;
 116 }
 117
 118 require(AT_INCLUDE_PATH.'header.inc.php');
 119
 120 /* get a list of all the tools, we have */
 121 $sql    = "SELECT * FROM ".TABLE_PREFIX."basiclti_tools WHERE course_id = 0".
 122           " OR course_id=".$_SESSION[course_id]." ORDER BY course_id,title";
 123
 124 $toolresult = mysql_query($sql, $db);
 125 $num_tools = mysql_num_rows($toolresult);
 126
 127 //If there are no Tools, don't display anything except a message
 128 if ($num_tools == 0){
 129         $msg->addInfo('NO_PROXY_TOOLS');
 130         $msg->printInfos();
 131         return;
 132 }
 133
 134 ?>
 135 <div class="input-form">
 136
 137 <form name="datagrid" action="" method="POST">
 138
 139 <fieldset class="group_form">
 140    <legend class="group_form"><?php echo _AT('bl_content_title'); ?></legend>
 141 <br/>
 142 <?php echo _AT('basiclti_comment');?>
 143 <br/>
 144 <?php echo $msg->printFeedbacks();
 145
 146 // Get the current content item
 147 $sql = "SELECT * FROM ".TABLE_PREFIX."basiclti_content
 148                 WHERE content_id=$cid";
 149 $contentresult = mysql_query($sql, $db);
 150 $basiclti_content_row = mysql_fetch_assoc($contentresult);
 151 // if ( $basiclti_content_row ) echo("FOUND"); else echo("NOT");
 152 ?>
 153 <div class="row">
 154    <?php echo _AT('bl_choose_tool'); ?><br/>
 155    <select id="toolid" name="toolid" onchange="datagrid.submit();">
 156       <option value="--none--">&nbsp;</option><?php
 157       $basiclti_tool_row = false;
 158       $found = false;  // Only the first one
 159       while ( $tool = mysql_fetch_assoc($toolresult) ) {
 160          $selected = "";
 161          if ( ! $found && $tool['toolid'] == $basiclti_content_row['toolid'] ) {
 162            $selected = ' selected="yes"';
 163            $basiclti_tool_row = $tool;
 164            $found = true;
 165          }
 166          echo '<option value="'.$tool['toolid'].'"'.$selected.'>'.$tool['title']."</option>\n";
 167       } ?>
 168    </select>
 169 <div>
 170 <?php
 171 if ( $basiclti_tool_row != false && $basiclti_tool_row['acceptgrades'] == 1 ) {
 172     $sql = "SELECT g.gradebook_test_id AS id, g.title AS title
 173             FROM  ".TABLE_PREFIX."gradebook_tests AS g
 174             WHERE g.course_id = ".$_SESSION[course_id]."
 175             AND g.type = 'External' and g.grade_scale_id = 0";
 176     $graderesult = mysql_query($sql, $db);
 177     if ( $graderesult !== false && mysql_num_rows($graderesult) > 0) { ?>
 178 <div class="row">
 179    <?php echo _AT('bl_choose_gradbook_entry'); ?><br/>
 180         <select id="gradebook_test_id" name="gradebook_test_id">
 181            <option value="--none--">&nbsp;</option><?php
 182         while ( $gradeitem = mysql_fetch_assoc($graderesult) ) {
 183             echo($gradeitem['title']);
 184             $selected = "";
 185             if ( $gradeitem['id'] == $basiclti_content_row['gradebook_test_id'] ) {
 186               $selected = ' selected="yes"';
 187             }
 188             echo '<option value="'.$gradeitem['id'].'"'.$selected.'>'.$gradeitem['title']."</option>\n";
 189         } ?>
 190         </select>
 191 </div> <?php
 192     }
 193 }
 194 ?>
 195    <input type="hidden" name="cid" value="<?php echo($cid);?>" />
 196 <?php
 197 if ( $basiclti_tool_row !== false ) {
 198     $blti_content_edit_form = filterForm($basiclti_tool_row, $blti_content_edit_form);
 199     at_form_generate($basiclti_content_row, $blti_content_edit_form);
 200    echo('<input type="submit" name="save" value="Save" class="button" />'."\n");
 201 }
 202 ?>
 203 </div>
 204 </legend>
 205 </form>
 206 </div>
 207 <?php
 208 if($basiclti_tool_row){
 209         echo '<h3>'.$basiclti_tool_row['title'].' '._AT('bl_settings').'</h3>';
 210         echo '<ul style="list-style-type:none;">';
 211         foreach($basiclti_tool_row as $title=>$setting){
 212                 if($title == "password" || $title == "resourcekey" && $basiclti_tool_row['course_id'] == 0){
 213                         // Hide the tool password if its not an instructor created tool //
 214                         // Don't print out the key or password id its an admin added tool
 215                         continue;
 216                 } else {
 217
 218                         echo '<li>'.$title.' = '.$setting.'</li>';
 219                 }
 220         }
 221         echo '</ul>';
 222 }
 223 //echo("<hr><pre>\n");print_r($basiclti_tool_row); echo("\n</pre>\n");
 224 ?>
 225 <?php require(AT_INCLUDE_PATH.'footer.inc.php'); ?>