PageRenderTime 26ms CodeModel.GetById 24ms RepoModel.GetById 0ms app.codeStats 0ms

/include/functions.php

https://github.com/tremby/questionbank
PHP | 445 lines | 354 code | 39 blank | 52 comment | 39 complexity | 6991d73cf067096c091bb0bf0f9f1e33 MD5 | raw file
Possible License(s): MPL-2.0-no-copyleft-exception 
    

  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  * Question Bank
    5. 

  5.  */
    6. 

  6. 

  7. /*------------------------------------------------------------------------------
    8. 

  8. (c) 2010 JISC-funded EASiHE project, University of Southampton
    9. 

  9. Licensed under the Creative Commons 'Attribution non-commercial share alike' 
    10. 

  10. licence -- see the LICENCE file for more details
    11. 

  11. ------------------------------------------------------------------------------*/
    12. 

  12. 

  13. function forbidden($message = "403: forbidden", $mimetype = "text/plain") {
    14. 

  14. 	header("Content-Type: $mimetype", true, 403);
    15. 

  15. 	echo $message;
    16. 

  16. 	exit;
    17. 

  17. }
    18. 

  18. 

  19. // return the database object, connecting and setting up the schema first if 
    20. 

  20. // necessary
    21. 

  21. function db() {
    22. 

  22. 	if (array_key_exists("db", $GLOBALS))
    23. 

  23. 		return $GLOBALS["db"];
    24. 

  24. 

  25. 	$GLOBALS["db"] = new SQLite3((basename(SITEROOT_LOCAL) == "eqiat" ? dirname(SITEROOT_LOCAL) . "/" : SITEROOT_LOCAL) . "db/db.sqlite");
    26. 

  26. 	$GLOBALS["db"]->exec("
    27. 

  27. 		BEGIN TRANSACTION;
    28. 

  28. 

  29. 		CREATE TABLE IF NOT EXISTS items (
    30. 

  30. 			identifier TEXT PRIMARY KEY ASC NOT NULL,
    31. 

  31. 			uploaded INTEGER NOT NULL,
    32. 

  32. 			modified INTEGER NULL,
    33. 

  33. 			user TEXT NOT NULL,
    34. 

  34. 			title TEXT NOT NULL,
    35. 

  35. 			description TEXT NULL,
    36. 

  36. 			xml BLOB NOT NULL
    37. 

  37. 		);
    38. 

  38. 		CREATE INDEX IF NOT EXISTS items_user ON items (user ASC);
    39. 

  39. 

  40. 		CREATE TABLE IF NOT EXISTS keywords (
    41. 

  41. 			item TEXT NOT NULL,
    42. 

  42. 			keyword TEXT NOT NULL
    43. 

  43. 		);
    44. 

  44. 		CREATE INDEX IF NOT EXISTS keywords_item ON keywords (item ASC);
    45. 

  45. 		CREATE INDEX IF NOT EXISTS keywords_keyword ON keywords (keyword ASC);
    46. 

  46. 

  47. 		CREATE TABLE IF NOT EXISTS users (
    48. 

  48. 			username TEXT PRIMARY KEY ASC NOT NULL,
    49. 

  49. 			passwordhash TEXT NOT NULL,
    50. 

  50. 			registered INTEGER NOT NULL,
    51. 

  51. 			privileges INTEGER NOT NULL DEFAULT 0,
    52. 

  52. 			deleted INTEGER NOT NULL DEFAULT 0
    53. 

  53. 		);
    54. 

  54. 

  55. 		CREATE TABLE IF NOT EXISTS ratings (
    56. 

  56. 			user TEXT NOT NULL,
    57. 

  57. 			item TEXT NOT NULL,
    58. 

  58. 			rating INTEGER NOT NULL,
    59. 

  59. 			posted INTEGER NOT NULL
    60. 

  60. 		);
    61. 

  61. 		CREATE INDEX IF NOT EXISTS ratings_item ON ratings (item ASC);
    62. 

  62. 		CREATE INDEX IF NOT EXISTS ratings_posted ON ratings (posted ASC);
    63. 

  63. 

  64. 		CREATE TABLE IF NOT EXISTS comments (
    65. 

  65. 			user TEXT NOT NULL,
    66. 

  66. 			item TEXT NOT NULL,
    67. 

  67. 			comment TEXT NOT NULL,
    68. 

  68. 			posted INTEGER NOT NULL
    69. 

  69. 		);
    70. 

  70. 		CREATE INDEX IF NOT EXISTS comments_item ON comments (item ASC);
    71. 

  71. 

  72. 		COMMIT;
    73. 

  73. 	");
    74. 

  74. 	return $GLOBALS["db"];
    75. 

  75. }
    76. 

  76. 

  77. // return true if a user exists in the database
    78. 

  78. // if checking a password, deleted users do not exist (therefore a deleted user 
    79. 

  79. // can't log in)
    80. 

  80. // otherwise, deleted users do exist (therefore a new user can't register with a 
    81. 

  81. // previously used username)
    82. 

  82. function userexists($username, $password = null, $ishash = false) {
    83. 

  83. 	if (!is_null($password) && !$ishash)
    84. 

  84. 		$password = md5($password);
    85. 

  85. 	$query = "SELECT COUNT(*) FROM users WHERE username LIKE '" . db()->escapeString($username) . "'";
    86. 

  86. 	if (!is_null($password))
    87. 

  87. 		$query .= " AND passwordhash='" . db()->escapeString($password) . "' AND deleted=0";
    88. 

  88. 

  89. 	return db()->querySingle($query) === 1;
    90. 

  90. }
    91. 

  91. 

  92. // return true if a user exists but has been deleted
    93. 

  93. function userdeleted($username) {
    94. 

  94. 	return (boolean) db()->querySingle("SELECT COUNT(*) FROM users WHERE username LIKE '" . db()->escapeString($username) . "' AND deleted=1;");
    95. 

  95. }
    96. 

  96. 

  97. // return true if the user (named or current) has raised privileges
    98. 

  98. function userhasprivileges($user = null) {
    99. 

  99. 	if (is_null($user)) {
    100. 

  100. 		if (!loggedin())
    101. 

  101. 			return false;
    102. 

  102. 		$user = username();
    103. 

  103. 	}
    104. 

  104. 	if (!userexists($user)) {
    105. 

  105. 		echo "user doesn't exist";
    106. 

  106. 		return false;
    107. 

  107. 	}
    108. 

  108. 	return (boolean) db()->querySingle("SELECT privileges FROM users WHERE username='" . db()->escapeString($user) . "';");
    109. 

  109. }
    110. 

  110. 

  111. // return a count of privileged users
    112. 

  112. function privilegedusers() {
    113. 

  113. 	return db()->querySingle("SELECT COUNT(*) FROM users WHERE privileges=1;");
    114. 

  114. }
    115. 

  115. 

  116. // attempt to log in
    117. 

  117. function login($username, $password, $ishash = false) {
    118. 

  118. 	if (userexists($username, $password, $ishash)) {
    119. 

  119. 		$_SESSION[SITE_TITLE . "_username"] = $username;
    120. 

  120. 		$_SESSION[SITE_TITLE . "_passwordhash"] = $ishash ? $password : md5($password);
    121. 

  121. 		return true;
    122. 

  122. 	}
    123. 

  123. 	return false;
    124. 

  124. }
    125. 

  125. 

  126. // log out
    127. 

  127. function logout() {
    128. 

  128. 	unset($_SESSION[SITE_TITLE . "_username"], $_SESSION[SITE_TITLE . "_passwordhash"]);
    129. 

  129. }
    130. 

  130. 

  131. // user is logged in
    132. 

  132. function loggedin() {
    133. 

  133. 	return isset($_SESSION[SITE_TITLE . "_username"]) && isset($_SESSION[SITE_TITLE . "_passwordhash"]) && userexists($_SESSION[SITE_TITLE . "_username"], $_SESSION[SITE_TITLE . "_passwordhash"], true);
    134. 

  134. }
    135. 

  135. 

  136. // return username or false if not logged in
    137. 

  137. function username() {
    138. 

  138. 	if (loggedin())
    139. 

  139. 		return $_SESSION[SITE_TITLE . "_username"];
    140. 

  140. 	return false;
    141. 

  141. }
    142. 

  142. 

  143. // if a user is not logged in, show a login form and exit or, if async, send 403 forbidden
    144. 

  144. function requirelogin() {
    145. 

  145. 	if (loggedin())
    146. 

  146. 		return;
    147. 

  147. 	if (isset($_REQUEST["async"]))
    148. 

  148. 		forbidden();
    149. 

  149. 

  150. 	$_SESSION["nextpage"] = $_SERVER["REQUEST_URI"];
    151. 

  151. 	include "content/login.php";
    152. 

  152. 	exit;
    153. 

  153. }
    154. 

  154. 

  155. // return true if an item with the given identifier exists in the database
    156. 

  156. function itemexists($qtiid) {
    157. 

  157. 	return db()->querySingle("SELECT COUNT(*) FROM items WHERE identifier='" . db()->escapeString($qtiid) . "';") === 1;
    158. 

  158. }
    159. 

  159. 

  160. // return the owner of an item with the given identifier
    161. 

  161. function itemowner($qtiid) {
    162. 

  162. 	return db()->querySingle("SELECT user FROM items WHERE identifier='" . db()->escapeString($qtiid) . "';");
    163. 

  163. }
    164. 

  164. 

  165. // return the item with the given identifier from the database
    166. 

  166. function getitem($qtiid) {
    167. 

  167. 	if (!itemexists($qtiid))
    168. 

  168. 		return false;
    169. 

  169. 

  170. 	// get item
    171. 

  171. 	$item = db()->querySingle("SELECT * FROM items WHERE identifier='" . db()->escapeString($qtiid) . "';", true);
    172. 

  172. 

  173. 	// get keywords
    174. 

  174. 	$item["keywords"] = array();
    175. 

  175. 	$result = db()->query("SELECT keyword FROM keywords WHERE item='" . db()->escapeString($qtiid) . "' ORDER BY keyword ASC;");
    176. 

  176. 	while ($row = $result->fetchArray(SQLITE3_NUM))
    177. 

  177. 		$item["keywords"][] = $row[0];
    178. 

  178. 

  179. 	// get rating (since last modification)
    180. 

  180. 	$rating = db()->querySingle("
    181. 

  181. 		SELECT AVG(rating) AS rating, COUNT(rating) AS ratingcount
    182. 

  182. 		FROM ratings
    183. 

  183. 		WHERE item='" . db()->escapeString($qtiid) . "'
    184. 

  184. 		AND posted > " . max($item["uploaded"], is_null($item["modified"]) ? 0 : $item["modified"]) . "
    185. 

  185. 	;", true);
    186. 

  186. 	$item["ratingcount"] = $rating["ratingcount"];
    187. 

  187. 	$item["rating"] = $rating["ratingcount"] > 0 ? $rating["rating"] : null;
    188. 

  188. 

  189. 	// get comments
    190. 

  190. 	$item["comments"] = array();
    191. 

  191. 	$result = db()->query("
    192. 

  192. 		SELECT
    193. 

  193. 			comments.user AS user,
    194. 

  194. 			comments.comment AS comment,
    195. 

  195. 			comments.posted AS posted,
    196. 

  196. 			ratings.rating AS rating,
    197. 

  197. 			users.deleted AS userdeleted
    198. 

  198. 		FROM comments
    199. 

  199. 		LEFT JOIN ratings ON comments.user=ratings.user AND comments.item=ratings.item AND comments.posted=ratings.posted
    200. 

  200. 		LEFT JOIN users ON comments.user=users.username
    201. 

  201. 		WHERE comments.item='" . db()->escapeString($qtiid) . "'
    202. 

  202. 		ORDER BY posted ASC;
    203. 

  203. 	");
    204. 

  204. 	while ($row = $result->fetchArray(SQLITE3_ASSOC))
    205. 

  205. 		$item["comments"][] = $row;
    206. 

  206. 

  207. 	return $item;
    208. 

  208. }
    209. 

  209. 

  210. // return the current user's rating of a given item
    211. 

  211. function itemrating($qtiid) {
    212. 

  212. 	if (!loggedin() || !itemexists($qtiid))
    213. 

  213. 		return false;
    214. 

  214. 

  215. 	$item = getitem($qtiid);
    216. 

  216. 	$result = db()->query("
    217. 

  217. 		SELECT rating
    218. 

  218. 		FROM ratings
    219. 

  219. 		WHERE item='" . db()->escapeString($qtiid) . "'
    220. 

  220. 		AND posted > " . max($item["uploaded"], is_null($item["modified"]) ? 0 : $item["modified"]) . "
    221. 

  221. 		AND user='" . db()->escapeString(username()) . "'
    222. 

  222. 	;");
    223. 

  223. 	if ($row = $result->fetchArray(SQLITE3_NUM))
    224. 

  224. 		return $row[0];
    225. 

  225. 	return null;
    226. 

  226. }
    227. 

  227. 

  228. // turn a string of xhtml into html
    229. 

  229. function xhtml_to_html($xhtml) {
    230. 

  230. 	$selfclosing = array(
    231. 

  231. 		"area",
    232. 

  232. 		"base",
    233. 

  233. 		"basefont",
    234. 

  234. 		"br",
    235. 

  235. 		"col",
    236. 

  236. 		"frame",
    237. 

  237. 		"hr",
    238. 

  238. 		"img",
    239. 

  239. 		"input",
    240. 

  240. 		"link",
    241. 

  241. 		"meta",
    242. 

  242. 		"param",
    243. 

  243. 	);
    244. 

  244. 

  245. 	// HTML's self closing tags don't need to be closed
    246. 

  246. 	// (catch both <tag.../> and <tag...></tag>)
    247. 

  247. 	$html = preg_replace('%<(' . implode("|", $selfclosing) . ')\b([^>]*?)\s*(/>|>\s*</\1>)%i', '<\1\2>', $xhtml);
    248. 

  248. 

  249. 	// other empty tags in the short style (eg <div/>) need to be opened and 
    250. 

  250. 	// closed
    251. 

  251. 	$html = preg_replace('%<(.+?)\b([^>]*?)\s*/>%', '<\1\2></\1>', $html);
    252. 

  252. 

  253. 	// get rid of any xhtml namespace tags
    254. 

  254. 	$html = preg_replace('%\s+xmlns=(["\'])http://www.w3.org/1999/xhtml\1%i', '', $html);
    255. 

  255. 

  256. 	return $html;
    257. 

  257. }
    258. 

  258. 

  259. // given the page SimpleXML element of a response from QTIEngine, extract the 
    260. 

  260. // important bits of the header (javascript and stylesheet links) and return 
    261. 

  261. // them as an HTML string to be put in the header
    262. 

  262. function qtiengine_header_html(SimpleXMLElement $page) {
    263. 

  263. 	$headerextra = "";
    264. 

  264. 

  265. 	// javascript
    266. 

  266. 	foreach ($page->html->head->script as $script) {
    267. 

  267. 		if (isset($script["src"]) && isset($script["type"]) && ((string) $script["type"] == "text/javascript" || (string) $script["type"] == "application/javascript")) {
    268. 

  268. 			// TODO: cater for inline scripts as well as included ones
    269. 

  269. 			ob_start();
    270. 

  270. 			?>
    271. 

  271. 			<script type="text/javascript" src="<?php echo (string) $script["src"]; ?>"></script>
    272. 

  272. 			<?php
    273. 

  273. 			$headerextra .= ob_get_clean();
    274. 

  274. 		}
    275. 

  275. 	}
    276. 

  276. 

  277. 	// stylesheets
    278. 

  278. 	foreach ($page->html->head->link as $link) {
    279. 

  279. 		if (isset($link["rel"]) && (string) $link["rel"] == "stylesheet" && isset($link["href"]) && isset($link["type"]) && (string) $link["type"] == "text/css") {
    280. 

  280. 			// TODO: cater for inline styles as well as included ones
    281. 

  281. 			ob_start();
    282. 

  282. 			?>
    283. 

  283. 			<link rel="stylesheet" type="text/css"<?php if (isset($link["media"])) { ?> media="<?php echo (string) $link["media"]; ?>"<?php } ?> href="<?php echo (string) $link["href"]; ?>">
    284. 

  284. 			<?php
    285. 

  285. 			$headerextra .= ob_get_clean();
    286. 

  286. 		}
    287. 

  287. 	}
    288. 

  288. 

  289. 	return $headerextra;
    290. 

  290. }
    291. 

  291. 

  292. // given the page SimpleXML element of a response from QTIEngine, extract the 
    293. 

  293. // div with id "body" and convert to HTML
    294. 

  294. // the default QTIEngine XSL transformation has a div with everything we want in 
    295. 

  295. // it with id "body" (it doesn't include the internal state etc)
    296. 

  296. // also replace h2 tags with h3 and strip hr tags
    297. 

  297. // also add [] to the end of the name attributes of checkboxes if it's not 
    298. 

  298. // already there so that PHP receives them back properly when posted
    299. 

  299. function qtiengine_bodydiv_html(SimpleXMLElement $page, $divid = "qtienginebodydiv") {
    300. 

  300. 	// php5's support for default namespace is useless so we have to define it 
    301. 

  301. 	// manually
    302. 

  302. 	$namespaces = $page->html->getNamespaces();
    303. 

  303. 	$defaultnamespace = $namespaces[""];
    304. 

  304. 	$page->registerXPathNamespace("n", $defaultnamespace);
    305. 

  305. 

  306. 	$bodydivs = $page->xpath("//n:div[@id='body']");
    307. 

  307. 	if (count($bodydivs) != 1)
    308. 

  308. 		servererror("didn't get expected HTML output from QTIEngine");
    309. 

  309. 	$bodydiv = $bodydivs[0];
    310. 

  310. 	$bodydiv["id"] = $divid;
    311. 

  311. 

  312. 	foreach ($page->xpath("//n:input[@type='checkbox']") as $checkbox)
    313. 

  313. 		if (!preg_match('%\]$%', (string) $checkbox["name"]))
    314. 

  314. 			$checkbox["name"] = (string) $checkbox["name"] . "[]";
    315. 

  315. 

  316. 	return preg_replace(array('%<(/?)h2\b%', '%<hr\b.*?>%'), array('<\1h3', ''), xhtml_to_html(simplexml_indented_string($bodydiv)));
    317. 

  317. }
    318. 

  318. 

  319. function callstack($html = true) {
    320. 

  320. 	$bt = debug_backtrace();
    321. 

  321. 

  322. 	// lose the call to this function
    323. 

  323. 	array_shift($bt);
    324. 

  324. 

  325. 	echo "backtrace:\n";
    326. 

  326. 	if ($html) echo "<ul>";
    327. 

  327. 	foreach ($bt as $call) {
    328. 

  328. 		if ($html) echo "<li>";
    329. 

  329. 		echo $call["file"] . ":" . $call["line"] . " calls " . $call["function"] . "(" . implode(", ", $call["args"]) . ")";
    330. 

  330. 		if ($html)
    331. 

  331. 			echo "</li>";
    332. 

  332. 		else
    333. 

  333. 			echo "\n";
    334. 

  334. 	}
    335. 

  335. 	if ($html) echo "</ul>";
    336. 

  336. }
    337. 

  337. 

  338. // put an item in the database
    339. 

  339. // doesn't check who the owner is
    340. 

  340. // updates it or uploads it depending on whether it was already there.
    341. 

  341. // arguments:
    342. 

  342. //	QTIAssessmentItem object
    343. 

  343. //	or string XML and metadata array
    344. 

  344. //	or SimpleXML object and metadata array
    345. 

  345. function deposititem() {
    346. 

  346. 	$args = func_get_args();
    347. 

  347. 

  348. 	// collect data
    349. 

  349. 	switch (count($args)) {
    350. 

  350. 		case 1:
    351. 

  351. 			if (!($args[0] instanceof QTIAssessmentItem))
    352. 

  352. 				throw new Exception("with one argument, expected QTIAssessmentItem");
    353. 

  353. 			$identifier = $args[0]->getQTIID();
    354. 

  354. 			$title = $args[0]->data("title");
    355. 

  355. 			$description = $args[0]->data("description");
    356. 

  356. 			$xml = $args[0]->getQTIIndentedString();
    357. 

  357. 			$keywords = $args[0]->getKeywords();
    358. 

  358. 			break;
    359. 

  359. 		case 2:
    360. 

  360. 			if ($args[0] instanceof SimpleXMLElement) {
    361. 

  361. 				$sxml = $args[0];
    362. 

  362. 				$xml = simplexml_indented_string($args[0]);
    363. 

  363. 			} else if (is_string($args[0])) {
    364. 

  364. 				$sxml = simplexml_load_string($args[0]);
    365. 

  365. 				$xml = $args[0];
    366. 

  366. 			} else
    367. 

  367. 				throw new Exception("With two arguments expected SimpleXML element or XML string as first");
    368. 

  368. 

  369. 			$identifier = (string) $sxml["identifier"];
    370. 

  370. 			$title = (string) $sxml["title"];
    371. 

  371. 

  372. 			if (!is_array($args[1]))
    373. 

  373. 				throw new Exception("With two arguments expected metadata array as second");
    374. 

  374. 

  375. 			$description = isset($args[1]["description"]) ? $args[1]["description"] : "";
    376. 

  376. 			$keywords = isset($args[1]["keywords"]) ? $args[1]["keywords"] : array();
    377. 

  377. 			break;
    378. 

  378. 		default:
    379. 

  379. 			throw new Exception("expected one or two arguments");
    380. 

  380. 	}
    381. 

  381. 

  382. 	db()->exec("BEGIN TRANSACTION;");
    383. 

  383. 

  384. 	// update or insert
    385. 

  385. 	if (itemexists($identifier)) {
    386. 

  386. 		// update item
    387. 

  387. 		db()->exec("
    388. 

  388. 			DELETE FROM keywords WHERE item='" . db()->escapeString($identifier) . "';
    389. 

  389. 			UPDATE items SET
    390. 

  390. 				modified=" . time() . ",
    391. 

  391. 				title='" . db()->escapeString($title) . "',
    392. 

  392. 				description='" . db()->escapeString($description) . "',
    393. 

  393. 				xml='" . db()->escapeString($xml) . "'
    394. 

  394. 			WHERE identifier='" . db()->escapeString($identifier) . "';
    395. 

  395. 		");
    396. 

    397. 

  397. 		// add a comment to the item to show it has been updated
    398. 

  398. 		db()->exec("
    399. 

  399. 			INSERT INTO comments VALUES (
    400. 

  400. 				'" . db()->escapeString(username()) . "',
    401. 

  401. 				'" . db()->escapeString($identifier) . "',
    402. 

  402. 				'" . db()->escapeString("Automatic comment: this item has been updated") . "',
    403. 

  403. 				" . time() . "
    404. 

  404. 			);
    405. 

  405. 		");
    406. 

  406. 	} else {
    407. 

  407. 		// new item -- insert it
    408. 

  408. 		db()->exec("
    409. 

  409. 			INSERT INTO items VALUES (
    410. 

  410. 				'" . db()->escapeString($identifier) . "',
    411. 

  411. 				" . time() . ",
    412. 

  412. 				NULL,
    413. 

  413. 				'" . db()->escapeString(username()) . "',
    414. 

  414. 				'" . db()->escapeString($title) . "',
    415. 

  415. 				'" . db()->escapeString($description) . "',
    416. 

  416. 				'" . db()->escapeString($xml) . "'
    417. 

  417. 			);
    418. 

  418. 		");
    419. 

  419. 	}
    420. 

  420. 

  421. 	// add keywords
    422. 

  422. 	foreach ($keywords as $keyword) {
    423. 

  423. 		db()->exec("
    424. 

  424. 			INSERT INTO keywords VALUES (
    425. 

  425. 				'" . db()->escapeString($identifier) . "',
    426. 

  426. 				'" . db()->escapeString($keyword) . "'
    427. 

  427. 			);
    428. 

  428. 		");
    429. 

  429. 	}
    430. 

  430. 

  431. 	// commit changes
    432. 

  432. 	db()->exec("COMMIT;");
    433. 

  433. }
    434. 

  434. 

  435. // return true if the given QTI (SimpleXML or string) was authored in Eqiat
    436. 

  436. function authoredineqiat($xml) {
    437. 

  437. 	if (!($xml instanceof SimpleXMLElement))
    438. 

  438. 		$xml = simplexml_load_string($xml);
    439. 

  439. 	if (!$xml)
    440. 

  440. 		return false;
    441. 

  441. 

  442. 	return isset($xml["toolName"]) && (string) $xml["toolName"] == "Eqiat";
    443. 

  443. }
    444. 

  444. 

  445. ?>
    446. 

  446.