Improvements in the exercice tool in case there is fraud in a test

main/exercice/exercice_submit.php

@@ -307,6 +307,12 @@ if ($formSent) {
 		$exerciseResultCoordinates = array ();
 	}
 
+    //Only for hotspot
+	if (!isset($choice) && isset($_REQUEST['hidden_hotspot_id'])) {
+		$hotspot_id = (int)($_REQUEST['hidden_hotspot_id']);
+		$choice = array($hotspot_id => '');
+	}
+
 	// if the user has answered at least one question
 	if (is_array($choice)) {
 		if ($debug > 0) {
@@ -330,7 +336,7 @@ if ($formSent) {
 		} else {
 			// gets the question ID from $choice. It is the key of the array
 			list ($key) = array_keys($choice);
-
+            //error_log('Question ID'.$key);
 			// if the user didn't already answer this question
 			if (!isset ($exerciseResult[$key])) {
 				// stores the user answer into the array
@@ -351,6 +357,7 @@ if ($formSent) {
 					$counter = 0;
 					$main_course_user_table = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
 					$table_ans = Database :: get_course_table(TABLE_QUIZ_ANSWER);
+					
 					//foreach($questionList as $questionId)
 					if (true) {
 						$exeId = $exe_id;
@@ -358,7 +365,6 @@ if ($formSent) {
 						$counter++;
 						// gets the student choice for this question
 						$choice = $exerciseResult[$questionId];
-
 						// creates a temporary Question object
 						$objQuestionTmp = Question :: read($questionId);
 
@@ -654,6 +660,7 @@ if ($formSent) {
 								$answer = $choice;
 								exercise_attempt($questionScore, $answer, $quesId, $exeId, 0);
 							} elseif ($answerType == HOT_SPOT) {
+								    //error_log('HOTS POT 2');
 								exercise_attempt($questionScore, $answer, $quesId, $exeId, 0);
 								if (is_array($exerciseResultCoordinates[$key])) {
 									foreach($exerciseResultCoordinates[$key] as $idx => $val) {

main/exercice/exercise.lib.php

@@ -337,7 +337,7 @@ function showQuestion($questionId, $onlyAnswers=false, $origin=false,$current_it
 		{
 			$s="<div id=\"question_title\" class=\"sectiontitle\">
 				".get_lang('Question').' ';
-
+			$s.="<input type='hidden' name='hidden_hotspot_id' value='$questionId'>";
 			$s.=$current_item;
 			//@todo I need to the get the feedback type
 			//if($answerType == 2)

main/exercice/exercise_result.php

@@ -1010,7 +1010,7 @@ foreach ($questionList as $questionId) {
 			// In fact, we are not storing the results by answer ID, but by *position*, which is stored in $choice
 			exercise_attempt($questionScore,$choice,$quesId,$exeId,0);
 		} elseif ($answerType == HOT_SPOT) {
-			exercise_attempt($questionScore, $answer, $quesId, $exeId, 0);
+			exercise_attempt($questionScore, $answer, $quesId, $exeId, 0);							
 			if (is_array($exerciseResultCoordinates[$quesId])) {
 				foreach($exerciseResultCoordinates[$quesId] as $idx => $val) {
 					exercise_attempt_hotspot($exeId,$quesId,$idx,$choice[$idx],$val);

main/exercice/exercise_show.php

@@ -15,12 +15,12 @@
 $language_file=array('exercice','tracking');
 
 // including the global dokeos file
-include('../inc/global.inc.php');
-include('../inc/lib/course.lib.php');
+include_once '../inc/global.inc.php';
+include_once '../inc/lib/course.lib.php';
 // including additional libraries
-include_once('exercise.class.php');
-include_once('question.class.php'); //also defines answer type constants
-include_once('answer.class.php');
+include_once 'exercise.class.php';
+include_once 'question.class.php'; //also defines answer type constants
+include_once 'answer.class.php';
 include_once(api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php');
 
 if ( empty ( $origin ) ) {
@@ -87,8 +87,26 @@ if ( empty ( $exeId ) ) {
 if ( empty ( $action ) ) {
     $action = $_GET['action'];
 }
-
+$current_user_id = api_get_user_id();
+$current_user_id = "'".$current_user_id."'";
+$current_attempt = $_SESSION['current_exercice_attempt'][$current_user_id];
+
+//Is fraudulent exercice
+$current_time = time();
+
+if (isset($_SESSION['expired_time'])) { //Only for exercice of type "One page"
+	$expired_date = $_SESSION['expired_time'];
+	$expired_time = strtotime($expired_date);
+
+	//Validation in case of fraud
+	$total_time_allowed = $expired_time + 30;
+	if ($total_time_allowed < $current_time) {
+	  $sql_fraud = "UPDATE $TBL_TRACK_ATTEMPT SET answer = 0, marks=0, position=0 WHERE exe_id = '$current_attempt' ";
+	  Database::query($sql_fraud,__FILE__,__LINE__);
+	}	
+}
 //Unset session for clock time
+unset($_SESSION['current_exercice_attempt'][$current_user_id]);
 unset($_SESSION['expired_time']);
 unset($_SESSION['end_expired_time']);
 

main/inc/lib/events.lib.inc.php

@@ -495,6 +495,7 @@ function exercise_attempt($score,$answer,$quesId,$exeId,$j)
 	$TBL_TRACK_ATTEMPT = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ATTEMPT);
 
     $current_time = time();
+
     if (isset($_SESSION['expired_time'])) { //Only for exercice of type "One page"
     	$expired_date = $_SESSION['expired_time'];
     	$expired_time = strtotime($expired_date);
@@ -502,6 +503,7 @@ function exercise_attempt($score,$answer,$quesId,$exeId,$j)
 
     //Validation in case of fraud
     $total_time_allowed = $expired_time + 30;
+ 
     if ($total_time_allowed < $current_time) {
     	$score = 0;
     	$answer = 0;
@@ -523,7 +525,7 @@ function exercise_attempt($score,$answer,$quesId,$exeId,$j)
 	{
 		$user_id = api_get_anonymous_id();
 	}
-
+    $_SESSION['current_exercice_attempt'][$user_id] = $exeId;
 	$sql = "INSERT INTO $TBL_TRACK_ATTEMPT
 			  (
 			   exe_id,
@@ -559,7 +561,7 @@ function exercise_attempt($score,$answer,$quesId,$exeId,$j)
 		('."'$exeId','".$quesId."','$score','".date('Y-m-d H:i:s')."',''".')';
 		Database::query($recording_changes,__FILE__,__LINE__);
 	}
-	if (isset($quesId) && isset($exeId) && isset($user_id)) {
+	if (!empty($quesId) && !empty($exeId) && !empty($user_id)) {
 		$res = Database::query($sql,__FILE__,__LINE__);
 		return $res;
 	} else {