diff -Naur moodle20dev/admin/settings/development.php moodle20dev_seb/admin/settings/development.php --- moodle20dev/admin/settings/development.php 2009-04-03 02:02:42.000000000 +0200 +++ moodle20dev_seb/admin/settings/development.php 2009-04-23 11:55:08.000000000 +0200 @@ -14,7 +14,8 @@ $item->set_updatedcallback('reset_text_filters_cache'); $temp->add($item); $temp->add(new admin_setting_configcheckbox('experimentalsplitrestore', get_string('experimentalsplitrestore', 'admin'), get_string('configexperimentalsplitrestore', 'admin'), 0)); - + $temp->add(new admin_setting_configcheckbox('enablesafebrowserintegration', get_string('enablesafebrowserintegration', 'admin'), get_string('configenablesafebrowserintegration', 'admin'), 0)); + $ADMIN->add('experimental', $temp); // DB transfer related pages diff -Naur moodle20dev/lang/en_utf8/admin.php moodle20dev_seb/lang/en_utf8/admin.php --- moodle20dev/lang/en_utf8/admin.php 2009-04-15 02:03:02.000000000 +0200 +++ moodle20dev_seb/lang/en_utf8/admin.php 2009-04-23 11:55:04.000000000 +0200 @@ -129,6 +129,7 @@ $string['configenablerssfeeds'] = 'This switch will enable RSS feeds from across the site. To actually see any change you will need to enable RSS feeds in the individual modules too - go to the Modules settings under Admin Configuration.'; $string['configenablerssfeedsdisabled'] = 'It is not available because RSS feeds are disabled in all the Site. To enable them, go to the Variables settings under Admin Configuration.'; $string['configenablerssfeedsdisabled2'] = 'RSS feeds are disabled at the server level. You need to enable them first in Server/RSS.'; +$string['configenablesafebrowserintegration'] = 'This settings enables the integration of a Safe Browser for the quiz in Moodle.'; $string['configenablestats'] = 'If you choose \'yes\' here, Moodle\'s cronjob will process the logs and gather some statistics. Depending on the amount of traffic on your site, this can take awhile. If you enable this, you will be able to see some interesting graphs and statistics about each of your courses, or on a sitewide basis.'; $string['configenabletrusttext'] = 'By default Moodle will always thoroughly clean text that comes from users to remove any possible bad scripts, media etc that could be a security risk. The Trusted Content system is a way of giving particular users that you trust the ability to include these advanced features in their content without interference. To enable this system, you need to first enable this setting, and then grant the Trusted Content permission to a specific Moodle role. Texts created or uploaded by such users will be marked as trusted and will not be cleaned before display.'; $string['configenablewebservices'] = 'Web services enable other systems to log in to this Moodle and perform operations. For extra security this feature should be disabled unless you are really using it.'; @@ -384,6 +385,7 @@ $string['enablehtmlpurifier'] = 'Enable HTML Purifier'; $string['enablerecordcache'] = 'Enable Record Cache'; $string['enablerssfeeds'] = 'Enable RSS feeds'; +$string['enablesafebrowserintegration'] = 'Enable Safe Browser'; $string['enablestats'] = 'Enable statistics'; $string['enabletrusttext'] = 'Enable Trusted Content'; $string['enablewebservices'] = 'Enable web services'; diff -Naur moodle20dev/lang/en_utf8/help/quiz/popup.html moodle20dev_seb/lang/en_utf8/help/quiz/popup.html --- moodle20dev/lang/en_utf8/help/quiz/popup.html 2009-03-11 00:02:15.000000000 +0100 +++ moodle20dev_seb/lang/en_utf8/help/quiz/popup.html 2009-04-23 11:55:05.000000000 +0200 @@ -1,7 +1,8 @@ -

Use a 'secure' popup window for attempts

+

Browser security

-

The 'secure' window tries to make some simpler forms of copying and cheating -more difficult during quiz attempts.

+

1.) Full screen pop-up with added javascript security: the "secure" window tries to + provide a little more security for quizzes (making copying and cheating more difficult) + by restricting some of the things that students can do with their browsers.

What happens is that:

-

NOTE: This security is not watertight. Do not rely on these protections +

2.) Require use of Safe Exam Browser (SEB): you can attend the quiz only with the + Safe Exam Browser. The navigation in the quiz is disabled for the students. This + option is savailable if the admin-setting "Enable Safe Browser" in + "Miscellaneous" -> "Experimental" is checked. The Safe Exam Browser is a + webbrowser-environment to carry out online-exams safely. The software changes any computer into a secure + workstation. It regulates the access to any utilities and prevents students from using unauthorised resources.

+ + +

NOTE: This security is NOT watertight. Do NOT rely on these protections as your sole strategy. It is impossible to implement complete protection of quizzes in a web environment so please do not rely on this option if - you are really worried about students cheating. Other strategies you can + you are really worried about students cheating. Other strategies you can try are to create really large databases of questions from which you randomly choose questions, or even better, rethink your overall assessment to put more value on constructive forms of activity such as forum discussions, - glossary building, wiki writing, workshops, assignments etc.

+ glossary building, wiki writing, workshops, assignments etc.

\ No newline at end of file diff -Naur moodle20dev/lang/en_utf8/quiz.php moodle20dev_seb/lang/en_utf8/quiz.php --- moodle20dev/lang/en_utf8/quiz.php 2009-03-19 00:02:34.000000000 +0100 +++ moodle20dev_seb/lang/en_utf8/quiz.php 2009-04-23 11:55:04.000000000 +0200 @@ -505,6 +505,7 @@ $string['popup'] = 'Show quiz in a "secure" window'; $string['popupblockerwarning'] = 'This section of the test is in secure mode, this means that you need to take the quiz in a secure window. Please turn off your popup blocker. Thank you.'; $string['popupnotice'] = 'Students will see this quiz in a secure window'; +$string['popupwithjavascriptsupport'] = 'Full screen pop-up with added javascript security'; $string['preprocesserror'] = 'Error occurred during pre-processing!'; $string['preview'] = 'Preview'; $string['previewquestion'] = 'Preview question'; @@ -622,6 +623,7 @@ $string['reportsimplestat'] = 'Simple statistics'; $string['requirepassword'] = 'Require password'; $string['requirepasswordmessage'] = 'To attempt this quiz you need to know the quiz password'; +$string['requiresafeexambrowser'] = 'Require use of Safe Exam Browser (SEB)'; $string['requiresubnet'] = 'Require network address'; $string['response'] = 'Response'; $string['responses'] = 'Responses'; @@ -644,6 +646,8 @@ $string['rqp'] = 'Remote Question'; $string['rqps'] = 'Remote Questions'; $string['sameasoverall'] = 'Same as for overall grades'; +$string['safebrowseravailable']='Safe quiz: Only available with Safe Browser.'; +$string['safebrowsererror']='You are not allowed to attend to quiz.
You need a safe browser.'; $string['save'] = 'Save'; $string['saveandedit'] = 'Save changes and edit questions'; $string['saveattemptfailed'] = 'Failed to save the current quiz attempt.'; @@ -676,7 +680,7 @@ $string['showdetailedmarks'] = 'Show mark details'; $string['showfeedback'] = 'After answering, show feedback?'; $string['showhidden'] = 'Also show old questions'; -$string['showinsecurepopup'] = 'Use a \'secure\' popup window for attempts'; +$string['showinsecurepopup'] = 'Browser security'; $string['shownoattempts'] = 'Show students with no attempts'; $string['shownoattemptsonly'] = 'Show only students with no attempts'; $string['showquestiontext'] = 'Show question text in the question list'; diff -Naur moodle20dev/mod/quiz/accessrules.php moodle20dev_seb/mod/quiz/accessrules.php --- moodle20dev/mod/quiz/accessrules.php 2009-04-21 02:04:21.000000000 +0200 +++ moodle20dev_seb/mod/quiz/accessrules.php 2009-04-23 11:55:06.000000000 +0200 @@ -44,8 +44,13 @@ $this->_rules[] = $this->_passwordrule; } if (!empty($quiz->popup)) { - $this->_securewindowrule = new securewindow_access_rule($this->_quizobj, $this->_timenow); - $this->_rules[] = $this->_securewindowrule; + if ($quiz->popup == 1) { + $this->_securewindowrule = new securewindow_access_rule($this->_quizobj, $this->_timenow); + $this->_rules[] = $this->_securewindowrule; + } elseif ($quiz->popup == 2) { + $this->_safebrowserrule = new safebrowser_access_rule($this->_quizobj, $this->_timenow); + $this->_rules[] = $this->_safebrowserrule; + } } } @@ -179,6 +184,13 @@ public function securewindow_required($canpreview) { return !$canpreview && !is_null($this->_securewindowrule); } + + /** + * @return bolean if this quiz should only be shown to students with safe browser. + */ + public function safebrowser_required($canpreview) { + return !$canpreview && !is_null($this->_safebrowserrule); + } /** * Print a button to start a quiz attempt, with an appropriate javascript warning, @@ -751,4 +763,21 @@ echo "\n"; } } + +/** + * A rule representing the safe browser check. + */ +class safebrowser_access_rule extends quiz_access_rule_base { + public function prevent_access() { + if (!$this->_quizobj->is_preview_user() && !quiz_check_safe_browser()) { + return get_string('safebrowsererror', 'quiz'); + } else { + return false; + } + } + + public function description() { + return get_string("safebrowseravailable", "quiz"); + } +} ?> \ No newline at end of file diff -Naur moodle20dev/mod/quiz/attempt.php moodle20dev_seb/mod/quiz/attempt.php --- moodle20dev/mod/quiz/attempt.php 2009-03-24 00:02:30.000000000 +0100 +++ moodle20dev_seb/mod/quiz/attempt.php 2009-04-23 11:55:06.000000000 +0200 @@ -84,6 +84,8 @@ if ($accessmanager->securewindow_required($attemptobj->is_preview_user())) { $accessmanager->setup_secure_page($attemptobj->get_course()->shortname . ': ' . format_string($attemptobj->get_quiz_name()), $headtags); + } elseif ($accessmanager->safebrowser_required($attemptobj->is_preview_user())) { + print_header($attemptobj->get_course()->shortname . ': '.format_string($attemptobj->get_quiz_name()), '', '', '', $headtags, false, '', '', false, ''); } else { print_header_simple(format_string($attemptobj->get_quiz_name()), '', $attemptobj->navigation($title), '', $headtags, true, $attemptobj->update_module_button()); @@ -174,7 +176,7 @@ // Finish the page $accessmanager->show_attempt_timer_if_needed($attemptobj->get_attempt(), time()); - if ($accessmanager->securewindow_required($attemptobj->is_preview_user())) { + if ($accessmanager->securewindow_required($attemptobj->is_preview_user()) || $accessmanager->safebrowser_required($attemptobj->is_preview_user())) { print_footer('empty'); } else { print_footer($attemptobj->get_course()); diff -Naur moodle20dev/mod/quiz/locallib.php moodle20dev_seb/mod/quiz/locallib.php --- moodle20dev/mod/quiz/locallib.php 2009-03-24 00:02:30.000000000 +0100 +++ moodle20dev_seb/mod/quiz/locallib.php 2009-04-23 11:55:06.000000000 +0200 @@ -1275,3 +1275,15 @@ } print_error($errorcode, 'quiz', $CFG->wwwroot . '/mod/quiz/view.php?q=' . $quiz, $a); } + +/** + * Checks if browser is safe browser + * + * @return true, if browser is safe browser else false + */ +function quiz_check_safe_browser() { + if (strpos($_SERVER['HTTP_USER_AGENT'], "SEB")) { + return true; + } + return false; +} diff -Naur moodle20dev/mod/quiz/mod_form.php moodle20dev_seb/mod/quiz/mod_form.php --- moodle20dev/mod/quiz/mod_form.php 2009-04-22 02:05:34.000000000 +0200 +++ moodle20dev_seb/mod/quiz/mod_form.php 2009-04-23 11:55:06.000000000 +0200 @@ -263,7 +263,13 @@ $mform->disabledIf('delay2', 'attempts', 'eq', 2); /// 'Secure' window. - $mform->addElement('selectyesno', 'popup', get_string('showinsecurepopup', 'quiz')); + $options = array( + 0 => get_string('none', 'quiz'), + 1 => get_string('popupwithjavascriptsupport', 'quiz')); + if ($CFG->enablesafebrowserintegration) { + $options[2] = get_string('requiresafeexambrowser', 'quiz'); + } + $mform->addElement('select', 'popup', get_string("showinsecurepopup", "quiz"), $options); $mform->setHelpButton('popup', array('popup', get_string('showinsecurepopup', 'quiz'), 'quiz')); $mform->setAdvanced('popup', $quizconfig->fix_popup); $mform->setDefault('popup', $quizconfig->popup); diff -Naur moodle20dev/mod/quiz/review.php moodle20dev_seb/mod/quiz/review.php --- moodle20dev/mod/quiz/review.php 2009-03-11 00:02:20.000000000 +0100 +++ moodle20dev_seb/mod/quiz/review.php 2009-04-23 11:55:06.000000000 +0200 @@ -76,6 +76,8 @@ $headtags = $attemptobj->get_html_head_contributions($page); if ($accessmanager->securewindow_required($attemptobj->is_preview_user())) { $accessmanager->setup_secure_page($attemptobj->get_course()->shortname.': '.format_string($attemptobj->get_quiz_name()), $headtags); + } elseif ($accessmanager->safebrowser_required($attemptobj->is_preview_user())) { + print_header($attemptobj->get_course()->shortname . ': '.format_string($attemptobj->get_quiz_name()), '', '', '', $headtags, false, '', '', false, ''); } else { print_header_simple(format_string($attemptobj->get_quiz_name()), '', $attemptobj->navigation($strreviewtitle), '', $headtags, true, $attemptobj->update_module_button()); @@ -253,7 +255,7 @@ echo '
'; // Finish the page - if ($accessmanager->securewindow_required($attemptobj->is_preview_user())) { + if ($accessmanager->securewindow_required($attemptobj->is_preview_user()) || $accessmanager->safebrowser_required($attemptobj->is_preview_user())) { print_footer('empty'); } else { print_footer($attemptobj->get_course());