From 7d4dfc481e65a2548d32723a4726ddc833cdd1f5 Mon Sep 17 00:00:00 2001
From: tjhunt <tjhunt>
Date: Wed, 30 Sep 2009 10:57:57 +0000
Subject: [PATCH] quiz: MDL-19145 Safe Exam Browser integration.

This is a better alternative to 'secure' mode.

It needs to be enabled by the administrator.
---
 admin/settings/development.php              |  1 +
 lang/en_utf8/admin.php                      |  2 +
 lang/en_utf8/help/quiz/browsersecurity.html | 56 +++++++++++++++++++++
 lang/en_utf8/quiz.php                       |  5 ++
 mod/quiz/accessrules.php                    | 34 ++++++++++++-
 mod/quiz/attempt.php                        |  3 ++
 mod/quiz/locallib.php                       |  9 ++++
 mod/quiz/mod_form.php                       | 10 +++-
 mod/quiz/review.php                         |  2 +
 mod/quiz/summary.php                        |  3 ++
 10 files changed, 121 insertions(+), 4 deletions(-)
 create mode 100644 lang/en_utf8/help/quiz/browsersecurity.html

diff --git a/admin/settings/development.php b/admin/settings/development.php
index a0914e7f70..e1a37cccdb 100644
--- a/admin/settings/development.php
+++ b/admin/settings/development.php
@@ -14,6 +14,7 @@ if ($hassiteconfig) { // speedup for non-admins, add all caps used on this page
     $item->set_updatedcallback('reset_text_filters_cache');
     $temp->add($item);
     $temp->add(new admin_setting_configcheckbox('experimentalsplitrestore', get_string('experimentalsplitrestore', 'admin'), get_string('configexperimentalsplitrestore', 'admin'), 0));
+    $temp->add(new admin_setting_configcheckbox('enablesafebrowserintegration', get_string('enablesafebrowserintegration', 'admin'), get_string('configenablesafebrowserintegration', 'admin'), 0));
 
     $ADMIN->add('experimental', $temp);
 
diff --git a/lang/en_utf8/admin.php b/lang/en_utf8/admin.php
index 2e9dd367ac..d5057b854c 100644
--- a/lang/en_utf8/admin.php
+++ b/lang/en_utf8/admin.php
@@ -145,6 +145,7 @@ $string['configenablehtmlpurifier'] = 'Use HTML Purifier instead of KSES for cle
 $string['configenablerssfeeds'] = 'This switch will enable RSS feeds from across the site.  To actually see any change you will need to enable RSS feeds in the individual modules too - go to the Modules settings under Admin Configuration.';
 $string['configenablerssfeedsdisabled'] = 'It is not available because RSS feeds are disabled in all the Site. To enable them, go to the Variables settings under Admin Configuration.';
 $string['configenablerssfeedsdisabled2'] = 'RSS feeds are disabled at the server level. You need to enable them first in Server/RSS.';
+$string['configenablesafebrowserintegration'] = 'This adds the choice \'Require Safe Exam Browser\' to the \'Browser security\' field on the quiz settings form. See http://www.safeexambrowser.org/ for more information.';
 $string['configenablestats'] = 'If you choose \'yes\' here, Moodle\'s cronjob will process the logs and gather some statistics.  Depending on the amount of traffic on your site, this can take awhile. If you enable this, you will be able to see some interesting graphs and statistics about each of your courses, or on a sitewide basis.';
 $string['configenabletrusttext'] = 'By default Moodle will always thoroughly clean text that comes from users to remove any possible bad scripts, media etc that could be a security risk.  The Trusted Content system is a way of giving particular users that you trust the ability to include these advanced features in their content without interference.  To enable this system, you need to first enable this setting, and then grant the Trusted Content permission to a specific Moodle role.  Texts created or uploaded by such users will be marked as trusted and will not be cleaned before display.';
 $string['configenablewebservices'] = 'Web services enable other systems to log in to this Moodle and perform operations.  For extra security this feature should be disabled unless you are really using it.';
@@ -406,6 +407,7 @@ $string['enablegroupings'] = 'Enable groupings';
 $string['enablehtmlpurifier'] = 'Enable HTML Purifier';
 $string['enablerecordcache'] = 'Enable Record Cache';
 $string['enablerssfeeds'] = 'Enable RSS feeds';
+$string['enablesafebrowserintegration'] = 'Enable Safe Exam Browser integration';
 $string['enablestats'] = 'Enable statistics';
 $string['enabletrusttext'] = 'Enable Trusted Content';
 $string['enablewebservices'] = 'Enable web services';
diff --git a/lang/en_utf8/help/quiz/browsersecurity.html b/lang/en_utf8/help/quiz/browsersecurity.html
new file mode 100644
index 0000000000..61573dc4f5
--- /dev/null
+++ b/lang/en_utf8/help/quiz/browsersecurity.html
@@ -0,0 +1,56 @@
+<h1>Browser security</h1>
+
+<p>This option offers various ways to try to restrict how students may try to 'cheat'
+while attempting a quiz. However, this is not a simple issue, and what in one situation
+is considered 'cheating' may, in another situation, just be effective use of information
+technology. (For example, the ability to quickly find answers using a search engine.)</p>
+
+<p>Note also that this is not just at problem of technology with a technical solution.
+Cheating has been going on since long before computers, and while computers make certain
+actions, like copy and paste, easier, they also make it easier for teachers to detect
+cheating - for example using the quiz reports. The options provided here are not fool-proof,
+and while they do make some forms of cheating harder for students, they also make it more
+inconvenient for students to attempt the quizzes, and they are not fool-proof.</p>
+
+<p>You should alos consider other ways to make it harder for students to cheat at your quiz:</p>
+<ul>
+<li>You can use a large question bank, which the quiz picking a selection of questions randomly,
+so different students see different, but similar questions.</li>
+<li>You can use the shuffle answers option, so that the right answer to question 1 is not always option A.</li>
+<li>You can ask questions that required students to analyse the given information, rather than just recalling facts.</li>
+</p>
+
+<p>With the above warnings in mind, here is the description of the available options.</p>
+
+<h3>None</h3>
+
+<p>No impediments are put in the way of students attempting the quiz.</p>
+
+<h3>Full screen pop-up with some JavaScript security</h3>
+
+<p>There is a limit to what the quiz, with runs on a web server, can do to restrict
+what the student sitting at their computer can do while attempting the quiz. However,
+this option does what is possible:</p>
+<ul>
+    <li>The quiz will only start if the student has a JavaScript-enabled web-browser.</li>
+    <li>The quiz appears in a fullscreen popup window that covers all the other windows and has no navigation controls.</li>
+    <li>The students are prevented, as far as is possible, from using facilities like copy and paste.</li>
+</ul>
+
+<h3>Require the use of Safe Exam Browser</h3>
+
+<p>This option will only appear if your adminstrator has enabled it.</p>
+
+<p><a href="http://www.safeexambrowser.org/">Safe Exam Browser</a> is a customised web browser that must be
+downloaded an installed on the computer that the student uses to attempt the quiz. The restrictions placed on
+students are similar to those in pop-up window case, but because Safe Exam Browser is software running
+on the student's computer, it can do a much more effective job of restricting their actions. If you select this option:</p>
+<ul>
+    <li>Students will only be able to attempt the quiz if they are using Safe Exam Browser.</li>
+    <li>The browser window will be fullscreen (without any navigation elements).</li>
+    <li>The window cannot be closed until the test is submitted.</li>
+    <li>Shortcuts keys such as Win, Ctrl+Alt+Del, Alt+F4, F1, Ctrl+P, Printscreen, are disabled.</li>
+    <li>Copy and paste, and the context menu, are disabled.</li>
+    <li>Switching to other applications is disabled.</li>
+    <li>Surfing to other web sites is prohibited.</li>
+</ul>
diff --git a/lang/en_utf8/quiz.php b/lang/en_utf8/quiz.php
index cab7a41cd6..d230e86286 100644
--- a/lang/en_utf8/quiz.php
+++ b/lang/en_utf8/quiz.php
@@ -95,6 +95,7 @@ $string['blackboard'] = 'Blackboard';
 $string['blackboard_six'] = 'Blackboard V6+';
 $string['bothattempts'] = 'Show students with and without attempts';
 $string['braceerror'] = 'Could not find {...} around answers';
+$string['browsersecurity'] = 'Browser security';
 $string['calculated'] = 'Calculated';
 $string['calculatedquestion'] = 'Calculated Question not supported at line $a. The question will be ignored';
 $string['cannotcreatepath'] = 'Path cannot be created ($a)';
@@ -506,6 +507,7 @@ $string['pleaseclose'] = 'Your request has been processed. You can now close thi
 $string['popup'] = 'Show quiz in a &quot;secure&quot; window';
 $string['popupblockerwarning'] = 'This section of the test is in secure mode, this means that you need to take the quiz in a secure window. Please turn off your popup blocker. Thank you.';
 $string['popupnotice'] = 'Students will see this quiz in a secure window';
+$string['popupwithjavascriptsupport'] = 'Full screen pop-up with some JavaScript security';
 $string['preprocesserror'] = 'Error occurred during pre-processing!';
 $string['preview'] = 'Preview';
 $string['previewquestion'] = 'Preview question';
@@ -624,6 +626,7 @@ $string['reports'] = 'Reports';
 $string['reportsimplestat'] = 'Simple statistics';
 $string['requirepassword'] = 'Require password';
 $string['requirepasswordmessage'] = 'To attempt this quiz you need to know the quiz password';
+$string['requiresafeexambrowser'] = 'Require the use of Safe Exam Browser';
 $string['requiresubnet'] = 'Require network address';
 $string['response'] = 'Response';
 $string['responses'] = 'Responses';
@@ -646,6 +649,8 @@ $string['reviewresponsetoq'] = 'Review response (question $a)';
 $string['reviewthisattempt'] = 'Review your responses to this attempt';
 $string['rqp'] = 'Remote Question';
 $string['rqps'] = 'Remote Questions';
+$string['safebrowsererror']='This quiz has been set up so that it may only be attempted using the Safe Exam Browser. You cannot attempt it form this web browser.';
+$string['safebrowsernotice']='This quiz has been configured so that students may only attempt it using the Safe Exam Browser.';
 $string['sameasoverall'] = 'Same as for overall grades';
 $string['save'] = 'Save';
 $string['saveandedit'] = 'Save changes and edit questions';
diff --git a/mod/quiz/accessrules.php b/mod/quiz/accessrules.php
index 36e3d8b252..93162a7358 100644
--- a/mod/quiz/accessrules.php
+++ b/mod/quiz/accessrules.php
@@ -8,6 +8,7 @@ class quiz_access_manager {
     private $_timenow;
     private $_passwordrule = null;
     private $_securewindowrule = null;
+    private $_safebrowserrule = null;
     private $_rules = array();
 
     /**
@@ -44,8 +45,13 @@ class quiz_access_manager {
             $this->_rules[] = $this->_passwordrule;
         }
         if (!empty($quiz->popup)) {
-            $this->_securewindowrule = new securewindow_access_rule($this->_quizobj, $this->_timenow);
-            $this->_rules[] = $this->_securewindowrule;
+            if ($quiz->popup == 1) {
+                $this->_securewindowrule = new securewindow_access_rule($this->_quizobj, $this->_timenow);
+                $this->_rules[] = $this->_securewindowrule;
+            } elseif ($quiz->popup == 2) {
+                $this->_safebrowserrule = new safebrowser_access_rule($this->_quizobj, $this->_timenow);
+                $this->_rules[] = $this->_safebrowserrule;
+            }
         }
     }
 
@@ -182,6 +188,13 @@ class quiz_access_manager {
         return !$canpreview && !is_null($this->_securewindowrule);
     }
 
+    /**
+     * @return bolean if this quiz should only be shown to students with safe browser.
+    */
+    public function safebrowser_required($canpreview) {
+        return !$canpreview && !is_null($this->_safebrowserrule);
+    }
+
     /**
      * Print a button to start a quiz attempt, with an appropriate javascript warning,
      * depending on the access restrictions. The link will pop up a 'secure' window, if
@@ -763,4 +776,21 @@ class securewindow_access_rule extends quiz_access_rule_base {
         echo "</script>\n";
     }
 }
+
+/**
+ * A rule representing the safe browser check.
+*/
+class safebrowser_access_rule extends quiz_access_rule_base {
+    public function prevent_access() {
+        if (!$this->_quizobj->is_preview_user() && !quiz_check_safe_browser()) {
+            return get_string('safebrowsererror', 'quiz');	
+        } else {
+            return false;
+        }
+    }
+
+    public function description() {
+        return get_string("safebrowsernotice", "quiz");
+    }
+}
 ?>
diff --git a/mod/quiz/attempt.php b/mod/quiz/attempt.php
index 7d9809ff6e..d7f22c33f0 100644
--- a/mod/quiz/attempt.php
+++ b/mod/quiz/attempt.php
@@ -99,6 +99,9 @@
     if ($accessmanager->securewindow_required($attemptobj->is_preview_user())) {
         $accessmanager->setup_secure_page($attemptobj->get_course()->shortname . ': ' .
                 format_string($attemptobj->get_quiz_name()), $headtags);
+    } elseif ($accessmanager->safebrowser_required($attemptobj->is_preview_user())) {
+        print_header($attemptobj->get_course()->shortname . ': '.
+                format_string($attemptobj->get_quiz_name()), '', '', '', $headtags, false, '', '', false, '');
     } else {
         $PAGE->set_title(format_string($attemptobj->get_quiz_name()));
         $PAGE->set_button($attemptobj->update_module_button());
diff --git a/mod/quiz/locallib.php b/mod/quiz/locallib.php
index 8166e8d848..13bf64cee3 100644
--- a/mod/quiz/locallib.php
+++ b/mod/quiz/locallib.php
@@ -1243,3 +1243,12 @@ function quiz_error($quiz, $errorcode, $a = null) {
     }
     print_error($errorcode, 'quiz', $CFG->wwwroot . '/mod/quiz/view.php?q=' . $quiz, $a);
 }
+
+/**
+ * Checks if browser is safe browser
+ * 
+ * @return true, if browser is safe browser else false
+*/
+function quiz_check_safe_browser() {
+    return strpos($_SERVER['HTTP_USER_AGENT'], "SEB") !== false;
+}
diff --git a/mod/quiz/mod_form.php b/mod/quiz/mod_form.php
index 8468b05aa5..30e6a903ef 100644
--- a/mod/quiz/mod_form.php
+++ b/mod/quiz/mod_form.php
@@ -261,8 +261,14 @@ class mod_quiz_mod_form extends moodleform_mod {
         $mform->disabledIf('delay2', 'attempts', 'eq', 2);
 
     /// 'Secure' window.
-        $mform->addElement('selectyesno', 'popup', get_string('showinsecurepopup', 'quiz'));
-        $mform->setHelpButton('popup', array('popup', get_string('showinsecurepopup', 'quiz'), 'quiz'));
+        $options = array(
+                    0 => get_string('none', 'quiz'),
+                    1 => get_string('popupwithjavascriptsupport', 'quiz'));
+        if ($CFG->enablesafebrowserintegration) { 
+            $options[2] = get_string('requiresafeexambrowser', 'quiz');
+        }
+        $mform->addElement('select', 'popup', get_string('browsersecurity', 'quiz'), $options);
+        $mform->setHelpButton('popup', array('browsersecurity', get_string('browsersecurity', 'quiz'), 'quiz'));
         $mform->setAdvanced('popup', $quizconfig->popup_adv);
         $mform->setDefault('popup', $quizconfig->popup);
 
diff --git a/mod/quiz/review.php b/mod/quiz/review.php
index 7577725eaa..847b562999 100644
--- a/mod/quiz/review.php
+++ b/mod/quiz/review.php
@@ -92,6 +92,8 @@
     $headtags = $attemptobj->get_html_head_contributions($page);
     if ($accessmanager->securewindow_required($attemptobj->is_preview_user())) {
         $accessmanager->setup_secure_page($attemptobj->get_course()->shortname.': '.format_string($attemptobj->get_quiz_name()), $headtags);
+    } elseif ($accessmanager->safebrowser_required($attemptobj->is_preview_user())) {
+        print_header($attemptobj->get_course()->shortname . ': '.format_string($attemptobj->get_quiz_name()), '', '', '', $headtags, false, '', '', false, '');
     } else {
         $attemptobj->navigation($strreviewtitle);
         $PAGE->set_title(format_string($attemptobj->get_quiz_name()));
diff --git a/mod/quiz/summary.php b/mod/quiz/summary.php
index 9ae6eb82e9..3140f6a7a0 100644
--- a/mod/quiz/summary.php
+++ b/mod/quiz/summary.php
@@ -49,6 +49,9 @@ $title = get_string('summaryofattempt', 'quiz');
 if ($accessmanager->securewindow_required($attemptobj->is_preview_user())) {
     $accessmanager->setup_secure_page($attemptobj->get_course()->shortname . ': ' .
             format_string($attemptobj->get_quiz_name()), '');
+} elseif ($accessmanager->safebrowser_required($attemptobj->is_preview_user())) {
+    print_header($attemptobj->get_course()->shortname . ': '.
+            format_string($attemptobj->get_quiz_name()), '', '', '', '', false, '', '', false, '');
 } else {
     $attemptobj->navigation($title);
     $PAGE->set_title(format_string($attemptobj->get_quiz_name()));
-- 
2.39.5