ATutor

Learning Management Tools


  1. Home



Pages:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15


Demo courses Flash questions and a couple of observations



  • 2010-11-09 10:16:51

    Demo courses Flash questions and a couple of observations

    ATutor version - 2.0.1
    PHP version - 5.2

    Hi,

    I'm starting on a project and decided to use ATutor. It seems to have a good reputation for being simple to develop for... for the most part I'm impressed with it.

    I come from a background in mainly MVC PHP applications, so the more procedural approach of Atutor seems a little alien to me now, and the one thing that I'm slightly concerned about is the use of $_POST, $_GET directly into the output of page templates and queries. Generally though, it seems pretty good.

    I have a couple of questions, if I may:

    1. I need to be able to add free demos for courses, and payment options in the browse courses page. I figured that I can create demo courses by using a cut-down version of a full course that doesn't require enrolment. However, I'd like to add the link to that demo course in the browse courses page, linked directly to the full course. I'd also like to extend the payment module to link directly to the same section. However, because I don't want to touch core files, I was thinking that I could write a custom module to pull those things together. Can you recommend an approach for this? I already have a custom module, and have done a bit of work on it as a starting point, but I don't want to go too far down that line if it turns out that I can add functionality to courses via the module (or a plugin?) in a more modular way...

    2. Are there any examples of using Atutor with flash - where the flash can be used to submit an answer to a question? I've looked at the demos on the site, but the flash files always seem to be embedded in the page - interactive unto themselves, but not directly affecting the flow of the course.

    Thanks in advance, and I hope all this makes sense!


  • 2010-11-09 15:46:51

    Re: Demo courses / Flash questions, and a couple of observations

    Hi,

    Thanks for choosing ATutor. All the $_POST, $_GET that are used in template and queries should be sanitized, otherwise they would introduce holes for sql injection or xss. Please let us know if we missed any of those fields. Fields like that should use $addslashes before throwing into the queries. htmlentities_utf8 should be used on fields that get displayed to avoid XSS. More information can be found here, http://help.atutor.ca/developer/guidelines.html#useful-variables.

    1. ATutor module doesn't let you to modify the existing functionality, ie. the browse courses page. Modules can be linked through the tabs at the start page, within a course, outside the course, and before you login. More information can be found here, http://help.atutor.ca/developer/modules.html. However, you can create a theme, which allows you to modify the template files in which the browse courses page uses. (basically any *.tmpl.php can be modified upon your need) information about creating themes can be found here, http://help.atutor.ca/developer/themes.html.

    2. I am not too sure if I grasp the "directly affecting the flow of the course" correctly. Flash are supported in our "Content", and "Test & Survey" modules. I have seen some contents created by others that used flash in their content to introduce flow. They have a paragraph, with a flash file beneath, and you answer questions and it will continue if you got it right. At the end, it will follow a hyperlink to the desire ATutor URL in which they wanted the user to go. All of these flow is done within the flash file itself, not on ATutor. ATutor host the flash files and display them on the content.

    Hope this helps.


    Harris


  • 2010-11-09 16:27:32

    Re: Demo courses / Flash questions, and a couple of observations

    Thanks for your reply.

    Regarding the $_POST thing, it's more of convention than something specific I noticed per se. It makes me nervous to see thousands of $_POSTs and $_GETs directly placed in output text, or queries, like:

    $sql = "SELECT member_id, login, first_name, password, email FROM ".TABLE_PREFIX."members WHERE email='$_POST[form_email]'";

    I know it is (generally) sanitized, but personally I think it's better (more reassuring from a security standpoint) to use a separate global like $request_filtered or something when for I/O functions. As you point out, it's easier to miss one if they aren't explicitly instantiated. It makes me a little nervous about the prospect of a site using ATutor being tested for PCI compliance, and whether each script would pass a blind sql injection test, or script injection test on each parameter.

    That aside...

    Re 1. Thanks, I found browse.tmpl.php, and have added a link to some code which should do the trick. My task is to extend the Payment module to allow a company to buy units of a course that can be allotted to students employed by that company.

    Re 2. I haven't looked at it in detail yet... I was thinking along the lines of flash being used in place of certain questions, and the answer submitted being passed back to Atutor to store against the test. Or perhaps I'm missing the point? I'm not sure :-|


  • 2010-11-10 14:26:58

    Re: Demo courses / Flash questions, and a couple of observations

    I agree to the funny feeling you have with the way sql is handled in ATutor. In some systems out there, they have functions like exeQuery(SQL_STATEMENT_1, $array_of_params), which takes the sql constant with %s in it and filled it with the array of parameters. This way, exeQuery would handle all the sanitizing and users programmer don't have worry about it. Something similar to a DAO. We have that in our todo list and we will slowly changes the way ATutor handles SQL statements.

    Re 2. I see, so you want to be able to submit questions via your flash. I think that's a bit tricky, but you can trying doing this from a POST in flash, with the necessarily key pairs from our test form.

    By the way, if you need to customize the ATutor code and without worring about losing all your modification, try out the Patcher from admin login. Hope all these help.

    Thanks again for all the input.


  • 2010-11-11 14:59:16

    Re: Demo courses / Flash questions, and a couple of observations

    Thanks, it's encouraging news on the SQL front (not that it's exactly a problem as such).

    I was thinking along the same lines, re using POST from Flash. I'm not sure if it's a requirement for us yet, but I did want to check if there were already standard ways of approaching it. It's good to know that I was along the right lines.

    I've only added one line (to require a file in the vitals file) so far, so it shouldn't be a problem. Most things, as you say, I can either use a custom module or a custom template. It does look like I'll create something based on your payment module.