## Attendance (plugin)

### Session key

Session key

I started using this module as it will make my life easier but I've got a major problem... When I click on "take attendance" I get the screen that allows me to select whether a student was in class or not. When I click on "save changes" at the bottom I get this error.

Sorry, but your session key could not be confirmed to carry out this action. This security feature prevents against accidental or malicious execution of important functions in your name. Please make sure you really wanted to execute this function.

Anyone know why?

Grant

Average of ratings: -
Re: Session key
Grant I would be interested to know whether you solved this problem with the session key. What kind of server do you have Moodle running on? Does anybody else have the same problem?

Average of ratings: -
Re: Session key

I do have the same problem. The only way of entering attendance that I could find is logging as the administrator and editing the properties of the activity in the administration panel (at the end of the form you can manually modify the attendance). A plain teacher (without admin rights) cannot do that.

I also noticed that in the same page (regular page for entering attendance), the link to "Add multiple rolls" doesn' work (it links to /moodle/mod/mod/attendance/add.php, - one /mod too much- which is non existant)

cheers,

Piersante

Average of ratings: -
Re: Session key

Hi, I too have t he same problem When taking attandance Regards Vignesh

Average of ratings: -
Re: Session key

If you want to take the attendance, use the "Update this attendance" button instead.

The "Take attendance" link does not include a sesskey which seems to be required for updating the db. [i stand to be corrected about this]

"Update this attendance" does include they sesskey in the url so it works.

The extra mod is confirmed too, but it is easily fixed. Trying to fix the sesskey problem and will get back to you if i manage.

I'm no guru or anything, just someone who needs the attendance module to work properly and is ready to devote some time to it.

Average of ratings: -
Re: Session key

didn't manage to get that link working. instead i just removed it...

as i was commenting some code i removed most of the extra functionality which either i didn't need or else i think they don't work.

regards,

joshua

Average of ratings: -
Re: Session key

You are right, the "update" button works also for theachers, not only for the administrator.
I agree that fixing the extra /mod is easy, but I think that fixing it only in my own file doesn'help much the others

cheers,

Piersante

Average of ratings: -
Re: Session key

in fact i'm eagerly waiting for the the module owner to update it...if it is still being maintained that is.

i won't risk giving out my modifications as i don't really fully understand what I have done (and i'm noticing some strange behaviour too)

regards,

joshua

Average of ratings: -
Re: Session key
The attendance module is not being maintained; is not in the standard distribution; and contains a lot of strange behaviour.  I'm really looking for someone to come along and give it a total rewrite.  Any volunteers?

Average of ratings: -
Re: Session key

I hope you get someone; I only wish I had the ability; .... Taking attendance is a major part of any course/classroom. I'm surprised it has not been fixed and added to the standard distro.

Average of ratings: -
Re: Session key
Things are fixed and added to the standard distro only if somebody actively works on it. Developers are usually focused on modules they need for their institutions - you have to know how it should work before you start fixing it.

Everybody should know that unofficial modules may have serious security issues - attendance did not go through the latest security audit. The best way to support Moodle is to find somebody to do some programming or maintenance

Average of ratings: -
Re: Session key

What is a security audit?

Anyway I could fix the "session key" problem by adding just before the submit button in teacheredit.php the line:

$SESSION->sesskey =$USER->sesskey;

I guess that this would break any security audit even more

I haven't tested whether this would also add additional bugs, so I post it here just in case somebody is interested, but beware!

Piersante

Average of ratings: -
Re: Session key

And of course, *it does* have side effects (such as making the link to the attendance to disappear

So *don't do it* unless you know what you are doing (an I'm not

Piersante

Average of ratings: -
Re: Session key

Peirsante,

I was able to put the following line ( similar to the one you posted ) at the following location in teacheredit.php, line 52:

$form->coursemodule =$cm->id;
$form->section =$cm->section;     // The section ID
$form->course =$course->id;
$form->module =$module->id;
$form->modulename =$module->name;
$form->instance =$cm->instance;
$form->mode = "update";$SESSION->sesskey = !empty($USER->id) ?$USER->sesskey : '';

That seemed to do the trick for me, and I haven't had the problem of losing links to the attendance, as long as the attendance roll wasn't assigned to Topic 0 in Topics format for a course. Still testing it, however.

FYI

Kent

Average of ratings: -
Re: Session key

Thanks.
For some reason, though, after taking attendance here the attendance name still does not appear any more in the "topic outline" of the course (only the icon is shown, but since it is not clickable, it is impossible to access the attendance module))

Forthermore, after taking attendance, "View All Attendance Rolls from the Calendar Week" (third choice on the right on the same page) returns "Course module is incorrect"

For the moment, I think that I will use a "fake" (empty) assigment to let teachers to take and grade attendance. It doesn't have much functionalities (statistics etc), but it looks safer

cheers,

Piersante

Average of ratings: -
Re: Session key

Martin,

I'm planning to work with a group of students on a Moodle project(s) in the spring 06 semester. I know this a ways off, but if this module hasn't had any takers by that time maybe it'd be a good one to work on?

Mark

Average of ratings: -
Re: Session key
Um, yes, that's a year off! But I appreciate the offer! There's lots of other module ideas floating around without owners. The Webquest module and the Simulation module (role-playing interactions) are two that jump to mind.

Average of ratings: -
Re: Session key

I have also session key problem

Sorry, but your session key could not be confirmed to carry out this action. This security feature prevents against accidental or malicious execution of important functions in your name. Please make sure you really wanted to execute this function.

Average of ratings: -
Re: Session key

Malaiarasan, which version of Moodle and the Attendance Module are you workjing with?

-Derek

Average of ratings: -
Re: Any volunteers?

I want to work on Attendance module. But why total rewrite? Can't we start with fixing the current bugs/problems.

Average of ratings: Useful (1)
Re: Any volunteers?
Here is a link to a discussion we had about solving a similar problem with the Flash Module :

http://moodle.org/mod/forum/discuss.php?d=23302

Average of ratings: -