Themes with secure.php layout

Themes with secure.php layout

by Mary Evans -
Number of replies: 13
Picture of Core developers Picture of Documentation writers Picture of Peer reviewers Picture of Plugin developers Picture of Testers

I've been looking at the themes that have been released recently, and realised that not everyone is aware of the use and also, more importantly, the restrictions for the 'SECURE' layout.

The reason it is called 'secure' is because of its usage within Moodle courses. Because of its secure nature the secure.php file can not have any links that take the user out of that page. This means no logout, no custommenu and no a.brand link, as well as no footer.

Odd you might think, but this is so that when used in a TEST the student cannot leave the page.

Checkout the simple layout of

theme/clean/layout/secure.php

Hope this helps,

Mary

Average of ratings: Useful (1)
In reply to Mary Evans

Re: Themes with secure.php layout

by Richard Oelmann -
Picture of Core developers Picture of Plugin developers Picture of Testers

Thank you for that reminder Mary - Caused me to check flexibase and realised that although it started out properly at some point in the refactoring, secure.php in there has got mixed up with frontpage.php sad

Have changed it on github and now just need to set up a secure quiz to test it on and will re-release urgently as a bug fix once I've tested!

Average of ratings: -
In reply to Mary Evans

Re: Themes with secure.php layout

by Fernando Acedo -
Picture of Plugin developers Picture of Testers

Mary,

I'm trying to add secure.php to Adaptable but I can't see the difference in the layout.

For example, Clean shows in config.php:

// The pagelayout used for safebrowser and securewindow.
    'secure' => array(
    'file' => 'secure.php',
    'regions' => array('side-pre', 'side-post'),
    'defaultregion' => 'side-pre'
),

What are considered secure layouts? Quizzes?


Average of ratings: -
In reply to Fernando Acedo

Re: Themes with secure.php layout

by Mary Evans -
Picture of Core developers Picture of Documentation writers Picture of Peer reviewers Picture of Plugin developers Picture of Testers

It's usually quizzes, but the reason it was added as a separate layout is because it is used, in some cases, in conjunction with a secure browser for Exams.

The requirements are:

  1. NO External Links
  2. NO Custommenu
  3. NO Usermenu
  4. NO Footer

See MDL-32365 and MDL-34257 for more details.

The problems I see in Adaptable are

  1. the HEADER which includes a link in the top navbar
  2. the html->heading; which contains a link
  3. possibly also  JavaScript irom the theme settings

If you checkout theme/clean/layout/secure.php you will find that has not external links/

Which is the main issue here.

1: require_once(dirname(__FILE__) . '/includes/header.php');
2:        <?php echo $html->heading; ?>
3: <script type="text/javascript">
       <?php echo $PAGE->theme->settings->jssection;?>
   </script>

Cheers

Mary

Average of ratings: Useful (1)
In reply to Mary Evans

Re: Themes with secure.php layout

by Fernando Acedo -
Picture of Plugin developers Picture of Testers
Sorry, what I mean is if I open a quiz with Clean or Adaptable I see the same layout.

Clean displays the header, the footer, the sidebar blocks, ...  so I don't see the different layout. 

I will try to remove all the external links in the layout and get only the quiz page.




Average of ratings: -
In reply to Fernando Acedo

Re: Themes with secure.php layout

by Mary Evans -
Picture of Core developers Picture of Documentation writers Picture of Peer reviewers Picture of Plugin developers Picture of Testers

This is not just about opening up a Quiz in Moodle it is about a specific setting so the page has to be in Secure mode before the secure.php is used, otherwise the incourse layout is used.

TEST INSTRUCTION

  1. As Teacher: Create a quiz with "Browser security" set to "Full screen pop-up with some JavaScript security", and "Show blocks during the attempt" turned off.
  2. As student: Attempt the quiz. It should open in a pop-up window. The layout should be very plain:
    • no header
    • no footer
    • no navbar
    • login information shows who is logged in, but no logout link.
    • no real blocks, just the quiz navigation that shows which questions are in the quiz, and the timer (if required).
  3. Now turn on "Show blocks during the attempt" and attempt the quiz again as a student.
  4. Verify the only change to the layout is that now the real blocks (probably navigation and settings) are shown.

Average of ratings: Useful (1)
In reply to Fernando Acedo

Re: Themes with secure.php layout

by diana palacios -

Good day Fernando, I just update the theme adaptable, I have moodle 3.0 in server, I'm testing a quiz, I've tested with Firefox and Chrome, I selected the option: Full screen pop-up With some JavaScript security, I selected the option: every question for page and noticed something that previously did not happen when I tested moodle 2.9 on localhost in laptop:


1. The selected question not occupies the entire screen, is size medium and I can see other things like, the header and navigation controls, before only looked, the question and the block quiz navegation.


2. The content of the questions, I can select, copy and paste during the quiz. before, this option was disabled on the mouse and when trying to copy, a warning will indicate that this option is disabled.


3. During the review of the questions after completing the questionnaire or quiz, also I can select, copy and paste the contents, before could not do it and had a warning as in item 2.


Fernando please, how can I correct the above three points, I'm not sure if these problems are related with the theme, with moodle 3.0, with Java script or my server?.


Thanks for your comments, regards.

Diana

Average of ratings: -
In reply to diana palacios

Re: Themes with secure.php layout

by Mary Evans -
Picture of Core developers Picture of Documentation writers Picture of Peer reviewers Picture of Plugin developers Picture of Testers

Hi Diana.

To rule out the theme, can you please test again using the Clean theme?

Thanks

Mary

Average of ratings: -
In reply to Mary Evans

Re: Themes with secure.php layout

by diana palacios -

Hi Mary, I tested clean and essential and in both themes, not work the option "Full screen pop-up With some JavaScript security" in Chrome and FireFox. What may be happening in this case?

You tested the option: "Full screen pop-up With some JavaScript security" with others themes, it works well?.

Thanks.

Average of ratings: -
In reply to diana palacios

Re: Themes with secure.php layout

by Fernando Acedo -
Picture of Plugin developers Picture of Testers

Adaptable is not using secure.php yet.

There are several layout tasks pending and one is the use of secure php. Hope to close these tasks soon because have priority over the rest but I can't give you an ETA.

Average of ratings: -
In reply to Fernando Acedo

Re: Themes with secure.php layout

by diana palacios -

Good day Fernando, I want to know if you have an update of theme with security corrections to test it.

Thanks for your comments

Regards.

Average of ratings: -
In reply to diana palacios

Re: Themes with secure.php layout

by Fernando Acedo -
Picture of Plugin developers Picture of Testers

Diana, there are other issues that must be solved before implement the secure.php layout in Adaptable.

We are working on it but I can't give you an estimated date for the moment.

Average of ratings: -
In reply to Fernando Acedo

Re: Themes with secure.php layout

by Mary Evans -
Picture of Core developers Picture of Documentation writers Picture of Peer reviewers Picture of Plugin developers Picture of Testers

Hi Fernando, 

The easiest way in your case with the Adaptable theme is to leave off the secure layout in config.php. This way if it is needed the secure layout file will be pulled from Bootsrtapbase instead.

So only minimal styling will be seen, which should not matter too much as the page is in a strict and secure environment and have no distractions.

Hope this helps?

Cheers

Mary

Average of ratings: -