Hi.

Many thanks for sharing this plugin with the Moodle community.

I understand one needs a commercial license to use the plugin. So since I am
unable to test the functionality of the plugin, might we be able to setup a
quick demo so that I can see the plugin in action maybe?

The plugin does not declare any capabilities. How do you control access to the
reports and other aspects of the functionality? Do you rely oN the
capabilities provided by the mod_assign module?

The uploaded version contains the db/upgrade.php. So do I get it right that
the plugin is already in production out there? Can you provide some rough info
on how many institutions are already using it? Also, I did not found any
upgrade_plugin_savepoint() call in the whole db/upgrade. Note that it might
make the upgrade path more safe and avoid accidental repeats of the same
upgrade code being executed.

I noticed table names in install.xml lack the plagiarism_ prefix. This is
pretty serious as it might lead to plugin names conflict in the future. Even
though in this case this could be tolerated as it is unlikely that anybody but
you would come with an activity module of the 'ephorus' name (which would then
collide).

However, other functions like create_file() or event_mod_deleted() etc that
are loaded into the global scope from lib.php should really have the
plagiarism_ephorus_ prefix to preven eventual collision in the global
namespace.

I am afraid that the call_user_func() code at the top of functions.php
represents an unacceptable security flaw in this plugin. Simply said, you
implemented a backdoor allowing anybody at the Internet execute any function
in Moodle without any validation, authentication and authorization. If this
code is already in production somewhere, I would really recommend to fix those
sites before we eventually publish this code.

Plugins uploaded to the Plugins directory are supposed to contain just the
English language pack. All translations are maintained separately at
lang.moodle.org portal.

Using DIRECTORY_SEPARATOR is not necessarily needed, PHP always converts / to
the appropriate character in its file functions. We avoid it in Moodle to make
the code more readable (and thence easier to spot eventual bugs).

I have also asked our plagirism specialist for a quick peer-review of the API
usage in the plugin. Beside that, the record form of the plugin could be
improved.

Looking at the validation results, a meaningful README file could be useful to
have. For example, to mention the need for the XSL extension to show reports.0

Please review http://docs.moodle.org/dev/Plugin_validation#Recommended_URLs
and then edit the plugin entry to provide the source, tracker, and
documentation URLs that will enable others in the community to more actively
participate in using this plugin.

I noticed that you did not specify an issue tracker for your plugin. Providing
a place for users of your plugin to report issues encourages participation and
provides a way for users to report bugs, make feature requests, or suggest
other types of improvements. There are a couple of options. You are welcome to
request that a component be created in the Moodle Tracker. This will allow for
you to become more familiar with how issues are managed in Moodle core but may
take a little more time to setup. Alternatively, for folks who are using
Github.com, you can use the issues feature of Github to handle such requests.
Kindly let me know which of these two options seems best for you.

Please provide a documentation URL. You are welcome to create your
documentaiton in Moodle Docs,  See
http://docs.moodle.org/dev/Plugin_documentation for more information.

Please consider adding a screenshot of your plugin to help folks get an idea
of what it looks like when installed.  

I noticed some files are encoded using the DOS/Windows end-of-lines. See
http://docs.moodle.org/dev/Coding_style#Line_Termination

For now, I am going to mark this plugin as needing more work until we get
these issues resolved. Thanks for your patience with the review and approval
process.

Dear David,

Thank you very much for your thorough review and for all your remarks. Though our plugin has already been used by hundreds of institutions for many years, it now seems that a lot of improvements need to be made.

We will start working on those as soon as possible and upload a new version once we are done.

Regarding your question about testing; you would indeed need a demo account for that. I would be more than happy to set one up for you if you want but perhaps it would be better to wait until we have an improved version?

By the way, Gavin Henrick already has a test account with us and has testing of the plugin on his todo-list.

Again, thank you very much for all your remarks and please let me know if there are any more questions or remarks.

Kind regards,
Peter Janknegt
Ephorus

Thanks Peter. Let us wait with the demo account for the improved version then. Once you consider it all fixed, feel free to schedule the plugin for re-approval using the link in the side Settings block. Have fun

Hi. Thanks for the updated version. I saw Gavin's review and that's seem to be enough from the usability perspective.

I think you might want to include some more capability checks in further versions of your plugin. I don't know details of your
service API but currently, any logged in user can execute remote SOAP functions, e.g. via change_index. It may or may not be
intentional, just be aware of the fact that hiding the link via UI is not enough to effectively protect and secure the
functionality.

Do I get it right you ran into the limitation with the maximum table name? As noted above, the tables should have full frankenstyle
prefix. So even though you fixed the eventual collision with a hypothetical 'ephorus' activity (mod_ephorus), your tables would now
collide with (hypothetical again) 'eph' plagiarism plugin. I understand it's not trivial issue to fix, given the length of this core
component name. Anyway, thanks for attempting to fix this in the upgrade step.

Said that, you are cleared to land now. Welcome to the plugins directory!

I just received an email from Ephorus (now merged with Turnitin) that development with the Ephorus API's will be discouraged/discontinued.

No info about alternatives (Turnitin?) yet.

Can students actually see there plagiarism score? A teacher has the ability to press the 'eye' icon in Moodle next to the score, but my students can't see the scores even with the eyes open. What am I missing here?