From 5c9710f44d77747473ecec9e11ebb69bc092348d Mon Sep 17 00:00:00 2001
From: ma0048 <ma0048@technikum-wien.at>
Date: Tue, 2 Dec 2025 13:49:05 +0100
Subject: [PATCH 1/9] externe ueberwachung v1

---
 cis/testtool/externeueberwachung.js           |  35 +++
 cis/testtool/frage.php                        |   6 +-
 cis/testtool/index.php                        |  63 ++++++
 cis/testtool/login.php                        |  19 +-
 cis/testtool/menu.php                         |  30 ++-
 cis/testtool/resetconnection.php              |  25 +++
 cis/testtool/session_init.php                 |  11 +
 cis/testtool/topbar.php                       |  14 +-
 composer.json                                 |   3 +-
 config/cis.config-default.inc.php             |   6 +
 include/externe_ueberwachung.class.php        | 203 ++++++++++++++++++
 include/reihungstest.class.php                |  10 +-
 system/dbupdate_3.4.php                       |   3 +-
 ...hungstest_ueberwachung_mit_constructor.php |  42 ++++
 vilesci/stammdaten/reihungstestverwaltung.php |   8 +
 15 files changed, 461 insertions(+), 17 deletions(-)
 create mode 100644 cis/testtool/externeueberwachung.js
 create mode 100644 cis/testtool/resetconnection.php
 create mode 100644 cis/testtool/session_init.php
 create mode 100644 include/externe_ueberwachung.class.php
 create mode 100644 system/dbupdate_3.4/62889_reihungstest_ueberwachung_mit_constructor.php

diff --git a/cis/testtool/externeueberwachung.js b/cis/testtool/externeueberwachung.js
new file mode 100644
index 000000000..a40a93e05
--- /dev/null
+++ b/cis/testtool/externeueberwachung.js
@@ -0,0 +1,35 @@
+(function () {
+	/*
+
+	const params = new URLSearchParams(location.search);
+	let expectedOrigin = params.get("examus-client-origin");
+
+	if (!expectedOrigin)
+	{
+		window.top.location.href = 'resetconnection.php';
+		return;
+	}
+	*/
+	let proctoringOK = false;
+
+	window.addEventListener("message", function (e) {
+		/*if (e.origin !== expectedOrigin) {
+			return;
+		}*/
+
+		const data = e.data || {};
+
+		if (data.proctoringIsActive)
+		{
+			proctoringOK = true;
+		}
+	});
+
+	setTimeout(function () {
+		if (!proctoringOK)
+		{
+			console.warn("Constructor nicht aktiv!")
+			//window.location.href='resetconnection.php';
+		}
+	}, 1000);
+})();
\ No newline at end of file
diff --git a/cis/testtool/frage.php b/cis/testtool/frage.php
index c38229cdf..4267d6a13 100644
--- a/cis/testtool/frage.php
+++ b/cis/testtool/frage.php
@@ -45,7 +45,7 @@ if (!$db = new basis_db())
 $PHP_SELF=$_SERVER["PHP_SELF"];
 
 // Start session
-session_start();
+require_once './session_init.php';
 
 // If language is changed by language select menu, reset language variables
 if (isset($_GET['sprache_user']) && !empty($_GET['sprache_user']))
@@ -182,6 +182,10 @@ echo '
 if(!isset($_SESSION['pruefling_id']))
 	die($p->t('testtool/bitteZuerstAnmelden'));
 
+if (!empty($_SESSION['externe_ueberwachung']) && isset($_SESSION['externe_ueberwachung_verified'])): ?>
+	<script type="text/javascript" src="externeueberwachung.js"></script>
+<?php endif;
+
 $pruefling = new pruefling();
 $pruefling->load($_SESSION['pruefling_id']);
 
diff --git a/cis/testtool/index.php b/cis/testtool/index.php
index d235e6ce9..9aa6c3f84 100644
--- a/cis/testtool/index.php
+++ b/cis/testtool/index.php
@@ -1,16 +1,78 @@
 <?php
 $contentpage = 'login.php';
 
+require_once './session_init.php';
+
 if(isset($_GET['prestudent']) && is_numeric($_GET['prestudent']))
 {
 	$contentpage = 'login.php?prestudent='.$_GET['prestudent'];
 }
+
+if ((isset($_SESSION['externe_ueberwachung']) && $_SESSION['externe_ueberwachung'] === true) &&
+	isset($_SESSION['externe_ueberwachung_verified']) && $_SESSION['externe_ueberwachung_verified'] === false)
+{
+	header("Location: resetconnection.php");
+	exit;
+}
 ?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
 <html>
 <head>
 	<title>TestTool - FH Technikum Wien</title>
 	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 	<link href="../../skin/style.css.php" rel="stylesheet" type="text/css">
+	<?php
+	if (!empty($_SESSION['externe_ueberwachung'])) : ?>
+	<script>
+		function loadInContent(url)
+		{
+			if (url.includes('logout=true'))
+			{
+				return doLogout(url);
+			}
+
+			let frame = document.getElementById('content_testtool');
+			if (frame)
+			{
+				frame.src = url;
+			}
+		}
+
+		function doLogout(url)
+		{
+			fetch(url)
+			let topbarFrame = window.frames['topbar'];
+			let menuFrame = window.frames['menu'];
+			let contentFrame = window.frames['content'];
+
+			if (contentFrame)
+				contentFrame.location.href = 'logout.html';
+
+			if (menuFrame)
+				menuFrame.location.href = menuFrame.location.pathname;
+
+			if (topbarFrame)
+				topbarFrame.location.href = topbarFrame.location.pathname;
+			return false;
+		}
+
+		function changeSprache(content_params, sprache)
+		{
+			let topbarFrame = window.frames['topbar'];
+			let menuFrame = window.frames['menu'];
+			let contentFrame = window.frames['content'];
+
+			if (topbarFrame)
+				topbarFrame.location.href = topbarFrame.location.pathname + '?sprache_user=' + sprache;
+
+			if (menuFrame)
+				menuFrame.location.href = menuFrame.location.pathname + '?sprache_user=' + sprache;
+
+			if (contentFrame)
+				contentFrame.location.href = contentFrame.location.pathname + '?' + content_params;
+		}
+
+	</script>
+	<?php endif; ?>
 </head>
 
 <frameset rows="13%,*" cols="*" frameborder="NO" border="0" framespacing="0">
@@ -26,3 +88,4 @@ if(isset($_GET['prestudent']) && is_numeric($_GET['prestudent']))
 	</noframes>
 </frameset>
 </html>
+
diff --git a/cis/testtool/login.php b/cis/testtool/login.php
index 5a2ae0dea..2b4e678fa 100644
--- a/cis/testtool/login.php
+++ b/cis/testtool/login.php
@@ -40,8 +40,7 @@ if (!$db = new basis_db())
 	die('Fehler beim Oeffnen der Datenbankverbindung');
 
 // Start session
-session_start();
-
+require_once './session_init.php';
 // Logout (triggered by logout button in menu.php)
 if (isset($_GET['logout']) && $_GET['logout'] == true)
 {
@@ -173,6 +172,12 @@ if (isset($_REQUEST['prestudent']))
 						else
 							$reload_menu = true;
 					}
+
+					if ($rt->externe_ueberwachung)
+					{
+						$_SESSION['externe_ueberwachung'] = true;
+						$_SESSION['externe_ueberwachung_verified'] = false;
+					}
 				}
 
 				$pruefling = new pruefling();
@@ -339,6 +344,8 @@ if ((isset($_SESSION['prestudent_id']) && !isset($_SESSION['pruefling_id']) &&
 	!isset($_SESSION['confirmation_needed']) && !isset($_SESSION['confirmed_code'])) ||
 	(isset($_SESSION['confirmation_needed']) && $_SESSION['confirmation_needed'] === true &&
 	isset($_SESSION['confirmed_code']) && $_SESSION['confirmed_code'] === true &&
+	isset($_SESSION['externe_ueberwachung']) && $_SESSION['externe_ueberwachung'] === true &&
+	isset($_SESSION['externe_ueberwachung_verified']) && $_SESSION['externe_ueberwachung_verified'] === true &&
 	isset($_SESSION['prestudent_id']) && !isset($_SESSION['pruefling_id'])))
 {
 	$pruefling = new pruefling();
@@ -468,7 +475,13 @@ if (isset($_POST['save']) && isset($_SESSION['prestudent_id']))
 
 <?php
 
-if (isset($_SESSION['confirmation_needed']) && $_SESSION['confirmation_needed'] === true &&
+if ((isset($_SESSION['externe_ueberwachung']) && $_SESSION['externe_ueberwachung'] === true) &&
+	isset($_SESSION['externe_ueberwachung_verified']) && $_SESSION['externe_ueberwachung_verified'] === false)
+{
+	echo "<script> top.location.href = 'resetconnection.php';</script>";
+	exit;
+}
+else if (isset($_SESSION['confirmation_needed']) && $_SESSION['confirmation_needed'] === true &&
 	isset($_SESSION['confirmed_code']) && $_SESSION['confirmed_code'] === false)
 {
 	echo '
diff --git a/cis/testtool/menu.php b/cis/testtool/menu.php
index 7c8b12b9d..2c027c886 100644
--- a/cis/testtool/menu.php
+++ b/cis/testtool/menu.php
@@ -34,7 +34,7 @@ if (!$db = new basis_db())
 	die('Fehler beim Oeffnen der Datenbankverbindung');
 
 // Start session
-session_start();
+require_once './session_init.php';
 
 // If language is changed by language select menu, reset language and session variables
 if(isset($_GET['sprache_user']) && !empty($_GET['sprache_user']))
@@ -73,7 +73,7 @@ if (isset($_SESSION['pruefling_id']))
 
 // Link zur Startseite
 	echo '<tr><td class="ItemTesttool" style="margin-left: 20px;" nowrap>
-			<a class="ItemTesttool navButton" href="login.php" target="content">'.$p->t('testtool/startseite').'</a>
+			<a class="ItemTesttool navButton" href="login.php" onclick="return loadContent(this.href);">'.$p->t('testtool/startseite').'</a>
 		</td></tr>';
 
 // Link zur Einleitung
@@ -83,7 +83,7 @@ if (isset($_SESSION['pruefling_id']))
 		{
 			echo '
 				<tr id="tr-einleitung"><td class="ItemTesttool" style="margin-left: 20px;" nowrap>
-					<a class="ItemTesttool navButton" href="../../cms/content.php?content_id='.$content_id->content_id.'&sprache='.$sprache_user.'" target="content">'.$p->t('testtool/einleitung').'</a>
+					<a class="ItemTesttool navButton" href="../../cms/content.php?content_id='.$content_id->content_id.'&sprache='.$sprache_user.'" onclick="return loadContent(this.href);">'.$p->t('testtool/einleitung').'</a>
 				</td></tr>
 			';
 		}
@@ -379,10 +379,13 @@ if (isset($_SESSION['pruefling_id']))
 				}
 			}
 
+
 			echo '<tr>
 					<!--<td width="10" class="ItemTesttoolLeft" nowrap>&nbsp;</td>-->
+
 						<td class="'.$class.'">
-							<a class="'.$class.'" href="frage.php?gebiet_id='.$row->gebiet_id.'" onclick="document.location.reload()" target="content" style="'.$style.'">'.$gebietbezeichnung.'</a>
+								<a class="'.$class.'" href="frage.php?gebiet_id='.$row->gebiet_id.'" onclick="return loadContent(this.href);"  style="'.$style.'">'.$gebietbezeichnung.'</a>
+								
 						</td>
 					<!--<td width="10" class="ItemTesttoolRight" nowrap>&nbsp;</td>-->
 					</tr>';
@@ -401,7 +404,7 @@ if (isset($_SESSION['pruefling_id']))
 	// Link zum Logout
 
 	echo '<tr><td class="ItemTesttool" style="margin-left: 20px;" nowrap>
-			<a class="ItemTesttool navButton" href="login.php?logout=true" target="content">Logout</a>
+			<a class="ItemTesttool navButton" href="login.php?logout=true" onclick="return loadContent(this.href);">Logout</a>
 		</td></tr>';
 
 	echo '</td></tr></table>';
@@ -461,5 +464,22 @@ else
                 '</td></tr>');
         }
     });
+
+	function loadContent(url)
+	{
+		if (parent && typeof parent.loadInContent === 'function')
+		{
+			parent.loadInContent(url);
+			return false;
+		}
+
+		let frame = parent?.frames?.["content"];
+		if (frame)
+		{
+			frame.location.href = url;
+			return false;
+		}
+	}
+
 </script>
 </html>
diff --git a/cis/testtool/resetconnection.php b/cis/testtool/resetconnection.php
new file mode 100644
index 000000000..200b3d778
--- /dev/null
+++ b/cis/testtool/resetconnection.php
@@ -0,0 +1,25 @@
+<?php
+
+
+require_once './session_init.php';
+
+require_once('../../config/cis.config.inc.php');
+require_once('../../config/global.config.inc.php');
+require_once '../../include/externe_ueberwachung.class.php';
+if (!$db = new basis_db())
+	die('Fehler beim Oeffnen der Datenbankverbindung');
+
+if (isset($_SESSION['externe_ueberwachung']) && $_SESSION['externe_ueberwachung'] === true)
+{
+	$ueberwachung = new externeUeberwachung();
+	$url = $ueberwachung->start($_SESSION['prestudent_id'], $_SESSION['reihungstestID']);
+	$urlSafe = htmlspecialchars($url, ENT_QUOTES);
+
+
+	//var_dump($urlSafe);
+
+	header("Location: $urlSafe");
+	//echo "<script>window.open('{$urlSafe}');</script>";
+	$_SESSION['externe_ueberwachung_verified'] = true;
+
+}
\ No newline at end of file
diff --git a/cis/testtool/session_init.php b/cis/testtool/session_init.php
new file mode 100644
index 000000000..fd7f0b5f3
--- /dev/null
+++ b/cis/testtool/session_init.php
@@ -0,0 +1,11 @@
+<?php
+if (session_status() === PHP_SESSION_NONE) {
+	session_set_cookie_params(
+		0,
+		'/; samesite=None',
+		'',
+		true,
+		true
+	);
+	session_start();
+}
\ No newline at end of file
diff --git a/cis/testtool/topbar.php b/cis/testtool/topbar.php
index 7ca218ede..03bc30e07 100644
--- a/cis/testtool/topbar.php
+++ b/cis/testtool/topbar.php
@@ -67,9 +67,17 @@ function changeSprache(sprache)
     content_params.set('sprache_user', sprache); // add or replace sprache_user
 
     // Pass GET-param sprache_user to topbar.php, menu.php and content (login.php or frage.php) and refresh the frames.
-    location.href = location.pathname + '?sprache_user=' + sprache; // refreshes topbar.php
-    parent.menu.location.href = parent.menu.location.pathname + '?sprache_user=' + sprache; // refreshes menu.php
-    parent.content.location.href = parent.content.location.pathname + '?' + content_params; // refreshes login.php or frage.php
+	if (parent && typeof parent.changeSprache === 'function')
+	{
+		parent.changeSprache(content_params, sprache);
+		return false;
+	}
+	else
+	{
+		location.href = location.pathname + '?sprache_user=' + sprache; // refreshes topbar.php
+		parent.menu.location.href = parent.menu.location.pathname + '?sprache_user=' + sprache; // refreshes menu.php
+		parent.content.location.href = parent.content.location.pathname + '?' + content_params; // refreshes login.php or frage.php
+	}
 }
 
 	$(document).on("keydown", function (e) {
diff --git a/composer.json b/composer.json
index 370c2eda1..35499ec61 100644
--- a/composer.json
+++ b/composer.json
@@ -517,6 +517,7 @@
 		"phpmd/phpmd": "2.*",
 		"phpmetrics/phpmetrics": "2.*",
 		"sebastian/phpcpd": "3.*",
-		"phpunit/phpunit": "^6"
+		"phpunit/phpunit": "^6",
+		"firebase/php-jwt": "^6.0"
 	}
 }
diff --git a/config/cis.config-default.inc.php b/config/cis.config-default.inc.php
index 9985a90d4..b6607ca4a 100644
--- a/config/cis.config-default.inc.php
+++ b/config/cis.config-default.inc.php
@@ -301,4 +301,10 @@ define ('DEFAULT_ECHTER_DIENSTVERTRAG',[103,111]);
 
 // Weiterleiten zu CIS neu (wenn Rechte vorhanden)
 define('CIS_REDIRECT_TO_CIS4', false);
+
+//Externe Ueberwachung
+define('EXTERNE_UEBERWACHUNG_PROTOCOL_URL', 'https://example.com');
+define('EXTERNE_UEBERWACHUNG_SECRET_KEY', null);
+define('EXTERNE_UEBERWACHUNG_INTEGRATION_NAME', 'example');
+
 ?>
diff --git a/include/externe_ueberwachung.class.php b/include/externe_ueberwachung.class.php
new file mode 100644
index 000000000..0e2e06ec9
--- /dev/null
+++ b/include/externe_ueberwachung.class.php
@@ -0,0 +1,203 @@
+<?php
+
+require_once(dirname(__FILE__).'/basis_db.class.php');
+require_once(dirname(__FILE__).'/prestudent.class.php');
+require_once(dirname(__FILE__).'/person.class.php');
+require_once(dirname(__FILE__).'/reihungstest.class.php');
+
+require_once(dirname(__FILE__).'/../vendor/autoload.php');
+use Firebase\JWT\JWT;
+
+class externeUeberwachung extends basis_db
+{
+	public function __construct()
+	{
+		parent::__construct();
+	}
+
+	public function getStatusByPrestudent($prestudent_id)
+	{
+		$session_id = $this->getSessionByPrestudent($prestudent_id);
+		return $this->getSessionStatus($session_id);
+	}
+	public function start($prestudent_id, $reihungstest_id)
+	{
+		$session_id = $this->getSessionByPrestudent($prestudent_id);
+
+		if (!$session_id)
+		{
+			$session_id = $this->createSession($prestudent_id);
+		}
+		else
+		{
+			$status = $this->getSessionStatus($session_id);
+
+			if (in_array($status, array('late_to_start', 'finished')))
+			{
+				$session_id = $this->createSession($prestudent_id);
+			}
+		}
+
+		$payload = $this->getPayload($session_id, $prestudent_id, $reihungstest_id);
+		return $this->getStartUrl($payload);
+	}
+
+
+	private function createSession($prestudent_id)
+	{
+		if (is_null($prestudent_id))
+		{
+			$this->errormsg = 'Falsche Parameterübergabe';
+			return false;
+		}
+
+		$uuid = $this->genereateUUID();
+
+		$qry = "INSERT INTO testtool.tbl_externe_ueberwachung (prestudent_id, session_id, insertvon)
+				VALUES (".
+			$this->db_add_param($prestudent_id).",".
+			$this->db_add_param($uuid).",".
+			$this->db_add_param(get_uid()).")";
+
+		if($this->db_query($qry))
+		{
+			return $uuid;
+		}
+		else
+		{
+			$this->errormsg = 'Fehler beim Speichern der Antwort';
+			return false;
+		}
+	}
+	public function getSessionByPrestudent($prestudent_id)
+	{
+		if (is_null($prestudent_id))
+		{
+			$this->errormsg = 'Falsche Parameterübergabe';
+			return false;
+		}
+
+		$qry = "SELECT session_id
+				FROM testtool.tbl_externe_ueberwachung
+				ORDER BY insertamum DESC
+				LIMIT 1";
+
+		if($result = $this->db_query($qry))
+		{
+			if ($row = $this->db_fetch_object($result))
+			{
+				return $row->session_id;
+			}
+			else
+			{
+				$this->errormsg = 'Daten konnten nicht geladen werden';
+				return false;
+			}
+		}
+		else
+		{
+			$this->errormsg = 'Fehler bei einer Abfrage';
+			return false;
+		}
+	}
+
+	public function getSessionStatus($session_id)
+	{
+		$payload = $this->getSessionPayload($session_id);
+		$jwt = $this->createToken($payload);
+
+		$url = $this->getSessionUrl($session_id);
+
+		$ch = curl_init($url);
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($ch, CURLOPT_HTTPHEADER, [
+			"Authorization: JWT {$jwt}",
+			"Content-Type: application/json",
+		]);
+		curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
+
+		$response = curl_exec($ch);
+		$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+
+		curl_close($ch);
+
+		$data = json_decode($response, true);
+		return isset($data['status']) ? $data['status'] : false;
+	}
+
+	private function getSessionPayload($session_id)
+	{
+		return [
+			"session_id" => $session_id,
+			"iat" => time(),
+			"exp" => time() + 120,
+		];
+	}
+
+	private function getPayload($session_id, $prestudent_id, $reihungstest_id)
+	{
+		$prestudent = new prestudent($prestudent_id);
+		$person = new Person($prestudent->person_id);
+
+		$reihungstest = new Reihungstest($reihungstest_id);
+
+		$datetime = new DateTime();
+		$today = $datetime->format('Y-m-d');
+
+		$payload = [
+			"userId"=> $prestudent_id,
+			"lastName"=> $person->nachname,
+			"firstName"=> $person->vorname,
+			"language"=> $person->sprache,
+			"accountName"=> "technikum_wien",
+			"accountId"=> "technikum_wien",
+			"examId" => !is_null(trim($reihungstest->anmerkung)) ? $reihungstest->anmerkung : ($today . " RT Test"),
+			"examName" => !is_null(trim($reihungstest->anmerkung)) ? $reihungstest->anmerkung : ($today . " RT Test"),
+			"allowMultipleDisplays" => true,
+			"allowMakingRoomScanSecondCamera" => false,
+			"duration"=> 120,
+			"schedule"=> false,
+			"trial"=> true,
+			"proctoring"=> "offline",
+			"identification"=> "skip",
+			"startDate"=> "2018-03-27T00:00:00Z", //TODO anpassen
+			"endDate"=> "2027-03-30T12:55:00Z", // TODO anpassen
+			"sessionId"=> $session_id,
+			"sessionUrl"=> "https://demo.dev.technikum-wien.at/cis/testtool/index.php"
+		];
+		return $payload;
+	}
+
+	private function getSessionUrl($session_id)
+	{
+		return EXTERNE_UEBERWACHUNG_PROTOCOL_URL . "/api/v2/integration/simple/". EXTERNE_UEBERWACHUNG_INTEGRATION_NAME . "/sessions/". urlencode($session_id) ."/status/";
+	}
+
+	private function getStartUrl($payload)
+	{
+		$token = $this->createToken($payload);
+		$query = http_build_query(['token' => $token]);
+
+		return EXTERNE_UEBERWACHUNG_PROTOCOL_URL . '/integration/simple/'. EXTERNE_UEBERWACHUNG_INTEGRATION_NAME .'/start?' . $query;
+	}
+
+	private function createToken($payload)
+	{
+		return JWT::encode($payload, EXTERNE_UEBERWACHUNG_SECRET_KEY, 'HS256');
+	}
+
+	private function genereateUUID()
+	{
+		$data = openssl_random_pseudo_bytes(16);
+
+		$data[6] = chr(ord($data[6]) & 0x0f | 0x40);
+		$data[8] = chr(ord($data[8]) & 0x3f | 0x80);
+
+		return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4));
+	}
+}
+
+?>
+
+
+
diff --git a/include/reihungstest.class.php b/include/reihungstest.class.php
index df4134ebf..94d064c25 100644
--- a/include/reihungstest.class.php
+++ b/include/reihungstest.class.php
@@ -63,6 +63,7 @@ class reihungstest extends basis_db
 	
 	public $zugangs_ueberpruefung = false; //boolean
 	public $zugangscode; //smallint
+	public $externe_ueberwachung = false; //boolean
 
 
 	/**
@@ -119,6 +120,7 @@ class reihungstest extends basis_db
 				$this->aufnahmegruppe_kurzbz = $row->aufnahmegruppe_kurzbz;
 				$this->zugangs_ueberpruefung = $this->db_parse_bool($row->zugangs_ueberpruefung);
 				$this->zugangscode = $row->zugangscode;
+				$this->externe_ueberwachung = $this->db_parse_bool($row->externe_ueberwachung);
 
 				return true;
 			}
@@ -234,7 +236,7 @@ class reihungstest extends basis_db
 
 			$qry = 'BEGIN; INSERT INTO public.tbl_reihungstest (studiengang_kz, ort_kurzbz, anmerkung, datum, uhrzeit,
 				insertamum, insertvon, updateamum, updatevon, max_teilnehmer, oeffentlich, freigeschaltet,
-				studiensemester_kurzbz, stufe, anmeldefrist, aufnahmegruppe_kurzbz, zugangs_ueberpruefung, zugangscode) VALUES('.
+				studiensemester_kurzbz, stufe, anmeldefrist, aufnahmegruppe_kurzbz, zugangs_ueberpruefung, zugangscode, externe_ueberwachung) VALUES('.
 				$this->db_add_param($this->studiengang_kz, FHC_INTEGER).', '.
 				$this->db_add_param($this->ort_kurzbz).', '.
 				$this->db_add_param($this->anmerkung).', '.
@@ -250,7 +252,8 @@ class reihungstest extends basis_db
 				$this->db_add_param($this->anmeldefrist).','.
 				$this->db_add_param($this->aufnahmegruppe_kurzbz). ',' .
 				$this->db_add_param($this->zugangs_ueberpruefung, FHC_BOOLEAN).','.
-				$this->db_add_param($this->zugangscode) . ');';
+				$this->db_add_param($this->zugangscode) . ','.
+				$this->db_add_param($this->externe_ueberwachung, FHC_BOOLEAN) . ');';
 		}
 		else
 		{
@@ -270,7 +273,8 @@ class reihungstest extends basis_db
 				'anmeldefrist='.$this->db_add_param($this->anmeldefrist).', '.
 				'aufnahmegruppe_kurzbz='.$this->db_add_param($this->aufnahmegruppe_kurzbz).', '.
 				'zugangs_ueberpruefung='.$this->db_add_param($this->zugangs_ueberpruefung, FHC_BOOLEAN).', '.
-				'zugangscode='.$this->db_add_param($this->zugangscode).' '.
+				'zugangscode='.$this->db_add_param($this->zugangscode).', '.
+				'externe_ueberwachung='.$this->db_add_param($this->externe_ueberwachung, FHC_BOOLEAN).' '.
 				'WHERE reihungstest_id='.$this->db_add_param($this->reihungstest_id, FHC_INTEGER, false).';';
 		}
 
diff --git a/system/dbupdate_3.4.php b/system/dbupdate_3.4.php
index ed50b0df1..708e69717 100644
--- a/system/dbupdate_3.4.php
+++ b/system/dbupdate_3.4.php
@@ -86,6 +86,7 @@ require_once('dbupdate_3.4/40314_electronic_onboarding_anbindung_ida.php');
 require_once('dbupdate_3.4/47972_pruefungsverwaltung_ects_angabe.php');
 require_once('dbupdate_3.4/67490_studstatus_suche_abort_controller_haengt.php');
 require_once('dbupdate_3.4/68744_StV_settings.php');
+require_once('dbupdate_3.4/62889_reihungstest_ueberwachung_mit_constructor.php');
 
 // *** Pruefung und hinzufuegen der neuen Attribute und Tabellen
 echo '<H2>Pruefe Tabellen und Attribute!</H2>';
@@ -358,7 +359,7 @@ $tabellen=array(
 	"public.tbl_profil_update_status" => array("status_kurzbz","beschreibung","bezeichnung_mehrsprachig"),
 	"public.tbl_profil_update_topic" => array("topic_kurzbz","beschreibung","bezeichnung_mehrsprachig"),
 	"public.tbl_raumtyp"  => array("raumtyp_kurzbz","beschreibung","kosten","aktiv"),
-	"public.tbl_reihungstest"  => array("reihungstest_id","studiengang_kz","ort_kurzbz","anmerkung","datum","uhrzeit","updateamum","updatevon","insertamum","insertvon","ext_id","freigeschaltet","max_teilnehmer","oeffentlich","studiensemester_kurzbz","aufnahmegruppe_kurzbz","stufe","anmeldefrist","zugangs_ueberpruefung","zugangscode"),
+	"public.tbl_reihungstest"  => array("reihungstest_id","studiengang_kz","ort_kurzbz","anmerkung","datum","uhrzeit","updateamum","updatevon","insertamum","insertvon","ext_id","freigeschaltet","max_teilnehmer","oeffentlich","studiensemester_kurzbz","aufnahmegruppe_kurzbz","stufe","anmeldefrist","zugangs_ueberpruefung","zugangscode", "externe_ueberwachung"),
 	"public.tbl_rueckstellung" => array("rueckstellung_id","person_id","status_kurzbz","datum_bis","insertamum","insertvon"),
 	"public.tbl_rueckstellung_status" => array("status_kurzbz", "bezeichnung_mehrsprachig", "sort", "aktiv"),
 	"public.tbl_rt_ort" => array("rt_id","ort_kurzbz","uid"),
diff --git a/system/dbupdate_3.4/62889_reihungstest_ueberwachung_mit_constructor.php b/system/dbupdate_3.4/62889_reihungstest_ueberwachung_mit_constructor.php
new file mode 100644
index 000000000..7f306e3d9
--- /dev/null
+++ b/system/dbupdate_3.4/62889_reihungstest_ueberwachung_mit_constructor.php
@@ -0,0 +1,42 @@
+<?php
+
+if (! defined('DB_NAME')) exit('No direct script access allowed');
+
+if(!$result = @$db->db_query("SELECT externe_ueberwachung FROM public.tbl_reihungstest LIMIT 1"))
+{
+	$qry = "ALTER TABLE public.tbl_reihungstest ADD COLUMN externe_ueberwachung boolean NOT NULL DEFAULT false;";
+	
+	if(!$db->db_query($qry))
+		echo '<strong>public.tbl_reihungstest: '.$db->db_last_error().'</strong><br>';
+	else
+		echo '<br>public.tbl_reihungstest: Spalte externe_ueberwachung hinzugefuegt';
+}
+
+if(!$result = @$db->db_query("SELECT 1 FROM testtool.tbl_externe_ueberwachung LIMIT 1"))
+{
+	$qry = "CREATE TABLE testtool.tbl_externe_ueberwachung (
+			externe_ueberwachung_id		INTEGER NOT NULL,
+			prestudent_id				INTEGER NOT NULL,
+			session_id					UUID NOT NULL,
+			insertamum					TIMESTAMP DEFAULT NOW(),
+			insertvon					VARCHAR(32) NOT NULL,
+			CONSTRAINT tbl_externe_ueberwachung_pk PRIMARY KEY(externe_ueberwachung_id)
+		);
+		CREATE SEQUENCE testtool.tbl_externe_ueberwachungg_id_seq
+			INCREMENT BY 1
+			NO MAXVALUE
+			NO MINVALUE
+			CACHE 1;
+		ALTER TABLE testtool.tbl_externe_ueberwachung ALTER COLUMN externe_ueberwachung_id SET DEFAULT nextval('testtool.tbl_externe_ueberwachungg_id_seq');
+		ALTER TABLE testtool.tbl_externe_ueberwachung ADD CONSTRAINT fk_prestudent_externe_ueberwachung FOREIGN KEY (prestudent_id) REFERENCES public.tbl_prestudent (prestudent_id) ON DELETE RESTRICT ON UPDATE CASCADE;
+		ALTER TABLE testtool.tbl_externe_ueberwachung ADD CONSTRAINT unique_externe_ueberwachung_session_id UNIQUE (session_id);
+		GRANT SELECT, INSERT ON testtool.tbl_externe_ueberwachung TO vilesci;
+		GRANT SELECT, INSERT ON testtool.tbl_externe_ueberwachung TO web;
+		GRANT SELECT, UPDATE ON testtool.tbl_externe_ueberwachungg_id_seq TO vilesci;
+		GRANT SELECT, UPDATE ON testtool.tbl_externe_ueberwachungg_id_seq TO web;";
+
+	if(!$db->db_query($qry))
+		echo '<strong>testtool.tbl_externe_ueberwachung: '.$db->db_last_error().'</strong><br>';
+	else
+		echo '<br>testtool.tbl_externe_ueberwachung: table created';
+}
diff --git a/vilesci/stammdaten/reihungstestverwaltung.php b/vilesci/stammdaten/reihungstestverwaltung.php
index 07e88183c..babbc3ce4 100644
--- a/vilesci/stammdaten/reihungstestverwaltung.php
+++ b/vilesci/stammdaten/reihungstestverwaltung.php
@@ -1458,6 +1458,7 @@ if(isset($_POST['speichern']) || isset($_POST['kopieren']))
 			$reihungstest->anmeldefrist = $datum_obj->formatDatum($_POST['anmeldefrist']);
 			$reihungstest->zugangs_ueberpruefung = false;
 			$reihungstest->zugangscode = null;
+			$reihungstest->externe_ueberwachung = false;
 		}
 		else
 		{
@@ -1474,6 +1475,7 @@ if(isset($_POST['speichern']) || isset($_POST['kopieren']))
 			$reihungstest->updatevon = $user;
 			$reihungstest->zugangs_ueberpruefung = isset($_POST['zugangs_ueberpruefung']);
 			$reihungstest->zugangscode = ($_POST['zugangcode'] === '' ? null : $_POST['zugangcode']);
+			$reihungstest->externe_ueberwachung = isset($_POST['externe_ueberwachung']);
 		}
 		$reihungstest->studiengang_kz = $_POST['studiengang_kz'];
 		//$reihungstest->ort_kurzbz = $_POST['ort_kurzbz'];
@@ -2571,6 +2573,12 @@ $studienplaene_list = implode(',', array_keys($studienplaene_arr));
 				<input type="number" class="input" id="zugangcode" name="zugangcode" value="<?php echo $db->convert_html_chars($reihungstest->zugangscode) ?>"> (Verpflichtend, wenn die Zugangsüberprüfung aktiviert ist)
 			</td>
 		</tr>
+			<tr>
+				<td class="feldtitel">Externe Überwachnung</td>
+				<td>
+					<input type="checkbox" id="externe_ueberwachung" name="externe_ueberwachung"<?php echo $reihungstest->externe_ueberwachung ? 'checked="checked"' : '' ?>>
+				</td>
+			</tr>
 		<tr>
 			<td>&nbsp;</td>
 		</tr>

From d8e57d43f901a5a7307bdafb3cd5af6c080f8629 Mon Sep 17 00:00:00 2001
From: ma0048 <ma0048@technikum-wien.at>
Date: Tue, 2 Dec 2025 13:53:38 +0100
Subject: [PATCH 2/9] session url in die config verschoben

---
 config/cis.config-default.inc.php      | 1 +
 include/externe_ueberwachung.class.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/cis.config-default.inc.php b/config/cis.config-default.inc.php
index b6607ca4a..81f09f697 100644
--- a/config/cis.config-default.inc.php
+++ b/config/cis.config-default.inc.php
@@ -306,5 +306,6 @@ define('CIS_REDIRECT_TO_CIS4', false);
 define('EXTERNE_UEBERWACHUNG_PROTOCOL_URL', 'https://example.com');
 define('EXTERNE_UEBERWACHUNG_SECRET_KEY', null);
 define('EXTERNE_UEBERWACHUNG_INTEGRATION_NAME', 'example');
+define('EXTERNE_UEBERWACHUNG_SESSION_URL', 'https://example.com');
 
 ?>
diff --git a/include/externe_ueberwachung.class.php b/include/externe_ueberwachung.class.php
index 0e2e06ec9..8adbee8a2 100644
--- a/include/externe_ueberwachung.class.php
+++ b/include/externe_ueberwachung.class.php
@@ -163,7 +163,7 @@ class externeUeberwachung extends basis_db
 			"startDate"=> "2018-03-27T00:00:00Z", //TODO anpassen
 			"endDate"=> "2027-03-30T12:55:00Z", // TODO anpassen
 			"sessionId"=> $session_id,
-			"sessionUrl"=> "https://demo.dev.technikum-wien.at/cis/testtool/index.php"
+			"sessionUrl"=> EXTERNE_UEBERWACHUNG_SESSION_URL
 		];
 		return $payload;
 	}

From 8bab5285e9a2f083231dfb04cd5af9a2901a3ba0 Mon Sep 17 00:00:00 2001
From: ma0048 <ma0048@technikum-wien.at>
Date: Wed, 10 Dec 2025 08:08:46 +0100
Subject: [PATCH 3/9] testversuch ueber config abfrage gefixed menu wird nicht
 mehr angezeigt

---
 cis/testtool/externeueberwachung.js    | 3 ++-
 cis/testtool/menu.php                  | 8 ++++++--
 cis/testtool/resetconnection.php       | 6 ------
 config/cis.config-default.inc.php      | 1 +
 include/externe_ueberwachung.class.php | 3 ++-
 5 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/cis/testtool/externeueberwachung.js b/cis/testtool/externeueberwachung.js
index a40a93e05..d15404dec 100644
--- a/cis/testtool/externeueberwachung.js
+++ b/cis/testtool/externeueberwachung.js
@@ -29,7 +29,8 @@
 		if (!proctoringOK)
 		{
 			console.warn("Constructor nicht aktiv!")
-			//window.location.href='resetconnection.php';
+			//TODO einkommentieren
+			//top.location.href='resetconnection.php';
 		}
 	}, 1000);
 })();
\ No newline at end of file
diff --git a/cis/testtool/menu.php b/cis/testtool/menu.php
index 2c027c886..82623c1fd 100644
--- a/cis/testtool/menu.php
+++ b/cis/testtool/menu.php
@@ -61,8 +61,12 @@ $p = new phrasen($sprache_user);
 <?php
 $gebiet_hasMathML = false; // true, wenn irgendein Gebiet eine/n Frage/Vorschlag im MathML-Format enthält
 $invalid_gebiete = false;
-
-if (isset($_SESSION['pruefling_id']))
+if ((isset($_SESSION['externe_ueberwachung']) && $_SESSION['externe_ueberwachung'] === true) &&
+	isset($_SESSION['externe_ueberwachung_verified']) && $_SESSION['externe_ueberwachung_verified'] === false)
+{
+	exit;
+}
+else if (isset($_SESSION['pruefling_id']))
 {
 	//content_id fuer Einfuehrung auslesen
 	$qry = "SELECT content_id FROM testtool.tbl_ablauf_vorgaben WHERE studiengang_kz=".$db->db_add_param($_SESSION['studiengang_kz'])." LIMIT 1";
diff --git a/cis/testtool/resetconnection.php b/cis/testtool/resetconnection.php
index 200b3d778..39f50dfc5 100644
--- a/cis/testtool/resetconnection.php
+++ b/cis/testtool/resetconnection.php
@@ -14,12 +14,6 @@ if (isset($_SESSION['externe_ueberwachung']) && $_SESSION['externe_ueberwachung'
 	$ueberwachung = new externeUeberwachung();
 	$url = $ueberwachung->start($_SESSION['prestudent_id'], $_SESSION['reihungstestID']);
 	$urlSafe = htmlspecialchars($url, ENT_QUOTES);
-
-
-	//var_dump($urlSafe);
-
 	header("Location: $urlSafe");
-	//echo "<script>window.open('{$urlSafe}');</script>";
 	$_SESSION['externe_ueberwachung_verified'] = true;
-
 }
\ No newline at end of file
diff --git a/config/cis.config-default.inc.php b/config/cis.config-default.inc.php
index 81f09f697..0bef3a523 100644
--- a/config/cis.config-default.inc.php
+++ b/config/cis.config-default.inc.php
@@ -307,5 +307,6 @@ define('EXTERNE_UEBERWACHUNG_PROTOCOL_URL', 'https://example.com');
 define('EXTERNE_UEBERWACHUNG_SECRET_KEY', null);
 define('EXTERNE_UEBERWACHUNG_INTEGRATION_NAME', 'example');
 define('EXTERNE_UEBERWACHUNG_SESSION_URL', 'https://example.com');
+define('EXTERNE_UEBERWACHUNG_TRIAL_TEST', false);
 
 ?>
diff --git a/include/externe_ueberwachung.class.php b/include/externe_ueberwachung.class.php
index 8adbee8a2..db6f5ae6a 100644
--- a/include/externe_ueberwachung.class.php
+++ b/include/externe_ueberwachung.class.php
@@ -79,6 +79,7 @@ class externeUeberwachung extends basis_db
 
 		$qry = "SELECT session_id
 				FROM testtool.tbl_externe_ueberwachung
+				WHERE prestudent_id = ".$this->db_add_param($prestudent_id, FHC_INTEGER) . "
 				ORDER BY insertamum DESC
 				LIMIT 1";
 
@@ -157,7 +158,7 @@ class externeUeberwachung extends basis_db
 			"allowMakingRoomScanSecondCamera" => false,
 			"duration"=> 120,
 			"schedule"=> false,
-			"trial"=> true,
+			"trial"=> EXTERNE_UEBERWACHUNG_TRIAL_TEST,
 			"proctoring"=> "offline",
 			"identification"=> "skip",
 			"startDate"=> "2018-03-27T00:00:00Z", //TODO anpassen

From 48512f46ab5ea3adefe758396ca0ea1eafd1849a Mon Sep 17 00:00:00 2001
From: ma0048 <ma0048@technikum-wien.at>
Date: Wed, 10 Dec 2025 15:15:23 +0100
Subject: [PATCH 4/9] exam name geandert

---
 include/externe_ueberwachung.class.php | 34 +++++++++++++-------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/include/externe_ueberwachung.class.php b/include/externe_ueberwachung.class.php
index db6f5ae6a..32911b9c5 100644
--- a/include/externe_ueberwachung.class.php
+++ b/include/externe_ueberwachung.class.php
@@ -146,25 +146,25 @@ class externeUeberwachung extends basis_db
 		$today = $datetime->format('Y-m-d');
 
 		$payload = [
-			"userId"=> $prestudent_id,
-			"lastName"=> $person->nachname,
-			"firstName"=> $person->vorname,
-			"language"=> $person->sprache,
-			"accountName"=> "technikum_wien",
-			"accountId"=> "technikum_wien",
-			"examId" => !is_null(trim($reihungstest->anmerkung)) ? $reihungstest->anmerkung : ($today . " RT Test"),
-			"examName" => !is_null(trim($reihungstest->anmerkung)) ? $reihungstest->anmerkung : ($today . " RT Test"),
+			"userId" => $prestudent_id,
+			"lastName" => $person->nachname,
+			"firstName" => $person->vorname,
+			"language" => $person->sprache,
+			"accountName" => "technikum_wien",
+			"accountId" => "technikum_wien",
+			"examId" => $reihungstest_id . '_' . $today,
+			"examName" => !is_null(trim($reihungstest->anmerkung)) ? ($reihungstest->anmerkung . '_' . $today) : ($reihungstest_id . '_' . $today),
 			"allowMultipleDisplays" => true,
 			"allowMakingRoomScanSecondCamera" => false,
-			"duration"=> 120,
-			"schedule"=> false,
-			"trial"=> EXTERNE_UEBERWACHUNG_TRIAL_TEST,
-			"proctoring"=> "offline",
-			"identification"=> "skip",
-			"startDate"=> "2018-03-27T00:00:00Z", //TODO anpassen
-			"endDate"=> "2027-03-30T12:55:00Z", // TODO anpassen
-			"sessionId"=> $session_id,
-			"sessionUrl"=> EXTERNE_UEBERWACHUNG_SESSION_URL
+			"duration" => 600,
+			"schedule" => false,
+			"trial" => EXTERNE_UEBERWACHUNG_TRIAL_TEST,
+			"proctoring" => "offline",
+			"identification" => "skip",
+			"startDate" => "2018-03-27T00:00:00Z", //TODO anpassen
+			"endDate" => "2027-03-30T12:55:00Z", // TODO anpassen
+			"sessionId" => $session_id,
+			"sessionUrl" => EXTERNE_UEBERWACHUNG_SESSION_URL
 		];
 		return $payload;
 	}

From df639c8b0708640751026b2f5ca5f7cc63957089 Mon Sep 17 00:00:00 2001
From: ma0048 <ma0048@technikum-wien.at>
Date: Thu, 11 Dec 2025 08:28:01 +0100
Subject: [PATCH 5/9] sprache mitschicken

---
 cis/testtool/resetconnection.php       | 2 +-
 include/externe_ueberwachung.class.php | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/cis/testtool/resetconnection.php b/cis/testtool/resetconnection.php
index 39f50dfc5..e0141ae0b 100644
--- a/cis/testtool/resetconnection.php
+++ b/cis/testtool/resetconnection.php
@@ -12,7 +12,7 @@ if (!$db = new basis_db())
 if (isset($_SESSION['externe_ueberwachung']) && $_SESSION['externe_ueberwachung'] === true)
 {
 	$ueberwachung = new externeUeberwachung();
-	$url = $ueberwachung->start($_SESSION['prestudent_id'], $_SESSION['reihungstestID']);
+	$url = $ueberwachung->start($_SESSION['prestudent_id'], $_SESSION['reihungstestID'], $_SESSION['sprache']);
 	$urlSafe = htmlspecialchars($url, ENT_QUOTES);
 	header("Location: $urlSafe");
 	$_SESSION['externe_ueberwachung_verified'] = true;
diff --git a/include/externe_ueberwachung.class.php b/include/externe_ueberwachung.class.php
index 32911b9c5..5e5bafded 100644
--- a/include/externe_ueberwachung.class.php
+++ b/include/externe_ueberwachung.class.php
@@ -20,7 +20,7 @@ class externeUeberwachung extends basis_db
 		$session_id = $this->getSessionByPrestudent($prestudent_id);
 		return $this->getSessionStatus($session_id);
 	}
-	public function start($prestudent_id, $reihungstest_id)
+	public function start($prestudent_id, $reihungstest_id, $sprache)
 	{
 		$session_id = $this->getSessionByPrestudent($prestudent_id);
 
@@ -38,7 +38,7 @@ class externeUeberwachung extends basis_db
 			}
 		}
 
-		$payload = $this->getPayload($session_id, $prestudent_id, $reihungstest_id);
+		$payload = $this->getPayload($session_id, $prestudent_id, $reihungstest_id, $sprache);
 		return $this->getStartUrl($payload);
 	}
 
@@ -135,7 +135,7 @@ class externeUeberwachung extends basis_db
 		];
 	}
 
-	private function getPayload($session_id, $prestudent_id, $reihungstest_id)
+	private function getPayload($session_id, $prestudent_id, $reihungstest_id, $sprache)
 	{
 		$prestudent = new prestudent($prestudent_id);
 		$person = new Person($prestudent->person_id);
@@ -149,7 +149,7 @@ class externeUeberwachung extends basis_db
 			"userId" => $prestudent_id,
 			"lastName" => $person->nachname,
 			"firstName" => $person->vorname,
-			"language" => $person->sprache,
+			"language" => $sprache === 'German' ? 'de' : 'en',
 			"accountName" => "technikum_wien",
 			"accountId" => "technikum_wien",
 			"examId" => $reihungstest_id . '_' . $today,

From 5a77478071c7503ce32b885e0303f753343b4db2 Mon Sep 17 00:00:00 2001
From: ma0048 <ma0048@technikum-wien.at>
Date: Mon, 15 Dec 2025 12:27:17 +0100
Subject: [PATCH 6/9] insertvon entfernt

---
 cis/testtool/externeueberwachung.js                          | 4 +---
 include/externe_ueberwachung.class.php                       | 5 ++---
 .../62889_reihungstest_ueberwachung_mit_constructor.php      | 1 -
 3 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/cis/testtool/externeueberwachung.js b/cis/testtool/externeueberwachung.js
index d15404dec..65143290d 100644
--- a/cis/testtool/externeueberwachung.js
+++ b/cis/testtool/externeueberwachung.js
@@ -28,9 +28,7 @@
 	setTimeout(function () {
 		if (!proctoringOK)
 		{
-			console.warn("Constructor nicht aktiv!")
-			//TODO einkommentieren
-			//top.location.href='resetconnection.php';
+			top.location.href='resetconnection.php';
 		}
 	}, 1000);
 })();
\ No newline at end of file
diff --git a/include/externe_ueberwachung.class.php b/include/externe_ueberwachung.class.php
index 5e5bafded..b28a8439a 100644
--- a/include/externe_ueberwachung.class.php
+++ b/include/externe_ueberwachung.class.php
@@ -53,11 +53,10 @@ class externeUeberwachung extends basis_db
 
 		$uuid = $this->genereateUUID();
 
-		$qry = "INSERT INTO testtool.tbl_externe_ueberwachung (prestudent_id, session_id, insertvon)
+		$qry = "INSERT INTO testtool.tbl_externe_ueberwachung (prestudent_id, session_id)
 				VALUES (".
 			$this->db_add_param($prestudent_id).",".
-			$this->db_add_param($uuid).",".
-			$this->db_add_param(get_uid()).")";
+			$this->db_add_param($uuid).")";
 
 		if($this->db_query($qry))
 		{
diff --git a/system/dbupdate_3.4/62889_reihungstest_ueberwachung_mit_constructor.php b/system/dbupdate_3.4/62889_reihungstest_ueberwachung_mit_constructor.php
index 7f306e3d9..1b469a635 100644
--- a/system/dbupdate_3.4/62889_reihungstest_ueberwachung_mit_constructor.php
+++ b/system/dbupdate_3.4/62889_reihungstest_ueberwachung_mit_constructor.php
@@ -19,7 +19,6 @@ if(!$result = @$db->db_query("SELECT 1 FROM testtool.tbl_externe_ueberwachung LI
 			prestudent_id				INTEGER NOT NULL,
 			session_id					UUID NOT NULL,
 			insertamum					TIMESTAMP DEFAULT NOW(),
-			insertvon					VARCHAR(32) NOT NULL,
 			CONSTRAINT tbl_externe_ueberwachung_pk PRIMARY KEY(externe_ueberwachung_id)
 		);
 		CREATE SEQUENCE testtool.tbl_externe_ueberwachungg_id_seq

From 40ae57fb0c597964d3832f2a11c75853ef170682 Mon Sep 17 00:00:00 2001
From: ma0048 <ma0048@technikum-wien.at>
Date: Thu, 8 Jan 2026 12:01:20 +0100
Subject: [PATCH 7/9] proctoring check ueberarbeitet

---
 cis/testtool/externeueberwachung.js        | 37 ++++-----------
 cis/testtool/frage.css                     | 30 ++++++++++++
 cis/testtool/frage.php                     |  4 +-
 cis/testtool/frage_externe_ueberwachung.js | 53 ++++++++++++++++++++++
 cis/testtool/index.php                     |  1 +
 5 files changed, 96 insertions(+), 29 deletions(-)
 create mode 100644 cis/testtool/frage.css
 create mode 100644 cis/testtool/frage_externe_ueberwachung.js

diff --git a/cis/testtool/externeueberwachung.js b/cis/testtool/externeueberwachung.js
index 65143290d..71951779f 100644
--- a/cis/testtool/externeueberwachung.js
+++ b/cis/testtool/externeueberwachung.js
@@ -1,34 +1,15 @@
 (function () {
-	/*
-
-	const params = new URLSearchParams(location.search);
-	let expectedOrigin = params.get("examus-client-origin");
-
-	if (!expectedOrigin)
-	{
-		window.top.location.href = 'resetconnection.php';
-		return;
+	function sendMessage() {
+		let frame = window.frames['content'];
+		if (frame)
+			frame.postMessage({ type: "proctoringReady" });
 	}
-	*/
-	let proctoringOK = false;
 
-	window.addEventListener("message", function (e) {
-		/*if (e.origin !== expectedOrigin) {
-			return;
-		}*/
-
-		const data = e.data || {};
-
-		if (data.proctoringIsActive)
+	window.addEventListener("message", function (e)
+	{
+		if (e.data.indexOf("proctoringReady_") === 0)
 		{
-			proctoringOK = true;
+			sendMessage();
 		}
 	});
-
-	setTimeout(function () {
-		if (!proctoringOK)
-		{
-			top.location.href='resetconnection.php';
-		}
-	}, 1000);
-})();
\ No newline at end of file
+})();
diff --git a/cis/testtool/frage.css b/cis/testtool/frage.css
new file mode 100644
index 000000000..04024ae53
--- /dev/null
+++ b/cis/testtool/frage.css
@@ -0,0 +1,30 @@
+.proctoring-blocker
+{
+	position: fixed;
+	inset: 0;
+	z-index: 99999;
+	backdrop-filter: blur(6px);
+	pointer-events: all;
+	user-select: none;
+}
+
+.proctoring-blocker.hidden
+{
+	display: none !important;
+}
+
+.proctoring-text
+{
+	position: absolute;
+	top: 50%;
+	left: 50%;
+	transform: translate(-50%, -50%);
+	color: #fff;
+	font-size: 16px;
+	font-family: sans-serif;
+}
+
+.proctoring-blur-fallback
+{
+	filter: blur(6px);
+}
diff --git a/cis/testtool/frage.php b/cis/testtool/frage.php
index 4267d6a13..bf2ee24c5 100644
--- a/cis/testtool/frage.php
+++ b/cis/testtool/frage.php
@@ -183,7 +183,9 @@ if(!isset($_SESSION['pruefling_id']))
 	die($p->t('testtool/bitteZuerstAnmelden'));
 
 if (!empty($_SESSION['externe_ueberwachung']) && isset($_SESSION['externe_ueberwachung_verified'])): ?>
-	<script type="text/javascript" src="externeueberwachung.js"></script>
+	<link href="frage.css" rel="stylesheet" type="text/css" />
+	<script type="text/javascript" src="frage_externe_ueberwachung.js"></script>
+	<div id="proctoringBlocker" class="proctoring-blocker hidden"></div>
 <?php endif;
 
 $pruefling = new pruefling();
diff --git a/cis/testtool/frage_externe_ueberwachung.js b/cis/testtool/frage_externe_ueberwachung.js
new file mode 100644
index 000000000..31a7b414f
--- /dev/null
+++ b/cis/testtool/frage_externe_ueberwachung.js
@@ -0,0 +1,53 @@
+(function () {
+	let ok = false;
+	let blocker;
+
+	function showBlocker() {
+		blocker = document.getElementById("proctoringBlocker");
+
+		if (!blocker)
+		{
+			blocker = document.createElement("div");
+			blocker.id = "proctoringBlocker";
+			blocker.className = "proctoring-blocker";
+			blocker.innerHTML = '<div class="proctoring-text">Loading...</div>';
+			document.body.appendChild(blocker);
+		}
+		document.documentElement.classList.add("proctoring-blur-fallback");
+	}
+
+	function block() {
+		showBlocker();
+		blocker.classList.remove("hidden");
+	}
+
+	function unblock() {
+		document.documentElement.classList.remove("proctoring-blur-fallback");
+		if (!blocker) return;
+		blocker.classList.add("hidden");
+	}
+
+	const blockTimer = setTimeout(function () {
+		if (!ok)
+			block();
+	}, 1500);
+
+	window.addEventListener("message", function (e) {
+		const data = e.data || {};
+
+		if (data.type === "proctoringReady")
+		{
+			ok = true;
+			clearTimeout(blockTimer);
+			unblock();
+		}
+	});
+
+	setTimeout(function () {
+		if (!ok) {
+			top.location.href = "resetconnection.php";
+		}
+	}, 3000);
+})();
+
+
diff --git a/cis/testtool/index.php b/cis/testtool/index.php
index 9aa6c3f84..6f2cfac26 100644
--- a/cis/testtool/index.php
+++ b/cis/testtool/index.php
@@ -22,6 +22,7 @@ if ((isset($_SESSION['externe_ueberwachung']) && $_SESSION['externe_ueberwachung
 	<link href="../../skin/style.css.php" rel="stylesheet" type="text/css">
 	<?php
 	if (!empty($_SESSION['externe_ueberwachung'])) : ?>
+	<script type="text/javascript" src="externeueberwachung.js"></script>
 	<script>
 		function loadInContent(url)
 		{

From d67cad925d2f914c3fbf265d0a608ff709711903 Mon Sep 17 00:00:00 2001
From: ma0048 <ma0048@technikum-wien.at>
Date: Wed, 14 Jan 2026 13:59:42 +0100
Subject: [PATCH 8/9] externe ueberwachung deaktivieren ueber config params in
 die config verlagert

---
 cis/testtool/login.php                        |  2 +-
 cis/testtool/resetconnection.php              |  3 +-
 composer.json                                 |  4 +-
 composer.lock                                 | 59 ++++++++++++++++++-
 config/cis.config-default.inc.php             |  2 +
 config/global.config-default.inc.php          |  3 +
 include/externe_ueberwachung.class.php        | 14 +++--
 vilesci/stammdaten/reihungstestverwaltung.php |  2 +
 8 files changed, 77 insertions(+), 12 deletions(-)

diff --git a/cis/testtool/login.php b/cis/testtool/login.php
index 2b4e678fa..88e8827ff 100644
--- a/cis/testtool/login.php
+++ b/cis/testtool/login.php
@@ -173,7 +173,7 @@ if (isset($_REQUEST['prestudent']))
 							$reload_menu = true;
 					}
 
-					if ($rt->externe_ueberwachung)
+					if ($rt->externe_ueberwachung && defined('TESTTOOL_EXTERNE_UEBERWACHUNG_ALLOWED') && TESTTOOL_EXTERNE_UEBERWACHUNG_ALLOWED)
 					{
 						$_SESSION['externe_ueberwachung'] = true;
 						$_SESSION['externe_ueberwachung_verified'] = false;
diff --git a/cis/testtool/resetconnection.php b/cis/testtool/resetconnection.php
index e0141ae0b..ab2806a1f 100644
--- a/cis/testtool/resetconnection.php
+++ b/cis/testtool/resetconnection.php
@@ -8,8 +8,7 @@ require_once('../../config/global.config.inc.php');
 require_once '../../include/externe_ueberwachung.class.php';
 if (!$db = new basis_db())
 	die('Fehler beim Oeffnen der Datenbankverbindung');
-
-if (isset($_SESSION['externe_ueberwachung']) && $_SESSION['externe_ueberwachung'] === true)
+if ((defined('TESTTOOL_EXTERNE_UEBERWACHUNG_ALLOWED') && TESTTOOL_EXTERNE_UEBERWACHUNG_ALLOWED) && isset($_SESSION['externe_ueberwachung']) && $_SESSION['externe_ueberwachung'] === true)
 {
 	$ueberwachung = new externeUeberwachung();
 	$url = $ueberwachung->start($_SESSION['prestudent_id'], $_SESSION['reihungstestID'], $_SESSION['sprache']);
diff --git a/composer.json b/composer.json
index 35499ec61..c1f4506c6 100644
--- a/composer.json
+++ b/composer.json
@@ -456,6 +456,7 @@
 		"fortawesome/font-awesome4": "4.7.*",
 		"fortawesome/font-awesome6": "6.1.*",
 		"fzaninotto/faker": "1.*",
+		"firebase/php-jwt": "^6.0",
 
 		"highcharts/highcharts-dist": "^7.1.2",
 
@@ -517,7 +518,6 @@
 		"phpmd/phpmd": "2.*",
 		"phpmetrics/phpmetrics": "2.*",
 		"sebastian/phpcpd": "3.*",
-		"phpunit/phpunit": "^6",
-		"firebase/php-jwt": "^6.0"
+		"phpunit/phpunit": "^6"
 	}
 }
diff --git a/composer.lock b/composer.lock
index f2ce3923c..7525b7f5b 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "1de37a74ba51a66057eb2712b21340c8",
+    "content-hash": "f4f0af4586f46f97d8b6092c1ac0fb3a",
     "packages": [
         {
             "name": "afarkas/html5shiv",
@@ -882,6 +882,63 @@
             },
             "type": "library"
         },
+        {
+            "name": "firebase/php-jwt",
+            "version": "v6.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/firebase/php-jwt.git",
+                "reference": "0541cba75ab108ef901985e68055a92646c73534"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/firebase/php-jwt/zipball/0541cba75ab108ef901985e68055a92646c73534",
+                "reference": "0541cba75ab108ef901985e68055a92646c73534",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.0"
+            },
+            "require-dev": {
+                "phpunit/phpunit": ">=4.8 <=9"
+            },
+            "suggest": {
+                "paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Firebase\\JWT\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "authors": [
+                {
+                    "name": "Neuman Vong",
+                    "email": "neuman+pear@twilio.com",
+                    "role": "Developer"
+                },
+                {
+                    "name": "Anant Narayanan",
+                    "email": "anant@php.net",
+                    "role": "Developer"
+                }
+            ],
+            "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
+            "homepage": "https://github.com/firebase/php-jwt",
+            "keywords": [
+                "jwt",
+                "php"
+            ],
+            "support": {
+                "issues": "https://github.com/firebase/php-jwt/issues",
+                "source": "https://github.com/firebase/php-jwt/tree/v6.0.0"
+            },
+            "time": "2022-01-24T15:18:34+00:00"
+        },
         {
             "name": "fortawesome/font-awesome4",
             "version": "4.7.0",
diff --git a/config/cis.config-default.inc.php b/config/cis.config-default.inc.php
index 0bef3a523..cac05ec7a 100644
--- a/config/cis.config-default.inc.php
+++ b/config/cis.config-default.inc.php
@@ -308,5 +308,7 @@ define('EXTERNE_UEBERWACHUNG_SECRET_KEY', null);
 define('EXTERNE_UEBERWACHUNG_INTEGRATION_NAME', 'example');
 define('EXTERNE_UEBERWACHUNG_SESSION_URL', 'https://example.com');
 define('EXTERNE_UEBERWACHUNG_TRIAL_TEST', false);
+define('EXTERNE_UEBERWACHUNG_EXAM_PARAMS', []);
+
 
 ?>
diff --git a/config/global.config-default.inc.php b/config/global.config-default.inc.php
index f24a302cc..c074b7559 100644
--- a/config/global.config-default.inc.php
+++ b/config/global.config-default.inc.php
@@ -360,4 +360,7 @@ define('SANCHO_MAIL_HEADER_IMG', 'sancho_header_DEFAULT.jpg');
 
 // footer image for eigene Mails
 define('SANCHO_MAIL_FOOTER_IMG', 'sancho_footer_DEFAULT.jpg');
+
+//externe Ueberwachung im Testtool erlauben
+define('TESTTOOL_EXTERNE_UEBERWACHUNG_ALLOWED', false);
 ?>
diff --git a/include/externe_ueberwachung.class.php b/include/externe_ueberwachung.class.php
index b28a8439a..a047dfd9a 100644
--- a/include/externe_ueberwachung.class.php
+++ b/include/externe_ueberwachung.class.php
@@ -153,18 +153,20 @@ class externeUeberwachung extends basis_db
 			"accountId" => "technikum_wien",
 			"examId" => $reihungstest_id . '_' . $today,
 			"examName" => !is_null(trim($reihungstest->anmerkung)) ? ($reihungstest->anmerkung . '_' . $today) : ($reihungstest_id . '_' . $today),
-			"allowMultipleDisplays" => true,
-			"allowMakingRoomScanSecondCamera" => false,
-			"duration" => 600,
+			"duration" => 1440,
 			"schedule" => false,
 			"trial" => EXTERNE_UEBERWACHUNG_TRIAL_TEST,
 			"proctoring" => "offline",
-			"identification" => "skip",
-			"startDate" => "2018-03-27T00:00:00Z", //TODO anpassen
-			"endDate" => "2027-03-30T12:55:00Z", // TODO anpassen
+			"startDate" => $reihungstest->datum . 'T00:00:00Z',
+			"endDate" => $reihungstest->datum . 'T23:59:59Z',
 			"sessionId" => $session_id,
 			"sessionUrl" => EXTERNE_UEBERWACHUNG_SESSION_URL
 		];
+
+		if (defined('EXTERNE_UEBERWACHUNG_EXAM_PARAMS'))
+		{
+			$payload = array_merge($payload, EXTERNE_UEBERWACHUNG_EXAM_PARAMS);
+		}
 		return $payload;
 	}
 
diff --git a/vilesci/stammdaten/reihungstestverwaltung.php b/vilesci/stammdaten/reihungstestverwaltung.php
index babbc3ce4..990b3e129 100644
--- a/vilesci/stammdaten/reihungstestverwaltung.php
+++ b/vilesci/stammdaten/reihungstestverwaltung.php
@@ -2573,12 +2573,14 @@ $studienplaene_list = implode(',', array_keys($studienplaene_arr));
 				<input type="number" class="input" id="zugangcode" name="zugangcode" value="<?php echo $db->convert_html_chars($reihungstest->zugangscode) ?>"> (Verpflichtend, wenn die Zugangsüberprüfung aktiviert ist)
 			</td>
 		</tr>
+		<?php if(defined('TESTTOOL_EXTERNE_UEBERWACHUNG_ALLOWED') && TESTTOOL_EXTERNE_UEBERWACHUNG_ALLOWED) : ?>
 			<tr>
 				<td class="feldtitel">Externe Überwachnung</td>
 				<td>
 					<input type="checkbox" id="externe_ueberwachung" name="externe_ueberwachung"<?php echo $reihungstest->externe_ueberwachung ? 'checked="checked"' : '' ?>>
 				</td>
 			</tr>
+		<?php endif; ?>
 		<tr>
 			<td>&nbsp;</td>
 		</tr>

From e0f99a8e8817fe2e6a2ae5f3b999f90931775ff2 Mon Sep 17 00:00:00 2001
From: ma0048 <ma0048@technikum-wien.at>
Date: Mon, 19 Jan 2026 08:28:25 +0100
Subject: [PATCH 9/9] gewichtung und regeln in die config verschoben

---
 config/cis.config-default.inc.php      |  2 ++
 include/externe_ueberwachung.class.php | 11 +++++++++++
 2 files changed, 13 insertions(+)

diff --git a/config/cis.config-default.inc.php b/config/cis.config-default.inc.php
index cac05ec7a..1b38a2be6 100644
--- a/config/cis.config-default.inc.php
+++ b/config/cis.config-default.inc.php
@@ -309,6 +309,8 @@ define('EXTERNE_UEBERWACHUNG_INTEGRATION_NAME', 'example');
 define('EXTERNE_UEBERWACHUNG_SESSION_URL', 'https://example.com');
 define('EXTERNE_UEBERWACHUNG_TRIAL_TEST', false);
 define('EXTERNE_UEBERWACHUNG_EXAM_PARAMS', []);
+define('EXTERNE_UEBERWACHUNG_EXAM_RULES', []);
+define('EXTERNE_UEBERWACHUNG_EXAM_SCORE', []);
 
 
 ?>
diff --git a/include/externe_ueberwachung.class.php b/include/externe_ueberwachung.class.php
index a047dfd9a..ecdaac2fc 100644
--- a/include/externe_ueberwachung.class.php
+++ b/include/externe_ueberwachung.class.php
@@ -167,6 +167,17 @@ class externeUeberwachung extends basis_db
 		{
 			$payload = array_merge($payload, EXTERNE_UEBERWACHUNG_EXAM_PARAMS);
 		}
+
+		if (defined('EXTERNE_UEBERWACHUNG_EXAM_RULES'))
+		{
+			$payload['rules'] = EXTERNE_UEBERWACHUNG_EXAM_RULES;
+		}
+
+		if (defined('EXTERNE_UEBERWACHUNG_EXAM_SCORE'))
+		{
+			$payload['scoreConfig'] = EXTERNE_UEBERWACHUNG_EXAM_SCORE;
+		}
+
 		return $payload;
 	}