chamilo-lms/index.php

<?php
/* For licensing terms, see /license.txt */

use ChamiloSession as Session;

/**
 * @package chamilo.main
 */
define('CHAMILO_HOMEPAGE', true);
define('CHAMILO_LOAD_WYSIWYG', false);

/* Flag forcing the 'current course' reset, as we're not inside a course anymore. */
// Maybe we should change this into an api function? an example: CourseManager::unset();
$cidReset = true;
require_once 'main/inc/global.inc.php';

// The section (for the tabs).
$this_section = SECTION_CAMPUS; //rewritten below if including HTML file
$includeFile = !empty($_GET['include']);
if ($includeFile) {
    $this_section = SECTION_INCLUDE;
} elseif (api_get_configuration_value('plugin_redirection_enabled')) {
    RedirectionPlugin::redirectUser(api_get_user_id());
}

$header_title = null;
if (!api_is_anonymous()) {
    $header_title = ' ';
}

$controller = new IndexManager($header_title);
//Actions
$loginFailed = isset($_GET['loginFailed']) ? true : isset($loginFailed);
if (!empty($_GET['logout'])) {
    $redirect = !empty($_GET['no_redirect']) ? false : true;
    // pass $logoutInfo defined in local.inc.php
    $controller->logout($redirect, $logoutInfo);
}
/**
 * Registers in the track_e_default table (view in important activities in admin
 * interface) a possible attempted break in, sending auth data through get.
 *
 * @todo This piece of code should probably move to local.inc.php where the
 * actual login / logout procedure is handled.
 * The real use of this code block should be seriously considered as well.
 * This form should just use a security token and get done with it.
 */
if (isset($_GET['submitAuth']) && $_GET['submitAuth'] == 1) {
    $i = api_get_anonymous_id();
    Event::addEvent(
        LOG_ATTEMPTED_FORCED_LOGIN,
        'tried_hacking_get',
        $_SERVER['REMOTE_ADDR'].(empty($_POST['login']) ? '' : '/'.$_POST['login']),
        null,
        $i
    );
    echo 'Attempted breakin - sysadmins notified.';
    session_destroy();
    exit();
}
// Delete session item necessary to check for legal terms
if (api_get_setting('allow_terms_conditions') === 'true') {
    Session::erase('term_and_condition');
}
//If we are not logged in and customapages activated
if (!api_user_is_login() && CustomPages::enabled()) {
    if (Request::get('loggedout')) {
        CustomPages::display(CustomPages::LOGGED_OUT);
    } else {
        CustomPages::display(CustomPages::INDEX_UNLOGGED);
    }
}
/**
 * @todo This piece of code should probably move to local.inc.php where the
 * actual login procedure is handled.
 * @todo Check if this code is used. I think this code is never executed because
 * after clicking the submit button the code does the stuff
 * in local.inc.php and then redirects to index.php or user_portal.php depending
 * on api_get_setting('page_after_login').
 */
if (!empty($_POST['submitAuth'])) {
    // The user has been already authenticated, we are now to find the last login of the user.
    if (isset($_user['user_id'])) {
        $track_login_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_LOGIN);
        $sql = "SELECT UNIX_TIMESTAMP(login_date)
                FROM $track_login_table
                WHERE login_user_id = '".$_user['user_id']."'
                ORDER BY login_date DESC LIMIT 1";
        $result_last_login = Database::query($sql);
        if (!$result_last_login) {
            if (Database::num_rows($result_last_login) > 0) {
                $user_last_login_datetime = Database::fetch_array($result_last_login);
                $user_last_login_datetime = $user_last_login_datetime[0];
                Session::write('user_last_login_datetime', $user_last_login_datetime);
            }
        }
    }
} else {
    // Only if login form was not sent because if the form is sent the user was already on the page.
    Event::open();
}

if (!api_is_anonymous()) {
    $url = api_get_configuration_value('redirect_index_to_url_for_logged_users');
    if (!empty($url)) {
        header("Location: $url");
        exit;
    }
}

if (api_get_setting('display_categories_on_homepage') === 'true') {
    $controller->tpl->assign('course_category_block', $controller->return_courses_in_categories());
}
$controller->set_login_form();
//@todo move this inside the IndexManager

if (!api_is_anonymous()) {
    $controller->tpl->assign('profile_block', $controller->return_profile_block());
    $controller->tpl->assign('user_image_block', $controller->return_user_image_block());
    $controller->tpl->assign('course_block', $controller->return_course_block());
}
$hotCourses = '';
$announcements_block = '';

// Display the Site Use Cookie Warning Validation
$useCookieValidation = api_get_setting('cookie_warning');

if ($useCookieValidation === 'true') {
    if (!api_site_use_cookie_warning_cookie_exist()) {
        if (Template::isToolBarDisplayedForUser()) {
            $controller->tpl->assign('toolBarDisplayed', true);
        } else {
            $controller->tpl->assign('toolBarDisplayed', false);
        }
        $controller->tpl->enableCookieUsageWarning();
    }
}
// When loading a chamilo page do not include the hot courses and news
if (!isset($_REQUEST['include'])) {
    if (api_get_setting('show_hot_courses') == 'true') {
        if (api_get_configuration_value('popular_courses_handpicked')) {
            // If the option has been set correctly, use the courses manually
            // marked as popular rather than the ones marked by users
            $hotCourses = $controller->returnPopularCoursesHandPicked();
        } else {
            $hotCourses = $controller->return_hot_courses();
        }
    }
    $announcements_block = $controller->return_announcements();

    if (api_get_configuration_value('course_catalog_display_in_home')
        && ('true' === api_get_setting('course_catalog_published') || !api_is_anonymous())
    ) {
        $userCanViewPage = CoursesAndSessionsCatalog::userCanView();

        if (CoursesAndSessionsCatalog::is(CATALOG_SESSIONS)) {
            $announcements_block .= $userCanViewPage ? CoursesAndSessionsCatalog::sessionList(true) : '';
        } else {
            $announcements_block .= $userCanViewPage
                ? CoursesAndSessionsCatalog::displayCoursesList('display_courses', '', '', true)
                : '';
        }
    }
}
if (api_get_configuration_value('show_hot_sessions') === true) {
    $hotSessions = SessionManager::getHotSessions();
    $controller->tpl->assign('hot_sessions', $hotSessions);
}
$controller->tpl->assign('hot_courses', $hotCourses);
$controller->tpl->assign('announcements_block', $announcements_block);

$allowJustification = api_get_plugin_setting('justification', 'tool_enable') === 'true';

$justification = '';
if ($allowJustification) {
    $plugin = Justification::create();
    $courseId = api_get_plugin_setting('justification', 'default_course_id');
    if (!empty($courseId)) {
        $courseInfo = api_get_course_info_by_id($courseId);
        $link = Display::url($plugin->get_lang('SubscribeToASession'), $courseInfo['course_public_url']);
        $justification = Display::return_message($link, 'info', false);
    }
}

if ($includeFile) {
    // If we are including a static page, then home_welcome is empty
    $controller->tpl->assign('home_welcome', $justification);
    $controller->tpl->assign('home_include', $controller->return_home_page($includeFile));
} else {
    // If we are including the real homepage, then home_include is empty
    $controller->tpl->assign('home_welcome', $justification.$controller->return_home_page(false));
    $controller->tpl->assign('home_include', '');
}
$controller->tpl->assign('navigation_links', $controller->return_navigation_links());
$controller->tpl->assign('notice_block', $controller->return_notice());
$controller->tpl->assign('help_block', $controller->return_help());
$controller->tpl->assign('student_publication_block', $controller->studentPublicationBlock());
if (api_is_platform_admin() || api_is_drh()) {
    $controller->tpl->assign('skills_block', $controller->returnSkillLinks());
}
if (api_is_anonymous()) {
    $controller->tpl->setLoginBodyClass();
}
// direct login to course
if (isset($_GET['firstpage'])) {
    $firstPage = $_GET['firstpage'];
    $courseInfo = api_get_course_info($firstPage);

    if (!empty($courseInfo)) {
        api_set_firstpage_parameter($firstPage);

        // if we are already logged, go directly to course
        if (api_user_is_login()) {
            echo "<script>self.location.href='index.php?firstpage=".Security::remove_XSS($firstPage)."'</script>";
        }
    }
} else {
    api_delete_firstpage_parameter();
}

$controller->setGradeBookDependencyBar(api_get_user_id());
$controller->tpl->display_two_col_template();

// Deleting the session_id.
Session::erase('session_id');
Session::erase('id_session');
Session::erase('studentview');
api_remove_in_gradebook();
Feature #347 - Cleaning the root index.php file. 16 years ago			`<?php`
			`/* For licensing terms, see /license.txt */`
fix home welcome 8 years ago
Update index.php 8 years ago			`use ChamiloSession as Session;`
Move code into a function, changed redirect plugin behaviour BT#13691 - Now always redirect from /index.php to the user's URL if selected. 8 years ago
[svn r10548] refactoring a lot of @todos have been added and these should really be done to obtain cleaner code. 19 years ago			`/**`
Update index.php 8 years ago			`* @package chamilo.main`
[svn r10548] refactoring a lot of @todos have been added and these should really be done to obtain cleaner code. 19 years ago			`*/`
Update index.php 8 years ago			`define('CHAMILO_HOMEPAGE', true);`
			`define('CHAMILO_LOAD_WYSIWYG', false);`
Move code into a function, changed redirect plugin behaviour BT#13691 - Now always redirect from /index.php to the user's URL if selected. 8 years ago
Update index.php 8 years ago			`/* Flag forcing the 'current course' reset, as we're not inside a course anymore. */`
			`// Maybe we should change this into an api function? an example: CourseManager::unset();`
			`$cidReset = true;`
			`require_once 'main/inc/global.inc.php';`
Move code into a function, changed redirect plugin behaviour BT#13691 - Now always redirect from /index.php to the user's URL if selected. 8 years ago
Update index.php 8 years ago			`// The section (for the tabs).`
Add template variable home_include when including static HTML page through main menu. Add parameter to return_home_page(). Add SECTION_INCLUDE constant - refs #11338 8 years ago			`$this_section = SECTION_CAMPUS; //rewritten below if including HTML file`
			`$includeFile = !empty($_GET['include']);`
			`if ($includeFile) {`
			`$this_section = SECTION_INCLUDE;`
Fix show include files with Redirection plugin is enabled - refs 14345 7 years ago			`} elseif (api_get_configuration_value('plugin_redirection_enabled')) {`
			`RedirectionPlugin::redirectUser(api_get_user_id());`
Add template variable home_include when including static HTML page through main menu. Add parameter to return_home_page(). Add SECTION_INCLUDE constant - refs #11338 8 years ago			`}`
Fix show include files with Redirection plugin is enabled - refs 14345 7 years ago
Update index.php 8 years ago			`$header_title = null;`
			`if (!api_is_anonymous()) {`
			`$header_title = ' ';`
			`}`
fix home welcome 8 years ago
Update index.php 8 years ago			`$controller = new IndexManager($header_title);`
			`//Actions`
			`$loginFailed = isset($_GET['loginFailed']) ? true : isset($loginFailed);`
			`if (!empty($_GET['logout'])) {`
			`$redirect = !empty($_GET['no_redirect']) ? false : true;`
			`// pass $logoutInfo defined in local.inc.php`
			`$controller->logout($redirect, $logoutInfo);`
			`}`
			`/**`
			`* Registers in the track_e_default table (view in important activities in admin`
			`* interface) a possible attempted break in, sending auth data through get.`
Applied fixes from FlintCI 8 years ago			`*`
Update index.php 8 years ago			`* @todo This piece of code should probably move to local.inc.php where the`
			`* actual login / logout procedure is handled.`
			`* The real use of this code block should be seriously considered as well.`
			`* This form should just use a security token and get done with it.`
			`*/`
			`if (isset($_GET['submitAuth']) && $_GET['submitAuth'] == 1) {`
			`$i = api_get_anonymous_id();`
			`Event::addEvent(`
			`LOG_ATTEMPTED_FORCED_LOGIN,`
			`'tried_hacking_get',`
			`$_SERVER['REMOTE_ADDR'].(empty($_POST['login']) ? '' : '/'.$_POST['login']),`
			`null,`
			`$i`
			`);`
			`echo 'Attempted breakin - sysadmins notified.';`
			`session_destroy();`
Minor - Flint fixes 5 years ago			`exit();`
Update index.php 8 years ago			`}`
			`// Delete session item necessary to check for legal terms`
			`if (api_get_setting('allow_terms_conditions') === 'true') {`
			`Session::erase('term_and_condition');`
			`}`
			`//If we are not logged in and customapages activated`
Fix show custom when user is not logged - refs BT#14059 7 years ago			`if (!api_user_is_login() && CustomPages::enabled()) {`
Update index.php 8 years ago			`if (Request::get('loggedout')) {`
			`CustomPages::display(CustomPages::LOGGED_OUT);`
			`} else {`
			`CustomPages::display(CustomPages::INDEX_UNLOGGED);`
			`}`
			`}`
			`/**`
			`* @todo This piece of code should probably move to local.inc.php where the`
			`* actual login procedure is handled.`
			`* @todo Check if this code is used. I think this code is never executed because`
			`* after clicking the submit button the code does the stuff`
			`* in local.inc.php and then redirects to index.php or user_portal.php depending`
			`* on api_get_setting('page_after_login').`
			`*/`
			`if (!empty($_POST['submitAuth'])) {`
			`// The user has been already authenticated, we are now to find the last login of the user.`
			`if (isset($_user['user_id'])) {`
			`$track_login_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_LOGIN);`
			`$sql = "SELECT UNIX_TIMESTAMP(login_date)`
			`FROM $track_login_table`
			`WHERE login_user_id = '".$_user['user_id']."'`
			`ORDER BY login_date DESC LIMIT 1";`
			`$result_last_login = Database::query($sql);`
			`if (!$result_last_login) {`
			`if (Database::num_rows($result_last_login) > 0) {`
			`$user_last_login_datetime = Database::fetch_array($result_last_login);`
			`$user_last_login_datetime = $user_last_login_datetime[0];`
			`Session::write('user_last_login_datetime', $user_last_login_datetime);`
			`}`
Adds cookie warning message see #7478 A configuration option is required in configuration.php: chamilo_use_cookie_warning_validation 11 years ago			`}`
Update index.php 8 years ago			`}`
			`} else {`
			`// Only if login form was not sent because if the form is sent the user was already on the page.`
Minor - format code - Add @deprecated for unused functions, - Change function name 8 years ago			`Event::open();`
Update index.php 8 years ago			`}`
Redirect index to url for logged in users see BT#14457 $_configuration['redirect_index_to_url_for_logged_users'] = 'user_portal.php'; 7 years ago
			`if (!api_is_anonymous()) {`
			`$url = api_get_configuration_value('redirect_index_to_url_for_logged_users');`
			`if (!empty($url)) {`
			`header("Location: $url");`
			`exit;`
			`}`
			`}`

Update index.php 8 years ago			`if (api_get_setting('display_categories_on_homepage') === 'true') {`
			`$controller->tpl->assign('course_category_block', $controller->return_courses_in_categories());`
			`}`
			`$controller->set_login_form();`
			`//@todo move this inside the IndexManager`
add hots sessions - sessions_current.tpl 8 years ago
Update index.php 8 years ago			`if (!api_is_anonymous()) {`
			`$controller->tpl->assign('profile_block', $controller->return_profile_block());`
			`$controller->tpl->assign('user_image_block', $controller->return_user_image_block());`
removing the block with repeated links return_teacher_link 7 years ago			`$controller->tpl->assign('course_block', $controller->return_course_block());`
Update index.php 8 years ago			`}`
add hots sessions - sessions_current.tpl 8 years ago			`$hotCourses = '';`
Update index.php 8 years ago			`$announcements_block = '';`
add hots sessions - sessions_current.tpl 8 years ago
Update index.php 8 years ago			`// Display the Site Use Cookie Warning Validation`
			`$useCookieValidation = api_get_setting('cookie_warning');`
add hots sessions - sessions_current.tpl 8 years ago
Update index.php 8 years ago			`if ($useCookieValidation === 'true') {`
Security: Refactor cookie warning to avoid CSRF - refs BT#21289 2 years ago			`if (!api_site_use_cookie_warning_cookie_exist()) {`
Update index.php 8 years ago			`if (Template::isToolBarDisplayedForUser()) {`
			`$controller->tpl->assign('toolBarDisplayed', true);`
			`} else {`
			`$controller->tpl->assign('toolBarDisplayed', false);`
			`}`
Security: Refactor cookie warning to avoid CSRF - refs BT#21289 2 years ago			`$controller->tpl->enableCookieUsageWarning();`
Update index.php 8 years ago			`}`
			`}`
			`// When loading a chamilo page do not include the hot courses and news`
			`if (!isset($_REQUEST['include'])) {`
			`if (api_get_setting('show_hot_courses') == 'true') {`
Display - Rename methods and variables, improve documentation in new handpicked popular courses feature - refs #3095 5 years ago			`if (api_get_configuration_value('popular_courses_handpicked')) {`
			`// If the option has been set correctly, use the courses manually`
			`// marked as popular rather than the ones marked by users`
			`$hotCourses = $controller->returnPopularCoursesHandPicked();`
Mark popular courses manually 6 years ago			`} else {`
			`$hotCourses = $controller->return_hot_courses();`
			`}`
Update index.php 8 years ago			`}`
			`$announcements_block = $controller->return_announcements();`
Course catalog: add course_catalog_display_in_home conf setting - refs BT#19827 Display the course catalog in home page 4 years ago
			`if (api_get_configuration_value('course_catalog_display_in_home')`
			`&& ('true' === api_get_setting('course_catalog_published') \|\| !api_is_anonymous())`
			`) {`
			`$userCanViewPage = CoursesAndSessionsCatalog::userCanView();`

			`if (CoursesAndSessionsCatalog::is(CATALOG_SESSIONS)) {`
			`$announcements_block .= $userCanViewPage ? CoursesAndSessionsCatalog::sessionList(true) : '';`
			`} else {`
			`$announcements_block .= $userCanViewPage`
			`? CoursesAndSessionsCatalog::displayCoursesList('display_courses', '', '', true)`
			`: '';`
			`}`
			`}`
Update index.php 8 years ago			`}`
add hots sessions - sessions_current.tpl 8 years ago			`if (api_get_configuration_value('show_hot_sessions') === true) {`
			`$hotSessions = SessionManager::getHotSessions();`
			`$controller->tpl->assign('hot_sessions', $hotSessions);`
			`}`
			`$controller->tpl->assign('hot_courses', $hotCourses);`
Update index.php 8 years ago			`$controller->tpl->assign('announcements_block', $announcements_block);`
Justification plugin: add course link in index BT#16387 6 years ago
			`$allowJustification = api_get_plugin_setting('justification', 'tool_enable') === 'true';`

			`$justification = '';`
			`if ($allowJustification) {`
			`$plugin = Justification::create();`
			`$courseId = api_get_plugin_setting('justification', 'default_course_id');`
			`if (!empty($courseId)) {`
			`$courseInfo = api_get_course_info_by_id($courseId);`
			`$link = Display::url($plugin->get_lang('SubscribeToASession'), $courseInfo['course_public_url']);`
			`$justification = Display::return_message($link, 'info', false);`
			`}`
			`}`

Add template variable home_include when including static HTML page through main menu. Add parameter to return_home_page(). Add SECTION_INCLUDE constant - refs #11338 8 years ago			`if ($includeFile) {`
			`// If we are including a static page, then home_welcome is empty`
Justification plugin: add course link in index BT#16387 6 years ago			`$controller->tpl->assign('home_welcome', $justification);`
Add template variable home_include when including static HTML page through main menu. Add parameter to return_home_page(). Add SECTION_INCLUDE constant - refs #11338 8 years ago			`$controller->tpl->assign('home_include', $controller->return_home_page($includeFile));`
			`} else {`
			`// If we are including the real homepage, then home_include is empty`
Justification plugin: add course link in index BT#16387 6 years ago			`$controller->tpl->assign('home_welcome', $justification.$controller->return_home_page(false));`
Add template variable home_include when including static HTML page through main menu. Add parameter to return_home_page(). Add SECTION_INCLUDE constant - refs #11338 8 years ago			`$controller->tpl->assign('home_include', '');`
			`}`
add macros for twig in tpl - refs BT#11338 8 years ago			`$controller->tpl->assign('navigation_links', $controller->return_navigation_links());`
Update index.php 8 years ago			`$controller->tpl->assign('notice_block', $controller->return_notice());`
			`$controller->tpl->assign('help_block', $controller->return_help());`
Add my publications page see BT#17508 5 years ago			`$controller->tpl->assign('student_publication_block', $controller->studentPublicationBlock());`
Update index.php 8 years ago			`if (api_is_platform_admin() \|\| api_is_drh()) {`
			`$controller->tpl->assign('skills_block', $controller->returnSkillLinks());`
			`}`
			`if (api_is_anonymous()) {`
			`$controller->tpl->setLoginBodyClass();`
			`}`
			`// direct login to course`
			`if (isset($_GET['firstpage'])) {`
Add Security::remove_Xss 4 years ago			`$firstPage = $_GET['firstpage'];`
			`$courseInfo = api_get_course_info($firstPage);`

			`if (!empty($courseInfo)) {`
			`api_set_firstpage_parameter($firstPage);`

			`// if we are already logged, go directly to course`
			`if (api_user_is_login()) {`
			`echo "<script>self.location.href='index.php?firstpage=".Security::remove_XSS($firstPage)."'</script>";`
			`}`
Update index.php 8 years ago			`}`
			`} else {`
			`api_delete_firstpage_parameter();`
			`}`
Minor - remove session id 7 years ago
Update index.php 8 years ago			`$controller->setGradeBookDependencyBar(api_get_user_id());`
			`$controller->tpl->display_two_col_template();`
Minor - remove session id 7 years ago
			`// Deleting the session_id.`
			`Session::erase('session_id');`
			`Session::erase('id_session');`
			`Session::erase('studentview');`
			`api_remove_in_gradebook();`