<li>There were no specific security flaws detected during the development of 1.10.0 but standard development procedures and criterias were followed during the development to ensure a very high security level.</li>
</ul>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/1307b662d2b5ba011b98518caa91e6714d8e3367">1307b662</a> - <ahref="https://task.beeznest.com/issues/10295">BT#10295</a>) Remove XSS when add/edit career</li>
</ul>
<h3>Possibly breaking changes</h3>
<ul>
<li>Dropped support for PHP 5.3 and inferior (now REQUIRES PHP 5.4 or more)</li>
@ -70,7 +71,8 @@
Only showing some of the more than 3000 commits since 1.9.10 (https://github.com/chamilo/chamilo-lms/compare/v1.9.10...1.10.x). This section is divided into two for practical purposes: one fo normal users, one for developers and sysadmins.
<h4>For end-users, teachers and Chamilo admins</h4>
<ul>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/ab71b27233f6bbab8266fbc4be3ea96bf7512213">ab71b272</a>) Add clear documentation about dropping support for IE8 (only supporting IE9 and up + all other browsers) starting in 1.0.x</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/d1aa7a96feef449f8e4811f674e35c107c306420">d1aa7a96</a> - <ahref="https://support.chamilo.org/issues/279">#279</a>) Added new lib to vCard Exports</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/ab71b27233f6bbab8266fbc4be3ea96bf7512213">ab71b272</a>) Add clear documentation about dropping support for IE8 (only supporting IE9 and up + all other browsers) starting in 1.0.x</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/8e1e8a97fa266eba6d807fb129da318bbf7ff171">8e1e8a97</a> - <ahref="https://task.beeznest.com/issues/9889">BT#9889</a>) You can now link a video to your course description</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/bd5519006ec43eec82b17cddc1f6475a73830d71">bd551900</a> - <ahref="https://task.beeznest.com/issues/9889">BT#9889</a>) Add Session Description page to see more details about the session from the sessions catalogue</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/415c428aada4078ab4bd16a2f4adc38e65b2e690">415c428a</a> - <ahref="https://task.beeznest.com/issues/9884">BT#9884</a>) Courses inside the session can now be ordered manually</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/3cb74208b95031de454ee074cc5f70303c87b303">3cb74208</a> - <ahref="https://support.chamilo.org/issues/7883">#7883</a>) Slightly change skills list style on skill wheel's left panel</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/0182e1f28b3919de100423bf08bff5477f9277b9">0182e1f2</a> - <ahref="https://support.chamilo.org/issues/7883">#7883</a>) Add badges to skills list + remove text from action buttons to increase space for description</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/2030e4cff41211106809bf757d824fcb92733e21">2030e4cf</a> - <ahref="https://support.chamilo.org/issues/7885">#7885</a>) Improve mail sent to teachers on student submission of assignment (remove visible path)</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/5052c4d38822b6b8b705015ecf57f348507618f1">5052c4d3</a> - <ahref="https://support.chamilo.org/issues/7881">#7881</a>) Create page for badge criteria</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/73a64d311eeb05c45f41ec17dc5e20a67a04495a">73a64d31</a> - <ahref="https://task.beeznest.com/issues/10363">BT#10363</a>)Add pdf export for gradebook results</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/ae31808dada316d79ca78fec4fc01e9755c64aa9">ae31808d</a>) Make user picture clickable in whoisonline</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/7db39d29e7ea87f89dc109b84fc62fb54ff94b7d">7db39d29</a>) Add title and OpenGraph tags to certificate default template</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/f329f5d7204681eba80864c224d98f35cf3c224d">f329f5d7</a>) Fixes the fact that an Anonymous see global chat bar - Refs 7890</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/2b95a8c296a0bf9d2552c775c7a71fec7b574b1a">2b95a8c2</a>) Add "I am a {language} user" and expose background context for tests</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/ca149ba80fd5497b13a38dc6fff97d9eb912f009">ca149ba8</a> - <ahref="https://support.chamilo.org/issues/7879">#7879</a>) Set course's allow_public_certificates depending of allow_public_certificates global</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/8c734aa52a60cd57293194b57b2fec6ece922c39">8c734aa5</a> - <ahref="https://support.chamilo.org/issues/7880">#7880</a>) Allow export badges when certificates aren't allowed</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/1bbbea10ee88deffbde6fb32374bbdbe8efb1c7d">1bbbea10</a>) Fix the Issues with languages priorities</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/8f67cf686f428278470e131fcd05df1257c4cbfd">8f67cf68</a> - <ahref="https://support.chamilo.org/issues/7768">#7768</a>) Allow register beneficiaries with the sales of items</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/df5a2eb3ad28465b4fbf94263aa088b136f8dcff">df5a2eb3</a> - <ahref="https://support.chamilo.org/issues/7768">#7768</a>) Register datetime of sales</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/5b26584ff2b2db0b5a33a5c642a431b80ecb2c5b">5b26584f</a> - <ahref="https://support.chamilo.org/issues/7768">#7768</a>) Display payment method on sale report</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/c44658d72906ec5ff1e6a957d52016958305729d">c44658d7</a> - <ahref="https://support.chamilo.org/issues/7456">#7456</a>) Fix blank page when using hotpotatoe + LP</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/b91733cc167c69e09bfd49c63308e338fa8fa41d">b91733cc</a> - <ahref="https://support.chamilo.org/issues/7835">#7835</a>) Avoid blocked icons by ad blockers</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/2f18e077f9a552cc6f490c44a58ccf7c9fc0c2b0">2f18e077</a> - <ahref="https://task.beeznest.com/issues/10280">BT#10280</a>) Format date in sessions categories list</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/ed50ffd65266b047ad193a5b887ad11f44c8bfa5">ed50ffd6</a> - <ahref="https://task.beeznest.com/issues/10311">BT#10311</a>) add jquery.timelinr and img BT#10311</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/a20b8fc767010b5593a43d93df49d48afc406bb2">a20b8fc7</a> - <ahref="https://task.beeznest.com/issues/10281">BT#10281</a>) Apply format to session dates on session list</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/588ad672ddb7da7ac7e39368b6f6c1a51bc1a3df">588ad672</a> - <ahref="https://task.beeznest.com/issues/10283">BT#10283</a>) Allow filter session list by category</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/9837c8ad7e5de3289352ef95c9aa3f6d4a46b5bc">9837c8ad</a> - <ahref="https://support.chamilo.org/issues/5208">#5208</a>) Add CKEditor to Agenda, This fixed a minor bug</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/c2320a5094449e2ad7dc5f4554fc4cfd8f288574">c2320a50</a> - <ahref="https://task.beeznest.com/issues/10269">BT#10269</a>) Improve password strength on registration form</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/ff6f11858e8c332b0bce1949e7b704407e766ed5">ff6f1185</a>) Improve translation to French for tour plugin</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/d31059d2cb7394b2db895db01880f603e9732ca6">d31059d2</a> - <ahref="https://support.chamilo.org/issues/10308">#10308</a>) Show modal title when send messages</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/49d6dfed77bac5c215895c106f067177d507904e">49d6dfed</a>) Add small video conversion script. Might be useful for other things</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/431576b2b9bda713b5f29b85b553a6a6265d195f">431576b2</a> - <ahref="https://support.chamilo.org/issues/6579">#6579</a>) Load favicon from CSS dir</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/f2a03393774e8dd02f1d33acc69022f3cd6fb133">f2a03393</a> - <ahref="https://support.chamilo.org/issues/7558">#7558</a>) Add method to get a HTML code for a icon by Font Awesome</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/8371a3754f643658cd9e71e811bbd804bb560373">8371a375</a> - <ahref="https://task.beeznest.com/issues/10217">BT#10217</a>) XFrameOptions work around</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/7a11b484f5f21401d051353de69c400ec346e75c">7a11b484</a> - <ahref="https://task.beeznest.com/issues/10248">BT#10248</a>) Show session_admin on Resume Session page - BT#10248</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/4d2f0513909bf7777499ce6093a1269fd78987a9">4d2f0513</a> - <ahref="https://support.chamilo.org/issues/7808">#7808</a>) Save asset time in learning paths</li>
<li>(<ahref="https://github.com/chamilo/chamilo-lms/commit/fccfb6b77df1a98fca296f8d9232ad043418ed87">fccfb6b7</a> - <ahref="https://task.beeznest.com/issues/7683">BT#7683</a>) Add css frame.css in CkEditor</li>
<li>Michela Mosquera - Community manager for the (very large) Latin American community - BeezNest, Peru</li>
<li>Coursenligne45 - Anonymous reporter and contributor to many bugfixes - Independent, France</li>
<li>Noa Orizales - Tireless coordinator of everything non-related to coding, which enabled developers to do a better job - Contidos Dixitais, Spain</li>
<li>Laura Guirao, José & José Angel from Nosolored - Technical assistance and contributions to testing and forum community</li>
<li>Hubert Borderiou - Developer responsible for exercises categories and many other practical fixes - Université de Grenoble, France</li>
<li>Coursenligne45 - Anonymous reporter and contributor to many bugfixes - Independent, France</li>
<p>In seldom cases, Chamilo will generate a series of problems after a migration. This list is a helper designed mainly by <ahref="http://www.beeznest.com/"target="_blank">BeezNest</a> after its many migration jobs assisting large companies to migrate this critical piece of software.</p>
<p>In seldom cases, Chamilo will generate a series of problems after a migration
. This list is a helper designed mainly by <ahref="http://www.beeznest.com/"target="_blank">BeezNest</a>
after its many migration jobs assisting large companies to migrate this critical piece of software.</p>
<h2><b>Contents</b></h2>
@ -27,14 +29,26 @@
</ol>
<h2><aname="1.Version-specific-issues"></a>1. Version specific issues</h2>
<p>Sadly, some issues happen over certain migrations and, so far, the difficulty of fixing things is still less than the difficulty of knowing exactly what to do to improve the migration script for all scenarios</p>
<p>Sadly, some issues happen over certain migrations and, so far, the difficulty of
fixing things is still less than the difficulty of knowing exactly what
to do to improve the migration script for all scenarios</p>
<h2><aname="2.Documents"></a>2. Documents</h2>
<ul>
<li>The worst that could happen is a change of codification while migrating from 1.8.5 to 1.8.8.4. Codification problems are nightmares because you generally get a limited number of characters you can freely change without affecting already existing files. Scrips can be made to ananlyse and fix most of the problems, but you will still need a lot of manual review before you can be sure you eliminated all problems</li>
<li>The worst that could happen is a change of codification while
migrating from 1.8.5 to 1.8.8.4. Codification problems are nightmares
because you generally get a limited number of characters you can
freely change without affecting already existing files. Scrips can
be made to ananlyse and fix most of the problems, but you will
still need a lot of manual review before you can be sure you
<li>Some users reported problems with quizzes: when migrating from 1.8.5 to 1.8.8.4, the quiz_question table has a question_order field filled with 1's. This generates a bug when using exercises marked random, as you only ever get one question to the test. <b>Solution:</b> update the question_order field to have sequential numbers.</li>
<li>Some users reported problems with quizzes: when migrating from
1.8.5 to 1.8.8.4, the quiz_question table has a question_order
field filled with 1's. This generates a bug when using exercises
marked random, as you only ever get one question to the test.
<b>Solution:</b> update the question_order field to have sequential numbers.</li>
<p>In seldom cases, you will need to start looking into efficiency issues with Chamilo. This guide is a work in progress intended to help administrators optimize their Chamilo installation.</p>
<p>In seldom cases, you will need to start looking into efficiency issues
with Chamilo. This guide is a work in progress intended to help
administrators optimize their Chamilo installation.</p>
<h2><b>Contents</b></h2>
<ol>
<li><ahref="#1.Using-XCache">Using xCache, APC, Memcache or Memcached</a></li>
Set your xcache.ini configuration (/etc/php5/conf.d/xcache.ini) to match your system. For example, you *could* have something like this (intentionally hiding comments here):
Set your xcache.ini configuration (/etc/php5/conf.d/xcache.ini) to match your
system. For example, you *could* have something like this (intentionally
hiding comments here):
<pre>
xcache.shm_scheme = "mmap"
xcache.size = 32M
@ -77,7 +97,9 @@ xcache.var_maxttl = 300
xcache.var_gc_interval = 300
xcache.test = Off
</pre>
xCache will feel useless until you actually start to put some variables in cache. If you're showing the "Who is online" counter, that's one of the best item there is to implement xCache.<br/>
xCache will feel useless until you actually start to put some variables in
cache. If you're showing the "Who is online" counter, that's one of the
best item there is to implement xCache.<br/>
For example, you could implement it this way (in main/inc/lib/banner.lib.php):<br/>
<pre>
$xc = function_exists('xcache_isset');
@ -100,8 +122,11 @@ if(!empty($_course['id'])) {
}
}
</pre>
Note that, as xCache is a shared caching system, it is very important to prefix your variables with a domain name or some kind of identifier, otherwise it would end up in disaster if you use a shared server for several portals.<br/>
If you use php5-memcache, then this piece of code would look like this (you need to adjust depending on your settings):
Note that, as xCache is a shared caching system, it is very important to prefix
your variables with a domain name or some kind of identifier, otherwise it
would end up in disaster if you use a shared server for several portals.<br/>
If you use php5-memcache, then this piece of code would look like this
(you need to adjust depending on your settings):
<pre>
global $_configuration;
$_course = api_get_course_info();
@ -140,10 +165,15 @@ If you use php5-memcache, then this piece of code would look like this (you need
}
</pre>
<br/>
An optional additional caching mechanism you may use is the realpath_cache_size and realpath_cache_ttl php.ini parameters. See <ahref="http://php.net/manual/en/ini.core.php">the PHP documentation</a> for more details.
An optional additional caching mechanism you may use is the realpath_cache_size
and realpath_cache_ttl php.ini parameters.
See <ahref="http://php.net/manual/en/ini.core.php">the PHP documentation</a>
for more details.
<br/>
<br/>
If you prefer using <ahref="http://php.net/manual/en/book.apc.php">APC</a>, you can use the same kind of trick as above, just changing the code a little:
<h3>APC</h3>
If you prefer using <ahref="http://php.net/manual/en/book.apc.php">APC</a>,
you can use the same kind of trick as above, just changing the code a little:
<pre>
$xc = function_exists('apc_exists');
$number = 0;
@ -179,7 +209,10 @@ If you prefer using <a href="http://php.net/manual/en/book.apc.php">APC</a>, you
...
</pre>
<br/>
If you use php5-memcached (different set of functions than php5-memcache!), then this piece of code would look like this (you need to adjust depending on your settings):
<h3>Memcached</h3>
If you use php5-memcached (different set of functions than php5-memcache!),
then this piece of code would look like this (you need to adjust
depending on your settings):
<pre>
global $_configuration;
$_course = api_get_course_info();
@ -227,8 +260,15 @@ If you use php5-memcached (different set of functions than php5-memcache!), then
<p>It is also worth noting that the Université de Genève, Switzerland, observed that the calculation of the total size used by course documents is one of the heaviest queries in Chamilo, so you might want to cache the results of this one as well, using the same technique.</p>
<p>Finally, if your portal is highly public *and* you are showing the popular courses on the homepage, you might want to also reduce the amount of queries this generates, using the same technique as above, but for the main/inc/lib/auth.lib.php library, looking for the "Tracking::get_course_connections_count()" call:</p>
<p>It is also worth noting that the Université de Genève, Switzerland, observed
that the calculation of the total size used by course documents is one of
the heaviest queries in Chamilo, so you might want to cache the results of
this one as well, using the same technique.</p>
<p>Finally, if your portal is highly public *and* you are showing the popular
courses on the homepage, you might want to also reduce the amount of
queries this generates, using the same technique as above, but for the
main/inc/lib/auth.lib.php library, looking for the
@ -249,10 +289,17 @@ If you use php5-memcached (different set of functions than php5-memcache!), then
...
}
</pre>
Finally, the Free Campus of Chamilo has a very specific case of slow query: the courses catalog! Because there might be more than 30,000 courses in there, getting the number of "Connections last month" can be a desastrous query in terms of performances. This is why you should try to cache the results as well.<br/>
Obviously, as we are speaking about showing the number of visits this month, it doesn't really matter if the number doesn't refresh for an hour or so...<br/>
Locate the main/inc/lib/course_category.lib.php file, open it and go to the browseCoursesInCategory() function.<br/>
Locate the $count_connections_last_month = Tracking::get_course_connections_count(...) call, and wrap in into something like this:
Finally, the Free Campus of Chamilo has a very specific case of slow query:
the courses catalog! Because there might be more than 32,000 courses in
there, getting the number of "Connections last month" can be a disastrous
query in terms of performances. This is why you should try to cache the
results as well.<br/>
Obviously, as we are speaking about showing the number of visits this month,
it doesn't really matter if the number doesn't refresh for an hour or so...<br/>
Locate the main/inc/lib/course_category.lib.php file, open it and go to the
browseCoursesInCategory() function.<br/>
Locate the $count_connections_last_month = Tracking::get_course_connections_count(...)
call, and wrap in into something like this:
<pre>
$xc = method_exists('Memcached', 'add');
if ($xc) {
@ -285,18 +332,11 @@ Locate the $count_connections_last_month = Tracking::get_course_connections_coun
Enable slow_queries in /etc/mysqld/my.cnf, restart MySQL then follow using sudo tail -f /var/log/mysql/mysql-slow.log
<br/><br/>
In Chamilo 1.9 in particular, due to the merge of all databases into one, you might experience performance issue if you have many learning paths with many items in them.<br/>
To solve this performance issue, you can execute the following queries manually in your database:<br/>
In Chamilo 1.9 in particular, due to the merge of all databases into one, you might experience performance issues.<br/>
To solve this performance issue, you can execute the following query manually in your database:<br/>
<pre>
ALTER TABLE lp_item ADD INDEX idx_c_lp_item_cid_lp_id (c_id, lp_id);
ALTER TABLE lp_item_view ADD INDEX idx_c_lp_item_view_cid_lp_view_id_lp_item_id (c_id, lp_view_id, lp_item_id);
ALTER TABLE user_rel_tag ADD INDEX idx_user_rel_tag_user (user_id);
</pre>
In Chamilo 1.9.8, we use the c_item_property table more actively. This causes issues with the reporting pages for the assignments. You can reduce the impact by adding the following index:
<pre>
alter table c_item_property add index idx_itemprop_tooliuid(tool, insert_user_id);
</pre>
These will be available in Chamilo 1.10 directly, but we cannot put them into Chamilo 1.9 from now on for organizational reasons.<br/>
One good reference: <ahref="http://dev.mysql.com/doc/refman/5.1/en/multiple-key-caches.html">MySQL documentation on multiple key caches</a><br/>
@ -365,10 +405,18 @@ This mode is not loaded by default, but could still be selected, leading to a "F
The only non-scripted solution here is to allow for the corresponding amount of RAM for your PHP configuration (<em>memory_limit = 300M</em>) or your specific VirtualHost if you use mod-php5 (<em>php_value memory_limit 300M</em>).<br/>
Many things in Chamilo are written focusing on the ease of use, even for the administrator. Sometimes, these settings are weighing a little bit more on the system. This is the case, between others, of the mail.conf.php file (being loaded unconditionally) and its CONSTANT "IS_WINDOWS_OS", which is defined by a function call (api_is_windows_os()) at the beginning of main_api.lib.php.
Many things in Chamilo are written focusing on the ease of use, even for the
administrator. Sometimes, these settings are weighing a little bit more on
the system. This is the case, between others, of the mail.conf.php file
(being loaded unconditionally) and its CONSTANT "IS_WINDOWS_OS", which is
defined by a function call (api_is_windows_os()) at the beginning of
main_api.lib.php.
The definition of this constant (which is executed at *every* page load) can easily be avoided, and the only place where it is used inconditionally (mail.conf.php) can be modified to set the line as you expect it (depending on whether you use sendmail/exim or smtp).
The definition of this constant (which is executed at *every* page load) can
easily be avoided, and the only place where it is used unconditionally
(mail.conf.php) can be modified to set the line as you expect it
(depending on whether you use sendmail/exim or smtp).
<pre>
$platform_email['SMTP_MAILER'] = 'smtp';
</pre>
@ -376,23 +424,44 @@ or
<pre>
$platform_email['SMTP_MAILER'] = 'mail';
</pre>
In fact, the complete loading of mail.conf.php can also be avoided if loaded conditionally (with <i>require_once</i>) when sending an e-mail (which is the only case where it is useful).
In fact, the complete loading of mail.conf.php can also be avoided if
loaded conditionally (with <i>require_once</i>) when sending an
e-mail (which is the only case where it is useful).
<p>
As an additional node, on very active portals with a lot of courses for each users, the icons that appear next to the courses illustrating changes in the corresponding course might be heavyweighted. You can alter slightly the behaviour by not querying for notifications you don't care about, like dropbox, notebook or chat. Change this in main/inc/lib/display.lib.php, in function show_notification().
As an additional node, on very active portals with a lot of courses
for each users, the icons that appear next to the courses illustrating
changes in the corresponding course might be heavyweighted. You can
alter slightly the behaviour by not querying for notifications you
don't care about, like dropbox, notebook or chat. Change this in
main/inc/lib/display.lib.php, in function show_notification().
</p>
<hr/>
<h2><aname="9.xsendfile"></a>Speeding file downloads with mod_xsendfile</h2>
<p>It might have come to your attention that file downloads through Chamilo might get slow, under default conditions, in particular using Apache 2.</p>
<p>There are several ways to fix this, one of which is removing the .htaccess inside the courses/ directory. This, however, will remove all permissions checks on the files contained in this directory, so... most of the time, not ideal unless your portal is *really* open to the world.</p>
<p>Another technique, revealed to us by <ahref="http://stackoverflow.com/users/46594/virtualblackfox">VirtualBlackFox</a> on <ahref="http://stackoverflow.com/questions/3697748/fastest-way-to-serve-a-file-using-php">this Stackoverflow post</a>, is to use the X-SendFile module for Apache 2.2+ (other web servers might offer other solutions, or avoid the problem initially).</p>
<p>Installing the X-SendFile module will depend on your operating system, but if you use Ubuntu, you'll have to check you are including the "universe" repository inside your packages sources (check /etc/apt/sources.list), then:
<p>It might have come to your attention that file downloads through Chamilo
might get slow, under default conditions, in particular using Apache 2.</p>
<p>There are several ways to fix this, one of which is removing the .htaccess
inside the courses/ directory. This, however, will remove all permissions
checks on the files contained in this directory, so... most of the time,
not ideal unless your portal is *really* open to the world.</p>
on <ahref="http://stackoverflow.com/questions/3697748/fastest-way-to-serve-a-file-using-php">this Stackoverflow post</a>,
is to use the X-SendFile module for Apache 2.2+ (other web servers might
offer other solutions, or avoid the problem initially).</p>
<p>Installing the X-SendFile module will depend on your operating system,
but if you use Ubuntu, you'll have to check you are including the "universe"
repository inside your packages sources (check /etc/apt/sources.list), then:
<pre>
sudo apt-get update
sudo apt-get install libapache2-mod-xsendfile
sudo service apache2 restart
</pre>
Once you're done with installing, you'll have to configure Chamilo to use it.<br/>
First, edit your VirtualHost or your Apache configuration in general (in Ubuntu, check the /etc/apache2/ or /etc/apache2/sites-available/ folder). This is done by adding the following line inside your configuration, and reloading Apache (example provided on the basis of a virtual host located in /etc/apache2/sites-available/my.chamilo.net.conf) :
First, edit your VirtualHost or your Apache configuration in general (in Ubuntu,
check the /etc/apache2/ or /etc/apache2/sites-available/ folder). This is done
by adding the following line inside your configuration, and reloading Apache
(example provided on the basis of a virtual host located in
sudo vim /etc/apache2/sites-available/my.chamilo.net.conf
# add the following line:
@ -400,26 +469,50 @@ sudo vim /etc/apache2/sites-available/my.chamilo.net.conf
# exit the file
sudo service apache2 reload
</pre>
Finally, you'll have to got to your Chamilo configuration file, and add the following line at the very bottom of the file main/inc/conf/configuration.php:
Finally, you'll have to got to your Chamilo configuration file, and add the
following line at the very bottom of the file main/inc/conf/configuration.php:
Done! Now your downloads should go substantially faster. This is still a feature in observation. We're not sure the benefits are sufficient, so don't hesitate to let us know in <ahref="https://support.chamilo.org/issues/6853">the related issue in Chamilo's tracking system</a>
Done! Now your downloads should go substantially faster. This is still a
feature in observation. We're not sure the benefits are sufficient, so
don't hesitate to let us know in
<ahref="https://support.chamilo.org/issues/6853">the related issue in Chamilo's tracking system</a>
</p>
<hr/>
<h2><aname="10.igbinary"></a>IGBinary for courses backups and better sessions management</h2>
<h2><aname="10.igbinary"></a>IGBinary for courses backups and better
sessions management</h2>
<p>
<ahref="http://pecl.php.net/package/igbinary">IGBinary</a> is a small PECL library that replaces the PHP serializer. It uses less space (so less memory for serialized objects) and is particularly efficient with memory-based storages (like Memcached). Use it for course backups (see <ahref="https://support.chamilo.org/issues/4443">issue 4443</a>) or <ahref="http://www.neanderthal-technology.com/2011/11/ubuntu-10-install-php-memcached-with-igbinary-support/">to boost sessions management</a>.
<ahref="http://pecl.php.net/package/igbinary">IGBinary</a> is a small PECL
library that replaces the PHP serializer. It uses less space (so less
memory for serialized objects) and is particularly efficient with memory-based
storages (like Memcached). Use it for course backups
(see <ahref="https://support.chamilo.org/issues/4443">issue 4443</a>) or
This measure is not cumulative with mod_xsendfile explained above. It is not *recommended* either, as it removes an important security layer.<br/>
This measure is not cumulative with mod_xsendfile explained above. It is not *recommended*
either, as it removes an important security layer.<br/>
<br/>
In Chamilo, for security and tracking purposes, all downloaded files pass through PHP scripts that check whether the user has access to the file given his/her current permissions. This process requires important database accesses and processing, which might terminally affect your server's performance. In particular, this can have a huge effect if having hundreds of simultaneous users accessing learning paths pages composed of local resources.<br/><br/>
The logic behind this verification is that, whatever resources that needs to be downloaded/viewed that come from the /courses/ directory, the /courses/.htaccess file with get in the middle and redirect these accesses to a PHP script (usually called download.php but there are more than one depending on the type of resource).<br/><br/>
If you want to speed up files accesses and you don't really care about whom can see your files, then an option is to simply remove this redirection to download.php and let Apache treat the file on its own.<br/><br/>
Furthermore, using a PHP script for the download (unless you have special rules) will usually prevent static content caching, which will multiply downloads and use large amount of additional bandwidth.<br/><br/>
In Chamilo, for security and tracking purposes, all downloaded files pass through PHP
scripts that check whether the user has access to the file given his/her current
permissions. This process requires important database accesses and processing, which
might terminally affect your server's performance. In particular, this can
have a huge effect if having hundreds of simultaneous users accessing
learning paths pages composed of local resources.<br/><br/>
The logic behind this verification is that, whatever resources that needs to be
downloaded/viewed that come from the /courses/ directory, the /courses/.htaccess
file with get in the middle and redirect these accesses to a PHP script
(usually called download.php but there are more than one depending on the
type of resource).<br/><br/>
If you want to speed up files accesses and you don't really care about whom can
see your files, then an option is to simply remove this redirection to
download.php and let Apache treat the file on its own.<br/><br/>
Furthermore, using a PHP script for the download (unless you have special rules)
will usually prevent static content caching, which will multiply downloads
and use large amount of additional bandwidth.<br/><br/>
Typically, the .htaccess will look like this (with additional comments):<br/>
This is easy, doesn't require a server reload and you should see the results pretty quickly. As mentioned above, if security of your content is an issue, though, you should avoid using this technique.
This is easy, doesn't require a server reload and you should see the results pretty
quickly. As mentioned above, if security of your content is an issue, though,
you should avoid using this technique.
</p>
<p>
You can also mitigate the risk by disabling permissions check only
If your database server is separate from your web server, you have to play with bandwidth, firewalls, and network restrictions in general.<br/>
In particular, when dealing with large-scale portals, the time a SQL query will take to return to the web server will take longer and, eventually, in the most critical cases, will take <b>too long</b>, and your web servers will be completely overloaded (load average very high because the system is waiting for I/O operations, but processors usage not being very high is a clear sign of this).<br/>
To solve this kind of issues, MySQL and MariaDB offer a data compression mechanism, which will reduce the amount of data passed between PHP and the database server. Ultimately, this reduction will lower bandwidth usage and reduce the impact of numerous and heavy data requests (and save you).<br/>
In 1.10.0, we have added the possibility to enable this compression very easily, from the configuration.php file, uncommenting the following line:
If your database server is separate from your web server, you have to play with
bandwidth, firewalls, and network restrictions in general.<br/>
In particular, when dealing with large-scale portals, the time a SQL query
will take to return to the web server will take longer and, eventually,
in the most critical cases, will take <b>too long</b>, and your web servers
will be completely overloaded (load average very high because the system
is waiting for I/O operations, but processors usage not being very high
is a clear sign of this).<br/>
To solve this kind of issues, MySQL and MariaDB offer a data compression
mechanism, which will reduce the amount of data passed between PHP and
the database server. Ultimately, this reduction will lower bandwidth
usage and reduce the impact of numerous and heavy data requests (and
save you).<br/>
In 1.10.0, we have added the possibility to enable this compression very
easily, from the configuration.php file, uncommenting the following line:
Don't have time or resources to optimize your Chamilo installation yourself? Hire an <ahref="http://www.chamilo.org/en/providers">official Chamilo provider</a> and get it sorted out professionally by specialists.
Don't have time or resources to optimize your Chamilo installation
yourself? Hire an <ahref="http://www.chamilo.org/en/providers">official Chamilo provider</a> and get it sorted out professionally by specialists.
<p>Chamilo is an e-learning and course management web application, and free software under the GNU/GPLv3+ license. It's translated into more 30 languages,
SCORM compatible, light and flexible.</p>
<p>Chamilo is an e-learning and course management web application, a free software under the GNU/GPLv3+ license.
It'stranslated into more 30 languages, SCORM 1.2 compatible, light and flexible.</p>
<p>Chamilo supports many different kinds of learning and collaboration activities.
Teachers/trainers can create, manage and publish their courses through the web.
@ -55,22 +55,24 @@
<p>Technically, Chamilo is a web application written in PHP that stores data in a MySQL database.
Users access it using a web browser.
The first stable version of Chamilo, 1.8.6.2 Salto, was based on the Dokeos(TM) 1.8.6.1 code and is meant to be the next software step for institutions currently using Dokeos.
The first stable version of Chamilo, 1.8.6.2 Salto, was based on the Dokeos(TM) 1.8.6.1 code and is
meant to be the next software step for institutions currently using Dokeos.
</p>
<p>If you would like to know more or help develop this software, please visit<br/>
our homepage at <ahref="http://www.chamilo.org">http://www.chamilo.org</a></p>
our homepage at <ahref="http://www.chamilo.org">https://chamilo.org</a></p>
<h1>SCORM</h1>
Chamilo imports and manages SCORM 1.2 contents.<br/>
For more information on SCORM normalisation, see http://www.adlnet.org<br/>
Chamilo does not implement the full set of SCORM 1.2 specifications, as many are not mandatory. Check our website for more details.<br/>
Chamilo does not implement the full set of SCORM 1.2 specifications, as many are not mandatory.
Check our website for more details.<br/>
<h1>License</h1>
<p>Chamilo is distributed under the GNU General Public license (GNU/GPLv3+).<br/>
Read the <ahref="licence.html">GNU General Public license (GPL)</a> .</p>
Read the <ahref="license.html">GNU General Public license (GPL)</a> .</p>
<h1>Portability</h1>
@ -91,40 +93,45 @@
<li> Windows XP, Windows 2000</li>
<li> Mac OS X 10.3</li>
</ul>
We officially recommend Debian and Ubuntu operating systems for their security, packaging system, community and availability to the public.<br/>
We officially recommend Debian and Ubuntu operating systems for their security, packaging system, community and
availability to the public.<br/>
<p>E-mail functions remain silent on systems where there is no mail sending software<br/>
<p>E-mail functions remain silent on systems where there is no mail sending software
(Sendmail, Postfix, Exim4, Hamster...), which is the case by default on a Windows machine.</p>
<h1>Interoperability</h1>
<p>Chamilo imports SCORM 1.2 compliant learning contents. It imports "On the shelve"<br/>
<p>Chamilo imports SCORM 1.2 compliant learning contents. It imports "On the shelve"
contents from many companies : NETg, Skillsoft, Explio, Microsoft, Macromedia, etc.</p>
<p>Admin interface imports users through CSV and XML. You can create a CSV file from<br/>
a list of users in MS-Excel. OpenOffice can export to both CSV and XML formats.<br/>
Many database management systems, like Oracle, SAP, Access, SQL-Server, LDAP ...<br/>
export to CSV and/or XML.</p>
<p>Chamilo includes a LDAP module that allows admin to disable database authentication<br/>
and replace it by connection to a LDAP directory.</p>
<p>Admin interface imports users through CSV and XML. You can create a CSV file
from a list of users in MS-Excel. OpenOffice can export to both CSV and XML
formats.<br/>
Many database management systems, like Oracle, SAP, Access, SQL-Server, LDAP, etc
export to CSV and/or XML.</p>
<p>Client side, Chamilo runs on any browser : Firefox, MS Internet Explorer (5.0+), Netscape (4.7+),<br/>
<p>Chamilo includes a LDAP module that allows admin to disable database
authentication and replace it by connecting to a LDAP directory.</p>
Mozilla (1.2+), Safari, Opera, ...<br/>For better user experience, we recommend Firefox 3.5+ (you can download it freely from <ahref="http://getfirefox.com">http://getfirefox.com</a>).</p>
<p>Client side, Chamilo runs on any browser : Firefox, MS Internet Explorer
(9+), Chrome, Safari, Opera, ...<br/>
For better user experience, we recommend Firefox 3.5+ (you can download it
freely from <ahref="http://getfirefox.com">http://getfirefox.com</a>).</p>
<h1>Chamilo.org</h1>
<p>Chamilo is also an association, backed up by a network of private partners to assist companies and institutions in their e-learning projects. This network also promotes professional versions of Chamilo solutions, which consist of complete packages of services (see http://www.chamilo.org/providers for more details)</p>
<p>Chamilo is also an association, backed up by a network of private partners
to assist companies and institutions in their e-learning projects. This
network also promotes professional versions of Chamilo solutions, which
consist of complete packages of services (see https://chamilo.org/providers
for more details)</p>
<h1>Certification</h1>
<p>The Chamilo association offers official certification programs through its official provider BeezNest. These certifications are available from very low fees. Check https://shop.beeznest.com for more info and to take the certification test directly.</p>
<p>The Chamilo association offers official certification programs through its
official providers. These certifications are available for affordable fees.
Check https://shop.beeznest.com for more info and to take the certification
<p>We recommend you don't take security issues too lightly. Chamilo is security-audited at least once a year, but you're never too sure. This list is a work in progress. Feel free to recommend additional measures by sending us an e-mail at info@chamilo.org.</p>
<p>We recommend you don't take security issues too lightly. Chamilo is security-audited at least once a year,
but you're never too sure. This list is a work in progress. Feel free to recommend additional measures by
sending us an e-mail at info@chamilo.org.</p>
<h2><b>Contents</b></h2>
<ol>
@ -25,7 +27,8 @@
<h2><aname="1.Disclosing-server-info"></a>1. Disclosing server info</h2>
<p>
It is considered a safer behaviour not to disclose server information from your Chamilo page. In order to avoid both web server and PHP information disclosure, you might want to take the following actions:
It is considered a safer behaviour not to disclose server information from your Chamilo page. In order to avoid
both web server and PHP information disclosure, you might want to take the following actions:
<ul>
<li>Locate the <i>ServerTokens</i> setting inside your Apache configuration and set it to "Prod"</li>
<li>Locate the <i>ServerSignature</i> setting inside your Apache configuration and set it to "Off"</li>
@ -36,18 +39,29 @@ It is considered a safer behaviour not to disclose server information from your
<h2><aname="2.Keeping-up-to-date"></a>2. Keeping up to date</h2>
<p>
Make sure you check <ahref="http://support.chamilo.org/projects/chamilo-18/wiki/Security_issues">our security issues page</a> from time to time.
Subscribe to our free security alerts mailing-list: <ahref="http://lists.chamilo.org/listinfo/security">http://lists.chamilo.org/listinfo/security</a> or that you follow our security Twitter feed: <ahref="http://twitter.com/chamilosecurity">http://twitter.com/chamilosecurity</a>.
Make sure you check <ahref="http://support.chamilo.org/projects/chamilo-18/wiki/Security_issues">our security
issues page</a> from time to time.
Subscribe to our free security alerts mailing-list:
<ahref="http://lists.chamilo.org/listinfo/security">http://lists.chamilo.org/listinfo/security</a> or that you
<h2><aname="3.Using-safe-browsers"></a>3. Using safe browsers</h2>
<p> Additionnally to lacking the implementation of features that really improve the quality of your browsing the Internet, older browsers tend to have many unresolved security flaws. Using an old browser, you put in danger the security of your computer and the data it contains, but you can also put others in danger by letting crackers take control of it and attacking others.</p>
<p>To avoid being a risk to yourself and others, you should download and install a recent browser. We recommend <ahref="http://www.getfirefox.com"target="_blank">the latest stable version of Firefox</a>.</p>
<p> Additionally to lacking the implementation of features that really improve the quality of your browsing the
Internet, older browsers tend to have many unresolved security flaws. Using an old browser, you put in danger the
security of your computer and the data it contains, but you can also put others in danger by letting crackers take
control of it and attacking others.</p>
<p>To avoid being a risk to yourself and others, you should download and install a recent browser. We recommend
<ahref="http://www.getfirefox.com"target="_blank">the latest stable version of Firefox</a>.</p>
<h2><aname="4.Moving-config-file"></a>4. Moving your configuration file out of the web directory</h2>
<p>It is considered unsafe to leave the configuration file inside the main/inc/conf/ directory, as it will be directly accessible for all users, which could lead crackers to download it, uninterpreted, and read through your configuration, which could lead to illicit
access to your database if that one isn't well protected and many other stuff we'd prefer to avoid. To secure it, move the configuration file out of your web directory. If your
Chamilo installation is in /var/www/, move your configuration to /etc/chamilo/configuration.php, for example. Then create a new main/inc/conf/configuration.php file, open it, and write the following:</p>
<p>It is considered unsafe to leave the configuration file inside the app/config/ directory, as it will be directly
accessible for all users, which could lead crackers to download it, uninterpreted, and read through your
configuration, which could lead to illicit
access to your database if that one isn't well protected and many other stuff we'd prefer to avoid. To secure it,
move the configuration file out of your web directory. If your Chamilo installation is in /var/www/, move your
configuration to /etc/chamilo/configuration.php, for example. Then create a new app/config/configuration.php
file, open it, and write the following:</p>
<p>
<pre>
<?php
@ -59,13 +73,13 @@ This will prevent direct access to your settings and make it seem totally the sa
Julio
9 years ago