, Ghent University, Refactoring * @version $Id: index.php 21283 2009-06-07 20:53:44Z herodoto $ * @todo check the different @todos in this page and really do them * @todo check if the news management works as expected */ // only this script should have this constant defined. This is used to activate the javascript that // gives the login name automatic focus in header.inc.html. /** @todo Couldn't this be done using the $HtmlHeadXtra array? */ define('DOKEOS_HOMEPAGE', true); // the language file $language_file = array ('courses', 'index'); /* Flag forcing the 'current course' reset, as we're not inside a course anymore */ // maybe we should change this into an api function? an example: Coursemanager::unset(); $cidReset = true; /* ----------------------------------------------------------- Included libraries ----------------------------------------------------------- */ /** @todo make all the library files consistent, use filename.lib.php and not filename.lib.inc.php */ require_once ('main/inc/global.inc.php'); include_once (api_get_path(LIBRARY_PATH).'course.lib.php'); include_once (api_get_path(LIBRARY_PATH).'debug.lib.inc.php'); include_once (api_get_path(LIBRARY_PATH).'events.lib.inc.php'); include_once (api_get_path(LIBRARY_PATH).'system_announcements.lib.php'); include_once (api_get_path(LIBRARY_PATH).'groupmanager.lib.php'); include_once (api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php'); require_once 'main/chat/chat_functions.lib.php'; $loginFailed = isset($_GET['loginFailed']) ? true : isset($loginFailed); $setting_show_also_closed_courses = (api_get_setting('show_closed_courses')=='true') ? true : false; // the section (for the tabs) $this_section = SECTION_CAMPUS; /* ----------------------------------------------------------- Action Handling ----------------------------------------------------------- */ /** @todo wouldn't it make more sense if this would be done in local.inc.php so that local.inc.php become the only place where authentication is done? * by doing this you could logout from any page instead of only from index.php. From the moment there is a logout=true in the url you will be logged out * this can be usefull when you are on an open course and you need to log in to edit something and you immediately want to check how anonymous users * will see it. */ $my_user_id=api_get_user_id(); if (!empty($_GET['logout'])) { logout(); } /* ----------------------------------------------------------- Table definitions ----------------------------------------------------------- */ $main_course_table = Database :: get_main_table(TABLE_MAIN_COURSE); $main_category_table = Database :: get_main_table(TABLE_MAIN_CATEGORY); $track_login_table = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_LOGIN); /* ----------------------------------------------------------- Constants and CONFIGURATION parameters ----------------------------------------------------------- */ /** @todo these configuration settings should move to the dokeos config settings */ /** defines wether or not anonymous visitors can see a list of the courses on the Dokeos homepage that are open to the world */ $_setting['display_courses_to_anonymous_users'] = 'true'; /** @todo remove this piece of code because this is not used */ if (isset($_user['user_id'])) { $nameTools = api_get_setting('siteName'); } /* ============================================================================== LOGIN ============================================================================== */ /** * @todo This piece of code should probably move to local.inc.php where the actual login / logout procedure is handled. * @todo consider removing this piece of code because does nothing. */ if (isset($_GET['submitAuth']) && $_GET['submitAuth'] == 1) { // nice lie!!! echo 'Attempted breakin - sysadmins notified.'; session_destroy(); die(); } /** * @todo This piece of code should probably move to local.inc.php where the actual login procedure is handled. * @todo check if this code is used. I think this code is never executed because after clicking the submit button * the code does the stuff in local.inc.php and then redirects to index.php or user_portal.php depending * on api_get_setting('page_after_login') */ if (!empty($_POST["submitAuth"])) { // the user is already authenticated, we now find the last login of the user. if (isset ($_user['user_id'])) { $sql_last_login = "SELECT UNIX_TIMESTAMP(login_date) FROM $track_login_table WHERE login_user_id = '".$_user['user_id']."' ORDER BY login_date DESC LIMIT 1"; $result_last_login = api_sql_query($sql_last_login, __FILE__, __LINE__); if (!$result_last_login) if (Database::num_rows($result_last_login) > 0) { $user_last_login_datetime = Database::fetch_array($result_last_login); $user_last_login_datetime = $user_last_login_datetime[0]; api_session_register('user_last_login_datetime'); } mysql_free_result($result_last_login); //event_login(); if (api_is_platform_admin()) { // decode all open event informations and fill the track_c_* tables include (api_get_path(LIBRARY_PATH)."stats.lib.inc.php"); decodeOpenInfos(); } } } // end login -- if($_POST["submitAuth"]) else { // only if login form was not sent because if the form is sent the user was already on the page. event_open(); } // the header Display :: display_header('', 'dokeos'); /* ============================================================================== MAIN CODE ============================================================================== */ echo '
'; // Plugins for loginpage_main AND campushomepage_main if (!api_get_user_id()) { api_plugin('loginpage_main'); } else { api_plugin('campushomepage_main'); } $home= 'home/'; if ($_configuration['multiple_access_urls']==true) { $access_url_id = api_get_current_access_url_id(); if ($access_url_id != -1){ $url_info = api_get_access_url($access_url_id); // "http://" and the final "/" replaced $url = substr($url_info['url'],7,strlen($url_info['url'])-8); $clean_url = replace_dangerous_char($url); $clean_url = str_replace('/','-',$clean_url); $clean_url = $clean_url.'/'; $home_old = 'home/'; $home= 'home/'.$clean_url; } } // Including the page for the news $page_included = false; if (!empty ($_GET['include']) && preg_match('/^[a-zA-Z0-9_-]*\.html$/',$_GET['include'])) { include ('./'.$home.$_GET['include']); $page_included = true; } else { if (!empty($_SESSION['user_language_choice'])) { $user_selected_language=$_SESSION['user_language_choice']; } elseif(!empty($_SESSION['_user']['language'])) { $user_selected_language=$_SESSION['_user']['language']; } else { $user_selected_language=get_setting('platformLanguage'); } if(!file_exists($home.'home_news_'.$user_selected_language.'.html')) { if (file_exists($home.'home_top.html')) $home_top_temp=file($home.'home_top.html'); else { $home_top_temp=file($home_old.'home_top.html'); } $home_top_temp=implode('',$home_top_temp); $open=str_replace('{rel_path}',api_get_path(REL_PATH),$home_top_temp); echo $open; } else { if(file_exists($home.'home_top_'.$user_selected_language.'.html')) { $home_top_temp = file_get_contents($home.'home_top_'.$user_selected_language.'.html'); } else { $home_top_temp = file_get_contents($home.'home_top.html'); } $open=str_replace('{rel_path}',api_get_path(REL_PATH),$home_top_temp); echo $open; } } // Display System announcements $announcement = isset($_GET['announcement']) ? $_GET['announcement'] : -1; $announcement = intval($announcement); if (isset($_user['user_id'])) { $visibility = api_is_allowed_to_create_course() ? VISIBLE_TEACHER : VISIBLE_STUDENT; SystemAnnouncementManager :: display_announcements($visibility, $announcement); } else { SystemAnnouncementManager :: display_announcements(VISIBLE_GUEST, $announcement); } // Display courses and category list if (!$page_included) { if (api_get_setting('display_categories_on_homepage') == 'true') { echo '
'; display_anonymous_course_list(); echo '
'; } } echo '
'; // display right menu: language form, login section + useful weblinks echo ''; /* ============================================================================== FOOTER ============================================================================== */ Display :: display_footer(); /** * This function handles the logout and is called whenever there is a $_GET['logout'] * * @author Patrick Cool , Ghent University */ function logout() { global $_configuration, $extAuthSource; // variable initialisation $query_string=''; if (!empty($_SESSION['user_language_choice'])) { $query_string='?language='.$_SESSION['user_language_choice']; } // Database table definition $tbl_track_login = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_LOGIN); // selecting the last login of the user $uid = intval($_GET['uid']); $sql_last_connection="SELECT login_id, login_date FROM $tbl_track_login WHERE login_user_id='$uid' ORDER BY login_date DESC LIMIT 0,1"; $q_last_connection=api_sql_query($sql_last_connection); if (Database::num_rows($q_last_connection)>0) { $i_id_last_connection=Database::result($q_last_connection,0,"login_id"); } if (!isset($_SESSION['login_as'])) { $current_date=date('Y-m-d H:i:s',time()); $s_sql_update_logout_date="UPDATE $tbl_track_login SET logout_date='".$current_date."' WHERE login_id='$i_id_last_connection'"; api_sql_query($s_sql_update_logout_date); } LoginDelete($uid, $_configuration['statistics_database']); //from inc/lib/online.inc.php - removes the "online" status //the following code enables the use of an external logout function. //example: define a $extAuthSource['ldap']['logout']="file.php" in configuration.php // then a function called ldap_logout() inside that file // (using *authent_name*_logout as the function name) and the following code // will find and execute it $uinfo = api_get_user_info($uid); if (($uinfo['auth_source'] != PLATFORM_AUTH_SOURCE) && is_array($extAuthSource)) { if (is_array($extAuthSource[$uinfo['auth_source']])) { $subarray = $extAuthSource[$uinfo['auth_source']]; if (!empty($subarray['logout']) && file_exists($subarray['logout'])) { include_once($subarray['logout']); $logout_function = $uinfo['auth_source'].'_logout'; if (function_exists($logout_function)) { $logout_function($uinfo); } } } } exit_of_chat($uid); api_session_destroy(); header("Location: index.php$query_string"); exit(); } /** * This function checks if there are courses that are open to the world in the platform course categories (=faculties) * * @param unknown_type $category * @return boolean */ function category_has_open_courses($category) { global $setting_show_also_closed_courses; $user_identified = (api_get_user_id()>0 && !api_is_anonymous()); $main_course_table = Database :: get_main_table(TABLE_MAIN_COURSE); $sql_query = "SELECT * FROM $main_course_table WHERE category_code='$category'"; $sql_result = api_sql_query($sql_query, __FILE__, __LINE__); while ($course = Database::fetch_array($sql_result)) { if ($setting_show_also_closed_courses == false) { if ((api_get_user_id()>0 and $course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM) or ($course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD)) { return true; //at least one open course } } else { if(isset($course['visibility'])){ return true; //at least one course (does not matter weither it's open or not because $setting_show_also_closed_courses = true } } } return false; } function display_create_course_link() { echo "
  • ".get_lang("CourseCreate")."
  • "; } function display_edit_course_list_links() { echo "
  • ".get_lang("CourseManagement")."
  • "; } /** * Displays the right-hand menu for anonymous users: * login form, useful links, help section * Warning: function defines globals * @version 1.0.1 * @todo does $_plugins need to be global? */ function display_anonymous_right_menu() { global $loginFailed, $_plugins, $_user, $menu_navigation; $platformLanguage = api_get_setting('platformLanguage'); if ( !($_user['user_id']) or api_is_anonymous($_user['user_id']) ) { // only display if the user isn't logged in api_display_language_form(true); echo '
    '; display_login_form(); if ($loginFailed) { echo '
    '; handle_login_failed(); } if (api_get_setting('allow_lostpassword') == 'true' OR api_get_setting('allow_registration') == 'true') { echo ''; } if (api_number_of_plugins('loginpage_menu') > 0) { echo '
    '; api_plugin('loginpage_menu'); echo '
    '; } } // My Account section if (isset($_SESSION['_user']['user_id']) && $_SESSION['_user']['user_id']!=0) { // tabs that are deactivated are added here $show_menu=false; $show_create_link=false; $show_course_link=false; $display_add_course_link = api_is_allowed_to_create_course() && ($_SESSION["studentview"] != "studentenview"); if ($display_add_course_link) { //display_create_course_link(); $show_menu=true; $show_create_link=true; } if (api_is_platform_admin() || api_is_course_admin() || api_is_allowed_to_create_course()) { $show_menu=true; $show_course_link=true; } else { if (api_get_setting('allow_students_to_browse_courses')=='true') { $show_menu=true; $show_course_link=true; } } if ($show_menu){ echo "
    "; echo "".get_lang("MenuUser").""; echo ""; echo "
    "; } if (!empty($menu_navigation)) { echo "
    "; echo "".get_lang("MainNavigation").""; echo ""; echo '
    '; } } // help section /*** hide right menu "general" and other parts on anonymous right menu *****/ $user_selected_language = api_get_interface_language(); global $home, $home_old; if (!isset ($user_selected_language)) { $user_selected_language = $platformLanguage; } if (!file_exists($home.'home_menu_'.$user_selected_language.'.html') && file_exists($home.'home_menu.html') && file_get_contents($home.'home_menu.html')!='') { echo "
    ", "".get_lang("MenuGeneral").""; echo "'; echo '
    '; } elseif(file_exists($home.'home_menu_'.$user_selected_language.'.html') && file_get_contents($home.'home_menu_'.$user_selected_language.'.html')!='') { echo "
    ", "".get_lang("MenuGeneral").""; echo "'; echo '
    '; } if ($_user['user_id'] && api_number_of_plugins('campushomepage_menu') > 0) { echo '
    '; api_plugin('campushomepage_menu'); echo '
    '; } // includes for any files to be displayed below anonymous right menu if (!file_exists($home.'home_notice_'.$user_selected_language.'.html') && file_exists($home.'home_notice.html') && file_get_contents($home.'home_notice.html')!='') { echo '
    '; if (file_exists($home.'home_notice.html')) include ($home.'home_notice.html'); else { include ($home_old.'home_notice.html'); } echo '
    '; } elseif(file_exists($home.'home_notice_'.$user_selected_language.'.html') && file_get_contents($home.'home_notice_'.$user_selected_language.'.html')!='') { echo '
    '; include($home.'home_notice_'.$user_selected_language.'.html'); echo '
    '; } } /** * Reacts on a failed login: * displays an explanation with * a link to the registration form. * * @version 1.0.1 */ function handle_login_failed() { if (!isset($_GET['error'])) { $message = get_lang("InvalidId"); if (api_is_self_registration_allowed()) { $message = get_lang("InvalidForSelfRegistration"); } } else { switch ($_GET['error']) { case '': $message = get_lang('InvalidId'); if (api_is_self_registration_allowed()) { $message = get_lang('InvalidForSelfRegistration'); } break; case 'account_expired': $message=get_lang('AccountExpired'); break; case 'account_inactive': $message=get_lang('AccountInactive'); break; case 'user_password_incorrect': $message=get_lang('InvalidId'); break; case 'access_url_inactive': $message=get_lang('AccountURLInactive'); break; } } echo "
    ".$message."
    "; } /** * Adds a form to let users login * @version 1.1 */ function display_login_form() { $form = new FormValidator('formLogin'); $form->addElement('text','login',get_lang('UserName'),array('size'=>17)); $form->addElement('password','password',get_lang('Pass'),array('size'=>17)); $form->addElement('style_submit_button','submitAuth',get_lang('langEnter'), array('class'=>'login', 'style'=>'float:left')); $renderer =& $form->defaultRenderer(); $renderer->setElementTemplate('
    {element}
    '); $form->display(); if (api_get_setting('openid_authentication')=='true') { include_once('main/auth/openid/login.php'); echo '
    '.openid_form().'
    '; } } /** * Displays a link to the lost password section */ function display_lost_password_info() { echo "
  • ".get_lang("LostPassword")."
  • "; } /** * Display list of courses in a category. * (for anonymous users) * * @version 1.1 * @author Patrick Cool , Ghent University - refactoring and code cleaning */ function display_anonymous_course_list() { $ctok = $_SESSION['sec_token']; $stok = Security::get_token(); //init $user_identified = (api_get_user_id()>0 && !api_is_anonymous()); $web_course_path = api_get_path(WEB_COURSE_PATH); $category = Database::escape_string($_GET['category']); global $setting_show_also_closed_courses; // Database table definitions $main_course_table = Database :: get_main_table(TABLE_MAIN_COURSE); $main_category_table = Database :: get_main_table(TABLE_MAIN_CATEGORY); $platformLanguage = api_get_setting('platformLanguage'); //get list of courses in category $category $sql_get_course_list = "SELECT * FROM $main_course_table cours WHERE category_code = '".Database::escape_string($_GET["category"])."' ORDER BY title, UPPER(visual_code)"; //showing only the courses of the current access_url_id global $_configuration; if ($_configuration['multiple_access_urls']==true) { $url_access_id = api_get_current_access_url_id(); if ($url_access_id !=-1) { $tbl_url_rel_course = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE); $sql_get_course_list="SELECT * FROM $main_course_table as course INNER JOIN $tbl_url_rel_course as url_rel_course ON (url_rel_course.course_code=course.code) WHERE access_url_id = $url_access_id AND category_code = '".Database::escape_string($_GET["category"])."' ORDER BY title, UPPER(visual_code)"; } } //removed: AND cours.visibility='".COURSE_VISIBILITY_OPEN_WORLD."' $sql_result_courses = api_sql_query($sql_get_course_list, __FILE__, __LINE__); while ($course_result = Database::fetch_array($sql_result_courses)) { $course_list[] = $course_result; } $platform_visible_courses = ''; // $setting_show_also_closed_courses if($user_identified) { if ($setting_show_also_closed_courses) { $platform_visible_courses = ''; } else { $platform_visible_courses = " AND (t3.visibility='".COURSE_VISIBILITY_OPEN_WORLD."' OR t3.visibility='".COURSE_VISIBILITY_OPEN_PLATFORM."' )"; } } else { if ($setting_show_also_closed_courses) { $platform_visible_courses = ''; } else { $platform_visible_courses = " AND (t3.visibility='".COURSE_VISIBILITY_OPEN_WORLD."' )"; } } $sqlGetSubCatList = " SELECT t1.name,t1.code,t1.parent_id,t1.children_count,COUNT(DISTINCT t3.code) AS nbCourse FROM $main_category_table t1 LEFT JOIN $main_category_table t2 ON t1.code=t2.parent_id LEFT JOIN $main_course_table t3 ON (t3.category_code=t1.code $platform_visible_courses) WHERE t1.parent_id ". (empty ($category) ? "IS NULL" : "='$category'")." GROUP BY t1.name,t1.code,t1.parent_id,t1.children_count ORDER BY t1.tree_pos, t1.name"; //showing only the category of courses of the current access_url_id global $_configuration; if ($_configuration['multiple_access_urls']==true) { $url_access_id = api_get_current_access_url_id(); if ($url_access_id !=-1) { $tbl_url_rel_course = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE); $sqlGetSubCatList = " SELECT t1.name,t1.code,t1.parent_id,t1.children_count,COUNT(DISTINCT t3.code) AS nbCourse FROM $main_category_table t1 LEFT JOIN $main_category_table t2 ON t1.code=t2.parent_id LEFT JOIN $main_course_table t3 ON (t3.category_code=t1.code $platform_visible_courses) INNER JOIN $tbl_url_rel_course as url_rel_course ON (url_rel_course.course_code=t3.code) WHERE access_url_id = $url_access_id AND t1.parent_id ". (empty ($category) ? "IS NULL" : "='$category'")." GROUP BY t1.name,t1.code,t1.parent_id,t1.children_count ORDER BY t1.tree_pos, t1.name"; } } $resCats = api_sql_query($sqlGetSubCatList, __FILE__, __LINE__); $thereIsSubCat = false; if (Database::num_rows($resCats) > 0) { $htmlListCat = "

    ".get_lang("CatList")."

    "."\n"; } echo $htmlTitre; if ($thereIsSubCat) { echo $htmlListCat; } while ($categoryName = Database::fetch_array($resCats)) { echo "

    ", $categoryName['name'], "

    \n"; } $numrows = Database::num_rows($sql_result_courses); $courses_list_string = ''; $courses_shown = 0; if ($numrows > 0) { if ($thereIsSubCat) { $courses_list_string .= "
    \n"; } $courses_list_string .= "

    ".get_lang("CourseList")."

    \n"."\n"; } else { // echo "
    ",get_lang('_No_course_publicly_available'),"
    \n"; } if ($courses_shown > 0) { //only display the list of courses and categories if there was more than // 0 courses visible to the world (we're in the anonymous list here) echo $courses_list_string; } if ($category != "") { echo "

    ", " ", Display :: return_icon('back.png', get_lang('BackToHomePage')),get_lang("BackToHomePage"), "", "

    \n"; } } /** * retrieves all the courses that the user has already subscribed to * @author Patrick Cool , Ghent University, Belgium * @param int $user_id: the id of the user * @return array an array containing all the information of the courses of the given user */ function get_courses_of_user($user_id) { $table_course = Database::get_main_table(TABLE_MAIN_COURSE); $table_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER); // Secondly we select the courses that are in a category (user_course_cat<>0) and sort these according to the sort of the category $user_id = intval($user_id); $sql_select_courses="SELECT course.code k, course.visual_code vc, course.subscribe subscr, course.unsubscribe unsubscr, course.title i, course.tutor_name t, course.db_name db, course.directory dir, course_rel_user.status status, course_rel_user.sort sort, course_rel_user.user_course_cat user_course_cat FROM $table_course course, $table_course_user course_rel_user WHERE course.code = course_rel_user.course_code AND course_rel_user.user_id = '".$user_id."' ORDER BY course_rel_user.sort ASC"; $result = api_sql_query($sql_select_courses,__FILE__,__LINE__); while ($row=Database::fetch_array($result)) { // we only need the database name of the course $courses[$row['k']] = array("db"=> $row['db'], "code" => $row['k'], "visual_code" => $row['vc'], "title" => $row['i'], "directory" => $row['dir'], "status" => $row['status'], "tutor" => $row['t'], "subscribe" => $row['subscr'], "unsubscribe" => $row['unsubscr'], "sort" => $row['sort'], "user_course_category" => $row['user_course_cat']); } return $courses; }