settings.php 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. use ChamiloSession as Session;
  4. /**
  5. * With this tool you can easily adjust non critical configuration settings.
  6. * Non critical means that changing them will not result in a broken campus.
  7. *
  8. * @author Patrick Cool
  9. * @author Julio Montoya - Multiple URL site
  10. *
  11. * @package chamilo.admin
  12. */
  13. // Resetting the course id.
  14. $cidReset = true;
  15. require_once __DIR__.'/../inc/global.inc.php';
  16. require_once 'settings.lib.php';
  17. // Setting the section (for the tabs).
  18. $this_section = SECTION_PLATFORM_ADMIN;
  19. $_SESSION['this_section'] = $this_section;
  20. // Access restrictions.
  21. api_protect_admin_script();
  22. // Submit stylesheets.
  23. if (isset($_POST['save']) && isset($_GET['category']) && $_GET['category'] === 'Stylesheets') {
  24. storeStylesheets();
  25. Display::addFlash(Display::return_message(get_lang('Saved.')));
  26. }
  27. // Settings to avoid
  28. $settings_to_avoid = [
  29. 'use_session_mode' => 'true',
  30. 'gradebook_enable' => 'false',
  31. // ON by default - now we have this option when we create a course
  32. 'example_material_course_creation' => 'true',
  33. ];
  34. $convert_byte_to_mega_list = [
  35. 'dropbox_max_filesize',
  36. 'message_max_upload_filesize',
  37. 'default_document_quotum',
  38. 'default_group_quotum',
  39. ];
  40. if (isset($_POST['style'])) {
  41. Display::$preview_style = $_POST['style'];
  42. }
  43. // Database table definitions.
  44. $table_settings_current = Database::get_main_table(TABLE_MAIN_SETTINGS_CURRENT);
  45. // Setting breadcrumbs.
  46. $interbreadcrumb[] = ['url' => 'index.php', 'name' => get_lang('Administration')];
  47. // Setting the name of the tool.
  48. $tool_name = get_lang('Configuration settings');
  49. if (empty($_GET['category'])) {
  50. $_GET['category'] = 'Platform';
  51. }
  52. $watermark_deleted = false;
  53. if (isset($_GET['delete_watermark'])) {
  54. $watermark_deleted = PDF::delete_watermark();
  55. Display::addFlash(Display::return_message(get_lang('File deleted')));
  56. }
  57. if (isset($_GET['action']) && $_GET['action'] == 'delete_grading') {
  58. $id = intval($_GET['id']);
  59. api_delete_setting_option($id);
  60. }
  61. $url_id = api_get_current_access_url_id();
  62. $settings = null;
  63. // Build the form.
  64. if (!empty($_GET['category']) &&
  65. !in_array($_GET['category'], ['Plugins', 'stylesheets', 'Search'])
  66. ) {
  67. $my_category = isset($_GET['category']) ? $_GET['category'] : null;
  68. $settings_array = getCategorySettings($my_category);
  69. $settings = $settings_array['settings'];
  70. $settings_by_access_list = $settings_array['settings_by_access_list'];
  71. $form = generateSettingsForm($settings, $settings_by_access_list);
  72. if ($form->validate()) {
  73. $values = $form->exportValues();
  74. $mark_all = false;
  75. $un_mark_all = false;
  76. if (api_is_multiple_url_enabled()) {
  77. if (isset($values['buttons_in_action_right']) &&
  78. isset($values['buttons_in_action_right']['mark_all'])
  79. ) {
  80. $mark_all = true;
  81. }
  82. if (isset($values['buttons_in_action_right']) &&
  83. isset($values['buttons_in_action_right']['unmark_all'])
  84. ) {
  85. $un_mark_all = true;
  86. }
  87. }
  88. if ($mark_all || $un_mark_all) {
  89. if (api_is_global_platform_admin()) {
  90. $locked_settings = api_get_locked_settings();
  91. foreach ($values as $key => $value) {
  92. if (!in_array($key, $locked_settings)) {
  93. $changeable = 0;
  94. if ($mark_all) {
  95. $changeable = 1;
  96. }
  97. $params = ['variable = ?' => [$key]];
  98. $data = api_get_settings_params($params);
  99. if (!empty($data)) {
  100. foreach ($data as $item) {
  101. $params = [
  102. 'id' => $item['id'],
  103. 'access_url_changeable' => $changeable,
  104. ];
  105. api_set_setting_simple($params);
  106. }
  107. }
  108. }
  109. }
  110. // Reload settings
  111. $settings_array = getCategorySettings($my_category);
  112. $settings = $settings_array['settings'];
  113. $settings_by_access_list = $settings_array['settings_by_access_list'];
  114. $form = generateSettingsForm(
  115. $settings,
  116. $settings_by_access_list
  117. );
  118. }
  119. }
  120. if (!empty($_FILES['pdf_export_watermark_path'])) {
  121. $pdf_export_watermark_path = $_FILES['pdf_export_watermark_path'];
  122. }
  123. if (isset($pdf_export_watermark_path) && !empty($pdf_export_watermark_path['name'])) {
  124. $pdf_export_watermark_path_result = PDF::upload_watermark(
  125. $pdf_export_watermark_path['name'],
  126. $pdf_export_watermark_path['tmp_name']
  127. );
  128. if ($pdf_export_watermark_path_result) {
  129. Display::addFlash(Display::return_message(get_lang('File upload succeeded!')));
  130. } else {
  131. $message = get_lang('The uploaded file could not be saved (perhaps a permission problem?)').' '.get_lang('Folder').': '.api_get_path(SYS_CODE_PATH).'default_course_document/images';
  132. Display::addFlash(Display::return_message($message), 'warning');
  133. }
  134. unset($update_values['pdf_export_watermark_path']);
  135. }
  136. // Set true for allow_message_tool variable if social tool is actived
  137. foreach ($convert_byte_to_mega_list as $item) {
  138. if (isset($values[$item])) {
  139. $values[$item] = round($values[$item] * 1024 * 1024);
  140. }
  141. }
  142. if (isset($values['allow_social_tool']) && $values['allow_social_tool'] == 'true') {
  143. $values['allow_message_tool'] = 'true';
  144. }
  145. foreach ($settings as $item) {
  146. $key = $item['variable'];
  147. if ($key === 'prevent_multiple_simultaneous_login') {
  148. Session::write('first_user_login', 1);
  149. }
  150. if (in_array($key, $settings_to_avoid)) {
  151. continue;
  152. }
  153. if ($key == 'search_field' || $key == 'submit_fixed_in_bottom') {
  154. continue;
  155. }
  156. $key = Database::escape_string($key);
  157. $sql = "UPDATE $table_settings_current
  158. SET selected_value = 'false'
  159. WHERE
  160. variable = '".$key."' AND
  161. access_url = ".intval($url_id)." AND
  162. type IN ('checkbox', 'radio') ";
  163. $res = Database::query($sql);
  164. }
  165. // Save the settings.
  166. $keys = [];
  167. foreach ($values as $key => $value) {
  168. if (strcmp($key, 'MAX_FILE_SIZE') === 0) {
  169. continue;
  170. }
  171. if (in_array($key, $settings_to_avoid)) {
  172. continue;
  173. }
  174. // Avoid form elements which have nothing to do with settings
  175. if ($key == 'search_field' || $key == 'submit_fixed_in_bottom') {
  176. continue;
  177. }
  178. // Treat gradebook values in separate function.
  179. //if (strpos($key, 'gradebook_score_display_custom_values') === false) {
  180. if (!is_array($value)) {
  181. $old_value = api_get_setting($key);
  182. switch ($key) {
  183. case 'header_extra_content':
  184. file_put_contents(api_get_home_path().'header_extra_content.txt', $value);
  185. $value = api_get_home_path().'header_extra_content.txt';
  186. break;
  187. case 'footer_extra_content':
  188. file_put_contents(api_get_home_path().'footer_extra_content.txt', $value);
  189. $value = api_get_home_path().'footer_extra_content.txt';
  190. break;
  191. case 'InstitutionUrl':
  192. case 'course_validation_terms_and_conditions_url':
  193. // URL validation for some settings.
  194. $value = trim(Security::remove_XSS($value));
  195. if ($value != '') {
  196. // Here we accept absolute URLs only.
  197. if (strpos($value, '://') === false) {
  198. $value = 'http://'.$value;
  199. }
  200. if (!api_valid_url($value, true)) {
  201. // If the new (non-empty) URL value is invalid, then the old URL value stays.
  202. $value = $old_value;
  203. }
  204. }
  205. // If the new URL value is empty, then it will be stored (i.e. the setting will be deleted).
  206. break;
  207. case 'emailAdministrator':
  208. // Validation against e-mail address for some settings.
  209. $value = trim(Security::remove_XSS($value));
  210. if ($value != '' && !api_valid_email($value)) {
  211. // If the new (non-empty) e-mail address is invalid, then the old e-mail address stays.
  212. // If the new e-mail address is empty, then it will be stored (i.e. the setting will be deleted).
  213. $value = $old_value;
  214. }
  215. break;
  216. }
  217. if ($old_value != $value) {
  218. $keys[] = $key;
  219. }
  220. $result = api_set_setting($key, $value, null, null, $url_id);
  221. } else {
  222. $sql = "SELECT subkey FROM $table_settings_current
  223. WHERE variable = '$key'";
  224. $res = Database::query($sql);
  225. while ($row_subkeys = Database::fetch_array($res)) {
  226. // If subkey is changed:
  227. if ((isset($value[$row_subkeys['subkey']]) && api_get_setting($key, $row_subkeys['subkey']) == 'false') ||
  228. (!isset($value[$row_subkeys['subkey']]) && api_get_setting($key, $row_subkeys['subkey']) == 'true')
  229. ) {
  230. $keys[] = $key;
  231. break;
  232. }
  233. }
  234. foreach ($value as $subkey => $subvalue) {
  235. $result = api_set_setting($key, 'true', $subkey, null, $url_id);
  236. }
  237. }
  238. }
  239. // Add event configuration settings category to the system log.
  240. $user_id = api_get_user_id();
  241. $category = $_GET['category'];
  242. Event::addEvent(
  243. LOG_CONFIGURATION_SETTINGS_CHANGE,
  244. LOG_CONFIGURATION_SETTINGS_CATEGORY,
  245. $category,
  246. api_get_utc_datetime(),
  247. $user_id
  248. );
  249. // Add event configuration settings variable to the system log.
  250. if (is_array($keys) && count($keys) > 0) {
  251. foreach ($keys as $variable) {
  252. if (in_array($key, $settings_to_avoid)) {
  253. continue;
  254. }
  255. Event::addEvent(
  256. LOG_CONFIGURATION_SETTINGS_CHANGE,
  257. LOG_CONFIGURATION_SETTINGS_VARIABLE,
  258. $variable,
  259. api_get_utc_datetime(),
  260. $user_id
  261. );
  262. }
  263. }
  264. Display::addFlash(Display::return_message(get_lang('Update successful')));
  265. header('Location: '.api_get_self().'?category='.Security::remove_XSS($my_category));
  266. exit;
  267. }
  268. }
  269. $htmlHeadXtra[] = '<script>
  270. var hide_icon = "'.api_get_path(WEB_IMG_PATH).'/icons/32/shared_setting_na.png";
  271. var show_icon = "'.api_get_path(WEB_IMG_PATH).'/icons/32/shared_setting.png";
  272. var url = "'.api_get_path(WEB_AJAX_PATH).'admin.ajax.php?a=update_changeable_setting";
  273. $(function() {
  274. $(".share_this_setting").on("click", function() {
  275. var my_img = $(this).find("img");
  276. var link = $(this);
  277. $.ajax({
  278. url: url,
  279. data: {
  280. changeable: $(this).attr("data_status"),
  281. id: $(this).attr("data_to_send")
  282. },
  283. success: function(data) {
  284. if (data == 1) {
  285. if (link.attr("data_status") == 1) {
  286. my_img.attr("src", show_icon);
  287. link.attr("data_status", 0);
  288. } else {
  289. my_img.attr("src", hide_icon);
  290. link.attr("data_status", 1);
  291. }
  292. }
  293. }
  294. });
  295. });
  296. });
  297. </script>';
  298. // The action images.
  299. $action_images['platform'] = 'platform.png';
  300. $action_images['course'] = 'course.png';
  301. $action_images['session'] = 'session.png';
  302. $action_images['tools'] = 'tools.png';
  303. $action_images['user'] = 'user.png';
  304. $action_images['gradebook'] = 'gradebook.png';
  305. $action_images['ldap'] = 'ldap.png';
  306. $action_images['cas'] = 'cas.png';
  307. $action_images['security'] = 'security.png';
  308. $action_images['languages'] = 'languages.png';
  309. $action_images['tuning'] = 'tuning.png';
  310. $action_images['templates'] = 'template.png';
  311. $action_images['search'] = 'search.png';
  312. $action_images['editor'] = 'html_editor.png';
  313. $action_images['timezones'] = 'timezone.png';
  314. $action_images['extra'] = 'wizard.png';
  315. $action_images['tracking'] = 'statistics.png';
  316. $action_images['gradebook'] = 'gradebook.png';
  317. $action_images['search'] = 'search.png';
  318. $action_images['stylesheets'] = 'stylesheets.png';
  319. $action_images['templates'] = 'template.png';
  320. $action_images['plugins'] = 'plugins.png';
  321. $action_images['shibboleth'] = 'shibboleth.png';
  322. $action_images['facebook'] = 'facebook.png';
  323. $action_images['crons'] = 'crons.png';
  324. $action_images['webservices'] = 'webservices.png';
  325. $action_array = [];
  326. $resultcategories = [];
  327. $resultcategories[] = ['category' => 'Platform'];
  328. $resultcategories[] = ['category' => 'Course'];
  329. $resultcategories[] = ['category' => 'Session'];
  330. $resultcategories[] = ['category' => 'Languages'];
  331. $resultcategories[] = ['category' => 'User'];
  332. $resultcategories[] = ['category' => 'Tools'];
  333. $resultcategories[] = ['category' => 'Editor'];
  334. $resultcategories[] = ['category' => 'Security'];
  335. $resultcategories[] = ['category' => 'Tuning'];
  336. $resultcategories[] = ['category' => 'Gradebook'];
  337. $resultcategories[] = ['category' => 'Timezones'];
  338. $resultcategories[] = ['category' => 'Tracking'];
  339. $resultcategories[] = ['category' => 'Search'];
  340. $resultcategories[] = ['category' => 'Stylesheets'];
  341. $resultcategories[] = ['category' => 'Templates'];
  342. $resultcategories[] = ['category' => 'Plugins'];
  343. $resultcategories[] = ['category' => 'LDAP'];
  344. $resultcategories[] = ['category' => 'CAS'];
  345. $resultcategories[] = ['category' => 'Shibboleth'];
  346. $resultcategories[] = ['category' => 'Facebook'];
  347. $resultcategories[] = ['category' => 'Crons'];
  348. $resultcategories[] = ['category' => 'WebServices'];
  349. foreach ($resultcategories as $row) {
  350. $url = [];
  351. $url['url'] = api_get_self()."?category=".$row['category'];
  352. $url['content'] = Display::return_icon(
  353. $action_images[strtolower($row['category'])],
  354. api_ucfirst(get_lang($row['category'])),
  355. [],
  356. ICON_SIZE_MEDIUM
  357. );
  358. if (strtolower($row['category']) == strtolower($_GET['category'])) {
  359. $url['active'] = true;
  360. }
  361. $action_array[] = $url;
  362. }
  363. ob_start();
  364. if (!empty($_GET['category'])) {
  365. switch ($_GET['category']) {
  366. case 'Regions':
  367. handleRegions();
  368. break;
  369. case 'Plugins':
  370. // Displaying the extensions: Plugins.
  371. // This will be available to all the sites (access_urls).
  372. $securityToken = isset($_GET['sec_token']) ? Security::remove_XSS($_GET['sec_token']) : null;
  373. if (isset($_POST['submit_dashboard_plugins']) && Security::check_token($securityToken)) {
  374. Security::clear_token();
  375. $affected_rows = DashboardManager::store_dashboard_plugins($_POST);
  376. if ($affected_rows) {
  377. // add event to system log
  378. $user_id = api_get_user_id();
  379. $category = $_GET['category'];
  380. Event::addEvent(
  381. LOG_CONFIGURATION_SETTINGS_CHANGE,
  382. LOG_CONFIGURATION_SETTINGS_CATEGORY,
  383. $category,
  384. api_get_utc_datetime(),
  385. $user_id
  386. );
  387. echo Display::return_message(get_lang('Dashboard pluginsUpdate successfulSuccessfully'), 'confirmation');
  388. }
  389. }
  390. echo '<div class="tab_wrapper">';
  391. echo '<ul class="nav nav-tabs" id="tabs" role="tablist">';
  392. echo '<li class="nav-item"><a id="plugin-tab-1" class="nav-link active" href="#tab1" aria-controls="tab1" aria-selected="true">'.get_lang('Plugins').'</a></li>';
  393. echo '<li class="nav-item"><a id="plugin-tab-2" class="nav-link" href="#tab2" aria-controls="tab2" aria-selected="false">'.get_lang('Dashboard plugins').'</a></li>';
  394. echo '<li class="nav-item"><a id="plugin-tab-3" class="nav-link" href="#tab3" aria-controls="tab3" aria-selected="false">'.get_lang('Configure extensions').'</a></li>';
  395. echo '</ul>';
  396. echo '<div class="tab-content" id="tabs-content">';
  397. echo '<div class="tab-pane fade show active" id="tab1" role="tabpanel" aria-labelledby="plugin-tab-1">';
  398. handlePlugins();
  399. echo '</div>';
  400. echo '<div class="tab-pane fade" id="tab2" role="tabpanel" aria-labelledby="plugin-tab-2">';
  401. DashboardManager::handle_dashboard_plugins();
  402. echo '</div>';
  403. echo '<div class="tab-pane fade" id="tab3" role="tabpanel" aria-labelledby="plugin-tab-3">';
  404. handleExtensions();
  405. echo '</div>';
  406. echo '</div>';
  407. echo '</div>';
  408. break;
  409. case 'Stylesheets':
  410. // Displaying the extensions: Stylesheets.
  411. handleStylesheets();
  412. break;
  413. case 'Search':
  414. handleSearch();
  415. break;
  416. case 'Templates':
  417. handleTemplates();
  418. break;
  419. default:
  420. api_not_allowed(true);
  421. break;
  422. }
  423. }
  424. $content = ob_get_clean();
  425. // Including the header (banner).
  426. Display::display_header($tool_name);
  427. echo $content;
  428. Display::display_footer();