首頁 探索 說明
註冊 登入
aj
/
chamilo-lms2
1
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
目錄樹: e7c246f349
分支列表 標籤列表
chamilo-lms2
/
main
/
admin
/
configure_homepage.php

configure_homepage.php 52 KB
文件歷史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163 
  1. <?php
    2. 

  2. /* For licensing terms, see /license.txt */
    3. 

  3. /**
    4. 

  4.  * Configure the portal homepage (manages multi-urls and languages)
    5. 

  5.  * @package chamilo.admin
    6. 

  6.  */
    7. 

  7. /**
    8. 

  8.  * Code
    9. 

  9.  */
    10. 

  10. $language_file = array('index', 'admin', 'accessibility');
    11. 

  11. $cidReset = true;
    12. 

  12. require_once '../inc/global.inc.php';
    13. 

  13. 

  14. $this_section = SECTION_PLATFORM_ADMIN;
    15. 

  15. $_SESSION['this_section'] = $this_section;
    16. 

  16. $this_page = '';
    17. 

  17. 

  18. api_protect_admin_script();
    19. 

  19. 

  20. require_once api_get_path(LIBRARY_PATH).'WCAG/WCAG_rendering.php';
    21. 

  21. 

  22. $action = isset($_GET['action']) ? Security::remove_XSS($_GET['action']) : null;
    23. 

  23. $tbl_category = Database::get_main_table(TABLE_MAIN_CATEGORY);
    24. 

  24. $tool_name = get_lang('ConfigureHomePage');
    25. 

  25. $_languages = api_get_languages();
    26. 

  26. 

  27. $interbreadcrumb[] = array('url' => 'index.php', 'name' => get_lang('PlatformAdmin'));
    28. 

  28. 

  29. if (!empty($action)) {
    30. 

  30.     $interbreadcrumb[] = array('url' => 'configure_homepage.php', 'name' => get_lang('ConfigureHomePage'));
    31. 

  31.     switch ($action) {
    32. 

  32.         case 'edit_top':
    33. 

  33.             $tool_name = get_lang('EditHomePage');
    34. 

  34.             break;
    35. 

  35.         case 'edit_news':
    36. 

  36.             $tool_name = get_lang('EditNews');
    37. 

  37.             break;
    38. 

  38.         case 'edit_notice':
    39. 

  39.             $tool_name = get_lang('EditNotice');
    40. 

  40.             break;
    41. 

  41.         case 'insert_link':
    42. 

  42.             $tool_name = get_lang('InsertLink');
    43. 

  43.             break;
    44. 

  44.         case 'edit_link':
    45. 

  45.             $tool_name = get_lang('EditLink');
    46. 

  46.             break;
    47. 

  47.         case 'insert_tabs':
    48. 

  48.             $tool_name = get_lang('InsertTabs');
    49. 

  49.             break;
    50. 

  50.         case 'edit_tabs':
    51. 

  51.             $tool_name = get_lang('EditTabs');
    52. 

  52.             break;
    53. 

  53.     }
    54. 

  54. }
    55. 

  55. 

  56. // The global logic for language priorities should be:
    57. 

  57. // - take language selected when connecting ($_SESSION['user_language_choice'])
    58. 

  58. //   or last language selected (taken from select box into SESSION by global.inc.php)
    59. 

  59. //   or, if unavailable;
    60. 

  60. // - take default user language ($_SESSION['_user']['language']) - which is taken from
    61. 

  61. //   the database in local.inc.php or, if unavailable;
    62. 

  62. // - take platform language (taken from the database campus setting 'platformLanguage')
    63. 

  63. // Then if a language file doesn't exist, it should be created.
    64. 

  64. // The default language for the homepage should use the default platform language
    65. 

  65. // (if nothing else is selected), which means the 'no-language' file should be taken
    66. 

  66. // to fill a new 'language-specified' language file, and then only the latter should be
    67. 

  67. // modified. The original 'no-language' files should never be modified.
    68. 

  68. 

  69. // ----- Language selection -----
    70. 

  70. // The final language selected and used everywhere in this script follows the rules
    71. 

  71. // described above and is put into "$lang". Because this script includes
    72. 

  72. // global.inc.php, the variables used for language purposes below are considered safe.
    73. 

  73. 

  74. $lang = ''; //el for "Edit Language"
    75. 

  75. if (!empty($_SESSION['user_language_choice'])) {
    76. 

  76.     $lang = $_SESSION['user_language_choice'];
    77. 

  77. } elseif (!empty($_SESSION['_user']['language'])) {
    78. 

  78.     $lang = $_SESSION['_user']['language'];
    79. 

  79. } else {
    80. 

  80.     $lang = api_get_setting('platformLanguage');
    81. 

  81. }
    82. 

  82. 

  83. // Ensuring availability of main files in the corresponding language
    84. 

  84. $homePath = api_get_path(SYS_DATA_PATH).'home/';
    85. 

  85. 

  86. if (api_is_multiple_url_enabled()) {
    87. 

  87.     $access_url_id = api_get_current_access_url_id();
    88. 

  88.     if ($access_url_id != -1) {
    89. 

  89.         $url_info = api_get_access_url($access_url_id);
    90. 

  90.         $url = api_remove_trailing_slash(preg_replace('/https?:\/\//i', '', $url_info['url']));
    91. 

  91.         $clean_url = api_replace_dangerous_char($url);
    92. 

  92.         $clean_url = str_replace('/', '-', $clean_url);
    93. 

  93.         $clean_url .= '/';
    94. 

  94. 

  95.         $homep_new = $homePath.$clean_url; //homep for Home Path added the url
    96. 

  96.         $new_url_dir = $homePath.$clean_url;
    97. 

  97.         //we create the new dir for the new sites
    98. 

  98.         if (!is_dir($new_url_dir)) {
    99. 

  99.             mkdir($new_url_dir, api_get_permissions_for_new_directories());
    100. 

  100.         }
    101. 

  101.     }
    102. 

  102. } else {
    103. 

  103.     $homep_new = '';
    104. 

  104.     //$homep = api_get_path(SYS_PATH).'home/'; //homep for Home Path
    105. 

  105. }
    106. 

  106. 

  107. $menuf = 'home_menu'; //menuf for Menu File
    108. 

  108. $newsf = 'home_news'; //newsf for News File
    109. 

  109. $topf = 'home_top'; //topf for Top File
    110. 

  110. $noticef = 'home_notice'; //noticef for Notice File
    111. 

  111. $menutabs = 'home_tabs'; //menutabs for tabs Menu
    112. 

  112. $ext = '.html'; //ext for HTML Extension - when used frequently, variables are
    113. 

  113. // faster than hardcoded strings
    114. 

  114. $homef = array($menuf, $newsf, $topf, $noticef, $menutabs);
    115. 

  115. 

  116. // If language-specific file does not exist, create it by copying default file
    117. 

  117. foreach ($homef as $my_file) {
    118. 

  118.     if (api_is_multiple_url_enabled()) {
    119. 

  119.         if (!file_exists($homep_new.$my_file.'_'.$lang.$ext)) {
    120. 

  120.             copy($homePath.$my_file.$ext, $homep_new.$my_file.'_'.$lang.$ext);
    121. 

  121.         }
    122. 

  122.     } else {
    123. 

  123.         if (!file_exists($homePath.$my_file.'_'.$lang.$ext)) {
    124. 

  124.             copy($homePath.$my_file.$ext, $homePath.$my_file.'_'.$lang.$ext);
    125. 

  125.         }
    126. 

  126.     }
    127. 

  127. }
    128. 

  128. if (api_is_multiple_url_enabled()) {
    129. 

  129.     $homePath = $homep_new;
    130. 

  130. }
    131. 

  131. 

  132. // Check WCAG settings and prepare edition using WCAG
    133. 

  133. $errorMsg = '';
    134. 

  134. if (api_get_setting('wcag_anysurfer_public_pages') == 'true') {
    135. 

  135.     $errorMsg = WCAG_Rendering::request_validation();
    136. 

  136. }
    137. 

  137. 

  138. // Filter link param
    139. 

  139. $link = '';
    140. 

  140. if (!empty($_GET['link'])) {
    141. 

  141.     $link = $_GET['link'];
    142. 

  142.     // If the link parameter is suspicious, empty it
    143. 

  143.     if (strstr($link, '/') || !strstr($link, '.html') || strstr($link, '\\')) {
    144. 

  144.         $link = '';
    145. 

  145.         $action = '';
    146. 

  146.     }
    147. 

  147. }
    148. 

  148. 

  149. // Start analysing requested actions
    150. 

  150. if (!empty($action)) {
    151. 

  151.     if (isset($_POST['formSent']) && $_POST['formSent']) {
    152. 

  152.         // Variables used are $homep for home path, $menuf for menu file, $newsf
    153. 

  153.         // for news file, $topf for top file, $noticef for noticefile,
    154. 

  154.         // $ext for '.html'
    155. 

  155.         switch ($action) {
    156. 

  156.             case 'edit_top':
    157. 

  157.                 // Filter
    158. 

  158.                 $home_top = '';
    159. 

  159.                 if (api_get_setting('wcag_anysurfer_public_pages') == 'true') {
    160. 

  160.                     $home_top = WCAG_Rendering::prepareXHTML();
    161. 

  161.                 } else {
    162. 

  162.                     $home_top = trim(stripslashes($_POST['home_top']));
    163. 

  163.                 }
    164. 

  164. 

  165.                 // Write
    166. 

  166.                 if (file_exists($homePath.$topf.'_'.$lang.$ext)) {
    167. 

  167.                     if (is_writable($homePath.$topf.'_'.$lang.$ext)) {
    168. 

  168.                         $fp = fopen($homePath.$topf.'_'.$lang.$ext, 'w');
    169. 

  169.                         fputs($fp, $home_top);
    170. 

  170.                         fclose($fp);
    171. 

  171.                     } else {
    172. 

  172.                         $errorMsg = get_lang('HomePageFilesNotWritable');
    173. 

  173.                     }
    174. 

  174.                 } else {
    175. 

  175.                     //File does not exist
    176. 

  176.                     $fp = fopen($homePath.$topf.'_'.$lang.$ext, 'w');
    177. 

  177.                     fputs($fp, $home_top);
    178. 

  178.                     fclose($fp);
    179. 

  179.                 }
    180. 

  180. 

  181.                 if (EventsMail::check_if_using_class('portal_homepage_edited')) {
    182. 

  182.                     EventsDispatcher::events('portal_homepage_edited', array('about_user' => api_get_user_id()));
    183. 

  183.                 }
    184. 

  184.                 event_system(
    185. 

  185.                     LOG_HOMEPAGE_CHANGED,
    186. 

  186.                     'edit_top',
    187. 

  187.                     Text::cut(strip_tags($home_top), 254),
    188. 

  188.                     api_get_utc_datetime(),
    189. 

  189.                     api_get_user_id()
    190. 

  190.                 );
    191. 

  191.                 break;
    192. 

  192.             case 'edit_notice':
    193. 

  193.                 // Filter
    194. 

  194.                 $notice_title = trim(strip_tags(stripslashes($_POST['notice_title'])));
    195. 

  195.                 $notice_text = trim(
    196. 

  196.                     str_replace(
    197. 

  197.                         array("\r", "\n"),
    198. 

  198.                         array('', '<br />'),
    199. 

  199.                         strip_tags(stripslashes($_POST['notice_text']), '<a>')
    200. 

  200.                     )
    201. 

  201.                 );
    202. 

  202.                 if (empty($notice_title) || empty($notice_text)) {
    203. 

  203.                     $errorMsg = get_lang('NoticeWillBeNotDisplayed');
    204. 

  204.                 }
    205. 

  205.                 // Write
    206. 

  206.                 if (file_exists($homePath.$noticef.'_'.$lang.$ext)) {
    207. 

  207.                     if (is_writable($homePath.$noticef.'_'.$lang.$ext)) {
    208. 

  208.                         $fp = fopen($homePath.$noticef.'_'.$lang.$ext, 'w');
    209. 

  209.                         if ($errorMsg == '') {
    210. 

  210.                             fputs($fp, "<b>$notice_title</b><br />\n$notice_text");
    211. 

  211.                         } else {
    212. 

  212.                             fputs($fp, '');
    213. 

  213.                         }
    214. 

  214.                         fclose($fp);
    215. 

  215.                     } else {
    216. 

  216.                         $errorMsg .= "<br/>\n".get_lang('HomePageFilesNotWritable');
    217. 

  217.                     }
    218. 

  218.                 } else {
    219. 

  219.                     //File does not exist
    220. 

  220.                     $fp = fopen($homePath.$noticef.'_'.$lang.$ext, 'w');
    221. 

  221.                     fputs($fp, "<b>$notice_title</b><br />\n$notice_text");
    222. 

  222.                     fclose($fp);
    223. 

  223.                 }
    224. 

  224.                 event_system(
    225. 

  225.                     LOG_HOMEPAGE_CHANGED,
    226. 

  226.                     'edit_notice',
    227. 

  227.                     Text::cut(strip_tags($notice_title), 254),
    228. 

  228.                     api_get_utc_datetime(),
    229. 

  229.                     api_get_user_id()
    230. 

  230.                 );
    231. 

  231.                 break;
    232. 

  232.             case 'edit_news':
    233. 

  233.                 //Filter
    234. 

  234.                 //$s_languages_news=$_POST["news_languages"]; // TODO: Why this line has been disabled?
    235. 

  235.                 if (api_get_setting('wcag_anysurfer_public_pages') == 'true') {
    236. 

  236.                     $home_news = WCAG_rendering::prepareXHTML();
    237. 

  237.                 } else {
    238. 

  238.                     $home_news = trim(stripslashes($_POST['home_news']));
    239. 

  239.                 }
    240. 

  240.                 //Write
    241. 

  241.                 if ($s_languages_news != 'all') {
    242. 

  242.                     if (file_exists($homePath.$newsf.'_'.$s_languages_news.$ext)) {
    243. 

  243.                         if (is_writable($homePath.$newsf.'_'.$s_languages_news.$ext)) {
    244. 

  244.                             $fp = fopen($homePath.$newsf.'_'.$s_languages_news.$ext, 'w');
    245. 

  245.                             fputs($fp, $home_news);
    246. 

  246.                             fclose($fp);
    247. 

  247.                         } else {
    248. 

  248.                             $errorMsg = get_lang('HomePageFilesNotWritable');
    249. 

  249.                         }
    250. 

  250.                     } else {
    251. 

  251.                         // File does not exist
    252. 

  252.                         $fp = fopen($homePath.$newsf.'_'.$s_languages_news.$ext, 'w');
    253. 

  253.                         fputs($fp, $home_news);
    254. 

  254.                         fclose($fp);
    255. 

  255.                     }
    256. 

  256.                 } else {
    257. 

  257.                     // We update all the news file
    258. 

  258.                     $_languages = api_get_languages();
    259. 

  259.                     foreach ($_languages['name'] as $key => $value) {
    260. 

  260.                         $english_name = $_languages['folder'][$key];
    261. 

  261.                         if (file_exists($homePath.$newsf.'_'.$english_name.$ext)) {
    262. 

  262.                             if (is_writable($homePath.$newsf.'_'.$english_name.$ext)) {
    263. 

  263.                                 $fp = fopen($homePath.$newsf.'_'.$english_name.$ext, 'w');
    264. 

  264.                                 fputs($fp, $home_news);
    265. 

  265.                                 fclose($fp);
    266. 

  266.                             } else {
    267. 

  267.                                 $errorMsg = get_lang('HomePageFilesNotWritable');
    268. 

  268.                             }
    269. 

  269.                         } else {
    270. 

  270.                             // File does not exist
    271. 

  271.                             $fp = fopen($homePath.$newsf.'_'.$english_name.$ext, 'w');
    272. 

  272.                             fputs($fp, $home_news);
    273. 

  273.                             fclose($fp);
    274. 

  274.                         }
    275. 

  275.                     }
    276. 

  276.                 }
    277. 

  277.                 event_system(
    278. 

  278.                     LOG_HOMEPAGE_CHANGED,
    279. 

  279.                     'edit_news',
    280. 

  280.                     strip_tags(Text::cut($home_news, 254)),
    281. 

  281.                     api_get_utc_datetime(),
    282. 

  282.                     api_get_user_id()
    283. 

  283.                 );
    284. 

  284.                 break;
    285. 

  285.             case 'insert_tabs':
    286. 

  286.             case 'edit_tabs':
    287. 

  287.             case 'insert_link':
    288. 

  288.             case 'edit_link':
    289. 

  289.                 $link_index = intval($_POST['link_index']);
    290. 

  290.                 $insert_where = intval($_POST['insert_where']);
    291. 

  291.                 $link_name = trim(stripslashes($_POST['link_name']));
    292. 

  292.                 $link_url = trim(stripslashes($_POST['link_url']));
    293. 

  293.                 $add_in_tab = intval($_POST['add_in_tab']);
    294. 

  294. 

  295.                 // WCAG
    296. 

  296.                 if (api_get_setting('wcag_anysurfer_public_pages') == 'true') {
    297. 

  297.                     $link_html = WCAG_Rendering::prepareXHTML();
    298. 

  298.                 } else {
    299. 

  299.                     $link_html = trim(stripslashes($_POST['link_html']));
    300. 

  300.                 }
    301. 

  301. 

  302.                 $filename = trim(stripslashes($_POST['filename']));
    303. 

  303.                 $target_blank = $_POST['target_blank'] ? true : false;
    304. 

  304. 

  305.                 if ($link_url == 'http://' || $link_url == 'https://') {
    306. 

  306.                     $link_url = '';
    307. 

  307.                 } elseif (!empty($link_url) && !strstr($link_url, '://')) {
    308. 

  308.                     $link_url = 'http://'.$link_url;
    309. 

  309.                 }
    310. 

  310.                 $menuf = ($action == 'insert_tabs' || $action == 'edit_tabs') ? $menutabs : $menuf;
    311. 

  311.                 if (!is_writable($homePath.$menuf.'_'.$lang.$ext)) {
    312. 

  312.                     $errorMsg = get_lang('HomePageFilesNotWritable');
    313. 

  313.                 } elseif (empty($link_name)) {
    314. 

  314.                     $errorMsg = get_lang('PleaseEnterLinkName');
    315. 

  315.                 } else {
    316. 

  316.                     // New links are added as new files in the home/ directory
    317. 

  317.                     if ($action == 'insert_link' || $action == 'insert_tabs' || empty($filename) || strstr(
    318. 

  318.                         $filename,
    319. 

  319.                         '/'
    320. 

  320.                     ) || !strstr($filename, '.html')
    321. 

  321.                     ) {
    322. 

  322.                         $filename = api_replace_dangerous_char($link_name, 'strict').'.html';
    323. 

  323.                     }
    324. 

  324.                     // "home_" prefix for links are renamed to "user_" prefix (to avoid name clash with existing home page files)
    325. 

  325.                     if (!empty($filename)) {
    326. 

  326.                         $filename = str_replace('home_', 'user_', $filename);
    327. 

  327.                     }
    328. 

  328.                     // If the typical language suffix is not found in the file name,
    329. 

  329.                     // replace the ".html" suffix by "_en.html" or the active menu language
    330. 

  330.                     if (!strstr($filename, '_'.$lang.$ext)) {
    331. 

  331.                         $filename = str_replace($ext, '_'.$lang.$ext, $filename);
    332. 

  332.                     }
    333. 

  333.                     // Get the contents of home_menu_en.html (or active menu language
    334. 

  334.                     // version) into $home_menu as an array of one entry per line
    335. 

  335.                     $home_menu = file($homePath.$menuf.'_'.$lang.$ext);
    336. 

  336.                     $home_menu = implode("\n", $home_menu);
    337. 

  337.                     $home_menu = api_to_system_encoding($home_menu, api_detect_encoding(strip_tags($home_menu)));
    338. 

  338.                     $home_menu = explode("\n", $home_menu);
    339. 

  339.                     $home_menu = array_values(array_filter(array_map('trim', $home_menu), 'strlen'));
    340. 

  340.                     // Prepare place to insert the new link into (default is end of file)
    341. 

  341.                     if ($insert_where < -1 || $insert_where > (sizeof($home_menu) - 1)) {
    342. 

  342.                         $insert_where = sizeof($home_menu) - 1;
    343. 

  343.                     }
    344. 

  344.                     //
    345. 

  345.                     // For each line of the file, remove trailing spaces and special chars
    346. 

  346.                     //foreach ($home_menu as $key => $enreg) {
    347. 

  347.                     //	$home_menu[$key] = trim($enreg);
    348. 

  348.                     //}
    349. 

  349.                     //
    350. 

  350.                     // If the given link url is empty, then replace the link url by a link to the link file created
    351. 

  351. 

  352.                     if (empty($link_url) || $link_url == 'http://' || $link_url == 'https://') {
    353. 

  353.                         $link_url = api_get_path(WEB_PATH).'index.php?include='.urlencode($filename);
    354. 

  354.                         // If the file doesn't exist, then create it and
    355. 

  355.                         // fill it with default text
    356. 

  356. 

  357.                         $fp = @fopen($homePath.$filename, 'w');
    358. 

  358.                         if ($fp) {
    359. 

  359.                             if (empty($link_html)) {
    360. 

  360.                                 fputs($fp, get_lang('MyTextHere'));
    361. 

  361.                             } else {
    362. 

  362.                                 fputs($fp, $link_html);
    363. 

  363.                             }
    364. 

  364.                             fclose($fp);
    365. 

  365.                         }
    366. 

  366.                     }
    367. 

  367.                     // If the requested action is to edit a link, open the file and
    368. 

  368.                     // write to it (if the file doesn't exist, create it)
    369. 

  369.                     if (in_array($action, array('edit_link')) && !empty($link_html)) {
    370. 

  370.                         $fp = @fopen($homePath.$filename, 'w');
    371. 

  371.                         if ($fp) {
    372. 

  372.                             fputs($fp, $link_html);
    373. 

  373.                             fclose($fp);
    374. 

  374.                         }
    375. 

  375.                     }
    376. 

  376. 

  377.                     $class_add_in_tab = 'class="show_menu"';
    378. 

  378.                     if (!$add_in_tab) {
    379. 

  379.                         $class_add_in_tab = 'class="hide_menu"';
    380. 

  380.                     }
    381. 

  381. 

  382.                     // If the requested action is to create a link, make some room
    383. 

  383.                     // for the new link in the home_menu array at the requested place
    384. 

  384.                     // and insert the new link there
    385. 

  385.                     if ($action == 'insert_link' || $action == 'insert_tabs') {
    386. 

  386.                         for ($i = sizeof($home_menu); $i; $i--) {
    387. 

  387.                             if ($i > $insert_where) {
    388. 

  388.                                 $home_menu[$i] = $home_menu[$i - 1];
    389. 

  389.                             } else {
    390. 

  390.                                 break;
    391. 

  391.                             }
    392. 

  392.                         }
    393. 

  393. 

  394. 

  395.                         $home_menu[$insert_where + 1] = '<li '.$class_add_in_tab.'><a href="'.$link_url.'" target="'.($target_blank ? '_blank' : '_self').'"><span>'.$link_name.'</span></a></li>';
    396. 

  396.                     } else {
    397. 

  397.                         // If the request is about a link edition, change the link
    398. 

  398.                         $home_menu[$link_index] = '<li '.$class_add_in_tab.'><a href="'.$link_url.'" target="'.($target_blank ? '_blank' : '_self').'"><span>'.$link_name.'</span></a></li>';
    399. 

  399.                     }
    400. 

  400.                     // Re-build the file from the home_menu array
    401. 

  401.                     $home_menu = implode("\n", $home_menu);
    402. 

  402.                     // Write
    403. 

  403.                     if (file_exists($homePath.$menuf.'_'.$lang.$ext)) {
    404. 

  404.                         if (is_writable($homePath.$menuf.'_'.$lang.$ext)) {
    405. 

  405.                             $fp = fopen($homePath.$menuf.'_'.$lang.$ext, 'w');
    406. 

  406.                             fputs($fp, $home_menu);
    407. 

  407.                             fclose($fp);
    408. 

  408.                             if (file_exists($homePath.$menuf.$ext)) {
    409. 

  409.                                 if (is_writable($homePath.$menuf.$ext)) {
    410. 

  410.                                     $fpo = fopen($homePath.$menuf.$ext, 'w');
    411. 

  411.                                     fputs($fpo, $home_menu);
    412. 

  412.                                     fclose($fpo);
    413. 

  413.                                 }
    414. 

  414.                             }
    415. 

  415.                         } else {
    416. 

  416.                             $errorMsg = get_lang('HomePageFilesNotWritable');
    417. 

  417.                         }
    418. 

  418.                     } else {
    419. 

  419.                         //File does not exist
    420. 

  420.                         $fp = fopen($homePath.$menuf.'_'.$lang.$ext, 'w');
    421. 

  421.                         fputs($fp, $home_menu);
    422. 

  422.                         fclose($fp);
    423. 

  423.                     }
    424. 

  424.                 }
    425. 

  425.                 event_system(
    426. 

  426.                     LOG_HOMEPAGE_CHANGED,
    427. 

  427.                     $action,
    428. 

  428.                     Text::cut($link_name.':'.$link_url, 254),
    429. 

  429.                     api_get_utc_datetime(),
    430. 

  430.                     api_get_user_id()
    431. 

  431.                 );
    432. 

  432.                 break;
    433. 

  433.         } //end of switch($action)
    434. 

  434. 

  435.         if (empty($errorMsg)) {
    436. 

  436.             header('Location: '.api_get_self());
    437. 

  437.             exit();
    438. 

  438.         }
    439. 

  439.     } else {
    440. 

  440.         //if POST[formSent] is not set
    441. 

  441.         switch ($action) {
    442. 

  442.             case 'open_link':
    443. 

  443.                 // Previously, filtering of GET['link'] was done here but it left
    444. 

  444.                 // a security threat. Filtering has now been moved outside conditions
    445. 

  445.                 break;
    446. 

  446.             case 'delete_tabs':
    447. 

  447.             case 'delete_link':
    448. 

  448.                 // A link is deleted by getting the file into an array, removing the
    449. 

  449.                 // link and re-writing the array to the file
    450. 

  450.                 $link_index = intval($_GET['link_index']);
    451. 

  451.                 $menuf = ($action == 'delete_tabs') ? $menutabs : $menuf;
    452. 

  452.                 $home_menu = @file($homePath.$menuf.'_'.$lang.$ext);
    453. 

  453.                 if (empty($home_menu)) {
    454. 

  454.                     $home_menu = array();
    455. 

  455.                 }
    456. 

  456.                 foreach ($home_menu as $key => $enreg) {
    457. 

  457.                     if ($key == $link_index) {
    458. 

  458.                         unset($home_menu[$key]);
    459. 

  459.                     } else {
    460. 

  460.                         $home_menu[$key] = trim($enreg);
    461. 

  461.                     }
    462. 

  462.                 }
    463. 

  463.                 $home_menu = implode("\n", $home_menu);
    464. 

  464.                 $home_menu = api_to_system_encoding($home_menu, api_detect_encoding(strip_tags($home_menu)));
    465. 

  465. 

  466.                 $fp = fopen($homePath.$menuf.'_'.$lang.$ext, 'w');
    467. 

  467.                 fputs($fp, $home_menu);
    468. 

  468.                 fclose($fp);
    469. 

  469.                 if (file_exists($homePath.$menuf.$ext)) {
    470. 

  470.                     if (is_writable($homePath.$menuf.$ext)) {
    471. 

  471.                         $fpo = fopen($homePath.$menuf.$ext, 'w');
    472. 

  472.                         fputs($fpo, $home_menu);
    473. 

  473.                         fclose($fpo);
    474. 

  474.                     }
    475. 

  475.                 }
    476. 

  476.                 header('Location: '.api_get_self());
    477. 

  477.                 exit();
    478. 

  478.                 break;
    479. 

  479.             case 'edit_top':
    480. 

  480.                 // This request is only the preparation for the update of the home_top
    481. 

  481.                 $home_top = '';
    482. 

  482.                 if (is_file($homePath.$topf.'_'.$lang.$ext) && is_readable($homePath.$topf.'_'.$lang.$ext)) {
    483. 

  483.                     $home_top = @(string)file_get_contents($homePath.$topf.'_'.$lang.$ext);
    484. 

  484.                 } elseif (is_file($homePath.$topf.$lang.$ext) && is_readable($homePath.$topf.$lang.$ext)) {
    485. 

  485.                     $home_top = @(string)file_get_contents($homePath.$topf.$lang.$ext);
    486. 

  486.                 } else {
    487. 

  487.                     $errorMsg = get_lang('HomePageFilesNotReadable');
    488. 

  488.                 }
    489. 

  489.                 $home_top = api_to_system_encoding($home_top, api_detect_encoding(strip_tags($home_top)));
    490. 

  490.                 break;
    491. 

  491.             case 'edit_notice':
    492. 

  492.                 // This request is only the preparation for the update of the home_notice
    493. 

  493.                 $home_notice = '';
    494. 

  494.                 if (is_file($homePath.$noticef.'_'.$lang.$ext) && is_readable($homePath.$noticef.'_'.$lang.$ext)) {
    495. 

  495.                     $home_notice = @file($homePath.$noticef.'_'.$lang.$ext);
    496. 

  496.                 } elseif (is_file($homePath.$noticef.$lang.$ext) && is_readable($homePath.$noticef.$lang.$ext)) {
    497. 

  497.                     $home_notice = @file($homePath.$noticef.$lang.$ext);
    498. 

  498.                 } else {
    499. 

  499.                     $errorMsg = get_lang('HomePageFilesNotReadable');
    500. 

  500.                 }
    501. 

  501.                 if (empty($home_notice)) {
    502. 

  502.                     $home_notice = array();
    503. 

  503.                 }
    504. 

  504.                 $notice_title = strip_tags($home_notice[0]);
    505. 

  505.                 $notice_title = api_to_system_encoding($notice_title, api_detect_encoding($notice_title));
    506. 

  506.                 $notice_text = strip_tags(str_replace('<br />', "\n", $home_notice[1]), '<a>');
    507. 

  507.                 $notice_text = api_to_system_encoding($notice_text, api_detect_encoding(strip_tags($notice_text)));
    508. 

  508.                 break;
    509. 

  509.             case 'edit_news':
    510. 

  510.                 // This request is the preparation for the update of the home_news page
    511. 

  511.                 $home_news = '';
    512. 

  512.                 if (is_file($homePath.$newsf.'_'.$lang.$ext) && is_readable($homePath.$newsf.'_'.$lang.$ext)) {
    513. 

  513.                     $home_news = @(string)file_get_contents($homePath.$newsf.'_'.$lang.$ext);
    514. 

  514.                 } elseif (is_file($homePath.$newsf.$lang.$ext) && is_readable($homePath.$newsf.$lang.$ext)) {
    515. 

  515.                     $home_news = @(string)file_get_contents($homePath.$newsf.$lang.$ext);
    516. 

  516.                 } else {
    517. 

  517.                     $errorMsg = get_lang('HomePageFilesNotReadable');
    518. 

  518.                 }
    519. 

  519.                 $home_news = api_to_system_encoding($home_news, api_detect_encoding(strip_tags($home_news)));
    520. 

  520.                 break;
    521. 

  521.             case 'insert_link':
    522. 

  522.                 // This request is the preparation for the addition of an item in home_menu
    523. 

  523.                 $home_menu = '';
    524. 

  524.                 $menuf = ($action == 'edit_tabs') ? $menutabs : $menuf;
    525. 

  525.                 if (is_file($homePath.$menuf.'_'.$lang.$ext) && is_readable($homePath.$menuf.'_'.$lang.$ext)) {
    526. 

  526.                     $home_menu = @file($homePath.$menuf.'_'.$lang.$ext);
    527. 

  527.                 } elseif (is_file($homePath.$menuf.$lang.$ext) && is_readable($homePath.$menuf.$lang.$ext)) {
    528. 

  528.                     $home_menu = @file($homePath.$menuf.$lang.$ext);
    529. 

  529.                 } else {
    530. 

  530.                     $errorMsg = get_lang('HomePageFilesNotReadable');
    531. 

  531.                 }
    532. 

  532.                 if (empty($home_menu)) {
    533. 

  533.                     $home_menu = array();
    534. 

  534.                 }
    535. 

  535.                 if (!empty($home_menu)) {
    536. 

  536.                     $home_menu = implode("\n", $home_menu);
    537. 

  537.                     $home_menu = api_to_system_encoding($home_menu, api_detect_encoding(strip_tags($home_menu)));
    538. 

  538.                     $home_menu = explode("\n", $home_menu);
    539. 

  539.                 }
    540. 

  540.                 $home_menu = array_values(array_filter(array_map('trim', $home_menu), 'strlen'));
    541. 

  541.                 break;
    542. 

  542.             case 'insert_tabs':
    543. 

  543.                 // This request is the preparation for the addition of an item in home_menu
    544. 

  544.                 $home_menu = '';
    545. 

  545.                 if (is_file($homePath.$menutabs.'_'.$lang.$ext) && is_readable($homePath.$menutabs.'_'.$lang.$ext)) {
    546. 

  546.                     $home_menu = @file($homePath.$menutabs.'_'.$lang.$ext);
    547. 

  547.                 } elseif (is_file($homePath.$menutabs.$lang.$ext) && is_readable($homePath.$menutabs.$lang.$ext)) {
    548. 

  548.                     $home_menu = @file($homePath.$menutabs.$lang.$ext);
    549. 

  549.                 } else {
    550. 

  550.                     $errorMsg = get_lang('HomePageFilesNotReadable');
    551. 

  551.                 }
    552. 

  552.                 if (empty($home_menu)) {
    553. 

  553.                     $home_menu = array();
    554. 

  554.                 }
    555. 

  555.                 if (!empty($home_menu)) {
    556. 

  556.                     $home_menu = implode("\n", $home_menu);
    557. 

  557.                     $home_menu = api_to_system_encoding($home_menu, api_detect_encoding(strip_tags($home_menu)));
    558. 

  558.                     $home_menu = explode("\n", $home_menu);
    559. 

  559.                 }
    560. 

  560.                 $home_menu = array_values(array_filter(array_map('trim', $home_menu), 'strlen'));
    561. 

  561.                 break;
    562. 

  562.             case 'edit_tabs':
    563. 

  563.             case 'edit_link':
    564. 

  564.                 // This request is the preparation for the edition of the links array
    565. 

  565.                 $home_menu = '';
    566. 

  566.                 $menuf = ($action == 'edit_tabs') ? $menutabs : $menuf;
    567. 

  567.                 if (is_file($homePath.$menuf.'_'.$lang.$ext) && is_readable($homePath.$menuf.'_'.$lang.$ext)) {
    568. 

  568.                     $home_menu = @file($homePath.$menuf.'_'.$lang.$ext);
    569. 

  569.                 } elseif (is_file($homePath.$menuf.$lang.$ext) && is_readable($homePath.$menuf.$lang.$ext)) {
    570. 

  570.                     $home_menu = @file($homePath.$menuf.$lang.$ext);
    571. 

  571.                 } else {
    572. 

  572.                     $errorMsg = get_lang('HomePageFilesNotReadable');
    573. 

  573.                 }
    574. 

  574.                 if (empty($home_menu)) {
    575. 

  575.                     $home_menu = array();
    576. 

  576.                 }
    577. 

  577.                 if (!empty($home_menu)) {
    578. 

  578.                     $home_menu = implode("\n", $home_menu);
    579. 

  579.                     $home_menu = api_to_system_encoding($home_menu, api_detect_encoding(strip_tags($home_menu)));
    580. 

  580.                     $home_menu = explode("\n", $home_menu);
    581. 

  581.                 }
    582. 

  582. 

  583.                 $link_index = intval($_GET['link_index']);
    584. 

  584. 

  585.                 $target_blank = false;
    586. 

  586.                 $link_name = '';
    587. 

  587.                 $link_url = '';
    588. 

  588. 

  589.                 //$home_menu_new = array();
    590. 

  590.                 //
    591. 

  591.                 //Cleaning array
    592. 

  592.                 //foreach ($home_menu as $item) {
    593. 

  593.                 //	if(!empty($item)) {
    594. 

  594.                 //		$home_menu_new[] = $item;
    595. 

  595.                 //	}
    596. 

  596.                 //}
    597. 

  597.                 //$home_menu = $home_menu_new;
    598. 

  598. 

  599.                 // Cleaning the array
    600. 

  600.                 $home_menu = array_values(array_filter(array_map('trim', $home_menu), 'strlen'));
    601. 

  601. 

  602.                 // For each line of the home_menu file
    603. 

  603.                 foreach ($home_menu as $key => $enreg) {
    604. 

  604. 

  605.                     // Check if the current item is the one we want to update
    606. 

  606.                     if ($key == $link_index) {
    607. 

  607.                         // This is the link we want to update
    608. 

  608.                         // Check if the target should be "_blank"
    609. 

  609.                         if (strstr($enreg, 'target="_blank"')) {
    610. 

  610.                             $target_blank = true;
    611. 

  611.                         }
    612. 

  612. 

  613.                         if (strstr($enreg, 'hide_menu')) {
    614. 

  614.                             $add_in_tab = false;
    615. 

  615.                         } else {
    616. 

  616.                             $add_in_tab = true;
    617. 

  617.                         }
    618. 

  618. 

  619.                         // Remove dangerous HTML tags from the link itself (this is an
    620. 

  620.                         // additional measure in case a link previously contained
    621. 

  621.                         // unsecure tags)
    622. 

  622.                         $link_name = strip_tags($enreg);
    623. 

  623. 

  624.                         // Get the contents of "href" attribute in $link_url
    625. 

  625.                         $enreg = explode('href="', $enreg);
    626. 

  626.                         list($link_url) = explode('"', $enreg[sizeof($enreg) - 1]);
    627. 

  627. 

  628.                         // If the link contains the web root of this portal, then strip
    629. 

  629.                         // it off and keep only the name of the file that needs edition
    630. 

  630.                         if (strstr($link_url, '?include=')) {
    631. 

  631.                             $link_url = explode('?include=', $link_url);
    632. 

  632. 

  633.                             $filename = $link_url[sizeof($link_url) - 1];
    634. 

  634. 

  635.                             if (!strstr($filename, '/') && strstr($filename, '.html')) {
    636. 

  636.                                 // Get oonly the contents of the link file
    637. 

  637.                                 $link_html = @file($homePath.$filename);
    638. 

  638.                                 $link_html = implode('', $link_html);
    639. 

  639.                                 $link_url = '';
    640. 

  640.                             } else {
    641. 

  641.                                 $filename = '';
    642. 

  642.                             }
    643. 

  643.                         }
    644. 

  644.                         break;
    645. 

  645.                     }
    646. 

  646.                 }
    647. 

  647.                 break;
    648. 

  648.         }
    649. 

  649.         //end of second switch($action) (when POST['formSent'] was not set, yet)
    650. 

  650.     }
    651. 

  651.     // end of "else" in if($_POST['formSent']) condition
    652. 

  652. } else {
    653. 

  653.     //if $action is empty, then prepare a list of the course categories to display (?)
    654. 

  654.     $Categories = Database::store_result(
    655. 

  655.         Database::query("SELECT name FROM $tbl_category WHERE parent_id IS NULL ORDER BY tree_pos")
    656. 

  656.     );
    657. 

  657. }
    658. 

  658. 

  659. // Display section
    660. 

  660. 

  661. Display::display_header($tool_name);
    662. 

  662. 

  663. switch ($action) {
    664. 

  664.     case 'open_link':
    665. 

  665.         if (!empty($link)) {
    666. 

  666.             // $link is only set in case of action=open_link and is filtered
    667. 

  667.             $open = @(string)file_get_contents($homePath.$link);
    668. 

  668.             $open = api_to_system_encoding($open, api_detect_encoding(strip_tags($open)));
    669. 

  669.             echo $open;
    670. 

  670.         }
    671. 

  671.         break;
    672. 

  672.     case 'edit_notice':
    673. 

  673.         // Display for edit_notice case
    674. 

  674.         ?>
    675. 

  675.     <form action="<?php echo api_get_self(); ?>?action=<?php echo $action; ?>" method="post" style="margin:0px;">
    676. 

  676.         <legend><?php echo $tool_name; ?></legend>
    677. 

  677.         <input type="hidden" name="formSent" value="1"/>
    678. 

  678.         <?php
    679. 

  679.         if (!empty($errorMsg)) {
    680. 

  680.             Display::display_normal_message($errorMsg);
    681. 

  681.         }
    682. 

  682.         ?>
    683. 

  683.         <table border="0" cellpadding="5" cellspacing="0">
    684. 

  684.             <tr>
    685. 

  685.                 <td colspan="2"><?php echo '<span style="font-style: italic;">'.get_lang(
    686. 

  686.                 'LetThoseFieldsEmptyToHideTheNotice'
    687. 

  687.             ).'</span>'; ?></tr>
    688. 

  688.             <tr>
    689. 

  689.                 <td nowrap="nowrap"><?php echo get_lang('NoticeTitle'); ?> :</td>
    690. 

  690.                 <td><input type="text" name="notice_title" size="30" maxlength="50" value="<?php echo $notice_title; ?>"
    691. 

  691.                            style="width: 350px;"/></td>
    692. 

  692.             </tr>
    693. 

  693.             <tr>
    694. 

  694.                 <td nowrap="nowrap" valign="top"><?php echo get_lang('NoticeText'); ?> :</td>
    695. 

  695.                 <td><textarea name="notice_text" cols="30" rows="5" wrap="virtual"
    696. 

  696.                               style="width: 350px;"><?php echo $notice_text; ?></textarea></td>
    697. 

  697.             </tr>
    698. 

  698.             <tr>
    699. 

  699.                 <td>&nbsp;</td>
    700. 

  700.                 <td>
    701. 

  701.                     <button class="save" type="submit" value="<?php echo get_lang('Ok'); ?>"><?php echo get_lang(
    702. 

  702.                         'Ok'
    703. 

  703.                     ); ?></button>
    704. 

  704.                 </td>
    705. 

  705.             </tr>
    706. 

  706.         </table>
    707. 

  707.     </form>
    708. 

  708.     <?php
    709. 

  709.         break;
    710. 

  710.     case 'insert_tabs':
    711. 

  711.     case 'edit_tabs':
    712. 

  712.     case 'insert_link':
    713. 

  713.     case 'edit_link':
    714. 

  714. 

  715.         if (!empty($errorMsg)) {
    716. 

  716.             Display::display_normal_message($errorMsg);
    717. 

  717.         }
    718. 

  718.         $default = array();
    719. 

  719.         $form = new FormValidator('configure_homepage_'.$action, 'post', api_get_self(
    720. 

  720.         ).'?action='.$action, '', array('style' => 'margin: 0px;'));
    721. 

  721.         $renderer =& $form->defaultRenderer();
    722. 

  722. 

  723.         $form->addElement('header', '', $tool_name);
    724. 

  724.         $form->addElement('hidden', 'formSent', '1');
    725. 

  725.         $form->addElement(
    726. 

  726.             'hidden',
    727. 

  727.             'link_index',
    728. 

  728.             ($action == 'edit_link' || $action == 'edit_tabs') ? $link_index : '0'
    729. 

  729.         );
    730. 

  730.         $form->addElement('hidden', 'filename', ($action == 'edit_link' || $action == 'edit_tabs') ? $filename : '');
    731. 

  731. 

  732.         $form->addElement('text', 'link_name', get_lang('LinkName'), array('size' => '30', 'maxlength' => '50'));
    733. 

  733.         $default['link_name'] = $link_name;
    734. 

  734. 

  735.         $default['link_url'] = empty($link_url) ? 'http://' : api_htmlentities($link_url, ENT_QUOTES);
    736. 

  736.         $form->addElement(
    737. 

  737.             'text',
    738. 

  738.             'link_url',
    739. 

  739.             array(get_lang('LinkURL'), get_lang('Optional')),
    740. 

  740.             array('size' => '30', 'maxlength' => '100', 'style' => 'width: 350px;')
    741. 

  741.         );
    742. 

  742. 

  743.         $options = array('-1' => get_lang('FirstPlace'));
    744. 

  744. 

  745.         $selected = '';
    746. 

  746. 

  747.         if ($action == 'insert_link' || $action == 'insert_tabs') {
    748. 

  748.             $add_in_tab = 1;
    749. 

  749.             if (is_array($home_menu)) {
    750. 

  750.                 foreach ($home_menu as $key => $enreg) {
    751. 

  751.                     if (strlen($enreg = trim(strip_tags($enreg))) > 0) {
    752. 

  752.                         $options[$key] = get_lang('After').' &quot;'.$enreg.'&quot;';
    753. 

  753.                         $selected = $formSent && $insert_where == $key ? $key : '';
    754. 

  754.                     }
    755. 

  755.                 }
    756. 

  756.             }
    757. 

  757.             $default['insert_link'] = $selected;
    758. 

  758.             $form->addElement('select', 'insert_where', get_lang('InsertThisLink'), $options);
    759. 

  759.         }
    760. 

  760. 

  761.         $target_blank_checkbox = $form->addElement('checkbox', 'target_blank', null, get_lang('OpenInNewWindow'), 1);
    762. 

  762. 

  763.         if ($action == 'insert_tabs' || $action == 'edit_tabs') {
    764. 

  764.             $form->addElement('checkbox', 'add_in_tab', null, get_lang('AddInMenu'), 1);
    765. 

  765.             $default['add_in_tab'] = $add_in_tab;
    766. 

  766.         }
    767. 

  767. 

  768.         if ($target_blank) {
    769. 

  769.             $target_blank_checkbox->setChecked(true);
    770. 

  770.         }
    771. 

  771. 

  772.         if ($action == 'edit_link' && (empty($link_url) || $link_url == 'http://' || $link_url == 'https://')) {
    773. 

  773.             if (api_get_setting('wcag_anysurfer_public_pages') == 'true') {
    774. 

  774.                 $form->addElement(
    775. 

  775.                     'html',
    776. 

  776.                     WCAG_Rendering::create_xhtml(isset($_POST['link_html']) ? $_POST['link_html'] : $link_html)
    777. 

  777.                 );
    778. 

  778.             } else {
    779. 

  779.                 $default['link_html'] = isset($_POST['link_html']) ? $_POST['link_html'] : $link_html;
    780. 

  780.                 $form->add_html_editor(
    781. 

  781.                     'link_html',
    782. 

  782.                     get_lang('Content'),
    783. 

  783.                     false,
    784. 

  784.                     false,
    785. 

  785.                     array('ToolbarSet' => 'PortalHomePage', 'Width' => '100%', 'Height' => '400')
    786. 

  786.                 );
    787. 

  787.             }
    788. 

  788.             $form->addElement('style_submit_button', null, get_lang('Save'), 'class="save"');
    789. 

  789.         } else {
    790. 

  790.             if (in_array($action, array('edit_tabs', 'insert_tabs'))) {
    791. 

  791.                 if (api_get_setting('wcag_anysurfer_public_pages') == 'true') {
    792. 

  792.                     $form->addElement('html', get_lang('Content').' ('.get_lang('Optional').')');
    793. 

  793.                     $form->addElement(
    794. 

  794.                         'html',
    795. 

  795.                         WCAG_Rendering::create_xhtml(isset($_POST['link_html']) ? $_POST['link_html'] : $link_html)
    796. 

  796.                     );
    797. 

  797.                 } else {
    798. 

  798.                     $default['link_html'] = isset($_POST['link_html']) ? $_POST['link_html'] : $link_html;
    799. 

  799.                     $form->add_html_editor(
    800. 

  800.                         'link_html',
    801. 

  801.                         get_lang('Content'),
    802. 

  802.                         false,
    803. 

  803.                         false,
    804. 

  804.                         array('ToolbarSet' => 'PortalHomePage', 'Width' => '100%', 'Height' => '400')
    805. 

  805.                     );
    806. 

  806.                 }
    807. 

  807.             }
    808. 

  808.             $form->addElement('style_submit_button', null, get_lang('Save'), 'class="save"');
    809. 

  809.         }
    810. 

  810. 

  811.         $form->setDefaults($default);
    812. 

  812.         $form->display();
    813. 

  813. 

  814.         break;
    815. 

  815.     case 'edit_top':
    816. 

  816.     case 'edit_news':
    817. 

  817.         if ($action == 'edit_top') {
    818. 

  818.             $name = $topf;
    819. 

  819.             $open = $home_top;
    820. 

  820.         } else {
    821. 

  821.             $name = $newsf;
    822. 

  822.             $open = @(string)file_get_contents($homePath.$newsf.'_'.$lang.$ext);
    823. 

  823.         }
    824. 

  824.         $open = api_to_system_encoding($open, api_detect_encoding(strip_tags($open)));
    825. 

  825. 

  826.         if (!empty($errorMsg)) {
    827. 

  827.             Display::display_normal_message($errorMsg); //main API
    828. 

  828.         }
    829. 

  829. 

  830.         $default = array();
    831. 

  831.         $form = new FormValidator('configure_homepage_'.$action, 'post', api_get_self(
    832. 

  832.         ).'?action='.$action, '', array('style' => 'margin: 0px;'));
    833. 

  833.         $renderer =& $form->defaultRenderer();
    834. 

  834.         $renderer->setHeaderTemplate('');
    835. 

  835.         $renderer->setFormTemplate(
    836. 

  836.             '<form{attributes}><table border="0" cellpadding="5" cellspacing="0" width="100%">{content}</table></form>'
    837. 

  837.         );
    838. 

  838.         $renderer->setElementTemplate('<tr><td>{element}</td></tr>');
    839. 

  839.         $renderer->setRequiredNoteTemplate('');
    840. 

  840.         $form->addElement('hidden', 'formSent', '1');
    841. 

  841. 

  842.         if ($action == 'edit_news') {
    843. 

  843.             $_languages = api_get_languages();
    844. 

  844.             $html = '<tr><td>'.get_lang('ChooseNewsLanguage').' : ';
    845. 

  845.             $html .= '<select name="news_languages">';
    846. 

  846.             $html .= '<option value="all">'.get_lang('AllLanguages').'</option>';
    847. 

  847.             foreach ($_languages['name'] as $key => $value) {
    848. 

  848.                 $english_name = $_languages['folder'][$key];
    849. 

  849.                 if ($language == $english_name) {
    850. 

  850.                     $html .= '<option value="'.$english_name.'" selected="selected">'.$value.'</option>';
    851. 

  851.                 } else {
    852. 

  852.                     $html .= '<option value="'.$english_name.'">'.$value.'</option>';
    853. 

  853.                 }
    854. 

  854.             }
    855. 

  855.             $html .= '</select></td></tr>';
    856. 

  856.             $form->addElement('html', $html);
    857. 

  857.         }
    858. 

  858.         if (api_get_setting('wcag_anysurfer_public_pages') == 'true') {
    859. 

  859.             //TODO: review these lines
    860. 

  860.             // Print WCAG-specific HTML editor
    861. 

  861.             $html = '<tr><td>';
    862. 

  862.             $html .= WCAG_Rendering::create_xhtml($open);
    863. 

  863.             $html .= '</td></tr>';
    864. 

  864.             $form->addElement('html', $html);
    865. 

  865.         } else {
    866. 

  866.             $default[$name] = str_replace('{rel_path}', api_get_path(REL_PATH), $open);
    867. 

  867.             $form->add_html_editor(
    868. 

  868.                 $name,
    869. 

  869.                 '',
    870. 

  870.                 true,
    871. 

  871.                 false,
    872. 

  872.                 array('ToolbarSet' => 'PortalHomePage', 'Width' => '100%', 'Height' => '400')
    873. 

  873.             );
    874. 

  874.         }
    875. 

  875.         $form->addElement('style_submit_button', null, get_lang('Save'), 'class="save"');
    876. 

  876.         $form->setDefaults($default);
    877. 

  877.         $form->display();
    878. 

  878. 

  879.         break;
    880. 

  880.     default: // When no action applies, default page to update campus homepage
    881. 

  881.         ?>
    882. 

  882.         <table border="0" cellpadding="5" cellspacing="0" width="100%">
    883. 

  883.         <tr>
    884. 

  884.         <td width="70%" valign="top">
    885. 

  885.             <div class="actions">
    886. 

  886.                 <a href="<?php echo api_get_self(); ?>?action=edit_top"><?php Display::display_icon(
    887. 

  887.                     'edit.gif',
    888. 

  888.                     get_lang('EditHomePage')
    889. 

  889.                 ); ?></a>
    890. 

  890.                 <a href="<?php echo api_get_self(); ?>?action=edit_top"><?php echo get_lang(
    891. 

  891.                     'EditHomePage'
    892. 

  892.                 ); ?></a>
    893. 

  893.             </div>
    894. 

  894. 

  895.             <table border="0" cellpadding="5" cellspacing="0" width="100%">
    896. 

  896.                 <tr>
    897. 

  897.                     <td colspan="2">
    898. 

  898.                         <?php
    899. 

  899.                         //print home_top contents
    900. 

  900.                         if (file_exists($homePath.$topf.'_'.$lang.$ext)) {
    901. 

  901.                             $home_top_temp = @(string)file_get_contents($homePath.$topf.'_'.$lang.$ext);
    902. 

  902.                         } else {
    903. 

  903.                             $home_top_temp = @(string)file_get_contents($homePath.$topf.$ext);
    904. 

  904.                         }
    905. 

  905.                         $open = str_replace('{rel_path}', api_get_path(REL_PATH), $home_top_temp);
    906. 

  906.                         $open = api_to_system_encoding($open, api_detect_encoding(strip_tags($open)));
    907. 

  907.                         echo $open;
    908. 

  908.                         ?>
    909. 

  909.                     </td>
    910. 

  910.                 </tr>
    911. 

  911.                 <tr>
    912. 

  912.                     <?php
    913. 

  913. 

  914.                     $access_url_id = 1;
    915. 

  915.                     // we only show the category options for the main chamilo installation
    916. 

  916.                     if (api_is_multiple_url_enabled()) {
    917. 

  917.                         $access_url_id = api_get_current_access_url_id();
    918. 

  918.                     }
    919. 

  919.                     echo '<td width="50%">';
    920. 

  920.                     if ($access_url_id == 1) {
    921. 

  921.                         echo '<div class="actions">';
    922. 

  922.                         echo '<a href="course_category.php">'.Display::display_icon(
    923. 

  923.                             'edit.gif',
    924. 

  924.                             get_lang('Edit')
    925. 

  925.                         ).'</a>
    926. 

  926. 					  <a href="course_category.php">'.get_lang('EditCategories').'</a>';
    927. 

  927.                         echo '</div>';
    928. 

  928.                     }
    929. 

  929.                     echo '</td>
    930. 

  930. 				  <td width="50%">
    931. 

  931. 				  <br />';
    932. 

  932.                     /* <!--<a href="<?php echo api_get_self(); ?>?action=edit_news"><?php Display::display_icon('edit.gif', get_lang('Edit')); ?></a> <a href="<?php echo api_get_self(); ?>?action=edit_news"><?php echo get_lang('EditNews'); ?></a>--> */
    933. 

  933.                     echo '</td></tr>
    934. 

  934. 				<tr>
    935. 

  935. 				<td width="50%" valign="top">
    936. 

  936. 				<table border="0" cellpadding="5" cellspacing="0" width="100%">';
    937. 

  937.                     if ($access_url_id == 1) {
    938. 

  938.                         if (sizeof($Categories)) {
    939. 

  939.                             foreach ($Categories as $enreg) {
    940. 

  940.                                 echo '<tr><td>'.Display::return_icon(
    941. 

  941.                                     'folder_document.gif',
    942. 

  942.                                     $enreg['name']
    943. 

  943.                                 ).'&nbsp;'.$enreg['name'].'</td></tr>';
    944. 

  944.                             }
    945. 

  945.                             unset($Categories);
    946. 

  946.                         } else {
    947. 

  947.                             echo get_lang('NoCategories');
    948. 

  948.                         }
    949. 

  949.                     }
    950. 

  950. 

  951.                     echo '</table>';
    952. 

  952.                     ?>
    953. 

  953.                     </td>
    954. 

  954.                     <!--<td width="50%" valign="top">
    955. 

  955. 				<?php
    956. 

  956.                     if (file_exists($homePath.$newsf.'_'.$lang.$ext)) {
    957. 

  957.                         $open = @(string)file_get_contents($homePath.$newsf.'_'.$lang.$ext);
    958. 

  958.                         $open = api_to_system_encoding($open, api_detect_encoding(strip_tags($open)));
    959. 

  959.                         echo $open;
    960. 

  960.                     } else {
    961. 

  961.                         $open = @(string)file_get_contents($homePath.$newsf.$ext);
    962. 

  962.                         $open = api_to_system_encoding($open, api_detect_encoding(strip_tags($open)));
    963. 

  963.                         echo $open;
    964. 

  964.                     }
    965. 

  965.                     ?>
    966. 

  966. 			  </td>-->
    967. 

  967.                 </tr>
    968. 

  968.             </table>
    969. 

  969.             <?php
    970. 

  970. 

  971.             // Add new page
    972. 

  972. 

  973.             $home_menu = '';
    974. 

  974.             if (file_exists($homePath.$menutabs.'_'.$lang.$ext)) {
    975. 

  975.                 $home_menu = @file($homePath.$menutabs.'_'.$lang.$ext);
    976. 

  976.             } else {
    977. 

  977.                 $home_menu = @file($homePath.$menutabs.$ext);
    978. 

  978.             }
    979. 

  979.             if (empty($home_menu)) {
    980. 

  980.                 $home_menu = array();
    981. 

  981.             }
    982. 

  982.             if (!empty($home_menu)) {
    983. 

  983.                 $home_menu = implode("\n", $home_menu);
    984. 

  984.                 $home_menu = api_to_system_encoding($home_menu, api_detect_encoding(strip_tags($home_menu)));
    985. 

  985.                 $home_menu = explode("\n", $home_menu);
    986. 

  986.             }
    987. 

  987.             $link_list = '';
    988. 

  988.             $tab_counter = 0;
    989. 

  989.             foreach ($home_menu as $enreg) {
    990. 

  990.                 $enreg = trim($enreg);
    991. 

  991.                 if (!empty($enreg)) {
    992. 

  992.                     $edit_link = ' <a href="'.api_get_self(
    993. 

  993.                     ).'?action=edit_tabs&amp;link_index='.$tab_counter.'" ><span>'.Display::return_icon(
    994. 

  994.                         'edit.gif',
    995. 

  995.                         get_lang('Edit')
    996. 

  996.                     ).'</span></a>';
    997. 

  997.                     $delete_link = ' <a href="'.api_get_self(
    998. 

  998.                     ).'?action=delete_tabs&amp;link_index='.$tab_counter.'"  onclick="javascript: if(!confirm(\''.addslashes(
    999. 

  999.                         api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES)
    1000. 

  1000.                     ).'\')) return false;"><span>'.Display::return_icon(
    1001. 

  1001.                         'delete.gif',
    1002. 

  1002.                         get_lang('Delete')
    1003. 

  1003.                     ).'</span></a>';
    1004. 

  1004.                     $tab_string = str_replace(
    1005. 

  1005.                         array('href="'.api_get_path(WEB_PATH).'index.php?include=', '</li>'),
    1006. 

  1006.                         array(
    1007. 

  1007.                             'href="'.api_get_path(WEB_CODE_PATH).'admin/'.basename(
    1008. 

  1008.                                 api_get_self()
    1009. 

  1009.                             ).'?action=open_link&link=',
    1010. 

  1010.                             $edit_link.$delete_link.'</li>'
    1011. 

  1011.                         ),
    1012. 

  1012.                         $enreg
    1013. 

  1013.                     );
    1014. 

  1014.                     $tab_string = str_replace(
    1015. 

  1015.                         array('<li>', '</li>', 'class="hide_menu"', 'hide_menu'),
    1016. 

  1016.                         '',
    1017. 

  1017.                         $tab_string
    1018. 

  1018.                     );
    1019. 

  1019. 

  1020.                     $link_list .= Display::tag('tr', Display::tag('td', $tab_string));
    1021. 

  1021.                     $tab_counter++;
    1022. 

  1022.                 }
    1023. 

  1023.             }
    1024. 

  1024.             ?>
    1025. 

  1025.             <div class="actions">
    1026. 

  1026.                 <a href="<?php echo api_get_self(); ?>?action=insert_tabs"><?php Display::display_icon(
    1027. 

  1027.                     'addd.gif',
    1028. 

  1028.                     get_lang('InsertLink')
    1029. 

  1029.                 ); echo get_lang('InsertLink'); ?></a>
    1030. 

  1030.             </div>
    1031. 

  1031.             <?php
    1032. 

  1032.             echo '<table class="data_table">';
    1033. 

  1033.             echo $link_list;
    1034. 

  1034.             echo '</table>';
    1035. 

  1035.             ?>
    1036. 

  1036.         </td>
    1037. 

  1037.         <td width="10%" valign="top"></td>
    1038. 

  1038.         <td width="20%" rowspan="3" valign="top">
    1039. 

  1039. 

  1040.             <div id="login_block" class="well sidebar-nav">
    1041. 

  1041.                 <?php echo api_display_language_form(); ?>
    1042. 

  1042.                 <form id="formLogin">
    1043. 

  1043.                     <div><label><?php echo get_lang('LoginName'); ?></label></div>
    1044. 

  1044.                     <div><input type="text" id="login" size="15" value="" disabled="disabled"/></div>
    1045. 

  1045.                     <div><label><?php echo get_lang('UserPassword'); ?></label></div>
    1046. 

  1046.                     <div><input type="password" id="password" size="15" value="" disabled="disabled"/></div>
    1047. 

  1047.                     <div>
    1048. 

  1048.                         <button class="btn" type="button" name="submitAuth"
    1049. 

  1049.                                 value="<?php echo get_lang('Ok'); ?>" disabled="disabled"><?php echo get_lang(
    1050. 

  1050.                             'Ok'
    1051. 

  1051.                         ); ?></button>
    1052. 

  1052.                     </div>
    1053. 

  1053.                 </form>
    1054. 

  1054.             </div>
    1055. 

  1055. 

  1056.             <div id="profile_block" class="well sidebar-nav">
    1057. 

  1057.                 <h4><?php echo get_lang('MenuUser'); ?></h4>
    1058. 

  1058.                 <ul class="nav nav-list">
    1059. 

  1059.                     <li><span style="color: #9D9DA1; font-weight: bold;"><?php echo api_ucfirst(
    1060. 

  1060.                         get_lang('Registration')
    1061. 

  1061.                     ); ?></span></li>
    1062. 

  1062.                     <li><span style="color: #9D9DA1; font-weight: bold;"><?php echo api_ucfirst(
    1063. 

  1063.                         get_lang('LostPassword')
    1064. 

  1064.                     ); ?></span></li>
    1065. 

  1065.                 </ul>
    1066. 

  1066.             </div>
    1067. 

  1067. 

  1068.             <div id="notice_block" class="well sidebar-nav">
    1069. 

  1069.                 <h4><?php echo get_lang('Notice'); ?>
    1070. 

  1070.                     <a href="<?php echo api_get_self(); ?>?action=edit_notice"><?php Display::display_icon(
    1071. 

  1071.                         'edit.png',
    1072. 

  1072.                         get_lang('Edit'),
    1073. 

  1073.                         array(),
    1074. 

  1074.                         ICON_SIZE_SMALL
    1075. 

  1075.                     ); ?></a>
    1076. 

  1076.                 </h4>
    1077. 

  1077.                 <?php
    1078. 

  1078.                 $home_notice = '';
    1079. 

  1079.                 if (file_exists($homePath.$noticef.'_'.$lang.$ext)) {
    1080. 

  1080.                     $home_notice = @(string)file_get_contents($homePath.$noticef.'_'.$lang.$ext);
    1081. 

  1081.                 } else {
    1082. 

  1082.                     $home_notice = @(string)file_get_contents($homePath.$noticef.$ext);
    1083. 

  1083.                 }
    1084. 

  1084.                 $home_notice = api_to_system_encoding(
    1085. 

  1085.                     $home_notice,
    1086. 

  1086.                     api_detect_encoding(strip_tags($home_notice))
    1087. 

  1087.                 );
    1088. 

  1088.                 echo '<div class="homepage_notice">';
    1089. 

  1089.                 echo $home_notice;
    1090. 

  1090.                 echo '</div>';
    1091. 

  1091.                 ?>
    1092. 

  1092.             </div>
    1093. 

  1093. 

  1094. 

  1095.             <div class="well sidebar-nav">
    1096. 

  1096.                 <a href="<?php echo api_get_self(); ?>?action=insert_link"><?php Display::display_icon(
    1097. 

  1097.                     'addd.gif',
    1098. 

  1098.                     get_lang('InsertLink')
    1099. 

  1099.                 ); ?></a>
    1100. 

  1100.                 <a href="<?php echo api_get_self(); ?>?action=insert_link"><?php echo get_lang(
    1101. 

  1101.                     'InsertLink'
    1102. 

  1102.                 ); ?></a>
    1103. 

  1103. 

  1104.                 <h4><?php echo api_ucfirst(get_lang('General')); ?></h4>
    1105. 

  1105.                 <ul class="menulist">
    1106. 

  1106.                     <?php
    1107. 

  1107.                     $home_menu = '';
    1108. 

  1108.                     if (file_exists($homePath.$menuf.'_'.$lang.$ext)) {
    1109. 

  1109.                         $home_menu = @file($homePath.$menuf.'_'.$lang.$ext);
    1110. 

  1110.                     } else {
    1111. 

  1111.                         $home_menu = @file($homePath.$menuf.$ext);
    1112. 

  1112.                     }
    1113. 

  1113.                     if (empty($home_menu)) {
    1114. 

  1114.                         $home_menu = array();
    1115. 

  1115.                     }
    1116. 

  1116.                     if (!empty($home_menu)) {
    1117. 

  1117.                         $home_menu = implode("\n", $home_menu);
    1118. 

  1118.                         $home_menu = api_to_system_encoding(
    1119. 

  1119.                             $home_menu,
    1120. 

  1120.                             api_detect_encoding(strip_tags($home_menu))
    1121. 

  1121.                         );
    1122. 

  1122.                         $home_menu = explode("\n", $home_menu);
    1123. 

  1123.                     }
    1124. 

  1124.                     $i = 0;
    1125. 

  1125.                     foreach ($home_menu as $enreg) {
    1126. 

  1126.                         $enreg = trim($enreg);
    1127. 

  1127.                         if (!empty($enreg)) {
    1128. 

  1128.                             $edit_link = '<a href="'.api_get_self(
    1129. 

  1129.                             ).'?action=edit_link&amp;link_index='.$i.'">'.Display::return_icon(
    1130. 

  1130.                                 'edit.gif',
    1131. 

  1131.                                 get_lang('Edit')
    1132. 

  1132.                             ).'</a>';
    1133. 

  1133.                             $delete_link = '<a href="'.api_get_self(
    1134. 

  1134.                             ).'?action=delete_link&amp;link_index='.$i.'" onclick="javascript:if(!confirm(\''.addslashes(
    1135. 

  1135.                                 api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES)
    1136. 

  1136.                             ).'\')) return false;">'.Display::return_icon(
    1137. 

  1137.                                 'delete.gif',
    1138. 

  1138.                                 get_lang('Delete')
    1139. 

  1139.                             ).'</a>';
    1140. 

  1140.                             echo str_replace(
    1141. 

  1141.                                 array('href="'.api_get_path(WEB_PATH).'index.php?include=', '</li>'),
    1142. 

  1142.                                 array(
    1143. 

  1143.                                     'href="'.api_get_path(WEB_CODE_PATH).'admin/'.basename(
    1144. 

  1144.                                         api_get_self()
    1145. 

  1145.                                     ).'?action=open_link&link=',
    1146. 

  1146.                                     '<br />'.$edit_link.' '.$delete_link.'</li>'
    1147. 

  1147.                                 ),
    1148. 

  1148.                                 $enreg
    1149. 

  1149.                             );
    1150. 

  1150.                             $i++;
    1151. 

  1151.                         }
    1152. 

  1152.                     }
    1153. 

  1153.                     ?>
    1154. 

  1154.                 </ul>
    1155. 

  1155.             </div>
    1156. 

  1156. 

  1157.         </td>
    1158. 

  1158.         </tr>
    1159. 

  1159.         </table>
    1160. 

  1160.         <?php
    1161. 

  1161.         break;
    1162. 

  1162. }
    1163. 

  1163. Display::display_footer();
    1164.