index.php 6.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. /**
  4. * @package chamilo.main
  5. */
  6. use \ChamiloSession as Session;
  7. define('CHAMILO_HOMEPAGE', true);
  8. /* Flag forcing the 'current course' reset, as we're not inside a course anymore. */
  9. // Maybe we should change this into an api function? an example: CourseManager::unset();
  10. $cidReset = true;
  11. require_once 'main/inc/global.inc.php';
  12. require_once 'main/chat/chat_functions.lib.php';
  13. //require_once 'main/auth/external_login/facebook.inc.php';
  14. // The section (for the tabs).
  15. $this_section = SECTION_CAMPUS;
  16. $header_title = null;
  17. if (!api_is_anonymous()) {
  18. $header_title = " ";
  19. }
  20. // Facebook connexion, if activated
  21. /*if (api_is_facebook_auth_activated() && !api_get_user_id()) {
  22. facebookConnect();
  23. }
  24. */
  25. $controller = new IndexManager($header_title);
  26. //Actions
  27. $loginFailed = isset($_GET['loginFailed']) ? true : isset($loginFailed);
  28. if (!empty($_GET['logout'])) {
  29. $redirect = !empty($_GET['no_redirect']) ? false : true;
  30. $controller->logout($redirect);
  31. }
  32. /* Table definitions */
  33. /* Constants and CONFIGURATION parameters */
  34. /** @todo these configuration settings should move to the Chamilo config settings. */
  35. /** Defines wether or not anonymous visitors can see a list of the courses on the Chamilo homepage that are open to the world. */
  36. $_setting['display_courses_to_anonymous_users'] = 'true';
  37. /* LOGIN */
  38. /**
  39. * Registers in the track_e_default table (view in important activities in admin
  40. * interface) a possible attempted break in, sending auth data through get.
  41. * @todo This piece of code should probably move to local.inc.php where the actual login / logout procedure is handled. The real use of this code block should be seriously considered as well. This form should just use a security token and get done with it.
  42. */
  43. if (isset($_GET['submitAuth']) && $_GET['submitAuth'] == 1) {
  44. $i = api_get_anonymous_id();
  45. Event::addEvent(
  46. LOG_ATTEMPTED_FORCED_LOGIN,
  47. 'tried_hacking_get',
  48. $_SERVER['REMOTE_ADDR'].(empty($_POST['login'])?'':'/'.$_POST['login']),
  49. null,
  50. $i
  51. );
  52. echo 'Attempted breakin - sysadmins notified.';
  53. session_destroy();
  54. die();
  55. }
  56. // Delete session neccesary for legal terms
  57. if (api_get_setting('allow_terms_conditions') == 'true') {
  58. unset($_SESSION['term_and_condition']);
  59. }
  60. //If we are not logged in and customapages activated
  61. if (!api_get_user_id() && CustomPages::enabled()) {
  62. if (Request::get('loggedout')) {
  63. CustomPages::display(CustomPages::LOGGED_OUT);
  64. } else {
  65. CustomPages::display(CustomPages::INDEX_UNLOGGED);
  66. }
  67. }
  68. /**
  69. * @todo This piece of code should probably move to local.inc.php where the actual login procedure is handled.
  70. * @todo Check if this code is used. I think this code is never executed because after clicking the submit button
  71. * the code does the stuff in local.inc.php and then redirects to index.php or user_portal.php depending
  72. * on api_get_setting('page_after_login').
  73. */
  74. if (!empty($_POST['submitAuth'])) {
  75. // The user has been already authenticated, we are now to find the last login of the user.
  76. if (isset ($_user['user_id'])) {
  77. $track_login_table = Database :: get_main_table(TABLE_STATISTIC_TRACK_E_LOGIN);
  78. $sql_last_login = "SELECT UNIX_TIMESTAMP(login_date)
  79. FROM $track_login_table
  80. WHERE login_user_id = '".$_user['user_id']."'
  81. ORDER BY login_date DESC LIMIT 1";
  82. $result_last_login = Database::query($sql_last_login);
  83. if (!$result_last_login) {
  84. if (Database::num_rows($result_last_login) > 0) {
  85. $user_last_login_datetime = Database::fetch_array($result_last_login);
  86. $user_last_login_datetime = $user_last_login_datetime[0];
  87. Session::write('user_last_login_datetime',$user_last_login_datetime);
  88. }
  89. }
  90. //Event::event_login();
  91. }
  92. // End login -- if ($_POST['submitAuth'])
  93. } else {
  94. // Only if login form was not sent because if the form is sent the user was already on the page.
  95. Event::event_open();
  96. }
  97. if (api_get_setting('display_categories_on_homepage') == 'true') {
  98. $controller->tpl->assign('course_category_block', $controller->return_courses_in_categories());
  99. }
  100. $controller->set_login_form();
  101. //@todo move this inside the IndexManager
  102. if (!api_is_anonymous()) {
  103. $controller->tpl->assign('profile_block', $controller->return_profile_block());
  104. $controller->tpl->assign('user_image_block', $controller->return_user_image_block());
  105. if (api_is_platform_admin()) {
  106. $controller->tpl->assign('course_block', $controller->return_course_block());
  107. } else {
  108. $controller->tpl->assign('teacher_block', $controller->return_teacher_link());
  109. }
  110. }
  111. $hot_courses = null;
  112. $announcements_block = null;
  113. // Display the Site Use Cookie Warning Validation
  114. $useCookieValidation = api_get_setting('cookie_warning');
  115. if ($useCookieValidation === 'true') {
  116. if (isset($_POST['acceptCookies'])) {
  117. api_set_site_use_cookie_warning_cookie();
  118. } else if (!api_site_use_cookie_warning_cookie_exist()) {
  119. if (Template::isToolBarDisplayedForUser()) {
  120. $controller->tpl->assign('toolBarDisplayed', true);
  121. } else {
  122. $controller->tpl->assign('toolBarDisplayed', false);
  123. }
  124. $controller->tpl->assign('displayCookieUsageWarning', true);
  125. }
  126. }
  127. // When loading a chamilo page do not include the hot courses and news
  128. if (!isset($_REQUEST['include'])) {
  129. if (api_get_setting('show_hot_courses') == 'true') {
  130. $hot_courses = $controller->return_hot_courses();
  131. }
  132. $announcements_block = $controller->return_announcements();
  133. }
  134. $controller->tpl->assign('hot_courses', $hot_courses);
  135. $controller->tpl->assign('announcements_block', $announcements_block);
  136. $controller->tpl->assign('home_page_block', $controller->return_home_page());
  137. $controller->tpl->assign('navigation_course_links', $controller->return_navigation_links());
  138. $controller->tpl->assign('notice_block', $controller->return_notice());
  139. $controller->tpl->assign('main_navigation_block', $controller->return_navigation_links());
  140. $controller->tpl->assign('help_block', $controller->return_help());
  141. if (api_is_platform_admin() || api_is_drh()) {
  142. $controller->tpl->assign('skills_block', $controller->return_skills_links());
  143. }
  144. if (api_is_anonymous()) {
  145. $controller->tpl->setLoginBodyClass();
  146. }
  147. // direct login to course
  148. if (isset($_GET['firstpage'])) {
  149. api_set_firstpage_parameter($_GET['firstpage']);
  150. // if we are already logged, go directly to course
  151. if (api_user_is_login()) {
  152. echo "<script type='text/javascript'>self.location.href='index.php?firstpage=".Security::remove_XSS($_GET['firstpage'])."'</script>";
  153. }
  154. } else {
  155. api_delete_firstpage_parameter();
  156. }
  157. $controller->tpl->display_two_col_template();