index.php 6.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. header('Location: public/index.php');
  4. exit;
  5. use ChamiloSession as Session;
  6. /**
  7. * @package chamilo.main
  8. */
  9. define('CHAMILO_HOMEPAGE', true);
  10. define('CHAMILO_LOAD_WYSIWYG', false);
  11. /* Flag forcing the 'current course' reset, as we're not inside a course anymore. */
  12. // Maybe we should change this into an api function? an example: CourseManager::unset();
  13. $cidReset = true;
  14. require_once 'main/inc/global.inc.php';
  15. // The section (for the tabs).
  16. $this_section = SECTION_CAMPUS; //rewritten below if including HTML file
  17. $includeFile = !empty($_GET['include']);
  18. if ($includeFile) {
  19. $this_section = SECTION_INCLUDE;
  20. } elseif (api_get_configuration_value('plugin_redirection_enabled')) {
  21. RedirectionPlugin::redirectUser(api_get_user_id());
  22. }
  23. $header_title = null;
  24. if (!api_is_anonymous()) {
  25. $header_title = ' ';
  26. }
  27. $controller = new IndexManager($header_title);
  28. //Actions
  29. $loginFailed = isset($_GET['loginFailed']) ? true : isset($loginFailed);
  30. if (!empty($_GET['logout'])) {
  31. $redirect = !empty($_GET['no_redirect']) ? false : true;
  32. // pass f defined in local.inc.php
  33. $controller->logout($redirect, $logoutInfo);
  34. }
  35. /**
  36. * Registers in the track_e_default table (view in important activities in admin
  37. * interface) a possible attempted break in, sending auth data through get.
  38. *
  39. * @todo This piece of code should probably move to local.inc.php where the
  40. * actual login / logout procedure is handled.
  41. * The real use of this code block should be seriously considered as well.
  42. * This form should just use a security token and get done with it.
  43. */
  44. if (isset($_GET['submitAuth']) && $_GET['submitAuth'] == 1) {
  45. $i = api_get_anonymous_id();
  46. Event::addEvent(
  47. LOG_ATTEMPTED_FORCED_LOGIN,
  48. 'tried_hacking_get',
  49. $_SERVER['REMOTE_ADDR'].(empty($_POST['login']) ? '' : '/'.$_POST['login']),
  50. null,
  51. $i
  52. );
  53. echo 'Attempted breakin - sysadmins notified.';
  54. session_destroy();
  55. die();
  56. }
  57. // Delete session item necessary to check for legal terms
  58. if (api_get_setting('allow_terms_conditions') === 'true') {
  59. Session::erase('term_and_condition');
  60. }
  61. //If we are not logged in and customapages activated
  62. if (!api_get_user_id() && CustomPages::enabled()) {
  63. if (Request::get('loggedout')) {
  64. CustomPages::display(CustomPages::LOGGED_OUT);
  65. } else {
  66. CustomPages::display(CustomPages::INDEX_UNLOGGED);
  67. }
  68. }
  69. /**
  70. * @todo This piece of code should probably move to local.inc.php where the
  71. * actual login procedure is handled.
  72. * @todo Check if this code is used. I think this code is never executed because
  73. * after clicking the submit button the code does the stuff
  74. * in local.inc.php and then redirects to index.php or user_portal.php depending
  75. * on api_get_setting('page_after_login').
  76. */
  77. if (!empty($_POST['submitAuth'])) {
  78. // The user has been already authenticated, we are now to find the last login of the user.
  79. if (isset($_user['user_id'])) {
  80. $track_login_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_LOGIN);
  81. $sql = "SELECT UNIX_TIMESTAMP(login_date)
  82. FROM $track_login_table
  83. WHERE login_user_id = '".$_user['user_id']."'
  84. ORDER BY login_date DESC LIMIT 1";
  85. $result_last_login = Database::query($sql);
  86. if (!$result_last_login) {
  87. if (Database::num_rows($result_last_login) > 0) {
  88. $user_last_login_datetime = Database::fetch_array($result_last_login);
  89. $user_last_login_datetime = $user_last_login_datetime[0];
  90. Session::write('user_last_login_datetime', $user_last_login_datetime);
  91. }
  92. }
  93. }
  94. }
  95. if (!api_is_anonymous()) {
  96. $url = api_get_configuration_value('redirect_index_to_url_for_logged_users');
  97. if (!empty($url)) {
  98. header("Location: $url");
  99. exit;
  100. }
  101. }
  102. if (api_get_setting('display_categories_on_homepage') === 'true') {
  103. $controller->tpl->assign('course_category_block', $controller->return_courses_in_categories());
  104. }
  105. $controller->set_login_form();
  106. //@todo move this inside the IndexManager
  107. if (!api_is_anonymous()) {
  108. $controller->tpl->assign('profile_block', $controller->return_profile_block());
  109. $controller->tpl->assign('user_image_block', $controller->return_user_image_block());
  110. $controller->tpl->assign('course_block', $controller->return_course_block());
  111. }
  112. $hotCourses = '';
  113. $announcements_block = '';
  114. // Display the Site Use Cookie Warning Validation
  115. $useCookieValidation = api_get_setting('cookie_warning');
  116. if ($useCookieValidation === 'true') {
  117. if (isset($_POST['acceptCookies'])) {
  118. api_set_site_use_cookie_warning_cookie();
  119. } elseif (!api_site_use_cookie_warning_cookie_exist()) {
  120. if (Template::isToolBarDisplayedForUser()) {
  121. $controller->tpl->assign('toolBarDisplayed', true);
  122. } else {
  123. $controller->tpl->assign('toolBarDisplayed', false);
  124. }
  125. $controller->tpl->assign('displayCookieUsageWarning', true);
  126. }
  127. }
  128. // When loading a chamilo page do not include the hot courses and news
  129. if (!isset($_REQUEST['include'])) {
  130. if (api_get_setting('show_hot_courses') == 'true') {
  131. $hotCourses = $controller->return_hot_courses();
  132. }
  133. $announcements_block = $controller->return_announcements();
  134. }
  135. if (api_get_configuration_value('show_hot_sessions') === true) {
  136. $hotSessions = SessionManager::getHotSessions();
  137. $controller->tpl->assign('hot_sessions', $hotSessions);
  138. }
  139. $controller->tpl->assign('hot_courses', $hotCourses);
  140. if ($includeFile) {
  141. // If we are including a static page, then home_welcome is empty
  142. $controller->tpl->assign('home_welcome', '');
  143. $controller->tpl->assign('home_include', $controller->return_home_page($includeFile));
  144. } else {
  145. // If we are including the real homepage, then home_include is empty
  146. $controller->tpl->assign('home_welcome', $controller->return_home_page(false));
  147. $controller->tpl->assign('home_include', '');
  148. }
  149. $controller->tpl->assign('navigation_links', $controller->return_navigation_links());
  150. $controller->tpl->assign('notice_block', $controller->return_notice());
  151. //$controller->tpl->assign('main_navigation_block', $controller->return_navigation_links());
  152. $controller->tpl->assign('help_block', $controller->return_help());
  153. if (api_is_platform_admin() || api_is_drh()) {
  154. $controller->tpl->assign('skills_block', $controller->returnSkillLinks());
  155. }
  156. if (api_is_anonymous()) {
  157. $controller->tpl->setLoginBodyClass();
  158. }
  159. // direct login to course
  160. if (isset($_GET['firstpage'])) {
  161. api_set_firstpage_parameter($_GET['firstpage']);
  162. // if we are already logged, go directly to course
  163. if (api_user_is_login()) {
  164. echo "<script>self.location.href='index.php?firstpage=".Security::remove_XSS($_GET['firstpage'])."'</script>";
  165. }
  166. } else {
  167. api_delete_firstpage_parameter();
  168. }
  169. $controller->setGradeBookDependencyBar(api_get_user_id());
  170. $controller->tpl->display_one_col_template();