Issues in index.php - All Issues - Inspection of "Minor - set correct setting category, format code,..." - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( e0a519...eabd41 )

by Julito

created 2018-04-11 13:50 UTC

index.php (1 issue)

Severity

Unknown 1

<?php
/* For licensing terms, see /license.txt */

use ChamiloSession as Session;

/**
 * @package chamilo.main
 */
define('CHAMILO_HOMEPAGE', true);
define('CHAMILO_LOAD_WYSIWYG', false);

/* Flag forcing the 'current course' reset, as we're not inside a course anymore. */
// Maybe we should change this into an api function? an example: CourseManager::unset();
$cidReset = true;
require_once 'main/inc/global.inc.php';

$allow = api_get_configuration_value('plugin_redirection_enabled');
if ($allow) {
    RedirectionPlugin::redirectUser(api_get_user_id());
}

// The section (for the tabs).
$this_section = SECTION_CAMPUS;
$header_title = null;
if (!api_is_anonymous()) {
    $header_title = ' ';
}
$controller = new IndexManager($header_title);
//Actions
$loginFailed = isset($_GET['loginFailed']) ? true : isset($loginFailed);
if (!empty($_GET['logout'])) {
    $redirect = !empty($_GET['no_redirect']) ? false : true;
    // pass $logoutInfo defined in local.inc.php
    $controller->logout($redirect, $logoutInfo);
}
/**
 * Registers in the track_e_default table (view in important activities in admin
 * interface) a possible attempted break in, sending auth data through get.
 *
 * @todo This piece of code should probably move to local.inc.php where the
 * actual login / logout procedure is handled.
 * The real use of this code block should be seriously considered as well.
 * This form should just use a security token and get done with it.
 */
if (isset($_GET['submitAuth']) && $_GET['submitAuth'] == 1) {
    $i = api_get_anonymous_id();
    Event::addEvent(
        LOG_ATTEMPTED_FORCED_LOGIN,
        'tried_hacking_get',
        $_SERVER['REMOTE_ADDR'].(empty($_POST['login']) ? '' : '/'.$_POST['login']),
        null,
        $i
    );
    echo 'Attempted breakin - sysadmins notified.';
    session_destroy();
    die();
}
// Delete session item necessary to check for legal terms
if (api_get_setting('allow_terms_conditions') === 'true') {
    Session::erase('term_and_condition');
}
//If we are not logged in and customapages activated
if (!api_get_user_id() && CustomPages::enabled()) {
    if (Request::get('loggedout')) {
        CustomPages::display(CustomPages::LOGGED_OUT);
    } else {
        CustomPages::display(CustomPages::INDEX_UNLOGGED);
    }
}
/**
 * @todo This piece of code should probably move to local.inc.php where the
 * actual login procedure is handled.
 * @todo Check if this code is used. I think this code is never executed because
 * after clicking the submit button the code does the stuff
 * in local.inc.php and then redirects to index.php or user_portal.php depending
 * on api_get_setting('page_after_login').
 */
if (!empty($_POST['submitAuth'])) {
    // The user has been already authenticated, we are now to find the last login of the user.
    if (isset($_user['user_id'])) {
        $track_login_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_LOGIN);
        $sql = "SELECT UNIX_TIMESTAMP(login_date)
                FROM $track_login_table
                WHERE login_user_id = '".$_user['user_id']."'
                ORDER BY login_date DESC LIMIT 1";
        $result_last_login = Database::query($sql);
        if (!$result_last_login) {

            if (Database::num_rows($result_last_login) > 0) {
                $user_last_login_datetime = Database::fetch_array($result_last_login);
                $user_last_login_datetime = $user_last_login_datetime[0];
                Session::write('user_last_login_datetime', $user_last_login_datetime);
            }
        }
    }
} else {
    // Only if login form was not sent because if the form is sent the user was already on the page.
    Event::open();
}
if (api_get_setting('display_categories_on_homepage') === 'true') {
    $controller->tpl->assign('course_category_block', $controller->return_courses_in_categories());
}
$controller->set_login_form();
//@todo move this inside the IndexManager
if (!api_is_anonymous()) {
    $controller->tpl->assign('profile_block', $controller->return_profile_block());
    $controller->tpl->assign('user_image_block', $controller->return_user_image_block());
    if (api_is_platform_admin()) {
        $controller->tpl->assign('course_block', $controller->return_course_block());
    } else {
        $controller->tpl->assign('teacher_block', $controller->return_teacher_link());
    }
}
$hot_courses = '';
$announcements_block = '';
// Display the Site Use Cookie Warning Validation
$useCookieValidation = api_get_setting('cookie_warning');
if ($useCookieValidation === 'true') {
    if (isset($_POST['acceptCookies'])) {
        api_set_site_use_cookie_warning_cookie();
    } elseif (!api_site_use_cookie_warning_cookie_exist()) {
        if (Template::isToolBarDisplayedForUser()) {
            $controller->tpl->assign('toolBarDisplayed', true);
        } else {
            $controller->tpl->assign('toolBarDisplayed', false);
        }
        $controller->tpl->assign('displayCookieUsageWarning', true);
    }
}
// When loading a chamilo page do not include the hot courses and news
if (!isset($_REQUEST['include'])) {
    if (api_get_setting('show_hot_courses') == 'true') {
        $hot_courses = $controller->return_hot_courses();
    }
    $announcements_block = $controller->return_announcements();
}
$controller->tpl->assign('hot_courses', $hot_courses);
$controller->tpl->assign('announcements_block', $announcements_block);
$controller->tpl->assign('home_page_block', $controller->return_home_page());
$controller->tpl->assign('navigation_course_links', $controller->return_navigation_links());
$controller->tpl->assign('notice_block', $controller->return_notice());
//$controller->tpl->assign('main_navigation_block', $controller->return_navigation_links());
$controller->tpl->assign('help_block', $controller->return_help());
if (api_is_platform_admin() || api_is_drh()) {
    $controller->tpl->assign('skills_block', $controller->returnSkillLinks());
}
if (api_is_anonymous()) {
    $controller->tpl->setLoginBodyClass();
}
// direct login to course
if (isset($_GET['firstpage'])) {
    api_set_firstpage_parameter($_GET['firstpage']);
    // if we are already logged, go directly to course
    if (api_user_is_login()) {
        echo "<script>self.location.href='index.php?firstpage=".Security::remove_XSS($_GET['firstpage'])."'</script>";
    }
} else {
    api_delete_firstpage_parameter();
}
$controller->setGradeBookDependencyBar(api_get_user_id());
$controller->tpl->display_two_col_template();


1			<?php
2			/* For licensing terms, see /license.txt */
3
4			use ChamiloSession as Session;
5
6			/**
7			* @package chamilo.main
8			*/
9			define('CHAMILO_HOMEPAGE', true);
10			define('CHAMILO_LOAD_WYSIWYG', false);
11
12			/* Flag forcing the 'current course' reset, as we're not inside a course anymore. */
13			// Maybe we should change this into an api function? an example: CourseManager::unset();
14			$cidReset = true;
15			require_once 'main/inc/global.inc.php';
16
17			$allow = api_get_configuration_value('plugin_redirection_enabled');
18			if ($allow) {
19			RedirectionPlugin::redirectUser(api_get_user_id());
20			}
21
22			// The section (for the tabs).
23			$this_section = SECTION_CAMPUS;
24			$header_title = null;
25			if (!api_is_anonymous()) {
26			$header_title = ' ';
27			}
28			$controller = new IndexManager($header_title);
29			//Actions
30			$loginFailed = isset($_GET['loginFailed']) ? true : isset($loginFailed);
31			if (!empty($_GET['logout'])) {
32			$redirect = !empty($_GET['no_redirect']) ? false : true;
33			// pass $logoutInfo defined in local.inc.php
34			$controller->logout($redirect, $logoutInfo);
35			}
36			/**
37			* Registers in the track_e_default table (view in important activities in admin
38			* interface) a possible attempted break in, sending auth data through get.
39			*
40			* @todo This piece of code should probably move to local.inc.php where the
41			* actual login / logout procedure is handled.
42			* The real use of this code block should be seriously considered as well.
43			* This form should just use a security token and get done with it.
44			*/
45			if (isset($_GET['submitAuth']) && $_GET['submitAuth'] == 1) {
46			$i = api_get_anonymous_id();
47			Event::addEvent(
48			LOG_ATTEMPTED_FORCED_LOGIN,
49			'tried_hacking_get',
50			$_SERVER['REMOTE_ADDR'].(empty($_POST['login']) ? '' : '/'.$_POST['login']),
51			null,
52			$i
53			);
54			echo 'Attempted breakin - sysadmins notified.';
55			session_destroy();
56			die();
57			}
58			// Delete session item necessary to check for legal terms
59			if (api_get_setting('allow_terms_conditions') === 'true') {
60			Session::erase('term_and_condition');
61			}
62			//If we are not logged in and customapages activated
63			if (!api_get_user_id() && CustomPages::enabled()) {
64			if (Request::get('loggedout')) {
65			CustomPages::display(CustomPages::LOGGED_OUT);
66			} else {
67			CustomPages::display(CustomPages::INDEX_UNLOGGED);
68			}
69			}
70			/**
71			* @todo This piece of code should probably move to local.inc.php where the
72			* actual login procedure is handled.
73			* @todo Check if this code is used. I think this code is never executed because
74			* after clicking the submit button the code does the stuff
75			* in local.inc.php and then redirects to index.php or user_portal.php depending
76			* on api_get_setting('page_after_login').
77			*/
78			if (!empty($_POST['submitAuth'])) {
79			// The user has been already authenticated, we are now to find the last login of the user.
80			if (isset($_user['user_id'])) {
81			$track_login_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_LOGIN);
82			$sql = "SELECT UNIX_TIMESTAMP(login_date)
83			FROM $track_login_table
84			WHERE login_user_id = '".$_user['user_id']."'
85			ORDER BY login_date DESC LIMIT 1";
86			$result_last_login = Database::query($sql);
87			if (!$result_last_login) {
			0 ignored issues – show introduced 2018-04-11 13:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$result_last_login` is of type `Doctrine\DBAL\Driver\Statement`, thus it always evaluated to `true`. Loading history...
88			if (Database::num_rows($result_last_login) > 0) {
89			$user_last_login_datetime = Database::fetch_array($result_last_login);
90			$user_last_login_datetime = $user_last_login_datetime[0];
91			Session::write('user_last_login_datetime', $user_last_login_datetime);
92			}
93			}
94			}
95			} else {
96			// Only if login form was not sent because if the form is sent the user was already on the page.
97			Event::open();
98			}
99			if (api_get_setting('display_categories_on_homepage') === 'true') {
100			$controller->tpl->assign('course_category_block', $controller->return_courses_in_categories());
101			}
102			$controller->set_login_form();
103			//@todo move this inside the IndexManager
104			if (!api_is_anonymous()) {
105			$controller->tpl->assign('profile_block', $controller->return_profile_block());
106			$controller->tpl->assign('user_image_block', $controller->return_user_image_block());
107			if (api_is_platform_admin()) {
108			$controller->tpl->assign('course_block', $controller->return_course_block());
109			} else {
110			$controller->tpl->assign('teacher_block', $controller->return_teacher_link());
111			}
112			}
113			$hot_courses = '';
114			$announcements_block = '';
115			// Display the Site Use Cookie Warning Validation
116			$useCookieValidation = api_get_setting('cookie_warning');
117			if ($useCookieValidation === 'true') {
118			if (isset($_POST['acceptCookies'])) {
119			api_set_site_use_cookie_warning_cookie();
120			} elseif (!api_site_use_cookie_warning_cookie_exist()) {
121			if (Template::isToolBarDisplayedForUser()) {
122			$controller->tpl->assign('toolBarDisplayed', true);
123			} else {
124			$controller->tpl->assign('toolBarDisplayed', false);
125			}
126			$controller->tpl->assign('displayCookieUsageWarning', true);
127			}
128			}
129			// When loading a chamilo page do not include the hot courses and news
130			if (!isset($_REQUEST['include'])) {
131			if (api_get_setting('show_hot_courses') == 'true') {
132			$hot_courses = $controller->return_hot_courses();
133			}
134			$announcements_block = $controller->return_announcements();
135			}
136			$controller->tpl->assign('hot_courses', $hot_courses);
137			$controller->tpl->assign('announcements_block', $announcements_block);
138			$controller->tpl->assign('home_page_block', $controller->return_home_page());
139			$controller->tpl->assign('navigation_course_links', $controller->return_navigation_links());
140			$controller->tpl->assign('notice_block', $controller->return_notice());
141			//$controller->tpl->assign('main_navigation_block', $controller->return_navigation_links());
142			$controller->tpl->assign('help_block', $controller->return_help());
143			if (api_is_platform_admin() \|\| api_is_drh()) {
144			$controller->tpl->assign('skills_block', $controller->returnSkillLinks());
145			}
146			if (api_is_anonymous()) {
147			$controller->tpl->setLoginBodyClass();
148			}
149			// direct login to course
150			if (isset($_GET['firstpage'])) {
151			api_set_firstpage_parameter($_GET['firstpage']);
152			// if we are already logged, go directly to course
153			if (api_user_is_login()) {
154			echo "<script>self.location.href='index.php?firstpage=".Security::remove_XSS($_GET['firstpage'])."'</script>";
155			}
156			} else {
157			api_delete_firstpage_parameter();
158			}
159			$controller->setGradeBookDependencyBar(api_get_user_id());
160			$controller->tpl->display_two_col_template();
161

chamilo / chamilo-lms

Push — master ( e0a519...eabd41 )

index.php (1 issue)

Severity

Introduced By

Duplication Side-by-Side

Filter issues like