break;
case 'footer_extra_content':
file_put_contents(api_get_path(SYS_PATH) . api_get_home_path() . '/footer_extra_content.txt', $value);
$value = api_get_home_path() . '/footer_extra_content.txt';
break;
// URL validation for some settings.
// URL validation for some settings.
case 'InstitutionUrl':
case 'course_validation_terms_and_conditions_url':
$value = trim(Security::remove_XSS($value));
if ($value != '') {
// Here we accept absolute URLs only.
if (strpos($value, '://') === false) {
$value = 'http://' . $value;
}
if (!api_valid_url($value, true)) {
// If the new (non-empty) URL value is invalid, then the old URL value stays.
$value = $old_value;
}
}
// If the new URL value is empty, then it will be stored (i.e. the setting will be deleted).
break;
// Validation against e-mail address for some settings.
// Validation against e-mail address for some settings.
case 'emailAdministrator':
$value = trim(Security::remove_XSS($value));
if ($value != '' && !api_valid_email($value)) {
// If the new (non-empty) e-mail address is invalid, then the old e-mail address stays.
// If the new e-mail address is empty, then it will be stored (i.e. the setting will be deleted).
$value = $old_value;
}
/**
* @param int $id
* @param array $values
*/
public static function editLink($id, $values = array())
{
$tbl_link = Database::get_course_table(TABLE_LINK);
$_course = api_get_course_info();
$course_id = $_course['real_id'];
$values['url'] = trim($values['url']);
$values['title'] = trim($values['title']);
$values['description'] = trim($values['description']);
$values['target'] = empty($values['target']) ? '_self' : $values['target'];
$values['on_homepage'] = isset($values['on_homepage']) ? $values['on_homepage'] : '';
$categoryId = intval($values['category_id']);
// We ensure URL to be absolute.
if (strpos($values['url'], '://') === false) {
$values['url'] = 'http://' . $_POST['url'];
}
// If the title is empty, we use the URL as title.
if ($values['title'] == '') {
$values['title'] = $values['url'];
}
// If the URL is invalid, an error occurs.
if (!api_valid_url($values['url'], true)) {
Display::addFlash(Display::return_message(get_lang('GiveURL'), 'error'));
return false;
}
// Finding the old category_id.
$sql = "SELECT * FROM " . $tbl_link . "\n WHERE c_id = {$course_id} AND id='" . $id . "'";
$result = Database::query($sql);
$row = Database::fetch_array($result);
$category_id = $row['category_id'];
if ($category_id != $values['category_id']) {
$sql = "SELECT MAX(display_order)\n FROM " . $tbl_link . "\n WHERE\n c_id = {$course_id} AND\n category_id='" . intval($values['category_id']) . "'";
$result = Database::query($sql);
list($max_display_order) = Database::fetch_row($result);
$max_display_order++;
} else {
$max_display_order = $row['display_order'];
}
$params = ['url' => $values['url'], 'title' => $values['title'], 'description' => $values['description'], 'category_id' => $values['category_id'], 'display_order' => $max_display_order, 'on_homepage' => $values['on_homepage'], 'target' => $values['target'], 'category_id' => $values['category_id']];
Database::update($tbl_link, $params, ['c_id = ? AND id = ?' => [$course_id, $id]]);
// Update search enchine and its values table if enabled.
if (api_get_setting('search_enabled') == 'true') {
$course_int_id = api_get_course_int_id();
$course_id = api_get_course_id();
$link_title = Database::escape_string($values['title']);
$link_description = Database::escape_string($values['description']);
// Actually, it consists on delete terms from db, insert new ones, create a new search engine document, and remove the old one.
// Get search_did.
$tbl_se_ref = Database::get_main_table(TABLE_MAIN_SEARCH_ENGINE_REF);
$sql = 'SELECT * FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s LIMIT 1';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_LINK, $id);
$res = Database::query($sql);
if (Database::num_rows($res) > 0) {
require_once api_get_path(LIBRARY_PATH) . 'search/ChamiloIndexer.class.php';
require_once api_get_path(LIBRARY_PATH) . 'search/IndexableChunk.class.php';
require_once api_get_path(LIBRARY_PATH) . 'specific_fields_manager.lib.php';
$se_ref = Database::fetch_array($res);
$specific_fields = get_specific_field_list();
$ic_slide = new IndexableChunk();
$all_specific_terms = '';
foreach ($specific_fields as $specific_field) {
delete_all_specific_field_value($course_id, $specific_field['id'], TOOL_LINK, $id);
if (isset($_REQUEST[$specific_field['code']])) {
$sterms = trim($_REQUEST[$specific_field['code']]);
if (!empty($sterms)) {
$all_specific_terms .= ' ' . $sterms;
$sterms = explode(',', $sterms);
foreach ($sterms as $sterm) {
$ic_slide->addTerm(trim($sterm), $specific_field['code']);
add_specific_field_value($specific_field['id'], $course_id, TOOL_LINK, $id, $sterm);
}
}
}
}
// Build the chunk to index.
$ic_slide->addValue("title", $link_title);
$ic_slide->addCourseId($course_id);
$ic_slide->addToolId(TOOL_LINK);
$xapian_data = array(SE_COURSE_ID => $course_id, SE_TOOL_ID => TOOL_LINK, SE_DATA => array('link_id' => (int) $id), SE_USER => (int) api_get_user_id());
$ic_slide->xapian_data = serialize($xapian_data);
$link_description = $all_specific_terms . ' ' . $link_description;
$ic_slide->addValue('content', $link_description);
// Add category name if set.
if (isset($categoryId) && $categoryId > 0) {
$table_link_category = Database::get_course_table(TABLE_LINK_CATEGORY);
$sql_cat = 'SELECT * FROM %s WHERE id=%d and c_id = %d LIMIT 1';
$sql_cat = sprintf($sql_cat, $table_link_category, $categoryId, $course_int_id);
$result = Database::query($sql_cat);
if (Database::num_rows($result) == 1) {
$row = Database::fetch_array($result);
$ic_slide->addValue('category', $row['category_title']);
}
}
$di = new ChamiloIndexer();
isset($_POST['language']) ? $lang = Database::escape_string($_POST['language']) : ($lang = 'english');
$di->connectDb(null, null, $lang);
$di->remove_document((int) $se_ref['search_did']);
$di->addChunk($ic_slide);
// Index and return search engine document id.
$did = $di->index();
if ($did) {
// Save it to db.
$sql = 'DELETE FROM %s
WHERE course_code=\'%s\'
AND tool_id=\'%s\'
AND ref_id_high_level=\'%s\'';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_LINK, $id);
Database::query($sql);
$sql = 'INSERT INTO %s (c_id, id, course_code, tool_id, ref_id_high_level, search_did)
VALUES (NULL , \'%s\', \'%s\', %s, %s)';
$sql = sprintf($sql, $tbl_se_ref, $course_int_id, $course_id, TOOL_LINK, $id, $did);
Database::query($sql);
}
}
}
// "WHAT'S NEW" notification: update table last_toolEdit.
api_item_property_update($_course, TOOL_LINK, $id, 'LinkUpdated', api_get_user_id());
Display::addFlash(Display::return_message(get_lang('LinkModded')));
}
/**
* Used to edit a link or a category
* @todo Rewrite the whole links tool because it is becoming completely cluttered,
* code does not follow the coding conventions, does not use html_quickform, ...
* Some features were patched in.
* @author Patrick Cool <*****@*****.**>, Ghent University
* @todo replace the globals with the appropriate $_POST or $_GET values
*/
function editlinkcategory($type)
{
global $catlinkstatus;
global $id;
global $submit_link;
global $submit_category;
global $_user;
global $_course;
global $nameTools;
global $urllink;
global $title;
global $description;
global $category;
global $selectcategory;
global $description;
global $category_title;
global $onhomepage;
global $target_link;
$tbl_link = Database::get_course_table(TABLE_LINK);
$tbl_categories = Database::get_course_table(TABLE_LINK_CATEGORY);
$course_id = api_get_course_int_id();
if ($type == 'link') {
// This is used to populate the link-form with the info found in the database.
if (!empty($_GET['id'])) {
$sql = "SELECT * FROM " . $tbl_link . "\n WHERE c_id = {$course_id} AND id='" . intval($_GET['id']) . "'";
$result = Database::query($sql);
if ($myrow = Database::fetch_array($result)) {
$urllink = $myrow['url'];
$title = $myrow['title'];
$description = $myrow['description'];
$category = $myrow['category_id'];
if ($myrow['on_homepage'] != 0) {
$onhomepage = 'checked';
}
$target_link = $myrow['target'];
}
}
// This is used to put the modified info of the link-form into the database.
if ($_POST['submitLink']) {
// Ivan, 13-OCT-2010: It is a litle bit messy code below, just in case I added some extra-security checks here.
$_POST['urllink'] = trim($_POST['urllink']);
$_POST['title'] = trim(Security::remove_XSS($_POST['title']));
$_POST['description'] = trim(Security::remove_XSS($_POST['description']));
$_POST['selectcategory'] = intval($_POST['selectcategory']);
$_POST['id'] = intval($_POST['id']);
// We ensure URL to be absolute.
if (strpos($_POST['urllink'], '://') === false) {
$_POST['urllink'] = 'http://' . $_POST['urllink'];
}
// If the title is empty, we use the URL as title.
if ($_POST['title'] == '') {
$_POST['title'] = $_POST['urllink'];
}
// If the URL is invalid, an error occurs.
if (!api_valid_url($urllink, true)) {
// A check against an absolute URL.
$msgErr = get_lang('GiveURL');
Display::display_error_message(get_lang('GiveURL'));
return false;
}
$onhomepage = Security::remove_XSS($_POST['onhomepage']);
$target = Database::escape_string($_POST['target_link']);
if (empty($mytarget)) {
$mytarget = '_self';
}
$mytarget = ", target='" . $target . "'";
// Finding the old category_id.
$sql = "SELECT * FROM " . $tbl_link . "\n WHERE c_id = {$course_id} AND id='" . intval($_POST['id']) . "'";
$result = Database::query($sql);
$row = Database::fetch_array($result);
$category_id = $row['category_id'];
if ($category_id != $_POST['selectcategory']) {
$sql = "SELECT MAX(display_order)\n FROM " . $tbl_link . "\n WHERE c_id = {$course_id}\n AND category_id='" . intval($_POST['selectcategory']) . "'";
$result = Database::query($sql);
list($max_display_order) = Database::fetch_row($result);
$max_display_order++;
} else {
$max_display_order = $row['display_order'];
}
$sql = "UPDATE " . $tbl_link . " SET " . "url='" . Database::escape_string($_POST['urllink']) . "', " . "title='" . Database::escape_string($_POST['title']) . "', " . "description='" . Database::escape_string($_POST['description']) . "', " . "category_id='" . Database::escape_string($_POST['selectcategory']) . "', " . "display_order='" . $max_display_order . "', " . "on_homepage= '" . Database::escape_string($onhomepage) . "' {$mytarget} " . " WHERE c_id = {$course_id} AND id='" . intval($_POST['id']) . "'";
Database::query($sql);
// Update search enchine and its values table if enabled.
if (api_get_setting('search_enabled') == 'true') {
$link_id = intval($_POST['id']);
$course_int_id = api_get_course_int_id();
$course_id = api_get_course_id();
$link_url = Database::escape_string($_POST['urllink']);
$link_title = Database::escape_string($_POST['title']);
$link_description = Database::escape_string($_POST['description']);
// Actually, it consists on delete terms from db, insert new ones, create a new search engine document, and remove the old one.
// Get search_did.
$tbl_se_ref = Database::get_main_table(TABLE_MAIN_SEARCH_ENGINE_REF);
$sql = 'SELECT * FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s LIMIT 1';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_LINK, $link_id);
$res = Database::query($sql);
if (Database::num_rows($res) > 0) {
require_once api_get_path(LIBRARY_PATH) . 'search/ChamiloIndexer.class.php';
require_once api_get_path(LIBRARY_PATH) . 'search/IndexableChunk.class.php';
require_once api_get_path(LIBRARY_PATH) . 'specific_fields_manager.lib.php';
$se_ref = Database::fetch_array($res);
$specific_fields = get_specific_field_list();
$ic_slide = new IndexableChunk();
$all_specific_terms = '';
foreach ($specific_fields as $specific_field) {
delete_all_specific_field_value($course_id, $specific_field['id'], TOOL_LINK, $link_id);
if (isset($_REQUEST[$specific_field['code']])) {
$sterms = trim($_REQUEST[$specific_field['code']]);
if (!empty($sterms)) {
$all_specific_terms .= ' ' . $sterms;
$sterms = explode(',', $sterms);
foreach ($sterms as $sterm) {
$ic_slide->addTerm(trim($sterm), $specific_field['code']);
add_specific_field_value($specific_field['id'], $course_id, TOOL_LINK, $link_id, $sterm);
}
}
}
}
// Build the chunk to index.
$ic_slide->addValue("title", $link_title);
$ic_slide->addCourseId($course_id);
$ic_slide->addToolId(TOOL_LINK);
$xapian_data = array(SE_COURSE_ID => $course_id, SE_TOOL_ID => TOOL_LINK, SE_DATA => array('link_id' => (int) $link_id), SE_USER => (int) api_get_user_id());
$ic_slide->xapian_data = serialize($xapian_data);
$link_description = $all_specific_terms . ' ' . $link_description;
$ic_slide->addValue('content', $link_description);
// Add category name if set.
if (isset($_POST['selectcategory']) && $selectcategory > 0) {
$table_link_category = Database::get_course_table(TABLE_LINK_CATEGORY);
$sql_cat = 'SELECT * FROM %s WHERE id=%d and c_id = %d LIMIT 1';
$sql_cat = sprintf($sql_cat, $table_link_category, (int) $selectcategory, $course_int_id);
$result = Database::query($sql_cat);
if (Database::num_rows($result) == 1) {
$row = Database::fetch_array($result);
$ic_slide->addValue('category', $row['category_title']);
}
}
$di = new ChamiloIndexer();
isset($_POST['language']) ? $lang = Database::escape_string($_POST['language']) : ($lang = 'english');
$di->connectDb(null, null, $lang);
$di->remove_document((int) $se_ref['search_did']);
$di->addChunk($ic_slide);
// Index and return search engine document id.
$did = $di->index();
if ($did) {
// Save it to db.
$sql = 'DELETE FROM %s
WHERE course_code=\'%s\'
AND tool_id=\'%s\'
AND ref_id_high_level=\'%s\'';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_LINK, $link_id);
Database::query($sql);
$sql = 'INSERT INTO %s (c_id, id, course_code, tool_id, ref_id_high_level, search_did)
VALUES (NULL , \'%s\', \'%s\', %s, %s)';
$sql = sprintf($sql, $tbl_se_ref, $course_int_id, $course_id, TOOL_LINK, $link_id, $did);
Database::query($sql);
}
}
}
// "WHAT'S NEW" notification: update table last_toolEdit.
api_item_property_update($_course, TOOL_LINK, $_POST['id'], 'LinkUpdated', $_user['user_id']);
Display::display_confirmation_message(get_lang('LinkModded'));
}
}
if ($type == 'category') {
// This is used to populate the category-form with the info found in the database.
if (!$submit_category) {
$sql = "SELECT * FROM " . $tbl_categories . "\n WHERE c_id = {$course_id} AND id='" . intval($_GET['id']) . "'";
$result = Database::query($sql);
if ($myrow = Database::fetch_array($result)) {
$category_title = $myrow['category_title'];
$description = $myrow['description'];
}
}
// This is used to put the modified info of the category-form into the database.
if ($submit_category) {
$sql = "UPDATE " . $tbl_categories . "\n SET category_title='" . Database::escape_string($_POST['category_title']) . "',\n description='" . Database::escape_string($_POST['description']) . "'\n WHERE c_id = {$course_id} AND id='" . Database::escape_string($_POST['id']) . "'";
Database::query($sql);
Display::display_confirmation_message(get_lang('CategoryModded'));
}
}
return true;
// On errors before this statement, exit from this function by returning false value.
}