<?php

/**
 * Implementation of hook_perm().
 * Expects to return an array of permissions recognized by
 * this module.
 * 
 * Ex:   $a = array( 
 *          "deCanDoSomething" => array ( 
 *              "title" => "Can Do Something",
 *              "description" => "Allow the user to do something." 
 *          )
 *        );
 *
 */
function system_perm() {
  
  $perms = array (
    "access_logged_in_content" => array(
      "title" => t("Access logged-in content"),
      "description" => t("This should be given to all authenticated users.  It simply means
                          the user is allowed to view the logged-in area of FlightPath."),
    ),  
    
    "administer_modules" => array(
      "title" => t("Administer modules"),
      "description" => t("This will allow a user to install, enable, disable, and uninstall modules."),
      "admin_restricted" => TRUE, // means only appears for admin (user_id == 1)
    ),    
    
    "clear_system_cache" => array(
      "title" => t("Clear system cache"),
      "description" => t("This will allow a to clear the system cache, including the menu router.  Give to developers and/or admin users."),
    ),    
    
    "access_popup_report_contact" => array(
      "title" => t("Access and Submit the report-contact form"),
      "description" => t("Only give to authenticated users. If allowed, users will see a link
                          to 'Contact the FlightPath Production Team' at the bottom of most pages."),
      
    ),        
    
    "run_cron" => array(
      "title" => t("Run Cron"),
      "description" => t("The user may run hook_cron functions at will. Causes a new menu link to appear
                          on the admin page."),
    ),    
        
    "de_can_administer_system_settings" => array(
      "title" => t("Administer System settings"),
      "description" => t("This allows the user to access and edit any of the FlightPath
                        system settings."),
    ),
    
    "de_can_administer_school_data" => array(
      "title" => t("Administer School settings"),
      "description" => t("This allows the user to access and edit the 'Configure school settings' for FlightPath.
                          For example, describing college and subject codes, policies for repeats, etc."),
    ),
    
    
    "view_fpm_debug" => array(
      "title" => t("View debug output from the fpm() function"),
      "description" => t("The user may view debug output from the fpm() function.
                        Useful for developers."),
      "admin_restricted" => TRUE, // means only appears for admin (user_id == 1)                        
    ),

    
    "administer_ban_ip_settings" => array(
      "title" => t("Administer the ban IP settings"),
      "description" => t("The user may administer the settings related to when an IP address gets banned from the system."),
      "admin_restricted" => TRUE, // means only appears for admin (user_id == 1)
    ),
    
    
    
    "view_system_status" => array(
      "title" => t("View system status"),
      "description" => t("The user may view the update status and other requirements of the system."),
    ),
        
    "execute_php" => array(
      "title" => t("Execute PHP code"),
      "description" => t("WARNING: This is a very VERY powerful and DANGEROUS permission.  Only give it to
                       developers.  An 'Execute PHP' link will appear on the admin menu, which
                       lets the user execute any arbitrary PHP code."),
      "admin_restricted" => TRUE, // means only appears for admin (user_id == 1)
    ),
                            
       
  );

  return $perms;
  
}



/**
 * Implements hook flightpath_can_assign_course_to_degree_id
 * 
 */
function system_flightpath_can_assign_course_to_degree_id($degree_id, Course $course) {
  
  // If this course has already been assigned to another degree, should we allow it to be assigned to THIS degree?
  
  $this_major_code = fp_get_degree_major_code($degree_id);
  $temp = explode("|", $this_major_code);
  $this_first_part = trim($temp[0]);  // get just the first part. Ex, ENGL|_something => ENGL
  
  
  
  // If the configuration is such that a course cannot be assigned to a degree's tracks, then no.
  // Example:  if a course has been assigned to ENGL, then it can't also get assigned to ENGL|_track1
    
  if (variable_get_for_school("prevent_course_assignment_to_both_degree_and_track", "yes", $course->school_id) == 'yes') {
    // Begin by checking to see what degrees the course has already been assigned to (if any)
    if (count($course->assigned_to_degree_ids_array)) {
          
      foreach ($course->assigned_to_degree_ids_array as $d_id) {
        $m_code = fp_get_degree_major_code($d_id);
        
        if ($m_code) {
          $temp = explode("|", $this_major_code);
          $m_code_first_part = trim($temp[0]);  // get just the first part. Ex, ENGL|_something => ENGL
          
          // At this point, we have a major code for a degree which this course has already been assigned.
          // Ex:  ENGL or ENGL|minor
          // If this degree is a track, the variable $this_major_code should equal ENGL|_whatever or, ENGL|minor_whatever.
          // If that condition is true, then we must return FALSE. 
          
          // We will look for the presence of an underscore and a pipe symbol first, and see if this_first_part == m_code_first_part
          if (strstr($this_major_code, "_") && strstr($this_major_code, "|") && $this_first_part == $m_code_first_part) {
            // Now, if this_major_code CONTAINS m_code, then that means our condition
            // is true.
            if (strstr($this_major_code, $m_code)) {
              
              return FALSE;  // meaning, no, we cannot assign this course!
            }
          }        
                  
        }
        
        
      }    
      
    } //if count(assigned to degree ids array)
    
  } // if variable_get ...
  
  
  // Default, return TRUE
  return TRUE;  
  
} // hook_flightpath_can_assign_course_to_degree_id






/**
 * Implements hook_fp_get_student_majors.
 * 
 * In our case, we will use our database method and get directly from our student_degrees table.
 */
function system_fp_get_student_majors($student_cwid, $bool_return_as_full_record = FALSE, $perform_join_with_degrees = TRUE, $bool_skip_directives = TRUE, $bool_check_for_allow_dynamic = TRUE, $school_id = 0) {
    
  $db = get_global_database_handler();
  $rtn = $db->get_student_majors_from_db($student_cwid, $bool_return_as_full_record, $perform_join_with_degrees, $bool_skip_directives, $bool_check_for_allow_dynamic, $school_id);
  
  return $rtn;
  
}





/**
 * Return an array containing the roles which have been assigned to
 * a specific user.
 */
function system_get_roles_for_user($user_id) {
      
  $rtn = array();  
  
  $res = db_query("SELECT * FROM user_roles a, roles b 
                   WHERE user_id = '?' 
                   AND a.rid = b.rid ", $user_id);
  while ($cur = db_fetch_array($res)) {
    $rtn[$cur["rid"]] = $cur["name"];
  }
  
  // Is this person in the users table?  If so, they will get the rid 2 (authenticated)
  // If not, they will get the role 1 (anonymous)
  
  $res2 = db_query("SELECT user_id FROM users WHERE user_id = '?' AND user_id <> '0' ", $user_id);
  if (db_num_rows($res2) > 0) {
    $rtn[2] = t("authenticated user");
  }
  else {
    $rtn[1] = t("anonymous user");
  }
  
  return $rtn;
  
}



/**
 * This function will attempt to confirm that "clean URLs" is functioning, and
 * allowed on this server.
 * 
 * Returns TRUE or FALSE
 */
function system_check_clean_urls() {
  
  // Are clean-url's enabled?
  
  
  // We will do this by trying to retrieve a test URL, built into index.php.
  // If we can get a success message back from "http://example.com/flightpath/test-clean-urls/check", then
  // we are good to go.
  
  // First, figure out the base URL.
  $protocol = strpos(strtolower($_SERVER['SERVER_PROTOCOL']),'https') === FALSE ? 'http' : 'https';
  if ($protocol == 'http') {
    // Check to see if we have a REQUEST_SCHEME of https...
    if (($_SERVER['REQUEST_SCHEME'] ?? '') == 'https') {
      $protocol = "https";
    }
  }
  $host = $_SERVER['HTTP_HOST'];
  $script = $_SERVER['SCRIPT_NAME'];
  $base_url = $protocol . "://" . $host . $script;
  $base_url = str_replace("/install.php", "", $base_url);  
  $base_url = str_replace("/index.php", "", $base_url);  
  // Try to get our test URL's success message...
  $res = fp_http_request($base_url . '/test-clean-urls/check');
  
  if ($res->code != 200) {
    // There was an error or some other problem!
    
    // But wait-- did we get redirected?
    if (isset($res->redirect_code) && $res->redirect_code == 200) {
      return TRUE;  // it's OK after all!
    }

    
    return FALSE;    
  }
  
  // If we made it here, it must have worked.
  return TRUE;
  
}



/**
 * Hook block regions.
 * 
 * This function simply defines which block regions we will handle.  Each
 * block section should have a unique machine name, so it is best to namespace it with the
 * name of the module, then page or tab it appears on.
 * 
 * The array looks like this:
 * return array(
 *   "system_main" => array(
 *     "title" => t("Main Tab"),
 *     "regions" => array (
 *       "left_col" => array("title" => t("Left Column")),
 *       "right_col" => array("title" => t("Right Column")),
 *      ),
 *   ),
 * );
 *  
 * 
 * REMEMBER to make these machine-names, so only alpha numeric and underscores! 
 */
function system_block_regions() {
  return array(
    "system_main" => array(
      "title" => t("Main Tab"),
      "regions" => array (
        "left_col" => array("title" => t("Left Column")),
        "right_col" => array("title" => t("Right Column")),
       ),       
    ),
    "system_login" => array(
      "title" => t("Login Page"),
      "regions" => array (
        "top" => array("title" => t("Top")),
        "left_col" => array("title" => t("Left Column")),
        "right_col" => array("title" => t("Right Column")),
        "bottom" => array("title" => t("Bottom")),
       ),       
    ),    
  );
}



function system_menu() {
  $items = array();
  
  
  $items["main"] = array(
    "title" => "Dashboard",
    "page_callback" => "system_display_dashboard_page",
    "access_callback" => TRUE,
    "type" => MENU_TYPE_NORMAL_ITEM,
    "weight" => 10,
    "page_settings" => array(
      "screen_mode" => "not_advising",
    ),
  );
  
  
  $items["render-advising-snapshot-for-iframe"] = array(
    "title" => "Dashboard",
    "page_callback" => "system_render_advising_snapshop_for_iframe",
    "access_arguments" => array("access_logged_in_content"),
    "type" => MENU_TYPE_NORMAL_ITEM,
    "weight" => 10,
    "page_settings" => array(
      "screen_mode" => "not_advising",
    ),
  );
  
  $items['login-help'] = array(
    "title" => "Login Help",
    "page_callback" => "system_display_login_help_page",
    "access_callback" => TRUE,
  );
  
  
  $items["install-finished"] = array(
    "title" => "Installation Finished",
    "page_callback" => "system_display_install_finished_page",
    "access_callback" => TRUE,
    "type" => MENU_TYPE_CALLBACK,
  );
  
  $items["login"] = array(
    "title" => "Login",
    "page_callback" => "system_display_login_page",
    "access_callback" => TRUE,
    "type" => MENU_TYPE_NORMAL_ITEM,
  );


  $items["mfa-login"] = array(
    "title" => "Multi-Factor Authentication",
    "page_callback" => "fp_render_form",
    "page_arguments" => array("system_mfa_login_form"),    
    "access_callback" => TRUE,
    "type" => MENU_TYPE_NORMAL_ITEM,
  );


  $items["disable-login"] = array(
    "title" => "Login Disabled",
    "page_callback" => "system_display_disable_login_page",
    "access_callback" => TRUE,
    "type" => MENU_TYPE_NORMAL_ITEM,
  );
  
  $items["disable-student-login"] = array(
    "title" => "Student Logins Disabled",
    "page_callback" => "system_display_disable_login_page",
    "page_arguments" => array("student"),
    "access_callback" => TRUE,
    "type" => MENU_TYPE_NORMAL_ITEM,
  );
  
    
  
 $items["admin-tools/clear-cache"] = array(
    "title" => t("Clear all cache"),
    "description" => t("Clear and reset all cached items in FlightPath, including menu items, advising, etc."),
    "page_callback" => "system_perform_clear_cache",
    "access_arguments" => array("clear_system_cache"),
    "type" => MENU_TYPE_NORMAL_ITEM,
    "page_settings" => array(
      "menu_icon" => fp_get_module_path('system') . "/icons/arrow_refresh.png",      
    ),  
  );  


  $items["admin/db-updates"] = array(
    "title" => "Run DB updates?",
    "page_callback" => "fp_render_form",
    "page_arguments" => array("system_confirm_db_updates_form"),
    "access_arguments" => array("administer_modules"),
    "type" => MENU_TYPE_NORMAL_ITEM,
  );  
     
  
  $items["admin/completed-db-updates"] = array(
    "title" => "Database updates completed",
    "page_callback" => "system_display_completed_db_updates",    
    "access_arguments" => array("administer_modules"),
    "page_settings" => array(
      "page_show_title" => TRUE,
    ),       
    "type" => MENU_TYPE_NORMAL_ITEM,
  );    

  //administer_ban_ip_settings
  $items["admin/config/ban-ip"] = array(
    "title" => "Ban IP settings",
    "description" => "Configure settings for how FlightPath bans IP addresses.",
    "page_callback" => "fp_render_form",
    "page_arguments" => array("system_ban_ip_settings_form", "system_settings"),
    "access_arguments" => array("administer_ban_ip_settings"),
    "page_settings" => array(
      "page_hide_report_error" => TRUE,
      "menu_icon" => fp_get_module_path('system') . "/icons/server_edit.png",
      "menu_links" => array(
        0 => array(
          "text" => "Admin Console",
          "path" => "admin-tools/admin",
          "query" => "de_catalog_year=%DE_CATALOG_YEAR%",
        ),
      ),
    ),
    "type" => MENU_TYPE_NORMAL_ITEM,
    "tab_parent" => "admin-tools/admin",
  );
  
  
  

  $items["system/uninstall-module"] = array(
    "page_callback" => "system_handle_uninstall_module",
    "page_arguments" => array(2),
    "access_arguments" => array("administer_modules"),
    "type" => MENU_TYPE_CALLBACK,
  );
  

  $items["system-handle-form-submit"] = array(
    "page_callback" => "system_handle_form_submit",
    "access_callback" => TRUE,
    "type" => MENU_TYPE_CALLBACK,
  );  
    
  $items["logout"] = array(
    "title" => "Logout",
    "page_callback" => "system_handle_logout",
    "access_callback" => TRUE,
    "type" => MENU_TYPE_CALLBACK,
  );
  
         

  $items["popup-report-contact"] = array(
    "title" => "Report/Contact",
    "page_callback" => "fp_render_form",
    "page_arguments" => array("system_popup_report_contact_form"),
    "access_arguments" => array('access_popup_report_contact'),
    "page_settings" => array(
      "page_is_popup" => TRUE,
      "page_hide_report_error" => TRUE,
    ),   
    "type" => MENU_TYPE_CALLBACK,
  );              
           

  $items["popup-contact-form/thank-you"] = array(
    "title" => "Report/Contact",
    "page_callback" => "system_popup_report_contact_thank_you",    
    "access_callback" => TRUE,
    "page_settings" => array(
      "page_is_popup" => TRUE,
      "page_hide_report_error" => TRUE,
    ),   
    "type" => MENU_TYPE_CALLBACK,
  );                         
  
  

  //////////////// Config (admin console main menu) /////////////

  $items["admin/config/run-cron"] = array(
    "title" => "Run cron now",
    "description" => "Run the normal cron operations right away",
    "page_callback" => "system_perform_run_cron",
    "access_arguments" => array("run_cron"),
    "page_settings" => array(      
      "menu_icon" => fp_get_module_path('system') . "/icons/clock.png",
    ),    
    "type" => MENU_TYPE_NORMAL_ITEM,
  );  

  
  $items["admin/config/status"] = array(
    "title" => "System status",
    "description" => "View important notifications and updates for your installation of " . variable_get("system_name", "FlightPath"),
    "page_callback" => "system_display_status_page",
    "access_arguments" => array("view_system_status"),
    "page_settings" => array(
      "page_show_title" => TRUE,
      "menu_icon" => fp_get_module_path('system') . "/icons/application_view_list.png",
      "menu_links" => array(         
        0 => array(
          "text" => "Admin Console",
          "path" => "admin-tools/admin",
          "query" => "de_catalog_year=%DE_CATALOG_YEAR%",
        ),
      ),      
    ),        
    "type" => MENU_TYPE_NORMAL_ITEM,
    "tab_parent" => "admin-tools/admin",   
    
  );  
  

  
  
  $items["admin/config/system-settings"] = array(
    "title" => "System settings",
    "description" => "Configure settings for FlightPath",
    "page_callback" => "fp_render_form",
    "page_arguments" => array("system_settings_form", "system_settings"),
    "access_arguments" => array("de_can_administer_system_settings"),
    "page_settings" => array(
      "page_hide_report_error" => TRUE,
      "menu_icon" => fp_get_module_path('system') . "/icons/cog.png",
      "menu_links" => array(         
        0 => array(
          "text" => "Admin Console",
          "path" => "admin-tools/admin",
          "query" => "de_catalog_year=%DE_CATALOG_YEAR%",
        ),
      ),
    ),    
    "type" => MENU_TYPE_NORMAL_ITEM,
    "tab_parent" => "admin-tools/admin",    
  );
  
  
  $items["admin/config/school-data"] = array(
    "title" => "Configure school settings",
    "description" => "Configure school-specific data and settings",
    "page_callback" => "fp_render_form",
    "page_arguments" => array("system_school_data_form", "system_settings"),
    "access_arguments" => array("de_can_administer_school_data"),
    "page_settings" => array(
      "page_hide_report_error" => TRUE,
      "menu_icon" => fp_get_module_path('system') . "/icons/cog_edit.png",
      "menu_links" => array(         
        0 => array(
          "text" => "Admin Console",
          "path" => "admin-tools/admin",
          "query" => "de_catalog_year=%DE_CATALOG_YEAR%",
        ),
      ),
    ),    
    "type" => MENU_TYPE_NORMAL_ITEM,
    "tab_parent" => "admin-tools/admin",    
  );  
  
  
  
  $items["admin/config/modules"] = array(
    "title" => "Modules",
    "description" => "Manage which modules are enabled for your site",
    "page_callback" => "fp_render_form",
    "page_arguments" => array("system_modules_form"),
    "access_arguments" => array("administer_modules"),
    "page_settings" => array(
      "page_hide_report_error" => TRUE,
      "menu_icon" => fp_get_module_path('system') . "/icons/bricks.png",      
      "menu_links" => array(         
        0 => array(
          "text" => "Admin Console",
          "path" => "admin-tools/admin",
          "query" => "de_catalog_year=%DE_CATALOG_YEAR%",
        ),
      ),
    ),    
    "type" => MENU_TYPE_NORMAL_ITEM,
    "tab_parent" => "admin-tools/admin",    
  );

  
  
  $items["admin/config/clear-menu-cache"] = array(
    "title" => "Clear menu cache",
    "description" => "Clear and rebuild menus and URLs",
    "page_callback" => "system_perform_clear_menu_cache",
    "access_arguments" => array("clear_system_cache"),
    "type" => MENU_TYPE_NORMAL_ITEM,
    "page_settings" => array(
      "menu_icon" => fp_get_module_path('system') . "/icons/arrow_refresh.png",      
    ),    
  );  
  
                      

  
  $items["admin/config/execute-php"] = array(
    "title" => "Execute PHP",
    "description" => "Execute arbitrary PHP on your server. Caution: could be dangerous if not understood",
    "page_callback" => "fp_render_form",
    "page_arguments" => array("system_execute_php_form", "system_settings"),
    "access_arguments" => array("execute_php"),
    "page_settings" => array(
      "menu_icon" => fp_get_module_path('system') . "/icons/page_white_php.png",
      "page_hide_report_error" => TRUE,      
      "menu_links" => array(         
        0 => array(
          "text" => "Admin Console",
          "path" => "admin-tools/admin",
          "query" => "de_catalog_year=%DE_CATALOG_YEAR%",
        ),
      ),
    ),    
    "type" => MENU_TYPE_NORMAL_ITEM,
    "tab_parent" => "admin-tools/admin",    
  ); 

   
           
  return $items;
}




/**
 * This form allows the user (an administrator) to configure how
 * FlightPath bans IP addresses.
 */
function system_ban_ip_settings_form() {
  
  $form = array();
  
  $ban_ip_file_path = fp_get_files_path() . '/private/banned_ips.txt';
  
  $contents = 'File not found. Save form to create file.';
  if (file_exists($ban_ip_file_path)) {
    $contents = file_get_contents($ban_ip_file_path);
  }
  $form['mark_top'] = array(
    'type' => 'markup',
    'value' => "<p>". t('FlightPath is able to ban visitors by their IP addresses. Use this form to configure which
                   IP addresses you wish to ban.') . "</p>
                <p>                
                  " . fp_render_c_fieldset("<strong>" . t("Ban IP file path:") . "</strong> $ban_ip_file_path</b>
                                            <br><textarea class='readonly' readonly=readonly rows='10' cols='80'>$contents</textarea>
                                            ", "Current contents of Ban IP file", TRUE) . "
                                  
                
                
                  " . fp_render_c_fieldset("
                  <code>
                    sudo apt install php8.2-apcu   (or use whichever version of PHP you are using. Ex: 8.3, 8.1, etc.)
                    <br>sudo systemctl restart apache2
                  </code><br><br>Be sure to restart Apache once this change is in place, and ensure evertyhing still works correctly.
                ", "Install the PHP APCu package for best performance (see Debian/Ubuntu instructions)", TRUE) . "
                  
                </p>
                <p><b>You must save this form to create the banned_ips.txt file.</b></p>",
  );
  
  
  
  
  
  $form['ban_ip_file_path'] = array(
    'type' => 'value',
    'value' => $ban_ip_file_path,
  );

  
  // auto-ban settings.
  $form['system_enable_autoban_ip'] = array(
    'type' => 'checkbox',
    'label' => 'Enable auto-ban functionality?',
    'value' => variable_get('system_enable_autoban_ip', TRUE),
    'description' => t('If checked, FlightPath will automatically ban IP addresses which
                        trigger too many (7) page_not_found or access_denied events within a given
                        time period (2 seconds).'),
  );
  
  
  
  $form['system_manually_add_ip'] = array(
    'label' => t('Manually add an IP address to the ban list:'),
    'type' => 'text',    
  );
  
  
  
  $options = array('never' => 'Never (permanently ban IP addresses)');
  $options["1 HOUR"] = "1 hour";
  for ($t = 2; $t <= 22; $t = $t + 2) {
    $options["$t HOURS"] = "$t hours";
  }
  $options["1 DAY"] = "1 day";
  for ($t = 2; $t <= 6; $t = $t + 1) {
    $options["$t DAYS"] = "$t days";
  }
  $options["1 WEEK"] = "1 week";
  for ($t = 2; $t <= 100; $t = $t + 2) {
    $options["$t WEEKS"] = "$t weeks";
  }
  
  $form['system_ban_ip_expire'] = array(
    'label' => t('How long to wait until we remove a banned IP address?'),
    'type' => 'select',
    'hide_please_select' => 'TRUE',
    'options' => $options,
    'value' => variable_get('system_ban_ip_expire', '2 WEEKS'),
  );
  
    
  
  
  
  
  
  return $form;
  
} // system_ban_ip_settings_form


function system_ban_ip_settings_form_validate($form, &$form_state) {

  // Make sure our ban_ips.info file exists!
  
  $p = $form_state['values']['ban_ip_file_path'];
  
  if (!file_exists($p)) {
    $res = file_put_contents($p, "");
    if ($res === FALSE) {
      form_error('', t("Unable to create ban ip file: %p. Make sure the directory is writable by the web server. This 
                        file must be in place before making changes to Apache.", array('%p' => $p)));
    }
  }
  
  $manual_ip = $form_state['values']['system_manually_add_ip'] ?? '';
  if ($manual_ip != '' && !filter_var($manual_ip, FILTER_VALIDATE_IP)) {
    form_error('system_manually_add_ip', t('Sorry, the IP address you entered does not appear to be valid. Please try again.'));
  }
  
  
}



function system_ban_ip_settings_form_submit($form, &$form_state) {
  $manual_ip = trim($form_state['values']['system_manually_add_ip'] ?? '');
  $ban_file = $form_state['values']['ban_ip_file_path'];
  
  if ($manual_ip != '') {
    
    // Erase it from the ban_file if its already there    
    $c = file_get_contents($ban_file);
    $c = str_replace("$manual_ip", '', $c);
    //$c = str_replace("\r\n", "\n", $c);
    $c = str_replace("  ", '', $c);
    $c = str_replace(" \n", "", $c);
    $c = str_replace("\n\n", "", $c);    
    $c = trim($c);
    
    
    // Put into our file
    $res = file_put_contents($ban_file, "$c\n$manual_ip");

    if ($res === FALSE) {
      fp_add_message("Unable to write to the ban ip file. File permission issue?", 'error');
    }
        
    // Reset our apcu cache, if installed.
    if (function_exists('apcu_store')) {
      apcu_delete('banned_ips'); // force reload of banned ips next time a page is loaded.
    }
    
    
    // Also put in our table with current timestamp, so cron can expire it later.
    db_query("DELETE FROM banned_ips WHERE ip_address = ?", array($manual_ip));    
    db_query("INSERT INTO banned_ips (ip_address, posted_ts) VALUES (?, ?)", array($manual_ip, time()));
        
  }
  
}


/**
 * Adds IP address to our banned_ip list.
 * @param unknown $ip
 */
function system_ban_ip($ip, $comment = "") {
  
  $ban_ip_file_path = fp_get_files_path() . '/private/banned_ips.txt';
  $res = file_put_contents($ban_ip_file_path, "\n$ip", FILE_APPEND | LOCK_EX);
  
  if ($res === FALSE) {
    watchdog("ban_ip", "Unable to write to ban ip file. Possible file permission issue?", array(), WATCHDOG_ERROR);
    print "failed";
    return FALSE;
  }
  
  // Reset our apcu cache, if installed.
  if (function_exists('apcu_store')) {    
    apcu_delete('banned_ips'); // force reload of banned ips next time a page is loaded.    
  } 
  
  // Also put in our table with current timestamp, so cron can expire it later (if setup).  
  // Use REPLACE to avoid mysql errors for duplicate IPs
  db_query("REPLACE INTO banned_ips (ip_address, posted_ts) VALUES (?, ?)", array($ip, time()));
  
  
  watchdog("ban_ip", "Banned IP address: %ip; %comment", array("%ip" => $ip, "%comment" => $comment));
  
  return TRUE; 
  
  
} // system_ban_ip




/**
 * This is called by theme.inc's functions display_not_found and display_access_denied.
 * 
 * We want to see if we should ban this visitor's IP address for racking up too many page_not_found's or access_denied
 */
function system_check_should_ban_ip() {
  global $user;
  
  $ip = $_SERVER["REMOTE_ADDR"] ?? '';
  if (empty($ip)) return FALSE;
  
  // Criteria: user is anonymous, and has had more than X "not found" or "access denied" attempts within Y minutes.
  if (intval($user->id ?? 0) === 0) {
    // check if autoban is enabled
    if (variable_get('system_enable_autoban_ip', TRUE) == FALSE) return;
    
    $max_allowed = 7;  // TODO: a setting?
    $seconds = 2; // TODO: a setting?
    
    
    // Perform simple query on watchdog table
    $count = db_result(db_query("SELECT count(wid) as mycount FROM watchdog
                        WHERE user_id = 0
                        AND ip = ?
                        AND `type` IN ('page_not_found', 'access_denied')
                        AND `timestamp` > ?",
                        array($ip, strtotime("NOW - $seconds SECONDS"))));

    /*
    // We also want to see if they did
    $safecount = db_result(db_query("SELECT count(wid) as mycount FROM watchdog
                        WHERE user_id = 0
                        AND ip = ?
                        AND `type` NOT IN ('page_not_found', 'access_denied')
                        AND `timestamp` > ?",
                        array($ip, strtotime("NOW - $seconds SECONDS"))));
    
    if ($safecount) {
      if (intval($safecount) > 0) return;
    }
    */  
    
    if ($count) {
      $count = intval($count);
      if ($count >= $max_allowed) {
        // Yes, we should ban them.
        system_ban_ip($ip, "Exceeded $max_allowed forbidden events in the past $seconds seconds.");
        sleep(2); // Force their browser or script or whatever to sleep for 2 seconds.
      }
    }
        
     
    
  }
  
  
  
} // system_check_should_ban_ip





/**
 * This page will be shown when the user clicks the "Need Help Logging In?" link on the login page.
 */
function system_display_login_help_page() {
  //First, are we meant to redirect to a different piece of content?  This is configured in the System Settings.
  $cid = intval(variable_get("login_help_cid", "0"));

  if ($cid > 0) {
    fp_goto("content/$cid");
    return;
  }  
  
  // Else, display a generic message here.
  $rtn = "";
  
  $rtn .= t("If you need help logging in to FlightPath (eg, you forgot your password or do not have access), contact
              the system administrator or your IT department.");
              
  
  return $rtn;
  
}






/**
 * Used by the menu to determine if the user can access some basic information about the student (like Profile page, etc)
 */
function system_can_access_student($student_id = "") {
  global $current_student_id, $user;
  
  if ($student_id == "") $student_id = $current_student_id;
   
  
  // must be logged in first...
  if (!user_has_permission("access_logged_in_content")) return FALSE;

  if ($student_id == "" || $student_id === 0) return FALSE;
  
  if ($user->id == 1) return TRUE; // the admin user.
  
  // Can the user view ANY advising session?
  if (user_has_permission("view_any_advising_session")) return TRUE;
  
  // can the user only see their own advisees, and is this student one of their advisees?
  if (user_has_permission("view_advisee_advising_session")) {
    // Is the student_id in their list of advisees?
    $advisees = advise_get_advisees();
  
    if (in_array($student_id, $advisees)) return TRUE;    
  }
  
  // Is this user viewing THEIR OWN advising session?
  if (user_has_permission("view_own_advising_session")) {
  
    if ($student_id == $user->cwid && ($student_id != "" && $student_id !== 0)) return TRUE;
  }
  
  
  // All else fails, return FALSE  
  return FALSE;
  
}










function system_display_disable_login_page($type = "all") {
  $rtn = "";
  
  
  if ($type == "all") {
  
    $rtn .= "<h2>Logins Currently Disabled</h2>
            We're sorry, but logins are disabled at this time due to maintenance on FlightPath.
            <br><br>Please try again later.
            <br><br>
            ";
  }
  
  
  if ($type == "student") {      
    $rtn .= t("We're sorry, but student logins are disabled at this time.");
  }
  
  
  $rtn .= "        " . l("Return to login page", "<front>") . "";
  
  
  
  return $rtn;
}



function system_execute_php_form() {
  $form = array();
  $m = 0;
  
  $form["mark" . $m++] = array(
    "value" => t("Use this form to execute arbitrary PHP code.  <b>DO NOT</b>
                   type php tags (&lt;php ?&gt;).  Be careful!  Entering bad code
                   here can harm your site.  Only use if you know what you are doing."),    
  );

  $form["system_execute_php"] = array(
    "type" => "textarea",
    "label" => t("Enter PHP code here:"),
    "value" => variable_get("system_execute_php", ""),
    "rows" => 20,
  );
  
  
  return $form;
}

function system_execute_php_form_submit($form, $form_state) {
  $code = trim($form_state["values"]["system_execute_php"]);
  if ($code == "") return;

  if (user_has_permission("execute_php")) {  // double-check one more time on this,  just in case.
  
    try {
      $res = eval($code);
      
      // Check for errors less than PHP 7.
      if ($res === FALSE &&($error = error_get_last())) {
        fp_add_message("Error: " . $error["message"] . ". See line: " . $error["line"], "error");
      }
      
    }
    catch (ParseError $e) {    
      // Catches PHP 7+ ParseError exceptions...
      fp_add_message("Exception detected: " . $e->getMessage() . ". See line: " . $e->getLine(), "error");
    }
    
  }
  
}


/**
 * Display a confirmation form before we run the db updates (hook_updates)
 *
 * @return unknown
 */
function system_confirm_db_updates_form() {
  $form = array();

  $m = 0;
  
  $form["mark" . $m++] = array(
    "value" => t("Are you sure you wish to run the database updates?
                This will find modules which have been updated, and now need to
                make database changes.") . "
                <br><br>
                " . t("You should back up your entire database first, just in case a problem
                occurs!"),
  );
  

  $form["submit_btn"] = array(
    "type" => "submit",
    "spinner" => TRUE,
    "value" => t("Continue"),
    "prefix" => "<hr>",
    "suffix" => "&nbsp; &nbsp; <a href='javascript: history.go(-1);'>" . t("Cancel") . "</a>",    
  );
  
  $form["mark" . $m++] = array(
    "value" => t("Press only once, as this make take several moments to run."),
  );
  
  
  return $form;
}


/**
 * Perform the actual hook_update calls here, send the user to a completed page.
 *
 * @param unknown_type $form
 * @param unknown_type $form_state
 */
function system_confirm_db_updates_form_submit($form, $form_state) {
  
  // Since this could take a little while, let's use the batch system.
  $modules = array();
  
  
  
  // We need to find modules whose schema in their .info file
  // is different than what's in the database.
  
  $module_dirs = array();
  $module_dirs[] = array("start" => "modules", "type" => t("Core"));
  $module_dirs[] = array("start" => "custom/modules", "type" => t("Custom"));
    
  // We will also add any directories which begin with an underscore in the custom/modules directory.
  // For example:   custom/modules/_contrib
  // Let's find such directories now.
  $dir_files = scandir("custom/modules");  
  foreach ($dir_files as $file) {
    if ($file == '.' || $file == '..') continue;    
    if (substr($file, 0, 1) == '_' && is_dir("custom/modules/$file")) {      
      $module_dirs[] = array("start" => "custom/modules/$file", "type" => t("Custom/$file"));
    }
  }
    
    
    
  foreach ($module_dirs as $module_dir) {
    $start_dir = $module_dir["start"];
     
    if ($dh = opendir($start_dir)) {
      while ($file = readdir($dh)) {    
        if ($file == "." || $file == "..") continue;
        
        if (is_dir($start_dir . "/" . $file)) {  
         
          // Okay, now look inside and see if there is a .info file.
          if (file_exists("$start_dir/$file/$file.info")) {
            $module = $file;
            $info_contents = file_get_contents("$start_dir/$file/$file.info");
              
              
            // From the info_contents variable, split up and place into an array.
            $info_details_array = array();
            $lines = explode("\n", $info_contents);
            foreach ($lines as $line) {
              if (trim($line) == "") continue;
              $temp = explode("=", trim($line));
              $info_details_array[trim($temp[0])] = trim(substr($line, strlen($temp[0]) + 1)); 
            }
            
            
            $path = "$start_dir/$file";
            
            $res = db_query("SELECT * FROM modules WHERE path = ? ", $path);
            $cur = db_fetch_array($res);
            if ($cur) {
              $info_details_array["enabled"] = intval($cur["enabled"]);
             
              // Does this module need to run db updates?
              if (@$cur["enabled"] == 1 && @intval($cur["schema"]) != @intval($info_details_array["schema"]) && @$info_details_array["schema"] != "") {
                
                // Add to our list of modules to run in our batch operations.
                
                $modules[] = array(
                  'module' => $module,
                  'path' => $path,
                  'cur_schema' => intval($cur['schema']),
                  'schema' => intval($info_details_array['schema']),
                );
                
                
                
              } // if enabled & schema != db schema
                
            } // if cur
            
          } // if fileexists
        }//if isdir(file)
      }// while file = readdir()
    } // if opendir
  } // foreach module dirs as module_dir  
  
  // Clear our cache
  //fp_clear_cache();
  
  //fp_goto("admin/completed-db-updates");
  
  
  
    
  
  // Okay, set up the batch....
  $batch = array(
    "operation" => array("system_perform_db_updates_perform_batch_operation", array($modules)),
    "title" => t("Performing Database Updates"),    
    "progress_message" => "Processing @current of @total...",
    "display_percent" => TRUE,
  );
 
  $batch["finished_callback"] = array("system_finished_db_updates_finished");
   
  
  watchdog("admin", "Ran DB updates for modules"); 
   
   
  // Set the batch...
  batch_set($batch);  
  
  
}


function system_finished_db_updates_finished($batch) {
  // Clear our cache, since menu options might have changed.
  
  fp_clear_cache();
    
  fp_goto("admin/config/modules");
}


/**
 * Performs db updates ONE module at a time.
 */
function system_perform_db_updates_perform_batch_operation(&$batch, $modules) {  // if this is our first time through, let's init our values.
  
  if (!isset($batch["results"]["total"])) {
    // Our first time through.  Let's start up.
    $batch["results"]["total"] = count($modules);
    $batch["results"]["current"] = 0;  
    $batch["results"]["finished"] = FALSE;    
 }
  
      
  $t = intval($batch["results"]["current"]);

  if (!isset($modules[$t])) {
    $modules[$t] = array();  // not set, so just make it a blank array.
  }  
    
  $module = fp_trim(@$modules[$t]['module']);    
  $path = @$modules[$t]['path'];    
  $cur_schema = @$modules[$t]['cur_schema'];    
  $schema = @$modules[$t]['schema'];    
  
  if ($module) {
    // If the module has a .install file, begin by including it.
    if (include_module_install($module, $path)) {
        
      // Include the original module file first.
      include_module($module, TRUE, $path);
                         
      // Now, we can call hook_update, if it exists.
      if (function_exists($module . '_update')) {
        call_user_func_array($module . '_update', array($cur_schema, $schema));
      }
         
    }              
    
    // Okay, update the modules table for this module, and set schema to correct version.
    $res = db_query("UPDATE modules 
                      SET `schema` = ?
                      WHERE path = ? LIMIT 1 ", $schema, $path);
                             
    
    fp_add_message(t("The module %module has run its DB updates.", array("%module" => $module)));              
  }
  
  // Update our values.
  $batch["results"]["current"] = $t + 1; // go to next one.
  
    
  // Have we finished?
  if (intval($batch["results"]["current"]) >= intval($batch["results"]["total"])) {
    
    $batch["results"]["finished"] = TRUE;    
  }
    
  
    
  
} // system_perform_db_updates_perform_batch_operation




/**
 * Once db updates are run, display contents of this page.
 *
 */
function system_display_completed_db_updates() {
  $rtn = "";
  
  $rtn .= t("Database updates have been completed.  If you do not see
              any errors displayed, it means everything was run correctly.");
  
  $rtn .= "<br><br>
              <ul>";
  
  $rtn .= "<li>" . l(t("Return to Admin"), "admin-tools/admin") . "</li>
          <li>" . l(t("Return to Modules page"), "admin/config/modules") . "</li>
           
          </ul>";
  
  
  return $rtn;
}





/**
 * This page is displayed to the user once FlightPath has been installed.
 */
function system_display_install_finished_page() {
  $rtn = "";

  // Rebuild one more time
  menu_rebuild_cache(FALSE);


  fp_show_title(TRUE);
  
  $rtn .= t("Your new installation of FlightPath is now complete.
              <br><br>
             As a security precaution, you should: 
             <ul>
              <li>change the permissions
                  on custom/settings.php so that it cannot be read or written to by unauthorized
                  users.</li>
              <li>You should also rename or remove install.php so that web visitors cannot
                  access it.</li>
             </ul>
             
             If you need to re-install FlightPath, delete custom/settings.php, and drop all of the tables
             in the database, then re-access install.php.") . "<br><br>";

  $rtn .= l(t("Access your new FlightPath site now."), "<front>");
  
  
  return $rtn;
}


/**
 * This is the thank you page you see after submitting the contact form.
 */
function system_popup_report_contact_thank_you() {
  $rtn = "";
  
    
  $rtn .= "<p>";  
  $rtn .= t("Thank you for submitting to the @FlightPath Production Team.  We 
             have received your comment and will review it shortly.", array("@FlightPath" => variable_get("system_name", "FlightPath"))) . "<br><br>";
  $rtn .= t("You may now close this window.");
  $rtn .= "</p>";
  
  $rtn .= "<p>" . "<a href='javascript:parent.fpCloseLargeIframeDialog();' class='button'>" . t("Close Window") . "</a></p>";
  
  
  
  return $rtn;
}


/**
 * This is the form which lets users send an email to the FlightPath production
 * team, 
 */
function system_popup_report_contact_form() {  
  $form = array();
 
  fp_set_title("");
  $m = 0;
        
    
  $form["mark" . $m++] = array(
    "value" => "<p>" . t("If you've noticed an error or have a suggestion, use this
                  form to contact the @FlightPath Production Team.", array("@FlightPath" => variable_get("system_name", "FlightPath"))) . "</p>",
  );  
  
  
  
  $form["category"] = array(
    "type" => "select",
    "label" => t("Please select a category"),
    "options" => array(
                     t("Dashboard") => t("Dashboard"),
                     t("Appointments") => t("Appointments"),
                     t("Advising") => t("Advising"),
                     t("Degree plan") => t("Degree plan"),
                     t("What If?") => t("What If?"),
                     t("Searching") => t("Searching"),
                     t("Comments") => t("Comments"),
                     t("Audit") => t("Audit"),
                     t("Engagements") => t("Engagements"),
                     t("Sending/Receiving Text") => t("Sending/Receiving Text"),
                     t("Reports") => t("Reports/Analytics"),
                     t("Other") => t("Other"),
                      ),
  );

  $form["comment"] = array(
    "type" => "textarea",
    "rows" => 7,
    "label" => t("Comment:"),    
  );
  
  $form["submit"] = array(
    "type" => "submit",
    "spinner" => TRUE,
    "value" => t("Send email"),    
  );  
  
  $form["#redirect"] = array("path" => "popup-contact-form/thank-you");    
      
  return $form;
}


function system_popup_report_contact_form_submit($form, $form_state) {
  global $user;
  
  $category = filter_markup($form_state["values"]["category"],'plain');
  $comment = filter_markup($form_state["values"]["comment"], 'plain');
  
  $possible_student = filter_markup(@$_SESSION['last_student_selected'], 'plain');
  
  $user_roles = filter_markup(implode(", ", $user->roles), 'plain');
  
  $datetime = date("Y-m-d H:i:s", convert_time(strtotime("now")));

  //$headers = "From: FlightPath-noreply@noreply.com\n";
  $subject = t("FLIGHTPATH REPORT CONTACT") . " - $category ";
  $msg = "";
  $msg .= t("You have received a new report/contact on") . " $datetime.\n";
  $msg .= t("Name:") . " $user->f_name $user->l_name ($user->name)  CWID: $user->cwid  \n" . t("User roles:") . " $user_roles \n\n";
  $msg .= t("Category:") . " $category  \n";
  $msg .= t("Last Student Selected:") . " $possible_student  \n";
  $msg .= t("Comment:") . " \n $comment \n\n";
  $msg .= "------------------------------------------------ \n";

  $themd5 = md5($user->name . $user->cwid . $comment . $user_roles . $category);

  if (!isset($_SESSION["da_error_report_md5"]) || $_SESSION["da_error_report_md5"] != $themd5)
  {  // Helps stop people from resubmitting over and over again
    // (by hitting refresh, or by malicious intent)..
    
    $to = variable_get("contact_email_address", "");
    
    if ($to != "") {
      fp_mail($to,$subject,$msg);
    }

  } 

  $_SESSION["da_error_report_md5"] = $themd5;
  
  watchdog("admin", "Sent message with popup report contact form: Category: $category; Comment: $comment");
  
  
}




/**
 * This form is for the school-data, like subject code descriptions, colleges, etc.
 *
 */
function system_school_data_form($school_id = 0) {
  $form = array();
  $m = 0;
  
  $school_id = intval($school_id);
  
  $fs = "";  // The field name suffix.  We will add this to the end of all of our field names.  If this is the default school, leave blank.
  if (module_enabled("schools")) {
    $school_name = schools_get_school_name_for_id($school_id);
    fp_set_title(t("Configure %school school settings", array('%school' => $school_name)));
    if ($school_id !== 0) {
      $fs = "~~school_" . $school_id;
    }
  }
  
  
  $form['school_id'] = array(
    'type' => 'hidden',
    'value' => $school_id,
  );
  
  
  $form["school_initials" . $fs] = array(
    "type" => "textfield",
    "size" => 20,
    "label" => t("School initials:"),
    "value" => variable_get_for_school("school_initials", "DEMO", $school_id, TRUE),
    "description" => t("Ex: UFP or BQCC"),    
  );

  $form["school_name" . $fs] = array(
    "type" => "textfield",
    "size" => 20,
    "label" => t("School name:"),
    "value" => variable_get_for_school("school_name", "Demo University", $school_id, TRUE),
    "description" => t("Ex: University of FlightPath"),    
  );
  
    
                  
  $form["earliest_catalog_year" . $fs] = array(
    "type" => "textfield",
    "size" => 20,
    "label" => t("Earliest catalog year:"),
    "value" => variable_get_for_school("earliest_catalog_year", "2006", $school_id, TRUE),
    "description" => t("This is the earliest possible catalog year FlightPath may look 
                up.  Typically, this is the earliest year for which you have 
                data (ie, when FlightPath went online.
                If FlightPath cannot figure out a catalog year to use,
                it will default to this one. Ex: 2006"),    
  );
  
  
  $form["graduate_level_course_num" . $fs] = array(
    "type" => "textfield",
    "size" => 20,
    "label" => t("Graduate level course num:"),
    "value" => variable_get_for_school("graduate_level_course_num", "5000", $school_id, TRUE),
    "description" => t("This is the course num which means 'graduate level', meaning
                anything above it is considered a graduate level course. Ex: 5000"),    
  );
  

    
  
  $form["hiding_grades_message" . $fs] = array(
    "type" => "textarea",
    "label" => t("Hiding grades message:"),
    "value" => variable_get_for_school("hiding_grades_message", "", $school_id, TRUE),
    "description" => t("This message will be displayed when any course on the page
                has its bool_hide_grade set to TRUE.  If you are not using
                this functionality, you can leave this blank."),    
  );
  
  
  $form["show_group_titles_on_view" . $fs] = array(
    "type" => "select",
    "label" => t("Show group titles on View and What If screens?"),
    "hide_please_select" => TRUE,
    "options" => array("no" => t("No"), "yes" => t("Yes")),
    "value" => variable_get_for_school("show_group_titles_on_view", "no", $school_id, TRUE),
    "description" => t("If set to Yes, then group titles will be displayed in the View
                        and What if screens, similar to how they are displayed when printing.
                        If unsure what to select, select 'No'."), 
  );                                

  
  $form['max_allowed_selections_in_what_if' . $fs] = array(
    'type' => 'textfield',
    'label' => t("Maximum number of allowed selections in What If:"),
    'value' => variable_get_for_school('max_allowed_selections_in_what_if', 5, $school_id, TRUE),
    'description' => t("Selecting multiple degrees and options for What If can significantly impact server performance.  It is recommended
                      to limit the number of selections to no more than 5.  If you are unsure what to put here, enter '5'."),
  );

  $form['show_both_undergrad_and_grad_degrees_in_what_if' . $fs] = array(
    'type' => 'select',
    'label' => t("Show both undergraduate and graduate degrees for every student in What If?"),
    'options' => array('no' => t('No (default behavior)'), 'yes' => t('Yes')),
    'hide_please_select' => TRUE,
    'value' => variable_get_for_school('show_both_undergrad_and_grad_degrees_in_what_if', 'no', $school_id, TRUE),
    'description' => t("Normally on the What If selection screen, undergrad students can only select from undergrad degrees, and
                        graduate students can only select from graduate degrees.  However, if this is set to 'Yes', then 
                        students will be able to see and select from any degree in What If.  If unsure what to select,
                        choose 'No'."),
  );
  
  
  $form["show_level_3_on_what_if_selection" . $fs] = array(
    "type" => "select",
    "label" => t("Show level-3 degree options on What If selection screen?"),
    "hide_please_select" => TRUE,
    "options" => array("no" => t("No"), "yes" => t("Yes")),
    "value" => variable_get_for_school("show_level_3_on_what_if_selection", "yes", $school_id, TRUE),
    "description" => t("If set to Yes, then level 3 Track/Options will appear on the What If
                        selection screen, if a degree is selected with available options.
                        Setting to 'no' gives behavior more like FlightPath 4.
                        If unsure what to select, select 'No'."), 
  );                                
  
  
   
  $form["course_repeat_policy" . $fs] = array(
    "type" => "select",
    "label" => t("Course repeat policy:"),
    "options" => array("most_recent_exclude_previous" => t("most recent, exclude previous attempts"),
                       "most_recent_do_not_exclude" => t("most recent, do not exclude previous attempts - \"beta\" feature"),
                       "best_grade_exclude_others" => t("best grade, exclude other attempts - \"beta\" feature")),
    "value" => variable_get_for_school("course_repeat_policy", "most_recent_exclude_previous", $school_id, TRUE),
    "hide_please_select" => TRUE,
    "description" => t("This setting affects the course repeat policy for FlightPath for normal courses (courses which are not allowed to be repeated normally).
                        <br><b>If you are unsure what to select</b>, choose 'most recent, exclude previous attempts'.
                        <br>Please see the 
                <b><a href='http://getflightpath.com/node/1085' target='_blank'>FlightPath documentation</a></b> 
                on how to set up this field."),
                                              
                        
  );
  
  
  
  $form["what_if_catalog_year_mode" . $fs] = array(
    "type" => "select",
    "label" => t("What If mode default catalog year:"),
    "options" => array("current" => t("Current catalog year only"),
                       "student" => t("Student catalog year only"),
                      ),
    "value" => variable_get_for_school("what_if_catalog_year_mode", "current", $school_id, TRUE),
    "hide_please_select" => TRUE,
    "description" => t("What should be the default catalog year that What If pulls degrees from?  For some schools,
                        changing majors means moving to the current catalog year.  However, at other schools, students
                        may remain in their current catalog year when they change majors.  If you are unsure what
                        to select, choose 'Current catalog year only.'"),
  );
  
  
  
  $form["ignore_courses_from_hour_counts" . $fs] = array(
    "type" => "textfield",
    "label" => t("Ignore courses from hour counts (CSV):"),
    "value" => variable_get_for_school("ignore_courses_from_hour_counts", "", $school_id, TRUE),
    "description" => t("List courses, separated by comma, 
                which should be ignored in hours counts.  This helps
                remedial courses from being applied to hour counts.
                <br><b>These courses will automatically be assigned the requirement type code 'x'.</b>
                <br>
                Ex: MATH 093, ENGL 090, UNIV 1001"),    
  );


  
  $form["term_id_structure" . $fs] = array(
    "type" => "textarea",
    "label" => t("Structure of term ID's:"),
    "value" => variable_get_for_school("term_id_structure", "", $school_id, TRUE),
    "description" => t("Use this space to define termID structures, one per line.
                Please see the 
                <b><a href='http://getflightpath.com/node/1085' target='_blank'>FlightPath documentation</a></b> 
                on how to set up this field.") . "                
                <br>&nbsp; &nbsp; &nbsp; " . t("Like so: Structure, Short Desc, Long Desc, Abbr Desc, Year Adjustment") . "
                <br>" . t("Ex:") . " 
                <br>&nbsp; &nbsp; &nbsp; [Y4]60, Spring, Spring of [Y4], Spr '[Y2], [Y]
                <br>&nbsp; &nbsp; &nbsp; [Y4]40, Fall, Fall of [Y4-1], Fall '[Y2-1], [Y-1]",
  );

              
  
  
  
  // Let's load the subjects...
  $subjects = "";
  $query = "SELECT DISTINCT b.subject_id, a.title, a.college FROM draft_courses b LEFT JOIN subjects a
              ON (a.subject_id = b.subject_id AND a.school_id = b.school_id)
              WHERE exclude = 0
              AND b.school_id = ?              
              ORDER BY b.subject_id
              ";
   
  
  $result = db_query($query, $school_id);
  while ($cur = db_fetch_array($result))
  {      
    
    $title = fp_trim($cur["title"]);
    $subject_id = fp_trim($cur["subject_id"]);
    $college = fp_trim($cur["college"]);
        
    $subjects .= $subject_id . " ~ " . $college . " ~ " . $title . "\n";
  }
    
  
  $form["subjects" . $fs] = array(
    "type" => "textarea",
    "label" => t("Subjects:"),
    "value" => $subjects,
    "rows" => 15,
    "description" => t("Enter subjects known to FlightPath (for use
                        in popups and the Course Search, for example), one per line
                        in this format:") . "<br>SUBJ ~ COLLEGE ~ Title<br>" . t("For example:") . "
                        <br>&nbsp; ACCT ~ BA ~ Accounting<br>&nbsp; BIOL ~ AS ~ Biology<br>" . t("Notice
                        the separator between the code, college, and title is 1 tilde (~). Whatespace is ignored.
                        <br><b>Important:</b> This field cannot be set up until you have your courses
                        fully entered.  Once that occurs, the course
                        subjects will automatically appear in this box, where you can then assign the college code
                        and subject title."),
  );  
  
  
  // Load the colleges...
  $colleges = "";
  $res = db_query("SELECT * FROM colleges WHERE school_id = ? ORDER BY college_code", array($school_id));
  while ($cur = db_fetch_array($res)) {
    $colleges .= $cur["college_code"] . " ~ " . $cur["title"] . "\n";
  }
  
  
  $form["colleges" . $fs] = array(
    "type" => "textarea",
    "label" => t("Colleges:"),
    "value" => $colleges,
    "description" => t("Enter colleges known to FlightPath, one per line, in this format:
                       ") . "<br>COLLEGE_CODE ~ Title<br>" . t("For example:") . "
                       <br>&nbsp; AE ~ College of Arts, Science, and Education
                       <br>&nbsp; PY ~ College of Pharmacy<br>" . t("Notice
                        the separator between the code and title is 1 tilde (~). Whitespace is ignored."),
  );
  
  

  
  // Load the degree_college data....
  $degree_college = "";
  
  $res = db_query("SELECT DISTINCT(major_code) FROM draft_degrees WHERE school_id = ? ORDER BY major_code", array($school_id));
  while ($cur = db_fetch_array($res)) {
    $major_code = $cur["major_code"];
    
    // Is there an assigned college already?
    $res2 = db_query("SELECT college_code FROM degree_college WHERE major_code = ? AND school_id = ? ", $major_code, $school_id); 
    $cur2 = db_fetch_array($res2);
    $college_code = "";
    if ($cur2) $college_code = $cur2["college_code"];
    
    $degree_college .= $major_code . " ~ " . $college_code . "\n";
     
  }
  
  
  $form["degree_college" . $fs] = array(
    "type" => "textarea",
    "label" => t("Degree Colleges:"),
    "value" => $degree_college,
    "rows" => 15,
    "description" => t("Enter the degree's college, one per line, in this format:
                       ") . "<br>MAJOR_CODE ~ COLLEGE_CODE<br>" . t("For example:") . "
                       <br>&nbsp; ACCT ~ AE
                       <br>&nbsp; BUSN ~ SB<br>" . t("Notice
                        the separator between the codes is 1 tilde (~). Whitespace is ignored.
                        <br><b>Important:</b> This field cannot be set up until you have your degrees
                        entered.  Once that occurs, the degree major codes
                        will automatically appear in this box, where you can then assign the college code.
                        "),
  );
  
  
  
  
  $form['departments' . $fs] = array(
    "type" => 'textarea',
    'label' => t("Departments:"),
    'value' => variable_get_for_school('departments', '', $school_id, TRUE),
    'rows' => 15,
    'description' => t("Enter each department, one per line, in this format:
                        <br>DEPT_CODE ~ Department Name
                        <br>
                        For example:
                        <br> &nbsp; FINAID ~ Financial Aid
                        <br> &nbsp; REGST ~ Registrar
                        <br><b>Important:</b> The DEPT_CODE must be <strong>unique</strong> and contain only
                        letters, numbers, and underscores.  The Department Name must not contain any tildes (~) or line breaks, and should be relatively short.
                        <br>The separator between the DEPT_CODE and the Department Name is a single tilde (~)."),
  );
  
  
  
  // How many decimal places allowed in substitutions?
  $form["sub_hours_decimals_allowed" . $fs] = array(
    "type" => "select",
    "label" => t("Substitution hours decimal places allowed:"),
    "options" => array(1 => t("1 (ex: 1.1 hrs)"), 2 => t("2 (ex: 1.15 hrs)"), 3 => t("3 (ex: 1.155 hrs)"), 4 => t("4 (ex: 1.1556 hrs)")),
    "value" => variable_get_for_school("sub_hours_decimals_allowed", 2, $school_id, TRUE),
    "no_please_select" => TRUE,
    "description" => t("For hours with decimals (like 2.25 hours), how many numbers
                      after the decimal place will be allowed?  Affects users performing
                      substitutions.  For example, if you select \"2\" here, then
                      a value of 1.2555 will be rejected, and the user will be asked to re-enter.
                      1.25, would be accepted, since it has 2 decimal places.
                      <br>If you are unsure what to select, set to 2."),
  );
  
  
  // Auto-correct course titles?
  $form["autocapitalize_course_titles" . $fs] = array(
    "type" => "select",
    "label" => t("Auto-capitalize course titles?"),
    "options" => array("yes" => "Yes", "no" => "No"),
    "hide_please_select" => TRUE,
    "value" => variable_get_for_school("autocapitalize_course_titles", "yes", $school_id, TRUE),
    "description" => t("If set to yes, course titles in FlightPath will be run through a capitalization
                        filter, so that 'INTRO TO ACCOUNTING' becomes 'Intro to Accounting'.
                        Generally, this makes the course names more attractive, but it can
                        incorrectly capitalize acronyms and initials.  Disable if you would like
                        complete control over capitalization.
                        <br>If unsure, set to Yes."),
  );
  

  // Auto-correct institution names?  
  $form["autocapitalize_institution_names" . $fs] = array(
    "type" => "select",
    "label" => t("Auto-capitalize institution names?"),
    "options" => array("yes" => "Yes", "no" => "No"),
    "hide_please_select" => TRUE,
    "value" => variable_get_for_school("autocapitalize_institution_names", "yes", $school_id, TRUE),
    "description" => t("If set to yes, transfer institution names in 
                        FlightPath will be run through a capitalization
                        filter, so that 'UNIVERSITY OF LOUISIANA AT MONROE' 
                        becomes 'University of Louisiana at Monroe'.
                        Like the course title setting above, this is to make
                        inconsistent or unattractive capitalization prettier.  
                        Disable if you would like
                        complete control over capitalization.
                        <br>If unsure, set to Yes."),
  );

  
  // Only allow ghost subs for fellow ghost hours?
  $form["restrict_ghost_subs_to_ghost_hours" . $fs] = array(
    "type" => "select",
    "label" => t("Restrict ghost substitutions to courses with zero hours only?"),
    "options" => array("yes" => "Yes", "no" => "No"),
    "hide_please_select" => TRUE,
    "value" => variable_get_for_school("restrict_ghost_subs_to_ghost_hours", "yes", $school_id, TRUE),
    "description" => t("If set to yes, courses with \"ghost\" hours may only be
                        substituted for other courses with \"ghost\" hours.  What this
                        means is that if a course is worth zero hours, it may only be
                        subbed for a requirement worth zero hours, and it will not appear
                        as an option for substitutions of courses worth more than zero hours.
                        This will not affect old subs; only new ones.
                        <br>If unsure, set to Yes."),
  );


  $form["initial_student_course_sort_policy" . $fs] = array(
    "type" => "select",
    "label" => t("Initial student course sort policy:"),
    "options" => array("alpha" => "Alphabetical sort [default]", "grade" => "Best grade first"),
    "hide_please_select" => TRUE,
    "value" => variable_get_for_school("initial_student_course_sort_policy", "alpha", $school_id, TRUE),
    "description" => t("Student courses are sorted more than once as they are evaluated by FlightPath.
                        By default, they are sorted alphabetically first.  If you change this to best-grade-first, 
                        courses will be initally sorted according to the grade they earned, in the order defined in 'Grade order CSV' below.
                        Any student grades not defined below will be considered the lowest possible grade."),
  );
  
  
  $form["grade_order" . $fs] = array(
    "type" => "textfield",
    "label" => t("Grade order (CSV):"),
    "value" => variable_get_for_school("grade_order", "E,AMID,BMID,CMID,DMID,FMID,A,B,C,D,F,W,I", $school_id, TRUE),
    "description" => t("List all possible grades, separated by comma, from highest to lowest.  This is 
                      used if you select 'Best Grade first' order above, but also is used in determining
                      if a course fulfills a minimum grade requirement.                      
                      <br>Ex: AMID,BMID,CMID,DMID,FMID,A,B,C,D,F,W,I"),
  );
  
  
  $form["minimum_passing_grade" . $fs] = array(
    "type" => "textfield",
    "size" => 3,
    "label" => t("Minimum passing grade:"),
    "value" => variable_get_for_school("minimum_passing_grade", "D", $school_id, TRUE),
    "description" => t("Enter a grade which is the default minimum grade a student must have earned
                      for the course to be considered for credit. This will affect course requirements
                      on degree plans which do not have a min grade set.  This value will be used
                      by default. If unsure, enter D."),    
  );  
  
  
  $form["retake_grades" . $fs] = array(
    "type" => "textfield",
    "label" => t("Retake grades (CSV):"),
    "value" => variable_get_for_school("retake_grades", "F,W,I", $school_id, TRUE),
    "description" => t("List grades, separated by comma, which means 'the student must
                retake this course. They did not earn credit.' Ex: F,W,I"),    
  );
  
         
  $form["withdrew_grades" . $fs] = array(
    "type" => "textfield",
    "label" => t("Withdrew grades (CSV):"),
    "value" => variable_get_for_school("withdrew_grades", "W", $school_id, TRUE),
    "description" => t("List grades, separated by comma, which means 'the student withdrew
                from this course. They did not earn credit.' Ex: W,WD,WF.  If not sure
                what to enter here, just enter 'W'."),    
  );  
  
  
  $form["enrolled_grades" . $fs] = array(
    "type" => "textfield",
    "label" => t("Enrolled grades (CSV):"),
    "value" => variable_get_for_school("enrolled_grades", "E", $school_id, TRUE),
    "description" => t("List grades, separated by comma, which means 'the student is
                currently enrolled in this course.' Ex: E,AMID,BMID "),    
  );

  
  $form["minimum_substitutable_grade" . $fs] = array(
    "type" => "textfield",
    "size" => 3,
    "label" => t("Minimum substitutable grade:"),
    "value" => variable_get_for_school("minimum_substitutable_grade", "D", $school_id, TRUE),
    "description" => t("Enter a grade which is the minimum grade a student must have earned
                      for the course to be allowed in a substitution.  This will affect
                      new substitutions, not old ones.  If unsure, enter D."),    
  );
  
  
  $form["group_min_grades" . $fs] = array(
    "type" => "textfield",
    "label" => t("Group requirement min grades (CSV):"),
    "value" => variable_get_for_school("group_min_grades", "D,C,B,A", $school_id, TRUE),
    "description" => t("List grades, separated by comma, which should appear in the min grade pulldown when setting a group requirement
                        in a degree (this also sets the order in which they will appear).  If unsure what to enter, use: D,C,B,A"),    
  );

  
  
  $form["calculate_cumulative_hours_and_gpa" . $fs] = array(
    "label" => t("Calculate student cumulative hours and GPA?"),
    "type" => "select",
    "hide_please_select" => TRUE,
    "options" => array("no" => t("No"), "yes" => t("Yes")),         
    "value" => variable_get_for_school("calculate_cumulative_hours_and_gpa", 'no', $school_id, TRUE),
    "description" => t("If set to Yes, student cumulative hours and GPA will not be read from the
                          'students' database table, but will instead be calculated on the fly
                          each time a student is loaded.  If unsure what to do, set to Yes."),    
  );
  
  
  
  $form['numeric_to_letter_grades' . $fs] = array(
    "label" => t("Numeric to Letter Grades:"),
    "type" => "textarea",
    "value" => variable_get_for_school("numeric_to_letter_grades", "", $school_id, TRUE),
    "description" => t("If your school supports numeric grades in your SIS (ex: 91, 80, 65, etc), then they must be converted to
                        letter grades (A, B, D, etc) for FlightPath.  Use this box to define what numeric range translates to which
                        letter grade.  If you are unsure what to enter here, or if your school does not use numeric grades, leave this blank.
                        <br>Enter in the form of:  MIN ~ MAX ~ GRADE
                        <br>Ex:
                        <br>&nbsp; 0 ~ 59.99 ~ F
                        <br>&nbsp; 60 ~ 69.99 ~ D
                        <br>&nbsp; 70 ~ 79.99 ~ C
                        <br>&nbsp; 80 ~ 89.99 ~ B
                        <br>&nbsp; 90 ~ 100.99 ~ A
                        <br>&nbsp; 101 ~ 999 ~ A     &nbsp; &nbsp; <em>(In case scores above 100 are possible)</em>"),
  );
  
  
  $form["quality_points_grades" . $fs] = array(
    "label" => t("Quality points and grades:"),
    "type" => "textarea",
    "value" => variable_get_for_school("quality_points_grades", "A ~ 4\nB ~ 3\nC ~ 2\nD ~ 1\nF ~ 0\nI ~ 0", $school_id, TRUE),
    "description" => t("Enter a grade, and how many quality points it is worth, separated by
                        tilde (~), one per line.  You must include every grade which should count
                        for (or against) a GPA calculation, even if it is worth zero points.  For example,
                        if an 'F' should cause a GPA to lower (which normally it would), it should be
                        listed here.  If a 'W' grade should simply be ignored, then DO NOT list it here.
                        Any grade you do not list here will be IGNORED in all GPA calculations.") . "
                        <br>
                        Ex:<blockquote style='margin-top:0; font-family: Courier New, monospace;'>                        
                        A ~ 4<br>B ~ 3<br>C ~ 2<br>D ~ 1<br>F ~ 0<br>I ~ 0</blockquote>",
  );
  
  
  $form["requirement_types" . $fs] = array(
    "label" => t("Requirement types and codes:"),
    "type" => "textarea",
    "value" => variable_get_for_school("requirement_types", "g ~ General Requirements\nc ~ Core Requirements\ne ~ Electives\nm ~ Major Requirements\ns ~ Supporting Requirements\nx ~ Additional Requirements", $school_id, TRUE),
    "description" => t("Enter requirement type codes and descriptions, separated by a tilde (~), one
                        per line.  <b>You may not use the code 'u'</b> as that is reserved in FlightPath.
                        <b>You should define what 'x' means</b>, but be aware that the code 'x' will always
                        designate a course whose hours should be ignored from GPA calculations.
                        <b>You should define what 'm' means</b>, as this is the default code applied
                        to a requirement if one is not entered.  <b>You should define what
                        'e' means</b>, as this is also the code given to courses whose types we cannot
                        figure out, perhaps because of a typo or intentionally.  Ex:  Electives.
                        This list also defines the order in which they will appear on screen in
                        Type View.  By convention, codes should be lower case single-letters.") . "
                        <br>Ex:
                        <div style='padding-left: 20px; font-family: Courier New, monospace'>
                         g ~ General Requirements<br>
                         c ~ Core Requirements<br>
                         e ~ Electives<br>
                         m ~ Major Requirements<br>
                         s ~ Supporting Requirements<br>
                         x ~ Additional Requirements                         
                         </div>
                         
                         Please see the 
                <b><a href='http://getflightpath.com/node/1085' target='_blank'>FlightPath documentation</a></b> 
                for more information on how to set up this field.
                         ",
                         
  );

  // Check to make sure the gd extension is loaded, since that will be required to display
  // the pie charts...
  if (!extension_loaded('gd') && !extension_loaded('gd2')) {
    $form["mark_no_gd_library"] = array(
      "value" => "<p class='hypo'><b>" . t("Note: it appears your web server does not have the 'GD' library
                                enabled for PHP.  This is required to make the pie charts show up
                                correctly.  Contact your server administrator about enabling the 'GD'
                                library.") . "</b></p>",
    );
  }
  
  
  $form["pie_chart_config" . $fs] = array(
    "label" => t("Pie chart configuration:"),
    "type" => "textarea",
    "value" => variable_get_for_school("pie_chart_config", "c ~ Core Requirements\nm ~ Major Requirements\ndegree ~ Degree Progress", $school_id, TRUE),
    "description" => t("Enter configuration data for the pie charts which graph a student's progress
                        through their degree.  Enter the requirement type code, pie chart label, and optional
                        colors separated by tilde (~).  Requirement types not found for a student will be skipped 
                        and the chart will not be drawn. <b>Enter 'degree' for total progress.</b>") . "
                        <br>Ex:  CODE ~ LABEL ~ [optional: UNFINISHED COLOR ~ PROGRESS COLOR ]
                        <div style='padding-left: 20px; font-family: Courier New, monospace'>                          
                          c ~ Core Requirements ~ 660000 ~ FFCC33<br>
                          m ~ Major Requirements ~ 660000 ~ 93D18B<br>
                          degree ~ Degree Progress ~ 660000 ~ 5B63A5
                        </div>",
                         
  );


  $form["pie_chart_gpa" . $fs] = array(
    "label" => t("Should pie charts show GPAs?"),
    "type" => "select",
    "options" => array("no" => "No", "yes" => "Yes"),
    "value" => variable_get_for_school("pie_chart_gpa", "no", $school_id, TRUE),
    "hide_please_select" => TRUE,
    "description" => t("If set to 'Yes', the GPA will be displayed below each pie chart on the View and What If screens.
                        If unsure what to select, choose 'no'."),
  );
  
  
  
  
  $form["developmentals_title" . $fs] = array(
    "label" => t("Developmentals semester block title:"),
    "type" => "textfield",
    "value" => variable_get_for_school("developmentals_title", t("Developmental Requirements", $school_id)),
    "description" => t("This is the title of the Developmental Requirements semester block,
                        which appears on a student's degree plan, near the bottom, when they
                        have remedial courses they are required to take.  If you are
                        unsure what to enter, use 'Developmental Requirements'."),
  );
  
  
  $form["developmentals_notice" . $fs] = array(
    "label" => t("Developmentals notice text:"),
    "type" => "textarea",
    "value" => variable_get_for_school("developmentals_notice", t("According to our records, you are required to complete the course(s) listed above. For some transfer students, your record may not be complete. If you have any questions, please ask your advisor."), $school_id, TRUE),
    "description" => t("The text you enter here will be displayed below the Developmentals semester
                        block, explaining to the student what these courses are.  For example:
                        'According to our records, you are required to complete the course(s) listed
                        above.'"),
  );

  

  $form["graduate_level_codes" . $fs] = array(
    "type" => "textfield",
    "label" => t("Graduate level codes (CSV):"),
    "value" => variable_get_for_school("graduate_level_codes", "GR", $school_id, TRUE),
    "description" => t("List level codes, separated by comma, for both students, courses, and degrees, which should be considered at the Graduate level.  If you do not need
                        to distinguish between graduate and undergraduate credit, leave this field blank.<br>If unsure, set to GR."),    
  );
  
  
  
  $form["disallow_graduate_credits" . $fs] = array(
    "type" => "select",
    "label" => t("Disallow automatic use of graduate credits?"),
    "options" => array("yes" => "Yes", "no" => "No"),
    "hide_please_select" => TRUE,
    "value" => variable_get_for_school("disallow_graduate_credits", "yes", $school_id, TRUE),
    "description" => t("If set to yes, FlightPath will not automatically use graduate credits (based on the level code the student's credit
                        is given in the database) to populate elective groups or on the degree plan.  They may still be substituted using the
                        substitution system however.  In order for this setting to work, the 'Graduate course level codes' field must be set above.
                        <br>If unsure, set to Yes."),
  );
  
  
  
  $form["display_graduate_credits_block" . $fs] = array(
    "type" => "select",
    "label" => t("Display graduate credits in their own semester block?"),
    "options" => array("yes" => "Yes", "no" => "No"),
    "hide_please_select" => TRUE,
    "value" => variable_get_for_school("display_graduate_credits_block", "yes", $school_id, TRUE),
    "description" => t("If set to yes, FlightPath will display graduate credits in their own block, and NOT in Excess credits.  The graduate block details
                        are set below.
                        <br>If unsure, set to Yes."),
  );
  
    
  $form["graduate_credits_block_title" . $fs] = array(
    "label" => t("Graduate Credits block title:"),
    "type" => "textfield",
    "value" => variable_get_for_school("graduate_credits_block_title", t("Graduate Credits"), $school_id, TRUE),
    "description" => t("This is the title of the Graduate Credits semester block (setting above),
                        which appears on a student's degree plan, near the bottom, when they
                        have graduate credits in their history (based on the credit's level code).  If you are
                        unsure what to enter, use 'Graduate Credits'."),
  );
  
  
  $form["graduate_credits_block_notice" . $fs] = array(
    "label" => t("Graduate Credits block notice text:"),
    "type" => "textarea",
    "value" => variable_get_for_school("graduate_credits_block_notice", t("These courses may not be used for undergraduate credit."), $school_id, TRUE),
    "description" => t("The text you enter here will be displayed below the Gradute Credits semester
                        block, explaining to the student what these courses are.  For example:
                        'These courses may not be used for undergraduate credit.'"),
  );
  
  
      
  
  $form["exclude_majors_from_appears_in_counts" . $fs] = array(
    "label" => t("Exclude major codes from \"appears in\" counts (CSV):"),
    "type" => "textfield",
    "maxlength" => 1000,
    "value" => variable_get_for_school("exclude_majors_from_appears_in_counts", "", $school_id, TRUE),
    "description" => t('When a course appears in more than one degree, it is given an extra CSS class
                        denoting that.  This fields lets you enter major codes for degrees, separated by commas,
                        for any degrees you do not wish to be counted toward the "appears in" counts.
                        <br>&nbsp; &nbsp; Ex:  UGELEC, ACCTB
                        <br>If you are unsure what to enter, leave this field blank.'),
  );
  
  
  
  $form["group_full_at_min_hours" . $fs] = array(
    "label" => t("Groups should be considered 'full' when min hours are met or exceeded?"),
    "type" => "select",
    "options" => array("yes" => "Yes", "no" => "No"),
    "value" => variable_get_for_school("group_full_at_min_hours", "yes", $school_id, TRUE),
    "hide_please_select" => TRUE,
    "description" => t("If a group has been added to a degree plan with 'min hours', should FlightPath consider the group
                        'full', and stop assigning courses to it, once the assigned courses meets or goes over the min hours value, 
                        even if the max hours have not been fulfilled?  This
                        only affects groups which have been added to a degree plan with min hours set.  Ex: 3-6 hours.
                        If you are unsure what to enter, select 'Yes'"),
  );  
  
  
  $form["remove_advised_when_course_taken" . $fs] = array(
    "label" => t("Remove an advised course when a student enrolls in it (or completes it), for the same term?"),
    "type" => "select",
    "options" => array("yes" => "Yes", "no" => "No"),
    "value" => variable_get_for_school("remove_advised_when_course_taken", "no", $school_id, TRUE),
    "hide_please_select" => TRUE,
    "description" => t("If a student has been advised into a course, and then enrolls in that course before the next
                        advising term begins, should the advised course (and checkbox) be removed?  This would also affect
                        courses the student completes within that term.  The default is 'No', meaning advising checkboxes in View
                        will continue to show, even if the student has enrolled or completes the course that term.  The checkboxes
                        will disappear when the advising term is no longer available for advising.
                        Select 'Yes' if you wish to have FlightPath hide advising checkboxes on the View screen when a student
                        is enrolled or completes a course within the same advising term.  If you are unsure what to enter, select 'No'."),
  );  

  
  $form["prevent_course_assignment_to_both_degree_and_track" . $fs] = array(
    "label" => t("Prevent a course assignment to both a degree and its track(s)?"),
    "type" => "select",
    "options" => array("yes" => "Yes", "no" => "No"),
    "value" => variable_get_for_school("prevent_course_assignment_to_both_degree_and_track", "yes", $school_id, TRUE),
    "hide_please_select" => TRUE,
    "description" => t("If set to 'Yes' (default), then FlightPath will not allow the same course to be assigned to both a Level-1 degree
                       and its tracks.  For example, if a student completes ENGL 101, and it can be assigned to the major COMPSCI, then
                       it cannot also be assigned to the track COMPSCI|_OPT1.  If you are unsure what to select, leave this set to 'Yes'."),
  );  

  
  $form["group_list_course_show_repeat_information" . $fs] = array(
    "label" => t("Display 'Repeat Information' for a course in a group's course list?"),
    "type" => "select",
    "options" => array("yes" => "Yes", "no" => "No"),
    "value" => variable_get_for_school("group_list_course_show_repeat_information", "yes", $school_id, TRUE),
    "hide_please_select" => TRUE,
    "description" => t("If set to 'Yes' (default), FlightPath will how many times a course may be repeated when viewing a list
                        of a Group's courses in the popup.  If set to 'No', repeat information will not be displayed, and instead
                        the course's normal hour information is displayed.  If you
                        are unsure what to select, leave this set to 'Yes'."),
  );  

  
  $form["degree_requirement_sort_policy" . $fs] = array(
    "type" => "select",
    "label" => t("Degree requirement sort policy:"),
    "options" => array("alpha" => "Alphabetical sort (default)", "database" => "As entered in database [beta]"),
    "hide_please_select" => TRUE,
    "value" => variable_get_for_school("degree_requirement_sort_policy", "alpha", $school_id, TRUE),
    "description" => t("How should degree course requirements appear to the end user?  By default, they will be sorted into alphabetical order.
                       However, if you wish them to appear in the order the were entered on the Edit Degree form, select 'As entered...'.
                       <br>If unsure, select 'Alphabetical sort'."),
  );
  


  $form["group_requirement_sort_policy" . $fs] = array(
    "type" => "select",
    "label" => t("Group requirement sort policy:"),
    "options" => array("alpha" => "Alphabetical sort (default)", "database" => "As entered in database [beta]"),
    "hide_please_select" => TRUE,
    "value" => variable_get_for_school("group_requirement_sort_policy", "alpha", $school_id, TRUE),
    "description" => t("How should group course requirements appear to the end user in the popup dialog window?  By default, they will be sorted into alphabetical order.
                       However, if you wish them to appear in the order the were entered on the Edit Group form, select 'As entered...'.
                       <br>If unsure, select 'Alphabetical sort'."),
  );
    
    
  
  
  return $form;
}


/**
 * Uses the "exclude_majors...." setting, but converts them into an array of degree_ids.
 */
function system_get_exclude_degree_ids_from_appears_in_counts($school_id) {
  
  $rtn = array();
  
  // Have we already cached this for this page load?  
  if (isset($GLOBALS["exclude_degree_ids_from_appears_in_counts"][$school_id])) {
    return $GLOBALS["exclude_degree_ids_from_appears_in_counts"][$school_id];
  }  
    
  $db = get_global_database_handler();
  
  $majors = csv_to_array(variable_get_for_school("exclude_majors_from_appears_in_counts", "", $school_id));
  
  foreach ($majors as $major_code) {
    $rtn = array_merge($rtn, $db->get_degree_ids($major_code));
  }  
  
  
  $GLOBALS["exclude_degree_ids_from_appears_in_counts"][$school_id] = $rtn;  // cache for next time.
  
  return $rtn;
  
} //system_get_exclude_degree_ids_from_appears_in_counts



/**
 * Validate handler for the school_data_form.
 * 
 * Most of our data can be saved as simple system_settings, but for the others,
 * we want to save them to special tables, then remove them from the form_state so
 * they don't get saved to the variables table, taking up a lot of space.
 *
 * @param unknown_type $form
 * @param unknown_type $form_state
 */
function system_school_data_form_validate($form, &$form_state) {

  $school_id = intval($form_state['values']['school_id']);
  $fs = "";
  if ($school_id !== 0) {
    $fs = "~~school_" . $school_id;
  }
  // Subjects...
  db_query("DELETE FROM subjects WHERE school_id = ?", $school_id);
  
     
  $subjects = trim($form_state["values"]["subjects" . $fs]);
  $lines = explode("\n", $subjects);
  foreach ($lines as $line) {
    $temp = explode("~", $line);
    
    db_query("INSERT INTO subjects (subject_id, college, title, school_id)
              VALUES (?, ?, ?, ?) ", strtoupper(trim($temp[0] ?? '')), strtoupper(trim($temp[1] ?? '')), trim($temp[2] ?? ''), $school_id);
    
  } 
  // Remove the data from our form_state, so it isn't saved twice
  unset($form_state["values"]["subjects" . $fs]);
  

  
  // Colleges...
  db_query("DELETE FROM colleges WHERE school_id = ?", $school_id);
     
  $contents = trim($form_state["values"]["colleges" . $fs]);
  $lines = explode("\n", $contents);
  foreach ($lines as $line) {
    $temp = explode("~", $line);
    
    db_query("INSERT INTO colleges (college_code, title, school_id)
              VALUES (?, ?, ?) ", strtoupper(trim($temp[0] ?? '')), trim($temp[1] ?? ''), $school_id);
    
  }  
  // Remove the data from our form_state, so it isn't saved twice
  unset($form_state["values"]["colleges" . $fs]);

  

  // Degree College...
  db_query("DELETE FROM degree_college WHERE school_id = ?", $school_id);
     
  $contents = trim($form_state["values"]["degree_college" . $fs]);
  $lines = explode("\n", $contents);
  foreach ($lines as $line) {
    $temp = explode("~", $line);
    
    db_query("INSERT INTO degree_college (major_code, college_code, school_id)
              VALUES (?, ?, ?) ", strtoupper(trim($temp[0] ?? '')), strtoupper(trim($temp[1] ?? '')), $school_id);
    
  }  
  // Remove the data from our form_state, so it isn't saved twice
  unset($form_state["values"]["degree_college" . $fs]);
  
  watchdog("system", "Updated school settings (school_id: $school_id)");
  
  
}


/**
 * Returns back an array (suitable for FAPI) of the available themes in the system.
 */
function system_get_available_themes() {
  $rtn = array();
  
  // First, search for themes in our core folder.  Themes must have a .info file which matches
  // their folder name, just like modules.
  $theme_dirs = array();
  $theme_dirs[] = array("start" => "themes", "type" => t("Core"));
  $theme_dirs[] = array("start" => "custom/themes", "type" => t("Custom"));
    
  foreach ($theme_dirs as $theme_dir) {
    $start_dir = $theme_dir["start"];
    $type_dir = $theme_dir['type'];
     
    if ($dh = @opendir($start_dir)) {
            
      $dir_files = scandir($start_dir);      
      foreach ($dir_files as $file) {    
        if ($file == "." || $file == "..") continue;
        
        if (is_dir($start_dir . "/" . $file)) {  
         
          // Okay, now look inside and see if there is a .info file.
          if (file_exists("$start_dir/$file/$file.info")) {
            $theme = $file;
            $info_contents = file_get_contents("$start_dir/$file/$file.info");
              
            // From the info_contents variable, split up and place into an array.
            $info_details_array = array("name" => t("Name Not Set.  Configure theme's .info file."), "path" => "", "module" => "", 
                                        "schema" => "", "core" => "", "description" => "", 
                                        "requires" => "", "version" => "",
                                        "required" => "", );
            
            $lines = explode("\n", $info_contents);
            foreach ($lines as $line) {
              if (trim($line) == "") continue;
              $temp = explode("=", trim($line));
              $info_details_array[trim($temp[0])] = trim(substr($line, strlen($temp[0]) + 1)); 
            }
                        
            $path = "$start_dir/$file";
            
            $rtn[$path] = $info_details_array['name'] . "<div style='font-size: 0.8em; font-style: italic; padding-left: 40px;'>{$info_details_array['description']}
                                                          <br>(Type: $type_dir  &nbsp; &nbsp; Location: $path)</div>";            
            
          } // if file_exists
        } //if is_dir
      } //foreach dir_files as $file
    } // if we can opendir
  } // foreach theme_dirs as theme_dir
  
  
  
  
  return $rtn;
}


/**
 * Returns the "whitelist" or "allow list" (from system settings) as an array.  If empty, it will return FALSE
 */
function system_get_user_whitelist() {
  $rtn = array();
  
  $list = trim(variable_get('user_whitelist', ''));
  if (!$list) return FALSE;
  
  $lines = explode("\n", $list);
  foreach ($lines as $line) {
    $line = trim($line);
    if ($line == "") continue;
    // If the first char is a # then its a comment, skip it.
    if (substr($line, 0, 1) == '#') continue;
    
    // Otherwise, we can add to our rtn array.
    $rtn[] = $line;
    
    // To make sure we catch all occurances, also force lower-case (for emails)
    $rtn[] = strtolower($line);
    
  } // foreach 
  
  if (count($rtn) == 0) return FALSE;
  
  return $rtn;
  
}



/**
 * This is the "system settings" form.
 */
function system_settings_form() {
  $form = array();
  $m = 0;
  
  $form["mark" . $m++] = array(
    "value" => t("Use this form to alter the various system settings in FlightPath.
                  Before making changes, it is always good policy to first back up your database."),
                  
  );
  
  $form["mark" . $m++] = array(
    "value" => "<p><div style='font-size:0.8em;'>" . t("Your site requires a cron job in order to perform routine tasks.  This
                        is accomplished by having your server access the following URL every so often
                        (like once an hour):") . "<br>&nbsp; &nbsp; <i>" . $GLOBALS["fp_system_settings"]["base_url"] . "/cron.php?t=" . $GLOBALS["fp_system_settings"]["cron_security_token"] . "</i>
                        <br>" . t("Example linux cron command:") . "&nbsp; <i>wget -O - -q -t 1 http://ABOVE_URL</i></div></p>",
  );
  
  
  
  
  $form["maintenance_mode"] = array(
    "label" => t("Set maintenance mode?"),
    "type" => "checkbox",
    "value" => variable_get("maintenance_mode", FALSE),
    "description" => t("If checked, a message will display on every page stating
                        that the system is currently undergoing routine maintenance."),    
  );
  
  $form["disable_login_except_admin"] = array(
    "type" => "select",
    "label" => t("Disable all new logins (except admin user)?"),
    "hide_please_select" => TRUE,
    "options" => array("no" => t("No"), "yes" => t("Yes")),
    "value" => variable_get('disable_login_except_admin', 'no'),
    "description" => t("If set to Yes, then when normal users attempt to log in, they will be
                        sent back to the login page, with a message displayed explaning that
                        logins are disabled.  Admin will still be able to log in.  This 
                        is useful when trying to perform maintenance on FlightPath.  If unsure
                        what to select, select 'No'."), 
  );                                

  
  $form["disable_student_logins"] = array(
    "type" => "select",
    "label" => t("Disable all new student logins?"),
    "hide_please_select" => TRUE,
    "options" => array("no" => t("No"), "yes" => t("Yes")),
    "value" => variable_get('disable_student_logins', 'no'),
    "description" => t("If set to Yes, then when student users (not specified in the whitelist below) attempt to log in, they will be
                        sent back to the login page, with a message displayed explaning that
                        student logins are disabled.  Admin and faculty/staff will still be able to log in.  
                        If unsure what to select, select 'No'."), 
  );                                
  

  $form["user_whitelist"] = array(
    "type" => "textarea",
    "label" => t("Only allow certain users to log in (allow list):"),    
    "value" => variable_get('user_whitelist', ''),
    "description" => t("You may explicitly state which users are allowed to log in to FlightPath at this time.
                        Enter usernames, email addresses, or CWIDs, one per line.  Users who are not part of this \"allow list\"
                        will be returned to the login screen, with a message stating that the system is only allowing
                        certain users to log in at this time.   
                        <br>Note: the admin user
                        will always be able to log in.  To disable, simply erase the contents of
                        this box and save."), 
  );                                

 

  $form['mfa_enabled'] = array(
    'type' => 'select',
    'label' => t("Enable multi-factor authentication?"),
    'options' => array('no' => 'No (default)', 'yes' => 'Yes'),
    'hide_please_select' => TRUE,
    'value' => variable_get("mfa_enabled", "no"),
    'description' => t("If enabled, local users in FlightPath (like admin) will be emailed a validation code upon logging in, if and only if they have
                        an email address saved for their user account.  This will not affect users which use an alternate method of logging in, such
                        as SSO, LDAP, etc.  If unsure what to select, set this value to 'No'."),
  );
  
  

  $form["system_name"] = array(
    "type" => "textfield",
    "label" => t("System Name:"),
    "value" => variable_get("system_name", "FlightPath"),
    "description" => t("This is the name of this software system.  Ex:  FlightPath.  This setting allows you to re-name this
                        system for you school.  You will also need to create new themes, and edit where the name FlightPath
                        is hard-coded in the template files.  This will only change the name FlightPath in user-facing pages, 
                        it will still appear in admin sections.  After changing this value, clear your cache, as several
                        menu items will need to be updated."),
    
  );

  
  $form['system_timezone'] = array(
    'type' => 'select',
    'label' => t('System timezone:'),
    'options' => get_timezones(),
    'value' => variable_get('system_timezone', 'America/Chicago'),
  );


  $form['system_default_student_load_tab'] = array(
    'type' => 'select',
    'label' => t('Default tab to view when loading a new student:'),
    'options' => array('profile' => t('Student Profile'), 'engagements' => t("Engagements"), 'degree' => t('Degree')),
    'value' => variable_get('system_default_student_load_tab', 'profile'),
    'hide_please_select' => TRUE,
    'description' => t("Unless overridden by the user's settings, this is the tab which
                        the user will see when pulling up a new student for advising.
                        <br>If unsure what to select, chose 'Student Profile'."),
  );

  
  // Can we support clean_urls?
  $bool_support_clean = system_check_clean_urls();
  $form["support_clean_urls"] = array(
    "type" => "hidden",
    "value" => ($bool_support_clean) ? "yes" : "no",
  );
  
  if ($bool_support_clean) {
    // Give the option to change ONLY if we can support clean URLs
    $form["clean_urls"] = array(
      "type" => "checkbox",
      "label" => t("Enable 'Clean URLs?'"),
      "value" => variable_get("clean_urls", FALSE),
      "description" => t("Your server supports 'clean URLs', which eliminates 'index.php?q=' from your URLs, making them
                          more readable.  It is recommended you leave this feature enabled.  For more information, see: http://getflightpath.com/node/5."), 
    );
  }
  else {
    // Server does not support clean URLs.
    $form["support_clean_markup"] = array(
      "value" => "<p><b>Clean URLs:</b> This server <u>does not support</u> clean URLs.  If you are using an Apache-compatible server,
                  make sure that your .htaccess file is properly configured.  For more information, see: http://getflightpath.com/node/5.</p>",
                  
    );
  }
  
    
  $form["theme"] = array(
    "type" => "radios",
    "label" => t("Theme:"),
    "options" => system_get_available_themes(),
    "value" => variable_get("theme", "themes/fp_clean"),
    "description" => t("Select the theme you wish to use.  Ex:  Classic (themes/fp_clean)"),
  );
    

  $form['external_css'] = array(
    'type' => 'textfield',
    'label' => t("External/Additional CSS file(s):"),
    'value' => variable_get("external_css", ""),
    "description" => t("Enter the URL to one or more external or internal CSS files (separated by comma).  Be aware
                      that due to the ordering of when your CSS file is loaded, you may need to use the !important keyword on some styles.
                      <br>If using an external source, your URL should begin with https:// and may not contain any queries (ex: ?a=b). 
                      <br>If you are unsure what to enter here, leave it blank."),
  );


  $form['logo_image_url'] = array(
    'type' => 'textfield',
    'label' => t("Logo image URL:"),
    'value' => variable_get("logo_image_url", ""),
    "description" => t("Enter the URL to a logo image.  This is normally the \"FlightPath\" banner image seen in the upper left corner of every page.
                       <br>The image should be in a horizontal layout. Images with a height of at least 70px work best, as that is the height
                            it will be resized to using CSS.                                                   
                      <br>If using an external source, your URL should begin with https:// and may not contain any queries (ex: ?a=b). 
                      <br>If you are unsure what to enter here, leave it blank to use the default logo."),
  );



  $form['public_files_allowed_extensions'] = array(
    'type' => 'textfield',
    'label' => t('Allowed file extensions for public file uploads:'),
    'value' => variable_get("public_files_allowed_extensions", "css, txt, pdf, doc, docx, csv, xls, xlsx, ppt, pptx, rtf, odt, jpg, jpeg, png, gif, zip, 7z"),
    'description' => t('The Content module permits "public" (non-encrypted) files to be uploaded and stored on the web server.
                        Enter the entensions, separated by comma, that you wish to allow.  Do not enter periods before the extension.
                        If you are unsure what to enter, use the
                        following: 
                        <br>css, txt, pdf, doc, docx, csv, xls, xlsx, ppt, pptx, rtf, odt, jpg, jpeg, png, gif, zip, 7z'),
  );




  $form["contact_email_address"] = array(
    "type" => "textfield",
    "label" => t("Contact email address:"),
    "value" => variable_get("contact_email_address", ""),
    "description" => t("Enter the email address to mail when a user accesses the
                        Contact FlightPath Production Team popup.  Leave blank to disable the link to the popup."),
    
  );


  $form["notify_apply_draft_changes_email_address"] = array(
    "type" => "textfield",
    "label" => t("Notify apply draft changes email address:"),
    "value" => variable_get("notify_apply_draft_changes_email_address", ""),
    "description" => t("Enter 1 or more email addresses (separated by comma) to notify when
                draft changes are applied from the admin console.  
                Leave blank to disable."),    
  );

  $form["notify_mysql_error_email_address"] = array(
    "type" => "textfield",
    "label" => t("Notify MySQL error email address:"),
    "value" => variable_get("notify_mysql_error_email_address", ""),
    "description" => t("Enter 1 or more email addresses (separated by comma) to notify when
                a mysql error occurs.  
                Leave blank to disable."),    
  );


  $form["notify_php_error_email_address"] = array(
    "type" => "textfield",
    "label" => t("Notify PHP error email address:"),
    "value" => variable_get("notify_php_error_email_address", ""),
    "description" => t("Enter 1 or more email addresses (separated by comma) to notify of
                PHP warnings or errors.  Leave blank to disable.  Recommendation: disable
                on development, but enable on production.
                <br><b>Note:</b> Messages will be stored in the temporary directory (below) and emailed out
                as a digest every cron run."),
  );


  $form["admin_transfer_passcode"] = array(
    "type" => "textfield",
    "label" => t("Admin Apply Draft password:"),
    "value" => variable_get("admin_transfer_passcode", "changeMe"),
    "description" => t("Enter a password which an admin user must enter
                        in order to apply draft changes to FlightPath.
                        This is an added security measure. Ex: p@ssWord569w"),    
  );
    

  $options = array(
              "90" => t("90 days"),
              "180" => t("180 days"),
              "365" => t("1 year"),
              "548" => t("1.5 years"),
              "730" => t("2 years"),
              "912" => t("2.5 years"),
              "1095" => t("3 years"),
              "1460" => t("4 years"),
              "1825" => t("5 years"),
              "2190" => t("6 years"),
              "2555" => t("7 years"),
              "2920" => t("8 years"),
              "3285" => t("9 years"),
              "3650" => t("10 years"),
              "never" => t("Never - Do not trim log table"),
              );
              
              
  
  $form["max_watchdog_age"] = array(
    "type" => "select",
    "label" => t("Max watchdog (log) entry age:"),
    "hide_please_select" => TRUE,
    "options" => $options,
    "value" => variable_get("max_watchdog_age", "1095"),
    "description" => t("Keep entries in the watchdog log tables until they are this old.
                        Entries older than this will be deleted at every cron run.
                        For example, if you only want to keep log entries for 1 year, then
                        set this to 1 year.
                        <b>Warning:</b> the Stats module uses data in this table to create
                        statistics and reports about use of FlightPath.  Once data is removed from the
                        watchdog table, it cannot be retrieved again.
                        <br>If you are unsure what to put here, select '3 years'."),
  );
  
  $form['max_watchdog_debug_age'] = array(
    "type" => "select",
    "label" => t("Max watchdog (log) DEBUG entry age:"),
    "hide_please_select" => TRUE,
    "options" => array('7' => t('7 days'), '15' => t('15 days'), '30' => t('30 days'), '60' => t('60 days'), '90' => t('90 days'), '180' => t('180 days'), '365' => t('1 year'), 'never' => t("Never - do not remove debug entries from log table")),
    "value" => variable_get("max_watchdog_debug_age", "30"),
    "description" => t("This is similar to the setting above, but this sets how long to keep 'debug' messages in the watchdog (logs).
                        Debug events are generally useful for tracking down issues or problems, and are not used in any official reporting.  Removing them
                        helps reduce the size of the watchdog table.
                        <br>If unsure what to choose, select '1 year'."),    
  );             

  $form['max_watchdog_error_age'] = array(
    "type" => "select",
    "label" => t("Max watchdog (log) ERROR entry age:"),
    "hide_please_select" => TRUE,
    "options" => array('7' => t('7 days'), '15' => t('15 days'), '30' => t('30 days'), '60' => t('60 days'), '90' => t('90 days'), '180' => t('180 days'), '365' => t('1 year'), 'never' => t("Never - do not remove error entries from log table")),
    "value" => variable_get("max_watchdog_error_age", "90"),
    "description" => t("This is similar to the setting above, but this sets how long to keep 'error' messages in the watchdog (logs).
                        Error messages are useful for finding bugs or database issues, but are not used in any official reporting.  Removing them
                        helps reduce the size of the watchdog table.
                        <br>If unsure what to choose, select '1 year'."),
  );             
  
  
    

  $form["admin_degrees_default_allow_dynamic"] = array(
    "type" => "textfield",
    "size" => 5,
    "label" => t("Default 'Allow Dynamic' value for new degrees:"),
    "value" => variable_get("admin_degrees_default_allow_dynamic", "1"),
    "description" => t("When creating a new degree, this is the default value to set for 'Allow Dynamic'.  If set to 1 (the number one), it means
                        the degree is allowed to be dynamic, meaning it can be combined with other 'dynamic' degrees.  If it is set to 0 (zero), it
                        means the degree is not allowed to be combined with anything else.  If you are unsure what to enter here, type 1 (one)."),
  );                
                
        
  $form["degree_classifications_level_1"] = array(
    "label" => t("Degree Classifications - Level 1:"),
    "type" => "textarea",
    "rows" => 3,
    "value" => variable_get("degree_classifications_level_1", "MAJOR ~ Major"),
    "description" => t("Enter the 'level 1' (ie, top level) degree classifications, one per line, in the following format:
                          <br>&nbsp; &nbsp; MACHINE_NAME ~ Title
                          <br> Example:  MAJOR ~ Major
                          <br>These are degrees which might be combined with 
                               another degree, as in a double-major, or selected on their own for graduation.
                               For example, a degree in Computer Science, by itself would be
                               classified as a 'Major' by most universities.  If you are unsure what to enter,
                               use:  MAJOR ~ Major"),                        
  );

  $form["degree_classifications_level_2"] = array(
    "label" => t("Degree Classifications - Level 2:"),
    "type" => "textarea",
    "rows" => 3,
    "value" => variable_get("degree_classifications_level_2", "MINOR ~ Minor"),
    "description" => t("Enter the 'level 2' degree classifications, one per line, in the following format:
                          <br>&nbsp; &nbsp; MACHINE_NAME ~ Title
                          <br> Example:  MINOR ~ Minor
                          <br>These are degrees which might be combined with another degree
                              but are not selected by themselves for graduation.  Most universities
                              would consider this type to be a 'Minor'.  For example, a student
                              might Major in Computer Science, with a Minor in Math.  In this instance,
                              Math would be classified by this level. If you are unsuare what to enter, use:
                              MINOR ~ Minor"),                        
  );
  
  
  $form["degree_classifications_level_3"] = array(
    "label" => t("Degree Classifications - Level 3 (Add-on degrees, attached to other degrees):"),
    "type" => "textarea",
    "rows" => 3,
    "value" => variable_get("degree_classifications_level_3", "CONC ~ Concentration"),
    "description" => t("Enter the 'level 3' degree classifications, one per line, in the following format:
                          <br>&nbsp; &nbsp; MACHINE_NAME ~ Title
                          <br> Example:  CONC ~ Concentration
                          <br>These are degree plans which are only ever 'attached' to other degree plans as an add-on option
                          to the student.
                          For example, Computer Science might have an Option or Track or Concentration in 'Business'.
                          The Business concentration would ONLY be selectable if the student were already majoring in Computer Science,
                          therefor it would fall into this classification.
                          If unsure what to enter here, use: CONC ~ Concentration"),                        
  );        
        
        
  $form["enable_legacy_concentrations"] = array(
    "label" => t("Enable legacy concentrations?"),
    "type" => "checkbox",
    "value" => variable_get("enable_legacy_concentrations", FALSE),
    "description" => t("If checked, FlightPath will treat a degree with a concentration as its own unique major_code, rather
                        than the concentration being treated as a Level-3 degree.  This is how concentrations were handled in FlightPath 4x and
                        before-- as entirely separate degrees.<br><a href='https://getflightpath.com/node/13467' target='_blank'>See this documentation page for more details.</a>
                        Note that enabling this setting can cause extra confusion and data entry when creating degrees.
                        If you are unsure what to do, leave this unchecked."),    
  );
                
        
  
  $form["allowed_student_ranks"] = array(
    "type" => "textfield",
    "label" => t("Allowed student ranks (CSV):"),
    "value" => variable_get("allowed_student_ranks", "FR, SO, JR, SR"),
    "description" => t("This is a list of which student ranks (aka Classifications) are allowed into FlightPath.
                It should be separated by commas.
                This also affects which students you may search for on the Advisees
                tab. Ex: FR, SO, JR, SR"),
  );
  
  $form["rank_descriptions"] = array(
    "type" => "textarea",
    "label" => t("Rank descriptions:"),
    "rows" => 8,
    "value" => variable_get("rank_descriptions", "FR ~ Freshman\nSO ~ Sophomore\nJR ~ Junior\nSR ~ Senior\nPR ~ Professional\nGR ~ Graduate"),
    "description" => t("Enter the rank code (from above) and the description which should appear on screen, in the format:
                        RANK ~ DESC, one per line.
                        <br>Ex:
                        <br>&nbsp; FR ~ Freshman
                        <br>&nbsp; SO ~ Sophomore
                        <br>&nbsp; JR ~ Junior
                        <br>&nbsp; SR ~ Senior"),
  );

  
  $form["not_allowed_student_message"] = array(
    "type" => "textarea",
    "label" => t("Not allowed student message:"),
    "value" => variable_get("not_allowed_student_message", ""),
    "description" => t("When a student is NOT allowed into FlightPath because of their
                rank, this message will be displayed."),    
  );        
        
        
  $form['login_help_cid'] = array(
    'label' => t("Enter the 'Need Help Logging In?' Content ID number:"),
    'type' => 'textfield',
    'size' => 5,
    'value' => variable_get("login_help_cid", "0"),
    'description' => t("Enter the Content ID number of the web page you'd like the visitor to see if they click the 'Need Help Logging In?' link 
                        on the login page.  If you leave this blank, a generic message will be shown.  To customize, visit the Content sectiona and
                        create a new 'Page'.  Once you save, you will see the Content ID number at the end of the URL.  Ex:  flightpath_url/content/543 means
                        that 543 is the Content ID."),
  );      
        
      
  $form['logout_message'] = array(
    'label' => t("Log out message:"),
    'type' => 'textarea',
    'value' => variable_get("logout_message", "You have been logged out of FlightPath."),
    'description' => t("This message displays to the user when they have logged out of FlightPath.  If unsure what to enter, use the following:
                          <br>&nbsp; &nbsp; <i>You have been logged out of FlightPath.</i>
                          <br><b>Note:</b> You may use basic HTML in this field to add bold, italics, or links."),
    
  );      
      
  $form['recalculate_alert_badge_seconds'] = array(
    'label' => t('How often should we recalculate the alert "bell" count?'),
    'type' => 'select',
    'hide_please_select' => TRUE,
    'options' => array( 1 => "1 second (recalculate on every page load)",
                        15 => "15 seconds",
                        30 => "30 seconds (default)",
                        60 => "1 minute",
                        300 => "5 minutes",
                        600 => "10 minutes",
                        1200 => "20 minutes",                        
                      ),
    'value' => variable_get('recalculate_alert_badge_seconds', 30),
    'description' => t('The alert "bell" at the top-right of the screen will display a notification graphic if there is something important for the user to look at.
                        For example, a new email or text message sent by the student.  Please select how often we should check to see
                        if there is anything new.  The alert count will be automatically recalculated when new content is created or deleted.
                        <br>This process may cause delays in page loads. If you notice slow page loads, set this time higher.
                        <br>If unsure, set to <em>30 seconds</em>.'),
  );    
  
    
  $form["delete_flagged_data_from_db"] = array(
    "label" => t("Permanently delete the following from the database once it has been flagged for deletion:"),
    "type" => "checkboxes",
    'options' => array(
                    'advising_sessions' => 'Advising sessions',
                    'advising_comments' => 'Advising comments',
                    'student_substitutions' => 'Student substitutions',
                    'student_unassign_group' => 'Student course movements/unassignments',
                    'student_unassign_transfer_eqv' => 'Student unassignments for transfer course eqvs',
                    'content' => 'Content items (eg, Pages, Appointments, Alerts, etc.)',
                  ),
    "value" => variable_get("delete_flagged_data_from_db", array()),
    "description" => t('Normally, FlightPath <b>does not</b> actually delete certain "deleted" data, like those listed above. Instead, they are 
                          flagged as "deleted" and do not display except in database reports. However, by checking the
                          boxes above, FlightPath will permanently delete such flagged data from the database every so often as part
                          of routine cleanup operations designed to save space. 
                          <br>Note: This would make a complete history of 
                          those actions unrecoverable.
                          <br><b>If you are unsure what to do, leave all boxes unchecked.</b>'),
  );
  
  
  
      
                  
  return $form;
}



/**
 * Extra validate handler for our system settings form.
 */
function system_settings_form_validate($form, &$form_state) {

  // Nothing here at the moment.
  
}


/**
 *  Extra submit handler for the system_settings_form
 * 
 * @param unknown_type $form
 * @param unknown_type $form_state
 */
function system_settings_form_submit($form, &$form_state) {
    
  // Empty for now.

}



/**
 * Implementation of hook_cron
 * 
 * We will perform operations necessary for keep FlightPath's tables in shape.
 *
 */
function system_cron() {
    
  // Should we trim the watchdog table of extra entries?  Only once every so often, not every cron run.
  $last_run = intval(variable_get("system_last_run_trim_watchdog", 0));
  $check_against = strtotime("NOW - 7 DAYS");  // don't run any more often than once every 7 days
  $c = 0;
  if ($check_against > $last_run) {
  
    // Should we "trim" the watchdog table of old entries?
    $max_age_days = variable_get("max_watchdog_age", "1095");
    if ($max_age_days != "never" && ($max_age_days*1) > 0) {
      
      // Okay, let's trim the table.
      $max_timestamp = strtotime("$max_age_days DAYS AGO");
      
      $result = db_query("DELETE FROM watchdog WHERE `timestamp` < ? ", $max_timestamp);
      $rows = db_affected_rows($result);
      if ($rows > 0) {
        watchdog("system", t("@rows old rows (older than @max days) trimmed from watchdog table on system cron run."), array("@rows" => $rows, "@max" => $max_age_days), WATCHDOG_DEBUG);
      }
      
    }
        
    // Should we trim the watchdog table of DEBUG records?
    $max_age_days = intval(variable_get("max_watchdog_debug_age", "30"));
    if ($max_age_days != "never" && ($max_age_days) > 0) {
      
      // Okay, let's trim the table.
      $max_timestamp = strtotime("$max_age_days DAYS AGO");
      
      $result = db_query("DELETE FROM watchdog WHERE `timestamp` < ? AND severity = ? ", $max_timestamp, WATCHDOG_DEBUG);
      $rows = db_affected_rows($result);
      if ($rows > 0) {
        watchdog("system", t("@rows old 'debug' rows (older than @max days) trimmed from watchdog table on system cron run."), array("@rows" => $rows, "@max" => $max_age_days), WATCHDOG_DEBUG);
      }
      
    }


    // Should we trim the watchdog table of ERROR records?
    $max_age_days = intval(variable_get("max_watchdog_error_age", "30"));
    if ($max_age_days != "never" && ($max_age_days) > 0) {
      
      // Okay, let's trim the table.
      $max_timestamp = strtotime("$max_age_days DAYS AGO");
      
      $result = db_query("DELETE FROM watchdog WHERE `timestamp` < ? AND severity = ? ", $max_timestamp, WATCHDOG_ERROR);
      $rows = db_affected_rows($result);
      if ($rows > 0) {
        watchdog("system", t("@rows old 'error' rows (older than @max days) trimmed from watchdog table on system cron run."), array("@rows" => $rows, "@max" => $max_age_days), WATCHDOG_DEBUG);
      }
      
    }



    variable_set("system_last_run_trim_watchdog", time());
        
  } // check against > last_run, so we should do it.
  
  
  
  
  
  // Should we delete from user_attributes any mda_validation_codes which are older than X hours?
  $max_age_hours = 1;      
  // Okay, let's trim the table.
  $max_timestamp = strtotime("NOW - $max_age_hours HOURS"); 
  
  $result = db_query("DELETE FROM user_attributes WHERE `name` = 'mfa_validation_code' AND `updated` < ? ", $max_timestamp);
  $rows = db_affected_rows($result);
  if ($rows > 0) {
    watchdog("system", t("@rows old 'mfa_validation_code' rows (older than @max hours) trimmed from user_attributes table on system cron run."), array("@rows" => $rows, "@max" => $max_age_hours), WATCHDOG_DEBUG);
  }
  
  
  // Should we email someone of php errors?
  $tomail = trim(variable_get("notify_php_error_email_address", ""));    
  if ($tomail != "") {
        
    // We should add this to our "to email" file, which will get emailed to this mail address later on.
    $error_files_dir = fp_get_files_path() . "/private";
    
    // Make sure our log file exists
    if (file_exists($error_files_dir . '/fp_php_errors_to_email_log.txt')) {

      // is there anything for us to email?
      $emsg = file_get_contents($error_files_dir . '/fp_php_errors_to_email_log.txt');    
      if ($emsg && fp_trim($emsg) != "") {
        $hostname = php_uname('n');
        fp_mail($tomail, "PHP Error(s) in FlightPath ($hostname)", $emsg);
        // Make the file blank.
        file_put_contents($error_files_dir . '/fp_php_errors_to_email_log.txt', '');
      }
      
    }    
  }
  
  ////////////
  // Remove expired banned ips, if any exist.
  $ban_expire = variable_get('system_ban_ip_expire', '2 WEEKS');
  if ($ban_expire != 'never') {    
    $ban_ip_file_path = fp_get_files_path() . '/private/banned_ips.txt';
    if (file_exists($ban_ip_file_path)) {
      $max_timestamp = strtotime("NOW - $ban_expire");
      $res = db_query("SELECT * FROM banned_ips WHERE posted_ts < ?", array($max_timestamp));
      while ($cur = db_fetch_object($res)) {
        
        $ip = $cur->ip_address;
        // Erase this ip address from our ban file.
        $c = file_get_contents($ban_ip_file_path);
        $c = str_replace("$ip", '', $c);
        $c = str_replace("  ", '', $c);
        $c = str_replace(" \n", "", $c);
        $c = str_replace("\n\n", "", $c);
        $c = trim($c);
        
        // Write back into our file
        $respc = file_put_contents($ban_ip_file_path, $c);      
        if ($respc === FALSE) {
          watchdog("system", "Unable to write to the ban ip file $ban_ip_file_path. Trying to remove $ip. File permission issue?", array(), WATCHDOG_ERROR);        
        }
        
        // remove from table
        db_query("DELETE FROM banned_ips WHERE ip_address = ?", array($ip));
        
      } // while cur
    } // if file exists
  } // ban_expire != 'never'
  
  
  
  
} // hook_cron



/**
 * Intercepts form submissions from forms built with the form API.
 */
function system_handle_form_submit() {
    
  $callback = $_REQUEST["callback"] ?? '';  
  $form_type = $_REQUEST["form_type"] ?? '';
  
  if (!is_string($callback)) $callback = '';
  if (!is_string($form_type)) $form_type = '';
  
  watchdog('system', "handle_form_submit callback:$callback, form_type:$form_type", array());
    
  $form_include = @$_REQUEST["form_include"];  
  $form_token = @$_REQUEST["form_token"];
  // Make sure the form_token is valid!
  if ($form_token != md5($callback . fp_token())) {
    watchdog('system', "handle_form_submit - Error; invalid form token. Got: $form_token. Expected: " . md5($callback . fp_token()), array(), WATCHDOG_ERROR);
    die(t("Sorry, but you have encountered an error.  A form submission was flagged
          as possibly being an invalid or forged submission.  This may constitute a bug
          in the system.  Please report this error to your Systems Administrator."));
  }
   
  if ($form_include != "") {
    // This is a file we need to include in order to complete the submission process.
    
    // We will also make sure that we only allow certain file extensions to be included.
    $allowed_ext = array(
      "php",
      "inc",
      "class",
      "module",
    );
    
    $temp = explode(".", $form_include);
    $test_ext = trim($temp[count($temp) - 1]);

    if (!in_array($test_ext, $allowed_ext)) {
      watchdog('system', "handle_form_submit - file type $test_ext not allowed to be included in form submission.", array(), WATCHDOG_ERROR);
      fp_add_message(t("Include file type (%ext) not allowed in form submission.  Allowed extensions: .php, .inc, .class, .module.", array("%ext" => $test_ext)), "error");
      fp_goto("<front>");
      return;
    }
    
    // We need to make sure, before we include this file, that it is something only available from within the main FlightPath directory.
    $absolute_path = realpath($form_include);
    $absolute_path = str_replace("\\", "/", $absolute_path);
    
    // In order for us to proceed, the $absolute_path must BEGIN with our base FlightPath installation directory.  
    $file_system_path = $GLOBALS['fp_system_settings']['file_system_path'];     
    
        
    if (substr($absolute_path, 0, strlen($file_system_path)) != $file_system_path) {
      watchdog('system', "handle_form_submit - Include file outside of FlightPath installation directory.
                                  <br>FlightPath directory path: %fsp
                          <br>Include file path: %ap", array("%fsp" => $file_system_path, "%ap" => $absolute_path), WATCHDOG_ERROR);
      fp_add_message(t("Include file in form submission is outside of the FlightPath installation directory.
                          <br>FlightPath directory path: %fsp
                          <br>Include file path: %ap", array("%fsp" => $file_system_path, "%ap" => $absolute_path)), "error");
      fp_goto("<front>");
      return;
    }
        
    
    include_once($form_include);
  }

    
  // We need to make sure the user has permission to submit this form!
  $form_path = $_REQUEST["form_path"];
  // Check the menu router table for whatever the permissions were for this
  // path, if any.
  if ($form_path != "") {
    // For the sake of makeing sure our wildcards get replaced correctly,
    // temporarily set $_REQUEST['q'] to our $form_q.
    $form_q = base64_decode($_REQUEST["form_q_64"]);
    $temp_q = $_REQUEST['q'];
    $_REQUEST['q'] = $form_q;    
    $router_item = menu_get_item($form_path) ;
    if (!menu_check_user_access($router_item)) {      
      // The user does NOT have access to submit this form!  The fact that
      // it has made it this far means this may be some sort of hacking attempt.
      watchdog('system', "handle_form_submit - Insufficient permissions to submit form.", array(), WATCHDOG_ERROR);
      die(t("Sorry, but you have encountered an error.  A form submission was flagged
          as possibly being an invalid or having insufficient permissions to submit.  
          This may constitute a bug in the system.  
          Please report this error to your Systems Administrator."));
      
    }
    // I don't think this is needed, just causes problems! // $_REQUEST['q'] = $temp_q;  // set back to original, just in case.    
  }  
  
  // Let's get our set of allowed values, by looking at the original form,
  // and grab what's in the POST which matches the name.

  $values = array();
  $safe_values = array(); // will be the same as $values, but anything of type password will not be included.
  
  if (function_exists($callback)) {
   
    // Get any params for the callback, or, an empty array.    
    $form_params = @unserialize(base64_decode($_REQUEST['form_params']));
    if (!$form_params) {
      $form_params = array();
    }
    // Actually get the form now.    
    $form = fp_get_form($callback, $form_params);
    foreach ($form as $name => $element) {     

      // Save to our $values array, but we don't care about markup.
      if (@$element["type"] != "" && @$element["type"] != "markup" && @$element["type"] != "markup_no_wrappers") {
        $values[$name] = @$_POST[$name];
        
        // Save to safe_values, too, if this is not a password field.
        if (@$element["type"] != "password") {
          $safe_values[$name] = @$_POST[$name];
        }
        
        
        // If this is a checkbox, and we have any value in the POST, it should
        // be saved as boolean TRUE
        if (isset($element["type"]) && $element["type"] == "checkbox") {
          if (isset($_POST[$name]) && $_POST[$name] === "1") {
            $values[$name] = TRUE;          
          }
          else {
            $values[$name] = FALSE;
          }        
        }
                       
      }
      // Do we need to alter the value from the POST?
      
      // If this element is a cfieldset, it may contain other elements.  We should get
      // those values too.
      if (isset($element["elements"])) {
        foreach ($element["elements"] as $k => $v) {
          foreach ($element["elements"][$k] as $cname => $celement) {
            // Save to our $values array, but we don't care about markup.
            if (@$celement["type"] != "" && @$celement["type"] != "markup" && @$element["type"] != "markup_no_wrappers") {
              $values[$cname] = @$_POST[$cname];
              
              // Save to save_values, too, if this is not a password field.
              if (@$celement["type"] != "password") {
                $safe_values[$cname] = @$_POST[$cname];
              }

              // If this is a checkbox, and we have any value in the POST, it should
              // be saved as boolean TRUE
              if (isset($celement["type"]) && $celement["type"] == "checkbox") {
                if (isset($_POST[$cname]) && $_POST[$cname] === "1") {
                  $values[$cname] = TRUE;          
                }
                else {
                  $values[$cname] = FALSE;
                }        
              }

              
              
            }
          }
        }
      }
      
      

    }
  }  

  // Does the form have any defined submit_handler's?  If not, let's assign it the
  // default of callback_submit().    
  $submit_handlers = $form["#submit_handlers"];
  if (!is_array($submit_handlers)) $submit_handlers = array();
  
  // If the submit_handlers is empty, then add our default submit handler.  We don't
  // want to do this if the user went out of their way to enter a different handler.
  if (count($submit_handlers) == 0) {
    array_push($submit_handlers, $callback . "_submit");
  } 
  
  // Does the form have any defined validate_handler's?  This works exactly like the submit handler.
  $validate_handlers = $form["#validate_handlers"];
  if (!is_array($validate_handlers)) $validate_handlers = array();
  
  if (count($validate_handlers) == 0) {
    array_push($validate_handlers, $callback . "_validate");
  } 
  
  // Let's store our values in the SESSION in case we need them later on.
  // But only if this is NOT a system_settings form!
  if ($form_type != "system_settings") {
    
    // Do not store any "password" field, for security, so it isn't stored
    // in the server's session file in plain text.
    // For this reason we will use the $safe_values array we created earlier.    
    
    $_SESSION["fp_form_submissions"][$callback]["values"] = $safe_values;
  }

  $form_state = array("values" => $values, "POST" => $_POST);

  // Let's pass this through our default form validator (mainly to check for required fields
  // which do not have values entered)
  form_basic_validate($form, $form_state);  
 
  if (!form_has_errors()) {
    // Let's now pass it through all of our custom validators, if there are any.
    foreach ($validate_handlers as $validate_callback) {         
      if (function_exists($validate_callback)) {
        
        call_user_func_array($validate_callback, array(&$form, &$form_state));
        
        // Should we stop checking the other validator functions?
        if (isset($GLOBALS['form_error_stop_further_validators']) && $GLOBALS['form_error_stop_further_validators'] === TRUE) {
          unset($GLOBALS['form_error_stop_further_validators']);
          break;
        }
        
      }
    }
  }

  if (!form_has_errors()) {
    // No errors from the validate, so let's continue.
 
    // Is this a "system settings" form, or a normal form?
    if ($form_type == "system_settings") {
      // This is system settings, so let's save all of our values to the variables table.
      // Write our values array to our variable table.
      foreach ($form_state["values"] as $name => $val) {
        variable_set($name, $val);
      }
      
      fp_add_message(t("Settings saved successfully."));      
      
    }

    // Let's go through the form's submit handlers now.
    foreach ($submit_handlers as $submit_callback) {                
      if (function_exists($submit_callback)) {
        
        call_user_func_array($submit_callback, array(&$form, &$form_state));
        
      }    
    }


    
  }
   
  // Figure out where we are supposed to redirect the user.
  $redirect_path = $redirect_query = "";

  if (!form_has_errors() && isset($form["#redirect"]) && is_array($form["#redirect"])) { 
    $redirect_path = $form["#redirect"]["path"];
    $redirect_query = (string) @$form["#redirect"]["query"];    
  }
  else {
    $redirect_path = @$_REQUEST["default_redirect_path"];
    $redirect_query = (string) @$_REQUEST["default_redirect_query"];

    
    // To help prevent directory traversal attacks, the redirect_path cannot contain periods (.) and semi-colons, and other trouble characters
    $redirect_path = str_replace(".", "", $redirect_path);
    $redirect_path = str_replace(";", "", $redirect_path);
    $redirect_path = str_replace("'", "", $redirect_path);
    $redirect_path = str_replace('"', "", $redirect_path);
    $redirect_path = str_replace(' ', "", $redirect_path);
        
    
  }
  
  // Was scroll_top set?  Meaning, are we meant to scroll to a specific position when the page loads?
  if (isset($_REQUEST["scroll_top"])) {
    $scroll_top = @floatval($_REQUEST["scroll_top"]);
    if ($scroll_top > 0) {
      if ($redirect_query != "") $redirect_query .= "&";  // not blank?  Add this as another property with &.  
      $redirect_query .= "scroll_top=" . $scroll_top;    
    }
  }
  // If there is a Batch process we need to do, do it here instead of the fp_goto.
  if (isset($_SESSION["fp_batch_id"]) && function_exists("batch_menu")) {
    $batch_id = $_SESSION["fp_batch_id"];
    unset($_SESSION["fp_batch_id"]);
    batch_start_batch_from_form_submit($batch_id, $redirect_path, $redirect_query);
    return;
  }
  else if (isset($_SESSION["fp_batch_id"]) && !function_exists("batch_menu")) {
    // We requested a batch action, but the batch module is not installed.
    watchdog('system', "handle_form_submit - Batch process attempted, but batch module not enabled", array(), WATCHDOG_ERROR);
    fp_add_message(t("A batch process was attempted, but it appears that the Batch module is not enabled.  Please contact your FlightPath administrator."), "error");
    unset($_SESSION["fp_batch_id"]);
  }
  
  // Okay, go back to where we were!  
  fp_goto($redirect_path, $redirect_query);
   
}


function system_handle_logout() {
  global $user;
  
  $user_name = $user->name;
  $uid = $user->id;
  
  // Finish up logging out. 
      
  // In an effort to mimimize a bug in Safari, we will
  // overwrite the SESSION variables, then perform a few other operations,
  // to make sure they are well and truly destroyed.
  foreach ($_SESSION as $key => $val) {
    $_SESSION[$key] = "x";
  }
  foreach ($_SESSION as $key => $val) {
    $_SESSION[$key] = FALSE;
  }      
  $_SESSION = array();
  if (isset($_COOKIE[session_name()]))  // remove cookie by setting it to expire, if it's there.
  {
     $cookie_expires  = time() - 3600;
     setcookie(session_name(), "", $cookie_expires, '/');
  }  
  
  // unset cookies  from https://stackoverflow.com/questions/2310558/how-to-delete-all-cookies-of-my-website-in-php
  // We won't use $_COOKIE for this, as we might get an array for the $val, if the cookie was set using array notation.  This
  // code snippit should fix that.
  if (isset($_SERVER['HTTP_COOKIE'])) {
      $cookies = explode(';', $_SERVER['HTTP_COOKIE']);
      foreach($cookies as $cookie) {
          $parts = explode('=', $cookie);
          $name = trim($parts[0]);
          // Only do this for non-mfa related cookies.
          if (!str_starts_with($name, "flightpath_mfa_remember")) {
            setcookie($name, '', time() - 3600);
            setcookie($name, '', time() - 3600, '/');
          }
      }
  }  
  
  
    
  // I know this is repetitive, but I want to make ABSOLUTELY SURE
  // I am removing the session by removing it, creating a new one, then killing that one too.
  session_destroy();
  session_commit();
  session_start();
  session_destroy();
  session_commit();    


  // Check for hook_user_logout
  $modules = modules_implement_hook("user_logout");
  foreach($modules as $module) {
    call_user_func($module . '_user_logout');
  }
  
  
  watchdog("logout", "@user has logged out", array("@user" => "$user_name ($uid)"));
  
  fp_goto("<front>", "logout=true");
  
}

/**
 * This function will clear our various caches by calling
 * on the hook_clear_cache in each module.
 */
function system_perform_clear_cache() {
    
  fp_clear_cache();
  
  fp_goto("admin-tools");
  
}


/**
 * Called from menu, will run hook_cron() for all modules.
 */
function system_perform_run_cron() {
    
  // Keep the script from timing out prematurely...
  set_time_limit(99999);  // around 27 hours.
  
  watchdog("cron", "Cron run started", array(), WATCHDOG_DEBUG);
  invoke_hook("cron");
  watchdog("cron", "Cron run completed", array(), WATCHDOG_DEBUG);
  variable_set("cron_last_run", time());  
  
  fp_add_message(t("Cron run completed successfully."));
  fp_goto("admin-tools/admin");
}

/**
 * This page displayes the results of each module's hook_status.
 * 
 */
function system_display_status_page() {
  $rtn = "";
  
  $pol = "";
  
  fp_add_css(fp_get_module_path("system") . "/css/style.css");
  
  $status_array = invoke_hook("status");  // get everyone's hook_status.
  
  
  
  
  $rtn .= "<p>" . t("This page will show you important status messages
                     about FlightPath.  For example, what modules (if any) have
                     an update available.") . "</p>";
  
  
  
  $rtn .= "<table width='100%' border='1' class='status-table' cellpadding='4'>
            <tr class='header-row'>
              <th width='10%' class='package-header'>" . t("Package/Module") . "</th>
              <th>" . t("Status") . "</th>
            </tr>
            
            <tr class='status-row'>
              <td>" . t("PHP") . "</td>
              <td>" . t("Version:") . ' ' . phpversion() . "</td>
            </tr>
            
            "; 
  foreach ($status_array as $module => $details) {
    $pol = ($pol == "even") ? "odd" : "even";
    
    if (@$details["severity"] == "") $details["severity"] = "normal";
    
    $rtn .= "<tr class='status-row status-row-$pol'>
              <td valign='top' class='module-name'>$module</td>
              <td valign='top' class='module-status module-status-" . $details["severity"] . "'>
              " . $details["status"] . "
              </td>
    
           </tr>";
  }
                  
  $rtn .= "</table>";
    
  
  
  return $rtn;
}


/**
 * Implementation of hook_status
 * Expected return is array(
 *                          "severity" => "normal" or "warning" or "alert",
 *                          "status" => "A message to display to the user.",
 *                    );
 */
function system_status() {
  $rtn = array();
  $rtn["severity"] = "normal";
  $rtn["status"] = "";
  // Check on the last time cron was run; make sure it's working properly.
  $last_run = convert_time(variable_get("cron_last_run", 0));
  
  // Report on current details about FlightPath.
  $fpversion = FLIGHTPATH_VERSION;
  if ($fpversion == "%FP_VERSION%") {
    // This means you are using a version not downloaded from getflightpath.com.  Probably directly from a git repository.
    $fpversion = "GitRepo";    
  }
  $rtn["status"] .= "<p>" . t("FlightPath version:") . " " . FLIGHTPATH_CORE . "-" . $fpversion . "</p>";
  
  if ($last_run < strtotime("-2 DAY")) {
    $rtn["severity"] = "alert";
    $rtn["status"] .= t("Cron hasn't run in over 2 days.  For your installation of FlightPath
               to function properly, cron.php must be accessed routinely. At least once per day is recommended.  
               Set for more frequently if making use of text messaging, emails, or notifications in FlightPath.  
               For example, every 10 minutes.");    
  }
  else {
    $rtn["status"] .= t("Cron was last run on %date", array("%date" => format_date($last_run)));
  } 
  
  $cron_url = $GLOBALS["fp_system_settings"]["base_url"] . "/cron.php?t=" . $GLOBALS["fp_system_settings"]["cron_security_token"];
  
  $rtn["status"] .= "<p style='font-size: 0.8em;'>" . t("Your site's cron URL is:");
  $rtn["status"] .= "&nbsp; <i>" . $cron_url . "</i>
                        <br>" . t("Ex linux cron command (every 10 min):") . "&nbsp; <i style='background-color: beige;'>*/10 * * * * wget -O - -q -t 1 $cron_url</i>";  
  $rtn["status"] .= "</p>";
  
  
  return $rtn;
  
}



/**
 * Implements hook_clear_cache
 * Take care of clearing caches managed by this module
 */
function system_clear_cache() {
  
  unset($_SESSION["fp_form_submissions"]);
  unset($_SESSION["fp_db_host"]);
  unset($_SESSION["fp_draft_mode"]);
  unset($_SESSION["fp_simple_degree_plan_cache_for_student"]);
  unset($_SESSION['fp_alert_count_by_type']);
  unset($_SESSION['fp_alert_count_by_type_last_check']);
  
  if (function_exists('apcu_fetch')) {
    apcu_clear_cache();
  }
  
  menu_rebuild_cache();

  system_rebuild_css_js_query_string();
}


/**
 * This function will recreate the dummy query string we add to the end of css and js files.
 *
 */
function system_rebuild_css_js_query_string() {
  
  // A dummy query string gets added to the URLs for css and javascript files,
  // to give us control over browser caching.  When this value changes (cause we
  // cleared the cache, updated a module, etc) it tells the browser to get a new
  // copy of our css and js files.  
  
  // This idea, like many other ideas in FlightPath, was borrowed from Drupal.
  
  // The timestamp is converted to base 36 in order to make it more compact.
  // This gives us a random-looking string of 6 numbers and letters.
  variable_set('css_js_query_string', base_convert(time(), 10, 36));

   
}



/**
 * Clears only the menu cache
 */
function system_perform_clear_menu_cache() {
  menu_rebuild_cache();
  fp_goto("admin-tools/admin");
}



/**
 * Display the "login" page.  This is the default page displayed
 * to the user, at /login, if they have not logged in yet.
 *
 * This page is meant to be displayed in conjunction with blocks, so the user can
 * easily define their own messages and such.
 * 
 * @return unknown
 */
function system_display_login_page() {
  $rtn = "";
  
    
  
  fp_add_css(fp_get_module_path("system") . "/css/style.css");  

  
  $login_form = fp_render_form("system_login_form");
  
  
  
  $rtn .= "<noscript>
            <div style='padding: 5px; background-color: red; color: white; font-size: 12pt; font-weight: bold;'>
            " . t("@FlightPath requires JavaScript to be enabled in order to
            function correctly.  Please enable JavaScript on your browser
            before continuing.", array("@FlightPath" => variable_get("system_name", "FlightPath"))) . "</div>
          </noscript>";
  
    
  
  $rtn .= "<div class='login-content-div'>";
  
  $rtn .= "        
     <div class='left-side-content'>
      $login_form
     </div>";

      
  $rtn .= "</div>";
   
  
  
  return $rtn;
}





function system_mfa_login_form() {
  
  $form = array();
      
  $db_row = $_SESSION['mfa__form_state_db_row'];
    
  $email = $db_row['email'];
  $obf_email = substr($email, 0, 5) . str_repeat("*",  strlen($email) - 5);
  
  $form['mark_top_msg'] = array(
    'value' => "<strong>" . t("A message has been sent to your email address (%obfemail) with a code to continue.  Please enter the code below.", array("%obfemail" => $obf_email)) . "</strong>
                  <p>" . t("Check your Spam or Bulk Mail folder if you do not receive the email within 5 minutes.") . "</p>
                  <p>" . t("To recreate and resend the validation code, simply return to the login page and try again.") . "</p> 
                  <hr>",
    'weight' => 10,
  );

  $form['mfa_code'] = array(
    'type' => 'textfield',
    'label' => t("Code:"),
    'weight' => 20,
    'required' => TRUE,
  );  
  
  $form['mfa_remember'] = array(
    'type' => 'checkbox',
    'label' => t("Do not ask again for this browser/device for 30 days?"),
    'weight' => 30,    
  );
  
  $form['submit_btn'] = array(
    'type' => 'submit',
    'value' => t("Submit"),
    'spinner' => TRUE,
    'weight' => 200,
  );
  
  
  return $form;
  
} // system_mfa_login_form


function system_mfa_login_form_validate($form, $form_state) {
    
  $db_row = $_SESSION['mfa__form_state_db_row'];    
  
  $user_id = $db_row['user_id'];
  
  // Validate the code.
  $db_code = user_get_attribute($user_id, "mfa_validation_code", FALSE);
  
    
  if (intval($form_state['values']['mfa_code']) !== intval($db_code)) {
    form_error('mfa_code', t("Sorry, but the code you entered is not the same that was sent to your address.  Try again.  If you are unable to log in, have a systems
                              administrator reset your password."));
    return;
  }
  
  
    
} // mfa_login_form_validate


function system_mfa_login_form_submit($form, $form_state) {
  // If we made it here, the user is allowed to log in.
  
  $db_row = $_SESSION['mfa__form_state_db_row'];    
  
  $user_id = $db_row['user_id'];  
  
  $mfa_remember = intval($form_state['values']['mfa_remember']);
  // If we should remember for 30 days, then set cookie.
  if ($mfa_remember == TRUE) {
    setcookie("flightpath_mfa_remember__" . $user_id, "yes", strtotime("NOW + 30 DAYS"));
  }
  else {
    // Clear the cookie
    setcookie("flightpath_mfa_remember__" . $user_id, "no", 1);
  }
  
  
  // Actually log in the user.
  $account = system_perform_user_login($user_id);    
  
  // Watchdog
  watchdog("mfa-login", "@user has logged in via mfa. CWID: @cwid", array("@user" => "$account->name ($account->id)", "@cwid" => $account->cwid));
  
  fp_goto("<front>");  
  
  
} // .. submit




/**
 * This draws the form which facilitates logins.
 */
function system_login_form() {
  $form = array();
  
  fp_set_title("");
  
  $bool_clear_cookies = FALSE;
  
  // If we are coming from having just logged out, display a message.
  if (isset($_REQUEST["logout"]) && $_REQUEST["logout"] == "true") {    
    $x = variable_get("logout_message", "You have been logged out of FlightPath.");    
    fp_add_message(filter_markup($x));
  }
  
  // Are we here because the user was not found in the whitelist?
  if (isset($_REQUEST['wlist']) && $_REQUEST['wlist'] == 'notfound') {
    fp_add_message(t("Sorry, but only certain users are allowed access at this time.  If you believe you need access, please contact your system administrator."), 'error', TRUE);
  }
  
  // Are we here because the user was not found at all?
  if (isset($_REQUEST['user']) && $_REQUEST['user'] == 'notfound') {
    fp_add_message(t("Sorry, but the user you specified could not be found in FlightPath's database.  If you believe you need access, please contact your system administrator."), 'error', TRUE);
  }

  // Are we here because only the admin user is allowed in?
  if (isset($_REQUEST['user']) && $_REQUEST['user'] == 'adminonly') {
    fp_add_message(t("Sorry, but logins are disabled at this time while maintenance is being performed.  Please try again later."), 'error', TRUE);
  }


  // Are we here because only the user's rank is not allowed?
  if (isset($_REQUEST['user']) && $_REQUEST['user'] == 'rank') {
    
    $allowed_ranks_str = variable_get("allowed_student_ranks", "FR, SO, JR, SR");
    fp_add_message(t("Sorry, your rank/classification is not allowed.  At this time this system is only available to students
                                  in the following ranks/classifications: @ranks_str", array("@ranks_str" => $allowed_ranks_str)), 'error', TRUE);
  }

  
  // Are we here because the user was not found in the whitelist?
  if (isset($_REQUEST['user']) && $_REQUEST['user'] == 'disabled') {
    fp_add_message(t("Sorry, but the user you specified has been marked as disabled.  If you believe you need access, please contact your system administrator."), 'error', TRUE);
  }

  // Are we here because the user is trying to do a zoom installation from the marketplace?
  if (module_enabled('zoomapi') && isset($_REQUEST['zoom_install']) && $_REQUEST['zoom_install'] == 'marketplace') {
    fp_add_message(t("To install FlightPath Academics to your Zoom account (which allows for automatic meeting requests through appointments), please
                      sign in below."));
    fp_add_message(t("You may be asked to sign into your Zoom account and authorize FlightPath.<br>You will be returned to FlightPath afterwards."));
    $form['zoom_install'] = array(
      'type' => 'hidden',
      'value' => 'marketplace',
    );
  }
    
  
  $form["user"] = array(
    "label" => t("User:"),
    "type" => "textfield",
    "size" => 30,
    "required" => TRUE,
    "description" => t("Enter your user name or email address."),
  );
  
  $form["password"] = array(
    "label" => t("Password:"),
    "type" => "password",
    "size" => 30,
    "required" => TRUE,
  );
  
  $form["submit"] = array(
    "type" => "submit",
    "value" => t("Log in"),
    "suffix" => "<div id='login-form-forgot-password'>" . l(t("Need help logging in?"), 'login-help') ."</div>",
    
  );
    
  $form["#attributes"] = array("onSubmit" => "showUpdate(true);");    
    
  
  return $form;
}


/**
 * Validate function for the login form.
 * This is where we will do all of the lookups to verify username
 * and password.  If you want to write your own login handler (like for LDAP)
 * this is the function you would duplicate in a custom module, then use hook_form_alter
 * to make your function be the validator, not this one.
 * 
 * We will simply verify the password, then let the submit handler take over from there.
 */
function system_login_form_validate($form, &$form_state) {
  $user = trim($form_state["values"]["user"]);
  
  // If the $user is an email address, then find out the user it actually belongs to.
  if (filter_var($user, FILTER_VALIDATE_EMAIL)) {  
    // This appears to be the user's email address.  Convert to their username
    // instead.
    
    // Force email addresses to be lowercase.
    
    $test = db_result(db_query("SELECT user_name FROM users WHERE email = ?", array(strtolower($user))));
    if ($test) {
      $user = $test;
      $form_state["values"]["user"] = $test;
    }
  }
  
  
  $password = $form_state["values"]["password"];
  
  // If the GRANT_FULL_ACCESS is turned on, skip trying to validate
  if ($GLOBALS["fp_system_settings"]["GRANT_FULL_ACCESS"] == TRUE) {
    $form_state["passed_authentication"] = TRUE;
    $form_state["db_row"]["user_id"] = 1;
    $form_state["db_row"]["user_name"] = "FULL ACCESS USER";
    
    return;
  }  

  // Otherwise, check the table normally.  
 
  /*
  
  $res = db_query("SELECT * FROM users WHERE user_name = '?' AND password = '?' AND is_disabled = '0' ", $user, md5($password));
  if (db_num_rows($res) == 0) {
    form_error("password", t("Sorry, but that username and password combination could not
                            be found.  Please check your spelling and try again."));
    return;    
  }
  */
  
  
  $res = db_query("SELECT * FROM users WHERE user_name = ? AND is_disabled = '0' ", $user);   
  $cur = db_fetch_array($res);
  
  // Check the user's password is valid.
  $stored_hash = @$cur["password"];
  if (!user_check_password($password, $stored_hash)) {
    watchdog("login", "@user has not logged in.  Username/password could not be verified.  Incorrect password?", array("@user" => $user), WATCHDOG_ALERT);
    form_error("password", t("Sorry, but that username and password combination could not
                            be found.  Please check your spelling and try again."));
    return;    
  }  
  
  
  // Have we disabled all logins except for "admin" (user id = 1)?
  if (intval($cur['user_id']) !== 1 && variable_get('disable_login_except_admin', 'no') == 'yes') {
    watchdog("login", "@user has not logged in.  All logins except admin are disabled.", array("@user" => $user), WATCHDOG_ALERT);    
    fp_goto("disable-login");    
    return;
  }
  
  
  // If this is a student, does this student have an accepted "allowed rank" (ie, FR, SO, JR, etc)?
  $allowed_ranks_str = variable_get("allowed_student_ranks", "FR, SO, JR, SR");
  $allowed_ranks = csv_to_array($allowed_ranks_str);
  if (intval($cur['is_student']) === 1) {
    $rank_code = db_result(db_query("SELECT rank_code FROM students WHERE cwid = ?", array($cur['cwid'])));
    if (!in_array($rank_code, $allowed_ranks)) {
      
      form_error("password", t("Sorry, your rank/classification is %rc.  At this time FlightPath is only available to students
                                in the following ranks/classifications: @ranks_str", array("%rc" => $rank_code, "@ranks_str" => $allowed_ranks_str)));
      watchdog("login", "@user has not logged in.  User rank/classification is %rc.  At this time FlightPath is only available to students
                                in the following ranks/classifications: @ranks_str", array("@user" => $user, "%rc" => $rank_code, "@ranks_str" => $allowed_ranks_str), WATCHDOG_ALERT);                                
      return;    
      
    }
  }


  // Do we have a "whitelist" and is this user part of it?  Note: ignore if we are admin.
  $bool_pass_whitelist_test = FALSE;
  $list = system_get_user_whitelist();
  if (intval($cur['user_id']) !== 1 && $list) {   
    if (!in_array($cur['user_name'], $list) && !in_array($cur['cwid'], $list) && ($cur['email'] != '' && !in_array($cur['email'], $list))) {
      form_error("password", t("Sorry, but only certain users are allowed access at this time.  If you believe you need access, please contact your system administrator."));
      watchdog("login", "@user has not logged in.  Only certain users allowed at this time.", array("@user" => $user), WATCHDOG_ALERT);
      return; 
    }
    else {
      // user is listed in the whitelist.
      $bool_pass_whitelist_test = TRUE;
    }  
  }
  else {
    // There was no whitelist.
    $bool_pass_whitelist_test = TRUE;
  }

  
  // Have we disabled all student logins AND this student was not in the whitelist?
  if (intval($cur['is_student']) == 1 && variable_get('disable_student_logins', 'no') == 'yes') {
    if ($list && $bool_pass_whitelist_test == FALSE || !$list) {
      // There was a whitelist and we didn't pass, OR, there was no whitelist.      
      watchdog("login", "@user has not logged in.  Student logins are disabled.", array("@user" => $user), WATCHDOG_ALERT);
      fp_goto("disable-student-login");    
      return;    
    }
  }
 
    
  
  // otherwise, we know it must be correct.  Continue.  
  $form_state["db_row"] = $cur;

  
  // If we made it here, then the user successfully authenticated.
  $form_state["passed_authentication"] = TRUE;

  // It will now proceed to the submit handler.  
}


/**
 * Submit handler for login form.
 * If we are here, it probably means we have indeed authenticated.  Just in case, we will
 * test the form_state["passed_authentication"] value, which we expect to have been
 * set in our validate handler.
 * 
 * We will now proceed to actually log the user into the system.
 * 
 */
function system_login_form_submit($form, &$form_state) {
  $user = $form_state["values"]["user"];
  $password = $form_state["values"]["password"];
  $passed = $form_state["passed_authentication"];
  
  // Special case (if we have the zoomapi module enabled).  This
  // lets us tell if we are trying to install zoom from the marketplace.
  $zoom_install = @$form_state['values']['zoom_install'];
  // Used later when we do a fp_goto.
    
  
  $db_row = $form_state["db_row"];
  
  $user_id = $db_row['user_id'];
  $email = trim($db_row['email']);
  
  
  
  
  if (!$passed) {
    fp_add_message(t("Sorry, there has been an error while trying to authenticate the user."));
    watchdog("login", "@user has not logged in.  Error while trying to authenticate.  Wrong password?", array("@user" => $user), WATCHDOG_ALERT);
    return;
  }

  // if we have MFA turned on AND the user has an email address saved, then we should redirect the user now to the MFA form.
  // Also check to see if we have "mfa_remember" cookie set, and is it not expired.
  $mfa_enabled = variable_get("mfa_enabled", "no"); 
  if ($email && $mfa_enabled === "yes" && (!isset($_COOKIE['flightpath_mfa_remember__' . $user_id]) || $_COOKIE['flightpath_mfa_remember__' . $user_id] !== 'yes')) {
    // Craft the query so we can use it.
    $_SESSION['mfa__form_state_db_row'] = $db_row;
    
    
    // Create validation code
    $mfa_code = mt_rand(100000, 999999);
    
    user_set_attribute($user_id, "mfa_validation_code", $mfa_code);
    
    $system_name = variable_get('system_name', 'FlightPath');
            
    // Send validation code to email.    
    notify_by_mail($email, "$system_name - Validation Code", t("Your multi-factor validation code is: <strong>@code</strong>
                                                              \n\n<br><br>This code will remain valid for approximately one hour.", array("@code" => $mfa_code)));
        
    fp_goto("mfa-login");  
    return;
  }  
    
  
  // Actually log in the user.
  $account = system_perform_user_login($db_row['user_id']);    
  
  // Watchdog
  watchdog("login", "@user has logged in. CWID: @cwid", array("@user" => "$account->name ($account->id)", "@cwid" => $account->cwid));
  
  if ($zoom_install == 'marketplace' && module_enabled('zoomapi')) {
    fp_goto(zoomapi_get_zoom_install_url($account->id, FALSE, TRUE));
    die();
  }
  
  
  fp_goto("<front>");
  
}


/**
 * Actually performs the logging in of a user with user_id.
 */
function system_perform_user_login($user_id) {
  
  $_SESSION["fp_logged_in"] = TRUE;
      
    
  // Set up a new $account object.
  $account = new stdClass();
  
  $account = fp_load_user($user_id);

  // Set the $account to the SESSION.
  $_SESSION["fp_user_object"] = $account;
  
  
  db_query("UPDATE users SET last_login = ? WHERE user_id = ?", array(time(), $user_id));
  
  return $account;
  
}




/**
 * Formerly part of the FlightPath class, this function will read in or reload the course inventory into a
 * file, which then goes into the SESSION to make it faster to access.
 */
function system_reload_and_cache_course_inventory() {
  
  // Load from file.  If not there, or if we cannot unserialize, then we will rebuild cache and save new file.
  if (file_exists(fp_get_files_path() . "/cache_data/courses_serialized.info")) {
    if ($_SESSION["fp_cache_course_inventory"] = file_get_contents(fp_get_files_path() . "/cache_data/courses_serialized.info"))
    {
      if ($GLOBALS["fp_course_inventory"] = unserialize($_SESSION["fp_cache_course_inventory"])) {
        $last_generated = intval(variable_get('cache_course_inventory_last_generated', 0));
        $_SESSION['fp_cache_course_inventory_last_generated'] = $last_generated;
        //fpm('reloading from file');
        return;
      }
    }
  }    
      
  $array_valid_names_by_course = array();
  
  //fpm('rebuilding course cache');
  
  $GLOBALS["cache_course_inventory"] = FALSE;
      
  //fpm("LIMIT $limit_start, $limit_size");
  
  // To save memory, we're only going to keep a certain number of catalog years in the cache, and even then, only up to a max number of rows. 
  
  $start_year = intval(date('Y', strtotime('NOW + 1 YEAR'))); // start with one year into the future.
  $end_year = intval(date('Y', strtotime('NOW - 10 YEARS'))); // end with 10 years into the past
  
  $in_years = "";
  for ($t = $end_year; $t <= $start_year; $t++) {
    $in_years .= $t . ",";
  }
  $in_years .= "1900";  // add in the 1900 year as well.
  
  // For speed and accuracy, ignore the "excluded" courses.
  $result = db_query("SELECT * FROM courses
                      WHERE delete_flag = 0
                      AND catalog_year IN ($in_years)
                      AND exclude = 0
                      ORDER BY catalog_year DESC
                      LIMIT 50000"); 

    while($cur = db_fetch_array($result))
    {
      $course_id = $cur["course_id"];

      //$this->db->load_course_descriptive_data(null, $course_id);
      
      $title = $cur["title"];
      $description = trim($cur["description"]);
      $subject_id = trim(strtoupper($cur["subject_id"]));
      $course_num = trim(strtoupper($cur["course_num"]));
      $cache_catalog_year = $cur['catalog_year'];
      
      $min_hours = $cur["min_hours"];
      $max_hours = $cur["max_hours"];
      $repeat_hours = $cur["repeat_hours"];
      if ($repeat_hours*1 == 0)
      {
        $repeat_hours = $max_hours;
      }


      $db_exclude = $cur["exclude"];
      $db_school_id = $cur['school_id'];
      $data_entry_comment = $cur["data_entry_comment"];

      // Now, lets get a list of all the valid names for this course.
      // In other words, all the non-excluded names.  For most
      // courses, this will just be one name.  But for cross-listed
      // courses, this will be 2 or more (probably just 2 though).
      // Example: MATH 373 and CSCI 373 are both valid names for that course.
      
      if (!isset($array_valid_names_by_course[$course_id])) {
      
        $array_valid_names = array();
        $res2 = db_query("SELECT * FROM courses
                      WHERE course_id = ?                        
                      AND delete_flag = 0 ", $course_id);
        while($cur2 = db_fetch_array($res2))
        {
          $si = $cur2["subject_id"];
          $cn = $cur2["course_num"];
          if (in_array("$si~$cn", $array_valid_names))
          {
            continue;
          }
          $array_valid_names[] = "$si~$cn";
        }      
        $array_valid_names_by_course[$course_id] = $array_valid_names;
      }
    
      $array_valid_names = $array_valid_names_by_course[$course_id];
    
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["subject_id"] = $subject_id;
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["course_num"] = $course_num;
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["title"] = $title;
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["description"] = $description;
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["min_hours"] = $min_hours;
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["max_hours"] = $max_hours;
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["repeat_hours"] = $repeat_hours;
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["db_exclude"] = $db_exclude;
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["school_id"] = $db_school_id;
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["array_valid_names"] = $array_valid_names;
  
      $cache_catalog_year = 0;
  
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["subject_id"] = $subject_id;
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["course_num"] = $course_num;
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["title"] = $title;
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["description"] = $description;
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["min_hours"] = $min_hours;
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["max_hours"] = $max_hours;
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["repeat_hours"] = $repeat_hours;
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["db_exclude"] = $db_exclude;
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["school_id"] = $db_school_id;
      $GLOBALS["fp_course_inventory"][$course_id][$cache_catalog_year]["array_valid_names"] = $array_valid_names;        
    
      $GLOBALS["cache_course_inventory"] = TRUE; 
  } // while cur

  // Should we re-cache the course inventory?  If there have been any changes
  // to it, then we will see that in a GLOBALS variable...
  $_SESSION["fp_cache_course_inventory"] = "";
  if ($GLOBALS["cache_course_inventory"] === TRUE)
  {      
    $_SESSION["fp_cache_course_inventory"] = serialize($GLOBALS["fp_course_inventory"]);
  }

  // Save to file.
  if (!is_dir(fp_get_files_path() . "/cache_data")) {
    $x = mkdir(fp_get_files_path() . "/cache_data");
    if (!$x) {
      fpm("Cannot create cache_data directory under custom/files.  Permission error?");
      watchdog("system", "Cannot create cache_data directory under custom/files.  Permission error?", array(), WATCHDOG_ERROR);
    }
  }
  
  // It is named .info because in our htaccess, it already says that file extension cannot be downloaded.
  $x = file_put_contents(fp_get_files_path() . "/cache_data/courses_serialized.info", $_SESSION["fp_cache_course_inventory"]);    
  if ($x === FALSE) {
    fpm("Cannot create cache_data/courses_serialized.info under custom/files.  Permission error?");
    watchdog("system", "Cannot create cache_data/courses_serialized.info under custom/files.  Permission error?", array(), WATCHDOG_ERROR);
  }    
  
  // We also want to add in a custom .htaccess file, for security.
  file_put_contents(fp_get_files_path() . "/cache_data/.htaccess", system_get_private_htaccess());
  
  // Also put in when we LAST performed this operation in a variable for reading later on.
  $last_generated = time();
  $_SESSION['fp_cache_course_inventory_last_generated'] = $last_generated;
  variable_set('cache_course_inventory_last_generated', $last_generated);      
  
  
} // system_reload_and_cache_course_inventory



/**
 * Should the course inventory get reloaded from file?  If so, return TRUE.
 */
function system_check_course_inventory_should_be_reloaded() {
  $x = intval($_SESSION['fp_cache_course_inventory_last_generated']);
  $last_generated = intval(variable_get('cache_course_inventory_last_generated', 0));  
  if ($x !== $last_generated) {
    return TRUE;
  }
  
  return FALSE;
  
}



/**
 * Returns back a string for an .htaccess file which doesn't allow Apache to serve any
 * files from that directory.  Used in the /files/cache_data directory and other
 * directories as needed.
 */
function system_get_private_htaccess() {
  $x = "
    # Deny all requests from Apache 2.4+.
    <IfModule mod_authz_core.c>
      Require all denied
    </IfModule>
    
    # Deny all requests from Apache 2.0-2.2.
    <IfModule !mod_authz_core.c>
      Deny from all
    </IfModule>
    
    # Turn off all options we don't need.
    Options None
    Options +FollowSymLinks
    
    # Set the catch-all handler to prevent scripts from being executed.
    # This is borrowed from Drupal SA-2006-006
    SetHandler FlightPath_Security_Do_Not_Remove_See_SA_2006_006
    <Files *>
      # Override the handler again if we're run later in the evaluation list.
      # This is borrowed from Drupal SA-2006-006
      SetHandler FlightPath_Security_Do_Not_Remove_See_SA_2006_006
    </Files>
    
    # If we know how to do it safely, disable the PHP engine entirely.
    <IfModule mod_php5.c>
      php_flag engine off
    </IfModule>  
  ";
  
  return trim($x);
} // system_get_private_htaccess()




/**
 * This is the "dashboard" page for FlightPath, which replaces the "main" page from FP 5. 
 */
function system_display_dashboard_page () {
  global $user;
  $rtn = "";

  fp_set_title('');
  
  $render = array();
  $render['#id'] = 'system_display_dashboard_page';
  
  
  // If we are not logged in, then we need to re-direct the user to 
  // the login page!
  if (!isset($_SESSION["fp_logged_in"]) || $_SESSION["fp_logged_in"] != TRUE) {
    $query = "";
    if (isset($_REQUEST["logout"])) $query = "logout=" . $_REQUEST["logout"];
    // Since we are not logged in, and are headed to the login page, also clear out any advising variables we might have.
    foreach ($_REQUEST as $key => $val) {
      unset($_REQUEST[$key]);
      unset($_GET[$key]);
      unset($_POST[$key]);
    }
    
    global $current_student_id;
    $current_student_id = "";  // clear this so the fp_goto doesn't try to add it.
    
    @session_destroy();  // In a rare occasion, the session hasn't had time to initialize yet, so this destroy triggers a warning.  The @ suppresses it.
    session_commit();
    fp_goto("login", $query);
    return;  
  }
  
  fp_add_css(fp_get_module_path("system") . "/css/style.css");
  
  // It's a cheap hack, but when we don't have anything to show, the boxes get too small.  We're going to force some spaces
  // in that case, and we can tell it to display:none if we don't need it anymore in CSS.
  $force_spaces = "<span class='force-spaces'>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
                      &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
                      &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
                      &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
                      &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
                      &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
                      </span>";
  
  
  //////////////////////////////////////////////////////////
  // To cut down on how long it takes to load huge groups
  // like Free Electives, we will the course inventory from cache here.
  if (@$_SESSION["fp_cached_inventory_flag_one"] != TRUE)
  {
    system_reload_and_cache_course_inventory();    
  }
  
  
  $today = date("D, F jS, Y", convert_time(time()));
  $dname = $user->name;
  if ($user->f_name != "" || $user->l_name != "") {
    $dname = trim($user->f_name . " " . $user->l_name) . " ($user->name)";
  }
  
  
  
  $render['inner_wrapper_start'] = array(
    'value' => "<div class='dashboard-inner-wrapper'>",
    'weight' => 10,
  );
  
  //$rtn .= "<div class='dashboard-inner-wrapper'>";  
  
  $render["welcome_block"] = array('value' => "<div class='dash-welcome-block'>
                                <div class='welcome-section'>
                                  " . t("<h1>Welcome @dname!</h1>
                                  <h2>Today is @today</h2>", array("@dname" => $dname, "@today" => $today)) . "
                                </div>
                             </div>", 
                 'weight' => 20);
  
  /*
  $rtn .= "<div class='dash-welcome-block'>
              <div class='welcome-section'>
                <h1>Welcome $dname!</h1>
                <h2>Today is $today</h2>
              </div>
           </div>";
  */


  // Load announcements as HTML
  $announcements = "";

  $announcements .= "
               <div class='announcements-feed-block dash-feed-block'>
                  " . fp_render_section_title(t("Announcements")) . "
                 <div class='contents'>";
  
          
  $res = db_query("SELECT DISTINCT(a.cid) FROM content__announcement a, content n
                   WHERE a.vid = n.vid
                   AND a.cid = n.cid
                   AND n.delete_flag = 0
                   AND n.published = 1                                    
                   ORDER BY field__activity_datetime DESC, a.vid DESC
                   LIMIT 7");
  $bool_is_empty = TRUE; 
  while ($cur = db_fetch_object($res)) {
    $cid = $cur->cid;      
    $content = content_load($cid);
    
    // is this "faculty" visibility?  If so, do we have access to view?
    if ($content->field__visibility['value'] == 'faculty' && !user_has_permission('can_view_faculty_engagements')) {        
      continue;      
    }    

          
    $disp_date = date("m/d/Y g:ia", convert_time(strtotime($content->field__activity_datetime['value'])));
    $bool_is_empty = FALSE;
    $announcements .= "<div class='feed-item'>
                <div class='feed-item-title'>$content->title</div>
                <div class='feed-item-desc'>{$content->field__msg['display_value']}</div>
                <div class='feed-item-datetime'>$disp_date</div>
             </div>";
        
  } // while
  
  if ($bool_is_empty) {
    $announcements .= "<div class='empty'>                
                <p>" . t("Sorry, there are no announcements available at this time.") . "</p>                
             </div>";
  }
  
   
  
  $announcements .=  "$force_spaces</div>  <!-- contents -->
               </div> <!-- feed block --> ";



  // Build up the "appoinments" HTML
  $appointments = "";
  $appointments .= "<div class='appointments-feed-block dash-feed-block'>
                    " . fp_render_section_title(t("Upcoming Appointments")) . "
                   <div class='contents'>";
    
    $upcoming = calendar_get_upcoming_appointments_for_cwid($user->cwid);
    $bool_is_empty = TRUE;
    foreach ($upcoming as $details) {
      
      $thedate = format_date(convert_time($details['utc_start_ts']), 'long_no_year');      
      $use_name = $details['faculty_name'];
      if ($user->is_faculty) {
        $use_name = $details['student_name'];
      }            
      
      $bool_is_empty = FALSE;
                        
      $msg = t("You have an appointment with @fn on @td.", array("@fn" => $use_name, "@td" => $thedate));
      
      
      $appointments .= "<div class='feed-item'>
                      <div class='feed-item-icon'><i class='fa fa-calendar'></i></div>
                      <div class='feed-item-title'>$use_name</div>
                      <div class='feed-item-desc'>$msg</div>
               </div>";
      
    }
    
    
    if ($bool_is_empty) {
      $appointments .= "<div class='empty'>
                      <p>" . t("You have no upcoming appointments within the next 5 days.") . "</p> 
               </div>
               $force_spaces";
      
    }
    
        
    
            
    $appointments .= "
                   </div> <!-- contents -->
                 </div> <!-- feed-block -->                                                
                ";




  $render['#user_is_faculty'] = $user->is_faculty;

  if ($user->is_faculty) {

    
    $render['dash_left_wrapper'] = array('value' => "<div class='dash-box dash-left'>", 'weight' => 30);
    
    //$rtn .= "<div class='dash-box dash-left'>";
    $render["appointments"] = array('value' => $appointments, 'weight' => 40);
    //$rtn .= $appointments;
    
    if (user_has_permission('can_view_advisee_activity_records')) {
          
      $render["activity_feed_block_top"] = array('value' => "<div class='activity-feed-block dash-feed-block'>
                                                " . fp_render_section_title("Advisee Activity Feed") . "
                                             <div class='contents'>",
                          'weight' => 50);
    /*          
        $rtn .= "<div class='activity-feed-block dash-feed-block'>
                    " . fp_render_section_title("Advisee Activity Feed") . "
                 <div class='contents'>";
    */
  
                           
      $activity = "";     
      
      // Needs to only be within my advisees list....
      $adv_array = student_search_display_my_advisees(TRUE);
      $student_ids = array_keys($adv_array);
      $students_line = "'" . join("','", $student_ids) . "'";
          
      $icons = array(
        'alert' => 'fa-bell-o',
        'mail' => 'fa-envelope-o',
        'comment' => 'fa-comment-o',
        'calendar' => 'fa-calendar-o',
      );
                 
      $res = db_query("SELECT DISTINCT(a.cid) FROM content__activity_record a, content n
                         WHERE a.vid = n.vid
                         AND a.cid = n.cid
                         AND n.delete_flag = 0
                         AND n.published = 1
                         AND field__student_id IN ($students_line)                                    
                         ORDER BY updated DESC, a.vid DESC
                         LIMIT 10");
        $bool_is_empty = TRUE; 
        while ($cur = db_fetch_object($res)) {
          $cid = $cur->cid;      
          $content = content_load($cid);
          
          $student_name = fp_get_student_name($content->field__student_id['value'], TRUE);
                        
          $disp_date = date("m/d/Y g:ia", convert_time($content->updated));
          
          $icon = $icons[$content->field__activity_type['value']];
          $bool_is_empty = FALSE;
          $activity .= "<div class='feed-item'>
                      <div class='feed-item-icon'><i class='fa $icon'></i></div>
                      <div class='feed-item-title'>$student_name</div>
                      <div class='feed-item-desc'>$content->title</div>
                      <div class='feed-item-datetime'>$disp_date</div>
                   </div>";
              
        } // while
        
        if (!$bool_is_empty) {
          $activity .= "<div class='activity-view-all'>" . l(t("View All"), "advisee-activities", '', array('class' => 'button')) . "</div>";
        }
        else {
          $activity .= "<div class='empty'>
                        <p>" . t("There is no student activity to report at this time.") . "</p> 
                 </div>$force_spaces";        
        }
        
        
        $render['close_activity_feed_block'] = array('value' => "$activity</div>", 'weight' => 60);
        
        
        $render['close_activities_feed_block'] = array('value' => "</div> <!-- feed-block -->          ", 'weight' => 70);
        $render['close_left_dash_wrapper'] = array('value' => "</div> <!-- dash-box -->  ", 'weight' => 80);
        
      } // if user has permission can_view_advisee_activity_records
    
                       

                       
    $render['dash_right_wrapper'] = array('value' => "<div class='dash-box dash-right'>", 'weight' => 90);                                          
    //$rtn .= "<div class='dash-box dash-right'>";



    $advising_term_id = variable_get("advising_term_id", "");
    $advising_term_desc = get_term_description($advising_term_id, FALSE, $user->school_id);  

    $url = fp_url("render-advising-snapshot-for-iframe", "window_mode=popup&fp_messages=none");
    
    // Show slightly different if we have the schools module enabled
    if (module_enabled("schools")) {      
      $advising_term_desc = "Current Terms";
      
      // Get all the school ids this user is allowed to search.
      $school_ids = student_search_get_school_ids_user_is_allowed_to_search();
      $school_id_list = join(",", $school_ids);
              
      $url = fp_url("render-advising-snapshot-for-iframe", "window_mode=popup&fp_messages=none&school_id_list=$school_id_list");
            
    }    

    $render['advising_snapshot'] = array('value' => "<div class='snapshot-feed-block dash-feed-block'>
                                      " . fp_render_section_title(t("Advising Snapshot for ") . $advising_term_desc) . "
                                     <div class='contents'>
                                      <iframe src='$url' frameborder=0 width=100% height=85></iframe>
                                     </div>
                                   </div>",
                'weight' => 100);
    
    
    
    /// Do announcements under.
    
    $render['announcements'] = array('value' => $announcements, 'weight' => 110);
    $render['close_right_dash_wrapper'] = array('value' => "</div>", 'weight' => 120);
  
  } // if is_faculty
  else if ($user->is_student) {
    

    $render['dash_left_wrapper'] = array('value' => "<div class='dash-box dash-left'>", 'weight' => 30);
    $render["appointments"] = array('value' => $appointments, 'weight' => 40);
    

    //$rtn .= "<div class='dash-box dash-left'>";
    //$rtn .= $appointments;
                
    fp_add_js(fp_get_module_path('advise') . '/js/advise.js');
    $render['recent_advising_history_top'] = array('value' => "<div class='advising-history-feed-block dash-feed-block'>
                                            " . fp_render_section_title(t("Recent Advising History")) . "
                                           <div class='contents'>", 'weight' => 50);

                                           
    // TODO: For the student advisings, we want to group together terms that were advised at the same time.
    


    $res = db_query("SELECT * FROM advising_sessions
                WHERE student_id = ?
                AND is_draft = 0
                AND is_empty = 0
                AND delete_flag = 0
                ORDER BY `posted` DESC, `term_id` DESC 
                LIMIT 5", $user->cwid);
    $c = 0;
    while($cur = db_fetch_array($res)) {
         
      $dt = date("n/j/y g:ia",$cur['posted']);
      $fac_name = fp_get_faculty_name($cur['faculty_id'], FALSE);
      $html = "";
  
      $turl = fp_url("advise/popup-display-summary", "advising_session_id=" . $cur['advising_session_id']);
      $advising_session_id_array[] = $cur['advising_session_id'];
      $term = get_term_description($cur['term_id'], FALSE, $user->school_id);
      $link = "popupLargeIframeDialog(\"" . $turl . "\",\"" . t("Advising Session @term - @date", array("@term" => $term, "@date" => $dt)) . "\",\"\");";  
      $html .= "<div class='feed-item'>
                  <div class='feed-item-icon'><i class='fa fa-graduation-cap'></i></div>
                  <div class='feed-item-title'>Advised by $fac_name</div>
                  <a href='javascript:$link'>
                    <div class='feed-item-desc'>$term</div>                    
                  </a>                  
                  <div class='feed-item-datetime'>$dt</div>
                </div>";
      
                
      $render['recent_advising_history_row_' . $cur['advising_session_id']] = array('value' => $html, 'weight' => (200 + $c++));
    }    
                
    
    
    $render['close_advising_history_contents'] = array('value' => "</div> <!-- contents -->", 'weight' => 300);
    $render['close_advising_sessions_feed_block'] = array('value' => "</div> <!-- feed-block -->          ", 'weight' => 310);
    $render['close_left_dash_wrapper'] = array('value' => "</div> <!-- dash-box -->  ", 'weight' => 320);
    
    
    
    $render['dash_box_right_wrapper'] = array('value' => "<div class='dash-box dash-right'>", 'weight' => 330);
    $render['announcements'] = array('value' => $announcements, 'weight' => 340);
    $render['close_right_dash_box'] = array('value' => "</div>", 'weight' => 350);
    
    
  } // if is_student
  
  watchdog("display_dashboard", "", array());
  
  
  $rtn = fp_render_content($render);
  
  return $rtn;
} // display_dashboard_page


/**
 * This is meant to be a widget which shows in the dashboard of the advising user, within an iframe, since it can
 * take a while to load.
 */
function system_render_advising_snapshop_for_iframe() {
  $rtn = "";        
      
  fp_add_css(fp_get_module_path("system") . "/css/style.css");
  
  
      
  if (!isset($_SESSION["fp_pie_chart_token"])) {
    $_SESSION["fp_pie_chart_token"] = md5(fp_token());
  }

  $school_ids = array(0);
  if (isset($_REQUEST['school_id_list'])) {
    $school_ids = explode(",", $_REQUEST['school_id_list']);
    
  }
  
  $selected_school_id = $school_ids[0];
  if (isset($_REQUEST['selected_school_id'])) $selected_school_id = intval($_REQUEST['selected_school_id']);
  
      
  // Get total number of advisees VS number that have been advised for current term.  
  $adv_array = student_search_display_my_advisees(TRUE, NULL, $selected_school_id, 9999999);  // We want to get ALL advisees, so we set the limit very high.
  $total = count($adv_array);
  
  $advised_count = 0;
  $advised_percent = 0;
  if ($total > 0) {
    foreach ($adv_array as $details) {
      if (@$details['advised_image'] != "") {
        $advised_count++;
      } 
    }
    
    $advised_percent = round($advised_count/$total * 100, 2) ;      
  
    $unfinished = 100 - $advised_percent;
    $pie_chart_url_advised_percent = base_path() . "/libraries/pchart/fp_pie_chart.php?size=75&radius=35&progress=$advised_percent&unfinished=$unfinished&unfinished_col=cccccc&progress_col=5780FF&token=" . $_SESSION["fp_pie_chart_token"];
    
        
    $advising_term_id = variable_get_for_school("advising_term_id", "", $selected_school_id);
    $advising_term_desc = get_term_description($advising_term_id, FALSE, $selected_school_id);
              
    
    // If we have more than one school, then we should also display a selector which auto-submits when changed.
    $school_selector_html = "";
    if (count($school_ids) > 1 && module_enabled("schools")) {
      fp_add_js(fp_get_module_path("system") . "/js/snapshot.js");
      
      $url = fp_url("render-advising-snapshot-for-iframe");
      
      $school_selector_html .= "<div class='snapshot-school-selector'>
                                  <form action='$url' method='GET' id='snapshot-school-selector-form'>
                                  <input type='hidden' name='window_mode' value='popup'>
                                  <input type='hidden' name='school_id_list' value='" . join(",", $school_ids) . "'> 
                                  <strong>School: </strong>                                  
                                  <select name='selected_school_id' id='selected_school_id'>";
      foreach ($school_ids as $school_id) {
        $sel = "";
        if (intval($school_id) === $selected_school_id) $sel = "selected";
        $school_selector_html .= "<option value='$school_id' $sel>" . schools_get_school_name_for_id($school_id) . "</option>";
      }
      $school_selector_html .= "</select>                                
                                </form>
                                </div>";
    }
       
        
    $rtn .= "<div class='snapshot-in-iframe'>
              $school_selector_html
              <div class='pie-image'>
                <img src='$pie_chart_url_advised_percent'>
              </div> 
              <div class='pie-term-title'>$advising_term_desc ($advising_term_id)</div>
              <div class='pie-term-caption'>" . t("You have advised %p of your advisees @math", array("%p" => "$advised_percent%", "@math" => "($advised_count/$total)")) . "</div>
             </div>
            ";
  
  } // if total > 0
  else {
    // Meaning, the user does not have any advisees assigned to them.
    $rtn .= "<div class='snapshot-in-iframe'>
              <div class='pie-term-title'>" . t("No Advisees") . "</div>
              <div class='pie-term-caption'>" . t("You do not have any advisees assigned to you at this time.") . "</div>
             </div>
            ";
        
  }
    
  return $rtn;
  
  
} // system_render_advising_snapshop_for_iframe





















/**
 * Called on every page load.
 */
function system_init() {
  // Let's see if the $user object (for the logged-in user) has been set up.
  global $user;
  $user = new stdClass();
  
  if (!isset($_SESSION["fp_user_object"])) {
    $_SESSION["fp_user_object"] = new stdClass();
  }
    
  if (!isset($_SESSION["fp_user_object"]->roles[1])) $_SESSION["fp_user_object"]->roles[1] = ""; 
      
  if (@$_SESSION["fp_logged_in"] == TRUE) {
    // Make sure it doesn't have the anonymous user role (rid == 1).
    if ($_SESSION["fp_user_object"]->roles[1] == "anonymous user") {
      unset($_SESSION["fp_user_object"]->roles[1]);
    }
    
    $user = $_SESSION["fp_user_object"];
    // To make sure we pick up the user's newest permissions, re-load 
    // the user here.
    
    $user = fp_load_user($user->id);
    
    
  }
  else {
    // User is anonymous, so set it up as such.
    $user = fp_load_user(0);    
  }
  
  // Are we in maintenance mode?  If so, display a message.
  if (variable_get("maintenance_mode", FALSE)) {
    fp_add_message(t("@FlightPath is currently undergoing routine maintenance.  
                      During this time, some data may appear incomplete.
                      We apologize for the inconvenience and appreciate your patience.", array("@FlightPath" => variable_get("system_name", "FlightPath"))), "status", TRUE);
    
  }
   
  // Is there an urgent message to display?  
  $urgent_msg = variable_get("urgent_msg", "");
  if ($urgent_msg) {
    fp_add_message("<b>" . t("Important Message:") . "</b> " . $urgent_msg, "status", TRUE);
  }
  
  
  // Since current_student_id is coming from the REQUEST, sanitize it.
  //$current_student_id = "";
  
  $current_student_id = (string) ($_REQUEST['current_student_id'] ?? '');
  if (!is_string($current_student_id)) $current_student_id = '';
  $current_student_id = str_replace("'", "", $current_student_id);  // remove single quotes
  $current_student_id = str_replace('"', "", $current_student_id);  // remove back quotes
  $current_student_id = str_replace(';', "", $current_student_id);  // remove semicolons
   
  // Add in our custom JS settings.
  $settings = array(
      "themeLocation" => fp_theme_location(), 
      "currentStudentId" => $current_student_id,      
      "basePath" => base_path(),
      // Add in the popup window options....      
      "popupAdminWinOptions" => variable_get("popup_admin_win_options", "toolbar=no,status=2,scrollbars=yes,resizable=yes,width=600,height=400"),  // used by admin groups, edit definitions, degrees, and popup contact form.    
      "popupAdviseWinOptions" => variable_get("popup_advise_win_options", "toolbar=no,status=2,scrollbars=yes,resizable=yes,width=460,height=375"),  // the work-horse of most of the advising popups. course desc, subs, etc.
      "popupPrintWinOptions" => variable_get("popup_print_win_options", "toolbar=no,status=2,scrollbars=yes,resizable=yes,width=750,height=600"),  // any printable screen is displayed in this.
          
  );
   
  fp_add_js($settings, "setting");
  fp_add_js(fp_get_module_path("system") . "/js/system.js");
     
}



/**
 * This is the form which an admin may use to manage the modules
 * in the system.
 */
function system_modules_form() {
  $form = array();
  $m = 0;
  
  fp_add_css(fp_get_module_path("system") . "/css/style.css");
  
  $form["mark" . $m++] = array(
    "value" => t("Use this form to enable or disable modules.  This scans the /modules/ and then /custom/modules/
                  directories.") . " 
                  " . l(t("Run DB updates?"), "admin/db-updates") . "<br><br>",
  );
  
  
  // Begin by scanning the /modules/ directory.  Anything in there
  // cannot be disabled.
  $module_dirs = array();
  $module_dirs[] = array("start" => "modules", "type" => t("Core"));
  $module_dirs[] = array("start" => "custom/modules", "type" => t("Custom"));
  // We will also add any directories which begin with an underscore in the custom/modules directory.
  // For example:   custom/modules/_contrib
  // Let's find such directories now.
  $dir_files = scandir("custom/modules");  
  foreach ($dir_files as $file) {
    if ($file == '.' || $file == '..') continue;    
    if (substr($file, 0, 1) == '_' && is_dir("custom/modules/$file")) {      
      $module_dirs[] = array("start" => "custom/modules/$file", "type" => t("Custom/$file"));
    }
  }
  
        
        
  foreach ($module_dirs as $module_dir) {
    $start_dir = $module_dir["start"];
     
    if ($dh = opendir($start_dir)) {
      //$pC .= "<div class='fp-system-modules-type'>{$module_dir["type"]}</div>
      //        <table class='fp-system-modules-table' cellpadding='0' cellspacing='0'>";
              
      $form["mark" . $m++] = array(
        "value" => "<div class='fp-system-modules-type'>{$module_dir["type"]}</div>
                    <table class='fp-system-modules-table' cellpadding='0' cellspacing='0'>",
      );
    
                  
      $pol = "even";
      $dir_files = scandir($start_dir);      
      foreach ($dir_files as $file) {    
        if ($file == "." || $file == "..") continue;
        
        if (is_dir($start_dir . "/" . $file)) {  
         
          // Okay, now look inside and see if there is a .info file.
          if (file_exists("$start_dir/$file/$file.info")) {
            $module = $file;
            $info_contents = file_get_contents("$start_dir/$file/$file.info");
              
              
            // From the info_contents variable, split up and place into an array.
            $info_details_array = array("path" => "", "module" => "", 
                                        "schema" => "", "core" => "", "description" => "", 
                                        "requires" => "", "version" => "",
                                        "required" => "", );
            
            $lines = explode("\n", $info_contents);
            foreach ($lines as $line) {
              if (trim($line) == "") continue;
              $temp = explode("=", trim($line));
              $info_details_array[trim($temp[0])] = trim(substr($line, strlen($temp[0]) + 1)); 
            }
            
            
            $path = "$start_dir/$file";
            
            $info_details_array["path"] = $path;
            $info_details_array["module"] = $module;
            
                        
            // Expected keys:
            // name, description, version, core, requires (csv), requred (true or false)
            $checked = "";

            $form["mark" . $m++] = array(
              "value" => "<tr class='fp-system-modules-row fp-system-modules-row-$pol'>
                            <td width='35%'>",
            );
                        
            // the Checkbox.            
            // Should it be checked?  We can check the modules table to see if it's enabled/installed or not.
            $installation_status = "";
            $default_value = array();
            $res = db_query("SELECT * FROM modules WHERE path = '?' ", $path);
            $cur = db_fetch_array($res);
            if ($cur) {
              $info_details_array["enabled"] = $cur["enabled"];
              if ($cur["enabled"] == "1") {
                // Yes, it is checked!
                $default_value = array($module => $module);              
              }
              else if ($cur["enabled"] == "") {
                $installation_status = t("not installed");
              }
              else if ($cur["enabled"] == "0") {
                $installation_status = fp_get_js_confirm_link(t("Are you sure you wish to uninstall @module?\\nThis may remove saved data belonging to the module.", array("@module" => $module)), 
                                                              ' window.location="' . fp_url("system/uninstall-module", "module=$module&path=" . urlencode($path) . "") . '"; ', t("uninstall?")); 
              }
            
            
              // Does this module need to run db updates?
              if ($cur["enabled"] == "1" && $cur["schema"] != $info_details_array["schema"] && $info_details_array["schema"] != "") {
                $installation_status = "<b>" . l(t("Run db updates"), "admin/db-updates") . "</b>";
                
                // Let's also make sure to enable a message at the top of the screen, letting the user
                // know that there are needed updates.
                fp_add_message("<b>" . t("Note:") . "</b> " . t("There are modules which have been updated.  Please back up your database,
                                  then run the DB Updates function below as soon as possible."), "error", TRUE); 
              }
            
            }
            
                        
            $attributes = array();
            if ($info_details_array["required"]) {
              // This is a required module; it cannot be unchecked.
              $attributes["disabled"] = "disabled";
            }
            
            $bool_overriding = FALSE;
            // Did this module already exist in $form?  In other words,
            // is the module overriding a core module?  If so, we need to know
            // so we can display something special.
            if (isset($form["cb__$module"])) {
              $bool_overriding = TRUE;
            }
            
            $requires = "";

            // If this module requires a higher core version of FlightPath than what we
            // are running, disable and explain to the user.
            if (FLIGHTPATH_VERSION != '%FP_VERSION%' && $info_details_array["requires core version"]) {
              // Test to see if the current version is >= to the required core version.
              if (version_compare(FLIGHTPATH_VERSION, $info_details_array["requires core version"], "<")) {
                // No, it's LESS than the required version!  We shouldn't be able to use this module!
                $attributes["disabled"] = "disabled";
                $requires .= "<div style='color: red;'>" . t("This module requires
                                          that you run FlightPath version %fpv or higher.  
                                          You are instead running version %fpov.  Please update
                                          your core copy of FlightPath before attempting to install this
                                          module.", array('%fpv' => $info_details_array["requires core version"],
                                                          '%fpov' => FLIGHTPATH_VERSION)) . "</div>";
              }
            }
            
            
            // Let's see if this module is for the wrong core entirely.
            if ($info_details_array["core"]) {
                
              // Test to see if we are not the correct core version.
              if (strtolower(FLIGHTPATH_CORE) != strtolower($info_details_array["core"])) {
                // Nope, the wrong core version!
                $attributes["disabled"] = "disabled";
                $requires .= "<div style='color: red;'>" . t("This module requires
                                          that you run FlightPath core version %fpv.  
                                          You are instead running version %fpov.  Please either download
                                          the correct version of this module for your FlightPath core version,
                                          or update FlightPath to the required core version.", array('%fpv' => $info_details_array["core"],
                                                          '%fpov' => FLIGHTPATH_CORE)) . "</div>";
              }
            }
                        
                       
                       
            
            $form["cb__$module"] = array(
              "type" => "checkboxes",              
              "options" => array($module => $info_details_array["name"]),
              "value" => $default_value,
              "suffix" => "<div class='fp-system-modules-machine-name'>$file</div>
                            <div class='fp-system-modules-installation-status'>$installation_status</div>
                            ",
              "attributes" => $attributes,
            ); 
            
            // hidden variable containing the details about this module, for later use on submit.
            $form["module_details__$module"] = array(
              "type" => "hidden",
              "value" => urlencode(serialize($info_details_array)),
            );


            
            // Version & descr.            
            if ($info_details_array["requires"] != "") {
              $requires .= "<div class='fp-system-modules-requires hypo'>
                            <b>" . t("Requires:") . "</b> {$info_details_array["requires"]}
                           </div>";
              
            }
            
            // if we are overriding a module, then display something special.
            if ($bool_overriding) {
              $form["mark" . $m++] = array(
                "value" => "<em>" . t("Overriding core module:") . "<br>{$info_details_array["name"]}</em>
                            <div class='fp-system-modules-machine-name'>$file</div>
                            <div class='fp-system-modules-installation-status'>
                            " . t("Use checkbox in Core section above to manage module") . "
                            </div>",
              );
            }
            
            $form["mark" . $m++] = array(
              "value" => "  </td>
                            <td width='5%' >{$info_details_array["version"]}</td>
                            <td >{$info_details_array["description"]}$requires</td>
                          </tr>
                          ",
                          
            );
                                          
                                                     
            $pol = ($pol == "even") ? "odd" : "even";
            
          } // if file_exists (info file)        
        } // if is_dir      
      } // while file=readdir
      
      $form["mark" . $m++] = array(
        "value" => "</table>",
      );
      
    } // if opendir($startdir)
  }// foreach moduledirs
  
  $form["submit"] = array(
    "type" => "submit",
    "spinner" => TRUE,
    "value" => t("Submit"),
    "prefix" => "<hr>",
  );  
  
    
  return $form;
}


/**
 * Submit handler for the modules form. 
 */
function system_modules_form_submit($form, $form_state) {
    
  // Go through all of the checkboxes which we have "module_details" for.  If there is NOT a corresponding
  // checkbox, it means it wasn't checked, and should be disabled in the database.  Otherwise, it means it WAS
  // checked, and should be enabled/installed.
  
  
  $did_something = FALSE;
  
  foreach ($form_state["values"] as $key => $value) {
    if (strstr($key, "module_details__")) {
      if ($module_details = unserialize(urldecode($value))) {
        
        $module = $module_details["module"];
        
        // Disabling a module.
        if (@$module_details["enabled"] == "1" && !isset($form_state["values"]["cb__$module"])) {
          // So it WAS enabled, but now the checkbox wasn't checked.  So disable it!
          system_disable_module($module_details);
          $did_something = TRUE;
        }
        
        // Enabling a module
        if (@$module_details["enabled"] != "1" && isset($form_state["values"]["cb__$module"])) {
          system_enable_module($module_details);
          $did_something = TRUE;
        }
        
      }
    }
  }

  if ($did_something) {
    
    // Refetch all of the modules from the modules table.
    fp_rebuild_modules_list();
    
    // We should clear the cache if we did something.
    fp_clear_cache();
    
    
    watchdog("admin", "Saved system modules form (enabled or diabled module)");
    
  }
   
  
}



/**
 * Called from the menu (ie, a URL) this function will uninstall a module.
 * 
 */
function system_handle_uninstall_module() {
  $module = $_REQUEST["module"];

  // First, let's get information about this module from the db.
  $res = db_query("SELECT * FROM modules WHERE name = '?' ", $module);
  $cur = db_fetch_array($res);
  // Make sure it is not currently enabled.
  if ($cur["enabled"] == "1") {
    fp_add_message(t("Module %module not yet disabled.  Disable first, then try to uninstall.", array("%module" => $module)));
    return;
  }
  
  // Let's see if we can call hook_uninstall for this module.
  if (include_module($module, TRUE, $cur["path"])) {
    if (include_module_install($module, $cur["path"])) {
      if (function_exists($module . "_uninstall")) {
        call_user_func($module . "_uninstall");
      }
    }
  }
  
  // Remove from the database.
  $res = db_query("DELETE FROM modules WHERE name = '?' ", $module);
  
  
  fp_add_message(t("Uninstalled %module.", array("%module" => $module)));
  
  fp_goto("admin/config/modules");
}


/**
 * Handles the enabling (and possible installation) of module.
 */
function system_enable_module($module_details) {

  $module = $module_details["module"];
  $path = $module_details["path"];

  $bool_call_hook_install = FALSE;

  // Do we need to attempt to call the hook_install function?
  if (@$module_details["enabled"] == "") {
    // Wasn't in the database, so we need to install it.

    $schema = 0;
    if (isset($module_details['schema'])) $schema = $module_details['schema'];
    
    // Add to our table.
    // (delete anything all ready there first)      
    $res = db_query("DELETE FROM modules WHERE `name` = ? ", $module);
    // Now, add back into the table.
    $res = db_query("INSERT INTO modules (`name`, `path`, `version`, `requires`, `enabled`, `type`, `schema`, `info`)
                     VALUES (?, ?, ?, ?, ?, ?, ?, ?)
                     ", $module, $path, @$module_details["version"], @$module_details["required"], 0, "module",
                        @intval($schema), serialize($module_details));
    
    $bool_call_hook_install = TRUE;
    
    fp_add_message(t("The module %module has been installed.", array("%module" => $module)));
         
  }


  // If the module has a .install file, begin by including it.
  if (include_module_install($module, $path)) {
      
    // Include the original module file first.
    include_module($module, TRUE, $path);

         
    if ($bool_call_hook_install) {
      // call hook_install if it exists.
      if (function_exists($module . '_install')) {
        call_user_func($module . '_install');
      }
    }     

    // Now, we can call hook_enable, if it exists.
    if (function_exists($module . '_enable')) {
      call_user_func($module . '_enable');
    }
       
  }


  // Update our table.
  $res = db_query("UPDATE modules SET `enabled` = '1' WHERE `name` = ? ", $module);    

  fp_add_message(t("The module %module has been enabled.", array("%module" => $module)));

 
  
}


/**
 * Handles the disabling of the module in question.
 */
function system_disable_module($module_details) {

  $module = $module_details["module"];
  $path = $module_details["path"];

  // This module cannot be disabled!
  if ($module_details["required"] == TRUE) {
    return;
  }

  // If the module has a "hook_disable" in it's path/module.install file, include and call it.  
  if (include_module_install($module, $path) && function_exists($module . '_disable')) {
    call_user_func($module . '_disable');
  }
  
  // Disable it in the modules table.
  $res = db_query("UPDATE modules
                   SET enabled = '0'
                   WHERE name = '?' ", $module);

  fp_add_message(t("The module %module has been disabled.", array("%module" => $module)));  
  
}