Commit 8b9196d7 authored by Dan Poltawski's avatar Dan Poltawski
Browse files

Merge branch 'MDL-57887-nginx-username-logging' of https://github.com/brendanheywood/moodle

parents 892ceeb7 c31a35b5
......@@ -385,7 +385,15 @@ $CFG->admin = 'admin';
// LogFormat "%h %l %{MOODLEUSER}n %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\"" moodleformat
// And in the part specific to your Moodle install / virtualhost:
// CustomLog "/your/path/to/log" moodleformat
// CAUTION: Use of this option will expose usernames in the Apache log,
//
// Alternatively for other webservers such as nginx, you can instead have the username sent via a http header
// 'X-MOODLEUSER' which can be saved in the logfile and then stripped out before being sent to the browser:
// $CFG->headerloguser = 0; // Turn this feature off. Default value.
// $CFG->headerloguser = 1; // Log user id.
// $CFG->headerloguser = 2; // Log full name in cleaned format. ie, Darth Vader will be displayed as darth_vader.
// $CFG->headerloguser = 3; // Log username.
//
// CAUTION: Use of this option will expose usernames in the Apache / nginx log,
// If you are going to publish your log, or the output of your web stats analyzer
// this will weaken the security of your website.
//
......
......@@ -915,36 +915,54 @@ if (!empty($CFG->debugvalidators) and !empty($CFG->guestloginbutton)) {
// Apache log integration. In apache conf file one can use ${MOODULEUSER}n in
// LogFormat to get the current logged in username in moodle.
if ($USER && function_exists('apache_note')
&& !empty($CFG->apacheloguser) && isset($USER->username)) {
$apachelog_userid = $USER->id;
$apachelog_username = clean_filename($USER->username);
$apachelog_name = '';
if (isset($USER->firstname)) {
// We can assume both will be set
// - even if to empty.
$apachelog_name = clean_filename($USER->firstname . " " .
$USER->lastname);
// Alternatvely for other web servers a header X-MOODLEUSER can be set which
// can be using in the logfile and stripped out if needed.
if ($USER && isset($USER->username)) {
$logmethod = '';
$logvalue = 0;
if (!empty($CFG->apacheloguser) && function_exists('apache_note')) {
$logmethod = 'apache';
$logvalue = $CFG->apacheloguser;
}
if (\core\session\manager::is_loggedinas()) {
$realuser = \core\session\manager::get_realuser();
$apachelog_username = clean_filename($realuser->username." as ".$apachelog_username);
$apachelog_name = clean_filename($realuser->firstname." ".$realuser->lastname ." as ".$apachelog_name);
$apachelog_userid = clean_filename($realuser->id." as ".$apachelog_userid);
if (!empty($CFG->headerloguser)) {
$logmethod = 'header';
$logvalue = $CFG->headerloguser;
}
switch ($CFG->apacheloguser) {
case 3:
$logname = $apachelog_username;
break;
case 2:
$logname = $apachelog_name;
break;
case 1:
default:
$logname = $apachelog_userid;
break;
if (!empty($logmethod)) {
$loguserid = $USER->id;
$logusername = clean_filename($USER->username);
$logname = '';
if (isset($USER->firstname)) {
// We can assume both will be set
// - even if to empty.
$logname = clean_filename($USER->firstname . " " . $USER->lastname);
}
if (\core\session\manager::is_loggedinas()) {
$realuser = \core\session\manager::get_realuser();
$logusername = clean_filename($realuser->username." as ".$logusername);
$logname = clean_filename($realuser->firstname." ".$realuser->lastname ." as ".$logname);
$loguserid = clean_filename($realuser->id." as ".$loguserid);
}
switch ($logvalue) {
case 3:
$logname = $logusername;
break;
case 2:
$logname = $logname;
break;
case 1:
default:
$logname = $loguserid;
break;
}
if ($logmethod == 'apache') {
apache_note('MOODLEUSER', $logname);
}
if ($logmethod == 'header') {
header("X-MOODLEUSER: $logname");
}
}
apache_note('MOODLEUSER', $logname);
}
// Ensure the urlrewriteclass is setup correctly (to avoid crippling site).
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment