Commit 8b9196d7 authored by Dan Poltawski's avatar Dan Poltawski
Browse files

Merge branch 'MDL-57887-nginx-username-logging' of https://github.com/brendanheywood/moodle

parents 892ceeb7 c31a35b5
...@@ -385,7 +385,15 @@ $CFG->admin = 'admin'; ...@@ -385,7 +385,15 @@ $CFG->admin = 'admin';
// LogFormat "%h %l %{MOODLEUSER}n %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\"" moodleformat // LogFormat "%h %l %{MOODLEUSER}n %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\"" moodleformat
// And in the part specific to your Moodle install / virtualhost: // And in the part specific to your Moodle install / virtualhost:
// CustomLog "/your/path/to/log" moodleformat // CustomLog "/your/path/to/log" moodleformat
// CAUTION: Use of this option will expose usernames in the Apache log, //
// Alternatively for other webservers such as nginx, you can instead have the username sent via a http header
// 'X-MOODLEUSER' which can be saved in the logfile and then stripped out before being sent to the browser:
// $CFG->headerloguser = 0; // Turn this feature off. Default value.
// $CFG->headerloguser = 1; // Log user id.
// $CFG->headerloguser = 2; // Log full name in cleaned format. ie, Darth Vader will be displayed as darth_vader.
// $CFG->headerloguser = 3; // Log username.
//
// CAUTION: Use of this option will expose usernames in the Apache / nginx log,
// If you are going to publish your log, or the output of your web stats analyzer // If you are going to publish your log, or the output of your web stats analyzer
// this will weaken the security of your website. // this will weaken the security of your website.
// //
......
...@@ -915,36 +915,54 @@ if (!empty($CFG->debugvalidators) and !empty($CFG->guestloginbutton)) { ...@@ -915,36 +915,54 @@ if (!empty($CFG->debugvalidators) and !empty($CFG->guestloginbutton)) {
// Apache log integration. In apache conf file one can use ${MOODULEUSER}n in // Apache log integration. In apache conf file one can use ${MOODULEUSER}n in
// LogFormat to get the current logged in username in moodle. // LogFormat to get the current logged in username in moodle.
if ($USER && function_exists('apache_note') // Alternatvely for other web servers a header X-MOODLEUSER can be set which
&& !empty($CFG->apacheloguser) && isset($USER->username)) { // can be using in the logfile and stripped out if needed.
$apachelog_userid = $USER->id; if ($USER && isset($USER->username)) {
$apachelog_username = clean_filename($USER->username); $logmethod = '';
$apachelog_name = ''; $logvalue = 0;
if (isset($USER->firstname)) { if (!empty($CFG->apacheloguser) && function_exists('apache_note')) {
// We can assume both will be set $logmethod = 'apache';
// - even if to empty. $logvalue = $CFG->apacheloguser;
$apachelog_name = clean_filename($USER->firstname . " " .
$USER->lastname);
} }
if (\core\session\manager::is_loggedinas()) { if (!empty($CFG->headerloguser)) {
$realuser = \core\session\manager::get_realuser(); $logmethod = 'header';
$apachelog_username = clean_filename($realuser->username." as ".$apachelog_username); $logvalue = $CFG->headerloguser;
$apachelog_name = clean_filename($realuser->firstname." ".$realuser->lastname ." as ".$apachelog_name);
$apachelog_userid = clean_filename($realuser->id." as ".$apachelog_userid);
} }
switch ($CFG->apacheloguser) { if (!empty($logmethod)) {
case 3: $loguserid = $USER->id;
$logname = $apachelog_username; $logusername = clean_filename($USER->username);
break; $logname = '';
case 2: if (isset($USER->firstname)) {
$logname = $apachelog_name; // We can assume both will be set
break; // - even if to empty.
case 1: $logname = clean_filename($USER->firstname . " " . $USER->lastname);
default: }
$logname = $apachelog_userid; if (\core\session\manager::is_loggedinas()) {
break; $realuser = \core\session\manager::get_realuser();
$logusername = clean_filename($realuser->username." as ".$logusername);
$logname = clean_filename($realuser->firstname." ".$realuser->lastname ." as ".$logname);
$loguserid = clean_filename($realuser->id." as ".$loguserid);
}
switch ($logvalue) {
case 3:
$logname = $logusername;
break;
case 2:
$logname = $logname;
break;
case 1:
default:
$logname = $loguserid;
break;
}
if ($logmethod == 'apache') {
apache_note('MOODLEUSER', $logname);
}
if ($logmethod == 'header') {
header("X-MOODLEUSER: $logname");
}
} }
apache_note('MOODLEUSER', $logname);
} }
// Ensure the urlrewriteclass is setup correctly (to avoid crippling site). // Ensure the urlrewriteclass is setup correctly (to avoid crippling site).
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment