From c31a35b57d6bb7ec1f385f0bdee1b3bbfaa3d956 Mon Sep 17 00:00:00 2001
From: Brendan Heywood <brendan@catalyst-au.net>
Date: Tue, 7 Feb 2017 13:21:01 +1100
Subject: [PATCH] MDL-57887 setup: Support logging usernames in nginx access
 logs

---
 config-dist.php | 10 ++++++-
 lib/setup.php   | 72 ++++++++++++++++++++++++++++++-------------------
 2 files changed, 54 insertions(+), 28 deletions(-)

diff --git a/config-dist.php b/config-dist.php
index d7f19adfa47..0da10e11ff5 100644
--- a/config-dist.php
+++ b/config-dist.php
@@ -378,7 +378,15 @@ $CFG->admin = 'admin';
 //     LogFormat "%h %l %{MOODLEUSER}n %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\"" moodleformat
 // And in the part specific to your Moodle install / virtualhost:
 //     CustomLog "/your/path/to/log" moodleformat
-// CAUTION: Use of this option will expose usernames in the Apache log,
+//
+// Alternatively for other webservers such as nginx, you can instead have the username sent via a http header
+// 'X-MOODLEUSER' which can be saved in the logfile and then stripped out before being sent to the browser:
+//     $CFG->headerloguser = 0; // Turn this feature off. Default value.
+//     $CFG->headerloguser = 1; // Log user id.
+//     $CFG->headerloguser = 2; // Log full name in cleaned format. ie, Darth Vader will be displayed as darth_vader.
+//     $CFG->headerloguser = 3; // Log username.
+//
+// CAUTION: Use of this option will expose usernames in the Apache / nginx log,
 // If you are going to publish your log, or the output of your web stats analyzer
 // this will weaken the security of your website.
 //
diff --git a/lib/setup.php b/lib/setup.php
index 0f71dc6fabe..964567c2db4 100644
--- a/lib/setup.php
+++ b/lib/setup.php
@@ -915,36 +915,54 @@ if (!empty($CFG->debugvalidators) and !empty($CFG->guestloginbutton)) {
 
 // Apache log integration. In apache conf file one can use ${MOODULEUSER}n in
 // LogFormat to get the current logged in username in moodle.
-if ($USER && function_exists('apache_note')
-    && !empty($CFG->apacheloguser) && isset($USER->username)) {
-    $apachelog_userid = $USER->id;
-    $apachelog_username = clean_filename($USER->username);
-    $apachelog_name = '';
-    if (isset($USER->firstname)) {
-        // We can assume both will be set
-        // - even if to empty.
-        $apachelog_name = clean_filename($USER->firstname . " " .
-                                         $USER->lastname);
+// Alternatvely for other web servers a header X-MOODLEUSER can be set which
+// can be using in the logfile and stripped out if needed.
+if ($USER && isset($USER->username)) {
+    $logmethod = '';
+    $logvalue = 0;
+    if (!empty($CFG->apacheloguser) && function_exists('apache_note')) {
+        $logmethod = 'apache';
+        $logvalue = $CFG->apacheloguser;
     }
-    if (\core\session\manager::is_loggedinas()) {
-        $realuser = \core\session\manager::get_realuser();
-        $apachelog_username = clean_filename($realuser->username." as ".$apachelog_username);
-        $apachelog_name = clean_filename($realuser->firstname." ".$realuser->lastname ." as ".$apachelog_name);
-        $apachelog_userid = clean_filename($realuser->id." as ".$apachelog_userid);
+    if (!empty($CFG->headerloguser)) {
+        $logmethod = 'header';
+        $logvalue = $CFG->headerloguser;
     }
-    switch ($CFG->apacheloguser) {
-        case 3:
-            $logname = $apachelog_username;
-            break;
-        case 2:
-            $logname = $apachelog_name;
-            break;
-        case 1:
-        default:
-            $logname = $apachelog_userid;
-            break;
+    if (!empty($logmethod)) {
+        $loguserid = $USER->id;
+        $logusername = clean_filename($USER->username);
+        $logname = '';
+        if (isset($USER->firstname)) {
+            // We can assume both will be set
+            // - even if to empty.
+            $logname = clean_filename($USER->firstname . " " . $USER->lastname);
+        }
+        if (\core\session\manager::is_loggedinas()) {
+            $realuser = \core\session\manager::get_realuser();
+            $logusername = clean_filename($realuser->username." as ".$logusername);
+            $logname = clean_filename($realuser->firstname." ".$realuser->lastname ." as ".$logname);
+            $loguserid = clean_filename($realuser->id." as ".$loguserid);
+        }
+        switch ($logvalue) {
+            case 3:
+                $logname = $logusername;
+                break;
+            case 2:
+                $logname = $logname;
+                break;
+            case 1:
+            default:
+                $logname = $loguserid;
+                break;
+        }
+        if ($logmethod == 'apache') {
+            apache_note('MOODLEUSER', $logname);
+        }
+
+        if ($logmethod == 'header') {
+            header("X-MOODLEUSER: $logname");
+        }
     }
-    apache_note('MOODLEUSER', $logname);
 }
 
 // Ensure the urlrewriteclass is setup correctly (to avoid crippling site).