openrat-cms

# OpenRat Content Management System
git clone http://git.code.weiherhei.de/openrat-cms.git
Log | Files | Refs
commit fd2f5b98665c6516e9508e56370e9781430e0298
parent 3bf2a6932371c0c42001a2ddb72925405b89bad5
Author: Jan Dankert <develop@jandankert.de>
Date:   Mon, 20 May 2019 22:46:23 +0200

New: Bei schreibenden Zugriffen ein Audit-Log ergänzen.

Diffstat:

modules/cms-core/Dispatcher.class.php | 61+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


1 file changed, 61 insertions(+), 0 deletions(-)

diff --git a/modules/cms-core/Dispatcher.class.php b/modules/cms-core/Dispatcher.class.php
@@ -110,6 +110,7 @@ class Dispatcher
             throw $e;
         }
 
+        $this->writeAuditLog();
         $this->commitDatabaseTransaction();
 
         if  ( DEVELOPMENT )
@@ -491,4 +492,64 @@ class Dispatcher
     {
         header('Content-Language: ' . Conf()->subset('language')->get('language_code') );
     }
+
+
+
+    private function writeAuditLog()
+    {
+        // Only write Audit Log for POST requests.
+        if   ( ! $this->request->isAction )
+            return;
+
+        $auditConfig = config()->subset('audit-log');
+
+        if   ( $auditConfig->is('enabled',false))
+        {
+            $dir = $auditConfig->get('directory','./audit-log' );
+
+            if   ( $dir[0] != '/' )
+                $dir = __DIR__.'/../../'.$dir;
+
+            $micro_date = microtime();
+            $date = explode(" ",$micro_date);
+            $filename = $dir.'/'.$auditConfig->get('prefix','audit' ).'-'.date('c',$date[1]).'-'.$date[0].'.json';
+
+            $json = new \JSON();
+            $user = Session::getUser();
+
+            $data = array(
+                'database'    => array(
+                    'id'      => db()->id ),
+                'user'        => array(
+                    'id'      => $user->userid,
+                    'name'    => $user->name ),
+                'timestamp'   => date('c'),
+                'action'      => $this->request->action,
+                'method'      => $this->request->method,
+                'remote-ip'   => $_SERVER['REMOTE_ADDR'],
+                'request-time'=> $_SERVER['REQUEST_TIME'],
+                'data'        => $this->filterCredentials( $_REQUEST )
+            );
+
+            // Write the file.
+            if   ( file_put_contents( $filename, $json->encode($data) ) === FALSE )
+                Logger::warn('Could not write audit log to file: '.$filename);
+            else
+                Logger::debug('Audit logfile: '.$filename);
+        }
+
+    }
+
+
+    /*
+     * Filter credentials from an array.
+     */
+    private function filterCredentials( $input )
+    {
+        foreach( array( 'login_password','password1','password2' ) as $cr )
+            if  ( isset($input[$cr]))
+                $input[$cr] = '***';
+
+        return $input;
+    }
 } 
\ No newline at end of file