diff --git a/CHANGELOG b/CHANGELOG index fdfaf29fc..31063e7ce 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ CHANGELOG RoundCube Webmail =========================== +- Add HTTP_X_REAL_IP and HTTP_X_FORWARDED_FOR to successful logins log (#1486441) - Fix setting spellcheck languages with extended codes (#1486605) - Fix messages list scrolling in FF3.6 (#1486472) - Fix quicksearch input focus (#1486637) diff --git a/index.php b/index.php index d3cf06f0a..43cf7c413 100644 --- a/index.php +++ b/index.php @@ -103,12 +103,7 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') { $RCMAIL->authenticate_session(); // log successful login - if ($RCMAIL->config->get('log_logins')) { - write_log('userlogins', sprintf('Successful login for %s (id %d) from %s', - $RCMAIL->user->get_username(), - $RCMAIL->user->ID, - $_SERVER['REMOTE_ADDR'])); - } + rcmail_log_login(); // restore original request parameters $query = array(); diff --git a/program/include/main.inc b/program/include/main.inc index 9e1813182..1dbf0d406 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -1140,6 +1140,34 @@ function write_log($name, $line) } +/** + * Write login data (name, ID, IP address) to the 'userlogins' log file. + */ +function rcmail_log_login() +{ + global $RCMAIL; + + if (!$RCMAIL->config->get('log_logins') || !$RCMAIL->user) + return; + + $address = $_SERVER['REMOTE_ADDR']; + // append the NGINX X-Real-IP header, if set + if (!empty($_SERVER['HTTP_X_REAL_IP'])) { + $remote_ip[] = 'X-Real-IP: ' . $_SERVER['HTTP_X_REAL_IP']; + } + // append the X-Forwarded-For header, if set + if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $remote_ip[] = 'X-Forwarded-For: ' . $_SERVER['HTTP_X_FORWARDED_FOR']; + } + + if (!empty($remote_ip)) + $address .= '(' . implode(',', $remote_ip) . ')'; + + write_log('userlogins', sprintf('Successful login for %s (ID: %d) from %s', + $RCMAIL->user->get_username(), $RCMAIL->user->ID, $address)); +} + + /** * @access private */