We've got these users who are uploading static resources for courses, but the files are too big to upload using moodle, so they're uploading them with sftp.
These files are really big and we don't want the moodle backups to contain them, so we decided to put them outside dataroot. But, they need to be attached to particular courses.
So we've set up a new directory for them to upload the files into, and have told them to make a directory named with the moodle courseid, and put their files in there.
But, we needed some mechanism for serving these files that will do a) authentication, and b) check the user is enrolled (as student OR teacher) in the course these files are attached to.
So we wrote some nice wee mod_perl authentication (is the user logged in) & authorization (is the user allowed access to the particular resource) handlers. We check the moodle login with some clever trickery and magic involving cookies that have been md5 hashed. We check enrolment for a root folder that is a) numeric and b) not the site id (all logged in users should have access to this folder)
It's pretty complicated actually, anyone interested would need root on their box and a reasonable understanding of apache at least.
But, a very large advantage of this approach is that it's APACHE serving the files, rather than file.php, which can get very inefficient for large files, as well as for things like pdfs which can be served per page by Apache.
I don't want to do a big write up of this unless somebody is interested, because it's kinda large... but if anyone has a need for this, I can provide the perl modules and write a HOWTO.
Cheers
Penny
I need that feature. There's gonna be large files on my server. Thanks for your effort! It's Debian woody server and available Perl modules could be too old.
Teemu
Teemu
Hi Penny,
You and Martin L. have been doing some wonderful work on Moodle, my gratitude goes out to you!
I would like to learn more about this, it might be useful. Please provide more information.
Thanks,
Tim.
You and Martin L. have been doing some wonderful work on Moodle, my gratitude goes out to you!
I would like to learn more about this, it might be useful. Please provide more information.
Thanks,
Tim.
wow, thanks!
I'll try write up something for you both tomorrow or Monday.
It needs a bit of work if it's going to serve files from within dataroot (ie, lock down directories to only allow numeric, preventing session data from being seen), and it involves patching moodle's login/index.php and login/logout.php but I should be able to create you a patch, plus the perl modules, plus write something up about the apache conf.
p
I'll try write up something for you both tomorrow or Monday.
It needs a bit of work if it's going to serve files from within dataroot (ie, lock down directories to only allow numeric, preventing session data from being seen), and it involves patching moodle's login/index.php and login/logout.php but I should be able to create you a patch, plus the perl modules, plus write something up about the apache conf.
Hi Penny!
This looks like such a useful feature.
Just for my own understanding, I wanted to ask the following questions
Thanks in advance for your response.
WP1
This looks like such a useful feature.
Just for my own understanding, I wanted to ask the following questions
- Is the following the server file structure you are speaking of?
- /public_html/moodle
- /moodledata directory
- /upload directory students can FTP files to
- /public_html/moodle
- Is there a way to determine the files a particular student has uploaded by
- looking at the name of the file. In other words, is something added to the file name so it is apparent who the files are from without opening them first? OR
- uploading automatically into a folder that has his/her name or ID number? OR
- by some other means?
- Would there be a need to "hook-up" a cgi-bin to run perl outside of the Moodle directory for this to work properly?
Thanks in advance for your response.
WP1
Hi, WP!
Just for my own understanding, I wanted to ask the following questions
Is the following the server file structure you are speaking of?
/public_html/moodle
/moodledata directory
/upload directory students can FTP files to
We have it set up so that it's a separate directory, outside of dataroot, that teachers can upload resources into.. no student access. We're using sftp, not ftp, and forcing ssh keys for security.
It can be anywhere on the server, you just need to add something into your apache conf that looks like
Alias /resources /directory/on/server
(see http://httpd.apache.org/docs/mod/mod_alias.html#alias)
But this all assumes things like: you have root access on the box
Is there a way to determine the files a particular student has uploaded by
looking at the name of the file. In other words, is something added to the file name so it is apparent who the files are from without opening them first? OR
uploading automatically into a folder that has his/her name or ID number? OR
by some other means?
No, it has to upload into a directory that is the same as the courseid. Also it's not really for students to use. And since it's using system accounts (at the sftp stage) rather than moodle accounts, there wouldn't really be a way to find out the user id, unless you did something like create a system account for every moodle user. Or some sort of trickery and magic that is beyond me, at any rate. We just have an account on the server for the people that handle the resources at this polytech to upload the files into.
Would there be a need to "hook-up" a cgi-bin to run perl outside of the Moodle directory for this to work properly?
No, it doesn't run from a cgi-bin, but you need mod_perl - http://perl.apache.org/start/index.html. These perl scripts are not actually served like a php script is, they become part of the apache request cycle. Have a look at this diagram:
we've actually written perl modules that take care of the authentication and authorization parts. In addition, there is one .pl file that needs to run, login.pl which, if authentication fails, will get run. This just redirects to the moodle login page.
Bah. Not explaining myself clearly, it's Sunday morning.
This has four elements.
1. Moodle's login and logout script need to set some extra cookies.
2. We have two perl modules - authentication and authorization, that become part of Apache's request cycle. This requires mod_perl.
3. There's a login.pl file that needs something like this in your apache config file:
PerlHandler Apache::Registry
AddHandler perl-scri
4. Crap, I'm sure there were four things.
It seems as though there's enough interest in this for me to actually write up something coherant when I'm not hung over
And, to be honest, I'm pretty new to perl, this was the first thing I wrote in perl, at any rate (much scarier than 'hello,world!') so I may get Martin L to help me write something useful.
Maybe that helped a little bit, hope it didn't confuse you more
Just for my own understanding, I wanted to ask the following questions
Is the following the server file structure you are speaking of?
/public_html/moodle
/moodledata directory
/upload directory students can FTP files to
We have it set up so that it's a separate directory, outside of dataroot, that teachers can upload resources into.. no student access. We're using sftp, not ftp, and forcing ssh keys for security.
It can be anywhere on the server, you just need to add something into your apache conf that looks like
Alias /resources /directory/on/server
(see http://httpd.apache.org/docs/mod/mod_alias.html#alias)
But this all assumes things like: you have root access on the box
Is there a way to determine the files a particular student has uploaded by
looking at the name of the file. In other words, is something added to the file name so it is apparent who the files are from without opening them first? OR
uploading automatically into a folder that has his/her name or ID number? OR
by some other means?
No, it has to upload into a directory that is the same as the courseid. Also it's not really for students to use. And since it's using system accounts (at the sftp stage) rather than moodle accounts, there wouldn't really be a way to find out the user id, unless you did something like create a system account for every moodle user. Or some sort of trickery and magic that is beyond me, at any rate. We just have an account on the server for the people that handle the resources at this polytech to upload the files into.
Would there be a need to "hook-up" a cgi-bin to run perl outside of the Moodle directory for this to work properly?
No, it doesn't run from a cgi-bin, but you need mod_perl - http://perl.apache.org/start/index.html. These perl scripts are not actually served like a php script is, they become part of the apache request cycle. Have a look at this diagram:
we've actually written perl modules that take care of the authentication and authorization parts. In addition, there is one .pl file that needs to run, login.pl which, if authentication fails, will get run. This just redirects to the moodle login page.
Bah. Not explaining myself clearly, it's Sunday morning.
This has four elements.
1. Moodle's login and logout script need to set some extra cookies.
2. We have two perl modules - authentication and authorization, that become part of Apache's request cycle. This requires mod_perl.
3. There's a login.pl file that needs something like this in your apache config file:
PerlHandler Apache::Registry
AddHandler perl-scri
4. Crap, I'm sure there were four things.
It seems as though there's enough interest in this for me to actually write up something coherant when I'm not hung over
Maybe that helped a little bit, hope it didn't confuse you more
Penny, thanks for such an extensive and thorough explanation.
WP1
WP1
you're joking, right?
Something much better will come, I promise.
Something much better will come, I promise.
Penny,
This is very cool, as usual from you This would be a very useful feature for lots of campuses. I think lots of people would appreciate a brief HowTo cookbook. Thanks again for all of your great work.
This is very cool, as usual from you