The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

allow access to awstats without cpanel login

Discussion in 'General Discussion' started by boatdesign, Mar 5, 2004.

  1. boatdesign

    boatdesign Well-Known Member

    Joined:
    Sep 13, 2003
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    16
    I would like to allow some people access to awstats stats reports without allowing them access to the main cpanel login. How can I do this?
     
  2. johnmounsey

    johnmounsey Member
    PartnerNOC

    Joined:
    Mar 30, 2002
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
  3. osfdeath

    osfdeath Well-Known Member

    Joined:
    Aug 29, 2003
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    It's likely those will no longer work as they depend on passing the username:password through the URL

    Too bad because I really like those scripts :(
     
  4. Steve-PWH

    Steve-PWH Well-Known Member

    Joined:
    Jun 30, 2002
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    16
    No they will work as its only IE that blocks that system PHP does not
     
  5. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    The script in discussion uses curl to get the output from the location passing the username:password in url. Curl runs from inside the system, and IE never comes in between.

    However always remember, with the kind of scripts being discussed, anytime your cpanel user password is updated, you would need to hand edit the file to change it. One place is ok, but if the number increase, it could be a problem.
     
  6. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    Silly question maybe, but how much of a security issue are these kinds of scripts (with your cpanel name:word) hard-coded in the script.

    Is your name:word vulnerable to http traffic, or just ftp?
     
  7. osfdeath

    osfdeath Well-Known Member

    Joined:
    Aug 29, 2003
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    So long as your php is configured properly it cannot be read however I usually use an include statement and put the username and pass in a seperate file in a password protected directory
     
  8. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    Just about the same time i was posting ;)

    verdon, method recommended by osfdeath is better.

    As for question, if someone runs a sniffer, this would show up in that (i am sure it would, if i am wrong perhaps anyone can correct me)
     
  9. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    Watch out for servers where you have php base dir enabled. You would need to remove php basedir on the account if you include files from another directory than the user's own. OR include the password directory inside the httpd.conf entry for that user.
     
  10. BrightAdmin

    BrightAdmin Well-Known Member

    Joined:
    Feb 29, 2004
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
Loading...

Share This Page