The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

awstats proxy display outside cPanel

Discussion in 'General Discussion' started by budjoe, Apr 8, 2010.

  1. budjoe

    budjoe Registered

    Joined:
    Jan 6, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Recent updates to WHM and cPanel broke the awstats proxy I was using.
    With my own attempts to tighten security and tightened security in cPanel simple methods to get the pages failed.
    You may find that you can no longer get the page data with "file_get_contents", or get the file stream with "exec" using curl or wget even when passing the username and password.

    I ended up using using the php curl libraries and commands and connecting to the secure version.

    Original code published here with permission of David Vance.
    Use and modify if it helps you.

    Note: you may also want to wrap this page into some form of user authentication to prohibit unwanted access.
    I use the file with login includes that are part of user admin to sections of the user site that they can control.

    PHP:
    <?php
    /*
    original by dv at josheli.com
    revised 2010-04-08 by budjoe at verizon.net

    Modification to get page stream with php curl functions.
    Necessary on my cPanel because of tightened security accessing cPanel pages

    Proxy for viewing Awstats outside of cpanel. I assume no liability.


    1 out of 3 people ask me if it's "safe" to have their username and password
    in this file. Here's my answer:

    When you signed up with your web hosting provider, they probably provided
    you with an email with your login/password, right? Do you ever use FTP
    with your site? Do you login to your mail server, to hotmail, to yahoo, to
    anywhere else? When you log in to cpanel or WHM, do you do it through SSL
    or not? Have you installed any other web software like osCommerce or phpBB
    or any other script?

    In all cases, your user/password is either sent through dozens of
    computers in plain text and is sitting in someone else's harddrive or
    database, or is stored in plain text on some file on your webserver. You
    are never safe.

    So, if someone wants to steal ANY user/password, it's pretty easy. In
    fact, probably half a dozen people could look at any password of yours
    right now. But to answer what i think you're specifically asking about about
    this script, no, not just anyone can find out the user/pass.

    And besides that, there are other precautions you could take. Ask around.

    budjoe--
    For example put the values into an include file and place that file outside the web root.
    */

    $user 'username';//your cpanel username
    $pass 'password';//your cpanel password
    $domain 'mydomain.com';//do not include 'http://' or 'www.'

    /*
    Domain of the stats you wish to view, e.g. a subdomain like "cvs.mydomain.com".
    If left blank, defaults to the "domain" above
    Another option is to set the "config" parameter in the url of your browser, e.g.:
    http://www.domain.com/awstats.php?config=sub.domain.com
    */
    $config_domain '';

    /*
    If you don't know what you're doing, set $dynamic_images equal
    to TRUE, and don't worry about the $image_directory variable.
    Otherwise,
        - Normally, this script will load images by proxy, i.e. awstats.php
          is called for each <img> tag and will send the correct
          image to the browser. This is not the way the web is designed
          to work. So, if you wish to improve performance and lower
          bandwidth, you can:
          1. Set $dynamic_images to FALSE
          2. Create an image directory in your webroot
          3. Copy all of awstats image sub-directories to this new directory
          4. Point the $image_directory variable to your new directory
        You will get all the benefits of cached, static images.
        In order to get the Awstats images and their directories, you will
        probably need to download an awstats distribution from
        awstats.sourceforge.net. The final layout will probably look like this:

          awstats_imagedir/
                        browser/
                        clock/
                        cpu/
                        flags/
                        mime/
                        os/
                        other/

        Under each of those sub-directories will be dozens of .png files.

    budjoe -- another alternative is to create a sym link to the base awstats image directory. In my version it is located at /usr/local/cpanel/base/images/awstats

    Avoids having to redownload and repopulate the image directory if updates to awstats adds more images. You must have follow sym links enabled and have root or sudo access to make the sym link.
    */

    $dynamic_images false;
    $image_directory './awstats_images/';

    //lame attempt to combat referrer spam
    $spam_words = array('mortgage''sex''porn''cock''slut''facial''loving''gay''.ro');


    /***********
    NO NEED TO TOUCH ANYTHING BELOW HERE
    ************/

    /* retrieves the file, either .pl or .png
    modified from the original 2010-04-08 to use php curl
    */
    function get_file($fileQuery) {
      global 
    $user$pass$domain;
      
    // create curl resource 
      
    $ch curl_init(); 

      
    // set url 
      
    curl_setopt($chCURLOPT_URL"https://$domain:2083/$fileQuery"); 

      
    //return the transfer as a string 
      
    curl_setopt($chCURLOPT_RETURNTRANSFER1);
      
    //set curl username and password
      
    curl_setopt($chCURLOPT_USERPWD"$user:$pass");
      
    //set culr to not validate certificate
      //necessary if you are using a self signed certificate for cpanel
      
    curl_setopt($chCURLOPT_SSL_VERIFYPEER0);
      
    //set curl to follow links
      
    curl_setopt($chCURLOPT_FOLLOWLOCATION1);
      
    //set culr authentication to basic
      
    curl_setopt($chCURLOPT_HTTPAUTHCURLAUTH_BASIC);
      
    // $output contains the output string 
      
    $output curl_exec($ch); 

      return  
    $output;

      
    // close curl resource to free up system resources 
      
    curl_close($ch);      
      
    }

    $requesting_image = (strpos($_SERVER['QUERY_STRING'],'.png')===false)?false:true;

    if (
    $requesting_image) { //it's a .png file...
      
    if (!$dynamic_images && !is_dir($image_directory)) {
        exit;
      }
      
    $fileQuery $_SERVER['QUERY_STRING'];
    } elseif (empty(
    $_SERVER['QUERY_STRING'])) {
      
    //probably first time to access page...
      
    if (empty($config_domain)) {
        
    $config_domain $domain;
      }
      
    $fileQuery "awstats.pl?config=$config_domain";
    } else { 
    //otherwise, all other accesses
      
    $fileQuery 'awstats.pl?'.$_SERVER['QUERY_STRING'];
    }

    $file get_file($fileQuery);

    //check again to see if it was a .png file
    //if it's not, replace the links
    if(!$requesting_image) {
      
    $file str_replace('awstats.pl'basename($_SERVER['PHP_SELF']), $file);
      if(
    $dynamic_images) {
        
    $imgsrc_search '="/images';
        
    $imgsrc_replace '="'.basename($_SERVER['PHP_SELF']).'?images';
      } else {
        
    $imgsrc_search 'src="/images/awstats/';
        
    $imgsrc_replace 'src="'.$image_directory;
      }

      
    $file str_replace($imgsrc_search$imgsrc_replace$file);
      
    $file str_replace($spam_words'SPAM'$file);
    } else { 
    # if it is a png, output appropriate header
      
    header("Content-type: image/png");
    }

    //output the file
    echo $file;

    ?>
     
  2. pagestep

    pagestep Registered

    Joined:
    Aug 2, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Thank you so much for your contribution, budjoe! The original proxy by dv at josheli.com broke on my sites as well, and your stuff restored it.

    Is there any possibility you could do the same for the auto-responder proxy (also from dv at josheli.com )? (I took a whack at it and apparently just messed things up. :confused: )

    Dirk
     
Loading...

Share This Page