The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

awstats proxy script & forms

Discussion in 'General Discussion' started by Jesepi, Apr 6, 2005.

  1. Jesepi

    Jesepi Member

    Joined:
    Sep 1, 2004
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    I am not skilled with php at all, but I don't think this is very complicated. Right now I have a form that I wish a user to be able to type in his domain name, username, and password and then pass it to a script that loads up awstats without having them get into cpanel. (they themselves even said they do not wish to, "I would probably break something")

    Currently I have the form:

    HTML:
    <p>Which site's stats would you like to view?</p>
    <form name="form1" method="post" action="awstats.php">
      <table width="31%" border="0" cellspacing="0" cellpadding="0">
        <tr>
          <td width="32%">Domain Name</td>
          <td width="68%"><input name="domain" type="text" id="domain">
          </td>
        </tr>
        <tr>
          <td>Username</td>
          <td><input name="user" type="text" id="user">
          </td>
        </tr>
        <tr>
          <td>Password</td>
          <td><input name="pass" type="password" id="pass">
          </td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td><input type="submit">
          </td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
        </tr>
      </table>
    </form>
    
    the info needs to pass to...

    PHP:
    <?php
    /*
    dv at josheli.com

    Proxy for viewing Awstats outside of cpanel. I assume no liability.


    1 out of 3 people ask me if it's "safe" to have their username and password
    in this file. Here's my answer:

    When you signed up with your web hosting provider, they probably provided
    you with an email with your login/password, right? Do you ever use FTP
    with your site? Do you login to your mail server, to hotmail, to yahoo, to
    anywhere else? When you log in to cpanel or WHM, do you do it through SSL
    or not? Have you installed any other web software like osCommerce or phpBB
    or any other script?

    In all cases, your user/password is either sent through dozens of
    computers in plain text and is sitting in someone else's harddrive or
    database, or is stored in plain text on some file on your webserver. You
    are never safe.

    So, if someone wants to steal ANY user/password, it's pretty easy. In
    fact, probably half a dozen people could look at any password of yours
    right now. But to answer what i think you're specifically asking about about
    this script, no, not just anyone can find out the user/pass.

    And besides that, there are other precautions you could take. Ask around.
    */

    $user 'username';//your cpanel username
    $pass 'password';//your cpanel password
    $domain 'domainname.com';//do not include 'http://' or 'www.'

    /*
    If you don't know what you're doing, set $dynamic_images equal
    to TRUE, and don't worry about the $image_directory variable.
    Otherwise,
        - Normally, this script will load images by proxy, i.e. awstats.php
          is called for each <img> tag and will send the correct
          image to the browser. This is not the way the web is designed
          to work. So, if you wish to improve performance and lower
          bandwidth, you can:
          1. Set $dynamic_images to FALSE
          2. Create an image directory in your webroot
          3. Copy all of awstats image sub-directories to this new directory
          4. Point the $image_directory variable to your new directory     
        You will get all the benefits of cached, static images.
        In order to get the Awstats images and their directories, you will
        probably need to download an awstats distribution from
        awstats.sourceforge.net. The final layout will probably look like this:

          awstats_imagedir/
                        browser/
                        clock/
                        cpu/
                        flags/
                        mime/
                        os/
                        other/

        Under each of those sub-directories will be dozens of .png files.
    */

    $dynamic_images false;
    $image_directory '../awicons/';

    //lame attempt to combat referrer spam
    $spam_words = array('mortgage''sex''porn''cock''slut''facial''loving''gay''.ro');


    /***********
    NO NEED TO TOUCH ANYTHING BELOW HERE
    ************/

    //retrieves the file, either .pl or .png
    function get_file($fileQuery)
    {
      global 
    $user$pass$domain;
      return 
    file_get_contents("http://$user:$pass@$domain:2082/".$fileQuery);
    }

    $requesting_image = (strpos($_SERVER['QUERY_STRING'],'.png')===false)?false:true;

    if(
    $dynamic_images && $requesting_image//it's a .png file...
    {
      if(!
    is_dir($image_directory))
      {
        exit;
      }
      
    $fileQuery $_SERVER['QUERY_STRING'];
    }
    elseif(empty(
    $_SERVER['QUERY_STRING']))//probably first time to access page...
    {
      
    $fileQuery "awstats.pl?config=$domain";
    }
    else 
    //otherwise, all other accesses
    {
      
    $fileQuery 'awstats.pl?'.$_SERVER['QUERY_STRING'];
    }

    $file get_file($fileQuery);

    //check again to see if it was a .png file
    //if it's not, replace the links
    if(!$requesting_image)
    {
      
    $file str_replace('awstats.pl'basename($_SERVER['PHP_SELF']), $file);
      
      if(
    $dynamic_images)
      {
        
    $imgsrc_search '="/images';
        
    $imgsrc_replace '="'.basename($_SERVER['PHP_SELF']).'?images';
      }
      else
      {
        
    $imgsrc_search 'src="/images/awstats/';
        
    $imgsrc_replace 'src="'.$image_directory;
      }

      
    $file str_replace($imgsrc_search$imgsrc_replace$file);
      
    $file str_replace($spam_words'SPAM'$file);
    }
    else 
    //if it is a png, output appropriate header
    {
      
    header("Content-type: image/png");
    }

    //output the file
    echo $file;
    ?> 
    In my attempt to get this done, i had changed:

    PHP:
    $user 'username';//your cpanel username
    $pass 'password';//your cpanel password
    $domain 'domainname.com';//do not include 'http://' or 'www.'
    to

    PHP:
    $user $_POST['user']; //your cpanel username
    $pass $_POST['pass']; //your cpanel password
    $domain $_POST['domain']; //do not include 'http://' or 'www.'
    But I get a php error of "Failed to open HTTP stream" when doing this.

    Anyone have a suggestion as to what I am doing wrong? I know this isnt a php forum, but I do know several people here have tweaked around with awstats, and may have worked on a similar idea as this one.

    On a side note, the script when used as it was designed works great, I guess the worst case situation would be having to place it in every single folder on the server that holds the sites.
     
  2. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    North Carolina
    I use the same script from josheli.com for various clients I host and yes -- it does work great.

    I took a simpler approach:

    - hardcode their username, password, etc. in the php file
    - place the script in a directory (ie /stats)
    - password protect that directory and provide them with appropriate sign-on info

    Would the above not work in your scenario?
     
  3. Jesepi

    Jesepi Member

    Joined:
    Sep 1, 2004
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    It would work, but the bad thing is the user has over 20 domains, and plans on having more than double that before the year is over. Having to do that with every single domain, (fixing the file, uploading it and then password protecting the folder) instead of having one point where he can access all his sites would be incredibly annoying =/
     
  4. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    North Carolina
    I follow you ... but in the scenario you outline your client would have to keep track of 20+ unique login combinations whereas you could set up the same uname and pw on all the protected (i.e. /stats) directories to make it easier for them.

    When they want to view stats, all they have to remember is the one uname and pw combination to access all the /stats directories under each site.

    Now that I think of it, you could create a default set of these files place them under /root/cpanel3-skel/ or /home/reseller/cpanel3-skel/. That way they'll automatically be created each time you add a domain, and all you'd have to do is edit the three variables in the php file.

    Now that would be efficient. In fact, thanks for triggering that idea. I'm going to do that myself! :)
     
    #4 RickG, Apr 7, 2005
    Last edited: Apr 7, 2005
Loading...

Share This Page