Making AwStats available outside of cPanel ?

RE: Making AwStats available outside of cPanel

I have the same exact request.
Ditto.

I was working with the support staff at my host and they keep creating a symbolic link to the stats, which works for a few minutes, then says

'forbidden'

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

The lack of this ability forces the cPanel user to have to manually email stats to addon domain clients.

 

AWSTATS Login

It would really be useful if this could be added to a future release - as we have many managed sites - where the clients only need to see the stats - without seeing the cPanel - so come on cPanel - how about a development path and response please ???

 

I too would like to see this option...

 

We use this totalchoicehosting.com/help/statisticspage.htm

It has a login but you can edit the script to remove the login

 

Would most definitely be useful!

 

Awstats Login

Crazeegeek - I have tried this script and it rocks ! - works first time -

totalchoicehosting.com/help/statisticspage.htm

Thanks Again

 

Re: Awstats Login

Page Not Found

I'd sure be interested to see what this is however...

 

Awstats

Ooops !

totalchoicehosting.com/help/statisticspage.htm

 

Wow, that Awstat's script worked great!

Awesome instructions and a great script! :D

Thanks for posting that link up for us "namehog".

 

I am a bit worried with this script however....

Keep in mind that I'm in no way proficient with PHP....hell, or HTML for that matter. :p

One concern of mine is that by using this script...we are placing our cPanel Login and Password into the same file that runs this script. I'm use to scripts such as this will use a seperate file (config.php, config.inc.php) which will store the protected information such as passwords.

With this script...it's all in one file, index.php.

Should I be concerned here gang?

 

Bailey, you and I must have been typing at the same time and you beat me to it.

So, my previous questions are on the mark then...

 

Well, what do some of you who know more about PHP out there think of this script?

Leaves us too open for hackers?

 

I think it is a bit risky. I remember an outsourced hosting support a while back who had their stats page viewable by the general public.

Thei eventually got spidered, and some crackers found some urls that should have been only known by the site owner.

Guess what happened? Site hacked, along with server hosting companies wondering who all had access to their server root passwords, etc etc etc.

Just a heads up. i explain the importance of password protected stats to mu users and they seem okay with it.

 

index.php

Code:

<?php
require_once("config.php");

if (!isset($PHP_AUTH_USER)) {
	
	header('WWW-Authenticate: Basic realm="Site Statistics"');
	header('HTTP/1.0 401 Unauthorized');
	echo 'Authorization Required.';
	exit;
	
} else if (isset($PHP_AUTH_USER)) {
	if (($PHP_AUTH_USER != $username) || ($PHP_AUTH_PW != $password)) {
  
  header('WWW-Authenticate: Basic realm="Site Statistics"');
  header('HTTP/1.0 401 Unauthorized');
  echo 'Authorization Required.';
  exit;
	}
else {
  if($QUERY_STRING == ""){$query = "config=$site";}else{$query=$QUERY_STRING;};
  
  exec("/usr/bin/curl 'http://$cpnlusername:[email protected]$site:2082/awstats.pl?$query'",$return_message_array, $return_number);
  
  for ($i = 0; $i < count($return_message_array); $i++) {
  	$results = $results.$return_message_array[$i];
  }
  
  if($query == "config=$site"){$results = str_replace("src=\"", "src=\"?", $results);}
  
  if($framename==index){$results = str_replace("src=\"", "src=\"index.php?", $results);}
  
  $results = str_replace("action=\"", "action=\"index.php?", $results);
  $results = str_replace("href=\"", "href=\"?", $results);
  $results = str_replace("awstats.pl?", "", $results);
  
  echo $results;
	}
}
?>

config.php

Code:

<?php
$username = "user";
$password = "pass";
$site = "yoursite.com";
$cpnlusername = "cpanel_username";
$cpnlpassword = "cpanel_password";
?>

 

Presumably there's no way to stop the user getting the config.php source via FTP and finding their username and password to access CPanel?

 

This does not work for me. I keep getting prompted to enter a password even though I am entering the correct password.

 

I would strongly recommend anyone using this put the config file outside of your /public_html/ folder. Helps mitigate any risk.

 

I tried this tip, but all I get is a blank page

 

hi there - im a bit confused... theres already a stats folder under www/public_html. do i put the files in there or in a new stats folder per each addon domain?

(i assume the latter?) - ive stashed my login details via another file above www - and i get an error msg :

Error: Couldn't open config file "awstats.strike1.co.za.conf" nor "awstats.conf" after searching in path "/usr/local/cpanel/base,/home/franstar/tmp/awstats/,/etc/opt/awstats,/etc/awstats,/etc,/usr/local/etc/awstats": No such file or directory

- Did you use the correct URL ?
Example: http://localhost/awstats/config=mysite
Example: http://127.0.0.1/cgi-bin/config=mysite
- Did you create your config file 'awstats.strike1.co.za.conf' ?
If not, you can run "awstats_configure.pl" from command line, or create it manually.

Check config file, permissions and AWStats documentation (in 'docs' directory).

have a look there - login/pw is user/pass- and the site is not an important one. if u can pls help that would be gr8 -

i would assume each concurrent cliet/domain would simply goto theirdomain.com/ststas and have their stuff shown?

not working for me.... boo