Jump to content

Schmoe

Members
  • Posts

    1
  • Joined

  • Last visited

Schmoe's Achievements

Newbie

Newbie (1/14)

  • First Post
  • Conversation Starter
  • Week One Done
  • One Month Later
  • One Year In

Recent Badges

0

Reputation

  1. Hello all! I've been working with the TCH Awstats script the last couple of hours and I've added a few security improvements and moved the image directory for an easier install. I've found this script VERY useful, so I thought it was only fair to offer my modifications back to you. CHANGES: 1. Cpanel access is now done via SSL. Not a big deal, since in most cases the server is just accessing itself to pull up the stats info, but this is a VERY important addition if you are pulling stats from another server/site. 2. Username/Password is no longer appended to the URL. An actual login to cpanel is now performed by Curl. MUCH more secure. 3. I moved the images directory into the stats directory. Now, images are pulled from yoursite.com/stats/images instead of yoursite.com/images. This should make the install easier, cutting it down to 2 steps: 1. drop the stats directory into public_html 2. edit config.php My altered stats/index.php file is below, with the changes commented. Any feedback, thoughts for improvements, etc. are appreciated : ><?php /************************************************************************/ /* AWStats Access 2.0: Provides access to AWStats outside of cPanel */ /* ============================================ */ /* Created for and by members of TotalChoiceHosting.com */ /* Copyright (C) 2004 by TotalChoiceHosting.com */ /* */ /* This file is part of AWStats Access. */ /* AWStats Access is free software; you can redistribute it and/or */ /* modify it under the terms of the GNU General Public License as */ /* published by the Free Software Foundation; either version 2 of */ /* the License, or (at your option) any later version. */ /* */ /* AWStats Access is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with Foobar; if not, write to */ /* Free Software Foundation, Inc. */ /* 59 Temple Place, Suite 330 */ /* Boston, MA 02111-1307 USA */ /************************************************************************/ require_once("config.php"); if (!isset($PHP_AUTH_USER)) { header('WWW-Authenticate: Basic realm="Site Statistics"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authorization Required.'; exit; } else if (isset($PHP_AUTH_USER)) { if (($PHP_AUTH_USER != $username) || ($PHP_AUTH_PW != $password)) { header('WWW-Authenticate: Basic realm="Site Statistics"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authorization Required.'; exit; } else { if($QUERY_STRING == ""){$query = "config=$site";}else{$query=$QUERY_STRING;}; $Previous = false; if(isset($_POST)) { foreach($_POST as $key => $value) { if($Previous) { $POSTED .= "&"; } $POSTED = "$key=$value"; $Previous = true; } } //****cURL security rewrite: Use SSL to access cpanel, Don't send user-pass in URL**** $Curl = curl_init(); curl_setopt($Curl, CURLOPT_SSL_VERIFYPEER,0); curl_setopt($Curl, CURLOPT_SSL_VERIFYHOST,0); curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($Curl, CURLOPT_URL, "https://$site:2083/awstats.pl?$query"); curl_setopt($Curl, CURLOPT_USERPWD, "$cpnlusername:$cpnlpassword"); if(isset($_POST)) { curl_setopt($Curl, CURLOPT_POST, TRUE); curl_setopt($Curl, CURLOPT_POSTFIELDS, $POSTED); } curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1); $results = curl_exec($Curl); echo curl_error($Curl); curl_close ($Curl); //****end of cURL security rewrite**** for ($i = 0; $i < count($return_message_array); $i++) { $results = $results.$return_message_array[$i]; } if($query == "config=$site"){$results = str_replace("src=\"", "src=\"?", $results);} if($framename==index){$results = str_replace("src=\"", "src=\"index.php?", $results);} $results = str_replace("action=\"", "action=\"index.php?", $results); $results = str_replace("href=\"", "href=\"?", $results); $results = str_replace("href=\"?http://", "href=\"http://", $results); $results = str_replace("awstats.pl?", "", $results); //added to move images to stats directory $results = str_replace("src=\"/images", "src=\"images", $results); //end move images echo $results; } } ?>
×
×
  • Create New...