Hello all!
I've been working with the TCH Awstats script the last couple of hours and I've added a few security improvements and moved the image directory for an easier install. I've found this script VERY useful, so I thought it was only fair to offer my modifications back to you.
CHANGES:
1. Cpanel access is now done via SSL. Not a big deal, since in most cases the server is just accessing itself to pull up the stats info, but this is a VERY important addition if you are pulling stats from another server/site.
2. Username/Password is no longer appended to the URL. An actual login to cpanel is now performed by Curl. MUCH more secure.
3. I moved the images directory into the stats directory. Now, images are pulled from yoursite.com/stats/images instead of yoursite.com/images. This should make the install easier, cutting it down to 2 steps:
1. drop the stats directory into public_html
2. edit config.php
My altered stats/index.php file is below, with the changes commented. Any feedback, thoughts for improvements, etc. are appreciated :
><?php
/************************************************************************/
/* AWStats Access 2.0: Provides access to AWStats outside of cPanel */
/* ============================================ */
/* Created for and by members of TotalChoiceHosting.com */
/* Copyright (C) 2004 by TotalChoiceHosting.com */
/* */
/* This file is part of AWStats Access. */
/* AWStats Access is free software; you can redistribute it and/or */
/* modify it under the terms of the GNU General Public License as */
/* published by the Free Software Foundation; either version 2 of */
/* the License, or (at your option) any later version. */
/* */
/* AWStats Access is distributed in the hope that it will be useful, */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
/* GNU General Public License for more details. */
/* */
/* You should have received a copy of the GNU General Public License */
/* along with Foobar; if not, write to */
/* Free Software Foundation, Inc. */
/* 59 Temple Place, Suite 330 */
/* Boston, MA 02111-1307 USA */
/************************************************************************/
require_once("config.php");
if (!isset($PHP_AUTH_USER)) {
header('WWW-Authenticate: Basic realm="Site Statistics"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
} else if (isset($PHP_AUTH_USER)) {
if (($PHP_AUTH_USER != $username) || ($PHP_AUTH_PW != $password)) {
header('WWW-Authenticate: Basic realm="Site Statistics"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
}
else {
if($QUERY_STRING == ""){$query = "config=$site";}else{$query=$QUERY_STRING;};
$Previous = false;
if(isset($_POST))
{
foreach($_POST as $key => $value)
{
if($Previous)
{
$POSTED .= "&";
}
$POSTED = "$key=$value";
$Previous = true;
}
}
//****cURL security rewrite: Use SSL to access cpanel, Don't send user-pass in URL****
$Curl = curl_init();
curl_setopt($Curl, CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($Curl, CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($Curl, CURLOPT_URL, "https://$site:2083/awstats.pl?$query");
curl_setopt($Curl, CURLOPT_USERPWD, "$cpnlusername:$cpnlpassword");
if(isset($_POST))
{
curl_setopt($Curl, CURLOPT_POST, TRUE);
curl_setopt($Curl, CURLOPT_POSTFIELDS, $POSTED);
}
curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1);
$results = curl_exec($Curl);
echo curl_error($Curl);
curl_close ($Curl);
//****end of cURL security rewrite****
for ($i = 0; $i < count($return_message_array); $i++) {
$results = $results.$return_message_array[$i];
}
if($query == "config=$site"){$results = str_replace("src=\"", "src=\"?", $results);}
if($framename==index){$results = str_replace("src=\"", "src=\"index.php?", $results);}
$results = str_replace("action=\"", "action=\"index.php?", $results);
$results = str_replace("href=\"", "href=\"?", $results);
$results = str_replace("href=\"?http://", "href=\"http://", $results);
$results = str_replace("awstats.pl?", "", $results);
//added to move images to stats directory
$results = str_replace("src=\"/images", "src=\"images", $results);
//end move images
echo $results;
}
}
?>