Jump to content

Improvements To The Tch Awstats Script


Schmoe
 Share

Recommended Posts

Hello all!

 

I've been working with the TCH Awstats script the last couple of hours and I've added a few security improvements and moved the image directory for an easier install. I've found this script VERY useful, so I thought it was only fair to offer my modifications back to you. :lol:

CHANGES:

1. Cpanel access is now done via SSL. Not a big deal, since in most cases the server is just accessing itself to pull up the stats info, but this is a VERY important addition if you are pulling stats from another server/site.

 

2. Username/Password is no longer appended to the URL. An actual login to cpanel is now performed by Curl. MUCH more secure.

 

3. I moved the images directory into the stats directory. Now, images are pulled from yoursite.com/stats/images instead of yoursite.com/images. This should make the install easier, cutting it down to 2 steps:

1. drop the stats directory into public_html

2. edit config.php

 

My altered stats/index.php file is below, with the changes commented. Any feedback, thoughts for improvements, etc. are appreciated :group: :

><?php
/************************************************************************/
/* AWStats Access 2.0: Provides access to AWStats outside of cPanel     */
/* ============================================                         */
/* Created for and by members of TotalChoiceHosting.com                 */
/* Copyright (C) 2004 by TotalChoiceHosting.com                         */
/*                                                                      */
/* This file is part of AWStats Access.                                 */
/*  AWStats Access is free software; you can redistribute it and/or     */
/*  modify it under the terms of the GNU General Public License as      */
/*  published by the Free Software Foundation; either version 2 of      */
/*  the License, or (at your option) any later version.                 */
/*                                                                      */
/*  AWStats Access is distributed in the hope that it will be useful,   */
/*  but WITHOUT ANY WARRANTY; without even the implied warranty of      */
/*	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the       */
/*  GNU General Public License for more details.                        */
/*                                                                      */
/*  You should have received a copy of the GNU General Public License   */
/*  along with Foobar; if not, write to                                 */
/*	Free Software Foundation, Inc.                                      */
/*  59 Temple Place, Suite 330                                          */
/*	Boston, MA  02111-1307  USA                                         */
/************************************************************************/

require_once("config.php");

if (!isset($PHP_AUTH_USER)) {

header('WWW-Authenticate: Basic realm="Site Statistics"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;

} else if (isset($PHP_AUTH_USER)) {
if (($PHP_AUTH_USER != $username) || ($PHP_AUTH_PW != $password)) {

header('WWW-Authenticate: Basic realm="Site Statistics"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
}
else {
if($QUERY_STRING == ""){$query = "config=$site";}else{$query=$QUERY_STRING;};

$Previous = false;
if(isset($_POST))
{
foreach($_POST as $key => $value)
{
if($Previous)
{
 $POSTED .= "&";
}

$POSTED = "$key=$value";

$Previous = true;
}
}

//****cURL security rewrite: Use SSL to access cpanel, Don't send user-pass in URL****
$Curl = curl_init();
curl_setopt($Curl, CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($Curl, CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($Curl, CURLOPT_URL, "https://$site:2083/awstats.pl?$query");
curl_setopt($Curl, CURLOPT_USERPWD, "$cpnlusername:$cpnlpassword");
if(isset($_POST))
{
curl_setopt($Curl, CURLOPT_POST, TRUE);
curl_setopt($Curl, CURLOPT_POSTFIELDS, $POSTED);
}
curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1);
$results = curl_exec($Curl);
echo curl_error($Curl);
curl_close ($Curl);
//****end of cURL security rewrite****
for ($i = 0; $i < count($return_message_array); $i++) {
 $results = $results.$return_message_array[$i];
}

if($query == "config=$site"){$results = str_replace("src=\"", "src=\"?", $results);}

if($framename==index){$results = str_replace("src=\"", "src=\"index.php?", $results);}

$results = str_replace("action=\"", "action=\"index.php?", $results);
$results = str_replace("href=\"", "href=\"?", $results);
$results = str_replace("href=\"?http://", "href=\"http://", $results);
$results = str_replace("awstats.pl?", "", $results);
//added to move images to stats directory
$results = str_replace("src=\"/images", "src=\"images", $results);
//end move images

echo $results;
}
}
?>

Link to comment
Share on other sites

Does this affect me without me knowing it? I mean, does this thread mean that those who want to can make these changes, or does it mean that the global functionality of AWstats at TCH has changed?

Link to comment
Share on other sites

It means that Schmoe is sharing his modifications with us.

 

If TCH were to implement such a script there would be a period of testing and I am pretty sure there would be an announcement that it was going to happen.

 

If I'm not mistaken, however, this is a script that lets you show your stats to others without them going into Cpanel. Most of the clients here will not even have this code and if they do they installed it themselves and it wouldn't be changed without notification... if at all.

Link to comment
Share on other sites

  • 2 months later...

Hi,

 

I'm new to this and it is exactly what I am looking for. :)

 

Questions:

 

1) We still need to include the CPANEL login information in the CONFIG.PHP, correct? I also assumed that "CURL" means to create a login via the Password Protected Directories instead of embedding the login in the CONFIG.PHP file. If I assume incorrectly, please let me know.

 

2) In order to forbid someone from FTPing the CONFIG.PHP, we still need to put it outside the PUBLIC_HTML directory and modify the CONFIG.PHP to look in the new directory?

 

Thanks for sharing SCHMOE!

 

 

Dave

Link to comment
Share on other sites

  • 4 months later...

hi all :)

i need some help to install this awstat (w/o enter cpanel).

i've follow all instruction, and login successfully. but i can't see the graphics statistic of awstat after that.

i've double check file config.php and everything is okay.

 

the $site has correct value.

and i've include absolute location of config.php.

 

so, am i miss something?

thanks in advance.

 

-ms-

Link to comment
Share on other sites

meisaputra,

 

From what you wrote, it seems you can see the statistics but not the graphics associated with the stats. If that is the case, as per Bruce, you need to make sure everything from the ZIP file is uploaded, especially all the .png files under the "/images" folder.

 

p.s. welcome to the forum.

Link to comment
Share on other sites

Welcome to the forums ms

 

Did you upload everything in the .zip file to the folder you created? Are you seeing the text portions of AwStats?

 

yes I've uploaded all files, Bruce.

I have local webserver in my pc, same as in the web hosting (except the location of config.php).

 

In my pc webserver, awstats running well and showw the result completly.

but in the web hosting, login is successfully. i can see the title of my browser display statistic for solid.web.id. it means, the script has passed the login and read index.php.

 

these lines below are result of phpinfo between my pc (intranet) and my internet (if necessary).

 

-- INTERNET --

curl

CURL support enabled

CURL Information libcurl/7.12.0 OpenSSL/0.9.7a zlib/1.1.4

 

-- INTRANET --

curl

CURL support enabled

CURL Information libcurl/7.10.8 OpenSSL/0.9.7d

 

thank u for welcome me. :rolleyes:

best regard.

 

ms.

Link to comment
Share on other sites

meisaputra,

 

From what you wrote, it seems you can see the statistics but not the graphics associated with the stats. If that is the case, as per Bruce, you need to make sure everything from the ZIP file is uploaded, especially all the .png files under the "/images" folder.

 

p.s. welcome to the forum.

 

no, not only graphics. I can not see the graphics and text too. but the title of web has change to awstat title (Statistic for solid.web.id).

 

thank for your response, and I wait your reply.

thanks you.

 

-ms-

Link to comment
Share on other sites

Are you trying to get this working on your own pc or an account hosted here on the TCH servers?

 

I installed awstat into my own pc AND my web hosting.

those awstats access to one source log file in web hosting.

FYI, it only works on my own PC...

My aim is awstat working on my web hosting.

Link to comment
Share on other sites

Is your site hosted here at TCH? If so the instructions given should be working.

 

Also AwStats is part of cPanel. The only purpose of this version is to allow others access to AwStats without giving them access to cPanel.

 

No, I'm not. I use another webhosting. But Interested to implement this script into my web.

I know that there is awstat configuration in cpanel, but it is disabled. I don't know why.

Link to comment
Share on other sites

Well, if you were hosted here AwStats would be active in cPanel and I'm guessing that's why it's not working at your current host's site. Sorry.

 

I'thought it's not related to where my web hosted. In fact, when I access http://localhost/www.solid.web.id/stats/ the statistics shown. But when I go to http://www.solid.web.id/stats/ the statstic DOESN'T show. The statistic data stored on www.solid.web.id

 

Maybe I've doing something wrong in some step?

Or somebody outhere has same problem with me?

 

regard,

ms

Link to comment
Share on other sites

  • 1 month later...

Alright kids! Here's a new improved v2.5 v3.0 script. Want to know what's new?

 

1) Cleaner & smarter code.

2) Form changed to explicit GET.

3) Removal of for-loop for POST.

4) Script auto-detects name, thus removing the hardcoded "awstats.php" and allows renaming.

5) Better and more robust cURL error reporting.

6) Image handling! It will now use cURL to load the images directly from CPanel, thus removing the requirement of installing the images locally.

7) Switched to explicit usage of $_SERVER.

8) Enjoy!

 

><?
/************************************************************************/
/*  AWStats Access 3.0: Provides access to AWStats outside of cPanel	*/
/*  ============================================						*/
/*  Created for and by members of TotalChoiceHosting.com				*/
/*  Copyright © 2006 by TotalChoiceHosting.com						*/
/*																	  */
/*  This file is part of AWStats Access.								*/
/*  AWStats Access is free software; you can redistribute it and/or	 */
/*  modify it under the terms of the GNU General Public License as	  */
/*  published by the Free Software Foundation; either version 2 of	  */
/*  the License, or (at your option) any later version.				 */
/*																	  */
/*  AWStats Access is distributed in the hope that it will be useful,   */
/*  but WITHOUT ANY WARRANTY; without even the implied warranty of	  */
/*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the	   */
/*  GNU General Public License for more details.						*/
/*																	  */
/*  You should have received a copy of the GNU General Public License   */
/*  along with Foobar; if not, write to								 */
/*  Free Software Foundation, Inc.									  */
/*  59 Temple Place, Suite 330										  */
/*  Boston, MA  02111-1307  USA										 */
/************************************************************************/

require("config.php");

if(!isset($_SERVER["PHP_AUTH_USER"]))
{
header("WWW-Authenticate: Basic realm=\"Site Statistics\"");
header("HTTP/1.0 401 Unauthorized");
echo "Authorization Required.";
exit;
} 
else if(isset($_SERVER["PHP_AUTH_USER"]))
{
if(($_SERVER["PHP_AUTH_USER"] != $username) || ($_SERVER["PHP_AUTH_PW"] != $password))
{
	header("WWW-Authenticate: Basic realm=\"Site Statistics\"");
	header("HTTP/1.0 401 Unauthorized");
	echo "Authorization Required.";
	exit;
}
else
{
	if(isset($Image))
	{
		$Curl = curl_init();

		curl_setopt($Curl, CURLOPT_SSL_VERIFYPEER, 0);
		curl_setopt($Curl, CURLOPT_SSL_VERIFYHOST, 0);
		curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($Curl, CURLOPT_URL, "https://$site:2083/" . $Image);
		curl_setopt($Curl, CURLOPT_USERPWD, $cpnlusername . ":" . $cpnlpassword);
		curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1);

		$Output = curl_exec($Curl);

		if(curl_errno($Curl) > 0)
		{
			curl_close($Curl);

			exit;
		}

		curl_close($Curl);
	}
	else
	{
		if(empty($framename))
		{
			$Config = "?config=$site";
		}
		else
		{
			$Config = "?" . $_SERVER["QUERY_STRING"];
		}

		$Curl = curl_init();

		curl_setopt($Curl, CURLOPT_SSL_VERIFYPEER, 0);
		curl_setopt($Curl, CURLOPT_SSL_VERIFYHOST, 0);
		curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($Curl, CURLOPT_URL, "https://$site:2083/awstats.pl" . $Config);
		curl_setopt($Curl, CURLOPT_USERPWD, $cpnlusername . ":" . $cpnlpassword);
		curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1);

		$Output = curl_exec($Curl);

		if(curl_errno($Curl) > 0)
		{
			echo curl_error($Curl);
			curl_close($Curl);

			exit;
		}

		curl_close($Curl);

		if(empty($framename) || ($framename == "index"))
		{
			$Output = str_replace("src=\"", "src=\"" . $_SERVER["PHP_SELF"] . "?", $Output);
		}
		else
		{
			$Output = str_replace("src=\"/", "src=\"" . $_SERVER["PHP_SELF"] . "?Image=", $Output);
		}

		$Output = str_replace("<form", "<form method=\"get\"", $Output);
		$Output = str_replace("action=\"", "action=\"" . $_SERVER["PHP_SELF"] . "?", $Output);
		$Output = str_replace("href=\"", "href=\"" . $_SERVER["PHP_SELF"] . "?", $Output);
		$Output = str_replace("href=\"" . $_SERVER["PHP_SELF"] . "?http://", "href=\"http://", $Output);
		$Output = str_replace("awstats.pl?", "", $Output);
	}

	echo $Output;
}
}
?>

Link to comment
Share on other sites

  • 3 weeks later...

Well, the new script seems much cleaner, and I really appreciate not having to make copies of all the images and such. Thanks for the work that went into it.

 

I must be doing something wrong, though. I use the script exactly as you quote it above, and after signing in I get a blank page.

 

Viewing Source for the resulting blank page indicates that the page as a whole is a Frameset, and each frame in the set is the exact same Frameset. So I seem to have multiple nested framesets with no actual frame data. ? ? ?

 

You can see the result at:

www.griffentheatre.com/stats/

username: griffen

password: phoenix

 

Is there some edit I should be making to the script that I don't know about?

 

Thanks in advance for any enlightenment.

Edited by btrfld
Link to comment
Share on other sites

  • 4 months later...

Sorry to bump an old thread.

 

Was able to get stats displayed when having the same issue has btrfld. Changed the "UseFramesWhen CGI Parameter" to 0.

 

Problem is the graphs are rendering but not in color.

 

Anyone else seen or have a fix?

 

Thank you.

Edited by escolar
Link to comment
Share on other sites

Welcome to the forums escolar :)

 

Sure it's not a monitor problem? Mine render in color.

 

Not that I know of. Render properly when looking at awstats thru cPanel.

 

Any other thoughts? Should mention that is only in FF, in IE and Safari the graphs don't even show at all.

 

Sorry about the cross post.

Edited by escolar
Link to comment
Share on other sites

3. I moved the images directory into the stats directory. Now, images are pulled from yoursite.com/stats/images instead of yoursite.com/images. This should make the install easier, cutting it down to 2 steps:

1. drop the stats directory into public_html

2. edit config.php

I would double check that you did this step correctly.

Link to comment
Share on other sites

I would double check that you did this step correctly.

Using the 3.0 version the images directory is a sub of stats. During the trouble shooting process have uploaded the images sub directories (awstats > browser, clock, cpu etc.) to various locations ie: stats > images > browser, clock, etc. and stats > browser, clock, etc. with no success.

 

Am beginning to wonder if it has something to do with running phpsuexec. Bigger issue now is after stats run the UseFramesWhenCGI directive is reset to 1 making the stats not appear at all in the browser.

 

Looking more like giving the user direct cPanel access to the stats is the only choice.

 

Any other thoughts Bruce?

 

Thanks

 

Edit: Strange - deleted images from the stats directory leaving only index.php. Images still render but no graph colors. Must have something to do with dynamic page generation? Really confused now.

Edited by escolar
Link to comment
Share on other sites

  • 5 months later...

Hi,

 

I was running version 2.0 with no issues but haven't touched it since last summer. Now, when I log in, I get "Couldn't resolve host '****'.

 

I then upgraded to version 3.0 thinking it might help but got the same error after successfully logged in.

 

 

Any thoughts?

 

 

Thanks.

Link to comment
Share on other sites

Hi Bruce,

 

Besides changing the "require('/home/id/cpaneluser/config.php');" in Index.php and the config.php to include the login names and passwords, is there some place else I need to modify?

 

As I have mentioned, it was working fine and I have changed nothing to the configuration but logging in again today gave me the error "Couldn't Resolve Host something dot com"

 

 

Thanks.

Link to comment
Share on other sites

Bruce,

 

Already open a helpdesk ticket. Hopefully they won't say "we don't support scripts written by someone".

 

As for the code...it is not a typo. The "id" is the login name assigned by TCH to access cpanel. If I don't put "/home/BruceTheMan/cpaneluser/path-to-config.php", there would be other Path Not Found errors.

 

I guess no one encountered the "Couldn't Resolve Host ...." error.

 

 

Weird. Will update here if helpdesk assist or if a solution is found.

Link to comment
Share on other sites

  • 5 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...