Schmoe Posted August 2, 2005 Posted August 2, 2005 Hello all! I've been working with the TCH Awstats script the last couple of hours and I've added a few security improvements and moved the image directory for an easier install. I've found this script VERY useful, so I thought it was only fair to offer my modifications back to you. CHANGES: 1. Cpanel access is now done via SSL. Not a big deal, since in most cases the server is just accessing itself to pull up the stats info, but this is a VERY important addition if you are pulling stats from another server/site. 2. Username/Password is no longer appended to the URL. An actual login to cpanel is now performed by Curl. MUCH more secure. 3. I moved the images directory into the stats directory. Now, images are pulled from yoursite.com/stats/images instead of yoursite.com/images. This should make the install easier, cutting it down to 2 steps: 1. drop the stats directory into public_html 2. edit config.php My altered stats/index.php file is below, with the changes commented. Any feedback, thoughts for improvements, etc. are appreciated : ><?php /************************************************************************/ /* AWStats Access 2.0: Provides access to AWStats outside of cPanel */ /* ============================================ */ /* Created for and by members of TotalChoiceHosting.com */ /* Copyright (C) 2004 by TotalChoiceHosting.com */ /* */ /* This file is part of AWStats Access. */ /* AWStats Access is free software; you can redistribute it and/or */ /* modify it under the terms of the GNU General Public License as */ /* published by the Free Software Foundation; either version 2 of */ /* the License, or (at your option) any later version. */ /* */ /* AWStats Access is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with Foobar; if not, write to */ /* Free Software Foundation, Inc. */ /* 59 Temple Place, Suite 330 */ /* Boston, MA 02111-1307 USA */ /************************************************************************/ require_once("config.php"); if (!isset($PHP_AUTH_USER)) { header('WWW-Authenticate: Basic realm="Site Statistics"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authorization Required.'; exit; } else if (isset($PHP_AUTH_USER)) { if (($PHP_AUTH_USER != $username) || ($PHP_AUTH_PW != $password)) { header('WWW-Authenticate: Basic realm="Site Statistics"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authorization Required.'; exit; } else { if($QUERY_STRING == ""){$query = "config=$site";}else{$query=$QUERY_STRING;}; $Previous = false; if(isset($_POST)) { foreach($_POST as $key => $value) { if($Previous) { $POSTED .= "&"; } $POSTED = "$key=$value"; $Previous = true; } } //****cURL security rewrite: Use SSL to access cpanel, Don't send user-pass in URL**** $Curl = curl_init(); curl_setopt($Curl, CURLOPT_SSL_VERIFYPEER,0); curl_setopt($Curl, CURLOPT_SSL_VERIFYHOST,0); curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($Curl, CURLOPT_URL, "https://$site:2083/awstats.pl?$query"); curl_setopt($Curl, CURLOPT_USERPWD, "$cpnlusername:$cpnlpassword"); if(isset($_POST)) { curl_setopt($Curl, CURLOPT_POST, TRUE); curl_setopt($Curl, CURLOPT_POSTFIELDS, $POSTED); } curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1); $results = curl_exec($Curl); echo curl_error($Curl); curl_close ($Curl); //****end of cURL security rewrite**** for ($i = 0; $i < count($return_message_array); $i++) { $results = $results.$return_message_array[$i]; } if($query == "config=$site"){$results = str_replace("src=\"", "src=\"?", $results);} if($framename==index){$results = str_replace("src=\"", "src=\"index.php?", $results);} $results = str_replace("action=\"", "action=\"index.php?", $results); $results = str_replace("href=\"", "href=\"?", $results); $results = str_replace("href=\"?http://", "href=\"http://", $results); $results = str_replace("awstats.pl?", "", $results); //added to move images to stats directory $results = str_replace("src=\"/images", "src=\"images", $results); //end move images echo $results; } } ?> Quote
TCH-Dick Posted August 2, 2005 Posted August 2, 2005 Nice work! I have added a link to the old thread and will get the zip repackaged and the directions updated. Quote
TCH-Bruce Posted August 2, 2005 Posted August 2, 2005 Welcome to the forums, Schmoe! Great first post! Quote
TCH-Don Posted August 2, 2005 Posted August 2, 2005 Welcome to the forums, Schmoe And thanks for sharing with the family Quote
Deverill Posted August 3, 2005 Posted August 3, 2005 Thanks for sharing Schmoe... it looks very good... and welcome to both you and Luis! Quote
abinidi Posted August 3, 2005 Posted August 3, 2005 Does this affect me without me knowing it? I mean, does this thread mean that those who want to can make these changes, or does it mean that the global functionality of AWstats at TCH has changed? Quote
Deverill Posted August 3, 2005 Posted August 3, 2005 It means that Schmoe is sharing his modifications with us. If TCH were to implement such a script there would be a period of testing and I am pretty sure there would be an announcement that it was going to happen. If I'm not mistaken, however, this is a script that lets you show your stats to others without them going into Cpanel. Most of the clients here will not even have this code and if they do they installed it themselves and it wouldn't be changed without notification... if at all. Quote
tamda Posted October 8, 2005 Posted October 8, 2005 Hi, I'm new to this and it is exactly what I am looking for. Questions: 1) We still need to include the CPANEL login information in the CONFIG.PHP, correct? I also assumed that "CURL" means to create a login via the Password Protected Directories instead of embedding the login in the CONFIG.PHP file. If I assume incorrectly, please let me know. 2) In order to forbid someone from FTPing the CONFIG.PHP, we still need to put it outside the PUBLIC_HTML directory and modify the CONFIG.PHP to look in the new directory? Thanks for sharing SCHMOE! Dave Quote
Paul_Ecuador Posted October 14, 2005 Posted October 14, 2005 Hi: Is there a way to do this for an starter/silver plan? I mean, to have access to statistics without accessing to the C-panel? Regards Paul Quote
TCH-Bruce Posted October 14, 2005 Posted October 14, 2005 This method should work on all hosting plans here. Quote
tamda Posted October 14, 2005 Posted October 14, 2005 Paul, Yes you should be able to. Just follow the same directions. -Dave Quote
TCH-Bruce Posted October 14, 2005 Posted October 14, 2005 The Statistics help page has been updated with the changes mentioned in the first post today. Quote
Paul_Ecuador Posted October 14, 2005 Posted October 14, 2005 ¡Muy bien! Sehr gut! Very Good! I've just uploaded the stats script and it works FINEEEEEEE!!! Thanks a lot for the help! Regards Paul the site is www.julioverne-travel.com Thanks Again Quote
meisaputra Posted February 21, 2006 Posted February 21, 2006 hi all i need some help to install this awstat (w/o enter cpanel). i've follow all instruction, and login successfully. but i can't see the graphics statistic of awstat after that. i've double check file config.php and everything is okay. the $site has correct value. and i've include absolute location of config.php. so, am i miss something? thanks in advance. -ms- Quote
TCH-Bruce Posted February 21, 2006 Posted February 21, 2006 Welcome to the forums ms Did you upload everything in the .zip file to the folder you created? Are you seeing the text portions of AwStats? Quote
tamda Posted February 21, 2006 Posted February 21, 2006 meisaputra, From what you wrote, it seems you can see the statistics but not the graphics associated with the stats. If that is the case, as per Bruce, you need to make sure everything from the ZIP file is uploaded, especially all the .png files under the "/images" folder. p.s. welcome to the forum. Quote
meisaputra Posted February 24, 2006 Posted February 24, 2006 Welcome to the forums ms Did you upload everything in the .zip file to the folder you created? Are you seeing the text portions of AwStats? yes I've uploaded all files, Bruce. I have local webserver in my pc, same as in the web hosting (except the location of config.php). In my pc webserver, awstats running well and showw the result completly. but in the web hosting, login is successfully. i can see the title of my browser display statistic for solid.web.id. it means, the script has passed the login and read index.php. these lines below are result of phpinfo between my pc (intranet) and my internet (if necessary). -- INTERNET -- curl CURL support enabled CURL Information libcurl/7.12.0 OpenSSL/0.9.7a zlib/1.1.4 -- INTRANET -- curl CURL support enabled CURL Information libcurl/7.10.8 OpenSSL/0.9.7d thank u for welcome me. best regard. ms. Quote
meisaputra Posted February 24, 2006 Posted February 24, 2006 meisaputra, From what you wrote, it seems you can see the statistics but not the graphics associated with the stats. If that is the case, as per Bruce, you need to make sure everything from the ZIP file is uploaded, especially all the .png files under the "/images" folder. p.s. welcome to the forum. no, not only graphics. I can not see the graphics and text too. but the title of web has change to awstat title (Statistic for solid.web.id). thank for your response, and I wait your reply. thanks you. -ms- Quote
TCH-Bruce Posted February 24, 2006 Posted February 24, 2006 Are you trying to get this working on your own pc or an account hosted here on the TCH servers? Quote
meisaputra Posted February 27, 2006 Posted February 27, 2006 Are you trying to get this working on your own pc or an account hosted here on the TCH servers? I installed awstat into my own pc AND my web hosting. those awstats access to one source log file in web hosting. FYI, it only works on my own PC... My aim is awstat working on my web hosting. Quote
TCH-Bruce Posted February 27, 2006 Posted February 27, 2006 Is your site hosted here at TCH? If so the instructions given should be working. Also AwStats is part of cPanel. The only purpose of this version is to allow others access to AwStats without giving them access to cPanel. Quote
meisaputra Posted February 28, 2006 Posted February 28, 2006 Is your site hosted here at TCH? If so the instructions given should be working. Also AwStats is part of cPanel. The only purpose of this version is to allow others access to AwStats without giving them access to cPanel. No, I'm not. I use another webhosting. But Interested to implement this script into my web. I know that there is awstat configuration in cpanel, but it is disabled. I don't know why. Quote
TCH-Bruce Posted February 28, 2006 Posted February 28, 2006 Well, if you were hosted here AwStats would be active in cPanel and I'm guessing that's why it's not working at your current host's site. Sorry. Quote
meisaputra Posted March 6, 2006 Posted March 6, 2006 Well, if you were hosted here AwStats would be active in cPanel and I'm guessing that's why it's not working at your current host's site. Sorry. I'thought it's not related to where my web hosted. In fact, when I access http://localhost/www.solid.web.id/stats/ the statistics shown. But when I go to http://www.solid.web.id/stats/ the statstic DOESN'T show. The statistic data stored on www.solid.web.id Maybe I've doing something wrong in some step? Or somebody outhere has same problem with me? regard, ms Quote
DarqFlare Posted April 10, 2006 Posted April 10, 2006 Alright kids! Here's a new improved v2.5 v3.0 script. Want to know what's new? 1) Cleaner & smarter code. 2) Form changed to explicit GET. 3) Removal of for-loop for POST. 4) Script auto-detects name, thus removing the hardcoded "awstats.php" and allows renaming. 5) Better and more robust cURL error reporting. 6) Image handling! It will now use cURL to load the images directly from CPanel, thus removing the requirement of installing the images locally. 7) Switched to explicit usage of $_SERVER. 8) Enjoy! ><? /************************************************************************/ /* AWStats Access 3.0: Provides access to AWStats outside of cPanel */ /* ============================================ */ /* Created for and by members of TotalChoiceHosting.com */ /* Copyright © 2006 by TotalChoiceHosting.com */ /* */ /* This file is part of AWStats Access. */ /* AWStats Access is free software; you can redistribute it and/or */ /* modify it under the terms of the GNU General Public License as */ /* published by the Free Software Foundation; either version 2 of */ /* the License, or (at your option) any later version. */ /* */ /* AWStats Access is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with Foobar; if not, write to */ /* Free Software Foundation, Inc. */ /* 59 Temple Place, Suite 330 */ /* Boston, MA 02111-1307 USA */ /************************************************************************/ require("config.php"); if(!isset($_SERVER["PHP_AUTH_USER"])) { header("WWW-Authenticate: Basic realm=\"Site Statistics\""); header("HTTP/1.0 401 Unauthorized"); echo "Authorization Required."; exit; } else if(isset($_SERVER["PHP_AUTH_USER"])) { if(($_SERVER["PHP_AUTH_USER"] != $username) || ($_SERVER["PHP_AUTH_PW"] != $password)) { header("WWW-Authenticate: Basic realm=\"Site Statistics\""); header("HTTP/1.0 401 Unauthorized"); echo "Authorization Required."; exit; } else { if(isset($Image)) { $Curl = curl_init(); curl_setopt($Curl, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($Curl, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($Curl, CURLOPT_URL, "https://$site:2083/" . $Image); curl_setopt($Curl, CURLOPT_USERPWD, $cpnlusername . ":" . $cpnlpassword); curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1); $Output = curl_exec($Curl); if(curl_errno($Curl) > 0) { curl_close($Curl); exit; } curl_close($Curl); } else { if(empty($framename)) { $Config = "?config=$site"; } else { $Config = "?" . $_SERVER["QUERY_STRING"]; } $Curl = curl_init(); curl_setopt($Curl, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($Curl, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($Curl, CURLOPT_URL, "https://$site:2083/awstats.pl" . $Config); curl_setopt($Curl, CURLOPT_USERPWD, $cpnlusername . ":" . $cpnlpassword); curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1); $Output = curl_exec($Curl); if(curl_errno($Curl) > 0) { echo curl_error($Curl); curl_close($Curl); exit; } curl_close($Curl); if(empty($framename) || ($framename == "index")) { $Output = str_replace("src=\"", "src=\"" . $_SERVER["PHP_SELF"] . "?", $Output); } else { $Output = str_replace("src=\"/", "src=\"" . $_SERVER["PHP_SELF"] . "?Image=", $Output); } $Output = str_replace("<form", "<form method=\"get\"", $Output); $Output = str_replace("action=\"", "action=\"" . $_SERVER["PHP_SELF"] . "?", $Output); $Output = str_replace("href=\"", "href=\"" . $_SERVER["PHP_SELF"] . "?", $Output); $Output = str_replace("href=\"" . $_SERVER["PHP_SELF"] . "?http://", "href=\"http://", $Output); $Output = str_replace("awstats.pl?", "", $Output); } echo $Output; } } ?> Quote
DarqFlare Posted April 10, 2006 Posted April 10, 2006 Whoops, just noticed an error on it. Change the following: $Config = "?config=" . $VARS["Stats_Website"]; to $Config = "?config=$site"; Quote
TCH-Bruce Posted April 10, 2006 Posted April 10, 2006 Robert I edited the post, did I do it correctly? Quote
btrfld Posted May 1, 2006 Posted May 1, 2006 (edited) Well, the new script seems much cleaner, and I really appreciate not having to make copies of all the images and such. Thanks for the work that went into it. I must be doing something wrong, though. I use the script exactly as you quote it above, and after signing in I get a blank page. Viewing Source for the resulting blank page indicates that the page as a whole is a Frameset, and each frame in the set is the exact same Frameset. So I seem to have multiple nested framesets with no actual frame data. ? ? ? You can see the result at: www.griffentheatre.com/stats/ username: griffen password: phoenix Is there some edit I should be making to the script that I don't know about? Thanks in advance for any enlightenment. Edited May 1, 2006 by btrfld Quote
escolar Posted September 6, 2006 Posted September 6, 2006 (edited) Sorry to bump an old thread. Was able to get stats displayed when having the same issue has btrfld. Changed the "UseFramesWhen CGI Parameter" to 0. Problem is the graphs are rendering but not in color. Anyone else seen or have a fix? Thank you. Edited September 6, 2006 by escolar Quote
TCH-Bruce Posted September 7, 2006 Posted September 7, 2006 Welcome to the forums escolar Sure it's not a monitor problem? Mine render in color. Quote
escolar Posted September 7, 2006 Posted September 7, 2006 (edited) Welcome to the forums escolar Sure it's not a monitor problem? Mine render in color. Not that I know of. Render properly when looking at awstats thru cPanel. Any other thoughts? Should mention that is only in FF, in IE and Safari the graphs don't even show at all. Sorry about the cross post. Edited September 7, 2006 by escolar Quote
TCH-Bruce Posted September 7, 2006 Posted September 7, 2006 3. I moved the images directory into the stats directory. Now, images are pulled from yoursite.com/stats/images instead of yoursite.com/images. This should make the install easier, cutting it down to 2 steps:1. drop the stats directory into public_html 2. edit config.php I would double check that you did this step correctly. Quote
escolar Posted September 7, 2006 Posted September 7, 2006 (edited) I would double check that you did this step correctly. Using the 3.0 version the images directory is a sub of stats. During the trouble shooting process have uploaded the images sub directories (awstats > browser, clock, cpu etc.) to various locations ie: stats > images > browser, clock, etc. and stats > browser, clock, etc. with no success. Am beginning to wonder if it has something to do with running phpsuexec. Bigger issue now is after stats run the UseFramesWhenCGI directive is reset to 1 making the stats not appear at all in the browser. Looking more like giving the user direct cPanel access to the stats is the only choice. Any other thoughts Bruce? Thanks Edit: Strange - deleted images from the stats directory leaving only index.php. Images still render but no graph colors. Must have something to do with dynamic page generation? Really confused now. Edited September 7, 2006 by escolar Quote
TCH-Bruce Posted September 7, 2006 Posted September 7, 2006 I use the AwStats config from the statistics page on two of my accounts and I am having no problems seeing graphs in color. Quote
escolar Posted September 7, 2006 Posted September 7, 2006 I use the AwStats config from the statistics page on two of my accounts and I am having no problems seeing graphs in color. Finally just had to give up on getting it to run correctly and instead used the script from here: http://www.josheli.com/vox/ Quote
TCH-Bruce Posted September 7, 2006 Posted September 7, 2006 Glad you found something that worked for you although I don't know why the one offered here won't work for you. Quote
escolar Posted September 7, 2006 Posted September 7, 2006 Glad you found something that worked for you although I don't know why the one offered here won't work for you. Don't know why either. The script you offer is more secure. Thanks Bruce for your time/input. Quote
DarqFlare Posted September 10, 2006 Posted September 10, 2006 I'm using the exact script I offered above and it gives me all of the graphics correctly... Not sure where the problem may lie. Quote
tamda Posted February 21, 2007 Posted February 21, 2007 Hi, I was running version 2.0 with no issues but haven't touched it since last summer. Now, when I log in, I get "Couldn't resolve host '****'. I then upgraded to version 3.0 thinking it might help but got the same error after successfully logged in. Any thoughts? Thanks. Quote
TCH-Bruce Posted February 21, 2007 Posted February 21, 2007 It's working for me on three sites on three different servers that I check daily. Check your configuration. Quote
tamda Posted February 21, 2007 Posted February 21, 2007 Hi Bruce, Besides changing the "require('/home/id/cpaneluser/config.php');" in Index.php and the config.php to include the login names and passwords, is there some place else I need to modify? As I have mentioned, it was working fine and I have changed nothing to the configuration but logging in again today gave me the error "Couldn't Resolve Host something dot com" Thanks. Quote
TCH-Bruce Posted February 21, 2007 Posted February 21, 2007 Nothing else needs to be modified. Just the required line. I'd open a ticket with the help desk and ask them to take a look. Quote
TCH-Bruce Posted February 21, 2007 Posted February 21, 2007 I assume the following was a typo: >"require('/home/id/cpaneluser/config.php');" as it should be: >"require('/home/cpaneluser/path-to-config.php');" Not sure what your "id" folder is. Quote
tamda Posted February 21, 2007 Posted February 21, 2007 Bruce, Already open a helpdesk ticket. Hopefully they won't say "we don't support scripts written by someone". As for the code...it is not a typo. The "id" is the login name assigned by TCH to access cpanel. If I don't put "/home/BruceTheMan/cpaneluser/path-to-config.php", there would be other Path Not Found errors. I guess no one encountered the "Couldn't Resolve Host ...." error. Weird. Will update here if helpdesk assist or if a solution is found. Quote
TCH-Dick Posted February 21, 2007 Posted February 21, 2007 The error you are seeing is a curl error usually related to DNS issues. I took a quick glance at the script and I don't see anything wrong with it. I have noted your ticket and someone from level2 will review it. Quote
yeknoM Posted August 15, 2007 Posted August 15, 2007 This script doesn't seem to work if the domain name has a - in it.. ie: your-domain.com Is there a work around for this? Quote
TCH-Bruce Posted August 15, 2007 Posted August 15, 2007 Welcome to the forums veknoM I don't see why it should matter or not if the domain name has a - in it. Please explain your problem and someone will try to help. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.