TCH-Dick Posted April 28, 2004 Posted April 28, 2004 (edited) Get latest version at http://www.totalchoicehosting.com/help/statisticspage.htm Edited September 9, 2006 by TCH-Dick Quote
dude Posted May 11, 2004 Posted May 11, 2004 Is there any way to stop the user getting the config.php source via FTP and finding their username and password to access CPanel? Quote
btrfld Posted May 11, 2004 Posted May 11, 2004 You can put it outside the public_html directory structure, in a folder called, say, 'safe'. Then you have to reference it by require_once('/home/cpaneluser/safe/config.php') That way it can't be accessed by FTP. Quote
greenbriel Posted May 21, 2004 Posted May 21, 2004 Hey Dick, Thanks for this, it's really great - is there any way to do something similar to allow access to only the mail options? Thanks again, -Gabe PS - FYI, on http://www.totalchoicehosting.com/help/statisticspage.htm, the link to the APR 2004 update (which I assume should point to this post) goes to a post that we don't have access to. Quote
TCH-Dick Posted May 22, 2004 Author Posted May 22, 2004 Thanks for this, it's really great - is there any way to do something similar to allow access to only the mail options? Yes there is. I did NOT write this and not sure who did, but it works. Just copy and paste the code below Edit these sections // Domain Logon Details // Domain details // Parameters to parse Save as "newmail.php" ><?php /* Create POP email accounts Works for me when others failed. */ //include('header.php'); // Domain Logon Details $username = "cpanellogin"; $password = "cpanelpassword"; // Domain details $domain = "domainname.com"; $theme = "x";//eg "bluelagoon"; // Parameters to parse $eDomain = "domainame.com"; $eQuota = "5"; // eg"10"; if (isset($delpop)) { print "Account deleted : ".$popuser."@".$eDomain; $postfields = "email=$popuser&domain=$eDomain"; $url = "http://$username:$password@$domain:2082/frontend/$theme/mail/realdelpop.html?$postfields"; //print "<hr>"; //print $url; // initialise Curl $popPost = curl_init(); curl_setopt($popPost, CURLOPT_URL, $url); // Set Curl Option: Username:Password curl_setopt($popPost, CURLOPT_POST, 1); // Set Curl Option: Collect result from script curl_setopt($popPost, CURLOPT_RETURNTRANSFER, 1); // Set Curl Option: Set timeout to 15 seconds curl_setopt($popPost, CURLOPT_TIMEOUT, 15); // Set Curl Option: Post data //curl_setopt($popPost, CURLOPT_POSTFIELDS, $postfields); // Execute Request, and store result in $tb_post $popPost_result = curl_exec ($popPost); // Close Curl curl_close ($popPost); $start = strpos($popPost_result, 'Account'); $end = strpos($popPost_result, 'Go'); $subset = substr($popPost_result, $start, $end+8-$start); print $substr; } if (isset($eEmail)) { $ePassword = $password2; // Put post fields variable together $postfields = "email=$eEmail&domain=$eDomain&password=$ePassword"a=$eQuota"; // initialise Curl $popPost = curl_init(); // Set Curl Option: URL $url = "http://$username:$password@$domain:2082/frontend/$theme/mail/doaddpop.html?$postfields"; curl_setopt($popPost, CURLOPT_URL, $url); // Set Curl Option: Username:Password curl_setopt($popPost, CURLOPT_POST, 1); // Set Curl Option: Collect result from script curl_setopt($popPost, CURLOPT_RETURNTRANSFER, 1); // Set Curl Option: Set timeout to 15 seconds curl_setopt($popPost, CURLOPT_TIMEOUT, 15); // Set Curl Option: Post data //curl_setopt($popPost, CURLOPT_POSTFIELDS, $postfields); // Execute Request, and store result in $tb_post $popPost_result = curl_exec ($popPost); // Close Curl curl_close ($popPost); //output results $start = strpos($popPost_result, '<b>Account'); $end = strpos($popPost_result, 'created.'); $subset = substr($popPost_result, $start, $end+8-$start); $subset = str_replace('login ', "login<br>", $subset); //for neatness //$subset=str_replace("<!",'<-',$subset); //see the comments if (preg_match ('/Sorry/i', "$subset")) { print "<br><b> Sorry that account already exists.</b><br><br><br><br><br><br><br>"; //print ($subset); } elseif(preg_match ('/You must specify/i', "$subset")) { print "<br><b> You must specify a password.</b><br><br><br><br><br><br><br>"; } else { print ($subset); print "<br><br>You may now use <b>mail.$domain</b> as your POP3 setting in your mail client or access <b>WebMail</b> by selecting <a href=http://$domain/webmail>Here</a>. <center> <br><a href=java script:history.go(-1)>Go Back</a> </center>"; } } else { ?> <form name="emailform" method="post" action="newmail.php"> <table border="0" cellspacing="1" align=center cellpadding="0"> <tr> <td>Prefered Email Address:</td> <td colspan="2"><input size=10 value="" name="eEmail" type="text"> @<?= $domain ?></td> </tr> <tr> <td>Password:</td> <td colspan="2"><input size=10 name="password1" value="" type="password"></td> </tr> <tr> <td>Retype Password:</td> <td colspan="2"><input size=10 name="password2" value="" type="password"></td> </tr> <tr> <td> </td> <td colspan="2"> </td> </tr> <tr> <td> </td> <td width="344"> <div align="center"> <input name="signupbtn" type="button" id="signupbtn" value="Signup" onClick="validateform()"> </div></td> <td width="163"> </td> </tr> </table> <script language="JavaScript1.2"> function validateform() { if (checkEmailAddress(document.emailform.eEmail)) { if(document.emailform.password1.value == document.emailform.password2.value) { document.emailform.submit(); } else { alert("The passwords you typed do not appear to match"); } } } function checkEmailAddress(field) { var good; //var goodEmail = field.value.match(/\b(^(\S+@).+((\.com)|(\.net)|(\.edu)|(\.mil)|(\.gov)|(\.org)|(\..{2,2}))$)\b/gi); var goodEmail = field.value; if(goodEmail != "") { //if (goodEmail){ good = true } else { alert('Please enter a valid e-mail address.') field.focus() field.select() good = false } return good; } </script> </form> <? } //include('footer.php'); ?> Quote
greenbriel Posted May 22, 2004 Posted May 22, 2004 Slick! Thanks Dick, I'll test it tomorrow. -G Quote
pat2 Posted August 5, 2004 Posted August 5, 2004 I was looking for a fix for AWStats Access and found this thread. The other two questions I had about users finding their password and giving them access to email only are also here. Everytime I start thinking about getting more bandwidth or diskspace somewhere else, I run into something I need to get help with and I find it here. You guys are great. Quote
jurxws Posted January 4, 2005 Posted January 4, 2005 Hi I do everything according install.txt. Everything works fine half a day. Then i get an error: Warning: Cannot modify header information - headers already sent by (output started at /home/jurxws/public_html/stats/config.php:33) in /home/jurxws/public_html/stats/index.php on line 30 Warning: Cannot modify header information - headers already sent by (output started at /home/jurxws/public_html/stats/config.php:33) in /home/jurxws/public_html/stats/index.php on line 31 Authorization Required. Thats happened twice... What i need to do? Quote
duffs Posted March 28, 2005 Posted March 28, 2005 Hi, I had the same problem. Turns out it was because there were blank lines at the end of config.php. Removing these lines fixed the problem. Quote
denglund1996 Posted March 28, 2005 Posted March 28, 2005 I followed the instructions on TotalChoiceHosting's Help Site for giving access to AWstats to your users without having to go through cPanel (or thought I did). When I open a browser and go to our stats directory (http://www.kingdom-warriors.com/stats/) I get the logon dialog as expected. After entering the username and password I edited in config.php, the dialog closes (no errors returned) and I get a blank white web page. Nothing. Nadda. Nunca. Marco-Po-No Anybody know what I did wrong? Quote
denglund1996 Posted March 28, 2005 Posted March 28, 2005 I followed the instructions on TotalChoiceHosting's Help Site for giving access to AWstats to your users without having to go through cPanel (or thought I did). When I open a browser and go to our stats directory (http://www.kingdom-warriors.com/stats/) I get the logon dialog as expected. After entering the username and password I edited in config.php, the dialog closes (no errors returned) and I get a blank white web page. Nothing. Nadda. Nunca. Marco-Po-No Anybody know what I did wrong? <{POST_SNAPBACK}> OOPS! Never mind. I had the "$site" variable wrong. Put in my whole URL instead of just "yoursite.com". Once I corrected that, all is well. Quote
mythusmage Posted April 1, 2005 Posted April 1, 2005 (edited) Small problem, the installation instructions are rather barebones. Where #1 is concerned, what exactly in the file is to be edited? Please explain. I also saw guidelines for making AWStat pages visible to people. Something about chmoding the file or files to 755 and providing a link to said pages. But danged if I can find those guidelines again. BTW, the 'PDF' ... oops, got that wrong. PDF downloaded fine. Edited April 1, 2005 by mythusmage Quote
TCH-Dick Posted April 1, 2005 Author Posted April 1, 2005 The instructions are pretty clear but just in case, you need to edit the file named config.php. 1. Download the Awstats.zip file to your PC, and unzip it. This will create two subdirectories (images and stats). 2. Go to the stats subdirectory and edit the config.php file (click here for help from other members using this script. TotalChoice staff does not provide support for 3rd party scripts.) 3. Upload the stats directory to your web site, under public_html (creating public_html/stats) 4. Within the images subdirectory on your PC you will find a single subdirectory awstats. Upload this awstats subdirectory to the similar images directory on your web site under public_html (creating public_html/images/awstats) 5. Open a browser to http://www.yoursite.com/stats to logon and view your stats! You can view the instructions here. http://www.totalchoicehosting.com/help/statisticspage.htm The PDF on hotscripts.com only makes a copy of that page it does not contain instructions. This a feature of hotscripts.com so I have no control over it. If you want to use the script without a login then replace index.php with this ><? require_once("config.php"); /* if (!isset($PHP_AUTH_USER)) { header('WWW-Authenticate: Basic realm="Site Statistics"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authorization Required.'; exit; } else if (isset($PHP_AUTH_USER)) { if (($PHP_AUTH_USER != $username) || ($PHP_AUTH_PW != $password)) { header('WWW-Authenticate: Basic realm="Site Statistics"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authorization Required.'; exit; } else { */ if($QUERY_STRING == ""){$query = "config=$site";}else{$query=$QUERY_STRING;}; $Previous = false; if(isset($_POST)) { foreach($_POST as $key => $value) { if($Previous) { $POSTED .= "&"; } $POSTED = "$key=$value"; $Previous = true; } /* } */ $Curl = curl_init("http://$cpnlusername:$cpnlpassword@$site:2082/awstats.pl?$query"); if(isset($_POST)) { curl_setopt($Curl, CURLOPT_POST, TRUE); curl_setopt($Curl, CURLOPT_POSTFIELDS, $POSTED); } curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1); $results = curl_exec($Curl); for ($i = 0; $i < count($return_message_array); $i++) { $results = $results.$return_message_array[$i]; } if($query == "config=$site"){$results = str_replace("src=\"", "src=\"?", $results);} if($framename==index){$results = str_replace("src=\"", "src=\"index.php?", $results);} $results = str_replace("action=\"", "action=\"index.php?", $results); $results = str_replace("href=\"", "href=\"?", $results); $results = str_replace("href=\"?http://", "href=\"http://", $results); $results = str_replace("awstats.pl?", "", $results); echo $results; } /* } */ ?> Quote
jurxws Posted April 5, 2005 Posted April 5, 2005 Hi, I had the same problem. Turns out it was because there were blank lines at the end of config.php. Removing these lines fixed the problem. <{POST_SNAPBACK}> Thanks, seems to be working Quote
Rickasaurus Posted May 20, 2005 Posted May 20, 2005 You can put it outside the public_html directory structure, in a folder called, say, 'safe'. Then you have to reference it byrequire_once('/home/cpaneluser/safe/config.php') That way it can't be accessed by FTP. <{POST_SNAPBACK}> I would appreciate if you can advise me where to put the "require_once('/home/cpaneluser/safe/config.php')" reference. thanks Rick Quote
TCH-Dick Posted May 20, 2005 Author Posted May 20, 2005 Just open index.php and find the line >require_once("config.php"); and replace it with >require_once('/home/cpaneluser/safe/config.php') Quote
Rickasaurus Posted May 22, 2005 Posted May 22, 2005 Just open index.php and find the line >require_once("config.php"); and replace it with >require_once('/home/cpaneluser/safe/config.php') <{POST_SNAPBACK}> Thanks Dick, I got the AWStats access working fine. But did it slightly differently re the security issue. I followed the instruction in the downloaded file, which advises to create a new config.php, which refers to the "real" config.php, which I put in a new folder outside the public_html folder - works fine. Now I am trying to do the same to allow access for a user to manage the email options, without giving full cpanel access, but have a few questions: 1) I created the newmail.php file advised in your earlier post, and changed the relevant areas. However I can't see where in the script to put the username and password of the user I want to give access to. 2) Where should the new newmail.php file be put? 3) Does this script create a logon page for the user, and what will be the URL to access the logon and mail options? thanks Rick Quote
TCH-Dick Posted May 22, 2005 Author Posted May 22, 2005 1. It does not have a login. 2. Where ever you want. 3. yourtchsite.com/webmail Here is an edited version that provides a login and uses a config file. Just create a directory and drop these files in it. config.php ><?php // Admin Logon Details $accessname = ""; $accesspass = ""; // cPanel Logon Details $username = ""; $password = ""; // Domain details $domain = "blah.com"; $theme = "x";//eg "bluelagoon"; // Parameters to parse $eDomain = "blah.com"; $eQuota = "5"; // eg"10"; ?> index.php ><?php /* Create POP email accounts */ require_once("config.php"); //include('header.php'); if (!isset($PHP_AUTH_USER)) { header('WWW-Authenticate: Basic realm="Site Statistics"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authorization Required.'; exit; } else if (isset($PHP_AUTH_USER)) { if (($PHP_AUTH_USER != $accessname) || ($PHP_AUTH_PW != $accesspass)) { header('WWW-Authenticate: Basic realm="Site Statistics"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authorization Required.'; exit; } else { if (isset($delpop)) { print "Account deleted : ".$popuser."@".$eDomain; $postfields = "email=$popuser&domain=$eDomain"; $url = "http://$username:$password@$domain:2082/frontend/$theme/mail/realdelpop.html?$postfields"; //print "<hr>"; //print $url; // initialise Curl $popPost = curl_init(); curl_setopt($popPost, CURLOPT_URL, $url); // Set Curl Option: Username:Password curl_setopt($popPost, CURLOPT_POST, 1); // Set Curl Option: Collect result from script curl_setopt($popPost, CURLOPT_RETURNTRANSFER, 1); // Set Curl Option: Set timeout to 15 seconds curl_setopt($popPost, CURLOPT_TIMEOUT, 15); // Set Curl Option: Post data //curl_setopt($popPost, CURLOPT_POSTFIELDS, $postfields); // Execute Request, and store result in $tb_post $popPost_result = curl_exec ($popPost); // Close Curl curl_close ($popPost); $start = strpos($popPost_result, 'Account'); $end = strpos($popPost_result, 'Go'); $subset = substr($popPost_result, $start, $end+8-$start); print $substr; } if (isset($eEmail)) { $ePassword = $password2; // Put post fields variable together $postfields = "email=$eEmail&domain=$eDomain&password=$ePassword"a=$eQuota"; // initialise Curl $popPost = curl_init(); // Set Curl Option: URL $url = "http://$username:$password@$domain:2082/frontend/$theme/mail/doaddpop.html?$postfields"; curl_setopt($popPost, CURLOPT_URL, $url); // Set Curl Option: Username:Password curl_setopt($popPost, CURLOPT_POST, 1); // Set Curl Option: Collect result from script curl_setopt($popPost, CURLOPT_RETURNTRANSFER, 1); // Set Curl Option: Set timeout to 15 seconds curl_setopt($popPost, CURLOPT_TIMEOUT, 15); // Set Curl Option: Post data //curl_setopt($popPost, CURLOPT_POSTFIELDS, $postfields); // Execute Request, and store result in $tb_post $popPost_result = curl_exec ($popPost); // Close Curl curl_close ($popPost); //output results $start = strpos($popPost_result, '<b>Account'); $end = strpos($popPost_result, 'created.'); $subset = substr($popPost_result, $start, $end+8-$start); $subset = str_replace('login ', "login<br>", $subset); //for neatness //$subset=str_replace("<!",'<-',$subset); //see the comments if (preg_match ('/Sorry/i', "$subset")) { print "<br><b> Sorry that account already exists.</b><br><br><br><br><br><br><br>"; //print ($subset); } elseif(preg_match ('/You must specify/i', "$subset")) { print "<br><b> You must specify a password.</b><br><br><br><br><br><br><br>"; } else { print ($subset); print "<br><br>You may now use <b>mail.$domain</b> as your POP3 setting in your mail client or access <b>WebMail</b> by selecting <a href=http://$domain/webmail>Here</a>. <center> <br><a href=javascript:history.go(-1)>Go Back</a> </center>"; } } else { ?> <form name="emailform" method="post" action="index.php"> <table border="0" cellspacing="1" align=center cellpadding="0"> <tr> <td>Prefered Email Address:</td> <td colspan="2"><input size=10 value="" name="eEmail" type="text"> @<?= $domain ?></td> </tr> <tr> <td>Password:</td> <td colspan="2"><input size=10 name="password1" value="" type="password"></td> </tr> <tr> <td>Retype Password:</td> <td colspan="2"><input size=10 name="password2" value="" type="password"></td> </tr> <tr> <td> </td> <td colspan="2"> </td> </tr> <tr> <td> </td> <td width="344"> <div align="center"> <input name="signupbtn" type="button" id="signupbtn" value="Signup" onClick="validateform()"> </div></td> <td width="163"> </td> </tr> </table> <script language="JavaScript1.2"> function validateform() { if (checkEmailAddress(document.emailform.eEmail)) { if(document.emailform.password1.value == document.emailform.password2.value) { document.emailform.submit(); } else { alert("The passwords you typed do not appear to match"); } } } function checkEmailAddress(field) { var good; //var goodEmail = field.value.match(/\b(^(\S+@).+((\.com)|(\.net)|(\.edu)|(\.mil)|(\.gov)|(\.org)|(\..{2,2}))$)\b/gi); var goodEmail = field.value; if(goodEmail != "") { //if (goodEmail){ good = true } else { alert('Please enter a valid e-mail address.') field.focus() field.select() good = false } return good; } </script> </form> <? } } } ?> Quote
Rickasaurus Posted May 22, 2005 Posted May 22, 2005 1. It does not have a login.2. Where ever you want. 3. yourtchsite.com/webmail Here is an edited version that provides a login and uses a config file. Just create a directory and drop these files in it. config.php ><?php // Admin Logon Details $accessname = ""; $accesspass = ""; // cPanel Logon Details $username = ""; $password = ""; // Domain details $domain = "blah.com"; $theme = "x";//eg "bluelagoon"; // Parameters to parse $eDomain = "blah.com"; $eQuota = "5"; // eg"10"; ?> index.php ><?php /* Create POP email accounts */ require_once("config.php"); //include('header.php'); if (!isset($PHP_AUTH_USER)) { header('WWW-Authenticate: Basic realm="Site Statistics"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authorization Required.'; exit; } else if (isset($PHP_AUTH_USER)) { if (($PHP_AUTH_USER != $accessname) || ($PHP_AUTH_PW != $accesspass)) { header('WWW-Authenticate: Basic realm="Site Statistics"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authorization Required.'; exit; } else { if (isset($delpop)) { print "Account deleted : ".$popuser."@".$eDomain; $postfields = "email=$popuser&domain=$eDomain"; $url = "http://$username:$password@$domain:2082/frontend/$theme/mail/realdelpop.html?$postfields"; //print "<hr>"; //print $url; // initialise Curl $popPost = curl_init(); curl_setopt($popPost, CURLOPT_URL, $url); // Set Curl Option: Username:Password curl_setopt($popPost, CURLOPT_POST, 1); // Set Curl Option: Collect result from script curl_setopt($popPost, CURLOPT_RETURNTRANSFER, 1); // Set Curl Option: Set timeout to 15 seconds curl_setopt($popPost, CURLOPT_TIMEOUT, 15); // Set Curl Option: Post data //curl_setopt($popPost, CURLOPT_POSTFIELDS, $postfields); // Execute Request, and store result in $tb_post $popPost_result = curl_exec ($popPost); // Close Curl curl_close ($popPost); $start = strpos($popPost_result, 'Account'); $end = strpos($popPost_result, 'Go'); $subset = substr($popPost_result, $start, $end+8-$start); print $substr; } if (isset($eEmail)) { $ePassword = $password2; // Put post fields variable together $postfields = "email=$eEmail&domain=$eDomain&password=$ePassword"a=$eQuota"; // initialise Curl $popPost = curl_init(); // Set Curl Option: URL $url = "http://$username:$password@$domain:2082/frontend/$theme/mail/doaddpop.html?$postfields"; curl_setopt($popPost, CURLOPT_URL, $url); // Set Curl Option: Username:Password curl_setopt($popPost, CURLOPT_POST, 1); // Set Curl Option: Collect result from script curl_setopt($popPost, CURLOPT_RETURNTRANSFER, 1); // Set Curl Option: Set timeout to 15 seconds curl_setopt($popPost, CURLOPT_TIMEOUT, 15); // Set Curl Option: Post data //curl_setopt($popPost, CURLOPT_POSTFIELDS, $postfields); // Execute Request, and store result in $tb_post $popPost_result = curl_exec ($popPost); // Close Curl curl_close ($popPost); //output results $start = strpos($popPost_result, '<b>Account'); $end = strpos($popPost_result, 'created.'); $subset = substr($popPost_result, $start, $end+8-$start); $subset = str_replace('login ', "login<br>", $subset); //for neatness //$subset=str_replace("<!",'<-',$subset); //see the comments if (preg_match ('/Sorry/i', "$subset")) { print "<br><b> Sorry that account already exists.</b><br><br><br><br><br><br><br>"; //print ($subset); } elseif(preg_match ('/You must specify/i', "$subset")) { print "<br><b> You must specify a password.</b><br><br><br><br><br><br><br>"; } else { print ($subset); print "<br><br>You may now use <b>mail.$domain</b> as your POP3 setting in your mail client or access <b>WebMail</b> by selecting <a href=http://$domain/webmail>Here</a>. <center> <br><a href=javascript:history.go(-1)>Go Back</a> </center>"; } } else { ?> <form name="emailform" method="post" action="index.php"> <table border="0" cellspacing="1" align=center cellpadding="0"> <tr> <td>Prefered Email Address:</td> <td colspan="2"><input size=10 value="" name="eEmail" type="text"> @<?= $domain ?></td> </tr> <tr> <td>Password:</td> <td colspan="2"><input size=10 name="password1" value="" type="password"></td> </tr> <tr> <td>Retype Password:</td> <td colspan="2"><input size=10 name="password2" value="" type="password"></td> </tr> <tr> <td> </td> <td colspan="2"> </td> </tr> <tr> <td> </td> <td width="344"> <div align="center"> <input name="signupbtn" type="button" id="signupbtn" value="Signup" onClick="validateform()"> </div></td> <td width="163"> </td> </tr> </table> <script language="JavaScript1.2"> function validateform() { if (checkEmailAddress(document.emailform.eEmail)) { if(document.emailform.password1.value == document.emailform.password2.value) { document.emailform.submit(); } else { alert("The passwords you typed do not appear to match"); } } } function checkEmailAddress(field) { var good; //var goodEmail = field.value.match(/\b(^(\S+@).+((\.com)|(\.net)|(\.edu)|(\.mil)|(\.gov)|(\.org)|(\..{2,2}))$)\b/gi); var goodEmail = field.value; if(goodEmail != "") { //if (goodEmail){ good = true } else { alert('Please enter a valid e-mail address.') field.focus() field.select() good = false } return good; } </script> </form> <? } } } ?> <{POST_SNAPBACK}> Thanks Dick, I got that working fine, to set-up new email accounts. Is it possible to do something similar, to give a user access to all aspects of the email part of cpanel, without full cpanel access? thanks Rick Quote
TCH-Dick Posted May 22, 2005 Author Posted May 22, 2005 Thanks Dick, I got that working fine, to set-up new email accounts. Is it possible to do something similar, to give a user access to all aspects of the email part of cpanel, without full cpanel access? thanks Rick It's possible but I don't of anything that someone has already created. Quote
heronbeth Posted July 15, 2005 Posted July 15, 2005 Hi, Do we need to worry about putting our password in the config.php file? Can that be hacked? thanks Quote
TCH-Bruce Posted July 15, 2005 Posted July 15, 2005 Welcome to the forums heronbeth If you move the config.php file outside your public_html folder as stated above it will be quite safe. Quote
heronbeth Posted July 18, 2005 Posted July 18, 2005 Hey, I can't believe I missed that. I did as suggested and all seems to be working. Thanks for all your help and good solution. heronbeth Quote
TCH-Dick Posted August 2, 2005 Author Posted August 2, 2005 Improvements To The Tch Awstats Script, security fixes, etc. Quote
WeBrain Posted August 14, 2005 Posted August 14, 2005 Hi everyone. 1st of all congrats and thanks for this script. My problem is that the prompt does not accept my user and/or password. After 3 trys i get "Authorization Required." If i modify the index.php so it does not require authorization everything works fine. My config file is in the "safe" dir outside public_html. I double checked my config for typos in user/pass. Any thoughts? Thank you Quote
TweezerMan Posted August 15, 2005 Posted August 15, 2005 Welcome to the forums, WeBrain! My first guess would be that you need to modify the 'require_once("config.php");' line in the script to reference the actual location where you put config.php. For example: >require_once("/home/cpanelName/config.php"); Quote
WeBrain Posted August 15, 2005 Posted August 15, 2005 Hi David I did it already in the index.php : "require_once('/home/myusername/safe/config.php');" I dont know whats going wrong... More ideas/guesses are appreciated Thanks Quote
TCH-Dick Posted August 15, 2005 Author Posted August 15, 2005 Move your config file back and change back to >require_once("config.php"); If you still have the same problem then you know its not the path. Quote
WeBrain Posted August 15, 2005 Posted August 15, 2005 hi again.. ok moved config.php to stats folder and edited my index.php to require_once("config.php"); It still refuses to accept my username/pass 3 times then gives me the "Authorization Required." page! My config file : ><?php /************************************************************************/ /* AWStats Access 2.0: Provides access to AWStats outside of cPanel */ /* ============================================ */ /* Created for and by members of TotalChoiceHosting.com */ /* Copyright (C) 2004 by TotalChoiceHosting.com */ /* */ /* This file is part of AWStats Access. */ /* AWStats Access is free software; you can redistribute it and/or */ /* modify it under the terms of the GNU General Public License as */ /* published by the Free Software Foundation; either version 2 of */ /* the License, or (at your option) any later version. */ /* */ /* AWStats Access is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with Foobar; if not, write to */ /* Free Software Foundation, Inc. */ /* 59 Temple Place, Suite 330 */ /* Boston, MA 02111-1307 USA */ /************************************************************************/ $username = "asdf"; /* used to access this utility */ $password = "asdf"; /* used to access this utility */ $site = "mysite.com"; $cpnlusername = "myCpanelUserName"; $cpnlpassword = "********"; ?> My index file ><?php /************************************************************************/ /* AWStats Access 2.0: Provides access to AWStats outside of cPanel */ /* ============================================ */ /* Created for and by members of TotalChoiceHosting.com */ /* Copyright (C) 2004 by TotalChoiceHosting.com */ /* */ /* This file is part of AWStats Access. */ /* AWStats Access is free software; you can redistribute it and/or */ /* modify it under the terms of the GNU General Public License as */ /* published by the Free Software Foundation; either version 2 of */ /* the License, or (at your option) any later version. */ /* */ /* AWStats Access is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with Foobar; if not, write to */ /* Free Software Foundation, Inc. */ /* 59 Temple Place, Suite 330 */ /* Boston, MA 02111-1307 USA */ /************************************************************************/ require_once("config.php"); if (!isset($PHP_AUTH_USER)) { header('WWW-Authenticate: Basic realm="Site Statistics"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authorization Required.'; exit; } else if (isset($PHP_AUTH_USER)) { if (($PHP_AUTH_USER != $username) || ($PHP_AUTH_PW != $password)) { header('WWW-Authenticate: Basic realm="Site Statistics"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authorization Required.'; exit; } else { if($QUERY_STRING == ""){$query = "config=$site";}else{$query=$QUERY_STRING;}; $Previous = false; if(isset($_POST)) { foreach($_POST as $key => $value) { if($Previous) { $POSTED .= "&"; } $POSTED = "$key=$value"; $Previous = true; } } $Curl = curl_init("http://$cpnlusername:$cpnlpassword@$site:2082/awstats.pl?$query"); if(isset($_POST)) { curl_setopt($Curl, CURLOPT_POST, TRUE); curl_setopt($Curl, CURLOPT_POSTFIELDS, $POSTED); } curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1); $results = curl_exec($Curl); for ($i = 0; $i < count($return_message_array); $i++) { $results = $results.$return_message_array[$i]; } if($query == "config=$site"){$results = str_replace("src=\"", "src=\"?", $results);} if($framename==index){$results = str_replace("src=\"", "src=\"index.php?", $results);} $results = str_replace("action=\"", "action=\"index.php?", $results); $results = str_replace("href=\"", "href=\"?", $results); $results = str_replace("href=\"?http://", "href=\"http://", $results); $results = str_replace("awstats.pl?", "", $results); echo $results; } } ?> It Should work as i cant see anything wrong there Quote
WeBrain Posted August 16, 2005 Posted August 16, 2005 Ok i solved the problem with a work around. I took the config to a safe folder, disabled authentication in index.php and password protected my stats folder in cPanel. Everything runs as i want now. I can go on vacations finally hehe Thanks for trying to help. Quote
4thstar Posted January 9, 2006 Posted January 9, 2006 Ok i solved the problem with a work around.I took the config to a safe folder, disabled authentication in index.php and password protected my stats folder in cPanel. Everything runs as i want now. I can go on vacations finally hehe Thanks for trying to help. hello. many thanks , i to have the same problem where the user and password is rejected. i know about password protecting but wouldnt know where to start when trying to disabled the authentication in the index.php file. can anyone please advise. Kind Regards Carl Quote
TCH-Bruce Posted January 9, 2006 Posted January 9, 2006 Have you followed the instructions on the Statistics help page. Quote
4thstar Posted January 9, 2006 Posted January 9, 2006 thanks for the welcome. as far as i can see i have done all correctly. I have however deveated slightly as i already have a folder called stats so called it awstats , i didnt see a problem , i could be wrong. i have set the options in the config file, username/passwords for login and cpanel access. and the site name. i have placed the config file in root/safe folder. when i go to log in i have the popup box asking for my username and password but i cant get past this. any suggestions ? Many thanks Carl Quote
TCH-Bruce Posted January 9, 2006 Posted January 9, 2006 Carl, welcome to the forums, sorry I didn't welcome you before. I have installed this twice using those instructions. In my index file I have entered the full path to the config file >include("/home/my-cpanel-id/my-config-folder/config.php"); In my config file I have changed the following values: >$username = "uesr-for-access"; /* used to access this utility */ $password = "password-for-access"; /* used to access this utility */ $site = "my-domain.ext"; $cpnlusername = "my-cpanel-name"; $cpnlpassword = "my-cpanel-password"; Quote
4thstar Posted January 9, 2006 Posted January 9, 2006 yep thanks thats just the format i have, i will try it on another account and see what happens many thanks Carl Quote
WeBrain Posted January 9, 2006 Posted January 9, 2006 Hya 4thStar... Just comment out the following section of the code : >/*if (!isset($PHP_AUTH_USER)) { header('WWW-Authenticate: Basic realm="Site Statistics"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authorization Required.'; exit; } else if (isset($PHP_AUTH_USER)) { if (($PHP_AUTH_USER != $username) || ($PHP_AUTH_PW != $password)) { header('WWW-Authenticate: Basic realm="Site Statistics"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authorization Required.'; exit; } else {*/ Then password protect the stats dir using cpanel. Hope this helps Quote
TCH-Don Posted January 10, 2006 Posted January 10, 2006 Welcome to the forum, Carl let us know how you are doing with this. Quote
kjarrett Posted February 18, 2006 Posted February 18, 2006 Hi everyone, Thanks for this script. I'm close to getting it working. I've disabled the login code, moved the config.php to a folder outside public_html, and edited all settings properly (as far as I can tell). The stats page loads, there is frenzied activity on the status bar (things loading, etc.) then it finishes and I get a blank page. Happens in FF and IE. I've checked for blank lines at the end of config.php and the script itself, no luck. Once I get it working I'll password protect the folder in cpanel but I haven't done that yet. What can I check? I did see something that confused me - is there only ONE config.php, in the folder outside of public_html? Or is there two, one pointing to the other? (I did make the change in the 'require once' section of the script). Thanks in advance, -kj- Quote
laburke Posted May 13, 2006 Posted May 13, 2006 I'd just like to add a small correction that TCH-Don just helped me figure out. In posts #3 and #17 above showing how to keep the config.php file safe, the line >require_once('/home/cpaneluser/safe/config.php') doesn't have the ";" after it, which was something that a newbie like me might not know to add. Hope this helps someone like me who's lost! Quote
beaviss Posted June 30, 2006 Posted June 30, 2006 Hi, Firstly, thanks for such a great script. Would it be possible to use the cpanel-skel files to have this setup for all new accounts created, and then just a matter of editing the config.php via ssh ? Would it work ? Regards Anton. Quote
TCH-Bruce Posted June 30, 2006 Posted June 30, 2006 Welcome to the forums Anton. TCH does not control what is included with cPanel and cPanel updates frequently. Quote
TCH-Don Posted June 30, 2006 Posted June 30, 2006 Welcome to the forums Anton We do not have ssh for security reasons. Since you would have to edit the file anyway, it seems just as easy to upload the modified version. Quote
beaviss Posted July 1, 2006 Posted July 1, 2006 (edited) Hi and thanks for the very friendly welcome to your forum. The awstats script was working great, now when I go to the stats url I get a 406 error "HTTP 406 Not Acceptable" Internet Explorer cannot read this webpage format The only thing I can think of that may have happened between the time it was working and now - was the cpanel update. Can you guys suggest anything I should look into ? Regards Anton. Edited July 1, 2006 by beaviss Quote
laurin1 Posted September 10, 2007 Posted September 10, 2007 I am having the issue that I see others have had where I get prompted to log in, which I do, then I get blank page (view source returns <html></html). I believe I have $site set correctly (aadallas.org). Any ideas? Quote
TCH-Bruce Posted September 10, 2007 Posted September 10, 2007 I have installed this three times. In my index file I have entered the full path to the config file >include("/home/my-cpanel-id/my-config-folder/config.php"); In my config file I have changed the following values: >$username = "user-for-access"; /* used to access this utility */ $password = "password-for-access"; /* used to access this utility */ $site = "my-domain.ext"; $cpnlusername = "my-cpanel-name"; $cpnlpassword = "my-cpanel-password"; Quote
laurin1 Posted September 10, 2007 Posted September 10, 2007 I've copied this and mine still returns a blank page. Quote
TCH-Bruce Posted September 10, 2007 Posted September 10, 2007 I just uploaded this to another domain I manage and had no issues. There are only 2 files to upload, the index.php file and the config.php file. Make sure you have your domain name correct in your config file. Quote
laurin1 Posted September 10, 2007 Posted September 10, 2007 (edited) I'm using aadallas.org. When I try anything else, I get error messages. With aadallas.org, I get no error, but just a blank screen. Edited October 31, 2008 by TCH-Bruce Quote
TCH-Bruce Posted September 10, 2007 Posted September 10, 2007 I am at a loss. Please open a ticket with the help desk and ask them to have a look. Quote
laurin1 Posted September 10, 2007 Posted September 10, 2007 It was my understand that TCH would not support this (so it says on the FAQ regarding Statistics.) I'll try anyway. Quote
TCH-Thomas Posted September 10, 2007 Posted September 10, 2007 Generally they wouldn´t, but you can ask. What I think Bruce means is that if it works for him it should work for you, so maybe there is server thing that needs to be looked at. Quote
laurin1 Posted September 10, 2007 Posted September 10, 2007 Ok, they did help getting working, however, none of the images or hyperlinks or drop down menus work. Every one of them has this in front of the url: /stats/index.php? so an img src looks like this: src="/stats/index.php?/images/awstats/other/vu.png" Any ideas on how to fix that? Quote
TCH-Bruce Posted September 10, 2007 Posted September 10, 2007 Sounds like you better reopen your ticket with the help desk. Nothing you can do to fix it. Quote
winston1975 Posted April 1, 2008 Posted April 1, 2008 (edited) Hi Guys, Thanks so much for sharing this script. My clients love it. I am having a little trouble and wonder if you can point me in the right direction. I download awstats.zip and extracted, but I didnt get an images directory included. I have moved the actual config file to /home/user/safe/config.php and made reference to it as outlined in the install instructions by creating /home/user/public_html/stats/config.php with contents <?php include("/home/user/safe/config.php"); ?> Everything seems to work fine, authentication works, and I can see that it is loading something as the progress bar moves progressively across and then says at the top of the page: statistics for domain.com (2008-04) But I get a blank page Am I supposed to put images somewhere ? If yes, where do I get them from and where do I put them ? Further, are there any special requirements for this script I may need to compile in ? The old script worked fine that had images under the stats directory. I have tried this on IE and Safari and I get the same result. Any suggestions / help greatly appreciated. Kind regards Winston. Edited April 1, 2008 by winston1975 Quote
TCH-Bruce Posted April 1, 2008 Posted April 1, 2008 Welcome to the forums Winston No there are no images needed to be loaded. If it's not working I'm sure if you opened a ticket with the help desk they would check it for you. I use this on three different sites and it works as advertised. Quote
winston1975 Posted April 1, 2008 Posted April 1, 2008 Hi, I am not a TCH client. I run my own server and stumbled upon your script when a client requested it. Is there anything you can suggest that could help me ie, common causes for this....an apache module missing etc ? Should I need to perhaps do a sym link to the awstats pics ? Kind regards Winston. Quote
TCH-Bruce Posted April 1, 2008 Posted April 1, 2008 Ah, sorry, thought you had an account here. I have no idea of the server configuration, I am a moderator and don't have access to that information sorry. Quote
wkg Posted October 30, 2008 Posted October 30, 2008 Has something changed? I was trying to set up the AWStats access to a new client and it would not accept the username/password. I check that I had things set correctly and everything was ok. I then thought to check client site where I'd previously set this up and it had been working... and it is not working. This is the first time I've checked this since moving to the new server... and maybe the first time since the migration to PHP5, I can't remember that for a fact. Quote
TCH-Bruce Posted October 30, 2008 Posted October 30, 2008 I run this on several sites hosted here and it works. If you are having issues please open a ticket with the help desk and have one of the techs take a look. Quote
btrfld Posted October 30, 2008 Posted October 30, 2008 I had that same problem for a while. Then it dawned on me that I have register_globals turned off on all my sites, and the AWStats script was written as if register_globals is on. The login was trying to access things like $PHP_AUTH_USER instead of $_SERVER['PHP_AUTH_USER']. A very little editing of the script and all was well. Could this be your problem? Quote
wkg Posted October 30, 2008 Posted October 30, 2008 Thanks for chipping in btrfld. There were maybe two things going on. One seemed to clear up while tech support was looking at it (or I was doing something wrong, so maybe that was a non-issue.) The problem on the new site I was setting up seemed to be due to my using the dollar sign in the password. It works fine to use '$' for password protected directories, but not for this script. I'm guessing this remote stats access script, which is written in PHP, chokes on the dollar sign. Yeah, I know $ denotes a variable in PHP, but I would have thought the authentication process was being handled by the same mechanism as protected directories, but apparently not. I changed the $ to S and it worked fine. Quote
TCH-Dick Posted October 31, 2008 Author Posted October 31, 2008 The problem on the new site I was setting up seemed to be due to my using the dollar sign in the password. It works fine to use '$' for password protected directories, but not for this script. Just change the "double" quotes to 'single' quotes around the value for $password and it will work fine with the dollar sign in the password. Quote
wkg Posted October 31, 2008 Posted October 31, 2008 Brilliant! Now, why didn't I think of that? Quote
jmfrey Posted November 26, 2008 Posted November 26, 2008 I had that same problem for a while. Then it dawned on me that I have register_globals turned off on all my sites, and the AWStats script was written as if register_globals is on. The login was trying to access things like $PHP_AUTH_USER instead of $_SERVER['PHP_AUTH_USER']. A very little editing of the script and all was well. Could this be your problem? This was my issue. I turned "register_globals" back on temporarily and the script worked - no more blank screen. However, looking in the PHP script (I'm no adept PHPer mind you), I don't see your references to $PHP_AUTH_USER. but rather $_SERVER['PHP_AUTH_USER']. Could you provide a little more guidance so I can turn register_globals back off? Thanks. Quote
chemdata Posted January 30, 2009 Posted January 30, 2009 I've been using the awstat script successfully for a while now but I am now experiencing a problem with it not recognizing the username and/or password. I tried all the suggestions in this thread without success. Has anyone come across another correction. Thanks. Quote
wkg Posted January 30, 2009 Posted January 30, 2009 I've been using the awstat script successfully for a while now but I am now experiencing a problem with it not recognizing the username and/or password. I tried all the suggestions in this thread without success. Has anyone come across another correction. Thanks. I just tried a couple of my domains and it is still working fine. You might want to submit a help ticket to see if something changed in the configuration of your server. Quote
TCH-Thomas Posted January 31, 2009 Posted January 31, 2009 Welcome to the forum, chemdata. wkg is correct, please submit a ticket and ask the techs if something´s changed on your server. Quote
TCH-Bruce Posted January 31, 2009 Posted January 31, 2009 Welcome to the forum, chemdata, Check the config file and be sure you are using the correct user/password combination too. Quote
chemdata Posted February 1, 2009 Posted February 1, 2009 Welcome to all of you. I should have added at the start that I am presently not using TotalChoice as my webhost. I came here because originally when I went to them asking for guidance they could not provide it. I then found your script and had been using it successfully up to now. I know that they recently went to using suPHP but I don't know if this is what is causing my problem. I have checked my config.php file and the information in there is correct. Again thanks for the help. Quote
TCH-Dick Posted February 1, 2009 Author Posted February 1, 2009 If the user/pass is the only issue, then try this recommendation on the second page of this thread. Quote
chemdata Posted February 2, 2009 Posted February 2, 2009 TCH-Dick thanks but that didn't do it for me either. Quote
chemdata Posted February 3, 2009 Posted February 3, 2009 Bruce don't tempt me. Seriously I do appreciate everyones help. If I finally get it going (doubtful) I will let you guys know what did it. Once again my thanks to everyone. Quote
chemdata Posted February 8, 2009 Posted February 8, 2009 I found a different script on the internet at http://www.josheli.com/vox/view_source.php?awstats.php. I was able to use this script but only after modifying my php.ini file to include allow_url_fopen = On and placing it, the awstats.php file and all the awstat images in a directory called awstats_images within a subdirectory which I called stats. I can now get the awstats page visible without going through my cpanel. Once again thanks for all the help. Quote
dpkyte Posted September 9, 2009 Posted September 9, 2009 Is the link http://www.totalchoicehosting.com/help/statisticspage.htm still valid? I try clicking on the Zip and I get the Maintenance page. Happened yesterday as well. Quote
TCH-Bruce Posted September 9, 2009 Posted September 9, 2009 It is still valid info. I will check on the archive file. Quote
TCH-Dick Posted September 9, 2009 Author Posted September 9, 2009 Is the link http://www.totalchoicehosting.com/help/statisticspage.htm still valid? I try clicking on the Zip and I get the Maintenance page. Happened yesterday as well. Sorry about that, I was doing a little cleanup in there and it should be working now. Quote
chaicka Posted August 3, 2010 Posted August 3, 2010 Hi, I did everything exactly as mentioned in this thread. 1. Move config.php outside public_html, 2. Edit index.php to use [require_once('/home/<cpaneluser>/<folder>/config.php')], 3. Remark out the authentication part of the script in index.php (including the } at the bottom). But, all I get is a blank page. http://mfm.opensourcehub.com/stats/ Any idea what's wrong? Quote
chaicka Posted August 3, 2010 Posted August 3, 2010 (edited) When I view the page source of the blank statistics page, here is the code: > <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"> <html lang="en"> <head> <meta name="generator" content="AWStats 6.9 (build 1.925) from config file awstats.mfm.opensourcehub.com.conf (http://awstats.sourceforge.net)"> <meta name="robots" content="noindex,nofollow"> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"> <meta http-equiv="description" content="Awstats - Advanced Web Statistics for mfm.opensourcehub.com (2010-08) - main"> <title>Statistics for mfm.opensourcehub.com (2010-08) - main</title> </head> <frameset cols="240,*"> <frame name="mainleft" src="/stats/index.php?config=mfm.opensourcehub.com&framename=mainleft" noresize="noresize" frameborder="0" /> <frame name="mainright" src="/stats/index.php?config=mfm.opensourcehub.com&framename=mainright" noresize="noresize" scrolling="yes" frameborder="0" /> <noframes><body>Your browser does not support frames.<br /> You must set AWStats UseFramesWhenCGI parameter to 0 to see your reports.<br /> </body></noframes> </frameset> </html> This is weird cause if open via CPanel, the frames work fine with the same browsers (FireFox 3.6.7 and IE 8), but when using this stats script, it doesn't load (blank page). I tried changing the UseFramesWhenCGI to 0 and it loads but looks awful. Changing back to 1, it fails to load again. Edited August 3, 2010 by chaicka Quote
TCH-Bruce Posted August 3, 2010 Posted August 3, 2010 Welcome to the forums chaicka When I try your link I get a "403 forbidden error". Your site is not hosted here at TCH so I don't know if that makes a difference as to why it's not working. Quote
chaicka Posted August 3, 2010 Posted August 3, 2010 Welcome to the forums chaicka When I try your link I get a "403 forbidden error". Your site is not hosted here at TCH so I don't know if that makes a difference as to why it's not working. Sorry. Was making some changes in an attempt to make it work. You can try again now. There is no authentication as I disabled that part from the script. Quote
TCH-Bruce Posted August 3, 2010 Posted August 3, 2010 This is the error I am getting along with the 403 error. Forbidden You don't have permission to access /stats/ on this server. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.