Jump to content
TCH-Dick

Revised: Give Access To Awstats

Recommended Posts

Is there any way to stop the user getting the config.php source via FTP and finding their username and password to access CPanel?

Share this post


Link to post
Share on other sites

You can put it outside the public_html directory structure, in a folder called, say, 'safe'. Then you have to reference it by

require_once('/home/cpaneluser/safe/config.php')

That way it can't be accessed by FTP.

Share this post


Link to post
Share on other sites

Hey Dick,

 

Thanks for this, it's really great - is there any way to do something similar to allow access to only the mail options?

 

Thanks again,

 

-Gabe

 

PS - FYI, on http://www.totalchoicehosting.com/help/statisticspage.htm, the link to the APR 2004 update (which I assume should point to this post) goes to a post that we don't have access to.

Share this post


Link to post
Share on other sites
Thanks for this, it's really great - is there any way to do something similar to allow access to only the mail options?

Yes there is.

I did NOT write this and not sure who did, but it works.

 

Just copy and paste the code below

 

Edit these sections

// Domain Logon Details

// Domain details

// Parameters to parse

 

Save as "newmail.php"

 

><?php
   /*
   Create POP email accounts
   Works for me when others failed.
   */
   //include('header.php');
    
   // Domain Logon Details
   $username = "cpanellogin";
   $password = "cpanelpassword";
    
   // Domain details
   $domain = "domainname.com";
   $theme = "x";//eg "bluelagoon";
    
   // Parameters to parse
   $eDomain = "domainame.com";
   $eQuota = "5"; // eg"10";
    
   if (isset($delpop)) {
       print "Account deleted : ".$popuser."@".$eDomain;
        
       $postfields = "email=$popuser&domain=$eDomain";
       $url = "http://$username:$password@$domain:2082/frontend/$theme/mail/realdelpop.html?$postfields";
       //print "<hr>";
       //print $url;
       // initialise Curl
       $popPost = curl_init();
       curl_setopt($popPost, CURLOPT_URL, $url);
       // Set Curl Option: Username:Password
       curl_setopt($popPost, CURLOPT_POST, 1);
       // Set Curl Option: Collect result from script
       curl_setopt($popPost, CURLOPT_RETURNTRANSFER, 1);
       // Set Curl Option: Set timeout to 15 seconds
       curl_setopt($popPost, CURLOPT_TIMEOUT, 15);
       // Set Curl Option: Post data
       //curl_setopt($popPost, CURLOPT_POSTFIELDS, $postfields);
       // Execute Request, and store result in $tb_post
       $popPost_result = curl_exec ($popPost);
       // Close Curl
       curl_close ($popPost);
       $start = strpos($popPost_result, 'Account');
       $end = strpos($popPost_result, 'Go');
       $subset = substr($popPost_result, $start, $end+8-$start);
       print $substr;
   }
    
   if (isset($eEmail)) {
       $ePassword = $password2;
       // Put post fields variable together
       $postfields = "email=$eEmail&domain=$eDomain&password=$ePassword&quota=$eQuota";
       // initialise Curl
       $popPost = curl_init();
       // Set Curl Option: URL
       $url = "http://$username:$password@$domain:2082/frontend/$theme/mail/doaddpop.html?$postfields";
       curl_setopt($popPost, CURLOPT_URL, $url);
       // Set Curl Option: Username:Password
       curl_setopt($popPost, CURLOPT_POST, 1);
       // Set Curl Option: Collect result from script
       curl_setopt($popPost, CURLOPT_RETURNTRANSFER, 1);
       // Set Curl Option: Set timeout to 15 seconds
       curl_setopt($popPost, CURLOPT_TIMEOUT, 15);
       // Set Curl Option: Post data
       //curl_setopt($popPost, CURLOPT_POSTFIELDS, $postfields);
       // Execute Request, and store result in $tb_post
       $popPost_result = curl_exec ($popPost);
       // Close Curl
       curl_close ($popPost);
        
       //output results
       $start = strpos($popPost_result, '<b>Account');
       $end = strpos($popPost_result, 'created.');
       $subset = substr($popPost_result, $start, $end+8-$start);
       $subset = str_replace('login ', "login<br>", $subset); //for neatness
       //$subset=str_replace("<!",'<-',$subset); //see the comments
       if (preg_match ('/Sorry/i', "$subset")) {
           print "<br><b>   Sorry that account already exists.</b><br><br><br><br><br><br><br>";
           //print ($subset);
       } elseif(preg_match ('/You must specify/i', "$subset")) {
           print "<br><b>   You must specify a password.</b><br><br><br><br><br><br><br>";
       } else {
           print ($subset);
           print "<br><br>You may now use <b>mail.$domain</b> as your POP3 setting in your mail client or access <b>WebMail</b> by selecting <a href=http://$domain/webmail>Here</a>.
               <center>
               <br><a href=java script:history.go(-1)>Go Back</a>
               </center>";
       }
   } else {
   ?>

   <form name="emailform" method="post" action="newmail.php">
     <table border="0" cellspacing="1" align=center cellpadding="0">
       <tr> 
         <td>Prefered Email Address:</td>
         <td colspan="2"><input size=10 value="" name="eEmail" type="text">
       @<?= $domain ?></td>
       </tr>
       <tr> 
         <td>Password:</td>
         <td colspan="2"><input size=10 name="password1" value="" type="password"></td>
       </tr>
       <tr> 
         <td>Retype Password:</td>
         <td colspan="2"><input size=10 name="password2" value="" type="password"></td>
       </tr>
       <tr> 
         <td> </td>
         <td colspan="2"> </td>
       </tr>
       <tr> 
         <td> </td>
         <td width="344"> <div align="center"> 
             <input name="signupbtn" type="button" id="signupbtn" value="Signup" onClick="validateform()">
           </div></td>
         <td width="163"> </td>
       </tr>
     </table>
     <script language="JavaScript1.2">
   
   
   function validateform() {
       if (checkEmailAddress(document.emailform.eEmail)) {
           if(document.emailform.password1.value == document.emailform.password2.value) {
               document.emailform.submit();
           }
           else 
           {
               alert("The passwords you typed do not appear to match");
           }
       }
   }
   
   function checkEmailAddress(field) {
   var good;
   //var goodEmail = field.value.match(/\b(^(\S+@).+((\.com)|(\.net)|(\.edu)|(\.mil)|(\.gov)|(\.org)|(\..{2,2}))$)\b/gi);
   var goodEmail = field.value;
   
   if(goodEmail != "") {
   //if (goodEmail){
      good = true
   } else {
      alert('Please enter a valid e-mail address.')
      field.focus()
      field.select()
      good = false
      }
      return good;
   }
   
   
   </script>
   </form>
   <? }
//include('footer.php');
?>

Share this post


Link to post
Share on other sites

I was looking for a fix for AWStats Access and found this thread. The other two questions I had about users finding their password and giving them access to email only are also here.

 

Everytime I start thinking about getting more bandwidth or diskspace somewhere else, I run into something I need to get help with and I find it here.

 

You guys are great.

Share this post


Link to post
Share on other sites

Hi

I do everything according install.txt. Everything works fine half a day. Then i get an error:

 

Warning: Cannot modify header information - headers already sent by (output started at /home/jurxws/public_html/stats/config.php:33) in /home/jurxws/public_html/stats/index.php on line 30

 

Warning: Cannot modify header information - headers already sent by (output started at /home/jurxws/public_html/stats/config.php:33) in /home/jurxws/public_html/stats/index.php on line 31

Authorization Required.

 

Thats happened twice...

What i need to do?

Share this post


Link to post
Share on other sites

Hi,

 

I had the same problem. Turns out it was because there were blank lines at the end of config.php. Removing these lines fixed the problem.

Share this post


Link to post
Share on other sites

I followed the instructions on TotalChoiceHosting's Help Site for giving access to AWstats to your users without having to go through cPanel (or thought I did).

 

When I open a browser and go to our stats directory (http://www.kingdom-warriors.com/stats/) I get the logon dialog as expected. After entering the username and password I edited in config.php, the dialog closes (no errors returned) and I get a blank white web page. Nothing. Nadda. Nunca. Marco-Po-No :)

 

Anybody know what I did wrong?

Share this post


Link to post
Share on other sites
I followed the instructions on TotalChoiceHosting's Help Site for giving access to AWstats to your users without having to go through cPanel (or thought I did).

 

When I open a browser and go to our stats directory (http://www.kingdom-warriors.com/stats/) I get the logon dialog as expected. After entering the username and password I edited in config.php, the dialog closes (no errors returned) and I get a blank white web page. Nothing. Nadda. Nunca. Marco-Po-No  :)

 

Anybody know what I did wrong?

 

OOPS! :dance:

 

Never mind. I had the "$site" variable wrong. Put in my whole URL instead of just "yoursite.com". Once I corrected that, all is well.

Share this post


Link to post
Share on other sites

Small problem, the installation instructions are rather barebones. Where #1 is concerned, what exactly in the file is to be edited? Please explain.

 

I also saw guidelines for making AWStat pages visible to people. Something about chmoding the file or files to 755 and providing a link to said pages. But danged if I can find those guidelines again.

 

BTW, the 'PDF' ... oops, got that wrong. PDF downloaded fine.

Edited by mythusmage

Share this post


Link to post
Share on other sites

The instructions are pretty clear but just in case, you need to edit the file named config.php.

 

1. Download the Awstats.zip file to your PC, and unzip it. This will create two subdirectories (images and stats).

 

2. Go to the stats subdirectory and edit the config.php file (click here for help from other members using this script. TotalChoice staff does not provide support for 3rd party scripts.)

 

3. Upload the stats directory to your web site, under public_html (creating public_html/stats)

 

4. Within the images subdirectory on your PC you will find a single subdirectory awstats. Upload this awstats subdirectory to the similar images directory on your web site under public_html (creating public_html/images/awstats)

 

5. Open a browser to http://www.yoursite.com/stats to logon and view your stats!

 

You can view the instructions here.

http://www.totalchoicehosting.com/help/statisticspage.htm

 

The PDF on hotscripts.com only makes a copy of that page it does not contain instructions. This a feature of hotscripts.com so I have no control over it.

 

If you want to use the script without a login then replace index.php with this

><?
require_once("config.php");

/* if (!isset($PHP_AUTH_USER)) {

header('WWW-Authenticate: Basic realm="Site Statistics"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;

} 
else if (isset($PHP_AUTH_USER)) {
if (($PHP_AUTH_USER != $username) || ($PHP_AUTH_PW != $password)) {

header('WWW-Authenticate: Basic realm="Site Statistics"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
}
else { */
if($QUERY_STRING == ""){$query = "config=$site";}else{$query=$QUERY_STRING;};

$Previous = false;
if(isset($_POST))
{
foreach($_POST as $key => $value)
{
if($Previous)
{
 $POSTED .= "&";
}

$POSTED = "$key=$value";

$Previous = true;
}
/* } */

$Curl = curl_init("http://$cpnlusername:$cpnlpassword@$site:2082/awstats.pl?$query");
if(isset($_POST))
{
curl_setopt($Curl, CURLOPT_POST, TRUE);
curl_setopt($Curl, CURLOPT_POSTFIELDS, $POSTED);
}
curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1);
$results = curl_exec($Curl);

for ($i = 0; $i < count($return_message_array); $i++) {
 $results = $results.$return_message_array[$i];
}

if($query == "config=$site"){$results = str_replace("src=\"", "src=\"?", $results);}

if($framename==index){$results = str_replace("src=\"", "src=\"index.php?", $results);}

$results = str_replace("action=\"", "action=\"index.php?", $results);
$results = str_replace("href=\"", "href=\"?", $results);
$results = str_replace("href=\"?http://", "href=\"http://", $results);
$results = str_replace("awstats.pl?", "", $results);

echo $results;
}
/* } */
?>

Share this post


Link to post
Share on other sites
Hi,

 

I had the same problem. Turns out it was because there were blank lines at the end of config.php. Removing these lines fixed the problem.

 

Thanks, seems to be working

Share this post


Link to post
Share on other sites
You can put it outside the public_html directory structure, in a folder called, say, 'safe'. Then you have to reference it by
require_once('/home/cpaneluser/safe/config.php')

That way it can't be accessed by FTP.

 

I would appreciate if you can advise me where to put the "require_once('/home/cpaneluser/safe/config.php')" reference.

 

thanks

Rick

Share this post


Link to post
Share on other sites

Just open index.php and find the line

 

>require_once("config.php");

 

and replace it with

 

>require_once('/home/cpaneluser/safe/config.php')

Share this post


Link to post
Share on other sites
Just open index.php and find the line

 

>require_once("config.php");

 

and replace it with

 

>require_once('/home/cpaneluser/safe/config.php')

 

Thanks Dick, I got the AWStats access working fine. But did it slightly differently re the security issue. I followed the instruction in the downloaded file, which advises to create a new config.php, which refers to the "real" config.php, which I put in a new folder outside the public_html folder - works fine.

 

Now I am trying to do the same to allow access for a user to manage the email options, without giving full cpanel access, but have a few questions:

 

1) I created the newmail.php file advised in your earlier post, and changed the relevant areas. However I can't see where in the script to put the username and password of the user I want to give access to.

 

2) Where should the new newmail.php file be put?

 

3) Does this script create a logon page for the user, and what will be the URL to access the logon and mail options?

 

thanks

Rick

Share this post


Link to post
Share on other sites

1. It does not have a login.

2. Where ever you want.

3. yourtchsite.com/webmail

 

Here is an edited version that provides a login and uses a config file. Just create a directory and drop these files in it.

 

config.php

><?php

// Admin Logon Details
$accessname = "";
$accesspass = "";

// cPanel  Logon Details
$username = "";
$password = "";
   
// Domain details
$domain = "blah.com";
$theme = "x";//eg "bluelagoon";

// Parameters to parse
$eDomain = "blah.com";
$eQuota = "5"; // eg"10";

?>

 

index.php

><?php
/*
  Create POP email accounts
  */
require_once("config.php");
  //include('header.php');
  
if (!isset($PHP_AUTH_USER)) {

header('WWW-Authenticate: Basic realm="Site Statistics"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;

} 
else if (isset($PHP_AUTH_USER)) {
if (($PHP_AUTH_USER != $accessname) || ($PHP_AUTH_PW != $accesspass)) {

header('WWW-Authenticate: Basic realm="Site Statistics"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
}
else {    
  if (isset($delpop)) {
      print "Account deleted : ".$popuser."@".$eDomain;
       
      $postfields = "email=$popuser&domain=$eDomain";
      $url = "http://$username:$password@$domain:2082/frontend/$theme/mail/realdelpop.html?$postfields";
      //print "<hr>";
      //print $url;
      // initialise Curl
      $popPost = curl_init();
      curl_setopt($popPost, CURLOPT_URL, $url);
      // Set Curl Option: Username:Password
      curl_setopt($popPost, CURLOPT_POST, 1);
      // Set Curl Option: Collect result from script
      curl_setopt($popPost, CURLOPT_RETURNTRANSFER, 1);
      // Set Curl Option: Set timeout to 15 seconds
      curl_setopt($popPost, CURLOPT_TIMEOUT, 15);
      // Set Curl Option: Post data
      //curl_setopt($popPost, CURLOPT_POSTFIELDS, $postfields);
      // Execute Request, and store result in $tb_post
      $popPost_result = curl_exec ($popPost);
      // Close Curl
      curl_close ($popPost);
      $start = strpos($popPost_result, 'Account');
      $end = strpos($popPost_result, 'Go');
      $subset = substr($popPost_result, $start, $end+8-$start);
      print $substr;
  }
   
  if (isset($eEmail)) {
      $ePassword = $password2;
      // Put post fields variable together
      $postfields = "email=$eEmail&domain=$eDomain&password=$ePassword&quota=$eQuota";
      // initialise Curl
      $popPost = curl_init();
      // Set Curl Option: URL
      $url = "http://$username:$password@$domain:2082/frontend/$theme/mail/doaddpop.html?$postfields";
      curl_setopt($popPost, CURLOPT_URL, $url);
      // Set Curl Option: Username:Password
      curl_setopt($popPost, CURLOPT_POST, 1);
      // Set Curl Option: Collect result from script
      curl_setopt($popPost, CURLOPT_RETURNTRANSFER, 1);
      // Set Curl Option: Set timeout to 15 seconds
      curl_setopt($popPost, CURLOPT_TIMEOUT, 15);
      // Set Curl Option: Post data
      //curl_setopt($popPost, CURLOPT_POSTFIELDS, $postfields);
      // Execute Request, and store result in $tb_post
      $popPost_result = curl_exec ($popPost);
      // Close Curl
      curl_close ($popPost);
       
      //output results
      $start = strpos($popPost_result, '<b>Account');
      $end = strpos($popPost_result, 'created.');
      $subset = substr($popPost_result, $start, $end+8-$start);
      $subset = str_replace('login ', "login<br>", $subset); //for neatness
      //$subset=str_replace("<!",'<-',$subset); //see the comments
      if (preg_match ('/Sorry/i', "$subset")) {
          print "<br><b>   Sorry that account already exists.</b><br><br><br><br><br><br><br>";
          //print ($subset);
      } elseif(preg_match ('/You must specify/i', "$subset")) {
          print "<br><b>   You must specify a password.</b><br><br><br><br><br><br><br>";
      } else {
          print ($subset);
          print "<br><br>You may now use <b>mail.$domain</b> as your POP3 setting in your mail client or access <b>WebMail</b> by selecting <a href=http://$domain/webmail>Here</a>.
              <center>
              <br><a href=javascript:history.go(-1)>Go Back</a>
              </center>";
      }
  } else {
  ?>

  <form name="emailform" method="post" action="index.php">
    <table border="0" cellspacing="1" align=center cellpadding="0">
      <tr> 
        <td>Prefered Email Address:</td>
        <td colspan="2"><input size=10 value="" name="eEmail" type="text">
      @<?= $domain ?></td>
      </tr>
      <tr> 
        <td>Password:</td>
        <td colspan="2"><input size=10 name="password1" value="" type="password"></td>
      </tr>
      <tr> 
        <td>Retype Password:</td>
        <td colspan="2"><input size=10 name="password2" value="" type="password"></td>
      </tr>
      <tr> 
        <td> </td>
        <td colspan="2"> </td>
      </tr>
      <tr> 
        <td> </td>
        <td width="344"> <div align="center"> 
            <input name="signupbtn" type="button" id="signupbtn" value="Signup" onClick="validateform()">
          </div></td>
        <td width="163"> </td>
      </tr>
    </table>
    <script language="JavaScript1.2">
  
  
  function validateform() {
      if (checkEmailAddress(document.emailform.eEmail)) {
          if(document.emailform.password1.value == document.emailform.password2.value) {
              document.emailform.submit();
          }
          else 
          {
              alert("The passwords you typed do not appear to match");
          }
      }
  }
  
  function checkEmailAddress(field) {
  var good;
  //var goodEmail = field.value.match(/\b(^(\S+@).+((\.com)|(\.net)|(\.edu)|(\.mil)|(\.gov)|(\.org)|(\..{2,2}))$)\b/gi);
  var goodEmail = field.value;
  
  if(goodEmail != "") {
  //if (goodEmail){
     good = true
  } else {
     alert('Please enter a valid e-mail address.')
     field.focus()
     field.select()
     good = false
     }
     return good;
  }
  
  
  </script>
  </form>
<? }
}
}
?>

Share this post


Link to post
Share on other sites
1. It does not have a login.

2. Where ever you want.

3. yourtchsite.com/webmail

 

Here is an edited version that provides a login and uses a config file. Just create a directory and drop these files in it.

 

config.php

><?php

// Admin Logon Details
$accessname = "";
$accesspass = "";

// cPanel  Logon Details
$username = "";
$password = "";
   
// Domain details
$domain = "blah.com";
$theme = "x";//eg "bluelagoon";

// Parameters to parse
$eDomain = "blah.com";
$eQuota = "5"; // eg"10";

?>

 

index.php

><?php
/*
  Create POP email accounts
  */
require_once("config.php");
  //include('header.php');
  
if (!isset($PHP_AUTH_USER)) {

header('WWW-Authenticate: Basic realm="Site Statistics"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;

} 
else if (isset($PHP_AUTH_USER)) {
if (($PHP_AUTH_USER != $accessname) || ($PHP_AUTH_PW != $accesspass)) {

header('WWW-Authenticate: Basic realm="Site Statistics"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
}
else {    
  if (isset($delpop)) {
      print "Account deleted : ".$popuser."@".$eDomain;
       
      $postfields = "email=$popuser&domain=$eDomain";
      $url = "http://$username:$password@$domain:2082/frontend/$theme/mail/realdelpop.html?$postfields";
      //print "<hr>";
      //print $url;
      // initialise Curl
      $popPost = curl_init();
      curl_setopt($popPost, CURLOPT_URL, $url);
      // Set Curl Option: Username:Password
      curl_setopt($popPost, CURLOPT_POST, 1);
      // Set Curl Option: Collect result from script
      curl_setopt($popPost, CURLOPT_RETURNTRANSFER, 1);
      // Set Curl Option: Set timeout to 15 seconds
      curl_setopt($popPost, CURLOPT_TIMEOUT, 15);
      // Set Curl Option: Post data
      //curl_setopt($popPost, CURLOPT_POSTFIELDS, $postfields);
      // Execute Request, and store result in $tb_post
      $popPost_result = curl_exec ($popPost);
      // Close Curl
      curl_close ($popPost);
      $start = strpos($popPost_result, 'Account');
      $end = strpos($popPost_result, 'Go');
      $subset = substr($popPost_result, $start, $end+8-$start);
      print $substr;
  }
   
  if (isset($eEmail)) {
      $ePassword = $password2;
      // Put post fields variable together
      $postfields = "email=$eEmail&domain=$eDomain&password=$ePassword&quota=$eQuota";
      // initialise Curl
      $popPost = curl_init();
      // Set Curl Option: URL
      $url = "http://$username:$password@$domain:2082/frontend/$theme/mail/doaddpop.html?$postfields";
      curl_setopt($popPost, CURLOPT_URL, $url);
      // Set Curl Option: Username:Password
      curl_setopt($popPost, CURLOPT_POST, 1);
      // Set Curl Option: Collect result from script
      curl_setopt($popPost, CURLOPT_RETURNTRANSFER, 1);
      // Set Curl Option: Set timeout to 15 seconds
      curl_setopt($popPost, CURLOPT_TIMEOUT, 15);
      // Set Curl Option: Post data
      //curl_setopt($popPost, CURLOPT_POSTFIELDS, $postfields);
      // Execute Request, and store result in $tb_post
      $popPost_result = curl_exec ($popPost);
      // Close Curl
      curl_close ($popPost);
       
      //output results
      $start = strpos($popPost_result, '<b>Account');
      $end = strpos($popPost_result, 'created.');
      $subset = substr($popPost_result, $start, $end+8-$start);
      $subset = str_replace('login ', "login<br>", $subset); //for neatness
      //$subset=str_replace("<!",'<-',$subset); //see the comments
      if (preg_match ('/Sorry/i', "$subset")) {
          print "<br><b>   Sorry that account already exists.</b><br><br><br><br><br><br><br>";
          //print ($subset);
      } elseif(preg_match ('/You must specify/i', "$subset")) {
          print "<br><b>   You must specify a password.</b><br><br><br><br><br><br><br>";
      } else {
          print ($subset);
          print "<br><br>You may now use <b>mail.$domain</b> as your POP3 setting in your mail client or access <b>WebMail</b> by selecting <a href=http://$domain/webmail>Here</a>.
              <center>
              <br><a href=javascript:history.go(-1)>Go Back</a>
              </center>";
      }
  } else {
  ?>

  <form name="emailform" method="post" action="index.php">
    <table border="0" cellspacing="1" align=center cellpadding="0">
      <tr> 
        <td>Prefered Email Address:</td>
        <td colspan="2"><input size=10 value="" name="eEmail" type="text">
      @<?= $domain ?></td>
      </tr>
      <tr> 
        <td>Password:</td>
        <td colspan="2"><input size=10 name="password1" value="" type="password"></td>
      </tr>
      <tr> 
        <td>Retype Password:</td>
        <td colspan="2"><input size=10 name="password2" value="" type="password"></td>
      </tr>
      <tr> 
        <td> </td>
        <td colspan="2"> </td>
      </tr>
      <tr> 
        <td> </td>
        <td width="344"> <div align="center"> 
            <input name="signupbtn" type="button" id="signupbtn" value="Signup" onClick="validateform()">
          </div></td>
        <td width="163"> </td>
      </tr>
    </table>
    <script language="JavaScript1.2">
  
  
  function validateform() {
      if (checkEmailAddress(document.emailform.eEmail)) {
          if(document.emailform.password1.value == document.emailform.password2.value) {
              document.emailform.submit();
          }
          else 
          {
              alert("The passwords you typed do not appear to match");
          }
      }
  }
  
  function checkEmailAddress(field) {
  var good;
  //var goodEmail = field.value.match(/\b(^(\S+@).+((\.com)|(\.net)|(\.edu)|(\.mil)|(\.gov)|(\.org)|(\..{2,2}))$)\b/gi);
  var goodEmail = field.value;
  
  if(goodEmail != "") {
  //if (goodEmail){
     good = true
  } else {
     alert('Please enter a valid e-mail address.')
     field.focus()
     field.select()
     good = false
     }
     return good;
  }
  
  
  </script>
  </form>
<? }
}
}
?>

 

Thanks Dick, I got that working fine, to set-up new email accounts.

 

Is it possible to do something similar, to give a user access to all aspects of the email part of cpanel, without full cpanel access?

thanks

Rick

Share this post


Link to post
Share on other sites
Thanks Dick, I got that working fine, to set-up new email accounts.

 

Is it possible to do something similar, to give a user access to all aspects of the email part of cpanel, without full cpanel access?

thanks

Rick

It's possible but I don't of anything that someone has already created.

Share this post


Link to post
Share on other sites

Welcome to the forums heronbeth :)

 

If you move the config.php file outside your public_html folder as stated above it will be quite safe.

Share this post


Link to post
Share on other sites

Hey,

 

I can't believe I missed that. I did as suggested and all seems to be working.

 

Thanks for all your help and good solution.

 

heronbeth

Share this post


Link to post
Share on other sites

Hi everyone.

1st of all congrats and thanks for this script.

 

My problem is that the prompt does not accept my user and/or password.

After 3 trys i get "Authorization Required." :naughty:

If i modify the index.php so it does not require authorization everything works fine.

My config file is in the "safe" dir outside public_html.

I double checked my config for typos in user/pass.

 

Any thoughts?

 

Thank you :thumbup1:

Share this post


Link to post
Share on other sites

Welcome to the forums, WeBrain! :)

 

My first guess would be that you need to modify the 'require_once("config.php");' line in the script to reference the actual location where you put config.php. For example:

>require_once("/home/cpanelName/config.php");

Share this post


Link to post
Share on other sites

Hi David

 

I did it already in the index.php : "require_once('/home/myusername/safe/config.php');"

 

I dont know whats going wrong...

More ideas/guesses are appreciated :)

Thanks

Share this post


Link to post
Share on other sites

Move your config file back and change back to

>require_once("config.php");

If you still have the same problem then you know its not the path.

Share this post


Link to post
Share on other sites

hi again..

ok moved config.php to stats folder and edited my index.php to require_once("config.php");

It still refuses to accept my username/pass 3 times then gives me the "Authorization Required." page!

 

My config file :

><?php
/************************************************************************/
/* AWStats Access 2.0: Provides access to AWStats outside of cPanel     */
/* ============================================                         */
/* Created for and by members of TotalChoiceHosting.com                 */
/* Copyright (C) 2004 by TotalChoiceHosting.com                         */
/*                                                                      */
/* This file is part of AWStats Access.                                 */
/*  AWStats Access is free software; you can redistribute it and/or     */
/*  modify it under the terms of the GNU General Public License as      */
/*  published by the Free Software Foundation; either version 2 of      */
/*  the License, or (at your option) any later version.                 */
/*                                                                      */
/*  AWStats Access is distributed in the hope that it will be useful,   */
/*  but WITHOUT ANY WARRANTY; without even the implied warranty of      */
/*	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the       */
/*  GNU General Public License for more details.                        */
/*                                                                      */
/*  You should have received a copy of the GNU General Public License   */
/*  along with Foobar; if not, write to                                 */
/*	Free Software Foundation, Inc.                                      */
/*  59 Temple Place, Suite 330                                          */
/*	Boston, MA  02111-1307  USA                                         */
/************************************************************************/

$username = "asdf"; /* used to access this utility */
$password = "asdf"; /* used to access this utility */
$site = "mysite.com";
$cpnlusername = "myCpanelUserName";
$cpnlpassword = "********";
?>

 

My index file

><?php
/************************************************************************/
/* AWStats Access 2.0: Provides access to AWStats outside of cPanel     */
/* ============================================                         */
/* Created for and by members of TotalChoiceHosting.com                 */
/* Copyright (C) 2004 by TotalChoiceHosting.com                         */
/*                                                                      */
/* This file is part of AWStats Access.                                 */
/*  AWStats Access is free software; you can redistribute it and/or     */
/*  modify it under the terms of the GNU General Public License as      */
/*  published by the Free Software Foundation; either version 2 of      */
/*  the License, or (at your option) any later version.                 */
/*                                                                      */
/*  AWStats Access is distributed in the hope that it will be useful,   */
/*  but WITHOUT ANY WARRANTY; without even the implied warranty of      */
/*	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the       */
/*  GNU General Public License for more details.                        */
/*                                                                      */
/*  You should have received a copy of the GNU General Public License   */
/*  along with Foobar; if not, write to                                 */
/*	Free Software Foundation, Inc.                                      */
/*  59 Temple Place, Suite 330                                          */
/*	Boston, MA  02111-1307  USA                                         */
/************************************************************************/

require_once("config.php");

if (!isset($PHP_AUTH_USER)) {

header('WWW-Authenticate: Basic realm="Site Statistics"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;

} else if (isset($PHP_AUTH_USER)) {
if (($PHP_AUTH_USER != $username) || ($PHP_AUTH_PW != $password)) {

header('WWW-Authenticate: Basic realm="Site Statistics"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
}
else {
if($QUERY_STRING == ""){$query = "config=$site";}else{$query=$QUERY_STRING;};

$Previous = false;
if(isset($_POST))
{
foreach($_POST as $key => $value)
{
if($Previous)
{
 $POSTED .= "&";
}

$POSTED = "$key=$value";

$Previous = true;
}
}

$Curl = curl_init("http://$cpnlusername:$cpnlpassword@$site:2082/awstats.pl?$query");
if(isset($_POST))
{
curl_setopt($Curl, CURLOPT_POST, TRUE);
curl_setopt($Curl, CURLOPT_POSTFIELDS, $POSTED);
}
curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1);
$results = curl_exec($Curl);

for ($i = 0; $i < count($return_message_array); $i++) {
 $results = $results.$return_message_array[$i];
}

if($query == "config=$site"){$results = str_replace("src=\"", "src=\"?", $results);}

if($framename==index){$results = str_replace("src=\"", "src=\"index.php?", $results);}

$results = str_replace("action=\"", "action=\"index.php?", $results);
$results = str_replace("href=\"", "href=\"?", $results);
$results = str_replace("href=\"?http://", "href=\"http://", $results);
$results = str_replace("awstats.pl?", "", $results);

echo $results;
}
}
?>

 

It Should work as i cant see anything wrong there :)

Share this post


Link to post
Share on other sites

Ok i solved the problem with a work around.

I took the config to a safe folder, disabled authentication in index.php and password protected my stats folder in cPanel.

Everything runs as i want now.

I can go on vacations finally hehe

 

Thanks for trying to help.

Share this post


Link to post
Share on other sites
Ok i solved the problem with a work around.

I took the config to a safe folder, disabled authentication in index.php and password protected my stats folder in cPanel.

Everything runs as i want now.

I can go on vacations finally hehe

 

Thanks for trying to help.

 

hello.

many thanks , i to have the same problem where the user and password is rejected.

i know about password protecting but wouldnt know where to start when trying to disabled the authentication in the index.php file.

 

can anyone please advise.

 

Kind Regards

Carl

Share this post


Link to post
Share on other sites

thanks for the welcome.

 

as far as i can see i have done all correctly.

I have however deveated slightly as i already have a folder called stats so called it awstats , i didnt see a problem , i could be wrong.

 

i have set the options in the config file, username/passwords for login and cpanel access.

and the site name.

 

i have placed the config file in root/safe folder.

 

when i go to log in i have the popup box asking for my username and password but i cant get past this.

 

any suggestions ?

 

Many thanks

Carl

Share this post


Link to post
Share on other sites

Carl, welcome to the forums, sorry I didn't welcome you before.

 

I have installed this twice using those instructions.

 

In my index file I have entered the full path to the config file

>include("/home/my-cpanel-id/my-config-folder/config.php");

 

In my config file I have changed the following values:

 

>$username = "uesr-for-access"; /* used to access this utility */
$password = "password-for-access"; /* used to access this utility */
$site = "my-domain.ext";
$cpnlusername = "my-cpanel-name";
$cpnlpassword = "my-cpanel-password";

Share this post


Link to post
Share on other sites

Hya 4thStar...

Just comment out the following section of the code :

 

>/*if (!isset($PHP_AUTH_USER)) {

header('WWW-Authenticate: Basic realm="Site Statistics"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;

} else if (isset($PHP_AUTH_USER)) {
if (($PHP_AUTH_USER != $username) || ($PHP_AUTH_PW != $password)) {

header('WWW-Authenticate: Basic realm="Site Statistics"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
}
else {*/

 

Then password protect the stats dir using cpanel.

Hope this helps :)

Share this post


Link to post
Share on other sites

Hi everyone,

 

Thanks for this script. I'm close to getting it working. I've disabled the login code, moved the config.php to a folder outside public_html, and edited all settings properly (as far as I can tell). The stats page loads, there is frenzied activity on the status bar (things loading, etc.) then it finishes and I get a blank page. Happens in FF and IE.

 

I've checked for blank lines at the end of config.php and the script itself, no luck.

 

Once I get it working I'll password protect the folder in cpanel but I haven't done that yet.

 

What can I check?

 

I did see something that confused me - is there only ONE config.php, in the folder outside of public_html? Or is there two, one pointing to the other? (I did make the change in the 'require once' section of the script).

 

Thanks in advance,

 

-kj-

Share this post


Link to post
Share on other sites

I'd just like to add a small correction that TCH-Don just helped me figure out. In posts #3 and #17 above showing how to keep the config.php file safe, the line

>require_once('/home/cpaneluser/safe/config.php')

doesn't have the ";" after it, which was something that a newbie like me might not know to add. Hope this helps someone like me who's lost! :)

Share this post


Link to post
Share on other sites

Hi,

 

Firstly, thanks for such a great script.

 

Would it be possible to use the cpanel-skel files to have this setup for all new accounts created, and then just a matter of editing the config.php via ssh ?

 

Would it work ?

 

Regards

Anton.

Share this post


Link to post
Share on other sites

Welcome to the forums Anton. :)

 

TCH does not control what is included with cPanel and cPanel updates frequently.

Share this post


Link to post
Share on other sites

Welcome to the forums Anton :)

 

We do not have ssh for security reasons.

 

Since you would have to edit the file anyway,

it seems just as easy to upload the modified version.

Share this post


Link to post
Share on other sites

Hi and thanks for the very friendly welcome to your forum.

 

The awstats script was working great, now when I go to the stats url I get a 406 error "HTTP 406 Not Acceptable"

 

Internet Explorer cannot read this webpage format

 

The only thing I can think of that may have happened between the time it was working and now - was the cpanel update.

 

Can you guys suggest anything I should look into ?

 

Regards

Anton.

Edited by beaviss

Share this post


Link to post
Share on other sites

Welcome to the forums Anton :)

Share this post


Link to post
Share on other sites

I am having the issue that I see others have had where I get prompted to log in, which I do, then I get blank page (view source returns <html></html). I believe I have $site set correctly (aadallas.org). Any ideas?

Share this post


Link to post
Share on other sites

I have installed this three times.

 

In my index file I have entered the full path to the config file

>include("/home/my-cpanel-id/my-config-folder/config.php");

 

In my config file I have changed the following values:

 

>$username = "user-for-access"; /* used to access this utility */
$password = "password-for-access"; /* used to access this utility */
$site = "my-domain.ext";
$cpnlusername = "my-cpanel-name";
$cpnlpassword = "my-cpanel-password";

Share this post


Link to post
Share on other sites

I just uploaded this to another domain I manage and had no issues. There are only 2 files to upload, the index.php file and the config.php file. Make sure you have your domain name correct in your config file.

Share this post


Link to post
Share on other sites

I'm using aadallas.org. When I try anything else, I get error messages. With aadallas.org, I get no error, but just a blank screen.

Edited by TCH-Bruce

Share this post


Link to post
Share on other sites

It was my understand that TCH would not support this (so it says on the FAQ regarding Statistics.) I'll try anyway.

Share this post


Link to post
Share on other sites

Generally they wouldn´t, but you can ask.

 

What I think Bruce means is that if it works for him it should work for you, so maybe there is server thing that needs to be looked at.

Share this post


Link to post
Share on other sites

Ok, they did help getting working, however, none of the images or hyperlinks or drop down menus work. Every one of them has this in front of the url:

 

/stats/index.php?

 

so an img src looks like this:

 

src="/stats/index.php?/images/awstats/other/vu.png"

 

Any ideas on how to fix that?

Share this post


Link to post
Share on other sites

Hi Guys,

 

Thanks so much for sharing this script. My clients love it.

 

I am having a little trouble and wonder if you can point me in the right direction.

 

I download awstats.zip and extracted, but I didnt get an images directory included.

 

I have moved the actual config file to /home/user/safe/config.php and made reference to it as outlined in the install instructions by creating /home/user/public_html/stats/config.php with contents

<?php include("/home/user/safe/config.php"); ?>

 

Everything seems to work fine, authentication works, and I can see that it is loading something as the progress bar moves progressively across and then says at the top of the page:

statistics for domain.com (2008-04)

 

But I get a blank page :wallbash:

 

Am I supposed to put images somewhere ? If yes, where do I get them from and where do I put them ?

 

Further, are there any special requirements for this script I may need to compile in ? The old script worked fine that had images under the stats directory.

 

I have tried this on IE and Safari and I get the same result.

 

Any suggestions / help greatly appreciated.

 

Kind regards

Winston.

Edited by winston1975

Share this post


Link to post
Share on other sites

Welcome to the forums Winston :wallbash:

 

No there are no images needed to be loaded. If it's not working I'm sure if you opened a ticket with the help desk they would check it for you.

 

I use this on three different sites and it works as advertised. ;)

Share this post


Link to post
Share on other sites

Hi,

 

I am not a TCH client. I run my own server and stumbled upon your script when a client requested it.

 

Is there anything you can suggest that could help me ie, common causes for this....an apache module missing etc ?

 

Should I need to perhaps do a sym link to the awstats pics ?

 

Kind regards

Winston.

Share this post


Link to post
Share on other sites

Ah, sorry, thought you had an account here. I have no idea of the server configuration, I am a moderator and don't have access to that information sorry.

Share this post


Link to post
Share on other sites

Has something changed? I was trying to set up the AWStats access to a new client and it would not accept the username/password. I check that I had things set correctly and everything was ok. I then thought to check client site where I'd previously set this up and it had been working... and it is not working.

 

This is the first time I've checked this since moving to the new server... and maybe the first time since the migration to PHP5, I can't remember that for a fact.

Share this post


Link to post
Share on other sites

I run this on several sites hosted here and it works. If you are having issues please open a ticket with the help desk and have one of the techs take a look.

Share this post


Link to post
Share on other sites

I had that same problem for a while. Then it dawned on me that I have register_globals turned off on all my sites, and the AWStats script was written as if register_globals is on. The login was trying to access things like $PHP_AUTH_USER instead of $_SERVER['PHP_AUTH_USER']. A very little editing of the script and all was well.

 

Could this be your problem?

Share this post


Link to post
Share on other sites

Thanks for chipping in btrfld. There were maybe two things going on. One seemed to clear up while tech support was looking at it (or I was doing something wrong, so maybe that was a non-issue.)

 

The problem on the new site I was setting up seemed to be due to my using the dollar sign in the password. It works fine to use '$' for password protected directories, but not for this script. I'm guessing this remote stats access script, which is written in PHP, chokes on the dollar sign.

 

Yeah, I know $ denotes a variable in PHP, but I would have thought the authentication process was being handled by the same mechanism as protected directories, but apparently not. I changed the $ to S and it worked fine.

Share this post


Link to post
Share on other sites
The problem on the new site I was setting up seemed to be due to my using the dollar sign in the password. It works fine to use '$' for password protected directories, but not for this script.

 

Just change the "double" quotes to 'single' quotes around the value for $password and it will work fine with the dollar sign in the password.

Share this post


Link to post
Share on other sites
I had that same problem for a while. Then it dawned on me that I have register_globals turned off on all my sites, and the AWStats script was written as if register_globals is on. The login was trying to access things like $PHP_AUTH_USER instead of $_SERVER['PHP_AUTH_USER']. A very little editing of the script and all was well.

 

Could this be your problem?

 

This was my issue. I turned "register_globals" back on temporarily and the script worked - no more blank screen.

 

However, looking in the PHP script (I'm no adept PHPer mind you), I don't see your references to $PHP_AUTH_USER. but rather $_SERVER['PHP_AUTH_USER'].

 

Could you provide a little more guidance so I can turn register_globals back off?

 

Thanks.

Share this post


Link to post
Share on other sites

I've been using the awstat script successfully for a while now but I am now experiencing a problem with it not recognizing the username and/or password. I tried all the suggestions in this thread without success. Has anyone come across another correction. Thanks.

Share this post


Link to post
Share on other sites
I've been using the awstat script successfully for a while now but I am now experiencing a problem with it not recognizing the username and/or password. I tried all the suggestions in this thread without success. Has anyone come across another correction. Thanks.

I just tried a couple of my domains and it is still working fine. You might want to submit a help ticket to see if something changed in the configuration of your server.

Share this post


Link to post
Share on other sites

Welcome to the forum, chemdata. :)

 

wkg is correct, please submit a ticket and ask the techs if something´s changed on your server.

Share this post


Link to post
Share on other sites

Welcome to the forum, chemdata, :)

 

Check the config file and be sure you are using the correct user/password combination too.

Share this post


Link to post
Share on other sites

Welcome to all of you. I should have added at the start that I am presently not using TotalChoice as my webhost. I came here because originally when I went to them asking for guidance they could not provide it. I then found your script and had been using it successfully up to now. I know that they recently went to using suPHP but I don't know if this is what is causing my problem. I have checked my config.php file and the information in there is correct. Again thanks for the help.

Share this post


Link to post
Share on other sites

Bruce don't tempt me. Seriously I do appreciate everyones help. If I finally get it going (doubtful) I will let you guys know what did it. Once again my thanks to everyone.

Share this post


Link to post
Share on other sites

I found a different script on the internet at http://www.josheli.com/vox/view_source.php?awstats.php. I was able to use this script but only after modifying my php.ini file to include allow_url_fopen = On and placing it, the awstats.php file and all the awstat images in a directory called awstats_images within a subdirectory which I called stats. I can now get the awstats page visible without going through my cpanel. Once again thanks for all the help.

Share this post


Link to post
Share on other sites