+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Development Area (/forum-1.html)
+--- Forum: Suggestions (/forum-2.html)
+--- Thread: Awstats password protection (/thread-1562.html)
RE: Awstats password protection - sci2tech - 11-27-2008 09:21 AM
Please test in r1405
Update: on domain creation a new group named statistics will be added. Any user that belong to this group will be able to access statistics pages. Once statistic group is created, can not be anymore deleted, but users can be added / removed to / from this group. Management is done via WEBTOOLS -> Group/User management
RE: Awstats password protection - Cube - 11-28-2008 05:07 AM
Wow, great. Finally my most awaited feature is ready. Thank you very much.
But how do I use it? I just updated to the latest trunk and regenerated the configs. There are the new parts in the apache-config, but the the .ht*-files are empty.
RE: Awstats password protection - sci2tech - 11-28-2008 06:25 AM
Create a group named statistics in WEBTOOLS -> Group/User management if not exists. Add a user to this group. Access http://domain.tld/stats/ . Now enter user assigned to statistics group with his password. .htgroup is updated only if at least one group has at least one user assigned. Users goes to .htpasswd.
RE: Awstats password protection - momo - 01-16-2009 06:36 AM
wo! that is nice!
Great work sci2tech
RE: Awstats password protection - momo - 01-20-2009 08:38 AM
There is a little mistake in user panel, webtools.
Group/User management 'icon' works fine but
Group/User management 'link' point to "protected_areas.php
RC7 build 20081212
RE: Awstats password protection - simple - 01-20-2009 08:44 AM
Error is already fixed in the trunk, I wanted to post this as a ticket and got the solution there.
RE: Awstats password protection - bulforce - 01-29-2009 04:31 PM
i found a little security bug. I tried to open a ticked but trac is saying something about potential spam...
So here is the security flaw i found...
Straigh to example:
Site-A.tld and Site-B.tld are both users in the sytem.
The owner of Site-A.tld can see the stats for Site-B.com without knowing the password by doing this:
http://Site-A.tld/stats/awstats.pl?config=Site-B.tld
I know its not a major issue but it makes the password protection less powerfull.
Thanks
RE: Awstats password protection - BeNe - 01-29-2009 04:46 PM
You´r right!
Here is the Ticket --> http://www.isp-control.net/ispcp/ticket/1626
Greez BeNE
RE: Awstats password protection - sci2tech - 01-29-2009 10:26 PM
Fixed (please test) in r1463. Thank you.