Current time: 11-27-2024, 09:17 AM Hello There, Guest! (LoginRegister)


Post Reply 
Awstats password protection
Author Message
sci2tech Away
Senior Member
****

Posts: 1,285
Joined: Jan 2007
Reputation: 23
Post: #61
RE: Awstats password protection
Please test in r1405
Update: on domain creation a new group named statistics will be added. Any user that belong to this group will be able to access statistics pages. Once statistic group is created, can not be anymore deleted, but users can be added / removed to / from this group. Management is done via WEBTOOLS -> Group/User management
(This post was last modified: 11-28-2008 04:45 AM by sci2tech.)
11-27-2008 09:21 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Cube Offline
Member
***

Posts: 740
Joined: Apr 2007
Reputation: 9
Post: #62
RE: Awstats password protection
Wow, great. Finally my most awaited feature is ready. Thank you very much. Smile

But how do I use it? I just updated to the latest trunk and regenerated the configs. There are the new parts in the apache-config, but the the .ht*-files are empty.
11-28-2008 05:07 AM
Find all posts by this user Quote this message in a reply
sci2tech Away
Senior Member
****

Posts: 1,285
Joined: Jan 2007
Reputation: 23
Post: #63
RE: Awstats password protection
Create a group named statistics in WEBTOOLS -> Group/User management if not exists. Add a user to this group. Access http://domain.tld/stats/ . Now enter user assigned to statistics group with his password. .htgroup is updated only if at least one group has at least one user assigned. Users goes to .htpasswd.
(This post was last modified: 11-28-2008 06:27 AM by sci2tech.)
11-28-2008 06:25 AM
Visit this user's website Find all posts by this user Quote this message in a reply
momo Offline
Junior Member
*

Posts: 148
Joined: Jun 2008
Reputation: 1
Post: #64
RE: Awstats password protection
wo! that is nice!

Great work sci2tech
01-16-2009 06:36 AM
Find all posts by this user Quote this message in a reply
momo Offline
Junior Member
*

Posts: 148
Joined: Jun 2008
Reputation: 1
Post: #65
RE: Awstats password protection
There is a little mistake in user panel, webtools.

Group/User management 'icon' works fine but
Group/User management 'link' point to "protected_areas.php

RC7 build 20081212
01-20-2009 08:38 AM
Find all posts by this user Quote this message in a reply
simple Offline
Junior Member
**
Graph Team

Posts: 143
Joined: Dec 2006
Reputation: 0
Post: #66
RE: Awstats password protection
Error is already fixed in the trunk, I wanted to post this as a ticket and got the solution there.
01-20-2009 08:44 AM
Visit this user's website Find all posts by this user Quote this message in a reply
bulforce Offline
Junior Member
*

Posts: 63
Joined: Oct 2007
Reputation: 0
Post: #67
RE: Awstats password protection
i found a little security bug. I tried to open a ticked but trac is saying something about potential spam...

So here is the security flaw i found...

Straigh to example:

Site-A.tld and Site-B.tld are both users in the sytem.

The owner of Site-A.tld can see the stats for Site-B.com without knowing the password by doing this:

http://Site-A.tld/stats/awstats.pl?config=Site-B.tld

I know its not a major issue but it makes the password protection less powerfull.

Thanks
01-29-2009 04:31 PM
Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #68
RE: Awstats password protection
You´r right!
Here is the Ticket --> http://www.isp-control.net/ispcp/ticket/1626

Greez BeNE
01-29-2009 04:46 PM
Visit this user's website Find all posts by this user Quote this message in a reply
sci2tech Away
Senior Member
****

Posts: 1,285
Joined: Jan 2007
Reputation: 23
Post: #69
RE: Awstats password protection
Fixed (please test) in r1463. Thank you.
01-29-2009 10:26 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)