Awstats password protection

[memic]

i wrote a little script to create a htpasswd file for awstats access,
my Apache Directory in /etc/apache2/sites-enabled/01_awstats.conf looks like this:

<Directory /usr/lib/cgi-bin>
Options +ExecCGI
DirectoryIndex awstats.pl
Order allow,deny
Allow from all

AuthType Basic
AuthName "AWStats"
AuthUserFile /etc/apache2/awstatsusers
Require valid-user <- no users needed here since this is done in the awstats config files
</Directory>

I changed the template /etc/ispcp/awstats/awstats.ispcp_tpl.conf, the same way i have seen this in post before:

AllowAccessFromWebToAuthenticatedUsersOnly="1"
AllowAccessFromWebToFollowingAuthenticatedUsers="{DOMAIN_NAME}"

My first idea was to use the md5 sums from the admin table
to create the htpasswd file, but there is the problem that
md5sum which htpasswd creates are salted, so there is no
way to use the existing hashes for authentication.

Here is the script, it does the job of creating a password
for every domain in the /etc/apache2/awstatsusers file.
Attention the file /etc/apache2/awstatsusers gets deleted every
time, and new passwords are generated.
Fell free to edit/copy do whatever..

#!/usr/bin/perl -w

use DBI;

my $dbh = DBI->connect('dbi:mysql:ispcp:localhost:3306','root','yourpassword',{ RaiseError => 1, AutoCommit => 1});

my $sql = qq{select admin_name from admin;};
my $sth = $dbh->prepare($sql);
$sth->execute();

my $mypass="";
unlink ("/etc/apache2/awstatsusers");
system ("touch /etc/apache2/awstatsusers");
while(@ergebnis=$sth->fetchrow_array)
{

$mypass=randomPassword();
print $ergebnis[0], ":", $mypass, "\n";

system "htpasswd -mb /etc/apache2/awstatsusers $ergebnis[0] $mypass &> /dev/null";
}
sub randomPassword {
my $password;
my $_rand;

my $password_length = $_[0];
if (!$password_length) {
$password_length = 10;
}

my @chars = split(" ", "a b c d e f g h i j k l m n o
p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9");

srand;

for (my $i=0; $i <= $password_length ;$i++) {
$_rand = int(rand 36);
$password .= $chars[$_rand];
}

return $password;
}

---------

maybe a new table for the awstats user should be added, with
the possibilty to change the the password via webinterface, as
default password the login password for the domain.

memic