I did a (quite dirty) hack for enabling authentication of stats in static mode.
At first, since mod_auth_mysql is not available on etch and dbd has no mysql-support, the only alternative is libapache2-mod-auth-pam which could be made using libpam-mysql. BUT: libpam-mysql has problems to support md5-password.
So another "hack" is needed. Please see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373834
When the new package is built, install it, and configure as follows:
1. Install libapache2-mod-auth-pam
Code:
apt-get install libapache2-mod-auth-pam -y
2. Create .htaccess e.g. in /var/www/ispcp/engine/awstats/ with the following content:
Code:
AuthPAM_Enabled on
AuthPAM_FallThrough off
AuthType Basic
AuthName "Restricted area"
AuthUserFile /dev/null
AuthBasicAuthoritative Off
Require valid-user
3. Make /etc/pam.d/apache2 looking like this:
Code:
auth required pam_mysql.so user=root passwd=YOUR_PASS host=localhost db=ispcp table=admin usercolumn=admin_name passwdcolumn=admin_pass crypt=3
account required pam_mysql.so user=root passwd=YOUR_PASS host=localhost db=ispcp table=admin usercolumn=admin_name passwdcolumn=admin_pass crypt=3
#@include common-auth
#@include common-account
4. Edit /var/www/ispcp/engine/ispcp-dmn-mngr
after (currently lines 1911-1921)
Code:
if ($main::cfg{'AWSTATS_ACTIVE'} eq 'yes' && $main::cfg{'AWSTATS_MODE'} eq 1) {
if (! -d "$www_dir/$dmn_name/statistics") {
$rs = make_dir(
"$www_dir/$dmn_name/statistics",
$sys_user,
$sys_group,
0755
);
return $rs if ($rs != 0);
}
insert
Code:
if (! -e "$www_dir/$dmn_name/statistics/.htaccess") {
$rs = sys_command("$main::cfg{'CMD_CP'} -p $root_dir/engine/awstats/.htaccess $www_dir/$dmn_name/statistics/");
return $rs if ($rs != 0);
$rs = setfmode("$www_dir/$dmn_name/statistics/.htaccess", $sys_user, $sys_group, 0644);
return $rs if ($rs != 0);
}
and the same again after
Code:
if ($main::cfg{'AWSTATS_ACTIVE'} eq 'yes' && $main::cfg{'AWSTATS_MODE'} eq 1) {
if (! -d "$www_dir/$dmn_name/statistics") {
$rs = make_dir(
"$www_dir/$dmn_name/statistics",
$sys_user,
$sys_group,
0755
);
return $rs if ($rs != 0);
}
(currently lines 2347-2357)
5. Tell ispcp that there are changes which are needed to be processed.
Code:
mysql -u root -p<password>
mysql>USE ispcp
mysql>UPDATE domain SET domain_status = 'change' WHERE domain_status = 'ok';
mysql>quit
6. Run the update
Code:
/var/www/ispcp/engine/ispcp-rqst-mngr
Now your users have protected stats which can only be seen through authentication with their ispcp-admin-login and the corresponding password.
Note: If one knows another hosting on this machine, he/she it is able to see the other users stats while entering his own credentials!
Feedback is welcome! :-)
Search
Member List
Calendar
Help
