What is this?

This is a trivial patch for AwStats to allow hash-based access to domain statistics. It works by comparing a randomly generated hash read from a SQL database, and then checking that the string in the database matches the given query string.

Why?

This patch was born to provide an alternative authentication mechanism to AwStats. AwStats in itself supports HTTP authentication, but in some cases HTTP authentication is too rigid for an application, for example if you have a custom authentication scheme using PHP's sessions.

Requirements

Perl modules:

• DBI and appropriate DBD, for exmaple DBD::mysql. You can get these from CPAN.

Download

Right-click and choose "Save File As..." or "Save Target As..."

• for AwStats version 6.4
• for AwStats version 6.5
• for AwStats version 6.7

How-to

Download the patch above and the AwStats software from awstats.sf.net.

Extract AwStats sources.

Download that patch into the same directory as the extracted AwStats sources.

Edit the patch to reflect your database setup (SQL type, host, port, user and password).

Apply the patch using patch -p0 < awstats-sqlhash-<version>.patch.

When linking to AwStats, make sure you include the "hash" query string. For example:

http://mydomain.org/awstats.pl?config=mydomain.org&hash=7vuj60qdbjedu7b9rtiqj8nir1&tbl=mytable

Exmaple PHP code

Below is an example of how you could generate a hash:

  if (!isset($_SESSION['hash']) || $_SESSION['hash']=="") {
   $dbh = DB::connect("$dbType://$dbUser:$dbPass@$dbHost/$dbName");
   $_SESSION['hash'] = sha1(microtime(true) . mt_rand(0, 1000)); 
   $result = $dbh->query("UPDATE $GLOBALS[webshop_config] SET awstats_hash='" . $_SESSION['hash'] . "'"); 
   if (PEAR::isError($result)) { die($result->getMessage()); }
  }

  echo "<a href=\"http://mydomain.org/stats/awstats.pl?config=mydomain.org&hash=$_SESSION[hash]&tbl=table\">Statistics</a>";

Further documentation

• AwStats website