On 5/31/05, Scott Lundgren <[EMAIL PROTECTED]> wrote: > > I'm pretty sure I'm crazy but sometimes it's good to ask others just to > make sure. I'm setting up awstats (http://awstats.sf.net) for a number of > groups. > I choose awstats because these groups are generally non-technical and > awstats navigation when run as a cgi tested well for user-friendliness > with them. As such a user would access their stats at: > > webstats.example.com/cgi-bin/awstats.pl?config=group1 > webstats.example.com/cgi-bin/awstats.pl?config=group2 > webstats.example.com/cgi-bin/awstats.pl?config=group3 > etc > > However each group could see each other's statistics simply by guessing > and changing the query string. Ordinarily I would solve this by setting up > a mod_rewrite to something like > > webstats.example.com/group1 > > with an appropriate .htaccess file mapped to that now virtual location. > However I'm not allowed to use mod_rewrite (long story). > > Is there another way that once I authenticate a user to a uRL like > > webstats.example.com/cgi-bin/awstats.pl > > I can prevent the group1 user from accessing > > webstats.example.com/cgi-bin/awstats.pl?config=group2 > > thank you for the spare brain cells mine are done cooked,
Just off the top of my head, how about hiding awstats behind an outer cgi shell which does the authentication on the parameters and then calls awstat.pl if everything is copacetic. As a matter of fact, couldn't you just write group1stats.pl which is in the group1 directory (protected by .htaccess) which just invokes awstats.pl adding the config=group1 parameter, and repeat for group2 through groupn -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
