The last days I was thinking about frontend authentication. We cannot use $AllowAccessFromWebToAuthenticatedUsersOnly because we already had a customer backend and I didn't want to change its login to HTTP auth.
What came to my mind was a cookie with a secure hash which the backend sets and awstats compares with the same algorithm. This hash has to be different from config to config because otherwise the customers could look at one anothers statistics, and different from installation to installation because otherwise everyone could just hash the certain string and set the cookie manually. So in the end my idea is this:
So I have the following new config variables:
Any user should modify this affixes because of above-named reasons!
For the code see the attached patch.