So, the time came to tackle this GoAccess problem... Scenario: * Website is deployed with GoAccess admin / password; * The second day (goaccess must generate data) when I try to login it always deny; What I have checked: * .htpasswd_stats file is updated when password is changed. I assume it is correct update. * .htaccess and .htpasswd_stats files are owned by root:root and have permissions 0755. I have tried to change that value to 0644 (as it suppose to be) and set file ownership to the user/group. No effect. * Checked database entry. It is equal to content in .htpasswd_stats file. * The task in ISPC completes without errors. * Password change was performed via API and directly in ISPC. The result was the same. What else to check? Now, on the other domain in same server GoAccess works! I have 80 domains across 4 servers, 37 domains has broken GoAccess and I have no clue where to look for the problem...
Just a guess as you mention the API, you likely read the record of the website automatically via get function and then pass it back, but you miss emptying the password fields. So when you pass it back, the already encrypted password get's passed again and is treated as a clear text password and therefore is encrypted again. Take care to not pass passwords that you retrieved in encrypted form back to the API, instead, pass an empty field or remove the field from the array.
Are you saying that each time I do web_domain table record update via API I must pass 'stats_password' field empty? Like this: $connection['stats_password'] = '';
Yes you have to set the password fields to an empty string when you hand over the array to the api so that the API knows to not change the currently set password. If you pass in the already existing one it hashes the hash and your passwords change.
