download counter

How do you count how many times a file is downloaded from your homepage?
hhAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

julio011597Commented:
Take the link that points to the file to download, and make that link point to a CGI instead.

The CGI should just:

1. work as a counter, i.e. increment a value in some file;
2. redirect the client browser to the file to download.

If you need the code, you should specify OS and WebServer you are on.
BTW, i could give you some C code.

Rgds, julio
0
dankarranCommented:
Try this script: (put it into a cgi-bin directory in your site.
(you will need to change some of the variables)

#!/usr/bin/perl

#Call the file using <a href=/yourusername/cgi-bin/filedl.cgi?filename.zip>

unless ($ENV{'QUERY_STRING'}) {
exit;
}

$counter = $ENV{'QUERY_STRING'} . ".cnt";
unless (-e $counter) {
open (COUNT,">$counter");
print COUNT "0\n";
close COUNT;
}

$count = 0;
open (COUNTER,$counter) || die "Content-type:text/plain\n\nCan't open $counter!\n";
$count = <COUNTER>;
close COUNTER;
$count++;
open (COUNTER,">$countname");
print COUNTER "$count\n";
close COUNTER;

print "Location: /yourusername/filename.zip\n\n";

exit;
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hhAuthor Commented:
to julio

the OS is UNIX and the adress is http://sdf.lonestar.org/~hh
0
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

dankarranCommented:
Ok, I spooted a fault in the previous script, so use this instead....


#!/usr/bin/perl

#Call the file using <a href=/~hh/cgi-bin/filedl.cgi?filename.zip>
unless ($ENV{'QUERY_STRING'}) {
print "Location: $ENV{'HTTP_REFERER'}\n\n";
exit;
}
$counter = $ENV{'QUERY_STRING'} . ".cnt";
unless (-e $counter) {
open (COUNT,">$counter");
print COUNT "0\n";
close COUNT;
}
$count = 0;
open (COUNTER,$counter) || die "Content-type:text/plain\n\nCan't open
$counter!\n";
$count = <COUNTER>;
close COUNTER;
$count++;
open (COUNTER,">$countname");
print COUNTER "$count\n";
close COUNTER;
print "Location: http://sdf.lonestar.org/~hh/$ENV{'QUERY_STRING'}\n\n";
exit;
0
ozoCommented:
That looks like it could be dangerous to call that with something like
/cgi-bin/filedl.cgi?|rm+filedl.cgi;
(and the die will print to STDERR, not STDOUT,
and $countname seems to be undefined)
0
dankarranCommented:
Ok, some fixes - but I don't know about that /cgi-bin/filedl.cgi?|rm+filedl.cgi; loophole, how could I fix that ozo?
I don't know why that $countname wasn't picked up when I tested it - usually when I do something like that, I get an error 500. And it wasn't thrown up when I tested it through the command line.


Dan


#!/usr/bin/perl
#Call the file using <a href=/~hh/cgi-bin/filedl.cgi?filename.zip>
unless ($ENV{'QUERY_STRING'}) {
print "Location: $ENV{'HTTP_REFERER'}\n\n";
exit;
}
$counter = $ENV{'QUERY_STRING'} . ".cnt";
unless (-e $counter) {
open (COUNT,">$counter");
print COUNT "0\n";
close COUNT;
}
$count = 0;
open (COUNTER,$counter);
$count = <COUNTER>;
close COUNTER;
$count++;
open (COUNTER,">$counter");
print COUNTER "$count\n";
close COUNTER;
print "Location: http://sdf.lonestar.org/~hh/$ENV{'QUERY_STRING'}\n\n";
exit;
0
dankarranCommented:
Ok, some fixes - but I don't know about that /cgi-bin/filedl.cgi?|rm+filedl.cgi; loophole, how could I fix that ozo?
I don't know why that $countname wasn't picked up when I tested it - usually when I do something like that, I get an error 500. And it wasn't thrown up when I tested it through the command line.


Dan


#!/usr/bin/perl
#Call the file using <a href=/~hh/cgi-bin/filedl.cgi?filename.zip>
unless ($ENV{'QUERY_STRING'}) {
print "Location: $ENV{'HTTP_REFERER'}\n\n";
exit;
}
$counter = $ENV{'QUERY_STRING'} . ".cnt";
unless (-e $counter) {
open (COUNT,">$counter");
print COUNT "0\n";
close COUNT;
}
$count = 0;
open (COUNTER,$counter);
$count = <COUNTER>;
close COUNTER;
$count++;
open (COUNTER,">$counter");
print COUNTER "$count\n";
close COUNTER;
print "Location: http://sdf.lonestar.org/~hh/$ENV{'QUERY_STRING'}\n\n";
exit;
0
ozoCommented:
#!/usr/bin/perl -w
will catch errors like $countname when testing through the command line.
#!/usr/bin/perl -w
use strict;
will catch even more.

open (COUNTER,"<$counter") or (print "Content-type:text/plain\n\nCan't open counter!\n" and die);
might prevent filedl.cgi?|rm+filedl.cgi;
from invoking shell commands, but not from opening strange files
(counts could also be lost if two people call the file at the samr time,
but that may not be as serious a problem)
0
dankarranCommented:
what exactly does that rm thingie do?
0
ozoCommented:
looking up the open command in perlfunc, we see that if the filename begins with a |,
the filename is interpreted as a command to which output is to be piped, so
open (COUNTER,"|rm filedl.cgi;.cnt");
may try to execute a command which we'd rather not execute.
0
hhAuthor Commented:
well What is the final script
0
dankarranCommented:
ozo, could you correct the script to stop the rm thingie, then post it back?

Thanks for your help,
Dan
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.