hh
asked on
download counter
How do you count how many times a file is downloaded from your homepage?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I spooted a fault in the previous script, so use this instead....
#!/usr/bin/perl
#Call the file using <a href=/~hh/cgi-bin/filedl.c gi?filenam e.zip>
unless ($ENV{'QUERY_STRING'}) {
print "Location: $ENV{'HTTP_REFERER'}\n\n";
exit;
}
$counter = $ENV{'QUERY_STRING'} . ".cnt";
unless (-e $counter) {
open (COUNT,">$counter");
print COUNT "0\n";
close COUNT;
}
$count = 0;
open (COUNTER,$counter) || die "Content-type:text/plain\n \nCan't open
$counter!\n";
$count = <COUNTER>;
close COUNTER;
$count++;
open (COUNTER,">$countname");
print COUNTER "$count\n";
close COUNTER;
print "Location: http://sdf.lonestar.org/~hh/$ENV{'QUERY_STRING'}\n\n";
exit;
#!/usr/bin/perl
#Call the file using <a href=/~hh/cgi-bin/filedl.c
unless ($ENV{'QUERY_STRING'}) {
print "Location: $ENV{'HTTP_REFERER'}\n\n";
exit;
}
$counter = $ENV{'QUERY_STRING'} . ".cnt";
unless (-e $counter) {
open (COUNT,">$counter");
print COUNT "0\n";
close COUNT;
}
$count = 0;
open (COUNTER,$counter) || die "Content-type:text/plain\n
$counter!\n";
$count = <COUNTER>;
close COUNTER;
$count++;
open (COUNTER,">$countname");
print COUNTER "$count\n";
close COUNTER;
print "Location: http://sdf.lonestar.org/~hh/$ENV{'QUERY_STRING'}\n\n";
exit;
That looks like it could be dangerous to call that with something like
/cgi-bin/filedl.cgi?|rm+fi ledl.cgi;
(and the die will print to STDERR, not STDOUT,
and $countname seems to be undefined)
/cgi-bin/filedl.cgi?|rm+fi
(and the die will print to STDERR, not STDOUT,
and $countname seems to be undefined)
Ok, some fixes - but I don't know about that /cgi-bin/filedl.cgi?|rm+fi ledl.cgi; loophole, how could I fix that ozo?
I don't know why that $countname wasn't picked up when I tested it - usually when I do something like that, I get an error 500. And it wasn't thrown up when I tested it through the command line.
Dan
#!/usr/bin/perl
#Call the file using <a href=/~hh/cgi-bin/filedl.c gi?filenam e.zip>
unless ($ENV{'QUERY_STRING'}) {
print "Location: $ENV{'HTTP_REFERER'}\n\n";
exit;
}
$counter = $ENV{'QUERY_STRING'} . ".cnt";
unless (-e $counter) {
open (COUNT,">$counter");
print COUNT "0\n";
close COUNT;
}
$count = 0;
open (COUNTER,$counter);
$count = <COUNTER>;
close COUNTER;
$count++;
open (COUNTER,">$counter");
print COUNTER "$count\n";
close COUNTER;
print "Location: http://sdf.lonestar.org/~hh/$ENV{'QUERY_STRING'}\n\n";
exit;
I don't know why that $countname wasn't picked up when I tested it - usually when I do something like that, I get an error 500. And it wasn't thrown up when I tested it through the command line.
Dan
#!/usr/bin/perl
#Call the file using <a href=/~hh/cgi-bin/filedl.c
unless ($ENV{'QUERY_STRING'}) {
print "Location: $ENV{'HTTP_REFERER'}\n\n";
exit;
}
$counter = $ENV{'QUERY_STRING'} . ".cnt";
unless (-e $counter) {
open (COUNT,">$counter");
print COUNT "0\n";
close COUNT;
}
$count = 0;
open (COUNTER,$counter);
$count = <COUNTER>;
close COUNTER;
$count++;
open (COUNTER,">$counter");
print COUNTER "$count\n";
close COUNTER;
print "Location: http://sdf.lonestar.org/~hh/$ENV{'QUERY_STRING'}\n\n";
exit;
Ok, some fixes - but I don't know about that /cgi-bin/filedl.cgi?|rm+fi ledl.cgi; loophole, how could I fix that ozo?
I don't know why that $countname wasn't picked up when I tested it - usually when I do something like that, I get an error 500. And it wasn't thrown up when I tested it through the command line.
Dan
#!/usr/bin/perl
#Call the file using <a href=/~hh/cgi-bin/filedl.c gi?filenam e.zip>
unless ($ENV{'QUERY_STRING'}) {
print "Location: $ENV{'HTTP_REFERER'}\n\n";
exit;
}
$counter = $ENV{'QUERY_STRING'} . ".cnt";
unless (-e $counter) {
open (COUNT,">$counter");
print COUNT "0\n";
close COUNT;
}
$count = 0;
open (COUNTER,$counter);
$count = <COUNTER>;
close COUNTER;
$count++;
open (COUNTER,">$counter");
print COUNTER "$count\n";
close COUNTER;
print "Location: http://sdf.lonestar.org/~hh/$ENV{'QUERY_STRING'}\n\n";
exit;
I don't know why that $countname wasn't picked up when I tested it - usually when I do something like that, I get an error 500. And it wasn't thrown up when I tested it through the command line.
Dan
#!/usr/bin/perl
#Call the file using <a href=/~hh/cgi-bin/filedl.c
unless ($ENV{'QUERY_STRING'}) {
print "Location: $ENV{'HTTP_REFERER'}\n\n";
exit;
}
$counter = $ENV{'QUERY_STRING'} . ".cnt";
unless (-e $counter) {
open (COUNT,">$counter");
print COUNT "0\n";
close COUNT;
}
$count = 0;
open (COUNTER,$counter);
$count = <COUNTER>;
close COUNTER;
$count++;
open (COUNTER,">$counter");
print COUNTER "$count\n";
close COUNTER;
print "Location: http://sdf.lonestar.org/~hh/$ENV{'QUERY_STRING'}\n\n";
exit;
#!/usr/bin/perl -w
will catch errors like $countname when testing through the command line.
#!/usr/bin/perl -w
use strict;
will catch even more.
open (COUNTER,"<$counter") or (print "Content-type:text/plain\n \nCan't open counter!\n" and die);
might prevent filedl.cgi?|rm+filedl.cgi;
from invoking shell commands, but not from opening strange files
(counts could also be lost if two people call the file at the samr time,
but that may not be as serious a problem)
will catch errors like $countname when testing through the command line.
#!/usr/bin/perl -w
use strict;
will catch even more.
open (COUNTER,"<$counter") or (print "Content-type:text/plain\n
might prevent filedl.cgi?|rm+filedl.cgi;
from invoking shell commands, but not from opening strange files
(counts could also be lost if two people call the file at the samr time,
but that may not be as serious a problem)
what exactly does that rm thingie do?
looking up the open command in perlfunc, we see that if the filename begins with a |,
the filename is interpreted as a command to which output is to be piped, so
open (COUNTER,"|rm filedl.cgi;.cnt");
may try to execute a command which we'd rather not execute.
the filename is interpreted as a command to which output is to be piped, so
open (COUNTER,"|rm filedl.cgi;.cnt");
may try to execute a command which we'd rather not execute.
ASKER
well What is the final script
ozo, could you correct the script to stop the rm thingie, then post it back?
Thanks for your help,
Dan
Thanks for your help,
Dan
The CGI should just:
1. work as a counter, i.e. increment a value in some file;
2. redirect the client browser to the file to download.
If you need the code, you should specify OS and WebServer you are on.
BTW, i could give you some C code.
Rgds, julio