download counter

Take the link that points to the file to download, and make that link point to a CGI instead.

The CGI should just:

1. work as a counter, i.e. increment a value in some file;
2. redirect the client browser to the file to download.

If you need the code, you should specify OS and WebServer you are on.
BTW, i could give you some C code.

Rgds, julio

to julio

the OS is UNIX and the adress is http://sdf.lonestar.org/~hh

Ok, I spooted a fault in the previous script, so use this instead....


#!/usr/bin/perl

#Call the file using <a href=/~hh/cgi-bin/filedl.cgi?filename.zip>
unless ($ENV{'QUERY_STRING'}) {
print "Location: $ENV{'HTTP_REFERER'}\n\n";
exit;
}
$counter = $ENV{'QUERY_STRING'} . ".cnt";
unless (-e $counter) {
open (COUNT,">$counter");
print COUNT "0\n";
close COUNT;
}
$count = 0;
open (COUNTER,$counter) || die "Content-type:text/plain\n\nCan't open
$counter!\n";
$count = <COUNTER>;
close COUNTER;
$count++;
open (COUNTER,">$countname");
print COUNTER "$count\n";
close COUNTER;
print "Location: http://sdf.lonestar.org/~hh/$ENV{'QUERY_STRING'}\n\n";
exit;

That looks like it could be dangerous to call that with something like
/cgi-bin/filedl.cgi?|rm+filedl.cgi;
(and the die will print to STDERR, not STDOUT,
and $countname seems to be undefined)

Ok, some fixes - but I don't know about that /cgi-bin/filedl.cgi?|rm+filedl.cgi; loophole, how could I fix that ozo?
I don't know why that $countname wasn't picked up when I tested it - usually when I do something like that, I get an error 500. And it wasn't thrown up when I tested it through the command line.


Dan


#!/usr/bin/perl
#Call the file using <a href=/~hh/cgi-bin/filedl.cgi?filename.zip>
unless ($ENV{'QUERY_STRING'}) {
print "Location: $ENV{'HTTP_REFERER'}\n\n";
exit;
}
$counter = $ENV{'QUERY_STRING'} . ".cnt";
unless (-e $counter) {
open (COUNT,">$counter");
print COUNT "0\n";
close COUNT;
}
$count = 0;
open (COUNTER,$counter);
$count = <COUNTER>;
close COUNTER;
$count++;
open (COUNTER,">$counter");
print COUNTER "$count\n";
close COUNTER;
print "Location: http://sdf.lonestar.org/~hh/$ENV{'QUERY_STRING'}\n\n";
exit;

Ok, some fixes - but I don't know about that /cgi-bin/filedl.cgi?|rm+filedl.cgi; loophole, how could I fix that ozo?
I don't know why that $countname wasn't picked up when I tested it - usually when I do something like that, I get an error 500. And it wasn't thrown up when I tested it through the command line.


Dan


#!/usr/bin/perl
#Call the file using <a href=/~hh/cgi-bin/filedl.cgi?filename.zip>
unless ($ENV{'QUERY_STRING'}) {
print "Location: $ENV{'HTTP_REFERER'}\n\n";
exit;
}
$counter = $ENV{'QUERY_STRING'} . ".cnt";
unless (-e $counter) {
open (COUNT,">$counter");
print COUNT "0\n";
close COUNT;
}
$count = 0;
open (COUNTER,$counter);
$count = <COUNTER>;
close COUNTER;
$count++;
open (COUNTER,">$counter");
print COUNTER "$count\n";
close COUNTER;
print "Location: http://sdf.lonestar.org/~hh/$ENV{'QUERY_STRING'}\n\n";
exit;

#!/usr/bin/perl -w
will catch errors like $countname when testing through the command line.
#!/usr/bin/perl -w
use strict;
will catch even more.

open (COUNTER,"<$counter") or (print "Content-type:text/plain\n\nCan't open counter!\n" and die);
might prevent filedl.cgi?|rm+filedl.cgi;
from invoking shell commands, but not from opening strange files
(counts could also be lost if two people call the file at the samr time,
but that may not be as serious a problem)

what exactly does that rm thingie do?

looking up the open command in perlfunc, we see that if the filename begins with a |,
the filename is interpreted as a command to which output is to be piped, so
open (COUNTER,"|rm filedl.cgi;.cnt");
may try to execute a command which we'd rather not execute.

well What is the final script

ozo, could you correct the script to stop the rm thingie, then post it back?

Thanks for your help,
Dan