How can I display a counter that counts the number of times a file is downloaded? I've seen it before. "Downloaded 450 times". Thanks.
+2
A:
If you want to do it with PHP, you need to control the download in a PHP script. Basically it comes down to the following two lines of pseudo-code:
set_number_of_downloads(get_number_of_downloads() + 1);
readfile($file_being_downloaded);
soulmerge
2009-10-27 11:08:30
+5
A:
Don't let the user download a file directly, but trough a script like the following ...
<?php
$file = $_REQUEST['file'];
$dldir = "downloads/";
if (
(file_exists($dldir.$file) && // file exists
(strpos($file, "../") === false) && // prevent an attacker from switching to a parent directory
) {
header('Content-type: '.mime_content_type($dldir.file));
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . filesize($dldir.$file) ."; ");
header('Content-Disposition: attachment; filename="'.$file.'"');
echo file_get_contents($dldir.$file);
/** Update the counter here, e.g. by using mysql **/
} else {
die("File not found");
}
?>
Martin Hohenberg
2009-10-27 11:11:07
Also be careful not to allow downloading files like /etc/passwd when creating custom download scripts.
Kaivosukeltaja
2009-10-27 11:19:57
I would SPECIFY which folder to get a file from, do not let (like Kaivos.. said) users hijack a file from you like /etc/passwd
Jakub
2009-10-27 13:04:11
Right ... I added some code to prevent this from happening.
Martin Hohenberg
2009-10-27 14:56:58
A:
On Apache you could have mod_rewrite update a database when the file is requested. This has the advantage of speed in sending (sendfile can be used), and you don't have to change your URLs or directory structure.
#!/usr/bin/perl
$| = 1;
$dbh = DBI->connect("dbi:mysql:database=; host=localhost; user=; password=")
or die "Connecting from PHP to MySQL database failed: $DBI::errstr";
while (<STDIN>) {
$dbh->query(... update database ...);
print $_;
}
http://httpd.apache.org/docs/2.2/mod/mod%5Frewrite.html#rewriteengine
brianegge
2009-10-27 12:15:35