I have a website that plays mp3s in a flash player. If a user clicks 'play' the flash player automatically downloads an mp3 and starts playing it.
Is there an easy way to track how many times a particular song clip (or any binary file) has been downloaded?
If the latter, you can easily add your own logging code in there to track the number of hits to it.
If the former, you'll need something that can track the web server log itself and make that distinction. My hosting plan comes with webalizer, which does this nicely.
However, it would be nice to know how to track downloads using the other method (without switching hosts).
there is a directory traversal vulnerability in this script! An attacker can pass in xfer.php?file=../../../passwd or whatever else they want! Be careful!!!
this will blow up the server's memory limits if the files are too big and your traffic is high.. something i've experienced myself.
how to fix the "directory traversal vulnerability" ?
anarchOi: The easiest way would be to compare the GET parameter ($_REQUEST['file']) against a whitelist of known-good file names. For instance, a listing of all files in the directory you store your files. Make sure you only use that directory for storing files you want to be downloadable...
tmsimont, Have you found out any ways of lowering memory consumption?