| 标题 | asp多文件上传类 |
| 范文 | asp多文件上传类, 是从我们服务器上搞来的是病毒 <%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%> <% function GetFilePath(FullPath,str) If FullPath <> "" Then GetFilePath = left(FullPath,InStrRev(FullPath, str)) Else GetFilePath = "" End If End function %> <% class clsUp '文件上传类 '------------------------ Dim Form,File Dim AllowExt_ '答应上传类型(白名单) Dim NoAllowExt_ '不答应上传类型(黑名单) Private oUpFileStream '上传的数据流 Private isErr_ '错误的代码,0或true表示无错 Private ErrMessage_ '错误的字符串消息 Private isGetData_ '指示能否已施行过GETDATA进程 '------------------------------------------------------------------ '类的属性 Public Property Get Version Version="上传类声明" End Property Public Property Get isErr '错误的代码,0或true表示无错 isErr=isErr_ End Property Public Property Get ErrMessage '错误的字符串消息 ErrMessage=ErrMessage_ End Property Public Property Get AllowExt '答应上传类型(白名单) AllowExt=AllowExt_ End Property Public Property Let AllowExt(Value) '答应上传类型(白名单) AllowExt_=LCase(Value) End Property Public Property Get NoAllowExt '不答应上传类型(黑名单) NoAllowExt=NoAllowExt_ End Property Public Property Let NoAllowExt(Value) '不答应上传类型(黑名单) NoAllowExt_=LCase(Value) End Property '---------------------------------------------------------------- '类实古代码 '初始化类 Private Sub Class_Initialize isErr_ = 0 NoAllowExt="" '黑名单,能够在这里预设不可上传的文件类型,以文件的后缀名来判别,不分大大写,每个每缀名用;号分开,假如黑名单为空,则判别白名单 NoAllowExt=LCase(NoAllowExt) AllowExt="" '白名单,能够在这里预设可上传的文件类型,以文件的后缀名来判别,不分大大写,每个后缀名用;号分开 AllowExt=LCase(AllowExt) isGetData_=false End Sub '类结束 Private Sub Class_Terminate on error Resume Next '肃清变量及对像 Form.RemoveAll Set Form = Nothing File.RemoveAll Set File = Nothing oUpFileStream.Close Set oUpFileStream = Nothing End Sub '分析上传的数据网站制作 Public Sub GetData (MaxSize) '定义变量 on error Resume Next if isGetData_=false then Dim RequestBinDate,sSpace,bCrLf,sInfo,iInfoStart,iInfoEnd,tStream,iStart,oFileInfo Dim sFormValue,sFileName Dim iFindStart,iFindEnd Dim iFormStart,iFormEnd,sFormName '代码开端 If Request.TotalBytes < 1 Then '假如没有数据上传 isErr_ = 1 ErrMessage_="没有数据上传" Exit Sub End If If MaxSize > 0 Then '假如限制大小 If Request.TotalBytes > MaxSize Then isErr_ = 2 '假如上传的数据超出限制大小 ErrMessage_="上传的数据超出限制大小" Exit Sub End If End If Set Form = Server.CreateObject ("Scripting.Dictionary") Form.CompareMode = 1 Set File = Server.CreateObject ("Scripting.Dictionary") File.CompareMode = 1 Set tStream = Server.CreateObject ("ADODB.Stream") Set oUpFileStream = Server.CreateObject ("ADODB.Stream") oUpFileStream.Type = 1 oUpFileStream.Mode = 3 oUpFileStream.Open oUpFileStream.Write Request.BinaryRead (Request.TotalBytes) oUpFileStream.Position = 0 RequestBinDate = oUpFileStream.Read iFormEnd = oUpFileStream.Size bCrLf = ChrB (13) & ChrB (10) '获得每个项目之间的分隔符 sSpace = MidB (RequestBinDate,1, InStrB (1,RequestBinDate,bCrLf)-1) iStart = LenB(sSpace) iFormStart = iStart+2 '分解项目 Do iInfoEnd = InStrB (iFormStart,RequestBinDate,bCrLf & bCrLf)+3 tStream.Type = 1 tStream.Mode = 3 tStream.Open oUpFileStream.Position = iFormStart oUpFileStream.CopyTo tStream,iInfoEnd-iFormStart tStream.Position = 0 tStream.Type = 2 tStream.CharSet = "gb2312" sInfo = tStream.ReadText '获得表单项目称号 iFormStart = InStrB (iInfoEnd,RequestBinDate,sSpace)-1 iFindStart = InStr (22,sInfo,"name=""",1)+6 iFindEnd = InStr (iFindStart,sInfo,"""",1) sFormName = Mid (sinfo,iFindStart,iFindEnd-iFindStart) '假如是文件 If InStr (45,sInfo,"filename=""",1) > 0 Then Set oFileInfo = new clsFileInfo '获得文件属性 iFindStart = InStr (iFindEnd,sInfo,"filename=""",1)+10 iFindEnd = InStr (iFindStart,sInfo,""""&vbCrLf,1) sFileName = Mid (sinfo,iFindStart,iFindEnd-iFindStart) oFileInfo.FileName = GetFileName(sFileName) oFileInfo.FilePath = GetFilePath(sFileName) oFileInfo.FileExt = GetFileExt(sFileName) iFindStart = InStr (iFindEnd,sInfo,"Content-Type: ",1)+14 iFindEnd = InStr (iFindStart,sInfo,vbCr) oFileInfo.FileMIME = Mid(sinfo,iFindStart,iFindEnd-iFindStart) oFileInfo.FileStart = iInfoEnd oFileInfo.FileSize = iFormStart -iInfoEnd -2 oFileInfo.FormName = sFormName file.add sFormName,oFileInfo else '假如是表单项目 tStream.Close tStream.Type = 1 tStream.Mode = 3 tStream.Open oUpFileStream.Position = iInfoEnd oUpFileStream.CopyTo tStream,iFormStart-iInfoEnd-2 tStream.Position = 0 tStream.Type = 2 tStream.CharSet = "gb2312" sFormValue = tStream.ReadText If Form.Exists (sFormName) Then Form (sFormName) = Form (sFormName) & ", " & sFormValue else Form.Add sFormName,sFormValue End If End If tStream.Close iFormStart = iFormStart+iStart+2 '假如到文件尾了就加入 Loop Until (iFormStart+2) >= iFormEnd RequestBinDate = "" Set tStream = Nothing isGetData_=true end if End Sub '保存到文件,主动覆盖已具有的同名文件 Public Function SaveToFile(Item,Path) SaveToFile=SaveToFileEx(Item,Path,True) End Function '保存到文件,主动设置文件名 Public Function AutoSave(Item,Path) AutoSave=SaveToFileEx(Item,Path,false) End Function '保存到文件,OVER为真时,主动覆盖已具有的同名文件,否则主动把文件改名保存 Private Function SaveToFileEx(Item,Path,Over) On Error Resume Next Dim oFileStream Dim tmpPath Dim nohack '防黑缓冲 isErr=0 Set oFileStream = CreateObject ("ADODB.Stream") oFileStream.Type = 1 oFileStream.Mode = 3 oFileStream.Open oUpFileStream.Position = File(Item).FileStart oUpFileStream.CopyTo oFileStream,File(Item).FileSize nohack=split(path,".") '重要修改,防止黑客二进制"01"断名!!! tmpPath=nohack(0)&"."&nohack(ubound(nohack)) '重要修改,防止黑客二进制"01"断名!!! if Over then if isAllowExt(GetFileExt(tmpPath)) then oFileStream.SaveToFile tmpPath,2 Else isErr_=3 ErrMessage_="该后缀名的文件不答应上传!" End if Else Path=GetFilePath(Path) if isAllowExt(File(Item).FileExt) then do Err.Clear() nohack=split(Path&GetNewFileName()&"."&File(Item).FileExt,".") '重要修改,防止黑客二进制"01"断名!!! tmpPath=nohack(0)&"."&nohack(ubound(nohack)) '重要修改,防止黑客二进制"01"断名!!! oFileStream.SaveToFile tmpPath loop Until Err.number<1 oFileStream.SaveToFile Path Else isErr_=3 ErrMessage_="该后缀名的文件不答应上传!" End if End if oFileStream.Close Set oFileStream = Nothing if isErr_=3 then SaveToFileEx="" else SaveToFileEx=GetFileName(tmpPath) End Function '获得文件数据 Public Function FileData(Item) isErr_=0 if isAllowExt(File(Item).FileExt) then oUpFileStream.Position = File(Item).FileStart FileData = oUpFileStream.Read (File(Item).FileSize) Else isErr_=3 ErrMessage_="该后缀名的文件不答应上传!" FileData="" End if End Function '获得文件路径 Public function GetFilePath(FullPath) If FullPath <> "" Then GetFilePath = Left(FullPath,InStrRev(FullPath, "\")) Else GetFilePath = "" End If End function '获得文件名 Public Function GetFileName(FullPath) If FullPath <> "" Then GetFileName = mid(FullPath,InStrRev(FullPath, "\")+1) Else GetFileName = "" End If End function '获得文件的后缀名 Public Function GetFileExt(FullPath) If FullPath <> "" Then GetFileExt = LCase(Mid(FullPath,InStrRev(FullPath, ".")+1)) Else GetFileExt = "" End If End function '获得一个不反复的序号 Public Function GetNewFileName() dim ranNum dim dtNow dtNow=Now() ranNum=int(90000*rnd)+10000 GetNewFileName=year(dtNow) & right("0" & month(dtNow),2) & right("0" & day(dtNow),2) & right("0" & hour(dtNow),2) & right("0" & minute(dtNow),2) & right("0" & second(dtNow),2) & ranNum End Function Public Function isAllowExt(Ext) if NoAllowExt="" then isAllowExt=cbool(InStr(1,";"&AllowExt&";",LCase(";"&Ext&";"))) else isAllowExt=not CBool(InStr(1,";"&NoAllowExt&";",LCase(";"&Ext&";"))) end if End Function End Class '---------------------------------------------------------------------------------------------------- '文件属性类 Class clsFileInfo Dim FormName,FileName,FilePath,FileSize,FileMIME,FileStart,FileExt End Class %> <HTML> <HEAD> <STYLE TYPE="text/css"> <!-- .p9{ font-size: 9pt; font-family: 宋体 } td {font-size: 9pt} .tx {height: 16px; width: 30px; border-color: black black #000000; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px; font-size: 9pt; background-color: #eeeeee; color: #0000FF} .tx2 {height: 16px;border-top-width: 0px; border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px; font-size: 9pt; color: #0000FF; border-left-color:#000000; border-right-color:#000000; border-top-color:#000000; border-bottom-color:#000000} .bt {border-left:1px solid #C0C0C0; border-top:1px solid #C0C0C0; font-size: 9pt; border-right-width: 1; border-bottom-width: 1; height: 16px; width: 80px; background-color: #EEEEEE; cursor: hand; border-right-style:solid; border-bottom-style:solid} .tx1 { width: 400 ;height: 20px; font-size: 9pt; border: 1px solid; border-color: black black #000000; color: #0000FF} --> </STYLE> <TITLE>上传文件</TITLE> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312"> <SCRIPT LANGUAGE="vbscript"> function addfile() dim str str="<table>" if not IsNumeric (window.form1.filenum.value) then window.form1.filenum.value =1 for i=1 to window.form1.filenum.value str=str&"<tr><td valign='middle'>文件"&i&":</td><td><input type='file' name='file"&i&"' class='tx1' value size='20'> 保存为<input type='text' name='file"&i&"' size='20' class='tx2'></td></tr>" next window.uptd.innerHTML =str&"</table>" end function </SCRIPT> </HEAD> <BODY BGCOLOR="#ffffff" CLASS="p9" > <% dim upfile,formPath,ServerPath,FSPath,formName,FileName,oFile,upfilecount upfilecount=0 set upfile=new clsUp ''建立上传对象 upfile.NoAllowExt="code;" '设置上传类型的黑名单 upfile.GetData (10240000) '获得上传数据,限制最大上传10M if upfile.isErr then '假如出错 select case upfile.isErr case 1 case 2 Response.Write "你上传的文件超出我们的限制,最大10M" end select else %> <table width="750" cellpadding="0" cellspacing="0" bordercolor="#000000"> <tr bgcolor="#CCCCCC"> <td height="25" valign='middle'> 外地文件 </td> <td valign='middle'> 大小(字节) </td> <td valign='middle'> 上传到 </td> <td valign='middle'> 形态 </td> </tr> <% FSPath=GetFilePath(Server.mappath("uptofile.asp"),"\")'获得当前文件在效劳器路径 ServerPath=GetFilePath(Request.ServerVariables("HTTP_REFERER"),"/")'获得在网站上的地位 for each formName in upfile.file '列出一切上传了的文件 set oFile=upfile.file(formname) FileName=upfile.form(formName)'获得文本域的值 if not FileName>"" then FileName=oFile.filename'假如没有输出新的文件名,就用本来的文件名 upfile.SaveToFile formname,FSPath&FileName ''保存文件 也能够使用AutoSave来保存,参数一样,但是会主动建立新的文件名 %> <tr> <td height="20" valign='middle'> <%=oFile.FilePath&oFile.FileName%> </td> <td valign='middle'> <%=oFile.filesize%> </td> <td valign='middle'> <A HREF="<%=serverpath&FileName%>"><%=FileName%></A> </td> <td valign='middle'> <% if upfile.iserr then Response.Write upfile.errmessage else upfilecount=upfilecount+1 Response.Write "上传成功" end if %> </td> </tr><% set oFile=nothing next %> <tr> <td colspan="3" height="25" valign='middle'> 一共上传了<%=upfileCount%>个文件</td> </tr> <% end if set upfile=nothing '删除此对象 %> </p> </table> <FORM METHOD="post" NAME="form1" ENCTYPE="multipart/form-data"> <TABLE BORDER="0" ALIGN="center" CELLPADDING="0" CELLSPACING="0"> <TR> <TD><TABLE WIDTH="750" BORDER="1" ALIGN="center" CELLPADDING="0" CELLSPACING="0" BORDERCOLOR="#111111" STYLE="BORDER-COLLAPSE: collapse"> <TR> <TD HEIGHT="27" COLSPAN="2">上传<INPUT NAME="filenum" CLASS="tx2" VALUE="1" SIZE="4">个文件 <INPUT TYPE="button" NAME="Button" CLASS="bt" onClick="addfile" VALUE="设 定"> </TD> </TR> <TR> <TD> <DIV ID="uptd"> </DIV></TD> </TR> <TR> <TD HEIGHT="30" COLSPAN="2" ALIGN="middle"> <INPUT TYPE="submit" NAME="Button" CLASS="bt" VALUE="上 传"> <INPUT TYPE="reset" NAME="Button" CLASS="bt" VALUE="重 置"> </TD> </TR> </TABLE></TD> </TR> </TABLE> </FORM> </BODY> </HTML> |
| 随便看 |
|
在线学习网范文大全提供好词好句、学习总结、工作总结、演讲稿等写作素材及范文模板,是学习及工作的有利工具。