asp多文件上传类, 是从我们服务器上搞来的是病毒
<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<%
function GetFilePath(FullPath,str)
If FullPath <> "" Then
GetFilePath = left(FullPath,InStrRev(FullPath, str))
Else
GetFilePath = ""
End If
End function
%>
<%
class clsUp '文件上传类
'------------------------
Dim Form,File
Dim AllowExt_ '答应上传类型(白名单)
Dim NoAllowExt_ '不答应上传类型(黑名单)
Private oUpFileStream '上传的数据流
Private isErr_ '错误的代码,0或true表示无错
Private ErrMessage_ '错误的字符串消息
Private isGetData_ '指示能否已施行过GETDATA进程
'------------------------------------------------------------------
'类的属性
Public Property Get Version
Version="上传类声明"
End Property
Public Property Get isErr '错误的代码,0或true表示无错
isErr=isErr_
End Property
Public Property Get ErrMessage '错误的字符串消息
ErrMessage=ErrMessage_
End Property
Public Property Get AllowExt '答应上传类型(白名单)
AllowExt=AllowExt_
End Property
Public Property Let AllowExt(Value) '答应上传类型(白名单)
AllowExt_=LCase(Value)
End Property
Public Property Get NoAllowExt '不答应上传类型(黑名单)
NoAllowExt=NoAllowExt_
End Property
Public Property Let NoAllowExt(Value) '不答应上传类型(黑名单)
NoAllowExt_=LCase(Value)
End Property
'----------------------------------------------------------------
'类实古代码
'初始化类
Private Sub Class_Initialize
isErr_ = 0
NoAllowExt="" '黑名单,能够在这里预设不可上传的文件类型,以文件的后缀名来判别,不分大大写,每个每缀名用;号分开,假如黑名单为空,则判别白名单
NoAllowExt=LCase(NoAllowExt)
AllowExt="" '白名单,能够在这里预设可上传的文件类型,以文件的后缀名来判别,不分大大写,每个后缀名用;号分开
AllowExt=LCase(AllowExt)
isGetData_=false
End Sub
'类结束
Private Sub Class_Terminate
on error Resume Next
'肃清变量及对像
Form.RemoveAll
Set Form = Nothing
File.RemoveAll
Set File = Nothing
oUpFileStream.Close
Set oUpFileStream = Nothing
End Sub
'分析上传的数据网站制作
Public Sub GetData (MaxSize)
'定义变量
on error Resume Next
if isGetData_=false then
Dim RequestBinDate,sSpace,bCrLf,sInfo,iInfoStart,iInfoEnd,tStream,iStart,oFileInfo
Dim sFormValue,sFileName
Dim iFindStart,iFindEnd
Dim iFormStart,iFormEnd,sFormName
'代码开端
If Request.TotalBytes < 1 Then '假如没有数据上传
isErr_ = 1
ErrMessage_="没有数据上传"
Exit Sub
End If
If MaxSize > 0 Then '假如限制大小
If Request.TotalBytes > MaxSize Then
isErr_ = 2 '假如上传的数据超出限制大小
ErrMessage_="上传的数据超出限制大小"
Exit Sub
End If
End If
Set Form = Server.CreateObject ("Scripting.Dictionary")
Form.CompareMode = 1
Set File = Server.CreateObject ("Scripting.Dictionary")
File.CompareMode = 1
Set tStream = Server.CreateObject ("ADODB.Stream")
Set oUpFileStream = Server.CreateObject ("ADODB.Stream")
oUpFileStream.Type = 1
oUpFileStream.Mode = 3
oUpFileStream.Open
oUpFileStream.Write Request.BinaryRead (Request.TotalBytes)
oUpFileStream.Position = 0
RequestBinDate = oUpFileStream.Read
iFormEnd = oUpFileStream.Size
bCrLf = ChrB (13) & ChrB (10)
'获得每个项目之间的分隔符
sSpace = MidB (RequestBinDate,1, InStrB (1,RequestBinDate,bCrLf)-1)
iStart = LenB(sSpace)
iFormStart = iStart+2
'分解项目
Do
iInfoEnd = InStrB (iFormStart,RequestBinDate,bCrLf & bCrLf)+3
tStream.Type = 1
tStream.Mode = 3
tStream.Open
oUpFileStream.Position = iFormStart
oUpFileStream.CopyTo tStream,iInfoEnd-iFormStart
tStream.Position = 0
tStream.Type = 2
tStream.CharSet = "gb2312"
sInfo = tStream.ReadText
'获得表单项目称号
iFormStart = InStrB (iInfoEnd,RequestBinDate,sSpace)-1
iFindStart = InStr (22,sInfo,"name=""",1)+6
iFindEnd = InStr (iFindStart,sInfo,"""",1)
sFormName = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
'假如是文件
If InStr (45,sInfo,"filename=""",1) > 0 Then
Set oFileInfo = new clsFileInfo
'获得文件属性
iFindStart = InStr (iFindEnd,sInfo,"filename=""",1)+10
iFindEnd = InStr (iFindStart,sInfo,""""&vbCrLf,1)
sFileName = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
oFileInfo.FileName = GetFileName(sFileName)
oFileInfo.FilePath = GetFilePath(sFileName)
oFileInfo.FileExt = GetFileExt(sFileName)
iFindStart = InStr (iFindEnd,sInfo,"Content-Type: ",1)+14
iFindEnd = InStr (iFindStart,sInfo,vbCr)
oFileInfo.FileMIME = Mid(sinfo,iFindStart,iFindEnd-iFindStart)
oFileInfo.FileStart = iInfoEnd
oFileInfo.FileSize = iFormStart -iInfoEnd -2
oFileInfo.FormName = sFormName
file.add sFormName,oFileInfo
else
'假如是表单项目
tStream.Close
tStream.Type = 1
tStream.Mode = 3
tStream.Open
oUpFileStream.Position = iInfoEnd
oUpFileStream.CopyTo tStream,iFormStart-iInfoEnd-2
tStream.Position = 0
tStream.Type = 2
tStream.CharSet = "gb2312"
sFormValue = tStream.ReadText
If Form.Exists (sFormName) Then
Form (sFormName) = Form (sFormName) & ", " & sFormValue
else
Form.Add sFormName,sFormValue
End If
End If
tStream.Close
iFormStart = iFormStart+iStart+2
'假如到文件尾了就加入
Loop Until (iFormStart+2) >= iFormEnd
RequestBinDate = ""
Set tStream = Nothing
isGetData_=true
end if
End Sub
'保存到文件,主动覆盖已具有的同名文件
Public Function SaveToFile(Item,Path)
SaveToFile=SaveToFileEx(Item,Path,True)
End Function
'保存到文件,主动设置文件名
Public Function AutoSave(Item,Path)
AutoSave=SaveToFileEx(Item,Path,false)
End Function
'保存到文件,OVER为真时,主动覆盖已具有的同名文件,否则主动把文件改名保存
Private Function SaveToFileEx(Item,Path,Over)
On Error Resume Next
Dim oFileStream
Dim tmpPath
Dim nohack '防黑缓冲
isErr=0
Set oFileStream = CreateObject ("ADODB.Stream")
oFileStream.Type = 1
oFileStream.Mode = 3
oFileStream.Open
oUpFileStream.Position = File(Item).FileStart
oUpFileStream.CopyTo oFileStream,File(Item).FileSize
nohack=split(path,".") '重要修改,防止黑客二进制"01"断名!!!
tmpPath=nohack(0)&"."&nohack(ubound(nohack)) '重要修改,防止黑客二进制"01"断名!!!
if Over then
if isAllowExt(GetFileExt(tmpPath)) then
oFileStream.SaveToFile tmpPath,2
Else
isErr_=3
ErrMessage_="该后缀名的文件不答应上传!"
End if
Else
Path=GetFilePath(Path)
if isAllowExt(File(Item).FileExt) then
do
Err.Clear()
nohack=split(Path&GetNewFileName()&"."&File(Item).FileExt,".") '重要修改,防止黑客二进制"01"断名!!!
tmpPath=nohack(0)&"."&nohack(ubound(nohack)) '重要修改,防止黑客二进制"01"断名!!!
oFileStream.SaveToFile tmpPath
loop Until Err.number<1
oFileStream.SaveToFile Path
Else
isErr_=3
ErrMessage_="该后缀名的文件不答应上传!"
End if
End if
oFileStream.Close
Set oFileStream = Nothing
if isErr_=3 then SaveToFileEx="" else SaveToFileEx=GetFileName(tmpPath)
End Function
'获得文件数据
Public Function FileData(Item)
isErr_=0
if isAllowExt(File(Item).FileExt) then
oUpFileStream.Position = File(Item).FileStart
FileData = oUpFileStream.Read (File(Item).FileSize)
Else
isErr_=3
ErrMessage_="该后缀名的文件不答应上传!"
FileData=""
End if
End Function
'获得文件路径
Public function GetFilePath(FullPath)
If FullPath <> "" Then
GetFilePath = Left(FullPath,InStrRev(FullPath, "\"))
Else
GetFilePath = ""
End If
End function
'获得文件名
Public Function GetFileName(FullPath)
If FullPath <> "" Then
GetFileName = mid(FullPath,InStrRev(FullPath, "\")+1)
Else
GetFileName = ""
End If
End function
'获得文件的后缀名
Public Function GetFileExt(FullPath)
If FullPath <> "" Then
GetFileExt = LCase(Mid(FullPath,InStrRev(FullPath, ".")+1))
Else
GetFileExt = ""
End If
End function
'获得一个不反复的序号
Public Function GetNewFileName()
dim ranNum
dim dtNow
dtNow=Now()
ranNum=int(90000*rnd)+10000
GetNewFileName=year(dtNow) & right("0" & month(dtNow),2) & right("0" & day(dtNow),2) & right("0" & hour(dtNow),2) & right("0" & minute(dtNow),2) & right("0" & second(dtNow),2) & ranNum
End Function
Public Function isAllowExt(Ext)
if NoAllowExt="" then
isAllowExt=cbool(InStr(1,";"&AllowExt&";",LCase(";"&Ext&";")))
else
isAllowExt=not CBool(InStr(1,";"&NoAllowExt&";",LCase(";"&Ext&";")))
end if
End Function
End Class
'----------------------------------------------------------------------------------------------------
'文件属性类
Class clsFileInfo
Dim FormName,FileName,FilePath,FileSize,FileMIME,FileStart,FileExt
End Class
%>
<HTML>
<HEAD>
<STYLE TYPE="text/css">
<!--
.p9{ font-size: 9pt; font-family: 宋体 }
td {font-size: 9pt}
.tx {height: 16px; width: 30px; border-color: black black #000000; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px; font-size: 9pt; background-color: #eeeeee; color: #0000FF}
.tx2 {height: 16px;border-top-width: 0px; border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px; font-size: 9pt; color: #0000FF; border-left-color:#000000; border-right-color:#000000; border-top-color:#000000; border-bottom-color:#000000}
.bt {border-left:1px solid #C0C0C0; border-top:1px solid #C0C0C0; font-size: 9pt; border-right-width: 1; border-bottom-width: 1; height: 16px; width: 80px; background-color: #EEEEEE; cursor: hand; border-right-style:solid; border-bottom-style:solid}
.tx1 { width: 400 ;height: 20px; font-size: 9pt; border: 1px solid; border-color: black black #000000; color: #0000FF}
-->
</STYLE>
<TITLE>上传文件</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312">
<SCRIPT LANGUAGE="vbscript">
function addfile()
dim str
str="<table>"
if not IsNumeric (window.form1.filenum.value) then window.form1.filenum.value =1
for i=1 to window.form1.filenum.value
str=str&"<tr><td valign='middle'>文件"&i&":</td><td><input type='file' name='file"&i&"' class='tx1' value size='20'> 保存为<input type='text' name='file"&i&"' size='20' class='tx2'></td></tr>"
next
window.uptd.innerHTML =str&"</table>"
end function
</SCRIPT>
</HEAD>
<BODY BGCOLOR="#ffffff" CLASS="p9" >
<%
dim upfile,formPath,ServerPath,FSPath,formName,FileName,oFile,upfilecount
upfilecount=0
set upfile=new clsUp ''建立上传对象
upfile.NoAllowExt="code;" '设置上传类型的黑名单
upfile.GetData (10240000) '获得上传数据,限制最大上传10M
if upfile.isErr then '假如出错
select case upfile.isErr
case 1
case 2
Response.Write "你上传的文件超出我们的限制,最大10M"
end select
else
%>
<table align="center" width="750" border="1" cellpadding="0" cellspacing="0" bordercolor="#000000" class="p9" style="border-collapse: collapse">
<tr bgcolor="#CCCCCC">
<td height="25" valign='middle'> 外地文件 </td>
<td valign='middle'> 大小(字节) </td>
<td valign='middle'> 上传到 </td>
<td valign='middle'> 形态 </td>
</tr>
<%
FSPath=GetFilePath(Server.mappath("uptofile.asp"),"\")'获得当前文件在效劳器路径
ServerPath=GetFilePath(Request.ServerVariables("HTTP_REFERER"),"/")'获得在网站上的地位
for each formName in upfile.file '列出一切上传了的文件
set oFile=upfile.file(formname)
FileName=upfile.form(formName)'获得文本域的值
if not FileName>"" then FileName=oFile.filename'假如没有输出新的文件名,就用本来的文件名
upfile.SaveToFile formname,FSPath&FileName ''保存文件 也能够使用AutoSave来保存,参数一样,但是会主动建立新的文件名
%>
<tr>
<td height="20" valign='middle'> <%=oFile.FilePath&oFile.FileName%> </td>
<td valign='middle'> <%=oFile.filesize%> </td>
<td valign='middle'> <A HREF="<%=serverpath&FileName%>"><%=FileName%></A> </td>
<td valign='middle'> <%
if upfile.iserr then
Response.Write upfile.errmessage
else
upfilecount=upfilecount+1
Response.Write "上传成功"
end if
%> </td>
</tr><%
set oFile=nothing
next
%>
<tr>
<td colspan="3" height="25" valign='middle'> 一共上传了<%=upfileCount%>个文件</td>
</tr>
<%
end if
set upfile=nothing '删除此对象
%>
</p>
</table>
<FORM METHOD="post" NAME="form1" ENCTYPE="multipart/form-data">
<TABLE BORDER="0" ALIGN="center" CELLPADDING="0" CELLSPACING="0">
<TR>
<TD><TABLE WIDTH="750" BORDER="1" ALIGN="center" CELLPADDING="0" CELLSPACING="0" BORDERCOLOR="#111111" STYLE="BORDER-COLLAPSE: collapse">
<TR>
<TD HEIGHT="27" COLSPAN="2">上传<INPUT NAME="filenum" CLASS="tx2" VALUE="1" SIZE="4">个文件
<INPUT TYPE="button" NAME="Button" CLASS="bt" onClick="addfile" VALUE="设 定">
</TD>
</TR>
<TR>
<TD> <DIV ID="uptd"> </DIV></TD>
</TR>
<TR>
<TD HEIGHT="30" COLSPAN="2" ALIGN="middle">
<INPUT TYPE="submit" NAME="Button" CLASS="bt" VALUE="上 传">
<INPUT TYPE="reset" NAME="Button" CLASS="bt" VALUE="重 置">
</TD>
</TR>
</TABLE></TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
更多信息请查看IT技术专栏