asp多文件上传类
2014-08-26来源:易贤网

asp多文件上传类, 是从我们服务器上搞来的是病毒

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>

<%

function GetFilePath(FullPath,str)

If FullPath <> "" Then

GetFilePath = left(FullPath,InStrRev(FullPath, str))

Else

GetFilePath = ""

End If

End function

%>

<%

class clsUp '文件上传类

'------------------------

Dim Form,File

Dim AllowExt_ '答应上传类型(白名单)

Dim NoAllowExt_ '不答应上传类型(黑名单)

Private oUpFileStream '上传的数据流

Private isErr_ '错误的代码,0或true表示无错

Private ErrMessage_ '错误的字符串消息

Private isGetData_ '指示能否已施行过GETDATA进程

'------------------------------------------------------------------

'类的属性

Public Property Get Version

Version="上传类声明"

End Property

Public Property Get isErr '错误的代码,0或true表示无错

isErr=isErr_

End Property

Public Property Get ErrMessage '错误的字符串消息

ErrMessage=ErrMessage_

End Property

Public Property Get AllowExt '答应上传类型(白名单)

AllowExt=AllowExt_

End Property

Public Property Let AllowExt(Value) '答应上传类型(白名单)

AllowExt_=LCase(Value)

End Property

Public Property Get NoAllowExt '不答应上传类型(黑名单)

NoAllowExt=NoAllowExt_

End Property

Public Property Let NoAllowExt(Value) '不答应上传类型(黑名单)

NoAllowExt_=LCase(Value)

End Property

'----------------------------------------------------------------

'类实古代码

'初始化类

Private Sub Class_Initialize

isErr_ = 0

NoAllowExt="" '黑名单,能够在这里预设不可上传的文件类型,以文件的后缀名来判别,不分大大写,每个每缀名用;号分开,假如黑名单为空,则判别白名单

NoAllowExt=LCase(NoAllowExt)

AllowExt="" '白名单,能够在这里预设可上传的文件类型,以文件的后缀名来判别,不分大大写,每个后缀名用;号分开

AllowExt=LCase(AllowExt)

isGetData_=false

End Sub

'类结束

Private Sub Class_Terminate

on error Resume Next

'肃清变量及对像

Form.RemoveAll

Set Form = Nothing

File.RemoveAll

Set File = Nothing

oUpFileStream.Close

Set oUpFileStream = Nothing

End Sub

'分析上传的数据网站制作

Public Sub GetData (MaxSize)

'定义变量

on error Resume Next

if isGetData_=false then

Dim RequestBinDate,sSpace,bCrLf,sInfo,iInfoStart,iInfoEnd,tStream,iStart,oFileInfo

Dim sFormValue,sFileName

Dim iFindStart,iFindEnd

Dim iFormStart,iFormEnd,sFormName

'代码开端

If Request.TotalBytes < 1 Then '假如没有数据上传

isErr_ = 1

ErrMessage_="没有数据上传"

Exit Sub

End If

If MaxSize > 0 Then '假如限制大小

If Request.TotalBytes > MaxSize Then

isErr_ = 2 '假如上传的数据超出限制大小

ErrMessage_="上传的数据超出限制大小"

Exit Sub

End If

End If

Set Form = Server.CreateObject ("Scripting.Dictionary")

Form.CompareMode = 1

Set File = Server.CreateObject ("Scripting.Dictionary")

File.CompareMode = 1

Set tStream = Server.CreateObject ("ADODB.Stream")

Set oUpFileStream = Server.CreateObject ("ADODB.Stream")

oUpFileStream.Type = 1

oUpFileStream.Mode = 3

oUpFileStream.Open

oUpFileStream.Write Request.BinaryRead (Request.TotalBytes)

oUpFileStream.Position = 0

RequestBinDate = oUpFileStream.Read

iFormEnd = oUpFileStream.Size

bCrLf = ChrB (13) & ChrB (10)

'获得每个项目之间的分隔符

sSpace = MidB (RequestBinDate,1, InStrB (1,RequestBinDate,bCrLf)-1)

iStart = LenB(sSpace)

iFormStart = iStart+2

'分解项目

Do

iInfoEnd = InStrB (iFormStart,RequestBinDate,bCrLf & bCrLf)+3

tStream.Type = 1

tStream.Mode = 3

tStream.Open

oUpFileStream.Position = iFormStart

oUpFileStream.CopyTo tStream,iInfoEnd-iFormStart

tStream.Position = 0

tStream.Type = 2

tStream.CharSet = "gb2312"

sInfo = tStream.ReadText

'获得表单项目称号

iFormStart = InStrB (iInfoEnd,RequestBinDate,sSpace)-1

iFindStart = InStr (22,sInfo,"name=""",1)+6

iFindEnd = InStr (iFindStart,sInfo,"""",1)

sFormName = Mid (sinfo,iFindStart,iFindEnd-iFindStart)

'假如是文件

If InStr (45,sInfo,"filename=""",1) > 0 Then

Set oFileInfo = new clsFileInfo

'获得文件属性

iFindStart = InStr (iFindEnd,sInfo,"filename=""",1)+10

iFindEnd = InStr (iFindStart,sInfo,""""&vbCrLf,1)

sFileName = Mid (sinfo,iFindStart,iFindEnd-iFindStart)

oFileInfo.FileName = GetFileName(sFileName)

oFileInfo.FilePath = GetFilePath(sFileName)

oFileInfo.FileExt = GetFileExt(sFileName)

iFindStart = InStr (iFindEnd,sInfo,"Content-Type: ",1)+14

iFindEnd = InStr (iFindStart,sInfo,vbCr)

oFileInfo.FileMIME = Mid(sinfo,iFindStart,iFindEnd-iFindStart)

oFileInfo.FileStart = iInfoEnd

oFileInfo.FileSize = iFormStart -iInfoEnd -2

oFileInfo.FormName = sFormName

file.add sFormName,oFileInfo

else

'假如是表单项目

tStream.Close

tStream.Type = 1

tStream.Mode = 3

tStream.Open

oUpFileStream.Position = iInfoEnd

oUpFileStream.CopyTo tStream,iFormStart-iInfoEnd-2

tStream.Position = 0

tStream.Type = 2

tStream.CharSet = "gb2312"

sFormValue = tStream.ReadText

If Form.Exists (sFormName) Then

Form (sFormName) = Form (sFormName) & ", " & sFormValue

else

Form.Add sFormName,sFormValue

End If

End If

tStream.Close

iFormStart = iFormStart+iStart+2

'假如到文件尾了就加入

Loop Until (iFormStart+2) >= iFormEnd

RequestBinDate = ""

Set tStream = Nothing

isGetData_=true

end if

End Sub

'保存到文件,主动覆盖已具有的同名文件

Public Function SaveToFile(Item,Path)

SaveToFile=SaveToFileEx(Item,Path,True)

End Function

'保存到文件,主动设置文件名

Public Function AutoSave(Item,Path)

AutoSave=SaveToFileEx(Item,Path,false)

End Function

'保存到文件,OVER为真时,主动覆盖已具有的同名文件,否则主动把文件改名保存

Private Function SaveToFileEx(Item,Path,Over)

On Error Resume Next

Dim oFileStream

Dim tmpPath

Dim nohack '防黑缓冲

isErr=0

Set oFileStream = CreateObject ("ADODB.Stream")

oFileStream.Type = 1

oFileStream.Mode = 3

oFileStream.Open

oUpFileStream.Position = File(Item).FileStart

oUpFileStream.CopyTo oFileStream,File(Item).FileSize

nohack=split(path,".") '重要修改,防止黑客二进制"01"断名!!!

tmpPath=nohack(0)&"."&nohack(ubound(nohack)) '重要修改,防止黑客二进制"01"断名!!!

if Over then

if isAllowExt(GetFileExt(tmpPath)) then

oFileStream.SaveToFile tmpPath,2

Else

isErr_=3

ErrMessage_="该后缀名的文件不答应上传!"

End if

Else

Path=GetFilePath(Path)

if isAllowExt(File(Item).FileExt) then

do

Err.Clear()

nohack=split(Path&GetNewFileName()&"."&File(Item).FileExt,".") '重要修改,防止黑客二进制"01"断名!!!

tmpPath=nohack(0)&"."&nohack(ubound(nohack)) '重要修改,防止黑客二进制"01"断名!!!

oFileStream.SaveToFile tmpPath

loop Until Err.number<1

oFileStream.SaveToFile Path

Else

isErr_=3

ErrMessage_="该后缀名的文件不答应上传!"

End if

End if

oFileStream.Close

Set oFileStream = Nothing

if isErr_=3 then SaveToFileEx="" else SaveToFileEx=GetFileName(tmpPath)

End Function

'获得文件数据

Public Function FileData(Item)

isErr_=0

if isAllowExt(File(Item).FileExt) then

oUpFileStream.Position = File(Item).FileStart

FileData = oUpFileStream.Read (File(Item).FileSize)

Else

isErr_=3

ErrMessage_="该后缀名的文件不答应上传!"

FileData=""

End if

End Function

'获得文件路径

Public function GetFilePath(FullPath)

If FullPath <> "" Then

GetFilePath = Left(FullPath,InStrRev(FullPath, "\"))

Else

GetFilePath = ""

End If

End function

'获得文件名

Public Function GetFileName(FullPath)

If FullPath <> "" Then

GetFileName = mid(FullPath,InStrRev(FullPath, "\")+1)

Else

GetFileName = ""

End If

End function

'获得文件的后缀名

Public Function GetFileExt(FullPath)

If FullPath <> "" Then

GetFileExt = LCase(Mid(FullPath,InStrRev(FullPath, ".")+1))

Else

GetFileExt = ""

End If

End function

'获得一个不反复的序号

Public Function GetNewFileName()

dim ranNum

dim dtNow

dtNow=Now()

ranNum=int(90000*rnd)+10000

GetNewFileName=year(dtNow) & right("0" & month(dtNow),2) & right("0" & day(dtNow),2) & right("0" & hour(dtNow),2) & right("0" & minute(dtNow),2) & right("0" & second(dtNow),2) & ranNum

End Function

Public Function isAllowExt(Ext)

if NoAllowExt="" then

isAllowExt=cbool(InStr(1,";"&AllowExt&";",LCase(";"&Ext&";")))

else

isAllowExt=not CBool(InStr(1,";"&NoAllowExt&";",LCase(";"&Ext&";")))

end if

End Function

End Class

'----------------------------------------------------------------------------------------------------

'文件属性类

Class clsFileInfo

Dim FormName,FileName,FilePath,FileSize,FileMIME,FileStart,FileExt

End Class

%>

<HTML>

<HEAD>

<STYLE TYPE="text/css">

<!--

.p9{ font-size: 9pt; font-family: 宋体 }

td {font-size: 9pt}

.tx {height: 16px; width: 30px; border-color: black black #000000; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px; font-size: 9pt; background-color: #eeeeee; color: #0000FF}

.tx2 {height: 16px;border-top-width: 0px; border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px; font-size: 9pt; color: #0000FF; border-left-color:#000000; border-right-color:#000000; border-top-color:#000000; border-bottom-color:#000000}

.bt {border-left:1px solid #C0C0C0; border-top:1px solid #C0C0C0; font-size: 9pt; border-right-width: 1; border-bottom-width: 1; height: 16px; width: 80px; background-color: #EEEEEE; cursor: hand; border-right-style:solid; border-bottom-style:solid}

.tx1 { width: 400 ;height: 20px; font-size: 9pt; border: 1px solid; border-color: black black #000000; color: #0000FF}

-->

</STYLE>

<TITLE>上传文件</TITLE>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312">

<SCRIPT LANGUAGE="vbscript">

function addfile()

dim str

str="<table>"

if not IsNumeric (window.form1.filenum.value) then window.form1.filenum.value =1

for i=1 to window.form1.filenum.value

str=str&"<tr><td valign='middle'>文件"&i&":</td><td><input type='file' name='file"&i&"' class='tx1' value size='20'>  保存为<input type='text' name='file"&i&"' size='20' class='tx2'></td></tr>"

next

window.uptd.innerHTML =str&"</table>"

end function

</SCRIPT>

</HEAD>

<BODY BGCOLOR="#ffffff" CLASS="p9" >

<%

dim upfile,formPath,ServerPath,FSPath,formName,FileName,oFile,upfilecount

upfilecount=0

set upfile=new clsUp ''建立上传对象

upfile.NoAllowExt="code;" '设置上传类型的黑名单

upfile.GetData (10240000) '获得上传数据,限制最大上传10M

if upfile.isErr then '假如出错

select case upfile.isErr

case 1

case 2

Response.Write "你上传的文件超出我们的限制,最大10M"

end select

else

%>

<table align="center" width="750" border="1" cellpadding="0" cellspacing="0" bordercolor="#000000" class="p9" style="border-collapse: collapse">

<tr bgcolor="#CCCCCC">

<td height="25" valign='middle'> 外地文件 </td>

<td valign='middle'> 大小(字节) </td>

<td valign='middle'> 上传到 </td>

<td valign='middle'> 形态 </td>

</tr>

<%

FSPath=GetFilePath(Server.mappath("uptofile.asp"),"\")'获得当前文件在效劳器路径

ServerPath=GetFilePath(Request.ServerVariables("HTTP_REFERER"),"/")'获得在网站上的地位

for each formName in upfile.file '列出一切上传了的文件

set oFile=upfile.file(formname)

FileName=upfile.form(formName)'获得文本域的值

if not FileName>"" then FileName=oFile.filename'假如没有输出新的文件名,就用本来的文件名

upfile.SaveToFile formname,FSPath&FileName ''保存文件 也能够使用AutoSave来保存,参数一样,但是会主动建立新的文件名

%>

<tr>

<td height="20" valign='middle'> <%=oFile.FilePath&oFile.FileName%> </td>

<td valign='middle'> <%=oFile.filesize%> </td>

<td valign='middle'> <A HREF="<%=serverpath&FileName%>"><%=FileName%></A> </td>

<td valign='middle'> <%

if upfile.iserr then

Response.Write upfile.errmessage

else

upfilecount=upfilecount+1

Response.Write "上传成功"

end if

%> </td>

</tr><%

set oFile=nothing

next

%>

<tr>

<td colspan="3" height="25" valign='middle'> 一共上传了<%=upfileCount%>个文件</td>

</tr>

<%

end if

set upfile=nothing '删除此对象

%>

</p>

</table>

<FORM METHOD="post" NAME="form1" ENCTYPE="multipart/form-data">

<TABLE BORDER="0" ALIGN="center" CELLPADDING="0" CELLSPACING="0">

<TR>

<TD><TABLE WIDTH="750" BORDER="1" ALIGN="center" CELLPADDING="0" CELLSPACING="0" BORDERCOLOR="#111111" STYLE="BORDER-COLLAPSE: collapse">

<TR>

<TD HEIGHT="27" COLSPAN="2">上传<INPUT NAME="filenum" CLASS="tx2" VALUE="1" SIZE="4">个文件  

<INPUT TYPE="button" NAME="Button" CLASS="bt" onClick="addfile" VALUE="设 定">

</TD>

</TR>

<TR>

<TD> <DIV ID="uptd"> </DIV></TD>

</TR>

<TR>

<TD HEIGHT="30" COLSPAN="2" ALIGN="middle">

<INPUT TYPE="submit" NAME="Button" CLASS="bt" VALUE="上 传">

<INPUT TYPE="reset" NAME="Button" CLASS="bt" VALUE="重 置">

</TD>

</TR>

</TABLE></TD>

</TR>

</TABLE>

</FORM>

</BODY>

</HTML>

更多信息请查看IT技术专栏

推荐信息