uploadsave.asp

使用Asp+Access+FSO+Jmail+Servu开发

<!--#include file="inc/upload.inc" -->
<!--#include file="../chkuser.asp"-->
<!--#include file="../inc/conn.asp"-->
<!--#include file="../inc/user.asp"-->
<%
Server.ScriptTimeOut=999999
maxsize=rshost("uploadsize")
filetype=rshost("filetype")

'--注意下面是写法稍有不同的地方---
set upload=new upload_5xsoft
upload.ProgressID=Request.QueryString("progressID") '一定是这行在先。
upload.GetUpFile
'--结束---其他与以前的写法完全相同-------------
if upload.form("filepath")="" then   ''得到上传目录
 Response.write "<script language='javascript'>alert('系统提示：\n\n请输入要上传至的目录!');location.href='javascript:history.back()'</script>"
 set upload=nothing
 response.end
else
 formPath=upload.form("filepath")
 ''在目录后加(/)
 if right(formPath,1)<>"/" then formPath=formPath&"/" 
end if
iCount=0
for each formName in upload.objFile ''列出所有上传了的文件
set file=upload.file(formName)
types=lcase(mid(file.filename,InStrRev(file.filename, ".")+1))
if filetype<>"" then
filetype=split(filetype,"|")
for i = 0 to ubound(filetype)
	if LCase(types)=filetype(i) then
		response.redirect "../error.asp?error=filetype"
		erro=true
		exit for
	end if
next
end if
if file.filesize>maxsize*1024 then
 	Response.write "<script language='javascript'>alert('系统提示：\n\n文件大小不能超过"&maxsize&"K，请返回重试！');location.href='javascript:history.back()'</script>" 
	set upload=nothing
	response.end
 end if
if file.filesize>session("canuse") then
 	Response.write "<script language='javascript'>alert('系统提示：\n\n您的空间容量已经不足！\n\n请删除部分文件或升级您的空间！');location.href='javascript:history.back()'</script>" 
	set upload=nothing
	response.end
 end if
if file.FileSize>0 then         ''如果 FileSize > 0 说明有文件数据
file.SaveAs userdir&formPath&file.FileName   ''保存文件
if file.filesize<=204800 then
strnohtml=""
set ts = fso.opentextfile(userdir&formPath&file.FileName, 1,,0)
do while ts.atendofstream <> true '判别是否文件结尾（循环语句）
str = ts.readline '（每次）读取一行
strnohtml = strnohtml & str
loop
ts.close
strnohtml=replace(strnohtml," ","")
strnohtml=lcase(strnohtml)
end if
if rsuser("asp")="False" then
if instr(strnohtml,"scripting.") or instr(strnohtml,"adodb.") or instr(strnohtml,"shell.") or instr(strnohtml,".server") or instr(strnohtml,".file") or instr(strnohtml,"folder.") or instr(strnohtml,".application") then
set ts1 = fso.getfile(userdir&formPath&file.FileName)
ts1.delete(True)
set ts1=nothing 
Response.redirect("../error.asp?error=asp")
response.end
end if
end if
badcode=rshost("badcode")
if badcode<>empty then
filtrate=split(badcode,"|")
for i = 0 to ubound(filtrate)
if instr(strnohtml,filtrate(i))>0 Then
set ts1 = fso.getfile(userdir&formPath&file.FileName)
ts1.delete(True)
set ts1=nothing 
Response.redirect("../error.asp?error=badcode")
response.end
end if
next
end if
iCount=iCount+1
end if
set file=nothing
next
set upload=nothing
%>
<html>
<head>
<title>文件上传结果</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link rel="stylesheet" href="../css/webedit.css" type="text/css">
</head>
<body leftmargin="0" topmargin="0">
<br>
<br>
<br>
<table  border="0" align="center" cellpadding="4" cellspacing="0">
  <tr>
    <td align="center"><font color="#FF0000"><%=iCount%>个文件上传成功！</font></td>
  </tr>
  <tr>
    <td align="center"><input type=button class="bt1" onclick="javascript:history.back()" value=继续上传>
<input type=button class="bt1" onclick="window.close();" value=关闭></td>
  </tr>
</table>
<script language=javascript>
if(window.opener&&window.opener.refreshit)
 window.opener.refreshit();
</script>
</body>
</html>