pop_upload.asp

此程序是一个个人主页创造程序,该程序无插件,无任何恶意程序.

<%
'#############################################################
'#      中国在线--极酷论坛 ver.2001 3.0
'#
'#  版权所有: 中国在线 (ChinaXP.Net)
'#
'#  制作人  : 周周 (SeeYa!)
'#
'#
'#  主页地址: http://www.ChinaXP.net/    中国在线
'#	      http://www.ChinaXP.Net/bbs/    中国在线--极酷论坛
'#
'#############################################################
%>
<!--#include file="config.asp"-->
<!--#include file="inc_functions.asp"-->
<!--#include FILE="Include/upload.inc"-->
<%
	set my_Conn= Server.CreateObject("ADODB.Connection")
	my_Conn.Open strConnString

	Dim objDict
	Set objDict = Server.CreateObject("Scripting.Dictionary")
	set objRec = my_Conn.execute("SELECT * FROM " & strTablePrefix & "MODS WHERE (M_NAME = 'Attachment') OR (M_CODE = 'Attachment')")

	while not objRec.EOF
		objDict.Add objRec.Fields.Item("m_code").Value, objRec.Fields.Item("m_value").Value
		objRec.moveNext
	wend

	Dim intMaxFileSize, strFileType
	strFileType = trim(objDict.Item("faExtensions"))
	intMaxFileSize = cLng(objDict.Item("faMaxSize"))
%>
<html>
<HEAD>
<title><% =strForumTitle %></title>
<style type=text/css>
<!--
a:link    {color:<% Response.Write strLinkColor %>;text-decoration:<% Response.Write strLinkTextDecoration %>;}
a:visited {color:<% Response.Write strVisitedLinkColor %>;text-decoration:<% Response.Write strVisitedTextDecoration %>;}
a:hover   {color:<% Response.Write strHoverFontColor %>;text-decoration:<% Response.Write strHoverTextDecoration %>;}
A:active  {color:<% Response.Write strActiveLinkColor %>;text-decoration:<% Response.Write strVisitedTextDecoration %>;}
input.radio {background: <% Response.Write  strPopUpTableColor %>; color:#000000}
font {  font-size: 9pt; line-height: 13pt; FONT-FAMILY:<% Response.Write strDefaultFontFace %>}
td {  font-size: 9pt; line-height: 13pt; FONT-FAMILY:<% Response.Write strDefaultFontFace %>}
textarea { BACKGROUND-COLOR: #e8e8e8; BORDER-BOTTOM: 1px double; BORDER-LEFT: 1px double; BORDER-RIGHT: 1px double; BORDER-TOP: 1px double; COLOR: #000000; font-size: 9pt ;FONT-FAMILY:<% Response.Write strDefaultFontFace %>}
.Coolinput { BACKGROUND-COLOR: #e8e8e8; BORDER-BOTTOM: 1px double; BORDER-LEFT: 1px double; BORDER-RIGHT: 1px double; BORDER-TOP: 1px double; COLOR: #000000; font-size: 9pt; FONT-FAMILY:<% Response.Write strDefaultFontFace %>}
input {BACKGROUND-COLOR: #e8e8e8; CURSOR: HAND; BORDER-BOTTOM-WIDTH: 1px; BORDER-LEFT-WIDTH: 1px; BORDER-RIGHT-WIDTH: 1px; BORDER-TOP-WIDTH: 1px; FONT-FAMILY: "<% Response.Write strDefaultFontFace %>"; FONT-SIZE: 9pt; HEIGHT: 20px; PADDING-BOTTOM: 1px; PADDING-LEFT: 1px; PADDING-RIGHT: 1px; PADDING-TOP: 1px;}
BODY { FONT-FAMILY: 宋体; FONT-SIZE: 9pt; SCROLLBAR-HIGHLIGHT-COLOR: buttonface; SCROLLBAR-SHADOW-COLOR: buttonface; SCROLLBAR-3DLIGHT-COLOR: buttonhighlight; SCROLLBAR-TRACK-COLOR: #eeeeee; SCROLLBAR-DARKSHADOW-COLOR: buttonshadow }
//-->
</style>
</HEAD>

<BODY background="<% =strImageURL & strPageBGImage %>" bgColor="<% =strPageBGColor %>" text="<% =strDefaultFontColor %>" link="<% =strLinkColor %>" aLink=<% =strActiveLinkColor %> vLink="<% =strActiveLinkColor %>" onLoad="window.focus()">
<div align="center">
<% If Request.ServerVariables("Request_method") <> "POST" Then %>
<!--#include file="inc_top_short.asp"-->
<div align="center">
<FORM action="<% =Request.ServerVariables("SCRIPT_NAME") %>?Folder=<% =strDBNTUsername %>" name="fileup" method="POST" enctype="multipart/form-data">
<font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>">
   <TABLE width="80%" border=0 cellspacing=2 cellpadding=2>
    <TR>
     <TD>
	请选择要上传的文件：
	<input name="Method_Type" type="hidden" value="<% =Request("Method") %>">
	<input name="MEMBER_ID" type="hidden" value="<% =Request("MEMBER_ID") %>">
	<INPUT name="Folder2" type="hidden" value="<% =strDBNTUsername %>">
	<input name="FORUM_ID" type="hidden" value="<% =Request("FORUM_ID") %>">
	<input name="CAT_ID" type="hidden" value="<% =Request("CAT_ID") %>">
	<input name="REPLY_ID" type="hidden" value="<% =Request("REPLY_ID") %>">
	<input name="TOPIC_ID" type="hidden" value="<% =Request("TOPIC_ID") %>">
    </TD>
    </TR>
    <TR>
	<TD><INPUT name="file1" type="FILE" size=35 value=""></TD>
	<td></td>
    </TR>
    <TR>
	<TD><BR><INPUT name="Upload" type="SUBMIT" value="我要上传了..."><BR><BR><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>"><FONT color=red>注意：</FONT>
<BR>1、允许上传文件类型 &nbsp;<% =strFileType %>
<BR>2、文件大小上限 &nbsp;<FONT color=red><% =intMaxFileSize %></FONT> Kb
</font></TD>
	<td></td>
    </TR>
  </FORM>
   </TABLE>
   </font>
</div>
<!-- #include file="inc_footer_short.asp"-->
<% else %>
<%
	Dim strExtName, Err_Msg, strFileTypeArr
	err_Msg = ""
	strFileTypeArr = Split(strFileType, ";")

	Set upload = New upload_5xsoft
	Set file = upload.file("file1")			' ### 生成一个文件对象 ###
	strFileName = file.FileName			' ### 文件名 ###
	strFileSize = file.FileSize			' ### 文件大小 ###

	strRqMethod = upload.form("Method_Type")
	strFolder = upload.form("Folder")
	strMemberID = upload.form("MEMBER_ID")
	strTopicID = upload.form("TOPIC_ID")
	strReplyID = upload.form("REPLY_ID")
	strCatID = upload.form("CAT_ID")
	strForumID = upload.form("FORUM_ID")

	if strRqMethod = "" or strForumID = "" or strCatID = "" then
		HtmEnd "对不起，发生了未确定的错误，请关闭重新试一次！"
	end if

	' ### 计算取得文件类型 ###
	strExtName = Right(strFileName, Int(Len(strFileName)-InstrRev(strFileName, ".")+1))
	rec=0
	For i=0 To UBound(strFileTypeArr)
		if strExtName = strFileTypeArr(i) then
			rec = 1
			exit for
		end if
	Next
	if rec = 0 then
		HtmEnd "对不起，你所上传的文件是不允许上传的文件类型！"
	end if

	if Int(strFileSize) < Int(intMaxFileSize & "000") and strFileSize > 0  then
		if strCookieURL <> "" then
			strRoot = Server.MapPath(strCookieURL) & "\Mods\usr"
		else
			strRoot = Server.MapPath(".") & "\Mods\usr"
		end if
		' ###### 产生文件名 ######
		strFileName = strForumID & "_" & getUserFiles(strForumID) & strExtName

		strFile = strRoot & "\"  & strFileName
		Set fso = Server.CreateObject("Scripting.FileSystemObject")
		If Not fso.FolderExists(strRoot) then
			fso.createFolder(strRoot)
		end if
		if (fso.FileExists(strFile)) then
			fso.deleteFile(strFile)
		end if

		file.SaveAs strFile				' ### 保存文件 ###
		Set file = Nothing
		strFileID = intoDB()				' ### 写入数据库
		Response.Write "<script language=JavaScript>var resultString;resultString=window.opener.document.PostTopic.Message.value;window.opener.document.PostTopic.strFileUpLoadID.value = """ & strFileID & """;window.opener.document.PostTopic.strFileUpLoad.value = """ & strFileName & """;alert('文件上传结束！');window.close();</script>"
'		HtmEnd "文件上传结束！"
	else
		HtmEnd "您现在上传的文件大小已经超过了允许的上限，请重新上传！"
	end if
	Set upload = Nothing
End if

sub HtmEnd(Msg)
	Set upload = Nothing
	Response.Write "<BR><BR><BR><BR><BR><BR><BR>"
	Response.Write "<FONT color=red>" & Msg & "</FONT><BR><BR> [<a href=""javascript:history.back();"">返回重新上传文件</a>]"
%>
<!--#include file="inc_footer_short.asp"-->
<%
	Response.End
end sub

' ########################################################################
' ### Function    : getUserFiles
' ### Description : 统计论坛上传文件的总数
' ########################################################################
Private Function getUserFiles(fString)

	set rsUserFiles = Server.CreateObject("ADODB.Recordset")
	if strDBType = "access" then
		strSql = "SELECT Count(F_FILEID) AS [UserFilesCount] "
	else
		strSql = "SELECT Count(F_FILEID) AS UserFilesCount "
	end if
	strSql = strSql & "FROM " & strTablePrefix & "USERFILES "
'	strSql = strSql & "WHERE F_FORUM_ID = " & fString
	Set rsUserFiles = my_Conn.Execute(strSql)

	getUserFiles = rsUserFiles("UserFilesCount") + 1

	rsUserFiles.Close
	set rsUserFiles = Nothing

End Function

'---------------------------------------------------------------------------
'- Function    : intoDB
'- Description : inserts the document information in the database
'---------------------------------------------------------------------------
Private Function intoDB()
   	Dim strSQL
	strFilesDate = DateToStr(strForumTimeAdjust)

	strSQL = "INSERT INTO " & strTablePrefix & "USERFILES (MEMBER_ID,F_USERNAME,F_FILENAME,F_FILESIZE,F_CAT_ID,F_FORUM_ID,F_DATE) VALUES("
	strSQL = strSQL & strMemberID & ", '"
	strSQL = strSQL & strFolder & "', '"
	strSQL = strSQL & strFileName & "', "
	strSQL = strSQL & strFileSize & ", "
	strSQL = strSQL & strCatID & ", "
	strSQL = strSQL & strForumID & ", '"
	strSQL = strSQL & strFilesDate & "')"
	my_Conn.execute (strSQL)

	set rsUserFiles = Server.CreateObject("ADODB.Recordset")
	strSQL = "SELECT " & strTablePrefix & "USERFILES.F_FILEID "
	strSQL = strSQL & "FROM " & strTablePrefix & "USERFILES "
	strSql = strSql & "WHERE " & strTablePrefix & "USERFILES.F_FILENAME = '" & strFileName & "'"
	strSql = strSql & " AND " & strTablePrefix & "USERFILES.F_DATE = '" & strFilesDate & "'"

	Set rsUserFiles = my_Conn.Execute(strSql)
	intoDB = rsUserFiles("F_FILEID")

	rsUserFiles.Close
	Set rsUserFiles = Nothing

	Set strFilesDate = Nothing
	Set strSQL = Nothing

End Function
%>
</div>

</body>

</html>