📄 wapls_upfile.asp
字号:
<%
'==================================
'=文 件 名:admin_upfile.asp
'=适用版本:游戏天府WAP网站管理系统(CMS)V1.1
'=官方版权:http://www.gotf.cn
'=文件功能:文件上传
'=文件作者:游戏天府
'=发行时间:2007-02-01
'==================================
%>
<!--#include file="wapls_admin_conn.asp"-->
<!--#include file="wapls_upfile_class.asp"-->
<%
if session("wapls_adminlogin")<>wapls_sessionvar then
errmsg="您没有登陆或不是管理员。请登陆。"
response.write "<script>window.alert('"&errmsg&"');window.location='admin_login.asp';</script>"
response.End
end if
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link href="images/css.css" rel="stylesheet" type="text/css">
</head>
<body topmargin="0" leftmargin="0" class="tablebody">
<%
dim upfile,upmax,updir,checkupfile,SaveFilename
'==================================
'=参数设置:
'updir为上传目录,按月分别建立,总目录在程序根目录下的Upload中;
'checkupfile为检测函数使用开关,0为关闭,1为启用
'==================================
upmax=allowupfilesize
updir="../Upload/"&year(date)&"-"&month(date)&"/"
checkupfile=1 '检测函数使用开关,0为关闭,1为启用
set upfile=new upfile_class
upfile.GetData (upmax)
'检查上传文件夹
set chk = Server.CreateObject("Scripting.FileSystemObject")
if chk.FolderExists(Server.MapPath(updir)) =false then
chk.CreateFolder(Server.MapPath(updir))
end if
set chk=nothing
'执行保存文件代码
dim path,FSPath
FSPath=GetFilePath(Server.mappath("wapls_upfile.asp"),"\")'取得当前文件在服务器路径
FSPath=FSPath&updir
'path =FSPath&upfile.File("img").filename
randomize
filename=split(upfile.File("img").filename,".")
file_name=filename(0)&int(rnd()*20)
file_name=GetRndFileName&"."&filename(1)
path =FSPath&file_name
Function GetRndFileName()
Dim tmpstr
randomize
tmpstr=Int(1000*rnd)
tmpstr=""&day(now)&hour(now)&minute(now)&second(now)&tmpstr
GetRndFileName=tmpstr
End Function
upfile.SaveToFile "img",path
select case upfile.isErr
case 1
Response.Write "你没有填写上传数据 [<a href='wapls_upload.asp'>重新上传</a>]"
case 2
response.Write "文件过大,应小于"&upmax/1024&"KB [<a href='wapls_upload.asp'>重新上传</a>]"
case 3
wuxiao="1"
response.Write "该文件类型不允许上传 [<a href='wapls_upload.asp'>重新上传</a>]"
case else
if checkupfile=1 then
'==================================
'=功能:自动检测上传文件是否含有非法代码
'==================================
Dim objFSO,objTS,strText,ComStr,i
filebb= updir&file_name
Set objFSO=Server.CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(Server.MapPath(filebb)) Then
Set objTS=objFSO.OpenTextFile(Server.MapPath(filebb),1)
strText=lcase(objTS.ReadAll)
objTS.Close
'禁止字符,可随时添加
ComStr="cookie|.getfolder|.createfolder|.deletefolder|.createdirectory|.deletedirectory|0n error resume next|站长助手|密码|海阳|adodb.stream|createobject|scripting.filesystemobject|strbackdoor|password|command.com"
ComStr=ComStr&"|.saveas|wscript.shell|shell.application|script.encode|folderpath|session|request|iframe|frame|execute|object|server.mappath"
strArray=split(ComStr,"|")
for i=0 to ubound(strArray)
if instr(strText,strArray(i))<>0 then
objFSO.DeleteFile Server.MapPath(filebb),True
response.write"<font color=red>非法文件,禁止上传!</font> [<a href='wapls_upload.asp'>重新上传</a>]"
response.end
end if
next
Set objFSO=nothing
else
response.write"该文件不存在"
end if
end if
'==================================
'代码检测结束
'==================================
response.Write "<font color=green>上传成功</font>文件路径<input type=""text"" value='Upload/"&year(date)&"-"&month(date)&"/"&file_name&"' size=""50"" onmouseover=""this.focus()"" onfocus=""this.select()"" style=""color:#0000ff;text-align:center""> [<a href='wapls_upload.asp'>继续上传</a>]"
end select
sql="select * from wapls_up order by up_id desc"
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
if filename<>"" then rs("up_url")="Upload/"&year(date)&"-"&month(date)&"/"&file_name
if filename(1)<>"" and wuxiao="" then rs("up_format")=filename(1)
rs.update
rs.close
set rs=nothing
set upfile=nothing
Function GetFilePath(FullPath,str)
If FullPath <> "" Then
GetFilePath = left(FullPath,InStrRev(FullPath, str))
Else
GetFilePath = ""
End If
End function
%>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -