📄 downfile.asp
字号:
<!--#include file="inc/function.asp"-->
<!--#include file="inc/driver.asp"-->
<%
'--------------------------------------------
if session("adminlogin") = "" or session("dir") = "" then
response.redirect("login.asp")
end if
'--------------------------------------------
fileSpec =Lcase(Cstr(Trim(Request("fileSpec"))))
whereIn = InstrRev(fileSpec,"\")
questDir = Left(fileSpec,whereIn) '--得到文件所在目录
'------------------检查权限是否正确--------------------------------
if not session("admin") then
'-------此处检查权限
myPath = Split(session("dir"), "|")
For each subDir in myPath
If InStr(lcase(questDir), lcase(subDir)) > 0 then
flag = true
end if
Next
If flag = false then
response.write("<meta http-equiv='Content-Type' content='text/html; charset=gb2312'>")
response.write("<script language=javascript>")
response.write("alert(""你没有权限访问该目录!"");")
response.write("history.back();")
response.write("</script>")
response.write(questDir)
response.end
end if
end if
'----------------检测是否是有效路径
if not CheckCorrectPath(questDir) then
response.write("<meta http-equiv='Content-Type' content='text/html; charset=gb2312'>")
response.write("<script language=javascript>")
response.write("alert(""请求为非有效目录或包含非法字符!"");")
response.write("history.back();")
response.write("</script>")
response.end
end if
'----------------检查是否有文件类型访问权限,并决定是否允许下载
If CheckExten(GetExten(fileSpec)) Then
downLoadFile(fileSpec)
Else
response.write("<meta http-equiv='Content-Type' content='text/html; charset=gb2312'>")
response.write("<script language=""javascript"">")
response.write("alert(""你没有对此文件类型的访问权限!"");")
response.write("history.back();")
response.write("</script>")
response.end
End If
%>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -