upimgpost.asp

本oa系统内部短信.手机短信.文件传输.公文收发.邮件服务.共享下载.内部论坛等功能

<%Response.Expires = -1
Response.ExpiresAbsolute = Now() - 1
Response.cachecontrol = "no-cache"%>
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers=""
MM_authFailedURL="../../index.asp"
MM_grantAccess=false
If Session("userssdfgfhtrh") <> "" Then
  If (true Or CStr(Session("MM_UserAuthorization"))="") Or _
         (InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
    MM_grantAccess = true
  End If
End If
If Not MM_grantAccess Then
  MM_qsChar = "?"
  If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
  MM_referrer = Request.ServerVariables("URL")
  if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
  MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
  Response.Redirect(MM_authFailedURL)
End If
%>
<!--#include file="../../Connections/oavbsconn.asp" -->
<!--#include file="../bbs/upload_5xsoft.inc"-->
<%
Dim levels__MMColParam
levels__MMColParam = "1"
If (Session("names")  <> "") Then 
  levels__MMColParam = Session("names") 
End If
%>
<%
Dim levels
Dim levels_numRows
Set levels = Server.CreateObject("ADODB.Recordset")
levels.ActiveConnection = MM_oavbsconn_STRING
levels.Source = "SELECT 姓名,操作名称  FROM levelssdfgsfgtrgrthe5fgbdnjyu76  WHERE 姓名 = '" + Replace(levels__MMColParam, "'", "''") + "' and 操作名称='管理人事照片与附件'"
levels.CursorType = 0
levels.CursorLocation = 2
levels.LockType = 1
levels.Open()
levels_numRows = 0
%>
<%if not levels.eof or not levels.bof then%>

  <%
Server.ScriptTimeout=900
dim upload,file,formName,formPath,iCount
set upload=new upload_5xSoft ''建立上传对象
%>

 <%
formPath="../../dataandfiles/files/hr/"&Session("userssdfgfhtrh")&"/"
p1="../../../../dataandfiles/files/hr/"&Session("userssdfgfhtrh")&"/"
manyfolder="../../dataandfiles/files/hr/"
 Dim objFSO11
  Set objFSO11= Server.CreateObject("Scripting.FileSystemObject")
  If  objFSO11.FolderExists(Server.MapPath(manyfolder))   Then   
Else   
objFSO11.CreateFolder(Server.MapPath(manyfolder))
Set objFSO11 = Nothing
End   If   
 Dim objFSO1
  Set objFSO1= Server.CreateObject("Scripting.FileSystemObject")
  If  objFSO1.FolderExists(Server.MapPath(formPath))   Then   
Else   
objFSO1.CreateFolder(Server.MapPath(formPath))
Set objFSO1 = Nothing
End   If   %>

<%if upload.form("filepath")="" then%>
<script language="javascript">
{
alert("请选择图片!");history.go(-1)
}
</script>
<%response.end()
end if%>
<%
Dim Recordset1__MMColParam
Recordset1__MMColParam = "1"
If (session("upuserimgid") <> "") Then 
  Recordset1__MMColParam = session("upuserimgid")
End If
%>
<%
Dim Recordset1
Dim Recordset1_numRows
Set Recordset1 = Server.CreateObject("ADODB.Recordset")
Recordset1.ActiveConnection = MM_oavbsconn_STRING
Recordset1.Source = "SELECT *  FROM 用户基本自资料vfsrgftvrtrefverfcadfc  WHERE id = " + Replace(Recordset1__MMColParam, "'", "''") + ""
Recordset1.CursorType = 0
Recordset1.CursorLocation = 2
Recordset1.LockType = 3
Recordset1.Open()
%>
<% if not Recordset1.eof or not Recordset1.bof  then 
dim num1
dim rndnum
Randomize
Do While Len(rndnum)<50
num1=CStr(Chr((57-48)*rnd+48))
rndnum=rndnum&num1
loop
if upload.form("filepath")="" then   ''得到上传目录
 HtmEnd "请输入要上传至的目录!"
 set upload=nothing
 response.end
else
 ''在目录后加(/)
 if right(formPath,1)<>"/" then formPath=formPath&"/" 
end if
iCount=0
for each formName in upload.file ''列出所有上传了的文件
 set file=upload.file(formName)  ''生成一个文件对象
 fileformat=lcase(right(file.filename,4))
if fileformat<>"" then 
if fileformat=".jpg" or fileformat=".jpeg" or fileformat=".gif" or fileformat=".png" or fileformat=".bmp" then
else
response.write"<script>alert('图片类型需为jpg,gif,png,bmp格式！');history.go(-1)</script>"
	response.end
end if 
 end if 
 if cint(file.FileSize/1024)>10000 then 
   	response.write"<script>alert('"&Session("names")&"很抱歉,您的文件太大,系统允许上传的最大文件是10MB。');location='"&request.ServerVariables("HTTP_REFERER")&"'</script>"
	response.end
end if 
dim flength,fpath,fname
 if file.FileSize>0 then         ''如果 FileSize > 0 说明有文件数据
'flength=file.FileSize
flength=cint(file.FileSize/1024)
if flength<1 then
flength=1&"KB"
end if
fpath=formPath&File.FileName
fname=file.FileName
session("fnames")=fname
%>
<%
Dim Recordset2__MMColParam
Recordset2__MMColParam = "1"
If (P1&fname <> "") Then 
  Recordset2__MMColParam = P1&fname
End If
%>
<%dim ip
ip = Request.ServerVariables("HTTP_X_FORWARDED_FOR") 
If ip = "" Then ip = Request.ServerVariables("REMOTE_ADDR") '获得真实IP这样的话在本地，在服务器测试都没有问题了
Dim Recordset2
Dim Recordset2_numRows
Set Recordset2 = Server.CreateObject("ADODB.Recordset")
Recordset2.ActiveConnection = MM_oavbsconn_STRING
Recordset2.Source = "SELECT *  FROM 电子附件  WHERE 文件路径 = '" + Replace(Recordset2__MMColParam, "'", "''") + "'"
Recordset2.CursorType = 0
Recordset2.CursorLocation = 3
Recordset2.LockType = 3
Recordset2.Open()
if  not Recordset2.eof or not  Recordset2.bof then
	response.write"<script>alert('"&Session("names")&"很抱歉,您上传的" &fname& "文件重名。建议修改文件名继续上传,谢谢！');location='"&request.ServerVariables("HTTP_REFERER")&"'</script>"
  Response.End
  end if%>
  <%
Recordset2.addnew
Recordset2("上传人帐号")=session("userssdfgfhtrh")
Recordset2("上传人姓名")=session("names")
Recordset2("上传人部门")=session("bumen")
Recordset2("用户ID")=session("upuserimgid")
Recordset2("属性")="照片"
Recordset2("添加时IP")=ip
Recordset2("添加日期")=date()

Recordset2("文件路径")=P1&fname
Recordset2("文件名")=fname
Recordset2("文件大小")=flength&"KB"
Recordset2.update
Recordset2_numRows = 0
%>
<% 
Recordset2.Close()
Set Recordset2 = Nothing
%>
<%
file.SaveAs Server.mappath(formPath&file.FileName)
on error resume next

if err.number<>0 then
   	response.write"<script>alert('"&Session("names")&"很抱歉,您上传的文件"&file.FileName&"含有,.;等非法字符,请去掉该类字符继续上传,谢谢！');location='"&request.ServerVariables("HTTP_REFERER")&"'</script>"
response.end()
end if
  iCount=iCount+1
  dim total
total=1
 end if
Recordset1("照片路径")=P1&fname
Recordset1("照片名")=fname
Recordset1("照片大小")=flength
Recordset1.update
set file=nothing
next
set upload=nothing  ''删除此对象
sub HtmEnd(Msg)
 response.write "<br>"&Msg&" [<a href=""javascript:history.back();"">返回</a>]</body></html>"
end sub
%>
<%
Recordset1.Close()
Set Recordset1 = Nothing
%>
<% end if%>
<%response.redirect ("upimg.asp")%>
<%
levels.Close()
Set levels = Nothing
%>
<%else%>
<%
levels.Close()
Set levels = Nothing
%>
<%
response.write"<script>alert('"&Session("names")&"很抱歉,您没有管理人事照片的权限。');location='"&request.ServerVariables("HTTP_REFERER")&"'</script>"
%>
<%response.end()
end if%>