admin_upload_configure.asp

简单的asp论坛源码系统,很适用于初学者!界面简洁,功能齐全

<% @ Language=VBScript %>
<% Option Explicit %>
<!--#include file="admin_common.asp" -->
<%
'****************************************************************************************
'**  Copyright Notice    
'**
'**  Web Wiz Forums(TM)
'**  http://www.webwizforums.com
'**                            
'**  Copyright (C)2001-2008 Web Wiz(TM). All Rights Reserved.
'**  
'**  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS UNDER LICENSE FROM 'WEB WIZ'.
'**  
'**  IF YOU DO NOT AGREE TO THE LICENSE AGREEMENT THEN 'WEB WIZ' IS UNWILLING TO LICENSE 
'**  THE SOFTWARE TO YOU, AND YOU SHOULD DESTROY ALL COPIES YOU HOLD OF 'WEB WIZ' SOFTWARE
'**  AND DERIVATIVE WORKS IMMEDIATELY.
'**  
'**  If you have not received a copy of the license with this work then a copy of the latest
'**  license contract can be found at:-
'**
'**  http://www.webwizguide.com/license
'**
'**  For more information about this software and for licensing information please contact
'**  'Web Wiz' at the address and website below:-
'**
'**  Web Wiz, Unit 10E, Dawkins Road Industrial Estate, Poole, Dorset, BH15 4JD, England
'**  http://www.webwizguide.com
'**
'**  Removal or modification of this copyright notice will violate the license contract.
'**
'****************************************************************************************



'*************************** SOFTWARE AND CODE MODIFICATIONS **************************** 
'**
'** MODIFICATION OF THE FREE EDITIONS OF THIS SOFTWARE IS A VIOLATION OF THE LICENSE  
'** AGREEMENT AND IS STRICTLY PROHIBITED
'**
'** If you wish to modify any part of this software a license must be purchased
'**
'****************************************************************************************




'Set the response buffer to true
Response.Buffer = True


'Dimension variables
Dim strMode		'Holds the mode of the page, set to true if changes are to be made to the database
Dim intMaxImageSize	'Holds the max image size
Dim strFileTypes	'Holds the file types
Dim intMaxFileSize	'Holds the max file size
Dim strFilePath		'Holds the path to the files
Dim blnAvatarEnabled	'Set to true if avatars are enabled
Dim strAvatarTypes	'Holds the avatar types
Dim intMaxAvatarSize	'Holds the max avatar size
Dim saryBadFileTypes(56)'Array for bad file types
Dim blnBadFileType	'Found bad file type
Dim intLoopCounter	'Loop counter
Dim intLoopCounter2	'Loop counter
Dim strBadFileTypeName	'For error message
Dim saryImageFileType	'Array holding the file types
Dim intAllocatedSpace	'Holds the amount of allocated space that the user is allowed for uploading




blnBadFileType = false


'Read in the details from the form
strUploadComponent = Request.Form("component")
strImageTypes = Request.Form("imageTypes")
intAllocatedSpace = Request.Form("allocatedSpace")
intMaxImageSize	= CInt(Request.Form("imageSize"))
strFileTypes = Request.Form("fileTypes")
intMaxFileSize	= CInt(Request.Form("fileSize"))
strAvatarTypes = Request.Form("avatarTypes")
intMaxAvatarSize = CInt(Request.Form("avatarSize"))
blnAvatarEnabled = CBool(Request.Form("avatar"))


If blnACode OR strInstallID = "" Then
	Call closeDatabase()
	Response.Redirect("admin_web_wiz_forums_premium.asp" & strQsSID1)
End If



'If a hacker gains control of the admin account they can use the upload tool to upload files to the server to hack the entire site
'To prevent this certain file types are not allowed
If Request.Form("postBack") Then

	'List of bad file types
	
	'ISAPI and CGI web page extensions (can be used to hack site)
	saryBadFileTypes(0) = "asax"
	saryBadFileTypes(1) = "ascx"
	saryBadFileTypes(2) = "ashx"
	saryBadFileTypes(3) = "asmx"
	saryBadFileTypes(4) = "aspx"
	saryBadFileTypes(5) = "asp"
	saryBadFileTypes(6) = "asa"
	saryBadFileTypes(7) = "asr"
	saryBadFileTypes(8) = "axd"
	saryBadFileTypes(9) = "cdx"
	saryBadFileTypes(10) = "cer"
	saryBadFileTypes(11) = "cgi"
	saryBadFileTypes(12) = "class"
	saryBadFileTypes(13) = "config"
	saryBadFileTypes(14) = "com" 
	saryBadFileTypes(15) = "cs"
	saryBadFileTypes(16) = "csproj"
	saryBadFileTypes(17) = "cnf"
	saryBadFileTypes(18) = "dll"
	saryBadFileTypes(19) = "edml"
	saryBadFileTypes(20) = "exe"
	saryBadFileTypes(21) = "idc"
	saryBadFileTypes(22) = "inc"
	saryBadFileTypes(23) = "isp"
	saryBadFileTypes(24) = "licx"
	saryBadFileTypes(25) = "php3"
	saryBadFileTypes(26) = "php4"
	saryBadFileTypes(27) = "php5"
	saryBadFileTypes(28) = "php"
	saryBadFileTypes(29) = "phtml"
	saryBadFileTypes(30) = "pl"
	saryBadFileTypes(31) = "rem"
	saryBadFileTypes(32) = "resources"
	saryBadFileTypes(33) = "resx"
	saryBadFileTypes(34) = "shtm"
	saryBadFileTypes(35) = "shtml"
	saryBadFileTypes(36) = "soap"
	saryBadFileTypes(37) = "stm"
	saryBadFileTypes(38) = "vsdisco"
	saryBadFileTypes(39) = "vbe"
	saryBadFileTypes(40) = "vbs"
	saryBadFileTypes(41) = "vbx"
	saryBadFileTypes(42) = "vb"
	saryBadFileTypes(43) = "webinfo"
	saryBadFileTypes(44) = "cfm"
	saryBadFileTypes(45) = "ssi"
	saryBadFileTypes(46) = "swf"
	saryBadFileTypes(47) = "vbs"
	saryBadFileTypes(48) = "tpl"
	saryBadFileTypes(49) = "cfc"
	saryBadFileTypes(50) = "jst"
	saryBadFileTypes(51) = "jsp"
	saryBadFileTypes(52) = "jse"
	saryBadFileTypes(53) = "jsf"
	saryBadFileTypes(54) = "js"
	saryBadFileTypes(55) = "java"
	saryBadFileTypes(56) = "wml"
	saryBadFileTypes(56) = "xslt"
	
	
	'Remove spaces and dots in file types
	strFileTypes = Replace(strFileTypes, " ", "", 1, -1, 1)
	strFileTypes = Replace(strFileTypes, ".", "", 1, -1, 1)
	strImageTypes = Replace(strImageTypes, " ", "", 1, -1, 1)
	strImageTypes = Replace(strImageTypes, ".", "", 1, -1, 1)
	strAvatarTypes = Replace(strAvatarTypes, " ", "", 1, -1, 1)
	strAvatarTypes = Replace(strAvatarTypes, ".", "", 1, -1, 1)
	
	
	'Place the file and image types into an array
	saryImageFileType = Split(Trim(strImageTypes) & ";" & Trim(strFileTypes) & ";" & Trim(strAvatarTypes), ";")
	
	'Loop through all the allowed extensions and see if the image has one
	For intLoopCounter = 0 To UBound(saryImageFileType)
	
		'Loop through each of the file types
		For intLoopCounter2 = 0 To UBound(saryBadFileTypes)
	
			'Check to see if the image extension is allowed
			If LCase(saryImageFileType(intLoopCounter)) = LCase(saryBadFileTypes(intLoopCounter2)) Then 
				blnBadFileType = True
				strBadFileTypeName = strBadFileTypeName & saryBadFileTypes(intLoopCounter2)& ", "
			End If
		Next
	Next
End If



'Initialise the SQL variable with an SQL statement to get the configuration details from the database
strSQL = "SELECT " & strDbTable & "Configuration.* " & _
"From " & strDbTable & "Configuration " & _
"WHERE " & strDbTable & "Configuration.ID = 1;"

'Set the cursor type property of the record set to Dynamic so we can navigate through the record set
rsCommon.CursorType = 2

'Set the Lock Type for the records so that the record set is only locked when it is updated
rsCommon.LockType = 3

'Query the database
rsCommon.Open strSQL, adoCon

'If the user is changing the upload setup then update the database
If Request.Form("postBack") AND blnBadFileType = false Then

	With rsCommon
		'Update the recordset
		If blnDemoMode = False Then
			.Fields("Upload_component") = strUploadComponent
			.Fields("Upload_img_types") = strImageTypes
			.Fields("Upload_img_size") = intMaxImageSize
			.Fields("Upload_files_type") = strFileTypes
			.Fields("Upload_files_size") = intMaxFileSize
			.Fields("Upload_avatar_types") = strAvatarTypes
			.Fields("Upload_avatar_size") = intMaxAvatarSize
			.Fields("Upload_avatar") = blnAvatarEnabled
			.Fields("Upload_allocation") = intAllocatedSpace
		
			'Update the database with the new user's details
			.Update
		End If
	
		'Re-run the query to read in the updated recordset from the database
		.Requery