www.gusucode.com > 因特达Access数据库在线管理系统 > 因特达Access数据库在线管理系统\code\access\file_select_right.asp
<!-- #include file="conn.asp" --> <!-- #include file= "public.asp" --> <!--#include file = "session.asp"--> <!doctype html public "-//w3c//dtd html 4.0 strict//en"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <title>文件预览区</title> <style type="text/css"> <!-- body,td,th { font-size: 13px; } body { margin-left: 0px; margin-top: 0px; } a:link { color: #0033CC; text-decoration: none; } a:visited { text-decoration: none; color: #0033CC; } a:hover { text-decoration: underline; color: #FF0000; } a:active { text-decoration: none; color: #FF0000; } --> </style> <script>parent.document.all.upfile_frame.src='file_upfile.asp?savepath=<%=request("path")%>'</script> </head> <body onclick="selectFile()" onDblClick="selectFile();parent.document.all.ok.click()"> <TABLE align=left><tr width=26 height=1><td></td><td></td></tr> <% '以下是列出文件 'dim userPath'用于确定用户只能放问的目录 'dim requestPath'返回的请求路径 ''userPath="document/com/"&session("公司简称")&"/"&session("username") 'requestPath=request("path") 'requestPath=replace(requestPath,"../","")'不让访问上级目录 'requestPath=replace(requestPath,"u:/","")'不让访问上级目录 'requestPath=replace(requestPath,"u:","")'不让访问上级目录 'path=userPath&"/"&requestPath path="/"&request("path") 'if path="" then ' response.Write("无路径") ' response.end() 'end if url = Server.MapPath(path) 'response.Write(requestPath) ' 'response.write(url) 'response.End() Set fso = CreateObject("Scripting.FileSystemObject") Set theCurrentFolder = fso.GetFolder(url) Set curFiles = theCurrentFolder.Files i=0 For Each fileItem in curFiles fname = fileItem.Name arr=split(fname,".") houName=arr(ubound(arr)) img="images/"&houName&".gif" if not fso.fileexists(server.mappath(img)) then img="images/unknown.gif" end if %><tr><td><img src=<%=img%>></td><TD nowrap><a href=#f><%=fname%></a></TD></TR><% i=i+1 if i mod 15 =0 then response.write("</table>") response.write("<TABLE align=left><tr width=26 height=1><td></td><td></td></tr>") end if next if i<1 then '没有数据 response.write("<table width='100%'><tr><td align='center'><br><br><br><font color=#ff0000>没有找到文件</font></td></tr></table>") end if %> </TABLE> <script> parent.document.all.fileCount.innerHTML="<%=i%>" function selectFile() { oElement=document.elementFromPoint(event.x,event.y); if (oElement.tagName=="A") { var str="<%=path%>/"+oElement.innerHTML parent.selectFile.value=str.replace(/\/\//g,"/") //fg } } </script> </body> </html>