file_upfile_save.asp 因特达Access数据库在线管理系统 - ASP源码程序

www.gusucode.com > 因特达Access数据库在线管理系统 > 因特达Access数据库在线管理系统\code\access\file_upfile_save.asp
    <!--#include file="conn.asp"-->
<!--#include file="session.asp"-->
<!--#include file="file_incupload.vbs"-->


<%

set upload=new upload_5xsoft
if upload.form("act")="uploadfile" then

filepath=replace(upload.form("filepath"),"\","/")''返回的请求路径,不让访问上级目录

if instr(filepath,"\")>0 or instr(filepath,"*")>0 or instr(filepath,"?")>0 or instr(filepath,"'")>0 or instr(filepath,chr(34))>0 then
	call err1'路径问题
end if
if right(filepath,1)<>"/" then	filepath=filepath&"/"
%>
<%
basepath=Server.mappath(filepath)
set obj_fso=server.createobject("scripting.filesystemobject")
'response.Write(basepath)
'response.End()
if not obj_fso.folderexists(basepath) then'目录不存在
	call err2
end if
%>
<html>
<head>
<title><%=sysname%>--上传文件成功</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head>
<body>
<center>
<div style="width:600px;margin-top:100px;padding:3px 0;text-align:left;font-size:12px;color:#990000;border:solid 1px;border-color:#000090 #000090 #cccccc;background:#cccccc">yinteda.com在线文件管理器--上传结果报告</div>
<div style="width:600px;padding:30px;font-size:12px;color:#000090;border:solid 1px;border-color:#000090 #000090 #cccccc;">
<%
	i=0
	for each formName in upload.objFile
		set file=upload.objFile(formName)
		if file.FileSize>0 then
			fileName=check_fileName(file.fileName)
			filePath=basepath&"\"&FileName
			file.SaveAs filePath'存入文件
			response.write file.FileName&" ("&formatnumber(file.FileSize/1024,2,-1)&" K)上传<font color=red>成功!</font><br>　　"
			i=i+1
		set file=nothing
		end if
	next
	
	if upload.form("go")="-1" then'说明是单个文件上传，从upftile_a.asp来
		response.Write("<script>parent.rightFrame.location.href+=''</script>")
		response.End()
	end if
	set upload=nothing
	call result'显示结果
else
	set upload=nothing
	response.redirect "fsoexplorer.asp?ntime="&ntime
end if
%>

<%
sub err1
		response.write "<center><div style='width:600px;margin-top:100px;padding:3px 0;text-align:center;font-size:12px;color:#990000;border:solid 1px;border-color:#000090 #000090 #cccccc;background:#cccccc'>yinteda.com在线文件管理器--上传结果报告</div><div style='width:600px;padding:30px;font-size:12px;color:#000090;border:solid 1px;border-color:#000090 #000090 #cccccc;'>"
		response.write "对不起，没有填写路径或路径中含有非法字符<br><br>"
		response.write "<input type='button' style='width:65px;height:20px;font-size:12px' value='返回' onclick='window.history.go(-1)'>　　　<input type='button' style='width:65px;height:20px;font-size:12px' value='关闭' onclick='window.close()'></div>"&vbcrlf
		response.write "<div style='width:600px;padding:3px 0;font-size:12px;color:#000090;border:solid 1px;border-color:#cccccc #000090 #000090;background:#cccccc;'>版权所有：<a href='http://www.yinteda.com' target='_blank'>www.yinteda.com</a>　　　程序设计：<a href=mailto:138138066@qq.com>138138066@qq.com</a></div>"&vbcrlf&"</center>"
		response.end
end sub
%>

<%
sub err2
	set obj_fso=nothing
	set upload=nothing
%>
<center><div style='width:600px;margin-top:100px;padding:3px 0;text-align:center;font-size:12px;color:#990000;border:solid 1px;border-color:#000090 #000090 #cccccc;background:#cccccc'>yinteda.com在线文件管理器--上传结果报告</div><div style='width:600px;padding:30px;font-size:12px;color:#000090;border:solid 1px;border-color:#000090 #000090 #cccccc;'>
	对不起，目录“<%= filepath %>”不存在，请先创建该目录！<br>"
	<br><input type='button' style='width:65px;height:20px;font-size:12px' value='返回' onclick='window.history.go(-1)'>　　　<input type='button' style='width:65px;height:20px;font-size:12px' value='关闭' onclick='window.close()'></div>
	<div style='width:600px;padding:3px 0;font-size:12px;color:#000090;border:solid 1px;border-color:#cccccc #000090 #000090;background:#cccccc;'>版权所有：<a href='http://www.yinteda.com' target='_blank'>www.yinteda.com</a>　　　程序设计：<a href=mailto:138138066@qq.com>138138066@qq.com</a></div></center>
<%
	response.end
end  sub
%>

<%
sub result
	response.write "<br><br><br><b>已上传"&i-j&"个文件！</b><br>"
	response.write "<br><input type='button' style='width:65px;height:20px;font-size:12px' value='返回' onclick='window.history.go(-1)'>　　　<input type='button' style='width:65px;height:20px;font-size:12px' value='关闭' onclick='window.close()'></div>"&vbcrlf
	response.write "<div style='width:600px;padding:3px 0;font-size:12px;color:#000090;border:solid 1px;border-color:#cccccc #000090 #000090;background:#cccccc;'>版权所有：<a href='http://www.yinteda.com' target='_blank'>www.yinteda.com</a>　　　程序设计：<a href=mailto:138138066@qq.com>138138066@qq.com</a></div>"&vbcrlf&"</center>"&vbcrlf
	response.write "</body>"&vbcrlf
	response.write "</html>"&vbcrlf
end sub
%>

<%
function check_fileName(fileName)
	if instr(fileName,"\")>0 or instr(fileName,"/")>0 or instr(fileName,"?")>0 or instr(fileName,chr(34))>0 then
		response.write("<script>alert('文件名出错！');window.history.go(-1)</script>")
		response.End()
	end if
	dim arr,arr1,str
	str=",HTM,HTML,DOC,XLS,MDB,PPT,RAR,ZIP,JPG,GIF,BMP,PSD,ITF,TXT,PNG,SWF,"
	arr=split(fileName,".")
	if ubound(arr)>0 then'有后缀名
		houName=ucase(arr(ubound(arr)))'后缀名，转成大写
		if instr(str,","&houName&",")>0 then'合法后缀名
			check_fileName=fileName
		else
			response.write "<script>alert('无效后缀名！\r\r以下为有效后缀：\r   HTM,HTML,DOC,XLS,MDB,PPT,RAR,ZIP,JPG,GIF,BMP,PSD,ITF,TXT,PNG,SWF');window.history.go(-1)</script>"'改后缀名
			response.end()
		end if
	else
		response.write "<script>alert('失败，没有后缀名！');window.history.go(-1)</script>"'没有后缀
		response.End()
	end if
end function
%>