Realize the anti-theft chain, hide file paths with ASP

xiaoxiao2021-03-19  192

If we know the actual path of a static file such as:

http://www.webdn.com/download/mybook.pdf, if the server does not make special restrictions, we can download it without effort! How can the downloader can't get his actual path when the website provides mybook.pdf download? This article describes how to use ASP to hide the actual download path of the file.

When we manage the website file, we can put the extension of the extension in the same directory, set a more special name, such as the PDF file directory is the_pdf_file_s, saving the following code as Down.asp, his online path is

Http://www.webdn.com/down.asp, we can use http: // www.

Webdn.com/down.asp?filename=mybook.pdf to download this file, and the downloader can't see this file actual download path! In Down.asp, we can also set whether the download file needs to be logged in, it is determined whether the downloaded source page is an external website, so that the file can be prevented from being stolen.

Sample code:

<%

From_url = cstr (Request.ServerVariables ("http_referer"))

Serv_url = cstr (Request.ServerVariables ("Server_Name"))

IF MID (from_url, 8, len (serv_url) <> serv_url dam

Response.write "illegal link!" 'Prevention of stealing chains

Response.end

END IF

If Request.Cookies ("Logined") = "" "" ""

Response.Redirect "/login.asp" "needs to be logged in!

END IF

Function getFileName (longname) '/ folder1 / folder2 / file.asp => file.asp

While INSTR (longname, "/")

LongName = Right (longname, len (longname) -1)

Wend

GetFileName = longname

END FUNCTION

Dim Stream

DIM Contents

DIM FileName

DIM TrueFileName

DIM FileExt

Const adtypebinary = 1

FileName = Request.QueryString ("FileName")

IF filename = "" ""

Response.write "invalid file name!"

Response.end

END IF

FileExt = MID (FileName, INSTRREV (FileName, ".") 1)

SELECT CASE UCASE (Fileext)

Case "ASP", "ASA", "ASPX", "ASAX", "MDB"

Response.write "illegal operation!"

Response.end

End SELECT

Response.clear

IF LCase (Right (FileName, 3)) = "GIF" or LCase (Right (filename, 3)) = "JPG" or LCase (Right (filename, 3)) = "PNG" theResponse.contentType = "image / * "'Do not download dialog box for image files

Else

Response.contentType = "Application / MS-Download"

END IF

Response.addheader "Content-Disposition", "Attachment; FileName =" & getFileName (Request.QueryString ("FileName"))

Set stream = server.createObject ("adoDb.stream")

Stream.type = adtypebinary

Stream.open

IF LCASE (Right (filename, 3)) = "PDF" THEN 'Settings PDF Type File Directory

TrueFileName = "/ THE_PDF_FILE_S /" & FileName

END IF

If LCASE (Right (filename, 3)) = "DOC" TEN 'Setup Doc Type File Directory

TrueFileName = "/ my_d_o_c_file /" & filename

END IF

IF LCase (Right (FileName, 3)) = "GIF" or LCase (Right (filename, 3)) = "jpg" or lcase (Right (filename, 3)) = "png" then

TrueFileName = "/ all_images _ /" & filename "Sets the image file directory

END IF

Stream.LoadFromfile Server.MAppath (TrueFileName)

While not stream.eos

Response.binarywrite stream.read (1024 * 64)

Wend

Stream.close

Set stream = Nothing

Response.flush

Response.end

%>

转载请注明原文地址:https://www.9cbs.com/read-130177.html

New Post(0)