asp防盗链技术的使用
<%
From_url=Cstr(Request.ServerVariables("HTTP_REFERER"))
Serv_url=Cstr(Request.ServerVariables("SERVER_NAME"))
ifmid(From_url,8,len(Serv_url))<>Serv_urlthen
response.write"非法链接!"'防止盗链
response.end
endif
ifRequest.Cookies("Logined")=""then
response.redirect"/login.asp"'需要登陆!
endif
FunctionGetFileName(longname)'/folder1/folder2/file.asp=>file.asp
whileinstr(longname,"/")
longname=right(longname,len(longname)-1)
wend
GetFileName=longname
EndFunction
DimStream
DimContents
DimFileName
DimTrueFileName
DimFileExt
ConstadTypeBinary=1
FileName=Request.QueryString("FileName")
ifFileName=""Then
Response.Write"无效文件名!"
Response.End
Endif
FileExt=Mid(FileName,InStrRev(FileName,".")+1)
SelectCaseUCase(FileExt)
Case"ASP","ASA","ASPX","ASAX","MDB"
Response.Write"非法操作!"
Response.End
EndSelect
Response.Clear
iflcase(right(FileName,3))="gif"orlcase(right(FileName,3))="jpg"or
lcase(right(FileName,3))="png"then
Response.ContentType="image/*"
'对图像文件不出现下载对话框
else
Response.ContentType="application/ms-download"
endif
Response.AddHeader"content-disposition","attachment;filename="&
GetFileName(Request.QueryString("FileName"))
SetStream=server.CreateObject("ADODB.Stream")
Stream.Type=adTypeBinary
Stream.Open
iflcase(right(FileName,3))="pdf"then'设置pdf类型文件目录
TrueFileName="/the_pdf_file_s/"&FileName
endif
iflcase(right(FileName,3))="doc"then'设置DOC类型文件目录
TrueFileName="/my_D_O_C_file/"&FileName
endif
iflcase(right(FileName,3))="gif"orlcase(right(FileName,3))="jpg"or
lcase(right(FileName,3))="png"then
TrueFileName="/all_images_/"&FileName'设置图像文件目录
endif
Stream.LoadFromFileServer.MapPath(TrueFileName)
WhileNotStream.EOS
Response.BinaryWriteStream.Read(1024*64)
Wend
Stream.Close
SetStream=Nothing
Response.Flush
Response.End
%>
利用adodb.stream直接下载任何后缀的文件(防盗链)
在浏览器的地址栏里直接输入一个doc或xls或jpg的文件的url路径,那么该文件会直接显示在浏览器里。而在很多时候我们希望能直接弹出下载提示框让用户下载,我们该怎么办呢?这里有两种方法:
1、设置你的服务器的iis,给doc等后缀名做映射
2、在向客户端发送时设置其contenttype
下面详细说明方法2
<%
Response.Buffer=true
Response.Clear
dimurl
Dimfso,fl,flsize
dimDname
DimobjStream,ContentType,flName,isre,url1
'*********************************************调用时传入的下载文件名
Dname=trim(request("n"))
'******************************************************************
IfDname<>""Then
'******************************下载文件存放的服务端目录
url=server.MapPath("/")&""&Dname
'***************************************************
EndIf
Setfso=Server.CreateObject("Scripting.FileSystemObject")
Setfl=fso.getfile(url)
flsize=fl.size
flName=fl.name
Setfl=Nothing
Setfso=Nothing
%>
<%
SetobjStream=Server.CreateObject("ADODB.Stream")
objStream.Open
objStream.Type=1
objStream.LoadFromFileurl
SelectCaselcase(Right(flName,4))
Case".asf"
ContentType="video/x-ms-asf"
Case".avi"
ContentType="video/avi"
Case".doc"
ContentType="application/msword"
Case".zip"
ContentType="application/zip"
Case".xls"
ContentType="application/vnd.ms-excel"
Case".gif"
ContentType="image/gif"
Case".jpg","jpeg"
ContentType="image/jpeg"
Case".wav"
ContentType="audio/wav"
Case".mp3"
ContentType="audio/mpeg3"
Case".mpg","mpeg"
ContentType="video/mpeg"
Case".rtf"
ContentType="application/rtf"
Case".htm","html"
ContentType="text/html"
Case".txt"
ContentType="text/plain"
CaseElse
ContentType="application/octet-stream"
EndSelect
Response.AddHeader"Content-Disposition","attachment;filename="&
flName
Response.AddHeader"Content-Length",flsize
Response.Charset="UTF-8"
Response.ContentType=ContentType
Response.BinaryWriteobjStream.Read
Response.Flush
response.Clear()
objStream.Close
SetobjStream=Nothing
%>
将下面的东西存成download.asp然后你就可以用<a
herf=">来下载同一目录下的file.doc了!
但是这里有个问题就是直接将file.doc路径写在url里是不安全的,所以解决方案应该是将file.doc的路径存到数据库里,同过查找数据库后得到路径
在这个程序的最前面如果加上一个判断:
if
instr(Request.ServerVariables("HTTP_REFERER"),"http://你的域名")=0
then
Response.End
endif
