asp防盗链技术的使用

2013 年 1 月 9 日5210

  <%
  
  From_url=Cstr(Request.ServerVariables("­HTTP_REFERER"))
  
  Serv_url=Cstr(Request.ServerVariables("­SERVER_NAME"))
  
  ifmid(From_url,8,len(Serv_url))<>Serv_urlthen
  
  response.write"非法链接!"'防止盗链
  
  response.end
  
  endif
  
  ifRequest.Cookies("Logined")=""then
  
  response.redirect"/login.asp"'需要登陆!
  
  endif
  
  FunctionGetFileName(longname)'/folder1­/folder2/file.asp=>file.asp
  
  whileinstr(longname,"/")
  
  longname=right(longname,len(longname)-1­)
  
  wend
  
  GetFileName=longname
  
  EndFunction
  
  DimStream
  
  DimContents
  
  DimFileName
  
  DimTrueFileName
  
  DimFileExt
  
  ConstadTypeBinary=1
  
  FileName=Request.QueryString("FileName"­)
  
  ifFileName=""Then
  
  Response.Write"无效文件名!"
  
  Response.End
  
  Endif
  
  FileExt=Mid(FileName,InStrRev(FileName,".")+1)
  
  SelectCaseUCase(FileExt)
  
  Case"ASP","ASA","ASPX","ASAX","MDB"
  
  Response.Write"非法操作!"
  
  Response.End
  
  EndSelect
  
  Response.Clear
  
  iflcase(right(FileName,3))="gif"orlcase(right(FileName,3))="jpg"or
  
  lcase(right(FileName,3))="png"then
  
  Response.ContentType="image/*"
  
  '对图像文件不出现下载对话框
  
  else
  
  Response.ContentType="application/ms-download"
  
  endif
  
  Response.AddHeader"content-disposition","attachment;filename="&
  
  GetFileName(Request.QueryStrin­g("FileName"))
  
  SetStream=server.CreateObject("ADODB.Str­eam")
  
  Stream.Type=adTypeBinary
  
  Stream.Open
  
  iflcase(right(FileName,3))="pdf"then'设置pdf类型文件目录
  
  TrueFileName="/the_pdf_file_s/"&FileName
  
  endif
  
  iflcase(right(FileName,3))="doc"then'设置DOC类型文件目录
  
  TrueFileName="/my_D_O_C_file/"&FileName
  
  endif
  
  iflcase(right(FileName,3))="gif"orlcase(right(FileName,3))="jpg"or
  
  lcase(right(FileName,3))="png"then
  
  TrueFileName="/all_images_/"&FileName'设置图像文件目录
  
  endif
  
  Stream.LoadFromFileServer.MapPath(TrueFileName)
  
  WhileNotStream.EOS
  
  Response.BinaryWriteStream.Read(1024*64)
  
  Wend
  
  Stream.Close
  
  SetStream=Nothing
  
  Response.Flush
  
  Response.End
  
  %>
  
  利用adodb.stream直接下载任何后缀的文件(防盗链)
  
  在浏览器的地址栏里直接输入一个doc或xls或jpg的文件的­url路径,那么该文件会直接显示在浏览器里。而在很多时候我们­希望能直接弹出下载提示框让用户下载,我们该怎么办呢?这里有两­种方法:
  
  1、设置你的服务器的iis,给doc等后缀名做映射
  
  2、在向客户端发送时设置其contenttype
  
  下面详细说明方法2
  
  <%
  
  Response.Buffer=true
  
  Response.Clear
  
  dimurl
  
  Dimfso,fl,flsize
  
  dimDname
  
  DimobjStream,ContentType,flName,i­sre,url1
  
  '*****************************­****************调用时传入的下载文件名
  
  Dname=trim(request("n"))
  
  '*****************************­******************************­*******
  
  IfDname<>""Then
  
  '*****************************­*下载文件存放的服务端目录
  
  url=server.MapPath("/")&""&Dn­ame
  
  '*****************************­**********************
  
  EndIf
  
  Setfso=Server.CreateObject("Scrip­ting.FileSystemObject")
  
  Setfl=fso.getfile(url)
  
  flsize=fl.size
  
  flName=fl.name
  
  Setfl=Nothing
  
  Setfso=Nothing
  
  %>
  
  <%
  
  SetobjStream=Server.CreateObject("ADODB.Str­eam")
  
  objStream.Open
  
  objStream.Type=1
  
  objStream.LoadFromFileurl
  
  SelectCaselcase(Right(flName,4))
  
  Case".asf"
  
  ContentType="video/x-ms-asf"
  
  Case".avi"
  
  ContentType="video/avi"
  
  Case".doc"
  
  ContentType="application/msword"
  
  Case".zip"
  
  ContentType="application/zip"
  
  Case".xls"
  
  ContentType="application/vnd.ms-excel"
  
  Case".gif"
  
  ContentType="image/gif"
  
  Case".jpg","jpeg"
  
  ContentType="image/jpeg"
  
  Case".wav"
  
  ContentType="audio/wav"
  
  Case".mp3"
  
  ContentType="audio/mpeg3"
  
  Case".mpg","mpeg"
  
  ContentType="video/mpeg"
  
  Case".rtf"
  
  ContentType="application/rtf"
  
  Case".htm","html"
  
  ContentType="text/html"
  
  Case".txt"
  
  ContentType="text/plain"
  
  CaseElse
  
  ContentType="application/octet-stream"
  
  EndSelect
  
  Response.AddHeader"Content-Disposition","attachment;filename="&
  
  flName
  
  Response.AddHeader"Content-Length",flsize
  
  Response.Charset="UTF-8"
  
  Response.ContentType=ContentType
  
  Response.BinaryWriteobjStream.Read
  
  Response.Flush
  
  response.Clear()
  
  objStream.Close
  
  SetobjStream=Nothing
  
  %>
  
  将下面的东西存成download.asp然后你就可以用<a
  
  herf=">来下载同一目录下的file.d­oc了!
  
  但是这里有个问题就是直接将file.doc路径写在url里是­不安全的,所以解决方案应该是将file.doc的路径存到数据­库里,同过查找数据库后得到路径
  
  在这个程序的最前面如果加上一个判断:
  
  if
  
  instr(Request.ServerVariables(­"HTTP_REFERER"),"http://你的域名")­=0
  
  then
  
  Response.End
  
  endif
  
  

点这里查看更多PHP教程

0 0