This script does one of two things. First it lets the user browse the file structure of any directory on the web server (permissions permitting of course) and lets them request any file by clicking on it. Only the directory you specified as root and its sub directories can be explored. The script won't let a user go above the directory you have specified as the root directory.The main advantage of this is that you can keep your files outside of your inetpub directory away from the control of the webserver. This means that your users can only access the files via your scripts. The actual location of the files on the disk is hidden from the user, and if they wish to request a file they can only get it via your script. This allows you to build in any access features you might want to add such as ensuring people have logged in to your website before they get any files. Or maybe you want certain users to download only certain files, or you might only want to give access to requests with certain domains in the HTTP_REFERER variable. By taking control of the file structure away from IIS and into your ASP script you gain full control over your files and who gets them. When a user clicks on a file to download it the script works out the correct MIME type so that the file behaves in exactly the same was as if they were getting it from IIS normally. ie jpg and gif files will show in the browser, zip files will prompt for a download, .doc files will embed themselves in the browser. And just like normal links users can right-click and select to save the file to their hard drive instead. Each directory is rendered as a basic HTML table. I'll leave it up to you how you decide to pretty up the interface. [bold]Browse.asp[/bold]

 <%@ Language=VBScript %><%
option explicit
dim sRoot, sDir, sParent, objFSO, objFolder, objFile, objSubFolder, sSize
%>
<META content="Microsoft Visual Studio 6.0" name=GENERATOR><!-- Author: Adrian Forbes --><%
' This is the root directory that the explorer will browse.  Make sure there is no backslash ()
' at the end.  Also make sure that show.asp has an identical sRoot variable.
sRoot = "c:webfiles"

' Get the directory relative to the root directory
sDir = Request("Dir")

' Add a backslash
sDir = sDir & "\"

Response.Write "<h1>" & sDir & "</h1>" & vbCRLF

' Create a copy of FileSystemObject
Set objFSO = CreateObject("Scripting.FileSystemObject")
on error resume next
' Get a handle on the folder
Set objFolder = objFSO.GetFolder(sRoot & sDir)
if err.number <> 0 then
    Response.Write "Could not open folder"
    Response.End
end if
on error goto 0

' We want a link to the parent folder also
' Get the full path of the parent folder
sParent = objFSO.GetParentFolderName(objFolder.Path)

' Remove the contents of sRoot from the front.  This gives us the parent
' path relative to the root folder
' eg. if parent folder is "c:webfilessubfolder1subfolder2" then we just want "subfolder1subfolder2"
sParent = mid(sParent, len(sRoot) + 1)

Response.Write "<table border=""1"">"

' Give a link to the parent folder.  This is just a link to this page only pssing in
' the new folder as a parameter
Response.Write "<tr><td colspan=3><a href=""browse.asp?dir=" & Server.URLEncode(sParent) & """>Parent folder</a></td></tr>" & vbCRLF

' Now we want to loop through the subfolders in this folder
For Each objSubFolder In objFolder.SubFolders
    ' And provide a link to them
    Response.Write "<tr><td colspan=3><a href=""browse.asp?dir=" & Server.URLEncode(sDir & objSubFolder.Name) & """>" & objSubFolder.Name & "</a></td></tr>" & vbCRLF
Next

' Now we want to loop through the files in this folder
For Each objFile In objFolder.Files
    if Clng(objFile.Size) < 1024 then
        sSize = objFile.Size & " bytes"
    else
        sSize = Clng(objFile.Size / 1024) & " KB"
    end if
    ' And provide a link to view them.  This is a link to show.asp passing in the directory and the file
    ' as parameters
    Response.Write "<tr><td><a href=""show.asp?file=" & server.URLEncode(objFile.Name) & "&dir=" & server.URLEncode (sDir) & """>" & objFile.Name & "</a></td><td>" & sSize & "</td><td>" & objFile.Type & "</td></tr>" & vbCRLF
Next

Response.Write "</table>"
%>

[bold]show.asp[/bold]

 <%@ Language=VBScript %><%
option explicit
dim sFile, sRoot, sDir, sExt, objShell, objFSO, sMIME, objStream

' Author: Adrian Forbes -->

' Make sure this is the same sRoot variable that is defined in browse.asp
sRoot = "c:webfiles"

' Get the directory relative to the root folder
sDir = Request("dir")

' Get the file we're going to show
sFile = Request("file")

' We need to know the MIME type for the file we are about to view.  In
' order to get this we need to know the file's extension.
' We could use string functions to get the file extension but we've going
' to be lazy and use FileSystemObject
set objFSO = server.CreateObject("Scripting.FileSystemObject")
sExt = objFSO.GetExtensionName (sFile)
set objFSO = nothing

' Now we have the extension, the file's MIME type is held in the registry at
' HKEY_CLASSES_ROOT.<ext>Content Type
' Create an instance of Wscript.Shell to let us read the registry
Set objShell = Server.CreateObject("Wscript.Shell")
On Error Resume Next
' Get the MIME type
sMIME = objShell.RegRead("HKEY_CLASSES_ROOT." & sExt & "Content Type")
On Error GoTo 0
if len(sMIME) = 0 then
    ' If there is no registered type then return octetstream.  This will prompt
    ' the user with the "Open or Save to disk" dialogue.
    sMIME = "application/octetstream"
end if
set objShell = nothing

' Tell the browse the content type
Response.ContentType = sMIME

' And the name of the file
Response.AddHeader "Content-Disposition", "filename=" & sFile & ";"

' Now we need to pipe the file to the browser, to do this we
' will use the ADODB.Stream
Set objStream = Server.CreateObject("ADODB.Stream")
objStream.Open
' Set the type as Binary
objStream.Type = 1
' Load our file
objStream.LoadFromFile sRoot & sDir & sFile

' And send it to the browser
Response.BinaryWrite objStream.Read

objStream.Close
Set objStream = Nothing
%>

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

More ASP Code Articles
More By Adrian Forbes

 

developerWorks - FREE Tools!

Build Forge Express demo: Enabling software delivery excellence for small and midsized businesses This demonstration gives you an overview of IBM® Rational® Build Forge Express Edition, a global offering that provides a framework to automate and execute software processes. Rational Build Forge provides a software assembly line that can support all of your tools, technologies, and platforms so you can achieve a repeatable, reliable, and traceable build and release process. FREE! Go There Now!

NEW! IBM – Taking Web 2.0 to Work David Barnes, Lead Evangelist for IBM Emerging Internet Technologies will discuss aspects of Web 2.0 that bring value to corporations, academia, and government. He'll also discuss IBM's vision around Web 2.0, including the importance of remixability and consumability. The discussion will culminate with examples of various IBM Software Group solutions you can use to get ahead of the Web 2.0 adoption curve. FREE! Go There Now!

NEW! Develop Systems Software Assets with IBM Rational Asset Manager Join us for this on demand webcast to learn about developing complex systems more quickly and efficiently. We'll cover market drivers for developing, governing and reusing systems software assets and how you can develop system software assets with Rational Asset Manager. FREE! Go There Now!

NEW! Hello World: WebSphere Service Registry and Repository Manage, govern, and share services across your organization by using WebSphere Service Registry and Repository. Follow the hands-on exercises to learn how to navigate the Web interface to publish, find, reuse, and update services. FREE! Go There Now!

NEW! IBM Enterprise Modernization Sandbox for System z: Architecture Analysts, architects, and developers who have existing COBOL or PL/I skills and want to extend those skills to deploy new workloads on the mainframe can use the IBM Enterprise Modernization Sandbox for System z to find hands-on walkthroughs of common real world scenarios. The scenarios provide examples of how to rapidly design, create, assemble, test, and deploy high-quality Web, Web services, portal, and SOA applications for IBM CICS, IBM IMS, and IBM WebSphere Application Server. FREE! Go There Now!

NEW! Run your first CICS application on a PC using TXSeries for Windows Learn the basics of the IBM Customer Information Control System (CICS). With a hands-on exercise, learn how to get your first CICS application up and running on your desktop using TXSeries V6.1 for Windows. The tutorial shows you how to download and install a free trial version of TXSeries V6.1. FREE! Go There Now!

NEW! Section 508 of the U.S. Rehabilitation Act: Web accessibility compliance Because access to government information continues to be an area of concern for many U.S. citizens with disabilities, the U.S. government enacted Section 508 of the Rehabilitation Act in 2001 to ensure that government agencies create accessible Web content, enabling all citizens to access the information they need. A fully accessible Web site makes Web content accessible to all individuals, including those with disabilities, who may be accessing Web content via a variety of user agents. Common user agents include standard Web browsers, text-only browsers, assistive devices and mobile devices such as cell phones or personal digital assistants (PDAs). FREE! Go There Now!

NEW! Trial download: IBM Rational Functional Tester V7.0.1 Get a free trial download of the latest version of IBM Rational Functional Tester V7.0.1. Rational Functional Tester is an automated functional and regression testing solution for QA teams concerned with the quality of their Java, Microsoft Visual Studio .NET, and Web-based applications. FREE! Go There Now!

NEW! Using IBM Rational Developer for System z and IBM Rational ClearCase together to manage application development Whether you are creating new applications or modifying existing ones, managing integration of new components with traditional z/OS elements is a critical part of building and deploying modern applications. Listen to this webcast to see how IBM can help you optimize your development process using an IDE like Rational Developer for System z that integrates with management tools, such as ClearCase to manage your application development on mainframes. FREE! Go There Now!

NEW! Webcast: Introducing the new Information Server and Solutions community: LeverageInformation User communities play an important role in communication and collaboration around products, solutions and other areas of special interest to members. Successful communities are able to provide the right mix of content and services to deliver a value proposition that resonates with each audience. Join Tom Inman, VP of Marketing for Information and Platform Solutions as he introduces the new LeverageINFORMATION community. During this webcast, learn about the value provided by the community and how customers and partners derive value from the community in addressing their own technical and business challenges. FREE! Go There Now!

All FREE IBM® developerWorks Tools!