This script does one of two things. First it lets the user browse the file structure of any directory on the web server (permissions permitting of course) and lets them request any file by clicking on it. Only the directory you specified as root and its sub directories can be explored. The script won't let a user go above the directory you have specified as the root directory.The main advantage of this is that you can keep your files outside of your inetpub directory away from the control of the webserver. This means that your users can only access the files via your scripts. The actual location of the files on the disk is hidden from the user, and if they wish to request a file they can only get it via your script. This allows you to build in any access features you might want to add such as ensuring people have logged in to your website before they get any files. Or maybe you want certain users to download only certain files, or you might only want to give access to requests with certain domains in the HTTP_REFERER variable. By taking control of the file structure away from IIS and into your ASP script you gain full control over your files and who gets them. When a user clicks on a file to download it the script works out the correct MIME type so that the file behaves in exactly the same was as if they were getting it from IIS normally. ie jpg and gif files will show in the browser, zip files will prompt for a download, .doc files will embed themselves in the browser. And just like normal links users can right-click and select to save the file to their hard drive instead. Each directory is rendered as a basic HTML table. I'll leave it up to you how you decide to pretty up the interface. [bold]Browse.asp[/bold] <%@ Language=VBScript %><%
option explicit
dim sRoot, sDir, sParent, objFSO, objFolder, objFile, objSubFolder, sSize
%>
<META content="Microsoft Visual Studio 6.0" name=GENERATOR><!-- Author: Adrian Forbes --><%
' This is the root directory that the explorer will browse. Make sure there is no backslash ()
' at the end. Also make sure that show.asp has an identical sRoot variable.
sRoot = "c:webfiles"
' Get the directory relative to the root directory
sDir = Request("Dir")
' Add a backslash
sDir = sDir & "\"
Response.Write "<h1>" & sDir & "</h1>" & vbCRLF
' Create a copy of FileSystemObject
Set objFSO = CreateObject("Scripting.FileSystemObject")
on error resume next
' Get a handle on the folder
Set objFolder = objFSO.GetFolder(sRoot & sDir)
if err.number <> 0 then
Response.Write "Could not open folder"
Response.End
end if
on error goto 0
' We want a link to the parent folder also
' Get the full path of the parent folder
sParent = objFSO.GetParentFolderName(objFolder.Path)
' Remove the contents of sRoot from the front. This gives us the parent
' path relative to the root folder
' eg. if parent folder is "c:webfilessubfolder1subfolder2" then we just want "subfolder1subfolder2"
sParent = mid(sParent, len(sRoot) + 1)
Response.Write "<table border=""1"">"
' Give a link to the parent folder. This is just a link to this page only pssing in
' the new folder as a parameter
Response.Write "<tr><td colspan=3><a href=""browse.asp?dir=" & Server.URLEncode(sParent) & """>Parent folder</a></td></tr>" & vbCRLF
' Now we want to loop through the subfolders in this folder
For Each objSubFolder In objFolder.SubFolders
' And provide a link to them
Response.Write "<tr><td colspan=3><a href=""browse.asp?dir=" & Server.URLEncode(sDir & objSubFolder.Name) & """>" & objSubFolder.Name & "</a></td></tr>" & vbCRLF
Next
' Now we want to loop through the files in this folder
For Each objFile In objFolder.Files
if Clng(objFile.Size) < 1024 then
sSize = objFile.Size & " bytes"
else
sSize = Clng(objFile.Size / 1024) & " KB"
end if
' And provide a link to view them. This is a link to show.asp passing in the directory and the file
' as parameters
Response.Write "<tr><td><a href=""show.asp?file=" & server.URLEncode(objFile.Name) & "&dir=" & server.URLEncode (sDir) & """>" & objFile.Name & "</a></td><td>" & sSize & "</td><td>" & objFile.Type & "</td></tr>" & vbCRLF
Next
Response.Write "</table>"
%>
[bold]show.asp[/bold] <%@ Language=VBScript %><%
option explicit
dim sFile, sRoot, sDir, sExt, objShell, objFSO, sMIME, objStream
' Author: Adrian Forbes -->
' Make sure this is the same sRoot variable that is defined in browse.asp
sRoot = "c:webfiles"
' Get the directory relative to the root folder
sDir = Request("dir")
' Get the file we're going to show
sFile = Request("file")
' We need to know the MIME type for the file we are about to view. In
' order to get this we need to know the file's extension.
' We could use string functions to get the file extension but we've going
' to be lazy and use FileSystemObject
set objFSO = server.CreateObject("Scripting.FileSystemObject")
sExt = objFSO.GetExtensionName (sFile)
set objFSO = nothing
' Now we have the extension, the file's MIME type is held in the registry at
' HKEY_CLASSES_ROOT.<ext>Content Type
' Create an instance of Wscript.Shell to let us read the registry
Set objShell = Server.CreateObject("Wscript.Shell")
On Error Resume Next
' Get the MIME type
sMIME = objShell.RegRead("HKEY_CLASSES_ROOT." & sExt & "Content Type")
On Error GoTo 0
if len(sMIME) = 0 then
' If there is no registered type then return octetstream. This will prompt
' the user with the "Open or Save to disk" dialogue.
sMIME = "application/octetstream"
end if
set objShell = nothing
' Tell the browse the content type
Response.ContentType = sMIME
' And the name of the file
Response.AddHeader "Content-Disposition", "filename=" & sFile & ";"
' Now we need to pipe the file to the browser, to do this we
' will use the ADODB.Stream
Set objStream = Server.CreateObject("ADODB.Stream")
objStream.Open
' Set the type as Binary
objStream.Type = 1
' Load our file
objStream.LoadFromFile sRoot & sDir & sFile
' And send it to the browser
Response.BinaryWrite objStream.Read
objStream.Close
Set objStream = Nothing
%>
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More ASP Code Articles
More By Adrian Forbes  developerWorks - FREE Tools!
|
Join this Rational Talks to You teleconference on December 11 at 1:00 pm ET to get tips on building your own plugins with Rational Method Composer. Get your questions answered!
FREE! Go There Now!
| | | |
Informix Dynamic Server (IDS) Express Edition offers outstanding online transaction processing (OLTP) database performance, while helping to simplify and automate many of the tasks associated with deploying databases for small business applications. IDS 11 further extends the ease of management and applications integration with the Admin API and Scheduler, high availability with Continuous Log Restore for backup server recovery in case of a primary server failure, and column level encryption to protect personal and company private data.
FREE! Go There Now!
| | | |
Get a free trial download of the latest version of IBM Rational Functional Tester V7.0.1. Rational Functional Tester is an automated functional and regression testing solution for QA teams concerned with the quality of their Java, Microsoft Visual Studio .NET, and Web-based applications.
FREE! Go There Now!
| | | |
Learn the basics of the IBM Customer Information Control System (CICS). With a hands-on exercise, learn how to get your first CICS application up and running on your desktop using TXSeries V6.1 for Windows. The tutorial shows you how to download and install a free trial version of TXSeries V6.1.
FREE! Go There Now!
| | | |
In this webcast, IBM Rational will discuss the importance of Web application security and will share techniques and best practices to introduce application security testing into current QA processes including: understanding common security vulnerabilities and techniques to integrate security testing with defect tracking and remediation systems in an effort to safeguard sensitive online information.
FREE! Go There Now!
| | | |
Join this webcast to learn how IBM Rational's Functional Testing solution enables you to implement automation your way, at your pace, with your existing staff. In this webcast, you’ll learn how you can eliminate redundancy of manual test scripts, reduce errors, and increase test coverage through test automation. After this presentation you will understand how IBM Rational Functional Testing solution can streamline your manual testing and make test automation easily attainable.
FREE! Go There Now!
| | | |
Learn how to implement a build management system that uses and extends your existing automation technologies. This tutorial shows, step-by-step, how to install and configure IBM Rational Build Forge to manage builds for Jakarta Tomcat from source code.
FREE! Go There Now!
| | | |
David Barnes, Lead Evangelist for IBM Emerging Internet Technologies will discuss aspects of Web 2.0 that bring value to corporations, academia, and government. He'll also discuss IBM's vision around Web 2.0, including the importance of remixability and consumability. The discussion will culminate with examples of various IBM Software Group solutions you can use to get ahead of the Web 2.0 adoption curve.
FREE! Go There Now!
| | | |
Attend this launch webcast with Scott Hebner, Vice President of IBM Rational Marketing and Strategy, for an overview of Rational’s new software offerings and resources to help modernize and accelerate software innovation on i on Power Systems – while ensuring past application investments are protected and continue to grow. Learn how these solutions are helping customers extend their core i5/OS solutions toward modern architectures such as SOA and web technologies to deliver business improvements that stand the test of time.
FREE! Go There Now!
| | | |
As organizations integrate software into every aspect of business, they are constantly pressured to deliver faster, better, and cheaper results. Unfortunately, a “dis-integrated” software delivery approach reduces returns while increasing costs. This IBM Rational White Paper shows how Integrated Requirements Management aligns organizations around maximizing value and keeping pace with change.
FREE! Go There Now!
| | | |
All FREE IBM® developerWorks Tools!
| |
/ 119 
