This script does one of two things. First it lets the user browse the file structure of any directory on the web server (permissions permitting of course) and lets them request any file by clicking on it. Only the directory you specified as root and its sub directories can be explored. The script won't let a user go above the directory you have specified as the root directory.The main advantage of this is that you can keep your files outside of your inetpub directory away from the control of the webserver. This means that your users can only access the files via your scripts. The actual location of the files on the disk is hidden from the user, and if they wish to request a file they can only get it via your script. This allows you to build in any access features you might want to add such as ensuring people have logged in to your website before they get any files. Or maybe you want certain users to download only certain files, or you might only want to give access to requests with certain domains in the HTTP_REFERER variable. By taking control of the file structure away from IIS and into your ASP script you gain full control over your files and who gets them. When a user clicks on a file to download it the script works out the correct MIME type so that the file behaves in exactly the same was as if they were getting it from IIS normally. ie jpg and gif files will show in the browser, zip files will prompt for a download, .doc files will embed themselves in the browser. And just like normal links users can right-click and select to save the file to their hard drive instead. Each directory is rendered as a basic HTML table. I'll leave it up to you how you decide to pretty up the interface. [bold]Browse.asp[/bold] <%@ Language=VBScript %><%
option explicit
dim sRoot, sDir, sParent, objFSO, objFolder, objFile, objSubFolder, sSize
%>
<META content="Microsoft Visual Studio 6.0" name=GENERATOR><!-- Author: Adrian Forbes --><%
' This is the root directory that the explorer will browse. Make sure there is no backslash ()
' at the end. Also make sure that show.asp has an identical sRoot variable.
sRoot = "c:webfiles"
' Get the directory relative to the root directory
sDir = Request("Dir")
' Add a backslash
sDir = sDir & "\"
Response.Write "<h1>" & sDir & "</h1>" & vbCRLF
' Create a copy of FileSystemObject
Set objFSO = CreateObject("Scripting.FileSystemObject")
on error resume next
' Get a handle on the folder
Set objFolder = objFSO.GetFolder(sRoot & sDir)
if err.number <> 0 then
Response.Write "Could not open folder"
Response.End
end if
on error goto 0
' We want a link to the parent folder also
' Get the full path of the parent folder
sParent = objFSO.GetParentFolderName(objFolder.Path)
' Remove the contents of sRoot from the front. This gives us the parent
' path relative to the root folder
' eg. if parent folder is "c:webfilessubfolder1subfolder2" then we just want "subfolder1subfolder2"
sParent = mid(sParent, len(sRoot) + 1)
Response.Write "<table border=""1"">"
' Give a link to the parent folder. This is just a link to this page only pssing in
' the new folder as a parameter
Response.Write "<tr><td colspan=3><a href=""browse.asp?dir=" & Server.URLEncode(sParent) & """>Parent folder</a></td></tr>" & vbCRLF
' Now we want to loop through the subfolders in this folder
For Each objSubFolder In objFolder.SubFolders
' And provide a link to them
Response.Write "<tr><td colspan=3><a href=""browse.asp?dir=" & Server.URLEncode(sDir & objSubFolder.Name) & """>" & objSubFolder.Name & "</a></td></tr>" & vbCRLF
Next
' Now we want to loop through the files in this folder
For Each objFile In objFolder.Files
if Clng(objFile.Size) < 1024 then
sSize = objFile.Size & " bytes"
else
sSize = Clng(objFile.Size / 1024) & " KB"
end if
' And provide a link to view them. This is a link to show.asp passing in the directory and the file
' as parameters
Response.Write "<tr><td><a href=""show.asp?file=" & server.URLEncode(objFile.Name) & "&dir=" & server.URLEncode (sDir) & """>" & objFile.Name & "</a></td><td>" & sSize & "</td><td>" & objFile.Type & "</td></tr>" & vbCRLF
Next
Response.Write "</table>"
%>
[bold]show.asp[/bold] <%@ Language=VBScript %><%
option explicit
dim sFile, sRoot, sDir, sExt, objShell, objFSO, sMIME, objStream
' Author: Adrian Forbes -->
' Make sure this is the same sRoot variable that is defined in browse.asp
sRoot = "c:webfiles"
' Get the directory relative to the root folder
sDir = Request("dir")
' Get the file we're going to show
sFile = Request("file")
' We need to know the MIME type for the file we are about to view. In
' order to get this we need to know the file's extension.
' We could use string functions to get the file extension but we've going
' to be lazy and use FileSystemObject
set objFSO = server.CreateObject("Scripting.FileSystemObject")
sExt = objFSO.GetExtensionName (sFile)
set objFSO = nothing
' Now we have the extension, the file's MIME type is held in the registry at
' HKEY_CLASSES_ROOT.<ext>Content Type
' Create an instance of Wscript.Shell to let us read the registry
Set objShell = Server.CreateObject("Wscript.Shell")
On Error Resume Next
' Get the MIME type
sMIME = objShell.RegRead("HKEY_CLASSES_ROOT." & sExt & "Content Type")
On Error GoTo 0
if len(sMIME) = 0 then
' If there is no registered type then return octetstream. This will prompt
' the user with the "Open or Save to disk" dialogue.
sMIME = "application/octetstream"
end if
set objShell = nothing
' Tell the browse the content type
Response.ContentType = sMIME
' And the name of the file
Response.AddHeader "Content-Disposition", "filename=" & sFile & ";"
' Now we need to pipe the file to the browser, to do this we
' will use the ADODB.Stream
Set objStream = Server.CreateObject("ADODB.Stream")
objStream.Open
' Set the type as Binary
objStream.Type = 1
' Load our file
objStream.LoadFromFile sRoot & sDir & sFile
' And send it to the browser
Response.BinaryWrite objStream.Read
objStream.Close
Set objStream = Nothing
%>
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More ASP Code Articles
More By Adrian Forbes  developerWorks - FREE Tools!
|
The IBM DB2 Deep Compression ROI tool is designed for DBA’s and IT management personnel to perform a clinical analysis of the cost savings gained from the Storage Optimization feature of DB2 9 for Linux, UNIX and Windows. The feature, also known as Deep Compression, compresses data that lies within a database by up to 80% at times.
FREE! Go There Now!
| | | |
Learn field-tested SOA principles, methodology, technology and implementation from the global SOA market leader - in a new e-book by an IBM SOA expert. Written by IBM Certified SOA Solution Designer Bobby Woolf, "Exploring IBM SOA Technology & Practice" is the ultimate insider's guide to SOA - a PDF e-book packed cover to cover with IBM's specific advice on how to make your SOA implementation a success.
FREE! Go There Now!
| | | |
You probably have thousands of lines of COBOL code loaded with business intelligence and being used to run your business, along with an army of developers maintaining these applications. Learn how to prepare your applications and developers so you can keep that competitive edge and move to a service-oriented architecture with the IBM Rational Enterprise Modernization solutions. Replay is available for 9 months.
FREE! Go There Now!
| | | |
Learn how you can extend modern application lifecycle management to IBM System z through the IBM Rational Software Delivery Platform (SDP). The Did you say mainframe? e-kit includes podcasts, webcasts, tutorials, white and red papers, demos, and articles designed to help ease the challenges of modernizing your enterprise. This complimentary kit for mainframe developers is a practical, how-to guide for making the most of an existing development environment, including the skills and infrastructure already in place at an established enterprise.
FREE! Go There Now!
| | | |
Download a free trial version of IBM DB2 9.5 for Linux, UNIX, and Windows. DB2 9 is the result of a five-year development project that transformed traditional (static) database technology into an interactive data server that merges the high performance and ease of use of DB2 with the self-describing benefits of XML.
FREE! Go There Now!
| | | |
Secure your Web applications with IBM Rational AppScan Standard Edition V7.7, previously known as Watchfire AppScan. This Web application security testing tool automates vulnerability assessments and scans and tests for common Web application vulnerabilities. Visit IBM developerWorks to download a free trial of IBM Rational AppScan Standard Edition V7.7.
FREE! Go There Now!
| | | |
Learn from the best! Find out how developers use Rational ClearCase to be more flexible, innovative and deliver higher quality code in the Rational ClearCase Power Users eKit. This complimentary eKit provides a collection of materials, like articles, whitepapers, and demos that can help you become a power user of Rational ClearCase.
FREE! Go There Now!
| | | |
Portfolio Management is about effectively managing portfolio value by aligning portfolio investments with business goals. This complimentary e-kit provides a collection of materials that can help you understand how IBM Rational enables and automates best practices for improved governance and clear visibility into portfolio and project performance across the entire IT project lifecycle.
FREE! Go There Now!
| | | |
Get a free trial download of the latest version of IBM Rational Tester for SOA Quality V7.0.1, a functional and regression testing tool that enables the creation, comprehension, modification and execution of testing GUI-less Web services.
FREE! Go There Now!
| | | |
Explore how Rational and WebSphere software enable enterprise documentation in SOA environments. Specifically, a new integration between IBM WebSphere® Business Modeler and IBM Rational® Method Composer software can help technical writers more easily keep enterprise operations manuals in sync with changes that are made to business processes, resulting in more accurate and timely documentation that benefits the entire enterprise.
FREE! Go There Now!
| | | |
All FREE IBM® developerWorks Tools!
| |
/ 118 
