This script does one of two things. First it lets the user browse the file structure of any directory on the web server (permissions permitting of course) and lets them request any file by clicking on it. Only the directory you specified as root and its sub directories can be explored. The script won't let a user go above the directory you have specified as the root directory.The main advantage of this is that you can keep your files outside of your inetpub directory away from the control of the webserver. This means that your users can only access the files via your scripts. The actual location of the files on the disk is hidden from the user, and if they wish to request a file they can only get it via your script. This allows you to build in any access features you might want to add such as ensuring people have logged in to your website before they get any files. Or maybe you want certain users to download only certain files, or you might only want to give access to requests with certain domains in the HTTP_REFERER variable. By taking control of the file structure away from IIS and into your ASP script you gain full control over your files and who gets them. When a user clicks on a file to download it the script works out the correct MIME type so that the file behaves in exactly the same was as if they were getting it from IIS normally. ie jpg and gif files will show in the browser, zip files will prompt for a download, .doc files will embed themselves in the browser. And just like normal links users can right-click and select to save the file to their hard drive instead. Each directory is rendered as a basic HTML table. I'll leave it up to you how you decide to pretty up the interface. [bold]Browse.asp[/bold] <%@ Language=VBScript %><% option explicit dim sRoot, sDir, sParent, objFSO, objFolder, objFile, objSubFolder, sSize %> <META content="Microsoft Visual Studio 6.0" name=GENERATOR><!-- Author: Adrian Forbes --><% ' This is the root directory that the explorer will browse. Make sure there is no backslash () ' at the end. Also make sure that show.asp has an identical sRoot variable. sRoot = "c:webfiles"
' Get the directory relative to the root directory sDir = Request("Dir")
' Add a backslash sDir = sDir & "\"
Response.Write "<h1>" & sDir & "</h1>" & vbCRLF
' Create a copy of FileSystemObject Set objFSO = CreateObject("Scripting.FileSystemObject") on error resume next ' Get a handle on the folder Set objFolder = objFSO.GetFolder(sRoot & sDir) if err.number <> 0 then Response.Write "Could not open folder" Response.End end if on error goto 0
' We want a link to the parent folder also ' Get the full path of the parent folder sParent = objFSO.GetParentFolderName(objFolder.Path)
' Remove the contents of sRoot from the front. This gives us the parent ' path relative to the root folder ' eg. if parent folder is "c:webfilessubfolder1subfolder2" then we just want "subfolder1subfolder2" sParent = mid(sParent, len(sRoot) + 1)
Response.Write "<table border=""1"">"
' Give a link to the parent folder. This is just a link to this page only pssing in ' the new folder as a parameter Response.Write "<tr><td colspan=3><a href=""browse.asp?dir=" & Server.URLEncode(sParent) & """>Parent folder</a></td></tr>" & vbCRLF
' Now we want to loop through the subfolders in this folder For Each objSubFolder In objFolder.SubFolders ' And provide a link to them Response.Write "<tr><td colspan=3><a href=""browse.asp?dir=" & Server.URLEncode(sDir & objSubFolder.Name) & """>" & objSubFolder.Name & "</a></td></tr>" & vbCRLF Next
' Now we want to loop through the files in this folder For Each objFile In objFolder.Files if Clng(objFile.Size) < 1024 then sSize = objFile.Size & " bytes" else sSize = Clng(objFile.Size / 1024) & " KB" end if ' And provide a link to view them. This is a link to show.asp passing in the directory and the file ' as parameters Response.Write "<tr><td><a href=""show.asp?file=" & server.URLEncode(objFile.Name) & "&dir=" & server.URLEncode (sDir) & """>" & objFile.Name & "</a></td><td>" & sSize & "</td><td>" & objFile.Type & "</td></tr>" & vbCRLF Next
Response.Write "</table>" %>
[bold]show.asp[/bold] <%@ Language=VBScript %><% option explicit dim sFile, sRoot, sDir, sExt, objShell, objFSO, sMIME, objStream
' Author: Adrian Forbes -->
' Make sure this is the same sRoot variable that is defined in browse.asp sRoot = "c:webfiles"
' Get the directory relative to the root folder sDir = Request("dir")
' Get the file we're going to show sFile = Request("file")
' We need to know the MIME type for the file we are about to view. In ' order to get this we need to know the file's extension. ' We could use string functions to get the file extension but we've going ' to be lazy and use FileSystemObject set objFSO = server.CreateObject("Scripting.FileSystemObject") sExt = objFSO.GetExtensionName (sFile) set objFSO = nothing
' Now we have the extension, the file's MIME type is held in the registry at ' HKEY_CLASSES_ROOT.<ext>Content Type ' Create an instance of Wscript.Shell to let us read the registry Set objShell = Server.CreateObject("Wscript.Shell") On Error Resume Next ' Get the MIME type sMIME = objShell.RegRead("HKEY_CLASSES_ROOT." & sExt & "Content Type") On Error GoTo 0 if len(sMIME) = 0 then ' If there is no registered type then return octetstream. This will prompt ' the user with the "Open or Save to disk" dialogue. sMIME = "application/octetstream" end if set objShell = nothing
' Tell the browse the content type Response.ContentType = sMIME
' And the name of the file Response.AddHeader "Content-Disposition", "filename=" & sFile & ";"
' Now we need to pipe the file to the browser, to do this we ' will use the ADODB.Stream Set objStream = Server.CreateObject("ADODB.Stream") objStream.Open ' Set the type as Binary objStream.Type = 1 ' Load our file objStream.LoadFromFile sRoot & sDir & sFile
' And send it to the browser Response.BinaryWrite objStream.Read
objStream.Close Set objStream = Nothing %>
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More ASP Code Articles More By Adrian Forbes developerWorks - FREE Tools! | Effective governance for lean development isn’t about command and control. Instead, the focus is on enabling the right behaviors and practices through collaborative and supportive techniques. Hear from Scott Ambler on how it is far more effective to motivate people to do the right thing than it is to force them to do so. Learn how to form a lightweight, collaboration-based framework that reflects the realities of modern IT organizations. FREE! Go There Now!
| | | | Download the Rational Application Developer (RAD) v7.5 open beta code and start developing applications for the JEE5 standard which features EJB3.0, JPA, JSF 1.2, JSP 2.1 and Servlet 2.5 standards. When you use this beta you will see how you can increase developer productivity for already existing applications with improved support for refactoring, as well as adding new features to existing applications. In addition, the beta provides tooling for JD Edwards, Oracle, SAP, Siebel and PeopleSoft to improve the developer productivity with these enterprise systems. FREE! Go There Now!
| | | | Download the IBM WebSphere Portal V6.1 beta code and learn more about the rich features and enhancements in IBM WebSphere Portal V6.1. WebSphere Portal provides a composite application or business mashup framework and the advanced tooling needed to build flexible, SOA-based solutions, and scalability to meet the needs of any size organization. FREE! Go There Now!
| | | | Join us for this web seminar to learn how you can defend your web applications from attack. Learn about the 3 most common web application attacks, including how they occur and what can be done to prevent them. We’ll also discuss manual versus automated approaches for scanning and identifying web application vulnerabilities and how IBM Rational AppScan, an automated vulnerability scanner, can help you automate more of what you are doing manually today. FREE! Go There Now!
| | | | Join this webcast to see how IBM Data Studio Developer and pureQuery can take the pain out of Java data access. uApplications developed using both Java and SQL have become a common requirement. Database connectivity using Java Database Connectivity (JDBC) to create an application is a multi-step tedious process, and tooling that covers both SQL and Java has been unavailable, until now. IBM Data Studio introduces the pureQuery platform: a high-performance, Java data access platform focused on simplifying the tasks of developing, managing, and optimizing database applications and services. FREE! Go There Now!
| | | | Manage, govern, and share services across your organization by using WebSphere Service Registry and Repository. Follow the hands-on exercises to learn how to navigate the Web interface to publish, find, reuse, and update services. FREE! Go There Now!
| | | | Listen to this webcast to get an overview of Info 2.0 and a technical demo of how to quickly build an enterprise mashup. IBM's Info 2.0 technology leverages emerging Web 2.0 technologies such as mashups, feeds, AJAX, and JSON in order to simplify assembly of information using feeds and services. Come learn about the technical elements of Info 2.0 including the Feed Generation framework, Mashup Engine, and mashup assembly components. Learn how to pull information from databases, departmental information, and the Web to create mashups critical to your company’s success. We will also discuss best practices to help you get started. FREE! Go There Now!
| | | | Regression testing -- in which code is thoroughly tested to ensure that changes have not produced unexpected results -- is an important part of any development process. But many testing environments neglect the terminal-based applications that still form the backbone of many industries. In this tutorial, you'll learn how the Rational Functional Tester Extension for Terminal-Based Applications works with other Rational Functional Tester to help test terminal-based applications quickly and easily. FREE! Go There Now!
| | | | Visit IBM developerWorks to try the IBM SOA Sandbox for process. The SOA Sandbox for process focuses on providing a trial environment with the necessary tooling and components required to gain a better understanding of business processes and how to best improve existing business processes to derive value quickly. FREE! Go There Now!
| | | | The discipline of assembling and delivering software is maturing beyond standard developer-centric compile/test software builds. The end-to-end software development lifecycle is emerging as the new focus moves “Beyond the Build.” Join this on demand webcast to learn about methods for streamlining software delivery and key capabilities of the IBM Rational Build Forge framework for automating build and release management in environments of any size. FREE! Go There Now!
| | | | All FREE IBM® developerWorks Tools! | |