ASP upload files across servers perfect solution

Server | solution | upload

If you have two spaces, one big and slow, another small and fast, or one of them does not support FSO, then upload files across the server in front of you, the following is my ylog.net inside the cross server upload file diary, this problem seems simple, The details are very interesting.

Prerequisite, space must support ASP, upload file server support FSO, the following narrative, diygame.com for the storage of uploaded files server, ylog.net for Web server, that is, display the user interface of the server ...

Implementation of the function, file upload, upload in the text area of the page automatically added to the image of the UBB code, in order to clear, the following list all the files used

Server File name Purpose
diygame.com blog_upfile.asp receive uploaded files with
Ylog.net blog_add.asp Add blog, upload file function in this show
Ylog.net blog_upload.asp upload file form, embedded in the form of an IFRAME in the blog_add.asp
Ylog.net blog_upresult.asp Display upload results, for the aftermath of the work
Ylog.net blog_upcheck.asp Authentication user name and password

blog_add.asp add an iframe to the Post blog page, call blog_upload.asp for upload operation
<iframe border= "0" frameborder= "0" framespacing= "0" height= "" marginheight= "0" marginwidth= "0" noresize scrolling = "No" width= "100%" vspale= "0" src= "blog_upload.asp" ></iframe>

If you've ever played with an ASP, it's natural to think that the file is going to be uploaded to another server, as long as you point to the target server for the Upload form's action page in blog_upload.asp,
<form name= "form" Method= "POST" action= "Http://www.diygame.com/blog_UPFILE. ASP "
//omitted in the middle
//When submitting the blog button disable first, so as not to pass the user blog published
<input type=" Submit "Class=button Name=" Submit " value= "Upload" >
Test, File upload success, then automatically add UBB code ...
in Http://www.diygame.com/blog_UPFILE. ASP Add a JS script
<script>parent.frmannounce.content.value+= ' </script> pass up to test again, error prompts blog_upfile. ASP permissions is not enough, since the diygame.com file permissions, Ylog.net can always, when the blog_upfile.asp operation is completed, and then call a server ASP file, so blog_upresult.asp appeared, he was responsible for the aftermath
Modify blog_upfile.asp, I use C + + habit, comment with//character

Servername= "www.ylog.net"//Flag server name
Check the source, whether it is the server you specified,
If not InStr (1,request.servervariables ("Http_referer"), servername,1) =8 Then
Response.Write "Illegal source ~!"
Response.End
End If
Check file size, type, etc, these code omitted, the Internet a lot about the FSO component introduction
...
Upload code, omit
....
The URL of a successful turn, is the address of the upload operation, the message as MSG passed
Url= "http://" &servername& "/blog_upresult.asp?msg="
If upload successful then//script pass, because the + number in JS can not be passed. Therefore, using the Server.URLEncode function, this script has permission to run on Ylog.net
url=url+ "<script>parent.frmannounce.content.value" &server.urlencode ("+") & "= ' </script>"
Send the filename to the database for future reference
Response.Redirect url+ "Upload success &filename=" &filename
End If

The following is the code on the blog_upresult.asp, very simple

The success of the transfer, nature to the already Diable submitted blog button to restore
<script>
Parent.frmannounce.submit.disabled=false;
</script>
And the information that's coming out.
Response.Write Request ("MSG")
If request ("filename") <> "" writes to the database code omitted
Response.Write "[<a href=# Onclick=history.go ( -1) > re-upload </a>]"

Looks perfect, but if others get your source words, easy to your upload server as a network hard disk ....
Just put a 127.0.0.1 in the Hosts file www.ylog.net
And then write a corresponding blog_upload.asp for the file,
Headache ing, code is not allowed to have a bit of security vulnerabilities, authenticated domain names can be deceived,
Then verify the user name and password of the upload, diygame.com how to go to the Ylog.net database to query the user name and password is correct?
This is XMLHTTP.
First on the ylog.net to do a blog_upcheck.asp, the content is very simple, the user name and password authentication, the success of the output 1, the failure of the output 0
<%
Name=request ("name")
Psw=request ("PSW")
CHECKSTR (name)//filter out SQL characters
Checkstr (PSW))//filter out SQL characters
If the user name is checked from the database = successful Then
Response.Write 0
Else
Response.Write 1
End If

The

%>
Blog_upfile.asp calls this file validation before accepting the upload. The following is code, although it is also used for domain name www.ylog.net but this operation is performed on a diygame.com server, so it is not related to the user local Hosts file
<%
Str=gethttppage ("http://" &servername& "/blog_upcheck.asp?name=" &name& "&psw=" &password)
If str<> "1" then
Response.Write "Illegal user ~!"
Response.End
End If
//two action functions. Very useful and can be used elsewhere
Function gethttppage (URL)
Set httpreq = Server.CreateObject ("Microsoft.XMLHTTP")
Httpreq.open "Get", URL, False
httpreq.send
If httpreq.readystate <> 4 Then Exit Function
Gethttppage = Bytes2bstr (httpreq.responsebody)
Set httpreq = Nothing
End Function

Function Bytes2bstr (vIn)
Dim Strreturn
Dim I, Thischarcode, Nextcharcode
Strreturn = ""
For I = 1 to LenB (vIn)
Thischarcode = AscB (MidB (VIn, I, 1))
If Thischarcode < &h80 Then
Strreturn = Strreturn & Chr (Thischarcode)
Else
Nextcharcode = AscB (MidB (vIn, I + 1, 1))
Strreturn = Strreturn & Chr (CLng (thischarcode) * &h100 + CInt (nextcharcode))
i = i + 1
End If
Next
Bytes2bstr = Strreturn
End Function
%>
To do this place, finally can be relieved, write a very messy, hope to understand reluctantly ...

If you have a better way or what you do not understand the place, welcome to my blog exchange, the site has appeared on the top many times