Anti-Theft chain
If we know the actual path of a static file such as: Http://www.xx.com/download/51windows.pdf, if the server does not have a special limit set, we can download it effortlessly! When the site provides 51windows.pdf download, how to let the download can not get his actual path it! This article describes how to use ASP to hide the actual download path of a file.
When we manage Web site files, we can put the same file name extension under the same directory, a more special names, such as the PDF file directory for the_pdf_file_s, save the following code as down.asp, his online path is http:// Www.xx.com/down.asp, can we use http://www.xx.com/down.asp? Filename=51windows.pdf to download this file, and the download can not see the actual download path of this file! In down.asp we can also set whether the download file need to log in, to determine whether the source page of the download is an external site, so you can prevent files from being hotlinking.
<%
From_url = Cstr (Request.ServerVariables ("Http_referer"))
Serv_url = Cstr (Request.ServerVariables ("SERVER_NAME"))
If Mid (From_url,8,len (serv_url)) <> Serv_url Then
Response.Write "Illegal link! "' Prevent hotlinking
Response.End
End If
If Request.Cookies ("logined") = "" Then
Response.Redirect "/login.asp" needs landing!
End If
Function GetFileName (longname) '/folder1/folder2/file.asp=>file.asp
While InStr (LongName, "/")
LongName = Right (Longname,len (longname)-1)
Wend
GetFileName = longname
End Function
Dim Stream
Dim Contents
Dim FileName
Dim Truefilename
Dim Fileext
Const adTypeBinary = 1
filename = request.querystring ("filename")
If FileName = "" Then
Response.Write "Invalid filename! "
Response.End
End If
Fileext = Mid (filename, InStrRev (filename, ".") + 1)
Select case UCase (Fileext)
Case "ASP", "ASA", "ASPX", "ASAX", "MDB"
Response.Write "Illegal Operation! "
Response.End
End Select
Response.Clear
If LCase (filename,3) = "gif" or LCase (right (filename,3) = "jpg" or
LCase (Right (filename,3) = "png" Then
Response.ContentType = "image/*"
' Do not appear on the image File Download dialog box
Else
Response.ContentType = "Application/ms-download"
End If
Response.AddHeader "Content-disposition", "attachment"; Filename= "&
GetFileName (Request.QueryString ("FileName"))
Set Stream = server. CreateObject ("ADODB.") Stream ")
Stream.type = adTypeBinary
Stream.open
If LCase (right (filename,3) = "PDF" then "set PDF type file directory
Truefilename = "/the_pdf_file_s/" &filename
End If
If LCase (right (filename,3) = "Doc" then "Set Doc type file directory
Truefilename = "/my_d_o_c_file/" &filename
End If
If LCase (filename,3) = "gif" or LCase (right (filename,3) = "jpg" or
LCase (Right (filename,3) = "png" Then
Truefilename = "/all_images_/" &filename set image file directory
End If
Stream.loadfromfile Server.MapPath (Truefilename)
While not Stream.eos
Response.BinaryWrite Stream.read (1024 * 64)
Wend
Stream.Close
Set Stream = Nothing
Response.Flush
Response.End
%>
Use ADODB.stream to download any suffix files directly (anti-theft chain)
In the browser's address bar directly enter a doc or xls or JPG file URL path, then the file will be directly displayed in the browser. And in a lot of times we want to be able to pop the download prompt box to let users download, what should we do? Here are two ways:
1, set up your server IIS, to the doc and other suffix name do mapping
2. Set its contenttype when sending to client
[1] [2] Next page