| Author |
 Topic  |
|
dayve
Forum Moderator
USA
5820 Posts |
 Posted - 10 July 2002 : 01:42:47
|
redbrad0 - I cranked up the timeout and it pretty much fixed it but there are still those times that it bombs out.
I have tweaked Michael's script to take advantage of members directories and if it doesn't exist then it creates one just like HuwR's mod. I also put in some error checking that fixed a bug when a member clicked upload with NO file selected. For now I did things a little differently where I created a link on top of the page titled file upload that allows a member to upload a file without needing to post a topic. this will allow for testing this script for a period of time before replacing HuwR's version  j/k
Anyway, there was a lot of tweaking I had to do to get it to work nicely but the end product came out exactly the way I wanted. feel free to check it out using the following credentials:
user: snitz
pwd: snitz
like I said you will see a link on the top of the page. since this version does not post a link in a topic, I decided to at least show the member what forum code they will need if they want to use the image.
here's the source...for now...
http://dayve.d2g.com:8010/forum/display_source.asp?page=pop_upload_new.asp
http://dayve.d2g.com:8010/forum/display_source.asp?page=outputfile.asp
I will be creating an admin panel so I don't have to hardcode the extensions and allowable file size. I know I should not be reinventing the wheel but this is the only way I learn this stuff (by hacking other programmers code :))
something else I am working on that I want to further develop is a listing of members uploaded files. I will be adding features to delete images no longer wanted and allowing for inserting images directly into posts just like the smilies popup.
http://dayve.d2g.com:8010/forum/uploaded/pop_uploaded_listing.asp?name=dayve
one problem is that I have over a thousand files in my directory right now so I need to consider paging the listing which I have only done with databases and not strictly fso.
http://www.nineinchnailz.com
Edited by - dayve on 10 July 2002 02:00:26 |
 |
|
|
Nil
Starting Member
19 Posts |
Posted - 10 July 2002 : 03:39:03
|
Hi Michael nice work I added this to my support center forum, but when i choosed a .doc file and i clicked upload the page crached giving this error:
Error Type:
Microsoft VBScript runtime (0x800A004C)
Path not found
/discussion/outputFile.asp, line 42
please can you tell me what is the error type and how can i solve it, either give me details on this reply or e-mail me details on nsarieddine@zfp.com.
------------------------------------------------
man i solved the problem.........
nice work and thanks for your help man.
Edited by - Nil on 10 July 2002 04:19:43 |
|
|
|
Michael Schmidt
Starting Member
23 Posts |
Posted - 10 July 2002 : 09:51:14
|
Nil,
That error looks like the script is trying to write to your Data/ directory but you forgot to create it. Make sure the subdirectory exists and that it has write permissions set. (btw - if you want to use a different subdirectory you can edit the variable "SUBFOLDER" at the top of the outputFile.asp.
If other file types work fine for you then I'm not exactly sure of the problem. I haven't had any trouble with uploading word or other ms documents. Possibly that particular filename used some funky non-english characters?
The script tries to maintain the original name of the file uploaded for descriptive reasons, but this could easily be changed if this is a problem. (see line 15 of the outputFile.asp)
also if you are allowing large uploads, make sure to include the following in your outputFile.asp:
<% Server.ScriptTimeout = 3600 ' 1 hour timeout %>
Edit: as Huw points out, make sure to set the script timeout back. the default value is 90 seconds. so at the end of outputFile.asp add
<% Server.ScriptTimeout = 90 ' default timeout %>
thanks for trying the mod out.
Mike
Edited by - Michael Schmidt on 10 July 2002 14:37:46 |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 10 July 2002 : 10:34:01
|
quote:
<% Server.ScriptTimeout = 3600 ' 1 hour timeout %>
But remember to set it back again afterwards, otherwise you will seriously affect the servers performance
|
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 10 July 2002 : 22:13:57
|
well, someone successfully uploaded a suspicious file using the snitz account I made available using this script with the extension .aspx but my firewall did not let anything happen. here is the contents of the script:
<% @Page Language="C#" %>
<% @Import Namespace="System.Net.Sockets" %>
<% @Import Namespace="System.Text" %>
<% @Import Namespace="System.IO" %>
<%
TcpClient tcpc = new TcpClient();
try
{
tcpc.Connect("whois.networksolutions.com", 43);
}
catch(SocketException ex)
{
Response.Write(ex.ToString());
Response.End();
}
String strDomain = "gotdotnet.com\r\n";
Byte[] arrDomain = Encoding.ASCII.GetBytes(strDomain.ToCharArray());
Stream s = tcpc.GetStream();
s.Write(arrDomain, 0, strDomain.Length);
StreamReader sr = new StreamReader(tcpc.GetStream(), Encoding.ASCII);
string strLine = null;
while (null != (strLine = sr.ReadLine()))
{
Response.Write(strLine + "<br>");
}
tcpc.Close();
%>
I am going to change this script from having to put files to exclude to files to allow just like HuwR's as well as log ip's and other info for all uploaded files
http://www.nineinchnailz.com
Edited by - dayve on 10 July 2002 22:15:10 |
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 10 July 2002 : 22:29:30
|
for now I changed this:
extension = LCase(Mid(filename,InStrRev(filename,".")))
If _
extension <> ".asp" And _
extension <> ".cgi" And _
extension <> ".pl" And _
extension <> ".php" And _
extension <> ".vbs" And _
extension <> ".vbx" And _
extension <> ".scr" And _
extension <> ".js" And _
extension <> ".com" And _
extension <> ".bat" And _
byteCount <= 50000000 _
Then
to this:
select case extension
case ".jpg", ".jpeg", ".gif", ".png", ".zip", ".mp3"
allowFile=true
case else
allowFile=false
end select
If allowFile and byteCount <= 50000000 Then
until I get an admin panel created.
http://www.nineinchnailz.com |
|
|
|
Michael Schmidt
Starting Member
23 Posts |
Posted - 11 July 2002 : 23:31:49
|
woops forgot about .aspx thanks Dayve!
I have updated the outputFile.asp in the download to accomodate this.
know of any other commonly executable file types? please let me know.
Mike
|
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 12 July 2002 : 00:48:21
|
quote:
woops forgot about .aspx thanks Dayve!
I have updated the outputFile.asp in the download to accomodate this.
know of any other commonly executable file types? please let me know.
Mike
why not just change the script like I did to have allowable files? this is the same concept when setting up a firewall, close everything and punch holes. I excluded all files except the ones I want.
http://www.nineinchnailz.com |
|
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 12 July 2002 : 17:06:59
|
quote:
woops forgot about .aspx thanks Dayve!
I have updated the outputFile.asp in the download to accomodate this.
know of any other commonly executable file types? please let me know.
Mike
In the code, is there a way to add a wild card to an extension? For example, if I want to accept a three letter .jpg extension and nothing longer, how do I tell it to accept just only .jpg?
If someone has addressed this already, please tell me.
Etymon
Edited by - Etymon on 12 July 2002 17:11:07 |
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 12 July 2002 : 19:30:35
|
one way could be...
if right(extension,4) <> "." then
response.write "sorry, only 3 letter extensions allowed"
else
' continue with script...
http://www.nineinchnailz.com
Edited by - dayve on 12 July 2002 19:31:15 |
|
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 12 July 2002 : 23:49:39
|
quote:
one way could be...
if right(extension,4) <> "." then
response.write "sorry, only 3 letter extensions allowed"
else
' continue with script...
Thanks, dayve!
Does the
if right(extension,4)
also end it for 5,6,7, etc?
Just making sure. 
Thanks for your help!
Etymon
|
|
|
|
Michael Schmidt
Starting Member
23 Posts |
Posted - 13 July 2002 : 00:12:29
|
Right(extension,4) will always return 4 characters (or maybe an error) and then never = ".", i think. I think the easiest way to do what you want is with using Len().
If Len(extension) > 4 Then
Response.Write("sorry, extension too long")
Else
...
End If
|
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 13 July 2002 : 00:41:36
|
quote:
Right(extension,4) will always return 4 characters (or maybe an error) and then never = ".", i think. I think the easiest way to do what you want is with using Len().
If Len(extension) > 4 Then
Response.Write("sorry, extension too long")
Else
...
End If
considering filenames have a minimum of 2 characters for an extension
and a period that is 3. since you cannot name a file with a leading
period you are forced to a minimum of 4 characters (workable filenames
that is, ie. a.gif) so the check I have shown will work 99% of
the time (maybe even 100% ) but the think I think you are missing
is my earlier thread where I mentioned you should filter what files
are ALLOWED and not what files are DISALLOWED. I believe this is a
better routine:
select case extension
case ".jpg", ".jpeg", ".gif", ".png", ".zip", ".mp3"
allowFile=true
case else
allowFile=false
end select
If allowFile and byteCount <= 50000000 Then
someone correct me if I am wrong though... thanks.
http://www.nineinchnailz.com
Edited by - dayve on 13 July 2002 00:44:46
Edited by - dayve on 13 July 2002 00:45:59 |
|
|
|
Classicmotorcycling
Development Team Leader
Australia
2084 Posts |
Posted - 13 July 2002 : 01:16:13
|
Dayve,
Sure is a better way of doing it. That way as default, all gets banned and only the ones you want to be allowed, are allowed to be uploaded.
Simple security measure by default is to ban all.
This is something I have learned over the past number of years by working in one of Australia's largest 4 banks in the support area of with the e-Commerce servers.
I have used the stuff that Dayve has done with this mod, as it had that simple process of ban everything, except what you are allowing to be uploaded.
Cheers,
David
www.davidgreening.com |
|
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 13 July 2002 : 10:44:20
|
Great! Thanks guys. That's what I needed to know!
Etymon
|
|
|
|
Topic |
|
Topic Locked
