引用:
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using BCW.Files;
string DirPath = string.Empty;
string prevDirPath = string.Empty;string Path = "/Files/bbs/" + meid + "/act/";
string prevPath = "/Files/bbs/" + meid + "/prev/";
if (FileTool.CreateDirectory(Path, out DirPath))
{
string sPath = BCW.Files.FileTool.DownloadFile(Path, 0, FileName);
if (sPath != FileName)
{
//缩略图生成
string fileExtension = BCW.Files.FileTool.GetFileExt(sPath).ToLower();
string SavePath = System.Web.HttpContext.Current.Request.MapPath(sPath);
//=============================图片木马检测,包括TXT===========================
string vSavePath = SavePath;
bool IsPass = true;
System.IO.StreamReader sr = new System.IO.StreamReader(vSavePath, System.Text.Encoding.Default);
string strContent = sr.ReadToEnd().ToLower();
sr.Close();
string str = "system.|request|javascript|script |script>|.getfolder|.createfolder|.deletefolder|.createdirectory|.deletedirectory|.saveas|wscript.shell|script.encode|server.|.createobject|execute|activexobject|language=";
foreach (string s in str.Split('|'))
{
if (strContent.IndexOf(s) != -1)
{
System.IO.File.Delete(vSavePath);
IsPass = false;
break;
}
}
if (IsPass == false)
Utils.Error("非法图片..", "");
//=============================图片木马检测,包括TXT===========================
string prevSavePath = string.Empty;
int ThumbType = Convert.ToInt32(ub.GetSub("UpaThumbType", xmlPath));
int width = Convert.ToInt32(ub.GetSub("UpaWidth", xmlPath));
int height = Convert.ToInt32(ub.GetSub("UpaHeight", xmlPath));
if (ThumbType > 0)
{
try
{
bool pbool = false;
if (ThumbType == 1)
pbool = true;
if (FileTool.CreateDirectory(prevPath, out prevDirPath))
{
prevSavePath = SavePath.Replace("act", "prev");
int IsThumb = 0;
if (fileExtension == ".gif")
{
if (ThumbType > 0)
new BCW.Graph.GifHelper().GetThumbnail(SavePath, prevSavePath, width, height, pbool);
IsThumb = Convert.ToInt32(ub.GetSub("UpaIsThumb", xmlPath));
if (IsThumb > 0)
{
if (IsThumb == 1)
new BCW.Graph.GifHelper().SmartWaterMark(prevSavePath, "", ub.GetSub("UpaWord", xmlPath), ub.GetSub("UpaWordColor", xmlPath), "Arial", 12, Convert.ToInt32(ub.GetSub("UpaPosition", xmlPath)));//文字水印
else
new BCW.Graph.GifHelper().WaterMark(prevSavePath, "", ub.GetSub("UpaWord", xmlPath), Convert.ToInt32(ub.GetSub("UpaPosition", xmlPath)), Convert.ToInt32(ub.GetSub("UpaPosition", xmlPath)));//图片水印
}
}
else
{
if (ThumbType > 0)
new BCW.Graph.ImageHelper().ResizeImage(SavePath, prevSavePath, width, height, pbool);
IsThumb = Convert.ToInt32(ub.GetSub("UpaIsThumb", xmlPath));
if (IsThumb > 0)
{
if (IsThumb == 1)
new BCW.Graph.ImageHelper().WaterMark(prevSavePath, "", ub.GetSub("UpaWord", xmlPath), ub.GetSub("UpaWordColor", xmlPath), "Arial", 12, Convert.ToInt32(ub.GetSub("UpaPosition", xmlPath)));//文字水印
else
new BCW.Graph.ImageHelper().WaterMark(prevSavePath, "", ub.GetSub("UpaWord", xmlPath), Convert.ToInt32(ub.GetSub("UpaPosition", xmlPath)), Convert.ToInt32(ub.GetSub("UpaTran", xmlPath)));//图片水印
}
}
}
}
catch { }
}
string Content = Utils.GetRequest("Content", "post", 1, "", "");
if (!string.IsNullOrEmpty(Content))
Content = Utils.Left(Content, 30);
else
Content = "";
BCW.Model.Upfile model = new BCW.Model.Upfile();
model.Types = 1; // FileTool.GetExtType(fileExtension);
model.NodeId = NodeId;
model.UsID = meid;
model.ForumID = 0;
model.BID = 0;
model.ReID = 0;
model.Files = sPath;
if (string.IsNullOrEmpty(prevDirPath))
model.PrevFiles = "";
else
model.PrevFiles = sPath.Replace("act", "prev");
model.Content = Content;
model.FileSize = BCW.Files.FileTool.GetFileLength(sPath);
model.FileExt = fileExtension;
model.DownNum = 0;
model.Cent = 0;
//审核要求指示
int Verify = Utils.ParseInt(ub.GetSub("UpIsVerify", xmlPath));
if (Verify > 0)
model.IsVerify = 1;
model.AddTime = DateTime.Now;
new BCW.BLL.Upfile().Add(model);
//动态记录
new BCW.BLL.Action().Add(meid, "在相册上传了[URL=/bbs/albums.aspx?uid=" + meid + "]新的文件[/URL]");
Utils.Success("地址上传文件", "上传1个文件成功!<br /><a href=\"" + ReplaceWap(Utils.getUrl("addfile.aspx?act=collec&leibie=" + leibie + "")) + "\">>继续上传</a>", ReplaceWap(Utils.getUrl("albums.aspx?uid=" + meid + "&leibie=" + leibie + "")), "2");
}
else
{
Utils.Error("上传失败,请检查文件是否存在", "");
}
对于文件上传:
/// <summary>
/// 上传文件
/// </summary>
private void SaveFiles(int meid, int leibie, int NodeId, out int kk)
{
//允许上传数量
int maxAddNum = Convert.ToInt32(ub.GetSub("UpAddNum", xmlPath));
int AddNum = 0;
if (maxAddNum > 0)
{
//计算今天上传数量
AddNum = new BCW.BLL.Upfile().GetTodayCount(meid);
}
//遍历File表单元素
System.Web.HttpFileCollection files = System.Web.HttpContext.Current.Request.Files;
// int j = 1;
int j = files.Count;
int k = 0;
try
{
string GetFiles = string.Empty;
//for (int iFile = 0; iFile < files.Count; iFile++)
for (int iFile = files.Count - 1; iFile > -1; iFile--)
{
//检查文件扩展名字
System.Web.HttpPostedFile postedFile = files[iFile];
string fileName, fileExtension;
fileName = System.IO.Path.GetFileName(postedFile.FileName);
string UpExt = ub.GetSub("UpaFileExt", xmlPath);
int UpLength = Convert.ToInt32(ub.GetSub("UpaMaxFileSize", xmlPath));
if (fileName != "")
{
fileExtension = System.IO.Path.GetExtension(fileName).ToLower();
//检查是否允许上传格式
if (UpExt.IndexOf(fileExtension) == -1)
{
continue;
}
//非法上传
if (fileExtension == ".asp" || fileExtension == ".aspx" || fileExtension == ".jsp" || fileExtension == ".php" || fileExtension == ".asa" || fileExtension == ".cer" || fileExtension == ".cdx" || fileExtension == ".htr" || fileExtension == ".exe")
{
continue;
}
if (postedFile.ContentLength > Convert.ToInt32(UpLength * 1024))
{
continue;
}
string DirPath = string.Empty;
string prevDirPath = string.Empty;
string Path = "/Files/bbs/" + meid + "/act/";
string prevPath = "/Files/bbs/" + meid + "/prev/";
int IsVerify = 0;
if (FileTool.CreateDirectory(Path, out DirPath))
{
//上传数量限制
if (maxAddNum > 0)
{
if (maxAddNum <= (AddNum + k))
{
k = -k;
if (k == 0)
k = -999;
break;
}
}
//生成随机文件名
fileName = DT.getDateTimeNum() + iFile + fileExtension;
string SavePath = System.Web.HttpContext.Current.Request.MapPath(DirPath) + fileName;
postedFile.SaveAs(SavePath);
//=============================图片木马检测,包括TXT===========================
string vSavePath = SavePath;
if (fileExtension == ".txt" || fileExtension == ".gif" || fileExtension == ".jpg" || fileExtension == ".jpeg" || fileExtension == ".png" || fileExtension == ".bmp")
{
bool IsPass = true;
System.IO.StreamReader sr = new System.IO.StreamReader(vSavePath, System.Text.Encoding.Default);
string strContent = sr.ReadToEnd().ToLower();
sr.Close();
string str = "system.|request|javascript|script |script>|.getfolder|.createfolder|.deletefolder|.createdirectory|.deletedirectory|.saveas|wscript.shell|script.encode|server.|.createobject|execute|activexobject|language=";
foreach (string s in str.Split('|'))
{
if (strContent.IndexOf(s) != -1)
{
System.IO.File.Delete(vSavePath);
IsPass = false;
break;
}
}
if (IsPass == false)
continue;
}
//=============================图片木马检测,包括TXT========&#