...

View Full Version : persist.upload



sasha85
09-15-2007, 08:12 AM
this is a simple persist upload code...and it is working...it uploads every file i send to this code...
but that is a problem too, cause:
1.i limit it to 1 mb with Upload.SetMaxSize 1048576 and when i'm tring to upload a larger file it uploads the first 1mb and than sending me that the file was uploaded...do i need to write "if" that checks every files size?
2.i do not want to host a party of files on my server:D how can i make sure that users want upload nothing more that images and doc,txt pdf rtf files?
*if u take a exe file and change the extantion to gif i think it will be uploaded with no problem...that is bad:(

well in this code even the extantion limit is not working...even
<% If File.ImageType = "GIF" or File.ImageType = "JPG" or File.ImageType = "PNG" Then %>
this code not working...


help, help please:)


<%

Set Upload = Server.CreateObject("Persits.Upload.1")

Upload.OverwriteFiles = False
Upload.SetMaxSize 1048576 ' Limit files to 1MB

Upload.Save

Path = Server.MapPath("\upload") & "\" & "subdir"

Upload.CreateDirectory Path, True
%>


<HTML>
<BODY BGCOLOR="#FFFFFF">
<CENTER>

<% If Err <> 0 Then %>

<FONT SIZE=3 FACE="Arial" COLOR=#0020A0>
<H3>The following error occured while uploading:</h3>
</FONT>

<FONT SIZE=3 FACE="Arial" COLOR=#FF2020>
<h2>"<% = Err.Description %>"</h2>
</FONT>

<FONT SIZE=2 FACE="Arial" COLOR="#0020A0">
Please <A HREF="demo1.asp">try again</A>.
</FONT>

<% Else %>
<FONT SIZE=3 FACE="Arial" COLOR=#0020A0>
<h2>file have been uploaded.</h2>
</FONT>

<FONT SIZE=3 FACE="Arial" COLOR=#0020A0>
<TABLE BORDER=1 CELLPADDING=3 CELLSPACING=0>
<TH BGCOLOR="#FFFF00">Uploaded File</TH><TH BGCOLOR="#FFFF00">Size</TH><TH BGCOLOR="#FFFF00">Original Size</TH><TR>
<%
For Each File in Upload.Files
File.SaveAs Path & "\" & File.FileName
%>
<% If File.ImageType = "GIF" or File.ImageType = "JPG" or File.ImageType = "PNG" Then %>
<TD ALIGN=CENTER>
<IMG SRC="/uploaddir/<% = File.FileName%>"><BR><B><% = File.OriginalPath%></B><BR>
(<% = File.ImageWidth %> x <% = File.ImageHeight %> pixels)
</TD>
<% Else %>
<TD><B><% = File.OriginalPath %></B></TD>
<% End If %>
<TD ALIGN=RIGHT VALIGN="TOP"><% =File.Size %> bytes</TD>
<TD ALIGN=RIGHT VALIGN="TOP"><% =File.OriginalSize %> bytes</TD><TR>
<%
Next
set Upload = Nothing
%>
</TABLE>
</FONT>

<% End If %>

</CENTER>
</BODY>
</HTML>

Daemonspyre
09-17-2007, 02:43 PM
Hi Sasha --

With your 2 questions above, you are on the right track to solving your own problems.


1. i limit it to 1 mb with Upload.SetMaxSize 1048576 and when i'm tring to upload a larger file it uploads the first 1mb and than sending me that the file was uploaded...do i need to write "if" that checks every files size?

Quick Answer -- Yes. Check the file size before you do the upload (i.e. before the Upload.Save method)


2.i do not want to host a party of files on my server how can i make sure that users want upload nothing more that images and doc,txt pdf rtf files?

You are on the right track, but don't use File.ImageType. Use


IF NOT RIGHT(File.FileName,3) = "JPG" OR NOT RIGHT(File.FileName,3) = "GIF" ... and so on and so forth

Couple other options are:

a) Set a variable = RIGHT(File.FileName,3) so that way you can call the variable. Less typing...

b) Use InStr...



dim testMe

testMe = right(File.FileName,3)

If not InStr(testMe,"JPGGIFRTFDOC") then
'throw error, not an accepted file type
else
'continue with your code
end if


Lastly -- ALWAYS do the checks *before* you upload the files to the server. Doesn't help to check the files after they have been uploaded.

HTH!

sasha85
09-18-2007, 05:38 PM
what do you suggest about the scenario with uploading harmfull file with mask of a gif jpg or rtf extension?

Daemonspyre
09-18-2007, 06:19 PM
There is no true way to combat those.

You can do a couple of things to help guard against it, but nothing can officially stop it.

1) Make sure you have AV running on your server. This should be a given, even for Linux servers. No, viruses (for the most part) cannot harm Linux, but they can be propagated to Windows computers.

2) Only allow uploads as a Guest or User account, so that way any executable files that are uploaded cannot run as ROOT or Administrator.

3) Do not put the uploads folder (or your data folder for that matter) on the same volume as your System Files.

4) Set up a Scheduled Task (or cron job) to go through once an hour to reset the folder permissions to not allow executable access. That will reset all of the file permissions as well.

HTH!

sasha85
09-18-2007, 06:44 PM
last Q

Upload.SetMaxSize 1048576 ' Limit files to 1MB
this is not working...it's only limits the upload files...
if i'm uploading jpg that weight 2 mb..this uploades only the first 1mb
as a result i got invalid file:)

is there a way to screem error when the file is over Upload.SetMaxSize 1048576

by d way...
Daemonspyre thank u!:)

Daemonspyre
09-18-2007, 07:22 PM
If File.FileSize > 1048576 then
Error = "This file is too large. Please choose a smaller file"
end if
'
if Error <> "" then
Upload.Save
end if

You are welcome

miranda
09-18-2007, 11:01 PM
Actually with the Persits upload you cannot check the file size that way. The only way is to use On Error Resume Next before the call the .Save or .SaveAs method. Then check if the error number = 8 (the file being too big). You can then stop the code from continuing if there are errors by adding On Error GoTo 0

The reason you cannot check it that way is until you actually use the .Save or .SaveAs method you cannot check the filesize.

Below is an example that we use, you will have to change the code a bit but this should give you an idea


Set Upload = Server.CreateObject("Persits.Upload")
On Error Resume Next
Upload.SetMaxSize 100000, True
FileSave = Upload.Save ' Save to memory. Path parameter is omitted
Set File = Upload.Files("Resume") ' Check whether a file was selected
If(FileSave = 1) Then
FileName = File.Filename
FileExt = Mid(UCase(File.Ext), 2)
End If
If Err.Number = 8 Then
Call LargeFile(File.Size)
Response.End
End If
On Error GoTo 0

sasha85
09-22-2007, 05:40 PM
this is a copy from the uploading part that i wrote after i read all the replaies
i think i got the main idea but got wrong on some little thing...

thank you :o


Set Upload = Server.CreateObject("Persits.Upload.1")

On Error Resume Next

Upload.OverwriteFiles = False

Upload.SetMaxSize 1000, True

Upload.Save



Path = Server.MapPath("\upload")

Upload.CreateDirectory Path, True

If Err.Number = 8 Then
response.write ("file too big")
Response.End
End If


If Err <> 0 Then

response.write "we got a big Prob"

Else



dim i, fil, fil1, fil2, fil3
i = 0
For Each File in Upload.Files



dim testMe

File.SaveAs Path & "\" & Day(plushours) & "-" & Month(plushours) & "-" & Year(plushours) & "_" & hour(plushours) & "-" & Minute(plushours) & "-" & second(plushours) & "_" & File.FileName


testMe = right(File.FileName,3)

If not InStr(testMe,"JPGGIFRTFDOC") then
response.redirect "message.asp?message="& Server.Urlencode("only jpg gif rtf doc can be uploaded.")
else

end if

end if

On Error GoTo 0

miranda
09-23-2007, 09:26 PM
proper indentation would tell you that you had a For with no Next.
because on Error resume next doesn't stop with errors add On Error GoTo 0 as soon as you can after the error trapping to stop the code from continuing if there are erorrs (or add a whole lot more error trapping).
If Err <> 0 Should say if Err.Number <> 0
Do you understand what the InStr function does? if not read up on it. because you are looking to see if the right argument is inside the left argument. So simply changing them around will make it work.

Here is the code with some changes

Set Upload = Server.CreateObject("Persits.Upload.1")

On Error Resume Next
Upload.OverwriteFiles = False
Upload.SetMaxSize 1000, True
Upload.Save

Path = Server.MapPath("\upload")

Upload.CreateDirectory Path, True

If Err.Number = 8 Then
response.write ("file too big")
Response.End
End If

If Err.Number <> 0 Then
response.write "we got a big Prob"
Else
On Error GoTo 0
dim i, fil, fil1, fil2, fil3
i = 0
For Each File in Upload.Files
dim testMe
File.SaveAs Path & "\" & Day(plushours) & "-" & Month(plushours) & "-" & Year(plushours) & "_" & hour(plushours) & "-" & Minute(plushours) & "-" & second(plushours) & "_" & File.FileName
testMe = UCase(right(File.FileName,3))
if not InStr("JPGGIFRTFDOC",testMe) then
response.redirect "message.asp?message="& Server.Urlencode("only jpg gif rtf doc can be uploaded.")
else
Next
End if

Daemonspyre
09-25-2007, 06:16 PM
Actually with the Persits upload you cannot check the file size that way

Miranda, you were right, but you CAN check it with File.Size, not File.FileSize.

I had to go back and check some old Persits code that is currently being used on a daily basis, and this does check the file size correctly.

sasha85
09-27-2007, 09:53 PM
i'm a week now tring to find a solution to this problem...how to check the file size before uploading...:(

sasha85
09-28-2007, 02:06 AM
after all those talkings i got this picture:
i'm uploading a file of 3mb when the limit is only 1mb...and the :mad: code not stoping the uploading!:eek:
it goes on and on and after 180 sec -the timeout of the server i got-
The page cannot be displayed...
realy it is so sad...

if i will take file of 1 mb and set the limit to 500kb after a long time...something like 100sec i will get - file to big...:eek:

the same thing if i will upload files with strange extansions...
it upload them and only in the end it is checking...

PEOPLE THIS IS NOT LOGIC...IT IS SO SAD...

Spudhead
09-28-2007, 01:08 PM
From http://www.aspupload.com/manual_simple.html

"Since AspUpload has no way of knowing in advance how many files there are in a POST and how large they are, it will always allow the upload process to go through, even if the very first file exceeds the specified limit."

You HAVE to physically upload the files to the server before the component is able to look at the complete file properties and tell if it's bigger than the set limit. There is no way that I know of to check the size of a file on the server that hasn't finished uploading to the server.

It's probably taking a while because your server, like most servers, doesn't have a lot of bandwidth allocated to upstream data. So it's uploading slowly.

If you use a pure ASP upload (http://www.google.co.uk/search?q=pure+ASP+upload) script, you might be able to count bytes as they're going up or something. I'm not sure. But I'd be surprised if you could do it with the Persits ASPUpload component.

sasha85
09-28-2007, 02:05 PM
man...you got me right...unfortunately this is exactly my situation...

sasha85
09-30-2007, 02:06 AM
here was a real dummy question...i deleted it...asking all the people who read it for forgiveness:)

sorry :rolleyes:

thirax
10-03-2007, 09:40 PM
hi everyone

i've read through this thread and took mirandas code for my project - everything seems to work fine - except that the script always throws an error 8 (file too large). i've set Upload.SetMaxSize to 5242880. but i cannot even upload a 0 byte (zero!) file.

here's the code:



UploadPath = "E:\wwwroot\playerescort\_media\upload\"

Set Upload = Server.CreateObject("Persits.Upload.1")
On Error Resume Next

Upload.OverwriteFiles = False

Upload.SetMaxSize 5242880, True

Count = Upload.Save(UploadPath)
Set File = Upload.Files(1)

FileNameOriginal = File.ExtractFileName
FileExtension = Right(FileNameOriginal,3)

If Err.Number = 8 Then
Response.Write(File.Size)
Response.Write("File too big.")
'DeleteFile(UploadPath & FileNameOriginal) ' delete file to save disk space
Response.End
End If

If Err.Number <> 0 Then
Response.Write "An error has ocurred"
Response.End
Else
On Error GoTo 0

CheckExt = UCase(FileExtension)
If Not InStr("JPGGIFPNGMOVMPGAVI",CheckExt) Then
Response.Write("Falsches Dateiformat.")
DeleteFile(UploadPath & FileNameOriginal)
Response.End
End If
...


i have really no idea why it gets an error 8.... can anyone please give me a hint.

thanks and cheers

miranda
10-04-2007, 08:41 PM
Here is some code that we use on many different working sites with no problems.


Set Upload = Server.CreateObject("Persits.Upload")

On Error Resume Next 'trap the error if the file is too big
Upload.SetMaxSize 100000, True ' we use memory uploads, so we must limit file size
FileSave = Upload.Save ' Save to memory. Path parameter is omitted
Set File = Upload.Files("Resume") ' Check whether a file was selected
If(FileSave = 1) Then
FileName = File.Filename
End If
If Err.Number = 8 Then
Call LargeFile()
End If
On Error GoTo 0 'turn off the on Error Resume Next statement

'a lot of db coding

ResumeName = ""
If(FileSave = 1) Then
ResumeName = Trim(UserID) & "_Resume." & FileExt
File.SaveAs Server.Mappath("resumes") & "\" & ResumeName
Else
ResumeName = "N/A"
End If

'more code

Sub LargeFile()
'the displayed message to the user
End Sub

sasha85
10-05-2007, 10:19 AM
try to copy my source code from the last time i pasted it...it working good,,,

mornito
03-15-2010, 11:01 PM
'----------------------------------------------------------
' UPLOAD ALLOWED FILE EXT
'----------------------------------------------------------
Const Allowed_Ext = "txt,rtf,doc,xls,pdf,jpg,jpeg" ' Allowed file extensions

' Function to check the file type of the uploaded file
Private Function UploadAllowedFileExt(FileName)
If Trim(FileName & "") = "" Then
UploadAllowedFileExt = True
Exit Function
End If
Dim Ext, Pos, arExt, FileExt
arExt = Split(Allowed_Ext & "", ",")
Ext = ""
Pos = InStrRev(FileName, ".")
If Pos > 0 Then Ext = Mid(FileName, Pos+1)
UploadAllowedFileExt = False
For Each FileExt in arExt
If LCase(Trim(FileExt)) = LCase(Ext) Then
UploadAllowedFileExt = True
Exit For
End If
Next
End Function
'----------------------------------------------------------

allowed=UploadAllowedFileExt(File.FileName)

'Response.write allowed
if allowed=True then
....
....
Code here
End if



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum