文件下载隐藏真实地址

在把一些资源供人下载时,通常是一个真实链接。而在许多专业下载网站上看到,这个链接地址是动态的,而且没有出现实际的文件名。

index.asp

<!--#include file="conn.asp" -->
<%
set rs=server.CreateObject("Adodb.recordset")
rs.open "Select *from file",cn,1,2
do while not rs.eof
response.write "<a href=hideurl.asp?id="&rs("id")&">"&rs("filename")&"</a><br/>"
rs.movenext
loop
%>
<a href="http://www.51wsc.com/download/hideurl.asp?id=8">
download
</a>

hideurl.asp

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>无标题文档</title>
</head>
<%
From_url = Cstr(Request.ServerVariables("HTTP_REFERER"))
Serv_url = Cstr(Request.ServerVariables("SERVER_NAME"))
'response.write From_url & "<br/>" & Serv_url
%>
<%
if mid(From_url,8,len(Serv_url)) <> Serv_url then
response.write "非法链接"
else
%>
<body>
<!--#include file="conn.asp" -->
<%
Response.Buffer = true
Response.Clear
dim url
Dim fso,fl,flsize
dim Dname
Dim objStream,ContentType,flName,isre,url1
'*********************************************调用时传入的下载文件名
m_ID=trim(request.QueryString("ID"))
set rs=Server.CreateObject("adodb.recordset")
sql="select * from file where id="&m_ID
rs.open sql,cn,1,1
if not rs.eof then
    Dname=rs("filename")
else
    Response.Write("no found")
    Response.end
end if
rs.close:set rs=nothing
'******************************************************************
If Dname<>"" Then
'******************************下载文件存放的服务端目录
Dname="files"&Dname
url=Server.MapPath(Dname)

else
    Response.Write("no found")
    Response.end 
End If

Set fso=Server.CreateObject("Scripting.FileSystemObject")
if fso.fileexists(url) then

Set fl=fso.getfile(url)
flsize=fl.size
flName=fl.name
Set fl=Nothing
Set fso=Nothing
Set objStream = Server.CreateObject("ADODB.Stream")
objStream.Open
objStream.Type = 1
objStream.LoadFromFile url
Select Case lcase(Right(flName, 4))
Case ".asf"
ContentType = "video/x-ms-asf"
Case ".avi"
ContentType = "video/avi"
Case ".doc"
ContentType = "application/msword"
Case ".zip"
ContentType = "application/zip"
Case ".xls"
ContentType = "application/vnd.ms-excel"
Case ".gif"
ContentType = "image/gif"
Case ".jpg", "jpeg"
ContentType = "image/jpeg"
Case ".bmp"
ContentType = "image/bmp"
Case ".ppt"
ContentType = "application/vnd.ms-powerpoint"
Case ".mdb"
ContentType = "application/x-msaccess"
Case ".wav"
ContentType = "audio/wav"
Case ".mp3"
ContentType = "audio/mpeg3"
Case ".mpg", "mpeg"
ContentType = "video/mpeg"
Case ".rtf"
ContentType = "application/rtf"
Case ".htm", "html"
ContentType = "text/html"
Case ".txt"
ContentType = "text/plain"
Case Else
ContentType = "application/octet-stream"
End Select
Response.AddHeader "Content-Disposition", "attachment; filename=" & flName
Response.AddHeader "Content-Length", flsize
Response.Charset = "UTF-8"
Response.ContentType = ContentType
Response.BinaryWrite objStream.Read
Response.Flush
response.Clear()
objStream.Close
Set objStream = Nothing
else
response.write "这个文件在服务器不存在!"
end if
end if
%>

</body>
</html>
 

 

 

    A+
发布日期:2007年10月18日  所属分类:未分类

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: