We help IT Professionals succeed at work.

PREVENT USER TO UPLOAD SAME FILE

anwar13
anwar13 asked
on
i already done the converting part.
But i want the user not to upload the file again if he have already uploaded it before.
So i use the "basename" coulumn to check it rather than the filename(with extension).
Filename can't be used because if any txt,doc,rtf files that is uploaded will be change to .html.
Please see the ***** part to understand my question.
I use http://www.aspsmart.com component to upload the file.
thank you.


<%@ Language=VBScript %>
<%
Option explicit
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = Now - 1

if isempty(session("userID")) or len(session("userID")) = 0 then
response.redirect "./default.asp"
end if
Session("mainFrame") = "upload.asp"

dim texttitle, textdesc, filesize, field1, Filepath, FileName, fipath,wrd,file,basename
dim conn, RSFindfile,cn,id, DataConn, filetitle, filedesc,extension,fs,txtfile,f

%>

<HTML>
<BODY BGCOLOR="white">

<H1>Thank you for your Contribution</H1>
<HR>

<%

   Dim mySmartUpload
   Dim intCount
   
   Set mySmartUpload = Server.CreateObject("aspSmartUpload.SmartUpload")

   MySmartUpload.AllowedFilesList = "txt,doc,rtf,pdf,html,htm,ppt"
   mySmartUpload.Upload
   
   field1 = session("userid")
   filetitle=session("mytitle")
   filedesc=session("mydesc")
   Filepath = mySmartUpload.Files.Item(1).FilePathName
   FileName = instrrev(Filepath,"\")
   FileName = mid(Filepath,FileName+1,100)


'************************************************************************
   'basename = mysmartUpLoad.Files.Item(1).FileName
'----------------What is the syntax??-------------------------------------
    Set fs=Server.CreateObject("Scripting.FileSystemObject")
    file=fs.GetBaseName(Filepath)
    set fs=nothing
'***********************************************************************  


    Set conn = Server.CreateObject("ADODB.Connection")
    conn.Open "DSN=mydsn", "sayang", "sayang"  
   
    set RSFindfile = conn.Execute("select basename from FILE1 where " _
    & "basename = '" & basename & "' and " _
    & "userID = " &field1& "")
   
    if NOT RSFindfile.EOF then
         response.write ("You have previously uploaded the file.")
    else
     
     
   'intCount = mySmartUpload.Save("uploas")
   'sample with a physical path
    intCount = mySmartUpload.Save("d:\users\" & field1)

'-----------------------------get old file's extension
Set fs=Server.CreateObject("Scripting.FileSystemObject")
extension = fs.GetExtensionName("d:\users\" & field1 & "\" & FileName )
set fs=nothing
'-----------------------------


if extension="txt" or extension="doc" or extension="rtf" then
set wrd =CreateObject("Word.Application")
wrd.Documents.Open "d:\users\" & field1 & "\" & FileName
wrd.Visible = False


'------------------------------get old file's name
Set fs=Server.CreateObject("Scripting.FileSystemObject")
file=fs.GetBaseName("d:\users\" & field1 & "\" & FileName)
set fs=nothing
'------------------------------


'-------------------------------new file's name
wrd.Application.ActiveDocument.SaveAs "d:\users\" & field1 & "\" & file & ".html",8
wrd.Application.Quit
set wrd = Nothing
'-------------------------------
end if

'-------------------------------delete the old file
set fs=CreateObject("Scripting.FileSystemObject")
set txtfile=fs.GetFile("d:\users\" & field1 & "\" & filename)
txtfile.Delete
set txtfile=nothing
set fs=nothing
'--------------------------------

FileName = file & ".html"

'--------------------------------get the size of new file
set fs=CreateObject("Scripting.FileSystemObject")
set f=fs.GetFile("d:\users\" & field1 & "\" & filename)
filesize = f.Size
set f=nothing
set fs=nothing
'---------------------------------

fipath = "d:\users\" & field1 & "\" & FileName

    Set cn = Server.CreateObject("ADODB.Connection")
      cn.Open "DSN=mydsn", "sayang", "sayang"    
    cn.Execute("insert into FILE1 values ("& field1 &",'" & file & "','" & FileName & "','" & filetitle & "','"&filedesc&"','"&fipath&"','" &filesize& "') ")

    cn.close
    Set cn = Nothing
   
    Response.Write(intCount & " file(s) uploaded.")
    end if
   


%>
</BODY>
</HTML>
Comment
Watch Question

Commented:
I would use the fileExists method to check if file is there already

if fs.fileExists("c:\winnt\notepad.exe") then
    'show error message to user
    'end page processing
    response.end
end if

Commented:
looks like I missed the line about different file extensions possible.
Mark FranzProject Manager
CERTIFIED EXPERT

Commented:
Hmm... the only thing I can think of, is to store the name of the file before the conversion into a dB.  Or write the filename as an appended value to a .txt file, go through that file before completing the conversion for duplicates.

Another thought, why not write a cookie file to the client each time he/she uploads a file to the server, write the name of the file as an appended cookie value.

Author

Commented:
john844: if using aspsmart.com component to get the filename and the extension is:

Filepath = mySmartUpload.Files.Item(1).FilePathName
FileName = instrrev(Filepath,"\")
FileName = mid(Filepath,FileName+1,100)

So what about the filename only?? if with the extension i still can't check whether the file exist or not.

such as:

if fs.fileExists("c:\winnt\notepad.doc") or fs.fileExists("c:\winnt\notepad.txt") or fs.fileExists("c:\winnt\notepad.html")  then
   'show error message to user
   'end page processing
   response.end
end if

how could i check those 3 files??

mgfranz: if i have to store the name of the file before the conversion into a dB then the user couldn't display the file in the browser.

mgfranz: write the filename as an appended value to a .txt file, go through that file before completing the conversion for duplicates is i think a good way, would you give me the coding since i never use this method before. :)

cookie is a way that i want to implement since cookie can be deleted in client side.
 
Or it's better if i could get the basename, so not much modification in my system.

OTHER SOLUTIONS are still welcomed

Commented:
anwart13,

<%@ Language=VBScript %>
<%
Option explicit
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = Now - 1

if isempty(session("userID")) or len(session("userID")) = 0 then
response.redirect "./default.asp"
end if
Session("mainFrame") = "upload.asp"

dim texttitle, textdesc, filesize, field1, Filepath, FileName, fipath,wrd,file,basename
dim conn, RSFindfile,cn,id, DataConn, filetitle, filedesc,extension,fs,txtfile,f

%>

<HTML>
<BODY BGCOLOR="white">

<H1>Thank you for your Contribution</H1>
<HR>

<%

  Dim mySmartUpload
  Dim intCount
   
  Set mySmartUpload = Server.CreateObject("aspSmartUpload.SmartUpload")

  MySmartUpload.AllowedFilesList = "txt,doc,rtf,pdf,html,htm,ppt"
  mySmartUpload.Upload
   
  field1 = session("userid")
  filetitle=session("mytitle")
  filedesc=session("mydesc")
  Filepath = mySmartUpload.Files.Item(1).FilePathName
  FileName = instrrev(Filepath,"\")
  FileName = mid(Filepath,FileName+1,100)


'************************************************************************
  'basename = mysmartUpLoad.Files.Item(1).FileName
'----------------What is the syntax??-------------------------------------
   Set fs=Server.CreateObject("Scripting.FileSystemObject")
   file=fs.GetBaseName(Filepath)
   set fs=nothing
'***********************************************************************  


   Set conn = Server.CreateObject("ADODB.Connection")
   conn.Open "DSN=mydsn", "sayang", "sayang"  
 
   set RSFindfile = conn.Execute("select basename from FILE1 where " _
   & "basename = '" & basename & "' and " _
   & "userID = " &field1& "")
   
   if NOT RSFindfile.EOF then
        response.write ("You have previously uploaded the file.")
   else
   
     
  'intCount = mySmartUpload.Save("uploas")
  'sample with a physical path
   Set fs=Server.CreateObject("Scripting.FileSystemObject")
   If fs.fileExists("d:\user\" & FileName) then
     Response.Write("File Exists")
        Response.End
   End IF

   intCount = mySmartUpload.Save("d:\users\" & field1)

'-----------------------------get old file's extension
Set fs=Server.CreateObject("Scripting.FileSystemObject")
extension = fs.GetExtensionName("d:\users\" & field1 & "\" & FileName )
set fs=nothing
'-----------------------------


if extension="txt" or extension="doc" or extension="rtf" then
set wrd =CreateObject("Word.Application")
wrd.Documents.Open "d:\users\" & field1 & "\" & FileName
wrd.Visible = False


'------------------------------get old file's name
Set fs=Server.CreateObject("Scripting.FileSystemObject")
file=fs.GetBaseName("d:\users\" & field1 & "\" & FileName)
set fs=nothing
'------------------------------


'-------------------------------new file's name
wrd.Application.ActiveDocument.SaveAs "d:\users\" & field1 & "\" & file & ".html",8
wrd.Application.Quit
set wrd = Nothing
'-------------------------------
end if

'-------------------------------delete the old file
set fs=CreateObject("Scripting.FileSystemObject")
set txtfile=fs.GetFile("d:\users\" & field1 & "\" & filename)
txtfile.Delete
set txtfile=nothing
set fs=nothing
'--------------------------------

FileName = file & ".html"

'--------------------------------get the size of new file
set fs=CreateObject("Scripting.FileSystemObject")
set f=fs.GetFile("d:\users\" & field1 & "\" & filename)
filesize = f.Size
set f=nothing
set fs=nothing
'---------------------------------

fipath = "d:\users\" & field1 & "\" & FileName

   Set cn = Server.CreateObject("ADODB.Connection")
     cn.Open "DSN=mydsn", "sayang", "sayang"    
   cn.Execute("insert into FILE1 values ("& field1 &",'" & file & "','" & FileName & "','" & filetitle
& "','"&filedesc&"','"&fipath&"','" &filesize& "') ")

   cn.close
   Set cn = Nothing
   
   Response.Write(intCount & " file(s) uploaded.")
   end if
   


%>
</BODY>
</HTML>

Regards,
Wee Siong

Author

Commented:
Siong: this can't solve the problem, if the file is .doc, .txt, .rtf, because it will still upload the file since when it check the file, the file is there with .html format.

Set fs=Server.CreateObject("Scripting.FileSystemObject")
  If fs.fileExists("d:\user\" & FileName) then
    Response.Write("File Exists")
       Response.End
  End IF



This will convert .rtf, .doc, .txt to .html  then store the .html to database. so we still can upload the .rtf file, since it can't be checked as the .doc file deleted, see this code:

if extension="txt" or extension="doc" or extension="rtf" then
set wrd =CreateObject("Word.Application")
wrd.Documents.Open "d:\users\" & field1 & "\" & FileName
wrd.Visible = False
Set fs=Server.CreateObject("Scripting.FileSystemObject")
file=fs.GetBaseName("d:\users\" & field1 & "\" & FileName)
set fs=nothing
wrd.Application.ActiveDocument.SaveAs "d:\users\" & field1 & "\" & file & ".html",8
wrd.Application.Quit
set wrd = Nothing
end if

Mark FranzProject Manager
CERTIFIED EXPERT

Commented:
What I have done also is when the file is renamed, give it the name of the file+sessionID, or just sessionID.ext, I do this for a resume tool I wrote a while back.  Since the resume files are renamed to 3885967138.doc the chance of the same named file being saved is none.

The problem I see with saving the filename to a .txt file is what if another user tries to upload the same name file?  Granted a cookie on the client will prevent the same user fromm uploading the same file, but it will not prevent a different user from uploading.

And whether the file is the same name or not is a moot point if the files are different right?

Commented:
One problem with what you are doing is there is no way to keep the file unique.  Using the file system object you could.

A. Check the name.
B. Test the following of the file using the textstream object:
object.DateCreated
object.size

If they match then you know they are the same, and if not then two people created the EXACT same size file at the EXACT same time.

Commented:
answar13,

Actually you know how to get the filename, then it is no problem, exp:

xxx.doc <--- You know how to spirit it to xxx(FileName) doc(extension)

So what you want to do:

Set fs=Server.CreateObject("Scripting.FileSystemObject")
 If fs.fileExists("d:\user\" & File & ".html") then
   Response.Write("File Exists")
      Response.End
 End IF

Regards,
Wee Siong

Commented:
Well actually weesiong, what if I upload a file called myfile.txt and then you want ot upload a file called myfile.txt.  They have the same exact name,but two completely different files.

If you were to use the textstreat object, you could get the created date and the size of the file, see that they are different, assign a new name and continue to upload the file.

This is currently the way I do it on our network, it works great because we have noticed that alot of workers seem to use the same 5-10 names for files (i.e. myfile, test, etc.) this way we know it is unique and allow it to be transfered.

Your other option is to create folders (on the fly, fso.createfolder for each IP/user). although this probably is not the way you want ot go, in fact forget I even mentioned this.

P.S. Are you storing the actual documents in your DB or just pointers?

Good luck.

Author

Commented:
siong,

xxx.doc <--- i want to get the xxx only, before aspsmarupload actuall save the file in "d:\users" &field1

before this command:
intCount = mySmartUpload.Save("d:\users\" & field1)

There is 1 folder for each user (the field1 varialble), i don't care if the different user send the same thing since i am using their ID as the primary key and the filename.


Author

Commented:
eg: c:\test\test.txt

Set mySmartUpload = Server.CreateObject("aspSmartUpload.SmartUpload")

 MySmartUpload.AllowedFilesList = "txt,doc,rtf,pdf,html,htm,ppt"
 mySmartUpload.Upload
 
 Filepath = mySmartUpload.Files.Item(1).FilePathName
 FileName = instrrev(Filepath,"\")
 FileName = mid(Filepath,FileName+1,100)


From the last code what i get is: test.txt

So how to get the "test" only without the ".txt"

Author

Commented:
turbosig: i store just the pointer

Commented:
'This declares and creates your text stream.
Dim Stream: Set Stream = CreateObject("ADODB.Stream")

the rest is VERY similar to the filesystem object.  Just do what I said above.

1. Check to see if the file exists with that name
2. If it does, compare the created date and file size.
3. If they are different (date and size) then create the new file with a different name.
4. allow the user to upload.

The actual name of the file is pointless becasue it wil be associated with the user. If it is absolutely necessary to maintian exact file names you will have to add an additional field to your DB.  I do something similar to this.

i.e. Lets say user1 uploads MyText.txt, then user2 tries to upload MyText.txt, since they are both being stored in the same folder (I assume) this isn't possible.  So rename the file MyText01.txt (or what ever), and save the new fileas MyText01.txt in the folder and in the DB field called original_file name store MyText.txt and MyTexst01.htm in the pointer field.

When you display info to the user, use Original_File name field as the display field and the File field as the file to retrieve, they will both be associated with the particular user Unqiqe ID.

This should be fairly easy, hope this helps, I do it alot with images.

Author

Commented:
Weesiong, turbosig, mgfranz, john844:


user1 and user2 has their own folder, so they upload the same filename.

user1 is able to delete ONLY his uploaded files, and user2 also able to delete ONLY his uploaded files.


It's not a concern about user1 or user2 upload the same files.

The concern one is:
Assume user1 upload mytext.doc to the server. The server will then check that it's a .doc file. It then convert to mytext.html file and store the pointer to DB as mytext.html.

So the next time user1 upload again mytext.doc to the server, it then will definitely will cause an error. because:
1) i use userID and filename as primary key.
2) same filename in the same folder.

I have my own solution here. I need to know the actual (base) filename that is going to be uploaded by the user.

mySmartUpload.Upload   'user has upload, but server didn't save yet.
 
Filepath = mySmartUpload.Files.Item(1).FilePathName
FileName = instrrev(Filepath,"\")
FileName = mid(Filepath,FileName+1,100)


--------------------------------
I need to know the actual filename(filename without extension) in this range (before the server save the file).
I will then check using the Base(actual)name everytime the user upload new file instead of filename(with extension).
--------------------------------

intCount = mySmartUpload.Save("d:\users\" & field1) 'the server save the file


I hope this is clear enough.

Commented:
Filepath = mySmartUpload.Files.Item(1).FilePathName
FileNameStart = instrrev(Filepath,"\")+1
FileNameEnd = instrrev(Filepath,".")
FileName = mid(Filepath,FileNameStart,FileNameEnd-FileNameEnd)

Author

Commented:
turbosig: the filename contains nothing.

This is the script that i test:

<%
dim texttitle, textdesc, filesize, field1, Filepath, FileName, fipath, filename1, ext
dim conn, RSFindfile,cn,id, DataConn, filetitle, filedesc,FileNameStart, FileNameEnd

%>

<HTML>
<BODY BGCOLOR="white">

<H1>Thank you for your Contribution</H1>
<HR>

<%

   Dim mySmartUpload
   Dim intCount
   
   Set mySmartUpload = Server.CreateObject("aspSmartUpload.SmartUpload")

   MySmartUpload.AllowedFilesList = "txt,doc,pdf,html,htm,ppt"
   mySmartUpload.Upload
   
   filesize = mySmartUpload.Files.Item(1).Size/1024
   field1 = session("userid")
   filetitle=session("mytitle")
   filedesc=session("mydesc")


   Filepath = mySmartUpload.Files.Item(1).FilePathName
   FileName = instrrev(Filepath,"\")+1

   FileNameend = instrrev(Filepath,".")-2

    FileName1 = mid(Filepath,FileName,Filenameend)
    response.write filepath %> <p> <%
    response.write filename %> <p> <%
    response.write filename1 %> <p> <%
    response.write fileNameend %> <p> <%
%>
</BODY>
</HTML>

This is the output:

C:\Documents and Settings\Administrator\Desktop\test.txt
49

test.txt

51


My question:
1) what is mid procedure??? how to use it??
2) why filename is "test.txt"?? not "te"??
<%@ Language=VBScript %>
<%
Option explicit
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = Now - 1

if isempty(session("userID")) or len(session("userID")) = 0 then
response.redirect "./default.asp"
end if
Session("mainFrame") = "upload.asp"

dim texttitle, textdesc, filesize, field1, Filepath, FileName, fipath, filename1, ext, theform
dim conn, RSFindfile,cn,id, DataConn, filetitle, filedesc,FileNameStart, FileNameEnd,basename

%>

<HTML>
<BODY BGCOLOR="white">

<H1>Thank you for your Contribution</H1>
<HR>

<%

   Dim mySmartUpload
   Dim intCount
   
   Set mySmartUpload = Server.CreateObject("aspSmartUpload.SmartUpload")

 
   mySmartUpload.Upload


    filename=MySmartUpLoad.Files.Item(1).FileName
    response.write filename %><p><%
    FileNameend = instrrev(filename,".")-1
    baseName = mid(Filename,1,FileNameend)
    response.write basename

%>
</BODY>
</HTML>
<%@ Language=VBScript %>
<%
Option explicit
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = Now - 1

if isempty(session("userID")) or len(session("userID")) = 0 then
response.redirect "./default.asp"
end if
Session("mainFrame") = "upload.asp"

dim texttitle, textdesc, filesize, field1, Filepath, FileName, fipath, filename1, ext, theform
dim conn, RSFindfile,cn,id, DataConn, filetitle, filedesc,FileNameStart, FileNameEnd,basename

%>

<HTML>
<BODY BGCOLOR="white">

<H1>Thank you for your Contribution</H1>
<HR>

<%

   Dim mySmartUpload
   Dim intCount
   
   Set mySmartUpload = Server.CreateObject("aspSmartUpload.SmartUpload")

 
   mySmartUpload.Upload


    filename=MySmartUpLoad.Files.Item(1).FileName
    response.write filename %><p><%
    FileNameend = instrrev(filename,".")-1
    baseName = mid(Filename,1,FileNameend)
    response.write basename

%>
</BODY>
</HTML>

Author

Commented:
Thanks everyone
Mark FranzProject Manager
CERTIFIED EXPERT

Commented:
I must have missed something... is there 2 different questions in this post?

Explore More ContentExplore courses, solutions, and other research materials related to this topic.