Solved

Restrict Certain File Extention Uploads / Upload Size for ASP form

Posted on 2006-07-06
11
484 Views
Last Modified: 2010-08-05
I will start off by saying I am NOT a programmer. I have just enough luck to be able to find cool sites that offer code up for users to sample and modify it a bit to get what I am looking for. (I was actually trying to use CDONTS yesterday, just figured out I need to use CDOsys). The form is an upload form, will want the user to upload a .gif, .jpg, .jpeg, .ai, .psd, or .eps file. Below is the code I am currently using ( got it from http://www.asp101.com/articles/jacob/scriptupload.asp ). The code, uploads the file to the server, send the email with attachment, then deletes the file from the server. I just want to be able to only allow those specific extentions listed above to be uploaded. I have tried a few things but haven't gotten anything to work.

<%@ Language=VBScript %>
<%Option Explicit%>
<!-- #include file="upload.asp" -->
<%

'NOTE - YOU MUST HAVE VBSCRIPT v5.0 INSTALLED ON YOUR WEB SERVER
'         FOR THIS LIBRARY TO FUNCTION CORRECTLY. YOU CAN OBTAIN IT
'         FREE FROM MICROSOFT WHEN YOU INSTALL INTERNET EXPLORER 5.0
'         OR LATER.

Server.ScriptTimeOut = 300



' Create the FileUploader
Dim Uploader, File
Set Uploader = New FileUploader


' This starts the upload process
Uploader.Upload()

'******************************************
' Use [FileUploader object].Form to access
' additional form variables submitted with
' the file upload(s). (used below)
'******************************************

' Check if any files were uploaded
If Uploader.Files.Count = 0 Then
      Response.Write "File(s) not uploaded."
Else

' Loop through the uploaded files
For Each File In Uploader.Files.Items

' Save the file
File.SaveToDisk "C:\Inetpub\wwwroot\fileuploader\files"            

' Make variable with location of previously uploaded file
Dim attachment
attachment="C:\Inetpub\wwwroot\fileuploader\files\" & File.FileName
Next
End If

' Grab rest of form variables
Dim name, email, product, quantity, partner
name = Uploader.Form("name")
email = Uploader.Form("email")
product = Uploader.Form("product")
quantity = Uploader.Form("quantity")
partner = Uploader.Form("partner")

' validation
Dim validationOK
validationOK=true
If name="" Then validationOK=False
If email="" Then validationOK=False
If quantity="" Then validationOK=False
If (validationOK=false) Then Response.Write("Error - Please fill in all fields.")

'Declare variables
Dim sch, cdoConfig, cdoMessage
sch = "http://schemas.microsoft.com/cdo/configuration/"
 
    Set cdoConfig = CreateObject("CDO.Configuration")
 
    With cdoConfig.Fields
        'Set CDO Port
        .Item(sch & "sendusing") = 2
        'Set mailserver name either IP address, mail.yoursite.com or localhost
        .Item(sch & "smtpserver") = "127.0.0.1"
        'Set SMTP port which is 25 by default
        .Item(sch & "smtpserverport") = 25
        'Set number of seconds before timeout
        .Item(sch & "smtpconnectiontimeout") = 60
        .update
    End With
 
    Set cdoMessage = CreateObject("CDO.Message")
 
    With cdoMessage
        Set .Configuration = cdoConfig
        .From = name
        .To = "localhost@localhost.com"
        .Subject = "Customark Logo Submission Form " & "(" & partner & ")"
        .HTMLBody = "Submission From: " & partner & vbCrLf & "Name: " & name & vbCrLf
        .AddAttachment attachment
        .Send
    End With
 
    Set cdoMessage = Nothing
    Set cdoConfig = Nothing

Dim ScriptObject
Set ScriptObject = Server.CreateObject("Scripting.FileSystemObject")
ScriptObject.DeleteFile(attachment)


Response.Write("Success")



%>
0
Comment
Question by:JF0
  • 6
  • 5
11 Comments
 
LVL 13

Expert Comment

by:jmundsack
ID: 17052535
Edit your existing code with an If...End If block as follows:

Dim ext

For Each File In Uploader.Files.Items

    ext = Mid(File.FileName, InStrRev(File.FileName, ".") + 1)
    If CBool(InStr("gif,jpg,jpeg,ai,psd,eps", ext)) Then

        '  the rest of your code following the For Each statement goes here
        '  up to the Next statement

    End If

Next
0
 
LVL 16

Author Comment

by:JF0
ID: 17052742
I'm sorry, I do not understand. Could you insert it into my code for me so I can see where exactly to place it. I am really a beginner, get stumped on the easiest things.
0
 
LVL 13

Expert Comment

by:jmundsack
ID: 17052795
Ok, sorry:

<%@ Language=VBScript %>
<%Option Explicit%>
<!-- #include file="upload.asp" -->
<%

'NOTE - YOU MUST HAVE VBSCRIPT v5.0 INSTALLED ON YOUR WEB SERVER
'        FOR THIS LIBRARY TO FUNCTION CORRECTLY. YOU CAN OBTAIN IT
'        FREE FROM MICROSOFT WHEN YOU INSTALL INTERNET EXPLORER 5.0
'        OR LATER.

Server.ScriptTimeOut = 300

Dim ext

' Create the FileUploader
Dim Uploader, File
Set Uploader = New FileUploader


' This starts the upload process
Uploader.Upload()

'******************************************
' Use [FileUploader object].Form to access
' additional form variables submitted with
' the file upload(s). (used below)
'******************************************

' Check if any files were uploaded
If Uploader.Files.Count = 0 Then
     Response.Write "File(s) not uploaded."
Else

    ' Loop through the uploaded files
    For Each File In Uploader.Files.Items

        ext = Mid(File.FileName, InStrRev(File.FileName, ".") + 1)
        If CBool(InStr("gif,jpg,jpeg,ai,psd,eps", ext)) Then

            ' Save the file
            File.SaveToDisk "C:\Inetpub\wwwroot\fileuploader\files"          

            ' Make variable with location of previously uploaded file
            Dim attachment
            attachment="C:\Inetpub\wwwroot\fileuploader\files\" & File.FileName

        End If

    Next
End If

' Grab rest of form variables
Dim name, email, product, quantity, partner
name = Uploader.Form("name")
email = Uploader.Form("email")
product = Uploader.Form("product")
quantity = Uploader.Form("quantity")
partner = Uploader.Form("partner")

' validation
Dim validationOK
validationOK=true
If name="" Then validationOK=False
If email="" Then validationOK=False
If quantity="" Then validationOK=False
If (validationOK=false) Then Response.Write("Error - Please fill in all fields.")

'Declare variables
Dim sch, cdoConfig, cdoMessage
sch = "http://schemas.microsoft.com/cdo/configuration/"
 
    Set cdoConfig = CreateObject("CDO.Configuration")
 
    With cdoConfig.Fields
        'Set CDO Port
        .Item(sch & "sendusing") = 2
        'Set mailserver name either IP address, mail.yoursite.com or localhost
        .Item(sch & "smtpserver") = "127.0.0.1"
        'Set SMTP port which is 25 by default
        .Item(sch & "smtpserverport") = 25
        'Set number of seconds before timeout
        .Item(sch & "smtpconnectiontimeout") = 60
        .update
    End With
 
    Set cdoMessage = CreateObject("CDO.Message")
 
    With cdoMessage
        Set .Configuration = cdoConfig
        .From = name
        .To = "localhost@localhost.com"
        .Subject = "Customark Logo Submission Form " & "(" & partner & ")"
        .HTMLBody = "Submission From: " & partner & vbCrLf & "Name: " & name & vbCrLf
        .AddAttachment attachment
        .Send
    End With
 
    Set cdoMessage = Nothing
    Set cdoConfig = Nothing

Dim ScriptObject
Set ScriptObject = Server.CreateObject("Scripting.FileSystemObject")
ScriptObject.DeleteFile(attachment)


Response.Write("Success")

%>

Note...  Do you realize that if there are multiple files uploaded, the way this page is currently written the "attachment" variable will only contain the name of the last file saved to disk, and therefore this will be the only file attached to the email?  The presence of the For Each loop makes it look like the user can submit more than one picture at a time.  If that's not the case, then you're good to go.  If you want all the pictures submitted to be attached to the message, your page will still need work.

0
 
LVL 16

Author Comment

by:JF0
ID: 17052809
They can only submit one. I noticed that too. Its a simple Logo upload, that is all. Let me try your code..
0
 
LVL 16

Author Comment

by:JF0
ID: 17052850
With your code, I get the following error. With my old code, it runs without the error. I don't know what is is.

Error Type:
(0x80070057)
One or more arguments are invalid
/fileuploader/customarksubmit.asp, line 103


Dim ScriptObject
Set ScriptObject = Server.CreateObject("Scripting.FileSystemObject")
ScriptObject.DeleteFile(attachment)                     <----------- Line 103


Response.Write("Success")

%>
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 13

Accepted Solution

by:
jmundsack earned 250 total points
ID: 17052853
It just occurred to me that if the user uploaded a file with a different extension, the .AddAttachment would fail.  You'll need to short-circuit the sending of the email in this case.  Perhaps:

        If CBool(InStr("gif,jpg,jpeg,ai,psd,eps", ext)) Then

            ' Save the file
            File.SaveToDisk "C:\Inetpub\wwwroot\fileuploader\files"          

            ' Make variable with location of previously uploaded file
            Dim attachment
            attachment="C:\Inetpub\wwwroot\fileuploader\files\" & File.FileName

        Else

            'do something if they uploaded a bad extension
            Response.Write "Invalid attachment."

        End If

And then change the .AddAttachment statement to:

        If Len(attachment) > 0 Then .AddAttachment attachment

0
 
LVL 13

Expert Comment

by:jmundsack
ID: 17052860
Yeah, missed that one, too.  You'll need to change that to:

If Len(attachment) > 0 Then ScriptObject.DeleteFile(attachment)

0
 
LVL 16

Author Comment

by:JF0
ID: 17052882
ok, give me a minute to try to get it.
0
 
LVL 16

Author Comment

by:JF0
ID: 17052958
Awesome. That works great! About having a size limit, would I just ammend the following with the proper statement:

  If CBool(InStr("gif,jpg,jpeg,ai,psd,eps", ext)) AND FILESIZE IS <= 10MB Then

            ' Save the file
            File.SaveToDisk "C:\Inetpub\wwwroot\fileuploader\files"          

               '
               '
               ' rest of code

0
 
LVL 13

Expert Comment

by:jmundsack
ID: 17053009
Well, I'm not entirely familiar with the properties of the File object, which is apparently defined in the upload.asp file.  I know it has a .FileName property, and it probably has a .Size property but I can't be sure without seeing the contents of upload.asp.  Let's assume there is a .Size property--in that case, your code would be:

  If CBool(InStr("gif,jpg,jpeg,ai,psd,eps", ext)) AND File.Size <= (10240000000#) Then

0
 
LVL 16

Author Comment

by:JF0
ID: 17053041
it has a FileSize property. I will try it and award you the points because you have already solved my biggest problem. thank you.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now