Avatar of Michael Ambech
Michael Ambech

asked on 

Excluding file types in classic asp

Hi all,

Messing around heavily with an upload feature for my customers. I got the renaming of the file to work thanks to some awesome help in this forum. However what was screwing that code up to begin with was my attempt to restrict filetypes to jpg, jpeg, gif & png files. So - Any great ideas on how to do that without messing up my beatiful working code? I have the name of file serverside and I have the extension, but can't figure out how to do anything with that information. I tried the feature found here, but that was what was messing things up in the first place.

Here's the code that I have so far:

<%
Set oFileUp = Server.CreateObject("SoftArtisans.FileUp")
oFileUp.Path = "server path..."
oFileUp.CreateNewFile = True
oFileUp.OverWriteFiles = True
'oFileUp.Maxbytes = 300

If Not oFileUp.Form("file1").IsEmpty Then
oFileUp.Form("file1").Save

If Err.Number <> 0 Then
Response.Write "<B>Error description:</B> " & Err.Description
Else
Response.Write ""
End If
Else
Response.Write "Error! There is no file chosen for upload!"
End If

strServerName = oFileUp.Form("file1").ServerName

dim fs,p
set fs=Server.CreateObject("Scripting.FileSystemObject")
e=(fs.GetExtensionName("" & strServerName & ""))
p=fs.getfilename("" & strServerName & "")
response.write(p)
response.write(e)
set fs=nothing


Set oFileUp = Nothing
%>

Open in new window

ASP

Avatar of undefined
Last Comment
Michael Ambech
ASKER CERTIFIED SOLUTION
Avatar of Scott Fell
Scott Fell
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Michael Ambech
Michael Ambech

ASKER

It's becoming quite a habit of yours educating my on correct code :-) Thanks!
Avatar of Michael Ambech

ASKER

Actually - It is now restricting everything - not passing through png's and jpg's. Code below. Suggestions?

Set oFileUp = Server.CreateObject("SoftArtisans.FileUp")
oFileUp.Path = "path..."
oFileUp.CreateNewFile = True
oFileUp.OverWriteFiles = True
'oFileUp.Maxbytes = 300

FileName = oFileUp.Form("file1")
if testFileType(FileName) = 0 then  ' see below for function
   ' end
response.redirect "new_file_fail.asp"
   ' or 
response.write "not allowed"
   '   and do not run the rest of the save code
    
end if

function testFileType(FileName)
   AllowedTypes = " jpg gif png "
   FileType=right(FileName,3)
   if instr(AllowedTypes,FileType) > 0 Then
        testFileType = 1
        else
        testFileType = 0
   end if

' http://www.w3schools.com/asp/func_instr.asp
end function

If Not oFileUp.Form("file1").IsEmpty Then
oFileUp.Form("file1").Save

If Err.Number <> 0 Then
Response.Write "<B>Error description:</B> " & Err.Description
Else
Response.Write ""
End If
Else
Response.Write "Error! There is no file chosen for upload!"
End If

strServerName = oFileUp.Form("file1").ServerName

dim fs,p
set fs=Server.CreateObject("Scripting.FileSystemObject")
e=(fs.GetExtensionName("" & strServerName & ""))
p=fs.getfilename("" & strServerName & "")
response.write(p)
response.write(e)
set fs=nothing


Set oFileUp = Nothing

Open in new window

Avatar of Scott Fell
Scott Fell
Flag of United States of America image

test to make sure your input is as expected.  See my test here http://mypadas.com/ee/filetype/28894019.asp

<%

test1 = "image.jpg"
test2 = "image.gif"
test3 = "image.png"
test4 = "image.txt"

response.write testFileType(test1)&"<br>"
response.write testFileType(test2)&"<br>"
response.write testFileType(test3)&"<br>"
response.write testFileType(test4)&"<br>"

if testFileType(test1) = 1 then
	response.write "Your image has been saved"
    else
	response.write "This image is the wrong file type"
	
end if

function testFileType(FileName)
   AllowedTypes = " jpg gif png "
   FileType=right(FileName,3)
   if instr(AllowedTypes,FileType) > 0 Then
        testFileType = 1
        else
        testFileType = 0
   end if

' http://www.w3schools.com/asp/func_instr.asp
end function
%>

Open in new window

Looking at your code

FileName = oFileUp.Form("file1")
if testFileType(FileName) = 0 then  ' see below for function
   ' end
response.redirect "new_file_fail.asp"
   ' or 
response.write "not allowed"
   '   and do not run the rest of the save code
    
end if

Open in new window

If the variable FileName = 0 then it redirects so no use using response.write it will never be seen.

Test for input.  Output the FileName and make sure it is as expected.
FileName = oFileUp.Form("file1")
' ******* FOR TESTING ONLY *********
response.write FileName
response.end ' this will prevent anything else from running.
' *********************************
if testFileType(FileName) = 0 then  ' see below for function
   ' end
response.redirect "new_file_fail.asp"
   ' or 
response.write "not allowed"
   '   and do not run the rest of the save code
    
end if

Open in new window

Avatar of Michael Ambech

ASKER

Hi Scott,

Thx for the effort so far - hope you bear with my incompetence.

I have the solution working - response.write returns a 0 for disallowed files resulting in the redirect. However in order to get it to work it seems like I have to run the save command first (virtual save to disk I think). Otherwise the files are recognized as .tmp files and therefore all discarded. But if I save the file the function has to delete it afterwards, right?

For instance, response.write FileName (placed early in the code) results in: D:\hshome\sitepath.../files\sa63D7.tmp

Would it be feasible to allow the upload and then initiate a deletion if the file fails the test?
Avatar of Scott Fell
Scott Fell
Flag of United States of America image

I think you are correct.

1) Upload file.

2) Let FileUp save.

3) Get File name from FileUp (could be the same or new file if it finds a duplicate file name)

4) If file type is not what you want (jpg, gif, png, ?) then either delete the saved file or do nothing else.

5) If the file type is good, then save to  your database.
Avatar of Michael Ambech

ASKER

Well Scott... I couldn't get it to work after all... However: I'm 100% there with this code. You still deserve all the points IMHO though. Thanks for keeping at it!

Set oFileUp = Server.CreateObject("SoftArtisans.FileUp")
oFileUp.Path = "D:\hshome\DOMAINNAME\" & link & "files\"
oFileUp.CreateNewFile = True
oFileUp.OverWriteFiles = True
'oFileUp.Maxbytes = 300

FileName = oFileUp.Form("file1")

FCONT = oFileUp.ContentType 

'--- Use the Select Case Condition to restrict the file type.
Select Case LCase(FCONT) 
Case "image/gif"
oFileUp.Form("file1").Save 
Response.Write "<P>" & oFileUp.ShortFileName & " has been saved."

Case "application/vnd.openxmlformats-officedocument.wordprocessingml.document" 
oFileUp.Form("file1").Save
Response.Write "<P>" & oFileUp.ShortFileName & " has been saved."

Case "image/jpeg" 
oFileUp.Form("file1").Save
Response.Write "<P>" & oFileUp.ShortFileName & " has been saved."

Case "image/jpg" 
oFileUp.Form("file1").Save
Response.Write "<P>" & oFileUp.ShortFileName & " has been saved."

Case "image/png" 
oFileUp.Form("file1").Save 
Response.Write "<P>" & oFileUp.ShortFileName & " has been saved."

Case "image/pjpeg" 
oFileUp.Form("file1").Save 
Response.Write "<P>" & oFileUp.ShortFileName & " has been saved."

Case "application/pdf" 
oFileUp.Form("file1").Save 
Response.Write "<P>" & oFileUp.ShortFileName & " has been saved."

Case "application/msword" 
oFileUp.Form("file1").Save 
Response.Write "<P>" & oFileUp.ShortFileName & " has been saved."

Case Else
oFileUp.delete
Response.write "<P>" & oFileUp.ShortFileName & " is not allowed."
End Select

strServerName = oFileUp.Form("file1").ServerName




dim fs,p
set fs=Server.CreateObject("Scripting.FileSystemObject")
e=(fs.GetExtensionName("" & strServerName & ""))
p=fs.getfilename("" & strServerName & "")
response.write(p)
response.write(e)

set fs=nothing


Set oFileUp = Nothing

Open in new window

ASP
ASP

Active Server Pages (ASP) is Microsoft’s first server-side engine for dynamic web pages. ASP’s support of the Component Object Model (COM) enables it to access and use compiled libraries such as DLLs. It has been superseded by ASP.NET, but will be supported by Internet Information Services (IIS) through at least 2022.

82K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo