home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
207.233.110.77
/
207.233.110.77.tar
/
207.233.110.77
/
vbasic
/
user.asp
< prev
next >
Wrap
Text File
|
2003-09-18
|
15KB
|
395 lines
<%@ LANGUAGE="VBSCRIPT" %>
<% Option Explicit %>
<!-- METADATA
TYPE="TypeLib"
FILE="C:\Program Files\Common Files\System\ADO\msado21.tlb"
-->
<!--#include file="DatabaseConnect.asp"-->
<!--#include file="Crypt-DeCrypt.asp"-->
<% If Session("ValidatedStudent") <> True Then
Response.Redirect "error.asp?error=denied"
End If %>
<HTML>
<head>
<title>Moorpark College Visual Basic Student Information</title>
</head>
<body>
<%
Dim objRS 'Recordset Object
Dim sSQL 'SQL string
Dim i
Dim iContent 'Count of Files and Folders
Dim strUser 'Email of User
Dim strAbsPath 'Absolute Path of active directory -- strRoot & <folder>\<folder> etc.
Dim strRelPath 'Relative Path of active directory -- <folder>\<folder> etc.
Dim strRoot 'Root path - c:\vbstudents\<student folder>
Dim strFile 'Text file to view/delete -- includes absolute path and file name
Dim strFolder 'Name of folder to create
Dim strTmp
Dim objFSO 'FileSystemObject
Dim objF 'Folder Object needed for CreateFolder method of the FSO
Dim objFolder 'FolderObject
Dim objTextFile 'TextFileObject
Dim objItem 'Object variable used to loop through the contents of the folder (objFolder)
strUser = Request.QueryString("email")
sSQL = "SELECT * FROM Students WHERE email = '" & strUser & "';"
Set objRS = Server.CreateObject("ADODB.Recordset")
objRS.Open sSQL, objConn, adOpenDynamic, adLockOptimistic, adCmdText
'Make sure the student's account exists
If Not (objRS.EOF And objRS.BOF) Then
'Determine the Root directory of the account
strRoot = "c:/vbStudents/" & objRS("folder") & "/"
'Determine the relative Path of the active directory--"path" does NOT contain a preceeding '/'
strRelPath = LCase(Trim(DeCrypt(Request.QueryString("path"))))
'Determine the absolute Path of the active directory.
strAbsPath = strRoot & strRelPath
'Create the File System Object
Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
Select Case LCase(Trim(Request.QueryString("action")))
'List the folders and files of the current directory
'---LIST
Case "list"
'Display the Page Heading -- Shown only with "list action"
If objRS("security") = vbStudent Then
i = Instr(objRS("name"), ",")
Response.Write ("<H2><CENTER>Student " & mid(objRS("name"), i+1) & " " & _
mid(objRS("name"), 1, i-1) & " -- Your Instructor is " & objRS("teacher") & "</CENTER></H2>")
Response.Write ("<CENTER>Contents of /" & strRelPath & "</CENTER>")
Else
Response.Write ("<H2><CENTER>Instructor " & objRS("name") & "</H2><BR>Contents of /" & strRelPath & "</CENTER>")
End If
'Display the Student's Directories and Files
'Create the Folder object (to easily access the folder's files and subfolders)
Set objFolder = objFSO.GetFolder(strAbsPath)
'Title row of the dir/file table
%>
<BR><CENTER>
<TABLE BORDER="5" BORDERCOLOR="green" CELLSPACING="0" CELLPADDING="2">
<TR BGCOLOR="#006600">
<TD ALIGN="center"><FONT COLOR="#FFFFFF"><B>File/Dir Name</B></FONT></TD>
<TD ALIGN="center"><FONT COLOR="#FFFFFF"><B>Size (bytes)</B></FONT></TD>
<TD ALIGN="center"><FONT COLOR="#FFFFFF"><B>Created/Uploaded</B></FONT></TD>
<TD ALIGN="center"><FONT COLOR="#FFFFFF"><B>View</B></FONT></TD>
<TD ALIGN="center"><FONT COLOR="#FFFFFF"><B>DownLoad</B></FONT></TD>
<TD ALIGN="center"><FONT COLOR="#FFFFFF"><B>Delete</B></FONT></TD>
</TR>
<%
'If the Folder is a SubFolder (strRoot <> strAbsPath), display an 'Up a Level' entry
If LCase(strRoot) <> LCase(strAbsPath) Then
i = InStrRev(strRelPath, "/")
If i > 0 Then
strTmp = mid(strRelPath, 1, i - 1)
Else
strTmp = ""
End If
%>
<TR BGCOLOR="#CCFFCC">
<TD COLSPAN="6" ALIGN="left" ><%= ShowImageForType("up") %>
<A HREF="<%= "user.asp?email=" & strUser & "&action=list&path=" & Crypt(strTmp) %>">Up a Level</A>
</TD>
</TR>
<%
End If
'First list any folders
iContent = 0
For Each objItem In objFolder.SubFolders
iContent = iContent + 1
'Make sure that folders directly off the root of the account are not
' preceded by a '/'
If Len(strRelPath) > 0 Then
strTmp = strRelPath & "/" & objItem.Name
Else
strTmp = objItem.Name
End If
%>
<TR BGCOLOR="#CCFFCC">
<TD ALIGN="left" ><%= ShowImageForType("dir") %>
<A HREF="<%= "user.asp?email=" & strUser & "&action=list&path=" & Crypt(strTmp) %>"><%= objItem.Name %></A></TD>
<TD ALIGN="right"> </TD>
<TD ALIGN="left" ><%= objItem.DateCreated %> </TD>
<TD ALIGN="center"> </TD>
<TD ALIGN="center"> </TD>
<TD ALIGN="center">
<A HREF="<%= "user.asp?email=" & strUser & "&action=delete&file=" & objItem.Name & "&path=" & Crypt(strRelPath) & "&folder=yes" %>">Delete</A></TD>
</TR>
<%
Next 'objItem
'Now list the files
For Each objItem In objFolder.Files
iContent = iContent + 1
%>
<TR BGCOLOR="#CCFFCC">
<TD ALIGN="left" ><%= ShowImageForType(objItem.Name) %> <%= objItem.Name %></TD>
<TD ALIGN="right"><%= objItem.Size %> </TD>
<TD ALIGN="left" ><%= objItem.DateCreated %> </TD>
<%
'Display the View link if the File is a Text file
If LCase(mid(objItem.Name, Instr(objItem.Name, ".") + 1)) = "txt" Then
%>
<TD ALIGN="center">
<A HREF="<%= "user.asp?email=" & strUser & "&action=view&file=" & objItem.Name & "&path=" & Crypt(strRelPath) %>">View</A></TD>
<%
Else
%>
<TD ALIGN="center"> </TD>
<%
End If
'Display the Download link
%>
<TD ALIGN="center">
<A HREF="<%= "startdownload.asp?file=" & Crypt(strAbsPath & "/" & objItem.Name) & "&name=" & objItem.Name & "&size=" & objItem.Size %>">Download</A></TD>
<%
'Display the Delete link
%>
<TD ALIGN="center" >
<A HREF="<%= "user.asp?email=" & strUser & "&action=delete&file=" & objItem.Name & "&path=" & Crypt(strRelPath) & "&folder=no" %>">Delete</A></TD>
</TR>
<%
Next 'objItem
'Display a Folder Empty row if no subfolders or files exist (for new accounts)
If iContent = 0 Then %>
<TR>
<TD COLSPAN="6" ALIGN="left">
<FONT COLOR=RED><B>Empty...</B></FONT><BR>
</TD>
</TD>
<%
End If
Set objItem = Nothing
Set objFolder = Nothing
Set objFSO = Nothing
%>
<TR>
<TD COLSPAN="6" ALIGN="left">
<%
strTmp = "user.asp?email=" & strUser & "&action=newfolder&path=" & Crypt(strRelPath)
%>
<FORM METHOD=POST NAME=makefolder ACTION="<%=strTmp%>">
<%
'Display an Error message if the folder name is invalid
If Session("NewFolderError") = True Then %>
<FONT COLOR=RED>
<B>Invalid New Folder Name!</B></FONT><BR>
<%
Session("NewFolderError") = False
Else %>
<BR>
<%
End If
%>
<!--Button for Upload option-->
<INPUT TYPE="BUTTON" VALUE="Upload a File" OnClick="document.location='user.asp?action=upload&email=<%=strUser%>&path=<%=Crypt(strRelPath)%>';">
<!--Textbox and Button for Create Folder option-->
Folder Name:<INPUT TYPE=TEXT NAME="foldername" size="20">
<INPUT TYPE=SUBMIT VALUE="Create Folder Here">
</FORM>
</TD>
</TR>
<TD COLSPAN="6" ALIGN="left">
<b><font color="#FF0000">Caution</font></b><font color="#FF0000"><b>:</b></font> Deleting a Folder will
<font color="#FF0000">permanently</font> delete all subfolders and files it contains.
</TD>
</TR>
</TABLE></CENTER>
<BR>
<HR>
<%
If Trim(Session("Admin")) <> "" Then
%>
<INPUT TYPE="Button" ALIGN="left" VALUE="Back To Admin Page" onClick="document.location='admin.asp';">
<%
Else
%>
<INPUT TYPE="Button" ALIGN="left" VALUE="Scores and Grade Status" onClick="document.location='Scores-Grade.asp?email=<%=strUser%>&path=<%=Crypt(strRelPath)%>';">
<INPUT TYPE="Button" ALIGN="right" VALUE="Change My Password" onClick="document.location='ChangePassword.asp?email=<%=strUser%>&path=<%=Crypt(strRelPath)%>';">
<%
End If
%>
<INPUT TYPE="Button" ALIGN="left" VALUE="Logout" onClick="document.location='default.asp';">
<BR>
<HR>
<P>If you have questions or comments please contact me:
<A HREF="mailto:gcampbell@moorparkcollege.net">Guy Campbell</A></P>
<%
'---DELETE
'Delete the selected Folder or File
Case "delete"
strFile = strAbsPath & "/" & Request.QueryString("file")
Select Case LCase(Trim(Request.QueryString("folder")))
Case "yes"
'Delete the folder
objFSO.DeleteFolder (strFile)
Case "no"
'Delete the file
objFSO.DeleteFile (strFile)
End Select
Response.Redirect ("user.asp?email=" & strUser & "&action=list&path=" & Crypt(strRelPath))
'---VIEW
'View the selected ("file") Text file
Case "view"
%>
<P STYLE="word-spacing: 0; line-height: 100%; margin-top: 0; margin-bottom: 0">
<P STYLE="word-spacing: 0; line-height: 100%; margin-top: 0; margin-bottom: 0">
<b>--Use your browser's back button to return to your file listing--</b>
<P>
<%
strFile = strAbsPath & "/" & Request.QueryString("file")
'Open the file
Set objTextFile = objFSO.OpenTextFile(strFile)
'Display each line of the text file
Do While Not objTextFile.AtEndOfStream
strTmp = objTextFile.ReadLine
For i = 1 to Len(strTmp) Step 2
'Replace 2 spaces with 3 HTML spaces
If Mid(strTmp, i, 2) = " " Then
Response.Write (" ")
Else
Response.Write (Mid(strTmp, i, 2))
End If
Next
Response.Write "<BR>" & vbCrLf
Loop
'Close the file
objTextFile.Close
Set objTextFile = Nothing
Set objFSO = Nothing
'---UPLOAD
Case "upload"
'Set session variables for the ProcessUpload.asp page--which contains the code that moves the uploaded
' file from the default c:\vbstudents folder to the user's current folder (strAbsPath)
Session("uprelpath") = strRelPath
Session("upabspath") = strAbsPath
Session("upemail") = strUser
Response.Write ("<BR><BR><BR><BR><BR><H2><CENTER>Upload a file to /" & strRelPath & "</CENTER></H2><BR>")
%>
<CENTER>
<TABLE BORDER="5" BORDERCOLOR="green" CELLSPACING="0" CELLPADDING="2">
<TR BGCOLOR="#CCFFCC">
<TD ALIGN="center">
<H3>Select the File to Upload</H3>
</TD>
</TR>
<TR BGCOLOR="#CCFFCC">
<TD ALIGN="center">
<FONT SIZE="2" COLOR=RED><B>Note: Please do not attempt to upload folders.
This site supports file uploads only.</B></FONT>
</TD>
</TR>
<TR BGCOLOR="#CCFFCC">
<TD ALIGN="center" VALIGN="center"><BR>
<FORM ACTION="./cgi-bin/upload.exe" ENCTYPE="multipart/form-data" METHOD="post">
<P><INPUT NAME="filename" SIZE="30" TYPE="file">
<INPUT TYPE="submit" VALUE=" Upload file "></p>
</FORM>
</TD>
</TR>
</TABLE>
</CENTER>
<BR>
<HR>
<INPUT TYPE="Button" ALIGN="center" VALUE="Cancel" onClick="document.location='<%="user.asp?email=" & strUser & "&action=list&path=" & Crypt(strRelPath)%>';">
<%
'---NEWFOLDER
'Create the specified folder ("foldername") in the current directory
Case "newfolder"
strTmp = Trim(Request.Form("foldername"))
'Verify folder name is Valid
If strTmp = "" Or _
Instr(strTmp, "/") > 0 Or _
Instr(strTmp, ":") > 0 Or _
Instr(strTmp, "?") > 0 Or _
Instr(strTmp, ">") > 0 Or _
Instr(strTmp, "'") > 0 Or _
Instr(strTmp, "*") > 0 Or _
Instr(strTmp, "\") > 0 Or _
Instr(strTmp, """") > 0 Then
Session("NewFolderError") = True
Else
strFolder = strAbsPath & "/" & strTmp
If objFSO.FolderExists(strFolder) = False Then
'Use the File System Object's CreateFolder method to make the folder
Set objF = objFSO.CreateFolder(strFolder)
End If
Session("NewFolderError") = False
End If
Response.Redirect ("user.asp?email=" & strUser & "&action=list&path=" & Crypt(strRelPath))
End Select
Else
'No Records Message
Response.Write ("<H1>Account Not Found!</H1>")
End If
objRS.Close
Set objRS = Nothing
objConn.Close
Set objConn = Nothing
%>
</body>
</html>
<%
' This function takes a filename and returns the appropriate image for
' that file type based on it's extension. If you pass it "dir", it assumes
' that the corresponding item is a directory and shows the folder icon.
Function ShowImageForType(strName)
Dim strTemp
'Set our working string to the one passed in
strTemp = strName
'If it's not a directory, get the extension and set it to strTemp
' If it is a directory, then we already have the correct value
If strTemp <> "dir" Then
strTemp = LCase(Right(strTemp, Len(strTemp) - InStrRev(strTemp, ".", -1, 1)))
End If
' Debugging line used to perfect that above string parser
'Response.Write strTemp
' Set the part of the image file name that's unique to the type of file
' to it's correct value and set this to strTemp. (yet another use of it!)
Select Case strTemp
Case "asp"
strTemp = "asp"
Case "dir"
strTemp = "dir"
Case "htm", "html"
strTemp = "htm"
Case "gif", "jpg", "bmp"
strTemp = "img"
Case "txt", "doc"
strTemp = "txt"
Case "vb"
strTemp = "vb"
Case "resx"
strTemp = "resx"
Case "user"
strTemp = "user"
Case "vbproj"
strTemp = "vbproj"
Case "vbp"
strTemp = "vbp"
Case "zip"
strTemp = "zip"
Case "up"
strTemp = "up"
Case Else
strTemp = "misc"
End Select
'All our logic is done... build the IMG Tag for display to the browser
' Place it into... where else... strTemp!
'The images are all GIFs and all start with "dir_"
' They end with one of the values set in the select statement above.
strTemp = "<IMG SRC="".\images\dir_" & strTemp & ".gif"" WIDTH=16 HEIGHT=16 BORDER=0>"
' Set return value and exit function
ShowImageForType = strTemp
End Function
%>
