ASP下載系統防盜鏈三種方法
當前位置:點晴教程→知識管理交流
→『 技術文檔交流 』
[p]第一方法[/p] [p] 兩個文件,第一個文件(例子中的index.asp)負責產生隨機的下載鏈接,并將密匙寫入cookie;第二個文件(例子中的download.asp)根據cookie找到實際下載地址,然后使用response.addheader和server.transfer來重定向地址。為什么不使用response.redirect呢?是因為response.redirect是在客戶端的重定向。如果使用response.redirect,那么真實的下載地址還是傳給了客戶端,這樣防盜鏈的作用就小了很多,用myie等等瀏覽器或工具都可以輕易的獲得真實下載地址。而iis5.0中提供的server.transfer是服務器端的重定向,與客戶端無關,這樣客戶端就無法獲得真實的下載地址。[/p] [p] 下面是id為1的下載文件ttt.exe的防盜鏈示例程序,具體內容如下:[/p] [p]<!---------------index.asp----------------->[br]<%response.buffer = true%>[br]<html>[br]<head>[br]</head>[br]<body>[br]<%[br]response.write "下載地址:<br><br>"[br]randomize[br]x = int(rnd()*1000)[br]response.write "<a href='download.asp?id=" & 1*x & "'>ttt.exe</a>"[br]'這里只是簡單的運算,呵呵,這已經足夠了。[br]response.cookies("secret") = x[br]%>[br]</body>[br]</html>[/p] [p]<!---------------download.asp----------------->[br]<%[br]response.buffer = true[br]if request.cookies("secret") = "" then response.end[br]if not isnumeric(request.cookies("secret")) then response.end[br]'這里對傳遞過來的值沒有多加判斷,只是為了節省篇幅[br]secret = clng(request.cookies("secret"))[br]id = clng(request.querystring("id"))[br]if id/secret = 1 then[br] response.addheader "content-type","application/x-msdownload"[br] response.addheader "content-disposition","attachment;filename=ttt.exe"[br]server.transfer "ttt.exe"[br]else[br]response.write "error!"[br]end if[br]%>[/p] [p][br]第二方法[br]打開文件 softdown.asp 在: [br]if request.querystring("id")="" then [br]response.write "不能連接或者沒有指定下載軟件" [br]response.end [br]end if [br]的上面或者是下面加上下列代碼[/p] [p][br]dim strreferer,domain,spldomain,ishttp [br]ishttp=false[/p] [p]本站下載cn-media.com/i-v/index.shtm>系統網址列表,不要帶上http:// [br]domain="sron.net,61.156.14.223,61.156.14.227"[/p] [p]spldomain=split(domain,",") [br]strreferer=request.servervariables("http_referer") [br]for iii = 0 to ubound(spldomain) [br]if instr(strreferer,trim(spldomain(iii)))>0 then ishttp=true [br]next [br]if isnull(strreferer) or ishttp=false then [br]response.write "下載鏈接來自其他網站,這是不允許的,<a href=""./"">請進入本站頁面后再進行下載。</a>" [br]closedatabase [br]response.end [br]end if[/p] [p]本站下載cn-media.com/i-v/index.shtm>系統網址列表 就是訪問你下載頻道網址里的域名,比如你的下載頻道可以用多個網址來訪問,所以這里用逗號隔開.[/p] [p]當然這里的防盜鏈只是相對的,只要知道了軟件存放地址,防盜鏈就不管用了. [/p] [p]第三方法[/p] [p]用asp實現防盜鏈技術(帶自動返回功能)[/p] [p]源文件代碼:[br]------------------------------------------------------------------------------------------------------------------------[br]<%[br]from_url = cstr(request.servervariables("http_referer"))[br]serv_url = cstr(request.servervariables("server_name"))[br]if mid(from_url,8,len(serv_url)) <> serv_url then[br]response.write "<b>非法鏈接!<br><span id=yu>3</span><a href=javascript:countdown></a>秒鐘后cn-media.com/i-v/index.shtm>系統將自動返回首頁......</b>"[br]response.write "<meta http-equiv=refresh content=3;url=index.asp>"[br]response.write "<script>valignbottom()</script>"[br]response.write "<script>function countdown(secs){yu.innertext=secs;if(--secs>0)settimeout('countdown('+secs+')',1000);}countdown(3);</script>"[br]response.end[br]end if[/p] function getfilename(longname)'/folder1/folder2/file.asp=>file.asp[br]while instr(longname,"/")[br]longname = right(longname,len(longname)-1)[br]wend[br]getfilename = longname[br]end function[br]dim stream[br]dim contents[br]dim filename[br]dim truefilename[br]dim fileext[br]const adtypebinary = 1[br]filename = request.querystring("filename")[br]if filename = "" then[br]response.write "無效文件名!"[br]response.end[br]end if[br]fileext = mid(filename, instrrev(filename, ".") + 1)[br]select case ucase(fileext)[br]case "asp", "asa", "aspx", "asax", "mdb"[br] response.write "非法操作!"[br] response.end[br]end select[br]response.clear[br]response.addheader "content-disposition", "attachment; filename=" & getfilename(request.querystring("filename"))[br]set stream = server.createobject("adodb.stream")[br]stream.type = adtypebinary[br]stream.open[br]if lcase(right(filename,3))="rar" then '設置文件類型[br]truefilename = "/files/"&filename '設置文件目錄的相對路徑[br]end if [br]stream.loadfromfile server.mappath(truefilename)[br]while not stream.eos[br]response.binarywrite stream.read(1024 * 64)[br]wend[br]stream.close[br]set stream = nothing[br]response.flush[br]response.end[br]%> 該文章在 2010/6/27 17:29:39 編輯過 |
關鍵字查詢
相關文章
正在查詢... 
|
400 186 1886
