|
<script>ec(2);</script> 防盗链的原理:
不直接给出服务器中真实的url,将要访问的文件放到服务器上不可访问的目录中,所以要访问的文件就必须通过asp读取文件以二进制流的类型来发送文件,如果加上来源地址和用户登录状态的判断,可以一定意义上的防止盗链。
缺点是:不过开销也会很大。
下面是两个示例的函数,没有加上权限判断。
Sub downloadFile(strFile)
On error resume next
Server.ScriptTimeOut=999999
Dim S,fso,f,intFilelength,strFilename,DownFileName
strFilename = Server.MapPath(strFile)
Response.Clear
Set s = Server.CreateObject("ADODB.Stream")
s.Open
s.Type = 1
Set fso = Server.CreateObject("Scripting.FileSystemObject")
If Not fso.FileExists(strFilename) Then
'Response.Write("<h1>错误: </h1>
系统找不到指定文件")
showimg "images/logos.gif"
Exit Sub
End If
Set f = fso.GetFile(strFilename)
intFilelength = f.size
s.LoadFromFile(strFilename)
If err Then
'Response.Write("<h1>错误: </h1>" & err.Description & "<p>")
showimg "images/logos.gif"
Response.End
End If
Set fso=Nothing
Dim Data
Data=s.Read
s.Close
Set s=Nothing
If Response.IsClientConnected Then
Response.AddHeader "Content-Disposition", "attachment; filename=" & strFile
Response.AddHeader "Content-Length", intFilelength
Response.CharSet = "UTF-8"
Response.ContentType = "application/octet-stream"
Response.BinaryWrite Data
Response.Flush
End If
End Sub
ASP防盗链输出图片函数 showimg (需要Persits.Jpeg组件支持)
Sub showimg(FileName)
Response.Clear
Dim Jpeg,temp_pic
On Error Resume Next
Set Jpeg = Server.CreateObject("Persits.Jpeg")
If -2147221005=Err then
'Response.write "没有这个组件,请安装!" '检查是否安装AspJpeg组件
downloadFile FileName
Exit Sub
End If
Jpeg.Open (Server.MapPath(FileName)) '打开图片
If err.number then
'Response.write "打开图片失败,请检查路径!"
Jpeg.Open (Server.MapPath("images/logos.gif"))
response.end
End if
temp_pic=Jpeg.Binary
Response.ContentType = "image/*"
Response.AddHeader "Content-Disposition","filename=" & arr_FileName(FileName)
Response.BinaryWrite temp_pic
Response.End
End Sub
|
