Translation Beggar Cat
I knew a long time ago (actually just a few months) that Chinaasp has an actual effect like a hacker's ASE program. Recently, Chinaasp has provided the full text search function in the essence area. It seems that the file system object components are still very useful, right? If you are interested in this, you can check out this article. This article is introductory, and it depends on yourself to practice, haha.
Note: What we want to operate below is the file system of the web server, so first you need to make sure that you have sufficient permissions to the server. If you don't want to bother your Web Master, you can also use Microsoft's Personal Web Server to perform your experiments.
FSO objects include
Drive Object is used to access local disks or network disks.
File System Object (FielSystemObject) is used to access file systems
Folder Object is used to access various properties of folders
TextStream Object (TS for short) access file content
Using the above objects, you can do whatever you want on a computer, but it may also cause disasters. Therefore, you should pay attention to security when using FSO, especially in web applications, the web server will store important information such as user information, log files, etc., and you should be extra careful. In this article, we mainly discuss FSO objects and TextStream objects
(FSO is provided by Microsoft, so this article only applies to ASP programming under Windows operating systems.)
How to use FSO?
Before you start doing bad things, you must first learn to build a FSO. If you have created objects in ASP, this is easy to do:
<%
Set fso = ("")
%>
Now that we have established FSO and assigned the variable fso, we can use the method we are familiar with to use (if you are not familiar with the operation of the object, please go to make up for it yourself, I will not be here). In the following example, mainly used is and.
(The FSO module comes from the script runtime library provided by Microsoft. Many application systems will call it, such as Access, Word, etc., and is not specially developed for ASP applications.)
Here are some of the FSO methods we want to use:
CopyFile Copy one or more files
CreateTextFile Creates a file and returns a TS object
DeleteFile Delete a file
OpenTextFile Opens a file and returns a TS object that can be used for reading and adding.
To get the complete FSO method, see MSDN. Let’s see an example below.
Write a file
Imagine that you want to build a simple guestbook without using complex databases, or your ISP restricts you from using databases, you can use FSO to do it.
Suppose you want to collect information from the form submitted by the user, and write it like this in html.
<html>
<body>
<form action="" method="post">
<input type="text" size="10" name="username">
<input type="text" size="10" name="homepage">
<input type="text" size="10" name="Email">
</form>
</body>
</html>
Let's take a look at what is used to handle this form.
<%
' Get form information
strName = ("username")
strHomePage = ("homepage")
strEmail = ("Email")
' Create a fso object
Set fso = ("")
path = "c:\temp\"
ForReading = 1, ForWriting = 2, ForAppending = 3
'Open the file
set file = (path, ForAppending, TRUE)
' Write information to a file
(strName) & vbcrlf
(strHomePage) & vbcrlf
(strEmail) & vbcrlf
' Close and clear the object
set file = nothing
set fso = nothing
Look at the above, the OpenTextFile method returns a TS object, which provides a series of methods such as Write, ReadLine, SkipLine, etc. to manipulate file content. The VB constant vbcrlf is a newline character.
(We specified the TRUE parameter in the OpentextFile method to notify the system to generate a new file when the file does not exist. If TRUE is not used, an ugly error message will be returned when the file does not exist.)
Now open c:\temp\ and you can see the following information:
User's name
User's home page
User's email
Of course, the actual content is the user's input. Ha, a simple guestbook is born.
Read the file
OK, now our guestbook has stored a lot of user information. If a user wants to see the information of our visitors at this time, we have to restore the information. Since it is not a database, you have to solve the segmentation problem by yourself. Look, every three lines are the information of a user, which is easy to deal with:
<%
' Create a fso object
set fso = ("")
path = "c:\temp\"
'Open the file
set file = (path, 1) <-- for reading
do until
("Name: " & & " ")
("Home Page: " & & " ")
("Email: " & & "<p>")
loop
' Close and clear
set file = nothing
set fso = nothing
%>
(Here we just simply output the information, you can adjust it according to the actual situation, including output to tables and DHTML form.)
The ReadLine method is used to read a line from a file. The next time you call the ReadLine method, the next line will be read. AtEndOfStream is an attribute of the TS object, allowing you to know whether the end of the file is reached.
Assuming that there is a problem with the file for some reason, such as a user only has two lines, we will get the following error message:
Server object error 'ASP 0177 : 800a003e'
Therefore, it is necessary to add some error handling code.
FSO permission issues
Now that we have some basic understanding of FSO, it is time to discuss the permissions of FSO. The FSO's read permission is the permissions that the account that created the FSO has. If someone uses this page from the Internet, the Internet account is created. If you use the administrator to log in and access the page natively, the established FSO has the administrator permissions.
Internet accounts (IUSER_machine name) usually only have read permissions, which means that users can never write guestbook files. So we have to find a way to solve it.
The first method is to let the user first log in with an account with write permissions. But in fact, all users accessing from the Internet log in as anonymous, so this method is difficult to implement.
The second method is to create a directory that allows users with an account to read and write to IUSER_machine name. But this may lead to security vulnerabilities. If the hacker knows this directory, you can write some code inside and run it in some way, then you will be miserable. So it is best to build this directory outside the web path (that is, outside the inetpub path).
Use FSO to implement search function
Now let's do a step further and implement search functionality on our Web site with FSO. The key to building a search engine is recursion.
First, create a search page. Suppose we have provided the user with a page to enter the search string.
Dim objFolder
Dim strSearchText
Dim objFSO
strSearchText = ("SearchText") <-- Search string
' Create FSO and folder objects
Set fso = ("")
Set objFolder = (("/"))
Search objFolder
The above code just does some variable initialization work, and the real serach work is performed by the following Search function.
Function Search(objFolder)
Dim objSubFolder
'Collapse searches for each file in the current folder
For Each objFile in
Set objTextStream = (,1) <-- For Reading
'Read the file content into a variable
strFileContents =
'If the string is found in the file, write a link to the file
If InStr(1, strFileContents, strSearchText, 1) then
"<A HREF=""/" & &""">" & & "</A><BR>"
bolFileFound = True
End If
Next
'The following is the recursive part
'If there is a subdirectory, call the Search function
For Each objSubFolder in
Search objSubFolder
Next
End Function
This program will automatically search for all subdirectories below the Web root directory, isn't that bad?
(FSO uses a physical absolute path, not a relative path to the Web Path. For example, what you want to open is c:\inetpub\wwwroot\temp\, not /temp/ or /temp/. To convert the latter path to a physical absolute path, use ("filename").)
As the number of files and subdirectories increases, the program runs longer. Therefore, if you want to provide heavy search functions, it is recommended to use professional tools like Microsoft Index Server.
Use FSO for directory management
Now you know the benefits of FSO? Next, we try to use FSO to do more complex work.
Web directory management is to create, delete, rename and move documents in the web environment. A good web directory management tool can provide users with the same operation method as our usual environment to manage files on the web server.
Let's try renaming the file first. First of all, I want to tell you that unfortunately, FSO does not allow file name change directly, so we have to go around.
<%
' Create a fso object
set fso = ("")
path = "c:\temp\"
strDate = Replace(Date(), "/", "")
strDir = "c:\inetpub\wwwroot\articles\" & strDate
strNewFileName = Hour(Now) & "_" & Minute(Now) & "_" &second(Now) & ".html"
'Open old file
set file = (path, 1) <-- for reading
strText =
set file = nothing
' Check whether you want to create a folder
if not ((strDir)) then
set f = ((strDir))
else
set f = ((strDir))
end if
' Create and write a new file
set file = ( & "\" & strNewFileName)
(strText)
set f = nothing
set file = nothing
'Delete old files
(path & "\" & rst("FileName") & i)
'Clear
set fso = nothing
%>
We are here to give this example in particular because FSO has defects in this function, so we must go in two steps. First create a new file. Note that since the user may change the file to another directory, we must determine whether the new directory exists (that is, if not that code). After the new file is built, delete the old file with .
Weaknesses in FSO functions
FSO still has some weaknesses. For example, it is less convenient when dealing with binary files. For many files like MS Word documents, images, etc., you can only perform operations such as moving, deleting, etc., but not opening, reading/writing. Of course, FSO provides another set of methods to operate them (see MSDN for details), but it is still not as easy as our usual open method.
Another deficiency is related to file size. Since FSO operations require frequent reading of file content into memory, the size of the file is required, so if you want to deal with large files or a lot of small files, the memory overhead will be considerable and may have an impact on the system's running speed. The solution is to process large files in segments and remember to clear memory frequently (set variables to null or "", set object = nothing).
In addition, FSO cannot change the properties of files and folders. For example, in the example of establishing a guestbook, there is actually a security mechanism that we have not implemented, which is to set the properties of the file that saves information to read-only, and only temporarily change it to writeable when updated, and then change it back to read-only after writing. Many guestbook programs written in CGI or Perl have this function, but unfortunately, this function cannot be implemented with FSO.
What else can FSO do?
Overall, FSO is still very powerful. FSO also has some cool features that no one generally notices. Here are some lists, and when you finish reading it, you may say, "Ah, why didn't I know before?" Haha.
GetSpecialFolder method
Returns a special Windows file directory: Windows installation file directory, system file directory, temporary file directory. The usage methods are: ([0, 1, or 2])
GetTempName method
Returns a randomly generated temporary file or folder. This function is particularly useful when processing the large files are divided and processed as mentioned above. (Begging Cat: If Win98 often crashes, we can often see a large number of random file names with length 0 in the Windows root directory, which is probably the purpose of this)
GetAbsolutePathName method
Returns the absolute path to a folder (somewhat looks like). For example, ("region") will return a path like "c:\mydocs\myfolder\region", depending on your current directory.
GetExtensionName method
Returns the file extension. For example ("c:\docs\") returns "txt".
GetBaseName and GetParentFolder methods
Returns the root directory name and the parent directory name respectively. For example ("c:\docs\mydocs") returns "docs".
Drives Properties
Returns a collection of all drives on the machine. If you want to create an explorer-style interface, this feature is very useful.
Remember to establish a complete error information processing mechanism, because if these functions encounter errors such as folders do not exist, they will return some hateful error codes.
After seeing this, do you think FSO is useful? In fact, what we are talking about is just the tip of the iceberg. You can also see more discussions on this topic on large sites such as Enfused.
Copyright 1999-2000 Corp. All RIGHTS RESERVED.
I knew a long time ago (actually just a few months) that Chinaasp has an actual effect like a hacker's ASE program. Recently, Chinaasp has provided the full text search function in the essence area. It seems that the file system object components are still very useful, right? If you are interested in this, you can check out this article. This article is introductory, and it depends on yourself to practice, haha.
Note: What we want to operate below is the file system of the web server, so first you need to make sure that you have sufficient permissions to the server. If you don't want to bother your Web Master, you can also use Microsoft's Personal Web Server to perform your experiments.
FSO objects include
Drive Object is used to access local disks or network disks.
File System Object (FielSystemObject) is used to access file systems
Folder Object is used to access various properties of folders
TextStream Object (TS for short) access file content
Using the above objects, you can do whatever you want on a computer, but it may also cause disasters. Therefore, you should pay attention to security when using FSO, especially in web applications, the web server will store important information such as user information, log files, etc., and you should be extra careful. In this article, we mainly discuss FSO objects and TextStream objects
(FSO is provided by Microsoft, so this article only applies to ASP programming under Windows operating systems.)
How to use FSO?
Before you start doing bad things, you must first learn to build a FSO. If you have created objects in ASP, this is easy to do:
<%
Set fso = ("")
%>
Now that we have established FSO and assigned the variable fso, we can use the method we are familiar with to use (if you are not familiar with the operation of the object, please go to make up for it yourself, I will not be here). In the following example, mainly used is and.
(The FSO module comes from the script runtime library provided by Microsoft. Many application systems will call it, such as Access, Word, etc., and is not specially developed for ASP applications.)
Here are some of the FSO methods we want to use:
CopyFile Copy one or more files
CreateTextFile Creates a file and returns a TS object
DeleteFile Delete a file
OpenTextFile Opens a file and returns a TS object that can be used for reading and adding.
To get the complete FSO method, see MSDN. Let’s see an example below.
Write a file
Imagine that you want to build a simple guestbook without using complex databases, or your ISP restricts you from using databases, you can use FSO to do it.
Suppose you want to collect information from the form submitted by the user, and write it like this in html.
<html>
<body>
<form action="" method="post">
<input type="text" size="10" name="username">
<input type="text" size="10" name="homepage">
<input type="text" size="10" name="Email">
</form>
</body>
</html>
Let's take a look at what is used to handle this form.
<%
' Get form information
strName = ("username")
strHomePage = ("homepage")
strEmail = ("Email")
' Create a fso object
Set fso = ("")
path = "c:\temp\"
ForReading = 1, ForWriting = 2, ForAppending = 3
'Open the file
set file = (path, ForAppending, TRUE)
' Write information to a file
(strName) & vbcrlf
(strHomePage) & vbcrlf
(strEmail) & vbcrlf
' Close and clear the object
set file = nothing
set fso = nothing
Look at the above, the OpenTextFile method returns a TS object, which provides a series of methods such as Write, ReadLine, SkipLine, etc. to manipulate file content. The VB constant vbcrlf is a newline character.
(We specified the TRUE parameter in the OpentextFile method to notify the system to generate a new file when the file does not exist. If TRUE is not used, an ugly error message will be returned when the file does not exist.)
Now open c:\temp\ and you can see the following information:
User's name
User's home page
User's email
Of course, the actual content is the user's input. Ha, a simple guestbook is born.
Read the file
OK, now our guestbook has stored a lot of user information. If a user wants to see the information of our visitors at this time, we have to restore the information. Since it is not a database, you have to solve the segmentation problem by yourself. Look, every three lines are the information of a user, which is easy to deal with:
<%
' Create a fso object
set fso = ("")
path = "c:\temp\"
'Open the file
set file = (path, 1) <-- for reading
do until
("Name: " & & " ")
("Home Page: " & & " ")
("Email: " & & "<p>")
loop
' Close and clear
set file = nothing
set fso = nothing
%>
(Here we just simply output the information, you can adjust it according to the actual situation, including output to tables and DHTML form.)
The ReadLine method is used to read a line from a file. The next time you call the ReadLine method, the next line will be read. AtEndOfStream is an attribute of the TS object, allowing you to know whether the end of the file is reached.
Assuming that there is a problem with the file for some reason, such as a user only has two lines, we will get the following error message:
Server object error 'ASP 0177 : 800a003e'
Therefore, it is necessary to add some error handling code.
FSO permission issues
Now that we have some basic understanding of FSO, it is time to discuss the permissions of FSO. The FSO's read permission is the permissions that the account that created the FSO has. If someone uses this page from the Internet, the Internet account is created. If you use the administrator to log in and access the page natively, the established FSO has the administrator permissions.
Internet accounts (IUSER_machine name) usually only have read permissions, which means that users can never write guestbook files. So we have to find a way to solve it.
The first method is to let the user first log in with an account with write permissions. But in fact, all users accessing from the Internet log in as anonymous, so this method is difficult to implement.
The second method is to create a directory that allows users with an account to read and write to IUSER_machine name. But this may lead to security vulnerabilities. If the hacker knows this directory, you can write some code inside and run it in some way, then you will be miserable. So it is best to build this directory outside the web path (that is, outside the inetpub path).
Use FSO to implement search function
Now let's do a step further and implement search functionality on our Web site with FSO. The key to building a search engine is recursion.
First, create a search page. Suppose we have provided the user with a page to enter the search string.
Dim objFolder
Dim strSearchText
Dim objFSO
strSearchText = ("SearchText") <-- Search string
' Create FSO and folder objects
Set fso = ("")
Set objFolder = (("/"))
Search objFolder
The above code just does some variable initialization work, and the real serach work is performed by the following Search function.
Function Search(objFolder)
Dim objSubFolder
'Collapse searches for each file in the current folder
For Each objFile in
Set objTextStream = (,1) <-- For Reading
'Read the file content into a variable
strFileContents =
'If the string is found in the file, write a link to the file
If InStr(1, strFileContents, strSearchText, 1) then
"<A HREF=""/" & &""">" & & "</A><BR>"
bolFileFound = True
End If
Next
'The following is the recursive part
'If there is a subdirectory, call the Search function
For Each objSubFolder in
Search objSubFolder
Next
End Function
This program will automatically search for all subdirectories below the Web root directory, isn't that bad?
(FSO uses a physical absolute path, not a relative path to the Web Path. For example, what you want to open is c:\inetpub\wwwroot\temp\, not /temp/ or /temp/. To convert the latter path to a physical absolute path, use ("filename").)
As the number of files and subdirectories increases, the program runs longer. Therefore, if you want to provide heavy search functions, it is recommended to use professional tools like Microsoft Index Server.
Use FSO for directory management
Now you know the benefits of FSO? Next, we try to use FSO to do more complex work.
Web directory management is to create, delete, rename and move documents in the web environment. A good web directory management tool can provide users with the same operation method as our usual environment to manage files on the web server.
Let's try renaming the file first. First of all, I want to tell you that unfortunately, FSO does not allow file name change directly, so we have to go around.
<%
' Create a fso object
set fso = ("")
path = "c:\temp\"
strDate = Replace(Date(), "/", "")
strDir = "c:\inetpub\wwwroot\articles\" & strDate
strNewFileName = Hour(Now) & "_" & Minute(Now) & "_" &second(Now) & ".html"
'Open old file
set file = (path, 1) <-- for reading
strText =
set file = nothing
' Check whether you want to create a folder
if not ((strDir)) then
set f = ((strDir))
else
set f = ((strDir))
end if
' Create and write a new file
set file = ( & "\" & strNewFileName)
(strText)
set f = nothing
set file = nothing
'Delete old files
(path & "\" & rst("FileName") & i)
'Clear
set fso = nothing
%>
We are here to give this example in particular because FSO has defects in this function, so we must go in two steps. First create a new file. Note that since the user may change the file to another directory, we must determine whether the new directory exists (that is, if not that code). After the new file is built, delete the old file with .
Weaknesses in FSO functions
FSO still has some weaknesses. For example, it is less convenient when dealing with binary files. For many files like MS Word documents, images, etc., you can only perform operations such as moving, deleting, etc., but not opening, reading/writing. Of course, FSO provides another set of methods to operate them (see MSDN for details), but it is still not as easy as our usual open method.
Another deficiency is related to file size. Since FSO operations require frequent reading of file content into memory, the size of the file is required, so if you want to deal with large files or a lot of small files, the memory overhead will be considerable and may have an impact on the system's running speed. The solution is to process large files in segments and remember to clear memory frequently (set variables to null or "", set object = nothing).
In addition, FSO cannot change the properties of files and folders. For example, in the example of establishing a guestbook, there is actually a security mechanism that we have not implemented, which is to set the properties of the file that saves information to read-only, and only temporarily change it to writeable when updated, and then change it back to read-only after writing. Many guestbook programs written in CGI or Perl have this function, but unfortunately, this function cannot be implemented with FSO.
What else can FSO do?
Overall, FSO is still very powerful. FSO also has some cool features that no one generally notices. Here are some lists, and when you finish reading it, you may say, "Ah, why didn't I know before?" Haha.
GetSpecialFolder method
Returns a special Windows file directory: Windows installation file directory, system file directory, temporary file directory. The usage methods are: ([0, 1, or 2])
GetTempName method
Returns a randomly generated temporary file or folder. This function is particularly useful when processing the large files are divided and processed as mentioned above. (Begging Cat: If Win98 often crashes, we can often see a large number of random file names with length 0 in the Windows root directory, which is probably the purpose of this)
GetAbsolutePathName method
Returns the absolute path to a folder (somewhat looks like). For example, ("region") will return a path like "c:\mydocs\myfolder\region", depending on your current directory.
GetExtensionName method
Returns the file extension. For example ("c:\docs\") returns "txt".
GetBaseName and GetParentFolder methods
Returns the root directory name and the parent directory name respectively. For example ("c:\docs\mydocs") returns "docs".
Drives Properties
Returns a collection of all drives on the machine. If you want to create an explorer-style interface, this feature is very useful.
Remember to establish a complete error information processing mechanism, because if these functions encounter errors such as folders do not exist, they will return some hateful error codes.
After seeing this, do you think FSO is useful? In fact, what we are talking about is just the tip of the iceberg. You can also see more discussions on this topic on large sites such as Enfused.
Copyright 1999-2000 Corp. All RIGHTS RESERVED.