%
'****************************************************
' Software name:Kesion CMS 9.0
' Email: service@kesion.com . QQ:111394,9537636
' Web: http://www.kesion.com http://www.kesion.cn
' Copyright (C) Kesion Network All Rights Reserved.
'****************************************************
Dim KS,KSUser
Set KS=New PublicCls
Dim ID,Node,Action,BSetting,LoginTF,Confirm,Score,LimitScore,FileName
ID = KS.ChkClng(KS.S("ID"))
Action=KS.G("Action")
Confirm=KS.G("Confirm")
If Action="hits" Then
Set RS=Conn.Execute("Select top 1 hits From KS_UploadFiles Where ID=" &ID)
If RS.Eof Then
response.Write "document.write('0');"
ELSE
Response.Write "document.write('" & RS(0) & "');"
End If
RS.Close : Set RS=Nothing
Else
Set KSUser=New UserCls
LoginTF=KSUser.UserLoginChecked
Set RS=Server.CreateObject("adodb.recordset")
RS.Open "Select top 1 * From KS_UploadFiles Where ID=" & ID,conn,1,1
If RS.Eof Then
RS.Close : Set RS=Nothing
head
KS.Die ""
Else
FileName=RS("FileName")
Dim ChannelID:ChannelID=KS.ChkClng(RS("ChannelID"))
Dim InfoID:InfoID=KS.ChkClng(RS("InfoID"))
Dim ClassID:ClassID=RS("ClassID")
Dim UserName:UserName=RS("UserName")
RS.Close : Set RS=Nothing
If ChannelID<2000 Then '模型附件
Dim AnnexPoint:AnnexPoint=KS.ChkClng(KS.C_S(ChannelID,50))
If AnnexPoint<=0 Then
Call DownLoad()
Else
Dim ModelChargeType:ModelChargeType=KS.ChkClng(KS.C_S(ChannelID,34))
Call CheckConfirm(AnnexPoint,ModelChargeType)
End If
ElseIf ChannelID=9994 and ClassID<>0 Then '论坛附件
KS.LoadClubBoard
Set Node=Application(KS.SiteSN&"_ClubBoard").DocumentElement.SelectSingleNode("row[@id=" & ClassID &"]")
If Node Is Nothing Then head:KS.Die ""
BSetting=Node.SelectSingleNode("@settings").text
BSetting=BSetting & "$$$0$0$0$0$0$0$0$0$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$"
BSetting=Split(BSetting,"$")
LimitScore=KS.ChkClng(BSetting(15))
Score=KS.ChkClng(BSetting(16))
If (LimitScore>0 or Score>0) And LoginTF=false Then
head:KS.Die ""
End If
If LimitScore>0 and KS.ChkClng(KSUser.GetUserInfo("Score"))$.dialog.alert('对不起,本附件设置用户积分达到" & LimitScore & "分才可以下载,您当前积分"+KSUser.GetUserInfo("Score")+"分!',function(){});"
End If
If BSetting(0)="0" Then '不允许游客浏览时才进一步判断权限
Dim CheckResult:CheckResult=CheckPermissions(KSUser,BSetting) '检查访问检查
If CheckResult<>"true" Then
%>
没权限提示
<%
KS.Die CheckResult
End If
End If
Call CheckConfirm(Score,2)
End If
DownLoad()
End If
End If
'下载论坛附件,需先检查进入版面权限
Function CheckPermissions(KSUser,BSetting)
If KSUser.GroupID="1" Then CheckPermissions="true":Exit Function
Dim GroupPurview:GroupPurview= True : If Not KS.IsNul(BSetting(1)) and (KS.FoundInArr(Replace(BSetting(1)," ",""),KSUser.GroupID,",")=false Or LoginTF=false) Then GroupPurview=false
Dim UserPurview:UserPurview=True : If Not KS.IsNul(BSetting(10)) and (KS.FoundInArr(BSetting(10),KSUser.UserName,",")=false or LoginTF=false) Then UserPurview=false
If KSUser.GetUserInfo("ClubSpecialPower")="1" Then UserPurview=true:GroupPurview=True
Dim ScorePurview:ScorePurview=KS.ChkClng(BSetting(11))
Dim MoneyPurview:MoneyPurview=KS.ChkClng(BSetting(12))
Dim Edays:Edays=0:If LoginTF=True Then Edays=KSUser.GetEdays
If BSetting(0)="0" And KS.IsNul(KS.C("UserName")) Then
CheckPermissions=GetClubErrTips("error1",true)
ElseIf Bsetting(54)="2" And KS.ChkClng(Edays)>0 Then
CheckPermissions="true"
ElseIf Bsetting(54)="1" And KS.ChkClng(Edays)<0 Then
CheckPermissions=GetClubErrTips("error2",true)
Else
If ((GroupPurview=false and Not KS.IsNul(BSetting(10))) or (UserPurview=false)) and boardid<>0 Then
CheckPermissions=GetClubErrTips("error1",true)
ElseIf KS.ChkClng(KSUser.GetUserInfo("Score"))0 Then
CheckPermissions=Replace(Replace(GetClubErrTips("error3",true),"{$Tips}","积分" &ScorePurView&"分"),"{$CurrTips}","积分" & KSUser.GetUserInfo("Score") & "分")
ElseIf KS.ChkClng(KSUser.GetUserInfo("Money"))0 Then
CheckPermissions=Replace(Replace(GetClubErrTips("error3",true),"{$Tips}","资金¥" &formatnumber(MoneyPurview,2,-1,-1)&"元"),"{$CurrTips}","资金¥" & formatnumber(KSUser.GetUserInfo("money"),2,-1,-1) & "元")
Else
CheckPermissions="true"
End If
End If
End Function
Function GetClubErrTips(ErrId,ShowBack)
Dim Str:str="
"
End Function
'权限下载附件并扣费处理
Sub CheckConfirm(Point,ModelChargeType)
If Point<=0 Then DownLoad() : Exit Sub
Dim ChargeStr,TableName,DateField,CurrPoint
Select Case ModelChargeType
case 0 ChargeStr=KS.Setting(46)&KS.Setting(45) : TableName="KS_LogPoint" : DateField="AddDate" : CurrPoint=KSUser.GetUserInfo("Point")
case 1 ChargeStr="元人民币": TableName="KS_LogMoney" : DateField="PayTime": CurrPoint=KSUser.GetUserInfo("Money")
case 2 ChargeStr="分积分": TableName="KS_LogScore": DateField="AddDate": CurrPoint=KSUser.GetUserInfo("Score")
case else exit sub
End Select
If Point>0 And Cbool(KSUser.UserLoginChecked)=false Then
head:KS.Die ""
ElseIf Point>0 and KS.ChkClng(CurrPoint)$.dialog.alert('对不起,下载本附件需要消费" & Point & ChargeStr & ",您当前剩余" & CurrPoint & ChargeStr&",不足支付!',function(){});"
Else
If Conn.Execute("Select top 1 * From " & TableName & " Where UserName='" & KSUser.UserName & "' and datediff(" & DataPart_H &"," & DateField & "," & SqlNowString & ")<24 and ChannelID=9994 and InfoID=" & ID).Eof And KSUser.UserName<>UserName Then
If Confirm<>"true" Then
head:KS.Die ""
Else
Select Case ModelChargeType
case 0
If Round(KSUser.GetUserInfo("Point"))-round(point)<0 Then
head:KS.Die ""
ElseIF Cbool(KS.PointInOrOut(9994,ID,KSUser.UserName,2,Point,"系统","下载附件[附件ID号:" & ID & "]!",0))=True Then
DownLoad()
Else
head:KS.Die ""
End If
case 1
If Round(KSUser.GetUserInfo("money"))-round(point)<0 Then
head:KS.Die ""
ElseIF Cbool(KS.MoneyInOrOut(KSUser.UserName,KSUser.UserName,Point,4,2,now,0,"系统","下载附件[附件ID号:" & ID & "]!",9994,ID,1))=True Then
DownLoad()
Else
head:KS.Die ""
End If
case 2
Session("ScoreHasUse")="+" '设置只累计消费积分
If Round(KSUser.GetUserInfo("score"))-round(point)<0 Then
head:KS.Die ""
ElseIf Cbool(KS.ScoreInOrOut(KSUser.UserName,1,Point,"系统","下载附件[附件ID号:" & ID & "]!",9994,id)) Then
DownLoad()
Else
head:KS.Die ""
End If
Session("ScoreHasUse")=""
end select
End If
Else
DownLoad()
End If
End If
End Sub
Sub DownLoad()
Conn.Execute("Update KS_UploadFiles Set Hits=Hits+1 Where ID=" & ID)
Dim FileOldName:FileOldName=Request("FName")
'ks.die FileName
If KS.IsNul(FileOldName) Then
Response.Redirect FileName
Else
FileOldName=replace(FileOldName,"&","&")
if instr(lcase(FileOldName),lcase(request("ext")))=0 then FileOldName=FileOldName & "." & request("ext")
if left(lcase(FileName),4)="http" then FileName=Replace(FileName,KS.Setting(2),"")
if left(lcase(FileName),4)="http" or right(lcase(FileName),4)=".asp" then
response.Redirect(FileName)
else
call downloadFile(Server.MapPath(FileName),FileOldName)
end if
End If
KS.Die ""
End Sub
Sub downloadFile(strFile,FileOldName)
if right("00000000"&lcase(strfile),4)=".asp" or right("00000000"&lcase(strfile),5)=".aspx" or right("00000000"&lcase(strfile),4)=".asa" or right("00000000"&lcase(strfile),4)=".php" or right("00000000"&lcase(strfile),4)=".jsp" then
ks.die ""
end if
Server.ScriptTimeOut=999999
Dim fso,f,intFilelength,strFilename,DownFileName
Set fso = Server.CreateObject("Scripting.FileSystemObject")
If Not fso.FileExists(strFile) Then
head:Response.Write("")
Exit Sub
End If
Set f = fso.GetFile(strFile)
Set fso=Nothing
If KS.IsNul(FileOldName) Then DownFileName=f.name Else DownFileName=FileOldName
Dim Stream,offset,TotalSize,ChunkSize ,strChunk
Response.Buffer=False '将Response.Buffer设为否
Response.ContentType = "application/octet-stream"
response.AddHeader "Content-Disposition","attachment;filename=" & DownFileName
Set Stream = Server.CreateObject("ADODB.Stream")
Stream.type=1
Stream.Open
Stream.LoadFromFile strFile
offset = 0
ChunkSize = 2048*1024 'ChunkSize小于IIS配制文件中的AspBufferingLimit项所设置的大小
TotalSize = Stream.Size
while offset < TotalSize
if (TotalSize - offset < ChunkSize) then
ChunkSize = TotalSize-offset
end if
strChunk = Stream.Read(ChunkSize)
Response.BinaryWrite strChunk
offset = offset + ChunkSize
wend
Stream.Close
End Sub
Sub Head()
%>
<%
End Sub
Call CloseConn()
Set KS=Nothing
Set KSUser=Nothing
%>