<% '**************************************************** ' Software name:Kesion CMS 9.0 ' Email: service@kesion.com . QQ:111394,9537636 ' Web: http://www.kesion.com http://www.kesion.cn ' Copyright (C) Kesion Network All Rights Reserved. '**************************************************** Dim KS,KSUser Set KS=New PublicCls Dim ID,Node,Action,BSetting,LoginTF,Confirm,Score,LimitScore,FileName ID = KS.ChkClng(KS.S("ID")) Action=KS.G("Action") Confirm=KS.G("Confirm") If Action="hits" Then Set RS=Conn.Execute("Select top 1 hits From KS_UploadFiles Where ID=" &ID) If RS.Eof Then response.Write "document.write('0');" ELSE Response.Write "document.write('" & RS(0) & "');" End If RS.Close : Set RS=Nothing Else Set KSUser=New UserCls LoginTF=KSUser.UserLoginChecked Set RS=Server.CreateObject("adodb.recordset") RS.Open "Select top 1 * From KS_UploadFiles Where ID=" & ID,conn,1,1 If RS.Eof Then RS.Close : Set RS=Nothing head KS.Die "" Else FileName=RS("FileName") Dim ChannelID:ChannelID=KS.ChkClng(RS("ChannelID")) Dim InfoID:InfoID=KS.ChkClng(RS("InfoID")) Dim ClassID:ClassID=RS("ClassID") Dim UserName:UserName=RS("UserName") RS.Close : Set RS=Nothing If ChannelID<2000 Then '模型附件 Dim AnnexPoint:AnnexPoint=KS.ChkClng(KS.C_S(ChannelID,50)) If AnnexPoint<=0 Then Call DownLoad() Else Dim ModelChargeType:ModelChargeType=KS.ChkClng(KS.C_S(ChannelID,34)) Call CheckConfirm(AnnexPoint,ModelChargeType) End If ElseIf ChannelID=9994 and ClassID<>0 Then '论坛附件 KS.LoadClubBoard Set Node=Application(KS.SiteSN&"_ClubBoard").DocumentElement.SelectSingleNode("row[@id=" & ClassID &"]") If Node Is Nothing Then head:KS.Die "" BSetting=Node.SelectSingleNode("@settings").text BSetting=BSetting & "$$$0$0$0$0$0$0$0$0$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" BSetting=Split(BSetting,"$") LimitScore=KS.ChkClng(BSetting(15)) Score=KS.ChkClng(BSetting(16)) If (LimitScore>0 or Score>0) And LoginTF=false Then head:KS.Die "" End If If LimitScore>0 and KS.ChkClng(KSUser.GetUserInfo("Score"))$.dialog.alert('对不起,本附件设置用户积分达到" & LimitScore & "分才可以下载,您当前积分"+KSUser.GetUserInfo("Score")+"分!',function(){});" End If If BSetting(0)="0" Then '不允许游客浏览时才进一步判断权限 Dim CheckResult:CheckResult=CheckPermissions(KSUser,BSetting) '检查访问检查 If CheckResult<>"true" Then %> 没权限提示 <% KS.Die CheckResult End If End If Call CheckConfirm(Score,2) End If DownLoad() End If End If '下载论坛附件,需先检查进入版面权限 Function CheckPermissions(KSUser,BSetting) If KSUser.GroupID="1" Then CheckPermissions="true":Exit Function Dim GroupPurview:GroupPurview= True : If Not KS.IsNul(BSetting(1)) and (KS.FoundInArr(Replace(BSetting(1)," ",""),KSUser.GroupID,",")=false Or LoginTF=false) Then GroupPurview=false Dim UserPurview:UserPurview=True : If Not KS.IsNul(BSetting(10)) and (KS.FoundInArr(BSetting(10),KSUser.UserName,",")=false or LoginTF=false) Then UserPurview=false If KSUser.GetUserInfo("ClubSpecialPower")="1" Then UserPurview=true:GroupPurview=True Dim ScorePurview:ScorePurview=KS.ChkClng(BSetting(11)) Dim MoneyPurview:MoneyPurview=KS.ChkClng(BSetting(12)) Dim Edays:Edays=0:If LoginTF=True Then Edays=KSUser.GetEdays If BSetting(0)="0" And KS.IsNul(KS.C("UserName")) Then CheckPermissions=GetClubErrTips("error1",true) ElseIf Bsetting(54)="2" And KS.ChkClng(Edays)>0 Then CheckPermissions="true" ElseIf Bsetting(54)="1" And KS.ChkClng(Edays)<0 Then CheckPermissions=GetClubErrTips("error2",true) Else If ((GroupPurview=false and Not KS.IsNul(BSetting(10))) or (UserPurview=false)) and boardid<>0 Then CheckPermissions=GetClubErrTips("error1",true) ElseIf KS.ChkClng(KSUser.GetUserInfo("Score"))0 Then CheckPermissions=Replace(Replace(GetClubErrTips("error3",true),"{$Tips}","积分" &ScorePurView&"分"),"{$CurrTips}","积分" & KSUser.GetUserInfo("Score") & "分") ElseIf KS.ChkClng(KSUser.GetUserInfo("Money"))0 Then CheckPermissions=Replace(Replace(GetClubErrTips("error3",true),"{$Tips}","资金¥" &formatnumber(MoneyPurview,2,-1,-1)&"元"),"{$CurrTips}","资金¥" & formatnumber(KSUser.GetUserInfo("money"),2,-1,-1) & "元") Else CheckPermissions="true" End If End If End Function Function GetClubErrTips(ErrId,ShowBack) Dim Str:str="
" &_ "
" & LFCls.GetConfigFromXML("GuestBook","/guestbook/template",ErrId) & "
"&_ "
" If ShowBack Then str=str &"" End If GetClubErrTips=str &"
" End Function '权限下载附件并扣费处理 Sub CheckConfirm(Point,ModelChargeType) If Point<=0 Then DownLoad() : Exit Sub Dim ChargeStr,TableName,DateField,CurrPoint Select Case ModelChargeType case 0 ChargeStr=KS.Setting(46)&KS.Setting(45) : TableName="KS_LogPoint" : DateField="AddDate" : CurrPoint=KSUser.GetUserInfo("Point") case 1 ChargeStr="元人民币": TableName="KS_LogMoney" : DateField="PayTime": CurrPoint=KSUser.GetUserInfo("Money") case 2 ChargeStr="分积分": TableName="KS_LogScore": DateField="AddDate": CurrPoint=KSUser.GetUserInfo("Score") case else exit sub End Select If Point>0 And Cbool(KSUser.UserLoginChecked)=false Then head:KS.Die "" ElseIf Point>0 and KS.ChkClng(CurrPoint)$.dialog.alert('对不起,下载本附件需要消费" & Point & ChargeStr & ",您当前剩余" & CurrPoint & ChargeStr&",不足支付!',function(){});" Else If Conn.Execute("Select top 1 * From " & TableName & " Where UserName='" & KSUser.UserName & "' and datediff(" & DataPart_H &"," & DateField & "," & SqlNowString & ")<24 and ChannelID=9994 and InfoID=" & ID).Eof And KSUser.UserName<>UserName Then If Confirm<>"true" Then head:KS.Die "" Else Select Case ModelChargeType case 0 If Round(KSUser.GetUserInfo("Point"))-round(point)<0 Then head:KS.Die "" ElseIF Cbool(KS.PointInOrOut(9994,ID,KSUser.UserName,2,Point,"系统","下载附件[附件ID号:" & ID & "]!",0))=True Then DownLoad() Else head:KS.Die "" End If case 1 If Round(KSUser.GetUserInfo("money"))-round(point)<0 Then head:KS.Die "" ElseIF Cbool(KS.MoneyInOrOut(KSUser.UserName,KSUser.UserName,Point,4,2,now,0,"系统","下载附件[附件ID号:" & ID & "]!",9994,ID,1))=True Then DownLoad() Else head:KS.Die "" End If case 2 Session("ScoreHasUse")="+" '设置只累计消费积分 If Round(KSUser.GetUserInfo("score"))-round(point)<0 Then head:KS.Die "" ElseIf Cbool(KS.ScoreInOrOut(KSUser.UserName,1,Point,"系统","下载附件[附件ID号:" & ID & "]!",9994,id)) Then DownLoad() Else head:KS.Die "" End If Session("ScoreHasUse")="" end select End If Else DownLoad() End If End If End Sub Sub DownLoad() Conn.Execute("Update KS_UploadFiles Set Hits=Hits+1 Where ID=" & ID) Dim FileOldName:FileOldName=Request("FName") 'ks.die FileName If KS.IsNul(FileOldName) Then Response.Redirect FileName Else FileOldName=replace(FileOldName,"&","&") if instr(lcase(FileOldName),lcase(request("ext")))=0 then FileOldName=FileOldName & "." & request("ext") if left(lcase(FileName),4)="http" then FileName=Replace(FileName,KS.Setting(2),"") if left(lcase(FileName),4)="http" or right(lcase(FileName),4)=".asp" then response.Redirect(FileName) else call downloadFile(Server.MapPath(FileName),FileOldName) end if End If KS.Die "" End Sub Sub downloadFile(strFile,FileOldName) if right("00000000"&lcase(strfile),4)=".asp" or right("00000000"&lcase(strfile),5)=".aspx" or right("00000000"&lcase(strfile),4)=".asa" or right("00000000"&lcase(strfile),4)=".php" or right("00000000"&lcase(strfile),4)=".jsp" then ks.die "" end if Server.ScriptTimeOut=999999 Dim fso,f,intFilelength,strFilename,DownFileName Set fso = Server.CreateObject("Scripting.FileSystemObject") If Not fso.FileExists(strFile) Then head:Response.Write("") Exit Sub End If Set f = fso.GetFile(strFile) Set fso=Nothing If KS.IsNul(FileOldName) Then DownFileName=f.name Else DownFileName=FileOldName Dim Stream,offset,TotalSize,ChunkSize ,strChunk Response.Buffer=False '将Response.Buffer设为否 Response.ContentType = "application/octet-stream" response.AddHeader "Content-Disposition","attachment;filename=" & DownFileName Set Stream = Server.CreateObject("ADODB.Stream") Stream.type=1 Stream.Open Stream.LoadFromFile strFile offset = 0 ChunkSize = 2048*1024 'ChunkSize小于IIS配制文件中的AspBufferingLimit项所设置的大小 TotalSize = Stream.Size while offset < TotalSize if (TotalSize - offset < ChunkSize) then ChunkSize = TotalSize-offset end if strChunk = Stream.Read(ChunkSize) Response.BinaryWrite strChunk offset = offset + ChunkSize wend Stream.Close End Sub Sub Head() %> <% End Sub Call CloseConn() Set KS=Nothing Set KSUser=Nothing %>