<% @ Language=VBScript %> <% Option Explicit %> <% '**************************************************************************************** '** Copyright Notice '** '** Web Wiz Forums(TM) '** http://www.webwizforums.com '** '** Copyright (C)2001-2008 Web Wiz(TM). All Rights Reserved. '** '** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS UNDER LICENSE FROM 'WEB WIZ'. '** '** IF YOU DO NOT AGREE TO THE LICENSE AGREEMENT THEN 'WEB WIZ' IS UNWILLING TO LICENSE '** THE SOFTWARE TO YOU, AND YOU SHOULD DESTROY ALL COPIES YOU HOLD OF 'WEB WIZ' SOFTWARE '** AND DERIVATIVE WORKS IMMEDIATELY. '** '** If you have not received a copy of the license with this work then a copy of the latest '** license contract can be found at:- '** '** http://www.webwizguide.com/license '** '** For more information about this software and for licensing information please contact '** 'Web Wiz' at the address and website below:- '** '** Web Wiz, Unit 10E, Dawkins Road Industrial Estate, Poole, Dorset, BH15 4JD, England '** http://www.webwizguide.com '** '** Removal or modification of this copyright notice will violate the license contract. '** '**************************************************************************************** '*************************** SOFTWARE AND CODE MODIFICATIONS **************************** '** '** MODIFICATION OF THE FREE EDITIONS OF THIS SOFTWARE IS A VIOLATION OF THE LICENSE '** AGREEMENT AND IS STRICTLY PROHIBITED '** '** If you wish to modify any part of this software a license must be purchased '** '**************************************************************************************** 'Set the response buffer to true Response.Buffer = True 'Dimension variables Dim strMode 'Holds the mode of the page, set to true if changes are to be made to the database Dim intMaxImageSize 'Holds the max image size Dim strFileTypes 'Holds the file types Dim intMaxFileSize 'Holds the max file size Dim strFilePath 'Holds the path to the files Dim blnAvatarEnabled 'Set to true if avatars are enabled Dim strAvatarTypes 'Holds the avatar types Dim intMaxAvatarSize 'Holds the max avatar size Dim saryBadFileTypes(56)'Array for bad file types Dim blnBadFileType 'Found bad file type Dim intLoopCounter 'Loop counter Dim intLoopCounter2 'Loop counter Dim strBadFileTypeName 'For error message Dim saryImageFileType 'Array holding the file types Dim intAllocatedSpace 'Holds the amount of allocated space that the user is allowed for uploading blnBadFileType = false 'Read in the details from the form strUploadComponent = Request.Form("component") strImageTypes = Request.Form("imageTypes") intAllocatedSpace = Request.Form("allocatedSpace") intMaxImageSize = CInt(Request.Form("imageSize")) strFileTypes = Request.Form("fileTypes") intMaxFileSize = CInt(Request.Form("fileSize")) strAvatarTypes = Request.Form("avatarTypes") intMaxAvatarSize = CInt(Request.Form("avatarSize")) blnAvatarEnabled = CBool(Request.Form("avatar")) If blnACode OR strInstallID = "" Then Call closeDatabase() Response.Redirect("admin_web_wiz_forums_premium.asp" & strQsSID1) End If 'If a hacker gains control of the admin account they can use the upload tool to upload files to the server to hack the entire site 'To prevent this certain file types are not allowed If Request.Form("postBack") Then 'List of bad file types 'ISAPI and CGI web page extensions (can be used to hack site) saryBadFileTypes(0) = "asax" saryBadFileTypes(1) = "ascx" saryBadFileTypes(2) = "ashx" saryBadFileTypes(3) = "asmx" saryBadFileTypes(4) = "aspx" saryBadFileTypes(5) = "asp" saryBadFileTypes(6) = "asa" saryBadFileTypes(7) = "asr" saryBadFileTypes(8) = "axd" saryBadFileTypes(9) = "cdx" saryBadFileTypes(10) = "cer" saryBadFileTypes(11) = "cgi" saryBadFileTypes(12) = "class" saryBadFileTypes(13) = "config" saryBadFileTypes(14) = "com" saryBadFileTypes(15) = "cs" saryBadFileTypes(16) = "csproj" saryBadFileTypes(17) = "cnf" saryBadFileTypes(18) = "dll" saryBadFileTypes(19) = "edml" saryBadFileTypes(20) = "exe" saryBadFileTypes(21) = "idc" saryBadFileTypes(22) = "inc" saryBadFileTypes(23) = "isp" saryBadFileTypes(24) = "licx" saryBadFileTypes(25) = "php3" saryBadFileTypes(26) = "php4" saryBadFileTypes(27) = "php5" saryBadFileTypes(28) = "php" saryBadFileTypes(29) = "phtml" saryBadFileTypes(30) = "pl" saryBadFileTypes(31) = "rem" saryBadFileTypes(32) = "resources" saryBadFileTypes(33) = "resx" saryBadFileTypes(34) = "shtm" saryBadFileTypes(35) = "shtml" saryBadFileTypes(36) = "soap" saryBadFileTypes(37) = "stm" saryBadFileTypes(38) = "vsdisco" saryBadFileTypes(39) = "vbe" saryBadFileTypes(40) = "vbs" saryBadFileTypes(41) = "vbx" saryBadFileTypes(42) = "vb" saryBadFileTypes(43) = "webinfo" saryBadFileTypes(44) = "cfm" saryBadFileTypes(45) = "ssi" saryBadFileTypes(46) = "swf" saryBadFileTypes(47) = "vbs" saryBadFileTypes(48) = "tpl" saryBadFileTypes(49) = "cfc" saryBadFileTypes(50) = "jst" saryBadFileTypes(51) = "jsp" saryBadFileTypes(52) = "jse" saryBadFileTypes(53) = "jsf" saryBadFileTypes(54) = "js" saryBadFileTypes(55) = "java" saryBadFileTypes(56) = "wml" saryBadFileTypes(56) = "xslt" 'Remove spaces and dots in file types strFileTypes = Replace(strFileTypes, " ", "", 1, -1, 1) strFileTypes = Replace(strFileTypes, ".", "", 1, -1, 1) strImageTypes = Replace(strImageTypes, " ", "", 1, -1, 1) strImageTypes = Replace(strImageTypes, ".", "", 1, -1, 1) strAvatarTypes = Replace(strAvatarTypes, " ", "", 1, -1, 1) strAvatarTypes = Replace(strAvatarTypes, ".", "", 1, -1, 1) 'Place the file and image types into an array saryImageFileType = Split(Trim(strImageTypes) & ";" & Trim(strFileTypes) & ";" & Trim(strAvatarTypes), ";") 'Loop through all the allowed extensions and see if the image has one For intLoopCounter = 0 To UBound(saryImageFileType) 'Loop through each of the file types For intLoopCounter2 = 0 To UBound(saryBadFileTypes) 'Check to see if the image extension is allowed If LCase(saryImageFileType(intLoopCounter)) = LCase(saryBadFileTypes(intLoopCounter2)) Then blnBadFileType = True strBadFileTypeName = strBadFileTypeName & saryBadFileTypes(intLoopCounter2)& ", " End If Next Next End If 'Initialise the SQL variable with an SQL statement to get the configuration details from the database strSQL = "SELECT " & strDbTable & "Configuration.* " & _ "From " & strDbTable & "Configuration " & _ "WHERE " & strDbTable & "Configuration.ID = 1;" 'Set the cursor type property of the record set to Dynamic so we can navigate through the record set rsCommon.CursorType = 2 'Set the Lock Type for the records so that the record set is only locked when it is updated rsCommon.LockType = 3 'Query the database rsCommon.Open strSQL, adoCon 'If the user is changing the upload setup then update the database If Request.Form("postBack") AND blnBadFileType = false Then With rsCommon 'Update the recordset If blnDemoMode = False Then .Fields("Upload_component") = strUploadComponent .Fields("Upload_img_types") = strImageTypes .Fields("Upload_img_size") = intMaxImageSize .Fields("Upload_files_type") = strFileTypes .Fields("Upload_files_size") = intMaxFileSize .Fields("Upload_avatar_types") = strAvatarTypes .Fields("Upload_avatar_size") = intMaxAvatarSize .Fields("Upload_avatar") = blnAvatarEnabled .Fields("Upload_allocation") = intAllocatedSpace 'Update the database with the new user's details .Update End If 'Re-run the query to read in the updated recordset from the database .Requery End With 'Empty the application level variable so that the changes made are seen in the main forum Application.Lock Application(strAppPrefix & "blnConfigurationSet") = false Application.UnLock End If 'Read in the deatils from the database If NOT rsCommon.EOF Then 'Read in the e-mail setup from the database strUploadComponent = rsCommon("Upload_component") strImageTypes = rsCommon("Upload_img_types") intMaxImageSize = CInt(rsCommon("Upload_img_size")) strFileTypes = rsCommon("Upload_files_type") intMaxFileSize = CInt(rsCommon("Upload_files_size")) strAvatarTypes = rsCommon("Upload_avatar_types") intMaxAvatarSize = CInt(rsCommon("Upload_avatar_size")) blnAvatarEnabled = CBool(rsCommon("Upload_avatar")) If isNull(rsCommon("Upload_allocation")) Then intAllocatedSpace = 1 Else intAllocatedSpace = CInt(rsCommon("Upload_allocation")) End If 'Close db rsCommon.Close 'Initalise the strSQL variable with an SQL statement to query the database 'WHERE cluse added to get round bug in myODBC which won't run an ADO update unless you have a WHERE cluase strSQL = "SELECT " & strDbTable & "Group.* " & _ "FROM " & strDbTable & "Group " & _ "WHERE " & strDbTable & "Group.Group_ID > 0 " & _ "ORDER BY " & strDbTable & "Group.Group_ID ASC;" 'Set the cursor type property of the record set to Dynamic so we can navigate through the record set rsCommon.CursorType = 2 'Set the Lock Type for the records so that the record set is only locked when it is updated rsCommon.LockType = 3 'Query the database rsCommon.Open strSQL, adoCon 'Update the db with file and image upload for groups If Request.Form("postBack") AND blnBadFileType = false Then 'Loop through cats Do While NOT rsCommon.EOF 'Update the recordset rsCommon.Fields("Image_uploads") = CBool(Request.Form("imageGroup" & rsCommon("Group_ID"))) rsCommon.Fields("File_uploads") = CBool(Request.Form("fileGroup" & rsCommon("Group_ID"))) 'Update the database rsCommon.Update 'Move to next record in rs rsCommon.MoveNext Loop 'Re-run the query to read in the updated recordset from the database '.Requery End If %> Upload Settings <% '***** START WARNING - REMOVAL OR MODIFICATION OF THIS CODE WILL VIOLATE THE LICENSE AGREEMENT ****** Response.Write("" & vbCrLf) '***** END WARNING - REMOVAL OR MODIFICATION OF THIS CODE WILL VIOLATE THE LICENSE AGREEMENT ****** %>

Upload Settings


Control Panel Menu

Important - Please Read First!
To be able to use file and image upload in your forums, you must have an upload component installed on the web server, if you are unsure about this check with your web hosts, if they have any of the upload components mentioned below installed.

If you run the web server yourself then you could download and install one of the following supported components.

You will also need to make sure that the upload folder and it's subfolders have read, write and modify permissions for the Internet User Account (IUSR_<MachineName>) and is inside the root of your forum.

Please note: - The ASP File System Object (FSO) is also required when using upload features, check with your web hosting company that they have not disabled this object.

Security Warning - Best Practice
Allowing users to upload their own files and images requires that write and modify permissions are enabled on the upload directory for the Internet User Account (IUSR). The best practice for this is to ONLY allow write and modify permissions on the upload directory and 'read only' permissions for the rest of your web site. In the event that your site comes under attack from a hacker who manages to gain control through the IUSR account, this measure prevents the hacker from destroying or defacing the rest of your web site.


General Upload Setup
Upload Component to use:
Check with your web hosting company which component, if any they support. Free web hosts usually won't support any.
Allocated Upload Space:
This is the amount of space allocated to each of your members on the server for uploading files and images to.
MB
Image Upload
Image Types*
Place the types of images that can be uploaded in posts. Separate the different image types with a semi-colon.
eg. jpg;jpeg;gif;png
/>
Maximum Image File Size
This is the maximum file size of images in Kilobytes.
KB
Select Which Groups are Permitted to Upload Images <% 'Query the database rsCommon.MoveFirst 'Loop through cats Do While NOT rsCommon.EOF 'If not guest group display group to be selected for uploading (you would be stupid to allow a security risk like uploading by guests!!) If rsCommon("Group_ID") <> 2 Then Response.Write(vbCrLf & " " & _ vbCrLf & " " & _ vbCrLf & " " & _ vbCrLf & " ") End If 'Move to next record in rs rsCommon.MoveNext Loop %>
" & rsCommon("Name") & "
File Upload
File Types*
Place the types of files that can be upload in posts. Separate the different file types with a semi-colon.
eg. zip;rar
/>
Maximum File Size
This is the maximum file size of files in Kilobytes.
The max size is 2000KB as many components won't allow files above this size.
KB
Select Which Groups are Permitted to Upload Files <% 'Query the database rsCommon.MoveFirst 'Loop through cats Do While NOT rsCommon.EOF 'If not guest group display group to be selected for uploading (you would be stupid to allow a security risk like uploading by guests!!) If rsCommon("Group_ID") <> 2 Then Response.Write(vbCrLf & " " & _ vbCrLf & " " & _ vbCrLf & " " & _ vbCrLf & " ") End If 'Move to next record in rs rsCommon.MoveNext Loop 'Reset Server Variables rsCommon.close %>
" & rsCommon("Name") & "
Avatar Upload
Make sure you have also enabled Avatar Images from the Forum Configuration page.
For extra security avatars can only be uploaded once a user is registered, by editing their profile.
Enable Avatar Uploading On <% If blnDemoMode Then Response.Write(" disabled=""disabled""") %> />   Off <% If blnDemoMode Then Response.Write(" disabled=""disabled""") %> />
Avatar Image Types*
Place the types of images that can be uploaded in posts. Separate the different image types with a semi-colon.
eg. jpg;jpeg;gif;png
/>
Maximum Avatar Image File Size
This is the maximum file size of images in Kilobytes.
Kb

<% Call closeDatabase() %>