Exemplo n.º 1
0
        public void ProcessRequest(HttpContext context)
        {
            if (context.Request["aid"] != null)
            {
                string aid     = context.Request.QueryString["aid"].ToString().Trim();
                string afileID = context.Request.QueryString["afileID"].ToString().Trim();

                if (encode.sqlInjection(aid) || encode.sqlInjection(afileID))
                {
                    throw new Exception("參數包含不合法字元");
                }
                else
                {
                    Veryfly_DB myVery = new Veryfly_DB();
                    DataTable  dt     = myVery.checkimagetext(aid, afileID);
                    if (dt.Rows.Count == 0)
                    {
                        throw new Exception("找不到此收件人");
                    }
                    else
                    {
                        string vailde = dt.Rows[0]["sender_imagetext"].ToString().Trim();
                        if (vailde == context.Request["vailde"].ToString().Trim())
                        {
                            string strpath;
                            //底下的IF為 該筆是一般 而且是單筆的不是整包的壓縮檔(!="N")
                            if (dt.Rows[0]["afile_comorsec"].ToString().Trim() == "common" && dt.Rows[0]["afile_encrypt"].ToString().Trim() != "N")
                            {
                                strpath = string.Format("{0}{1}", AppConfig.source_path, context.Request["filename"] + context.Request["exten"]);
                            }
                            else if (dt.Rows[0]["afile_comorsec"].ToString().Trim() == "nonforward" && dt.Rows[0]["afile_encrypt"].ToString().Trim() != "N")
                            {
                                strpath = string.Format("{0}{1}", AppConfig.source_path, context.Request["filename"] + context.Request["exten"]);
                            }
                            else
                            {
                                strpath = string.Format("{0}{1}", AppConfig.Source_zip_path, context.Request["filename"] + context.Request["exten"]);
                            }

                            FileInfo file = new FileInfo(strpath);

                            string strContentType = string.Empty;
                            switch (file.Extension)
                            {
                            case ".asf":
                                strContentType = "video/x-ms-asf";
                                break;

                            case ".avi":
                                strContentType = "video/avi";
                                break;

                            case ".ppt":
                                strContentType = "application/vnd.ms-powerpoint";
                                break;

                            case ".pptx":
                                strContentType = "application/vnd.ms-powerpoint";
                                break;

                            case ".doc":
                                strContentType = "application/msword";
                                break;

                            case ".docx":
                                strContentType = "application/msword";
                                break;

                            case ".zip":
                                strContentType = "application/zip";
                                break;

                            case ".xls":
                                strContentType = "application/vnd.ms-excel";
                                break;

                            case ".xlsx":
                                strContentType = "application/vnd.ms-excel";
                                break;

                            case ".csv":
                                strContentType = "application/vnd.ms-excel";
                                break;

                            case ".gif":
                                strContentType = "image/gif";
                                break;

                            case ".jpg":
                                strContentType = "image/jpeg";
                                break;

                            case "jpeg":
                                strContentType = "image/jpeg";
                                break;

                            case ".wav":
                                strContentType = "audio/wav";
                                break;

                            case ".mp3":
                                strContentType = "audio/mpeg3";
                                break;

                            case ".mpg":
                                strContentType = "video/mpeg";
                                break;

                            case "mpeg":
                                strContentType = "video/mpeg";
                                break;

                            case ".htm":
                                strContentType = "text/html";
                                break;

                            case ".html":
                                strContentType = "text/html";
                                break;

                            case ".asp":
                                strContentType = "text/asp";
                                break;

                            default:
                                strContentType = "application/octet-stream";
                                break;
                            }
                            if (file.Exists)
                            {
                                FileStream oF = new FileStream(strpath, FileMode.Open, FileAccess.Read);
                                context.Response.ClearHeaders();
                                context.Response.Clear();
                                context.Response.BufferOutput = false;
                                context.Response.CacheControl = "Private";
                                context.Response.ContentType  = strContentType;
                                context.Response.AppendHeader("Content-Length", oF.Length.ToString()); /*指定文件大小,可讓瀏覽器能夠顯示下載進度,並可優化、加快下載速度*/
                                string strDownloadName = string.Empty;

                                if (context.Request.Browser.Browser == "IE")
                                {
                                    context.Response.HeaderEncoding = System.Text.Encoding.GetEncoding("utf-8");
                                    strDownloadName = context.Server.UrlPathEncode(context.Request["source"].ToString());
                                }
                                else
                                {
                                    strDownloadName = context.Request["source"].ToString();
                                }

                                context.Response.AddHeader("content-disposition", "attachment;filename=\"" + strDownloadName + context.Request["exten"].ToString() + "\"");

                                //context.Response.WriteFile(strpath);
                                //context.Response.Flush();
                                //context.Response.End();
                                if (PassStream(context.Response.OutputStream, oF, context))
                                {
                                    if (dt.Rows[0]["sender_stat"].ToString().Trim() == "Y" && dt.Rows[0]["afile_comorsec"].ToString().Trim() == "security")//寄解壓縮密碼 只有在第一次下載才需要
                                    {
                                        Email email = new Email();
                                        //email.sendEmail(dt.Rows[0]["sender_mail"].ToString(), "[ITRI] 通知:您有來自工研院大檔案傳輸的信件", "親愛的朋友 您好:<br /><br />先生/小姐,在 2013/04/18寄送下列的檔案給您。<br />請您利用下面的解壓縮密碼來開啟檔案:<br /><img alt='認證碼' src='cid:attech01.jpg' /><br />請使用此密碼解壓縮檔案<br /> 謝謝", dt.Rows[0]["afile_encrypt"].ToString());
                                        DataTable dtAccordingParentidToFindMember = Common.AccordingParentidToFindMember(dt.Rows[0]["sender_parentid"].ToString());
                                        DataTable dtGetDetail = Common.GetDetail(dtAccordingParentidToFindMember.Rows[0]["main_infno"].ToString(), dtAccordingParentidToFindMember.Rows[0]["main_isempno"].ToString());
                                        email.sendEmail(dt.Rows[0]["sender_mail"].ToString(), "[ITRI] 通知:您有來自工研院大檔案傳輸的信件", "親愛的朋友 您好:<br /><br />" + dtGetDetail.Rows[0]["cName"].ToString() + " &lt;" + dtGetDetail.Rows[0]["cEmail"].ToString() + "&gt; 先生/小姐,在" + dtAccordingParentidToFindMember.Rows[0]["Cmain_createdate"].ToString() + "寄送下列的檔案給您。<br />請您利用下面的[解壓縮密碼]來開啟檔案:(請不要複製[]符號)<br /><b>[</b><span style='color:Red'>" + dt.Rows[0]["afile_encrypt"].ToString() + "</span><b>]</b><br />請使用此密碼解壓縮檔案<br /> 謝謝", dt.Rows[0]["afile_encrypt"].ToString(), "");
                                        //把狀態更新 就不會再寄信了
                                        myVery.UpdateSender_Stat(dt.Rows[0]["sender_id"].ToString());
                                    }

                                    //下載次數跟時間LOG
                                    myVery.InsertDownloadLog(afileID, dt.Rows[0]["sender_parentid"].ToString(), aid, DateTime.Now);
                                }

                                //判斷[收件者下載檔案或刪除取檔網址時通知我]
                                if (context.Request.QueryString["notifyflag"] != null && context.Request.QueryString["notifyflag"].ToString().Trim() == "Y")
                                {
                                    //如果有勾選要寄信給寄件人
                                    Email         email = new Email();
                                    StringBuilder sb    = new StringBuilder();
                                    sb.Append(@"您好: <br /> 謹通知您:<br /> 您在 ");
                                    sb.Append(@"" + Convert.ToDateTime(dt.Rows[0]["afile_createdate"].ToString()).ToString("yyy/MM/dd") + "&nbsp;傳送的檔案<br /><br />");
                                    sb.Append(@"" + dt.Rows[0]["ShowFileName"].ToString() + dt.Rows[0]["afile_exten"].ToString() + "<br /><br />目前由");
                                    sb.Append(@" &lt; " + dt.Rows[0]["sender_mail"].ToString() + " &gt; ");
                                    sb.Append(@"信箱收件者下載中。<br />");
                                    //sb.Append(@"");
                                    DataTable dtAccordingParentidToFindMember = Common.AccordingParentidToFindMember(dt.Rows[0]["sender_parentid"].ToString());
                                    DataTable dtGetDetail = Common.GetDetail(dtAccordingParentidToFindMember.Rows[0]["main_infno"].ToString(), dtAccordingParentidToFindMember.Rows[0]["main_isempno"].ToString());
                                    email.sendEmail(dtGetDetail.Rows[0]["cEmail"].ToString(), "[ITRI] 通知:您透過大檔案傳​輸寄出的檔案正在被下​載", sb.ToString(), "");
                                }
                            }
                        }
                    }
                }
            }
            else
            {
                throw new Exception("檔案不存在");
            }
        }
        public void ProcessRequest(HttpContext context)
        {
            if (context.Request["aid"] != null)
            {
                string aid     = context.Request.QueryString["aid"].ToString().Trim();
                string afileID = context.Request.QueryString["afileID"].ToString().Trim();

                if (encode.sqlInjection(aid) || encode.sqlInjection(afileID))
                {
                    throw new Exception("illegal paramater value");
                }
                else
                {
                    Veryfly_DB myVery = new Veryfly_DB();
                    DataTable  dt     = myVery.checkimagetext(aid, afileID);
                    if (dt.Rows.Count == 0)
                    {
                        throw new Exception("Can't find the sender.");
                    }
                    else
                    {
                        string vailde = dt.Rows[0]["sender_imagetext"].ToString().Trim();
                        if (vailde == context.Request["vailde"].ToString().Trim())
                        {
                            string strpath;
                            //底下的IF為 該筆是一般 而且是單筆的不是整包的壓縮檔(!="N")
                            if (dt.Rows[0]["afile_comorsec"].ToString().Trim() == "common" && dt.Rows[0]["afile_encrypt"].ToString().Trim() != "N")
                            {
                                strpath = string.Format("{0}{1}", AppConfig.source_path, context.Request["filename"] + context.Request["exten"]);
                            }
                            else if (dt.Rows[0]["afile_comorsec"].ToString().Trim() == "nonforward" && dt.Rows[0]["afile_encrypt"].ToString().Trim() != "N")
                            {
                                strpath = string.Format("{0}{1}", AppConfig.source_path, context.Request["filename"] + context.Request["exten"]);
                            }
                            else
                            {
                                strpath = string.Format("{0}{1}", AppConfig.Source_zip_path, context.Request["filename"] + context.Request["exten"]);
                            }

                            FileInfo file = new FileInfo(strpath);

                            string strContentType = string.Empty;
                            switch (file.Extension)
                            {
                            case ".asf":
                                strContentType = "video/x-ms-asf";
                                break;

                            case ".avi":
                                strContentType = "video/avi";
                                break;

                            case ".doc":
                                strContentType = "application/msword";
                                break;

                            case ".zip":
                                strContentType = "application/zip";
                                break;

                            case ".xls":
                                strContentType = "application/vnd.ms-excel";
                                break;

                            case ".csv":
                                strContentType = "application/vnd.ms-excel";
                                break;

                            case ".gif":
                                strContentType = "image/gif";
                                break;

                            case ".jpg":
                                strContentType = "image/jpeg";
                                break;

                            case "jpeg":
                                strContentType = "image/jpeg";
                                break;

                            case ".wav":
                                strContentType = "audio/wav";
                                break;

                            case ".mp3":
                                strContentType = "audio/mpeg3";
                                break;

                            case ".mpg":
                                strContentType = "video/mpeg";
                                break;

                            case "mpeg":
                                strContentType = "video/mpeg";
                                break;

                            case ".htm":
                                strContentType = "text/html";
                                break;

                            case ".html":
                                strContentType = "text/html";
                                break;

                            case ".asp":
                                strContentType = "text/asp";
                                break;

                            default:
                                strContentType = "application/octet-stream";
                                break;
                            }
                            if (file.Exists)
                            {
                                FileStream oF = new FileStream(strpath, FileMode.Open, FileAccess.Read);
                                context.Response.ClearHeaders();
                                context.Response.Clear();
                                context.Response.BufferOutput = false;
                                context.Response.CacheControl = "Private";
                                context.Response.ContentType  = strContentType;
                                context.Response.AppendHeader("Content-Length", oF.Length.ToString()); /*指定文件大小,可讓瀏覽器能夠顯示下載進度,並可優化、加快下載速度*/
                                string strDownloadName = string.Empty;

                                if (context.Request.Browser.Browser == "IE")
                                {
                                    context.Response.HeaderEncoding = System.Text.Encoding.GetEncoding("big5");
                                    strDownloadName = context.Request["source"];
                                }
                                else
                                {
                                    strDownloadName = System.Web.HttpUtility.UrlEncode(context.Request["source"]);
                                }

                                context.Response.AddHeader("content-disposition", "attachment;filename=" + strDownloadName + context.Request["exten"]);

                                //context.Response.WriteFile(strpath);
                                //context.Response.Flush();
                                //context.Response.End();
                                if (PassStream(context.Response.OutputStream, oF, context))
                                {
                                    if (dt.Rows[0]["sender_stat"].ToString().Trim() == "Y" && dt.Rows[0]["afile_comorsec"].ToString().Trim() == "security")//寄解壓縮密碼 只有在第一次下載才需要
                                    {
                                        Email email = new Email();
                                        //email.sendEmail(dt.Rows[0]["sender_mail"].ToString(), "[ITRI] 通知:您有來自工研院大檔案傳輸的信件", "親愛的朋友 您好:<br /><br />先生/小姐,在 2013/04/18寄送下列的檔案給您。<br />請您利用下面的解壓縮密碼來開啟檔案:<br /><img alt='認證碼' src='cid:attech01.jpg' /><br />請使用此密碼解壓縮檔案<br /> 謝謝", dt.Rows[0]["afile_encrypt"].ToString());
                                        DataTable dtAccordingParentidToFindMember = Common.AccordingParentidToFindMember(dt.Rows[0]["sender_parentid"].ToString());
                                        DataTable dtGetDetail = Common.GetDetail(dtAccordingParentidToFindMember.Rows[0]["main_infno"].ToString(), dtAccordingParentidToFindMember.Rows[0]["main_isempno"].ToString());
                                        email.sendEmail(dt.Rows[0]["sender_mail"].ToString(), "[ITRI] Notification from ITRI WebFTP - unZip Mail", "Dear: <br /><br />" + dtGetDetail.Rows[0]["cName"].ToString() + " &lt;" + dtGetDetail.Rows[0]["cEmail"].ToString() + "&gt;  had send some files to you at " + dtAccordingParentidToFindMember.Rows[0]["Cmain_createdate"].ToString() + "<br />Please use the following [Unzip Password] to open the file: (Please do not copy [] symbols)<br /><b>[</b><span style='color:Red'>" + dt.Rows[0]["afile_encrypt"].ToString() + "</span><b>]</b><br /><br />Thank you.", dt.Rows[0]["afile_encrypt"].ToString(), "");
                                        //把狀態更新 就不會再寄信了
                                        myVery.UpdateSender_Stat(dt.Rows[0]["sender_id"].ToString());
                                    }

                                    //下載次數跟時間LOG
                                    myVery.InsertDownloadLog(afileID, dt.Rows[0]["sender_parentid"].ToString(), aid, DateTime.Now);
                                }

                                //判斷[收件者下載檔案或刪除取檔網址時通知我]
                                if (context.Request.QueryString["notifyflag"] != null && context.Request.QueryString["notifyflag"].ToString().Trim() == "Y")
                                {
                                    //如果有勾選要寄信給寄件人
                                    Email         email = new Email();
                                    StringBuilder sb    = new StringBuilder();
                                    sb.Append(@"Dear:  <br /> *Notices*<br />");
                                    sb.Append(@"The file " + dt.Rows[0]["ShowFileName"].ToString() + dt.Rows[0]["afile_exten"].ToString() + " you sent at " + Convert.ToDateTime(dt.Rows[0]["afile_createdate"].ToString()).ToString("yyy/MM/dd") + "");
                                    sb.Append(@"is downloading by receiver ");
                                    sb.Append(@" &lt; " + dt.Rows[0]["sender_mail"].ToString() + " &gt; ");
                                    sb.Append(@"now.<br />");
                                    //sb.Append(@"");
                                    DataTable dtAccordingParentidToFindMember = Common.AccordingParentidToFindMember(dt.Rows[0]["sender_parentid"].ToString());
                                    DataTable dtGetDetail = Common.GetDetail(dtAccordingParentidToFindMember.Rows[0]["main_infno"].ToString(), dtAccordingParentidToFindMember.Rows[0]["main_isempno"].ToString());
                                    email.sendEmail(dtGetDetail.Rows[0]["cEmail"].ToString(), "[ITRI] Notification from ITRI WebFTP - your file has been downloaded", sb.ToString(), "");
                                }
                            }
                        }
                    }
                }
            }
            else
            {
                throw new Exception("File does not exist");
            }
        }