% @ Language=VBScript %> <% Option Explicit %> <% '**************************************************************************************** '** Copyright Notice '** '** Web Wiz Guide - Web Wiz Forums '** http://www.webwizforums.com '** '** Copyright 2001-2006 Bruce Corkhill All Rights Reserved. '** '** This program is free software; you can modify (at your own risk) any part of it '** under the terms of the License that accompanies this software and use it both '** privately and commercially. '** '** All copyright notices must remain in tacked in the scripts and the '** outputted HTML. '** '** You may use parts of this program in your own private work, but you may NOT '** redistribute, repackage, or sell the whole or any part of this program even '** if it is modified or reverse engineered in whole or in part without express '** permission from the author. '** '** You may not pass the whole or any part of this application off as your own work. '** '** All links to Web Wiz Guide and powered by logo's must remain unchanged and in place '** and must remain visible when the pages are viewed unless permission is first granted '** by the copyright holder. '** '** This program is distributed in the hope that it will be useful, '** but WITHOUT ANY WARRANTY; without even the implied warranty of '** MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR ANY OTHER '** WARRANTIES WHETHER EXPRESSED OR IMPLIED. '** '** You should have received a copy of the License along with this program; '** if not, write to:- Web Wiz Guide, PO Box 4982, Bournemouth, BH8 8XP, United Kingdom. '** '** '** No official support is available for this program but you may post support questions at: - '** http://www.webwizguide.info/forum '** '** Support questions are NOT answered by e-mail ever! '** '** For correspondence or non support questions contact: - '** '** Web Wiz Guide, Unit 10E, Dawkins Road Industrial Estate, Poole, Dorset, UK, BH15 4JD '** '**************************************************************************************** 'Set the timeout of the page Server.ScriptTimeout = 1000 'Set the response buffer to true as we maybe redirecting Response.Buffer = True 'Declare variables Dim strFileTypes 'Holds the file types allowed to be uploaded Dim intMaxFileSize 'Holds the largest file size Dim intForumID 'Holds the forum ID Dim strMessageBoxType 'Holds the message box teype to return to Dim blnFileUploaded 'Set to true if the file is uploaded Dim strErrorMessage 'Holds the error emssage if the file is not uploaded Dim strFileUploadPath 'Holds the path and folder the uploaded files are stored in Dim saryFileUploadTypes 'Array holding the file types allowed to be uploaed Dim intFileSize 'Holds the max file size Dim strUploadComponent 'Holds the upload component used Dim lngErrorFileSize 'Holds the file size if the file is not saved because it is to large Dim blnExtensionOK 'Set to false if the extension of the file is not allowed Dim strImageName 'Holds the image name Dim strUserFolderName 'Holds the folder name safe username 'Intiliase variables blnExtensionOK = True strFileUploadPath = strUploadFilePath 'read in the forum ID and message box type intForumID = CInt(getSessionItem("FID")) 'Check the user is welcome in this forum Call forumPermissions(intForumID, intGroupID) 'If the user is user is using a banned IP redirect to an error page If bannedIP() OR blnImageUpload = false OR blnRead = false OR (blnPost = false AND blnReply = false) Then 'Clean up Call closeDatabase() 'Redirect Response.Redirect("insufficient_permission.asp" & strQsSID1) End If 'Read in the file types that can be uploaded If blnImageUpload AND blnRead AND (blnPost OR blnReply) Then 'Initialise the SQL variable with an SQL statement to get the configuration details from the database strSQL = "SELECT " & strDbTable & "Configuration.* " & _ "FROM " & strDbTable & "Configuration" & strDBNoLock & " " & _ "WHERE " & strDbTable & "Configuration.ID=1;" 'Query the database rsCommon.Open strSQL, adoCon 'If there be records returned get em If NOT rsCommon.EOF Then 'Read in the image types and size form the database 'Read in the configuration details from the recordset strUploadComponent = rsCommon("Upload_component") saryFileUploadTypes = Split(Trim(strImageTypes), ";") strFileTypes = rsCommon("Upload_img_types") intMaxFileSize = CInt(rsCommon("Upload_img_size")) 'Replace \ with / in upload path strFileUploadPath = Replace(strFileUploadPath, "\", "/", 1, -1, 1) End If 'If this is a post back then upload the image If Request.QueryString("PB") = "Y" Then 'Place the username in a varible to get the folder name for the user strUserFolderName = strLoggedInUsername 'Calculate the folder name safe username for folder strUserFolderName = decodeString(strUserFolderName) strUserFolderName = characterStrip(strUserFolderName) 'Call upoload file function strImageName = fileUpload(strUploadFilePath, saryFileUploadTypes, intMaxFileSize, strUploadComponent, lngErrorFileSize, blnExtensionOK, "temp") End If End If 'Reset Server Objects Call closeDatabase() %>