I have already done this. On my forum, i have a link that shows the source code of the asp page the user is currently viewing.
Here's my file called source.asp that takes the name of an asp file via the query string, and displays it via text.
Code:
<%
file = Request.QueryString("page")
IsAllowed = GetPermission(file)
Response.Write "<html>" & vbNewLine & _
"<head><title>ASP Source for " & file & "</title></head>" & vbNewLine & _
"<body>" & vbNewLine
if IsAllowed = true then
Set fso = CreateObject("Scripting.FileSystemObject")
Set objFile = fso.OpenTextFile(server.mappath(file), 1, False)
thisfile = objFile.readAll
objFile.Close
set objFile = nothing
set fso = nothing
Response.Write "<div align=""center""><a href=""javascript:window.close()"">Close Window</a></div>"
Response.Write "<pre>" & server.htmlencode(thisfile) & "</pre>"
Response.Write "<div align=""center""><a href=""javascript:window.close()"">Close Window</a></div>"
else
Response.Write "You do not have permission to view the source code of this page."
end if
Response.Write "</body></html>"
function GetPermission(page)
Dim arDeniedFiles(3)
arDeniedFiles(0) = "config.asp"
arDeniedFiles(1) = "setup.asp"
arDeniedFiles(2) = "source.asp"
if instr(page,"/") > 0 or instr(page,"\") > 0 then
GetPermission = False
exit function
end if
if page = "custom_login.asp" then
file = "\custom_login.asp"
GetPermission = True
exit function
end if
for i = 0 to ubound(arDeniedFiles)
if page = arDeniedFiles(i) then
GetPermission = False
exit for
else
GetPermission = True
end if
next
end function
%>
The GetPermissions() function prevents users from seeing the source of critical files that I have. Otherwise, they would be able to see the source of any file. So keep that in mind.
I gave permission to a special file called custom_login.asp.
All that is needed to view the source of a file is go to the following example:
http://www.mywebsite.com/source.asp?page=index.asp
This will show the source of the index.asp file. I usually display the source in a new window, hence why I have a "Close Window" link. But you can customize this to your needs.