Blog Entry: 3/25/2006 1:38:38 PM
Sounds crazy. I recently took over this web site and all IT duties. User today said member area was not working. All pages would not display. After restoring some files I got the members area partially working. But I cannot find where the database sits. I am able to get in and view users in the admin are and log in as a member. Thanks., For pay signups you set the groups during signup it like this thread tells you to
http://support.cjwsoft.com/code/moreinfo186-1.htm
only difference is you need to specify the groups info like so
(basically getting rid of the commas and just leaving behind the group numbers with a * around everything)
Also be sure to have no double asterisks
so, *1*,*2* would just be *1*2*
so, *1*,*2*,*5* would just be *1*2*5* cwilliams38460.5969444444,
ok, here is what is going on
you are password protecting an ".asp" page that requires querystring info to run correctly (example - "somepage.asp?ID=3"")
that is something I never intended anyone to do.. while it does handle and repass the querystring info along during successful login it does not re-pass that info during a failed login as you have found out
this is all by design.. the only reason the system re-passes the querystring info at all is because I wanted to make it smart for the sake of the remember me/cookie feature.. so if someone was using that and bookmarked a page deep in your site with querstring info...then when they went back to that bookmark they would get authenticated and still see the page as intended with the querystring info in tact
it was a nice feature never intended to handle any situations other than what I just described...
now...
notice the url in the browser after failing a login.. then logging in successfully.. it is missing the querystring info
that more than anything is what is going on.. browser caching can cause some confusion when dealing with this because the browser likes to return you to the page minus the querstring info... when that happens a simple browser refresh at that time may very well solve the problem and then you see the page you are supposed to see...
To avoid all of this...
One solution to this is to always start people logging in to an ".asp" page that has no querystring info. That way this won't happen. Once they are logged in you can then offer them links to the pages they need to go to. (you of course still want to password protect those pages)
Another solution is to log them into a page with no querystring info and then do a response.redirect to the page with quersytring info.. thus accomplishing the same thing but without the possibility of the issue because of a failed login.
Another solutions is to do checks in your asp page for missing querstring info.. and if it isn't there do something about it like send them somewhere else.. or display a message about there being an error... etc etc
So,basically you don't want to tell people to login into such and such page with querstring info... and providing a username and password..... You can do it but like you found out it can cause an error if they mess up logging in the 1st time. The system just was not designed to handle that. There are complex reasons for that involving security that would just take me too long to explain.
I hope this makes some sense to you.. it is very hard to try and explain , Can ASPClassifieds display the ads by city?
I have a web directory that lists websites and companies by city. Is it possible to have specific ads shown to the user depending on what city they click on? For example, only ads in New York would be shown to users that have already clicked on that city in my directory.
thanks, , 1st. Please understand you have to purchase two licenses to do such a thing as each installation will need a valid license purchased.
Moving on:
ASPProtect using a industry standard concept called "Forms Based Authentication"
This primarily relies on session variables keeping track of login status.
Each installation must be in it's own unique "IIS Application" so it will have it's own set of application and session variables.
That is often not possible with shared hosting plans as the server admins may not be willing to set a folder in your web as a separate IIS application. You would need to ask. It is going to depend on the quality of your hosting plan whether they do it or not.
technically it takes about 1 minute to open up the "IIS Console" and set up a folder in your web as a separate "application"
Based on what you are telling me that you want to do I think it would make a lot more sense to have one installation and one user database and customize your sites so ASPProtect users that are part of certain "groups" have access to things others do not or see things on pages other users would not. That is after all the entire point of Dynamic web sites and also why ASPProtect has "groups".
Then as far as the registration differences go you would make a copy of the users area folder area and manual customize it to register users in an alternate fashion than the main "users" folder. And then send people there if that is how you want them to register.
I don't support customizations but that is the gist of it. It's really not difficult work, but you have to be good with ASP., ok... glad ya figured it out.
Yes.. for ASP server side code to run the page extension must be ".asp". I was gonna mention that but I guess I just didnt think anyone would do that.
no offense.. not everyone works with this stuff every day.. , I am using v7 with other software written in ASP.NET. When I include the the "checkfor" and include file, I'm receiving a compliation error.
Here is the include I have on the .aspx file:
<% CHECKFOR = "4" %>
<!--#INCLUDE FILE="../../ASPProtect/check_user_inc.asp"-->
Here is the error:
Compilation Error
Description: An error occurred during the compilation of a resource required to service this request. Please review the following specific error details and modify your source code appropriately.
Compiler Error Message: BC30689: Statement cannot appear outside of a method body.
Source Error:
Line 15: <%
Line 16: ' This is part of the too many login attempts lockdown code which sets a cookie to block login attempts for a certain amount of time
Line 17: If LoginLockDown Then
Line 18: If Request.Cookies("PASSWORDSYSTEMCOOKIETRIAL")("LoginTries") <> "" Then
Line 19: If Cint(Request.Cookies("PASSWORDSYSTEMCOOKIETRIAL")("L oginTries")) = Cint(LoginLockDownAttempts) Then
Source File:
D:\Sites\resadmin\NetOptions\testsite.com\www\ASPProtect\che ck_user_inc.asp Line: 17
, Login failed for user 'aspgallery'.
Okay, shouldn't this be trying to use aspgalleryuser?
Lance
cwilliams38325.8848263889, Aggh.. I put passwords instead of password. Sorry to have bothered you, works fine now. , (User Photo Upload Mod) for ASPProtect Version 7.x
This will allow an individual user to upload a user picture instead of just the admin.
Notes: This is a down and dirty mod. The user upload code was copied from the admin area and there are no safeguards. Meaning there is no limit on the file size a user uploads and there is no confirmation process in case something they upload is inappropriate. etc etc etc
If you want that you will have to work on that on your own.
Directions:
Back up your existing ASPProtect installation.
copy these files into your "users" folder
2006-01-24_111305_User_Upload_Mod.zip , Not sure because of the nature of the javascript method
for starters tighten up the html around the banner call
change
<tr>
<td width="460" height="60" align="center" valign="middle" class="imagead">
<!------- ASPBanner Ad code ------------->
<script language="JavaScript">
var code = '';
var now = new Date();
var nIndex = now.getTime();
document.write('<s' + 'cript src=" http://www.nababaseball.com/aspbannernet/aspbanner/injectban ner.aspx?BannerZone=1&nocache=' + nIndex + '">');
document.write('</' + 's' + 'cript>');
</script>
<script language="JavaScript">document.write(jscode);</script >
</td>
to
<tr>
<td width="460" height="60" align="center" valign="middle" class="imagead">
<script language="JavaScript">
var code = '';
var now = new Date();
var nIndex = now.getTime();
document.write('<s' + 'cript src=" http://www.nababaseball.com/aspbannernet/aspbanner/injectban ner.aspx?BannerZone=1&nocache=' + nIndex + '">');
document.write('</' + 's' + 'cript>');
</script>
<script language="JavaScript">document.write(jscode);</script >
</td>
If that doesn't help I would suggest using the ASP 3.0 version of ASPBanner. It can serve banners to a any type of page extension and it runs just as well as the .NET version. There is a new iframe method for calling banners that you can try instead of the javascript. The iframe method is explained in the ASPBanner Unlimited section of the forum. cwilliams38150.6443634259, Is there a way to know if it is a SQL server with IIS5? My database type is MSACCESS.
Thanks!
Rhona (rookie) ,  Much thanks, the duplicate incl's I spaced on and should have caught. The hidden form variable was a key issue. Thanks for the syntax and the help. Now I get this page together. j As a note - I got faster results by dropping my timeout to 3 minutes temporarily while progging and cleared browser cache between tests. Thanks again.
, The setting I am most interested in is what you have for the "Pic_Max_Image_Width" used when the image resizing components resize the big image
setting it to nothing or zero could cause this
, We would like to give a member an opportunity to upload an image when on their profile page. How does this work with the photo option on the settings page? Is this the intended usage? Thank You. , ok, 1st we need to rule out the #1 reason people sometimes think that is not working.
Is is set up never to allow the same IP to increment the count more than once in a row so when testing it is real easy to think the count isn't working because unless you can change your ip you can not increment the count more than once per album
It's a poor mans spam abuse type of deal..
For the most part it will keep some Joker from hitting refresh 100 times and inflating the count of an album.
Do you think that is possible what is happening ?
Also, here is an older thread about the same issue?
http://support.cjwsoft.com/code/moreinfo54-2.htm , Yes, that worked...  , Advertising ?? oh really.
It was named that because that way if you already have a login.aspx file for whatever reason it does not interfere which is a good thing. It has nothing to do with advertising.
Next off you never mentioned having an issue with it saying aspprotect in it. I am EXTREMELY clear about what I support and do not regarding ASPProtect.NET. If you are upset because I didn't tell you exactly what to edit and change in visual studio.net and hold your hand you are out of line. My god, I sent you to like the best and most detailed tutorial on how to setup and use the application with VS.NET that could ever exist. That took forever to put together. I even responded to your post on Christmas on a Sunday. I doubt too many companies would have responded on Christmas.
More importantly than that when you purchase code from CJWSoft you are purchasing digital source code and there are no refunds. Every single page in the CJWSoft family states that very cleary in the footer. I do not appretiate it when someone threatens a chargeback and as far as I am concerned anyone that does that is commiting a crime of theft. I also do not appretiate smart comments saying it's "obvious" etc etc
If you wanted to strike a nerve with me you did. If you want to commit a crime and be a thief that is your business as well. Obviously I can not stop that and the credit card company will take your side. I work very hard on the source code I sell and my policies on everything are VERY clear.
Advertising ??
Calling the credit card company ??
Obvious ??
nice, real nice , Ya, you must have tried to upgrade from a really really old version like you said which wouldnt really work out because those instructions are specifically for upgrading a version 6 database to version 7.
That line error you had was looking for the User_ID field and I bet the version you had was so old that you didnt have a field named that as a few years ago the field "ID" got renamed to "User_ID"
As for all the cool stuff... yup there is a lot of cool stuff in this version... glad ya like it so far cwilliams38418.8164930556, I would like to create a login form on the home page which will not be password protected to the site for members so that they can login right from the home page and not a password protected page like many sites have. And every portal I have seen.
Plus the login form looks really pretty and proffesional on the home page ...
I can't find anything in the documentation that says how to do this or if it's even possible. Everything I have found says to password protect a page and then direct them there which isn't what I would like to do.
Here is the code of the login page which is an asp include file on the main page:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
</head>
<body>
<td><img src="images/a026.jpg" alt="" width="187" height="21"></td>
</tr>
<tr>
<td bgcolor="#EBEBEB"><table width="100%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td><table width="180" border="0" cellpadding="0" cellspacing="0" bgcolor="#AAAAAA">
<tr>
<td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
<td><img src="images/spacer.gif" alt="" width="178" height="1"></td>
<td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
</tr>
<tr>
<td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
<td bgcolor="#FFFFFF"><form name="form_login" method="post" action="">
<table width="100%" border="0" cellspacing="5" cellpadding="0">
<tr>
<td width="53%"><input name="textfield" type="text" class="style-01" value="username"></td>
<td width="47%"><a href="#" class="link-02">Forgot pass?</a> </td>
</tr>
<tr>
<td><input name="textfield2" type="text" class="style-01" value="password"></td>
<td><a href="#" class="link-02">Not registered?</a> </td>
</tr>
</table>
</form></td>
<td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
</tr>
<tr>
<td colspan="3"><a href="#"><img src="images/a027.jpg" alt="" width="180" height="15" border="0"></a></td>
</tr>
</table></td>
</tr>
</table></td>
</body>
</html>
Does anybody know what values I would put in the form to send the correct login to AspProtect. And, if I would have to add any extra includes or code to it.
TIA  , do you have "use picture uploading" checked in the settings ?
that is important..
have proper permissions been set on the picture folder ?
are the paths set correctly for the picture folder ?, OK, so I misread the instructions. Wouldn't have been the first time
that happened... but I just had an account get created, guy then
paid, and... no activation. I had to go in the next day and do that by
hand. What should I do to look for troubleshooting on the issue? I've
got all the default directories set up and all the files where they
should be. What next?
, Now, back in the dark ages we had to use the command prompt to setup the MySQL database and all that fun stuff. I am not going to show you that method.
What happened was 100 different 3rd party companies developed interfaces to work with the MySQL server visually. Within the past year MySQL actually released its own little GUI for doing just that so I am going to show you how to do things using that.
Let's download and install it.
Go here
http://www.mysql.com/products/tools/
and download Windows (x86) MySQL Administrator
(1.1 is the most current version at the time of this article)
Installing that is a no-brainer as well. Just stick to the defaults and it will do its thing.
Now that it is finished.. run MySQL Administrator from your start menu.
It will ask for your "root" password that we entered when we set up the server.
Hit OK
You should see this if your MySQL server is runnign and you entered the correct password.
Now select the Catalogs Icon on the right.. go down to the Schemata section.. right click in the lower white area and choose Create New Schema
It will look like this
Essentially this is your database name. I am going to call my database "aspbanner"
Hit ok
Your now have a new database with nothing in it. We now need to run the MySQL database creation scripts that I provide which will create the Tables and Fields needed.
The easiest way when using the MySQL Administrator is to select the Restore icon on the left.
The choose "Open Backup File" in the lower right corner.. Browse to the "aspbanner_mysql.sql" file we provide. You can also download that file here. 2006-03-14_164927_MySQL_Script.zip
Once you select that file choose open...
Now, it is very important you choose the database you created earlier. Also known as Target Schema.. in this case I choose "aspbanner"
Now hit "Start Restore"
Ok, now the database has Tables and Fields
Click on the Catalogs Icon on the left and then select aspbanner from the schemata area in the lower left
You'll see we now have tables in the aspbanner database, Because employees and sales reps might leave or go to work at competitors without our knowledge and we can't have them get an perm account so we need to implement some sort of expiry and then review their account with them., Wonderful! Does it matter if I move the aspbanner logo, as long
as I keep it on the page? Or does it need to stay front and center?
Laura
, Sorry, you cannot, that is how it works and that is how it has to work for reasons I am not going to try to explain as it is pretty technical. (it works the same way even when not using paypal and using email authentication... nearly every registration system out there does it that way under an email authentication scenario or a PayPal IPN thing.)
Basically, if you are concerned about it you need to periodically manually check for accounts that were never activated and delete them. Maybe when I get some time some day I will make a little interface to help find those and clean them up at once.
, Is it possible to set the user account time limits when they register? I am using email verification and am trying to have their accout expire 32 days after their initial login.
Also I have an issue with the email notification not notifying me when a new user logs in. It does a beautiful job notifying the new user. I do not understand why my server will send to one and not the other, I ahve searched the links but none seem to answer this.
Thank you for your help and insight , I have no idea of what kind of 'stuff' to try. I'm running other asp apps that use there own Access databases with no problem whatsoever., Is it actually possible, with your product, to password-protect the folder that has the actual database without having to require customers browsing the listings to enter a password, or will password-protecting the database folder prevent customers from browsing the classifeds listings? , - I am using the original files that came with the software.
- The software ads items to the database flawlessly.
- ASPImage works great.
- When I try to remove an ad or an image it says it's been removed.
- The ad does not show up on the site anymore.
- BUT, when looking at the sql database the ad is still listed there.
Why is the software not deleting the columns from the database and the images from folder?
Note: My other tables for other projects, in the database, allow me to delete them. , Gotcha.
Can you set an expiration date on a subscription?
Thanks,
Jess , Thanks, I know, I have it all figured out and have thought about it before. Just no time yet to do it. It will probably be an add-on/mod when I get time. , ITS WORKING
...I have earned a beer (dont tell anyone im underage) , You would have to carefully edit the asp code in the "add_new_account.asp" file. It you look that file over with a text editor it is pretty easy to see where the text to edit is. Just make sure you edit it in the section for the email component you are using. Back the file up before you make any changes to it so you can revert back if you mess anything up., 1st: try it with a normal dsn-less connection like we show in the example.. dont use that OLEDB.4.0 connection string.. connecting like that can cause a lot of problems and is not as great as everyone thinks it is and it can sometimes be difficult to get it working when the database has a password set on it
For the sake of troubleshooting just connect like so: (fixing the path of course)
ConnectionString = "DBQ=C:\Inetpub\wwwroot\aspprotect\data\database\ASPProtect_ access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"
ASPProtect will generate the actual connection string you should use when you run this page
http://www.mysite.com/data/setup_info.asp
Replacing the part in blue with your website info.
2nd: any IIS server setup to have the access database over the network path like that has a poor setup... and that can cause all sorts of problems as well, access is not designed to run over the network like that.. for more on that read this thread - Start 5 posts down
http://support.cjwsoft.com/code/code_info.asp?TID=479&KW =OLEDB%2E4%2E0
3rd: If the app does not run using the connection string like I say to use then the problem is 100% on their end and is either related to permissions or the fact they are keeping the access database on a network path which is BAD BAD BAD... no quality host that knew what they are doing would set it up that way.. ultimately you don't want to host asp with a place that has a setup like that
4th: If you want to try some other stuff out we have a free guestbook, asptest, and a free version of aspbanner you can try out as well... www.cjwsoft.com
5th: If you need a quality asp host that knows what they are doing and offers great asp support www.alentus.com is the place
6th: Your right, it is not the code, its the data connection , You should read my article on server side includes… the path to the include file must of course be adjusted depending on where in your web you are.
http://www.powerasp.com/content/code-snippets/includes.asp
You will also notice if you look at the provided example pages that the include paths have been adjusted to make sense.
If it is 2 directories down it should probably look different..
example:) "../../checkuser_inc.asp"
It’s weird that if you are not getting an error because if the path to the server side include is wrong you should get a nasty server error.
Also..
The ASPProtect system and any pages it protects must also be part of the same Application in IIS. It’s the nature of forms based authentication. Do a google search if you are not sure what an application is in IIS.
Lasty…. If you are logged in at the time
Whether your current session at the site is still active… or you have the cookie set to remember you.
Well, nothing will happen… cause your already logged in and you will just see the page as normal.
Perhaps things are working and you just don’t understand that part ?
You need to go to the log off page.. log off… then close all instances of the web browser windows..
Then come back to the site… then see if it prompts you to log in. cwilliams38228.9837152778, What application you talking about ? I'll assume ASPProtect. In the future please specify what application you are talking about.
ASPProtect 7 already has protection that is quite effective. The no concurrent login feature which will not let the same username under a different ip log in at the same time. Meaning if someone gives out their info they will screw themslves over because eventually they won't be able to log in. Only one unique ip at a time can log in so even of 100 people know the info it won't really do anyone much good except the lucky one that logged in 1st and stayed logged in. The username/password will eventually become more and more useless as more and people know it.
In addition to that is is a good idea to monitor the daily logs and single out a user you see logging in a lot. The more ips you see for that user the more chance it is multiple people logging in and you should take action. ,
I'm having another problem-hopefully it's a quick fix.
it tries to go to a page: default.aspx
Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested Url: /default.aspx
When i log in as admin from the aspprotectadmin/default.aspx that works fine...
where should the user be sent when they log in? Am i supposed to specify that or is it automatic? Why isnt it working for me? I dont believe i changed any settings that correspond to that either , you can edit the look of it but because it is licensed software the links to aspbanner and the aspbanner logo.. etc etc must remain otherwise change it all you like., Your customer should set up a special page that you send banner clicks to. That page is the page that should record the ip and whatever other info needed.
I suppose you could make a page on your end that records that info and finally redirects them to the intended url as well.
All using simple asp. It's really not that dificult to do, but it is a loit easier if you do it this way and keep it seperate from the banner system.
Here is some interesting information not totally related to answering your question.
The banner system does not track IPs on individual clicks because if it did.. 100 clicks on a paricular banner in one day would result in 100 rows in the stats database instead of just 1 row. That may not seem like a lot, but imagine 30 banners all doing the same thing mulipled by 30 days. Your talking 90000 rows in the database instead of 900. It all comes down to what ASPBanner was designed for which is performance and low resource use.
Some banner systems out there even keep track of individual IP's per banner display. Try to imagine how much that effects performance and how much extra space is used in the database for stats. It's crazy and also the reason that the more little features a banner system offers the slower and slower it begins to run.
I am sure I lose sales all the time because I offer less features, but the truth is I know those features will eventually defeat the purpose of why I created this banner system in the 1st place and that i just not something I want to do.
The banner systems with every little feature are just not well suited to very busy sites no matter how well they are designed.cwilliams38324.8386689815,
Timecard Entry: 3/25/2006 1:38:38 PM
Answered phones, alternating with techcalls, timecards, gen'l accting, Torturous conversation with irate woman at seawaytrail.com. She couldn't figure out how to use FrontPage and insisted it was "broken." Had to walk her through making some basic changes to their site. NONBILLABLE, Nortel Training - DMS Translations, Lunch, Arrived at work 45 mins. early. Checked downstairs outside doors and discovered a window wide open with a bird hanging on shade. Chased bird off, entered downstairs and closed window. Everthing now locked and secured. Checked e-mail, Rad, Dial up, and ask me a question., Cat Cou. DB live conve., Assisted with Open House, GWCC page. Still going through some of the code to clean a little of my work up and looking at some of the coding techniques within the pages
, Thanksgiving..., Giving up on javascript database query for back to basics, trying a different approach., talked to the guy from adc about what im looking for in the way of dsu's he gonna get me info and prices on rack mount t1 dsu, idsu t3 and end user t1 / 56k dsu's looking at this to possibly replace the adtrans as our main dsu, Hard Drive crashed. Going throught the tedious process of re-installing OS and developers software., answered calls, billing calls, PO's, Driving to Madrid. 50miles, not a lot of calls, just steady.. lots of new users, Lunch, ran, Value Manufactured Homes- need proposal , will send password to changes DNS numbers, nnyads went down, had tom reupload the data and i put it in myself, everything checked out ok....other than that, not much happening, a power cord got pulled out of the hub in syracuse, ben fixed it, 5500 was down for a minute or 3.., Finishing up management site, resetting and troubleshooting modems on 4911, and researching and starting a little manual for the filtering software., Answered phones. It was busy at times, with just me and Dani. quieted down and I have to leave early because of previoius engagements., Picked up mail and opened. Posted accounts, ans phone, and customer inquiries., working on reports for softmls 2
perfying them up to work and look better, updated Top 5, created completed list, updated staff info page, updated Numbers.txt file and access numbers on GiSCO home page, Typed up notes, and took tech calls because que light was on., Review BA Tariff No. 914 and draft memo regarding Verizon strike., NOC, worked on gary's computer as it was acting funky, had ben show me how to fix the total controls when they start sending garbage to emerald..., also went with andy to pick up a y adapter for the media server...,
|
