Blog Entry: 3/25/2006 1:40:00 PM
here is the answer
http://www.iisanswers.com/IIS51.htm
CDONTS
CDONTS (Colloaborative Data Objects for NT Server) is a feature of NT and W2K that allows you to easily send mail from a web page using the SMTP server. The simplicity of the code and widespread availability of free scripts employing CDONTS has resulted in CDONTS being widely adopted.
Quite a surprise to many administrators to discover that IIS 5.1 does not support CDONTS as do IIS 4.0 and IIS 5.0. This has been replaced by CDOSYS which appears to have more capability, but it is not quite as simple to use. See: http://support.microsoft.com/default.aspx?scid=kb;EN-US;q195 683 for more details.
You can enable CDONTS on XP by copying CDONTS.DLL from a Windows 2000 installation to your XP system’s Windows\System32 folder (default name). Then at command prompt Windows\System32 run REGSRV32 CDONTS.DLL. The extent of my testing on this was to deliver one piece of mail, so this should not be construed as a complete analysis of the effectiveness of this technique.
cwilliams38392.8260300926, If we wanted to user groups, is the "Access Level" in the User setup the same ID as what the group access would be? Ex. If John had Access Level 4 and the page specified <% GROUPACCESS = "4" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
I'm asking because there is no Group Access Level in the user setup. Thanks
,
Humm, its hard to explain but I am not sure that is a good way to be testing that. I hear what you are saying but I am not sure that really means anything. Whatever is going on its some sort of client side issue with the browser and the meta refreshing over a very long period of time during which there really is no user doing anything at the site. , Hello,
Yes, that is how it works. Unless you make modifications to the code there is no way to easily do what you are talking about.
If you design the site to be intelligent that scenario should never happen.
For example.. you should only be offering links to pages that the current logged in user has access to. You do this by checking the session variables and with simple if-else logic around your html links.
It requires some work but if you dont give them links to pages they dont have access to what you are talking about will not happen.
Here are some simple examples.
Here is an example using access levels.
<%
If Session("Access_Level") = "1" Then
' show links to pages that allow access level 1
End If
%>
And one for groups..
<%
If Instr(Session("Groups"),"*6*") or Instr(Session("Groups"),"*7*") Then
' show links to pages that allow groups 6 and 7
End If
%>
cwilliams38354.0786921296, Is the user ID case sensetive? In my case I use the user email as the login ID., If you can would you do it for a price as a mod or will this be added to the new version.
, Some of our users complained that their users id and passwords are sent in the clear. So we decided to invest in an SSL certificate from Verisign. It has been tested fine with all forms and pages in ASPProtect version 6. The only remaining page which I am not sure how to protect is the home page. Let's say my home page is http://www.MyDomain.com/index.asp. When the user goes to this link he/she will be presented with the check_user_inc.asp page so he/she can enter their ID and PW. So how to make the login information send from this page thru HTTPS?
, I was actually able to do similar thing by allowing our dedicated search engine to access the site unchallanged.
<%
If Trim(Left(Request.ServerVariables("HTTP_USER_AGENT"),11)) = "MYPASSWORD" Then
SearchFlag = True
End If
If SearchFlag <> True Then
If Session("Access_Level") > CHECKFOR or Session("Access_Level") = "" Then
%>
<!--#include virtual="/Auth/check_user_Code.asp" -->
<head>
<title>My Title</title>
</head>
<body>
My Protected stuff here
</body>
</html>
For this to work, the search engine must pass the PW to the web site. I just was not sure how to do the same thing with IPs. I will play with the code and see what happens. If it works, I will post it here to help others, if this is OK with forum rules.
Thanks,
Mo
, OK, I figured out the problem. Not running ASP becasue the pages are not saved as ASP but rather HTM... OK so I am smart like a tractor but strong like an ox.
cwilliams38229.9128819444, User Information
After a user logs in there are variables that you can always access.
They can be used to check various things or to display information
dynamically based on who has logged into the system.
Session("PasswordAccess")
Session("Access_Level")
Session("Admin")
Session("Active")
Session("Expiration_Date")
Session("User_ID")
Session("Groups")
Session("Redirection_URL")
Session("Password")
Session("Username")
Session("First_Name")
Session("Last_Name")
Session("Company_Name")
Session("Email")
Session("Address")
Session("City")
Session("State_Province")
Session("Zipcode_Postal_Code")
Session("Phone")
Session("Custom1")
Session("Custom2")
Session("Custom3")
Session("Custom4")
Session("Custom5")
Session("Custom6")
You can display them on a page at any time using Response.Write like so
<% Response.Write(Session("FIRST_NAME")) %>
or like this
<% = Session("LAST_NAME") %>
cwilliams38419.533900463, I like to change my database from access to SQL.
I run the aspbanner.sql in the database and
then I checked the new database tables with the screenshots
from your support info.
Then I make a ODBC Connection and it looks very good,
I logged in and create a zone, but I was not able to
store it.
I got the following message:
Microsoft OLE DB Provider for ODBC Drivers- Fehler '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server] Bei der Konvertierung eines char-Datentyps in einen datetime-Datentyp liegt der datetime-Wert ausserhalb des gütigen Bereichs.
/adserve/aspbanner/appinfo_inc.asp, line121
Please can anyone help me, that aspbanner also run on my SQL Server ?
Best regards Josef Raschko , One last thing..
This is bad
http://www.bones.myftpsite.net/rfamilystuff/pictures/
there are .asp files in there people can run that you dont want people running..
u should delete the asp files in there or turn off directory listing...
take care,
CJW
, How do I customize the validation email that is sent to users when they first register?, not sure, I havent used 2005 yet
seems like the process should be fairly similar.. you'll have to figure it out
I am going to order a copy of it., Hi Chris,
We installed our key onto the live server.
However, since our temp key has expired, we can't access our application on our development machine because the login won't work anywhere except on the live server.
Of course we can access the application on dev, if we remove the aspprotect tags, but if we need to log in to do something unique to the user, then we have a problem.
Can we get another temp key from you? And would there be a better long term solution to this debug/maintanence issue?
--JP
, I assume you mean 500 pixels wide
no.. because you cant reliably tell a pictures image width without an image resizing component to look it up.. asp can not do things like that on its own
serverobjects has a free component called "imagesize" that can do it as well but you need access to the server to install the component
http://www.serverobjects.com/products.htm
so if you cant do that with regular asp code you definetly can not stop the upload proces because the picture is too wide..
heck, that would be nearly imposible to do regardless.. even with the best 3rd party components at your disposal
even with an image resizing component you would have to allow the upload.. then check the pixel width.. then delete it.. tell the user what is going on...etc etc .. all a very complicated process
, I'm trying to use CDOSYS.
It seems to work fine on the web page, however the mail never gets
delivered.
I can see my messages sitting in c:\inetpub\mailroot\pickup but they never leave it.
I found another folder after doing a search for "pickup".... it is:
d:\program files\Exchsrvr\Mailroot\vsi 1\PickUp If I paste the files
into there, they get delivered.
How can I get the email to be delivered without doing the cut and paste?
I've tried it both with and without authorization.
I am running a Windows 2000 server with Exchange 2000.
Thanks.
, Can I have the logon be in a top frame while having the protected pages displayed in a main frame?
Using frames with forms based authentication is not the best thing to be doing. Your much better off not using frames and using includes files to do a virtual frames sort of thing (search google) but if you are going to use frames I would suggest password protecting the frameset page as well as any pages it contains.
If you want to have a login form in a non protected top frame all the time.. that posts to a lower frame that is password protected.. you would do this
http://support.cjwsoft.com/code/moreinfo169-1.htm
but change the target of the form to one of your frames
personally though I think that would be a somewhat goofy setup to have going on
Also, how will it behave if a user moves in between a protected page to a public page and back to the protected page again?
As long as they have cookies enabled which is required for session variables to work... then you will have no issues because once they come back to a page they have permission to they will just be allowed in without login.. at least while that session is still active.. or for a longer time if they choose the remeber me option which keeps track of them with a cookie .
Really, the best thing to do is expirment and see how things behave.
, "I can login for the first time."
when you say that what exactly does that mean, because in this version you do not just log in for the 1st time.
What I am saying is there are steps where you run a special page to intially get into the system, then you setup a new user, then you make them an admin, and then you can log in as them.
You left all of that out of your story...
I really need all details in order to help.. is this an upgrade or a new install, etc etc etc
I would also advise very carefully comparing the fields in your sql database to the sql creation scripts to make sure all the field settings are correct.
Lastly, please tell me what name/email you ordered the product under so I can check your purchase.
Thanks, Hello dear Chris
I can login for the first time. I exit from the browser and then I cannot login again. This happens for every user.
I noticed that the values in the fields "Login_limit" and "Active" in
the ASPP_Users table in the SQL changed to NULL and 0 when login and
remained in those values after close the browser.
If manually I change the values it is ok but the problem repeated.
Thank you in advance.
, They send an email?
Hope my spam killer didn't zap it...
, You know what, you really are frigin goofy to say you might think we
didn't write the software. I got source code to the license dll as well
as about 12 revisions of the application sitting on my development
server as well as about 1200 emails between John & Myself as we
worked on it. Not to mention all those .vb files that come with the
application. What do you think those are ? I bet you don't even really
know based on something you said in one of your earlier forum posts.
Did you even read this cause this is YOU... !!!
http://support.cjwsoft.com/code/moreinfo234-1.htm
And we say right on the ASPProtect.NET product page to read that article before making a purchase.
Moving
on... it basically says on the site ASPProtect.NET works the way
it is shown to work. You can use it that way or you can further edit
the code with Visual Studio.NET. If you are so good with asp.net then
you should be editing the code to work differently or writing your own
authentication that works exactly how you want it to. End of story. You
keep arguing about things your done... you are so done !!! I won't keep
putting up with you., Chris:
I just got done trying it myself and it worked great for me too. I was aware of the security issue, but I'd already planned on using SSL for this particular call, as well as for the secured pages accessed through the normal process, so the bad guys will be kept at bay.
Thanks for the help.
, did anyone find a way to get the descriptions to show under the image yet?
, [QUOTE=cwilliams]
It should be released sometime late May 2004 or early June 2004 but no gurantees as I am pretty busy right now with some projects.
There will be upgrade instructions and it should be a fairly easy upgrade.
[/QUOTE]
Like I said no guarantee... I have a lot of things going on... it might not even be finished till the end of July... customers will always be able to get it for the difference in price
You have the version listed on the site when you purchassed it.
Version 3.0
cwilliams38167.6469328704, CDOSYS is the way to go usually...
My article may shed some light on the different ways to send email using CDOSYS
http://www.powerasp.com/content/new/sending_email_cdosys.asp
As for eliminating the registration its pretty much like what you said.. manually remove the links and what not... etc etc and dont send users to the registration pages..
If you dont want people to be able to edit their info ever... or retrieve lost passwords.. you can delete the users folder completely..
though it's probably better to leave some of that stuff and just disable the registration links and page...
The paypal and 2checkout folders can be wiped out completley either way as you won't be using them at all. , The count is in the album area where the small pictures and description of album. Viewed 1 time(s) This count never changes.
Thanks
John
, <%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
Response.Write(Session("Groups"))
%>
, I checked through the code and could not find anything as well.
However, I do think it may be related somehow to the code as I get the messages popping up in the error log only after I have edited a banner.
If there is nothing obvious, I may just set my error log to filter and automatically delete this type of error. Not something I prefer to do.
Thanks for the quick response.
Otherwise the program is working very well and I'm happy with it.
, If you are developing using Windows 2003 Server and running the NTFS file system setting proper permissions on a folder in your website is done like so.
using "my computer" browse to the folder in your web that you need to set permissions on.
Right click on that folder and then choose the "security" tab.
Give the "Internet Guest Account" Modify Permissions
This will check all the boxes under modify as well.
You can also give permissions to the everyone account and accomplish the same thing.
Other things to note:
If you are using ASP.NET you need to give permissions to an account called ASPNET. It wont show up in the user list. You'll need to click "add" and then type in "ASPNET"
In some cases you may want to go into the advanced tab and check both checkboxes shown in order to make sure the permissions you need get set. It really all depends on the situation.
cwilliams38342.7343981481, ALL FIXED.. tested with real paypal accounts and a live system
works perfectly
THIS FIX IS ONLY FOR PAYPAL SUBSCRIPTIONS
Download this file "ipn.asp" and put it in the "paypal_sub_signup" folder
2005-03-10_164645_aspprotect_subscription_fix.zip
Basically somehow an older version of the this file was in the original download archive.
I am VERY SORRY
Anyone who purchased ASPProtect 7 before March 11, 2005 should download this fix.
cwilliams38421.7018055556, Thank you! I thought that is what had to be done, just didn't want to miss out on a short cut if there was one. Thanks again, Yes, you are right.
We have now tested it using the DSN less connection with Access 2002 and it works fine. We have also tested it again with a DSN using 2002 and this also seems to work.
The comment about speed is a consideration although I have not noticed any differences. ( we only have a few database entries at this time).
Thanks for your help
, I didn't know about it. I will try to check it out some more this week.
, I posted this in the wrong forum. Sorry.
I have installed ASPProtect on a client's website and I have been
notified that some of their customers have been unable to login to the
protected pages.
On testing it seems that the issues seem to be related to how cookies are being stored by IE 6.
ASPProtect is being used to protect particular template files within a
Content Mangement System. 90% of the time it is working fine but on the
odd occassion particular cutomers are unabe to login.
After quite a bit of testing I have managed to find the scenario in
which it starts to have problems and was hoping you may be able to
provide a solution.
If a customer enters the wrong password, then reenters the correct
username and password, they receive a message "template can not be
found" from the Content Management System. This message is generated
when a url is entered that contains a link to a template file that does
not exist. In this case the template does exist. If I remove the
ASPProtect code the page opens without error.
Everytime they re-enter the details they receive the same message.
If they close down the browser and then reenter the correct details in some instances the page will open correctly.
More often than not, they have to delete cookies and temporary files
and close the browser. This seems to fix the problem again for
most users. For users who's web access is heavily cached by an internal
server, even this does not work.
Have you come across this problem before and can you suggest a remedy.
If you can email me privately I can give you the URL and access codes.
Thanks,
Stuart
, just leave the databse where it is, use the connection string generated for you and most importantly... put in a request with alentus for permissions to be set
tell them "D:\Websites\www.mysite.com\aspprotect\data" and all of its child folders need change permissions (r,w,x,d) set so aspprotect can do its thing
until the permissions are set that connection string can not work
this is all noted in the installation docs...
, the sql databse is the same.. the sql script is the same for any version
as the site says they are essentially the same app with very minor changes... if you are trying to share the same sql database with both it's not gonna happen because the table names are the same
truthfully:
that app runs nealry as well with msaccess as it does with sql so I wouldnt get too excited about running it withe sql. You will not see any benefits unless you have a ton of simultaneus (sp) users.
The pages in the ASProtect Full version that have emailing code in them are as follows.
I am getting the same error looking at the previous post, I looked in settings and my Registration-URL is pointing at the correct location.
