Blog Entry: 3/25/2006 1:47:35 PM
i've got a client who has handed me a 151 character banner URL, and i see that the database is designed to take 150 characters. i took the obvious step of just increasing the size of that text field in the database, but i still get this error when i try to enter the URL in the proper form field:
Multiple-step OLE DB operation generated errors. Check each OLE DB status value, if available. No work was done.
/banners/aspbanner/save_banner.asp, line 200
now, line 200 is just this:
If Banner_Link_URL = "" THEN
CmdEditBanner.Fields("Banner_Link_URL") = NULL
Else
CmdEditBanner.Fields("Banner_Link_URL") = Banner_Link_URL
End If
which tells me that something is blocking the assignment of that long value to that field, even though i believed i had extended the length of that field in the source database.
where else might i look?
, Awesome -thanks - I'll give it a try ,
Hello,
I have ASPprotect 7 installed on my remote server. I am able to go to the examples/default.asp page and login in without any difficulties. If I copy the code from that page and paste it in a new page called the same thing but in a different folder, I get this error; (Keep in mind that this is essentially the same exact page in a different location of the website)
Error Type:
Active Server Pages, ASP 0126 (0x80004005)
The include file '../../check_user_inc.asp' was not found.
/aspprotect/Pages/default.asp, line 3
I get the same error if I paste the "protection code" I have generated into the top of a current (.asp) page in my site.
Basically, the only pages that work are the ones that came with the program as examples. Thats great, but now I need to make it work for my pages. Any thoughts?
, Noted:
I actually did not think you did.
As far as debugging goes.. thats all built into visual studio.net.
There is a tag you edit in the web.config file to enable project debugging
http://support.cjwsoft.com/code/moreinfo251-1.htm
Like I said though for changes to ASPProtect.NET I'd start off from scratch and stick with vb.net... using the visual.studio.net interface is not really vary hard to remove and change things you dont' need even if you are a C# coder. Especially simple stuff like you mentioned. , No problem. I get it now.
I added a Session Variable for "Counter". Then wrote an If statement around that. When the user logs on for the first time they see a window pop, after that the normal start page.
Thanks
, Actually this was rather easy to fix. Once you restrict the permissions on the folder, open up IIS admin. Goto the selected folder, and right click/properties. Once there you modify directory listing and add defauly.asp to documents. This will provide an automatic load with you enter in the unmask route.  , Editing using Visual Studio.NET
Here are directions for editing the application using Visual Studio.NET
2002 or 2003 version.. either should work
Some of you are wondering why I didnt just give you the project files.
It is best you go through this process and really understand what is going on.
Also, I dont use VS 2002 so I wouldnt be able to give you project files that would work with that. Not to mention there is 100% chance my prject files wouldn't work for you anyway because of path differences and other things.
Anyway.. on with the instructions...
1st.. make sure IIS, ASP.NET, .NET Framework, and Visual Studio.NET are all installed correctly and up to date.
Open Visual Studio.NET
File - New Project
Select a New Visual Basic ASP.NET web application.
give the new web to be created a name.. I called mine "aspprotectdotnet"
Hit Ok..
Now. once the project opens up we need to delete a few things in the solution explorer window.
So delete "webform1.aspx" , "deletestyles.css", "Global.asax", "AssemblyInfo.vb", and "web.config"
Basically all the files under the project...
Now... you should have the aspprotect.net files unzipped somewhere on you hard drive...
open that folder and select all the files and folders like so
Now drag those selected files and folders to the solution explorer window of Visual Studio.NET right on to the name of the web. In my case "aspprotectdotnet"
It might say this folder already contains a folder names Bins.. just tell it to copy over and continue on any prompts like that.
You'll notice your project is now populated.
Open up the references tab in the solution explorer window as we need to add some references to the dlls in the bin folder of this project. This is needed so the compile process and function correctly.
Right click on references.. click add reference
Then browse....browse on your hard drive to the location of the new web and the bin folder within it.
In my case... "C:\Inetpub\wwwroot\aspprotectnet\bin"
Choose "aspprotectlicense.dll"
Hit open...
Now do the same thing again until you have added all the dlls in that bin folder to the references..
Now.. click add-references again and this time choose
"system.management" from the choices in the .NET tab
Once all of that is done your references should look like this
Now in the Visual Studio.NET menu system up top..
Choose Build - Build Solution
If you did everything right you will see something like this in the build window
------ Build started: Project: aspprotectdotnet, Configuration: Debug .NET ------
Preparing resources...
Updating references...
Performing main compilation...
Building satellite assemblies...
---------------------- Done ----------------------
Build: 1 succeeded, 0 failed, 0 skipped
You now have the visual studio side of things all set up.
To make the project actually run we now have to set some permissions and edit the web.config file.
Using windows explorer browse to the web the app is in. Right click on the "_database" folder and give that folder and all the child folders within it. Modify permissions for both the Anonymous webserver account and the ASPNET account. These accounts might not show up until you dig into the advanced tab and click find now to show all the accounts on the machine.
Permissions screen looks like this...
Once that is done go back the solution explorer window in visual studio.
Open the docs folder.. right click on "sysdiag.aspx" and choose view in browser.
It should complie the project again.. and then run that page in either the internal or external browser depending on how you have that set up.
That page will report back path information.
"BTW.. for security reasons this page should be removed from any production server after installation is complete.. this is very important"
In my case it looks like this.
Probabale AppRootPhysicalPath
c:\inetpub\wwwroot\aspprotectdotnet
Probabale AppRootUrlPath
http://localhost/aspprotectdotnet
Probabale Path to Access Database
c:\inetpub\wwwroot\aspprotectdotnet\_database\aspprotectnet2 002.mdb
Now we need to edit the web.config file... your going to need to know some of the path information above.
In solution explorer double click on web.config.
Now edit the AppRootPhysicalPath, AppRootUrlPath, and CN keys accordingly.
In my case they will look like this.
<!-- PATHS USED BY THE SYSTEM -->
<add key="AppRootPhysicalPath" value="c:\inetpub\wwwroot\aspprotectdotnet" />
<add key="AppRootUrlPath" value="http://localhost/aspprotectdotnet" />
<!-- MICROSOFT ACCESS KEY -->
<add key="Cn" value="Driver={Microsoft Access Driver (*.mdb)};Dbq= c:\inetpub\wwwroot\aspprotectdotnet\_database\aspprotectnet2 002.mdb;Uid=admin;Pwd=" />
Now.. because our web is really not in the root of our virtual directory which starts at "inetpub/wwwroot" we need to edit another tag in this file.
Find the forms tag near the bottom.
<forms name=".aspprotect~net" loginUrl="/aspprotectlogin.aspx" protection="All" timeout="60" path="/" />
Change it to say this
<forms name=".aspprotect~net" loginUrl="/aspprotectdotnet/aspprotectlogin.aspx" protection="All" timeout="60" path="/" />
Notice tha part in bold that we added.
Now, you may also want to check the temp license key info while you are in that file and make sure it is not expired but I am not going to get into that here.
Now save and close that file and do a compile again.
In solution explorer open up the "aspprotectadmin" folder.
Right click on default.aspx and click browse
You should see the login prompt in your web browser..
Log in with
admin
temp
all lower case
You should see the users screen of the application,
Click on the system info tab up in the top left... make sure all those paths are correct and save it.
Go to the settings page of the admin area. Make sure all those paths/settings are correct and save it.
Congratulations... you just set up a visual studio web project from scratch and our now ready to edit and compile an advanced web application.
From here on your on your own, but feel free to ask questions in the forums as you will probably get help from myself or others who own the software.
One last thing... because we are not in the true root of the web on the development machine the examples in the example folder will need the reference to the "protectpage.ascx" file modified before they will work
It will need to go from
Src="/protectpage.ascx"
to
Src="/aspprotectdotnet/protectpage.ascx"
If this app was installed in the true root of a domain on a real webserver.. you would not have to edit the forms tag in the web config file or change the paths in the examples as they would be correct the way they came , Chris,
I understand. I set it to a lower number that will hopefully be a good balance for the user. I am simply AMAZED at what your software does and I thank you for all you have done.
Jess , Hi Chris
Unfortunately the bl**dy server was down and unavailable for 17 hrs so I couldnt even get to see what the settings were!
It is on, the relevant users appear to have all rights for the data/tempstats folder.
I'm guessing you're going to suggest turning it off and see if the problem still appears.
Colin
, Really, only you or your hosting company would know that information...
It is usally installed in the "_database" folder but the physical path including the drive letter to that can only be known by asking your hosting company or by using server mappath to learn the path on you own.
http://www.powerasp.com/content/hintstips/physical-path.asp
That folder also needs special permissions. The permissions it needs are covered in the documentation for the software and generally only your hosting compnay can set those permissions.
The online support forums here are full of information and resources on correctly setting up data connections. It is ASP 101 and something you really need to have an understanding of.
I am happy to answer questions and try to help, but if you dont want to deal with it or can't we do offer installation services.
http://www.cjwsoft.com/installation_service.asp
, Christopher,
I have a follow-up to this question.
Is there a way to get the photo descriptions to save with actual spaces instead of the HTML space code all of the time?
I know that is does this if you hit Enter while typing a description, because it creates a 'br' tag. The main reason I am asking is because if the user does not enter a line break, the description is saved a single long string and the pic_window.asp page is generated with one long description which makes the page very wide.
I tried to get around this by changing the description style in pic_window.asp to reflect a value like 50% or 200 pixels, and I have tried putting it into a table with a fixed width, but there is no effect.
Thanks!
- Jason , It's probably something I could do for you as a custom project if you are interesting in paying to have that work done, but it is probably not something that will be added to this version of aspbanner as it is in my opinion a feature more suited for a more expensive software package.
It is also difficult to get ASP code to do things on it's own. Scheduling something to run on the server or some other clever scenario is necessary and that usually means it would be unique to each persons setup.
http://www.cjwsoft.com/custom_work.asp
, Ok.. glad you got it working., ok, here is what is going on
you are password protecting an ".asp" page that requires querystring info to run correctly (example - "somepage.asp?ID=3"")
that is something I never intended anyone to do.. while it does handle and repass the querystring info along during successful login it does not re-pass that info during a failed login as you have found out
this is all by design.. the only reason the system re-passes the querystring info at all is because I wanted to make it smart for the sake of the remember me/cookie feature.. so if someone was using that and bookmarked a page deep in your site with querstring info...then when they went back to that bookmark they would get authenticated and still see the page as intended with the querystring info in tact
it was a nice feature never intended to handle any situations other than what I just described...
now...
notice the url in the browser after failing a login.. then logging in successfully.. it is missing the querystring info
that more than anything is what is going on.. browser caching can cause some confusion when dealing with this because the browser likes to return you to the page minus the querstring info... when that happens a simple browser refresh at that time may very well solve the problem and then you see the page you are supposed to see...
To avoid all of this...
One solution to this is to always start people logging in to an ".asp" page that has no querystring info. That way this won't happen. Once they are logged in you can then offer them links to the pages they need to go to. (you of course still want to password protect those pages)
Another solution is to log them into a page with no querystring info and then do a response.redirect to the page with quersytring info.. thus accomplishing the same thing but without the possibility of the issue because of a failed login.
Another solutions is to do checks in your asp page for missing querstring info.. and if it isn't there do something about it like send them somewhere else.. or display a message about there being an error... etc etc
So,basically you don't want to tell people to login into such and such page with querstring info... and providing a username and password..... You can do it but like you found out it can cause an error if they mess up logging in the 1st time. The system just was not designed to handle that. There are complex reasons for that involving security that would just take me too long to explain.
I hope this makes some sense to you.. it is very hard to try and explain , Chris: You are right about a little extra coding to make it work. I am still learning .ASP coding, so I did a little web searching and used IF THEN statments to confirm a member logged in with a valid Access Code. If valid, the protected page executes, with the Member's Name and Access Level on a single line at the top of that page. Looks sharp! If not logged in, or a non member (who found the page via Google), I used a Redirect to send s/he to a login page with optional links as you suggested (http://www.vspa.com/aspprotect/vspa-password-failed.asp) . I couldn't get it to work when using Group Access, but I am sure that is just because I am a novice at .ASP (I will post that example when I figure it out). Meanwhile, here's the code I used that works:
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="dataconn_inc.asp"-->
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!--#INCLUDE FILE="config_inc.asp"-->
<% =Session("First_Name") %> <% =Session("Last_Name") %>:
<%
If Session("Access_Level") = "6" Then
Response.Write "VSPA Active Member Access Level 6"
End If
If Session("Access_Level") = "7" Then
Response.Write "VSPA Life Member Access Level 7"
End If
If Session("Access_Level") = "8" Then
Response.Write "VSPA Officer/Staff Access Level 8"
End If
If Session("Access_Level") < "6" Then
Response.Write "Access Level 1-6 NOT AUTHORIZED RESTRICTED AREA ACCESS"
Response.Redirect("vspa-password-failed.asp")
End If
%><!-- http://www.vspa.com/aspprotect/vspa-password-enter.asp -->
<!-- *** End ASPProtect Code *** -->
<html>
<head>
, I am having problems accessing the admin site at the following URL:
http://www.drsweisberg.com/password_admin/default.asp
It brings up the login page, but when I enter the admin/test, it times out. The DB is the copy with no password and it resides in a directory on the same server hosting the site but it is not in a folder viewable by web users. This is how the dataconn_inc.asp is set:
<%
'*** Below are the only two settings you need to edit in this file
ConnectionString = "DSN=drweisberg;Driver={Microsoft Access Driver (*.mdb)}"
DatabaseType = "MSACCESS"
%>
The ODBC is setup and the IUSR has read/write/modify permissions.
Any help would be greatly appreciated. , There are several pages on my website that a user may go to that are not protected (e.g. home page). If the user has indicated that they want to be saved on this computer (until they explicitly log off), and their 1st entry point is to an unprotected page, how do I determine whether they have logged in before, and extract the info from the cookie / session variables without forcing them to log in or making the entry page protected?
, right..
I had to open up the permissions to get it to work. I now have to go back and uncheck each one for directory listing.. :)
, Hi,
Its just not enough information to go on. I need more details on what is going on. There are a lot of configuration settings in these applications. I really do not know what to make of that screen shot.
My 1st guess is that if you cannot delete a picture that the picture folder does not have delete permissions ??
I also need to mention that I am not sure what this has to do with ASPImage ? ,
I can no longer send e-mails to my configured accounts through aspbanner. It was working for over a year and now it stopped.
At one point I was using CDONTS_Installed but since I moved to a new Windows 2003 server I was told by my ISP that either one of these will work
but neither one works. Can some one assist?
JMAIL_Installed
ASPEMAIL_Installed , I wouldn't bother doing that. If pic uplading doesn't work it is most likely permissions to the directory pictures are uploaded to. If they are not set correctly it will not work. That dir needs the same permissions the database folder needs. , I have connected to countless DB's using my own applications written in dreamweaver and have tested them on my own server and also my web facing one. BUT this seems to be different. no matter what I try I still get this error.
[Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0x440 Thread 0x6b0 DBC 0x1f995bc Jet'.
On both a windows 2000 server and also a windows 2003 server. Also using both DSN and DSN less connection and oledb.
Any help would be greatly apprectiated.
Thanks ,
I am having difficulty properly securing pdf's using 7.x
I used the example file and have been able to secure images and word
docs, but the pdf's give users the error "There was an error opening
this document. The file cannot be found."
The kicker -- it works fine on my computer, just not anyone else's. I
put a link up to the same file without any security and that works on
everyone's computer. The word file links and redirects work too. I've
tried my log-in on other computers, then attempting to download the pdf
and that doesn't work.
The client wants a site where users must register before downloading
pdf's. They should be able to view all the pages without registering.
I don't know what I'm doing wrong. But I can't complete the site until this issue is resolved.
Help appreciated.
, it might also be a good idea for you to try a simple text file writing example like this on your server and see if it hangs as well
http://www.devasp.com/samples/writetofile.asp
for troubleshooting sake
this is sounding more and more like the filesystem object is blocked or disabled on your server , Have you thought about language file so users dont have to go into the code to put it in their language?? , I had a question about user registration and how it works, mainly because I am having a problem.
When a user registers, with the email verification setting, I am assuming that there is supposed to be a new record created in the USERS table in the database. What could cause this not to happen?
Actually, in testing further I found that with the setting at Auto, Manual, or email, the record is not added to the table. And, if I am logged in as admin, the Add User button does not do anything.
I can however edit and delete user records...
Hmmm, adding a Category yields the same thing. And loggin in as a non-admin user still displays some of the menu items for admin, but then gives a page can not be found error if you click on one (ie, approve).
This looks like a db issue to me, I will have to try this with access and on a test server...
Any thoughts?
- Jason
cwilliams38303.8507291667, Windows 2000 server you said ? Just checking on that one ?, "get_me_in.asp" just hangs during a new install. Nothing happens no matter how long you wait and IIS may temporarily hang up as well.
You may very well be running something like norton antivirus with norton script blocker on your server? Or something similar?
It can cause issues when ASP uses the filesystem object and cause never ending page hangs like you are having.
Read this..
http://www.aspfaq.com/show.asp?id=2180, The webpage header for CJWSoft states "Web Development for Win NT/2000 servers" - a little dated cause it works just fine on 2003 too, right? :), Anyway,
How busy your site is actually won't be the only factor. Really the application should not restart unless something happens. If the IIS application is reseting alot it could very well be the ISP restarting the server or doing IISRESETS as well or other sites on the server causing the application pools to restart.. etc etc etc Quality ASP hosting is important. Regardless your hosting company most likely will not admit to anything be out of the ordinary.
As far as that directory deleting itself on you.. I doubt they will have an answer for that one. All I can tell for sure is I didn't put any code to delete it in there. , It's not working because i guess im copying the viewstate also...and it comes up
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. , This is a great article from my old powerasp.com site.
Connections And Server Database Permissions
cwilliams38084.7458217593, Thought that was already done....
Back to the drawing board... , also.. every once in a while I get some nervous person concerned about security... and the pros and cons of having parent paths enabled.
etc etc etc
so let me add this bit of info..
I don’t know what your hosting company will say because it is an iffy topic and those that understand it have a hard time explaining it to someone who doesn't. Also usually the hosting company doesn't have a clue except they heard it was a security risk.
Here is the low down from someone that really understands it...
(well, at least I think I do)
The only real security risks are from YOU and possibly other people hosting on the same server if they have parent paths enabled that is.
Meaning your site visitors can't possibly do anything with it unless of course you let them upload and run their own asp files to the server.
Anyway.. if YOU run malicious asp scripts you could potentially attack other sites on the server and look at things you shouldn't. As could other sites on the same server do to you I suppose.
So, unless you plan on doing that or some other site admin on the server does it to you its not really a concern. Just an advantage in coding abilities.
If you attack someone elses site on the server or lurk where you shouldnt then you are probably violating your hosting agreement.
99% of the time everyone gets all nervous over nothing.. half the people nervous about this have sites nobody would ever want to hack anyway.
Many people with a really important/busy sites are going to have a dedicated server somewhere so the setting is not relevant..
The hosting companies of course have to warn you.
This setting was enabled by default for years on IIS4-IIS5. I never once heard one single real story about anyone attacking anything because of this setting. That doesn't mean it doesn't happen but I am just telling you what I know.
This is all my opinion so take it for what it is...
If you are a Hosting Company your better off turning it on at the customers request, giving them a warning about it, and in turn having happy customers.
The big hosting companies like Alentus and MaximumASP do it...
There are far worse things than this to let people do after all.
Beleive it or not I have actually been in servers where they gave the anonymous webserver acount modify permissions EVERYWHERE yet they disabled parent paths ???? cwilliams38391.6024189815, Okay Chris, I wold like to get rid of the encryption then if it's not too much trouble.
I have no option of running the production server against an ms access db, since the db needs to be online and accessible from another system. , I have seen that happen before though it usually just happens once and then after that it doesn;t show up. It's the asphttp component doing it. The ASPBanner system is not doing it. I would try using banner calling method such as the xml parser method. It's usually installed by default on 200 and 2003 servers. cwilliams38248.6400115741, Well you can put a link on all your pages that links to the login page?
modify the code in the login page so the return page is members.aspx or
whatever you need and thats it?
I dont see your point? probably because I understand how the program works and your not 100% up to speed on how it works.
, After taking another look at this and trying your suggestions without success, it appears that in Windows 2003 server it is nearly impossible to remove the READ ONLY attribute from the _database folder. I'm wonder if this could the cause?
Thanks , I am having difficulties importing new Users.
I have exported the existing list and then copied in the additional users and save the file as text (tab delimited) in Exel.
When I go to import the file (browse then upload) I get the following error:
Microsoft VBScript compilation error '800a03f9'
Expected 'Then'
/aspprotect/password_admin/upload_post.asp, line 6
If Session("Admin") <> "True"
If I upload the text file by FTP and then try to import it it only tends to import the first two existing rows.
All collumns match but not sure if I need to add "User_ID". I have added it and created consequecutive numbers.
Any assistance would be appreciated.
Thanks
, Thanks dude, I'll figure it out. I've been ripping apart pieces
of the code to get it. I'm in the process of pulling some things
out to make functions that do specific tasks based on your code.
I actually had a lot of luck yesterday with it.
,
Timecard Entry: 3/25/2006 1:47:35 PM
Read and responded to appropriate emails, Responding to several emails from WDT! Not sure where this is all going!, Memorial Day, E-mail, voice-mail, following up. Worked on database and data entry of phone #s., Slow on calls, work on neighboirhood supermarkets- gather info and trianing packets- meetingtommorrow at 8:00am
check voice mail/email
, few more calls, one interested customer from slick., Picking up CiSCO router., email, Weekly E-Business Solutions meeting, timecards, captured Rons and did Howard/Andy's, email, phone calls, organized materials for mtg and outlines coverage areas., DEFERIETPAPER.COM
Changes to text, changes to forms, add date, delete fields, add descriptions to forms, add directions to location map,add wet strength specifications
, cont. w/o re-write, new/close out w/o, and every other thing that came up, Took general tech calls, Checked voice mail, watched Radlog - and checked Gisco Issues, lunch, read and sent emails, Researched US Geological Survey Maps
Contacted JM Scheafer to schedule power up, began reading costguard manual. s/w vapco on dsl training for cp's. issued new cpid for digital junction per km in burlington-revised spreadsheet to sw for emerald., MBO's, Madrid Centrex billing issue discussed w/ Carol and I called Bell (left message). Reviewed a fax she sent and looked up data in my laptop., Cancellations and refunds, www.baldwinsvillechamber.com, radlog, dial up issues, Created PVC chart for potential Bell order to upgrade st lawrence radiology. Typed out pricing, faxed info to Kareta at SLR., answering emails and doing callbacks to people who left before i could get back with them the night before..., same as above, Died off about 10pm... called as many of the expiring customers as we could before 9:45., Emailed Dell about my laptop and getting the battery replaced. ,
| 
