A correctly configured Microsoft SQL Database is critical to the correct operation of the ASPBanner system.

Table & Field settings must be exactly the way we set them in the database creation scripts provided with the ASPBanner system.

Below are screenshots of the design view settings for all the tables used in the ASPBanner system in case you want to double check them

In addition to the settings above each table has one field that is a primary key with an auto increment of one

In the screenshots above each of those fields has a yellow key next to it.
If the field does not have yellow primary key icon on you just right click and the option to make it one appears.

The SQL column settings for each one of the primary key fields must be set as follows




In addition to these settings the SQL scripts provided with the system auto populate the Banner_Users table with two users. This is very important because without the Admin user the scripts add you wont be able to log in to the ASPBanner system as an admin.

Triple check the upgrade instructions because I think you missed something important.

line 227 on "/password_admin/save.asp" refers to the "Password" field

the error your getting most likely means it is not there..

Pay close attention to the areas in the upgrade instructions regarding renaming your existing "Password" field to "Old_Password"

Then making a new "Password" field and carefully following the instructions needed to convert your old passwords for use with the new system.

If you don't everything carefully and perfectly this is the sort of error you will get.

Not sure because of the nature of the javascript method

for starters tighten up the html around the banner call

change

<tr>
<td width="460" height="60" align="center" valign="middle" class="imagead">
<!------- ASPBanner Ad code ------------->
<script language="JavaScript">
var code = '';
var now = new Date();
var nIndex = now.getTime();
document.write('<s' + 'cript src=" http://www.nababaseball.com/aspbannernet/aspbanner/injectban ner.aspx?BannerZone=1&nocache=' + nIndex + '">');
document.write('</' + 's' + 'cript>');
</script>
<script language="JavaScript">document.write(jscode);</script >

</td>

to

<tr>
<td width="460" height="60" align="center" valign="middle" class="imagead">
<script language="JavaScript">
var code = '';
var now = new Date();
var nIndex = now.getTime();
document.write('<s' + 'cript src=" http://www.nababaseball.com/aspbannernet/aspbanner/injectban ner.aspx?BannerZone=1&nocache=' + nIndex + '">');
document.write('</' + 's' + 'cript>');
</script>
<script language="JavaScript">document.write(jscode);</script >
</td>

If that doesn't help I would suggest using the ASP 3.0 version of ASPBanner. It can serve banners to a any type of page extension and it runs just as well as the .NET version. There is a new iframe method for calling banners that you can try instead of the javascript. The iframe method is explained in the ASPBanner Unlimited section of the forum.

The only other thing I can think of if you are not getting any errors.

Is that you may have the path to the server include file correct but ASP server side code is not executing in that part of your web site.

You can do a simple test to tell if it is...

Make a simple ".asp" page in the same folder.

Put only this code in it.

<% Response.Write ("ASP is executing") %>

then run the page via the web browser thru the server..

If the text prints out ASP is running... if you don't see anything it is not

Can we get access to the source project files for ASPProtect.net since we'd like to put in some of our own branding on the pages and not everything can be done in HTML.

Thanks

Hi,

I am using the upload_post_VBSCRIPT.asp to upload the pictures. My concern is the security of this. For instance I've seen some sites get hacked by a user uploading a file (going through the same process) and ending up crashing the entire server.

I tried adding .jpeg to the end of a text file (filename.vbs.jpeg) and then uploading it, and the file was actually uploaded. Is this a potential problem?

Thanks

S

Hi,

Actually that is not a feature at this time. Only the admin can add an image for user. If you look at the code for that you could adapt it for individual user use fairly easily provided you are decent with ASP.

That feature will probably be added some day, but there was no time to add it to into the current version and I can not give you a time on when it will be added. The complicated part is making some sort of approval process in case a user adds something undesirable and also limited file sizes which is hard to do without somesort of 3rd party uplaod component being involved.

its one or the other... you cant protect upload.asp at the same time if upload.asp is included in another page..

I mean sure you can protect upload.asp from running when another page calls it by password protecting the page calling it.

And sure you can protect upload.asp by itself if it also runs all by itself. But you can not include the "check_user_inc.asp" more than once in any order of execution scenario. That includes pages being included.

Generally anytime a page is included in another that included page is not meant to run by itself and wouldn't produce any outcome if run by itself so this would never be an issue.

if you don't want "upload.asp" to ever be run by itself in that scenario put it somewhere in your web site that is not web browser accessible.

I would also suggest you look into using Virtual includes. It will save you a lot of time figuring out this sort of thing "../../../../../" becuase once you figure out the virtual include path you can use the same server side include from any directory level.

http://www.powerasp.com/content/code-snippets/includes.asp

I have a user who is trying to login. However, I am getting a error that I can't seem to find.
Username: executive.barcheski
Password: executive@amcpc.com

Encrypted Password: Ū?=¨`Ł…Ü

Error on check_user_inc.asp line 114

If (Request.Cookies("PASSWORDSYSTEMCOOKIE")("KEEPMESIGNEDIN") = "True") And (Request.Cookies("PASSWORDSYSTEMCOOKIE")("COOKIE_USERNAME") <> "") And KeepSignedInOption And Status <> "Checkem" Then
CheckUserSQL = "SELECT " & tbl_label_users & ".* FROM " & tbl_label_users & " WHERE (Username = '" & RC4(Request.Cookies("PASSWORDSYSTEMCOOKIE")("COOKIE_USERNAME "), CookieEncryptionKey) & "') And (Password = '" & Replace(RC4(RC4(Request.Cookies("PASSWORDSYSTEMCOOKIE")("COO KIE_PASSWORD"), CookieEncryptionKey), PasswordEncryptionKey),"'","''") & "')"
Else
CheckUserSQL = "SELECT " & tbl_label_users & ".* FROM " & tbl_label_users & " WHERE (Username = '" & Username & "') AND (Password = '" & Replace(RC4(Password, PasswordEncryptionKey),"'","''") & "')"
End If

CmdCheckUser.Open CheckUserSQL, ConnPasswords

error received: unclosed quote after 'Ū?=¨

Any ideas

Jason Johnson

that wont work the way you did it because groups are not stored like like.

groups are stored "*1*"
or "*1*,*9,*"

so if you test for them you must do so using the InStr function of vbscript

example:

If InStr(Session("Groups"),"*1*") Then
    ' do whatever
End If

also.. as for the session variable
it should be    Session("Groups")

And in Version 6.... (its all ready to go in version 7) that session variable must be saved in the check_user_inc.asp file near where all the others are saved. If it is not there by default "I dont remember if it is or not" you have to add it like so near where all the others are saved

Session("Groups") = CmdCheckUser("Groups")

If you are wondering if it is being saved correctly you can always response.write out the Session("Groups") to see if it holds a value

Well, thats not normal.
(it should work just like our online demo does)

Do you have everything turned on in the settings ?

Uploading needs to be enabled and you also have to pick a valid upload method.

--------------------------------------------
(( TRY THIS AT YOUR OWN RISK !!))
--------------------------------------------

2004-08-19_122127_ASPBanner_V7.3_code_banner_encode_decode_m od.zip

This is an Expirmental MOD for ASPBanner Version 7.3 Only
Do not use it on other versions....

It encodes CODE Banner information before saving it into the application variables that handle banner rotation. It then decodes that information before displaying them on your web pages.

The reason for this is SOME very complex javascript does not always save correctly into the application variables that rotate banners (even when not using the JavaScript Method to display the banners)

This way the javascript or whatever you entered comes out on your web page exactly as you entered it and runs correctly.. but there is little more processing going on to handle the encoding and decoding. But its probably nothing to worry about and won't effect performance at all.

Unless your having a problem don't use this mod. It is not officially supported in any way.

-- DIRECTIONS --

( COPY THESE FILES INTO YOUR ASPBANNER DIRECTORY AND BACK UP ALL THE FILES THAT YOU WILL BE REPLACING ))
(( SO YOU CAN REVERT BACK IF THERE IS TROUBLE ))

If you are wondering if the "appinfo_inc.asp" included has the weight banner bug fix applied to it already. That is a bug mentioned in our forums

ALSO:

(( YOU CAN NOT USE THE INCLUDE METHODS OF CALLING BANNERS WITH THIS CODE ))

(( YOU CAN NOT USE THE JAVASCRIPT METHOD OF CALLING BANNERS WITH THIS CODE ))

(( USE ONE OF THE OTHER METHODS ))

All this being said installing the desktop version of SQL may be a little tricky as it may complain that your SA account needs a strict password.

The solution is to run the SQL Desktop setup.exe with some parameters specifying a password for the SA account.

So you go to the command prompt or make a shortcut to the setup file and run something like this

setup.exe SAPWD="YourPassword"

minus the quotes...

I got that info from this article and it worked fine
http://www.experts-exchange.com/Databases/Q_21036508.html

The other thing to remember is it might take a reboot to actually see the SQL server icon running in the taskbar. You may also need to go into the administrative services and enable the "SQLSERVERAGENT" as well as set its startup type to "automatic"

And a reboot here and there..

Whammo... your in business...

Three questions here:

1. I am having a problem with characters being displayed properly when viewing listings. Some alphabet characters and punctuation characters do not display properly when viewing the pages.

Sample here:

http://www.hibari2.com/lanoitanretni/kokusai_profiles/view_i tem.asp?Ad_ID=102&CatLevel=2&Cat1_ID=3&Cat2_ID=& amp; amp; amp; amp;Cat3_ID=&Cat4_ID=&FromSearch=True&SearchPage =%2Flanoitanretni%2Fkokusai%5Fprofiles%2Fdefault%2Easp%3FCat Level%3D2%26Cat1%5FID%3D3

In the access database I was looking at the properties for the ‘Ad_Custom’ fields. Unicode Compression is 'Yes' but IME Mode is set to 'No Control'. I wonder by changing this to ‘Hiragana’ if will solve the issue.

Note: the essays are typed in English on computer with Japanese OS, and then pasted up. Even though they are typed in English, there are several setting that may affect the output.

2. I want to reverse sort order for listings instead of listing 4, 5, 6, 7, I’d like to sort 7, 6, 5, 4… Could you tell me which page has to be edited, and in simplest terms what has to be changed?

3. Also, I’d like to increase the default display of ‘items per page’ from 25 to 100. Could you tell me which page has to be edited, and in simplest terms what has to be changed?

Thanks

I understand the encryption for security, but I am using ASPP for a very low security function and don't want encryption.

Can't I simply delete the code that does encryption?

If not, how can I

take my ASPProtect_access2002.mdb that was opened on my local host, with my own users added with text passwords,

export to a delimited text file, import it into ASPP with my own passwords encrypted, the use that file instead of my old .mdb file? Thanks

actually  I just went to it again and it was somewhat slow coming up this time..

perhaps you have some issues with the sql database.

it should be instant.. like this one I run on my server
http://banserver.powerasp.com/aspbanner/

I suppose it could also have something to do with sql server resources but its hard to say..

when I go to that url is seems fairly fast and somewhat normal.. even when I try to log in it pops right back up asking for login info again..

I would check to make sure you are not running anything that might be effecting your web browsing.. software firewalls.. ad blockers.. script blockers... norton internet security.. zone alarm... anything like that

they can all effect a lot of things regarding how web browsers act.

ok...

you got problems if you cant import a file created by the system..

You using SQL or MSACCESS and do any of the users data have apostraphes in it ?

(Capcha Security Image Mod)

This mod will add a Capcha Security Image to the registration signup form.



Instructions:

Download the latest version of the ASP Security Image Generator from this site. http://www.tipstricks.org/

Unzip that download and copy "aspcaptcha.asp" and "aspcaptcha_distort.asp" into the aspprotect "users" folder.

Now edit "users/register.asp" with a text editor and add the code shown below in blue. The code to add goes near the bottom of the form right above the submit button. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.


    <tr>
      <td valign="top" align="right"><font face="Arial" size="2"><strong>
  Newsletter</strong></font></td> ; ; ; ; ; ; ;
      <td valign="top">
  <input type="checkbox" name="Newsletter" value="True" checked>
  <font face="Arial" size="1">Do you want to be subscribed to the
  newsletter ?</font></td>
    </tr>

    <tr>
      <td valign="top" align="right"></td>
      <td valign="top">&nbsp;<img src="aspcaptcha.asp" alt="" width="86" height="21" />
   <font face="Arial" size="2" color="#000000">Type the characters shown in image for verification.</font><br>
   <input name="strCAPTCHA" type="text" id="strCAPTCHA" maxlength="8" /></td>
    </tr>

    <tr>
      <td colspan="2" bgcolor="#FFFFFF">
        <p align="center"><input type="submit" value="Register"></p>
      </td>
    </tr>


ok, now edit "users/add_new_account.asp" with a text editor and add the code shown below in blue. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.

If User_Custom6_Used = True Then
 If User_Custom6_Required = True Then
  If  Custom6 = "" Then
   ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a " & User_Custom6_Name &".\n\n")
  End IF
 End If
End If
 
 strCAPTCHA = Trim(Request.Form("strCAPTCHA"))
 if strCAPTCHA = Trim(Session("CAPTCHA_" & Session.SessionID)) then
 else
  ErrorMessage = ErrorMessage & Server.URLEncode("You did not type in the verification info correctly.\n\n")
 End If 
 
If ErrorMessage <> "" Then
 Response.Redirect "register.asp?" & Request.Form & "&ErrorMessage=" & ErrorMessage
 Response.End
End If

Your done. You just added a Capcha Security Image to your signup form. If you would like a more distorted image that is more difficult for an automated program to figure out change the image tag to call the "aspcaptcha_distort.asp" page instead. It will look more like this.

if it is your own XP machine there is no reason you should edit that config file manually.

simply set permissions on the data folder and all the folders in it and the application will write to the config files on its own... if you are having problems chances are you are not setting permissions correctly.. please read all of this
http://support.cjwsoft.com/code/moreinfo56-1.htm

if is not an XP machine (your post was confusing and I am not sure) then this is an article for 2003 server
http://support.cjwsoft.com/code/moreinfo136-1.htm

Most importantly whats the real error ? error 500 does not help figure out anything
http://support.cjwsoft.com/code/moreinfo11-1.htm

lastly make sure you go into iis and make that web its own application

The pages in the ASProtect Full version that have emailing code in them are as follows.

password_admin/email_user.asp

password_admin/send_mass_email.asp

users/add_new_account.asp

users/email_password.asp

I did the initial steps of downloading the sql scripts and running it in Query Analyser, tables created fine.

I can login for the first time. I exit from the browser and then I cannot login again. This happens for every user and admin.
I noticed that the values in the fields "Login_limit" and "Active" in the ASPP_Users table in the SQL changed to NULL and 0 when login and remained in those values after close the browser.

So iam just struck not able to log in. Pls advice.

Christopher,

Thanks for the reply. I think I've found my problem, but can't test until later in the evening as it is on a live site.

Darrell

Hi,

We use ASP Protect 6.0 and the database is SQL Server. Our hosting company is charging a lot for daily and weekly backups for everything. Which directories/folders do we need to backup daily and weekly incase something happenes to the site and we need to restore and get the password-protected are that works with ASP Protect to get working.

I have reviewed the permissions requirements for folders from the support documentation but do not see the 'internal guest' account shown in our system to allow internet access to read/write to the access database. 

How else can we locate the proper account (or is it possible there is none?) to use to allow permissions to access the Data directory if it doesn't show up as 'Internal Guest'?

User Information

After a user logs in there are variables that you can always access.
They can be used to check various things or to display information
dynamically based on who has logged into the system.

   Session("PasswordAccess")
   Session("Access_Level")
   Session("Admin")
   Session("Active")
   Session("Expiration_Date")
   Session("User_ID")
   Session("Groups")
   Session("Redirection_URL")
   Session("Password")
   Session("Username")
   Session("First_Name")
   Session("Last_Name")
   Session("Company_Name")
   Session("Email")
   Session("Address")
   Session("City")
   Session("State_Province")
   Session("Zipcode_Postal_Code")
   Session("Phone")
   Session("Custom1")
   Session("Custom2")
   Session("Custom3")
   Session("Custom4")
   Session("Custom5")
   Session("Custom6")

You can display them on a page at any time using Response.Write like so

<% Response.Write(Session("FIRST_NAME")) %>

or like this

<% = Session("LAST_NAME") %>

I assume you mean 500 pixels wide

no.. because you cant reliably tell a pictures image width without an image resizing component to look it up.. asp can not do things like that on its own

serverobjects has a free component called "imagesize" that can do it as well but you need access to the server to install the component
http://www.serverobjects.com/products.htm

so if you cant do that with regular asp code you definetly can not stop the upload proces because the picture is too wide..

heck, that would be nearly imposible to do regardless.. even with the best 3rd party components at your disposal

even with an image resizing component you would have to allow the upload.. then check the pixel width.. then delete it.. tell the user what is going on...etc etc  .. all a very complicated process

That would be great.

I am sure you know that many virus that are sent via email have the same property. (double extension). The code can be executed even though Windows identifies them as simple text files etc.

Thanks again

There are 8 Access Levels by default.. they work like this.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=166& ; ; ;PN=1

Access Levels exist in ASPProtect Version 7 for backward compatibilty for customers using previous versions.

Truth is Groups are the replacement for Access Levels and they are much more powerful and flexible. You can also make as many of them as you want in the admin area.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=167& ; ; ;PN=1

On a side note:
We also coded ASPProtect Version 7 so there could technically be as many access levels as you wanted. It's not supported but if you really wanted more Access Levels you would carefully add more Access Levels to the drop down choices when you edit a user. "edit.asp"

I don't know why anyone would want to use Access Levels however when they can use Groups.

I'm having an issue importing. It moves the images from the /import folder and creates the thumbnails with no problem, but the full-size photos all have a size of 0 bytes.

http://www.larrysampas.com/gallery2/default.asp?CatLevel=2&a mp;Cat1_ID=1

Just to let you know that i figured out my problem. I had to modify the connection in the email code and get the correct path from my provider.

I hope you enjoyed your vacation.

Thank you
Adam