Blog Entry: 3/25/2006 1:50:16 PM
Thanks for the information. We added the name manually instead of using the App_Name variable., We do not support customization of the code or any custom coding you may end up doing with Visual Studio.NET. However, if you can show me that the application functions incorrectly in its default unmodified form I can help. If not it has to be something you did most likely.
Though I do not if it is the issue, mixing c# and vb.net in the same project can be tricky if not problematic. It’s definitely just not something I can support.
If you have not seen it we have tuturial on setting up the project in visual studio.net.
http://support.cjwsoft.com/code/moreinfo85-1.htm
I would suggest starting with a clean installation. Test everything to make sure the things you say are ok or not. (if not post here about it) Then try your hand at editing the application and compiling it. Keep the c# out of the mix at 1st.
I am not even sure if adding c# to the same project is feasable.
(maybe it is , maybe it isn't)
That being said.. ASPProtect.NET can of course be used to protect pages using c#. But compiling the ASPProtect.NET project with C# code added sounds a bit iffy to me. We wrote the application in VB.NET so you really need to use vb.net when making changes to it. ,
humm, yea thats a data connection error..
really not related to the asp code in the application for the most part.
that is low level
If using MSACCESS
I would make sure permissions are set correctly on the database folder (not just the database file itself)
I would make sure your using at least a 2000 version of the database. 2003-2003 format being better..
I would make sure the server has up to date mdac/odbc drivers.. (that is really the server admins responsibility)
As for permissions there are articles in our forums about exactly how they need to be set. Improper permissions can cause a ton of random errors like that.
cwilliams38414.6528240741, That would not happen unless you added a target to the login form or you're code had a base target set.
Like so..
<base target="_blank">
I would really need more detailed information. It's nothing the system does the way it ships under normal circumstances. For example you shouldn't see that behavior in any of the example protected ".asp" pages
that is unless you have something odd going on with your browser settings or you made changes to the login form or code around it causing it. (or you are using frames and dont have some of the targets and what not set correctly)
My guess is that it has to be something you added or did, but I really need to know more to offer more than that.
cwilliams38419.7687152778, I'm using the groups protect feature on my pages. None of them seem to close the session after clicking 'logoff'. I can tell because if I hit the back button and return to the group-protected page, hit 'refresh', the page refreshes, I'm not asked to log in again.
On the other hand, when I open a page that's protected by an access level and click 'logoff' (uses same logoff asp file to logoff), it seems to work fine - if I go back a page and refresh, it asks me to log in.
Just wondering - is anybody else having problems like this? Maybe I screwed something up in the few adjustments I made a while back. Any idea what it might be? , Running in parallel for testing is actually a smart way to do it, but the truth is you don't use anything from version 6 except the upgraded database (we have a tutorial on how to upgrade the database)
Version 7 was a drastic change /rewrite to all of the asp files that come with the application. So you will be starting out with fresh version 7 ".asp" files and folders... You will also find that once you get version 7 running that editing certain things like the look of the users area and the login screens is much easier to do.
That being said any of your own ".asp" pages that you protect use the same protection code they always did, so there will be no drastic changes needed there when you do finalize the upgrade.
If using MSACCESS as the database I suggest installing the application somewhere in your web and using a fresh ASPProtect 7 database. Once you are familiar with the setup and everything is working fine. Attempt the database conversion and when your done stick your converted database in there and see if everything is ok.
Also, if you already purchased the application download the latest version before doing the install. It's the same download URL. If you don't have it email me and I can hook you up. I have added some new features and fixed a couple minor things since it's release.
So far the feedback on version 7 has been awesome.. cwilliams38414.0133680556, Hi all,
I have the photo gallery set up at www.kashabowieoutposts.com/gallery
It's great - love to work with it.
But I've never been able to get those with just User permissions to be able to upload... Only an administrator is successful in uploading. This was no problem in the past, but now this client would like to give their guests a means to share their pictures on their site - so now I have to figure out the bug...
... this is the error I keep getting...
Your upload did not succeed, most likely because your browser does not support Upload via this mechanism.
Your browser must support a standard called RFC 1867. Please check with your browser vendor for support of this standard.
------- anyone else experienced this?
Many thanks all!!
Doug , I am running into problems with the import function. I have 25 photos loaded into the import folder. The page see all of the photos. But after I click on the import process it takes me Picture Manager with no pictures loaded. I have hit the refresh button, but there is nothing there. dr_bones38394.676412037, If you are developing using Windows XP Pro and running the NTFS file system setting proper permissions on a folder in your website requires that you 1st disable simple file sharing.
To do so open up "my computer". At the top open up "tools/folder options"
Then the "view" tab.
Then at the bottom uncheck "use simple file sharing"
After that that is done... using "my computer" browse to the folder in your web that you need to set permissions on.
Right click on that folder and then choose the "security" tab.
(If simple file sharing is on that tab wont be there)
Give the "Internet Guest Account" Modify Permissions
This will check all the boxes under modify as well.
You can also give permissions to the everyone account and accomplish the same thing.
BTW:
If you are using ASP.NET you need to give permissions to an account called ASPNET. It wont show up in the user list. You'll need to click "add" and then type in "ASPNET"
cwilliams38203.582337963, Disallowed Parent Path
The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.
When you get an error like this it is because parent paths are disabled on the web server. This is a setting in the IIS console for your website.
If it is not enabled on you server you will have to ask your host to enable parent paths for your website.
This is what the settings screen looks like on an XP Machine
Additional Information:
It is enabled by default on IIS4-IIS5 but in IIS6 it is disabled by default.
It is a minor security risk to have enabled and some hosts can be difficult about setting it.
Truth is, if your hosting ASP for customers you need to enable this setting if the customer requests it. Especially since 90% of the ASP applications out there require the setting.
Hosting companies should if they are serious about hosting ASP.
If they won't your only option is to go through all the code and convert the file includes to virtual includes.
http://www.powerasp.com/content/code-snippets/includes.asp
The trouble with virtual includes is they are different depending on the layout of your website. (that's why web application developers generally don't use them)
Basically if you are in a sub domain the path for the virtual include is going to be different then if you were in the root.. etc etc
Also.. someone developing on a local machine would need totally different virtual includes on the development server than they would on the live server. Server Side includes are processed before ASP so there is no way to make them SMART, so to speak. Server Side includes are hardcoded and that's that.
In my opinion virtual includes are pretty useless for commercial web based applications... Since you don't know where the customers plan to install the apps.
And YES there are some tricks when designing the applications that make it less of an issue but they are not perfect solutions.
For example...
The virtual include below would work if the application or code was installed in the root
<!--#include virtual = /somefile.asp"-->
But if the application or code was installed in a directory called "somedirectory" the virtual include directive would need to look like this
<!--#include virtual = "/somedirectory/somefile.asp"--> cwilliams38391.6033101852, expiration dates are not used in aspprotect's database when signing someone up using PayPal subscriptions because the PayPal system keeps track of all of that and will automatically send posts to the approtect system if a user needs to be deactivated for not paying or for whatever reason.
As you will notice in that thread about subscriptions the paypal signup data you use for the person determines their membership pricing and details..
http://support.cjwsoft.com/forum/forum_posts.asp?TID=186& ;PN=1
Basically the system takes care of everything.
PayPal takes care of everything.
However you want to look at it.
cwilliams38446.6609953704, ASPProtect 7 Customization Service
As some people seem to have a lot of trouble editing ASP code I am currently willing to consider doing ASP Programming custimization work to the registration pages/database as well as the admin area of ASPProtect Version 7.
things like drop down lists, yes/no fields, new database fields, edit screen additions... etc etc
things that might take an ASP novice forever but I could do in reasonable time.
PM me detailed specs on what you want and will then provide a quote if interested. I get paid via PayPal ahead of time and am charging 40/hour for my time which is a discounted rate. (partially since I am so familiar with the application and partially because you have made a purchase from CJWSoft)
So to be very clear...
You tell me exactly what you want in detail, If I agree and you like the price quote, I get paid, I write the code, you get the code, I fix any minor bugs or errors if I made if any, and everyone is happy. That's the deal.
Pain in the ass people or people not willing to spend money for quality work done quickly need not contact me. I get enough of that as it is and my time is valuable. I also may refuse a job if I don't have time or just don't want to do the work involved. Really how well you describe what you want and the intelligence level vibe I get from you has a lot to do with whether I will do the job or not., the no concurrent login feature is based on IP addresses.. if you logged in again using the same IP address it would let you in regardless. So for example if you were behind a rhome router and logged in to a site on the internet it would nt matter if you had multiple computers at home because they would all have the same external IP address... etc etc
In other words it is tricky to correctly test..
I really need more detailed info on everything going on. I real world scenarios there are no issues with that feature that I know of. At least according to customers so far. ,
I am successfully using ASP protect on our site. I have one question:
The file Check_user_inc.asp looks a bit bland as I can't seem to use the sites Dreamweaver template. If I apply a template to this page, it is duplicated on other pages with this template.
How can I apply a template to this page?
Thanks
Clark
, Is there an easy way to make this work with reoccurring a monthly or yearly subscription? , [QUOTE=cwilliams]I would like to delete the SQL tables and set them up from scratch using enterprise manager and sql query manager and see what happens
If that is ok with you let me know.
Something is wrong like I said... almost seems like the database is caching old password info from the field.[/QUOTE]
Sure go ahead , that's they way it should be done..
the only other thing would have been to test everything with sql before trying to import any data.. and make sure all was fine at that stage
more info on the errors would be helpful.
Id' also carefully visually compare the SQL tables and fields with the SQL scripts and make sure all field types and settings got set correctly.
Also, make sure the user accessign the database has datareader and datawriter permissions of course. , perhaps the filesystem object is disabled on the server ?
or some sort of script blocking is running and causing a problem ?
other than that I can take a look if you put it up on a live server.
, ERROR [HY000] [Microsoft][ODBC Microsoft Access Driver] Operation must use an updateable query.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: Microsoft.Data.Odbc.OdbcException: ERROR [HY000] [Microsoft][ODBC Microsoft Access Driver] Operation must use an updateable query.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. |
Stack Trace:
[OdbcException: ERROR [HY000] [Microsoft][ODBC Microsoft Access Driver] Operation must use an updateable query.]
Microsoft.Data.Odbc.OdbcConnection.HandleError(IntPtr hHandle, SQL_HANDLE hType, RETCODE retcode) +27
Microsoft.Data.Odbc.OdbcCommand.ExecuteReaderObject(CommandB ehavior behavior, String method) +838
Microsoft.Data.Odbc.OdbcCommand.ExecuteNonQuery() +80
aspprotectnet.aspprotectlogin.Login_Click(Object sender, EventArgs e) +2284
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEven tHandler.RaisePostBackEvent(String eventArgument) +57
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +18
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
System.Web.UI.Page.ProcessRequestMain() +1292
|
Version Information: Microsoft .NET Framework Version:1.1.4322.2300; ASP.NET Version:1.1.4322.2300
I am getting this error message when trying to log in as admin or registering a new user. I am using Windows Server 2003 and it is a DOMAIN CONTROLLER.
I have read that there is NO ASPNET account for a domain controller. In its place is the IIS_WPG account. I have given this account and the IUSR account FULL CONTROL.
STILL GETTING AN ERROR. ANY SUGGESTIONS??? , Thought that was already done....
Back to the drawing board... , Hi all
User activity screen shows history of logged-in users.
Is it possible to view only those users that are currently logged in ? not the all users that have logged in previously
thanks in advance
, Thankyou, that was very helpful, When I attempt to upload, it appears that the image uploads. I get a "Original Image Size 0 X 0 pixels"
they don't appear in the web pages, any thoughts? I am using VBscript to upload, my host has safileup but I am unable to use it in this script, thanks for any help
http://mcintoshcounty.org/real_estate/extras/server_info.asp
here's the site link
Never mind, had the path to the image folder screwed up , Flash files cannot track clicks unless you edit the original flash file to link to the aspbanner system redirect URL.. feeding it the correct ID of the banner.
When that link is clicked on it will then track the click and redirect the user to the “link url” specified for that banner.
The system actually generates the necessary ASPBanner URL for you. That link is shown on the banner edit screen.(you must save the banner at least once and come back to that screen to see the link though)
Really the best way to show it is with an example as seen below.
Basically the flash banner file "powerasp.swf" highlighted in green needs to be edited to link to the banner redirect url which is highlighted in red.... the banner redirect url will then track the click and ultimately send the user to the Link_URL highligthed in blue.
All banners systems work this way when it comes to flash files.
It’s the nature of flash and the web browser,
The flash source code must be edited to link to the redirect url in the ASPBanner system. There is no possible way any banner system can track a flash click unless the flash file links to the banner system 1st.... because that click is handled by Flash and the web browser.
In some cases if you do have the original source file for the flash banner then you are out of luck as far as tracking clicks goes.
On a side note... if you create flash banners the way this article says you can actually feed a .swf flash file a link for it to click to. Instead of it being hardcoded.
http://www.macromedia.com/resources/richmedia/tracking/desig ners_guide/index.html
This is really the way everyone should design their flash banners from now on because the url it links to can be easily changed at any time without editing the flash file source code. cwilliams38325.740162037, I did a google search and it turns out that error very well might have to do with ASP trying to send an email and that process failing.
That tells me your emailing from the application is not working so it is probably not something you edited incorrectly.
see this article...
80040211
http://www.aspfaq.com/show.asp?id=2026
Emailing was working as when I did your installation (I think I did it months ago, didn't I) so it must be some incorrect changes to your email settings in the admin settings screen. Try sending an individual email to a user from the admin users screen and see if it works. My guess is you will get the same error and means your email sending options are no longer correct or valid.
If that is the case I would ask you if you changed them or possibly something changed as far as your email setup goes. Passwords ? EMail Server .. etc etc etc , Attached is a SQL script to create the ASPProtect Database with the Option Pack Changes already applied. This lets you create the database in one step and you wont have to make the option pack changes as they are already there.
This only applies to people using MSSQL and doing a new installation.
This scripts are run via SQL Enterprise Manager.
You make a new database then run this script on it in query manager.
2004-06-14_180056_aspprotect_w_option_pack.zip cwilliams38152.7522569444, I just installed the software, but I can't find any place where I can see when users logged in, can someone please tell me where I can do this?
Thanks , I have no idea.. perhaps PM me info on how to log into your site and reproduce the issue., Hi,
We use ASP Protect 6.0 and the database is SQL Server. Our hosting company is charging a lot for daily and weekly backups for everything. Which directories/folders do we need to backup daily and weekly incase something happenes to the site and we need to restore and get the password-protected are that works with ASP Protect to get working. , ok, I just sent you a private message with download information.
replace you existing
"check_user_inc.asp"
"admin/check_admin_inc.asp"
"admin/email_user.asp"
with the new versions in the download
Do some testing to make sure that HANNAH password works ok for you.
Hopefully this cures the issue...
If it works ok for you for a while I will offer the fixes to everyone and start using this code from now on
BTW:
"admin/email_user.asp" had an unrelated bug in it that only happened if its error handling got triggered... it was posting back to the wrong page when that happened and causing an error , Anyway,
How busy your site is actually won't be the only factor. Really the application should not restart unless something happens. If the IIS application is reseting alot it could very well be the ISP restarting the server or doing IISRESETS as well or other sites on the server causing the application pools to restart.. etc etc etc Quality ASP hosting is important. Regardless your hosting company most likely will not admit to anything be out of the ordinary.
As far as that directory deleting itself on you.. I doubt they will have an answer for that one. All I can tell for sure is I didn't put any code to delete it in there. , here is a thread that may help you if this is what you were getting at
http://support.cjwsoft.com/code/moreinfo389-1.htm
, After taking another look at this and trying your suggestions without success, it appears that in Windows 2003 server it is nearly impossible to remove the READ ONLY attribute from the _database folder. I'm wonder if this could the cause?
Thanks , I would like to create a login form on the home page which will not be password protected to the site for members so that they can login right from the home page and not a password protected page like many sites have. And every portal I have seen.
Plus the login form looks really pretty and proffesional on the home page  ...
I can't find anything in the documentation that says how to do this or if it's even possible. Everything I have found says to password protect a page and then direct them there which isn't what I would like to do.
Here is the code of the login page which is an asp include file on the main page:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
</head>
<body>
<td><img src="images/a026.jpg" alt="" width="187" height="21"></td>
</tr>
<tr>
<td bgcolor="#EBEBEB"><table width="100%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td><table width="180" border="0" cellpadding="0" cellspacing="0" bgcolor="#AAAAAA">
<tr>
<td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
<td><img src="images/spacer.gif" alt="" width="178" height="1"></td>
<td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
</tr>
<tr>
<td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
<td bgcolor="#FFFFFF"><form name="form_login" method="post" action="">
<table width="100%" border="0" cellspacing="5" cellpadding="0">
<tr>
<td width="53%"><input name="textfield" type="text" class="style-01" value="username"></td>
<td width="47%"><a href="#" class="link-02">Forgot pass?</a> </td>
</tr>
<tr>
<td><input name="textfield2" type="text" class="style-01" value="password"></td>
<td><a href="#" class="link-02">Not registered?</a> </td>
</tr>
</table>
</form></td>
<td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
</tr>
<tr>
<td colspan="3"><a href="#"><img src="images/a027.jpg" alt="" width="180" height="15" border="0"></a></td>
</tr>
</table></td>
</tr>
</table></td>
</body>
</html>
Does anybody know what values I would put in the form to send the correct login to AspProtect. And, if I would have to add any extra includes or code to it.
TIA  , Is there a way to protect other virtual sites on the server that are not under the default web site considering people may have different websites running off one server? I get the following error:
Parser Error Message: Cannot use a leading .. to exit above the top directory.
Source Error:
Line 1: <%@ Register TagPrefix="aspprotect" TagName="checkaccess" Src="../../protectpage.ascx" %>
Line 2: <aspprotect:checkaccess level="4" groups="null" runat="server"></aspprotect:checkaccess>
Line 3: |
Thanks!
, Will do!
, 1st. Please understand you have to purchase two licenses to do such a thing as each installation will need a valid license purchased.
Moving on:
ASPProtect using a industry standard concept called "Forms Based Authentication"
This primarily relies on session variables keeping track of login status.
Each installation must be in it's own unique "IIS Application" so it will have it's own set of application and session variables.
That is often not possible with shared hosting plans as the server admins may not be willing to set a folder in your web as a separate IIS application. You would need to ask. It is going to depend on the quality of your hosting plan whether they do it or not.
technically it takes about 1 minute to open up the "IIS Console" and set up a folder in your web as a separate "application"
Based on what you are telling me that you want to do I think it would make a lot more sense to have one installation and one user database and customize your sites so ASPProtect users that are part of certain "groups" have access to things others do not or see things on pages other users would not. That is after all the entire point of Dynamic web sites and also why ASPProtect has "groups".
Then as far as the registration differences go you would make a copy of the users area folder area and manual customize it to register users in an alternate fashion than the main "users" folder. And then send people there if that is how you want them to register.
I don't support customizations but that is the gist of it. It's really not difficult work, but you have to be good with ASP., did you read what this thread says about that session variable for groups not be created by default
you have to add code so it sgets created before you can check it... this thread talks about that, look in the "check_user_inc.asp" file
try editing this part by hard coding the body info you want to use
Response.Write("<BODY" & Application("BodyTagInfo") & ">")
I would also suggest reviewing the generated source code in the web browser and examining the html to figure out exactly where the body tag info you dont want is coming from
, Adding Support For ServerObjects ASPMail
ASPProtect as you know does not support ServerObjects ASPMail component by default.
Here are directions to make it work.
In the ASPProtect admin settings area simply pretend as if you are using the softartisans sasmtp mailer component. ASPMail and that sasmtp component share the same properties… and the code used for them is nearly identical.
So search through the code for any place where email is sent and simply change
Set Mailer = Server.CreateObject("SoftArtisans.SMTPMail")
To
Set Mailer = Server.CreateObject("SMTPsvg.Mailer")
It is about 4 places. They are not too hard to find.
That’s the easy way to get all the emailing functions working with ASPMail cwilliams38419.7864351852,
Timecard Entry: 3/25/2006 1:50:16 PM
updated my tasks for the day and sent them to Tara, vermont internet site production, techcalls, online issues and Radlog, lunch, meet with greg to go over power layout and what he needs and finilize all so that they can start friday, email, talked with tim about vermont, called rackit to get a quote on racks enclosures for our servers, worked on specing out APC netshelters instead of rackit racks, find vendors of apc netshelters and price comparison them ... almost equal cost for imo better racks, Met with Jack Freislick regarding 401K Plan, HARBOR SPORTING GOODS ADDED NEW PHOTOS AND BUTTONS SOME LAYOUT ADJUSTMENTS, enter bills, On phone w/Tom about graphic changes and page additions to cantonpotsdam.org, Made text corrections and updates to Calender of Events and the Directory , TICC creatig phonebook ad, developing letterheads and other corporate identity materials...put on disk, production meeting, email, calendar and agenda for meeting which I left in the copier!, timecards, and other stuff, party planning, Started to develop a work order control form that can be tabbed through to fill out, Install Router and Setup PPPoE for WIreless, busy teching calls, move file cabinet, misc catch up, General Phone calls., Travel from NYC to Plattsburgh, Research questions re: ASP development, Meeting with Jeff W. on softmls servers, Checking out CJW's new vehicle, NOC duty,
| 
