Blog Entry: 3/25/2006 1:49:12 PM
Hello
I have a strange problem with the thumbnails in the ASPClassifieds.
If i upload some pictures in an ad, the 2nd picture always shows with an x, as the picture doesn´t exists. But if i click on the 2nd thumbnail, the picture shows okay. I haven´t changed enything from the original code.
Does anyone have any idea, where it goes wrong ?
With best regards, Erling Larsen , I would like to create a login form on the home page which will not be password protected to the site for members so that they can login right from the home page and not a password protected page like many sites have. And every portal I have seen.
Plus the login form looks really pretty and proffesional on the home page  ...
I can't find anything in the documentation that says how to do this or if it's even possible. Everything I have found says to password protect a page and then direct them there which isn't what I would like to do.
Here is the code of the login page which is an asp include file on the main page:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
</head>
<body>
<td><img src="images/a026.jpg" alt="" width="187" height="21"></td>
</tr>
<tr>
<td bgcolor="#EBEBEB"><table width="100%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td><table width="180" border="0" cellpadding="0" cellspacing="0" bgcolor="#AAAAAA">
<tr>
<td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
<td><img src="images/spacer.gif" alt="" width="178" height="1"></td>
<td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
</tr>
<tr>
<td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
<td bgcolor="#FFFFFF"><form name="form_login" method="post" action="">
<table width="100%" border="0" cellspacing="5" cellpadding="0">
<tr>
<td width="53%"><input name="textfield" type="text" class="style-01" value="username"></td>
<td width="47%"><a href="#" class="link-02">Forgot pass?</a> </td>
</tr>
<tr>
<td><input name="textfield2" type="text" class="style-01" value="password"></td>
<td><a href="#" class="link-02">Not registered?</a> </td>
</tr>
</table>
</form></td>
<td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
</tr>
<tr>
<td colspan="3"><a href="#"><img src="images/a027.jpg" alt="" width="180" height="15" border="0"></a></td>
</tr>
</table></td>
</tr>
</table></td>
</body>
</html>
Does anybody know what values I would put in the form to send the correct login to AspProtect. And, if I would have to add any extra includes or code to it.
TIA  ,
I really do not know for sure, but I imagine there are customers using their windows hosting. Usually I do not know what hosting company a customer uses and I am usualy the only one that responds to forum questions.
Why not download the current Free lite version and try it out ?
CJW
, Thanks Chris.
Your solution worked! , also.. every once in a while I get some nervous person concerned about security... and the pros and cons of having parent paths enabled.
etc etc etc
so let me add this bit of info..
I don’t know what your hosting company will say because it is an iffy topic and those that understand it have a hard time explaining it to someone who doesn't. Also usually the hosting company doesn't have a clue except they heard it was a security risk.
Here is the low down from someone that really understands it...
(well, at least I think I do)
The only real security risks are from YOU and possibly other people hosting on the same server if they have parent paths enabled that is.
Meaning your site visitors can't possibly do anything with it unless of course you let them upload and run their own asp files to the server.
Anyway.. if YOU run malicious asp scripts you could potentially attack other sites on the server and look at things you shouldn't. As could other sites on the same server do to you I suppose.
So, unless you plan on doing that or some other site admin on the server does it to you its not really a concern. Just an advantage in coding abilities.
If you attack someone elses site on the server or lurk where you shouldnt then you are probably violating your hosting agreement.
99% of the time everyone gets all nervous over nothing.. half the people nervous about this have sites nobody would ever want to hack anyway.
Many people with a really important/busy sites are going to have a dedicated server somewhere so the setting is not relevant..
The hosting companies of course have to warn you.
This setting was enabled by default for years on IIS4-IIS5. I never once heard one single real story about anyone attacking anything because of this setting. That doesn't mean it doesn't happen but I am just telling you what I know.
This is all my opinion so take it for what it is...
If you are a Hosting Company your better off turning it on at the customers request, giving them a warning about it, and in turn having happy customers.
The big hosting companies like Alentus and MaximumASP do it...
There are far worse things than this to let people do after all.
Beleive it or not I have actually been in servers where they gave the anonymous webserver acount modify permissions EVERYWHERE yet they disabled parent paths ???? cwilliams38391.6024189815, This is what "John Evans" of CJWSoft has to say on the matter...
"I think that’s pretty much impossible. If the server sees a .JPG or .JPEG extension why in the world would it go and try to read it or do anything with it.
I believe there may have been some issues with Outlook and Outlook express that made it look like a vbs script sent as an attachment was actually a JPG because someone found an exploit in those programs and it would appear as if double extension files were one thing when in fact they were not.
Having a real time virus scanner on the server (which any good host will) should also catch anything infected being built on the server drives as the file uploads. Always worked for me and I had a lot of people uploading ZIP files on winxptheme.com at one point. Many had viruses in them although I suspect it was totally innocent on the end users part. Some people didn’t even know they had a virus on their rig.
Fact is anything is possible but I think chances of getting a virus or being hacked in some way from this sort of upload are really slim."
cwilliams38447.0602083333, check the action for the button in the code... its probably not posting back the the right page which should the same page it is...
I bet ya it is posting to guestbook2 which is the wrong directory... an old mistake I forgot to correct... cwilliams38310.6540046296, no the "expected path" is something that gets generated for you if you have parent paths enabled. to help you fill things in correctly...
basically if parent paths are enabled it shows you what the path should be for each path field on the settings page... if parent paths are disabled there will be nothing to the right of expected path for technical reasons (lack of being able to do a "../../" to figure out the paths more or less)
in that case there is a file called "expected_paths" in the data folder that you can run to tell you the expected path info
, Is there a simple way to upgrade from 7.x Lite to 7.x Full? I was testing out the software and I just purchased it. I have made some look and feel changes to the lite version (ie: login page), but no look and feel changes to the admin section. Is there certian files that I can add to have the full version without shorting myself features or functionalbity?
Thanks , Hello,
If you are using ASPProtect Version 7 it is possible because version 7 supports html emailing. In any other version it would require some custom coding to add html email support. You would have to sort it out by experimenting and editing the emailing code. All the email methods have documentation on the web in some form or another showing how to send html emails.
Also,
sometimes depending on the email component being used and the email client reading the email a link in a text based email will get hyperlinked automatically. For example outlook usually will do that, but it doesn't always in other situations.
Lastly, we have special upgrade pricing should anyone want to upgrade to ASPProtect Version 7. It really has a ton of great features.
Best Regards,
Chris Williams
www.CJWSoft.com cwilliams38415.6414236111, Good Evening,
I have been trying to log into my site using the protected pages comments you have in support. I have copied the code in the ASPprotect 7 guide.
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
and pasted it in my page, set the the IIS to open this page and the page will not open it and the page will not open and the error is
Error Type:
Active Server Pages, ASP 0126 (0x80004005)
The include file 'check_user_inc.asp' was not found.
/olem/reldt/introduction.asp, line 3
When I remove the two lines of code everything goes normally.
I have aspprotect in its own directory in the website. I have read the installation several times and I am afraid I am missing something blatently obvious so I really appreciate you thoughts.
I am presently using redirects. I like not haveing to use them as your comments have suggested. I have pulled all that code from the pages I desire to protect during this test.
I have three test users in my database - 1 administrator
Any suggestions?
Thanks and best regards
, Wonderful! Does it matter if I move the aspbanner logo, as long
as I keep it on the page? Or does it need to stay front and center?
Laura
, Than you 
I'm happy after changing to XML parser for two of the ads. Later I'll change the other codes to XML, never to use iframe again! , This has not been officially released yet, but it is ready.
Here is the overview...
http://www.aspprotect.com/demo3/paypal_signup2/overview.asp
And the Code for the IPN Subscription Pack is 30.00.
http://www.aspprotect.com/ipn_subscription_support_pack.asp
A few people are using it and say it works very well.
Like the IPN Single Purchase System it is a separate directory you copy into the web site. One change must be made to your database so it’s pretty easy to get working.
Though I am not guaranteeing this you should be able to accept Single IPN payments and IPN Subscriptions at the same time without the two bothering each other. I haven’t tested it but one customer is doing it and said it is working fine. It just involves manually specifying the IPN URL for one of the systems so it overrides the default IPN URL on your paypal settings. (As each system needs its own IPN URL) Its easy to do… just a form field you would add to the subscription form. I already looked it up. See below.
Specifying Your Notification URL
If you only need to receive your IPNs at a single URL, you can enter that URL in the Preferences section of your Profile. If you would like to receive payment notifications for different payments at different URLs (i.e. if you need to separate payments made to different websites you run), you can manually pass the IPN URL with each payment by including it in that payment’s HTML code. Use the notify_url field to pass this information. The notify_url for a specific payment will be saved, and any subsequent updates to that payment (e.g. cleared eCheck) will be sent to that notify_url. When you pass a notify_url in your HTML code, it will override any preferences you set in your Profile.
Anyway.. the Code for the IPN Subscription Pack is 30.00.
http://www.aspprotect.com/ipn_subscription_support_pack.asp
cwilliams38342.8775578704, You really should just look at the documentation that came with the application. It tells you everything you need to know.
it is in the docs folder in html format.. it is also linked to from the aspclassifieds website
http://www.aspclassifieds.com/demo/docs/ , The random password is generated during signup and the function that creates it is located on this page of code.
users/register.asp
it looks like this
Function RndStr(Length, UseChrs)
If IsNull(UseChrs) OR (UseChrs = "") Then UseChrs = "0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&*()_+=-"
NewStr = ""
Randomize(CByte(Left(Right(Time(),5),2)))
For gpIndex = 1 To Length
NewStr = NewStr & Mid(UseChrs, Int((Len(UseChrs)) * Rnd + 1), 1)
Next
RndStr = NewStr
End Function
For example go to this page and hit refresh and watch the password change.
http://www.aspprotect.com/demo2/users/register.asp
Yes, sometimes if you hit refresh quickly over and over you'll get the same password, but not generally. Also that is not something that would happen normally as a user isnt going to sit at that screen and hit refresh over and over.
Anyway... when signing up the new user of course has the option to change that password to something they would like better...
As far as... "selecting the same user name and password every time"
I need more information. That does not make sense for a lot of reasons.
Most importantly because usernames are not generated. The are inputed by the user during signup. They are then checked to ensure they do not already exist before the user is allowed to complete their signup.
So under normal circumstances there can never be duplicate usernames in the system or even users with duplicate emails as that is checked as well.
Now of course if you edited the code in any way it is possible all this is not working correctly ?
cwilliams38164.8059143519, I have sent an registration email (as test) to both a yahoo account and also my own email server and in both cases I get the same issue, all else is working great. I am sure its somthing simple, perhaps I am over looking somthing else. the site url is www.rochestertek.us/asp/users/register.asp if this helps
Again thanks. , Hi,
I don't see any good reason to rename any of those files.
Changing them though may involve changes to the code recompiling, etc etc... it is not something I support. , you can not limit image size using the pure code upload method. Its not possible using a pure asp method that I know of.
You would have to be using one the supported commercial upload components and edit the upload code accordinly to limit upload sizes (you would do this by looking through their documentation and samples) I didnt include any support for upload file size limitations with the supported 3rd party upload components because in my testing I found it problematic with all but aspupload from persits software. (I have example coe for that component I can provide that limits the upload size and seems to do it well) I am sure it could work with safileup and dundas as well but I gave up trying.
As for image resizing..
Image resizing requires the use of one of the supported 3rd party image resizing components. You didnt mention if you are using one or not. If you dont have one available image resizing is just not possible as asp can not do that on its own. , Perfect. Thanks buddy :) eeye38433.0629976852, Thanks and glad that fixed it.
You can review this software at http://www.aspin.com/func/review?id=4952510
That being said, ASPIN has a lot of problems with anonymous reviews so if you can please sign up with them and post an Authentic review as they carry a lot more weight. Authentic reviews involve responding to their validation email so when doing so use a real email address that you regularly check.
And sorry I made you use the forums, but as you can see this is exactly the sort of thread that will help someone else later on.. and that is why I require people to use the forums now instead of just email support. That way the conversations are out in the open where they can help everyone instead of buried in my outlook where no one will ever see them. And of course if information is sensitive you can always do a Private Message as you did earlier.
It is all about creating a knowlegebase of valuable information. , recent activity infomation is temporary and mantains itself per application start up.. when the web application restarts for whatever reason the info is reset
a reboot, an iisreset on the server, application pool restarts, etc etc
this is done because if that info was saved in the database your database would get huge real quick
logfiles however do not do that and are permanent , far as I can tell it does... that session abandon thing called in the logoff page should be enough to cover everything
once thing to be careful about
If you log in.. then log off... then go back to a page and do a refresh... you may in fact be reposting the username and password from before.. thus logging yourself right back in
Perhaps not.. all depends on what your doing... but it is something to be careful of when testing cwilliams38341.7390509259, ok, now were getting somewhere
I didn't know you imported from another system,
chances are you are missing field information that an ASPProtect user requires.
Start off from scratch with a new aspprotect database... create a new user and look at the info that gets entered by default for every field in the database
make sure when you import a user that you mimic it all
dont import directly using access because the passwords will not get converted to encrypted versions of themselves correctly.. and the whole process will be usesless as no passwords will be correct
Use the import feature built into ASPProtect.. because it is smart enough to take the clear text passwords and encrypt them accordingly
if you want to know a correctly formatted import file needs to look like make one and check it out
do one user at a time and make sure you can log in to an example protected page till you get it right...
once you get that working do them all
Thats really the best advice I can give you. , I was able to get it all figured out. Thanks a lot for your help, I really appreciate it. I ended up copying the database with the password to the directory and used the user/password connection code and it works great. I believe it was related to that but I cannot be sure. Thanks again! , ASPProtect version 6 does not officially support any sort of redirection or is it a feature.
You can however do redirection after login with some basic ASP if-else statements and ASP redirects. Basically you check the session variables after successful login and send users where based on that info. You of course also need to protect any pages you send users to and make sure any people that aren't supposed to go there do not go there directly and bypass your security.
I highly frown on Redirecting during login (In my opinion it is poor site design and it defeats the purpose of dynamic web pages, there is seldom a good reason to even need to do it if you design your site well) but you can check out this thread which should give you lots of good information.
http://support.cjwsoft.com/code/code_info.asp?TID=17&KW= redirect, and the permissions, how exactly were they set ?
I find a lot of customers think they are setting permissions correctly when they really are not. That's why I wrote that long article on the subject.
As you probably know a data connection is a very low level thing. It is the foundation of any ASP application that communicates with a database. Unfortunatly it sometimes takes a while to get the hang of setting them up without issue.
Everything must be perfect.. the ODBC drivers must be up to date, folder permission are critical, sometimes you must use a new version of the access database.. etc etc etc The errors and things that happen when all these things are not perfect and not helpful as you have found out.
I would suggest you download and get ASPTest from CJWSoft running before you go any further. It is designed to be as simple as possible and helps get a hang of the database setup process. , the reason being is because when I do installs I do not touch any of your existing content. I only install the base application and make sure everything in it working correctly and also that the example protected pages are working. I do not integrate it with your existing site or edit any of your existing web content. That is up to you
sorry about that, but it would be way too time consuming and editing people's existing pages is a good way to cause a lot of headaches for me and the customer if something goes wrong. Not only that but everyone uses the system differently and it wouldnt make sense for me to be the one doing that based on access levels, groups.. etc etc which will all be custom to how you want things set up.
more on installation policies here.
http://www.cjwsoft.com/installation_service.asp
, I believe that solved the problem as I have not heard from this person since I sent him the code., Yes, thats cool.. post it here for sure.
Also, the way you allowed for your search engine is clever and probably was the easiest way to go.
You could do the same thing with the IP. Much easieri than the way I was thinking of doing it.
, Permissions and Folder Locations
By default and to keep things clean we store everything in folder called "data"
That folder then has it in 4 sub folders
database (where the .mdb and temporary .ldb files are handled)
export (where the aspprotect export files are saved)
logfiles (where the aspprotect logfiles are saved)
user_pics (where the user pictures are saved)
Doing it this way makes it very easy for a system administrator to right click on one folder and set permissions for that folder and all of it's child folders.
Now, that being said.. you do not have to use these folders.
For example if you already have a folder in your web with modify permissions for the anonymous webserver account then you can use that one folder to store all of the 4 things above.
You'd simply edit your data connection string to point to that folder and then edit the other paths in the settings area of ASPProtect.
We did it that way so you would have options in case your hosting company was being difficult with your ASP hosting needs. cwilliams38403.6837962963, I see what your saying.. its just hard to troubleshoot something when a lot of changes have been made.
Did you test things before you started modifying the code ?
If its SQL server it is very important that the database was created with the provided SQL scripts., I have never heard of such a thing...
If the settings are enabled for the web it should work.
That is, as long as your include file syntax is valid.
I run my own windows 2003 server (you are on it now) so I should know
for troubleshooting
try a very very simple example... like a file in a folder.. with a server side include to a file under it
and see if that works
use real simple asp files with nothing crazy in them... and an include like this
<!--#include file = "../myfile.asp"--> cwilliams38434.5388773148, Hi Chris
I've just recently purchased ASPBanner and have been testing out serving multiple Tradedoubler code using the IFRAME method. I have four types of banner on the same page refreshing every 15 seconds. (this will change on the live site)
I've been leaving the IE page up for x hours and coming back to find between 1-3 of the banners has stopped and in place is an "internal error".
BannerZone=3&Refresh=15|40|800a0046|Permission_denied 80
I thought it may have been the SQL permissions from one of your other messages so I gave the banner user the DataReader and DataWriter permissions.
Its still happening and around the same time in the logs theres a couple of file not found errors.
BannerZone=2&Refresh=15|23|800a0035|File_not_found 80 - 80.65.240.159
BannerZone=4&Refresh=15|25|800a0035|File_not_found 80 - 80.65.240.159
BannerZone=1&Refresh=15|25|800a0035|File_not_found 80 - 80.65.240.159
Any ideas? I'm hoping its not the server as there is currently only 2 sites on it and this is pretty much the only traffic.
Thanks
Colin , Running in parallel for testing is actually a smart way to do it, but the truth is you don't use anything from version 6 except the upgraded database (we have a tutorial on how to upgrade the database)
Version 7 was a drastic change /rewrite to all of the asp files that come with the application. So you will be starting out with fresh version 7 ".asp" files and folders... You will also find that once you get version 7 running that editing certain things like the look of the users area and the login screens is much easier to do.
That being said any of your own ".asp" pages that you protect use the same protection code they always did, so there will be no drastic changes needed there when you do finalize the upgrade.
If using MSACCESS as the database I suggest installing the application somewhere in your web and using a fresh ASPProtect 7 database. Once you are familiar with the setup and everything is working fine. Attempt the database conversion and when your done stick your converted database in there and see if everything is ok.
Also, if you already purchased the application download the latest version before doing the install. It's the same download URL. If you don't have it email me and I can hook you up. I have added some new features and fixed a couple minor things since it's release.
So far the feedback on version 7 has been awesome.. cwilliams38414.0133680556, Additional Information.
A set of these variables get created for every user that logs in to your site.
For performance and memory conservation reasons some of them can be turned off and are optional.
If you look in the "check_user_inc.asp" file or the "check_admin_inc.asp" file you will see a section of code like this
' Start of optional session variables to be set
' Recommended that you remark out any of the session variables below that you don't really need to use
' This will save a lot of server resource because every user logged in has a set of these
' I added some code here to not create these if they are empty
If CmdCheckUser("First_Name") <> "" Then Session("First_Name") = CmdCheckUser("First_Name")
If CmdCheckUser("Last_Name") <> "" Then Session("Last_Name") = CmdCheckUser("Last_Name")
If CmdCheckUser("Company_Name") <> "" Then Session("Company_Name") = CmdCheckUser("Company_Name")
If CmdCheckUser("Email") <> "" Then Session("Email") = CmdCheckUser("Email")
If CmdCheckUser("Address") <> "" Then Session("Address") = CmdCheckUser("Address")
If CmdCheckUser("City") <> "" Then Session("City") = CmdCheckUser("City")
If CmdCheckUser("State_Province") <> "" Then Session("State_Province") = CmdCheckUser("State_Province")
If CmdCheckUser("Zipcode_Postal_Code") <> "" Then Session("Zipcode_Postal_Code") = CmdCheckUser("Zipcode_Postal_Code")
If CmdCheckUser("Phone") <> "" Then Session("Phone") = CmdCheckUser("Phone")
If CmdCheckUser("Custom1") <> "" Then Session("Custom1") = CmdCheckUser("Custom1")
If CmdCheckUser("Custom2") <> "" Then Session("Custom2") = CmdCheckUser("Custom2")
If CmdCheckUser("Custom3") <> "" Then Session("Custom3") = CmdCheckUser("Custom3")
If CmdCheckUser("Custom4") <> "" Then Session("Custom4") = CmdCheckUser("Custom4")
If CmdCheckUser("Custom5") <> "" Then Session("Custom5") = CmdCheckUser("Custom5")
If CmdCheckUser("Custom6") <> "" Then Session("Custom6") = CmdCheckUser("Custom6")
' End of optional session variables to be set
If you do not need a particular variable to be set as a session variable simply comment that line out with single quote.
If you have an extremely busy site with a lot of users this is a good idea. If not, you probably don't need to bother doing this. I added some code in there so they will not be created if they are empty and that alone helps out a lot. cwilliams38419.5459606481, Just installed sofware everything works fine except I see no way to upload any photos. There is no reference or link to allow an upload on any of the asp pages (I have surfed them all). I am sure it is something simple, but I am not aware. I am using SQL2000., That's because when the page rebuilds, it uses the default number of
users per page setting. You'd have to modify that default setting to
have it do things differently. I used to have mine set to 500
users, until I got past 300... then it wasn't fun to show all users on
the page anymore. I now like 10 per page and searching for
specific users as needed.
But that's me. If you hack a COPY of your default.asp file (with the
original backed up as above), you can get the value set to one you
prefer.
If you want me to find the value, post and I'll look for it later on.
If you want to find it yourself, happy hunting! Just be sure to have a
backup in case you do the wrongest thing possible in your haxxoring.
, How to bring up the Code Generators
Simply go to the zones screen.
Select a Zone from the list.
Check the "Show Banner Code" option.
Click on "Display Banners in Selected Zone" , Along with being able to set an expiry date or number of impressions, is it possible to add another option for a banner to be "non-expiring"?
With our current ad software (which we are transferring all data from to ASPBanner), we run banners for both paid advertisers, and for our own services. The banners relating to our own services, we would like to set to "non-expiring" so they appear all the time. ,
Timecard Entry: 3/25/2006 1:49:12 PM
bounced checks , On phone w/Remington about images sizes/auto password generation for new members., Tim, Spoke to several customers about wireless Prepared brochures and folders/powerpoint for Wadhams, Checking expired accounts, Read and reply to email, did a signup and a reactivation. did some callbacks. had a few general questions, fixing a imc-net domain for Lisa Hunneyman, customer had about 4 websites going in various directories (bad setup done a LONG time ago. Consolidated them into one website for the customer., steady morning. , TI Comm Team Mtg, Talking w/ Betsy Lamond regarding CSG, Meeting for UML and Vermont Internet presentations, create demo graphics for SUN and SHIELD web site for Tim, trained by alan, trained by ben, did rad logs, helped a user that could not surf, Interview w/Jeff, Ron & Doug Keister., Bell At'l - Snacks, ASP Self-study, more setups. helped a few people that were getting disconnected, CG tables, Lunch, Answered phones for a little while, not that bad. Researched the Love Bug fixes a little, and any variants of it, didnt find much more than we had been forwarded already. Studied a little NT Workstation, cleaned up my desk, someone spilled something on it... yuck. General straightening up., Responding to Emails, phones, dial up issues, busy, Working on Mary's new computer to set it up to print invoices, adjusting the spacing of the invoices and helping Crispin, Tim and Peggy get situated in new desk, Steve and I are going over my MBO's for SOftMLS2 and deciding the priority of which we need to start working on certain things., Printed timecards, Realtor.com export for www.nnymls.com site... Invloves creating the export files and picture.zip files and ftping them to Realtor.com, lunch, tech support had to stay 1/2 hour later to help nate out a bit with the phones..
took a couple calls from 3:30-4:00,
| 
