Blog Entry: 3/25/2006 1:37:20 PM
Hello,
I dont know exactly how you go about that and it would really depend on a lot of things like when the ad started and how yu wanted t handle that. it would involve custom coding though, not a change in the database. , one more problem I see...
I think your login box on the main page is missing the hidden form variable
http://support.cjwsoft.com/code/moreinfo169-1.htm,
if it is your own XP machine there is no reason you should edit that config file manually.
simply set permissions on the data folder and all the folders in it and the application will write to the config files on its own... if you are having problems chances are you are not setting permissions correctly.. please read all of this
http://support.cjwsoft.com/code/moreinfo56-1.htm
if is not an XP machine (your post was confusing and I am not sure) then this is an article for 2003 server
http://support.cjwsoft.com/code/moreinfo136-1.htm
Most importantly whats the real error ? error 500 does not help figure out anything
http://support.cjwsoft.com/code/moreinfo11-1.htm
lastly make sure you go into iis and make that web its own application , Hi Chris
After turing off the delayed stats feature the internal errors have stopped and it still serves banners, although I havent checked the logs yet. I will and post any errors.
I left my test page up last night at say 11pm serving 4 banners of different sizes rotating every 15 seconds, now at 9am the page is just displaying 1. If I refresh the page they all reappear.
Regards
Colin , Connecting user is dbo of database.
User_ID is primary key with auto increment identity.
SQL Script of current table:
CREATE TABLE [dbo].[Security_Users] (
[User_ID] [int] IDENTITY (1, 1) NOT NULL ,
[First_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Last_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Company_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Username] [nvarchar] (75) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Password] [nvarchar] (15) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Access_Level] [nvarchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Notes] [nvarchar] (1000) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Admin] [bit] NOT NULL ,
[Active] [bit] NOT NULL ,
[Expiration_Date] [smalldatetime] NULL ,
[Email] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Address] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[City] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[State_Province] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Zipcode_Postal_Code] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Phone] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Counter] [int] NULL ,
[Last_Access] [smalldatetime] NULL ,
[Login_Limit] [int] NULL ,
[Custom1] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom2] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom3] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom4] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom5] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom6] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[ValidateEmailCode] [nvarchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Date_Created] [datetime] NULL ,
[Validated] [bit] NOT NULL
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[Security_Users] WITH NOCHECK ADD
CONSTRAINT [PK_Security_Users] PRIMARY KEY CLUSTERED
(
[User_ID]
) ON [PRIMARY]
GO , Ok nevermind that... i got by that wasn't paying attention...
The problem is even before this which i didn't know until now.
I placed the protect tag in a page i called members.aspx
When i go to this page is says ACCESS DENIED etc etc etc.
When i go to login to view this page i get the error..which i DIDNT know because i assumed it was working. This is the error im getting:
Server Error in '/MAP' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /map/users/aspprotectlogin.aspx
Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.42
btw it says /map because that is the subfolder within the root folder ,
ok, here's a test page:
http://www.galvinelectricity.org/download_link.asp
user: test
password: test
Our company just got new computers, so everyone here has the same set-up, all Dells, all about 3 weeks old, all Windows XP.
But I did realize after reading your post that I am using Firefox and everyone else was using IE. When I used IE, I was able to duplicate the error.
But, alas, I am unable to resolve it. Client will be using IE, no doubt.
, that variable comes from the settings acreen in the admin area. If you do not have it set properly things like what you are describing will happen., I am out of the server now and I have to get up early to help friends pour concrete in a huge building in 20-30 degree weather (woo hoo)
So I am going to take a break on this until later tommoro.
In the mean time try connecting to the access database with no password on it as well as the access 97 version that I put in the data folder... and see if it runs any faster...screens like the user screen should load fast... not after 15 seconds of waiting like they seem to be doing right now
If none of that helps which it probably wont I can set up the database for you here including the importing later tommoro when I am done pouring concrete
, Good Morning - I getting errors in my system log that says "404 file not found" for a number of files - Here are a few examples:
I ideas on how to fix this? Note: The system seems to be working fine, but I want my log files as clean as possible.
Thanks. shirley , I would like to have the ability to give a user 1 album with the default # of photos in it.
Is the best way to implement this to just add in an album creation
routine during the sigup/registration process and turn off the ability
to create a new album? Or is a user setting prebuilt into the
system for this?
, This is amazing. You replied to question within minutes. Thanks for showing such a professionalism.
, How to bring up the Code Generators
Simply go to the zones screen.
Select a Zone from the list.
Check the "Show Banner Code" option.
Click on "Display Banners in Selected Zone" ,
I was told by my ISP to use localhost and it should work and it does not. It does not require authentication to send e-mails.
Any other ideas?
Thanks , Do what it says so you can see the real error and then post that information here. It could be anything from incorrect permissions to whatever.cwilliams38454.4272916667, check permissions for the user you are connecting to the SQL database.
http://support.cjwsoft.com/code/moreinfo122-1.htm
That user may not have permission to make new data
Also, check all field and table settings manually by comparing them to the SQL creation script we provide. You may very well be missing auto increment and primary keys which would make adding new data not work.
It is most likely one of those two things. , I have accessed the "get_me_in.asp" page and entered the password encryption key. Once I entered it, I was taken to the ASPProtect Admin Area Login. It does not give me the option to create a new user as is described in the general installation documentation. How do I access the program now?, When using this code:
<!------- ASPBanner Ad code ------------->
<script language="JavaScript"> var code = '';
var now = new Date();
var nIndex = now.getTime();
document.write('<s' + 'cript src=" http://www.poconocommuter.com/aspbanner/injectbanner.asp?Ban nerZone=6&nocache=' + nIndex + '">');
document.write('</' + 's' + 'cript>');
</script>
<script language="JavaScript">document.write(jscode);</script& gt;
<!--------- End ASPBanner Ad code --------------->
I receive an error that jscode is undefined. The banner will not display.
Any ideas how to fix this?
, Chris:
I just got done trying it myself and it worked great for me too. I was aware of the security issue, but I'd already planned on using SSL for this particular call, as well as for the secured pages accessed through the normal process, so the bad guys will be kept at bay.
Thanks for the help. , I appreciate the offer to beta test... but its really more a matter of me getting it ready..
I have a lot done.. but a lot of things are hard coded to only work on my machine and some things have not been sorted out. Giving it to someone else to test would be a waste of time at this point as I they probably couldn’t even run it.
Lately the reason this project has fallen behind has all to do with my main webserver where I collocate.
1st it got compromised (we think by certain competitors who are always up to no good)... then windows 2003 server which I decided to go with on the new server gave me random problems... then the Cisco hardware firewall was acting up and making the sites run slow....then SQL server attacks on port 1433 from Korea when I took the firewall down....and as of the last few days I think the server just needs a new power supply. I swear for the last 2 months I have spent more time administrating my servers than working on code. Yesterday it was locking up every 30 minutes. There have been a lot of days like that and it takes up all my time until I get it situated. Especially since its over 100 miles to the collocation center. The APC unit I installed that allows me to remotely cut the power to hard reboot is a life saver.
Fun... I tell ya... and expensive.. (hardware, software, lost sales, and time) I am pretty much completely broke at the moment. It has been a very expensive few months.
But I like running my own servers... I run dns servers, email servers, sql servers, web servers.. I do it all. It's keeps me in touch with the latest software/hardware. Regardless , my servers ran well for years and they will again.
anyway.. hopefully I can actually get a new version of the photo gallery out before the month is over. It will probably be the last classic asp version. The version after that will most likely be ASP.net. cwilliams38295.6248032407, I wasnt talking about the date for a banner ad.. I was talking about the date field in the database for a USER if there is one (I dont remember if that app had date fields for user or not and I am not at a computer to take a look)
If you do not know how to directly open up and edit the database then yes you should just make a new user, Wonderful! Does it matter if I move the aspbanner logo, as long
as I keep it on the page? Or does it need to stay front and center?
Laura
, thats intertesting.. I have never heard of the concept until now..
I did a search for ASP examples or ASP components that can help with the process and just couldn't find anything about it., how you connecting... lets see the connection string...
could be permissions related too.. if they are not set correctly
(always give them to the folder, never just the mdb file)
Some of this might help...
http://support.cjwsoft.com/code/moreinfo11-1.htm
http://support.cjwsoft.com/code/moreinfo136-1.htm
http://support.cjwsoft.com/code/moreinfo56-1.htm
you may want to download some of the different versions of the access database from the support area and try connecting to them as you may have older odbc drivers on the server
You may also want to try to get ASPTest from our website working before you go any further , also.. you could try chaning your connection string to set the current language to english like in this example..
BannerConnectionString = "Provider=sqloledb;Data Source=127.0.0.1;Initial Catalog=aspbanner;User Id=aspbanneruser;Password=temp;Current
Language=English;"
I do not know if that actually works but from what I have been researching it looks valid and it may solve your problem.
Also: The value may need to be Current Language=us_english
You'll have to try them, This is what it says in that thread I pointed you to
This zip file contains 3 sets of alternate files depending on your situation. You simply replace your existing aspprotect v7.x files with these new ones.
I really dont see what is confusing about it. I think I explained it all in detail in that thread. , All of the fields with the expected paths show the correct file structure, so now I've put them in them in the boxes , Windows 2000 server you said ? Just checking on that one ?, What application you talking about ? I'll assume ASPProtect. In the future please specify what application you are talking about.
ASPProtect 7 already has protection that is quite effective. The no concurrent login feature which will not let the same username under a different ip log in at the same time. Meaning if someone gives out their info they will screw themslves over because eventually they won't be able to log in. Only one unique ip at a time can log in so even of 100 people know the info it won't really do anyone much good except the lucky one that logged in 1st and stayed logged in. The username/password will eventually become more and more useless as more and people know it.
In addition to that is is a good idea to monitor the daily logs and single out a user you see logging in a lot. The more ips you see for that user the more chance it is multiple people logging in and you should take action. , thx for posting this..
Just a few notes... more than 100 pictures specified in the config file is not supported. You are of course on your own if you specify more than 100
Also, technically the post above should say more than 102 pictures... "I think" as you wont need more html cell code until then..
The loop in the code is probably how I should have done it in the 1st place but I was in a hurry to get this finished and I also never expected/wanted anyone to specify more than 100 pics per album.
Lastly.. depending on what style you are using in the config file the code above may not work as some of the styles do not use cells but line breaks instead.. At least from what I remember. cwilliams38306.7506481481, ok, here is what is going on
you are password protecting an ".asp" page that requires querystring info to run correctly (example - "somepage.asp?ID=3"")
that is something I never intended anyone to do.. while it does handle and repass the querystring info along during successful login it does not re-pass that info during a failed login as you have found out
this is all by design.. the only reason the system re-passes the querystring info at all is because I wanted to make it smart for the sake of the remember me/cookie feature.. so if someone was using that and bookmarked a page deep in your site with querstring info...then when they went back to that bookmark they would get authenticated and still see the page as intended with the querystring info in tact
it was a nice feature never intended to handle any situations other than what I just described...
now...
notice the url in the browser after failing a login.. then logging in successfully.. it is missing the querystring info
that more than anything is what is going on.. browser caching can cause some confusion when dealing with this because the browser likes to return you to the page minus the querstring info... when that happens a simple browser refresh at that time may very well solve the problem and then you see the page you are supposed to see...
To avoid all of this...
One solution to this is to always start people logging in to an ".asp" page that has no querystring info. That way this won't happen. Once they are logged in you can then offer them links to the pages they need to go to. (you of course still want to password protect those pages)
Another solution is to log them into a page with no querystring info and then do a response.redirect to the page with quersytring info.. thus accomplishing the same thing but without the possibility of the issue because of a failed login.
Another solutions is to do checks in your asp page for missing querstring info.. and if it isn't there do something about it like send them somewhere else.. or display a message about there being an error... etc etc
So,basically you don't want to tell people to login into such and such page with querstring info... and providing a username and password..... You can do it but like you found out it can cause an error if they mess up logging in the 1st time. The system just was not designed to handle that. There are complex reasons for that involving security that would just take me too long to explain.
I hope this makes some sense to you.. it is very hard to try and explain , I guess i am not being clear as to what i am trying to do. As far as the event thing... lets hold off on that for now. It seems Chris has answered my question and i am on my own for that one...
As far as the log in goes: I went to that site you mentioned;www.CafePress.com to see if they had what i was talking about. and they do. Notice on the bottom of the page it says "sign in to your account"
I want that option on my home page where users can sign in to go to their account. It will either take them to a page where they can update their info, or it will take them to a protected page. Pretty much instead of posting a link on the site to say... click here to go to members.aspx and have it return an "access denied" the user can enter their info from the main page and be automatically re-directed to that members.aspx page.
I know how the viewstate works and i also know what that returnURL thing does..pretty self-explanitory.
Hopefully that makes things easier. I just want a user to log in from the homepage and be redirected to either a protected page or their account page...
(as does that cafepress website) , Will do!
, Hi,
I have a question re ASP Protect, I have got it up and running on a dev server which also hosts a e-com engine (ASP / Access), when users check out they are presented with the e-com log in screen (which is sharing the same ASPP_User table). All's well and registration and editing user details is fine both in the Admin section and the front end of ASP and if I request an email reminder from the ecom scripts I get back the encrypted password.
I'm using <% = Session("Email") %> and <% = Session("Password") %> to populate the fields on the ecom log in page so users can click though and progress, the checkout process needs the username/password, all user info shows up ok, however, when I proceed with these credentials, it doesn't work, even though I know these to be correct and even without requesting a password reminder and using the one that gets me in everywhere else, I still can't get through? do I need some code re the crypto so the ecom can decode??
Any help would be great - I've been on it for about 10 hours, and checked through the posts here but can't fathom it out?
Thanks Craig , New Version 8.1 Released
Whats new..
http://www.aspbanner.com/v8_notes.asp
Upgrade Instructions...
Upgrade at your own risk. Though we try new versions are not always perfect due to minor bugs we may miss.
Back up your old setup so you can revert back if necessary..!!!
Save your data connection string info in a text file so you have it.
You can get that by viewing the system info page in the admin area.
Carefully copy all the ".asp" files from the new version to the old.
Your going to want all the .asp files in the aspbanner folder.
Your going to want all the .asp files in the aspbanner/scripts folder
Copy the aspbanner/images folder because there are some new images
Be sure to also copy the "data/config" folder files.folders as well as a lot of that is new including the actual config file. If you dont get the new config file copied in there you will have problems later on with some of the new features.
Be sure to create a new folder in the "data" folder called "tempstats"
Make sure it has proper permissions if you plan on using the delayed stats feature as the stats gets temporarily stored there.
Go back to the area where you originally setup the data connection and do that again...
From the web browser run the following URL
http://yoursite/data/config/aspbanner_unlimited.asp
Replace "yoursite" with the proper url info relevant to your web site location.
When run via the web server that page will ask for a password. By default it is "temp". You should change it later on for security reasons. That page tells you how.
Now... moving on..
There were no changes to the database except for SQL Server users so you can use your existing database.
SQL Server users that want to use the new stored procedures feature (it's optional) will need to update their SQL database with the stored procedures.
Scripts to do that are provided.
ALSO: I have been running this new version using SQL Server Stored Procedure mode for a 1 week on a special banner server that serves banners to many of my own sites. I have also been using the new Delayed Stats feature.
All I can say is it is running like a champ and the SQL server is using less memory than it ever did before.
cwilliams38291.7372800926, You may be interested in this. I just put it together real quick like.
http://support.cjwsoft.com/code/code_info.asp?TID=454&PN =1&TPN=1 , All this being said installing the desktop version of SQL may be a little tricky as it may complain that your SA account needs a strict password.
The solution is to run the SQL Desktop setup.exe with some parameters specifying a password for the SA account.
So you go to the command prompt or make a shortcut to the setup file and run something like this
setup.exe SAPWD="YourPassword"
minus the quotes...
I got that info from this article and it worked fine
http://www.experts-exchange.com/Databases/Q_21036508.html
The other thing to remember is it might take a reboot to actually see the SQL server icon running in the taskbar. You may also need to go into the administrative services and enable the "SQLSERVERAGENT" as well as set its startup type to "automatic"
And a reboot here and there..
Whammo... your in business... , no, its part the concurrent login checking system.
currently when that is on logging off does not come into play..
(pretty much because it is such a complex system I wasnt able to make it quite that intelligent this time around)
when concurrent login checking is enabled the only way to log in again at another system with the same username and with a different IP is to wait till that time period is over
sorry
as you may recall it was rush feature at the last moment before I got version 7 finished. Hopefully I can improve on the feature in the next version but I dont really see it as being a big issue at the moment. Sometimes when you want maximum security you have to make some tradeoffs and that is why the feature is optional. , FYI:
The articles you references were read over by me like 3 hours ago... way passed that and prob. in deeper sh*t than i was since im trying everything possible without knowing the true reason this is not working. , it makes zero sense really... in the 4 years we have sold this application this is really the weirdest thing anyone has had happen..,
Timecard Entry: 3/25/2006 1:37:20 PM
Working with servers. Checking e-mail. Supporting customers. Meeting with clients., Organzing recent orders. Co-ordinating w/ Randy, Had a good number of calls today... did dial up issues and callbacks on expired users., Watertown School District - Add security customizations to events calendar (so schools can only enter and access their individual events). (billable), Inspect Hepburn Medical router to see what may have gone wrong the day before. Setup traps and cleared counters to monitor later., KoffeeKove - adding user admin interface and upload manager component., proposal for scholastic structures- faxed to christine, biz fair prep, fix nnyads.com, Setting up virtual domains. Working on switching a couple of domains over from IMC to GiSCO., helped a user reply to emails. a few normal calls. called back a voice mail, Went to TI-Central and fixed MDAC driver problem. Bill for 1 hour., travel from Syracuse to Watertown 76 miles, Reset modems., reconcile billing, Worked technical support with customers , tech support supervisor dutied and helped techs with issues, greeted visitors to our building, callbacks, follow ups ,emails (dsl issues), and went to view the ribbon cutting, radlog, ask us a questions, dial up issues,, recieving and installation of new equiepment, Not overly busy this morning. Duties:quality checking sign ups, cancellations, callbacks from voicemail. checking billing, emails, taking sign ups, reports, answering phone. , timecards, to N.Law - 165 Miles, Jreck's, Applebee's, email, voicemail, prepared printed material and survey for user group meeting tomorrow morning at BOCES, Met with Paul from severence photo- demo of wireless will follow up next week to set up trial at his place and bring in Quote, generic NOC duty, email and newsgroups, General corporate, billing meeting, Checking and resetting open modems., busy morning,
|
