Blog Entry: 3/25/2006 1:49:22 PM
I believe what happened is we received the older copy of ASP Banner iwht our purchase of ASP Protect and were notified of a free update to download aspbanner_unlimited_v8.2_feb_26_2005.zip which we did, and that's the one i recently put on our site.
Sounds from your reply that something technical is going on to the point where I will have to hire one of our Web consutants to dissect for us. We'll try again and track our issues and send another request for information when we can show you a specific example of what is happening. I'll be in touch.
, thank you for such a quick response -- It sounds straight forward - so I should be all set. Thanks again.,
Yes, I created it using the scripts.
, I really need more information.
Connection strings being used ?
How have permissions for the database folder been set ?
etc etc the more specific the better
You also may want to download ASPTest from our main site and see if you can get that running.
I would suspect your problem relates to the databases having a password set on them. Probably the ones you connected to didn't. It complicates setting up a connection correctly (especially a dsn) but there is a good reason for it as it adds a little extra security.
And of course my detailed article on the error.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=27& PN=1
, does emailing work at the simplest level.. ??
meaning does a user get an email when you send an email from the admin users screen ?
if emails are not sending it could very well be the setting you have chosen for emails in the settings.
the best thing to do is keep trying to send an email there and try different emails settings until you get something that works... even when I do installs for people I often have to try a lot of various things before I get emails to send.. like picking different components and trying different things for the email server address because what they tell me is often wrong
also, sometimes emails get sent but depending on where they go they may get deleted as spam.. aol, hotmail, msn, and yahoo are famous for that , I've been working on it for quite some time.... doesn't seem to be working as of yet :(, I have been working on this. 2Checkout is like the most confusing and worst payment processing company on the planet. There are things about that page I just don not understand as many times as I read through it.
Doesn't seem like this stuff is mandatory just yet. (I asked)
I should have something soon.
, (Password Expiration Mod) for ASPProtect Version 7.x
This Advanced Mod requires decent knowledge of Databases and working with ASP. I originally wrote something like this for a customer on a custom project. I then took the time to re-write all the code from scratch so it could easily be plugged in to the current version of ASPProtect as an option. All in all this mod took me over 15 hours of time to develop and will save you a ton of time & money if you were planning on writing something like this on your own. Some parts of this were so difficult to get working that I would never have written this code if I was not paid to do so. (The encrypted array that rotates through the last 12 passwords was quite frustrating to get working)
The price on this is 19.95. I am not incorporating this into the base product because it makes things more complicated and isn't for everyone.
Purchase Page
Security is a big concern and making your users change their password every so often is a good idea. Keeping track of previous passwords they used and making them choose something they haven't used before takes the concept even further.
This Mod will add a password expiration date to the application. When the password expiration date is hit the user must confirm their old password as well as pick a new one before they can log in again.
There is a new password expiration directory where they must choose a new password that has not been used before. The new password must be confirmed during this process. (It remembers 12 old passwords the way it is coded) The old passwords are stored in the database in an encrypted array.
Directions:
Back up your existing ASPProtect installation.
Add two new fields to the "ASPP_Users" table in your database.
For an MSAccess Database
Password_Expiration_Date (Date_Time Field)
PreviousPasswords (Memo Field)
For a MSSQL Database
Password_Expiration_Date (smalldatetime)
PreviousPasswords (nvarchar 160 characters)
once that is done
Copy all the new ".asp" pages into your site.
Edit the "PasswordExpirationURL" variable in the "check_user_inc.asp" file
It needs to be the full URL to to the "change_password/default.asp" file
Now edit the "change_password/processchange.asp" file
There are 3 variables you can edit.
PageSentToAfter = "http://localhost/aspprotectmods/password_admin/default.asp"
PassMinLength = 4
PassMaxLength = 8
The "PageSentToAfter" is where you want them sent to after they change the password. It can be whatever you like.
If it is a protected page they should automatically get logged in with the new password they just changed to which is nice.
The other two values should be obvious.
That's it...
Just remember the password change thing is not used in the admin area...
You could easily add code for that on your own though by looking at the the password expiration code I added to the publics "check_user_inc.asp" file
Also:
You will see a new field to edit on the user edit screen for the Password Expiration of course. , How can I make so it goes to certain webpages if user enters valid username and password??
I suppose user enters its information on check_user_inc.asp page, and username and password are stored on SQL database.
Thanks
, Umm, if your using MSACCESS your using MSACCESS
SQL server has nothing to do with it.
, I checked through the code and could not find anything as well.
However, I do think it may be related somehow to the code as I get the messages popping up in the error log only after I have edited a banner.
If there is nothing obvious, I may just set my error log to filter and automatically delete this type of error. Not something I prefer to do.
Thanks for the quick response.
Otherwise the program is working very well and I'm happy with it.
, Hello,
What is the difference between the paypal_sub_signup and the paypal_signup directories? Also, I know it depends, but what directories and files can I delete from my web server if I am not using them? I copied the entire set of files that came with the program over to the webserver and I am concerned that there is too much out there.
Jess
cwilliams38446.6304050926, I've encountered another problem. When i edit the link for existing banners and save it, the banner reverts to the old link instead of the new one.
The directory where the the database is located to rwed so the permissions is not a problem.
Any advice?
Thanks
, Is there a way to set various members to upload a limit of photos. So, one member can only upload 5 photos in 1 album and another can upload 30 photos in 2 albums. Even if you just set a permission for the number of uploads for each member.
Thank you
, SQL Server Datareader Datawriter Permissions..
here is a screenshot that shows how to set datareader and datawriter permissions on a database using "SQL Enterprise Manager"
In this example we are making sure the aspbanneruser has those permissions on the aspbanner database in the SQL Server
cwilliams38390.5986921296, The application is only intended for use with $ the way it comes.
Use of other currencies is not supported.
(this is noted on the product page)
However, it can probably be used fairly easily with UK customers.
You'll probably want to look into setting the currency to UK in the code generated for the PayPal buttons which is in "view_item.asp". There is probably a hidden form variable you add to it to specify the currency. PayPal's shopping cart documentation and help system would have more info on that.
Doing a search real quick there I came up with this.
<input type="hidden" name="currency_code" value="GBP">
Then you may also want to change the LCID settings for the web site to UK. (I think)
To do that edit the "config_inc.asp" file with a text editor.
Add this code between the <% and %> tags.
Near the top is good
Session.LCID = 2057
There may also be hard coded dollar signs in the code that you will need to change to whatever.. If after you do the above to steps you see then you'll know where to change them based on the named of the page you on.
It is quite possible that simply changing the LCID will take care of everything, but I am not sure.
Those are the tips I can give you. , Got any info for me on this ?
Chris
, The mass picyure import does not work like that. It involves no uploading component.
Only an admin can do a mass import on an album and they have to ftp the images into the site in that upload folder before they go do the mass import thing. , Has this been resolved ?, download the free version...
check out this tutorial...
http://support.cjwsoft.com/code/moreinfo169-1.htm
If your application can post to the page and provide all the form variables needed to log in it may work out for you..
You'll have to try it out... all the form variables needed are in that login form example.
Basically you'd be posting to a protected (.asp) page..
and providing the following for the most part.. how your app creates it post data is on your end...
<input type="hidden" name="Status" value="Checkem">
<input type="text" name="Username" value="Yourusername">
<input type="Password" name="Password" value="YourPassword">
As an alternate scenario...
Now, by default the "check_user_inc.asp" file is looking for posted form data... for security reasons it is not looking for querystring info..
If you change this bit of code in that file
from
Username = Replace(Request.Form("Username"),"'","''")
Password = Request.Form("Password")
to
Username = Replace(Request("Username"),"'","''")
Password = Request("Password")
It will then grab either form or querystring data...
Meaning you wouldn't necessary have to create a true post to the page with form data. You could just access the page via a querysting like so
http://www.mysite.com/somepage.asp?Status=Checkem&Userna me=Yourusername&Password=Yourpassword
Of course that introduces security risks as the username and password would be passed in plain text over the net
Another option is...
You can also make a copy of the "check_user_inc.asp" page called whatever with those modifications just to use in pages you need your little application to post to... thus reducing the security concerns a a bit as the rest of yoru site could still have its pages protected under the normal scenario.
I hope this answers your question... I havent really ever tried any of this but that is how I think it would work... , Are there any problems with modifying the default database fields.
I need to have an update from net billing and they use different settings in the database than the default.
Will the interface still be functional?
, If you are having trouble setting up a simple data connection ASPTest is a great learning tool.
You can download it from the www.CJWSoft.com website near the bottom. cwilliams38087.5457060185, I have just purchased ASP v7 and loaded. Followed instructions. Obtained codes not prob. Get to single field login screen, enter password and following page appears:
Method Not Allowed
The requested method POST is not allowed for the URL /temp/aspprotect/password_admin/get_me_in.asp.
Added folder aspprotect under (temp web) folder - temp, but also tried under root folder of web site.
Still no luck.
Apache/1.3.27 Server at www.didac.co.uk Port 80, You should not have single quotes around the "-1" because Album_Active is not a string field in the database. It's true/false or bit field in the database depending on the database you are using (MSSQL or ACCESS)
I'd do it a little more like this I think.
SELECT COUNT(Album_ID) AS Alb_Count FROM " & tbl_label_albums & " WHERE User_ID = " & CmdListUsers("User_ID") & " AND Album_Active = 1"
I took out the parentheses as well since I dont believe they are needed in a simple case like this
but is hard to say unless your the one testing it... my version might have a mistake as I am a little rusty with my SQL at the moment
also: in case your wondering...
depending on the situation and the odbc drivers the 1 and -1 should work either way but sometimes it's picky and you have to do it one way or the other
cwilliams38433.0564930556, You should read my article on server side includes… the path to the include file must of course be adjusted depending on where in your web you are.
http://www.powerasp.com/content/code-snippets/includes.asp
You will also notice if you look at the provided example pages that the include paths have been adjusted to make sense.
If it is 2 directories down it should probably look different..
example:) "../../checkuser_inc.asp"
It’s weird that if you are not getting an error because if the path to the server side include is wrong you should get a nasty server error.
Also..
The ASPProtect system and any pages it protects must also be part of the same Application in IIS. It’s the nature of forms based authentication. Do a google search if you are not sure what an application is in IIS.
Lasty…. If you are logged in at the time
Whether your current session at the site is still active… or you have the cookie set to remember you.
Well, nothing will happen… cause your already logged in and you will just see the page as normal.
Perhaps things are working and you just don’t understand that part ?
You need to go to the log off page.. log off… then close all instances of the web browser windows..
Then come back to the site… then see if it prompts you to log in.
cwilliams38228.9837152778, I am having difficulties importing new Users.
I have exported the existing list and then copied in the additional users and save the file as text (tab delimited) in Exel.
When I go to import the file (browse then upload) I get the following error:
Microsoft VBScript compilation error '800a03f9'
Expected 'Then'
/aspprotect/password_admin/upload_post.asp, line 6
If Session("Admin") <> "True"
If I upload the text file by FTP and then try to import it it only tends to import the first two existing rows.
All collumns match but not sure if I need to add "User_ID". I have added it and created consequecutive numbers.
Any assistance would be appreciated.
Thanks
, A question. Does this apply to all areas of the application. I have recently uploaded 50 photes. But when I look at the site from the url, I have X where the picture should be. Now, if I look at it though the localhost, I see the pictures perfectly.
, I think you getting all confused about dsn's and what they really are.
A system dsn gets created via the ODBC control panel and gets listed there. A system dsn is nothing more than a registry entry telling information about where the database is an how to connect to it. Then every time code accesses the database it has to do a registry lookup. The whole process adds a lot of delays, causes very poor performance and is unnecessary.
A dsn-less connection simply connects directly to the database by specifying the driver being used, where the database is, and some other information like the password if there is one.
To get aspprotect or any other ASP application using a database all you have to do is make sure the database folder has correct permissions and then make a connection string like so. (with the correct info for your directory structure of course)
DBQ=c:\inetpub\wwwroot\aspprotect_6\data\database\ASPProtect _access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp
If you are wondering Access databases always use the same username.
So, basically if permissions are set correctly and the directory is valid it will work.
It is really that simple. 99% of the time when people have problems it is one or the other.
That being said, don't worry about the odbc control panel and what is listed there for connections. All we really care about is that odbc drivers are installed and somewhat current.
One last thign for reference: even if you do make a system dsn the database folder still needs the correct permissions.
cwilliams38417.7371643518, Totally 100% depends on what you are doing.. you certainly can't be renaming any fields unless you plan on editing a lot of code that references them. Adding new fields is nothing to worry about.
Also, you really should post a question like this under the forum section for the application you are referring to as well as specify exactly what changes you are talking about. For example I don't even know what application you are referring to.
I sell about 8 applications., Most likely it is no longer supported on the web server. The web host probably moved you site to a windows 2003 server which does not support cdonts or they stopped running the IIS SMTP server.
You usualy wont get an error..
it is also possible that cdonts is boned up as it is pretty flaky and that tends to happen. For example sometimes the emails it is suppost to send get caught up in the smtp pickup directory and never get sent out until the server is rebooted.
You should really ask the hosting company why cdonts has stopped working. It definetly has nothing to do with the code if it has been working all that time. If CDONTS still is supportd tell them you emails are in limbo. Ask them to look and see if a bunch of ".eml" files are stuck in the stmp pickup directly and if so to please reboot the server.
lastly:
cdonts has been deprecated and now everyone uses cdosys.
see my article
http://www.powerasp.com/content/new/sending_email_cdosys.asp
, (Indemnification Agreement Mod)
This very simple mod will add an Indemnification Agreement Pop-up to the registration signup form which must be agreed to before continuing. This is often done for legal reasons to help cover yourself if something should come up later on.
Instructions:
Download 2006-03-19_212700_Indemnification_Agreement_Mod.zip which contains "terms.js" and put it in your scripts folder. It contains the text that will be displayed in the pop-up. You can of course carefully edit it with a text editor to say whatever you like.
Now carefully edit "users/register.asp" with a text editor. Add this bit of code in blue right after the include to the "footer_inc.asp" file like so. It will be near the bottom of the page.
<!--#INCLUDE FILE="footer_inc.asp"-->
<% If ErrorMessage = "" Then %>
<script language="JavaScript" src="../scripts/terms.js">
</script>
<% End If %>
Your done, that's it. Now when "users/register.asp" is run for the 1st time the pop-up will come up.
, I have multiple zone banners displayed on a single page using the AspHTTP Component Method.
However, in IE 6.x and NS 7.x each banner has some text displayed before it similar to:
HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Fri, 17 Sep 2004 07:15:12 GMT MicrosoftOfficeWebServer: 5.0_Pub Connection: Keep-Alive Content-Length: 229 Content-Type: text/html Set-Cookie: ASPSESSIONIDAASSDQBA=HAICCGCANEBEPANCDHLHJJGC; path=/ Cache-control: private
This text does not appear when using Netscape 4.x cwilliams38325.741099537, Message :
I purchased the V8 of the software yesterday. It is running on a 2000 Server with a MSSQL database. It is installed and I get the successful connection to database screen but when I click to enter the admin. console I continually get:
"Connection string not saved in (data/config/aspbanner_unlimited_config.asp) file.
Most likey the data folder does not have proper permissions set on it.
That folder and all of the folders within it need (R,W,X,D) Permissions set for the anonymous webserver account.
These permissions can generally only be set by your hosting company."
I can save the string manually by hitting the button and I have checked that I have granted the proper access permissions. Any suggestions?
Ken, sure, there are reasons AOL would block the email.. it might think it is spam or it might not like the fact that fact that a cdonts generated email has no MX records because it can not..
for more on MX records read my CDOSYS article
http://www.powerasp.com/content/new/sending_email_cdosys.asp
as far as the emails not being sent because notifications are off. I was not aware of that and will try to look into it.. Version 6 is no longer worked on but if I can find the time I will check that out
, A nice addition for the listing script would be if the script would allow a "featured ad" or ads that would appear on the default page. , Please Note : ASPProtect v7.x has a new feature called groups that is much more powerful than access levels. Access Levels were left in the product primarily for existing customers that upgrade to the new version so they do not need to make a lot of changes to their site if they were using Access Levels.
More On Access Levels
Again, Examples of managing Access Levels are provided in the "multiple_access_levels" folder included in the root of the Password System. Look at the source code of the ASP pages in that folder with a text editor to see the working code.
Access Levels and how they work can be re-coded to work in many different ways. However, you have to be a good ASP developer to make changes to it. Here is some information on how they work by default.
In the "check_user_inc.asp" that comes in the root of this system Access Levels work as follows.
Level 1 has Access to - Level 1
Level 2 has Access to - Level 1,2
Level 3 has Access to - Level 1,2,3
Level 4 has Access to - Level 1,2,3,4
Level 5 has Access to - Level 1,2,3,4,5
Level 6 has Access to - Level 1,2,3,4,5,6
Level 7 has Access to - Level 1,2,3,4,5,6,7
Level 8 has Access to - Level 1,2,3,4,5,6,7,8
ADMIN has Access to - Level 1,2,3,4,5,6,7,8,ADMIN
Here is some additional info..
If the access levels are too restrictive you can ignore them all together and create your own totally custom solutions.
Here is a quick rundown of some of the things you can do.
Ok... so if you want to be really specific about what each user can see and
can't .. here's an example of what you can do
Don't use the access levels before the include file..
Don't worry about what you set a user to in the admin area since the access levels won't be used.
Do something like this..
Every time a user logs in session variables are set that you can access at
any time.. thus allowing you to know who they are.
So you could do something like this...
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If Session("USERNAME") = "bob1267" or Session("USERNAME") = "carl45" or Session("ADMIN") = "True" Then
Session("PASSWORDACCESS") = "Yes"
Else
Session("PASSWORDACCESS") = "No"
Response.Redirect(Request.ServerVariables("script_name"))
End If
%>
The following URL explains what Redirects are.
http://www.powerasp.com/content/code-snippets/redirects.asp
That would in effect create totally custom access levels.. but you would
have to do it manually for each user.
You can also do things like this after a person logs in
Show custom html to any specific user based on either their username or
access level ... like so
say there was a menu and a certain link should only show up to username
"paully67"
you could do something like this
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<br>
<a href="main.asp">Home Page</a>
<%
If Session("USERNAME") = "paully67" Then
%>
<br>
<a href="paullys_page.asp">Pauls Stats Page</a>
<%
End If
%>
<br>
<a href="links.asp">Links Page</a>
</BODY>
</HTML>
Or you can show custom HTML or links based on Access Levels or any other info.
You can do just about anything with if-then statements and
using the built in vbscript functions..
Hopefully this info will help to give you some ideas...
Bottom line is you have to do some work within your site to make the Access Level system really come alive.
cwilliams38403.6781481481, Once you have the LANGUAGE = VBSCRIPT and Checkfor = 1 on your page,
you'll have it secured. I've got over 1600 pages secured in such a
manner, thanks to ASPProtect!
, I did try to redit the banner and the old link was there, not the new one. In addition I tried to ad a new banner to an account but it too was not saved.
Since I can see the banners from the aspbanner solution, does that not tell me that the solution is properly connected to the database? The only thing is the solution only appears to be able to read the data and not write or delete it.
The settings for the directory are read write execute and delete so I am not sure what I need to do to get it working again
, (Capcha Security Image Mod)
This mod will add a Capcha Security Image to the registration signup form.
Instructions:
Download the latest version of the ASP Security Image Generator from this site. http://www.tipstricks.org/
Unzip that download and copy "aspcaptcha.asp" and "aspcaptcha_distort.asp" into the aspprotect "users" folder.
Now edit "users/register.asp" with a text editor and add the code shown below in blue. The code to add goes near the bottom of the form right above the submit button. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.
<tr>
<td valign="top" align="right"><font face="Arial" size="2"><strong>
Newsletter</strong></font></td> ; ; ; ; ; ; ;
<td valign="top">
<input type="checkbox" name="Newsletter" value="True" checked>
<font face="Arial" size="1">Do you want to be subscribed to the
newsletter ?</font></td>
</tr>
<tr>
<td valign="top" align="right"></td>
<td valign="top"> <img src="aspcaptcha.asp" alt="" width="86" height="21" />
<font face="Arial" size="2" color="#000000">Type the characters shown in image for verification.</font><br>
<input name="strCAPTCHA" type="text" id="strCAPTCHA" maxlength="8" /></td>
</tr>
<tr>
<td colspan="2" bgcolor="#FFFFFF">
<p align="center"><input type="submit" value="Register"></p>
</td>
</tr>
ok, now edit "users/add_new_account.asp" with a text editor and add the code shown below in blue. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.
If User_Custom6_Used = True Then
If User_Custom6_Required = True Then
If Custom6 = "" Then
ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a " & User_Custom6_Name &".\n\n")
End IF
End If
End If
strCAPTCHA = Trim(Request.Form("strCAPTCHA"))
if strCAPTCHA = Trim(Session("CAPTCHA_" & Session.SessionID)) then
else
ErrorMessage = ErrorMessage & Server.URLEncode("You did not type in the verification info correctly.\n\n")
End If
If ErrorMessage <> "" Then
Response.Redirect "register.asp?" & Request.Form & "&ErrorMessage=" & ErrorMessage
Response.End
End If
Your done. You just added a Capcha Security Image to your signup form. If you would like a more distorted image that is more difficult for an automated program to figure out change the image tag to call the "aspcaptcha_distort.asp" page instead. It will look more like this.
, at this point I would say install a fresh untouched copy in the web in a different directory and lets see if it acts weird from scratch.. the we can go from there.. I dont know what is going on
,
Timecard Entry: 3/25/2006 1:49:22 PM
Ate nothing, drank lotsa water., 375 Miles : Boston - Watertown w/ Beth, Reset Modem Pool, *BHCP: discussing BHCP w/matt, Resetting modems, Steady morning.Quality checked sign ups, cancellations, reports, callbacks from voicemail, checked emails, taking sign ups, answering phone. , Comp Day #1 of 6, weekly staff meeting, prep for mtg, budget, etc, drop off dialup equipment to imcnet, Answered phones, and served as the secratary/whomever person...It kept busy tonight, called Tech Data about CODs', Checked some of the online issues but it were too busy to get too, General, lunch, Suprema RAM upgrade and reload, Talk w/ Randy about moving McGrann domain, Radlog and techcalls.....busy, 1mmodem, changes to PC Bundle flyer, print out copy for kelly, Switchboard, billing calls, steady afternoon, wasn't able to take a lunch, did take about a 10 minute break. , enter bills, Albany ATM status, relaying info to TICOM regarding MUX and such., busy, techcalls, new users...new phones are messed up, On phone w/Remington about images sizes/auto password generation for new members., same as above, setup new employee accounts for jimbo., check network status, check email,, general tech stuff. radius2.gisco.net went down called beth,
