Blog Entry: 3/25/2006 1:50:02 PM
sure (XP PRO), see my article on that
http://www.powerasp.com/content/new/windows_xp_pro_and_permi ssions.asp
, They really have do not have anything to do with each other as far as code and numbering goes, but I really do not fully understand your question or where you are going with this. (the part about the user setup ?)
Groups are more powerful than access levels and are meant to replace them. Access Levels are only there for backward compatibilty with older versions. ,
I will actually explain how to set access_levels and/or groups...
in "users/add_new_account.asp"
carefully edit with a text editor
find this part
CmdAddUser.Fields("Access_Level") = "4"
that is where the acess level gets set...
you can change the level or remove that line all together if you dont want one set
now for groups you would add this line in the same area
CmdAddUser.Fields("Groups") = "*3*"
or
CmdAddUser.Fields("Groups") = "*1*,*2*,*3*"
Groups access for a user is stored in one field in the database like you see above. If you are confused what you should be saving in that field I suggest simply setting a user to whatever groups you want via the admin area and then looking in the database to see what got saved in that field. It's pretty simple really how they are stored.
*1*,*5*,*9*
that user would be a member of groups 1,5, and 9 , I've got an ecommerce module that's running on it that uses access for the db. Connecting into that thing is slow as well, but I figured that's because of the complications and volume it handles.
So as far as importing on a faster machine and copying it over to the server...what suggestions do you have? , Your SQL statement to the database is the key.
You want to change the sortby hyperlink on that page so that it will in turn change the dynamic sql statement to sort the way you want
Find
?SORTBY=Date_Created
change it to
?SORTBY=Date_Created+ASC
or maybe
?SORTBY=Date_Created+DESC
One of them is the default anyway, but I cant remember which is which off hand so just try them both till you get the desired result
near the top you can also change the default sortby when thet page is loaded
SORTBY = Request("SORTBY")
If SORTBY = "" Then
SORTBY = "Name"
End If
there you would use a space though.. not a "+" sign when adding the ASC or DESC
The + sign is only used in the hyperlinks because it means a space for browsers that can't deal with spaces in links cwilliams38406.6011458333, Did you see this thread. It shows how to set up the project in Visual Studio in detail.
http://support.cjwsoft.com/code/moreinfo85-1.htm
, If you can would you do it for a price as a mod or will this be added to the new version. , 1st. Please understand you have to purchase two licenses to do such a thing as each installation will need a valid license purchased.
Moving on:
ASPProtect using a industry standard concept called "Forms Based Authentication"
This primarily relies on session variables keeping track of login status.
Each installation must be in it's own unique "IIS Application" so it will have it's own set of application and session variables.
That is often not possible with shared hosting plans as the server admins may not be willing to set a folder in your web as a separate IIS application. You would need to ask. It is going to depend on the quality of your hosting plan whether they do it or not.
technically it takes about 1 minute to open up the "IIS Console" and set up a folder in your web as a separate "application"
Based on what you are telling me that you want to do I think it would make a lot more sense to have one installation and one user database and customize your sites so ASPProtect users that are part of certain "groups" have access to things others do not or see things on pages other users would not. That is after all the entire point of Dynamic web sites and also why ASPProtect has "groups".
Then as far as the registration differences go you would make a copy of the users area folder area and manual customize it to register users in an alternate fashion than the main "users" folder. And then send people there if that is how you want them to register.
I don't support customizations but that is the gist of it. It's really not difficult work, but you have to be good with ASP., ASPProtect 7 Customization Service
As some people seem to have a lot of trouble editing ASP code I am currently willing to consider doing ASP Programming custimization work to the registration pages/database as well as the admin area of ASPProtect Version 7.
things like drop down lists, yes/no fields, new database fields, edit screen additions... etc etc
things that might take an ASP novice forever but I could do in reasonable time.
PM me detailed specs on what you want and will then provide a quote if interested. I get paid via PayPal ahead of time and am charging 40/hour for my time which is a discounted rate. (partially since I am so familiar with the application and partially because you have made a purchase from CJWSoft)
So to be very clear...
You tell me exactly what you want in detail, If I agree and you like the price quote, I get paid, I write the code, you get the code, I fix any minor bugs or errors if I made if any, and everyone is happy. That's the deal.
Pain in the ass people or people not willing to spend money for quality work done quickly need not contact me. I get enough of that as it is and my time is valuable. I also may refuse a job if I don't have time or just don't want to do the work involved. Really how well you describe what you want and the intelligence level vibe I get from you has a lot to do with whether I will do the job or not., if you use either of those options the mail server info you use must of course be valid (example: mail.somesite.com) your host can provide that info
you should also make sure your sending the emails using an account at your email server.. not some other email you have
other than that if it does not send emails it could be because your hosting company may require authentication for outgoing emails...
ask them ...
if that is the case the version of ASPBanner you have does not support sending email that way and you would need to add the necessary code to any places that send email... in order for emailing to work , Our home page is not showing up gives this error:
Active Server Pages error 'ASP 0126'
Include file not found
/Default.asp, line 246
The include file 'elib/articles/home_feature1.asp' was not found. , I set the max image width to 1000; previously it was null. Now I'm getting server errors:
page not found, then, service unavailable (the page is there). But in a new album, the images imported fine and it seems to be working now, despite the IIS issues.
I think my host restricted the amount of memory and resources my site is allowed to use. , Well, hold everything.
Looks like I did it right. The latest user showed up in the correct group.
I guess the ASP pages had to refresh at the server or something...
It's still a great product, BTW. Almost five years for my enjoyable ride with ASPProtect!
, Tony,
ASPBanner.NET was discontinued about 14 months ago. It is no longer supported in any way because quite frankly the classic ASP version is faster, more stable, has more features, and is a lot easier to install and get running.
If you PM me via the forum you are welcome to a copy of the current ASP Unlimited Version. It can serve banners to any type of page extension. All you have to do is ask for a copy.
Whether or not your existing ASPBanner.NET database is exactly the same structure I do not know, but I believe it is. You should compare the two if you plan to keep using the old database and make any neccessary changes so the old database has the exact same structure as the new version. If there are any differences they are very few. , glad it is working now
sorry ya had trouble. cwilliams38418.6886342593, The only other thing I can think of if you are not getting any errors.
Is that you may have the path to the server include file correct but ASP server side code is not executing in that part of your web site.
You can do a simple test to tell if it is...
Make a simple ".asp" page in the same folder.
Put only this code in it.
<% Response.Write ("ASP is executing") %>
then run the page via the web browser thru the server..
If the text prints out ASP is running... if you don't see anything it is not cwilliams38229.5820486111, umm.. rename the pages to ".asp"
After all these are ASP scripts we are dealing with and the product is called ASPProtect.
The web site says it is used to protect ".asp" pages
And the directions tell you to put the protection code on ".asp" pages.
ASP can not run in ".html" pages
If you do not know basic things like this you should really learn the basics of ASP before you try to use the application. I would suggest a good book or two. ASPProtect is for people that have at least some experience with Active Server Pages. , I'm getting this error when I try to login:
Active Server Pages error 'ASP 0131'
Disallowed Parent Path
/gallery/users/login.asp, line 19
The Include file '..dataconn_inc.asp' cannot contain '..' to indicate the parent directory. , Even if I try to upload the test file that was included with the system I still get the same error.
My host is using Windows 2003 Server.
Will send you a private email to see if the issues can be sorted out.
Thanks
, Hello,
no default setting for something like that... what your thinking about doing is on the right track I'd say , I have no idea.. perhaps PM me info on how to log into your site and reproduce the issue., Hi Chris,
The hosting company has been doing some work apparently regarding the database connection issue. Still something is funky 
When I type in www.vickerylightning.com/aspgallery/default.asp I get the custom 404 error page and I noticed that it is trying to open the following:
http://www.vickerylightning.com/skins/default/settings.asp
Is that what it is supposed to do?
Thanks!
Rhona, the rookie
, I do not have any programming knowledge and have what might be a simple question.
I am having a hard time getting my hosting company to modify the rights on the data folder. They state they support ASP and access databases however this is the response I got when I requested the modify permissions set for the internet guest account:
Were the rights changed on the data folder? No, we do not manage rights to folders.
My question to you is: Doesn't supporting asp require those permissions be set on the database folder or can asp (not just aspprotect) work without those rights modified?
Thanks , Hi,
In my search for a product to administer my banners I came across ASPBanner. In my site: http://www.lovenest.co.il I have 3 locations for banners:
In the top section a big banner and a small banner
At the bottom a serie of 5 banners.
My question: is it possible to place a list of banners (let's say 8 banners) and randomally pull 5 banners each time the page loads?
If yes please explain in detail.
Thanks. , if you just see code then you do not have ASP and Web Server setup correctly.. Basic IIS Server Setup stuff and not something I cover, but there is plenty of info out there.
http://www.aspfaq.com/show.asp?id=2084
http://www.codefixer.com/tutorials/installation.asp
http://www.webwizguide.com/asp/tutorials/installing_iis_winX P_pro.asp
http://www.w3schools.com/asp/asp_intro.asp
, False alarm. Dumb user alert (both the classifieds customer and me).
When I test fixes, I need to be looking at the right Ad_ID to get correct results  , The login page sends the user to redirect.asp (which is as follows)
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If InStr(Session("Groups"),"*1*") Then
Response.Redirect("gp01.asp")
End If
%>
<%
If InStr(Session("Groups"),"*2*") Then
Response.Redirect("gp02.asp")
End If
%>
I am not being redirected to gp02.asp if I am a member of group2. Also, we wish users who are part of group 2 and 3 to go to a different page (ie. gp2-3.asp)
Thanks in advance.
, If you code support for it yes, the application comes with no paypal code or support built in.
If you think it will help you, you are welcome to a copy of the classic asp version which supports paypal subscriptions. Perhaps looking at the code would help you. , I am confused.
Humm, how did ASPBanner 8 come with your purchase of ASPProtect ? That is not something I am aware of or something I do. Please provide more information on how you obtained ASPBanner 8. If I gave yu a copy for some reason please refresh my memory so I can go look up th emails about it. I need to know you have a valid license.
Now, as for the two not working together and the login screens messing with each other. I am even more confused. Tell me more as I just do not understand what you did ? ASPBanner has it's own user database and login system so there is no reason you should be mixing the two together as far as logins go. The two applications can certainly be in the same web together and not bother each other. ASPBanner can certainly serve banners to any pages you protect with ASPProtect or don't protect, but you certainly should not be protecting any ASPBanner code with ASPProtect code. ASPBanner already has code in it to do that. If that is the case don't do that. ASPProtect is not meant to protect code that already has a login system. That should just be obvious as far as I am concerned and hopefully you dintn't try to do that.
(you said you just put the directory in there but there must be more too this than that)
But again, tell me more. I can't really know everything ??
I just dont see how your ASPProtect pages could be effected by ASPBanner unless you really did something wacky like included the ASPBanner "check_user_inc.asp" instead of the one that comes with ASPProtect or overwrote it... etc ect
If in the same web aspprotect can be wherever and aspbanner needs to be in a folder called "aspbanner". There should be no conflicts under normal use and the two will essentially run seperate of one another. , Making progress. I have made the appropriate settings and now I have the option to upload. When I upload, I get the following message:
"Your upload did not succeed, most likely because your browser does not support Upload via this mechanism.
Your browser must support a standard called RFC 1867. Please check with your browser vendor for support of this standard"
I am using IE6 XP SP2. I also am using DUNDAS UPLOAD, ASPIMAGE.
I think I set permissions correctly bot not positive. I have given all auth to everyone for the database etc. , Please Note : Users with the option pack a new feature called groups that is much more powerful than access levels.
More On Access Levels
Again, Examples of managing Access Levels are provided in the "multiple_access_levels" folder included in the root of the Password System. Look at the source code of the ASP pages in that folder with a text editor to see the working code.
Access Levels and how they work can be re-coded to work in many different ways. However, you have to be a good ASP developer to make changes to it. Here is some information on how they work by default and also info on an alternate scenario we have provided.
In the "check_user_inc.asp" that comes in the root of this system Access Levels works as follows.
Level 1 has Access to - Level 1
Level 2 has Access to - Level 1,2
Level 3 has Access to - Level 1,2,3
Level 4 has Access to - Level 1,2,3,4
Level 5 has Access to - Level 1,2,3,4,5
Level 6 has Access to - Level 1,2,3,4,5,6
Level 7 has Access to - Level 1,2,3,4,5,6,7
Level 8 has Access to - Level 1,2,3,4,5,6,7,8
ADMIN has Access to - Level 1,2,3,4,5,6,7,8,ADMIN
The "check_user_inc.asp" included in the "extras" directory is an example of changing the access level checking code
to work differently. In that "check_user_inc.asp" Access Levels works as follows.
Level 1 has Access to - Level 1
Level 2 has Access to - Level 2
Level 3 has Access to - Level 3
Level 4 has Access to - Level 4
Level 5 has Access to - Level 5
Level 6 has Access to - Level 6
Level 7 has Access to - Level 7
Level 8 has Access to - Level 8
ADMIN has Access to - Level 1,2,3,4,5,6,7,8,ADMIN
If you get creative you can create some interesting access level checking scenarios.
Here is some additional info..
If the access levels are too restrictive you can ignore them all together and create your own totally custom solutions.
Here is a quick rundown of some of the things you can do.
Ok... so if you want to be really specific about what each user can see and
can't .. here's an example of what you can do
Don't use the access levels before the include file..
Don't worry about what you set a user to in the admin area since the access levels won't be used.
Do something like this..
Every time a user logs in session variables are set that you can access at
any time.. thus allowing you to know who they are.
So you could do something like this...
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If Session("USERNAME") = "bob1267" or Session("USERNAME") = "carl45" or Session("ADMIN") = "True" Then
Session("PASSWORDACCESS") = "Yes"
Else
Session("PASSWORDACCESS") = "No"
Response.Redirect(Request.ServerVariables("script_name"))
End If
%>
The following URL explains what Redirects are.
http://www.powerasp.com/content/code-snippets/redirects.asp
That would in effect create totally custom access levels.. but you would
have to do it manually for each user.
You can also do things like this after a person logs in
Show custom html to any specific user based on either their username or
access level ... like so
say there was a menu and a certain link should only show up to username
"paully67"
you could do something like this
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<br>
<a href="main.asp">Home Page</a>
<%
If Session("USERNAME") = "paully67" Then
%>
<br>
<a href="paullys_page.asp">Pauls Stats Page</a>
<%
End If
%>
<br>
<a href="links.asp">Links Page</a>
</BODY>
</HTML>
Or you can show custom HTML or links based on Access Levels or any other info.
You can do just about anything with if-then statements and
using the built in vbscript functions..
Hopefully this info will help to give you some ideas...
Bottom line is you have to do some work within your site to make the Access Level system really come alive. cwilliams38114.6506712963, Hi Chris
Unfortunately the bl**dy server was down and unavailable for 17 hrs so I couldnt even get to see what the settings were!
It is on, the relevant users appear to have all rights for the data/tempstats folder.
I'm guessing you're going to suggest turning it off and see if the problem still appears.
Colin
, A question. Does this apply to all areas of the application. I have recently uploaded 50 photes. But when I look at the site from the url, I have X where the picture should be. Now, if I look at it though the localhost, I see the pictures perfectly.
, After a user edit his information (name, email, etc), the session variables are not updated. In the user_area.asp
page, I "Response.Write" all the session variables, and they are still
showing the old information. I tried refreshing the page but to no
avail. The only way to update the display is to log off and login again.
please help.
, (Password Expiration Mod) for ASPProtect Version 7.x
This Advanced Mod requires decent knowledge of Databases and working with ASP. I originally wrote something like this for a customer on a custom project. I then took the time to re-write all the code from scratch so it could easily be plugged in to the current version of ASPProtect as an option. All in all this mod took me over 15 hours of time to develop and will save you a ton of time & money if you were planning on writing something like this on your own. Some parts of this were so difficult to get working that I would never have written this code if I was not paid to do so. (The encrypted array that rotates through the last 12 passwords was quite frustrating to get working)
The price on this is 19.95. I am not incorporating this into the base product because it makes things more complicated and isn't for everyone.
Purchase Page
Security is a big concern and making your users change their password every so often is a good idea. Keeping track of previous passwords they used and making them choose something they haven't used before takes the concept even further.
This Mod will add a password expiration date to the application. When the password expiration date is hit the user must confirm their old password as well as pick a new one before they can log in again.
There is a new password expiration directory where they must choose a new password that has not been used before. The new password must be confirmed during this process. (It remembers 12 old passwords the way it is coded) The old passwords are stored in the database in an encrypted array.
Directions:
Back up your existing ASPProtect installation.
Add two new fields to the "ASPP_Users" table in your database.
For an MSAccess Database
Password_Expiration_Date (Date_Time Field)
PreviousPasswords (Memo Field)
For a MSSQL Database
Password_Expiration_Date (smalldatetime)
PreviousPasswords (nvarchar 160 characters)
once that is done
Copy all the new ".asp" pages into your site.
Edit the "PasswordExpirationURL" variable in the "check_user_inc.asp" file
It needs to be the full URL to to the "change_password/default.asp" file
Now edit the "change_password/processchange.asp" file
There are 3 variables you can edit.
PageSentToAfter = "http://localhost/aspprotectmods/password_admin/default.asp"
PassMinLength = 4
PassMaxLength = 8
The "PageSentToAfter" is where you want them sent to after they change the password. It can be whatever you like.
If it is a protected page they should automatically get logged in with the new password they just changed to which is nice.
The other two values should be obvious.
That's it...
Just remember the password change thing is not used in the admin area...
You could easily add code for that on your own though by looking at the the password expiration code I added to the publics "check_user_inc.asp" file
Also:
You will see a new field to edit on the user edit screen for the Password Expiration of course. , you can whatever you like but like I said those gif files are already in the correct place. The log parser is messing up. , What am i supposed to do now... i do have another member server that is not a domain controller-
However, i have like 5 websites running on this domain controller already. I have thought about this before how its a HUGE security risk but it will take too long to configure everything on the other computer :( , I didn't know about it. I will try to check it out some more this week.
, At the bottom of my "users" list page, it asks the question "number of users displayed per page"? After hitting a larger number than the default of 1-25, it increases the number of users per page to that number. But as soon as I leave that page, it goes back to the default. Any thoughts?, yes, any page you want protected needs to be edited..
You can probably have a login box on a non protected page. Just copy the generated source html form code for the login box of a protected page. Then put it on your non-protected page, but change the action to the page you want them to log in to.
In other words go to a protected page. See the login box, view the html browser source and use that to make your login form on the main page.
I have not tried it with .NET but I am pretty sure you can do it since it pretty much works the same as the classic asp version of ASPProtect.
try it.. see if it works.. If I have time tommoro I will test it out.,
Timecard Entry: 3/25/2006 1:50:02 PM
AT work working on new password protection code for new MLS software., Not much activity with phone, *EveryDayDad, CHR conference call, Time cards, , install and setup outlook exchange, go over my timecards and make sure they are right and submitted., Powering and connecting channel Banks, Took tech calls, checked DUI, RAD, AUAQ, and Voice... called some users back on AUAQ. Not busy at all. , At office, general work, tech support., phone duties rad log dial up reports, phones, tried to do radlog but it was too busy., team meeting, Answered phones., C.E.R. TOWERS DEVELOPING GRAPHIC LAYOUT OF SITE, Looked at in house computer. Answered phones and other tech related duties..., help steve gains at the times and chad edwards at wept, new/closeout w/o's, tng, meet with graphic dev team, u/d timecard hours to website tracker, meet with personnel (h&r), general mktg, went to staples to buy paper with Nic, met with Paul, talked with Nic, did a ask us a question. user wasn't able to send mail, printed, reviewed and mailed invoices, cancellations for nonpayment, answered phone, worked on order, Helping Kelly w/Watertown NY events calendar, Friday team meeting, billing issues. DSL info. Sign ups. Invoices., Entering grade 10 students to Lafargeville database for John Stone. Can't read most of the fax he sent so will have to do again., Telephone with Drew McNally, samaritan proposal, revised jlmc prop, still getting caught up on stuff from last week, met with Paul in the afternoon, did general tech support work for the remainder of my time..., travel from WDT to clayton,
|
