Blog Entry: 3/25/2006 1:36:32 PM
Hello,
You'll need to find a validation function to test for it.
Either server side or right in the form via client side javascript.
I dont have any experience with validating zip codes here much less UK.
Google it would be my best advice.. or maybe find some free app written in UK format and see how they did it.
Good Luck..
And if ya find anything post it here if ya like cwilliams38381.5607638889, Sounds great, Sold!
Thanks Christopher! ,
you would have to edit the application in visual studio.net.. change some things around and recompile the application... in the process figuring out how you want to handle all of that (probably combining the username and email fields just on the registration form then saving both values to the database)
very doable.. just not anything documented or supported as it is custimization
I do have a very nice article on the forums on how to set up a project in visual studio.net with the application.. it is in the forums, I dont know about your error on line 6 when uploading..
as far as the manaully edited import file not working I would really need to see it. There has to be somethin wrong with it's format.
I really need more information and possibly acess to the system to do some troubleshooting...
This is anot a feature anyone has ever had an issue like this with. , You can mix and match banner calling methods all you want.
Try it and see what happens.
However, the only method that is going to work on non ".asp" pages is the javascript or the new iframe method listed in the support forums.
cwilliams38209.532349537, FYI. There is a typo in the upgrade (6.0 to 7.0) instructions. It specifies adding a field named "passwords". Should be "password"., Kurt,
There really is no default width in general.
The thing to remember is that the default.asp page includes a lot of different pages.. and some of those pages also include pages.
Now all of this gets wrapped by the header and footer include files so in a sense what you do there can effect everything inside to a certain degree.
Now there are some widths set here and there for different tables and what not on certain pages, but its really the kind of situation where you just have to dig around in the code and experiment until you eventualy find what you are looking for and get the desired result.
I'd love to tell you there is easy way to just set a width, but it is not that simple.
Maybe someday it will be. Just not in the current version.
CJW , Same here. Thinking it might be server load or the bandwidth to the server.
Thanks for checking!
Lance , Hello,
Unfortuantely I can not help you much regarding the javascript because I am a server side code kinda guy. Client side javascript just isn't my thing. That was free javascript code that I used for that function. I really do not know enough about editing client javascript. Sounds like you might though.
Style 1 is really a relic left over from the standard version. I just left it in in case someone wanted to use it. Like I said because it is javascript making it do more than it does is tricky (at least for me)
Now,, for actually getting description code. The thing to do is check out how that all works in the pic_window.asp file which is what style 2 two uses. Bascially descriptions for an particular album get stored in one text file. We read that test file. Put the lines into an array. Then display the info which gets run through a functions to convert some special characters used when saving back to normal.
I tried to look at your site but it woulnt load for some reason.
cwilliams38420.0809259259, Are you aware ASP can run on any machine running win95/95,2000,xp pro, 2003. You really should test all asp code locally before running it on live servers but anyway... that is your deal
I am not sure if memory alone will be enough for that server but it could help. I saw a decent amount of free memory when I looked. Its just about an 8-10 year old system on every aspect (processer,OS,Hard drives, memory etc etc) and not only that something is tasking the heck out of the resources left over for asp database access. Something is just wrong. I don't know what it is but I am pretty sure it is not aspprotect. I got rid of my last nt 4 server about 4-5 years ago but the application always ran great on NT and I still have some customers using NT 4. Not many though.
if you email me the import file and the encryption keys you are using I will make a database for you.. just zip it up and send it to chris-cjwsoft.com
replace - with @ , It just sits there indefinitely without an error being returned. The only clue I have is that it seems to be connecting to the database when I try to log-in. I know this because I decided to erase the files and start again, but I could not delete the database because it was "in use". After I rebooted to clear that connection and erased the database, then re-did the install, the same condition exists after entering the key on the get_me_in.asp page. It just sits there indefinitely., The random password is generated during signup and the function that creates it is located on this page of code.
users/register.asp
it looks like this
Function RndStr(Length, UseChrs)
If IsNull(UseChrs) OR (UseChrs = "") Then UseChrs = "0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&*()_+=-"
NewStr = ""
Randomize(CByte(Left(Right(Time(),5),2)))
For gpIndex = 1 To Length
NewStr = NewStr & Mid(UseChrs, Int((Len(UseChrs)) * Rnd + 1), 1)
Next
RndStr = NewStr
End Function
For example go to this page and hit refresh and watch the password change.
http://www.aspprotect.com/demo2/users/register.asp
Yes, sometimes if you hit refresh quickly over and over you'll get the same password, but not generally. Also that is not something that would happen normally as a user isnt going to sit at that screen and hit refresh over and over.
Anyway... when signing up the new user of course has the option to change that password to something they would like better...
As far as... "selecting the same user name and password every time"
I need more information. That does not make sense for a lot of reasons.
Most importantly because usernames are not generated. The are inputed by the user during signup. They are then checked to ensure they do not already exist before the user is allowed to complete their signup.
So under normal circumstances there can never be duplicate usernames in the system or even users with duplicate emails as that is checked as well.
Now of course if you edited the code in any way it is possible all this is not working correctly ?
cwilliams38164.8059143519, Unfortunatley, I dont have an easy answer for you. It is certainly doable but adjusting the code so people assigned to certain groups get specific expiration dates means a lot of code work and time. It would probably even take me a long time to figure out.
The fact that users can belong to more than one group also greatly complicats the whole idea.
You can certainly assign an expiration level when someone signs up. That is easy and explained in the forums. , If you have messed up the admin account or forgotten the admin password you generally should open up the database manually and add a new account or see what the old account is.
In version 7 however you have another option. Go through the installation instructions again. Specifically the part where you use the "get_me_in.asp" page to get back into the admin area by pasting in the password encrpytion keye you are using from your config file. , Please forgive any ignorance on my part.
Using the live demo, it seems that with the banner software my advertisers would only have access to reports, but no ability to upload banners, specify keyword triggers or zones, what have you. Is this correct?
The other thing I couldn't quite figure out, assuming I had a categorized directory on my site, is this system configurable to display different banners based on category? Perhaps through keyword triggers?
Thank you in advance for any assistance. , Hi - When I try the mass email feature, I get an error that says:
ODBC Microsoft access driver) too few parameters expected 1
/aspprotect/password/admin/send_mass_email.asp line 280
Oddly...this feature works fine when I use the original admin user that you setup.
But I setup another one with my username and password (not test) - because I was afraid anything with "test" could get deleted.
Any ideas on why the new admin userid would not work? Note: I have not change any code from the original installation.
, whether you use SSL or not really does not effect aspprotect in any way
I say, the smart thing to do there is too not start them off at a http:// url
one way to do it is put a simple ASP redirect on that default page and send them to an SSL version of the page instead...
http://www.powerasp.com/content/code-snippets/redirects.asp
another way would be not start them off on a protected page right off the bat and offer links to the the protected area...
in my opinion thats pretty odd to be starting them off on a protected page anyway
SLL maybe, but protected right from the time they hit the default page of the site.. thats just odd.. usually you want o say a little something about the site your at and then link people to protected areas or give them a login form which posts to a protected area.
Regardless if you always want users at your site under https:// you should have code on every single page in your site checking the url info at every page load. Then if someone ever hits a page and is not using the https:// you can do something about it like redirect them to the SSL home poge or redirect to that same page but with the https:// in the url.. , I am having difficulties importing new Users.
I have exported the existing list and then copied in the additional users and save the file as text (tab delimited) in Exel.
When I go to import the file (browse then upload) I get the following error:
Microsoft VBScript compilation error '800a03f9'
Expected 'Then'
/aspprotect/password_admin/upload_post.asp, line 6
If Session("Admin") <> "True"
If I upload the text file by FTP and then try to import it it only tends to import the first two existing rows.
All collumns match but not sure if I need to add "User_ID". I have added it and created consequecutive numbers.
Any assistance would be appreciated.
Thanks
, Do what it says so you can see the real error and then post that information here. It could be anything from incorrect permissions to whatever.cwilliams38454.4272916667, Using just ASP (Form Based Authentication) you can only protect the actual content of the ".asp" files.
You can however use some ASP tricks to stream other types of files to the users.
That way the actual file locations are never known and they can only get them/see these files when they are logged in as you would be streaming files to them after they logged in.
Below are informative links I have collected on the subject in an email I sent to another customer a while back.
Using Active Server Pages you can only protect ".asp" pages.
You can however password protect ".asp" pages that stream files to the user using code like in these examples therefore keeping the actual file name a secret.
And from another email I sent...
ASPProtect only protects the content of ".asp" pages. Directory protection is not possible using just ASP.
Other file extensions can not be protected using just ASP.
There are ways to get around this.
You'd want to do a technique like this to stream non ".asp" files to the users.
The safileup component from softartisans can actually do something similar as far as streaming the files go.
Then use something like ASPProtect to protect the ASP files that streams the files.
The actual location of the files is never known to the users and of they don't have access to the asp pages they can not see or get those other types of files.
Very doable, but nothing ASPProtect takes care of automatically.
This info above should get ya on track.
cwilliams38344.8751736111, Some users have reported an error during the registration process.
Here is what I believe is happening.
When you register you get sent a validation email that has a link in it that looks something like this.
http://support.cjwsoft.com/forum//activate.asp?ID=testAD3AD2 97BC
That link can only be clicked on once which will activate your account.
If you somehow run that link more than once you will get a message telling you there was an error.
I think some people are double clicking on the link they get sent and running it more than once.... or clicking on it again after registration is complete. It probably happens very fast so they never see the success screen.
Either way, if you can login to the forum nothing is wrong and you are already activated. cwilliams38089.6248842593, Cool.
Well I'm in the middle of uploading the txt file and it's about half way done and sitting there...so I'm keeping my fingers crossed. , Thanks Chris, Hey, I thought I'd share this tip with the ASPProtect community...
If you'd like to remove, modify, or add fields to the "Users" view in
the password_admin default.asp page, it's really easy to do. Well, at
least it was for me. I'm using an MS Access database, by the way.
For me, I don't need "Company" info, but I do need last access and # of
times accessed displayed. Therefore, I had to change the default page
in three areas:
In /password_admin/default.asp, go to about line 185 or so, where you see stuff like:
[code]<td valign="bottom"><font face="Arial" color="#000000"
size
="2"><b>First Name& lt;/b> </font></td> [/code]
OK, those are the column headings. Each one corresponds to a column
from your USERS table in your database. There are two more areas to
consider, both of which appear immediately after this section.
The next section has statements that look like this:
[code]<td valign="bottom"><a href="<% =THISPAGE
%>?SORTBY=First_Name+ASC&MyPageSize=<% =MyPageSize
%>&Keyword=<% =Server.URLEncode(Keyword)%>"><img
border="0" src="../images/sort_ascending.gif" Alt="Sort
Ascending"></a><a href="<% =THISPAGE
%>?SORTBY=First_Name+DESC&MyPageSize=<% =MyPageSize
%>&Keyword=<% =Server.URLEncode(Keyword)%>"><img
border="0" src="../images/sort_descending.gif" Alt="Sort
Descending"></a></td>[/code]
See the "First_Name" items? The first is for an ascending sort, the
second for a descending. This particular line corresponds to the code
snippet immediately above it. But all this does is handle the sorting.
For the actual data, look lower for this stuff:
[code] <td bgcolor="<% = Cellbgcolor
%>"><font face="Arial" size="1"> <%=
CmdListUsers("First_Name")
%& gt; </font></td> [/code]
It's a good ways down, so don't be impatient if you don't see it in 10
lines from the end of the last mentioned section. This stuff handles
the display of the data from the database (where else ya gonna get
data, anyway?)...
Now, to remove a field, you need to find the three sets that go with
that data. The ascending/descending sort is potentially the trickiest,
because it's the longest set of data and can take a number of lines.
Just clear it from the start td to the end /td and you'll be fine.
To *add* a field, copy and paste the code from an existing field and
modify it. In the first one, the column title, you can type whatever
you want to describe your info. Nobody but you and your admins will see
it. For the next two sections, though, you need to get the correct
column heading from the USERS table and use that to correct the lines
in the copied code you pasted in.
For example, when I added a column to show the number of times a user
logged in, I copied the above snippets and pasted them in where I felt
the column I needed should be. Then, in the first one, I changed "First
Name" to "Logins". In the ascending/descending snippet, I changed
First_Name to Counter. Same for the last snippet.
The result? A new column, showing the number of logins my users were successful with.
Of course, before you experiment, back up your existing default.asp file, JUST IN CASE.
Have fun!
, ASPProtect v7 comes with working example code of protecting a file download.
This comes with the system as an example folder with some files in it.
(some of the initial purchaser's of the system might not have that directory.. if that is the case please ask)
Here is how it works...
Basically we protect the file download by only allowing a logged in user to download it. The special ".asp" page we use the stream the file is password protected. It also hides the true location of the file so you can keep your files out of your web or keep them in a folder in your web that does not allow file browsing. Under this scenario even if someone looks at the html source they can not tell where the file really came from and they can only download if they are logged in and you offered them the link to the file.
For the file download protection examples to work you may need to edit some values
in the stream_download.asp file that are valid for your setup.
Look at the source. The values you can edit are commented.
Now, you also need to call a valid "download file name" from the download_link.asp file which is an example of how make a download link to the streamed download.
Lastly, we provide a working example. Now, you obviously may need to customize it to fit your needs. Please realize you are going to have to make special download links in your .asp pages and not only should you only show those links to people with appropriate access to download the files, but you should also protect the streaming download page accordingly as well as far as level, groups, and particular users. What I am saying is which files a particular user is allowed to download is not automatically handled by ASPProtect in any way. We give you all the tools to provide protected downloads to logged in users, but if you have complex needs you’re probably going to need to come up with a system that works for you. It's not really difficult because we did all the complicated stuff, but its something you have to sort out.
Perhaps someday in the future ASPProtect will have an interface to upload files and associate them with certain users. But at the moment it does not. , That is by design, removing and deleting are two different things as far as the classifieds system goes.
A regular user can only remove an ad from the category index. (which makes the ad inactive)
An admin however can truly delete an ad from the system. , Thanks dude, I'll figure it out. I've been ripping apart pieces
of the code to get it. I'm in the process of pulling some things
out to make functions that do specific tasks based on your code.
I actually had a lot of luck yesterday with it.
, FYI:
The articles you references were read over by me like 3 hours ago... way passed that and prob. in deeper sh*t than i was since im trying everything possible without knowing the true reason this is not working. , [QUOTE=cwilliams]
Is that a real term or just something you named it cause they have like a zillion people using that SQL server?[/QUOTE]
yeah thats it, you buy into a part of the sql server so it's an sql server hotel... , I have been using this solution for over a year now and think its great, however I recently logged on to add a banner and when I clciked on the link that opens a window, displaying all the gifs in the directory../images/banners/, now images showed up, however they do exist in that directory.
I recently upgraded my computer and am now using windows XP...could that be the problem?
Thanks
, Its a great idea. I didnt really check the counter until the album started working. Its a great concept though., (Password Expiration Mod) for ASPProtect Version 7.x
This Advanced Mod requires decent knowledge of Databases and working with ASP. I originally wrote something like this for a customer on a custom project. I then took the time to re-write all the code from scratch so it could easily be plugged in to the current version of ASPProtect as an option. All in all this mod took me over 15 hours of time to develop and will save you a ton of time & money if you were planning on writing something like this on your own. Some parts of this were so difficult to get working that I would never have written this code if I was not paid to do so. (The encrypted array that rotates through the last 12 passwords was quite frustrating to get working)
The price on this is 19.95. I am not incorporating this into the base product because it makes things more complicated and isn't for everyone.
Purchase Page
Security is a big concern and making your users change their password every so often is a good idea. Keeping track of previous passwords they used and making them choose something they haven't used before takes the concept even further.
This Mod will add a password expiration date to the application. When the password expiration date is hit the user must confirm their old password as well as pick a new one before they can log in again.
There is a new password expiration directory where they must choose a new password that has not been used before. The new password must be confirmed during this process. (It remembers 12 old passwords the way it is coded) The old passwords are stored in the database in an encrypted array.
Directions:
Back up your existing ASPProtect installation.
Add two new fields to the "ASPP_Users" table in your database.
For an MSAccess Database
Password_Expiration_Date (Date_Time Field)
PreviousPasswords (Memo Field)
For a MSSQL Database
Password_Expiration_Date (smalldatetime)
PreviousPasswords (nvarchar 160 characters)
once that is done
Copy all the new ".asp" pages into your site.
Edit the "PasswordExpirationURL" variable in the "check_user_inc.asp" file
It needs to be the full URL to to the "change_password/default.asp" file
Now edit the "change_password/processchange.asp" file
There are 3 variables you can edit.
PageSentToAfter = "http://localhost/aspprotectmods/password_admin/default.asp"
PassMinLength = 4
PassMaxLength = 8
The "PageSentToAfter" is where you want them sent to after they change the password. It can be whatever you like.
If it is a protected page they should automatically get logged in with the new password they just changed to which is nice.
The other two values should be obvious.
That's it...
Just remember the password change thing is not used in the admin area...
You could easily add code for that on your own though by looking at the the password expiration code I added to the publics "check_user_inc.asp" file
Also:
You will see a new field to edit on the user edit screen for the Password Expiration of course. , well, for now you have to watch the logs. What your talking about would take up a lot of server resources and database space to keep track of. Maybe some day, but no plans at the moment.,
I am successfully using ASP protect on our site. I have one question:
The file Check_user_inc.asp looks a bit bland as I can't seem to use the sites Dreamweaver template. If I apply a template to this page, it is duplicated on other pages with this template.
How can I apply a template to this page?
Thanks
Clark
, I am up to speed on how it works. My goal was to not have just a link to a protected page- so that when a user clicks it they get the "access denied" screen and then have to log in. My goal was to avoid that if possible by having them log in and then redirected to the protected page.
So this isnt possible? The only way for it to work is for a user to click a link to the protected page, get the denied screen, then login and be redirected?
Or is there another way..?
I made my point by rebuttling your "cafepress" with agreeing "YES" that is what i want... now you are changing this around on me. I dont think i can be ANY clearer in what i intend to do. It is extremely clear and i am not sure why its becoming more than it should be. I just want the user to be able to log in from ANY PAGE ON THE WEBSITE AND THEN BE REDIRECTED TO THE PROTECTED PAGE IF THE HAVE THE PROPER CREDENTIALS. It would be nice if this software gave an error message when an incorrect username/password was entered instead of simply refreshing the screen. , far as I can tell it does... that session abandon thing called in the logoff page should be enough to cover everything
once thing to be careful about
If you log in.. then log off... then go back to a page and do a refresh... you may in fact be reposting the username and password from before.. thus logging yourself right back in
Perhaps not.. all depends on what your doing... but it is something to be careful of when testing cwilliams38341.7390509259, it might also be a good idea for you to try a simple text file writing example like this on your server and see if it hangs as well
http://www.devasp.com/samples/writetofile.asp
for troubleshooting sake
this is sounding more and more like the filesystem object is blocked or disabled on your server , Hi,
I don't fully understand what you are explaining ... the part about showing a user but not working???? but if you PM me the details I will glady go into your live webserver and see if I can get it working. , Hi Chris
Unfortunately the bl**dy server was down and unavailable for 17 hrs so I couldnt even get to see what the settings were!
It is on, the relevant users appear to have all rights for the data/tempstats folder.
I'm guessing you're going to suggest turning it off and see if the problem still appears.
Colin
, Excellent 
Thanks, the DESC addition did the trick!
- Jason ,
Timecard Entry: 3/25/2006 1:36:32 PM
callbacks on soon to expire accounts. Info calls for new customers. , Checking e-mail. Grabbing tools and pdf's., timecards and spreadsheet, Lunch, Spoke to Several DSL and dedicated customer- developed rough proposal for Seacomm and sent it to seth, Tested modems at IMC-Net and made a detailed list of the modems., Drive back to Clayton, re-develop internal development process and process documentation, go over info with pat- work order book
Go over billing with Michele- add four new customers
Add psswords into thousand island listings
, tech calls - moderate traffic, teched phone calls, Troubleshoot FPSE on Godzilla, Traveled to Watertown for meeting with Carthage savings and loan 24 miles, Took gereral tech calls, Checked voice mail, Did new user call backs, and checked Gisco Online issues page., timecards into spreadsheet, Email and phone messages
, alexbay.com - slideshow, and creating maps, Follow up on KNI Utica and Seacomm FCU installs, in burilington, Revised letter to the Orlando leads
preparing to mail all warm leads, July 4th, rsvp, voicemail, email for the team meeting, kitchen cleanup. Left early to take Amy out for a couple of cocktails before nuptuials, teched phone calls had some toruble with 2360 , Tim Badour, enter deposit, take to bank, pull invoices, phones, radlog, ask us a question, dial up issues, email, FAQ, CubPro.com development, Lunch, Move power plug to a working power source due to power failure., helped Denise with Wireless proposals - sent info to seth on current Wan projects, worked on Grays, Seacomm, Oneida Hospital, ,
|
