Blog Entry: 3/25/2006 1:44:54 PM
I need to use SQL for other reasons than efficiency. If I create 2-seperate databases, would there be a lot of code to edit?
Thank you.
Lance
, ok, that is done and seems to be working..
I edited the RC4 function in the "config_inc.asp" file like I mentioned
so the function now looks like this which just acts as a passthrough and really does nothing
Function RC4(ByRef pStrMessage, ByRef pCookieEncryptionKey)
RC4 = pStrMessage
End Function
so it is all set, go try things out and lets see if anything else weird comes up
Username "admin"
Password "abcdefghij" ,
If you code support for it yes, the application comes with no paypal code or support built in.
If you think it will help you, you are welcome to a copy of the classic asp version which supports paypal subscriptions. Perhaps looking at the code would help you.
, SQL Database Creation (NEW INSTALL)
If you are creating a new database do so using SQL enterprise manager.
Create a new database called whatever you like and keep all the default settings. If using an existing sql database skip that step.
Now open up SQL Query Analyzer
unzip the following sql script and open it in query analyser.
2005-02-20_132116_aspprotect_v7_sql_script.zip
VERY IMPORTANT
On the drop down box at the top right make sure your intended database is selected. Otherwise your changes may effect the wrong database in your SQL server.
Then load the script into the Query Analyzer. Click the green play button at the top. If everything goes well the response should read something like this.
******************************************************
(1 row(s) affected)
******************************************************
If so the tables have been created in your existing database.
Now make sure an existing or new SQL user has (public / datareader / datawriter) permissions for the new tables. You will be referencing this user in the asp code connection string so this user must be set up correctly. You may need your SQL server admins or hosting company to help you on this step as you may not have access to do this. You may not need to create a user and set permissions as the sql user you were logged in as to use query analyzer may by default get the correct permissions on anything you create.
Regardless, as you can see from this screenshot I made a SQL user called "aspprotectuser" and proceeded to set the permissions for that user. Under database access giving him (public,datareader, and datewriter permissions).
Now, in the ASP files provided with ASPProtect edit "dataconn_inc.asp" with a text editor and modify the connection string info. Be sure to change the info to match your server,username, and password.
Below is an example of valid connection string.
ConnectionString = "Provider=sqloledb;Data Source=poseidon;Initial Catalog=aspprotect;User Id=aspprotectuser;Password=temp;"
The "Data Source" setting is either the Network Name for the SQL Server or the IP Address. For local servers you can sometimes use an IP of "127.0.0.1" or the name of the local server.
"Initial Catalog" is the name of your database.
Now, in the ASP files provided with ASPProtect edit "dataconn_inc.asp" with a text editor and set the DatabaseType variable to SQL like so.
DatabaseType = "SQL"
cwilliams38403.6834953704, Chris, that fixed it. Found 2-references to guestbook2 in the file show_messages_inc.asp located in the \guestbook\ directory.
Suggestion for future release. Create an option to email the admin when a message is posted. If this code already exists please advise.
Thanks, Lance
, Chris,
D'oh! How completely obvious! 
I got it now. (In Step 4, by the way, you need to click on the web site, not the directory. The directory has its own Properties menu, which is competely different than the Properties menu for the web site.)
Thanks for the fast response!
Robert
, If you would like me to, I also have no problem going into your machine real quick via remote access and setting permissions / putting the right connecting string in there for you.
I need to go in as an administator though to set the permissions.
, ok, Hi Chris:
Is there a way I can include the username and password in the URL of a protected page to gain access to a that page without going through the log-in page?
I'm not quite sure what the syntax would be in the URL.
Warren
, Redirecting is not something ASPProtect does because you can
do that sort of thing using simple ASP redirects.
In all of these examples you are going to want to protect the pages you send these users to accordingly.
So that if they know the url they just cant go their directly without loging in.
Redirecting example..
This page will redirect admins or level 4 users to a certain page and anyone else to
another page.
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If Session("Admin") = "True" or Session("Access_Level") = "4" Then
Response.Redirect("sompage.asp")
Else
Response.Redirect("someotherpage.asp")
End If
%>
Redirecting example..
This page will redirect level 1 users to a certain page. level 2 users to certain page, and anyone else to
another page.
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If Session("Access_Level") = "1" Then
Response.Redirect("level1.asp")
ElseIf Session("Access_Level") = "2" Then
Response.Redirect("level2.asp")
Else
Response.Redirect("allothers.asp")
End If
%>
Redirecting example..
This page will redirect user "PistolPete" to a certain page.
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If Session("Username") = "PistolPete" Then
Response.Redirect("somedirectory/somepage.asp")
End If
%>
then just make sure the page you send the user to to also checks to see if the user is the right user.... to make sure others users can't access each others pages
<%
If Session("Username") <> "PistolPete" Then
Response.Write("You do not have access to this page.")
Response.End
End If
%>
etc etc etc.... these code snippets should point you in the right direction...
, its that server, it's way underpowered when it comes to running dynamic code and databases.. and that other app is probably stealing all the leftover odbc resources..... did you try doing the import on another machine running ASP? Thats the way to go.. I am afraid I won't be much help at the moment.. I am battling with a crashed system and a lot of lost data, But can you guess as to why the following might be happening:
1) The password is still "temp", and we verified that by checking dataconn_inc.asp ; 2) People are able to place new ads, etc. ; 3) We then download the DB. Sometimes we are able to open up the DB just downloaded with the password "temp", but only see the USERS table. At other times, we cannot open the same DB with any password, and get a "password not valid" message even when using the password "temp".
So what can the problem be?
, Personally, I think that is something you should work into your existing site code or something you should handle on your own.
It's basic site maintenance issues.. and something every webmaster must deal with on an individual basis. If you are going to upload a new version of some large file of course you should go disable wherever people are dloading it from and then wait/re upload/turn things back on.. etc etc
It is not going to be a feature of ASPProtect and I don't see why it should be. If you want to have some sort of global site is temporaily down thing you should have a common server side include on all your pages right after the password protection include file. In that include file you could easily stop site access with a response.end and also show a message.
Or you should disable a file download page manually on a file to file basis.
Really, big busy sites that have their sh*t together use versions of files for a reason. Every new upload is a slightly new version revision and has a slightly different file name They do this partially to eliminate the problem your talking about and also because that is the way it should be done. Nothing gets uploaded over itself ever. Even if there is a mistake in a file they upload a new revision and document it in the revision/changes file. And of course they dont show users a link to a new file revisions until it is uploaded.
, Hi - When I try the mass email feature, I get an error that says:
ODBC Microsoft access driver) too few parameters expected 1
/aspprotect/password/admin/send_mass_email.asp line 280
Oddly...this feature works fine when I use the original admin user that you setup.
But I setup another one with my username and password (not test) - because I was afraid anything with "test" could get deleted.
Any ideas on why the new admin userid would not work? Note: I have not change any code from the original installation.
, that is because passwords in the import/export files are encrypted.. if you make one of your own you need to use the rc4 function in the "config_inc.asp" to encrpyt your passwords just like the aspprotect system does (requires knowledge of vbscript and integration into your export system)
now, there is a way around this
if you want to import a file you made with clear text passwords edit "import.asp" beforehand and change
If UserArray2(5) <> "" Then CmdAddUsers.Fields("Password") = UserArray2(5)
to
If UserArray2(5) <> "" Then CmdAddUsers.Fields("Password") = RC4(UserArray2(5), PasswordEncryptionKey)
that way it should convert your clear text passwords to encrypted while it does the import
this post also addresses this but in the reverse scenario
http://support.cjwsoft.com/code/code_info.asp?TID=261&PN =1&TPN=1
I hope this helps you because I really do have to leave the office like right now. Very late for a dinner meeting.
I should be back on the computer later tonight or tommoro morning
, I will give you permission to move it since you asked., What am i supposed to do now... i do have another member server that is not a domain controller-
However, i have like 5 websites running on this domain controller already. I have thought about this before how its a HUGE security risk but it will take too long to configure everything on the other computer :(
, How do I customize the validation email that is sent to users when they first register?, still.. its got to be somthing along those lines.. I have seen times when even dbo didnt have full rights to a particular database so permissions should always be manually checked..
The import data routine is most likely the source of the trouble
For troubleshooting sake I would create a fresh installation from scratch using the sql script we provide and a new SQL user. Then see if that works. If it does then try to import your data into that.
There are no other things I can think of doing. Sometimes you just have to start with a clean slate. , Your SQL statement to the database is the key.
You want to change the sortby hyperlink on that page so that it will in turn change the dynamic sql statement to sort the way you want
Find
?SORTBY=Date_Created
change it to
?SORTBY=Date_Created+ASC
or maybe
?SORTBY=Date_Created+DESC
One of them is the default anyway, but I cant remember which is which off hand so just try them both till you get the desired result
near the top you can also change the default sortby when thet page is loaded
SORTBY = Request("SORTBY")
If SORTBY = "" Then
SORTBY = "Name"
End If
there you would use a space though.. not a "+" sign when adding the ASC or DESC
The + sign is only used in the hyperlinks because it means a space for browsers that can't deal with spaces in links
cwilliams38406.6011458333, Got it. Thanks Chris!
Michelle
, ok, when I go to that url is seems fairly fast and somewhat normal.. even when I try to log in it pops right back up asking for login info again..
I would check to make sure you are not running anything that might be effecting your web browsing.. software firewalls.. ad blockers.. script blockers... norton internet security.. zone alarm... anything like that
they can all effect a lot of things regarding how web browsers act.
, Just copy the files over. have permissions set on any folders that need it, and edit the data connection so it's valid for the new server. Once you get logged to the admin area go update all the settings so any urls are valid.
really its no different than a new installation so just follow those directions but use your existing files.
There is no domain pointing involved...
As logn as the old stuff is not accesible on the live internet you don't need another license.
As for my installation fee of 25. That is only for new installations. I charge more for something like that as there may be compications such as custom changes to the code that I would have to deal with. Customers often custimize the login and users area.. etc etc .. and there may be hardcoded urls and what not to worry about changing.
LASTLY, I noticed all your other posts are in the ASPProtect 7 area so the installaton process for that is a bit different than for Version 6 so what I said above is not quite the same process. Please make sure you post in the correct area when asking questions. , Our knowledge base which is hosted at a remote location is protected by ASPProtect Full Version 6. I would like to allow our employee to access the knowledge base from within our internal network unchallenged. Is there a way which I can modify the code "check_user_inc.asp" to allow any one coming from say 10.1.X.X to access the site unchallenged?
Thanks,
Mo
, Hello dear Chris
I can login for the first time. I exit from the browser and then I cannot login again. This happens for every user.
I noticed that the values in the fields "Login_limit" and "Active" in
the ASPP_Users table in the SQL changed to NULL and 0 when login and
remained in those values after close the browser.
If manually I change the values it is ok but the problem repeated.
Thank you in advance.
, What other information do you have ?
Details are very important.
Info on situations where it works... like OS, browser version.. etc etc
Info on situations where it does not work... same stuff
size of the PDF files ?
server info ?
Maybe protect a page and offer a PDF file so myself and some of the forum users can try it and report back what happens.
Also, Many people zip up PDF files when letting people download them as browsers can act pretty odd at times with them. Perhaps that is an option.
, If you makes you feel any better the photo gallery app runs awesome off an access database. Mostly because all of the picture work is done in the filesystem, not the database. The load on the database is relatively low even with a lot of users., well, I just tried a password using "abcdefghi" and like you said it did not work
I am looking into that.
Also, it seems I had the SQL scripts creating the "Old Password" field just in case someone needed it and I forgot about that. , now. I just went to that url and this is the error I see which shows me there is a character in the source code that shouldnt be there which is causing the page to halt.
Looks like a "carrot".
Microsoft VBScript compilation error '800a0400'
Expected statement
D:\CLIENTS\RKLARMAN\DRSWEISBERG\PASSWORD_ADMIN\../dataconn_i nc.asp, line 18
<%
^
, sorry for the confusion, but I am not that good with the tech explantions yet.
what it boils down to is I have an Access Database containing over 100
members names. I want only those people to be able to get into
the secure pages.
Thanks. Harvey
, like I said you made changes to something to cause that...
users/user_area.asp
runs fine the way it ships "it is one of things I tested earlier when I looked at your installation for you"
If you want I'll go look via FTP and tell you what is wrong
cwilliams38456.1069212963, You may be interested in this. I just put it together real quick like.
http://support.cjwsoft.com/code/code_info.asp?TID=454&PN =1&TPN=1 , There is no way I'm going to spend hundreds of dollars for a thumbnail creation program. Mine is a family web site and all out of my pocket.
Is there any free products that work with Gallery that will create the thumbnails? If not can I create them on my own and link them to the pics? There are tons of Perl based freebies out there.
Steve
, That's because when the page rebuilds, it uses the default number of
users per page setting. You'd have to modify that default setting to
have it do things differently. I used to have mine set to 500
users, until I got past 300... then it wasn't fun to show all users on
the page anymore. I now like 10 per page and searching for
specific users as needed.
But that's me. If you hack a COPY of your default.asp file (with the
original backed up as above), you can get the value set to one you
prefer.
If you want me to find the value, post and I'll look for it later on.
If you want to find it yourself, happy hunting! Just be sure to have a
backup in case you do the wrongest thing possible in your haxxoring.
, Is there any way to extend the limit multiple login feature to a certain number instead all or none? In other words, i need to have a user be able to use the same login for x number of people. My customers are institutions and want to be able to have a single login for however many users they purchase for.
, "I can login for the first time."
when you say that what exactly does that mean, because in this version you do not just log in for the 1st time.
What I am saying is there are steps where you run a special page to intially get into the system, then you setup a new user, then you make them an admin, and then you can log in as them.
You left all of that out of your story...
I really need all details in order to help.. is this an upgrade or a new install, etc etc etc
I would also advise very carefully comparing the fields in your sql database to the sql creation scripts to make sure all the field settings are correct.
Lastly, please tell me what name/email you ordered the product under so I can check your purchase.
Thanks, Thanks.
Nick
, More Info on Simple File Sharing
http://www.practicallynetworked.com/sharing/xp/filesharing.h tm
http://www.theeldergeek.com/quick_guide_to_simple_file_shari ng.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;3040 40
,
I'm having another problem-hopefully it's a quick fix.
it tries to go to a page: default.aspx
Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested Url: /default.aspx
When i log in as admin from the aspprotectadmin/default.aspx that works fine...
where should the user be sent when they log in? Am i supposed to specify that or is it automatic? Why isnt it working for me? I dont believe i changed any settings that correspond to that either
,
Timecard Entry: 3/25/2006 1:44:55 PM
read and sent emails, Answered Phones, and took care of what I could of the other tech stuff., Picked up mail and opened. Posted accounts, credit card authorization, coupon referrals, ans. phone and customer inquiries., voicemail, email, wo's for samaritan and Jeff Lewis BOR, Called expiring users., AMERICAN FLEA MARKETS AND CONCESSION TRAILER CATEGORY, Helping Darrell and Andy in Syracuse (running cables), lunch, Getting together circuits that need cancelling, contacted Ted and Ken, discussed contracts, also got info from Paul and Randy on circuits not in use and ordering history., weekly cancels for last week, MLS training meetings, Small break, Lunch, Time spent running around finding a 10:00AM meeting., enter weekly web billing , reviewed and worked on emerald accounts with Jackie and telephone calls, Drive to Ogdensburg (50 miles), Creg transaction; wireless antennae contract, Training with Steve about some new projects and some other upcoming items. , answered incoming calls, call backs, On the phone with realtors: Bob Blauers and Laura Suriani of Wstarmls.com about realtor.com and about appraisers then Dennis Pezzimenti of Catt Co about logon IDs for the secretaries., get booth ready for New Jersey, Develop forms for agfamedical, traveled back to watertown, TICC payroll & tax deposit, general tech support did radlogs and some new user callbacks was pretty steady al day as one of the techs at almost all times was phone receptionist, cvx training at Nortel, Also checked online reports. A little slow., teched calls, busy, mostly login errors, Messges, Filing & Copies Took pictures of Central Office equip. coming off truck,
