Blog Entry: 3/25/2006 1:37:26 PM
Chris, and all who read this post.
Don't run away!
I believe that perhaps I gave Chris good cause for this post to be created
. But dont fear
.
When it comes to most languages I am a newbie, let alone ASP.NET. I did not choose to have an application for my site to be built in ASP.NET. However it was and I had paid for that program and it needed protecting!
Now I did have a few problems, however NONE were with ASPProtect.NET. It is brilliant. NONE were with Chris and the support he provides. I believe he must work 24/7 judging by the speed of replies and the timezone differences.
In the end all the problems were down to MY typos and a web host who insisted that any problem was a conflict and not their server set-up.(which it was!)
Having eliminated the typo and changed web provider to a less arrogant company. ASPProtect.NET installed and ran out of the box. Truely impressive.
As a newbie it is not something I would like to do again. But with help from Chris and from a friend with ASP.NET knowledge any issues were very quickly resolved.
An A+ recommendation for CJWSoft. I love it!
, I want to try this on the machine im using now; which is windows XP.
Is this possible? I don't think i can set folder permissions on XP... there is no option to do so...
Is there a way to do it?
,
Good Morning, any suggestions on how to best "fake out the system" -- I would like to try to keep this clean so I can see the real errors?
My thought was to try to just move those .gif files to the directory that it thinks it should be in -- do you have any better suggestions? Or reasons why I really wouldnt want to do that?
, I moved the password check file out of /user and am getting this message:
Microsoft VBScript compilation error '800a0400'
Expected statement
/asplog/check_user_inc.asp, line 404
End If
^
Is this a standard database connection error so I should ask my IIS to make sure permissions are correct?
Thanks..!
, I am having trouble getting any information to show up in the log files
directory or anything showing up on the log files tab in the
administrator. I have set the following variables under the
settings tab:
UseLogFiles checked and
value of LogFileDirectory is "c:\inetpub\wwwroot\wf\data\logfiles"
I checked the permissions on that folder and they are set so that the Internet Guest account has full control on that directory.
I also checked RecentActiveUsers and RecentPageRequrests.
I am sure I am missing something simple but no files are ever showing
up in the logfiles directory...anyone have similar problems or at least
successes?
Thanks!!
, Hi,
I really look forward to installing V7...
I would like to test V7 by copying my existing V6 to a NEW directory,
including the database with new connection, and using this duplicate to
do an upgrade for TESTING PURPOSES ONLY before commiting to upgrading
the main system.
Should this cause any problem?
Tx,
Leon
, >>1. What is telling paypal to return the info to the ipn.asp page for
processing? Is that something I have to set up in my paypal
account?
Nevermind on this question. I found the notify_url variable. :-\
Thanks,
Michelle
, Even if I try to upload the test file that was included with the system I still get the same error.
My host is using Windows 2003 Server.
Will send you a private email to see if the issues can be sorted out.
Thanks
, http://support.cjwsoft.com/code/moreinfo286-2.htm
http://support.cjwsoft.com/code/moreinfo391-1.htm
http://support.cjwsoft.com/code/moreinfo385-1.htm
, Humm, Did you make any changes to the code ?
Solid Black is not the default so it must have changed at least once.
Otherwise it might be some sort of application variable problem.
I would make sure the web is and "application" in the IIS console.
, Still not having much success. I am using SQL server. I changed the permission in the following directory :sql server data\mssql\data. Is that the database directory you are referring to?, More Info on Simple File Sharing
http://www.practicallynetworked.com/sharing/xp/filesharing.h tm
http://www.theeldergeek.com/quick_guide_to_simple_file_shari ng.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;3040 40
, UPDATE
Version 8.1 has code generators for these new methods built in...
, I will actually explain how to set access_levels and/or groups...
in "users/add_new_account.asp"
carefully edit with a text editor
find this part
CmdAddUser.Fields("Access_Level") = "4"
that is where the acess level gets set...
you can change the level or remove that line all together if you dont want one set
now for groups you would add this line in the same area
CmdAddUser.Fields("Groups") = "*3*"
or
CmdAddUser.Fields("Groups") = "*1*,*2*,*3*"
Groups access for a user is stored in one field in the database like you see above. If you are confused what you should be saving in that field I suggest simply setting a user to whatever groups you want via the admin area and then looking in the database to see what got saved in that field. It's pretty simple really how they are stored.
*1*,*5*,*9*
that user would be a member of groups 1,5, and 9
, I think I've found the problem..
The password "abcdefgh" works
The password "abcdefghi" does not
(username "ace45")
Passwords can obviously only contain up to and including 8 characters... By some coincidence I only used short passwords with MS Access.
, check the action for the button in the code... its probably not posting back the the right page which should the same page it is...
I bet ya it is posting to guestbook2 which is the wrong directory... an old mistake I forgot to correct...
cwilliams38310.6540046296, Yes worked fine
thanks
, This issue came up once before and when I investigated I could find no error in the html that aspprotect generates and those files do exist where they are supposed to. We concluded it was a parsing error from the log file system.
There just really isn't anything I can do about it. I spent a week trying to figure it out. It is just the log parser screwing up under certain circumstances where there is no reason anything is wrong. They have trouble dealing with some of the complex URL/querystrings that the ASPProtect admin area uses. They think there is a 404 eror when there isn't... etc etc
, Yes, I was referring to ASP Protect.
I had about a dozen people access the same account, but it is highly unlikely that they would all try at the same time (unless there were several hundred people who had access). Having an enhanced login abuse would be nice.
, I am having difficulties importing new Users.
I have exported the existing list and then copied in the additional users and save the file as text (tab delimited) in Exel.
When I go to import the file (browse then upload) I get the following error:
Microsoft VBScript compilation error '800a03f9'
Expected 'Then'
/aspprotect/password_admin/upload_post.asp, line 6
If Session("Admin") <> "True"
If I upload the text file by FTP and then try to import it it only tends to import the first two existing rows.
All collumns match but not sure if I need to add "User_ID". I have added it and created consequecutive numbers.
Any assistance would be appreciated.
Thanks
, The Double DIM needs to be removed for this code to work properly.
<%
Dim BannerZone, BannerConnectionString, BannerDatabaseType, ConnBannerSystem
Dim CmdCheckUser, CmdGetConfiguration, App_Name, Config_SQL, BodyTag, BanDataConn
Dim CmdBannerTemp, CmdGetZones, ZoneString, ZoneArray, ZoneIndex, CmdUpdateWaiting
Dim CmdUpdateExpired, CmdRetrieveImpLimitedAds, CmdRetrieveImpressions
Dim CmdUpdateImpHit, CmdRetrieveAds, CycleBannerTotal, CycleList, NewCycleList
Dim Dim LoopBanner, CycleLoop, CycleListArray, CycleListArrayIndex, BannerCycleData
Dim Banner_Array, CurrentBanner, NewCycleListArray, Banner_Array2, LocationIndex
Dim Stop_Processing, Keep_Processing, CmdUpdateStats
%>
, What am i supposed to do now... i do have another member server that is not a domain controller-
However, i have like 5 websites running on this domain controller already. I have thought about this before how its a HUGE security risk but it will take too long to configure everything on the other computer :(
,
I have switched to Alentus and have the permissions set correctly and Parent paths turned on. I cannot figure out how to connect to the database. Should I have the database in the aspprotect/data/database folder, or in the data folder that Alentus has in my root directory? once that is determined, how do I decide what the path to that database is? I have tried many things, but this is what the setup page tells me to enter in the data_conn file DBQ=D:\Websites\www.mysite.com\aspprotect\data\database\ASPP rotect_access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp
Thank You
, actually I just went to it again and it was somewhat slow coming up this time..
perhaps you have some issues with the sql database.
it should be instant.. like this one I run on my server
http://banserver.powerasp.com/aspbanner/
I suppose it could also have something to do with sql server resources but its hard to say..
cwilliams38319.7859722222, ok.
sorry then..
I just had a series of fraudulant orders this past week including today and the whole thing has me on edge. (foreign people getting my code for free and doing who knows what with it) When you mentioned calling the cc company it pushed all the right buttons.
Merry Christmas, When a logged in user with specific group rights tries to look at a
page that has different group membership requirements the Login screen
comes up giving them an opportunity to login with different rights to
view the page. If you log in again with your current user name
the same login screen returns with the added words something to the
effect of "Access Denied, you dont have group rights to this page...".
The only way to get back to the previous page is to hit the back button
on the browser (there is not a back button on the denied page).
I would really rather not even present the "login again" screen to a
user but just have a custom page that says "access denied" of my own
design with a back button on it. Is this an option provided for
in ASPProtect currently? I did not see it in the admin section
settings tab. Is there a separate "login again" asp file that is
being used for this
group access deny message that I could alter, or does it always have to
be the login asp file?
Or would this require me modifying the check_user_inc.asp file around
line 356 to change this behavior (I don't want to screw up any other
stuff though...).
Thanks!!
Oh, PS. just a quick check...it looks like if a user is an
"admin" he automatically gets to see all group pages regardless of
which set of group numbers are assigned in his user account...is that
right?
, We want to insert a hyperlink i the mesage area when we e-mail users from the Password Admin area. Is ther an easy way to insert the hyperlink so when the user gets the e-mail, they can just click on it and go the the page we want them to?
Thanks,
Andy
cwilliams38456.0983101852, Hello,
Unfortuantely I can not help you much regarding the javascript because I am a server side code kinda guy. Client side javascript just isn't my thing. That was free javascript code that I used for that function. I really do not know enough about editing client javascript. Sounds like you might though.
Style 1 is really a relic left over from the standard version. I just left it in in case someone wanted to use it. Like I said because it is javascript making it do more than it does is tricky (at least for me)
Now,, for actually getting description code. The thing to do is check out how that all works in the pic_window.asp file which is what style 2 two uses. Bascially descriptions for an particular album get stored in one text file. We read that test file. Put the lines into an array. Then display the info which gets run through a functions to convert some special characters used when saving back to normal.
I tried to look at your site but it woulnt load for some reason.
cwilliams38420.0809259259, ok, I am going to do that in the next few hours. I cant do it right now as I have a few other business's and something else needs my attention right now.
Chris, Using just ASP (Form Based Authentication) you can only protect the actual content of the ".asp" files.
You can however use some ASP tricks to stream other types of files to the users.
That way the actual file locations are never known and they can only get them/see these files when they are logged in as you would be streaming files to them after they logged in.
Below are informative links I have collected on the subject in an email I sent to another customer a while back.
Using Active Server Pages you can only protect ".asp" pages.
You can however password protect ".asp" pages that stream files to the user using code like in these examples therefore keeping the actual file name a secret.
And from another email I sent...
ASPProtect only protects the content of ".asp" pages. Directory protection is not possible using just ASP.
Other file extensions can not be protected using just ASP.
There are ways to get around this.
You'd want to do a technique like this to stream non ".asp" files to the users.
The safileup component from softartisans can actually do something similar as far as streaming the files go.
Then use something like ASPProtect to protect the ASP files that streams the files.
The actual location of the files is never known to the users and of they don't have access to the asp pages they can not see or get those other types of files.
Very doable, but nothing ASPProtect takes care of automatically.
This info above should get ya on track.
cwilliams38344.8751736111, Are you aware ASP can run on any machine running win95/95,2000,xp pro, 2003. You really should test all asp code locally before running it on live servers but anyway... that is your deal
I am not sure if memory alone will be enough for that server but it could help. I saw a decent amount of free memory when I looked. Its just about an 8-10 year old system on every aspect (processer,OS,Hard drives, memory etc etc) and not only that something is tasking the heck out of the resources left over for asp database access. Something is just wrong. I don't know what it is but I am pretty sure it is not aspprotect. I got rid of my last nt 4 server about 4-5 years ago but the application always ran great on NT and I still have some customers using NT 4. Not many though.
if you email me the import file and the encryption keys you are using I will make a database for you.. just zip it up and send it to chris-cjwsoft.com
replace - with @ , ok, ummm.. ok.. Then this doesnt make sense. On two out of the three machines I have in house here, the images do not show up. They only show up on the server machine. I am using the constant url on all three machines. www.rfamilystuff.com Does it show up on your?
, Much thanks, the duplicate incl's I spaced on and should have caught. The hidden form variable was a key issue. Thanks for the syntax and the help. Now I get this page together. j As a note - I got faster results by dropping my timeout to 3 minutes temporarily while progging and cleared browser cache between tests. Thanks again.
, I understand the encryption for security, but I am using ASPP for a very low security function and don't want encryption.
Can't I simply delete the code that does encryption?
If not, how can I
take my ASPProtect_access2002.mdb that was opened on my local host, with my own users added with text passwords,
export to a delimited text file, import it into ASPP with my own passwords encrypted, the use that file instead of my old .mdb file? Thanks
, so you are using the subscriptions signup directory right ?
"paypal_signup2" ?
1st.. I would check that the xml parser is working.
It is required for making the post back to paypal.
It is installed on windows 2000 and 2003 and XP by default.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=134& ; ; ; ; ; ;PN=1
Then I would check the actual form page to paypal to make sure it is generating a valid IPN url as a hidden form value. It's the payment page you actually click on that actually takes you to paypal. For the subscription signup system that page is called "paypal1.asp"
You'll want to go through the process starting with the default.asp of the signup folder untill you get to that page. Then you want to look at the html source of that page in Internet Explorer. Your looking for something like this in the source code and you want to make sure it is valid.
<input type="hidden" name="notify_url" value=http://www.mysite.com/aspprotect/paypal_sub_signup/ipn.asp>
It also has to a url on the internet that paypals server can see. It can not be a local url for your machine. Also: If it is not valid we can try hard coding it.
If all of these things are good I'll have to take a look. I have some text file logging I can do when paypal hits your IPN url that can tell us if it is actually hitting that page like it is supposed to. And I can test the system for you by making some 1 cent payments using my own paypal account until we find out what is going wrong.
cwilliams38421.5686921296, Thanks dude, I'll figure it out. I've been ripping apart pieces
of the code to get it. I'm in the process of pulling some things
out to make functions that do specific tasks based on your code.
I actually had a lot of luck yesterday with it.
, Great suggestion, routing the banner click through an intermediate page before the destination. We use Deepmetrix LiveSTATS.xsp V7 and I should be able to configure a filter to capture the stats of the intermediate page.
Thanks for the help!
Lance
, Cool.
Well I'm in the middle of uploading the txt file and it's about half way done and sitting there...so I'm keeping my fingers crossed.
, SQL Server Datareader Datawriter Permissions..
here is a screenshot that shows how to set datareader and datawriter permissions on an aspbanner database using "SQL Enterprise Manager"
In this example we are making sure the aspbanneruser has those permissions on the aspbanner table in the database
cwilliams38325.8002893519,
Timecard Entry: 3/25/2006 1:37:26 PM
lunch, training with ben , read 24 hour ASP book and worked with examples, Doris ?, Kelly - Discussing VB app for getting/tracking contacts at business fairs, events, etc., lunch, Downloading/Checking out visual basic 6.0 code for FTP file transfer/recieve through vb-app., energy initiatives: publish site to final URL: add weather.com content and test for browser compatibility, Compile traffic reports for ThirdMind, lunch, Enter bills; Training w/ Andrea & Michele, inventory, Took tech calls and checked everything. E-mailed expiring users., Manning NOC. Resetting open modems. Setting up virtual domains. Checking e-mail. Checking voice mail., Agreements, CHRSolutions Info, Lunch, Analyze current IIS setup, KNI Utica install, TICC team meeting, Nortel Training Schedule, lunch, EDZ, reactivated an account. helped a user who couldn't surf, Researching how to move an I-Mail database. Researching routers., Resetting modems, checking Ogdensburg and Syracuse., Phone TICC Team Mtg, softmls flyer - print for meeting.., Ordered a new Dell battery for my system and tried to clean out the virus in my laptop again. , technical support supervisor. emonitor, radlog, dial up issues, ask us a questions, incoming calls, emails, took mostly incoming calls ... helped techs as needed ..covered incoming calls and tech issues , Thosunad islands listings-add
Chad Edwards-contact for pricing
Mail out later to bruce for web site info,
