Blog Entry: 3/25/2006 1:40:17 PM
I'm all set - after thinking about your replies - i checked a bit more and changed the email component type -- thanks again for all your help. ,
Best setup I recomend is just setting up a rig and making a workgroup.
No real reason for a production machine to have any access to internal
security when you think about it.
classic asp should be pretty easy to move, just set up new webs and
dump the scripts in there. If you have 2 machines its always easier to
look at the one while your building the other. Basically copy the setup
and tada... the only thing you might need to remeber is components (if
your using any) and thats usually not a very big deal either.
Point sort of being at some point your going to have to change that
thing around and while its no fun you have to imagine now is a better
time to bite the bullet and get it set up the right way. Your
alternative is to mess around for hours and hours praying that you
change domain wide security to the point that running NET
apps on that domain controller works. Personally I wouldnt sleep well
knowing I had just messed around so bad with the OS that I had no clue
what bugs and security holes I might have accidently opened in the
process. I wont even get into the possible things that might stop
working on the rest of the domain if you fiddle with accounts like
"Network Service"
Oh and if thats not enough reason to make you think about it, consider
how hard it will be to try and rember what you did at 2AM 6 months from
now if that machine takes a dive or some critical update undoes what
you changed.
I feel for you though, trust me we have all been down that road once or
twice. Get some sleep and in the AM the task at hand wont seem nearly
as bad. You live and you learn, and you will definatly be WAY better
off making things right sooner than later
,
I will actually explain how to set access_levels and/or groups...
in "users/add_new_account.asp"
carefully edit with a text editor
find this part
CmdAddUser.Fields("Access_Level") = "4"
that is where the acess level gets set...
you can change the level or remove that line all together if you dont want one set
now for groups you would add this line in the same area
CmdAddUser.Fields("Groups") = "*3*"
or
CmdAddUser.Fields("Groups") = "*1*,*2*,*3*"
Groups access for a user is stored in one field in the database like you see above. If you are confused what you should be saving in that field I suggest simply setting a user to whatever groups you want via the admin area and then looking in the database to see what got saved in that field. It's pretty simple really how they are stored.
*1*,*5*,*9*
that user would be a member of groups 1,5, and 9 , Upgrade from V6 to v7.x with an MSACCESS DATABASE
1st of all, backup your existing ASPProtect files and database before performing this upgrade. Please be really careful while performing this upgrade. Version 7.x is a highly advanced application compared to any previous versions. CJWSoft under no circumstances is responsible if you lose information or have website downtime.
BOTTOM LINE: (PERFORM THIS UPGRADE AT YOUR OWN RISK)
To do this upgrade you're going to need to have the Microsoft Access Application.
To work with an Access .mdb file it can not be newer than the version of Microsoft Access you are running.
That being said, on with the upgrade..
Open you're existing Acccess Database up in Microsoft Access..
You should see this something like this.
By right clicking on then choosing rename
Rename "Users" to "ASPP_Users"
Rename "Groups" to "ASPP_Groups"
If you do not have a "Groups" table do not worry about it right now.
Now right click and DELETE the Config Table.
Yes, delete it..
You should now see this. (with or without the "Groups" table)
Now, right click on "ASPP_Users" and go into design view.
It should look like this.
Rename the "Password" field to "Old_Password"
Be sure to spell it perfectly using the Underscore
It will look like this.
Now scroll down to the bottom a bit It should look like this.
Now..
If you have a "Groups" Field... leave it alone
If you do not have a "Groups" Field add one and make it a memo field.
Now, we are going to add a few more new fields.
Add a field called "Redirection_URL" make it a "text" field with 150 field size
Add a field called "PayPal_Subscriber_ID" make it a "text" field with 100 field size
Add a field called "Newsletter" and make it a yes/no field
Add a field called "Password" and make it a "text" field with 100 field size
It should now look like this.
(you do not need to worry about the field descriptions.. that part is optional and only seen when working on the database)
Now close that window and save the changes..
Your now going to open up another Access Database while still leaving the one you have on your screen open. You going to open up one of the new databases that came with v7.x. This database has some info we are simply going to copy and paste.
You'll want to open it and put it side by side on your desktop like so.
(the old database is on the left.. the new one is on the right)
Now, for the fun part.
On the new database to the right.. right click on the "ASPP_Config" table and pick "Copy"
Then move your mouse over to the old database on the left. Right click in the open white area and click "paste"
It will ask you for a database name. Type in "ASPP_Config"
Leave "Structure and Data" checked and hit OK
Your old database on the left should now have a nice new "ASPP_Config" table.
OK, now for the "ASPP_Groups" table
If you already have a "ASPP_Groups" table in your old database you are done.
If you do not have one your going to copy and paste the table from the New Database to your old database just like we just did with the "ASPP_config" table.
Your old database should now look like this.
Now, you are done upgrading your database from within Microsoft Access.
The existing passwords still have to be encrytped and moved from the "Old_Password" to the "Password" field
To that we have a special page we run in the application that will take care of that.
So, for now... go install the application, but using the database we just created.
Follow these instructions for the most part...
http://support.cjwsoft.com/forum/forum_posts.asp?TID=181& ; ;PN=1
When you get to the part where you finally get into the admin area and need to make an admin account you will notice that your existing user database is there but none of the users have passwords if you look at them in the edit screen.
That is normal. Simply do what the instructions say and create and admin account using a username that does not exist..
Then log off... then back in as that new admin account. If that works you are ready to convert the passwords.
This part is very easy.
You want to run a special page via the browser.
http://www.mysite.com/password_admin/convert_to_encrypted.asp
Replacing the part in blue with your website info.
Once you get the page running you will see a login prompt and one form field just like before with the "get_me_in.asp" page
You will need to paste the "PasswordEncryptionKey" value that you used in the "config_inc.asp" file in the form field and hit enter.
If all goes well you will see a page telling you to click here to encrypt the passwords and copy them over.
So do what it says... dont click more than once and wait.
Eventually it should say it is finished. So go log in to the admin area of the system using the new admin account.
Now edit some users but dont save... you want to see if the passwords are showing up. If they are the conversion worked. If you see nothing or a garbled mess it did not work and you made a mistake during this whole process.
If things went well backup and delete the conversion file below.
http://www.mysite.com/password_admin/convert_to_encrypted.asp
You do not need it anymore.
Once you are positive every thing is running smoothly and everyone's passwords are ok you can go in and delete the "Old_Password" field as well.
If things didnt go well.. try again from scratch and go slowly.
If they still dont go well get ahold of us for help.
We are here to help, but if you really want us to we can be hired to do the conversion. , I have been having some display issues with the .NET version of ASPBanner. I set the size of the image, and I set the size of the banner and there is still white space above and below the image. I am not using a text link below the banner, so I have it set to blank.
Here is a link to my page.
http://www.nababaseball.com
Two of the three banners in the rotation on the main page have non-white backgrounds so it's easy to see the issue I'm talking about.
Is there a way to tighten up the formatting so that the image fits onto the page in the size specified?
JDooley , Thanks for the install. After many hours I finally got part of the
system working. I can log in and log out as a user. My problem is I
want the pages
accesses by Members ONly. The database will contain the names of
the members and only they are allowed access, and no one else. I
tried Joe Blow to log in and it worked, the only thing is Joe was not
in the database and he should have been locked out and a page come us
saying something like "you are not a registered user, please complete
the membership application" and then link back to the root web,
application page.
I am also afraid of breaking the codes you provided thus far. I also
want the password protected pages in a sub-web of the root web.
This may sound like elementary stuff, but this newbie is having
constant trouble. I am also referencing books on ASP and Access
and VB and still come up with a dead end. Search the net and come up
with a few codes which are described as something I am looking for, but
dont want to add any thing like that for fear of breaking the whole
thing.
Any suggestions?
, I posted this in the wrong forum. Sorry.
I have installed ASPProtect on a client's website and I have been
notified that some of their customers have been unable to login to the
protected pages.
On testing it seems that the issues seem to be related to how cookies are being stored by IE 6.
ASPProtect is being used to protect particular template files within a
Content Mangement System. 90% of the time it is working fine but on the
odd occassion particular cutomers are unabe to login.
After quite a bit of testing I have managed to find the scenario in
which it starts to have problems and was hoping you may be able to
provide a solution.
If a customer enters the wrong password, then reenters the correct
username and password, they receive a message "template can not be
found" from the Content Management System. This message is generated
when a url is entered that contains a link to a template file that does
not exist. In this case the template does exist. If I remove the
ASPProtect code the page opens without error.
Everytime they re-enter the details they receive the same message.
If they close down the browser and then reenter the correct details in some instances the page will open correctly.
More often than not, they have to delete cookies and temporary files
and close the browser. This seems to fix the problem again for
most users. For users who's web access is heavily cached by an internal
server, even this does not work.
Have you come across this problem before and can you suggest a remedy.
If you can email me privately I can give you the URL and access codes.
Thanks,
Stuart
,
I was told by my ISP to use localhost and it should work and it does not. It does not require authentication to send e-mails.
Any other ideas?
Thanks , My server is Server2003. I could not find the folder settings you mentioned. I did find a iuser which I added as specified. I retried to perform an upload. Still same message. But it does move the JPG to the picture folder. So, part of it is working. , The links to view that info are on the main users screen of the admin area.
Down below...
They wont show up unless you have that stuff enabled in the settings screen as well.
, any asp code that accesses an access database, writes to text files, or allows for picture uploading will need permissions set on certain directories
every application out there is going to need permissions set at some point
its just a fact.. and if your hosting company does not give you a way to manage permissions or have it done when you ask they do not know what they are doing and they are not supporting your asp hosting needs
see my article for more info on the whole process
http://support.cjwsoft.com/code/moreinfo136-1.htm
the part newar the bottom talks about hosting companies , As I'd said in my previous response, I found those databases and they didn't work. All three databases in asptest do work., I am testing this now and there is something wrong.
PayPal is hitting the ipn.asp but the database is not being updated.
I will figure it out shortly though and post the anwer here. , ya, thats basically what I was gonna do..
BTW.. if that other app is going crazy with an access database it could be the cause of all the slowdown with ASPProtect... what happens there is it is using so much database driver time that it robs other things that also access a database... so basically ASPProtect isn't asking its database for much but your other application and database are cripping that part of the system and causing it to run like crapola
If your other app is using a system dsn try changing it to use a dsn-less connection... it might actually help , It probably is. You would have to look at the paypal documentation for IPN and see what needs to be changed in the form code.
You can get all that info from PayPal's website.
There are tons of variables and options you can use with all of their code.
They have detailed PDF files full of information on all of them.
cwilliams38459.9550925926, also, just to show you what happens when a user creates a subscription this is the code. you can see in red where the subscrition is is set and also where the exp date is set to null
If txn_type = "subscr_signup" Then
Set ConnPasswords = Server.CreateObject("ADODB.Connection")
Set CmdEditUser = Server.CreateObject("ADODB.Recordset")
ConnPasswords.Open ConnectionString
SQL = "SELECT " & tbl_label_users & ".* FROM " & tbl_label_users & " WHERE (User_ID = " & User_ID & ")"
CmdEditUser.Open SQL, ConnPasswords, 1, 3
CmdEditUser.Fields("Active") = "1"
CmdEditUser.Fields("Validated") = "1"
CmdEditUser.Fields("PayPal_Subscriber_ID") = subscr_id
CmdEditUser.Fields("Notes") = "Successful PayPal Subscription Signup on " & Date
CmdEditUser.Fields("Expiration_Date") = Null
If Access_Level <> "" Then
CmdEditUser.Fields("Access_Level") = Access_Level
End If
If Groups <> "" Then
CmdEditUser.Fields("Groups") = Trim(Groups)
End If
CmdEditUser.Update
CmdEditUser.Close
Set CmdEditUser = Nothing
ConnPasswords.Close
Set ConnPasswords = Nothing
End If , humm.. their FAQ is interesting...it looks like some sort of .NET configuration issue regarding security policies like you mentioned
Thats one of the big problems with hosting .NET. Some hosting companies just do do some oddball things. ASPProtect.NET works under default conditions but when hosts go around locking things down to the max there is bound to be trouble. This is the 1st I have heard of this.
Now, ASPProtect.NET does use the "System.Data.OleDb" and "System.Data.Odbc" which your host says they block because they require full trust.
All I can really say at the moment is go with a hosting company like www.alentus.com or www.maximumasp.com that does not restrict your .NET abilities so much.
In the meantime I am going to ask John Evans what he thinks about this.
, can add photo album but after i upload a pic, nothing shows.
where do i look to research why pics aren't showing in the albums , how about translating the error to english..
Looks to me off hand that it would have something to do with the SQL server itself not being run in an english lcid/format and causing some sort of date issue.
I would also suggest you start off with a brand new blank SQL ASPBanner database and make sure that works before you attemp t to import any data into it. , Well I have the web hosting tech looking into the memory issues at this point. Unfortunately I don't have another machine to be able to run the asp on that would run it correctly so that I can just publish it over. , alternate databases are right here.. the documentation clearly links to this, its really not difficult to find
http://support.cjwsoft.com/code/moreinfo164-1.htm, OK. If no return page is set, do they end up on a PayPal confirmation page and have to navigate back to my site by going Back or typing the web address?
Nick , Hello,
Sorry, I do not have any good ideas on this one...
Domain Name Masking can cause issues with quite a few things.
cwilliams38366.3136342593, Hi, I am wondering if I can redirect users with "GROUPACCESS"
just like access levelS. I tried to redirect using both "Groups"
and "GROUPACCESS" example below:
<%
If Session("GROUPACCESS") = "1" Then
Response.Redirect("group1.asp")
Else
Response.Redirect("allothers.asp")
End If
%>
I could only get the Access_Level to actually redirect. Is
this something the option pack supports? If so, any words of
advice?
, its just an example connection string in the datacon_inc.asp file
you have the edit it to make sense for you..
the readme.txt file with the sql directions tells you this if you use that script
------------------------------------------------------
Examples of using DSN-LESS connections.
The "SERVER" and "Data Source" settings are either the Network Name for the SQL Server or the IP Address.
For local servers you can also use an IP of "127.0.0.1"
GalleryConnectionString = "Driver={SQL Server};UID=aspphotogalleryuser;password=temp;DATABASE=aspph otogallery;SERVER=127.0.0.1"
or
GalleryConnectionString = "Provider=sqloledb;Data Source=127.0.0.1;Initial Catalog=aspphotogallery;User Id=aspphotogalleryuser;Password=temp;"
------------------------------------------------------ cwilliams38325.8980324074, Christopher,
I can empathize. It can be a real pain to stablize a server and fend off hack attacks.
As for beta testing, I was referring to once you get to the point where you're ready to release it to the public whether it's this month, next month, etc.
Good Luck!
Al , Hi,
We use ASP Protect 6.0 and the database is SQL Server. Our hosting company is charging a lot for daily and weekly backups for everything. Which directories/folders do we need to backup daily and weekly incase something happenes to the site and we need to restore and get the password-protected are that works with ASP Protect to get working. , I will give you permission to move it since you asked., That's excellent!
I did learn that parent paths were disabled on my test 2003 server...
But on the hosted server, it looks like parent paths are supported as I change the file location of the language file in the forum common.asp as such, and obviously moved the file as well:
from:
<!--#include file="language_files/language_file_inc.asp" -->
to:
<!--#include file="../language_file_inc.asp" -->
Everything seems to work fine and I thank you very much for you quick response!!! 
Ok, time to buy...thanks again!
- Jason
, I was able to get it all figured out. Thanks a lot for your help, I really appreciate it. I ended up copying the database with the password to the directory and used the user/password connection code and it works great. I believe it was related to that but I cannot be sure. Thanks again! , I have found the alternate databases and they do not work either. I then went back and changed the database path in the asptest page to connect to the 2000 and 2002 test databases and it connected successfully to both of those databases, just as it had successfully connected to the asptest.mdb., Its a great idea. I didnt really check the counter until the album started working. Its a great concept though., Flash files cannot track clicks unless you edit the original flash file to link to the aspbanner system redirect URL.. feeding it the correct ID of the banner.
When that link is clicked on it will then track the click and redirect the user to the “link url” specified for that banner.
The system actually generates the necessary ASPBanner URL for you. That link is shown on the banner edit screen.(you must save the banner at least once and come back to that screen to see the link though)
Really the best way to show it is with an example as seen below.
Basically the flash banner file "powerasp.swf" highlighted in green needs to be edited to link to the banner redirect url which is highlighted in red.... the banner redirect url will then track the click and ultimately send the user to the Link_URL highligthed in blue.
All banners systems work this way when it comes to flash files.
It’s the nature of flash and the web browser,
The flash source code must be edited to link to the redirect url in the ASPBanner system. There is no possible way any banner system can track a flash click unless the flash file links to the banner system 1st.... because that click is handled by Flash and the web browser.
In some cases if you do have the original source file for the flash banner then you are out of luck as far as tracking clicks goes.
On a side note... if you create flash banners the way this article says you can actually feed a .swf flash file a link for it to click to. Instead of it being hardcoded.
http://www.macromedia.com/resources/richmedia/tracking/desig ners_guide/index.html
This is really the way everyone should design their flash banners from now on because the url it links to can be easily changed at any time without editing the flash file source code. cwilliams38325.740162037, Of course ASP.NET is and HAS been installed. I have been running asp.net scripts for years on it. I am not new to asp.net nor setting up the server or anything. ASP.NET is properly installed and works perfectly.
You are missing the fact i mentioned it is a DOMAIN CONTROLLER.
I have come across MANY articles ONLINE via GOOGLE that mention if it is a domain controller, for some reason the aspnet account is not there or gets deleted.
IN ITS PLACE GOES THE IIS_WPG ACCOUNT. IS YOUR SOFTWARE NOT COMPATIBLE WITH THIS ACCOUNT?
Is it possible to run ASP.NET scripts without ASP.NET not being installed? Because I have been running asp.net pages without any problem. , thanks thats what i was guessing.
, I did try to redit the banner and the old link was there, not the new one. In addition I tried to ad a new banner to an account but it too was not saved.
Since I can see the banners from the aspbanner solution, does that not tell me that the solution is properly connected to the database? The only thing is the solution only appears to be able to read the data and not write or delete it.
The settings for the directory are read write execute and delete so I am not sure what I need to do to get it working again
, Your customer should set up a special page that you send banner clicks to. That page is the page that should record the ip and whatever other info needed.
I suppose you could make a page on your end that records that info and finally redirects them to the intended url as well.
All using simple asp. It's really not that dificult to do, but it is a loit easier if you do it this way and keep it seperate from the banner system.
Here is some interesting information not totally related to answering your question.
The banner system does not track IPs on individual clicks because if it did.. 100 clicks on a paricular banner in one day would result in 100 rows in the stats database instead of just 1 row. That may not seem like a lot, but imagine 30 banners all doing the same thing mulipled by 30 days. Your talking 90000 rows in the database instead of 900. It all comes down to what ASPBanner was designed for which is performance and low resource use.
Some banner systems out there even keep track of individual IP's per banner display. Try to imagine how much that effects performance and how much extra space is used in the database for stats. It's crazy and also the reason that the more little features a banner system offers the slower and slower it begins to run.
I am sure I lose sales all the time because I offer less features, but the truth is I know those features will eventually defeat the purpose of why I created this banner system in the 1st place and that i just not something I want to do.
The banner systems with every little feature are just not well suited to very busy sites no matter how well they are designed.cwilliams38324.8386689815, Then you should have current enough code.
If you PM me the encryption key you are using and the plain text password for this user I can see if I can reproduce the error and come up with a fix.
I believe you found one of the rare examples where the encryption creates a strange character that messes up things. Sometimes those characters are not even visable.
Changing the password should solve the problem in the meantime., (FREE) Nov 23 2005 Update Files
If you purchased ASPProtect Version 7.x before Nov 23 2005 then you can download these Update Files.
(These are non-critical updates.. only update if you want the described changes below)
These updates do the following..
- Make the Tabs in the Admin area move up and down as you navigate around so they look more like tabs used in a file cabinet.
- Updates the import/export process so the tab delimited text files created now store the passwords in plain text instead of encrypted. I have been thinking about this one for a while now and I think it is better this way as it was confusing a lot of people. If can also kill the whole process if by chance the encrypted output of a password contains a line break of sorts. There is no way to deal with that scenario so this is way the import/export process is going to work from now on. This also means you should be VERY carfeful about leaving export files lying around as they will have the passwords in them.
- Updates the "expected_paths.asp" in the data folder because the paths it was generating had an extra "data/" in it.
- Updates the users page so it will not show the import/export link if you have not entered a path for the export files in the settings.
- Adds an Activity Tab if using the Activity Tracking features instead of the links it used to put on the users page that most people didn't see.
To install these just copy them in over the old files.
Now of course back up your existing files so can revert back if there is a problem or you do not like the changes. If you made any custom changes to any of your pages use your head and realize that copying these in over your existing files will overide any custom changes you made. (that is your business, I am just warning you)
2005-11-23_163025_ASPProtect_v7_11-23-2005_update.zip
, Ok nevermind that... i got by that wasn't paying attention...
The problem is even before this which i didn't know until now.
I placed the protect tag in a page i called members.aspx
When i go to this page is says ACCESS DENIED etc etc etc.
When i go to login to view this page i get the error..which i DIDNT know because i assumed it was working. This is the error im getting:
Server Error in '/MAP' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /map/users/aspprotectlogin.aspx
Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.42
btw it says /map because that is the subfolder within the root folder ,
Timecard Entry: 3/25/2006 1:40:17 PM
lunch, to Staples, get stuff done, go over new chart for mls with drew and paul., ravel time back to watertown, Did a survey of the Herald building to see where the antenna could be reached, morning meeting, CHRSolutions, fill out and submit work order and purchase orders, Same as before... nothing big at all., Checked DialUp Issues., in-office break, not busy at all, work on some maintenace issues for web sites., Business Record, worked on the Christmas gifts and candy bags-went with Michele to get wagon, Email, Phone, meeting with telergy about bandwitdht requirements, email, voicemail, finishing up posi-plus, proposals-equip rentals, KTI screenprince, trying to get my Frontapge access to work with dave and beth S, worked on order confirmation and submittal section of PC Bundle site, also worked on required and conflicts section of PC Bundle site for Steve, Worked on new MLS software till 4am when I think I fell asleep in my chair. Woke up at 9 am half on the floor and now my back hurts bad., general site design research, Answered tech related calls. Busy still with the 9200 lines., press conference, Various MLS issues with Catt, Chauttauga, and Cortland, paperwork, Took more general tech calls, explained DsL to interested customers., BoldtCastle.com: changed the information about their open season, Conference call with Seth and Kareta, TAYLOR CONCRETE DEVELOPING INTIAL WEBSITE LAYOUT,
|
