Blog Entry: 3/25/2006 1:51:50 PM
People who have the option pack have a new feature called groups.
Groups are meant as a replacement for using the access levels as they are much more powerful. Support for pages protected using access levels is left in tact for backward compatiability for a customers older protection code.
A customer recently told me groups could not be used like access levels and that 8 access levels was not enough. This is how I explained that groups can do everything access levels can do.
Groups can honestly do everything access levels can do if you really think about it.
Using groups and protecting pages accordingly you could actually create a system that basically worked identically to the way the access levels works.
For example..
You make 8 groups and assign users to them accordingly
Protection code on page allows access to groups 1-8
The aspprotect system generates this code for you…
<% GROUPACCESS = "1,2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
In this case a user assigned to any one of those groups would have access..
Protection code on page allows access to groups 2-8
The aspprotect system generates this code for you…
<% GROUPACCESS = "2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
In this case a user assigned to any group between 2-8 would have access..
Protection code on page allows access to groups 3-8
The aspprotect system generates this code for you…
<% GROUPACCESS = "3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
In this case a user assigned to any group between 3-8 would have access..
cwilliams38114.800775463, My ISP uses ASPSmartMail. The email confirmation works except when I try to register an AOL user the server returns an error 500.
,
well, I just tried a password using "abcdefghi" and like you said it did not work
I am looking into that.
Also, it seems I had the SQL scripts creating the "Old Password" field just in case someone needed it and I forgot about that. , Regarding hosting companies..
Now.. obviously if you are hosting on someone elses server you may not be able to set permissions like this.
Ultimately, if you are hosting somewhere and ASP and Database connectivity is part of your hosting plan. It is the hosting company's responsibility to set these permissions for you when asked or to give you a special interface to do so on your own. If they are not helping you do this then maybe it is time to get a hosting company that is serious about your ASP Hosting Needs.
Also... JUST TO BE PERFECTLY CLEAR
The permissions we are talking about cannot be set via FTP or Frontpage access to your web site. They must be set like shown above or via a special interface meant to set the permissions correctly. For all you people out there messing with the permissions you see in FTP and Frontpage.. you are wasting your time and possibly creating problems in your web.
All ASP scripts that communicate with an Access Database, Upload Pictures, Modify Text files.... are going to need these permissions set in some way or another. We have no control over that fact.
cwilliams38360.69125, ok, how about some more in fo on the setup ?
What version of MSSQl ?
Exactly how did you create the sql database ?
Is it possible banners.asp got edited ?
Did you create all your banners via the admin interface and do all all banners have a zone assigned as that is important ? Sometimes customers will add banner info directly to the database and leave out vital field info that the application requires. Based on that error it is starting to look like that page is coming across a banner with no zone ID and thus the error. , Thanks for the quick reply!
I was thinking it was an ASP config/install issue.
I usually deal with Linux/PHP, so this is all new to me :)
, yeah.. thats an old graphic probably only seen in a few places.
it is not on the main site
http://www.cjwsoft.com/
or here
http://www.aspprotect.com/
or here
http://www.aspbanner.com/
or here
http://www.aspclassifieds.com/
or here
http://www.aspphotogallery.com/
but I am sure there are a couple of pages left over still using it like the aspvendor and asplistings pages.. etc I am aware of it, just been too busy to go change them and I didn't consider it a big deal
2003 servers are NT based anyway
, Chris, and all who read this post.
Don't run away!
I believe that perhaps I gave Chris good cause for this post to be created
. But dont fear
.
When it comes to most languages I am a newbie, let alone ASP.NET. I did not choose to have an application for my site to be built in ASP.NET. However it was and I had paid for that program and it needed protecting!
Now I did have a few problems, however NONE were with ASPProtect.NET. It is brilliant. NONE were with Chris and the support he provides. I believe he must work 24/7 judging by the speed of replies and the timezone differences.
In the end all the problems were down to MY typos and a web host who insisted that any problem was a conflict and not their server set-up.(which it was!)
Having eliminated the typo and changed web provider to a less arrogant company. ASPProtect.NET installed and ran out of the box. Truely impressive.
As a newbie it is not something I would like to do again. But with help from Chris and from a friend with ASP.NET knowledge any issues were very quickly resolved.
An A+ recommendation for CJWSoft. I love it!
, Is it possible to set the user account time limits when they register? I am using email verification and am trying to have their accout expire 32 days after their initial login.
Also I have an issue with the email notification not notifying me when a new user logs in. It does a beautiful job notifying the new user. I do not understand why my server will send to one and not the other, I ahve searched the links but none seem to answer this.
Thank you for your help and insight
, "get_me_in.asp" just hangs during a new install. Nothing happens no matter how long you wait and IIS may temporarily hang up as well.
You may very well be running something like norton antivirus with norton script blocker on your server? Or something similar?
It can cause issues when ASP uses the filesystem object and cause never ending page hangs like you are having.
Read this..
http://www.aspfaq.com/show.asp?id=2180, sounds like trouble with the SQL database.
Did you create it using the SQL scripts we provide as that is extremely important ? , That bit about zones makes perfect sense and seems surpassingly simple for me to integrate due to our categories and page contents being based on the same if/then functionality.
Regarding the user, I guess you mean that I could simply recreate a limited admin interface for users based on the interface you have included for me, is that correct? I realize how subjective the question is, but do you think that this would be a bad idea?
I'm leaning toward your software here. I have a budget that could easily cover a variety of programs, but the UI for advertisers at banmanpro, for example, seems far too complicated for my users. Also, banmanpro doesn't have supporting compatible softare I am interested in, such as your classifieds software.
I guess I am trying to buy a good shell from which I can do my own customization and coding, and into which I can integrate future additions such as your classified ads. Does this seem like the right place to be?
Thanks much for your time!
, This is a great article from my old powerasp.com site.
Connections And Server Database Permissions
cwilliams38084.7458217593, yes. what you are talking about has to do with norton ad blocking software.. it blocks images or paths that have the word "ad" in them.. and you see red x's where images should be on web sites.. usually
it is different then what this thread initially mentions which has to do with a code/server issue with the application variables.
, Christopher,
Thanks for the reply. I think I've found my problem, but can't test until later in the evening as it is on a live site.
Darrell
, No, Unfortunately.
I have seen your messages.
I have not edited the code at all.
Tomorrow I will install the sql database again from your script as I
did before and I will try again. I will send all the details.
Thank you again.
, The application is only intended for use with $ the way it comes.
Use of other currencies is not supported.
(this is noted on the product page)
However, it can probably be used fairly easily with UK customers.
You'll probably want to look into setting the currency to UK in the code generated for the PayPal buttons which is in "view_item.asp". There is probably a hidden form variable you add to it to specify the currency. PayPal's shopping cart documentation and help system would have more info on that.
Doing a search real quick there I came up with this.
<input type="hidden" name="currency_code" value="GBP">
Then you may also want to change the LCID settings for the web site to UK. (I think)
To do that edit the "config_inc.asp" file with a text editor.
Add this code between the <% and %> tags.
Near the top is good
Session.LCID = 2057
There may also be hard coded dollar signs in the code that you will need to change to whatever.. If after you do the above to steps you see then you'll know where to change them based on the named of the page you on.
It is quite possible that simply changing the LCID will take care of everything, but I am not sure.
Those are the tips I can give you. , LOL
, right..
I had to open up the permissions to get it to work. I now have to go back and uncheck each one for directory listing.. :)
, Does ASPprotect support Paypal's Website Payments Pro option, where a user can use a credit card directly on a web site, without passing to paypal.com?
Nick
, recent activity infomation is temporary and mantains itself per application start up.. when the web application restarts for whatever reason the info is reset
a reboot, an iisreset on the server, application pool restarts, etc etc
this is done because if that info was saved in the database your database would get huge real quick
logfiles however do not do that and are permanent
, (Password Expiration Mod) for ASPProtect Version 7.x
This Advanced Mod requires decent knowledge of Databases and working with ASP. I originally wrote something like this for a customer on a custom project. I then took the time to re-write all the code from scratch so it could easily be plugged in to the current version of ASPProtect as an option. All in all this mod took me over 15 hours of time to develop and will save you a ton of time & money if you were planning on writing something like this on your own. Some parts of this were so difficult to get working that I would never have written this code if I was not paid to do so. (The encrypted array that rotates through the last 12 passwords was quite frustrating to get working)
The price on this is 19.95. I am not incorporating this into the base product because it makes things more complicated and isn't for everyone.
Purchase Page
Security is a big concern and making your users change their password every so often is a good idea. Keeping track of previous passwords they used and making them choose something they haven't used before takes the concept even further.
This Mod will add a password expiration date to the application. When the password expiration date is hit the user must confirm their old password as well as pick a new one before they can log in again.
There is a new password expiration directory where they must choose a new password that has not been used before. The new password must be confirmed during this process. (It remembers 12 old passwords the way it is coded) The old passwords are stored in the database in an encrypted array.
Directions:
Back up your existing ASPProtect installation.
Add two new fields to the "ASPP_Users" table in your database.
For an MSAccess Database
Password_Expiration_Date (Date_Time Field)
PreviousPasswords (Memo Field)
For a MSSQL Database
Password_Expiration_Date (smalldatetime)
PreviousPasswords (nvarchar 160 characters)
once that is done
Copy all the new ".asp" pages into your site.
Edit the "PasswordExpirationURL" variable in the "check_user_inc.asp" file
It needs to be the full URL to to the "change_password/default.asp" file
Now edit the "change_password/processchange.asp" file
There are 3 variables you can edit.
PageSentToAfter = "http://localhost/aspprotectmods/password_admin/default.asp"
PassMinLength = 4
PassMaxLength = 8
The "PageSentToAfter" is where you want them sent to after they change the password. It can be whatever you like.
If it is a protected page they should automatically get logged in with the new password they just changed to which is nice.
The other two values should be obvious.
That's it...
Just remember the password change thing is not used in the admin area...
You could easily add code for that on your own though by looking at the the password expiration code I added to the publics "check_user_inc.asp" file
Also:
You will see a new field to edit on the user edit screen for the Password Expiration of course. , Triple check the upgrade instructions because I think you missed something important.
line 227 on "/password_admin/save.asp" refers to the "Password" field
the error your getting most likely means it is not there..
Pay close attention to the areas in the upgrade instructions regarding renaming your existing "Password" field to "Old_Password"
Then making a new "Password" field and carefully following the instructions needed to convert your old passwords for use with the new system.
If you don't everything carefully and perfectly this is the sort of error you will get.
cwilliams38451.8787268519, It looks like your product is perfect for my new site, but I have one question. One of the pages I want to protect on my site will be called by an application running on a remote server every 15 seconds. The application can include the username and password in the URL it is calling. Will your product allow access to the protected page on my server? , Is there an easy way to make this work with reoccurring a monthly or yearly subscription?
, Hi. Chris. I'm not a programmer of any sorts, so I am not comfortable plugging in the changes you suggested and not knowing for sure if it will "break something somewhere else". If the programmer tells me "you have been warned", its a pretty good sign its a no win situation. If you don't know, theres no way i can know.
I saw in the code where you mentioned the changes. I don't see where it mentions the last name is required either, but the bottom line is it does require it it the actual new user form.
Thanks anyway Chris. I'll figure something out.
-john
, No rush, I have it out on the internet, but have not gone live with the site yet.
Thanks for responding,
Enjoy your well deserved break
, I do not really know a lot about but it is basically code that lets you specify however many number of images and links... and then display a certain number of them at once.
You'd have to search google for it.. there are 1000 of sites that offer free javascript code and that is where you find scripts like that.
You could certainly set up all the images and links for each banner in aspbanner but if you used them with code like that you be limited to tracking clicks on banners. Tracking page impressions would not be possible because the javascript would be handling what images get displayed at any given time. Basically each link for each image would be going through aspbanners tracking url feeding it the banner id and therefore tracking the click and sending the user to the desirec URL.
Regardless, it is not something I would support. You would have to sort it out as it is nothing ASPBanner was designed to do and not something I want to deal with because client side javascript code is not something I am NOT very good with. , Another good tip is to make a copy of the "password_admin/default.asp" named whatever you like..
"default2.asp" would work...
then maybe add a link to it from the header_inc.asp file
then you can modify that one all you want and your will still have the original around.
That concept works for a lot of things.. for example you could make a copy of the "users" folder and call it "users2" granted a few paths might need to be changed here and there but really not a lot. (how do you think the paypal signup folders were created, they started as a copy of the "users" folder of course)
You can even make a copy of the "check_users_inc,asp" file if you like. Then make a copy of the "scripts/login_form_inc.asp" file... then make your new "check_user_inc.asp" file reference it.
Then you can password protect pages using different versions of the "check_user_inc.asp" file. Why ? well maybe you want different looking logn forms for different parts of your website or you want to make a lot of changes to the "check_user_inc.asp" file and want to leave the original alone.
The sky is the limit really. When it comes down to it besides the actual guts of the "check_user_inc.asp" file ASPProtect is nothing but html tags and chunks of simple server side code that produce more html dynamically. What your browser ends up with is basic html. (some client side javascript in certain cases, but that is pretty basic stuff too.)
cwilliams38422.509525463, Chris -
Long time no talk, which is a good thing. I have purchased another product from you, ASPVendor. I am running into an issues.
When I try and remove the image through the image manager, it does not remove it. Screen shot attached.
2005-10-19_194248_image_upload.zip
Thanks
, thats actually just the xml parser component barfing out on you.. it can't handle the load of being called so much on that server
you might want to try some of the other methods of calling banners, Chris,
Thanks for the reply. It all makes sense.
I have gone with your first option but here is the problem:
I have moved the password protected page from the detail page with the
querystring to the straight .asp page. This obviously fixes the
previous error.
Once someone has logged in they are then presented with a list of links
to the previously protected pricelist detail pages (example -
"somepage.asp?ID=3""). They are then able to access the pricelists.
The problem is that if someone copies the pricelist URL they are then
able to pass it on to someone else and bypass the password protection.
If I also password protect the pricelist pages then someone will have to login twice.
Is there some code that i can add that will simply check that they have
logged in otherwise kick them back out to the protected .asp page.
All code in your documentation tends to open the login page regardless of whether you have previously logged in.
Thanks,
Stuart
, Larry,
I have a new computer up and running and am back on the Internet full time. I am here to help when you are ready to continue with this.
I went to your site to look around and "try it" like you mentioned but I can not really try anything as the admin username/password seems to be something other than the default
, If it stopped working it has nothing to do with the ASP code. YIf could have stopped for any number of reasons as hosts often change email server requirements and info. You need to go over the email settings. Of course make sure you and the person you are sending to have valid email addresses and try different methods/settings until you get emailing to work again.
Testing it by sending emails off from the users screen.. in each email type in what you are trying at that time so you know what worked if emails make it through. Also, be sure to check junk filters when testing to make sure the emails are not being put in any of those.
That's what I would do. CDOSYS is always your best bet for sending emails as it has so many options and all new server support it. , There was nothing wrong with the server configuration. It turned out that the problem was that I disabled the email notification of new user registrations that I continually receive. That appears to disable the authorization email to new users as well.
One other issue. It appears that AOL email addressee's are not getting the authorization email. Does AOL have any blocks to CDONT generated emails?
, in that file "upload_post.asp"
change
<%
If Session("Admin") <> "True"
Response.End
End If
%>
to
<%
If Session("Admin") <> "True" Then
Response.End
End If
%>
, I would check out this article for starters... aspprotect is very similar to asp photo gallery and so are a lot of the page names.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=49& PN=1
Jeromy, You should have access to that page.
, Than you
I'm happy after changing to XML parser for two of the ads. Later I'll change the other codes to XML, never to use iframe again!
, Understood.... can you point me to a place where there are other methods of calling banners? Do you mean not use Flash? I am new to this and will need some pushing over the cliff!
Thanks
Dave
, Hi Chris,
Thanks for the answer. No, I am not using Paypal since these are employees and sales reps. I guess i'm on my own on this one. :)
Thanks
Sylvain
,
Timecard Entry: 3/25/2006 1:51:50 PM
signed up another new user. helped a customer with his modem, VBITS convention, Meeting on CLEC, and value plans, meeting with 6 major realtors within board set up future presentation, lunch, WWTI email fixup onsite, continued reading on sonet. reviewed mbo task list with completed projects on lesson plans and visio drawings for nortel (?). , TICC Team Meeting
, discuss wireless for Italian fest at the fairgrounds, General, Lunch :)
, Install EJ Noble router and ensure functionalality., Setup and configure vermontfarms.org, travel to sandy creek, watn schools web site design, 12:30 to 1 am 3 calls,
one customer, Billable... updated Davidson Auto SIte with latets database export files, cphospital.org - starting addition of health resource pages and transfer of old content., Sunrise Telecom, looked up Clearwire.com, wireless provider out of Texas with service in Buffalo area, started Gisco payroll, setup new employee, reclassified a few employees, logins , e-mails, Alex Bay to Watertown, cleaned up the techroom... emptied trash cans and just tidied up the place, Caught up expireds and some other customers showing up. , Met with Freislich, a few bad passwords. some email problems, Mark Richards re: Email problems, general tech support, mgmt meeting,
