Blog Entry: 3/25/2006 1:50:52 PM
Thank you!!
Yippee!
Laura
, Two things you can do to test..
make sure there is at least one ".log" file in that directory.. then if you go to the log file screen and it does not show up in the list the physical path you are using is just not correct
remember the physcial path must contain a drive letter (sometimes a network path starting with // is ok if they have it setup as a network drive)
the other thing you can do is use this script to try and write a simple text file in the directory
http://www.devasp.com/samples/writetofile.asp
That will show you if permissions are correct
,
This is great documentaion for windows script 5.6
in windows chm file format for jscript and vbscript.
We use server side vbscript in all our our ASP 3.0 applications so this info can be a lot of help.
2005-02-18_150921_vbscript_docs.zip
cwilliams38401.6321990741, I have been working on this all night long. I have been reading every possible article. I have created an ODBC connection on the server.. which i have never done before? Still nothing. I looked at the machine.config file... i read about impersonating whatever the hell that is... I am really stressed out. I have the 1.1 framework installed.
I read about dsn and dsn-less connections. Is there another way i can connect to the database? Without using a username and pw maybe?
, <%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
Response.Write(Session("Groups"))
%>
, I know what is happening.. its the old single quote thing messing up the query string..
but it shouldnt be happening with the newer code as I fixed it.
If you like I can go in and reproduce/fix the issue. I can not think of any other way I can help you as other users have not reported the issue.
Chances are if it is happening in one situation it will happen again in the future.. it really all depends on the passwords being used and your encyrption key... other passwords may produce the issue even if the password is correct
basically once the password gets encrypted it by chance has a single quote in it... then it messes up the query
I take care of the situation by replacing the single quote with a double quote but it looks like you found a situation where that didn't work out
cwilliams38453.8921990741, I have no idea to be honest, I just like the way it looks 
Good deal on the remote install, just dont pull the old "hangman" move
shutdown the machine on yourself around 4AM. Otherwise you be getting
in the car and going for a drive LOL
, Hello,
VBScript is the most popular ASP scripting language, and has the most support available. I estimate that less than 5% of the ASP coders out there use anything other than vbscript
That being said it specifically says on the aspprotect site ASPProtect is only for use in protecting asp using "vbscript" as the language.
http://www.aspprotect.com/more_info_full_v7.asp
http://www.aspprotect.com/comparison.asp
it is something I specified very clearly for this very reason.
Sorry, but you can not use ASPProtect to protect pages using Language="Javascript". The code is too complex to be mixed with server side Javascript.
To password protect asp pages written using "Javascript" you really need a an application specifically written in and designed to work with ASP pages written using "Javascript". And then of course that application would not be able to protect ".asp" pages written using "vbscript." (I mean never say never, but it would be a ton of work to get both working and I doubt you will ever see a commercial application that does both)
as for switching back and forth between vbscript and javascript you really can't except with very simple code. Doing so with anything complex can be extremely problematic because the order of execution sometimes gets all mixed up because of the complexity of the code being used.
That doesn't mean it can not work....
You would really want to do something like this.
do not specify a default language at the top
surround the aspprotect include file with this
<SCRIPT Language="vbscript">
</script>
surround your javascript code with this
<SCRIPT Language="JavaScript">
</script>
then make sure none the code including the aspprotect include file has any <% or %> tags in it
that means you have to remove that sort of thing everywhere... that means a lot of work if you used a lot of that sort of thing instead of response.writes to write out html type stuff
and again... I don't know if you would ever get it all working
, Well my hosting company has finally gotten back with me, so I'm having them troubleshoot the webserver to see what might be eating up those resources. So I'm in a holding pattern on this for right now., 
ASPProtect v7.x runs on Microsoft IIS servers only.
That means Windows XP Pro, Windows 2000 server and Windows 2003 server. The web server must have ASP support enabled and support Data Connections. 99% of them do as it's a pretty normal thing, but you should ask and make sure your hosting plan supports it.
Before you even start please read this thread and do what it says.
If any errors show up it is important you see the real error instead of a useless HTTP 500 internal server error.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=11& PN=1
Once doing that make sure to use Internet Explorer as you follow along with these directions.
Now, unzip your installation zip file that you downloaded from CJWSoft.
Use a program like winzip and be sure you have it set up to unzip the directories as well. You can also use windows xp's built in folder compression tools to unzip the archive.
When you unzip the application you should have all of the following folders and files. (more or less, it depends on the version)
Now, you can copy all of these files into the root of your website or if you like you can make a folder called "aspprotect" and put all of these folders and files in that folder. Either way it really does not matter.
Now, contact your web hosting company and instruct them that you need permissions set on the data folder that you copied into your website. This folder and all of its child folders need modify permissions set on it for the anonymous webserver account. It is very important that they set the permissions correctly and on all the child folders as well.
Here are some threads on exactly how these permissions are set.
If you run your own server or are developing locally you can do this yourself. If not most likely you need to put in a request to your hosting company as you CAN NOT set these permissions via Frontpage or FTP.
Windows 2003 Server and permissions
http://support.cjwsoft.com/forum/forum_posts.asp?TID=136& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1
Windows XP Pro and permissions
http://support.cjwsoft.com/forum/forum_posts.asp?TID=56& PN=1
Once permissions are set.. run this page via your web browser
http://www.mysite.com/data/setup_info.asp
Replacing the part in blue with your website info.
When this page is run it will report back a screen like so:
Now, take the connection string info it shows you.
Edit the "dataconn_inc.asp" file in the root of the ASPProtect system and use that data connection information. It should be valid for the server.
If you are using MSSQL server instead of Access please see the SQL database creation directions as you will need to create the MSSQL database and use a special connection string for that.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=160& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1
Now, take the CookieEncryptionKey and PasswordEncryptionKey info that it gives you and enter it into the "config_inc.asp" file in the root of the ASPProtect system. These will be the unique keys that your encryption will be based off of.
Ok...
The files have been copied to your website, the permissions are set on the data folder, and the database connection is ready.
Now.. run this page
http://www.mysite.com/password_admin/get_me_in.asp
Replacing the part in blue with your website info.
This is a special page we use to get into the system for the 1st time.
If you get a nasty error when you run that page similar to this.
Error Type:
Active Server Pages, ASP 0131 (0x80004005)
The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.
Then parent paths are disabled on the webserver and you need to do an extra step to deal with that. Follow this link.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=162& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1&TPN=1
If you get any other variery of "80004005" error then there is a problem with your data connection.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=27& PN=1
Those errors are usualy related to database folder permissions or an imcorrect physical path to the database file specified though they can mean a lot of things.
Once you get the page running you will see a login prompt and one form field
You will need to paste the "PasswordEncryptionKey" value that you used in the "config_inc.asp" file in the form field and hit enter.
If all goes well you will see the admin area of ASPProtect.
Now that you are in the system you need to create an admin account.
Click on "ADD NEW USER".. fill out the info and add a user.
You really only need to fill out (first name,last name,email,username,and password)
Now save that user.
You should see a new user listed in the admin area. Click on Edit user to the left of the new account. On the edit screen check the "admin" checkbox and save the user.
You just created an Admin account.
Now click on the "log off" button on the top menu and click yes to log off.
Now close the browser. Then run this URL
http://www.mysite.com/password_admin/default.asp
Replacing the part in blue with your website info.
You should now be able to in to the admin area of the system using the new admin account you created.
You are now ready to go to the settings page so click on the settings tab in the menu. There are a lot of options and paths that need to be set on this page. Every setting is described in detail on this page. You need to go through the page and set things up properly. Anytime the page asks for a path to a url or file the page will auto generate what should be the path to use. (expected path) If your server has parent paths disabled a few of those auto generated paths will not show up. If that is the case run this url from your server and it should tell you the paths to use for those settings.
http://www.mysite.com/data/expected_paths.asp
Replacing the part in blue with your website info.
Once your all done and the system seems to be running fine you should go back and delete the following pages as they are no longer needed and pose a potential security risk.
http://www.mysite.com/data/setup_info.asp
http://www.mysite.com/data/expected_paths.asp
http://www.mysite.com/password_admin/get_me_in.asp
You should back up the original zip archive you got from CJWSoft in case you ever need those files again.
VERY IMPORTANT: The user passwords from now on will be encrypted using the "PasswordEncryptionKey" you specified in the "config_inc.asp" file.
If you ever change that key all of your passwords will be invalid and you can not get them back unless you know the key and put it back, so plan on never changing that key unless you really know what your doing and know how to decrypt/re-encrypt the passwords using a new key. (something we do not cover at the moment but probably will when we have time to make a tutorial)
, Trying to make sense of this. I am still confused. In the file config_inc.asp. I found the setting for "uploaddirectory". That entry looks like this [UploadDirectory = CmdGetConfiguration("UploadDirectory")]. I assume there is a config file where the value of upload directory is located.
The settings in the config_inc.asp file have not been changed. they are set to the way it was delivered. Is there a document that gives instructions as to what and where the config settings are to be changes?
, who knows, thanks for your input, I am further than I was when I started talking to you!, you do not run "check_user_inc.asp" by itself
Pages you protect include that file at the top.. when they someone goes to a protected page if not logged in a user then sees a login prompt..
after loggin in they see that same page as normal
its an automated process..
now, that being said if you really want to you a specify a page to be redirected to after the 1st login when you edit a users info. You can also redirect anyone anywhere like using a simple ASP redirect statement in your code.
Personally I feel that redirecting people all over the place is poor site design. ASP is all about dynamic code and ASPProtect is all about dynamically tailoring pages to the current logged in users... so why redirect people all over the place.. it justs complicates things because you still need to password protect the places you send them to.... which means twice the work and twice the confusion.
Also, here is a Version 6 thread about redirecting manually that still applies to version 7.
http://support.cjwsoft.com/code/moreinfo17-1.htm
, (Indemnification Agreement Mod)
This very simple mod will add an Indemnification Agreement Pop-up to the registration signup form which must be agreed to before continuing. This is often done for legal reasons to help cover yourself if something should come up later on.
Instructions:
Download 2006-03-19_212700_Indemnification_Agreement_Mod.zip which contains "terms.js" and put it in your scripts folder. It contains the text that will be displayed in the pop-up. You can of course carefully edit it with a text editor to say whatever you like.
Now carefully edit "users/register.asp" with a text editor. Add this bit of code in blue right after the include to the "footer_inc.asp" file like so. It will be near the bottom of the page.
<!--#INCLUDE FILE="footer_inc.asp"-->
<% If ErrorMessage = "" Then %>
<script language="JavaScript" src="../scripts/terms.js">
</script>
<% End If %>
Your done, that's it. Now when "users/register.asp" is run for the 1st time the pop-up will come up.
, Version 7 uses.. RC4
The upgrade process is described here in detail including a procedure to convert existing clear text passwords to the encrypted versions. (Your passwords will need to be clear text as the system shipped of course for the conversion to do its thing)
http://support.cjwsoft.com/code/info24.htm
It is also covered in the downloadbale docs
http://support.cjwsoft.com/code/moreinfo221-1.htm
Many people have done the upgrade without any issues and Version 7 is getting great feedback.
Should you decide to go with it there is upgrade pricing.
http://www.aspprotect.com/purchase_v7_upgrade_pricing.asp
, Hi,
I did some layout customizing on the register page on my site. ( http://www.lonestaricon.com/aspprotect/paypal_sub_signup/reg ister.asp)
Now when I tried to register, it seems like it goes to the next page, but it is blank.
( http://www.lonestaricon.com/aspprotect/paypal_sub_signup/add _new_account.asp)
If I log in under administration, it shows that I have registered. I can't seem to figure out what part of the code is wrong, so that the new account page will not load.
I'd would greatly appreciate any help with this.
Thanks,
Allison
, I am trying to import a database into my list of registered
users. When I go the import_export_manager.asp page most of the
content is missing. All that appears is the first 2 lines of text
and a box. The rest of the page is blank. I have tried this
under 5 different browsers on 3 different machines and on 2 operating
systems. I also ftp'd the original .asp file with no success. Any
clues?
, I am an experienced ASP developer. Can you tell me whether this would be a very involved process, or whether it is pretty straightforward? I don't yet have a merchant account, so I am not yet familiar with any aspect of accepting credit cards online.
Thanks.
, Not without changing a lot of code. If you didn't want encryption you really should have went with version 6. Encryption is a big new feature of Version 7 and it is inter-mixed with it the code in a lot of places.
As for doing the export and import you have to create a valid export file and then read through this very thread which explains how to import an export file with clear text passwords.
This is from the admin area regarding the text file format
The import/export file must be tab delimited with no text qualifiers. The 1st row containing field names and the following each being a new user. To create your own import file it must be in this exact format. To find out what field names and their order are simply create an export file using ASPProtect and take a look at it.
Generating an import file from your own database requires good knowlege and understanding of Access's Importing and Exporting functions. It is not something I cover as the process is different for everyone and not really very hard. ,
ok, here's a test page:
http://www.galvinelectricity.org/download_link.asp
user: test
password: test
Our company just got new computers, so everyone here has the same set-up, all Dells, all about 3 weeks old, all Windows XP.
But I did realize after reading your post that I am using Firefox and everyone else was using IE. When I used IE, I was able to duplicate the error.
But, alas, I am unable to resolve it. Client will be using IE, no doubt.
, Whein I went by the numbers off of your directions, which work well up to that point, the import would time out.
At that point I tried to import directly into access...and then it hung trying to login.
okay so I've put in a clean database and created a new record for me as admin.
, DONE IT
DON'T WORRY!
DON'T ASK HOW, BUT NOW IT WORKS!!
THANK YOU IF IT WAS YOU, OR THANK YOU GOD IF IT WAS ME!!!
, You can't unless you plan on editiing and custimizing the code.
The application is only designed to have one kind of admin and that kind has full access to the admin area.
You can of course give any user access to stats for their banners via the bannerstats page.
That is how it works. There are no other levels of admin access.
, yes, any page you want protected needs to be edited..
You can probably have a login box on a non protected page. Just copy the generated source html form code for the login box of a protected page. Then put it on your non-protected page, but change the action to the page you want them to log in to.
In other words go to a protected page. See the login box, view the html browser source and use that to make your login form on the main page.
I have not tried it with .NET but I am pretty sure you can do it since it pretty much works the same as the classic asp version of ASPProtect.
try it.. see if it works.. If I have time tommoro I will test it out., I wasnt talking about the date for a banner ad.. I was talking about the date field in the database for a USER if there is one (I dont remember if that app had date fields for user or not and I am not at a computer to take a look)
If you do not know how to directly open up and edit the database then yes you should just make a new user, Verison 8 is superior in every way and the code is much more optimized so yes I think it would handle it better. It is still a lot of banners on one page though which means a lot of hits to the database if you call them all individually with zone calling code. SQL server would make sense more than MSACCESS.
Now, the only reason I said make one zone for all those banners on the home page is because a banner has to be associated with a zone. It would make sense to put them all in one because if you just tracked the clicks like I mentioned you really wouldnt be using the zone except for maybe when you go to view stats. , you not seeing the real error
http://support.cjwsoft.com/forum/forum_posts.asp?TID=11& PN=1
, It is refered to as the internet guest account but that isn't the actual username. The username is different for every machine. It usually starts off with "IUSR_" and then your machine name. "Internet Guest Account" is always the account's full name as labeled by IIS when it is installed.
Regardless,
If an account isn't listed you have to add it.
Click (add-advanced-find now) and it will list off all the user accounts on the machine
You can also click (add-advanced) and simply type in the account name or part of it.
Some more tips:
If on a local machine you always just give the "everyone" account full control which is pretty much going to make anything work.
You can also go to computer management in your server's administrative tools and view all of the accounts and groups there under "Local Users and Groups".
cwilliams38417.7186689815, [QUOTE=afifm]
I was actually able to do similar thing by allowing our dedicated search engine to access the site unchallanged.
<%
If Trim(Left(Request.ServerVariables("HTTP_USER_AGENT"),11)) = "MYPASSWORD" Then
SearchFlag = True
End If
If SearchFlag <> True Then
If Session("Access_Level") > CHECKFOR or Session("Access_Level") = "" Then
%>
<!--#include virtual="/Auth/check_user_Code.asp" -->
<head>
<title>My Title</title>
</head>
<body>
My Protected stuff here
</body>
</html>
For this to work, the search engine must pass the PW to the web site. I just was not sure how to do the same thing with IPs. I will play with the code and see what happens. If it works, I will post it here to help others, if this is OK with forum rules.
Thanks,
Mo
[/QUOTE]
I just added couple of lines and it works fine
If (Request.ServerVariables("REMOTE_ADDR")) = "xxx.xx.xxx.xxx" Then
' Session("PasswordAccess") = "Yes"
SearchFlag = true
End If
, Hello,
I dont know exactly how you go about that and it would really depend on a lot of things like when the ad started and how yu wanted t handle that. it would involve custom coding though, not a change in the database.
, Just copy the files over. have permissions set on any folders that need it, and edit the data connection so it's valid for the new server. Once you get logged to the admin area go update all the settings so any urls are valid.
really its no different than a new installation so just follow those directions but use your existing files.
There is no domain pointing involved...
As logn as the old stuff is not accesible on the live internet you don't need another license.
As for my installation fee of 25. That is only for new installations. I charge more for something like that as there may be compications such as custom changes to the code that I would have to deal with. Customers often custimize the login and users area.. etc etc .. and there may be hardcoded urls and what not to worry about changing.
LASTLY, I noticed all your other posts are in the ASPProtect 7 area so the installaton process for that is a bit different than for Version 6 so what I said above is not quite the same process. Please make sure you post in the correct area when asking questions. , thanks!, Chris, and all who read this post.
Don't run away!
I believe that perhaps I gave Chris good cause for this post to be created
. But dont fear
.
When it comes to most languages I am a newbie, let alone ASP.NET. I did not choose to have an application for my site to be built in ASP.NET. However it was and I had paid for that program and it needed protecting!
Now I did have a few problems, however NONE were with ASPProtect.NET. It is brilliant. NONE were with Chris and the support he provides. I believe he must work 24/7 judging by the speed of replies and the timezone differences.
In the end all the problems were down to MY typos and a web host who insisted that any problem was a conflict and not their server set-up.(which it was!)
Having eliminated the typo and changed web provider to a less arrogant company. ASPProtect.NET installed and ran out of the box. Truely impressive.
As a newbie it is not something I would like to do again. But with help from Chris and from a friend with ASP.NET knowledge any issues were very quickly resolved.
An A+ recommendation for CJWSoft. I love it!
, The company is called Eschelon - there customer service leaves a lot to be desired. I have contacted them again and they said that they require the account holder to manage permissions, they won't make changes. I wish they would have told me that a week ago when I asked them about changing the permissions. They haven't responded to me yet how I am to do that though.
Frontpage ext. are not installed.
Once I hear back from them about how I connect to manage rights I should be all set.
Thanks again for all your help!
, probably.. better than what we are accomplishing here LOL
or if you like send me the import file and your encrpytion key and I will try it out here and see what happens
either way PM me any sensitive info if any
, To finalize this thread.. a target was added to the form by the customer by accident thus causing the situation, Some users have reported an error during the registration process.
Here is what I believe is happening.
When you register you get sent a validation email that has a link in it that looks something like this.
http://support.cjwsoft.com/forum//activate.asp?ID=testAD3AD2 97BC
That link can only be clicked on once which will activate your account.
If you somehow run that link more than once you will get a message telling you there was an error.
I think some people are double clicking on the link they get sent and running it more than once.... or clicking on it again after registration is complete. It probably happens very fast so they never see the success screen.
Either way, if you can login to the forum nothing is wrong and you are already activated.
I did the initial steps of downloading the sql scripts and running it in Query Analyser, tables created fine.
I can login for the first time. I exit from the browser and then I cannot login again. This happens for every user and admin.
I noticed that the values in the fields "Login_limit" and "Active" in the ASPP_Users table in the SQL changed to NULL and 0 when login and remained in those values after close the browser.
So iam just struck not able to log in. Pls advice.
I've got an ecommerce module that's running on it that uses access for the db. Connecting into that thing is slow as well, but I figured that's because of the complications and volume it handles.
So as far as importing on a faster machine and copying it over to the server...what suggestions do you have?
, thats not good.. its a web server configuration issue of some sorts ?
post is a common method for forms.. if it is not supported it is something you should ask the server admins about.
Is this a windows based web server running true microsoft ASP because that error is usally associated with non windows IIS based web servers from what I can see by doing a google search ?
ASPProtect only runs on windows servers running IIS and True Microsoft ASP.
http://support.cjwsoft.com/code/moreinfo165-1.htm
My guess is your web server is running Apache Unix or something like that.
, 
