Blog Entry: 3/25/2006 1:37:34 PM
I have written asp.net application pages- obviously i knew what viewstate was, or else when they made a mistake on that page it would not have saved their filled in info. Same thing for after they submitted, when they hit the back button their info would be gone.
For someone who wrote this software it seems you are not able to do simple things. Im begining to think you didn't write it. The only reason no one else asked this many questions is possibly because they didnt NEED the functions i am TRYING to do.
I know how the log boxes work. Esp. reg ASP... they all allow you to enter your username and password and then when you hit submit it gets verified and transfers you to your destination. ASP.NET has that capability also.. i didn't purchase a program to go and have to re-write it in visual studio. It would take me longer to re-write YOUR code than it would to have LEARNED ASP.NET and made MY OWN.
The program seems to have some great complex features, however, your not able to incorporate this easy login from a diff. page function... fishy
, I am using VS 2005, when i go to new project in visual basic folder asp.net web application is not there..
Can i add it somehow?
,
Hi,
No, only ".asp" files can be protected. It is the nature of Forms Based Authentication when using web based scripting technologies whether those scripts be ".cgi", ".asp", ".php", or whatever.
To protect entire direcotries at once you really need to run your own webserver and use NTFS permissions and user accounts..... or if something special is installed on the server there may be ways to do it as well. That usually isn't going to happen under a shared hosting account but there are special authentication products for such a thing that some hosting companies do purchase and allow their hosting customers to use.
Using aspprotect we do give working examples of ways to stream and partially protect images and downloads while a user is logged in to an ".asp" page.
Also, any ".htm" pages can simply be renamed to ".asp" if you need to protect them. Links to each other need to be updated of course because of the extension change.
In my opinion the truth of the matter is most high end sites use Forms Based Authentication with scripts. Not directory protection as it is fairly primitive/old school as well as sometimes being confusing for the users of the site because of how the login window from the server often gets stuck behind the browser.. etc etc
If you have a lot of pages in a site that you need to add protection code to then if can often be helpful to use a good Multiple file search and replace program to carefully add the protection code to the top of the source code of the pages. There are even multiple file search and replace programs that can rename extensions which can be helpful for large sites.
For images and graphics you want protect you have to do some work and set up and intelligent system for yourself.
Lastly whether you use https:// or not is no concern to ASPProtect as it works the same under https:// as it does under http://
, far as I can tell it does... that session abandon thing called in the logoff page should be enough to cover everything
once thing to be careful about
If you log in.. then log off... then go back to a page and do a refresh... you may in fact be reposting the username and password from before.. thus logging yourself right back in
Perhaps not.. all depends on what your doing... but it is something to be careful of when testing
cwilliams38341.7390509259, sorry for the confusion, but I am not that good with the tech explantions yet.
what it boils down to is I have an Access Database containing over 100
members names. I want only those people to be able to get into
the secure pages.
Thanks. Harvey
, did you read what this thread says about that session variable for groups not be created by default
you have to add code so it sgets created before you can check it... this thread talks about that, Our webhost set the permissions, but the error is still there, so that is obviously not the problem. We now have both our webhost and our asp support technician trying to figure out the problem and everyone is stumped. Can you please provide us with the following information to help us out:
1) what is the name of the file that sets the connection string?
2) what is the name of the file, if it is different from above, that sets the password of the database?
thanks
, Then you should have current enough code.
If you PM me the encryption key you are using and the plain text password for this user I can see if I can reproduce the error and come up with a fix.
I believe you found one of the rare examples where the encryption creates a strange character that messes up things. Sometimes those characters are not even visable.
Changing the password should solve the problem in the meantime.,
I have been using ASPBanner for a while and am very pleased with it. Congratulations on a good product.
Only one feature is missing that would really help me and this is being able to display banners dependent on some condition (/aspbanner/aspbanner_inc.asp?BannerZone=6&condition=xxx ).
I think this would be a good idea as it would allow users to present adverts based on different criteria; for example; specific country/region related ads, ads based on time of day, ads based on user preferences, etc.
To achieve this I was thinking of adding a field to the database so that I can enter a set of comma delimited conditions for which the banner can be displayed.
I have looked through some of the asp code with the intention of seeing how easy it would be to implement the functionality. Not knowing the code however, I think that modifying it myself would be risky as I may inadvertently change things, which would have a negative effect.
Would adding this type of functionality in ASPBanner be of interest to you. If not, can you let me have your opinion as to whether this would be relatively simple change for me to do myself or would it be too risky and I should give up the idea. Any guidance or feedback would be appreciated.
, Actually, I think I just found my answer...
I will take out the StrToFix = Replace(StrToFix," "," ") bit of code and see what happens...
- Jason
Jawa38406.4721412037, How do I recover or reset admin password used for the aspprotected pages. I have installed it months and months ago, but now can not recall the password. Any help appreciated, as I do not feel like installing it again.
, You should not have single quotes around the "-1" because Album_Active is not a string field in the database. It's true/false or bit field in the database depending on the database you are using (MSSQL or ACCESS)
I'd do it a little more like this I think.
SELECT COUNT(Album_ID) AS Alb_Count FROM " & tbl_label_albums & " WHERE User_ID = " & CmdListUsers("User_ID") & " AND Album_Active = 1"
I took out the parentheses as well since I dont believe they are needed in a simple case like this
but is hard to say unless your the one testing it... my version might have a mistake as I am a little rusty with my SQL at the moment
also: in case your wondering...
depending on the situation and the odbc drivers the 1 and -1 should work either way but sometimes it's picky and you have to do it one way or the other
cwilliams38433.0564930556, I need more details... telling me you cant get it to work doesn't give me much to go on , This user is talking about preparing more than 100 pics at a time for an album that already exists and doing it using linux.
I asked the user to post the code here because I think it is interesting and it may help someone who is working with the app.
This article is not for everyone for a few reasons.
1.) The application can already mass import pics on it's own. It does 100 pics pretty quickly on a decent server. The built in method also resizes pictures and make low res thumbnails should your server support a supported ASP image resizing component. The method above simply rename pictures in a folder so the application will see them as part of an album.
2.) We don't support or recommend that anyone sets the application to use more than 100 pics per album. It is just not tuned for that and there will be issues. Please dont ask me what they are as it is complicated and I am not sure/dont remember what they all are.
3.) Your going to have to be familiar with linux to use the code shown above.
cwilliams38210.5694444444, Hi,
Its just not enough information to go on. I need more details on what is going on. There are a lot of configuration settings in these applications. I really do not know what to make of that screen shot.
My 1st guess is that if you cannot delete a picture that the picture folder does not have delete permissions ??
I also need to mention that I am not sure what this has to do with ASPImage ?
, "I can login for the first time."
when you say that what exactly does that mean, because in this version you do not just log in for the 1st time.
What I am saying is there are steps where you run a special page to intially get into the system, then you setup a new user, then you make them an admin, and then you can log in as them.
You left all of that out of your story...
I really need all details in order to help.. is this an upgrade or a new install, etc etc etc
I would also advise very carefully comparing the fields in your sql database to the sql creation scripts to make sure all the field settings are correct.
Lastly, please tell me what name/email you ordered the product under so I can check your purchase.
Thanks, Hi,
That is not enough to go on. I need details in order to help.
, New Features added to 7.x
- Entire application gone through and updated.
- New graphics, new look and feel
Passwords and Cookies are now encrypted using separate keys individual to each customer install.
- Groups Feature... powerful way to protect pages based on group access
- Ability to upload a picture for each user.
- New printable profile user screen.
- Supports 13 email components as well as outgoing authentication for a few of the email components
- New Lockout option. "However many" try’s to login and you are locked out for a certain amount of time.
- PayPal signup routines for both single payments and subscriptions integrated into the application. Everything is handled automatically. Charging for membership couldn't be easier.
- New Newsletter Feature allows you to send newsletters to those subscribed.
- New ability to Email users soon to expire
- HTML emailing for people using CDOSYS. This includes an inline html editor so you can send out some really professional looking emails.
- Ability to redirect a user anywhere on 1st login
- Option to turn off Login Remember Me Feature
- Login Form now very easy to edit
- All paths for places that need permissions can be easily changed.
- Works with Parent Paths Disabled on the web server.
- Company Name is now an optional field
- Handy javascript popup date selectors
- All date functions now internationl date friendly
- Password conversion routine to upgrade existing users to the password encryption
- Import / Export of user database built in
- Protection Code Generators
- Notes Feature. Javascript Popup on users screen that allows you to quickly see information without going to their edit screen
- Mass email users incuding ability to send them usernames and passwords all at one time.
- Option to not allow concurrent logins by the same username
- Optional feature to keep track of recent users that have logged in as well as allow you to view the information.
- Optional feature to keep track of recent users that have logged in, what pages they accessed, and when, as well as allow you to view the information.
- Ability to protect other files types other than just protecting the viewing of the ".asp" pages. We provide working example code showing you how to protect images and file downloads in your protected ".asp" pages. You can protect nearly any type of file from downloading and viewing. (gif, bmp, jpg, zip, exe, pdf, rar, mp3,etc..)
cwilliams38413.5933680556, Oh, to clarify the above. We did not change any columns in your [Users] database or any other table., Please try this URL www.telepedia.net/pages/chem_periex.asp
It is protected by GROUPACCESS "6" and the username:dimitris and password:tele
In the administration area, I have arranged this username as member of the group 6.
Thank you in advance for your help
, new version is still not finshed as of the end of the year... I am not going to release it until I feel it is ready., I'm having an issue importing. It moves the images from the /import folder and creates the thumbnails with no problem, but the full-size photos all have a size of 0 bytes.
http://www.larrysampas.com/gallery2/default.asp?CatLevel=2&a mp;Cat1_ID=1
, I apologize if I've missed this, but I would love to see the ability to auto-e-mail the advertiser at some randomly set interval before the banner expires. Ideally, I would also be cc'd on this e-mail so I can stay in touch. If the advertiser wants to renew, I can receive payment and change the expiration date without their banner ever falling out of service.
Since e-mail is already built into the program, would it be difficult to add a routine that checks for expiring banners at some daily interval, and contacts the advertiser?
To get really fancy, the e-mail could include the ability for me to add a button for paypal, allowing the advertiser to easily click and send off another payment.
Best,
Wayne
, The parent paths things really should not be an issue.
This is an article from the troubleshooting section of the documentation that takes care of it all very easily.
http://support.cjwsoft.com/code/moreinfo162-1.htm
As for a good host that knows ASP and does not mess around when you ask for something. I always recommened www.alentus.com
, The sql script creates aspgalleryuser
dataconn_inc.asp out of the box indicates aspgallery as the user.
GalleryConnectionString = "Provider=sqloledb;Data Source=127.0.0.1;Initial Catalog=aspgallery;User Id=aspgallery;Password=temp;"
, Our home page is not showing up gives this error:
Active Server Pages error 'ASP 0126'
Include file not found
/Default.asp, line 246
The include file 'elib/articles/home_feature1.asp' was not found.
, Suprising I started this tread off on ASPImage, but I resolved my issue and forgot to change the thread topic. I will try your suggestion.
, I did try to redit the banner and the old link was there, not the new one. In addition I tried to ad a new banner to an account but it too was not saved.
Since I can see the banners from the aspbanner solution, does that not tell me that the solution is properly connected to the database? The only thing is the solution only appears to be able to read the data and not write or delete it.
The settings for the directory are read write execute and delete so I am not sure what I need to do to get it working again
, All this being said installing the desktop version of SQL may be a little tricky as it may complain that your SA account needs a strict password.
The solution is to run the SQL Desktop setup.exe with some parameters specifying a password for the SA account.
So you go to the command prompt or make a shortcut to the setup file and run something like this
setup.exe SAPWD="YourPassword"
minus the quotes...
I got that info from this article and it worked fine
http://www.experts-exchange.com/Databases/Q_21036508.html
The other thing to remember is it might take a reboot to actually see the SQL server icon running in the taskbar. You may also need to go into the administrative services and enable the "SQLSERVERAGENT" as well as set its startup type to "automatic"
And a reboot here and there..
Whammo... your in business...
, umm.. rename the pages to ".asp"
After all these are ASP scripts we are dealing with and the product is called ASPProtect.
The web site says it is used to protect ".asp" pages
And the directions tell you to put the protection code on ".asp" pages.
ASP can not run in ".html" pages
If you do not know basic things like this you should really learn the basics of ASP before you try to use the application. I would suggest a good book or two. ASPProtect is for people that have at least some experience with Active Server Pages.
, either that or send me your encyrption keys and the exact password entered that causes the problem and I will try to reproduce the behavior here, A correctly configured Microsoft SQL Database is critical to the correct operation of the ASPBanner system.
Table & Field settings must be exactly the way we set them in the database creation scripts provided with the ASPBanner system.
Below are screenshots of the design view settings for all the tables used in the ASPBanner system in case you want to double check them
In addition to the settings above each table has one field that is a primary key with an auto increment of one
In the screenshots above each of those fields has a yellow key next to it.
If the field does not have yellow primary key icon on you just right click and the option to make it one appears.
The SQL column settings for each one of the primary key fields must be set as follows
In addition to these settings the SQL scripts provided with the system auto populate the Banner_Users table with two users. This is very important because without the Admin user the scripts add you wont be able to log in to the ASPBanner system as an admin.
cwilliams38325.7405092593, This is what "John Evans" of CJWSoft has to say on the matter...
"I think that’s pretty much impossible. If the server sees a .JPG or .JPEG extension why in the world would it go and try to read it or do anything with it.
I believe there may have been some issues with Outlook and Outlook express that made it look like a vbs script sent as an attachment was actually a JPG because someone found an exploit in those programs and it would appear as if double extension files were one thing when in fact they were not.
Having a real time virus scanner on the server (which any good host will) should also catch anything infected being built on the server drives as the file uploads. Always worked for me and I had a lot of people uploading ZIP files on winxptheme.com at one point. Many had viruses in them although I suspect it was totally innocent on the end users part. Some people didn’t even know they had a virus on their rig.
Fact is anything is possible but I think chances of getting a virus or being hacked in some way from this sort of upload are really slim."
cwilliams38447.0602083333, Not a problem. Have a good time at your wedding.
thanks!
, That's because when the page rebuilds, it uses the default number of
users per page setting. You'd have to modify that default setting to
have it do things differently. I used to have mine set to 500
users, until I got past 300... then it wasn't fun to show all users on
the page anymore. I now like 10 per page and searching for
specific users as needed.
But that's me. If you hack a COPY of your default.asp file (with the
original backed up as above), you can get the value set to one you
prefer.
If you want me to find the value, post and I'll look for it later on.
If you want to find it yourself, happy hunting! Just be sure to have a
backup in case you do the wrongest thing possible in your haxxoring.
, ok
thanks
, just FYI -- i added in a new data table into the database. I
havent finished implementing the whole thing across the entire site,
but it wasn't too difficult. Once I have all of the functionality
complete I'll post some details. Some of the changes are the
addition of a new album nav style which combines style 2 and some of
the features of the new data table.
Very easy app to work with guys.
, Just want to be able to log users in from the home page via a username and password box somewhere say on the left hand side with a login button. Like most sites have.... i cant seem to figure out how to do that with the software.
My other question is..Is there a way to incorporate this software into an event registry? What i mean is this:
Say a company is having a pool party, BBQ, and tennis lessons (just examples)
When a user registers with aspprotect i want him/her to have the option to register for one of the events. Also, I as the admin, would like to be able to view who and how many registered for each event... Here is what i am talking about (and it has a payment option to charge for an event which would be PERFECT if you could do) http://www.cescripts.com/demo/registration/view-events.php
Please let me know if there is a way to add this option or create...
, I really can not support it because you made that modification and it probably directly relates to the issue your having.
There are many issues that can be caused when dealing with encryption. Sometimes the encrpted passwords can end up with problematic characters. etc etc Maybe the users are changing there passwords to ones that do that... after you fix them.. Its hard to say
I know as I had to sort things like out when I designed version 7 which has built in encrpytion.
It could be anything really.. since you made changes like you sorta need to figure out what is backfiring. There has to be a reason.
Chris , Is there a way to protect other virtual sites on the server that are not under the default web site considering people may have different websites running off one server? I get the following error:
Parser Error Message: Cannot use a leading .. to exit above the top directory.
Source Error:
Line 1: <%@ Register TagPrefix="aspprotect" TagName="checkaccess" Src="../../protectpage.ascx" %>
Line 2: <aspprotect:checkaccess level="4" groups="null" runat="server"></aspprotect:checkaccess>
Line 3: |
Thanks!
,
Timecard Entry: 3/25/2006 1:37:34 PM
Did expiring account e-mails, and worked on the e-mails for the 9200 numbers., answered tech related calls. checked and called on rad log, online issues, and ask a question emails., timecards, Meeting with Darrell, fix billing erors, MLS Convention, Posted the Watertown $ and taking it to Jackie, TAF coupons and special promo coupons, TaskForce, software development meeting, travel back to Watertown, entered bills and called vendor regarding invoice balances, Freislich Meeting, email, research, general marketing, calmed down a little bit.. couple new users, *Open SRS/24 dollar domains site development, Cleaned, kept track of Rad log, dial up. Search out info on Mac and 3.1 OS, Checking and responding to support e-mail from vermont. Looking at other possibilites for TS Peck insurance., lunch, chow, Got something to eat, General, business fair, po written and approved for manhole fee. to clayton to pick up and fed ex to peg. , CER TOWERS.COM INPUTING PICTURES AND TEXT, training....working on the TIITC canadian zip function...site is already live, On phone w/Nicky at Remington. Explaining how to attach an image to an email message and how to resize/crop and upload images to the website., research Looksmart content and alternatives for Vermont Internet dial up customer web portal, helped a user reinstall IE. general stuff, vp meeting...... ,
