Blog Entry: 3/25/2006 1:36:51 PM
Javascript Popup/Pop Under Generator
Until I have time to make one I suggest using the one on the banmanpro support site as it is pretty nice.
Just dont use option 2 on that page as that is specific to banmanpro
http://www.banmanpro.com/support/popupgenerator.asp
cwilliams38291.614849537, no, its part the concurrent login checking system.
currently when that is on logging off does not come into play..
(pretty much because it is such a complex system I wasnt able to make it quite that intelligent this time around)
when concurrent login checking is enabled the only way to log in again at another system with the same username and with a different IP is to wait till that time period is over
sorry
as you may recall it was rush feature at the last moment before I got version 7 finished. Hopefully I can improve on the feature in the next version but I dont really see it as being a big issue at the moment. Sometimes when you want maximum security you have to make some tradeoffs and that is why the feature is optional.
,
After understanding how the count works i checked the IP in the db. They are all set to the same IP (my web server) no matter what ip is doing the viewing. This is probably due to my ISA2004 firewall that is posting the ip address of the web server with each log on. So, can you help me with where the code would be to modify so the db does not get updated? I risk the refresh problem, don't think it is an issue with me.
Thanks,
, In a way your questions are confusing to me, but here is some information regardless.
Using Active Sever pages you can not protect entire folders. It is simply not possible. ASPProtect is Active Server Pages scripts so it can only protect individual ".asp" files.
If you are concerned about customers downloading the access database..
best practive is to store it in different folder name than it came in
best practive is to give the database .mdb file itself a different name
best practive is to change the password on the access database
best practice is to store it in a directory that is not part of your web if possible.. many of the better hosting companies have it set up so you actually can do that
the more of these things you can do the better..
And if you are really worried about security you should use a SQL Server database which nobody can download from your website under any conditions because your data lives in the sql server and unless they get the username/password to it they can not access it.
cwilliams38306.6367708333, You would set the groups during users signup the same way you would do the expiration in the following example.
http://support.cjwsoft.com/code/moreinfo170-1.htm
The groups field need to be set the exact same way it would look like in the database of course
So, if a user was part of groups 1, and 2
You would look in the database and see this in the groups fields for that user
*1*,*2*
so in the signup code you set that like so
CmdAddUser.Fields("Groups") = "*1*,*2*"
This info only applies to resgitrations and signups using the "users" folder.
if you wanted to make different sceanrios you would need to carefully make a copy of the users folder and adjust it accordingly
, You would have to carefully edit the asp code in the "add_new_account.asp" file. It you look that file over with a text editor it is pretty easy to see where the text to edit is. Just make sure you edit it in the section for the email component you are using. Back the file up before you make any changes to it so you can revert back if you mess anything up., Password Retrieval System
I'm trying to setup the email functionality and have the following settings:
Email_Component : CDOSYS (Using Remote Server)
Mail Remote Server: the smtp server in my Outlook account
Use SMTP Authentication: Checked
SMTPUsername: the email address in my Outlook account
SMTPPassword: the password in my Outlook account
Email Notification: sales@tradersreports.com
But I get this when I send the request for via missing password info.
CDO.Message.1
error '80040213'
The transport failed to connect to the server.
/aspprotect/scripts/emailing_subs_inc.asp, line 174
This is running on Windows 2000 server.
Any ideas?
Warren
, The file check_user_inc.asp as the lines: (which include Session("groups")
Here we set some valus about the user into session variables
Session("PasswordAccess") = "Yes"
Session("Access_Level") = CmdCheckUser("Access_Level")
Session("Admin") = CmdCheckUser("Admin")
Session("Active") = CmdCheckUser("Active")
Session("Expiration_Date") = Expiration_Date
Session("User_ID") = CmdCheckUser("User_ID")
Session("Groups") = CmdCheckUser("Groups")
Session("Redirection_URL") = CmdCheckUser("Redirection_URL")
Session("Password") = RC4(CmdCheckUser("Password"), PasswordEncryptionKey)
Session("Username") = CmdCheckUser("Username")
, The Double DIM needs to be removed for this code to work properly.
<%
Dim BannerZone, BannerConnectionString, BannerDatabaseType, ConnBannerSystem
Dim CmdCheckUser, CmdGetConfiguration, App_Name, Config_SQL, BodyTag, BanDataConn
Dim CmdBannerTemp, CmdGetZones, ZoneString, ZoneArray, ZoneIndex, CmdUpdateWaiting
Dim CmdUpdateExpired, CmdRetrieveImpLimitedAds, CmdRetrieveImpressions
Dim CmdUpdateImpHit, CmdRetrieveAds, CycleBannerTotal, CycleList, NewCycleList
Dim Dim LoopBanner, CycleLoop, CycleListArray, CycleListArrayIndex, BannerCycleData
Dim Banner_Array, CurrentBanner, NewCycleListArray, Banner_Array2, LocationIndex
Dim Stop_Processing, Keep_Processing, CmdUpdateStats
%>
, If you have found out that parent paths are disabled on the web server you can still use the application.
Before you continue.
If it is your server consider enabling parent paths to solve the problem.
If it is not your server consider asking them to enable parent paths for your web site to solve the problem.
If that is not possible please download this zip file.
2005-02-20_150703_aspprotect_v7.x_alternate_include_file_pat hs.zip
This zip file contains 3 sets of alternate files depending on your situation. You simply replace your existing aspprotect v7.x files with these new ones.
The zip file contains the following folders and files.
Below is the contents of the readme.txt file which explains everything.
The following folders each have a version of all the files in the ASPProtect system that might need to be edited in case you need to change the paths for the server side include files. There are 3 different scenarios.
(parent paths enabled) - This is the way the application comes.
The files in this folder have FILE server side includes containing "../" information. While these includes will work when the applicaion in is any location of a website they will not work if parent paths are disabled on the web server. Generally you will want to use these on your xp development machine. You can of course use them on your real server if parent paths are enabled. Parent Paths are now disabled on II6 by default and some hosting company will not enable them.
(domain root)
The files in this folder have VIRTUAL server side includes in them.
These includes only work when the applicaion is installed in the root of your web domain. For example if your domain was called "www.somedomain.com" the following aspprotect files and folders would end up like this
"http://www.somedomain.com/check_user_inc.asp"
"http://www.somedomain.com/password_admin"
"http://www.somedomain.com/users"
(domain directory)
The files in this folder have VIRTUAL server side includes in them.
These includes only work when the applicaion is installed in a directory called "aspprotect" in the root of your web domain. For example if your domain was called "www.somedomain.com" the
following aspprotect files and folders would end up like this
"http://www.somedomain.com/aspprotect/check_user_inc.asp"
"http://www.somedomain.com/aspprotect/password_admin"
"http://www.somedomain.com/aspprotect/users"
You can change the name of the "aspprotect" directory but you will will have to edit the includes in the files.
Lastly, if you are on a local machine and insist on using the VIRTUAL INCLUDES you would also use the (domain directory files) even though you dont have a domain on your local machine most likely
For example if your site was installed like so.
"http://localhost/aspprotect/check_user_inc.asp"
"http://localhost/aspprotect/password_admin"
"http://localhost/aspprotect/users"
cwilliams38403.6836342593, Ahhh....yes, I always forget about the cache. That's exactly what it was.
I had made modifications to the import_pics.asp file, because I added more fields to the db, and made the import folder path dynamic, but I seem to have forgotten to add in the response.expires=0
Once I added this back in it has stopped messing up.
What was happening was, it wasn't overwriting the files, nor were they too big, but you would click on one thumbnail in an album(category) and it would display a picture from a totally different category. It seems browser cache was the culprit, however.
Thanks for the quick reply, great product tooo!!!
, If you can would you do it for a price as a mod or will this be added to the new version.
, Did you see this thread. It shows how to set up the project in Visual Studio in detail.
http://support.cjwsoft.com/code/moreinfo85-1.htm
, I really do not know for sure, but I imagine there are customers using their windows hosting. Usually I do not know what hosting company a customer uses and I am usualy the only one that responds to forum questions.
Why not download the current Free lite version and try it out ?
CJW
, new version is still not finshed as of the end of the year... I am not going to release it until I feel it is ready., Thanks for the install. After many hours I finally got part of the
system working. I can log in and log out as a user. My problem is I
want the pages
accesses by Members ONly. The database will contain the names of
the members and only they are allowed access, and no one else. I
tried Joe Blow to log in and it worked, the only thing is Joe was not
in the database and he should have been locked out and a page come us
saying something like "you are not a registered user, please complete
the membership application" and then link back to the root web,
application page.
I am also afraid of breaking the codes you provided thus far. I also
want the password protected pages in a sub-web of the root web.
This may sound like elementary stuff, but this newbie is having
constant trouble. I am also referencing books on ASP and Access
and VB and still come up with a dead end. Search the net and come up
with a few codes which are described as something I am looking for, but
dont want to add any thing like that for fear of breaking the whole
thing.
Any suggestions?
, My client has a list of 13,000 members that
have already been assigned ID's and passwords with a
homegrown system.
When doing a bulk import, will we be able to retain the userid and password or will a new id be assigned during the bulk load?
Thanks in advance for your help.
, Thankyou, that was very helpful, Is there a possibility to build in a option that the administrator will be notifed when a banner expired.
, sorry your having so much trouble. A good host is a must.
Yes, that is most likely permissions related.
http://support.cjwsoft.com/code/moreinfo27-1.htm
You may want to read over my article on how permissions are set. It will give you a very good understanding of the process and may help yo when dealing with your hosting company.
http://www.powerasp.com/content/new/windows_2003_server_and_ permissions.asp
there is also an xp pro version of the article for people doing locl development and running iis on their xp box
http://www.powerasp.com/content/new/windows_xp_pro_and_permi ssions.asp
, I have been using the AspHttp Component method for displaying my ads along with the google adsense code. However, in the last few days my site was taking too long to load, so I replaced the AspHttp component, with Javascript method. The site was back to speed. But now, the Google Adsense banners do not show up. Is there a solution for that? Can the Javascript show Adsense banners also? Because they do show the Flash banners., Hi,
No, only ".asp" files can be protected. It is the nature of Forms Based Authentication when using web based scripting technologies whether those scripts be ".cgi", ".asp", ".php", or whatever.
To protect entire direcotries at once you really need to run your own webserver and use NTFS permissions and user accounts..... or if something special is installed on the server there may be ways to do it as well. That usually isn't going to happen under a shared hosting account but there are special authentication products for such a thing that some hosting companies do purchase and allow their hosting customers to use.
Using aspprotect we do give working examples of ways to stream and partially protect images and downloads while a user is logged in to an ".asp" page.
Also, any ".htm" pages can simply be renamed to ".asp" if you need to protect them. Links to each other need to be updated of course because of the extension change.
In my opinion the truth of the matter is most high end sites use Forms Based Authentication with scripts. Not directory protection as it is fairly primitive/old school as well as sometimes being confusing for the users of the site because of how the login window from the server often gets stuck behind the browser.. etc etc
If you have a lot of pages in a site that you need to add protection code to then if can often be helpful to use a good Multiple file search and replace program to carefully add the protection code to the top of the source code of the pages. There are even multiple file search and replace programs that can rename extensions which can be helpful for large sites.
For images and graphics you want protect you have to do some work and set up and intelligent system for yourself.
Lastly whether you use https:// or not is no concern to ASPProtect as it works the same under https:// as it does under http://
, Thank you.... yes it does
Is there a limit in the number of Zones you can have in the database.
thanking you
, I've downloaded this neat little app, but I'm having troubles understanding what I should be using. Cassinni or IIS, can you help? I've tried to look at the help, but it is very vague on what to use in each situation.
Any help is appreciated.
Cheers
, Hallo,
What do I have to do for inserting around 6,000 new users?
I have all my user in an access file. I don't know the password of access database files. The same problem with the "aspprotect upgrade pack".
Sorry for my English
vaghelis38300.2319097222, If you PM your site info and I can go in and troubleshoot. I have no more ideas. Usually people have zero issues installating this application as I got it pretty tweaked so I need to see what is going on in order to help., Can you please elaborate on this? I have a flash banner that is on my site. All of the info is in the code banner section. In the banner link section, I have nothing. Do I need to actually edit the swf file with redirect URL? How do I edit the swf file? Once that is edited, do I put the URL of the site in the Link URL space? Thanks. , does emailing work at the simplest level.. ??
meaning does a user get an email when you send an email from the admin users screen ?
if emails are not sending it could very well be the setting you have chosen for emails in the settings.
the best thing to do is keep trying to send an email there and try different emails settings until you get something that works... even when I do installs for people I often have to try a lot of various things before I get emails to send.. like picking different components and trying different things for the email server address because what they tell me is often wrong
also, sometimes emails get sent but depending on where they go they may get deleted as spam.. aol, hotmail, msn, and yahoo are famous for that , This first one may be an obvious one, but is it only .asp files that I can protect as in no HTML files.
Can the program be set to protect my whole https directory contents (though the answer to the last question may have bearing here - there are html files as well as .asp in there) as in http://secure.mydomain.com
Thanks in advance
, I have no idea to be honest, I just like the way it looks
Good deal on the remote install, just dont pull the old "hangman" move
shutdown the machine on yourself around 4AM. Otherwise you be getting
in the car and going for a drive LOL
, [QUOTE=cwilliams]
Is that a real term or just something you named it cause they have like a zillion people using that SQL server?[/QUOTE]
yeah thats it, you buy into a part of the sql server so it's an sql server hotel...
, it is by design actually and something that can be improved
(I just never thought of it when I 1st designed the system and it is actually planned to be added in Version 8)
The trick would be to reset those session variables anytime someone edits and saves their information... not very hard at all
you would do it on the save code page for when a user edits themself.
you want to grab the info posted from the form and reset each session variable at the same time everything is re-saved to the database
example
Session("Company_Name") = Request("Company_Name")
, one thing to note... the time period we are talking about is going to to be whatever you have the session timeout set at in the settings.
perhaps making that value lower like 10 minutes is an option for you.. and might help to deal with situation
, For some odd reason, the the export path has two backslashes (\\) at the end, thus generating an error each time I try to export. For example
C:\path\website\protect\data\export\\
This appears toward the bottom of the import_export_manager.asp page and is called by =ExportDirectory.
I checked under settings tab, no path ends with a "\". Any idea where else I need to look?
Nick
,
I encountered a problem that I haven't been able to solve.
I'm trying to get .pdf files to byte serve (page-by-page load in the browser)
but unable to do so. I've narrowed it down to stream download file where it
creates the header object. I haven't made any success with the changes I've
tried. Any help would be very nice.
This maybe useful:
http://msdn.microsoft.com/library/default.asp?url=/library/e n-us/act/htm/actml_ref_href.asp
, I would look on the pictures folder on the server and see what is there for pictures. Also, when you see a broken X on the site right click and see where it is trying to get the picture from and what the pictures name should be.
I would also be sure to clear out your temporary internet files in IE. clost and restart all browsers..
maybe show me the site ? so I can see this happening ?
cwilliams38348.9748726852, Hello,
It is very possible, however there may be some issues such as the session variables specific to a particular user would not be able to be created because there would not be a specific user.
I can't tell you exactly how to do it as it would probably take a few hours of messing around with the code to sort it out. Bascially, it's not something I could tell you how to do real quick and I do not support custimizations to the code.
But, it is very possible. You want to check the server variable for the IP address. The tricky part would be where and how this all just integrated into the "check_user_inc.asp" file
, Your actually confusing me with the whole "joe bloe" thing and user access. I just do not get what you are trying to tell me. Perhaps you can explain in a less confusing way. Your just not technically explaining it andand thats what I need to know to possibly help.
As for the subweb thing you just can not do that. Subwebs have their own sets of application and session variables. An ASPProtect installation and any pages you protect with it are required to be in the same "application" in IIS. Sicne subwebs have their own "applications" in IIS that won't work. It is the nature of "forms based authentication" A sub web is alo considered by our licensing to be a seperate web site and ASPProtect is licensed per web site.
As for breaking pages.. you really shouldnt be editing any pages in the admin area as you will break them unles you are very good with ASP. (does not sound like you are..no offense meant at all)
Pages in the "users" folder are less complex and it is usually ok to edit them carefully.
http://www.powerasp.com/content/hintstips/common_sense.asp
Pages of your own that you password protect can still be edited in your usualy way though without effecting anything.
Truth is if you back things up before you start editing how can you go wrong ? That's how you learn.
, Hello dear Chris
I can login for the first time. I exit from the browser and then I cannot login again. This happens for every user.
I noticed that the values in the fields "Login_limit" and "Active" in
the ASPP_Users table in the SQL changed to NULL and 0 when login and
remained in those values after close the browser.
If manually I change the values it is ok but the problem repeated.
Thank you in advance.
,
Best setup I recomend is just setting up a rig and making a workgroup.
No real reason for a production machine to have any access to internal
security when you think about it.
classic asp should be pretty easy to move, just set up new webs and
dump the scripts in there. If you have 2 machines its always easier to
look at the one while your building the other. Basically copy the setup
and tada... the only thing you might need to remeber is components (if
your using any) and thats usually not a very big deal either.
Point sort of being at some point your going to have to change that
thing around and while its no fun you have to imagine now is a better
time to bite the bullet and get it set up the right way. Your
alternative is to mess around for hours and hours praying that you
change domain wide security to the point that running NET
apps on that domain controller works. Personally I wouldnt sleep well
knowing I had just messed around so bad with the OS that I had no clue
what bugs and security holes I might have accidently opened in the
process. I wont even get into the possible things that might stop
working on the rest of the domain if you fiddle with accounts like
"Network Service"
Oh and if thats not enough reason to make you think about it, consider
how hard it will be to try and rember what you did at 2AM 6 months from
now if that machine takes a dive or some critical update undoes what
you changed.
I feel for you though, trust me we have all been down that road once or
twice. Get some sleep and in the AM the task at hand wont seem nearly
as bad. You live and you learn, and you will definatly be WAY better
off making things right sooner than later
,
Timecard Entry: 3/25/2006 1:36:51 PM
Still had some questions about Emerald.
Getting more familar with the program., Composing note to Cortlandmls.com's Nancy Oustad about status of changes to their site. Still haven't finished it., Went over the phone bill and the pricing with John meyers, compose and send letter to Intac.com for redirection of mail to GiCSO servers for H.M. Quackenbush, Meeting with Equinox reference mediation software for DMS5000 switch, **AGFA NDT - added news portion to home page, and as an admin function, customer service, receipts, receipts, sign ups., Phone conv. w/ Lance Evans RE presentation to Jeff-Lewis Board of Realtors in prep. of their migration to current version of softMLS., Database design, Worked on database input for PB. Worked with CW on networking realtor database for KV and DV. Helped DV with programs and settings. Spoke to Lee Pierce about bundle order and banks. Mailed materials to JCC. Spoke with Lee Horan-joining bundle program., BBQ thingie at work ALSO installing win 2000 server on my laptop because the evaluation version expired., Finish up ISDN lines. Organize new shelve for routers., hosting/development support: Cori Kennedy, Century 21 Real Estate-inquiry re: re-work of their site, recp., switchboard, inv., Emerald, billing, Fixing incorrect information on home page (bad dialup listed)., Nortel Training Schedule, SoftMedia Meeting., Working on revamping of timecard system, reply to TS Peck meta tag questions, email,system, billing, Working on developing totally new code for the agent inventory report on softmls, Organized work area, working on fixing up the co-location room upstairs, Admin (emails and organize), client e-mail, worked on ASP auction site (training, not billable, no work order), Called a few expired accounts as well, Went to Jackie's to go over cc batch, had to wait as Watertown had not batched yet. So we got caught up on the gossip, phones, auth down for a bit but it came back up fast,
